LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

June 2007

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA June 2007

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]
Subject:	Security ERRATA for kernel on SL4.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Wed, 27 Jun 2007 15:27:22 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (175 lines)
Synopsis:	Important: kernel security update
Issue date:	2007-06-25
CVE Names:	CVE-2006-5158 CVE-2006-7203 CVE-2007-0773
                 CVE-2007-0958 CVE-2007-1353 CVE-2007-2172
                 CVE-2007-2525 CVE-2007-2876 CVE-2007-3104

These new kernel packages contain fixes for the security issues described
below:

* a flaw in the connection tracking support for SCTP that allowed a remote
user to cause a denial of service by dereferencing a NULL pointer.
(CVE-2007-2876, Important)

* a flaw in the mount handling routine for 64-bit systems that allowed a
local user to cause denial of service (crash). (CVE-2006-7203, Important)

* a flaw in the IPv4 forwarding base that allowed a local user to cause an
out-of-bounds access. (CVE-2007-2172, Important)

* a flaw in the PPP over Ethernet implementation that allowed a local user
to cause a denial of service (memory consumption) by creating a socket
using connect and then releasing it before the PPPIOCGCHAN ioctl has been
called. (CVE-2007-2525, Important)

* a flaw in the fput ioctl handling of 32-bit applications running on
64-bit platforms that allowed a local user to cause a denial of service
(panic). (CVE-2007-0773, Important)

* a flaw in the NFS locking daemon that allowed a local user to cause
denial of service (deadlock). (CVE-2006-5158, Moderate)

* a flaw in the sysfs_readdir function that allowed a local user to cause a
denial of service by dereferencing a NULL pointer. (CVE-2007-3104, Moderate)

* a flaw in the core-dump handling that allowed a local user to create core
dumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low)

* a flaw in the Bluetooth subsystem that allowed a local user to trigger an
information leak. (CVE-2007-1353, Low)

In addition, the following bugs were addressed:

* the NFS could recurse on the same spinlock. Also, NFS, under certain
conditions, did not completely clean up Posix locks on a file close,
leading to mount failures.

* the 32bit compatibility didn't return to userspace correct values for the
rt_sigtimedwait system call.

* the count for unused inodes could be incorrect at times, resulting in
dirty data not being written to disk in a timely manner.

* the cciss driver had an incorrect disk size calculation (off-by-one
error) which prevented disk dumps.

NOTE1:
 From The Upstream Vendors release notes
"During PCI probing, Red Hat Enterprise Linux 4 Update 5 attempts to use 
information obtained from MCFG (memory-mapped PCI configuration space). On 
AMD-systems, this type of access does not work on some buses, as the kernel 
cannot parse the MCFG table.

To work around this, add the parameter pci=conf1 or pci=nommconf on the kernel 
boot line in /etc/grub.conf. For example:

     title Red Hat Enterprise Linux AS (2.6.9-42.0.2.EL)
             root (hd0,0)
             kernel /vmlinuz-2.6.9-42.0.2.EL ro root=/dev/VolGroup00/LogVol00 
rhgb quiet pci=conf1
             initrd /initrd-2.6.9-42.0.2.EL.img

Doing this instructs the kernel to use PCI Conf1 access instead of MCFG-based 
access."

NOTE2:
 From The Upstream Vendors Knowledge Base
"Why did the ordering of my NIC devices change in Red Hat Enterprise Linux 4.5?

The 2.6.9-55 version of the Red Hat Enterprise Linux 4 kernel (Update 5) 
reverts to the 2.4 ordering of network interface cards (NICs) on certain 
systems. Note that if the "HWADDR=MAC ADDRESS" line is present in the 
/etc/sysconfig/network-scripts/ifcfg-ethX files, the NIC ordering will not change.

To restore the original 2.6 ordering, which is different from the 2.4 ordering, 
boot with the option pci=nobfsort "


SL 4.x

   SRPMS:
	kernel-2.6.9-55.0.2.EL.src.rpm
   i386:
	kernel-2.6.9-55.0.2.EL.i686.rpm
	kernel-devel-2.6.9-55.0.2.EL.i686.rpm
	kernel-doc-2.6.9-55.0.2.EL.noarch.rpm
	kernel-hugemem-2.6.9-55.0.2.EL.i686.rpm
	kernel-hugemem-devel-2.6.9-55.0.2.EL.i686.rpm
	kernel-smp-2.6.9-55.0.2.EL.i686.rpm
	kernel-smp-devel-2.6.9-55.0.2.EL.i686.rpm
	kernel-xenU-2.6.9-55.0.2.EL.i686.rpm
	kernel-xenU-devel-2.6.9-55.0.2.EL.i686.rpm

Dependancies:
  kernel-module-fuse-2.6.9-55.0.2.EL-2.5.3-1.SL.i686.rpm
  kernel-module-fuse-2.6.9-55.0.2.ELhugemem-2.5.3-1.SL.i686.rpm
  kernel-module-fuse-2.6.9-55.0.2.ELsmp-2.5.3-1.SL.i686.rpm
  kernel-module-fuse-2.6.9-55.0.2.ELxenU-2.5.3-1.SL.i686.rpm
  kernel-module-ipw3945-2.6.9-55.0.2.EL-1.1.0-1.SL4.i686.rpm
  kernel-module-ipw3945-2.6.9-55.0.2.ELhugemem-1.1.0-1.SL4.i686.rpm
  kernel-module-ipw3945-2.6.9-55.0.2.ELsmp-1.1.0-1.SL4.i686.rpm
  kernel-module-ipw3945-2.6.9-55.0.2.ELxenU-1.1.0-1.SL4.i686.rpm
  kernel-module-madwifi-2.6.9-55.0.2.EL-0.9.3.1-10.sl4.i686.rpm
  kernel-module-madwifi-2.6.9-55.0.2.ELhugemem-0.9.3.1-10.sl4.i686.rpm
  kernel-module-madwifi-2.6.9-55.0.2.ELsmp-0.9.3.1-10.sl4.i686.rpm
  kernel-module-madwifi-hal-2.6.9-55.0.2.EL-0.9.3.1-10.sl4.i686.rpm
  kernel-module-madwifi-hal-2.6.9-55.0.2.ELhugemem-0.9.3.1-10.sl4.i686.rpm
  kernel-module-madwifi-hal-2.6.9-55.0.2.ELsmp-0.9.3.1-10.sl4.i686.rpm
  kernel-module-ndiswrapper-2.6.9-55.0.2.EL-1.41-1.SL.i686.rpm
  kernel-module-ndiswrapper-2.6.9-55.0.2.ELhugemem-1.41-1.SL.i686.rpm
  kernel-module-ndiswrapper-2.6.9-55.0.2.ELsmp-1.41-1.SL.i686.rpm
  kernel-module-ndiswrapper-2.6.9-55.0.2.ELxenU-1.41-1.SL.i686.rpm
  kernel-module-openafs-2.6.9-55.0.2.EL-1.4.4-46.SL4.i686.rpm
  kernel-module-openafs-2.6.9-55.0.2.ELhugemem-1.4.4-46.SL4.i686.rpm
  kernel-module-openafs-2.6.9-55.0.2.ELsmp-1.4.4-46.SL4.i686.rpm
  kernel-module-openafs-2.6.9-55.0.2.ELxenU-1.4.4-46.SL4.i686.rpm
  kernel-module-r1000-2.6.9-55.0.2.EL-2.2-2.SL4x.i686.rpm
  kernel-module-r1000-2.6.9-55.0.2.ELhugemem-2.2-2.SL4x.i686.rpm
  kernel-module-r1000-2.6.9-55.0.2.ELsmp-2.2-2.SL4x.i686.rpm
  kernel-module-r1000-2.6.9-55.0.2.ELxenU-2.2-2.SL4x.i686.rpm

   x86_64:
	kernel-2.6.9-55.0.2.EL.x86_64.rpm
	kernel-devel-2.6.9-55.0.2.EL.x86_64.rpm
	kernel-doc-2.6.9-55.0.2.EL.noarch.rpm
	kernel-largesmp-2.6.9-55.0.2.EL.x86_64.rpm
	kernel-largesmp-devel-2.6.9-55.0.2.EL.x86_64.rpm
	kernel-smp-2.6.9-55.0.2.EL.x86_64.rpm
	kernel-smp-devel-2.6.9-55.0.2.EL.x86_64.rpm
	kernel-xenU-2.6.9-55.0.2.EL.x86_64.rpm
	kernel-xenU-devel-2.6.9-55.0.2.EL.x86_64.rpm

Dependancies:
  kernel-module-fuse-2.6.9-55.0.2.EL-2.5.3-1.SL.x86_64.rpm
  kernel-module-fuse-2.6.9-55.0.2.ELlargesmp-2.5.3-1.SL.x86_64.rpm
  kernel-module-fuse-2.6.9-55.0.2.ELsmp-2.5.3-1.SL.x86_64.rpm
  kernel-module-fuse-2.6.9-55.0.2.ELxenU-2.5.3-1.SL.x86_64.rpm
  kernel-module-ipw3945-2.6.9-55.0.2.EL-1.1.0-1.SL4.x86_64.rpm
  kernel-module-ipw3945-2.6.9-55.0.2.ELlargesmp-1.1.0-1.SL4.x86_64.rpm
  kernel-module-ipw3945-2.6.9-55.0.2.ELsmp-1.1.0-1.SL4.x86_64.rpm
  kernel-module-ipw3945-2.6.9-55.0.2.ELxenU-1.1.0-1.SL4.x86_64.rpm
  kernel-module-madwifi-2.6.9-55.0.2.EL-0.9.3.1-10.sl4.x86_64.rpm
  kernel-module-madwifi-2.6.9-55.0.2.ELlargesmp-0.9.3.1-10.sl4.x86_64.rpm
  kernel-module-madwifi-2.6.9-55.0.2.ELsmp-0.9.3.1-10.sl4.x86_64.rpm
  kernel-module-madwifi-hal-2.6.9-55.0.2.EL-0.9.3.1-10.sl4.x86_64.rpm
  kernel-module-madwifi-hal-2.6.9-55.0.2.ELlargesmp-0.9.3.1-10.sl4.x86_64.rpm
  kernel-module-madwifi-hal-2.6.9-55.0.2.ELsmp-0.9.3.1-10.sl4.x86_64.rpm
  kernel-module-ndiswrapper-2.6.9-55.0.2.EL-1.41-1.SL.x86_64.rpm
  kernel-module-ndiswrapper-2.6.9-55.0.2.ELlargesmp-1.41-1.SL.x86_64.rpm
  kernel-module-ndiswrapper-2.6.9-55.0.2.ELsmp-1.41-1.SL.x86_64.rpm
  kernel-module-ndiswrapper-2.6.9-55.0.2.ELxenU-1.41-1.SL.x86_64.rpm
  kernel-module-openafs-2.6.9-55.0.2.EL-1.4.4-46.SL4.x86_64.rpm
  kernel-module-openafs-2.6.9-55.0.2.ELlargesmp-1.4.4-46.SL4.x86_64.rpm
  kernel-module-openafs-2.6.9-55.0.2.ELsmp-1.4.4-46.SL4.x86_64.rpm
  kernel-module-openafs-2.6.9-55.0.2.ELxenU-1.4.4-46.SL4.x86_64.rpm
  kernel-module-r1000-2.6.9-55.0.2.EL-2.2-2.SL4x.x86_64.rpm
  kernel-module-r1000-2.6.9-55.0.2.ELlargesmp-2.2-2.SL4x.x86_64.rpm
  kernel-module-r1000-2.6.9-55.0.2.ELsmp-2.2-2.SL4x.x86_64.rpm
  kernel-module-r1000-2.6.9-55.0.2.ELxenU-2.2-2.SL4x.x86_64.rpm

The upstream vendor has not released the GFS src.rpm yet.  When
they release it we will rebuild and send it out.

-Connie Sieh
-Troy Dawson
ATOM RSS1 RSS2
LISTSERV.FNAL.GOV