SCIENTIFIC-LINUX-ERRATA Archives

December 2007

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA for kernel on SL3,x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Wed, 5 Dec 2007 17:13:40 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (89 lines) 
Once again, with the right subject

Synopsis:       Important: kernel security and bug fix update
Issue date:     2007-12-03
CVE Names:      CVE-2007-2172  CVE-2007-3848
                  CVE-2006-4538 CVE-2007-3739
                  CVE-2007-4308

A flaw was found in the handling of process death signals. This allowed
a local user to send arbitrary signals to the suid-process executed by
that user. A successful exploitation of this flaw depends on the
structure of the suid-program and its signal handling. (CVE-2007-3848,
Important)

A flaw was found in the IPv4 forwarding base. This allowed a local user
to cause a denial of service. (CVE-2007-2172, Important)

A flaw was found where a corrupted executable file could cause
cross-region memory mappings on Itanium systems. This allowed a local
user to cause a denial of service. (CVE-2006-4538, Moderate)

A flaw was found in the stack expansion when using the hugetlb kernel on
PowerPC systems. This allowed a local user to cause a denial of service.
(CVE-2007-3739, Moderate)

A flaw was found in the aacraid SCSI driver. This allowed a local user
to make ioctl calls to the driver that should be restricted to
privileged users. (CVE-2007-4308, Moderate)

As well, these updated packages fix the following bug:

* a bug in the TCP header prediction code may have caused "TCP: Treason
uncloaked!" messages to be logged. In certain situations this may have
lead to TCP connections hanging or aborting.

SL 3.0.x

     SRPMS:
kernel-2.4.21-53.EL.src.rpm
     i386:
kernel-2.4.21-53.EL.athlon.rpm
kernel-2.4.21-53.EL.i686.rpm
kernel-BOOT-2.4.21-53.EL.i386.rpm
kernel-doc-2.4.21-53.EL.i386.rpm
kernel-hugemem-2.4.21-53.EL.i686.rpm
kernel-hugemem-unsupported-2.4.21-53.EL.i686.rpm
kernel-smp-2.4.21-53.EL.athlon.rpm
kernel-smp-2.4.21-53.EL.i686.rpm
kernel-smp-unsupported-2.4.21-53.EL.athlon.rpm
kernel-smp-unsupported-2.4.21-53.EL.i686.rpm
kernel-source-2.4.21-53.EL.i386.rpm
kernel-unsupported-2.4.21-53.EL.athlon.rpm
kernel-unsupported-2.4.21-53.EL.i686.rpm
    Dependancies:
GFS-6.0.2.36-6.i686.rpm
GFS-devel-6.0.2.36-6.i686.rpm
GFS-modules-6.0.2.36-6.i686.rpm
GFS-modules-hugemem-6.0.2.36-6.i686.rpm
GFS-modules-smp-6.0.2.36-6.i686.rpm
kernel-module-openafs-2.4.21-53.EL-1.2.13-15.17.SL.athlon.rpm
kernel-module-openafs-2.4.21-53.EL-1.2.13-15.17.SL.i686.rpm
kernel-module-openafs-2.4.21-53.ELsmp-1.2.13-15.17.SL.athlon.rpm
kernel-module-openafs-2.4.21-53.ELsmp-1.2.13-15.17.SL.i686.rpm

     x86_64:
kernel-2.4.21-53.EL.ia32e.rpm
kernel-2.4.21-53.EL.x86_64.rpm
kernel-doc-2.4.21-53.EL.x86_64.rpm
kernel-smp-2.4.21-53.EL.x86_64.rpm
kernel-smp-unsupported-2.4.21-53.EL.x86_64.rpm
kernel-source-2.4.21-53.EL.x86_64.rpm
kernel-unsupported-2.4.21-53.EL.ia32e.rpm
kernel-unsupported-2.4.21-53.EL.x86_64.rpm
    Dependancies:
GFS-6.0.2.36-6.ia32e.rpm
GFS-6.0.2.36-6.x86_64.rpm
GFS-devel-6.0.2.36-6.ia32e.rpm
GFS-devel-6.0.2.36-6.x86_64.rpm
GFS-modules-6.0.2.36-6.ia32e.rpm
GFS-modules-6.0.2.36-6.x86_64.rpm
GFS-modules-smp-6.0.2.36-6.x86_64.rpm
kernel-module-openafs-2.4.21-53.EL-1.2.13-15.17.SL.ia32e.rpm
kernel-module-openafs-2.4.21-53.EL-1.2.13-15.17.SL.x86_64.rpm
kernel-module-openafs-2.4.21-53.ELsmp-1.2.13-15.17.SL.x86_64.rpm


-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2