SCIENTIFIC-LINUX-ERRATA Archives

January 2008

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA for kernel on SL5.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Fri, 25 Jan 2008 11:18:53 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (115 lines) 
Synopsis:	Important: kernel security and bug fix update
Issue date:	2008-01-23
CVE Names:	CVE-2007-3104 CVE-2007-5904 CVE-2007-6206
                 CVE-2007-6416 CVE-2008-0001

These new kernel packages fix the following security issues:

A flaw was found in the virtual filesystem (VFS). An unprivileged local
user could truncate directories to which they had write permission; this
could render the contents of the directory inaccessible. (CVE-2008-0001,
Important)

A flaw was found in the Xen PAL emulation on Intel 64 platforms. A guest
Hardware-assisted virtual machine (HVM) could read the arbitrary physical
memory of the host system, which could make information available to
unauthorized users. (CVE-2007-6416, Important)

A flaw was found in the way core dump files were created. If a local user
can get a root-owned process to dump a core file into a directory, which
the user has write access to, they could gain read access to that core
file, potentially containing sensitive information. (CVE-2007-6206, Moderate)

A buffer overflow flaw was found in the CIFS virtual file system. A
remote,authenticated user could issue a request that could lead to a denial
of service. (CVE-2007-5904, Moderate)

A flaw was found in the "sysfs_readdir" function. A local user could create
a race condition which would cause a denial of service (kernel oops).
(CVE-2007-3104, Moderate)

As well, these updated packages fix the following bugs:

* running the "strace -f" command caused strace to hang, without displaying
information about child processes.

* unmounting an unresponsive, interruptable NFS mount, for example, one
mounted with the "intr" option, may have caused a system crash.

* a bug in the s2io.ko driver prevented VLAN devices from being added.
Attempting to add a device to a VLAN, for example, running the "vconfig
add [device-name] [vlan-id]" command caused vconfig to fail.

* tux used an incorrect open flag bit. This caused problems when building
packages in a chroot environment, such as mock, which is used by the koji
build system.

SL 5.x

    SRPMS:
kernel-2.6.18-53.1.6.el5.src.rpm
    i386:
kernel-2.6.18-53.1.6.el5.i686.rpm
kernel-debug-2.6.18-53.1.6.el5.i686.rpm
kernel-debug-devel-2.6.18-53.1.6.el5.i686.rpm
kernel-devel-2.6.18-53.1.6.el5.i686.rpm
kernel-doc-2.6.18-53.1.6.el5.noarch.rpm
kernel-headers-2.6.18-53.1.6.el5.i386.rpm
kernel-PAE-2.6.18-53.1.6.el5.i686.rpm
kernel-PAE-devel-2.6.18-53.1.6.el5.i686.rpm
kernel-xen-2.6.18-53.1.6.el5.i686.rpm
kernel-xen-devel-2.6.18-53.1.6.el5.i686.rpm
   Dependancies:
kernel-module-fuse-2.6.18-53.1.6.el5-2.6.3-1.el5_0.i686.rpm
kernel-module-fuse-2.6.18-53.1.6.el5PAE-2.6.3-1.el5_0.i686.rpm
kernel-module-fuse-2.6.18-53.1.6.el5xen-2.6.3-1.el5_0.i686.rpm
kernel-module-ipw3945-2.6.18-53.1.6.el5-1.2.0-2.el5_0.i686.rpm
kernel-module-ipw3945-2.6.18-53.1.6.el5PAE-1.2.0-2.el5_0.i686.rpm
kernel-module-ipw3945-2.6.18-53.1.6.el5xen-1.2.0-2.el5_0.i686.rpm
kernel-module-madwifi-2.6.18-53.1.6.el5-0.9.3.3-12.el5_0.i686.rpm
kernel-module-madwifi-2.6.18-53.1.6.el5PAE-0.9.3.3-12.el5_0.i686.rpm
kernel-module-madwifi-2.6.18-53.1.6.el5xen-0.9.3.3-12.el5_0.i686.rpm
kernel-module-madwifi-hal-2.6.18-53.1.6.el5-0.9.3.3-12.el5_0.i686.rpm
kernel-module-madwifi-hal-2.6.18-53.1.6.el5PAE-0.9.3.3-12.el5_0.i686.rpm
kernel-module-madwifi-hal-2.6.18-53.1.6.el5xen-0.9.3.3-12.el5_0.i686.rpm
kernel-module-ndiswrapper-2.6.18-53.1.6.el5-1.41-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.18-53.1.6.el5PAE-1.41-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.18-53.1.6.el5xen-1.41-1.SL.i686.rpm
kernel-module-openafs-2.6.18-53.1.6.el5-1.4.6-58.SL5.i686.rpm
kernel-module-openafs-2.6.18-53.1.6.el5PAE-1.4.6-58.SL5.i686.rpm
kernel-module-openafs-2.6.18-53.1.6.el5xen-1.4.6-58.SL5.i686.rpm
kernel-module-r1000-2.6.18-53.1.6.el5-1.05-1.sl.i686.rpm
kernel-module-r1000-2.6.18-53.1.6.el5PAE-1.05-1.sl.i686.rpm
kernel-module-r1000-2.6.18-53.1.6.el5xen-1.05-1.sl.i686.rpm
    x86_64:
kernel-2.6.18-53.1.6.el5.x86_64.rpm
kernel-debug-2.6.18-53.1.6.el5.x86_64.rpm
kernel-debug-devel-2.6.18-53.1.6.el5.x86_64.rpm
kernel-devel-2.6.18-53.1.6.el5.x86_64.rpm
kernel-doc-2.6.18-53.1.6.el5.noarch.rpm
kernel-headers-2.6.18-53.1.6.el5.x86_64.rpm
kernel-xen-2.6.18-53.1.6.el5.x86_64.rpm
kernel-xen-devel-2.6.18-53.1.6.el5.x86_64.rpm
   Dependancies:
kernel-module-fuse-2.6.18-53.1.6.el5-2.6.3-1.el5_1.x86_64.rpm
kernel-module-fuse-2.6.18-53.1.6.el5xen-2.6.3-1.el5_1.x86_64.rpm
kernel-module-fuse-2.6.18-8.1.8.el5-2.6.3-1.SL.x86_64.rpm
kernel-module-fuse-2.6.18-8.1.8.el5-2.6.3-1SL.x86_64.rpm
kernel-module-ipw3945-2.6.18-53.1.6.el5-1.2.0-2.el5_1.x86_64.rpm
kernel-module-ipw3945-2.6.18-53.1.6.el5xen-1.2.0-2.el5_1.x86_64.rpm
kernel-module-madwifi-2.6.18-53.1.6.el5-0.9.3.3-12.el5_1.x86_64.rpm
kernel-module-madwifi-2.6.18-53.1.6.el5xen-0.9.3.3-12.el5_1.x86_64.rpm
kernel-module-madwifi-hal-2.6.18-53.1.6.el5-0.9.3.3-12.el5_1.x86_64.rpm
kernel-module-madwifi-hal-2.6.18-53.1.6.el5xen-0.9.3.3-12.el5_1.x86_64.rpm
kernel-module-ndiswrapper-2.6.18-53.1.6.el5-1.41-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.18-53.1.6.el5xen-1.41-1.SL.x86_64.rpm
kernel-module-openafs-2.6.18-53.1.4.el5-1.4.6-58.SL5.x86_64.rpm
kernel-module-openafs-2.6.18-53.1.4.el5xen-1.4.6-58.SL5.x86_64.rpm
kernel-module-openafs-2.6.18-53.1.6.el5-1.4.6-58.SL5.x86_64.rpm
kernel-module-openafs-2.6.18-53.1.6.el5xen-1.4.6-58.SL5.x86_64.rpm
kernel-module-r1000-2.6.18-53.1.6.el5-1.05-1.sl.x86_64.rpm
kernel-module-r1000-2.6.18-53.1.6.el5xen-1.05-1.sl.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2