SCIENTIFIC-LINUX-ERRATA Archives

May 2008

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Security ERRATA for kernel on SL4.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Wed, 14 May 2008 15:46:42 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (235 lines) 
GFS and Cluster kernel modules are now available for this kernel.

   i386:
cman-kernel-2.6.9-53.12.i686.rpm
cman-kernel-hugemem-2.6.9-53.12.i686.rpm
cman-kernel-smp-2.6.9-53.12.i686.rpm
cman-kernel-xenU-2.6.9-53.12.i686.rpm
cman-kernheaders-2.6.9-53.12.i686.rpm
cmirror-kernel-2.6.9-38.12.i686.rpm
cmirror-kernel-hugemem-2.6.9-38.12.i686.rpm
cmirror-kernel-smp-2.6.9-38.12.i686.rpm
cmirror-kernel-xenU-2.6.9-38.12.i686.rpm
dlm-kernel-2.6.9-52.9.i686.rpm
dlm-kernel-hugemem-2.6.9-52.9.i686.rpm
dlm-kernel-smp-2.6.9-52.9.i686.rpm
dlm-kernel-xenU-2.6.9-52.9.i686.rpm
dlm-kernheaders-2.6.9-52.9.i686.rpm
GFS-6.1.15-3.i386.rpm
GFS-kernel-2.6.9-75.17.i686.rpm
GFS-kernel-hugemem-2.6.9-75.17.i686.rpm
GFS-kernel-smp-2.6.9-75.17.i686.rpm
GFS-kernel-xenU-2.6.9-75.17.i686.rpm
GFS-kernheaders-2.6.9-75.17.i686.rpm
gnbd-kernel-2.6.9-10.37.i686.rpm
gnbd-kernel-hugemem-2.6.9-10.37.i686.rpm
gnbd-kernel-smp-2.6.9-10.37.i686.rpm
gnbd-kernel-xenU-2.6.9-10.37.i686.rpm
gnbd-kernheaders-2.6.9-10.37.i686.rpm
system-config-cluster-1.0.51-2.0.el4_6.2.noarch.rpm

   x86_64:
cman-kernel-2.6.9-53.12.x86_64.rpm
cman-kernel-largesmp-2.6.9-53.12.x86_64.rpm
cman-kernel-smp-2.6.9-53.12.x86_64.rpm
cman-kernel-xenU-2.6.9-53.12.x86_64.rpm
cman-kernheaders-2.6.9-53.12.x86_64.rpm
cmirror-kernel-2.6.9-38.12.x86_64.rpm
cmirror-kernel-largesmp-2.6.9-38.12.x86_64.rpm
cmirror-kernel-smp-2.6.9-38.12.x86_64.rpm
cmirror-kernel-xenU-2.6.9-38.12.x86_64.rpm
dlm-kernel-2.6.9-52.9.x86_64.rpm
dlm-kernel-largesmp-2.6.9-52.9.x86_64.rpm
dlm-kernel-smp-2.6.9-52.9.x86_64.rpm
dlm-kernel-xenU-2.6.9-52.9.x86_64.rpm
dlm-kernheaders-2.6.9-52.9.x86_64.rpm
GFS-6.1.15-3.x86_64.rpm
GFS-kernel-2.6.9-75.17.x86_64.rpm
GFS-kernel-largesmp-2.6.9-75.17.x86_64.rpm
GFS-kernel-smp-2.6.9-75.17.x86_64.rpm
GFS-kernel-xenU-2.6.9-75.17.x86_64.rpm
GFS-kernheaders-2.6.9-75.17.x86_64.rpm
gnbd-kernel-2.6.9-10.37.x86_64.rpm
gnbd-kernel-largesmp-2.6.9-10.37.x86_64.rpm
gnbd-kernel-smp-2.6.9-10.37.x86_64.rpm
gnbd-kernel-xenU-2.6.9-10.37.x86_64.rpm
gnbd-kernheaders-2.6.9-10.37.x86_64.rpm
system-config-cluster-1.0.51-2.0.el4_6.2.noarch.rpm


Troy Dawson wrote:
> Synopsis:       Important: kernel security and bug fix update
> Issue date:     2008-05-07
> CVE Names:      CVE-2005-0504 CVE-2007-6282 CVE-2008-0007
>                  CVE-2008-1375 CVE-2008-1615 CVE-2008-1669
> 
> These updated packages fix the following security issues:
> 
> * the absence of a protection mechanism when attempting to access a
> critical section of code has been found in the Linux kernel open file
> descriptors control mechanism, fcntl. This could allow a local
> unprivileged user to simultaneously execute code, which would otherwise
> be protected against parallel execution. As well, a race condition when
> handling locks in the Linux kernel fcntl functionality, may have allowed
> a process belonging to a local unprivileged user to gain re-ordered
> access to the descriptor table.
> (CVE-2008-1669, Important)
> 
> * on AMD64 architectures, the possibility of a kernel crash was
> discovered by testing the Linux kernel process-trace ability. This could
> allow a local unprivileged user to cause a denial of service (kernel crash).
> (CVE-2008-1615, Important)
> 
> * the absence of a protection mechanism when attempting to access a
> critical section of code, as well as a race condition, have been found
> in the Linux kernel file system event notifier, dnotify. This could
> allow a local unprivileged user to get inconsistent data, or to send
> arbitrary signals to arbitrary system processes.
> (CVE-2008-1375, Important)
> 
> * when accessing kernel memory locations, certain Linux kernel drivers
> registering a fault handler did not perform required range checks. A
> local unprivileged user could use this flaw to gain read or write access
> to arbitrary kernel memory, or possibly cause a kernel crash.
> (CVE-2008-0007, Important)
> 
> * the possibility of a kernel crash was found in the Linux kernel IPsec
> protocol implementation, due to improper handling of fragmented ESP
> packets. When an attacker controlling an intermediate router fragmented
> these packets into very small pieces, it would cause a kernel crash on
> the receiving node during packet reassembly.
> (CVE-2007-6282, Important)
> 
> * a flaw in the MOXA serial driver could allow a local unprivileged user
> to perform privileged operations, such as replacing firmware.
> (CVE-2005-0504, Important)
> 
> As well, these updated packages fix the following bugs:
> 
> * multiple buffer overflows in the neofb driver have been resolved. It
> was not possible for an unprivileged user to exploit these issues, and
> as such, they have not been handled as security issues.
> 
> * a kernel panic, due to inconsistent detection of AGP aperture size,
> has been resolved.
> 
> * a race condition in UNIX domain sockets may have caused "recv()" to
> return zero. In clustered configurations, this may have caused
> unexpected failovers.
> 
> * to prevent link storms, network link carrier events were delayed by up
> to one second, causing unnecessary packet loss. Now, link carrier events
> are scheduled immediately.
> 
> * a client-side race on blocking locks caused large time delays on NFS
> file systems.
> 
> * in certain situations, the libATA sata_nv driver may have sent
> commands with duplicate tags, which were rejected by SATA devices. This
> may have caused infinite reboots.
> 
> * running the "service network restart" command may have caused
> networking to fail.
> 
> * a bug in NFS caused cached information about directories to be stored
> for too long, causing wrong attributes to be read.
> 
> * on systems with a large highmem/lowmem ratio, NFS write performance
> may have been very slow when using small files.
> 
> * a bug, which caused network hangs when the system clock was wrapped
> around zero, has been resolved.
> 
> SL 4.x
> 
>     SRPMS:
> kernel-2.6.9-67.0.15.EL.src.rpm
>     i386:
> kernel-2.6.9-67.0.15.EL.i686.rpm
> kernel-devel-2.6.9-67.0.15.EL.i686.rpm
> kernel-doc-2.6.9-67.0.15.EL.noarch.rpm
> kernel-hugemem-2.6.9-67.0.15.EL.i686.rpm
> kernel-hugemem-devel-2.6.9-67.0.15.EL.i686.rpm
> kernel-smp-2.6.9-67.0.15.EL.i686.rpm
> kernel-smp-devel-2.6.9-67.0.15.EL.i686.rpm
> kernel-xenU-2.6.9-67.0.15.EL.i686.rpm
> kernel-xenU-devel-2.6.9-67.0.15.EL.i686.rpm
>    Dependancies:
> kernel-module-fuse-2.6.9-67.0.15.EL-2.5.3-1.SL.i686.rpm
> kernel-module-fuse-2.6.9-67.0.15.ELhugemem-2.5.3-1.SL.i686.rpm
> kernel-module-fuse-2.6.9-67.0.15.ELsmp-2.5.3-1.SL.i686.rpm
> kernel-module-fuse-2.6.9-67.0.15.ELxenU-2.5.3-1.SL.i686.rpm
> kernel-module-ipw3945-2.6.9-67.0.15.EL-1.1.0-1.SL4.i686.rpm
> kernel-module-ipw3945-2.6.9-67.0.15.ELhugemem-1.1.0-1.SL4.i686.rpm
> kernel-module-ipw3945-2.6.9-67.0.15.ELsmp-1.1.0-1.SL4.i686.rpm
> kernel-module-ipw3945-2.6.9-67.0.15.ELxenU-1.1.0-1.SL4.i686.rpm
> kernel-module-madwifi-2.6.9-67.0.15.EL-0.9.3.3-10.sl4.i686.rpm
> kernel-module-madwifi-2.6.9-67.0.15.ELhugemem-0.9.3.3-10.sl4.i686.rpm
> kernel-module-madwifi-2.6.9-67.0.15.ELsmp-0.9.3.3-10.sl4.i686.rpm
> kernel-module-madwifi-hal-2.6.9-67.0.15.EL-0.9.3.3-10.sl4.i686.rpm
> kernel-module-madwifi-hal-2.6.9-67.0.15.ELhugemem-0.9.3.3-10.sl4.i686.rpm
> kernel-module-madwifi-hal-2.6.9-67.0.15.ELsmp-0.9.3.3-10.sl4.i686.rpm
> kernel-module-ndiswrapper-2.6.9-67.0.15.EL-1.41-1.SL.i686.rpm
> kernel-module-ndiswrapper-2.6.9-67.0.15.ELhugemem-1.41-1.SL.i686.rpm
> kernel-module-ndiswrapper-2.6.9-67.0.15.ELsmp-1.41-1.SL.i686.rpm
> kernel-module-ndiswrapper-2.6.9-67.0.15.ELxenU-1.41-1.SL.i686.rpm
> kernel-module-openafs-2.6.9-67.0.15.EL-1.4.6-58.SL4.i686.rpm
> kernel-module-openafs-2.6.9-67.0.15.ELhugemem-1.4.6-58.SL4.i686.rpm
> kernel-module-openafs-2.6.9-67.0.15.ELsmp-1.4.6-58.SL4.i686.rpm
> kernel-module-openafs-2.6.9-67.0.15.ELxenU-1.4.6-58.SL4.i686.rpm
> kernel-module-r1000-2.6.9-67.0.15.EL-2.2-2.SL4x.i686.rpm
> kernel-module-r1000-2.6.9-67.0.15.ELhugemem-2.2-2.SL4x.i686.rpm
> kernel-module-r1000-2.6.9-67.0.15.ELsmp-2.2-2.SL4x.i686.rpm
> kernel-module-r1000-2.6.9-67.0.15.ELxenU-2.2-2.SL4x.i686.rpm
> 
> 
>     x86_64:
> kernel-2.6.9-67.0.15.EL.x86_64.rpm
> kernel-devel-2.6.9-67.0.15.EL.x86_64.rpm
> kernel-doc-2.6.9-67.0.15.EL.noarch.rpm
> kernel-largesmp-2.6.9-67.0.15.EL.x86_64.rpm
> kernel-largesmp-devel-2.6.9-67.0.15.EL.x86_64.rpm
> kernel-smp-2.6.9-67.0.15.EL.x86_64.rpm
> kernel-smp-devel-2.6.9-67.0.15.EL.x86_64.rpm
> kernel-xenU-2.6.9-67.0.15.EL.x86_64.rpm
> kernel-xenU-devel-2.6.9-67.0.15.EL.x86_64.rpm
>    Dependancies:
> kernel-module-fuse-2.6.9-67.0.15.EL-2.5.3-1.SL.x86_64.rpm
> kernel-module-fuse-2.6.9-67.0.15.ELlargesmp-2.5.3-1.SL.x86_64.rpm
> kernel-module-fuse-2.6.9-67.0.15.ELsmp-2.5.3-1.SL.x86_64.rpm
> kernel-module-fuse-2.6.9-67.0.15.ELxenU-2.5.3-1.SL.x86_64.rpm
> kernel-module-ipw3945-2.6.9-67.0.15.EL-1.1.0-1.SL4.x86_64.rpm
> kernel-module-ipw3945-2.6.9-67.0.15.ELlargesmp-1.1.0-1.SL4.x86_64.rpm
> kernel-module-ipw3945-2.6.9-67.0.15.ELsmp-1.1.0-1.SL4.x86_64.rpm
> kernel-module-ipw3945-2.6.9-67.0.15.ELxenU-1.1.0-1.SL4.x86_64.rpm
> kernel-module-madwifi-2.6.9-67.0.15.EL-0.9.3.3-10.sl4.x86_64.rpm
> kernel-module-madwifi-2.6.9-67.0.15.ELlargesmp-0.9.3.3-10.sl4.x86_64.rpm
> kernel-module-madwifi-2.6.9-67.0.15.ELsmp-0.9.3.3-10.sl4.x86_64.rpm
> kernel-module-madwifi-hal-2.6.9-67.0.15.EL-0.9.3.3-10.sl4.x86_64.rpm
> kernel-module-madwifi-hal-2.6.9-67.0.15.ELlargesmp-0.9.3.3-10.sl4.x86_64.rpm
> kernel-module-madwifi-hal-2.6.9-67.0.15.ELsmp-0.9.3.3-10.sl4.x86_64.rpm
> kernel-module-ndiswrapper-2.6.9-67.0.15.EL-1.41-1.SL.x86_64.rpm
> kernel-module-ndiswrapper-2.6.9-67.0.15.ELlargesmp-1.41-1.SL.x86_64.rpm
> kernel-module-ndiswrapper-2.6.9-67.0.15.ELsmp-1.41-1.SL.x86_64.rpm
> kernel-module-ndiswrapper-2.6.9-67.0.15.ELxenU-1.41-1.SL.x86_64.rpm
> kernel-module-openafs-2.6.9-67.0.15.EL-1.4.6-58.SL4.x86_64.rpm
> kernel-module-openafs-2.6.9-67.0.15.ELlargesmp-1.4.6-58.SL4.x86_64.rpm
> kernel-module-openafs-2.6.9-67.0.15.ELsmp-1.4.6-58.SL4.x86_64.rpm
> kernel-module-openafs-2.6.9-67.0.15.ELxenU-1.4.6-58.SL4.x86_64.rpm
> kernel-module-r1000-2.6.9-67.0.15.EL-2.2-2.SL4x.x86_64.rpm
> kernel-module-r1000-2.6.9-67.0.15.ELlargesmp-2.2-2.SL4x.x86_64.rpm
> kernel-module-r1000-2.6.9-67.0.15.ELsmp-2.2-2.SL4x.x86_64.rpm
> kernel-module-r1000-2.6.9-67.0.15.ELxenU-2.2-2.SL4x.x86_64.rpm
> 
> -Connie Sieh
> -Troy Dawson
> 
> 


-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI DSS Group
__________________________________________________

ATOM RSS1 RSS2