Subject: | |
From: | |
Reply To: | |
Date: | Thu, 6 Nov 2008 11:30:47 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Important: kernel security and bug fix update
Issue date: 2008-11-04
CVE Names: CVE-2006-5755 CVE-2007-5907 CVE-2008-2372
CVE-2008-3276 CVE-2008-3527 CVE-2008-3833
CVE-2008-4210 CVE-2008-4302
* the Xen implementation did not prevent applications running in a
para-virtualized guest from modifying CR4 TSC. This could cause a local
denial of service. (CVE-2007-5907, Important)
* Tavis Ormandy reported missing boundary checks in the Virtual Dynamic
Shared Objects (vDSO) implementation. This could allow a local unprivileged
user to cause a denial of service or escalate privileges. (CVE-2008-3527,
Important)
* the do_truncate() and generic_file_splice_write() functions did not clear
the setuid and setgid bits. This could allow a local unprivileged user to
obtain access to privileged information. (CVE-2008-4210, CVE-2008-3833,
Important)
* a flaw was found in the Linux kernel splice implementation. This could
cause a local denial of service when there is a certain failure in the
add_to_page_cache_lru() function. (CVE-2008-4302, Important)
* a flaw was found in the Linux kernel when running on AMD64 systems.
During a context switch, EFLAGS were being neither saved nor restored. This
could allow a local unprivileged user to cause a denial of service.
(CVE-2006-5755, Low)
* a flaw was found in the Linux kernel virtual memory implementation. This
could allow a local unprivileged user to cause a denial of service.
(CVE-2008-2372, Low)
* an integer overflow was discovered in the Linux kernel Datagram
Congestion Control Protocol (DCCP) implementation. This could allow a
remote attacker to cause a denial of service. By default, remote DCCP is
blocked by SELinux. (CVE-2008-3276, Low)
In addition, these updated packages fix the following bugs:
* random32() seeding has been improved.
* in a multi-core environment, a race between the QP async event-handler
and the destro_qp() function could occur. This led to unpredictable results
during invalid memory access, which could lead to a kernel crash.
* a format string was omitted in the call to the request_module() function.
* a stack overflow caused by an infinite recursion bug in the binfmt_misc
kernel module was corrected.
* the ata_scsi_rbuf_get() and ata_scsi_rbuf_put() functions now check for
scatterlist usage before calling kmap_atomic().
* a sentinel NUL byte was added to the device_write() function to ensure
that lspace.name is NUL-terminated.
* in the character device driver, a range_is_allowed() check was added to
the read_mem() and write_mem() functions. It was possible for an
illegitimate application to bypass these checks, and access /dev/mem beyond
the 1M limit by calling mmap_mem() instead. Also, the parameters of
range_is_allowed() were changed to cleanly handle greater than 32-bits of
physical address on 32-bit architectures.
* some of the newer Nehalem-based systems declare their CPU DSDT entries as
type "Alias". During boot, this caused an "Error attaching device data"
message to be logged.
* the evtchn event channel device lacked locks and memory barriers. This
has led to xenstore becoming unresponsive on the ItaniumŪ architecture.
* sending of gratuitous ARP packets in the Xen frontend network driver is
now delayed until the backend signals that its carrier status has been
processed by the stack.
* on forcedeth devices, whenever setting ethtool parameters for link speed,
the device could stop receiving interrupts.
* the CIFS 'forcedirectio' option did not allow text to be appended to files.
* the gettimeofday() function returned a backwards time on IntelŪ 64.
* residual-count corrections during UNDERRUN handling were added to the
qla2xxx driver.
* the fix for a small quirk was removed for certain Adaptec controllers for
which it caused problems.
* the "xm trigger init" command caused a domain panic if a userland
application was running on a guest on the IntelŪ 64 architecture.
SL 5.x
SRPMS:
kernel-2.6.18-92.1.17.el5.src.rpm
i386:
kernel-2.6.18-92.1.17.el5.i686.rpm
kernel-debug-2.6.18-92.1.17.el5.i686.rpm
kernel-debug-devel-2.6.18-92.1.17.el5.i686.rpm
kernel-devel-2.6.18-92.1.17.el5.i686.rpm
kernel-doc-2.6.18-92.1.17.el5.noarch.rpm
kernel-headers-2.6.18-92.1.17.el5.i386.rpm
kernel-PAE-2.6.18-92.1.17.el5.i686.rpm
kernel-PAE-devel-2.6.18-92.1.17.el5.i686.rpm
kernel-xen-2.6.18-92.1.17.el5.i686.rpm
kernel-xen-devel-2.6.18-92.1.17.el5.i686.rpm
Dependancies:
kernel-module-fuse-2.6.18-92.1.17.el5-2.6.3-1.sl5.i686.rpm
kernel-module-fuse-2.6.18-92.1.17.el5PAE-2.6.3-1.sl5.i686.rpm
kernel-module-fuse-2.6.18-92.1.17.el5xen-2.6.3-1.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-92.1.17.el5-1.2.0-2.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-92.1.17.el5PAE-1.2.0-2.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-92.1.17.el5xen-1.2.0-2.sl5.i686.rpm
kernel-module-madwifi-2.6.18-92.1.17.el5-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-2.6.18-92.1.17.el5PAE-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-2.6.18-92.1.17.el5xen-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-92.1.17.el5-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-92.1.17.el5PAE-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-92.1.17.el5xen-0.9.4-15.sl5.i686.rpm
kernel-module-ndiswrapper-2.6.18-92.1.17.el5-1.53-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.18-92.1.17.el5PAE-1.53-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.18-92.1.17.el5xen-1.53-1.SL.i686.rpm
kernel-module-openafs-2.6.18-92.1.17.el5-1.4.7-68.SL5.i686.rpm
kernel-module-openafs-2.6.18-92.1.17.el5PAE-1.4.7-68.SL5.i686.rpm
kernel-module-openafs-2.6.18-92.1.17.el5xen-1.4.7-68.SL5.i686.rpm
kernel-module-xfs-2.6.18-92.1.17.el5-0.4-1.sl5.i686.rpm
kernel-module-xfs-2.6.18-92.1.17.el5PAE-0.4-1.sl5.i686.rpm
kernel-module-xfs-2.6.18-92.1.17.el5xen-0.4-1.sl5.i686.rpm
x86_64:
kernel-2.6.18-92.1.17.el5.x86_64.rpm
kernel-debug-2.6.18-92.1.17.el5.x86_64.rpm
kernel-debug-devel-2.6.18-92.1.17.el5.x86_64.rpm
kernel-devel-2.6.18-92.1.17.el5.x86_64.rpm
kernel-doc-2.6.18-92.1.17.el5.noarch.rpm
kernel-headers-2.6.18-92.1.17.el5.x86_64.rpm
kernel-xen-2.6.18-92.1.17.el5.x86_64.rpm
kernel-xen-devel-2.6.18-92.1.17.el5.x86_64.rpm
Dependancies:
kernel-module-fuse-2.6.18-92.1.17.el5-2.6.3-1.sl5.x86_64.rpm
kernel-module-fuse-2.6.18-92.1.17.el5xen-2.6.3-1.sl5.x86_64.rpm
kernel-module-ipw3945-2.6.18-92.1.17.el5-1.2.0-2.sl5.x86_64.rpm
kernel-module-ipw3945-2.6.18-92.1.17.el5xen-1.2.0-2.sl5.x86_64.rpm
kernel-module-madwifi-2.6.18-92.1.17.el5-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-2.6.18-92.1.17.el5xen-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-hal-2.6.18-92.1.17.el5-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-hal-2.6.18-92.1.17.el5xen-0.9.4-15.sl5.x86_64.rpm
kernel-module-ndiswrapper-2.6.18-92.1.17.el5-1.53-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.18-92.1.17.el5xen-1.53-1.SL.x86_64.rpm
kernel-module-openafs-2.6.18-92.1.17.el5-1.4.7-68.SL5.x86_64.rpm
kernel-module-openafs-2.6.18-92.1.17.el5xen-1.4.7-68.SL5.x86_64.rpm
kernel-module-xfs-2.6.18-92.1.17.el5-0.4-1.sl5.x86_64.rpm
kernel-module-xfs-2.6.18-92.1.17.el5xen-0.4-1.sl5.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|