LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

November 2008

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA November 2008

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]
Subject:	Security ERRATA for kernel on SL5.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Wed, 12 Nov 2008 12:24:46 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (163 lines)
Synopsis:       Important: kernel security and bug fix update
Issue date:     2008-11-04
Last updated on:  2008-11-12
CVE Names:      CVE-2006-5755 CVE-2007-5907 CVE-2008-2372
                  CVE-2008-3276 CVE-2008-3527 CVE-2008-3833
                  CVE-2008-4210 CVE-2008-4302

[Updated 12th November 2008]
The original packages distributed with this errata had a bug which
prevented the Xen kernel booting on older hardware. We have updated the
packages to correct this bug.

* the Xen implementation did not prevent applications running in a
para-virtualized guest from modifying CR4 TSC. This could cause a local
denial of service. (CVE-2007-5907, Important)

* Tavis Ormandy reported missing boundary checks in the Virtual Dynamic
Shared Objects (vDSO) implementation. This could allow a local unprivileged
user to cause a denial of service or escalate privileges. (CVE-2008-3527,
Important)

* the do_truncate() and generic_file_splice_write() functions did not clear
the setuid and setgid bits. This could allow a local unprivileged user to
obtain access to privileged information. (CVE-2008-4210, CVE-2008-3833,
Important)

* a flaw was found in the Linux kernel splice implementation. This could
cause a local denial of service when there is a certain failure in the
add_to_page_cache_lru() function. (CVE-2008-4302, Important)

* a flaw was found in the Linux kernel when running on AMD64 systems.
During a context switch, EFLAGS were being neither saved nor restored. This
could allow a local unprivileged user to cause a denial of service.
(CVE-2006-5755, Low)

* a flaw was found in the Linux kernel virtual memory implementation. This
could allow a local unprivileged user to cause a denial of service.
(CVE-2008-2372, Low)

* an integer overflow was discovered in the Linux kernel Datagram
Congestion Control Protocol (DCCP) implementation. This could allow a
remote attacker to cause a denial of service. By default, remote DCCP is
blocked by SELinux. (CVE-2008-3276, Low)

In addition, these updated packages fix the following bugs:

* random32() seeding has been improved.

* in a multi-core environment, a race between the QP async event-handler
and the destro_qp() function could occur. This led to unpredictable results
during invalid memory access, which could lead to a kernel crash.

* a format string was omitted in the call to the request_module() function.

* a stack overflow caused by an infinite recursion bug in the binfmt_misc
kernel module was corrected.

* the ata_scsi_rbuf_get() and ata_scsi_rbuf_put() functions now check for
scatterlist usage before calling kmap_atomic().

* a sentinel NUL byte was added to the device_write() function to ensure
that lspace.name is NUL-terminated.

* in the character device driver, a range_is_allowed() check was added to
the read_mem() and write_mem() functions. It was possible for an
illegitimate application to bypass these checks, and access /dev/mem beyond
the 1M limit by calling mmap_mem() instead. Also, the parameters of
range_is_allowed() were changed to cleanly handle greater than 32-bits of
physical address on 32-bit architectures.

* some of the newer Nehalem-based systems declare their CPU DSDT entries as
type "Alias". During boot, this caused an "Error attaching device data"
message to be logged.

* the evtchn event channel device lacked locks and memory barriers. This
has led to xenstore becoming unresponsive on the Itanium® architecture.

* sending of gratuitous ARP packets in the Xen frontend network driver is
now delayed until the backend signals that its carrier status has been
processed by the stack.

* on forcedeth devices, whenever setting ethtool parameters for link speed,
the device could stop receiving interrupts.

* the CIFS 'forcedirectio' option did not allow text to be appended to files.

* the gettimeofday() function returned a backwards time on Intel® 64.

* residual-count corrections during UNDERRUN handling were added to the
qla2xxx driver.

* the fix for a small quirk was removed for certain Adaptec controllers for
which it caused problems.

* the "xm trigger init" command caused a domain panic if a userland
application was running on a guest on the Intel® 64 architecture.

SL 5.x

     SRPMS:
kernel-2.6.18-92.1.18.el5.src.rpm
     i386:
kernel-2.6.18-92.1.18.el5.i686.rpm
kernel-debug-2.6.18-92.1.18.el5.i686.rpm
kernel-debug-devel-2.6.18-92.1.18.el5.i686.rpm
kernel-devel-2.6.18-92.1.18.el5.i686.rpm
kernel-doc-2.6.18-92.1.18.el5.noarch.rpm
kernel-headers-2.6.18-92.1.18.el5.i386.rpm
kernel-PAE-2.6.18-92.1.18.el5.i686.rpm
kernel-PAE-devel-2.6.18-92.1.18.el5.i686.rpm
kernel-xen-2.6.18-92.1.18.el5.i686.rpm
kernel-xen-devel-2.6.18-92.1.18.el5.i686.rpm
    Dependancies:
kernel-module-fuse-2.6.18-92.1.18.el5-2.6.3-1.sl5.i686.rpm
kernel-module-fuse-2.6.18-92.1.18.el5PAE-2.6.3-1.sl5.i686.rpm
kernel-module-fuse-2.6.18-92.1.18.el5xen-2.6.3-1.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-92.1.18.el5-1.2.0-2.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-92.1.18.el5PAE-1.2.0-2.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-92.1.18.el5xen-1.2.0-2.sl5.i686.rpm
kernel-module-madwifi-2.6.18-92.1.18.el5-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-2.6.18-92.1.18.el5PAE-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-2.6.18-92.1.18.el5xen-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-92.1.18.el5-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-92.1.18.el5PAE-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-92.1.18.el5xen-0.9.4-15.sl5.i686.rpm
kernel-module-ndiswrapper-2.6.18-92.1.18.el5-1.53-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.18-92.1.18.el5PAE-1.53-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.18-92.1.18.el5xen-1.53-1.SL.i686.rpm
kernel-module-openafs-2.6.18-92.1.18.el5-1.4.7-68.SL5.i686.rpm
kernel-module-openafs-2.6.18-92.1.18.el5PAE-1.4.7-68.SL5.i686.rpm
kernel-module-openafs-2.6.18-92.1.18.el5xen-1.4.7-68.SL5.i686.rpm
kernel-module-xfs-2.6.18-92.1.18.el5-0.4-1.sl5.i686.rpm
kernel-module-xfs-2.6.18-92.1.18.el5PAE-0.4-1.sl5.i686.rpm
kernel-module-xfs-2.6.18-92.1.18.el5xen-0.4-1.sl5.i686.rpm

     x86_64:
kernel-2.6.18-92.1.18.el5.x86_64.rpm
kernel-debug-2.6.18-92.1.18.el5.x86_64.rpm
kernel-debug-devel-2.6.18-92.1.18.el5.x86_64.rpm
kernel-devel-2.6.18-92.1.18.el5.x86_64.rpm
kernel-doc-2.6.18-92.1.18.el5.noarch.rpm
kernel-headers-2.6.18-92.1.18.el5.x86_64.rpm
kernel-xen-2.6.18-92.1.18.el5.x86_64.rpm
kernel-xen-devel-2.6.18-92.1.18.el5.x86_64.rpm
    Dependancies:
kernel-module-fuse-2.6.18-92.1.18.el5-2.6.3-1.sl5.x86_64.rpm
kernel-module-fuse-2.6.18-92.1.18.el5xen-2.6.3-1.sl5.x86_64.rpm
kernel-module-ipw3945-2.6.18-92.1.18.el5-1.2.0-2.sl5.x86_64.rpm
kernel-module-ipw3945-2.6.18-92.1.18.el5xen-1.2.0-2.sl5.x86_64.rpm
kernel-module-madwifi-2.6.18-92.1.18.el5-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-2.6.18-92.1.18.el5xen-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-hal-2.6.18-92.1.18.el5-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-hal-2.6.18-92.1.18.el5xen-0.9.4-15.sl5.x86_64.rpm
kernel-module-ndiswrapper-2.6.18-92.1.18.el5-1.53-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.18-92.1.18.el5xen-1.53-1.SL.x86_64.rpm
kernel-module-openafs-2.6.18-92.1.18.el5-1.4.7-68.SL5.x86_64.rpm
kernel-module-openafs-2.6.18-92.1.18.el5xen-1.4.7-68.SL5.x86_64.rpm
kernel-module-xfs-2.6.18-92.1.18.el5-0.4-1.sl5.x86_64.rpm
kernel-module-xfs-2.6.18-92.1.18.el5xen-0.4-1.sl5.x86_64.rpm

-Connie Sieh
-Troy Dawson
ATOM RSS1 RSS2
LISTSERV.FNAL.GOV