LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

January 2009

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA January 2009

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]
Subject:	Security ERRATA Important: kernel on SL4.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Thu, 15 Jan 2009 15:58:44 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (170 lines)
Synopsis:	Important: kernel security and bug fix update
Issue date:	2009-01-14
CVE Names:	CVE-2008-3275 CVE-2008-4933 CVE-2008-4934
                 CVE-2008-5025 CVE-2008-5029 CVE-2008-5300
                 CVE-2008-5702

This update addresses the following security issues:

* the sendmsg() function in the Linux kernel did not block during UNIX
socket garbage collection. This could, potentially, lead to a local denial
of service. (CVE-2008-5300, Important)

* when fput() was called to close a socket, the __scm_destroy() function in
the Linux kernel could make indirect recursive calls to itself. This could,
potentially, lead to a local denial of service. (CVE-2008-5029, Important)

* a deficiency was found in the Linux kernel virtual file system (VFS)
implementation. This could allow a local, unprivileged user to make a
series of file creations within deleted directories, possibly causing a
denial of service. (CVE-2008-3275, Moderate)

* a buffer underflow flaw was found in the Linux kernel IB700 SBC watchdog
timer driver. This deficiency could lead to a possible information leak. By
default, the "/dev/watchdog" device is accessible only to the root user.
(CVE-2008-5702, Low)

* the hfs and hfsplus file systems code failed to properly handle corrupted
data structures. This could, potentially, lead to a local denial of
service. (CVE-2008-4933, CVE-2008-5025, Low)

* a flaw was found in the hfsplus file system implementation. This could,
potentially, lead to a local denial of service when write operations were
performed. (CVE-2008-4934, Low)

This update also fixes the following bugs:

* when running Red Hat Enterprise Linux 4.6 and 4.7 on some systems running
Intel® CPUs, the cpuspeed daemon did not run, preventing the CPU speed from
being changed, such as not being reduced to an idle state when not in use.

* mmap() could be used to gain access to beyond the first megabyte of RAM,
due to insufficient checks in the Linux kernel code. Checks have been added
to prevent this.

* attempting to turn keyboard LEDs on and off rapidly on keyboards with
slow keyboard controllers, may have caused key presses to fail.

* after migrating a hypervisor guest, the MAC address table was not
updated, causing packet loss and preventing network connections to the
guest. Now, a gratuitous ARP request is sent after migration. This
refreshes the ARP caches, minimizing network downtime.

* writing crash dumps with diskdump may have caused a kernel panic on
Non-Uniform Memory Access (NUMA) systems with certain memory
configurations.

* on big-endian systems, such as PowerPC, the getsockopt() function
incorrectly returned 0 depending on the parameters passed to it when the
time to live (TTL) value equaled 255, possibly causing memory corruption
and application crashes.

* a problem in the kernel packages provided by the RHSA-2008:0508 advisory
caused the Linux kernel's built-in memory copy procedure to return the
wrong error code after recovering from a page fault on AMD64 and Intel 64
systems. This may have caused other Linux kernel functions to return wrong
error codes.

* a divide-by-zero bug in the Linux kernel process scheduler, which may
have caused kernel panics on certain systems, has been resolved.

* the netconsole kernel module caused the Linux kernel to hang when slave
interfaces of bonded network interfaces were started, resulting in a system
hang or kernel panic when restarting the network.

* the "/proc/xen/" directory existed even if systems were not running Red
Hat Virtualization. This may have caused problems for third-party software
that checks virtualization-ability based on the existence of "/proc/xen/".
Note: this update will remove the "/proc/xen/" directory on systems not
running Red Hat Virtualization.

This updated kernel-utils package adds an enhancement in the way of proper
support for user-space frequency-scaling on multi-core systems.

SL 4.x

     SRPMS:
kernel-2.6.9-78.0.13.EL.src.rpm
kernel-utils-2.4-14.1.117.2.1.src.rpm
     i386:
kernel-2.6.9-78.0.13.EL.i686.rpm
kernel-devel-2.6.9-78.0.13.EL.i686.rpm
kernel-doc-2.6.9-78.0.13.EL.noarch.rpm
kernel-hugemem-2.6.9-78.0.13.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.13.EL.i686.rpm
kernel-smp-2.6.9-78.0.13.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.13.EL.i686.rpm
kernel-utils-2.4-14.1.117.2.1.i386.rpm
kernel-xenU-2.6.9-78.0.13.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.13.EL.i686.rpm
   Dependancies:
kernel-module-fuse-2.6.9-78.0.13.EL-2.7.3-1.SL.i686.rpm
kernel-module-fuse-2.6.9-78.0.13.ELhugemem-2.7.3-1.SL.i686.rpm
kernel-module-fuse-2.6.9-78.0.13.ELsmp-2.7.3-1.SL.i686.rpm
kernel-module-fuse-2.6.9-78.0.13.ELxenU-2.7.3-1.SL.i686.rpm
kernel-module-ipw3945-2.6.9-78.0.13.EL-1.1.0-1.SL4.i686.rpm
kernel-module-ipw3945-2.6.9-78.0.13.ELhugemem-1.1.0-1.SL4.i686.rpm
kernel-module-ipw3945-2.6.9-78.0.13.ELsmp-1.1.0-1.SL4.i686.rpm
kernel-module-ipw3945-2.6.9-78.0.13.ELxenU-1.1.0-1.SL4.i686.rpm
kernel-module-madwifi-2.6.9-78.0.13.EL-0.9.4-10.sl4.i686.rpm
kernel-module-madwifi-2.6.9-78.0.13.ELhugemem-0.9.4-10.sl4.i686.rpm
kernel-module-madwifi-2.6.9-78.0.13.ELsmp-0.9.4-10.sl4.i686.rpm
kernel-module-madwifi-hal-2.6.9-78.0.13.EL-0.9.4-10.sl4.i686.rpm
kernel-module-madwifi-hal-2.6.9-78.0.13.ELhugemem-0.9.4-10.sl4.i686.rpm
kernel-module-madwifi-hal-2.6.9-78.0.13.ELsmp-0.9.4-10.sl4.i686.rpm
kernel-module-ndiswrapper-2.6.9-78.0.13.EL-1.41-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.9-78.0.13.ELhugemem-1.41-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.9-78.0.13.ELsmp-1.41-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.9-78.0.13.ELxenU-1.41-1.SL.i686.rpm
kernel-module-openafs-2.6.9-78.0.13.EL-1.4.7-68.SL4.i686.rpm
kernel-module-openafs-2.6.9-78.0.13.ELhugemem-1.4.7-68.SL4.i686.rpm
kernel-module-openafs-2.6.9-78.0.13.ELsmp-1.4.7-68.SL4.i686.rpm
kernel-module-openafs-2.6.9-78.0.13.ELxenU-1.4.7-68.SL4.i686.rpm
kernel-module-r1000-2.6.9-78.0.13.EL-2.2-2.SL4x.i686.rpm
kernel-module-r1000-2.6.9-78.0.13.ELhugemem-2.2-2.SL4x.i686.rpm
kernel-module-r1000-2.6.9-78.0.13.ELsmp-2.2-2.SL4x.i686.rpm
kernel-module-r1000-2.6.9-78.0.13.ELxenU-2.2-2.SL4x.i686.rpm
kernel-module-xfs-2.6.9-78.0.1.EL-0.4-1.sl4.i386.rpm

     x86_64:
kernel-2.6.9-78.0.13.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.13.EL.x86_64.rpm
kernel-doc-2.6.9-78.0.13.EL.noarch.rpm
kernel-largesmp-2.6.9-78.0.13.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.13.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.13.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.13.EL.x86_64.rpm
kernel-utils-2.4-14.1.117.2.1.x86_64.rpm
kernel-xenU-2.6.9-78.0.13.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.13.EL.x86_64.rpm
   Dependancies:
kernel-module-fuse-2.6.9-78.0.13.EL-2.7.3-1.SL.x86_64.rpm
kernel-module-fuse-2.6.9-78.0.13.ELlargesmp-2.7.3-1.SL.x86_64.rpm
kernel-module-fuse-2.6.9-78.0.13.ELsmp-2.7.3-1.SL.x86_64.rpm
kernel-module-fuse-2.6.9-78.0.13.ELxenU-2.7.3-1.SL.x86_64.rpm
kernel-module-ipw3945-2.6.9-78.0.13.EL-1.1.0-1.SL4.x86_64.rpm
kernel-module-ipw3945-2.6.9-78.0.13.ELlargesmp-1.1.0-1.SL4.x86_64.rpm
kernel-module-ipw3945-2.6.9-78.0.13.ELsmp-1.1.0-1.SL4.x86_64.rpm
kernel-module-ipw3945-2.6.9-78.0.13.ELxenU-1.1.0-1.SL4.x86_64.rpm
kernel-module-madwifi-2.6.9-78.0.13.EL-0.9.4-10.sl4.x86_64.rpm
kernel-module-madwifi-2.6.9-78.0.13.ELlargesmp-0.9.4-10.sl4.x86_64.rpm
kernel-module-madwifi-2.6.9-78.0.13.ELsmp-0.9.4-10.sl4.x86_64.rpm
kernel-module-madwifi-hal-2.6.9-78.0.13.EL-0.9.4-10.sl4.x86_64.rpm
kernel-module-madwifi-hal-2.6.9-78.0.13.ELlargesmp-0.9.4-10.sl4.x86_64.rpm
kernel-module-madwifi-hal-2.6.9-78.0.13.ELsmp-0.9.4-10.sl4.x86_64.rpm
kernel-module-ndiswrapper-2.6.9-78.0.13.EL-1.41-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.9-78.0.13.ELlargesmp-1.41-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.9-78.0.13.ELsmp-1.41-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.9-78.0.13.ELxenU-1.41-1.SL.x86_64.rpm
kernel-module-openafs-2.6.9-78.0.13.EL-1.4.7-68.SL4.x86_64.rpm
kernel-module-openafs-2.6.9-78.0.13.ELlargesmp-1.4.7-68.SL4.x86_64.rpm
kernel-module-openafs-2.6.9-78.0.13.ELsmp-1.4.7-68.SL4.x86_64.rpm
kernel-module-openafs-2.6.9-78.0.13.ELxenU-1.4.7-68.SL4.x86_64.rpm
kernel-module-r1000-2.6.9-78.0.13.EL-2.2-2.SL4x.x86_64.rpm
kernel-module-r1000-2.6.9-78.0.13.ELlargesmp-2.2-2.SL4x.x86_64.rpm
kernel-module-r1000-2.6.9-78.0.13.ELsmp-2.2-2.SL4x.x86_64.rpm
kernel-module-r1000-2.6.9-78.0.13.ELxenU-2.2-2.SL4x.x86_64.rpm

-Connie Sieh
-Troy Dawson
ATOM RSS1 RSS2
LISTSERV.FNAL.GOV