SCIENTIFIC-LINUX-ERRATA Archives

June 2009

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: kernel on SL5.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Fri, 19 Jun 2009 13:22:38 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (161 lines) 
Synopsis:	Important: kernel security and bug fix update
Issue date:	2009-06-16
CVE Names:	CVE-2009-1072 CVE-2009-1192 CVE-2009-1439
                   CVE-2009-1630 CVE-2009-1633 CVE-2009-1758

Security fixes:

* several flaws were found in the way the Linux kernel CIFS implementation
handles Unicode strings. CIFS clients convert Unicode strings sent by a
server to their local character sets, and then write those strings into
memory. If a malicious server sent a long enough string, it could write
past the end of the target memory region and corrupt other memory areas,
possibly leading to a denial of service or privilege escalation on the
client mounting the CIFS share. (CVE-2009-1439, CVE-2009-1633, Important)

* the Linux kernel Network File System daemon (nfsd) implementation did 
not drop the CAP_MKNOD capability when handling requests from local,
unprivileged users. This flaw could possibly lead to an information leak 
or privilege escalation. (CVE-2009-1072, Moderate)

* Frank Filz reported the NFSv4 client was missing a file permission 
check for the execute bit in some situations. This could allow local,
unprivileged users to run non-executable files on NFSv4 mounted file
systems. (CVE-2009-1630, Moderate)

* a missing check was found in the hypervisor_callback() function in the
Linux kernel provided by the kernel-xen package. This could cause a 
denial of service of a 32-bit guest if an application running in that 
guest accesses a certain memory location in the kernel. (CVE-2009-1758, 
Moderate)

* a flaw was found in the AGPGART driver. The agp_generic_alloc_page() 
and agp_generic_alloc_pages() functions did not zero out the memory 
pages they allocate, which may later be available to user-space 
processes. This flaw could possibly lead to an information leak. 
(CVE-2009-1192, Low)

Bug fixes:

* a race in the NFS client between destroying cached access rights and
unmounting an NFS file system could have caused a system crash. "Busy
inodes" messages may have been logged. (BZ#498653)

* nanosleep() could sleep several milliseconds less than the specified 
time on Intel ItaniumŪ-based systems. (BZ#500349)

* LEDs for disk drives in AHCI mode may have displayed a fault state 
when there were no faults. (BZ#500120)

* ptrace_do_wait() reported tasks were stopped each time the process 
doing the trace called wait(), instead of reporting it once. (BZ#486945)

* epoll_wait() may have caused a system lockup and problems for
applications. (BZ#497322)

* missing capabilities could possibly allow users with an fsuid other 
than 0 to perform actions on some file system types that would otherwise 
be prevented. (BZ#497271)

* on NFS mounted file systems, heavy write loads may have blocked
nfs_getattr() for long periods, causing commands that use stat(2), such 
as ls, to hang. (BZ#486926)

* in rare circumstances, if an application performed multiple O_DIRECT
reads per virtual memory page and also performed fork(2), the buffer
storing the result of the I/O may have ended up with invalid data.
(BZ#486921)

* when using GFS2, gfs2_quotad may have entered an uninterpretable sleep
state. (BZ#501742)

* with this update, get_random_int() is more random and no longer uses a
common seed value, reducing the possibility of predicting the values
returned. (BZ#499783)

* the "-fwrapv" flag was added to the gcc build options to prevent gcc 
from optimizing away wrapping. (BZ#501751)

* a kernel panic when enabling and disabling iSCSI paths. (BZ#502916)

* using the Broadcom NetXtreme BCM5704 network device with the tg3 
driver caused high system load and very bad performance. (BZ#502837)

* "/proc/[pid]/maps" and "/proc/[pid]/smaps" can only be read by 
processes able to use the ptrace() call on a given process; however, 
certain information from "/proc/[pid]/stat" and "/proc/[pid]/wchan" 
could be used to reconstruct memory maps. (BZ#499546)

The system must be rebooted for this update to take effect.

SL 5.x

     SRPMS:
kernel-2.6.18-128.1.14.el5.src.rpm
     i386:
kernel-2.6.18-128.1.14.el5.i686.rpm
kernel-debug-2.6.18-128.1.14.el5.i686.rpm
kernel-debug-devel-2.6.18-128.1.14.el5.i686.rpm
kernel-devel-2.6.18-128.1.14.el5.i686.rpm
kernel-doc-2.6.18-128.1.14.el5.noarch.rpm
kernel-headers-2.6.18-128.1.14.el5.i386.rpm
kernel-PAE-2.6.18-128.1.14.el5.i686.rpm
kernel-PAE-devel-2.6.18-128.1.14.el5.i686.rpm
kernel-xen-2.6.18-128.1.14.el5.i686.rpm
kernel-xen-devel-2.6.18-128.1.14.el5.i686.rpm
   Dependencies:
kernel-module-aufs-2.6.18-128.1.14.el5-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-aufs-2.6.18-128.1.14.el5PAE-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-aufs-2.6.18-128.1.14.el5xen-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-fuse-2.6.18-128.1.14.el5-2.6.3-1.sl5.i686.rpm
kernel-module-fuse-2.6.18-128.1.14.el5PAE-2.6.3-1.sl5.i686.rpm
kernel-module-fuse-2.6.18-128.1.14.el5xen-2.6.3-1.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-128.1.14.el5-1.2.0-2.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-128.1.14.el5PAE-1.2.0-2.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-128.1.14.el5xen-1.2.0-2.sl5.i686.rpm
kernel-module-madwifi-2.6.18-128.1.14.el5-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-2.6.18-128.1.14.el5PAE-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-2.6.18-128.1.14.el5xen-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-128.1.14.el5-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-128.1.14.el5PAE-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-128.1.14.el5xen-0.9.4-15.sl5.i686.rpm
kernel-module-ndiswrapper-2.6.18-128.1.14.el5-1.53-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.18-128.1.14.el5PAE-1.53-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.18-128.1.14.el5xen-1.53-1.SL.i686.rpm
kernel-module-openafs-2.6.18-128.1.14.el5-1.4.7-68.2.SL5.i686.rpm
kernel-module-openafs-2.6.18-128.1.14.el5PAE-1.4.7-68.2.SL5.i686.rpm
kernel-module-openafs-2.6.18-128.1.14.el5xen-1.4.7-68.2.SL5.i686.rpm
kernel-module-xfs-2.6.18-128.1.14.el5-0.4-2.sl5.i686.rpm
kernel-module-xfs-2.6.18-128.1.14.el5PAE-0.4-2.sl5.i686.rpm
kernel-module-xfs-2.6.18-128.1.14.el5xen-0.4-2.sl5.i686.rpm

     x86_64:
kernel-2.6.18-128.1.14.el5.x86_64.rpm
kernel-debug-2.6.18-128.1.14.el5.x86_64.rpm
kernel-debug-devel-2.6.18-128.1.14.el5.x86_64.rpm
kernel-devel-2.6.18-128.1.14.el5.x86_64.rpm
kernel-doc-2.6.18-128.1.14.el5.noarch.rpm
kernel-headers-2.6.18-128.1.14.el5.x86_64.rpm
kernel-xen-2.6.18-128.1.14.el5.x86_64.rpm
kernel-xen-devel-2.6.18-128.1.14.el5.x86_64.rpm
   Dependencies:
kernel-module-aufs-2.6.18-128.1.14.el5-0.20090202.cvs-6.sl5.x86_64.rpm
kernel-module-aufs-2.6.18-128.1.14.el5xen-0.20090202.cvs-6.sl5.x86_64.rpm
kernel-module-fuse-2.6.18-128.1.14.el5-2.6.3-1.sl5.x86_64.rpm
kernel-module-fuse-2.6.18-128.1.14.el5xen-2.6.3-1.sl5.x86_64.rpm
kernel-module-ipw3945-2.6.18-128.1.14.el5-1.2.0-2.sl5.x86_64.rpm
kernel-module-ipw3945-2.6.18-128.1.14.el5xen-1.2.0-2.sl5.x86_64.rpm
kernel-module-madwifi-2.6.18-128.1.14.el5-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-2.6.18-128.1.14.el5xen-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-hal-2.6.18-128.1.14.el5-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-hal-2.6.18-128.1.14.el5xen-0.9.4-15.sl5.x86_64.rpm
kernel-module-ndiswrapper-2.6.18-128.1.14.el5-1.53-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.18-128.1.14.el5xen-1.53-1.SL.x86_64.rpm
kernel-module-openafs-2.6.18-128.1.14.el5-1.4.7-68.2.SL5.x86_64.rpm
kernel-module-openafs-2.6.18-128.1.14.el5xen-1.4.7-68.2.SL5.x86_64.rpm
kernel-module-xfs-2.6.18-128.1.14.el5-0.4-2.sl5.x86_64.rpm
kernel-module-xfs-2.6.18-128.1.14.el5xen-0.4-2.sl5.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2