The following have updates to handle this kernel
SRPMS;
cman-kernel-2.6.9-56.7.el4_8.4.src.rpm
cmirror-kernel-2.6.9-43.12.el4_8.1.src.rpm
dlm-kernel-2.6.9-58.6.el4_8.1.src.rpm
GFS-kernel-2.6.9-85.2.el4_8.1.src.rpm
gnbd-kernel-2.6.9-10.56.el4_8.3.src.rpm
i386:
cman-kernel-2.6.9-56.7.4.i686.rpm
cman-kernel-hugemem-2.6.9-56.7.4.i686.rpm
cman-kernel-smp-2.6.9-56.7.4.i686.rpm
cman-kernel-xenU-2.6.9-56.7.4.i686.rpm
cman-kernheaders-2.6.9-56.7.4.i686.rpm
cmirror-kernel-2.6.9-43.12.1.i686.rpm
cmirror-kernel-hugemem-2.6.9-43.12.1.i686.rpm
cmirror-kernel-smp-2.6.9-43.12.1.i686.rpm
cmirror-kernel-xenU-2.6.9-43.12.1.i686.rpm
dlm-kernel-2.6.9-58.6.1.i686.rpm
dlm-kernel-hugemem-2.6.9-58.6.1.i686.rpm
dlm-kernel-smp-2.6.9-58.6.1.i686.rpm
dlm-kernel-xenU-2.6.9-58.6.1.i686.rpm
dlm-kernheaders-2.6.9-58.6.1.i686.rpm
GFS-kernel-2.6.9-85.2.1.i686.rpm
GFS-kernel-hugemem-2.6.9-85.2.1.i686.rpm
GFS-kernel-smp-2.6.9-85.2.1.i686.rpm
GFS-kernel-xenU-2.6.9-85.2.1.i686.rpm
GFS-kernheaders-2.6.9-85.2.1.i686.rpm
gnbd-kernel-2.6.9-10.56.3.i686.rpm
gnbd-kernel-hugemem-2.6.9-10.56.3.i686.rpm
gnbd-kernel-smp-2.6.9-10.56.3.i686.rpm
gnbd-kernel-xenU-2.6.9-10.56.3.i686.rpm
gnbd-kernheaders-2.6.9-10.56.3.i686.rpm
x86_64:
cman-kernel-2.6.9-56.7.4.x86_64.rpm
cman-kernel-largesmp-2.6.9-56.7.4.x86_64.rpm
cman-kernel-smp-2.6.9-56.7.4.x86_64.rpm
cman-kernel-xenU-2.6.9-56.7.4.x86_64.rpm
cman-kernheaders-2.6.9-56.7.4.x86_64.rpm
cmirror-kernel-2.6.9-43.12.1.x86_64.rpm
cmirror-kernel-largesmp-2.6.9-43.12.1.x86_64.rpm
cmirror-kernel-smp-2.6.9-43.12.1.x86_64.rpm
cmirror-kernel-xenU-2.6.9-43.12.1.x86_64.rpm
dlm-kernel-2.6.9-58.6.1.x86_64.rpm
dlm-kernel-largesmp-2.6.9-58.6.1.x86_64.rpm
dlm-kernel-smp-2.6.9-58.6.1.x86_64.rpm
dlm-kernel-xenU-2.6.9-58.6.1.x86_64.rpm
dlm-kernheaders-2.6.9-58.6.1.x86_64.rpm
GFS-kernel-2.6.9-85.2.1.x86_64.rpm
GFS-kernel-largesmp-2.6.9-85.2.1.x86_64.rpm
GFS-kernel-smp-2.6.9-85.2.1.x86_64.rpm
GFS-kernel-xenU-2.6.9-85.2.1.x86_64.rpm
GFS-kernheaders-2.6.9-85.2.1.x86_64.rpm
gnbd-kernel-2.6.9-10.56.3.x86_64.rpm
gnbd-kernel-largesmp-2.6.9-10.56.3.x86_64.rpm
gnbd-kernel-smp-2.6.9-10.56.3.x86_64.rpm
gnbd-kernel-xenU-2.6.9-10.56.3.x86_64.rpm
gnbd-kernheaders-2.6.9-10.56.3.x86_64.rpm
--Connie Sieh
--Troy Dawson
On Wed, 1 Jul 2009, Troy Dawson wrote:
> Synopsis: Important: kernel security and bug fix update
> Issue date: 2009-06-30
> CVE Names: CVE-2009-1072 CVE-2009-1192 CVE-2009-1385
> CVE-2009-1630 CVE-2009-1758
> CVE-2009-1336 CVE-2009-1337
>
> These updated packages fix the following security issues:
>
> * the exit_notify() function in the Linux kernel did not properly reset the
> exit signal if a process executed a set user ID (setuid) application before
> exiting. This could allow a local, unprivileged user to elevate their
> privileges. (CVE-2009-1337, Important)
>
> * the Linux kernel implementation of the Network File System (NFS) did not
> properly initialize the file name limit in the nfs_server data structure.
> This flaw could possibly lead to a denial of service on a client mounting an
> NFS share. (CVE-2009-1336, Moderate)
>
> * a flaw was found in the Intel PRO/1000 network driver in the Linux
> kernel. Frames with sizes near the MTU of an interface may be split across
> multiple hardware receive descriptors. Receipt of such a frame could leak
> through a validation check, leading to a corruption of the length check. A
> remote attacker could use this flaw to send a specially-crafted packet that
> would cause a denial of service. (CVE-2009-1385, Important)
>
> * the Linux kernel Network File System daemon (nfsd) implementation did not
> drop the CAP_MKNOD capability when handling requests from local,
> unprivileged users. This flaw could possibly lead to an information leak or
> privilege escalation. (CVE-2009-1072, Moderate)
>
> * Frank Filz reported the NFSv4 client was missing a file permission check
> for the execute bit in some situations. This could allow local,
> unprivileged users to run non-executable files on NFSv4 mounted file
> systems. (CVE-2009-1630, Moderate)
>
> * a missing check was found in the hypervisor_callback() function in the
> Linux kernel provided by the kernel-xen package. This could cause a denial of
> service of a 32-bit guest if an application running in that guest accesses a
> certain memory location in the kernel. (CVE-2009-1758, Moderate)
>
> * a flaw was found in the AGPGART driver. The agp_generic_alloc_page() and
> agp_generic_alloc_pages() functions did not zero out the memory pages they
> allocate, which may later be available to user-space processes. This flaw
> could possibly lead to an information leak. (CVE-2009-1192, Low)
>
> These updated packages also fix the following bugs:
>
> * "/proc/[pid]/maps" and "/proc/[pid]/smaps" can only be read by processes
> able to use the ptrace() call on a given process; however, certain
> information from "/proc/[pid]/stat" and "/proc/[pid]/wchan" could be used to
> reconstruct memory maps, making it possible to bypass the Address Space
> Layout Randomization (ASLR) security feature. This update addresses this
> issue. (BZ#499549)
>
> * in some situations, the link count was not decreased when renaming unused
> files on NFS mounted file systems. This may have resulted in poor
> performance. With this update, the link count is decreased in these
> situations, the same as is done for other file operations, such as unlink and
> rmdir. (BZ#501802)
>
> * tcp_ack() cleared the probes_out variable even if there were outstanding
> packets. When low TCP keepalive intervals were used, this bug may have caused
> problems, such as connections terminating, when using remote tools such as
> rsh and rlogin. (BZ#501754)
>
> * off-by-one errors in the time normalization code could have caused
> clock_gettime() to return one billion nanoseconds, rather than adding an
> extra second. This bug could have caused the name service cache daemon
> (nscd) to consume excessive CPU resources. (BZ#501800)
>
> * a system panic could occur when one thread read "/proc/bus/input/devices"
> while another was removing a device. With this update, a mutex has been added
> to protect the input_dev_list and input_handler_list variables, which
> resolves this issue. (BZ#501804)
>
> * using netdump may have caused a kernel deadlock on some systems.
> (BZ#504565)
>
> * the file system mask, which lists capabilities for users with a file
> system user ID (fsuid) of 0, was missing the CAP_MKNOD and
> CAP_LINUX_IMMUTABLE capabilities. This could, potentially, allow users with
> an fsuid other than 0 to perform actions on some file system types that would
> otherwise be prevented. This update adds these capabilities. (BZ#497269)
>
> Kernel Feature Support:
>
> * added a new allowable value to "/proc/sys/kernel/wake_balance" to allow the
> scheduler to run the thread on any available CPU rather than scheduling it on
> the optimal CPU.
> * added "max_writeback_pages" tunable parameter to /proc/sys/vm/ to allow the
> maximum number of modified pages kupdate writes to disk, per iteration per
> run.
> * added "swap_token_timeout" tunable parameter to /proc/sys/vm/ to provide a
> valid hold time for the swap out protection token.
> * added diskdump support to sata_svw driver.
> * limited physical memory to 64GB for 32-bit kernels running on systems
> with more than 64GB of physical memory to prevent boot failures.
> * improved reliability of autofs.
> * added support for 'rdattr_error' in NFSv4 readdir requests.
> * fixed various short packet handling issues for NFSv4 readdir and sunrpc.
> * fixed several CIFS bugs.
>
> Networking and IPv6 Enablement:
>
> * added router solicitation support.
> * enforced sg requires tx csum in ethtool.
>
> Platform Support:
>
> x86, AMD64, Intel 64
>
> * added support for a new Intel chipset.
> * added initialization vendor info in boot_cpu_data.
> * added support for N_Port ID Virtualization (NPIV) for IBM System z guests
> using zFCP.
> * added HDMI support for some AMD and ATI chipsets.
> * updated HDA driver in ALSA to latest upstream as of 2008-07-22.
> * added support for affected_cpus for cpufreq.
> * removed polling timer from i8042.
> * fixed PM-Timer when using the ASUS A8V Deluxe motherboard.
> * backported usbfs_mutex in usbfs.
>
> Network Driver Updates:
>
> * updated forcedeth driver to latest upstream version 0.61.
> * fixed various e1000 issues when using Intel ESB2 hardware.
> * updated e1000e driver to upstream version 0.3.3.3-k6.
> * updated igb to upstream version 1.2.45-k2.
> * updated tg3 to upstream version 3.96.
> * updated ixgbe to upstream version 1.3.18-k4.
> * updated bnx2 to upstream version 1.7.9.
> * updated bnx2x to upstream version 1.45.23.
> * fixed bugs and added enhancements for the NetXen NX2031 and NX3031
> products.
> * updated Realtek r8169 driver to support newer network chipsets. All
> variants of RTL810x/RTL8168(9) are now supported.
>
> Storage Driver Updates:
>
> * fixed various SCSI issues. Also, the SCSI sd driver now calls the
> revalidate_disk wrapper.
> * fixed a dmraid reduced I/O delay bug in certain configurations.
> * removed quirk aac_quirk_scsi_32 for some aacraid controllers.
> * updated FCP driver on IBM System z systems with support for
> point-to-point connections.
> * updated lpfc to version 8.0.16.46.
> * updated megaraid_sas to version 4.01-RH1.
> * updated MPT Fusion driver to version 3.12.29.00rh.
> * updated qla2xxx firmware to 4.06.01 for 4GB/s and 8GB/s adapters.
> * updated qla2xxx driver to version 8.02.09.00.04.08-d.
> * fixed sata_nv in libsata to disable ADMA mode by default.
>
> Miscellaneous Updates:
>
> * upgraded OpenFabrics Alliance Enterprise Distribution (OFED) to version
> 1.4.
> * added driver support and fixes for various Wacom tablets.
>
> Note: The system must be rebooted for this update to take effect.
>
> SL 4.x
>
> SRPMS:
> kernel-2.6.9-89.0.3.EL.src.rpm
> i386:
> kernel-2.6.9-89.0.3.EL.x86_64.rpm
> kernel-devel-2.6.9-89.0.3.EL.x86_64.rpm
> kernel-doc-2.6.9-89.0.3.EL.noarch.rpm
> kernel-largesmp-2.6.9-89.0.3.EL.x86_64.rpm
> kernel-largesmp-devel-2.6.9-89.0.3.EL.x86_64.rpm
> kernel-smp-2.6.9-89.0.3.EL.x86_64.rpm
> kernel-smp-devel-2.6.9-89.0.3.EL.x86_64.rpm
> kernel-xenU-2.6.9-89.0.3.EL.x86_64.rpm
> kernel-xenU-devel-2.6.9-89.0.3.EL.x86_64.rpm
> Dependancies:
> kernel-module-fuse-2.6.9-89.0.3.EL-2.7.3-1.SL.x86_64.rpm
> kernel-module-fuse-2.6.9-89.0.3.ELlargesmp-2.7.3-1.SL.x86_64.rpm
> kernel-module-fuse-2.6.9-89.0.3.ELsmp-2.7.3-1.SL.x86_64.rpm
> kernel-module-fuse-2.6.9-89.0.3.ELxenU-2.7.3-1.SL.x86_64.rpm
> kernel-module-ipw3945-2.6.9-89.0.3.EL-1.1.0-1.SL4.x86_64.rpm
> kernel-module-ipw3945-2.6.9-89.0.3.ELlargesmp-1.1.0-1.SL4.x86_64.rpm
> kernel-module-ipw3945-2.6.9-89.0.3.ELsmp-1.1.0-1.SL4.x86_64.rpm
> kernel-module-ipw3945-2.6.9-89.0.3.ELxenU-1.1.0-1.SL4.x86_64.rpm
> kernel-module-madwifi-2.6.9-89.0.3.EL-0.9.4-10.sl4.x86_64.rpm
> kernel-module-madwifi-2.6.9-89.0.3.ELlargesmp-0.9.4-10.sl4.x86_64.rpm
> kernel-module-madwifi-2.6.9-89.0.3.ELsmp-0.9.4-10.sl4.x86_64.rpm
> kernel-module-madwifi-hal-2.6.9-89.0.3.EL-0.9.4-10.sl4.x86_64.rpm
> kernel-module-madwifi-hal-2.6.9-89.0.3.ELlargesmp-0.9.4-10.sl4.x86_64.rpm
> kernel-module-madwifi-hal-2.6.9-89.0.3.ELsmp-0.9.4-10.sl4.x86_64.rpm
> kernel-module-ndiswrapper-2.6.9-89.0.3.EL-1.41-1.SL.x86_64.rpm
> kernel-module-ndiswrapper-2.6.9-89.0.3.ELlargesmp-1.41-1.SL.x86_64.rpm
> kernel-module-ndiswrapper-2.6.9-89.0.3.ELsmp-1.41-1.SL.x86_64.rpm
> kernel-module-ndiswrapper-2.6.9-89.0.3.ELxenU-1.41-1.SL.x86_64.rpm
> kernel-module-openafs-2.6.9-89.0.3.EL-1.4.7-68.2.SL4.x86_64.rpm
> kernel-module-openafs-2.6.9-89.0.3.ELlargesmp-1.4.7-68.2.SL4.x86_64.rpm
> kernel-module-openafs-2.6.9-89.0.3.ELsmp-1.4.7-68.2.SL4.x86_64.rpm
> kernel-module-openafs-2.6.9-89.0.3.ELxenU-1.4.7-68.2.SL4.x86_64.rpm
> kernel-module-r1000-2.6.9-89.0.3.EL-2.2-2.SL4x.x86_64.rpm
> kernel-module-r1000-2.6.9-89.0.3.ELlargesmp-2.2-2.SL4x.x86_64.rpm
> kernel-module-r1000-2.6.9-89.0.3.ELsmp-2.2-2.SL4x.x86_64.rpm
> kernel-module-r1000-2.6.9-89.0.3.ELxenU-2.2-2.SL4x.x86_64.rpm
>
>
> x86_64:
> kernel-2.6.9-89.0.3.EL.x86_64.rpm
> kernel-devel-2.6.9-89.0.3.EL.x86_64.rpm
> kernel-doc-2.6.9-89.0.3.EL.noarch.rpm
> kernel-largesmp-2.6.9-89.0.3.EL.x86_64.rpm
> kernel-largesmp-devel-2.6.9-89.0.3.EL.x86_64.rpm
> kernel-smp-2.6.9-89.0.3.EL.x86_64.rpm
> kernel-smp-devel-2.6.9-89.0.3.EL.x86_64.rpm
> kernel-xenU-2.6.9-89.0.3.EL.x86_64.rpm
> kernel-xenU-devel-2.6.9-89.0.3.EL.x86_64.rpm
> Dependancies:
> kernel-module-fuse-2.6.9-89.0.3.EL-2.7.3-1.SL.x86_64.rpm
> kernel-module-fuse-2.6.9-89.0.3.ELlargesmp-2.7.3-1.SL.x86_64.rpm
> kernel-module-fuse-2.6.9-89.0.3.ELsmp-2.7.3-1.SL.x86_64.rpm
> kernel-module-fuse-2.6.9-89.0.3.ELxenU-2.7.3-1.SL.x86_64.rpm
> kernel-module-ipw3945-2.6.9-89.0.3.EL-1.1.0-1.SL4.x86_64.rpm
> kernel-module-ipw3945-2.6.9-89.0.3.ELlargesmp-1.1.0-1.SL4.x86_64.rpm
> kernel-module-ipw3945-2.6.9-89.0.3.ELsmp-1.1.0-1.SL4.x86_64.rpm
> kernel-module-ipw3945-2.6.9-89.0.3.ELxenU-1.1.0-1.SL4.x86_64.rpm
> kernel-module-madwifi-2.6.9-89.0.3.EL-0.9.4-10.sl4.x86_64.rpm
> kernel-module-madwifi-2.6.9-89.0.3.ELlargesmp-0.9.4-10.sl4.x86_64.rpm
> kernel-module-madwifi-2.6.9-89.0.3.ELsmp-0.9.4-10.sl4.x86_64.rpm
> kernel-module-madwifi-hal-2.6.9-89.0.3.EL-0.9.4-10.sl4.x86_64.rpm
> kernel-module-madwifi-hal-2.6.9-89.0.3.ELlargesmp-0.9.4-10.sl4.x86_64.rpm
> kernel-module-madwifi-hal-2.6.9-89.0.3.ELsmp-0.9.4-10.sl4.x86_64.rpm
> kernel-module-ndiswrapper-2.6.9-89.0.3.EL-1.41-1.SL.x86_64.rpm
> kernel-module-ndiswrapper-2.6.9-89.0.3.ELlargesmp-1.41-1.SL.x86_64.rpm
> kernel-module-ndiswrapper-2.6.9-89.0.3.ELsmp-1.41-1.SL.x86_64.rpm
> kernel-module-ndiswrapper-2.6.9-89.0.3.ELxenU-1.41-1.SL.x86_64.rpm
> kernel-module-openafs-2.6.9-89.0.3.EL-1.4.7-68.2.SL4.x86_64.rpm
> kernel-module-openafs-2.6.9-89.0.3.ELlargesmp-1.4.7-68.2.SL4.x86_64.rpm
> kernel-module-openafs-2.6.9-89.0.3.ELsmp-1.4.7-68.2.SL4.x86_64.rpm
> kernel-module-openafs-2.6.9-89.0.3.ELxenU-1.4.7-68.2.SL4.x86_64.rpm
> kernel-module-r1000-2.6.9-89.0.3.EL-2.2-2.SL4x.x86_64.rpm
> kernel-module-r1000-2.6.9-89.0.3.ELlargesmp-2.2-2.SL4x.x86_64.rpm
> kernel-module-r1000-2.6.9-89.0.3.ELsmp-2.2-2.SL4x.x86_64.rpm
> kernel-module-r1000-2.6.9-89.0.3.ELxenU-2.2-2.SL4x.x86_64.rpm
>
>
> -Connie Sieh
> -Troy Dawson
>
>
|
