Hi Klaus,
On Fri, 2009-10-02 at 14:04 +0200, Klaus Steinberger wrote:
> Hi Troy,
>
> did you notice, that there is probably also a errata kernel for 5.3
yes, I think that's the one we really want. Alas, I couldn't find the
SRPM in a public place yet.
Cheers,
Stephan
> Sincerly,
> Klaus
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Liebe Kolleginnen und Kollegen,
>
> soeben erreichte uns nachfolgendes RedHat Security Advisory. Wir geben
> diese Informationen unveraendert an Sie weiter.
>
> CVE-2009-2847 - Linux Kernelfunktion do_sigaltstack() saeubert Padding
> Daten nicht
>
> Auf 64-Bit Architekturen enthaelt die Datenstruktur des Signal Stacks
> einige Padding Bytes. Diese werden von der Linux Kernelfunktion
> do_sigaltstack() nicht geloescht, wenn die Datenstruktur nach dem
> Aufruf an den Benutzer zurueckgegeben wird. Lokale Angreifer koennen
> dadurch einen Teil des Kernel Speicherbereichs auslesen und so an
> evtl. vertrauliche Informationen gelangen.
>
> CVE-2009-2848 - Fehler im Linux execve() System Call
>
> Unter bestimmten Umstaenden wird im Linux execve() System Call der
> "current->clear_child_tid" Pointer nicht geloescht, was beim Anlegen
> und Loeschen von Threads dazu fuehrt, das Datenstrukturen im Kernel
> ueberschrieben werden, falls die Threads mit den Flags
> CLONE_CHILD_SETTID oder CLONE_CHILD_CLEARTID angelegt werden. Ein
> lokaler Angreifer kann dies zu einem Denial of Service Angriff
> ausnutzen.
>
> Betroffen sind die folgenden Software Pakete und Plattformen:
>
> Paket kernel
>
> Red Hat Enterprise Linux (v. 5.3.z server) - i386, ia64, noarch, ppc,
> s390x, x86_64
>
>
> Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.
>
> Hersteller Advisory:
> https://rhn.redhat.com/errata/RHSA-2009-1466.html
>
>
> (c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
> Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
> DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
> gestattet.
>
> Mit freundlichen Gruessen,
> Detlev O. Matthies
>
> - --
>
> Detlev O. Matthies, M.Sc. (Incident Response Team)
>
> DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
> Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
> Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
>
> Automatische Warnmeldungen https://www.cert.dfn.de/autowarn
>
> - -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> =====================================================================
> Red Hat Security Advisory
>
> Synopsis: Important: kernel security and bug fix update
> Advisory ID: RHSA-2009:1466-01
> Product: Red Hat Enterprise Linux
> Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1466.html
> Issue date: 2009-09-29
> CVE Names: CVE-2009-2847 CVE-2009-2848
> =====================================================================
>
> 1. Summary:
>
> Updated kernel packages that fix two security issues and several bugs are
> now available for Red Hat Enterprise Linux 5.3 Extended Update Support.
>
> This update has been rated as having important security impact by the Red
> Hat Security Response Team.
>
> 2. Relevant releases/architectures:
>
> Red Hat Enterprise Linux (v. 5.3.z server) - i386, ia64, noarch, ppc, s390x, x86_64
>
> 3. Description:
>
> The kernel packages contain the Linux kernel, the core of any Linux
> operating system.
>
> This update includes backported fixes for two security issues. These issues
> only affected users of Red Hat Enterprise Linux 5.3 Extended Update Support
> as they have already been addressed for users of Red Hat Enterprise Linux 5
> in the 5.4 update, RHSA-2009:1243.
>
> In accordance with the support policy, future security updates to Red Hat
> Enterprise Linux 5.3 Extended Update Support will only include issues of
> critical security impact.
>
> This update fixes the following security issues:
>
> * it was discovered that, when executing a new process, the clear_child_tid
> pointer in the Linux kernel is not cleared. If this pointer points to a
> writable portion of the memory of the new program, the kernel could corrupt
> four bytes of memory, possibly leading to a local denial of service or
> privilege escalation. (CVE-2009-2848, Important)
>
> * a flaw was found in the way the do_sigaltstack() function in the Linux
> kernel copies the stack_t structure to user-space. On 64-bit machines, this
> flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate)
>
> This update also fixes the following bugs:
>
> * a regression was found in the SCSI retry logic: SCSI mode select was not
> retried when retryable errors were encountered. In Device-Mapper Multipath
> environments, this could cause paths to fail, or possibly prevent
> successful failover. (BZ#506905)
>
> * the gcc flag "-fno-delete-null-pointer-checks" was added to the kernel
> build options. This prevents gcc from optimizing out NULL pointer checks
> after the first use of a pointer. NULL pointer bugs are often exploited by
> attackers, and keeping these checks is considered a safety measure.
> (BZ#515468)
>
> * due to incorrect APIC timer calibration, a system hang could have
> occurred while booting certain systems. This incorrect timer calibration
> could have also caused the system time to become faster or slower. With
> this update, it is still possible for APIC timer calibration issues to
> occur; however, a clear warning is now provided if they do. (BZ#521237)
>
> * gettimeofday() experienced poor performance (which caused performance
> problems for applications using gettimeofday()) when running on hypervisors
> that use hardware assisted virtualization. With this update, MFENCE/LFENCE
> is used instead of CPUID for gettimeofday() serialization, which resolves
> this issue. (BZ#523280)
>
> Users should upgrade to these updated packages, which contain backported
> patches to correct these issues. The system must be rebooted for this
> update to take effect.
>
> 4. Solution:
>
> Before applying this update, make sure that all previously-released
> errata relevant to your system have been applied.
>
> This update is available via Red Hat Network. Details on how to use
> the Red Hat Network to apply this update are available at
> http://kbase.redhat.com/faq/docs/DOC-11259
>
> 5. Bugs fixed (http://bugzilla.redhat.com/):
>
> 506905 - LTC 49790: Sync up SCSI DH code with mainline changes [rhel-5.3.z]
> 515392 - CVE-2009-2847 kernel: information leak in sigaltstack
> 515423 - CVE-2009-2848 kernel: execve: must clear current->clear_child_tid
> 515468 - kernel: build with -fno-delete-null-pointer-checks [rhel-5.3.z]
> 521237 - [RHEL 5] Hang on boot due to wrong APIC timer calibration [rhel-5.3.z]
> 523280 - RFE: improve gettimeofday performance on hypervisors [rhel-5.3.z]
>
> 6. Package List:
>
> Red Hat Enterprise Linux (v. 5.3.z server):
>
> i386:
> kernel-2.6.18-128.8.1.el5.i686.rpm
> kernel-PAE-2.6.18-128.8.1.el5.i686.rpm
> kernel-PAE-debuginfo-2.6.18-128.8.1.el5.i686.rpm
> kernel-PAE-devel-2.6.18-128.8.1.el5.i686.rpm
> kernel-debug-2.6.18-128.8.1.el5.i686.rpm
> kernel-debug-debuginfo-2.6.18-128.8.1.el5.i686.rpm
> kernel-debug-devel-2.6.18-128.8.1.el5.i686.rpm
> kernel-debuginfo-2.6.18-128.8.1.el5.i686.rpm
> kernel-debuginfo-common-2.6.18-128.8.1.el5.i686.rpm
> kernel-devel-2.6.18-128.8.1.el5.i686.rpm
> kernel-headers-2.6.18-128.8.1.el5.i386.rpm
> kernel-xen-2.6.18-128.8.1.el5.i686.rpm
> kernel-xen-debuginfo-2.6.18-128.8.1.el5.i686.rpm
> kernel-xen-devel-2.6.18-128.8.1.el5.i686.rpm
>
> ia64:
> kernel-2.6.18-128.8.1.el5.ia64.rpm
> kernel-debug-2.6.18-128.8.1.el5.ia64.rpm
> kernel-debug-debuginfo-2.6.18-128.8.1.el5.ia64.rpm
> kernel-debug-devel-2.6.18-128.8.1.el5.ia64.rpm
> kernel-debuginfo-2.6.18-128.8.1.el5.ia64.rpm
> kernel-debuginfo-common-2.6.18-128.8.1.el5.ia64.rpm
> kernel-devel-2.6.18-128.8.1.el5.ia64.rpm
> kernel-headers-2.6.18-128.8.1.el5.ia64.rpm
> kernel-xen-2.6.18-128.8.1.el5.ia64.rpm
> kernel-xen-debuginfo-2.6.18-128.8.1.el5.ia64.rpm
> kernel-xen-devel-2.6.18-128.8.1.el5.ia64.rpm
>
> noarch:
> kernel-doc-2.6.18-128.8.1.el5.noarch.rpm
>
> ppc:
> kernel-2.6.18-128.8.1.el5.ppc64.rpm
> kernel-debug-2.6.18-128.8.1.el5.ppc64.rpm
> kernel-debug-debuginfo-2.6.18-128.8.1.el5.ppc64.rpm
> kernel-debug-devel-2.6.18-128.8.1.el5.ppc64.rpm
> kernel-debuginfo-2.6.18-128.8.1.el5.ppc64.rpm
> kernel-debuginfo-common-2.6.18-128.8.1.el5.ppc64.rpm
> kernel-devel-2.6.18-128.8.1.el5.ppc64.rpm
> kernel-headers-2.6.18-128.8.1.el5.ppc.rpm
> kernel-headers-2.6.18-128.8.1.el5.ppc64.rpm
> kernel-kdump-2.6.18-128.8.1.el5.ppc64.rpm
> kernel-kdump-debuginfo-2.6.18-128.8.1.el5.ppc64.rpm
> kernel-kdump-devel-2.6.18-128.8.1.el5.ppc64.rpm
>
> s390x:
> kernel-2.6.18-128.8.1.el5.s390x.rpm
> kernel-debug-2.6.18-128.8.1.el5.s390x.rpm
> kernel-debug-debuginfo-2.6.18-128.8.1.el5.s390x.rpm
> kernel-debug-devel-2.6.18-128.8.1.el5.s390x.rpm
> kernel-debuginfo-2.6.18-128.8.1.el5.s390x.rpm
> kernel-debuginfo-common-2.6.18-128.8.1.el5.s390x.rpm
> kernel-devel-2.6.18-128.8.1.el5.s390x.rpm
> kernel-headers-2.6.18-128.8.1.el5.s390x.rpm
> kernel-kdump-2.6.18-128.8.1.el5.s390x.rpm
> kernel-kdump-debuginfo-2.6.18-128.8.1.el5.s390x.rpm
> kernel-kdump-devel-2.6.18-128.8.1.el5.s390x.rpm
>
> x86_64:
> kernel-2.6.18-128.8.1.el5.x86_64.rpm
> kernel-debug-2.6.18-128.8.1.el5.x86_64.rpm
> kernel-debug-debuginfo-2.6.18-128.8.1.el5.x86_64.rpm
> kernel-debug-devel-2.6.18-128.8.1.el5.x86_64.rpm
> kernel-debuginfo-2.6.18-128.8.1.el5.x86_64.rpm
> kernel-debuginfo-common-2.6.18-128.8.1.el5.x86_64.rpm
> kernel-devel-2.6.18-128.8.1.el5.x86_64.rpm
> kernel-headers-2.6.18-128.8.1.el5.x86_64.rpm
> kernel-xen-2.6.18-128.8.1.el5.x86_64.rpm
> kernel-xen-debuginfo-2.6.18-128.8.1.el5.x86_64.rpm
> kernel-xen-devel-2.6.18-128.8.1.el5.x86_64.rpm
>
> These packages are GPG signed by Red Hat for security. Our key and
> details on how to verify the signature are available from
> https://www.redhat.com/security/team/key/#package
>
> 7. References:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848
> http://www.redhat.com/security/updates/classification/#important
>
> 8. Contact:
>
> The Red Hat security contact is <[log in to unmask]>. More contact
> details at https://www.redhat.com/security/team/contact/
>
> Copyright 2009 Red Hat, Inc.
> - -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.4 (GNU/Linux)
>
> iD8DBQFKwjMlXlSAg2UNWIIRAkYKAJ4tHjqVF8SG2mPzo/Sw/SYXzkLW7QCdHZkM
> rZ/np7FbkVx8zWpyzTlQ8wQ=
> =9r2o
> - -----END PGP SIGNATURE-----
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
>
> iD8DBQFKw1iak0kIxZMiiQ8RAqWLAJwPmR8rQEpbNkXdILHRI/n5fJhfuwCfY5lX
> yXPNbnfPFToLIyPHC8NaINc=
> =J3wA
> -----END PGP SIGNATURE-----
> ____________________________________________
--
Stephan Wiesand
DESY - DV -
Platanenallee 6
15738 Zeuthen, Germany
|