SCIENTIFIC-LINUX-USERS Archives

October 2009

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: TESTING - kernel for SL5
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Fri, 2 Oct 2009 11:39:00 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (297 lines) 
Hi Klaus and Stephan,
Two problems I see with the kernel for 5.3.z
1 - Can't find it publically yet
2 - It doesn't address the security concern that is with the new kernel. 
  It only addresses the security concerns with the original 5.4 kernel.

2.6.18-128.8.1.el5 (5.3.z kernel)
CVE-2009-2847 CVE-2009-2848

2.6.18-164.el5 (5.4 original kernel)
CVE-2009-0745 CVE-2009-0746 CVE-2009-0747
CVE-2009-0748 CVE-2009-2847 CVE-2009-2848

2.6.18-164.2.1.el5 (5.4 latest kernel)
CVE-2009-2849

Are these show stoppers and we shouldn't release the 5.3.z kernel?
Still up for debate in my opinion.

Troy

Stephan Wiesand wrote:
> Hi Klaus,
> 
> On Fri, 2009-10-02 at 14:04 +0200, Klaus Steinberger wrote:
>> Hi Troy,
>>
>> did you notice, that there is probably also a errata kernel for 5.3
> 
> yes, I think that's the one we really want. Alas, I couldn't find the
> SRPM in a public place yet.
> 
> Cheers,
> 	Stephan
> 
> 
>> Sincerly,
>> Klaus
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Liebe Kolleginnen und Kollegen,
>>
>> soeben erreichte uns nachfolgendes RedHat Security Advisory. Wir geben
>> diese Informationen unveraendert an Sie weiter.
>>
>> CVE-2009-2847 - Linux Kernelfunktion do_sigaltstack() saeubert Padding
>> Daten nicht
>>
>>    Auf 64-Bit Architekturen enthaelt die Datenstruktur des Signal Stacks
>>    einige Padding Bytes. Diese werden von der Linux Kernelfunktion
>>    do_sigaltstack() nicht geloescht, wenn die Datenstruktur nach dem
>>    Aufruf an den Benutzer zurueckgegeben wird. Lokale Angreifer koennen
>>    dadurch einen Teil des Kernel Speicherbereichs auslesen und so an
>>    evtl. vertrauliche Informationen gelangen.
>>
>> CVE-2009-2848 - Fehler im Linux execve() System Call
>>
>>    Unter bestimmten Umstaenden wird im Linux execve() System Call der
>>    "current->clear_child_tid" Pointer nicht geloescht, was beim Anlegen
>>    und Loeschen von Threads dazu fuehrt, das Datenstrukturen im Kernel
>>    ueberschrieben werden, falls die Threads mit den Flags
>>    CLONE_CHILD_SETTID oder CLONE_CHILD_CLEARTID angelegt werden. Ein
>>    lokaler Angreifer kann dies zu einem Denial of Service Angriff
>>    ausnutzen.
>>
>> Betroffen sind die folgenden Software Pakete und Plattformen:
>>
>>    Paket kernel
>>
>>    Red Hat Enterprise Linux (v. 5.3.z server) - i386, ia64, noarch, ppc,
>>    s390x, x86_64
>>
>>
>> Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.
>>
>> Hersteller Advisory:
>>    https://rhn.redhat.com/errata/RHSA-2009-1466.html
>>
>>
>> (c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
>> Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
>> DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
>> gestattet.
>>
>> Mit freundlichen Gruessen,
>>          Detlev O. Matthies
>>
>> - --
>>
>> Detlev O. Matthies, M.Sc. (Incident Response Team)
>>
>> DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone  +49 40 808077-555
>> Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.:  DE 232129737
>> Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
>>
>> Automatische Warnmeldungen               https://www.cert.dfn.de/autowarn
>>
>> - -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> =====================================================================
>>                     Red Hat Security Advisory
>>
>> Synopsis:          Important: kernel security and bug fix update
>> Advisory ID:       RHSA-2009:1466-01
>> Product:           Red Hat Enterprise Linux
>> Advisory URL:      https://rhn.redhat.com/errata/RHSA-2009-1466.html
>> Issue date:        2009-09-29
>> CVE Names:         CVE-2009-2847 CVE-2009-2848
>> =====================================================================
>>
>> 1. Summary:
>>
>> Updated kernel packages that fix two security issues and several bugs are
>> now available for Red Hat Enterprise Linux 5.3 Extended Update Support.
>>
>> This update has been rated as having important security impact by the Red
>> Hat Security Response Team.
>>
>> 2. Relevant releases/architectures:
>>
>> Red Hat Enterprise Linux (v. 5.3.z server) - i386, ia64, noarch, ppc, s390x, x86_64
>>
>> 3. Description:
>>
>> The kernel packages contain the Linux kernel, the core of any Linux
>> operating system.
>>
>> This update includes backported fixes for two security issues. These issues
>> only affected users of Red Hat Enterprise Linux 5.3 Extended Update Support
>> as they have already been addressed for users of Red Hat Enterprise Linux 5
>> in the 5.4 update, RHSA-2009:1243.
>>
>> In accordance with the support policy, future security updates to Red Hat
>> Enterprise Linux 5.3 Extended Update Support will only include issues of
>> critical security impact.
>>
>> This update fixes the following security issues:
>>
>> * it was discovered that, when executing a new process, the clear_child_tid
>> pointer in the Linux kernel is not cleared. If this pointer points to a
>> writable portion of the memory of the new program, the kernel could corrupt
>> four bytes of memory, possibly leading to a local denial of service or
>> privilege escalation. (CVE-2009-2848, Important)
>>
>> * a flaw was found in the way the do_sigaltstack() function in the Linux
>> kernel copies the stack_t structure to user-space. On 64-bit machines, this
>> flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate)
>>
>> This update also fixes the following bugs:
>>
>> * a regression was found in the SCSI retry logic: SCSI mode select was not
>> retried when retryable errors were encountered. In Device-Mapper Multipath
>> environments, this could cause paths to fail, or possibly prevent
>> successful failover. (BZ#506905)
>>
>> * the gcc flag "-fno-delete-null-pointer-checks" was added to the kernel
>> build options. This prevents gcc from optimizing out NULL pointer checks
>> after the first use of a pointer. NULL pointer bugs are often exploited by
>> attackers, and keeping these checks is considered a safety measure.
>> (BZ#515468)
>>
>> * due to incorrect APIC timer calibration, a system hang could have
>> occurred while booting certain systems. This incorrect timer calibration
>> could have also caused the system time to become faster or slower. With
>> this update, it is still possible for APIC timer calibration issues to
>> occur; however, a clear warning is now provided if they do. (BZ#521237)
>>
>> * gettimeofday() experienced poor performance (which caused performance
>> problems for applications using gettimeofday()) when running on hypervisors
>> that use hardware assisted virtualization. With this update, MFENCE/LFENCE
>> is used instead of CPUID for gettimeofday() serialization, which resolves
>> this issue. (BZ#523280)
>>
>> Users should upgrade to these updated packages, which contain backported
>> patches to correct these issues. The system must be rebooted for this
>> update to take effect.
>>
>> 4. Solution:
>>
>> Before applying this update, make sure that all previously-released
>> errata relevant to your system have been applied.
>>
>> This update is available via Red Hat Network.  Details on how to use
>> the Red Hat Network to apply this update are available at
>> http://kbase.redhat.com/faq/docs/DOC-11259
>>
>> 5. Bugs fixed (http://bugzilla.redhat.com/):
>>
>> 506905 - LTC 49790: Sync up SCSI DH code with mainline changes [rhel-5.3.z]
>> 515392 - CVE-2009-2847 kernel: information leak in sigaltstack
>> 515423 - CVE-2009-2848 kernel: execve: must clear current->clear_child_tid
>> 515468 - kernel: build with -fno-delete-null-pointer-checks [rhel-5.3.z]
>> 521237 - [RHEL 5] Hang on boot due to wrong APIC timer calibration [rhel-5.3.z]
>> 523280 - RFE: improve gettimeofday performance on hypervisors [rhel-5.3.z]
>>
>> 6. Package List:
>>
>> Red Hat Enterprise Linux (v. 5.3.z server):
>>
>> i386:
>> kernel-2.6.18-128.8.1.el5.i686.rpm
>> kernel-PAE-2.6.18-128.8.1.el5.i686.rpm
>> kernel-PAE-debuginfo-2.6.18-128.8.1.el5.i686.rpm
>> kernel-PAE-devel-2.6.18-128.8.1.el5.i686.rpm
>> kernel-debug-2.6.18-128.8.1.el5.i686.rpm
>> kernel-debug-debuginfo-2.6.18-128.8.1.el5.i686.rpm
>> kernel-debug-devel-2.6.18-128.8.1.el5.i686.rpm
>> kernel-debuginfo-2.6.18-128.8.1.el5.i686.rpm
>> kernel-debuginfo-common-2.6.18-128.8.1.el5.i686.rpm
>> kernel-devel-2.6.18-128.8.1.el5.i686.rpm
>> kernel-headers-2.6.18-128.8.1.el5.i386.rpm
>> kernel-xen-2.6.18-128.8.1.el5.i686.rpm
>> kernel-xen-debuginfo-2.6.18-128.8.1.el5.i686.rpm
>> kernel-xen-devel-2.6.18-128.8.1.el5.i686.rpm
>>
>> ia64:
>> kernel-2.6.18-128.8.1.el5.ia64.rpm
>> kernel-debug-2.6.18-128.8.1.el5.ia64.rpm
>> kernel-debug-debuginfo-2.6.18-128.8.1.el5.ia64.rpm
>> kernel-debug-devel-2.6.18-128.8.1.el5.ia64.rpm
>> kernel-debuginfo-2.6.18-128.8.1.el5.ia64.rpm
>> kernel-debuginfo-common-2.6.18-128.8.1.el5.ia64.rpm
>> kernel-devel-2.6.18-128.8.1.el5.ia64.rpm
>> kernel-headers-2.6.18-128.8.1.el5.ia64.rpm
>> kernel-xen-2.6.18-128.8.1.el5.ia64.rpm
>> kernel-xen-debuginfo-2.6.18-128.8.1.el5.ia64.rpm
>> kernel-xen-devel-2.6.18-128.8.1.el5.ia64.rpm
>>
>> noarch:
>> kernel-doc-2.6.18-128.8.1.el5.noarch.rpm
>>
>> ppc:
>> kernel-2.6.18-128.8.1.el5.ppc64.rpm
>> kernel-debug-2.6.18-128.8.1.el5.ppc64.rpm
>> kernel-debug-debuginfo-2.6.18-128.8.1.el5.ppc64.rpm
>> kernel-debug-devel-2.6.18-128.8.1.el5.ppc64.rpm
>> kernel-debuginfo-2.6.18-128.8.1.el5.ppc64.rpm
>> kernel-debuginfo-common-2.6.18-128.8.1.el5.ppc64.rpm
>> kernel-devel-2.6.18-128.8.1.el5.ppc64.rpm
>> kernel-headers-2.6.18-128.8.1.el5.ppc.rpm
>> kernel-headers-2.6.18-128.8.1.el5.ppc64.rpm
>> kernel-kdump-2.6.18-128.8.1.el5.ppc64.rpm
>> kernel-kdump-debuginfo-2.6.18-128.8.1.el5.ppc64.rpm
>> kernel-kdump-devel-2.6.18-128.8.1.el5.ppc64.rpm
>>
>> s390x:
>> kernel-2.6.18-128.8.1.el5.s390x.rpm
>> kernel-debug-2.6.18-128.8.1.el5.s390x.rpm
>> kernel-debug-debuginfo-2.6.18-128.8.1.el5.s390x.rpm
>> kernel-debug-devel-2.6.18-128.8.1.el5.s390x.rpm
>> kernel-debuginfo-2.6.18-128.8.1.el5.s390x.rpm
>> kernel-debuginfo-common-2.6.18-128.8.1.el5.s390x.rpm
>> kernel-devel-2.6.18-128.8.1.el5.s390x.rpm
>> kernel-headers-2.6.18-128.8.1.el5.s390x.rpm
>> kernel-kdump-2.6.18-128.8.1.el5.s390x.rpm
>> kernel-kdump-debuginfo-2.6.18-128.8.1.el5.s390x.rpm
>> kernel-kdump-devel-2.6.18-128.8.1.el5.s390x.rpm
>>
>> x86_64:
>> kernel-2.6.18-128.8.1.el5.x86_64.rpm
>> kernel-debug-2.6.18-128.8.1.el5.x86_64.rpm
>> kernel-debug-debuginfo-2.6.18-128.8.1.el5.x86_64.rpm
>> kernel-debug-devel-2.6.18-128.8.1.el5.x86_64.rpm
>> kernel-debuginfo-2.6.18-128.8.1.el5.x86_64.rpm
>> kernel-debuginfo-common-2.6.18-128.8.1.el5.x86_64.rpm
>> kernel-devel-2.6.18-128.8.1.el5.x86_64.rpm
>> kernel-headers-2.6.18-128.8.1.el5.x86_64.rpm
>> kernel-xen-2.6.18-128.8.1.el5.x86_64.rpm
>> kernel-xen-debuginfo-2.6.18-128.8.1.el5.x86_64.rpm
>> kernel-xen-devel-2.6.18-128.8.1.el5.x86_64.rpm
>>
>> These packages are GPG signed by Red Hat for security.  Our key and
>> details on how to verify the signature are available from
>> https://www.redhat.com/security/team/key/#package
>>
>> 7. References:
>>
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848
>> http://www.redhat.com/security/updates/classification/#important
>>
>> 8. Contact:
>>
>> The Red Hat security contact is <[log in to unmask]>.  More contact
>> details at https://www.redhat.com/security/team/contact/
>>


-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI LMSS Group
__________________________________________________

ATOM RSS1 RSS2