LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

February 2010

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA February 2010

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]
Subject:	Re: Security ERRATA Important: kernel on SL4.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Thu, 4 Feb 2010 14:55:35 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (229 lines)
We have rebuilt the GFS and Cluster dependancies for this kernel



GFS/Cluster Dependancies:



   SRPMS:

cman-kernel-2.6.9-56.7.4.el4_8.10.src.rpm

cmirror-kernel-2.6.9-43.12.1.el4_8.7.src.rpm

dlm-kernel-2.6.9-58.6.1.el4_8.11.src.rpm

GFS-kernel-2.6.9-85.2.1.el4_8.7.src.rpm

gnbd-kernel-2.6.9-10.56.3.el4_8.9.src.rpm



   i386:

cman-kernel-2.6.9-56.7.4.el4_8.10.i686.rpm

cman-kernel-hugemem-2.6.9-56.7.4.el4_8.10.i686.rpm

cman-kernel-smp-2.6.9-56.7.4.el4_8.10.i686.rpm

cman-kernel-xenU-2.6.9-56.7.4.el4_8.10.i686.rpm

cman-kernheaders-2.6.9-56.7.4.el4_8.10.i686.rpm

cmirror-kernel-2.6.9-43.12.1.el4_8.7.i686.rpm

cmirror-kernel-hugemem-2.6.9-43.12.1.el4_8.7.i686.rpm

cmirror-kernel-smp-2.6.9-43.12.1.el4_8.7.i686.rpm

cmirror-kernel-xenU-2.6.9-43.12.1.el4_8.7.i686.rpm

dlm-kernel-2.6.9-58.6.1.el4_8.11.i686.rpm

dlm-kernel-hugemem-2.6.9-58.6.1.el4_8.11.i686.rpm

dlm-kernel-smp-2.6.9-58.6.1.el4_8.11.i686.rpm

dlm-kernel-xenU-2.6.9-58.6.1.el4_8.11.i686.rpm

dlm-kernheaders-2.6.9-58.6.1.el4_8.11.i686.rpm

GFS-kernel-2.6.9-85.2.1.el4_8.7.i686.rpm

GFS-kernel-hugemem-2.6.9-85.2.1.el4_8.7.i686.rpm

GFS-kernel-smp-2.6.9-85.2.1.el4_8.7.i686.rpm

GFS-kernel-xenU-2.6.9-85.2.1.el4_8.7.i686.rpm

GFS-kernheaders-2.6.9-85.2.1.el4_8.7.i686.rpm

gnbd-kernel-2.6.9-10.56.3.el4_8.9.i686.rpm

gnbd-kernel-hugemem-2.6.9-10.56.3.el4_8.9.i686.rpm

gnbd-kernel-smp-2.6.9-10.56.3.el4_8.9.i686.rpm

gnbd-kernel-xenU-2.6.9-10.56.3.el4_8.9.i686.rpm

gnbd-kernheaders-2.6.9-10.56.3.el4_8.9.i686.rpm



   x86_64:

cman-kernel-2.6.9-56.7.4.el4_8.10.x86_64.rpm

cman-kernel-largesmp-2.6.9-56.7.4.el4_8.10.x86_64.rpm

cman-kernel-smp-2.6.9-56.7.4.el4_8.10.x86_64.rpm

cman-kernel-xenU-2.6.9-56.7.4.el4_8.10.x86_64.rpm

cman-kernheaders-2.6.9-56.7.4.el4_8.10.x86_64.rpm

cmirror-kernel-2.6.9-43.12.1.el4_8.7.x86_64.rpm

cmirror-kernel-largesmp-2.6.9-43.12.1.el4_8.7.x86_64.rpm

cmirror-kernel-smp-2.6.9-43.12.1.el4_8.7.x86_64.rpm

cmirror-kernel-xenU-2.6.9-43.12.1.el4_8.7.x86_64.rpm

dlm-kernel-2.6.9-58.6.1.el4_8.11.x86_64.rpm

dlm-kernel-largesmp-2.6.9-58.6.1.el4_8.11.x86_64.rpm

dlm-kernel-smp-2.6.9-58.6.1.el4_8.11.x86_64.rpm

dlm-kernel-xenU-2.6.9-58.6.1.el4_8.11.x86_64.rpm

dlm-kernheaders-2.6.9-58.6.1.el4_8.11.x86_64.rpm

GFS-kernel-2.6.9-85.2.1.el4_8.7.x86_64.rpm

GFS-kernel-largesmp-2.6.9-85.2.1.el4_8.7.x86_64.rpm

GFS-kernel-smp-2.6.9-85.2.1.el4_8.7.x86_64.rpm

GFS-kernel-xenU-2.6.9-85.2.1.el4_8.7.x86_64.rpm

GFS-kernheaders-2.6.9-85.2.1.el4_8.7.x86_64.rpm

gnbd-kernel-2.6.9-10.56.3.el4_8.9.x86_64.rpm

gnbd-kernel-largesmp-2.6.9-10.56.3.el4_8.9.x86_64.rpm

gnbd-kernel-smp-2.6.9-10.56.3.el4_8.9.x86_64.rpm

gnbd-kernel-xenU-2.6.9-10.56.3.el4_8.9.x86_64.rpm

gnbd-kernheaders-2.6.9-10.56.3.el4_8.9.x86_64.rpm



Note: These have been modified to work with the 2.6.9-89.0.20.EL kernel. 

  These rpm's were originally for the 2.6.9-89.0.19.EL kernel.



Troy Dawson



Troy J Dawson wrote:

> Synopsis:	Important: kernel security and bug fix update

> Issue date:	2010-02-02

> CVE Names:	CVE-2009-3080 CVE-2009-3889 CVE-2009-3939

>                    CVE-2009-4005 CVE-2009-4020

> 

> CVE-2009-3889 CVE-2009-3939 kernel: megaraid_sas permissions in sysfs

> CVE-2009-3080 kernel: gdth: Prevent negative offsets in ioctl

> CVE-2009-4005 kernel: isdn: hfc_usb: fix read buffer overflow

> CVE-2009-4020 kernel: hfs buffer overflow

> 

> This update fixes the following security issues:

> 

> * an array index error was found in the gdth driver in the Linux kernel. 

> A local user could send a specially-crafted IOCTL request that would 

> cause a denial of service or, possibly, privilege escalation. 

> (CVE-2009-3080, Important)

> 

> * a flaw was found in the collect_rx_frame() function in the HiSax ISDN

> driver (hfc_usb) in the Linux kernel. An attacker could use this flaw to

> send a specially-crafted HDLC packet that could trigger a buffer out of

> bounds, possibly resulting in a denial of service. (CVE-2009-4005,

> Important)

> 

> * permission issues were found in the megaraid_sas driver (for SAS based

> RAID controllers) in the Linux kernel. The "dbg_lvl" and "poll_mode_io"

> files on the sysfs file system ("/sys/") had world-writable permissions.

> This could allow local, unprivileged users to change the behavior of the

> driver. (CVE-2009-3889, CVE-2009-3939, Moderate)

> 

> * a buffer overflow flaw was found in the hfs_bnode_read() function in 

> the HFS file system implementation in the Linux kernel. This could lead 

> to a denial of service if a user browsed a specially-crafted HFS file 

> system, for example, by running "ls". (CVE-2009-4020, Low)

> 

> This update also fixes the following bugs:

> 

> * if a process was using ptrace() to trace a multi-threaded process, and

> that multi-threaded process dumped its core, the process performing the

> trace could hang in wait4(). This issue could be triggered by running

> "strace -f" on a multi-threaded process that was dumping its core,

> resulting in the strace command hanging. (BZ#555869)

> 

> * a bug in the ptrace() implementation could have, in some cases, caused

> ptrace_detach() to create a zombie process if the process being traced

> was terminated with a SIGKILL signal. (BZ#555869)

> 

> * the kernel-2.6.9-89.0.19.EL update resolved an issue (CVE-2009-4537) 

> in the Realtek r8169 Ethernet driver. This update implements a better 

> solution for that issue. Note: This is not a security regression. The 

> original fix was complete. This update is adding the official upstream 

> fix. (BZ#556406)

> 

> The system must be rebooted for this update to take effect.

> 

> SL 4.x

> 

>      SRPMS:

> kernel-2.6.9-89.0.20.EL.src.rpm

>      i386:

> kernel-2.6.9-89.0.20.EL.i686.rpm

> kernel-devel-2.6.9-89.0.20.EL.i686.rpm

> kernel-doc-2.6.9-89.0.20.EL.noarch.rpm

> kernel-hugemem-2.6.9-89.0.20.EL.i686.rpm

> kernel-hugemem-devel-2.6.9-89.0.20.EL.i686.rpm

> ernel-smp-2.6.9-89.0.20.EL.i686.rpm

> kernel-smp-devel-2.6.9-89.0.20.EL.i686.rpm

> kernel-xenU-2.6.9-89.0.20.EL.i686.rpm

> kernel-xenU-devel-2.6.9-89.0.20.EL.i686.rpm

>    Dependancies:

> kernel-module-fuse-2.6.9-89.0.20.EL-2.7.3-1.SL.i686.rpm

> kernel-module-fuse-2.6.9-89.0.20.ELhugemem-2.7.3-1.SL.i686.rpm

> kernel-module-fuse-2.6.9-89.0.20.ELsmp-2.7.3-1.SL.i686.rpm

> kernel-module-fuse-2.6.9-89.0.20.ELxenU-2.7.3-1.SL.i686.rpm

> kernel-module-ipw3945-2.6.9-89.0.20.EL-1.1.0-1.SL4.i686.rpm

> kernel-module-ipw3945-2.6.9-89.0.20.ELhugemem-1.1.0-1.SL4.i686.rpm

> kernel-module-ipw3945-2.6.9-89.0.20.ELsmp-1.1.0-1.SL4.i686.rpm

> kernel-module-ipw3945-2.6.9-89.0.20.ELxenU-1.1.0-1.SL4.i686.rpm

> kernel-module-madwifi-2.6.9-89.0.20.EL-0.9.4-10.sl4.i686.rpm

> kernel-module-madwifi-2.6.9-89.0.20.ELhugemem-0.9.4-10.sl4.i686.rpm

> kernel-module-madwifi-2.6.9-89.0.20.ELsmp-0.9.4-10.sl4.i686.rpm

> kernel-module-madwifi-hal-2.6.9-89.0.20.EL-0.9.4-10.sl4.i686.rpm

> kernel-module-madwifi-hal-2.6.9-89.0.20.ELhugemem-0.9.4-10.sl4.i686.rpm

> kernel-module-madwifi-hal-2.6.9-89.0.20.ELsmp-0.9.4-10.sl4.i686.rpm

> kernel-module-ndiswrapper-2.6.9-89.0.20.EL-1.41-1.SL.i686.rpm

> kernel-module-ndiswrapper-2.6.9-89.0.20.ELhugemem-1.41-1.SL.i686.rpm

> kernel-module-ndiswrapper-2.6.9-89.0.20.ELsmp-1.41-1.SL.i686.rpm

> kernel-module-ndiswrapper-2.6.9-89.0.20.ELxenU-1.41-1.SL.i686.rpm

> kernel-module-openafs-2.6.9-89.0.20.EL-1.4.7-68.2.SL4.i686.rpm

> kernel-module-openafs-2.6.9-89.0.20.ELhugemem-1.4.7-68.2.SL4.i686.rpm

> kernel-module-openafs-2.6.9-89.0.20.ELsmp-1.4.7-68.2.SL4.i686.rpm

> kernel-module-openafs-2.6.9-89.0.20.ELxenU-1.4.7-68.2.SL4.i686.rpm

> kernel-module-r1000-2.6.9-89.0.20.EL-2.2-2.SL4x.i686.rpm

> kernel-module-r1000-2.6.9-89.0.20.ELhugemem-2.2-2.SL4x.i686.rpm

> kernel-module-r1000-2.6.9-89.0.20.ELsmp-2.2-2.SL4x.i686.rpm

> kernel-module-r1000-2.6.9-89.0.20.ELxenU-2.2-2.SL4x.i686.rpm

> kernel-module-squashfs-2.6.9-89.0.20.EL-3.1.2-3.i686.rpm

> kernel-module-squashfs-2.6.9-89.0.20.ELhugemem-3.1.2-3.i686.rpm

> kernel-module-squashfs-2.6.9-89.0.20.ELsmp-3.1.2-3.i686.rpm

> kernel-module-squashfs-2.6.9-89.0.20.ELxenU-3.1.2-3.i686.rpm

> kernel-module-unionfs-2.6.9-89.0.20.EL-1.1.5-3.i686.rpm

> kernel-module-unionfs-2.6.9-89.0.20.ELsmp-1.1.5-3.i686.rpm

> k

>      x86_64:

> kernel-2.6.9-89.0.20.EL.x86_64.rpm

> kernel-devel-2.6.9-89.0.20.EL.x86_64.rpm

> kernel-doc-2.6.9-89.0.20.EL.noarch.rpm

> kernel-largesmp-2.6.9-89.0.20.EL.x86_64.rpm

> kernel-largesmp-devel-2.6.9-89.0.20.EL.x86_64.rpm

> kernel-smp-2.6.9-89.0.20.EL.x86_64.rpm

> kernel-smp-devel-2.6.9-89.0.20.EL.x86_64.rpm

> kernel-xenU-2.6.9-89.0.20.EL.x86_64.rpm

> kernel-xenU-devel-2.6.9-89.0.20.EL.x86_64.rpm

>    Dependancies:

> kernel-module-fuse-2.6.9-89.0.20.EL-2.7.3-1.SL.x86_64.rpm

> kernel-module-fuse-2.6.9-89.0.20.ELlargesmp-2.7.3-1.SL.x86_64.rpm

> kernel-module-fuse-2.6.9-89.0.20.ELsmp-2.7.3-1.SL.x86_64.rpm

> kernel-module-fuse-2.6.9-89.0.20.ELxenU-2.7.3-1.SL.x86_64.rpm

> kernel-module-ipw3945-2.6.9-89.0.20.EL-1.1.0-1.SL4.x86_64.rpm

> kernel-module-ipw3945-2.6.9-89.0.20.ELlargesmp-1.1.0-1.SL4.x86_64.rpm

> kernel-module-ipw3945-2.6.9-89.0.20.ELsmp-1.1.0-1.SL4.x86_64.rpm

> kernel-module-ipw3945-2.6.9-89.0.20.ELxenU-1.1.0-1.SL4.x86_64.rpm

> kernel-module-madwifi-2.6.9-89.0.20.EL-0.9.4-10.sl4.x86_64.rpm

> kernel-module-madwifi-2.6.9-89.0.20.ELlargesmp-0.9.4-10.sl4.x86_64.rpm

> kernel-module-madwifi-2.6.9-89.0.20.ELsmp-0.9.4-10.sl4.x86_64.rpm

> kernel-module-madwifi-hal-2.6.9-89.0.20.EL-0.9.4-10.sl4.x86_64.rpm

> kernel-module-madwifi-hal-2.6.9-89.0.20.ELlargesmp-0.9.4-10.sl4.x86_64.rpm

> kernel-module-madwifi-hal-2.6.9-89.0.20.ELsmp-0.9.4-10.sl4.x86_64.rpm

> kernel-module-ndiswrapper-2.6.9-89.0.20.EL-1.41-1.SL.x86_64.rpm

> kernel-module-ndiswrapper-2.6.9-89.0.20.ELlargesmp-1.41-1.SL.x86_64.rpm

> kernel-module-ndiswrapper-2.6.9-89.0.20.ELsmp-1.41-1.SL.x86_64.rpm

> kernel-module-ndiswrapper-2.6.9-89.0.20.ELxenU-1.41-1.SL.x86_64.rpm

> kernel-module-openafs-2.6.9-89.0.20.EL-1.4.7-68.2.SL4.x86_64.rpm

> kernel-module-openafs-2.6.9-89.0.20.ELlargesmp-1.4.7-68.2.SL4.x86_64.rpm

> kernel-module-openafs-2.6.9-89.0.20.ELsmp-1.4.7-68.2.SL4.x86_64.rpm

> kernel-module-openafs-2.6.9-89.0.20.ELxenU-1.4.7-68.2.SL4.x86_64.rpm

> kernel-module-r1000-2.6.9-89.0.20.EL-2.2-2.SL4x.x86_64.rpm

> kernel-module-r1000-2.6.9-89.0.20.ELlargesmp-2.2-2.SL4x.x86_64.rpm

> kernel-module-r1000-2.6.9-89.0.20.ELsmp-2.2-2.SL4x.x86_64.rpm

> kernel-module-r1000-2.6.9-89.0.20.ELxenU-2.2-2.SL4x.x86_64.rpm

> kernel-module-squashfs-2.6.9-89.0.20.EL-3.1.2-3.x86_64.rpm

> kernel-module-squashfs-2.6.9-89.0.20.ELlargesmp-3.1.2-3.x86_64.rpm

> kernel-module-squashfs-2.6.9-89.0.20.ELsmp-3.1.2-3.x86_64.rpm

> kernel-module-squashfs-2.6.9-89.0.20.ELxenU-3.1.2-3.x86_64.rpm

> kernel-module-unionfs-2.6.9-89.0.20.EL-1.1.5-3.x86_64.rpm

> kernel-module-unionfs-2.6.9-89.0.20.ELsmp-1.1.5-3.x86_64.rpm

> 

> -Connie Sieh

> -Troy Dawson

> 

> 

> 

> 





-- 

__________________________________________________

Troy Dawson  [log in to unmask]  (630)840-6468

Fermilab  ComputingDivision/LSCS/CSI/USS Group

__________________________________________________
ATOM RSS1 RSS2
LISTSERV.FNAL.GOV