SCIENTIFIC-LINUX-ERRATA Archives

July 2010

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: kernel on SL5.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Fri, 2 Jul 2010 14:43:33 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (152 lines) 
Synopsis:	Important: kernel security and bug fix update
Issue date:	2010-07-01
CVE Names:	CVE-2010-0291 CVE-2010-0622 CVE-2010-1087
                   CVE-2010-1088 CVE-2010-1173 CVE-2010-1187
                   CVE-2010-1436 CVE-2010-1437 CVE-2010-1641


This update fixes the following security issues:

* multiple flaws were found in the mmap and mremap implementations. A 
local user could use these flaws to cause a local denial of service or 
escalate their privileges. (CVE-2010-0291, Important)

* a NULL pointer dereference flaw was found in the Fast Userspace 
Mutexes (futexes) implementation. The unlock code path did not check if 
the futex value associated with pi_state->owner had been modified. A 
local user could use this flaw to modify the futex value, possibly 
leading to a denial of service or privilege escalation when the 
pi_state->owner pointer is dereferenced. (CVE-2010-0622, Important)

* a NULL pointer dereference flaw was found in the Linux kernel Network
File System (NFS) implementation. A local user on a system that has an
NFS-mounted file system could use this flaw to cause a denial of service 
or escalate their privileges on that system. (CVE-2010-1087, Important)

* a flaw was found in the sctp_process_unk_param() function in the Linux
kernel Stream Control Transmission Protocol (SCTP) implementation. A 
remote attacker could send a specially-crafted SCTP packet to an SCTP 
listening port on a target system, causing a kernel panic (denial of 
service). (CVE-2010-1173, Important)

* a flaw was found in the Linux kernel Transparent Inter-Process
Communication protocol (TIPC) implementation. If a client application, 
on a local system where the tipc module is not yet in network mode, 
attempted to send a message to a remote TIPC node, it would dereference 
a NULL pointer on the local system, causing a kernel panic (denial of 
service). (CVE-2010-1187, Important)

* a buffer overflow flaw was found in the Linux kernel Global File 
System 2 (GFS2) implementation. In certain cases, a quota could be 
written past the end of a memory page, causing memory corruption, 
leaving the quota stored on disk in an invalid state. A user with write 
access to a GFS2 file system could trigger this flaw to cause a kernel 
crash (denial of service) or escalate their privileges on the GFS2 
server. This issue can only be triggered if the GFS2 file system is 
mounted with the "quota=on" or "quota=account" mount option. 
(CVE-2010-1436, Important)

* a race condition between finding a keyring by name and destroying a 
freed keyring was found in the Linux kernel key management facility. A 
local user could use this flaw to cause a kernel panic (denial of 
service) or escalate their privileges. (CVE-2010-1437, Important)

* a flaw was found in the link_path_walk() function in the Linux kernel.
Using the file descriptor returned by the open() function with the
O_NOFOLLOW flag on a subordinate NFS-mounted file system, could result 
in a NULL pointer dereference, causing a denial of service or privilege
escalation. (CVE-2010-1088, Moderate)

* a missing permission check was found in the gfs2_set_flags() function 
in the Linux kernel GFS2 implementation. A local user could use this 
flaw to change certain file attributes of files, on a GFS2 file system, 
that they do not own. (CVE-2010-1641, Low)

Red Hat would like to thank Jukka Taimisto and Olli Jarva of Codenomicon
Ltd, Nokia Siemens Networks, and Wind River on behalf of their customer,
for responsibly reporting CVE-2010-1173; Mario Mikocevic for responsibly
reporting CVE-2010-1436; and Dan Rosenberg for responsibly reporting
CVE-2010-1641.

This update also fixes several bugs.

The system must be rebooted for this update to take effect.

SL 5.x

     SRPMS:
kernel-2.6.18-194.8.1.el5.src.rpm
     i386:
kernel-2.6.18-194.8.1.el5.i686.rpm
kernel-debug-2.6.18-194.8.1.el5.i686.rpm
kernel-debug-devel-2.6.18-194.8.1.el5.i686.rpm
kernel-devel-2.6.18-194.8.1.el5.i686.rpm
kernel-doc-2.6.18-194.8.1.el5.noarch.rpm
kernel-module-aufs-2.6.18-194.8.1.el5-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-aufs-2.6.18-194.8.1.el5PAE-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-aufs-2.6.18-194.8.1.el5xen-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-ndiswrapper-2.6.18-194.8.1.el5-1.55-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.18-194.8.1.el5PAE-1.55-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.18-194.8.1.el5xen-1.55-1.SL.i686.rpm
kernel-module-xfs-2.6.18-194.8.1.el5-0.4-2.sl5.i686.rpm
kernel-module-xfs-2.6.18-194.8.1.el5PAE-0.4-2.sl5.i686.rpm
kernel-module-xfs-2.6.18-194.8.1.el5xen-0.4-2.sl5.i686.rpm
kernel-PAE-2.6.18-194.8.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-194.8.1.el5.i686.rpm
kernel-xen-2.6.18-194.8.1.el5.i686.rpm
kernel-xen-devel-2.6.18-194.8.1.el5.i686.rpm
    Dependancies for SL 55:
kernel-module-openafs-2.6.18-194.8.1.el5-1.4.12-79.sl5.i686.rpm
kernel-module-openafs-2.6.18-194.8.1.el5PAE-1.4.12-79.sl5.i686.rpm
kernel-module-openafs-2.6.18-194.8.1.el5xen-1.4.12-79.sl5.i686.rpm
    Dependancies for SL 54:
kernel-module-openafs-2.6.18-194.8.1.el5-1.4.11-76.sl5.i686.rpm
kernel-module-openafs-2.6.18-194.8.1.el5PAE-1.4.11-76.sl5.i686.rpm
kernel-module-openafs-2.6.18-194.8.1.el5xen-1.4.11-76.sl5.i686.rpm
    Dependancies for SL 50-53:
kernel-module-ipw3945-2.6.18-194.8.1.el5-1.2.0-2.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-194.8.1.el5PAE-1.2.0-2.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-194.8.1.el5xen-1.2.0-2.sl5.i686.rpm
kernel-module-madwifi-2.6.18-194.8.1.el5-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-2.6.18-194.8.1.el5PAE-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-2.6.18-194.8.1.el5xen-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-194.8.1.el5-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-194.8.1.el5PAE-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-194.8.1.el5xen-0.9.4-15.sl5.i686.rpm
kernel-module-openafs-2.6.18-194.8.1.el5-1.4.11-76.sl5.i686.rpm
kernel-module-openafs-2.6.18-194.8.1.el5PAE-1.4.11-76.sl5.i686.rpm
kernel-module-openafs-2.6.18-194.8.1.el5xen-1.4.11-76.sl5.i686.rpm


     x86_64:
kernel-2.6.18-194.8.1.el5.x86_64.rpm
kernel-debug-2.6.18-194.8.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-194.8.1.el5.x86_64.rpm
kernel-devel-2.6.18-194.8.1.el5.x86_64.rpm
kernel-doc-2.6.18-194.8.1.el5.noarch.rpm
kernel-headers-2.6.18-194.8.1.el5.x86_64.rpm
kernel-module-aufs-2.6.18-194.8.1.el5-0.20090202.cvs-6.sl5.x86_64.rpm
kernel-module-aufs-2.6.18-194.8.1.el5xen-0.20090202.cvs-6.sl5.x86_64.rpm
kernel-module-ndiswrapper-2.6.18-194.8.1.el5-1.55-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.18-194.8.1.el5xen-1.55-1.SL.x86_64.rpm
kernel-xen-2.6.18-194.8.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-194.8.1.el5.x86_64.rpm
    Dependancies for SL 55:
kernel-module-openafs-2.6.18-194.8.1.el5-1.4.12-79.sl5.x86_64.rpm
kernel-module-openafs-2.6.18-194.8.1.el5xen-1.4.12-79.sl5.x86_64.rpm
    Dependancies for SL 54:
kernel-module-openafs-2.6.18-194.8.1.el5-1.4.11-76.sl5.x86_64.rpm
kernel-module-openafs-2.6.18-194.8.1.el5xen-1.4.11-76.sl5.x86_64.rpm
    Dependancies for SL 50-53:
kernel-module-ipw3945-2.6.18-194.8.1.el5-1.2.0-2.sl5.x86_64.rpm
kernel-module-ipw3945-2.6.18-194.8.1.el5xen-1.2.0-2.sl5.x86_64.rpm
kernel-module-madwifi-2.6.18-194.8.1.el5-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-2.6.18-194.8.1.el5xen-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-hal-2.6.18-194.8.1.el5-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-hal-2.6.18-194.8.1.el5xen-0.9.4-15.sl5.x86_64.rpm
kernel-module-openafs-2.6.18-194.8.1.el5-1.4.11-76.sl5.x86_64.rpm
kernel-module-openafs-2.6.18-194.8.1.el5xen-1.4.11-76.sl5.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2