Synopsis: Important: kernel security and bug fix update
Issue date: 2010-08-10
CVE Names: CVE-2010-1084 CVE-2010-2066 CVE-2010-2070
CVE-2010-2226 CVE-2010-2248 CVE-2010-2521
CVE-2010-2524
This update fixes the following security issues:
* instances of unsafe sprintf() use were found in the Linux kernel
Bluetooth implementation. Creating a large number of Bluetooth L2CAP,
SCO, or RFCOMM sockets could result in arbitrary memory pages being
overwritten. A local, unprivileged user could use this flaw to cause a
kernel panic (denial of service) or escalate their privileges.
(CVE-2010-1084, Important)
* a flaw was found in the Xen hypervisor implementation when using the
Intel Itanium architecture, allowing guests to enter an unsupported
state. An unprivileged guest user could trigger this flaw by setting the
BE (Big Endian) bit of the Processor Status Register (PSR), leading to
the guest crashing (denial of service). (CVE-2010-2070, Important)
* a flaw was found in the CIFSSMBWrite() function in the Linux kernel
Common Internet File System (CIFS) implementation. A remote attacker
could send a specially-crafted SMB response packet to a target CIFS
client, resulting in a kernel panic (denial of service). (CVE-2010-2248,
Important)
* buffer overflow flaws were found in the Linux kernel's implementation
of the server-side External Data Representation (XDR) for the Network
File System (NFS) version 4. An attacker on the local network could send
a specially-crafted large compound request to the NFSv4 server, which
could possibly result in a kernel panic (denial of service) or,
potentially, code execution. (CVE-2010-2521, Important)
* a flaw was found in the handling of the SWAPEXT IOCTL in the Linux
kernel XFS file system implementation. A local user could use this flaw
to read write-only files, that they do not own, on an XFS file system.
This could lead to unintended information disclosure. (CVE-2010-2226,
Moderate)
* a flaw was found in the dns_resolver upcall used by CIFS. A local,
unprivileged user could redirect a Microsoft Distributed File System
link to another IP address, tricking the client into mounting the share
from a server of the user's choosing. (CVE-2010-2524, Moderate)
* a missing check was found in the mext_check_arguments() function in
the ext4 file system code. A local user could use this flaw to cause the
MOVE_EXT IOCTL to overwrite the contents of an append-only file on an
ext4 file system, if they have write permissions for that file.
(CVE-2010-2066, Low)
The system must be rebooted for this update to take effect.
SL 5.x
SRPMS:
kernel-2.6.18-194.11.1.el5.src.rpm
i386:
kernel-2.6.18-194.11.1.el5.i686.rpm
kernel-debug-2.6.18-194.11.1.el5.i686.rpm
kernel-debug-devel-2.6.18-194.11.1.el5.i686.rpm
kernel-devel-2.6.18-194.11.1.el5.i686.rpm
kernel-doc-2.6.18-194.11.1.el5.noarch.rpm
kernel-headers-2.6.18-194.11.1.el5.i386.rpm
kernel-PAE-2.6.18-194.11.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-194.11.1.el5.i686.rpm
kernel-xen-2.6.18-194.11.1.el5.i686.rpm
kernel-xen-devel-2.6.18-194.11.1.el5.i686.rpm
Dependancies:
kernel-module-aufs-2.6.18-194.11.1.el5-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-aufs-2.6.18-194.11.1.el5PAE-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-aufs-2.6.18-194.11.1.el5xen-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-194.11.1.el5-1.2.0-2.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-194.11.1.el5PAE-1.2.0-2.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-194.11.1.el5xen-1.2.0-2.sl5.i686.rpm
kernel-module-madwifi-2.6.18-194.11.1.el5-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-2.6.18-194.11.1.el5PAE-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-2.6.18-194.11.1.el5xen-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-194.11.1.el5-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-194.11.1.el5PAE-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-194.11.1.el5xen-0.9.4-15.sl5.i686.rpm
kernel-module-ndiswrapper-2.6.18-194.11.1.el5-1.55-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.18-194.11.1.el5PAE-1.55-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.18-194.11.1.el5xen-1.55-1.SL.i686.rpm
kernel-module-openafs-2.6.18-194.11.1.el5-1.4.12-79.sl5.i686.rpm
kernel-module-openafs-2.6.18-194.11.1.el5PAE-1.4.12-79.sl5.i686.rpm
kernel-module-openafs-2.6.18-194.11.1.el5xen-1.4.12-79.sl5.i686.rpm
kernel-module-xfs-2.6.18-194.11.1.el5-0.4-2.sl5.i686.rpm
kernel-module-xfs-2.6.18-194.11.1.el5PAE-0.4-2.sl5.i686.rpm
kernel-module-xfs-2.6.18-194.11.1.el5xen-0.4-2.sl5.i686.rpm
x86_64:
kernel-2.6.18-194.11.1.el5.x86_64.rpm
kernel-debug-2.6.18-194.11.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-194.11.1.el5.x86_64.rpm
kernel-devel-2.6.18-194.11.1.el5.x86_64.rpm
kernel-doc-2.6.18-194.11.1.el5.noarch.rpm
kernel-headers-2.6.18-194.11.1.el5.x86_64.rpm
kernel-xen-2.6.18-194.11.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-194.11.1.el5.x86_64.rpm
Dependancies:
kernel-module-aufs-2.6.18-194.11.1.el5-0.20090202.cvs-6.sl5.x86_64.rpm
kernel-module-aufs-2.6.18-194.11.1.el5xen-0.20090202.cvs-6.sl5.x86_64.rpm
kernel-module-ipw3945-2.6.18-194.11.1.el5-1.2.0-2.sl5.x86_64.rpm
kernel-module-ipw3945-2.6.18-194.11.1.el5xen-1.2.0-2.sl5.x86_64.rpm
kernel-module-madwifi-2.6.18-194.11.1.el5-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-2.6.18-194.11.1.el5xen-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-hal-2.6.18-194.11.1.el5-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-hal-2.6.18-194.11.1.el5xen-0.9.4-15.sl5.x86_64.rpm
kernel-module-ndiswrapper-2.6.18-194.11.1.el5-1.55-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.18-194.11.1.el5xen-1.55-1.SL.x86_64.rpm
kernel-module-openafs-2.6.18-194.11.1.el5-1.4.12-79.sl5.x86_64.rpm
kernel-module-openafs-2.6.18-194.11.1.el5xen-1.4.12-79.sl5.x86_64.rpm
-Connie Sieh
-Troy Dawson
|