LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

November 2010

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA November 2010

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Moderate: kernel on SL5.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Thu, 11 Nov 2010 12:09:58 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (104 lines)

Synopsis:	Moderate: kernel security and bug fix update
Issue date:	2010-11-09
CVE Names:	CVE-2010-3066 CVE-2010-3067 CVE-2010-3078
                   CVE-2010-3086 CVE-2010-3477

This update fixes the following security issues:

* A NULL pointer dereference flaw was found in the io_submit_one() 
function in the Linux kernel asynchronous I/O implementation. A local, 
unprivileged user could use this flaw to cause a denial of service. 
(CVE-2010-3066, Moderate)

* A flaw was found in the xfs_ioc_fsgetxattr() function in the Linux 
kernel XFS file system implementation. A data structure in 
xfs_ioc_fsgetxattr() was not initialized properly before being copied to 
user-space. A local, unprivileged user could use this flaw to cause an 
information leak. (CVE-2010-3078, Moderate)

* The exception fixup code for the __futex_atomic_op1, 
__futex_atomic_op2, and futex_atomic_cmpxchg_inatomic() macros replaced 
the LOCK prefix with a NOP instruction. A local, unprivileged user could 
use this flaw to cause a denial of service. (CVE-2010-3086, Moderate)

* A flaw was found in the tcf_act_police_dump() function in the Linux
kernel network traffic policing implementation. A data structure in
tcf_act_police_dump() was not initialized properly before being copied 
to user-space. A local, unprivileged user could use this flaw to cause 
an information leak. (CVE-2010-3477, Moderate)

* A missing upper bound integer check was found in the sys_io_submit()
function in the Linux kernel asynchronous I/O implementation. A local,
unprivileged user could use this flaw to cause an information leak.
(CVE-2010-3067, Low)

This update also fixes several bugs.

The system must be rebooted for this update to take effect.

SL 5.x

     SRPMS:
kernel-2.6.18-194.26.1.el5.src.rpm
     i386:
kernel-2.6.18-194.26.1.el5.i686.rpm
kernel-debug-2.6.18-194.26.1.el5.i686.rpm
kernel-debug-devel-2.6.18-194.26.1.el5.i686.rpm
kernel-devel-2.6.18-194.26.1.el5.i686.rpm
kernel-doc-2.6.18-194.26.1.el5.noarch.rpm
kernel-headers-2.6.18-194.26.1.el5.i386.rpm
kernel-PAE-2.6.18-194.26.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-194.26.1.el5.i686.rpm
kernel-xen-2.6.18-194.26.1.el5.i686.rpm
kernel-xen-devel-2.6.18-194.26.1.el5.i686.rpm
   Dependancies:
kernel-module-aufs-2.6.18-194.26.1.el5-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-aufs-2.6.18-194.26.1.el5PAE-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-aufs-2.6.18-194.26.1.el5xen-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-194.26.1.el5-1.2.0-2.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-194.26.1.el5PAE-1.2.0-2.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-194.26.1.el5xen-1.2.0-2.sl5.i686.rpm
kernel-module-madwifi-2.6.18-194.26.1.el5-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-2.6.18-194.26.1.el5PAE-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-2.6.18-194.26.1.el5xen-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-194.26.1.el5-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-194.26.1.el5PAE-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-194.26.1.el5xen-0.9.4-15.sl5.i686.rpm
kernel-module-ndiswrapper-2.6.18-194.26.1.el5-1.55-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.18-194.26.1.el5PAE-1.55-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.18-194.26.1.el5xen-1.55-1.SL.i686.rpm
kernel-module-openafs-2.6.18-194.26.1.el5-1.4.12-79.sl5.i686.rpm
kernel-module-openafs-2.6.18-194.26.1.el5PAE-1.4.12-79.sl5.i686.rpm
kernel-module-openafs-2.6.18-194.26.1.el5xen-1.4.12-79.sl5.i686.rpm
kernel-module-xfs-2.6.18-194.26.1.el5-0.4-2.sl5.i686.rpm
kernel-module-xfs-2.6.18-194.26.1.el5PAE-0.4-2.sl5.i686.rpm
kernel-module-xfs-2.6.18-194.26.1.el5xen-0.4-2.sl5.i686.rpm

     x86_64:
kernel-2.6.18-194.26.1.el5.x86_64.rpm
kernel-debug-2.6.18-194.26.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-194.26.1.el5.x86_64.rpm
kernel-devel-2.6.18-194.26.1.el5.x86_64.rpm
kernel-doc-2.6.18-194.26.1.el5.noarch.rpm
kernel-headers-2.6.18-194.26.1.el5.x86_64.rpm
kernel-xen-2.6.18-194.26.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-194.26.1.el5.x86_64.rpm
   Dependancies:
kernel-module-aufs-2.6.18-194.26.1.el5-0.20090202.cvs-6.sl5.x86_64.rpm
kernel-module-aufs-2.6.18-194.26.1.el5xen-0.20090202.cvs-6.sl5.x86_64.rpm
kernel-module-ipw3945-2.6.18-194.26.1.el5-1.2.0-2.sl5.x86_64.rpm
kernel-module-ipw3945-2.6.18-194.26.1.el5xen-1.2.0-2.sl5.x86_64.rpm
kernel-module-madwifi-2.6.18-194.26.1.el5-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-2.6.18-194.26.1.el5xen-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-hal-2.6.18-194.26.1.el5-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-hal-2.6.18-194.26.1.el5xen-0.9.4-15.sl5.x86_64.rpm
kernel-module-ndiswrapper-2.6.18-194.26.1.el5-1.55-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.18-194.26.1.el5xen-1.55-1.SL.x86_64.rpm
kernel-module-openafs-2.6.18-194.26.1.el5-1.4.11-76.sl5.x86_64.rpm
kernel-module-openafs-2.6.18-194.26.1.el5-1.4.12-79.sl5.x86_64.rpm
kernel-module-openafs-2.6.18-194.26.1.el5xen-1.4.11-76.sl5.x86_64.rpm
kernel-module-openafs-2.6.18-194.26.1.el5xen-1.4.12-79.sl5.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV