LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

March 2011

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA March 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Important: kernel on SL6.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Thu, 3 Mar 2011 14:43:30 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (114 lines)

Synopsis:	Important: kernel security and bug fix update
Issue date:	2011-01-11
CVE Names:	CVE-2010-2492 CVE-2010-3067 CVE-2010-3078
                   CVE-2010-3080 CVE-2010-3298 CVE-2010-3477
                   CVE-2010-3861 CVE-2010-3865 CVE-2010-3874
                   CVE-2010-3876 CVE-2010-3880 CVE-2010-4072
                   CVE-2010-4073 CVE-2010-4074 CVE-2010-4075
                   CVE-2010-4077 CVE-2010-4079 CVE-2010-4080
                   CVE-2010-4081 CVE-2010-4082 CVE-2010-4083
                   CVE-2010-4158 CVE-2010-4160 CVE-2010-4162
                   CVE-2010-4163 CVE-2010-4242 CVE-2010-4248
                   CVE-2010-4249 CVE-2010-4263 CVE-2010-4525
                   CVE-2010-4668

This update fixes the following security issues:

* Buffer overflow in eCryptfs. When /dev/ecryptfs has world writable
permissions (which it does not, by default, on Scientific Linux 6), a 
local, unprivileged user could use this flaw to cause a denial of 
service or possibly escalate their privileges. (CVE-2010-2492, Important)

* Integer overflow in the RDS protocol implementation could allow a 
local, unprivileged user to cause a denial of service or escalate their
privileges. (CVE-2010-3865, Important)

* Missing boundary checks in the PPP over L2TP sockets implementation 
could allow a local, unprivileged user to cause a denial of service or 
escalate their privileges. (CVE-2010-4160, Important)

* NULL pointer dereference in the igb driver. If both Single Root I/O
Virtualization (SR-IOV) and promiscuous mode were enabled on an 
interface using igb, it could result in a denial of service when a 
tagged VLAN packet is received on that interface. (CVE-2010-4263, Important)

* Missing initialization flaw in the XFS file system implementation, and 
in the network traffic policing implementation, could allow a local,
unprivileged user to cause an information leak. (CVE-2010-3078,
CVE-2010-3477, Moderate)

* NULL pointer dereference in the Open Sound System compatible sequencer
driver could allow a local, unprivileged user with access to 
/dev/sequencer to cause a denial of service. /dev/sequencer is only 
accessible to root and users in the audio group by default. 
(CVE-2010-3080, Moderate)

* Flaw in the ethtool IOCTL handler could allow a local user to cause an
information leak. (CVE-2010-3861, Moderate)

* Flaw in bcm_connect() in the Controller Area Network (CAN) Broadcast
Manager. On 64-bit systems, writing the socket address may overflow the
procname character array. (CVE-2010-3874, Moderate)

* Flaw in the module for monitoring the sockets of INET transport
protocols could allow a local, unprivileged user to cause a denial of
service. (CVE-2010-3880, Moderate)

* Missing boundary checks in the block layer implementation could allow 
a local, unprivileged user to cause a denial of service. (CVE-2010-4162,
CVE-2010-4163, CVE-2010-4668, Moderate)

* NULL pointer dereference in the Bluetooth HCI UART driver could allow 
a local, unprivileged user to cause a denial of service. (CVE-2010-4242,
Moderate)

* Flaw in the Linux kernel CPU time clocks implementation for the POSIX
clock interface could allow a local, unprivileged user to cause a denial 
of service. (CVE-2010-4248, Moderate)

* Flaw in the garbage collector for AF_UNIX sockets could allow a local,
unprivileged user to trigger a denial of service. (CVE-2010-4249, Moderate)

* Missing upper bound integer check in the AIO implementation could 
allow a local, unprivileged user to cause an information leak. 
(CVE-2010-3067, Low)

* Missing initialization flaws could lead to information leaks.
(CVE-2010-3298, CVE-2010-3876, CVE-2010-4072, CVE-2010-4073, 
CVE-2010-4074, CVE-2010-4075, CVE-2010-4077, CVE-2010-4079, 
CVE-2010-4080, CVE-2010-4081, CVE-2010-4082, CVE-2010-4083, 
CVE-2010-4158, Low)

* Missing initialization flaw in KVM could allow a privileged host user
with access to /dev/kvm to cause an information leak. (CVE-2010-4525, Low)

This update also fixes several bugs.

The system must be rebooted for this update to take effect.

SL 6.x

      SRPMS:
kernel-2.6.32-71.14.1.el6.src.rpm
      i386:
kernel-2.6.32-71.14.1.el6.i686.rpm
kernel-debug-2.6.32-71.14.1.el6.i686.rpm
kernel-debug-devel-2.6.32-71.14.1.el6.i686.rpm
kernel-devel-2.6.32-71.14.1.el6.i686.rpm
kernel-doc-2.6.32-71.14.1.el6.noarch.rpm
kernel-firmware-2.6.32-71.14.1.el6.noarch.rpm
kernel-headers-2.6.32-71.14.1.el6.i686.rpm
perf-2.6.32-71.14.1.el6.noarch.rpm
      x86_64:
kernel-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debug-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-71.14.1.el6.x86_64.rpm
kernel-devel-2.6.32-71.14.1.el6.x86_64.rpm
kernel-doc-2.6.32-71.14.1.el6.noarch.rpm
kernel-firmware-2.6.32-71.14.1.el6.noarch.rpm
kernel-headers-2.6.32-71.14.1.el6.x86_64.rpm
perf-2.6.32-71.14.1.el6.noarch.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV