Synopsis:    Important: kernel security and bug fix update
Issue Date:  2011-05-31
CVE Numbers: CVE-2011-1078
              CVE-2011-1079
              CVE-2011-1080
              CVE-2011-1093
              CVE-2011-0726
              CVE-2011-1163
              CVE-2011-1166
              CVE-2011-1170
              CVE-2011-1171
              CVE-2011-1172
              CVE-2011-1494
              CVE-2011-1577
              CVE-2011-1763


The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A flaw in the dccp_rcv_state_process() function could allow a remote
attacker to cause a denial of service, even when the socket was already
closed. (CVE-2011-1093, Important)

* Multiple buffer overflow flaws were found in the Linux kernel's
Management Module Support for Message Passing Technology (MPT) based
controllers. A local, unprivileged user could use these flaws to cause a
denial of service, an information leak, or escalate their privileges.
(CVE-2011-1494, CVE-2011-1495, Important)

* A missing validation of a null-terminated string data structure 
element in the bnep_sock_ioctl() function could allow a local user to 
cause an information leak or a denial of service. (CVE-2011-1079, Moderate)

* Missing error checking in the way page tables were handled in the Xen
hypervisor implementation could allow a privileged guest user to cause 
the host, and the guests, to lock up. (CVE-2011-1166, Moderate)

* A flaw was found in the way the Xen hypervisor implementation checked 
for the upper boundary when getting a new event channel port. A 
privileged guest user could use this flaw to cause a denial of service 
or escalate their privileges. (CVE-2011-1763, Moderate)

* The start_code and end_code values in "/proc/[pid]/stat" were not
protected. In certain scenarios, this flaw could be used to defeat 
Address Space Layout Randomization (ASLR). (CVE-2011-0726, Low)

* A missing initialization flaw in the sco_sock_getsockopt() function 
could allow a local, unprivileged user to cause an information leak.
(CVE-2011-1078, Low)

* A missing validation of a null-terminated string data structure 
element in the do_replace() function could allow a local user who has 
the CAP_NET_ADMIN capability to cause an information leak. 
(CVE-2011-1080, Low)

* A buffer overflow flaw in the DEC Alpha OSF partition implementation 
in the Linux kernel could allow a local attacker to cause an information 
leak by mounting a disk that contains specially-crafted partition 
tables. (CVE-2011-1163, Low)

* Missing validations of null-terminated string data structure elements 
in the do_replace(), compat_do_replace(), do_ipt_get_ctl(), 
do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local 
user who has the CAP_NET_ADMIN capability to cause an information leak. 
(CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low)

* A heap overflow flaw in the Linux kernel's EFI GUID Partition Table 
(GPT) implementation could allow a local attacker to cause a denial of 
service by mounting a disk that contains specially-crafted partition 
tables. (CVE-2011-1577, Low)

This update also fixes several bugs.

The system must be rebooted for this update to take effect.

SL5:
   x86_64
      kernel-xen-devel-2.6.18-238.12.1.el5.x86_64.rpm
      kernel-2.6.18-238.12.1.el5.x86_64.rpm
      kernel-debug-2.6.18-238.12.1.el5.x86_64.rpm
      kernel-debug-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
      kernel-debug-devel-2.6.18-238.12.1.el5.x86_64.rpm
      kernel-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
      kernel-debuginfo-common-2.6.18-238.12.1.el5.x86_64.rpm
      kernel-devel-2.6.18-238.12.1.el5.x86_64.rpm
      kernel-headers-2.6.18-238.12.1.el5.x86_64.rpm
      kernel-xen-2.6.18-238.12.1.el5.x86_64.rpm
      kernel-xen-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
   Dependancies:
kernel-module-aufs-2.6.18-238.12.1.el5-0.20090202.cvs-6.sl5.x86_64.rpm
kernel-module-aufs-2.6.18-238.12.1.el5xen-0.20090202.cvs-6.sl5.x86_64.rpm
kernel-module-ndiswrapper-2.6.18-238.12.1.el5-1.55-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.18-238.12.1.el5xen-1.55-1.SL.x86_64.rpm
kernel-module-openafs-2.6.18-238.12.1.el5-1.4.14-80.sl5.x86_64.rpm
kernel-module-openafs-2.6.18-238.12.1.el5xen-1.4.14-80.sl5.x86_64.rpm

   i386
      kernel-xen-devel-2.6.18-238.12.1.el5.i686.rpm
      kernel-xen-debuginfo-2.6.18-238.12.1.el5.i686.rpm
      kernel-xen-2.6.18-238.12.1.el5.i686.rpm
      kernel-debug-2.6.18-238.12.1.el5.i686.rpm
      kernel-debug-debuginfo-2.6.18-238.12.1.el5.i686.rpm
      kernel-debug-devel-2.6.18-238.12.1.el5.i686.rpm
      kernel-debuginfo-2.6.18-238.12.1.el5.i686.rpm
      kernel-debuginfo-common-2.6.18-238.12.1.el5.i686.rpm
      kernel-devel-2.6.18-238.12.1.el5.i686.rpm
      kernel-headers-2.6.18-238.12.1.el5.i386.rpm
      kernel-PAE-2.6.18-238.12.1.el5.i686.rpm
      kernel-PAE-debuginfo-2.6.18-238.12.1.el5.i686.rpm
      kernel-PAE-devel-2.6.18-238.12.1.el5.i686.rpm
      kernel-2.6.18-238.12.1.el5.i686.rpm
   Dependancies:
kernel-module-aufs-2.6.18-238.12.1.el5-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-aufs-2.6.18-238.12.1.el5PAE-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-aufs-2.6.18-238.12.1.el5xen-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-ndiswrapper-2.6.18-238.12.1.el5-1.55-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.18-238.12.1.el5PAE-1.55-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.18-238.12.1.el5xen-1.55-1.SL.i686.rpm
kernel-module-openafs-2.6.18-238.12.1.el5-1.4.14-80.sl5.i686.rpm
kernel-module-openafs-2.6.18-238.12.1.el5PAE-1.4.14-80.sl5.i686.rpm
kernel-module-openafs-2.6.18-238.12.1.el5xen-1.4.14-80.sl5.i686.rpm
kernel-module-xfs-2.6.18-238.12.1.el5-0.4-2.sl5.i686.rpm
kernel-module-xfs-2.6.18-238.12.1.el5PAE-0.4-2.sl5.i686.rpm
kernel-module-xfs-2.6.18-238.12.1.el5xen-0.4-2.sl5.i686.rpm


- Scientific Linux Development Team