 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Wed, 23 Oct 2013 13:18:52 +0000 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Moderate: kernel security and bug fix update
Advisory ID: SLSA-2013:1449-1
Issue Date: 2013-10-22
CVE Numbers: CVE-2013-4299
CVE-2013-0343
CVE-2013-4345
CVE-2013-4368
--
* A flaw was found in the way the Linux kernel handled the creation of
temporary IPv6 addresses. If the IPv6 privacy extension was enabled
(/proc/sys/net/ipv6/conf/eth0/use_tempaddr is set to '2'), an attacker on
the local network could disable IPv6 temporary address generation, leading
to a potential information disclosure. (CVE-2013-0343, Moderate)
* An information leak flaw was found in the way Linux kernel's device
mapper subsystem, under certain conditions, interpreted data written to
snapshot block devices. An attacker could use this flaw to read data from
disk blocks in free space, which are normally inaccessible.
(CVE-2013-4299, Moderate)
* An off-by-one flaw was found in the way the ANSI CPRNG implementation in
the Linux kernel processed non-block size aligned requests. This could
lead to random numbers being generated with less bits of entropy than
expected when ANSI CPRNG was used. (CVE-2013-4345, Moderate)
* An information leak flaw was found in the way Xen hypervisor emulated
the OUTS instruction for 64-bit paravirtualized guests. A privileged guest
user could use this flaw to leak hypervisor stack memory to the guest.
(CVE-2013-4368, Moderate)
This update also fixes the following bug:
* A bug in the GFS2 code prevented glock work queues from freeing glock-
related memory while the glock memory shrinker repeatedly queued a large
number of demote requests, for example when performing a simultaneous
backup of several live GFS2 volumes with a large file count. As a
consequence, the glock work queues became overloaded which resulted in a
high CPU usage and the GFS2 file systems being unresponsive for a
significant amount of time. A patch has been applied to alleviate this
problem by calling the yield() function after scheduling a certain amount
of tasks on the glock work queues. The problem can now occur only with
extremely high work loads.
The system must be rebooted for this update to take effect.
--
SL5
x86_64
kernel-2.6.18-371.1.2.el5.x86_64.rpm
kernel-debug-2.6.18-371.1.2.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-371.1.2.el5.x86_64.rpm
kernel-debug-devel-2.6.18-371.1.2.el5.x86_64.rpm
kernel-debuginfo-2.6.18-371.1.2.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-371.1.2.el5.x86_64.rpm
kernel-devel-2.6.18-371.1.2.el5.x86_64.rpm
kernel-headers-2.6.18-371.1.2.el5.x86_64.rpm
kernel-xen-2.6.18-371.1.2.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-371.1.2.el5.x86_64.rpm
kernel-xen-devel-2.6.18-371.1.2.el5.x86_64.rpm
i386
kernel-2.6.18-371.1.2.el5.i686.rpm
kernel-PAE-2.6.18-371.1.2.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-371.1.2.el5.i686.rpm
kernel-PAE-devel-2.6.18-371.1.2.el5.i686.rpm
kernel-debug-2.6.18-371.1.2.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-371.1.2.el5.i686.rpm
kernel-debug-devel-2.6.18-371.1.2.el5.i686.rpm
kernel-debuginfo-2.6.18-371.1.2.el5.i686.rpm
kernel-debuginfo-common-2.6.18-371.1.2.el5.i686.rpm
kernel-devel-2.6.18-371.1.2.el5.i686.rpm
kernel-headers-2.6.18-371.1.2.el5.i386.rpm
kernel-xen-2.6.18-371.1.2.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-371.1.2.el5.i686.rpm
kernel-xen-devel-2.6.18-371.1.2.el5.i686.rpm
noarch
kernel-doc-2.6.18-371.1.2.el5.noarch.rpm
- Scientific Linux Development Team
|
|
|
