The upstream vendor has released the GFS and cluster modules for this kernel. i386 Dependencies: cman-kernel-2.6.9-50.2.0.1.i686.rpm cman-kernel-hugemem-2.6.9-50.2.0.1.i686.rpm cman-kernel-smp-2.6.9-50.2.0.1.i686.rpm cman-kernel-xenU-2.6.9-50.2.0.1.i686.rpm cman-kernheaders-2.6.9-50.2.0.1.i686.rpm cmirror-kernel-2.6.9-32.0.0.1.i686.rpm cmirror-kernel-hugemem-2.6.9-32.0.0.1.i686.rpm cmirror-kernel-smp-2.6.9-32.0.0.1.i686.rpm cmirror-kernel-xenU-2.6.9-32.0.0.1.i686.rpm dlm-kernel-2.6.9-46.16.0.1.i686.rpm dlm-kernel-hugemem-2.6.9-46.16.0.1.i686.rpm dlm-kernel-smp-2.6.9-46.16.0.1.i686.rpm dlm-kernel-xenU-2.6.9-46.16.0.1.i686.rpm dlm-kernheaders-2.6.9-46.16.0.1.i686.rpm GFS-kernel-2.6.9-72.2.0.2.i686.rpm GFS-kernel-hugemem-2.6.9-72.2.0.2.i686.rpm GFS-kernel-smp-2.6.9-72.2.0.2.i686.rpm GFS-kernel-xenU-2.6.9-72.2.0.2.i686.rpm GFS-kernheaders-2.6.9-72.2.0.2.i686.rpm gnbd-kernel-2.6.9-10.20.0.1.i686.rpm gnbd-kernel-hugemem-2.6.9-10.20.0.1.i686.rpm gnbd-kernel-smp-2.6.9-10.20.0.1.i686.rpm gnbd-kernel-xenU-2.6.9-10.20.0.1.i686.rpm gnbd-kernheaders-2.6.9-10.20.0.1.i686.rpm x86_64 Dependencies: cman-kernel-2.6.9-50.2.0.1.x86_64.rpm cman-kernel-largesmp-2.6.9-50.2.0.1.x86_64.rpm cman-kernel-smp-2.6.9-50.2.0.1.x86_64.rpm cman-kernel-xenU-2.6.9-50.2.0.1.x86_64.rpm cman-kernheaders-2.6.9-50.2.0.1.x86_64.rpm cmirror-kernel-2.6.9-32.0.0.1.x86_64.rpm cmirror-kernel-largesmp-2.6.9-32.0.0.1.x86_64.rpm cmirror-kernel-smp-2.6.9-32.0.0.1.x86_64.rpm cmirror-kernel-xenU-2.6.9-32.0.0.1.x86_64.rpm dlm-kernel-2.6.9-46.16.0.1.x86_64.rpm dlm-kernel-largesmp-2.6.9-46.16.0.1.x86_64.rpm dlm-kernel-smp-2.6.9-46.16.0.1.x86_64.rpm dlm-kernel-xenU-2.6.9-46.16.0.1.x86_64.rpm dlm-kernheaders-2.6.9-46.16.0.1.x86_64.rpm GFS-kernel-2.6.9-72.2.0.2.x86_64.rpm GFS-kernel-largesmp-2.6.9-72.2.0.2.x86_64.rpm GFS-kernel-smp-2.6.9-72.2.0.2.x86_64.rpm GFS-kernel-xenU-2.6.9-72.2.0.2.x86_64.rpm GFS-kernheaders-2.6.9-72.2.0.2.x86_64.rpm gnbd-kernel-2.6.9-10.20.0.1.x86_64.rpm gnbd-kernel-largesmp-2.6.9-10.20.0.1.x86_64.rpm gnbd-kernel-smp-2.6.9-10.20.0.1.x86_64.rpm gnbd-kernel-xenU-2.6.9-10.20.0.1.x86_64.rpm gnbd-kernheaders-2.6.9-10.20.0.1.x86_64.rpm Troy Troy Dawson wrote: > Synopsis: Important: kernel security update > Issue date: 2007-06-25 > CVE Names: CVE-2006-5158 CVE-2006-7203 CVE-2007-0773 > CVE-2007-0958 CVE-2007-1353 CVE-2007-2172 > CVE-2007-2525 CVE-2007-2876 CVE-2007-3104 > > These new kernel packages contain fixes for the security issues described > below: > > * a flaw in the connection tracking support for SCTP that allowed a remote > user to cause a denial of service by dereferencing a NULL pointer. > (CVE-2007-2876, Important) > > * a flaw in the mount handling routine for 64-bit systems that allowed a > local user to cause denial of service (crash). (CVE-2006-7203, Important) > > * a flaw in the IPv4 forwarding base that allowed a local user to cause an > out-of-bounds access. (CVE-2007-2172, Important) > > * a flaw in the PPP over Ethernet implementation that allowed a local user > to cause a denial of service (memory consumption) by creating a socket > using connect and then releasing it before the PPPIOCGCHAN ioctl has been > called. (CVE-2007-2525, Important) > > * a flaw in the fput ioctl handling of 32-bit applications running on > 64-bit platforms that allowed a local user to cause a denial of service > (panic). (CVE-2007-0773, Important) > > * a flaw in the NFS locking daemon that allowed a local user to cause > denial of service (deadlock). (CVE-2006-5158, Moderate) > > * a flaw in the sysfs_readdir function that allowed a local user to cause a > denial of service by dereferencing a NULL pointer. (CVE-2007-3104, > Moderate) > > * a flaw in the core-dump handling that allowed a local user to create core > dumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low) > > * a flaw in the Bluetooth subsystem that allowed a local user to trigger an > information leak. (CVE-2007-1353, Low) > > In addition, the following bugs were addressed: > > * the NFS could recurse on the same spinlock. Also, NFS, under certain > conditions, did not completely clean up Posix locks on a file close, > leading to mount failures. > > * the 32bit compatibility didn't return to userspace correct values for the > rt_sigtimedwait system call. > > * the count for unused inodes could be incorrect at times, resulting in > dirty data not being written to disk in a timely manner. > > * the cciss driver had an incorrect disk size calculation (off-by-one > error) which prevented disk dumps. > > NOTE1: > From The Upstream Vendors release notes > "During PCI probing, Red Hat Enterprise Linux 4 Update 5 attempts to use > information obtained from MCFG (memory-mapped PCI configuration space). > On AMD-systems, this type of access does not work on some buses, as the > kernel cannot parse the MCFG table. > > To work around this, add the parameter pci=conf1 or pci=nommconf on the > kernel boot line in /etc/grub.conf. For example: > > title Red Hat Enterprise Linux AS (2.6.9-42.0.2.EL) > root (hd0,0) > kernel /vmlinuz-2.6.9-42.0.2.EL ro > root=/dev/VolGroup00/LogVol00 rhgb quiet pci=conf1 > initrd /initrd-2.6.9-42.0.2.EL.img > > Doing this instructs the kernel to use PCI Conf1 access instead of > MCFG-based access." > > NOTE2: > From The Upstream Vendors Knowledge Base > "Why did the ordering of my NIC devices change in Red Hat Enterprise > Linux 4.5? > > The 2.6.9-55 version of the Red Hat Enterprise Linux 4 kernel (Update 5) > reverts to the 2.4 ordering of network interface cards (NICs) on certain > systems. Note that if the "HWADDR=MAC ADDRESS" line is present in the > /etc/sysconfig/network-scripts/ifcfg-ethX files, the NIC ordering will > not change. > > To restore the original 2.6 ordering, which is different from the 2.4 > ordering, boot with the option pci=nobfsort " > > > SL 4.x > > SRPMS: > kernel-2.6.9-55.0.2.EL.src.rpm > i386: > kernel-2.6.9-55.0.2.EL.i686.rpm > kernel-devel-2.6.9-55.0.2.EL.i686.rpm > kernel-doc-2.6.9-55.0.2.EL.noarch.rpm > kernel-hugemem-2.6.9-55.0.2.EL.i686.rpm > kernel-hugemem-devel-2.6.9-55.0.2.EL.i686.rpm > kernel-smp-2.6.9-55.0.2.EL.i686.rpm > kernel-smp-devel-2.6.9-55.0.2.EL.i686.rpm > kernel-xenU-2.6.9-55.0.2.EL.i686.rpm > kernel-xenU-devel-2.6.9-55.0.2.EL.i686.rpm > > Dependancies: > kernel-module-fuse-2.6.9-55.0.2.EL-2.5.3-1.SL.i686.rpm > kernel-module-fuse-2.6.9-55.0.2.ELhugemem-2.5.3-1.SL.i686.rpm > kernel-module-fuse-2.6.9-55.0.2.ELsmp-2.5.3-1.SL.i686.rpm > kernel-module-fuse-2.6.9-55.0.2.ELxenU-2.5.3-1.SL.i686.rpm > kernel-module-ipw3945-2.6.9-55.0.2.EL-1.1.0-1.SL4.i686.rpm > kernel-module-ipw3945-2.6.9-55.0.2.ELhugemem-1.1.0-1.SL4.i686.rpm > kernel-module-ipw3945-2.6.9-55.0.2.ELsmp-1.1.0-1.SL4.i686.rpm > kernel-module-ipw3945-2.6.9-55.0.2.ELxenU-1.1.0-1.SL4.i686.rpm > kernel-module-madwifi-2.6.9-55.0.2.EL-0.9.3.1-10.sl4.i686.rpm > kernel-module-madwifi-2.6.9-55.0.2.ELhugemem-0.9.3.1-10.sl4.i686.rpm > kernel-module-madwifi-2.6.9-55.0.2.ELsmp-0.9.3.1-10.sl4.i686.rpm > kernel-module-madwifi-hal-2.6.9-55.0.2.EL-0.9.3.1-10.sl4.i686.rpm > kernel-module-madwifi-hal-2.6.9-55.0.2.ELhugemem-0.9.3.1-10.sl4.i686.rpm > kernel-module-madwifi-hal-2.6.9-55.0.2.ELsmp-0.9.3.1-10.sl4.i686.rpm > kernel-module-ndiswrapper-2.6.9-55.0.2.EL-1.41-1.SL.i686.rpm > kernel-module-ndiswrapper-2.6.9-55.0.2.ELhugemem-1.41-1.SL.i686.rpm > kernel-module-ndiswrapper-2.6.9-55.0.2.ELsmp-1.41-1.SL.i686.rpm > kernel-module-ndiswrapper-2.6.9-55.0.2.ELxenU-1.41-1.SL.i686.rpm > kernel-module-openafs-2.6.9-55.0.2.EL-1.4.4-46.SL4.i686.rpm > kernel-module-openafs-2.6.9-55.0.2.ELhugemem-1.4.4-46.SL4.i686.rpm > kernel-module-openafs-2.6.9-55.0.2.ELsmp-1.4.4-46.SL4.i686.rpm > kernel-module-openafs-2.6.9-55.0.2.ELxenU-1.4.4-46.SL4.i686.rpm > kernel-module-r1000-2.6.9-55.0.2.EL-2.2-2.SL4x.i686.rpm > kernel-module-r1000-2.6.9-55.0.2.ELhugemem-2.2-2.SL4x.i686.rpm > kernel-module-r1000-2.6.9-55.0.2.ELsmp-2.2-2.SL4x.i686.rpm > kernel-module-r1000-2.6.9-55.0.2.ELxenU-2.2-2.SL4x.i686.rpm > > x86_64: > kernel-2.6.9-55.0.2.EL.x86_64.rpm > kernel-devel-2.6.9-55.0.2.EL.x86_64.rpm > kernel-doc-2.6.9-55.0.2.EL.noarch.rpm > kernel-largesmp-2.6.9-55.0.2.EL.x86_64.rpm > kernel-largesmp-devel-2.6.9-55.0.2.EL.x86_64.rpm > kernel-smp-2.6.9-55.0.2.EL.x86_64.rpm > kernel-smp-devel-2.6.9-55.0.2.EL.x86_64.rpm > kernel-xenU-2.6.9-55.0.2.EL.x86_64.rpm > kernel-xenU-devel-2.6.9-55.0.2.EL.x86_64.rpm > > Dependancies: > kernel-module-fuse-2.6.9-55.0.2.EL-2.5.3-1.SL.x86_64.rpm > kernel-module-fuse-2.6.9-55.0.2.ELlargesmp-2.5.3-1.SL.x86_64.rpm > kernel-module-fuse-2.6.9-55.0.2.ELsmp-2.5.3-1.SL.x86_64.rpm > kernel-module-fuse-2.6.9-55.0.2.ELxenU-2.5.3-1.SL.x86_64.rpm > kernel-module-ipw3945-2.6.9-55.0.2.EL-1.1.0-1.SL4.x86_64.rpm > kernel-module-ipw3945-2.6.9-55.0.2.ELlargesmp-1.1.0-1.SL4.x86_64.rpm > kernel-module-ipw3945-2.6.9-55.0.2.ELsmp-1.1.0-1.SL4.x86_64.rpm > kernel-module-ipw3945-2.6.9-55.0.2.ELxenU-1.1.0-1.SL4.x86_64.rpm > kernel-module-madwifi-2.6.9-55.0.2.EL-0.9.3.1-10.sl4.x86_64.rpm > kernel-module-madwifi-2.6.9-55.0.2.ELlargesmp-0.9.3.1-10.sl4.x86_64.rpm > kernel-module-madwifi-2.6.9-55.0.2.ELsmp-0.9.3.1-10.sl4.x86_64.rpm > kernel-module-madwifi-hal-2.6.9-55.0.2.EL-0.9.3.1-10.sl4.x86_64.rpm > kernel-module-madwifi-hal-2.6.9-55.0.2.ELlargesmp-0.9.3.1-10.sl4.x86_64.rpm > > kernel-module-madwifi-hal-2.6.9-55.0.2.ELsmp-0.9.3.1-10.sl4.x86_64.rpm > kernel-module-ndiswrapper-2.6.9-55.0.2.EL-1.41-1.SL.x86_64.rpm > kernel-module-ndiswrapper-2.6.9-55.0.2.ELlargesmp-1.41-1.SL.x86_64.rpm > kernel-module-ndiswrapper-2.6.9-55.0.2.ELsmp-1.41-1.SL.x86_64.rpm > kernel-module-ndiswrapper-2.6.9-55.0.2.ELxenU-1.41-1.SL.x86_64.rpm > kernel-module-openafs-2.6.9-55.0.2.EL-1.4.4-46.SL4.x86_64.rpm > kernel-module-openafs-2.6.9-55.0.2.ELlargesmp-1.4.4-46.SL4.x86_64.rpm > kernel-module-openafs-2.6.9-55.0.2.ELsmp-1.4.4-46.SL4.x86_64.rpm > kernel-module-openafs-2.6.9-55.0.2.ELxenU-1.4.4-46.SL4.x86_64.rpm > kernel-module-r1000-2.6.9-55.0.2.EL-2.2-2.SL4x.x86_64.rpm > kernel-module-r1000-2.6.9-55.0.2.ELlargesmp-2.2-2.SL4x.x86_64.rpm > kernel-module-r1000-2.6.9-55.0.2.ELsmp-2.2-2.SL4x.x86_64.rpm > kernel-module-r1000-2.6.9-55.0.2.ELxenU-2.2-2.SL4x.x86_64.rpm > > The upstream vendor has not released the GFS src.rpm yet. When > they release it we will rebuild and send it out. > > -Connie Sieh > -Troy Dawson -- __________________________________________________ Troy Dawson [log in to unmask] (630)840-6468 Fermilab ComputingDivision/LCSI/CSI DSS Group __________________________________________________