Hi Klaus, On Fri, 2009-10-02 at 14:04 +0200, Klaus Steinberger wrote: > Hi Troy, > > did you notice, that there is probably also a errata kernel for 5.3 yes, I think that's the one we really want. Alas, I couldn't find the SRPM in a public place yet. Cheers, Stephan > Sincerly, > Klaus > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Liebe Kolleginnen und Kollegen, > > soeben erreichte uns nachfolgendes RedHat Security Advisory. Wir geben > diese Informationen unveraendert an Sie weiter. > > CVE-2009-2847 - Linux Kernelfunktion do_sigaltstack() saeubert Padding > Daten nicht > > Auf 64-Bit Architekturen enthaelt die Datenstruktur des Signal Stacks > einige Padding Bytes. Diese werden von der Linux Kernelfunktion > do_sigaltstack() nicht geloescht, wenn die Datenstruktur nach dem > Aufruf an den Benutzer zurueckgegeben wird. Lokale Angreifer koennen > dadurch einen Teil des Kernel Speicherbereichs auslesen und so an > evtl. vertrauliche Informationen gelangen. > > CVE-2009-2848 - Fehler im Linux execve() System Call > > Unter bestimmten Umstaenden wird im Linux execve() System Call der > "current->clear_child_tid" Pointer nicht geloescht, was beim Anlegen > und Loeschen von Threads dazu fuehrt, das Datenstrukturen im Kernel > ueberschrieben werden, falls die Threads mit den Flags > CLONE_CHILD_SETTID oder CLONE_CHILD_CLEARTID angelegt werden. Ein > lokaler Angreifer kann dies zu einem Denial of Service Angriff > ausnutzen. > > Betroffen sind die folgenden Software Pakete und Plattformen: > > Paket kernel > > Red Hat Enterprise Linux (v. 5.3.z server) - i386, ia64, noarch, ppc, > s390x, x86_64 > > > Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt. > > Hersteller Advisory: > https://rhn.redhat.com/errata/RHSA-2009-1466.html > > > (c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die > Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber, > DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken > gestattet. > > Mit freundlichen Gruessen, > Detlev O. Matthies > > - -- > > Detlev O. Matthies, M.Sc. (Incident Response Team) > > DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 > Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737 > Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski > > Automatische Warnmeldungen https://www.cert.dfn.de/autowarn > > - -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ===================================================================== > Red Hat Security Advisory > > Synopsis: Important: kernel security and bug fix update > Advisory ID: RHSA-2009:1466-01 > Product: Red Hat Enterprise Linux > Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1466.html > Issue date: 2009-09-29 > CVE Names: CVE-2009-2847 CVE-2009-2848 > ===================================================================== > > 1. Summary: > > Updated kernel packages that fix two security issues and several bugs are > now available for Red Hat Enterprise Linux 5.3 Extended Update Support. > > This update has been rated as having important security impact by the Red > Hat Security Response Team. > > 2. Relevant releases/architectures: > > Red Hat Enterprise Linux (v. 5.3.z server) - i386, ia64, noarch, ppc, s390x, x86_64 > > 3. Description: > > The kernel packages contain the Linux kernel, the core of any Linux > operating system. > > This update includes backported fixes for two security issues. These issues > only affected users of Red Hat Enterprise Linux 5.3 Extended Update Support > as they have already been addressed for users of Red Hat Enterprise Linux 5 > in the 5.4 update, RHSA-2009:1243. > > In accordance with the support policy, future security updates to Red Hat > Enterprise Linux 5.3 Extended Update Support will only include issues of > critical security impact. > > This update fixes the following security issues: > > * it was discovered that, when executing a new process, the clear_child_tid > pointer in the Linux kernel is not cleared. If this pointer points to a > writable portion of the memory of the new program, the kernel could corrupt > four bytes of memory, possibly leading to a local denial of service or > privilege escalation. (CVE-2009-2848, Important) > > * a flaw was found in the way the do_sigaltstack() function in the Linux > kernel copies the stack_t structure to user-space. On 64-bit machines, this > flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate) > > This update also fixes the following bugs: > > * a regression was found in the SCSI retry logic: SCSI mode select was not > retried when retryable errors were encountered. In Device-Mapper Multipath > environments, this could cause paths to fail, or possibly prevent > successful failover. (BZ#506905) > > * the gcc flag "-fno-delete-null-pointer-checks" was added to the kernel > build options. This prevents gcc from optimizing out NULL pointer checks > after the first use of a pointer. NULL pointer bugs are often exploited by > attackers, and keeping these checks is considered a safety measure. > (BZ#515468) > > * due to incorrect APIC timer calibration, a system hang could have > occurred while booting certain systems. This incorrect timer calibration > could have also caused the system time to become faster or slower. With > this update, it is still possible for APIC timer calibration issues to > occur; however, a clear warning is now provided if they do. (BZ#521237) > > * gettimeofday() experienced poor performance (which caused performance > problems for applications using gettimeofday()) when running on hypervisors > that use hardware assisted virtualization. With this update, MFENCE/LFENCE > is used instead of CPUID for gettimeofday() serialization, which resolves > this issue. (BZ#523280) > > Users should upgrade to these updated packages, which contain backported > patches to correct these issues. The system must be rebooted for this > update to take effect. > > 4. Solution: > > Before applying this update, make sure that all previously-released > errata relevant to your system have been applied. > > This update is available via Red Hat Network. Details on how to use > the Red Hat Network to apply this update are available at > http://kbase.redhat.com/faq/docs/DOC-11259 > > 5. Bugs fixed (http://bugzilla.redhat.com/): > > 506905 - LTC 49790: Sync up SCSI DH code with mainline changes [rhel-5.3.z] > 515392 - CVE-2009-2847 kernel: information leak in sigaltstack > 515423 - CVE-2009-2848 kernel: execve: must clear current->clear_child_tid > 515468 - kernel: build with -fno-delete-null-pointer-checks [rhel-5.3.z] > 521237 - [RHEL 5] Hang on boot due to wrong APIC timer calibration [rhel-5.3.z] > 523280 - RFE: improve gettimeofday performance on hypervisors [rhel-5.3.z] > > 6. Package List: > > Red Hat Enterprise Linux (v. 5.3.z server): > > i386: > kernel-2.6.18-128.8.1.el5.i686.rpm > kernel-PAE-2.6.18-128.8.1.el5.i686.rpm > kernel-PAE-debuginfo-2.6.18-128.8.1.el5.i686.rpm > kernel-PAE-devel-2.6.18-128.8.1.el5.i686.rpm > kernel-debug-2.6.18-128.8.1.el5.i686.rpm > kernel-debug-debuginfo-2.6.18-128.8.1.el5.i686.rpm > kernel-debug-devel-2.6.18-128.8.1.el5.i686.rpm > kernel-debuginfo-2.6.18-128.8.1.el5.i686.rpm > kernel-debuginfo-common-2.6.18-128.8.1.el5.i686.rpm > kernel-devel-2.6.18-128.8.1.el5.i686.rpm > kernel-headers-2.6.18-128.8.1.el5.i386.rpm > kernel-xen-2.6.18-128.8.1.el5.i686.rpm > kernel-xen-debuginfo-2.6.18-128.8.1.el5.i686.rpm > kernel-xen-devel-2.6.18-128.8.1.el5.i686.rpm > > ia64: > kernel-2.6.18-128.8.1.el5.ia64.rpm > kernel-debug-2.6.18-128.8.1.el5.ia64.rpm > kernel-debug-debuginfo-2.6.18-128.8.1.el5.ia64.rpm > kernel-debug-devel-2.6.18-128.8.1.el5.ia64.rpm > kernel-debuginfo-2.6.18-128.8.1.el5.ia64.rpm > kernel-debuginfo-common-2.6.18-128.8.1.el5.ia64.rpm > kernel-devel-2.6.18-128.8.1.el5.ia64.rpm > kernel-headers-2.6.18-128.8.1.el5.ia64.rpm > kernel-xen-2.6.18-128.8.1.el5.ia64.rpm > kernel-xen-debuginfo-2.6.18-128.8.1.el5.ia64.rpm > kernel-xen-devel-2.6.18-128.8.1.el5.ia64.rpm > > noarch: > kernel-doc-2.6.18-128.8.1.el5.noarch.rpm > > ppc: > kernel-2.6.18-128.8.1.el5.ppc64.rpm > kernel-debug-2.6.18-128.8.1.el5.ppc64.rpm > kernel-debug-debuginfo-2.6.18-128.8.1.el5.ppc64.rpm > kernel-debug-devel-2.6.18-128.8.1.el5.ppc64.rpm > kernel-debuginfo-2.6.18-128.8.1.el5.ppc64.rpm > kernel-debuginfo-common-2.6.18-128.8.1.el5.ppc64.rpm > kernel-devel-2.6.18-128.8.1.el5.ppc64.rpm > kernel-headers-2.6.18-128.8.1.el5.ppc.rpm > kernel-headers-2.6.18-128.8.1.el5.ppc64.rpm > kernel-kdump-2.6.18-128.8.1.el5.ppc64.rpm > kernel-kdump-debuginfo-2.6.18-128.8.1.el5.ppc64.rpm > kernel-kdump-devel-2.6.18-128.8.1.el5.ppc64.rpm > > s390x: > kernel-2.6.18-128.8.1.el5.s390x.rpm > kernel-debug-2.6.18-128.8.1.el5.s390x.rpm > kernel-debug-debuginfo-2.6.18-128.8.1.el5.s390x.rpm > kernel-debug-devel-2.6.18-128.8.1.el5.s390x.rpm > kernel-debuginfo-2.6.18-128.8.1.el5.s390x.rpm > kernel-debuginfo-common-2.6.18-128.8.1.el5.s390x.rpm > kernel-devel-2.6.18-128.8.1.el5.s390x.rpm > kernel-headers-2.6.18-128.8.1.el5.s390x.rpm > kernel-kdump-2.6.18-128.8.1.el5.s390x.rpm > kernel-kdump-debuginfo-2.6.18-128.8.1.el5.s390x.rpm > kernel-kdump-devel-2.6.18-128.8.1.el5.s390x.rpm > > x86_64: > kernel-2.6.18-128.8.1.el5.x86_64.rpm > kernel-debug-2.6.18-128.8.1.el5.x86_64.rpm > kernel-debug-debuginfo-2.6.18-128.8.1.el5.x86_64.rpm > kernel-debug-devel-2.6.18-128.8.1.el5.x86_64.rpm > kernel-debuginfo-2.6.18-128.8.1.el5.x86_64.rpm > kernel-debuginfo-common-2.6.18-128.8.1.el5.x86_64.rpm > kernel-devel-2.6.18-128.8.1.el5.x86_64.rpm > kernel-headers-2.6.18-128.8.1.el5.x86_64.rpm > kernel-xen-2.6.18-128.8.1.el5.x86_64.rpm > kernel-xen-debuginfo-2.6.18-128.8.1.el5.x86_64.rpm > kernel-xen-devel-2.6.18-128.8.1.el5.x86_64.rpm > > These packages are GPG signed by Red Hat for security. Our key and > details on how to verify the signature are available from > https://www.redhat.com/security/team/key/#package > > 7. References: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847 > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848 > http://www.redhat.com/security/updates/classification/#important > > 8. Contact: > > The Red Hat security contact is <[log in to unmask]>. More contact > details at https://www.redhat.com/security/team/contact/ > > Copyright 2009 Red Hat, Inc. > - -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.4 (GNU/Linux) > > iD8DBQFKwjMlXlSAg2UNWIIRAkYKAJ4tHjqVF8SG2mPzo/Sw/SYXzkLW7QCdHZkM > rZ/np7FbkVx8zWpyzTlQ8wQ= > =9r2o > - -----END PGP SIGNATURE----- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (GNU/Linux) > > iD8DBQFKw1iak0kIxZMiiQ8RAqWLAJwPmR8rQEpbNkXdILHRI/n5fJhfuwCfY5lX > yXPNbnfPFToLIyPHC8NaINc= > =J3wA > -----END PGP SIGNATURE----- > ____________________________________________ -- Stephan Wiesand DESY - DV - Platanenallee 6 15738 Zeuthen, Germany