Synopsis: Important: kernel security and bug fix update Issue date: 2010-11-10 CVE Names: CVE-2010-2803 CVE-2010-2955 CVE-2010-2962 CVE-2010-3079 CVE-2010-3081 CVE-2010-3084 CVE-2010-3301 CVE-2010-3432 CVE-2010-3437 CVE-2010-3442 CVE-2010-3698 CVE-2010-3705 CVE-2010-3904 This update fixes the following security issues: * Missing sanity checks in the Intel i915 driver in the Linux kernel could allow a local, unprivileged user to escalate their privileges. (CVE-2010-2962, Important) * compat_alloc_user_space() in the Linux kernel 32/64-bit compatibility layer implementation was missing sanity checks. This function could be abused in other areas of the Linux kernel if its length argument can be controlled from user-space. On 64-bit systems, a local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-3081, Important) * A buffer overflow flaw in niu_get_ethtool_tcam_all() in the niu Ethernet driver in the Linux kernel, could allow a local user to cause a denial of service or escalate their privileges. (CVE-2010-3084, Important) * A flaw in the IA32 system call emulation provided in 64-bit Linux kernels could allow a local user to escalate their privileges. (CVE-2010-3301, Important) * A flaw in sctp_packet_config() in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service. (CVE-2010-3432, Important) * A missing integer overflow check in snd_ctl_new() in the Linux kernel's sound subsystem could allow a local, unprivileged user on a 32-bit system to cause a denial of service or escalate their privileges. (CVE-2010-3442, Important) * A flaw was found in sctp_auth_asoc_get_hmac() in the Linux kernel's SCTP implementation. When iterating through the hmac_ids array, it did not reset the last id element if it was out of range. This could allow a remote attacker to cause a denial of service. (CVE-2010-3705, Important) * A function in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation was missing sanity checks, which could allow a local, unprivileged user to escalate their privileges. (CVE-2010-3904, Important) * A flaw in drm_ioctl() in the Linux kernel's Direct Rendering Manager (DRM) implementation could allow a local, unprivileged user to cause an information leak. (CVE-2010-2803, Moderate) * It was found that wireless drivers might not always clear allocated buffers when handling a driver-specific IOCTL information request. A local user could trigger this flaw to cause an information leak. (CVE-2010-2955, Moderate) * A NULL pointer dereference flaw in ftrace_regex_lseek() in the Linux kernel's ftrace implementation could allow a local, unprivileged user to cause a denial of service. Note: The debugfs file system must be mounted locally to exploit this issue. It is not mounted by default. (CVE-2010-3079, Moderate) * A flaw in the Linux kernel's packet writing driver could be triggered via the PKT_CTRL_CMD_STATUS IOCTL request, possibly allowing a local, unprivileged user with access to "/dev/pktcdvd/control" to cause an information leak. Note: By default, only users in the cdrom group have access to "/dev/pktcdvd/control". (CVE-2010-3437, Moderate) * A flaw was found in the way KVM (Kernel-based Virtual Machine) handled the reloading of fs and gs segment registers when they had invalid selectors. A privileged host user with access to "/dev/kvm" could use this flaw to crash the host. (CVE-2010-3698, Moderate) This update also fixes several bugs. The system must be rebooted for this update to take effect. SL 6.x SRPMS: kernel-2.6.32-71.7.1.el6.src.rpm i386: kernel-2.6.32-71.7.1.el6.i686.rpm kernel-debug-2.6.32-71.7.1.el6.i686.rpm kernel-debug-devel-2.6.32-71.7.1.el6.i686.rpm kernel-devel-2.6.32-71.7.1.el6.i686.rpm kernel-doc-2.6.32-71.7.1.el6.noarch.rpm kernel-firmware-2.6.32-71.7.1.el6.noarch.rpm kernel-headers-2.6.32-71.7.1.el6.i686.rpm perf-2.6.32-71.7.1.el6.noarch.rpm x86_64: kernel-2.6.32-71.7.1.el6.x86_64.rpm kernel-debug-2.6.32-71.7.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-71.7.1.el6.x86_64.rpm kernel-devel-2.6.32-71.7.1.el6.x86_64.rpm kernel-doc-2.6.32-71.7.1.el6.noarch.rpm kernel-firmware-2.6.32-71.7.1.el6.noarch.rpm kernel-headers-2.6.32-71.7.1.el6.x86_64.rpm perf-2.6.32-71.7.1.el6.noarch.rpm -Connie Sieh -Troy Dawson