Synopsis: Important: kernel security and bug fix update Issue Date: 2011-05-31 CVE Numbers: CVE-2011-1078 CVE-2011-1079 CVE-2011-1080 CVE-2011-1093 CVE-2011-0726 CVE-2011-1163 CVE-2011-1166 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1494 CVE-2011-1577 CVE-2011-1763 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw in the dccp_rcv_state_process() function could allow a remote attacker to cause a denial of service, even when the socket was already closed. (CVE-2011-1093, Important) * Multiple buffer overflow flaws were found in the Linux kernel's Management Module Support for Message Passing Technology (MPT) based controllers. A local, unprivileged user could use these flaws to cause a denial of service, an information leak, or escalate their privileges. (CVE-2011-1494, CVE-2011-1495, Important) * A missing validation of a null-terminated string data structure element in the bnep_sock_ioctl() function could allow a local user to cause an information leak or a denial of service. (CVE-2011-1079, Moderate) * Missing error checking in the way page tables were handled in the Xen hypervisor implementation could allow a privileged guest user to cause the host, and the guests, to lock up. (CVE-2011-1166, Moderate) * A flaw was found in the way the Xen hypervisor implementation checked for the upper boundary when getting a new event channel port. A privileged guest user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2011-1763, Moderate) * The start_code and end_code values in "/proc/[pid]/stat" were not protected. In certain scenarios, this flaw could be used to defeat Address Space Layout Randomization (ASLR). (CVE-2011-0726, Low) * A missing initialization flaw in the sco_sock_getsockopt() function could allow a local, unprivileged user to cause an information leak. (CVE-2011-1078, Low) * A missing validation of a null-terminated string data structure element in the do_replace() function could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low) * A buffer overflow flaw in the DEC Alpha OSF partition implementation in the Linux kernel could allow a local attacker to cause an information leak by mounting a disk that contains specially-crafted partition tables. (CVE-2011-1163, Low) * Missing validations of null-terminated string data structure elements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low) * A heap overflow flaw in the Linux kernel's EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk that contains specially-crafted partition tables. (CVE-2011-1577, Low) This update also fixes several bugs. The system must be rebooted for this update to take effect. SL5: x86_64 kernel-xen-devel-2.6.18-238.12.1.el5.x86_64.rpm kernel-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.12.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.x86_64.rpm kernel-devel-2.6.18-238.12.1.el5.x86_64.rpm kernel-headers-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm Dependancies: kernel-module-aufs-2.6.18-238.12.1.el5-0.20090202.cvs-6.sl5.x86_64.rpm kernel-module-aufs-2.6.18-238.12.1.el5xen-0.20090202.cvs-6.sl5.x86_64.rpm kernel-module-ndiswrapper-2.6.18-238.12.1.el5-1.55-1.SL.x86_64.rpm kernel-module-ndiswrapper-2.6.18-238.12.1.el5xen-1.55-1.SL.x86_64.rpm kernel-module-openafs-2.6.18-238.12.1.el5-1.4.14-80.sl5.x86_64.rpm kernel-module-openafs-2.6.18-238.12.1.el5xen-1.4.14-80.sl5.x86_64.rpm i386 kernel-xen-devel-2.6.18-238.12.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-xen-2.6.18-238.12.1.el5.i686.rpm kernel-debug-2.6.18-238.12.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.12.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.i686.rpm kernel-devel-2.6.18-238.12.1.el5.i686.rpm kernel-headers-2.6.18-238.12.1.el5.i386.rpm kernel-PAE-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.12.1.el5.i686.rpm kernel-2.6.18-238.12.1.el5.i686.rpm Dependancies: kernel-module-aufs-2.6.18-238.12.1.el5-0.20090202.cvs-6.sl5.i686.rpm kernel-module-aufs-2.6.18-238.12.1.el5PAE-0.20090202.cvs-6.sl5.i686.rpm kernel-module-aufs-2.6.18-238.12.1.el5xen-0.20090202.cvs-6.sl5.i686.rpm kernel-module-ndiswrapper-2.6.18-238.12.1.el5-1.55-1.SL.i686.rpm kernel-module-ndiswrapper-2.6.18-238.12.1.el5PAE-1.55-1.SL.i686.rpm kernel-module-ndiswrapper-2.6.18-238.12.1.el5xen-1.55-1.SL.i686.rpm kernel-module-openafs-2.6.18-238.12.1.el5-1.4.14-80.sl5.i686.rpm kernel-module-openafs-2.6.18-238.12.1.el5PAE-1.4.14-80.sl5.i686.rpm kernel-module-openafs-2.6.18-238.12.1.el5xen-1.4.14-80.sl5.i686.rpm kernel-module-xfs-2.6.18-238.12.1.el5-0.4-2.sl5.i686.rpm kernel-module-xfs-2.6.18-238.12.1.el5PAE-0.4-2.sl5.i686.rpm kernel-module-xfs-2.6.18-238.12.1.el5xen-0.4-2.sl5.i686.rpm - Scientific Linux Development Team