Important: kernel security and bug fix update - Page 2

08-26-2008, 09:23 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2008:0585-01
Product: Red Hat Enterprise MRG for RHEL-5
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0585.html
Issue date: 2008-08-26
CVE Names: CVE-2007-5966 CVE-2007-6282 CVE-2007-6712
CVE-2008-1615 CVE-2008-2136 CVE-2008-2148
CVE-2008-2372 CVE-2008-2729 CVE-2008-2826
================================================== ===================

1. Summary:

Updated kernel packages that fix several security issues and several bugs
are now available for Red Hat Enterprise MRG 1.0.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

MRG Realtime for RHEL 5 Server - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

These updated packages fix the following security issues:

* the possibility of a timeout value overflow was found in the Linux kernel
high-resolution timers functionality, hrtimer. This could allow a local
unprivileged user to execute arbitrary code, or cause a denial of service
(kernel panic). (CVE-2007-5966, Important)

* the possibility of a kernel crash was found in the Linux kernel IPsec
protocol implementation, due to improper handling of fragmented ESP
packets. When an attacker controlling an intermediate router fragmented
these packets into very small pieces, it would cause a kernel crash on the
receiving node during packet reassembly. (CVE-2007-6282, Important)

* on 64-bit architectures, the possibility of a timer-expiration value
overflow was found in the Linux kernel high-resolution timers
functionality, hrtimer. This could allow a local unprivileged user to set
up a large interval value, forcing the timer expiry value to become
negative, causing a denial of service (kernel hang).
(CVE-2007-6712, Important)

* on AMD64 architectures, the possibility of a kernel crash was discovered
by testing the Linux kernel process-trace ability. This could allow a local
unprivileged user to cause a denial of service (kernel crash).
(CVE-2008-1615, Important)

* a possible kernel memory leak was found in the Linux kernel Simple
Internet Transition (SIT) INET6 implementation. This could allow a local
unprivileged user to cause a denial of service. (CVE-2008-2136, Important)

* a flaw was found in the Linux kernel utimensat system call. File
permissions were not checked when UTIME_NOW and UTIME_OMIT combinations
were used. This could allow a local unprivileged user to modify file times
of arbitrary files, possibly leading to a denial of service.
(CVE-2008-2148, Important)

* a security flaw was found in the Linux kernel memory copy routines, when
running on certain AMD64 architectures. If an unsuccessful attempt to copy
kernel memory from source to destination memory locations occurred, the
copy routines did not zero the content at the destination memory location.
This could allow a local unprivileged user to view potentially sensitive
data. (CVE-2008-2729, Important)

* Gabriel Campana discovered a possible integer overflow flaw in the Linux
kernel Stream Control Transmission Protocol (SCTP) implementation. This
deficiency could lead to privilege escalation. (CVE-2008-2826, Important)

* a deficiency was found in the Linux kernel virtual memory implementation.
This could allow a local unprivileged user to make a large number of calls
to the get_user_pages function, possibly causing a denial of service.
(CVE-2008-2372, Low)

Also, these updated packages fix the following bugs:

* gdb set orig_rax to 0x00000000ffffffff, which is recognized by the
upstream kernel as "-1", but not by the Red Hat Enterprise MRG kernel.

* if the POSIX timer was programmed to fire immediately, the timer's
signal was sometimes not delivered (timer does not fire).

* rwlock caused crashes and application hangs.

* running oprofile caused system panics.

* threads releasing a mutex may have received an EPERM error.

* booting the RT kernel with the "nmi_watchdog=2" kernel option caused a
kernel panic, and an "Unable to handle kernel paging request" error.

* "echo 0 > /sys/devices/system/cpu/cpu1/online" caused crashes.

* a crash on a JTC machine.

* added a new "FUTEX_WAIT_BITSET" system call, identical to FUTEX_WAIT,
that accepts absolute time as a timeout.

Red Hat Enterprise MRG 1.0 users are advised to upgrade to these updated
packages, which contain backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

404291 - CVE-2007-6282 IPSec ESP kernel panics
429290 - provide a futex syscall command similiar to FUTEX_WAIT with takes absolute timeout
431430 - CVE-2008-1615 kernel: ptrace: Unprivileged crash on x86_64 %cs corruption
439999 - CVE-2007-6712 kernel: infinite loop in highres timers (kernel hang)
446031 - CVE-2008-2136 kernel: sit memory leak
446060 - kernel: sched_fair.c simplify sched_slice()
446397 - java testcase hangs on 2.6.24.7-52ibmrt2.3 kernel
446777 - pthread_mutex_unlock returns EPERM due to earlier EFAULT from futex lock
449676 - Turning a CPU offline causes panic
451271 - CVE-2008-2729 kernel: [x86_64] The string instruction version didn't zero the output on exception.
452478 - CVE-2008-2826 kernel: sctp: sctp_getsockopt_local_addrs_old() potential overflow
452666 - CVE-2008-2372 kernel: Reinstate ZERO_PAGE optimization in 'get_user_pages()' and fix XIP
452692 - crash with 2.6.24.7-65.el5rt
452693 - POSIX timer set to fire immediately does not fire
452974 - [24][FOCUS] plist_add/del crash with 2.6.24.7-65ibmrt2.4 kernel
453135 - CVE-2007-5966 Non-root can trigger cpu_idle soft lockup (tickless kernel only)
453677 - nmi_watchdog=2 crashes the RT kernel on boot up
454913 - [Realtime][Kernel] LTP test failure in sched_rr_get_interval02 testcase
455275 - CVE-2008-2148 kernel: fix permission checking in sys_utimensat
455747 - Oops when running oprofile

6. Package List:

MRG Realtime for RHEL 5 Server:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG-RHEL5/SRPMS/kernel-rt-2.6.24.7-74.el5rt.src.rpm

i386:
kernel-rt-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-debug-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-debug-debuginfo-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-debug-devel-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-debuginfo-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-debuginfo-common-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-devel-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-trace-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-trace-debuginfo-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-trace-devel-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-vanilla-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-vanilla-devel-2.6.24.7-74.el5rt.i686.rpm

noarch:
kernel-rt-doc-2.6.24.7-74.el5rt.noarch.rpm

x86_64:
kernel-rt-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-debug-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-debug-debuginfo-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-debug-devel-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-debuginfo-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-debuginfo-common-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-devel-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-trace-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-trace-debuginfo-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-trace-devel-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-vanilla-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-vanilla-devel-2.6.24.7-74.el5rt.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6282
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6712
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2826
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD4DBQFItGZbXlSAg2UNWIIRAtItAJ9AAQwwAD6x2JcydWHuRx/mUj7rzQCYjy+w
gLRpblvLnYaY3nTIDePYRQ==
=arLE
-----END PGP SIGNATURE-----

--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

09-24-2008, 08:02 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2008:0885-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0885.html
Issue date: 2008-09-24
CVE Names: CVE-2008-2931 CVE-2008-3275 CVE-2007-6417
CVE-2007-6716 CVE-2008-3272
================================================== ===================

1. Summary:

Updated kernel packages that fix various security issues and several bugs
are now available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security fixes:

* a missing capability check was found in the Linux kernel do_change_type
routine. This could allow a local unprivileged user to gain privileged
access or cause a denial of service. (CVE-2008-2931, Important)

* a flaw was found in the Linux kernel Direct-IO implementation. This could
allow a local unprivileged user to cause a denial of service.
(CVE-2007-6716, Important)

* Tobias Klein reported a missing check in the Linux kernel Open Sound
System (OSS) implementation. This deficiency could lead to a possible
information leak. (CVE-2008-3272, Moderate)

* a deficiency was found in the Linux kernel virtual filesystem (VFS)
implementation. This could allow a local unprivileged user to attempt file
creation within deleted directories, possibly causing a denial of service.
(CVE-2008-3275, Moderate)

* a flaw was found in the Linux kernel tmpfs implementation. This could
allow a local unprivileged user to read sensitive information from the
kernel. (CVE-2007-6417, Moderate)

Bug fixes:

* when copying a small IPoIB packet from the original skb it was received
in to a new, smaller skb, all fields in the new skb were not initialized.
This may have caused a kernel oops.

* previously, data may have been written beyond the end of an array,
causing memory corruption on certain systems, resulting in hypervisor
crashes during context switching.

* a kernel crash may have occurred on heavily-used Samba servers after 24
to 48 hours of use.

* under heavy memory pressure, pages may have been swapped out from under
the SGI Altix XPMEM driver, causing silent data corruption in the kernel.

* the ixgbe driver is untested, but support was advertised for the Intel
82598 network card. If this card was present when the ixgbe driver was
loaded, a NULL pointer dereference and a panic occurred.

* on certain systems, if multiple InfiniBand queue pairs simultaneously
fell into an error state, an overrun may have occurred, stopping traffic.

* with bridging, when forward delay was set to zero, setting an interface
to the forwarding state was delayed by one or possibly two timers,
depending on whether STP was enabled. This may have caused long delays in
moving an interface to the forwarding state. This issue caused packet loss
when migrating virtual machines, preventing them from being migrated
without interrupting applications.

* on certain multinode systems, IPMI device nodes were created in reverse
order of where they physically resided.

* process hangs may have occurred while accessing application data files
via asynchronous direct I/O system calls.

* on systems with heavy lock traffic, a possible deadlock may have caused
anything requiring locks over NFS to stop, or be very slow. Errors such as
"lockd: server [IP] not responding, timed out" were logged on client
systems.

* unexpected removals of USB devices may have caused a NULL pointer
dereference in kobject_get_path.

* on Itanium-based systems, repeatedly creating and destroying Windows
guests may have caused Dom0 to crash, due to the "XENMEM_add_to_physmap"
hypercall, used by para-virtualized drivers on HVM, being SMP-unsafe.

* when using an MD software RAID, crashes may have occurred when devices
were removed or changed while being iterated through. Correct locking is
now used.

* break requests had no effect when using "Serial Over Lan" with the Intel
82571 network card. This issue may have caused log in problems.

* on Itanium-based systems, module_free() referred the first parameter
before checking it was valid. This may have caused a kernel panic when
exiting SystemTap.

Red Hat Enterprise Linux 5 users are advised to upgrade to these updated
packages, which contain backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

426081 - CVE-2007-6417 tmpfs: restore missing clear_highpage (kernels from 2.6.11 up)
447913 - LTC43854-trap 700 Program check on uli05, pc: c000000000323910: .skb_under_panic+0x50/0x68 [rhel-5.2.z]
454388 - CVE-2008-2931 kernel: missing check before setting mount propagation
455768 - Guest OS install causes host machine to crash
456235 - [RHEL5] Kernel panic triggered by smbd
456946 - Silent memory corruption with xpmem
457484 - ixgbe panics system when installing RHEL 5.2 with 82598AT (copper 10 gig) adapter
457858 - CVE-2008-3275 Linux kernel local filesystem DoS
457995 - CVE-2008-3272 kernel snd_seq_oss_synth_make_info leak
458779 - LTC44570-Event Queue overflow on eHCA adapters
458783 - lost packets when live migrating
459071 - LTC41679-IPMI device nodes created in reverse order on multinode systems
459082 - process hangs in async direct IO / possible race between dio_bio_end_aio() and dio_await_one() ?
459083 - deadlock when lockd tries to take f_sema that it already has
459776 - [Stratus 5.2.z bug] kernel NULL pointer dereference in kobject_get_path
459780 - [IA64] Fix SMP-unsafe with XENMEM_add_to_physmap on HVM
460128 - [NEC/Stratus 5.2.z bug] various crashes in md - rdev removed in the middle of ITERATE_RDEV
460509 - SysRq handling issue in serial driver
460639 - kprobes remove causing kernel panic on ia64 with 2.6.18-92.1.10.el5 kernel
461082 - CVE-2007-6716 kernel: dio: zero struct dio with kzalloc instead of manually

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-92.1.13.el5.src.rpm

i386:
kernel-2.6.18-92.1.13.el5.i686.rpm
kernel-PAE-2.6.18-92.1.13.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-92.1.13.el5.i686.rpm
kernel-PAE-devel-2.6.18-92.1.13.el5.i686.rpm
kernel-debug-2.6.18-92.1.13.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-92.1.13.el5.i686.rpm
kernel-debug-devel-2.6.18-92.1.13.el5.i686.rpm
kernel-debuginfo-2.6.18-92.1.13.el5.i686.rpm
kernel-debuginfo-common-2.6.18-92.1.13.el5.i686.rpm
kernel-devel-2.6.18-92.1.13.el5.i686.rpm
kernel-headers-2.6.18-92.1.13.el5.i386.rpm
kernel-xen-2.6.18-92.1.13.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-92.1.13.el5.i686.rpm
kernel-xen-devel-2.6.18-92.1.13.el5.i686.rpm

noarch:
kernel-doc-2.6.18-92.1.13.el5.noarch.rpm

x86_64:
kernel-2.6.18-92.1.13.el5.x86_64.rpm
kernel-debug-2.6.18-92.1.13.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-92.1.13.el5.x86_64.rpm
kernel-debug-devel-2.6.18-92.1.13.el5.x86_64.rpm
kernel-debuginfo-2.6.18-92.1.13.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-92.1.13.el5.x86_64.rpm
kernel-devel-2.6.18-92.1.13.el5.x86_64.rpm
kernel-headers-2.6.18-92.1.13.el5.x86_64.rpm
kernel-xen-2.6.18-92.1.13.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-92.1.13.el5.x86_64.rpm
kernel-xen-devel-2.6.18-92.1.13.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-92.1.13.el5.src.rpm

i386:
kernel-2.6.18-92.1.13.el5.i686.rpm
kernel-PAE-2.6.18-92.1.13.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-92.1.13.el5.i686.rpm
kernel-PAE-devel-2.6.18-92.1.13.el5.i686.rpm
kernel-debug-2.6.18-92.1.13.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-92.1.13.el5.i686.rpm
kernel-debug-devel-2.6.18-92.1.13.el5.i686.rpm
kernel-debuginfo-2.6.18-92.1.13.el5.i686.rpm
kernel-debuginfo-common-2.6.18-92.1.13.el5.i686.rpm
kernel-devel-2.6.18-92.1.13.el5.i686.rpm
kernel-headers-2.6.18-92.1.13.el5.i386.rpm
kernel-xen-2.6.18-92.1.13.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-92.1.13.el5.i686.rpm
kernel-xen-devel-2.6.18-92.1.13.el5.i686.rpm

ia64:
kernel-2.6.18-92.1.13.el5.ia64.rpm
kernel-debug-2.6.18-92.1.13.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-92.1.13.el5.ia64.rpm
kernel-debug-devel-2.6.18-92.1.13.el5.ia64.rpm
kernel-debuginfo-2.6.18-92.1.13.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-92.1.13.el5.ia64.rpm
kernel-devel-2.6.18-92.1.13.el5.ia64.rpm
kernel-headers-2.6.18-92.1.13.el5.ia64.rpm
kernel-xen-2.6.18-92.1.13.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-92.1.13.el5.ia64.rpm
kernel-xen-devel-2.6.18-92.1.13.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-92.1.13.el5.noarch.rpm

ppc:
kernel-2.6.18-92.1.13.el5.ppc64.rpm
kernel-debug-2.6.18-92.1.13.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-92.1.13.el5.ppc64.rpm
kernel-debug-devel-2.6.18-92.1.13.el5.ppc64.rpm
kernel-debuginfo-2.6.18-92.1.13.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-92.1.13.el5.ppc64.rpm
kernel-devel-2.6.18-92.1.13.el5.ppc64.rpm
kernel-headers-2.6.18-92.1.13.el5.ppc.rpm
kernel-headers-2.6.18-92.1.13.el5.ppc64.rpm
kernel-kdump-2.6.18-92.1.13.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-92.1.13.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-92.1.13.el5.ppc64.rpm

s390x:
kernel-2.6.18-92.1.13.el5.s390x.rpm
kernel-debug-2.6.18-92.1.13.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-92.1.13.el5.s390x.rpm
kernel-debug-devel-2.6.18-92.1.13.el5.s390x.rpm
kernel-debuginfo-2.6.18-92.1.13.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-92.1.13.el5.s390x.rpm
kernel-devel-2.6.18-92.1.13.el5.s390x.rpm
kernel-headers-2.6.18-92.1.13.el5.s390x.rpm
kernel-kdump-2.6.18-92.1.13.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-92.1.13.el5.s390x.rpm
kernel-kdump-devel-2.6.18-92.1.13.el5.s390x.rpm

x86_64:
kernel-2.6.18-92.1.13.el5.x86_64.rpm
kernel-debug-2.6.18-92.1.13.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-92.1.13.el5.x86_64.rpm
kernel-debug-devel-2.6.18-92.1.13.el5.x86_64.rpm
kernel-debuginfo-2.6.18-92.1.13.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-92.1.13.el5.x86_64.rpm
kernel-devel-2.6.18-92.1.13.el5.x86_64.rpm
kernel-headers-2.6.18-92.1.13.el5.x86_64.rpm
kernel-xen-2.6.18-92.1.13.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-92.1.13.el5.x86_64.rpm
kernel-xen-devel-2.6.18-92.1.13.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2931
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3272
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFI2o7AXlSAg2UNWIIRAkEKAJ0cNMNouqFi5c+Ev+4eUT XjKsDxBwCgqj9w
2bTT9J514h503tzyCXsAqbk=
=LGJv
-----END PGP SIGNATURE-----

--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

10-07-2008, 08:47 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2008:0857-02
Product: Red Hat Enterprise MRG for RHEL-5
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0857.html
Issue date: 2008-10-07
CVE Names: CVE-2008-3534 CVE-2008-3535 CVE-2008-3275
CVE-2008-3276 CVE-2008-3915 CVE-2008-3792
CVE-2008-3526 CVE-2008-3272
CVE-2008-4113 CVE-2008-4445
================================================== ===================

1. Summary:

Updated kernel packages that fix several security issues and several bugs
are now available for Red Hat Enterprise MRG 1.0.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

MRG Realtime for RHEL 5 Server - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

A possible integer overflow was found in the Linux kernel Stream Control
Transmission Protocol (SCTP) implementation. This could allow an attacker
to cause a denial of service. (CVE-2008-3526, Important)

A deficiency was found in the Linux kernel Stream Control Transmission
Protocol (SCTP) Authentication Extension implementation. All the SCTP-AUTH
socket options could cause a kernel panic if the API was used when the
extension is disabled. (CVE-2008-3792, Important)

Missing boundary checks were reported in the Linux kernel SCTP
implementation. This could, potentially, cause information disclosure via a
specially crafted SCTP_HMAC_IDENT IOCTL request. (CVE-2008-4113,
CVE-2008-4445, Important)

Tobias Klein reported a missing check in the Linux kernel's Open Sound
System (OSS) implementation. This deficiency could lead to a possible
information leak. (CVE-2008-3272, Moderate)

A deficiency was found in the Linux kernel virtual filesystem (VFS)
implementation. This could allow a local unprivileged user to make a series
of file creations within deleted directories, possibly causing a denial of
service. (CVE-2008-3275, Moderate)

A flaw was found in the Linux kernel Network File System daemon (nfsd) when
NFSv4 was enabled. Remote attackers could use this to cause a denial of
service via a buffer overflow. (CVE-2008-3915, Moderate)

A possible integer overflow was discovered in the Linux kernel Datagram
Congestion Control Protocol (DCCP) implementation. This could allow a
remote attacker to cause a denial of service on a victim's machine.
(CVE-2008-3276, Low)

A deficiency was found in the Linux kernel tmpfs implementation. This could
allow a local unprivileged user to make a certain sequence of file
operations, possibly causing a denial of service. (CVE-2008-3534, Low)

An off-by-one error was found in the iov_iter_advance function. This could
allow a local unprivileged user to cause a denial of service as
demonstrated by a testcase from the Linux Test Project. (CVE-2008-3535,
Low)

These updated packages also fix the following bugs:

* fixed a warning in the openib code.

* increased MAX_STACK_TRACE_ENTRIES on the debug kernel variant.

* enqueue deprioritized RT tasks to head of prio array.

* use timer_pending() to test ipv6 FIB timers.

* added a lower-bound check for the length field in PPPOE headers.

* pppoe: unshare skb to avoid possible data loss.

* using growisofs could cause oops due to the lack of proper sanity checks.

* random seed improvement.

* enabled the "Panic on Oops" feature.

* fixed a portability issue in parse_pmtmr() due to variable type.

* fixed sanity check in cifs/asn1.c.

* fixed a bug introduced by a previous fix, related to the inode code.

* added better sanity checks to dlm code.

* dynamic ftrace enhancements. The daemon is no longer used.

* fixed a format string bug in cpufreq.

* avoid a potential kernel stack overflow in binfmt_misc.c

* fixed the long boot-up time when CONFIG_PROVE_LOCKING is enabled.

* use a better random seed for NAT port randomization.

* a compat_semaphore was being handled as a regular semaphore due to
casting (qla2xxx driver).

All users of Red Hat Enterprise MRG should upgrade to these new packages,
which address these vulnerabilities and fix these bugs.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

447942 - openib broken in 2.6.24.7-55.el5rt
448574 - [MRG] Hit BUG: MAX_STACK_TRACE_ENTRIES too low! when booting kernel-rt-debug-2.6.24.4-32ibmrt2.2
454270 - SCHED_FIFO spec violation
457012 - ipv6: use timer pending to fix bridge reference count problem [mrg-1]
457014 - pppoe: Check packet length on all receive paths [mrg-1]
457019 - pppoe: Unshare skb before anything else [mrg-1]
457027 - ide-cd: fix oops when using growisofs [mrg-1]
457507 - CVE-2008-3534 kernel: tmpfs: fix kernel BUG in shmem_delete_inode
457703 - CVE-2008-3535 kernel: fix off-by-one error in iov_iter_advance()
457858 - CVE-2008-3275 Linux kernel local filesystem DoS
457995 - CVE-2008-3272 kernel snd_seq_oss_synth_make_info leak
458016 - kernel: random32: seeding improvement [mrg-1]
458104 - kernel should panic on oops
458340 - parse_pmtmr() receives a (possible) ulong then stores that in a u32 [mrg-1]
458350 - fs/cifs/asn1.c:403: warning: comparison is always false due to limited range of data type
458487 - [Realtime][Kernel] kernel BUG at fs/inode.c:262!
458755 - kernel: dlm: fix possible use-after-free [mrg-1]
458756 - kernel: dlm: check for null in device_write [mrg-1]
458758 - kernel: dlm: dlm/user.c input validation fixes [mrg-1]
459141 - Add ftrace boot time nop replacement
459226 - CVE-2008-3276 Linux kernel dccp_setsockopt_change() integer overflow
459459 - kernel: cpufreq: fix format string bug [mrg-1]
459462 - kernel: binfmt_misc.c: avoid potential kernel stack overflow [mrg-1]
459478 - [FOCUS] Long boot time and strange Hardware Clock message
459942 - kernel: nf_nat: use secure_ipv4_port_ephemeral() for NAT port randomization [mrg-1]
459955 - CVE-2008-3792 kernel: sctp: fix potential panics in the SCTP-AUTH API
460093 - CVE-2008-3526 Linux kernel sctp_setsockopt_auth_key() integer overflow
460455 - [FOCUS][24] R2:SAN:Hang triggered by filesystem testing on SAN
461101 - CVE-2008-3915 kernel: nfsd: fix buffer overrun decoding NFSv4 acl
462599 - CVE-2008-4445 kernel: sctp: fix random memory dereference with SCTP_HMAC_IDENT option
464514 - CVE-2008-4113 kernel: sctp_getsockopt_hmac_ident information disclosure

6. Package List:

MRG Realtime for RHEL 5 Server:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/kernel-rt-2.6.24.7-81.el5rt.src.rpm

i386:
kernel-rt-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-debug-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-debug-debuginfo-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-debug-devel-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-debuginfo-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-debuginfo-common-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-devel-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-trace-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-trace-debuginfo-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-trace-devel-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-vanilla-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-vanilla-devel-2.6.24.7-81.el5rt.i686.rpm

noarch:
kernel-rt-doc-2.6.24.7-81.el5rt.noarch.rpm

x86_64:
kernel-rt-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-debug-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-debug-debuginfo-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-debug-devel-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-debuginfo-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-debuginfo-common-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-devel-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-trace-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-trace-debuginfo-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-trace-devel-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-vanilla-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-vanilla-devel-2.6.24.7-81.el5rt.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3535
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3915
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4445
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFI67zsXlSAg2UNWIIRArwgAJ4lCPgncis6Iz9lo618mE GPrEXfrwCeLHjQ
HzHjqfCtibtl4Wj+JCKdJ7g=
=T4zi
-----END PGP SIGNATURE-----

--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

11-04-2008, 01:35 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2008:0957-02
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0957.html
Issue date: 2008-11-04
CVE Names: CVE-2006-5755 CVE-2007-5907 CVE-2008-2372
CVE-2008-3276 CVE-2008-3527 CVE-2008-3833
CVE-2008-4210 CVE-2008-4302
================================================== ===================

1. Summary:

Updated kernel packages that resolve several security issues and fix
various bugs are now available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* the Xen implementation did not prevent applications running in a
para-virtualized guest from modifying CR4 TSC. This could cause a local
denial of service. (CVE-2007-5907, Important)

* Tavis Ormandy reported missing boundary checks in the Virtual Dynamic
Shared Objects (vDSO) implementation. This could allow a local unprivileged
user to cause a denial of service or escalate privileges. (CVE-2008-3527,
Important)

* the do_truncate() and generic_file_splice_write() functions did not clear
the setuid and setgid bits. This could allow a local unprivileged user to
obtain access to privileged information. (CVE-2008-4210, CVE-2008-3833,
Important)

* a flaw was found in the Linux kernel splice implementation. This could
cause a local denial of service when there is a certain failure in the
add_to_page_cache_lru() function. (CVE-2008-4302, Important)

* a flaw was found in the Linux kernel when running on AMD64 systems.
During a context switch, EFLAGS were being neither saved nor restored. This
could allow a local unprivileged user to cause a denial of service.
(CVE-2006-5755, Low)

* a flaw was found in the Linux kernel virtual memory implementation. This
could allow a local unprivileged user to cause a denial of service.
(CVE-2008-2372, Low)

* an integer overflow was discovered in the Linux kernel Datagram
Congestion Control Protocol (DCCP) implementation. This could allow a
remote attacker to cause a denial of service. By default, remote DCCP is
blocked by SELinux. (CVE-2008-3276, Low)

In addition, these updated packages fix the following bugs:

* random32() seeding has been improved.

* in a multi-core environment, a race between the QP async event-handler
and the destro_qp() function could occur. This led to unpredictable results
during invalid memory access, which could lead to a kernel crash.

* a format string was omitted in the call to the request_module() function.

* a stack overflow caused by an infinite recursion bug in the binfmt_misc
kernel module was corrected.

* the ata_scsi_rbuf_get() and ata_scsi_rbuf_put() functions now check for
scatterlist usage before calling kmap_atomic().

* a sentinel NUL byte was added to the device_write() function to ensure
that lspace.name is NUL-terminated.

* in the character device driver, a range_is_allowed() check was added to
the read_mem() and write_mem() functions. It was possible for an
illegitimate application to bypass these checks, and access /dev/mem beyond
the 1M limit by calling mmap_mem() instead. Also, the parameters of
range_is_allowed() were changed to cleanly handle greater than 32-bits of
physical address on 32-bit architectures.

* some of the newer Nehalem-based systems declare their CPU DSDT entries as
type "Alias". During boot, this caused an "Error attaching device data"
message to be logged.

* the evtchn event channel device lacked locks and memory barriers. This
has led to xenstore becoming unresponsive on the Itanium® architecture.

* sending of gratuitous ARP packets in the Xen frontend network driver is
now delayed until the backend signals that its carrier status has been
processed by the stack.

* on forcedeth devices, whenever setting ethtool parameters for link speed,
the device could stop receiving interrupts.

* the CIFS 'forcedirectio' option did not allow text to be appended to files.

* the gettimeofday() function returned a backwards time on Intel® 64.

* residual-count corrections during UNDERRUN handling were added to the
qla2xxx driver.

* the fix for a small quirk was removed for certain Adaptec controllers for
which it caused problems.

* the "xm trigger init" command caused a domain panic if a userland
application was running on a guest on the Intel® 64 architecture.

Users of kernel should upgrade to these updated packages, which contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

377561 - CVE-2007-5907 kernel-xen 3.1.1 does not prevent modification of the CR4 TSC from applications (DoS possible)
452666 - CVE-2008-2372 kernel: Reinstate ZERO_PAGE optimization in 'get_user_pages()' and fix XIP
457718 - CVE-2006-5755 kernel: local denial of service due to NT bit leakage
458021 - kernel: random32: seeding improvement [rhel-5.2.z]
458759 - kernel: dlm: dlm/user.c input validation fixes [rhel-5.2.z]
458781 - LTC44618-Race possibility between QP async handler and destroy_qp()
459226 - CVE-2008-3276 Linux kernel dccp_setsockopt_change() integer overflow
459461 - kernel: cpufreq: fix format string bug [rhel-5.2.z]
459464 - kernel: binfmt_misc.c: avoid potential kernel stack overflow [rhel-5.2.z]
460251 - CVE-2008-3527 kernel: missing boundary checks in syscall/syscall32_nopage()
460638 - [REG][5.3] The system crashed by the NULL pointer access with kmap_atomic() of ata_scsi_rbuf_get().
460858 - kernel: devmem: add range_is_allowed() check to mmap_mem() [rhel-5.2.z]
460868 - RHEL5.2 ACPI core bug
461099 - evtchn device lacks lock and barriers
461457 - Coordinate gratuitous ARP with backend network status
461894 - nVidia MCP55 MCP55 Ethernet (rev a3) not functional on kernel 2.6.18-53.1.4
462434 - CVE-2008-4302 kernel: splice: fix bad unlock_page() in error case
462591 - CIFS option forcedirectio fails to allow the appending of text to files.
462860 - RHEL5.3: Fix time of gettimeofday() going backward (EM64T) (*)
463661 - CVE-2008-4210 kernel: open() call allows setgid bit when user is not in new file's group
464450 - CVE-2008-3833 kernel: remove SUID when splicing into an inode
465741 - [QLogic 5.2.z bug] qla2xxx - Additional residual-count corrections during UNDERRUN handling.
466427 - Significant regression in time() performance
466885 - [aacraid 5.2.z] aac_srb: aac_fib_send failed with status 8195
467105 - xm trigger <domain> init causes kernel panic.

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-92.1.17.el5.src.rpm

i386:
kernel-2.6.18-92.1.17.el5.i686.rpm
kernel-PAE-2.6.18-92.1.17.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-92.1.17.el5.i686.rpm
kernel-PAE-devel-2.6.18-92.1.17.el5.i686.rpm
kernel-debug-2.6.18-92.1.17.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-92.1.17.el5.i686.rpm
kernel-debug-devel-2.6.18-92.1.17.el5.i686.rpm
kernel-debuginfo-2.6.18-92.1.17.el5.i686.rpm
kernel-debuginfo-common-2.6.18-92.1.17.el5.i686.rpm
kernel-devel-2.6.18-92.1.17.el5.i686.rpm
kernel-headers-2.6.18-92.1.17.el5.i386.rpm
kernel-xen-2.6.18-92.1.17.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-92.1.17.el5.i686.rpm
kernel-xen-devel-2.6.18-92.1.17.el5.i686.rpm

noarch:
kernel-doc-2.6.18-92.1.17.el5.noarch.rpm

x86_64:
kernel-2.6.18-92.1.17.el5.x86_64.rpm
kernel-debug-2.6.18-92.1.17.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-92.1.17.el5.x86_64.rpm
kernel-debug-devel-2.6.18-92.1.17.el5.x86_64.rpm
kernel-debuginfo-2.6.18-92.1.17.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-92.1.17.el5.x86_64.rpm
kernel-devel-2.6.18-92.1.17.el5.x86_64.rpm
kernel-headers-2.6.18-92.1.17.el5.x86_64.rpm
kernel-xen-2.6.18-92.1.17.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-92.1.17.el5.x86_64.rpm
kernel-xen-devel-2.6.18-92.1.17.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-92.1.17.el5.src.rpm

i386:
kernel-2.6.18-92.1.17.el5.i686.rpm
kernel-PAE-2.6.18-92.1.17.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-92.1.17.el5.i686.rpm
kernel-PAE-devel-2.6.18-92.1.17.el5.i686.rpm
kernel-debug-2.6.18-92.1.17.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-92.1.17.el5.i686.rpm
kernel-debug-devel-2.6.18-92.1.17.el5.i686.rpm
kernel-debuginfo-2.6.18-92.1.17.el5.i686.rpm
kernel-debuginfo-common-2.6.18-92.1.17.el5.i686.rpm
kernel-devel-2.6.18-92.1.17.el5.i686.rpm
kernel-headers-2.6.18-92.1.17.el5.i386.rpm
kernel-xen-2.6.18-92.1.17.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-92.1.17.el5.i686.rpm
kernel-xen-devel-2.6.18-92.1.17.el5.i686.rpm

ia64:
kernel-2.6.18-92.1.17.el5.ia64.rpm
kernel-debug-2.6.18-92.1.17.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-92.1.17.el5.ia64.rpm
kernel-debug-devel-2.6.18-92.1.17.el5.ia64.rpm
kernel-debuginfo-2.6.18-92.1.17.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-92.1.17.el5.ia64.rpm
kernel-devel-2.6.18-92.1.17.el5.ia64.rpm
kernel-headers-2.6.18-92.1.17.el5.ia64.rpm
kernel-xen-2.6.18-92.1.17.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-92.1.17.el5.ia64.rpm
kernel-xen-devel-2.6.18-92.1.17.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-92.1.17.el5.noarch.rpm

ppc:
kernel-2.6.18-92.1.17.el5.ppc64.rpm
kernel-debug-2.6.18-92.1.17.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-92.1.17.el5.ppc64.rpm
kernel-debug-devel-2.6.18-92.1.17.el5.ppc64.rpm
kernel-debuginfo-2.6.18-92.1.17.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-92.1.17.el5.ppc64.rpm
kernel-devel-2.6.18-92.1.17.el5.ppc64.rpm
kernel-headers-2.6.18-92.1.17.el5.ppc.rpm
kernel-headers-2.6.18-92.1.17.el5.ppc64.rpm
kernel-kdump-2.6.18-92.1.17.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-92.1.17.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-92.1.17.el5.ppc64.rpm

s390x:
kernel-2.6.18-92.1.17.el5.s390x.rpm
kernel-debug-2.6.18-92.1.17.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-92.1.17.el5.s390x.rpm
kernel-debug-devel-2.6.18-92.1.17.el5.s390x.rpm
kernel-debuginfo-2.6.18-92.1.17.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-92.1.17.el5.s390x.rpm
kernel-devel-2.6.18-92.1.17.el5.s390x.rpm
kernel-headers-2.6.18-92.1.17.el5.s390x.rpm
kernel-kdump-2.6.18-92.1.17.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-92.1.17.el5.s390x.rpm
kernel-kdump-devel-2.6.18-92.1.17.el5.s390x.rpm

x86_64:
kernel-2.6.18-92.1.17.el5.x86_64.rpm
kernel-debug-2.6.18-92.1.17.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-92.1.17.el5.x86_64.rpm
kernel-debug-devel-2.6.18-92.1.17.el5.x86_64.rpm
kernel-debuginfo-2.6.18-92.1.17.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-92.1.17.el5.x86_64.rpm
kernel-devel-2.6.18-92.1.17.el5.x86_64.rpm
kernel-headers-2.6.18-92.1.17.el5.x86_64.rpm
kernel-xen-2.6.18-92.1.17.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-92.1.17.el5.x86_64.rpm
kernel-xen-devel-2.6.18-92.1.17.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4302
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFJEE9kXlSAg2UNWIIRAtXuAJ9r0hH8Bfb/o53FNKpG4whntJ9RpQCeNM/f
Ji64btu0eUfOmPlR5p0kq78=
=x7xq
-----END PGP SIGNATURE-----

--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

11-19-2008, 02:03 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2008:0972-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0972.html
Issue date: 2008-11-19
CVE Names: CVE-2008-3272 CVE-2007-6716 CVE-2007-5093
CVE-2008-1514 CVE-2008-3528 CVE-2008-4210
================================================== ===================

1. Summary:

Updated kernel packages that resolve several security issues and fix
various bugs are now available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* a flaw was found in the Linux kernel's Direct-IO implementation. This
could have allowed a local unprivileged user to cause a denial of service.
(CVE-2007-6716, Important)

* when running ptrace in 31-bit mode on an IBM S/390 or IBM System z
kernel, a local unprivileged user could cause a denial of service by
reading from or writing into a padding area in the user_regs_struct32
structure. (CVE-2008-1514, Important)

* the do_truncate() and generic_file_splice_write() functions did not clear
the setuid and setgid bits. This could have allowed a local unprivileged
user to obtain access to privileged information. (CVE-2008-4210, Important)

* Tobias Klein reported a missing check in the Linux kernel's Open Sound
System (OSS) implementation. This deficiency could have led to an
information leak. (CVE-2008-3272, Moderate)

* a potential denial of service attack was discovered in the Linux kernel's
PWC USB video driver. A local unprivileged user could have used this flaw
to bring the kernel USB subsystem into the busy-waiting state.
(CVE-2007-5093, Low)

* the ext2 and ext3 file systems code failed to properly handle corrupted
data structures, leading to a possible local denial of service issue when
read or write operations were performed. (CVE-2008-3528, Low)

In addition, these updated packages fix the following bugs:

* when using the CIFS "forcedirectio" option, appending to an open file on
a CIFS share resulted in that file being overwritten with the data to be
appended.

* a kernel panic occurred when a device with PCI ID 8086:10c8 was present
on a system with a loaded ixgbe driver.

* due to an aacraid driver regression, the kernel failed to boot when trying
to load the aacraid driver and printed the following error message:
"aac_srb: aac_fib_send failed with status: 8195".

* due to an mpt driver regression, when RAID 1 was configured on Primergy
systems with an LSI SCSI IME 53C1020/1030 controller, the kernel panicked
during boot.

* the mpt driver produced a large number of extraneous debugging messages
when performing a "Host reset" operation.

* due to a regression in the sym driver, the kernel panicked when a SCSI
hot swap was performed using MCP18 hardware.

* all cores on a multi-core system now scale their frequencies in
accordance with the policy set by the system's CPU frequency governor.

* the netdump subsystem suffered from several stability issues. These are
addressed in this updated kernel.

* under certain conditions, the ext3 file system reported a negative count
of used blocks.

* reading /proc/self/mem incorrectly returned "Invalid argument" instead of
"input/output error" due to a regression.

* under certain conditions, the kernel panicked when a USB device was
removed while the system was busy accessing the device.

* a race condition in the kernel could have led to a kernel crash during
the creation of a new process.

All Red Hat Enterprise Linux 4 Users should upgrade to these updated
packages, which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

306591 - CVE-2007-5093 kernel PWC driver DoS
438147 - CVE-2008-1514 kernel: ptrace: Padding area write - unprivileged kernel crash
455770 - RHEL 4.6: scsi hot swap broken (sym / Nokia MCP18)
457995 - CVE-2008-3272 kernel snd_seq_oss_synth_make_info leak
459577 - CVE-2008-3528 Linux kernel ext[234] directory corruption denial of service
461082 - CVE-2007-6716 kernel: dio: zero struct dio with kzalloc instead of manually
463661 - CVE-2008-4210 kernel: open() call allows setgid bit when user is not in new file's group
464494 - CIFS option forcedirectio fails to allow the appending of text to files.
464496 - Negative used blocks reported with ext3 on RHEL4
464747 - regression, rhel4.7+, on the try to read /proc/self/mem getting improper return value
465232 - [4.7] When the USB device is removed while the system is accessing the USB device, the panic is done.
465265 - mpt 3.12.19.00rh on RHEL4.7 causes panic if a RAID 1 is configured.
465735 - RHEL 4.7 ixgbe driver has a recursive stack corruption problem.
466113 - netdump fails when bnx2 has remote copper PHY - Badness in local_bh_enable at kernel/softirq.c:141
466214 - kernel BUG at kernel/signal.c:369! (attempt to free tsk->signal twice)
466217 - [REG][4.7]Outputting large amount of log message when issuing host reset to adapter.
468151 - aac_fib_send failed with status 8195
469647 - add multi-core support to cpufreq driver

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-78.0.8.EL.src.rpm

i386:
kernel-2.6.9-78.0.8.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.i686.rpm
kernel-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.i686.rpm

ia64:
kernel-2.6.9-78.0.8.EL.ia64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.ia64.rpm
kernel-devel-2.6.9-78.0.8.EL.ia64.rpm
kernel-largesmp-2.6.9-78.0.8.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-78.0.8.EL.noarch.rpm

ppc:
kernel-2.6.9-78.0.8.EL.ppc64.rpm
kernel-2.6.9-78.0.8.EL.ppc64iseries.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.ppc64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.ppc64iseries.rpm
kernel-devel-2.6.9-78.0.8.EL.ppc64.rpm
kernel-devel-2.6.9-78.0.8.EL.ppc64iseries.rpm
kernel-largesmp-2.6.9-78.0.8.EL.ppc64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.ppc64.rpm

s390:
kernel-2.6.9-78.0.8.EL.s390.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.s390.rpm
kernel-devel-2.6.9-78.0.8.EL.s390.rpm

s390x:
kernel-2.6.9-78.0.8.EL.s390x.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.s390x.rpm
kernel-devel-2.6.9-78.0.8.EL.s390x.rpm

x86_64:
kernel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-78.0.8.EL.src.rpm

i386:
kernel-2.6.9-78.0.8.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.i686.rpm
kernel-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.i686.rpm

noarch:
kernel-doc-2.6.9-78.0.8.EL.noarch.rpm

x86_64:
kernel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-78.0.8.EL.src.rpm

i386:
kernel-2.6.9-78.0.8.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.i686.rpm
kernel-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.i686.rpm

ia64:
kernel-2.6.9-78.0.8.EL.ia64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.ia64.rpm
kernel-devel-2.6.9-78.0.8.EL.ia64.rpm
kernel-largesmp-2.6.9-78.0.8.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-78.0.8.EL.noarch.rpm

x86_64:
kernel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-78.0.8.EL.src.rpm

i386:
kernel-2.6.9-78.0.8.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.i686.rpm
kernel-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.i686.rpm

ia64:
kernel-2.6.9-78.0.8.EL.ia64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.ia64.rpm
kernel-devel-2.6.9-78.0.8.EL.ia64.rpm
kernel-largesmp-2.6.9-78.0.8.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-78.0.8.EL.noarch.rpm

x86_64:
kernel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1514
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4210
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFJJBxUXlSAg2UNWIIRAnxGAJ9JUO/VmbhWd28xy61Q0b0KQMuguwCgsZ4A
iKqjVwzHqrz7EJNLWSiDIOg=
=lz+0
-----END PGP SIGNATURE-----

--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list