FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Enterprise Watch List

 
 
LinkBack Thread Tools
 
Old 08-26-2008, 08:23 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2008:0585-01
Product: Red Hat Enterprise MRG for RHEL-5
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0585.html
Issue date: 2008-08-26
CVE Names: CVE-2007-5966 CVE-2007-6282 CVE-2007-6712
CVE-2008-1615 CVE-2008-2136 CVE-2008-2148
CVE-2008-2372 CVE-2008-2729 CVE-2008-2826
================================================== ===================

1. Summary:

Updated kernel packages that fix several security issues and several bugs
are now available for Red Hat Enterprise MRG 1.0.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

MRG Realtime for RHEL 5 Server - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

These updated packages fix the following security issues:

* the possibility of a timeout value overflow was found in the Linux kernel
high-resolution timers functionality, hrtimer. This could allow a local
unprivileged user to execute arbitrary code, or cause a denial of service
(kernel panic). (CVE-2007-5966, Important)

* the possibility of a kernel crash was found in the Linux kernel IPsec
protocol implementation, due to improper handling of fragmented ESP
packets. When an attacker controlling an intermediate router fragmented
these packets into very small pieces, it would cause a kernel crash on the
receiving node during packet reassembly. (CVE-2007-6282, Important)

* on 64-bit architectures, the possibility of a timer-expiration value
overflow was found in the Linux kernel high-resolution timers
functionality, hrtimer. This could allow a local unprivileged user to set
up a large interval value, forcing the timer expiry value to become
negative, causing a denial of service (kernel hang).
(CVE-2007-6712, Important)

* on AMD64 architectures, the possibility of a kernel crash was discovered
by testing the Linux kernel process-trace ability. This could allow a local
unprivileged user to cause a denial of service (kernel crash).
(CVE-2008-1615, Important)

* a possible kernel memory leak was found in the Linux kernel Simple
Internet Transition (SIT) INET6 implementation. This could allow a local
unprivileged user to cause a denial of service. (CVE-2008-2136, Important)

* a flaw was found in the Linux kernel utimensat system call. File
permissions were not checked when UTIME_NOW and UTIME_OMIT combinations
were used. This could allow a local unprivileged user to modify file times
of arbitrary files, possibly leading to a denial of service.
(CVE-2008-2148, Important)

* a security flaw was found in the Linux kernel memory copy routines, when
running on certain AMD64 architectures. If an unsuccessful attempt to copy
kernel memory from source to destination memory locations occurred, the
copy routines did not zero the content at the destination memory location.
This could allow a local unprivileged user to view potentially sensitive
data. (CVE-2008-2729, Important)

* Gabriel Campana discovered a possible integer overflow flaw in the Linux
kernel Stream Control Transmission Protocol (SCTP) implementation. This
deficiency could lead to privilege escalation. (CVE-2008-2826, Important)

* a deficiency was found in the Linux kernel virtual memory implementation.
This could allow a local unprivileged user to make a large number of calls
to the get_user_pages function, possibly causing a denial of service.
(CVE-2008-2372, Low)

Also, these updated packages fix the following bugs:

* gdb set orig_rax to 0x00000000ffffffff, which is recognized by the
upstream kernel as "-1", but not by the Red Hat Enterprise MRG kernel.

* if the POSIX timer was programmed to fire immediately, the timer's
signal was sometimes not delivered (timer does not fire).

* rwlock caused crashes and application hangs.

* running oprofile caused system panics.

* threads releasing a mutex may have received an EPERM error.

* booting the RT kernel with the "nmi_watchdog=2" kernel option caused a
kernel panic, and an "Unable to handle kernel paging request" error.

* "echo 0 > /sys/devices/system/cpu/cpu1/online" caused crashes.

* a crash on a JTC machine.

* added a new "FUTEX_WAIT_BITSET" system call, identical to FUTEX_WAIT,
that accepts absolute time as a timeout.

Red Hat Enterprise MRG 1.0 users are advised to upgrade to these updated
packages, which contain backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

404291 - CVE-2007-6282 IPSec ESP kernel panics
429290 - provide a futex syscall command similiar to FUTEX_WAIT with takes absolute timeout
431430 - CVE-2008-1615 kernel: ptrace: Unprivileged crash on x86_64 %cs corruption
439999 - CVE-2007-6712 kernel: infinite loop in highres timers (kernel hang)
446031 - CVE-2008-2136 kernel: sit memory leak
446060 - kernel: sched_fair.c simplify sched_slice()
446397 - java testcase hangs on 2.6.24.7-52ibmrt2.3 kernel
446777 - pthread_mutex_unlock returns EPERM due to earlier EFAULT from futex lock
449676 - Turning a CPU offline causes panic
451271 - CVE-2008-2729 kernel: [x86_64] The string instruction version didn't zero the output on exception.
452478 - CVE-2008-2826 kernel: sctp: sctp_getsockopt_local_addrs_old() potential overflow
452666 - CVE-2008-2372 kernel: Reinstate ZERO_PAGE optimization in 'get_user_pages()' and fix XIP
452692 - crash with 2.6.24.7-65.el5rt
452693 - POSIX timer set to fire immediately does not fire
452974 - [24][FOCUS] plist_add/del crash with 2.6.24.7-65ibmrt2.4 kernel
453135 - CVE-2007-5966 Non-root can trigger cpu_idle soft lockup (tickless kernel only)
453677 - nmi_watchdog=2 crashes the RT kernel on boot up
454913 - [Realtime][Kernel] LTP test failure in sched_rr_get_interval02 testcase
455275 - CVE-2008-2148 kernel: fix permission checking in sys_utimensat
455747 - Oops when running oprofile

6. Package List:

MRG Realtime for RHEL 5 Server:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG-RHEL5/SRPMS/kernel-rt-2.6.24.7-74.el5rt.src.rpm

i386:
kernel-rt-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-debug-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-debug-debuginfo-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-debug-devel-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-debuginfo-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-debuginfo-common-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-devel-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-trace-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-trace-debuginfo-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-trace-devel-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-vanilla-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-74.el5rt.i686.rpm
kernel-rt-vanilla-devel-2.6.24.7-74.el5rt.i686.rpm

noarch:
kernel-rt-doc-2.6.24.7-74.el5rt.noarch.rpm

x86_64:
kernel-rt-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-debug-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-debug-debuginfo-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-debug-devel-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-debuginfo-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-debuginfo-common-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-devel-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-trace-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-trace-debuginfo-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-trace-devel-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-vanilla-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-74.el5rt.x86_64.rpm
kernel-rt-vanilla-devel-2.6.24.7-74.el5rt.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6282
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6712
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2826
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD4DBQFItGZbXlSAg2UNWIIRAtItAJ9AAQwwAD6x2JcydWHuRx/mUj7rzQCYjy+w
gLRpblvLnYaY3nTIDePYRQ==
=arLE
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 09-24-2008, 07:02 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2008:0885-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0885.html
Issue date: 2008-09-24
CVE Names: CVE-2008-2931 CVE-2008-3275 CVE-2007-6417
CVE-2007-6716 CVE-2008-3272
================================================== ===================

1. Summary:

Updated kernel packages that fix various security issues and several bugs
are now available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security fixes:

* a missing capability check was found in the Linux kernel do_change_type
routine. This could allow a local unprivileged user to gain privileged
access or cause a denial of service. (CVE-2008-2931, Important)

* a flaw was found in the Linux kernel Direct-IO implementation. This could
allow a local unprivileged user to cause a denial of service.
(CVE-2007-6716, Important)

* Tobias Klein reported a missing check in the Linux kernel Open Sound
System (OSS) implementation. This deficiency could lead to a possible
information leak. (CVE-2008-3272, Moderate)

* a deficiency was found in the Linux kernel virtual filesystem (VFS)
implementation. This could allow a local unprivileged user to attempt file
creation within deleted directories, possibly causing a denial of service.
(CVE-2008-3275, Moderate)

* a flaw was found in the Linux kernel tmpfs implementation. This could
allow a local unprivileged user to read sensitive information from the
kernel. (CVE-2007-6417, Moderate)

Bug fixes:

* when copying a small IPoIB packet from the original skb it was received
in to a new, smaller skb, all fields in the new skb were not initialized.
This may have caused a kernel oops.

* previously, data may have been written beyond the end of an array,
causing memory corruption on certain systems, resulting in hypervisor
crashes during context switching.

* a kernel crash may have occurred on heavily-used Samba servers after 24
to 48 hours of use.

* under heavy memory pressure, pages may have been swapped out from under
the SGI Altix XPMEM driver, causing silent data corruption in the kernel.

* the ixgbe driver is untested, but support was advertised for the Intel
82598 network card. If this card was present when the ixgbe driver was
loaded, a NULL pointer dereference and a panic occurred.

* on certain systems, if multiple InfiniBand queue pairs simultaneously
fell into an error state, an overrun may have occurred, stopping traffic.

* with bridging, when forward delay was set to zero, setting an interface
to the forwarding state was delayed by one or possibly two timers,
depending on whether STP was enabled. This may have caused long delays in
moving an interface to the forwarding state. This issue caused packet loss
when migrating virtual machines, preventing them from being migrated
without interrupting applications.

* on certain multinode systems, IPMI device nodes were created in reverse
order of where they physically resided.

* process hangs may have occurred while accessing application data files
via asynchronous direct I/O system calls.

* on systems with heavy lock traffic, a possible deadlock may have caused
anything requiring locks over NFS to stop, or be very slow. Errors such as
"lockd: server [IP] not responding, timed out" were logged on client
systems.

* unexpected removals of USB devices may have caused a NULL pointer
dereference in kobject_get_path.

* on Itanium-based systems, repeatedly creating and destroying Windows
guests may have caused Dom0 to crash, due to the "XENMEM_add_to_physmap"
hypercall, used by para-virtualized drivers on HVM, being SMP-unsafe.

* when using an MD software RAID, crashes may have occurred when devices
were removed or changed while being iterated through. Correct locking is
now used.

* break requests had no effect when using "Serial Over Lan" with the Intel
82571 network card. This issue may have caused log in problems.

* on Itanium-based systems, module_free() referred the first parameter
before checking it was valid. This may have caused a kernel panic when
exiting SystemTap.

Red Hat Enterprise Linux 5 users are advised to upgrade to these updated
packages, which contain backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

426081 - CVE-2007-6417 tmpfs: restore missing clear_highpage (kernels from 2.6.11 up)
447913 - LTC43854-trap 700 Program check on uli05, pc: c000000000323910: .skb_under_panic+0x50/0x68 [rhel-5.2.z]
454388 - CVE-2008-2931 kernel: missing check before setting mount propagation
455768 - Guest OS install causes host machine to crash
456235 - [RHEL5] Kernel panic triggered by smbd
456946 - Silent memory corruption with xpmem
457484 - ixgbe panics system when installing RHEL 5.2 with 82598AT (copper 10 gig) adapter
457858 - CVE-2008-3275 Linux kernel local filesystem DoS
457995 - CVE-2008-3272 kernel snd_seq_oss_synth_make_info leak
458779 - LTC44570-Event Queue overflow on eHCA adapters
458783 - lost packets when live migrating
459071 - LTC41679-IPMI device nodes created in reverse order on multinode systems
459082 - process hangs in async direct IO / possible race between dio_bio_end_aio() and dio_await_one() ?
459083 - deadlock when lockd tries to take f_sema that it already has
459776 - [Stratus 5.2.z bug] kernel NULL pointer dereference in kobject_get_path
459780 - [IA64] Fix SMP-unsafe with XENMEM_add_to_physmap on HVM
460128 - [NEC/Stratus 5.2.z bug] various crashes in md - rdev removed in the middle of ITERATE_RDEV
460509 - SysRq handling issue in serial driver
460639 - kprobes remove causing kernel panic on ia64 with 2.6.18-92.1.10.el5 kernel
461082 - CVE-2007-6716 kernel: dio: zero struct dio with kzalloc instead of manually

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-92.1.13.el5.src.rpm

i386:
kernel-2.6.18-92.1.13.el5.i686.rpm
kernel-PAE-2.6.18-92.1.13.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-92.1.13.el5.i686.rpm
kernel-PAE-devel-2.6.18-92.1.13.el5.i686.rpm
kernel-debug-2.6.18-92.1.13.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-92.1.13.el5.i686.rpm
kernel-debug-devel-2.6.18-92.1.13.el5.i686.rpm
kernel-debuginfo-2.6.18-92.1.13.el5.i686.rpm
kernel-debuginfo-common-2.6.18-92.1.13.el5.i686.rpm
kernel-devel-2.6.18-92.1.13.el5.i686.rpm
kernel-headers-2.6.18-92.1.13.el5.i386.rpm
kernel-xen-2.6.18-92.1.13.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-92.1.13.el5.i686.rpm
kernel-xen-devel-2.6.18-92.1.13.el5.i686.rpm

noarch:
kernel-doc-2.6.18-92.1.13.el5.noarch.rpm

x86_64:
kernel-2.6.18-92.1.13.el5.x86_64.rpm
kernel-debug-2.6.18-92.1.13.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-92.1.13.el5.x86_64.rpm
kernel-debug-devel-2.6.18-92.1.13.el5.x86_64.rpm
kernel-debuginfo-2.6.18-92.1.13.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-92.1.13.el5.x86_64.rpm
kernel-devel-2.6.18-92.1.13.el5.x86_64.rpm
kernel-headers-2.6.18-92.1.13.el5.x86_64.rpm
kernel-xen-2.6.18-92.1.13.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-92.1.13.el5.x86_64.rpm
kernel-xen-devel-2.6.18-92.1.13.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-92.1.13.el5.src.rpm

i386:
kernel-2.6.18-92.1.13.el5.i686.rpm
kernel-PAE-2.6.18-92.1.13.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-92.1.13.el5.i686.rpm
kernel-PAE-devel-2.6.18-92.1.13.el5.i686.rpm
kernel-debug-2.6.18-92.1.13.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-92.1.13.el5.i686.rpm
kernel-debug-devel-2.6.18-92.1.13.el5.i686.rpm
kernel-debuginfo-2.6.18-92.1.13.el5.i686.rpm
kernel-debuginfo-common-2.6.18-92.1.13.el5.i686.rpm
kernel-devel-2.6.18-92.1.13.el5.i686.rpm
kernel-headers-2.6.18-92.1.13.el5.i386.rpm
kernel-xen-2.6.18-92.1.13.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-92.1.13.el5.i686.rpm
kernel-xen-devel-2.6.18-92.1.13.el5.i686.rpm

ia64:
kernel-2.6.18-92.1.13.el5.ia64.rpm
kernel-debug-2.6.18-92.1.13.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-92.1.13.el5.ia64.rpm
kernel-debug-devel-2.6.18-92.1.13.el5.ia64.rpm
kernel-debuginfo-2.6.18-92.1.13.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-92.1.13.el5.ia64.rpm
kernel-devel-2.6.18-92.1.13.el5.ia64.rpm
kernel-headers-2.6.18-92.1.13.el5.ia64.rpm
kernel-xen-2.6.18-92.1.13.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-92.1.13.el5.ia64.rpm
kernel-xen-devel-2.6.18-92.1.13.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-92.1.13.el5.noarch.rpm

ppc:
kernel-2.6.18-92.1.13.el5.ppc64.rpm
kernel-debug-2.6.18-92.1.13.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-92.1.13.el5.ppc64.rpm
kernel-debug-devel-2.6.18-92.1.13.el5.ppc64.rpm
kernel-debuginfo-2.6.18-92.1.13.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-92.1.13.el5.ppc64.rpm
kernel-devel-2.6.18-92.1.13.el5.ppc64.rpm
kernel-headers-2.6.18-92.1.13.el5.ppc.rpm
kernel-headers-2.6.18-92.1.13.el5.ppc64.rpm
kernel-kdump-2.6.18-92.1.13.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-92.1.13.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-92.1.13.el5.ppc64.rpm

s390x:
kernel-2.6.18-92.1.13.el5.s390x.rpm
kernel-debug-2.6.18-92.1.13.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-92.1.13.el5.s390x.rpm
kernel-debug-devel-2.6.18-92.1.13.el5.s390x.rpm
kernel-debuginfo-2.6.18-92.1.13.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-92.1.13.el5.s390x.rpm
kernel-devel-2.6.18-92.1.13.el5.s390x.rpm
kernel-headers-2.6.18-92.1.13.el5.s390x.rpm
kernel-kdump-2.6.18-92.1.13.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-92.1.13.el5.s390x.rpm
kernel-kdump-devel-2.6.18-92.1.13.el5.s390x.rpm

x86_64:
kernel-2.6.18-92.1.13.el5.x86_64.rpm
kernel-debug-2.6.18-92.1.13.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-92.1.13.el5.x86_64.rpm
kernel-debug-devel-2.6.18-92.1.13.el5.x86_64.rpm
kernel-debuginfo-2.6.18-92.1.13.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-92.1.13.el5.x86_64.rpm
kernel-devel-2.6.18-92.1.13.el5.x86_64.rpm
kernel-headers-2.6.18-92.1.13.el5.x86_64.rpm
kernel-xen-2.6.18-92.1.13.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-92.1.13.el5.x86_64.rpm
kernel-xen-devel-2.6.18-92.1.13.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2931
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3272
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFI2o7AXlSAg2UNWIIRAkEKAJ0cNMNouqFi5c+Ev+4eUT XjKsDxBwCgqj9w
2bTT9J514h503tzyCXsAqbk=
=LGJv
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 10-07-2008, 07:47 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2008:0857-02
Product: Red Hat Enterprise MRG for RHEL-5
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0857.html
Issue date: 2008-10-07
CVE Names: CVE-2008-3534 CVE-2008-3535 CVE-2008-3275
CVE-2008-3276 CVE-2008-3915 CVE-2008-3792
CVE-2008-3526 CVE-2008-3272
CVE-2008-4113 CVE-2008-4445
================================================== ===================

1. Summary:

Updated kernel packages that fix several security issues and several bugs
are now available for Red Hat Enterprise MRG 1.0.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

MRG Realtime for RHEL 5 Server - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

A possible integer overflow was found in the Linux kernel Stream Control
Transmission Protocol (SCTP) implementation. This could allow an attacker
to cause a denial of service. (CVE-2008-3526, Important)

A deficiency was found in the Linux kernel Stream Control Transmission
Protocol (SCTP) Authentication Extension implementation. All the SCTP-AUTH
socket options could cause a kernel panic if the API was used when the
extension is disabled. (CVE-2008-3792, Important)

Missing boundary checks were reported in the Linux kernel SCTP
implementation. This could, potentially, cause information disclosure via a
specially crafted SCTP_HMAC_IDENT IOCTL request. (CVE-2008-4113,
CVE-2008-4445, Important)

Tobias Klein reported a missing check in the Linux kernel's Open Sound
System (OSS) implementation. This deficiency could lead to a possible
information leak. (CVE-2008-3272, Moderate)

A deficiency was found in the Linux kernel virtual filesystem (VFS)
implementation. This could allow a local unprivileged user to make a series
of file creations within deleted directories, possibly causing a denial of
service. (CVE-2008-3275, Moderate)

A flaw was found in the Linux kernel Network File System daemon (nfsd) when
NFSv4 was enabled. Remote attackers could use this to cause a denial of
service via a buffer overflow. (CVE-2008-3915, Moderate)

A possible integer overflow was discovered in the Linux kernel Datagram
Congestion Control Protocol (DCCP) implementation. This could allow a
remote attacker to cause a denial of service on a victim's machine.
(CVE-2008-3276, Low)

A deficiency was found in the Linux kernel tmpfs implementation. This could
allow a local unprivileged user to make a certain sequence of file
operations, possibly causing a denial of service. (CVE-2008-3534, Low)

An off-by-one error was found in the iov_iter_advance function. This could
allow a local unprivileged user to cause a denial of service as
demonstrated by a testcase from the Linux Test Project. (CVE-2008-3535,
Low)

These updated packages also fix the following bugs:

* fixed a warning in the openib code.

* increased MAX_STACK_TRACE_ENTRIES on the debug kernel variant.

* enqueue deprioritized RT tasks to head of prio array.

* use timer_pending() to test ipv6 FIB timers.

* added a lower-bound check for the length field in PPPOE headers.

* pppoe: unshare skb to avoid possible data loss.

* using growisofs could cause oops due to the lack of proper sanity checks.

* random seed improvement.

* enabled the "Panic on Oops" feature.

* fixed a portability issue in parse_pmtmr() due to variable type.

* fixed sanity check in cifs/asn1.c.

* fixed a bug introduced by a previous fix, related to the inode code.

* added better sanity checks to dlm code.

* dynamic ftrace enhancements. The daemon is no longer used.

* fixed a format string bug in cpufreq.

* avoid a potential kernel stack overflow in binfmt_misc.c

* fixed the long boot-up time when CONFIG_PROVE_LOCKING is enabled.

* use a better random seed for NAT port randomization.

* a compat_semaphore was being handled as a regular semaphore due to
casting (qla2xxx driver).

All users of Red Hat Enterprise MRG should upgrade to these new packages,
which address these vulnerabilities and fix these bugs.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

447942 - openib broken in 2.6.24.7-55.el5rt
448574 - [MRG] Hit BUG: MAX_STACK_TRACE_ENTRIES too low! when booting kernel-rt-debug-2.6.24.4-32ibmrt2.2
454270 - SCHED_FIFO spec violation
457012 - ipv6: use timer pending to fix bridge reference count problem [mrg-1]
457014 - pppoe: Check packet length on all receive paths [mrg-1]
457019 - pppoe: Unshare skb before anything else [mrg-1]
457027 - ide-cd: fix oops when using growisofs [mrg-1]
457507 - CVE-2008-3534 kernel: tmpfs: fix kernel BUG in shmem_delete_inode
457703 - CVE-2008-3535 kernel: fix off-by-one error in iov_iter_advance()
457858 - CVE-2008-3275 Linux kernel local filesystem DoS
457995 - CVE-2008-3272 kernel snd_seq_oss_synth_make_info leak
458016 - kernel: random32: seeding improvement [mrg-1]
458104 - kernel should panic on oops
458340 - parse_pmtmr() receives a (possible) ulong then stores that in a u32 [mrg-1]
458350 - fs/cifs/asn1.c:403: warning: comparison is always false due to limited range of data type
458487 - [Realtime][Kernel] kernel BUG at fs/inode.c:262!
458755 - kernel: dlm: fix possible use-after-free [mrg-1]
458756 - kernel: dlm: check for null in device_write [mrg-1]
458758 - kernel: dlm: dlm/user.c input validation fixes [mrg-1]
459141 - Add ftrace boot time nop replacement
459226 - CVE-2008-3276 Linux kernel dccp_setsockopt_change() integer overflow
459459 - kernel: cpufreq: fix format string bug [mrg-1]
459462 - kernel: binfmt_misc.c: avoid potential kernel stack overflow [mrg-1]
459478 - [FOCUS] Long boot time and strange Hardware Clock message
459942 - kernel: nf_nat: use secure_ipv4_port_ephemeral() for NAT port randomization [mrg-1]
459955 - CVE-2008-3792 kernel: sctp: fix potential panics in the SCTP-AUTH API
460093 - CVE-2008-3526 Linux kernel sctp_setsockopt_auth_key() integer overflow
460455 - [FOCUS][24] R2:SAN:Hang triggered by filesystem testing on SAN
461101 - CVE-2008-3915 kernel: nfsd: fix buffer overrun decoding NFSv4 acl
462599 - CVE-2008-4445 kernel: sctp: fix random memory dereference with SCTP_HMAC_IDENT option
464514 - CVE-2008-4113 kernel: sctp_getsockopt_hmac_ident information disclosure

6. Package List:

MRG Realtime for RHEL 5 Server:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/kernel-rt-2.6.24.7-81.el5rt.src.rpm

i386:
kernel-rt-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-debug-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-debug-debuginfo-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-debug-devel-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-debuginfo-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-debuginfo-common-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-devel-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-trace-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-trace-debuginfo-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-trace-devel-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-vanilla-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-81.el5rt.i686.rpm
kernel-rt-vanilla-devel-2.6.24.7-81.el5rt.i686.rpm

noarch:
kernel-rt-doc-2.6.24.7-81.el5rt.noarch.rpm

x86_64:
kernel-rt-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-debug-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-debug-debuginfo-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-debug-devel-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-debuginfo-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-debuginfo-common-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-devel-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-trace-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-trace-debuginfo-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-trace-devel-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-vanilla-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-81.el5rt.x86_64.rpm
kernel-rt-vanilla-devel-2.6.24.7-81.el5rt.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3535
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3915
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4445
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFI67zsXlSAg2UNWIIRArwgAJ4lCPgncis6Iz9lo618mE GPrEXfrwCeLHjQ
HzHjqfCtibtl4Wj+JCKdJ7g=
=T4zi
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 11-04-2008, 12:35 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2008:0957-02
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0957.html
Issue date: 2008-11-04
CVE Names: CVE-2006-5755 CVE-2007-5907 CVE-2008-2372
CVE-2008-3276 CVE-2008-3527 CVE-2008-3833
CVE-2008-4210 CVE-2008-4302
================================================== ===================

1. Summary:

Updated kernel packages that resolve several security issues and fix
various bugs are now available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* the Xen implementation did not prevent applications running in a
para-virtualized guest from modifying CR4 TSC. This could cause a local
denial of service. (CVE-2007-5907, Important)

* Tavis Ormandy reported missing boundary checks in the Virtual Dynamic
Shared Objects (vDSO) implementation. This could allow a local unprivileged
user to cause a denial of service or escalate privileges. (CVE-2008-3527,
Important)

* the do_truncate() and generic_file_splice_write() functions did not clear
the setuid and setgid bits. This could allow a local unprivileged user to
obtain access to privileged information. (CVE-2008-4210, CVE-2008-3833,
Important)

* a flaw was found in the Linux kernel splice implementation. This could
cause a local denial of service when there is a certain failure in the
add_to_page_cache_lru() function. (CVE-2008-4302, Important)

* a flaw was found in the Linux kernel when running on AMD64 systems.
During a context switch, EFLAGS were being neither saved nor restored. This
could allow a local unprivileged user to cause a denial of service.
(CVE-2006-5755, Low)

* a flaw was found in the Linux kernel virtual memory implementation. This
could allow a local unprivileged user to cause a denial of service.
(CVE-2008-2372, Low)

* an integer overflow was discovered in the Linux kernel Datagram
Congestion Control Protocol (DCCP) implementation. This could allow a
remote attacker to cause a denial of service. By default, remote DCCP is
blocked by SELinux. (CVE-2008-3276, Low)

In addition, these updated packages fix the following bugs:

* random32() seeding has been improved.

* in a multi-core environment, a race between the QP async event-handler
and the destro_qp() function could occur. This led to unpredictable results
during invalid memory access, which could lead to a kernel crash.

* a format string was omitted in the call to the request_module() function.

* a stack overflow caused by an infinite recursion bug in the binfmt_misc
kernel module was corrected.

* the ata_scsi_rbuf_get() and ata_scsi_rbuf_put() functions now check for
scatterlist usage before calling kmap_atomic().

* a sentinel NUL byte was added to the device_write() function to ensure
that lspace.name is NUL-terminated.

* in the character device driver, a range_is_allowed() check was added to
the read_mem() and write_mem() functions. It was possible for an
illegitimate application to bypass these checks, and access /dev/mem beyond
the 1M limit by calling mmap_mem() instead. Also, the parameters of
range_is_allowed() were changed to cleanly handle greater than 32-bits of
physical address on 32-bit architectures.

* some of the newer Nehalem-based systems declare their CPU DSDT entries as
type "Alias". During boot, this caused an "Error attaching device data"
message to be logged.

* the evtchn event channel device lacked locks and memory barriers. This
has led to xenstore becoming unresponsive on the Itanium® architecture.

* sending of gratuitous ARP packets in the Xen frontend network driver is
now delayed until the backend signals that its carrier status has been
processed by the stack.

* on forcedeth devices, whenever setting ethtool parameters for link speed,
the device could stop receiving interrupts.

* the CIFS 'forcedirectio' option did not allow text to be appended to files.

* the gettimeofday() function returned a backwards time on Intel® 64.

* residual-count corrections during UNDERRUN handling were added to the
qla2xxx driver.

* the fix for a small quirk was removed for certain Adaptec controllers for
which it caused problems.

* the "xm trigger init" command caused a domain panic if a userland
application was running on a guest on the Intel® 64 architecture.

Users of kernel should upgrade to these updated packages, which contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

377561 - CVE-2007-5907 kernel-xen 3.1.1 does not prevent modification of the CR4 TSC from applications (DoS possible)
452666 - CVE-2008-2372 kernel: Reinstate ZERO_PAGE optimization in 'get_user_pages()' and fix XIP
457718 - CVE-2006-5755 kernel: local denial of service due to NT bit leakage
458021 - kernel: random32: seeding improvement [rhel-5.2.z]
458759 - kernel: dlm: dlm/user.c input validation fixes [rhel-5.2.z]
458781 - LTC44618-Race possibility between QP async handler and destroy_qp()
459226 - CVE-2008-3276 Linux kernel dccp_setsockopt_change() integer overflow
459461 - kernel: cpufreq: fix format string bug [rhel-5.2.z]
459464 - kernel: binfmt_misc.c: avoid potential kernel stack overflow [rhel-5.2.z]
460251 - CVE-2008-3527 kernel: missing boundary checks in syscall/syscall32_nopage()
460638 - [REG][5.3] The system crashed by the NULL pointer access with kmap_atomic() of ata_scsi_rbuf_get().
460858 - kernel: devmem: add range_is_allowed() check to mmap_mem() [rhel-5.2.z]
460868 - RHEL5.2 ACPI core bug
461099 - evtchn device lacks lock and barriers
461457 - Coordinate gratuitous ARP with backend network status
461894 - nVidia MCP55 MCP55 Ethernet (rev a3) not functional on kernel 2.6.18-53.1.4
462434 - CVE-2008-4302 kernel: splice: fix bad unlock_page() in error case
462591 - CIFS option forcedirectio fails to allow the appending of text to files.
462860 - RHEL5.3: Fix time of gettimeofday() going backward (EM64T) (*)
463661 - CVE-2008-4210 kernel: open() call allows setgid bit when user is not in new file's group
464450 - CVE-2008-3833 kernel: remove SUID when splicing into an inode
465741 - [QLogic 5.2.z bug] qla2xxx - Additional residual-count corrections during UNDERRUN handling.
466427 - Significant regression in time() performance
466885 - [aacraid 5.2.z] aac_srb: aac_fib_send failed with status 8195
467105 - xm trigger &lt;domain&gt; init causes kernel panic.

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-92.1.17.el5.src.rpm

i386:
kernel-2.6.18-92.1.17.el5.i686.rpm
kernel-PAE-2.6.18-92.1.17.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-92.1.17.el5.i686.rpm
kernel-PAE-devel-2.6.18-92.1.17.el5.i686.rpm
kernel-debug-2.6.18-92.1.17.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-92.1.17.el5.i686.rpm
kernel-debug-devel-2.6.18-92.1.17.el5.i686.rpm
kernel-debuginfo-2.6.18-92.1.17.el5.i686.rpm
kernel-debuginfo-common-2.6.18-92.1.17.el5.i686.rpm
kernel-devel-2.6.18-92.1.17.el5.i686.rpm
kernel-headers-2.6.18-92.1.17.el5.i386.rpm
kernel-xen-2.6.18-92.1.17.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-92.1.17.el5.i686.rpm
kernel-xen-devel-2.6.18-92.1.17.el5.i686.rpm

noarch:
kernel-doc-2.6.18-92.1.17.el5.noarch.rpm

x86_64:
kernel-2.6.18-92.1.17.el5.x86_64.rpm
kernel-debug-2.6.18-92.1.17.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-92.1.17.el5.x86_64.rpm
kernel-debug-devel-2.6.18-92.1.17.el5.x86_64.rpm
kernel-debuginfo-2.6.18-92.1.17.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-92.1.17.el5.x86_64.rpm
kernel-devel-2.6.18-92.1.17.el5.x86_64.rpm
kernel-headers-2.6.18-92.1.17.el5.x86_64.rpm
kernel-xen-2.6.18-92.1.17.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-92.1.17.el5.x86_64.rpm
kernel-xen-devel-2.6.18-92.1.17.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-92.1.17.el5.src.rpm

i386:
kernel-2.6.18-92.1.17.el5.i686.rpm
kernel-PAE-2.6.18-92.1.17.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-92.1.17.el5.i686.rpm
kernel-PAE-devel-2.6.18-92.1.17.el5.i686.rpm
kernel-debug-2.6.18-92.1.17.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-92.1.17.el5.i686.rpm
kernel-debug-devel-2.6.18-92.1.17.el5.i686.rpm
kernel-debuginfo-2.6.18-92.1.17.el5.i686.rpm
kernel-debuginfo-common-2.6.18-92.1.17.el5.i686.rpm
kernel-devel-2.6.18-92.1.17.el5.i686.rpm
kernel-headers-2.6.18-92.1.17.el5.i386.rpm
kernel-xen-2.6.18-92.1.17.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-92.1.17.el5.i686.rpm
kernel-xen-devel-2.6.18-92.1.17.el5.i686.rpm

ia64:
kernel-2.6.18-92.1.17.el5.ia64.rpm
kernel-debug-2.6.18-92.1.17.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-92.1.17.el5.ia64.rpm
kernel-debug-devel-2.6.18-92.1.17.el5.ia64.rpm
kernel-debuginfo-2.6.18-92.1.17.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-92.1.17.el5.ia64.rpm
kernel-devel-2.6.18-92.1.17.el5.ia64.rpm
kernel-headers-2.6.18-92.1.17.el5.ia64.rpm
kernel-xen-2.6.18-92.1.17.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-92.1.17.el5.ia64.rpm
kernel-xen-devel-2.6.18-92.1.17.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-92.1.17.el5.noarch.rpm

ppc:
kernel-2.6.18-92.1.17.el5.ppc64.rpm
kernel-debug-2.6.18-92.1.17.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-92.1.17.el5.ppc64.rpm
kernel-debug-devel-2.6.18-92.1.17.el5.ppc64.rpm
kernel-debuginfo-2.6.18-92.1.17.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-92.1.17.el5.ppc64.rpm
kernel-devel-2.6.18-92.1.17.el5.ppc64.rpm
kernel-headers-2.6.18-92.1.17.el5.ppc.rpm
kernel-headers-2.6.18-92.1.17.el5.ppc64.rpm
kernel-kdump-2.6.18-92.1.17.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-92.1.17.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-92.1.17.el5.ppc64.rpm

s390x:
kernel-2.6.18-92.1.17.el5.s390x.rpm
kernel-debug-2.6.18-92.1.17.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-92.1.17.el5.s390x.rpm
kernel-debug-devel-2.6.18-92.1.17.el5.s390x.rpm
kernel-debuginfo-2.6.18-92.1.17.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-92.1.17.el5.s390x.rpm
kernel-devel-2.6.18-92.1.17.el5.s390x.rpm
kernel-headers-2.6.18-92.1.17.el5.s390x.rpm
kernel-kdump-2.6.18-92.1.17.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-92.1.17.el5.s390x.rpm
kernel-kdump-devel-2.6.18-92.1.17.el5.s390x.rpm

x86_64:
kernel-2.6.18-92.1.17.el5.x86_64.rpm
kernel-debug-2.6.18-92.1.17.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-92.1.17.el5.x86_64.rpm
kernel-debug-devel-2.6.18-92.1.17.el5.x86_64.rpm
kernel-debuginfo-2.6.18-92.1.17.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-92.1.17.el5.x86_64.rpm
kernel-devel-2.6.18-92.1.17.el5.x86_64.rpm
kernel-headers-2.6.18-92.1.17.el5.x86_64.rpm
kernel-xen-2.6.18-92.1.17.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-92.1.17.el5.x86_64.rpm
kernel-xen-devel-2.6.18-92.1.17.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4302
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFJEE9kXlSAg2UNWIIRAtXuAJ9r0hH8Bfb/o53FNKpG4whntJ9RpQCeNM/f
Ji64btu0eUfOmPlR5p0kq78=
=x7xq
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 11-19-2008, 01:03 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2008:0972-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0972.html
Issue date: 2008-11-19
CVE Names: CVE-2008-3272 CVE-2007-6716 CVE-2007-5093
CVE-2008-1514 CVE-2008-3528 CVE-2008-4210
================================================== ===================

1. Summary:

Updated kernel packages that resolve several security issues and fix
various bugs are now available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* a flaw was found in the Linux kernel's Direct-IO implementation. This
could have allowed a local unprivileged user to cause a denial of service.
(CVE-2007-6716, Important)

* when running ptrace in 31-bit mode on an IBM S/390 or IBM System z
kernel, a local unprivileged user could cause a denial of service by
reading from or writing into a padding area in the user_regs_struct32
structure. (CVE-2008-1514, Important)

* the do_truncate() and generic_file_splice_write() functions did not clear
the setuid and setgid bits. This could have allowed a local unprivileged
user to obtain access to privileged information. (CVE-2008-4210, Important)

* Tobias Klein reported a missing check in the Linux kernel's Open Sound
System (OSS) implementation. This deficiency could have led to an
information leak. (CVE-2008-3272, Moderate)

* a potential denial of service attack was discovered in the Linux kernel's
PWC USB video driver. A local unprivileged user could have used this flaw
to bring the kernel USB subsystem into the busy-waiting state.
(CVE-2007-5093, Low)

* the ext2 and ext3 file systems code failed to properly handle corrupted
data structures, leading to a possible local denial of service issue when
read or write operations were performed. (CVE-2008-3528, Low)

In addition, these updated packages fix the following bugs:

* when using the CIFS "forcedirectio" option, appending to an open file on
a CIFS share resulted in that file being overwritten with the data to be
appended.

* a kernel panic occurred when a device with PCI ID 8086:10c8 was present
on a system with a loaded ixgbe driver.

* due to an aacraid driver regression, the kernel failed to boot when trying
to load the aacraid driver and printed the following error message:
"aac_srb: aac_fib_send failed with status: 8195".

* due to an mpt driver regression, when RAID 1 was configured on Primergy
systems with an LSI SCSI IME 53C1020/1030 controller, the kernel panicked
during boot.

* the mpt driver produced a large number of extraneous debugging messages
when performing a "Host reset" operation.

* due to a regression in the sym driver, the kernel panicked when a SCSI
hot swap was performed using MCP18 hardware.

* all cores on a multi-core system now scale their frequencies in
accordance with the policy set by the system's CPU frequency governor.

* the netdump subsystem suffered from several stability issues. These are
addressed in this updated kernel.

* under certain conditions, the ext3 file system reported a negative count
of used blocks.

* reading /proc/self/mem incorrectly returned "Invalid argument" instead of
"input/output error" due to a regression.

* under certain conditions, the kernel panicked when a USB device was
removed while the system was busy accessing the device.

* a race condition in the kernel could have led to a kernel crash during
the creation of a new process.

All Red Hat Enterprise Linux 4 Users should upgrade to these updated
packages, which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

306591 - CVE-2007-5093 kernel PWC driver DoS
438147 - CVE-2008-1514 kernel: ptrace: Padding area write - unprivileged kernel crash
455770 - RHEL 4.6: scsi hot swap broken (sym / Nokia MCP18)
457995 - CVE-2008-3272 kernel snd_seq_oss_synth_make_info leak
459577 - CVE-2008-3528 Linux kernel ext[234] directory corruption denial of service
461082 - CVE-2007-6716 kernel: dio: zero struct dio with kzalloc instead of manually
463661 - CVE-2008-4210 kernel: open() call allows setgid bit when user is not in new file's group
464494 - CIFS option forcedirectio fails to allow the appending of text to files.
464496 - Negative used blocks reported with ext3 on RHEL4
464747 - regression, rhel4.7+, on the try to read /proc/self/mem getting improper return value
465232 - [4.7] When the USB device is removed while the system is accessing the USB device, the panic is done.
465265 - mpt 3.12.19.00rh on RHEL4.7 causes panic if a RAID 1 is configured.
465735 - RHEL 4.7 ixgbe driver has a recursive stack corruption problem.
466113 - netdump fails when bnx2 has remote copper PHY - Badness in local_bh_enable at kernel/softirq.c:141
466214 - kernel BUG at kernel/signal.c:369! (attempt to free tsk-&gt;signal twice)
466217 - [REG][4.7]Outputting large amount of log message when issuing host reset to adapter.
468151 - aac_fib_send failed with status 8195
469647 - add multi-core support to cpufreq driver

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-78.0.8.EL.src.rpm

i386:
kernel-2.6.9-78.0.8.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.i686.rpm
kernel-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.i686.rpm

ia64:
kernel-2.6.9-78.0.8.EL.ia64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.ia64.rpm
kernel-devel-2.6.9-78.0.8.EL.ia64.rpm
kernel-largesmp-2.6.9-78.0.8.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-78.0.8.EL.noarch.rpm

ppc:
kernel-2.6.9-78.0.8.EL.ppc64.rpm
kernel-2.6.9-78.0.8.EL.ppc64iseries.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.ppc64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.ppc64iseries.rpm
kernel-devel-2.6.9-78.0.8.EL.ppc64.rpm
kernel-devel-2.6.9-78.0.8.EL.ppc64iseries.rpm
kernel-largesmp-2.6.9-78.0.8.EL.ppc64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.ppc64.rpm

s390:
kernel-2.6.9-78.0.8.EL.s390.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.s390.rpm
kernel-devel-2.6.9-78.0.8.EL.s390.rpm

s390x:
kernel-2.6.9-78.0.8.EL.s390x.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.s390x.rpm
kernel-devel-2.6.9-78.0.8.EL.s390x.rpm

x86_64:
kernel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-78.0.8.EL.src.rpm

i386:
kernel-2.6.9-78.0.8.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.i686.rpm
kernel-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.i686.rpm

noarch:
kernel-doc-2.6.9-78.0.8.EL.noarch.rpm

x86_64:
kernel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-78.0.8.EL.src.rpm

i386:
kernel-2.6.9-78.0.8.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.i686.rpm
kernel-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.i686.rpm

ia64:
kernel-2.6.9-78.0.8.EL.ia64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.ia64.rpm
kernel-devel-2.6.9-78.0.8.EL.ia64.rpm
kernel-largesmp-2.6.9-78.0.8.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-78.0.8.EL.noarch.rpm

x86_64:
kernel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-78.0.8.EL.src.rpm

i386:
kernel-2.6.9-78.0.8.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.i686.rpm
kernel-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.8.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-2.6.9-78.0.8.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-2.6.9-78.0.8.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.i686.rpm

ia64:
kernel-2.6.9-78.0.8.EL.ia64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.ia64.rpm
kernel-devel-2.6.9-78.0.8.EL.ia64.rpm
kernel-largesmp-2.6.9-78.0.8.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-78.0.8.EL.noarch.rpm

x86_64:
kernel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.8.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.8.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.8.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.8.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1514
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4210
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFJJBxUXlSAg2UNWIIRAnxGAJ9JUO/VmbhWd28xy61Q0b0KQMuguwCgsZ4A
iKqjVwzHqrz7EJNLWSiDIOg=
=lz+0
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 12-16-2008, 07:14 AM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2008:1017-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-1017.html
Issue date: 2008-12-16
CVE Names: CVE-2008-3831 CVE-2008-4554 CVE-2008-4576
================================================== ===================

1. Summary:

Updated kernel packages that resolve several security issues and fix
various bugs are now available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* Olaf Kirch reported a flaw in the i915 kernel driver that only affects
the Intel G33 series and newer. This flaw could, potentially, lead to local
privilege escalation. (CVE-2008-3831, Important)

* Miklos Szeredi reported a missing check for files opened with O_APPEND in
the sys_splice(). This could allow a local, unprivileged user to bypass the
append-only file restrictions. (CVE-2008-4554, Important)

* a deficiency was found in the Linux kernel Stream Control Transmission
Protocol (SCTP) implementation. This could lead to a possible denial of
service if one end of a SCTP connection did not support the AUTH extension.
(CVE-2008-4576, Important)

In addition, these updated packages fix the following bugs:

* on Itanium® systems, when a multithreaded program was traced using the
command "strace -f", messages similar to the following ones were displayed,
after which the trace would stop:

PANIC: attached pid 10740 exited
PANIC: handle_group_exit: 10740 leader 10721
PANIC: attached pid 10739 exited
PANIC: handle_group_exit: 10739 leader 10721
...

In these updated packages, tracing a multithreaded program using the
"strace -f" command no longer results in these error messages, and strace
terminates normally after tracing all threads.

* on big-endian systems such as PowerPC, the getsockopt() function
incorrectly returned 0 depending on the parameters passed to it when the
time to live (TTL) value equaled 255.

* when using an NFSv4 file system, accessing the same file with two
separate processes simultaneously resulted in the NFS client process
becoming unresponsive.

* on AMD64 and Intel® 64 hypervisor-enabled systems, in cases in which a
syscall correctly returned '-1' in code compiled on Red Hat Enterprise
Linux 5, the same code, when run with the strace utility, would incorrectly
return an invalid return value. This has been fixed so that on AMD64 and
Intel® 64 hypervisor-enabled systems, syscalls in compiled code return the
same, correct values as syscalls do when run with strace.

* on the Itanium® architecture, fully-virtualized guest domains which were
created using more than 64 GB of memory caused other guest domains not to
receive interrupts, which caused a soft lockup on other guests. All guest
domains are now able to receive interrupts regardless of their allotted memory.

* when user-space used SIGIO notification, which wasn't disabled before
closing a file descriptor, and was then re-enabled in a different process,
an attempt by the kernel to dereference a stale pointer led to a kernel
crash. With this fix, such a situation no longer causes a kernel crash.

* modifications to certain pages made through a memory-mapped region could
have been lost in cases when the NFS client needed to invalidate the page
cache for that particular memory-mapped file.

* fully-virtualized Windows guests became unresponsive due to the vIOSAPIC
component being multiprocessor-unsafe. With this fix, vIOSAPIC is
multiprocessor-safe and Windows guests do not become unresponsive.

* on certain systems, keyboard controllers were not able to withstand a
continuous flow of requests to switch keyboard LEDs on or off, which
resulted in some or all key presses not being registered by the system.

* on the Itanium® architecture, setting the "vm.nr_hugepages" sysctl
parameter caused a kernel stack overflow resulting in a kernel panic, and
possibly stack corruption. With this fix, setting vm.nr_hugepages works
correctly.

* hugepages allow the Linux kernel to utilize the multiple page size
capabilities of modern hardware architectures. In certain configurations,
systems with large amounts of memory could fail to allocate most of memory
for hugepages even if it was free, which could have resulted, for example,
in database restart failures.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-92.1.22.el5.src.rpm

i386:
kernel-2.6.18-92.1.22.el5.i686.rpm
kernel-PAE-2.6.18-92.1.22.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-92.1.22.el5.i686.rpm
kernel-PAE-devel-2.6.18-92.1.22.el5.i686.rpm
kernel-debug-2.6.18-92.1.22.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-92.1.22.el5.i686.rpm
kernel-debug-devel-2.6.18-92.1.22.el5.i686.rpm
kernel-debuginfo-2.6.18-92.1.22.el5.i686.rpm
kernel-debuginfo-common-2.6.18-92.1.22.el5.i686.rpm
kernel-devel-2.6.18-92.1.22.el5.i686.rpm
kernel-headers-2.6.18-92.1.22.el5.i386.rpm
kernel-xen-2.6.18-92.1.22.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-92.1.22.el5.i686.rpm
kernel-xen-devel-2.6.18-92.1.22.el5.i686.rpm

noarch:
kernel-doc-2.6.18-92.1.22.el5.noarch.rpm

x86_64:
kernel-2.6.18-92.1.22.el5.x86_64.rpm
kernel-debug-2.6.18-92.1.22.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-92.1.22.el5.x86_64.rpm
kernel-debug-devel-2.6.18-92.1.22.el5.x86_64.rpm
kernel-debuginfo-2.6.18-92.1.22.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-92.1.22.el5.x86_64.rpm
kernel-devel-2.6.18-92.1.22.el5.x86_64.rpm
kernel-headers-2.6.18-92.1.22.el5.x86_64.rpm
kernel-xen-2.6.18-92.1.22.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-92.1.22.el5.x86_64.rpm
kernel-xen-devel-2.6.18-92.1.22.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-92.1.22.el5.src.rpm

i386:
kernel-2.6.18-92.1.22.el5.i686.rpm
kernel-PAE-2.6.18-92.1.22.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-92.1.22.el5.i686.rpm
kernel-PAE-devel-2.6.18-92.1.22.el5.i686.rpm
kernel-debug-2.6.18-92.1.22.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-92.1.22.el5.i686.rpm
kernel-debug-devel-2.6.18-92.1.22.el5.i686.rpm
kernel-debuginfo-2.6.18-92.1.22.el5.i686.rpm
kernel-debuginfo-common-2.6.18-92.1.22.el5.i686.rpm
kernel-devel-2.6.18-92.1.22.el5.i686.rpm
kernel-headers-2.6.18-92.1.22.el5.i386.rpm
kernel-xen-2.6.18-92.1.22.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-92.1.22.el5.i686.rpm
kernel-xen-devel-2.6.18-92.1.22.el5.i686.rpm

ia64:
kernel-2.6.18-92.1.22.el5.ia64.rpm
kernel-debug-2.6.18-92.1.22.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-92.1.22.el5.ia64.rpm
kernel-debug-devel-2.6.18-92.1.22.el5.ia64.rpm
kernel-debuginfo-2.6.18-92.1.22.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-92.1.22.el5.ia64.rpm
kernel-devel-2.6.18-92.1.22.el5.ia64.rpm
kernel-headers-2.6.18-92.1.22.el5.ia64.rpm
kernel-xen-2.6.18-92.1.22.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-92.1.22.el5.ia64.rpm
kernel-xen-devel-2.6.18-92.1.22.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-92.1.22.el5.noarch.rpm

ppc:
kernel-2.6.18-92.1.22.el5.ppc64.rpm
kernel-debug-2.6.18-92.1.22.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-92.1.22.el5.ppc64.rpm
kernel-debug-devel-2.6.18-92.1.22.el5.ppc64.rpm
kernel-debuginfo-2.6.18-92.1.22.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-92.1.22.el5.ppc64.rpm
kernel-devel-2.6.18-92.1.22.el5.ppc64.rpm
kernel-headers-2.6.18-92.1.22.el5.ppc.rpm
kernel-headers-2.6.18-92.1.22.el5.ppc64.rpm
kernel-kdump-2.6.18-92.1.22.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-92.1.22.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-92.1.22.el5.ppc64.rpm

s390x:
kernel-2.6.18-92.1.22.el5.s390x.rpm
kernel-debug-2.6.18-92.1.22.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-92.1.22.el5.s390x.rpm
kernel-debug-devel-2.6.18-92.1.22.el5.s390x.rpm
kernel-debuginfo-2.6.18-92.1.22.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-92.1.22.el5.s390x.rpm
kernel-devel-2.6.18-92.1.22.el5.s390x.rpm
kernel-headers-2.6.18-92.1.22.el5.s390x.rpm
kernel-kdump-2.6.18-92.1.22.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-92.1.22.el5.s390x.rpm
kernel-kdump-devel-2.6.18-92.1.22.el5.s390x.rpm

x86_64:
kernel-2.6.18-92.1.22.el5.x86_64.rpm
kernel-debug-2.6.18-92.1.22.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-92.1.22.el5.x86_64.rpm
kernel-debug-devel-2.6.18-92.1.22.el5.x86_64.rpm
kernel-debuginfo-2.6.18-92.1.22.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-92.1.22.el5.x86_64.rpm
kernel-devel-2.6.18-92.1.22.el5.x86_64.rpm
kernel-headers-2.6.18-92.1.22.el5.x86_64.rpm
kernel-xen-2.6.18-92.1.22.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-92.1.22.el5.x86_64.rpm
kernel-xen-devel-2.6.18-92.1.22.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

6. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4576
http://www.redhat.com/security/updates/classification/#important

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFJR2NcXlSAg2UNWIIRAtJdAKCqKJueg3rKLpmuhO5WlE 2pF+PNYACeLp5p
ZpKKOdpNV4hA3IdyoKUUwi4=
=Y0cQ
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 12-17-2008, 08:47 AM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2008:0973-03
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0973.html
Issue date: 2008-12-16
CVE Names: CVE-2008-4210 CVE-2008-3275 CVE-2008-0598
CVE-2008-2136 CVE-2008-2812 CVE-2007-6063
CVE-2008-3525
================================================== ===================

1. Summary:

Updated kernel packages that resolve several security issues and fix
various bugs are now available for Red Hat Enterprise Linux 3.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update addresses the following security issues:

* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and
64-bit emulation. This could allow a local, unprivileged user to prepare
and run a specially-crafted binary which would use this deficiency to leak
uninitialized and potentially sensitive data. (CVE-2008-0598, Important)

* a possible kernel memory leak was found in the Linux kernel Simple
Internet Transition (SIT) INET6 implementation. This could allow a local,
unprivileged user to cause a denial of service. (CVE-2008-2136, Important)

* missing capability checks were found in the SBNI WAN driver which could
allow a local user to bypass intended capability restrictions.
(CVE-2008-3525, Important)

* the do_truncate() and generic_file_splice_write() functions did not clear
the setuid and setgid bits. This could allow a local, unprivileged user to
obtain access to privileged information. (CVE-2008-4210, Important)

* a buffer overflow flaw was found in Integrated Services Digital Network
(ISDN) subsystem. A local, unprivileged user could use this flaw to cause a
denial of service. (CVE-2007-6063, Moderate)

* multiple NULL pointer dereferences were found in various Linux kernel
network drivers. These drivers were missing checks for terminal validity,
which could allow privilege escalation. (CVE-2008-2812, Moderate)

* a deficiency was found in the Linux kernel virtual filesystem (VFS)
implementation. This could allow a local, unprivileged user to attempt file
creation within deleted directories, possibly causing a denial of service.
(CVE-2008-3275, Moderate)

This update also fixes the following bugs:

* the incorrect kunmap function was used in nfs_xdr_readlinkres. kunmap()
was used where kunmap_atomic() should have been. As a consequence, if an
NFSv2 or NFSv3 server exported a volume containing a symlink which included
a path equal to or longer than the local system's PATH_MAX, accessing the
link caused a kernel oops. This has been corrected in this update.

* mptctl_gettargetinfo did not check if pIoc3 was NULL before using it as a
pointer. This caused a kernel panic in mptctl_gettargetinfo in some
circumstances. A check has been added which prevents this.

* lost tick compensation code in the timer interrupt routine triggered
without apparent cause. When running as a fully-virtualized client, this
spurious triggering caused the 64-bit version of Red Hat Enterprise Linux 3
to present highly inaccurate times. With this update the lost tick
compensation code is turned off when the operating system is running as a
fully-virtualized client under Xen or VMWare®.

All Red Hat Enterprise Linux 3 users should install this updated kernel
which addresses these vulnerabilities and fixes these bugs.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

392101 - CVE-2007-6063 Linux Kernel isdn_net_setcfg buffer overflow
433938 - CVE-2008-0598 kernel: linux x86_64 ia32 emulation leaks uninitialized data
438758 - wrong kunmap call in nfs_xdr_readlinkres
446031 - CVE-2008-2136 kernel: sit memory leak
453419 - CVE-2008-2812 kernel: NULL ptr dereference in multiple network drivers due to missing checks in tty code
457858 - CVE-2008-3275 Linux kernel local filesystem DoS
460401 - CVE-2008-3525 kernel: missing capability checks in sbni_ioctl()
463661 - CVE-2008-4210 kernel: open() call allows setgid bit when user is not in new file's group

6. Package List:

Red Hat Enterprise Linux AS version 3:

Source:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-58.EL.src.rpm

i386:
kernel-2.4.21-58.EL.athlon.rpm
kernel-2.4.21-58.EL.i686.rpm
kernel-BOOT-2.4.21-58.EL.i386.rpm
kernel-debuginfo-2.4.21-58.EL.athlon.rpm
kernel-debuginfo-2.4.21-58.EL.i386.rpm
kernel-debuginfo-2.4.21-58.EL.i686.rpm
kernel-doc-2.4.21-58.EL.i386.rpm
kernel-hugemem-2.4.21-58.EL.i686.rpm
kernel-hugemem-unsupported-2.4.21-58.EL.i686.rpm
kernel-smp-2.4.21-58.EL.athlon.rpm
kernel-smp-2.4.21-58.EL.i686.rpm
kernel-smp-unsupported-2.4.21-58.EL.athlon.rpm
kernel-smp-unsupported-2.4.21-58.EL.i686.rpm
kernel-source-2.4.21-58.EL.i386.rpm
kernel-unsupported-2.4.21-58.EL.athlon.rpm
kernel-unsupported-2.4.21-58.EL.i686.rpm

ia64:
kernel-2.4.21-58.EL.ia64.rpm
kernel-debuginfo-2.4.21-58.EL.ia64.rpm
kernel-doc-2.4.21-58.EL.ia64.rpm
kernel-source-2.4.21-58.EL.ia64.rpm
kernel-unsupported-2.4.21-58.EL.ia64.rpm

ppc:
kernel-2.4.21-58.EL.ppc64iseries.rpm
kernel-2.4.21-58.EL.ppc64pseries.rpm
kernel-debuginfo-2.4.21-58.EL.ppc64.rpm
kernel-debuginfo-2.4.21-58.EL.ppc64iseries.rpm
kernel-debuginfo-2.4.21-58.EL.ppc64pseries.rpm
kernel-doc-2.4.21-58.EL.ppc64.rpm
kernel-source-2.4.21-58.EL.ppc64.rpm
kernel-unsupported-2.4.21-58.EL.ppc64iseries.rpm
kernel-unsupported-2.4.21-58.EL.ppc64pseries.rpm

s390:
kernel-2.4.21-58.EL.s390.rpm
kernel-debuginfo-2.4.21-58.EL.s390.rpm
kernel-doc-2.4.21-58.EL.s390.rpm
kernel-source-2.4.21-58.EL.s390.rpm
kernel-unsupported-2.4.21-58.EL.s390.rpm

s390x:
kernel-2.4.21-58.EL.s390x.rpm
kernel-debuginfo-2.4.21-58.EL.s390x.rpm
kernel-doc-2.4.21-58.EL.s390x.rpm
kernel-source-2.4.21-58.EL.s390x.rpm
kernel-unsupported-2.4.21-58.EL.s390x.rpm

x86_64:
kernel-2.4.21-58.EL.ia32e.rpm
kernel-2.4.21-58.EL.x86_64.rpm
kernel-debuginfo-2.4.21-58.EL.ia32e.rpm
kernel-debuginfo-2.4.21-58.EL.x86_64.rpm
kernel-doc-2.4.21-58.EL.x86_64.rpm
kernel-smp-2.4.21-58.EL.x86_64.rpm
kernel-smp-unsupported-2.4.21-58.EL.x86_64.rpm
kernel-source-2.4.21-58.EL.x86_64.rpm
kernel-unsupported-2.4.21-58.EL.ia32e.rpm
kernel-unsupported-2.4.21-58.EL.x86_64.rpm

Red Hat Desktop version 3:

Source:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-58.EL.src.rpm

i386:
kernel-2.4.21-58.EL.athlon.rpm
kernel-2.4.21-58.EL.i686.rpm
kernel-BOOT-2.4.21-58.EL.i386.rpm
kernel-debuginfo-2.4.21-58.EL.athlon.rpm
kernel-debuginfo-2.4.21-58.EL.i386.rpm
kernel-debuginfo-2.4.21-58.EL.i686.rpm
kernel-doc-2.4.21-58.EL.i386.rpm
kernel-hugemem-2.4.21-58.EL.i686.rpm
kernel-hugemem-unsupported-2.4.21-58.EL.i686.rpm
kernel-smp-2.4.21-58.EL.athlon.rpm
kernel-smp-2.4.21-58.EL.i686.rpm
kernel-smp-unsupported-2.4.21-58.EL.athlon.rpm
kernel-smp-unsupported-2.4.21-58.EL.i686.rpm
kernel-source-2.4.21-58.EL.i386.rpm
kernel-unsupported-2.4.21-58.EL.athlon.rpm
kernel-unsupported-2.4.21-58.EL.i686.rpm

x86_64:
kernel-2.4.21-58.EL.ia32e.rpm
kernel-2.4.21-58.EL.x86_64.rpm
kernel-debuginfo-2.4.21-58.EL.ia32e.rpm
kernel-debuginfo-2.4.21-58.EL.x86_64.rpm
kernel-doc-2.4.21-58.EL.x86_64.rpm
kernel-smp-2.4.21-58.EL.x86_64.rpm
kernel-smp-unsupported-2.4.21-58.EL.x86_64.rpm
kernel-source-2.4.21-58.EL.x86_64.rpm
kernel-unsupported-2.4.21-58.EL.ia32e.rpm
kernel-unsupported-2.4.21-58.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

Source:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-58.EL.src.rpm

i386:
kernel-2.4.21-58.EL.athlon.rpm
kernel-2.4.21-58.EL.i686.rpm
kernel-BOOT-2.4.21-58.EL.i386.rpm
kernel-debuginfo-2.4.21-58.EL.athlon.rpm
kernel-debuginfo-2.4.21-58.EL.i386.rpm
kernel-debuginfo-2.4.21-58.EL.i686.rpm
kernel-doc-2.4.21-58.EL.i386.rpm
kernel-hugemem-2.4.21-58.EL.i686.rpm
kernel-hugemem-unsupported-2.4.21-58.EL.i686.rpm
kernel-smp-2.4.21-58.EL.athlon.rpm
kernel-smp-2.4.21-58.EL.i686.rpm
kernel-smp-unsupported-2.4.21-58.EL.athlon.rpm
kernel-smp-unsupported-2.4.21-58.EL.i686.rpm
kernel-source-2.4.21-58.EL.i386.rpm
kernel-unsupported-2.4.21-58.EL.athlon.rpm
kernel-unsupported-2.4.21-58.EL.i686.rpm

ia64:
kernel-2.4.21-58.EL.ia64.rpm
kernel-debuginfo-2.4.21-58.EL.ia64.rpm
kernel-doc-2.4.21-58.EL.ia64.rpm
kernel-source-2.4.21-58.EL.ia64.rpm
kernel-unsupported-2.4.21-58.EL.ia64.rpm

x86_64:
kernel-2.4.21-58.EL.ia32e.rpm
kernel-2.4.21-58.EL.x86_64.rpm
kernel-debuginfo-2.4.21-58.EL.ia32e.rpm
kernel-debuginfo-2.4.21-58.EL.x86_64.rpm
kernel-doc-2.4.21-58.EL.x86_64.rpm
kernel-smp-2.4.21-58.EL.x86_64.rpm
kernel-smp-unsupported-2.4.21-58.EL.x86_64.rpm
kernel-source-2.4.21-58.EL.x86_64.rpm
kernel-unsupported-2.4.21-58.EL.ia32e.rpm
kernel-unsupported-2.4.21-58.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

Source:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-58.EL.src.rpm

i386:
kernel-2.4.21-58.EL.athlon.rpm
kernel-2.4.21-58.EL.i686.rpm
kernel-BOOT-2.4.21-58.EL.i386.rpm
kernel-debuginfo-2.4.21-58.EL.athlon.rpm
kernel-debuginfo-2.4.21-58.EL.i386.rpm
kernel-debuginfo-2.4.21-58.EL.i686.rpm
kernel-doc-2.4.21-58.EL.i386.rpm
kernel-hugemem-2.4.21-58.EL.i686.rpm
kernel-hugemem-unsupported-2.4.21-58.EL.i686.rpm
kernel-smp-2.4.21-58.EL.athlon.rpm
kernel-smp-2.4.21-58.EL.i686.rpm
kernel-smp-unsupported-2.4.21-58.EL.athlon.rpm
kernel-smp-unsupported-2.4.21-58.EL.i686.rpm
kernel-source-2.4.21-58.EL.i386.rpm
kernel-unsupported-2.4.21-58.EL.athlon.rpm
kernel-unsupported-2.4.21-58.EL.i686.rpm

ia64:
kernel-2.4.21-58.EL.ia64.rpm
kernel-debuginfo-2.4.21-58.EL.ia64.rpm
kernel-doc-2.4.21-58.EL.ia64.rpm
kernel-source-2.4.21-58.EL.ia64.rpm
kernel-unsupported-2.4.21-58.EL.ia64.rpm

x86_64:
kernel-2.4.21-58.EL.ia32e.rpm
kernel-2.4.21-58.EL.x86_64.rpm
kernel-debuginfo-2.4.21-58.EL.ia32e.rpm
kernel-debuginfo-2.4.21-58.EL.x86_64.rpm
kernel-doc-2.4.21-58.EL.x86_64.rpm
kernel-smp-2.4.21-58.EL.x86_64.rpm
kernel-smp-unsupported-2.4.21-58.EL.x86_64.rpm
kernel-source-2.4.21-58.EL.x86_64.rpm
kernel-unsupported-2.4.21-58.EL.ia32e.rpm
kernel-unsupported-2.4.21-58.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3525
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFJSMqsXlSAg2UNWIIRAriYAJwML/skLsQgbSxqwjUNsIQFY4WaagCgxOKG
LAEWBR4C/F8hvHVWkkZiHYw=
=UChf
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

Wed Dec 17 12:30:01 2008
Return-path: <ubuntu-users-bounces@lists.ubuntu.com>
Envelope-to: tom@linux-archive.org
Delivery-date: Wed, 17 Dec 2008 11:58:58 +0200
Received: from chlorine.canonical.com ([91.189.94.204]:48184)
by s2.java-tips.org with esmtp (Exim 4.69)
(envelope-from <ubuntu-users-bounces@lists.ubuntu.com>)
id 1LCtBC-0002v9-K6
for tom@linux-archive.org; Wed, 17 Dec 2008 11:58:58 +0200
Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com)
by chlorine.canonical.com with esmtp (Exim 4.60)
(envelope-from <ubuntu-users-bounces@lists.ubuntu.com>)
id 1LCtAp-0005Lk-Gy; Wed, 17 Dec 2008 09:58:35 +0000
Received: from yw-out-1718.google.com ([74.125.46.158])
by chlorine.canonical.com with esmtp (Exim 4.60)
(envelope-from <ghana.computeraid@gmail.com>) id 1LCtAn-0005Lf-Sq
for ubuntu-users@lists.ubuntu.com; Wed, 17 Dec 2008 09:58:34 +0000
Received: by yw-out-1718.google.com with SMTP id 5so1427641ywr.44
for <ubuntu-users@lists.ubuntu.com>;
Wed, 17 Dec 2008 01:58:33 -0800 (PST)
Received: by 10.150.138.8 with SMTP id l8mr1102122ybd.21.1229507912376;
Wed, 17 Dec 2008 01:58:32 -0800 (PST)
Received: by 10.151.124.8 with HTTP; Wed, 17 Dec 2008 01:58:32 -0800 (PST)
Message-ID: <dd829e970812170158i11c2f5eeq4298a24efad612bd@mail .gmail.com>
Date: Wed, 17 Dec 2008 10:58:32 +0100
From: "Computer assistance to Akatsi District project Ghana"
<ghana.computeraid@gmail.com>
To: ubuntu-users@lists.ubuntu.com, eben_nartey@yahoo.com
Subject: checking md5 sum in windows
MIME-Version: 1.0
X-BeenThere: ubuntu-users@lists.ubuntu.com
X-Mailman-Version: 2.1.8
Precedence: list
Reply-To: "Ubuntu user technical support,
not for general discussions" <ubuntu-users@lists.ubuntu.com>
List-Id: "Ubuntu user technical support,
not for general discussions" <ubuntu-users.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-users>,
<mailto:ubuntu-users-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/ubuntu-users>
List-Post: <mailto:ubuntu-users@lists.ubuntu.com>
List-Help: <mailto:ubuntu-users-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-users>,
<mailto:ubuntu-users-request@lists.ubuntu.com?subject=subscribe>
Content-Type: multipart/mixed; boundary="=============="77032389680148029=="
Mime-version: 1.0
Sender: ubuntu-users-bounces@lists.ubuntu.com
Errors-To: ubuntu-users-bounces@lists.ubuntu.com

--=============="77032389680148029=Content-Type: multipart/alternative;
boundary="----=_Part_18714_6291216.1229507912365"

------=_Part_18714_6291216.1229507912365
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: base64
Content-Disposition: inline

SGVsbG8KSG93IGRvIGkgY2hlY2sgdGhlIG1kNSBzdW0gb2YgYS BEVkQgaXNvIGltYWdlIGluIFdp
bmRvd3MuIEkga25vdyB0aGlzCnByb2JhYmx5IGlzIGEgc3R1cG lkIHF1ZXN0aW9uLCBidXQgaSBz
aW1wbHkgZG8gbm90IGtub3cgaG93IHRvIGRvIGl0LgoKClJvYm VydAoKLS0gClBsZWFzZSBrZWVw
IG1lc3NhZ2UgdGV4dCB3aGVuIHJlcGx5aW5nCkNvbXB1dGVyIG Fzc2lzdGFuY2UgQWthdHNpCmh0
dHA6Ly9jb21wdXRlcmFpZC56YXB0by5vcmcKTW9iOiAoMDA0Ny kgNDc0NjYzNTIKKDAwMjMzKSAy
NDcwMDUzMTEgQ2hyaXN0aWFuIChpbiBHaGFuYSkKKDAwMjMzKS AyNDc4OTM0MzAgUm9iZXJ0IChp
biBHaGFuYSkKRS1tYWlsOiBtYWlsdG86Z2hhbmEuY29tcHV0ZX JhaWRAb25saW5lLm5vCkFkZHJl
c3M6IFJvYmVydCBSaWtzaGVpbQpHYW1sZXZlaWVuIDIwNCAzNT MwIFLDmFlTRSBOT1JXQVkK
------=_Part_18714_6291216.1229507912365
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: base64
Content-Disposition: inline

SGVsbG88YnI+SG93IGRvIGkgY2hlY2sgdGhlIDxzcGFuIGNsYX NzPSJuZmFrUGUiPm1kNTwvc3Bh
bj4gc3VtIG9mIGEgRFZEIGlzbyBpbWFnZSBpbiBXaW5kb3dzLi BJIGtub3cgdGhpcyBwcm9iYWJs
eSBpcyBhIHN0dXBpZCBxdWVzdGlvbiwgYnV0IGkgc2ltcGx5IG RvIG5vdCBrbm93IGhvdyB0byBk
byBpdC48YnI+PGJyPjxicj5Sb2JlcnQ8YnIgY2xlYXI9ImFsbC I+PGJyPi0tIDxicj5QbGVhc2Ug
a2VlcCBtZXNzYWdlIHRleHQgd2hlbiByZXBseWluZyA8YnI+Ck NvbXB1dGVyIGFzc2lzdGFuY2Ug
QWthdHNpPGJyPjxhIGhyZWY9Imh0dHA6Ly9jb21wdXRlcmFpZC 56YXB0by5vcmciPmh0dHA6Ly9j
b21wdXRlcmFpZC56YXB0by5vcmc8L2E+IDxicj5Nb2I6ICgwMD Q3KSA0NzQ2NjM1MiA8YnI+KDAw
MjMzKSAyNDcwMDUzMTEgQ2hyaXN0aWFuIChpbiBHaGFuYSk8Yn I+KDAwMjMzKSAyNDc4OTM0MzAg
Um9iZXJ0IChpbiBHaGFuYSk8YnI+RS1tYWlsOiBtYWlsdG86PG EgaHJlZj0ibWFpbHRvOmdoYW5h
LmNvbXB1dGVyYWlkQG9ubGluZS5ubyI+Z2hhbmEuY29tcHV0ZX JhaWRAb25saW5lLm5vPC9hPjxi
cj4KQWRkcmVzczogUm9iZXJ0IFJpa3NoZWltPGJyPkdhbWxldm VpZW4gMjA0IDM1MzAgUsOYWVNF
IE5PUldBWTxicj4K
------=_Part_18714_6291216.1229507912365--


--=============="77032389680148029=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

--=============="77032389680148029==--
 
Old 01-14-2009, 05:06 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2009:0014-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0014.html
Issue date: 2009-01-14
CVE Names: CVE-2008-3275 CVE-2008-4933 CVE-2008-4934
CVE-2008-5025 CVE-2008-5029 CVE-2008-5300
CVE-2008-5702
================================================== ===================

1. Summary:

Updated kernel packages that resolve several security issues and fix
various bugs are now available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update addresses the following security issues:

* the sendmsg() function in the Linux kernel did not block during UNIX
socket garbage collection. This could, potentially, lead to a local denial
of service. (CVE-2008-5300, Important)

* when fput() was called to close a socket, the __scm_destroy() function in
the Linux kernel could make indirect recursive calls to itself. This could,
potentially, lead to a local denial of service. (CVE-2008-5029, Important)

* a deficiency was found in the Linux kernel virtual file system (VFS)
implementation. This could allow a local, unprivileged user to make a
series of file creations within deleted directories, possibly causing a
denial of service. (CVE-2008-3275, Moderate)

* a buffer underflow flaw was found in the Linux kernel IB700 SBC watchdog
timer driver. This deficiency could lead to a possible information leak. By
default, the "/dev/watchdog" device is accessible only to the root user.
(CVE-2008-5702, Low)

* the hfs and hfsplus file systems code failed to properly handle corrupted
data structures. This could, potentially, lead to a local denial of
service. (CVE-2008-4933, CVE-2008-5025, Low)

* a flaw was found in the hfsplus file system implementation. This could,
potentially, lead to a local denial of service when write operations were
performed. (CVE-2008-4934, Low)

This update also fixes the following bugs:

* when running Red Hat Enterprise Linux 4.6 and 4.7 on some systems running
Intel® CPUs, the cpuspeed daemon did not run, preventing the CPU speed from
being changed, such as not being reduced to an idle state when not in use.

* mmap() could be used to gain access to beyond the first megabyte of RAM,
due to insufficient checks in the Linux kernel code. Checks have been added
to prevent this.

* attempting to turn keyboard LEDs on and off rapidly on keyboards with
slow keyboard controllers, may have caused key presses to fail.

* after migrating a hypervisor guest, the MAC address table was not
updated, causing packet loss and preventing network connections to the
guest. Now, a gratuitous ARP request is sent after migration. This
refreshes the ARP caches, minimizing network downtime.

* writing crash dumps with diskdump may have caused a kernel panic on
Non-Uniform Memory Access (NUMA) systems with certain memory
configurations.

* on big-endian systems, such as PowerPC, the getsockopt() function
incorrectly returned 0 depending on the parameters passed to it when the
time to live (TTL) value equaled 255, possibly causing memory corruption
and application crashes.

* a problem in the kernel packages provided by the RHSA-2008:0508 advisory
caused the Linux kernel's built-in memory copy procedure to return the
wrong error code after recovering from a page fault on AMD64 and Intel 64
systems. This may have caused other Linux kernel functions to return wrong
error codes.

* a divide-by-zero bug in the Linux kernel process scheduler, which may
have caused kernel panics on certain systems, has been resolved.

* the netconsole kernel module caused the Linux kernel to hang when slave
interfaces of bonded network interfaces were started, resulting in a system
hang or kernel panic when restarting the network.

* the "/proc/xen/" directory existed even if systems were not running Red
Hat Virtualization. This may have caused problems for third-party software
that checks virtualization-ability based on the existence of "/proc/xen/".
Note: this update will remove the "/proc/xen/" directory on systems not
running Red Hat Virtualization.

All Red Hat Enterprise Linux 4 users should upgrade to these updated
packages, which contain backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

248710 - Local keyboard DoS through LED switching
457858 - CVE-2008-3275 Linux kernel local filesystem DoS
460862 - kernel: devmem: add range_is_allowed() check to mmap_mem() [rhel-4.7.z]
469631 - CVE-2008-4933 kernel: hfsplus: fix Buffer overflow with a corrupted image
469640 - CVE-2008-4934 kernel: hfsplus: check read_mapping_page() return value
469891 - lost packets when live migrating (RHEL4 XEN)
470034 - HP-Japan: RHEL4.6 diskdump fails when NUMA is on
470196 - getsockopt() returning incorrectly in PPC
470201 - CVE-2008-5029 kernel: Unix sockets kernel panic
470769 - CVE-2008-5025 kernel: hfs: fix namelength memory corruption
471015 - RHSA-2008:0508 linux-2.6.9-x86_64-copy_user-zero-tail.patch broken
471222 - erroneous load balancing for isolated CPUs leads to divide-by-zero panic in find_busiest_group()
471391 - netconsole hang the system on ifenslave operation
473259 - CVE-2008-5300 kernel: fix soft lockups/OOM issues with unix socket garbage collector
475733 - CVE-2008-5702 kernel: watchdog: ib700wdt.c - buffer_underflow bug
476534 - Xen balloon driver on RHEL4 x86_64 with 2.6.9-78.0.1.ELsmp

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-78.0.13.EL.src.rpm

i386:
kernel-2.6.9-78.0.13.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.13.EL.i686.rpm
kernel-devel-2.6.9-78.0.13.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.13.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.13.EL.i686.rpm
kernel-smp-2.6.9-78.0.13.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.13.EL.i686.rpm
kernel-xenU-2.6.9-78.0.13.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.13.EL.i686.rpm

ia64:
kernel-2.6.9-78.0.13.EL.ia64.rpm
kernel-debuginfo-2.6.9-78.0.13.EL.ia64.rpm
kernel-devel-2.6.9-78.0.13.EL.ia64.rpm
kernel-largesmp-2.6.9-78.0.13.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-78.0.13.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-78.0.13.EL.noarch.rpm

ppc:
kernel-2.6.9-78.0.13.EL.ppc64.rpm
kernel-2.6.9-78.0.13.EL.ppc64iseries.rpm
kernel-debuginfo-2.6.9-78.0.13.EL.ppc64.rpm
kernel-debuginfo-2.6.9-78.0.13.EL.ppc64iseries.rpm
kernel-devel-2.6.9-78.0.13.EL.ppc64.rpm
kernel-devel-2.6.9-78.0.13.EL.ppc64iseries.rpm
kernel-largesmp-2.6.9-78.0.13.EL.ppc64.rpm
kernel-largesmp-devel-2.6.9-78.0.13.EL.ppc64.rpm

s390:
kernel-2.6.9-78.0.13.EL.s390.rpm
kernel-debuginfo-2.6.9-78.0.13.EL.s390.rpm
kernel-devel-2.6.9-78.0.13.EL.s390.rpm

s390x:
kernel-2.6.9-78.0.13.EL.s390x.rpm
kernel-debuginfo-2.6.9-78.0.13.EL.s390x.rpm
kernel-devel-2.6.9-78.0.13.EL.s390x.rpm

x86_64:
kernel-2.6.9-78.0.13.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.13.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.13.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.13.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.13.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.13.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.13.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.13.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.13.EL.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-78.0.13.EL.src.rpm

i386:
kernel-2.6.9-78.0.13.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.13.EL.i686.rpm
kernel-devel-2.6.9-78.0.13.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.13.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.13.EL.i686.rpm
kernel-smp-2.6.9-78.0.13.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.13.EL.i686.rpm
kernel-xenU-2.6.9-78.0.13.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.13.EL.i686.rpm

noarch:
kernel-doc-2.6.9-78.0.13.EL.noarch.rpm

x86_64:
kernel-2.6.9-78.0.13.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.13.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.13.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.13.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.13.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.13.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.13.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.13.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.13.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-78.0.13.EL.src.rpm

i386:
kernel-2.6.9-78.0.13.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.13.EL.i686.rpm
kernel-devel-2.6.9-78.0.13.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.13.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.13.EL.i686.rpm
kernel-smp-2.6.9-78.0.13.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.13.EL.i686.rpm
kernel-xenU-2.6.9-78.0.13.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.13.EL.i686.rpm

ia64:
kernel-2.6.9-78.0.13.EL.ia64.rpm
kernel-debuginfo-2.6.9-78.0.13.EL.ia64.rpm
kernel-devel-2.6.9-78.0.13.EL.ia64.rpm
kernel-largesmp-2.6.9-78.0.13.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-78.0.13.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-78.0.13.EL.noarch.rpm

x86_64:
kernel-2.6.9-78.0.13.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.13.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.13.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.13.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.13.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.13.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.13.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.13.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.13.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-78.0.13.EL.src.rpm

i386:
kernel-2.6.9-78.0.13.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.13.EL.i686.rpm
kernel-devel-2.6.9-78.0.13.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.13.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.13.EL.i686.rpm
kernel-smp-2.6.9-78.0.13.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.13.EL.i686.rpm
kernel-xenU-2.6.9-78.0.13.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.13.EL.i686.rpm

ia64:
kernel-2.6.9-78.0.13.EL.ia64.rpm
kernel-debuginfo-2.6.9-78.0.13.EL.ia64.rpm
kernel-devel-2.6.9-78.0.13.EL.ia64.rpm
kernel-largesmp-2.6.9-78.0.13.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-78.0.13.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-78.0.13.EL.noarch.rpm

x86_64:
kernel-2.6.9-78.0.13.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.13.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.13.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.13.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.13.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.13.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.13.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.13.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.13.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5300
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5702
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2009 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFJbimLXlSAg2UNWIIRAor8AKC1vFKmJ8FBi7sRFi2BUw 5BRaZF8ACgvrlA
LOKUwjVGPlOYesNoJbTPcl4=
=2exf
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 01-22-2009, 10:21 AM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2009:0009-02
Product: Red Hat Enterprise MRG for RHEL-5
Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0009.html
Issue date: 2009-01-22
CVE Names: CVE-2008-0598 CVE-2008-3528 CVE-2008-3831
CVE-2008-4554 CVE-2008-4576 CVE-2008-4618
CVE-2008-5029
================================================== ===================

1. Summary:

Updated kernel packages that fix several security issues and several bugs
are now available for Red Hat Enterprise MRG 1.0.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

MRG Realtime for RHEL 5 Server - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

These updated packages address the following security issues:

* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and
64-bit emulation. This could allow a local, unprivileged user to prepare
and run a specially-crafted binary which would use this deficiency to leak
uninitialized and potentially sensitive data. (CVE-2008-0598, Important)

* Olaf Kirch reported a flaw in the i915 kernel driver that only affects
the Intel G33 series and newer. This flaw could, potentially, lead to local
privilege escalation. (CVE-2008-3831, Important)

* Miklos Szeredi reported a missing check for files opened with O_APPEND in
sys_splice(). This could allow a local, unprivileged user to bypass the
append-only file restrictions. (CVE-2008-4554, Important)

* a deficiency was found in the Linux kernel Stream Control Transmission
Protocol (SCTP) implementation. This could lead to a possible denial of
service if one end of a SCTP connection did not support the AUTH extension.
(CVE-2008-4576, Important)

* Wei Yongjun reported a flaw in the Linux kernel SCTP implementation. In
certain code paths, sctp_sf_violation_paramlen() could be called with a
wrong parameter data type. This could lead to a possible denial of service.
(CVE-2008-4618, Important)

* when fput() was called to close a socket, the __scm_destroy() function in
the Linux kernel could make indirect recursive calls to itself. This could,
potentially, lead to a denial of service issue. (CVE-2008-5029, Important)

* the ext2 and ext3 filesystem code failed to properly handle corrupted
data structures, leading to a possible local denial of service issue when
read or write operations were performed. (CVE-2008-3528, Low)

These updated packages also address numerous bugs, including the following:

* several System on Chip (SoC) audio drivers allocated memory in the
platform device probe function but did not free this memory in the event of
an error. Instead, the memory was freed in the device probe function's
error path. This could result in a 'double free' error. With this update,
errors cause memory to be freed correctly.

* when a check was made to see if the netlink attribute fitted into
available memory, the value returned, "remaining", could become negative
due to alignment in nla_next(). GCC set "remaining" to unsigned when
testing against the sizeof(*nla), however. As a consequence, the test would
always succeed and the function nla_for_each_attr() could, potentially,
access memory outside the received buffer. With this update, sizeof is cast
to an integer, ensuring sizeof(*nla) does a signed test and prevents an
illegal memory de-reference.

* if a user-space process used a SIGIO notification and did not disable it
before closing the file descriptor, a stale pointer was left in the
async_queue of the real-time clock. When a different user-space process
subsequently used a SIGIO notification, the kernel de-referenced this
pointer and crashed. With this updated kernel, SIGIO notifications are
disabled when the file descriptor is closed, preventing this.

* the real-time kernel included with Red Hat Enterprise Linux MRG did not
randomize exec, heap or libc addresses. This update corrects this omission:
exec, heap and libc addresses are now randomized.

Numerous other bug fixes included with this update are noted in the Red Hat
Enterprise MRG 1.0 Real Time Security Update Release Note, available at the
location noted in the References section below.

All Red Hat Enterprise MRG users should install this update which addresses
these vulnerabilities and fixes these bugs.

4. Solution:

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

433938 - CVE-2008-0598 kernel: linux x86_64 ia32 emulation leaks uninitialized data
455095 - event trace syscall on i386 has bogus parameters
459577 - CVE-2008-3528 Linux kernel ext[234] directory corruption denial of service
460102 - kernel: alsa: asoc: fix double free and memory leak in many codec drivers [mrg-1]
461330 - Update realtime kernel's lpfc version to 8.2.0.29
462281 - kernel: netlink: fix overrun in attribute iteration
464502 - CVE-2008-3831 kernel: i915 kernel drm driver arbitrary ioremap
465730 - CVE-2008-4618 kernel: sctp: Fix kernel panic while process protocol violation parameter
465744 - kernel: rtc: fix kernel panic on second use of SIGIO notification
465862 - Warning from rt_mutex code while testing infiniband
466079 - CVE-2008-4576 kernel: sctp: Fix oops when INIT-ACK indicates that peer doesn't support AUTH
466153 - [Broadcom 5.3 feat] Update bnx2 to version 1.7.4+
466341 - RT kernel fails to boot on Intel Canelands processors (16 and 24 cores)
466554 - Update qla2xxx driver with RHEL5.3 + upstream fixes
466557 - Update the e1000e driver with RHEL5.3 and upstream fixes
466558 - Update the tg3 driver with RHEL5.3 and upstream fixes
466707 - CVE-2008-4554 kernel: don't allow splice() to files opened with O_APPEND
467739 - Add amd64_edac driver from IBM
467781 - MRG kernel has the e1000e bug
467783 - SAN Patchset needs merging into MRG
468205 - Turn off building of ocfs2 filesystem module in MRG RT kernel
469186 - [FOCUS] Lockdep fixes cause latency regression
470201 - CVE-2008-5029 kernel: Unix sockets kernel panic

6. Package List:

MRG Realtime for RHEL 5 Server:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/kernel-rt-2.6.24.7-93.el5rt.src.rpm

i386:
kernel-rt-2.6.24.7-93.el5rt.i686.rpm
kernel-rt-debug-2.6.24.7-93.el5rt.i686.rpm
kernel-rt-debug-debuginfo-2.6.24.7-93.el5rt.i686.rpm
kernel-rt-debug-devel-2.6.24.7-93.el5rt.i686.rpm
kernel-rt-debuginfo-2.6.24.7-93.el5rt.i686.rpm
kernel-rt-debuginfo-common-2.6.24.7-93.el5rt.i686.rpm
kernel-rt-devel-2.6.24.7-93.el5rt.i686.rpm
kernel-rt-trace-2.6.24.7-93.el5rt.i686.rpm
kernel-rt-trace-debuginfo-2.6.24.7-93.el5rt.i686.rpm
kernel-rt-trace-devel-2.6.24.7-93.el5rt.i686.rpm
kernel-rt-vanilla-2.6.24.7-93.el5rt.i686.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-93.el5rt.i686.rpm
kernel-rt-vanilla-devel-2.6.24.7-93.el5rt.i686.rpm

noarch:
kernel-rt-doc-2.6.24.7-93.el5rt.noarch.rpm

x86_64:
kernel-rt-2.6.24.7-93.el5rt.x86_64.rpm
kernel-rt-debug-2.6.24.7-93.el5rt.x86_64.rpm
kernel-rt-debug-debuginfo-2.6.24.7-93.el5rt.x86_64.rpm
kernel-rt-debug-devel-2.6.24.7-93.el5rt.x86_64.rpm
kernel-rt-debuginfo-2.6.24.7-93.el5rt.x86_64.rpm
kernel-rt-debuginfo-common-2.6.24.7-93.el5rt.x86_64.rpm
kernel-rt-devel-2.6.24.7-93.el5rt.x86_64.rpm
kernel-rt-trace-2.6.24.7-93.el5rt.x86_64.rpm
kernel-rt-trace-debuginfo-2.6.24.7-93.el5rt.x86_64.rpm
kernel-rt-trace-devel-2.6.24.7-93.el5rt.x86_64.rpm
kernel-rt-vanilla-2.6.24.7-93.el5rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-93.el5rt.x86_64.rpm
kernel-rt-vanilla-devel-2.6.24.7-93.el5rt.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5029
http://www.redhat.com/security/updates/classification/#important
http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2009 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFJeFalXlSAg2UNWIIRAuBvAJ9qKI3i3PrKt0RBPUmaNQ lzFCLIKwCgnAKj
YtQrwhczrzLowEwS2cfdgn8=
=THNU
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 03-12-2009, 01:52 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2009:0331-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0331.html
Issue date: 2009-03-12
CVE Names: CVE-2008-5700 CVE-2009-0031 CVE-2009-0065
CVE-2009-0322
================================================== ===================

1. Summary:

Updated kernel packages that resolve several security issues and fix
various bugs are now available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update addresses the following security issues:

* a buffer overflow was found in the Linux kernel Partial Reliable Stream
Control Transmission Protocol (PR-SCTP) implementation. This could,
potentially, lead to a denial of service if a Forward-TSN chunk is received
with a large stream ID. (CVE-2009-0065, Important)

* a memory leak was found in keyctl handling. A local, unprivileged user
could use this flaw to deplete kernel memory, eventually leading to a
denial of service. (CVE-2009-0031, Important)

* a deficiency was found in the Remote BIOS Update (RBU) driver for Dell
systems. This could allow a local, unprivileged user to cause a denial of
service by reading zero bytes from the image_type or packet_size file in
"/sys/devices/platform/dell_rbu/". (CVE-2009-0322, Important)

* a deficiency was found in the libATA implementation. This could,
potentially, lead to a denial of service. Note: by default, "/dev/sg*"
devices are accessible only to the root user. (CVE-2008-5700, Low)

This update also fixes the following bugs:

* when the hypervisor changed a page table entry (pte) mapping from
read-only to writable via a make_writable hypercall, accessing the changed
page immediately following the change caused a spurious page fault. When
trying to install a para-virtualized Red Hat Enterprise Linux 4 guest on a
Red Hat Enterprise Linux 5.3 dom0 host, this fault crashed the installer
with a kernel backtrace. With this update, the "spurious" page fault is
handled properly. (BZ#483748)

* net_rx_action could detect its cpu poll_list as non-empty, but have that
same list reduced to empty by the poll_napi path. This resulted in garbage
data being returned when net_rx_action calls list_entry, which subsequently
resulted in several possible crash conditions. The race condition in the
network code which caused this has been fixed. (BZ#475970, BZ#479681 &
BZ#480741)

* a misplaced memory barrier at unlock_buffer() could lead to a concurrent
h_refcounter update which produced a reference counter leak and, later, a
double free in ext3_xattr_release_block(). Consequent to the double free,
ext3 reported an error

ext3_free_blocks_sb: bit already cleared for block [block number]

and mounted itself as read-only. With this update, the memory barrier is
now placed before the buffer head lock bit, forcing the write order and
preventing the double free. (BZ#476533)

* when the iptables module was unloaded, it was assumed the correct entry
for removal had been found if "wrapper->ops->pf" matched the value passed
in by "reg->pf". If several ops ranges were registered against the same
protocol family, however, (which was likely if you had both ip_conntrack
and ip_contrack_* loaded) this assumption could lead to NULL list pointers
and cause a kernel panic. With this update, "wrapper->ops" is matched to
pointer values "reg", which ensures the correct entry is removed and
results in no NULL list pointers. (BZ#477147)

* when the pidmap page (used for tracking process ids, pids) incremented to
an even page (ie the second, fourth, sixth, etc. pidmap page), the
alloc_pidmap() routine skipped the page. This resulted in "holes" in the
allocated pids. For example, after pid 32767, you would expect 32768 to be
allocated. If the page skipping behavior presented, however, the pid
allocated after 32767 was 65536. With this update, alloc_pidmap() no longer
skips alternate pidmap pages and allocated pid holes no longer occur. This
fix also corrects an error which allowed pid_max to be set higher than the
pid_max limit has been corrected. (BZ#479182)

All Red Hat Enterprise Linux 4 users should upgrade to these updated
packages, which contain backported patches to resolve these issues. The
system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

474495 - CVE-2008-5700 kernel: enforce a minimum SG_IO timeout
475970 - oops in e1000_clean (list corruption due to race with e1000_down)
476533 - Read-only filesystem after 'ext3_free_blocks_sb: bit already cleared for block' errors
477147 - Kernel panic when unloading ip conntrack modules
478800 - CVE-2009-0065 kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID
479182 - RHEL4 64 bit skips all pids with bit 15 set (32768-65535, 98304-131071 etc)
479681 - oops in net_rx_action on double free of dev-&gt;poll_list
480592 - CVE-2009-0031 kernel: local denial of service in keyctl_join_session_keyring
480741 - RHEL4.8 kernel crashed in net_rx_action() on IA64 machine in RHTS connectathon test
482866 - CVE-2009-0322 kernel: dell_rbu local oops
483748 - rhel4 PV guest installations busted on rhel 5.3 i386 intel dom0

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-78.0.17.EL.src.rpm

i386:
kernel-2.6.9-78.0.17.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.17.EL.i686.rpm
kernel-devel-2.6.9-78.0.17.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.17.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.17.EL.i686.rpm
kernel-smp-2.6.9-78.0.17.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.17.EL.i686.rpm
kernel-xenU-2.6.9-78.0.17.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.17.EL.i686.rpm

ia64:
kernel-2.6.9-78.0.17.EL.ia64.rpm
kernel-debuginfo-2.6.9-78.0.17.EL.ia64.rpm
kernel-devel-2.6.9-78.0.17.EL.ia64.rpm
kernel-largesmp-2.6.9-78.0.17.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-78.0.17.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-78.0.17.EL.noarch.rpm

ppc:
kernel-2.6.9-78.0.17.EL.ppc64.rpm
kernel-2.6.9-78.0.17.EL.ppc64iseries.rpm
kernel-debuginfo-2.6.9-78.0.17.EL.ppc64.rpm
kernel-debuginfo-2.6.9-78.0.17.EL.ppc64iseries.rpm
kernel-devel-2.6.9-78.0.17.EL.ppc64.rpm
kernel-devel-2.6.9-78.0.17.EL.ppc64iseries.rpm
kernel-largesmp-2.6.9-78.0.17.EL.ppc64.rpm
kernel-largesmp-devel-2.6.9-78.0.17.EL.ppc64.rpm

s390:
kernel-2.6.9-78.0.17.EL.s390.rpm
kernel-debuginfo-2.6.9-78.0.17.EL.s390.rpm
kernel-devel-2.6.9-78.0.17.EL.s390.rpm

s390x:
kernel-2.6.9-78.0.17.EL.s390x.rpm
kernel-debuginfo-2.6.9-78.0.17.EL.s390x.rpm
kernel-devel-2.6.9-78.0.17.EL.s390x.rpm

x86_64:
kernel-2.6.9-78.0.17.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.17.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.17.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.17.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.17.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.17.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.17.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.17.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.17.EL.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-78.0.17.EL.src.rpm

i386:
kernel-2.6.9-78.0.17.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.17.EL.i686.rpm
kernel-devel-2.6.9-78.0.17.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.17.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.17.EL.i686.rpm
kernel-smp-2.6.9-78.0.17.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.17.EL.i686.rpm
kernel-xenU-2.6.9-78.0.17.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.17.EL.i686.rpm

noarch:
kernel-doc-2.6.9-78.0.17.EL.noarch.rpm

x86_64:
kernel-2.6.9-78.0.17.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.17.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.17.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.17.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.17.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.17.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.17.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.17.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.17.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-78.0.17.EL.src.rpm

i386:
kernel-2.6.9-78.0.17.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.17.EL.i686.rpm
kernel-devel-2.6.9-78.0.17.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.17.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.17.EL.i686.rpm
kernel-smp-2.6.9-78.0.17.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.17.EL.i686.rpm
kernel-xenU-2.6.9-78.0.17.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.17.EL.i686.rpm

ia64:
kernel-2.6.9-78.0.17.EL.ia64.rpm
kernel-debuginfo-2.6.9-78.0.17.EL.ia64.rpm
kernel-devel-2.6.9-78.0.17.EL.ia64.rpm
kernel-largesmp-2.6.9-78.0.17.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-78.0.17.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-78.0.17.EL.noarch.rpm

x86_64:
kernel-2.6.9-78.0.17.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.17.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.17.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.17.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.17.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.17.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.17.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.17.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.17.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-78.0.17.EL.src.rpm

i386:
kernel-2.6.9-78.0.17.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.17.EL.i686.rpm
kernel-devel-2.6.9-78.0.17.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.17.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.17.EL.i686.rpm
kernel-smp-2.6.9-78.0.17.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.17.EL.i686.rpm
kernel-xenU-2.6.9-78.0.17.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.17.EL.i686.rpm

ia64:
kernel-2.6.9-78.0.17.EL.ia64.rpm
kernel-debuginfo-2.6.9-78.0.17.EL.ia64.rpm
kernel-devel-2.6.9-78.0.17.EL.ia64.rpm
kernel-largesmp-2.6.9-78.0.17.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-78.0.17.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-78.0.17.EL.noarch.rpm

x86_64:
kernel-2.6.9-78.0.17.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.17.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.17.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.17.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.17.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.17.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.17.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.17.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.17.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5700
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0322
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2009 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFJuSG1XlSAg2UNWIIRAq4+AKC0WI0DQ5fzioWJlRaW0M yWrjS24gCfYECc
akyEDC7EwkyI0e61bLDjhVA=
=HZfD
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 

Thread Tools




All times are GMT. The time now is 09:29 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org