FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Enterprise Watch List

 
 
LinkBack Thread Tools
 
Old 03-17-2010, 02:30 AM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0147-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0147.html
Issue date: 2010-03-16
CVE Names: CVE-2009-4308 CVE-2010-0003 CVE-2010-0007
CVE-2010-0008 CVE-2010-0415 CVE-2010-0437
================================================== ===================

1. Summary:

Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security fixes:

* a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function
in the Linux kernel Stream Control Transmission Protocol (SCTP)
implementation. A remote attacker could send a specially-crafted SCTP
packet to a target system, resulting in a denial of service.
(CVE-2010-0008, Important)

* a missing boundary check was found in the do_move_pages() function in
the memory migration functionality in the Linux kernel. A local user could
use this flaw to cause a local denial of service or an information leak.
(CVE-2010-0415, Important)

* a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail()
function in the Linux kernel. An attacker on the local network could
trigger this flaw by sending IPv6 traffic to a target system, leading to a
system crash (kernel OOPS) if dst->neighbour is NULL on the target system
when receiving an IPv6 packet. (CVE-2010-0437, Important)

* a NULL pointer dereference flaw was found in the ext4 file system code in
the Linux kernel. A local attacker could use this flaw to trigger a local
denial of service by mounting a specially-crafted, journal-less ext4 file
system, if that file system forced an EROFS error. (CVE-2009-4308,
Moderate)

* an information leak was found in the print_fatal_signal() implementation
in the Linux kernel. When "/proc/sys/kernel/print-fatal-signals" is set to
1 (the default value is 0), memory that is reachable by the kernel could be
leaked to user-space. This issue could also result in a system crash. Note
that this flaw only affected the i386 architecture. (CVE-2010-0003,
Moderate)

* missing capability checks were found in the ebtables implementation, used
for creating an Ethernet bridge firewall. This could allow a local,
unprivileged user to bypass intended capability restrictions and modify
ebtables rules. (CVE-2010-0007, Low)

Bug fixes:

* a bug prevented Wake on LAN (WoL) being enabled on certain Intel
hardware. (BZ#543449)

* a race issue in the Journaling Block Device. (BZ#553132)

* programs compiled on x86, and that also call sched_rr_get_interval(),
were silently corrupted when run on 64-bit systems. (BZ#557684)

* the RHSA-2010:0019 update introduced a regression, preventing WoL from
working for network devices using the e1000e driver. (BZ#559335)

* adding a bonding interface in mode balance-alb to a bridge was not
functional. (BZ#560588)

* some KVM (Kernel-based Virtual Machine) guests experienced slow
performance (and possibly a crash) after suspend/resume. (BZ#560640)

* on some systems, VF cannot be enabled in dom0. (BZ#560665)

* on systems with certain network cards, a system crash occurred after
enabling GRO. (BZ#561417)

* for x86 KVM guests with pvclock enabled, the boot clocks were registered
twice, possibly causing KVM to write data to a random memory area during
the guest's life. (BZ#561454)

* serious performance degradation for 32-bit applications, that map (mmap)
thousands of small files, when run on a 64-bit system. (BZ#562746)

* improved kexec/kdump handling. Previously, on some systems under heavy
load, kexec/kdump was not functional. (BZ#562772)

* dom0 was unable to boot when using the Xen hypervisor on a system with a
large number of logical CPUs. (BZ#562777)

* a fix for a bug that could potentially cause file system corruption.
(BZ#564281)

* a bug caused infrequent cluster issues for users of GFS2. (BZ#564288)

* gfs2_delete_inode failed on read-only file systems. (BZ#564290)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

547255 - CVE-2009-4308 kernel: ext4: Avoid null pointer dereference when decoding EROFS w/o a journal
553132 - [Patch] jbd slab cache creation/deletion is racey [rhel-5.4.z]
554578 - CVE-2010-0003 kernel: infoleak if print-fatal-signals=1
555238 - CVE-2010-0007 kernel: netfilter: ebtables: enforce CAP_NET_ADMIN
555658 - CVE-2010-0008 kernel: sctp remote denial of service
557684 - [5.4] sched_rr_get_interval() destroys user data in 32-bit compat mode. [rhel-5.4.z]
559335 - e1000e: wol is broken on 2.6.18-185.el5 [rhel-5.4.z]
560588 - Adding bonding in balance-alb mode to bridge causes host network connectivity to be lost [rhel-5.4.z]
560640 - Call trace error display when resume from suspend to disk (ide block) - pvclock related [rhel-5.4.z]
560665 - [SR-IOV] VF can not be enabled in Dom0 [rhel-5.4.z]
561417 - Kernel panic when using GRO through ixgbe driver and xen bridge [rhel-5.4.z]
561454 - kvm pvclock on i386 suffers from double registering [rhel-5.4.z]
562582 - CVE-2010-0415 kernel: sys_move_pages infoleak
562746 - Strange vm performance degradation moving 32 bit app from RHEL 4.6 32bit to 5.4 64bit [rhel-5.4.z]
562772 - 5.5 - cciss backport some upstream bits to improve kexec/kdump [rhel-5.4.z]
562777 - [RHEL5 Xen] EXPERIMENTAL EX/MC: Dom0 soft lockups on >64-way system from hard-virt patches [rhel-5.4.z]
563781 - CVE-2010-0437 kernel: ipv6: fix ip6_dst_lookup_tail() NULL pointer dereference
564281 - Please implement upstream fix for potential filesystem corruption bug [rhel-5.4.z]
564288 - GFS2 Filesystem Withdrawal: fatal: invalid metadata block [rhel-5.4.z]
564290 - 1916556 - GFS2 gfs2_delete_inode failing on RO filesystem [rhel-5.4.z]

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-164.15.1.el5.src.rpm

i386:
kernel-2.6.18-164.15.1.el5.i686.rpm
kernel-PAE-2.6.18-164.15.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-164.15.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-164.15.1.el5.i686.rpm
kernel-debug-2.6.18-164.15.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-164.15.1.el5.i686.rpm
kernel-debug-devel-2.6.18-164.15.1.el5.i686.rpm
kernel-debuginfo-2.6.18-164.15.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-164.15.1.el5.i686.rpm
kernel-devel-2.6.18-164.15.1.el5.i686.rpm
kernel-headers-2.6.18-164.15.1.el5.i386.rpm
kernel-xen-2.6.18-164.15.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-164.15.1.el5.i686.rpm
kernel-xen-devel-2.6.18-164.15.1.el5.i686.rpm

noarch:
kernel-doc-2.6.18-164.15.1.el5.noarch.rpm

x86_64:
kernel-2.6.18-164.15.1.el5.x86_64.rpm
kernel-debug-2.6.18-164.15.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-164.15.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-164.15.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-164.15.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-164.15.1.el5.x86_64.rpm
kernel-devel-2.6.18-164.15.1.el5.x86_64.rpm
kernel-headers-2.6.18-164.15.1.el5.x86_64.rpm
kernel-xen-2.6.18-164.15.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-164.15.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-164.15.1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-164.15.1.el5.src.rpm

i386:
kernel-2.6.18-164.15.1.el5.i686.rpm
kernel-PAE-2.6.18-164.15.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-164.15.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-164.15.1.el5.i686.rpm
kernel-debug-2.6.18-164.15.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-164.15.1.el5.i686.rpm
kernel-debug-devel-2.6.18-164.15.1.el5.i686.rpm
kernel-debuginfo-2.6.18-164.15.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-164.15.1.el5.i686.rpm
kernel-devel-2.6.18-164.15.1.el5.i686.rpm
kernel-headers-2.6.18-164.15.1.el5.i386.rpm
kernel-xen-2.6.18-164.15.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-164.15.1.el5.i686.rpm
kernel-xen-devel-2.6.18-164.15.1.el5.i686.rpm

ia64:
kernel-2.6.18-164.15.1.el5.ia64.rpm
kernel-debug-2.6.18-164.15.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-164.15.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-164.15.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-164.15.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-164.15.1.el5.ia64.rpm
kernel-devel-2.6.18-164.15.1.el5.ia64.rpm
kernel-headers-2.6.18-164.15.1.el5.ia64.rpm
kernel-xen-2.6.18-164.15.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-164.15.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-164.15.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-164.15.1.el5.noarch.rpm

ppc:
kernel-2.6.18-164.15.1.el5.ppc64.rpm
kernel-debug-2.6.18-164.15.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-164.15.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-164.15.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-164.15.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-164.15.1.el5.ppc64.rpm
kernel-devel-2.6.18-164.15.1.el5.ppc64.rpm
kernel-headers-2.6.18-164.15.1.el5.ppc.rpm
kernel-headers-2.6.18-164.15.1.el5.ppc64.rpm
kernel-kdump-2.6.18-164.15.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-164.15.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-164.15.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-164.15.1.el5.s390x.rpm
kernel-debug-2.6.18-164.15.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-164.15.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-164.15.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-164.15.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-164.15.1.el5.s390x.rpm
kernel-devel-2.6.18-164.15.1.el5.s390x.rpm
kernel-headers-2.6.18-164.15.1.el5.s390x.rpm
kernel-kdump-2.6.18-164.15.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-164.15.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-164.15.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-164.15.1.el5.x86_64.rpm
kernel-debug-2.6.18-164.15.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-164.15.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-164.15.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-164.15.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-164.15.1.el5.x86_64.rpm
kernel-devel-2.6.18-164.15.1.el5.x86_64.rpm
kernel-headers-2.6.18-164.15.1.el5.x86_64.rpm
kernel-xen-2.6.18-164.15.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-164.15.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-164.15.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-4308.html
https://www.redhat.com/security/data/cve/CVE-2010-0003.html
https://www.redhat.com/security/data/cve/CVE-2010-0007.html
https://www.redhat.com/security/data/cve/CVE-2010-0008.html
https://www.redhat.com/security/data/cve/CVE-2010-0415.html
https://www.redhat.com/security/data/cve/CVE-2010-0437.html
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLoEyyXlSAg2UNWIIRAvflAJsEoPULkoHoW6J3ww40pY 67AeH5GgCfRAqI
RLQD6oYwCLZPptzp6TyEmHw=
=JQ+a
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 03-17-2010, 02:30 AM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0146-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0146.html
Issue date: 2010-03-16
CVE Names: CVE-2009-4271 CVE-2010-0003 CVE-2010-0007
CVE-2010-0008 CVE-2010-0307
================================================== ===================

1. Summary:

Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function
in the Linux kernel Stream Control Transmission Protocol (SCTP)
implementation. A remote attacker could send a specially-crafted SCTP
packet to a target system, resulting in a denial of service.
(CVE-2010-0008, Important)

* a NULL pointer dereference flaw was found in the Linux kernel. During a
core dump, the kernel did not check if the Virtual Dynamically-linked
Shared Object page was accessible. On Intel 64 and AMD64 systems, a local,
unprivileged user could use this flaw to cause a kernel panic by running a
crafted 32-bit application. (CVE-2009-4271, Important)

* an information leak was found in the print_fatal_signal() implementation
in the Linux kernel. When "/proc/sys/kernel/print-fatal-signals" is set to
1 (the default value is 0), memory that is reachable by the kernel could be
leaked to user-space. This issue could also result in a system crash. Note
that this flaw only affected the i386 architecture. (CVE-2010-0003,
Moderate)

* on AMD64 systems, it was discovered that the kernel did not ensure the
ELF interpreter was available before making a call to the SET_PERSONALITY
macro. A local attacker could use this flaw to cause a denial of service by
running a 32-bit application that attempts to execute a 64-bit application.
(CVE-2010-0307, Moderate)

* missing capability checks were found in the ebtables implementation, used
for creating an Ethernet bridge firewall. This could allow a local,
unprivileged user to bypass intended capability restrictions and modify
ebtables rules. (CVE-2010-0007, Low)

This update also fixes the following bugs:

* under some circumstances, a locking bug could have caused an online ext3
file system resize to deadlock, which may have, in turn, caused the file
system or the entire system to become unresponsive. In either case, a
reboot was required after the deadlock. With this update, using resize2fs
to perform an online resize of an ext3 file system works as expected.
(BZ#553135)

* some ATA and SCSI devices were not honoring the barrier=1 mount option,
which could result in data loss after a crash or power loss. This update
applies a patch to the Linux SCSI driver to ensure ordered write caching.
This solution does not provide cache flushes; however, it does provide
data integrity on devices that have no write caching (or where write
caching is disabled) and no command queuing. For systems that have command
queuing or write cache enabled there is no guarantee of data integrity
after a crash. (BZ#560563)

* it was found that lpfc_find_target() could loop continuously when
scanning a list of nodes due to a missing spinlock. This missing spinlock
allowed the list to be changed after the list_empty() test, resulting in a
NULL value, causing the loop. This update adds the spinlock, resolving the
issue. (BZ#561453)

* the fix for CVE-2009-4538 provided by RHSA-2010:0020 introduced a
regression, preventing Wake on LAN (WoL) working for network devices using
the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for
such devices resulted in the following error, even when configuring valid
options:

"Cannot set new wake-on-lan settings: Operation not supported
not setting wol"

This update resolves this regression, and WoL now works as expected for
network devices using the e1000e driver. (BZ#565496)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

548876 - CVE-2009-4271 kernel: 32bit process on 64bit system can trigger a kernel panic
553135 - ext2online resize hangs [rhel-4.8.z]
554578 - CVE-2010-0003 kernel: infoleak if print-fatal-signals=1
555238 - CVE-2010-0007 kernel: netfilter: ebtables: enforce CAP_NET_ADMIN
555658 - CVE-2010-0008 kernel: sctp remote denial of service
560547 - CVE-2010-0307 kernel: DoS on x86_64
560563 - Write barrier operations not working for libata and general SCSI disks [rhel-4.8.z]
561453 - [Emulex 4.9 bug] lpfc driver doesn't acquire lock when searching hba for target [rhel-4.8.z]
565496 - e1000e: wol is broken in kernel 2.6.9-89.19 [rhel-4.8.z]

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-89.0.23.EL.src.rpm

i386:
kernel-2.6.9-89.0.23.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.i686.rpm
kernel-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.i686.rpm

ia64:
kernel-2.6.9-89.0.23.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.ia64.rpm
kernel-devel-2.6.9-89.0.23.EL.ia64.rpm
kernel-largesmp-2.6.9-89.0.23.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-89.0.23.EL.noarch.rpm

ppc:
kernel-2.6.9-89.0.23.EL.ppc64.rpm
kernel-2.6.9-89.0.23.EL.ppc64iseries.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.ppc64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.ppc64iseries.rpm
kernel-devel-2.6.9-89.0.23.EL.ppc64.rpm
kernel-devel-2.6.9-89.0.23.EL.ppc64iseries.rpm
kernel-largesmp-2.6.9-89.0.23.EL.ppc64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.ppc64.rpm

s390:
kernel-2.6.9-89.0.23.EL.s390.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.s390.rpm
kernel-devel-2.6.9-89.0.23.EL.s390.rpm

s390x:
kernel-2.6.9-89.0.23.EL.s390x.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.s390x.rpm
kernel-devel-2.6.9-89.0.23.EL.s390x.rpm

x86_64:
kernel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-89.0.23.EL.src.rpm

i386:
kernel-2.6.9-89.0.23.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.i686.rpm
kernel-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.i686.rpm

noarch:
kernel-doc-2.6.9-89.0.23.EL.noarch.rpm

x86_64:
kernel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-89.0.23.EL.src.rpm

i386:
kernel-2.6.9-89.0.23.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.i686.rpm
kernel-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.i686.rpm

ia64:
kernel-2.6.9-89.0.23.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.ia64.rpm
kernel-devel-2.6.9-89.0.23.EL.ia64.rpm
kernel-largesmp-2.6.9-89.0.23.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-89.0.23.EL.noarch.rpm

x86_64:
kernel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-89.0.23.EL.src.rpm

i386:
kernel-2.6.9-89.0.23.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.i686.rpm
kernel-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.i686.rpm

ia64:
kernel-2.6.9-89.0.23.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.ia64.rpm
kernel-devel-2.6.9-89.0.23.EL.ia64.rpm
kernel-largesmp-2.6.9-89.0.23.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-89.0.23.EL.noarch.rpm

x86_64:
kernel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-4271.html
https://www.redhat.com/security/data/cve/CVE-2010-0003.html
https://www.redhat.com/security/data/cve/CVE-2010-0007.html
https://www.redhat.com/security/data/cve/CVE-2010-0008.html
https://www.redhat.com/security/data/cve/CVE-2010-0307.html
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLoEzRXlSAg2UNWIIRAhx+AKCTPAIwNCqfILjnZt+fwf zoArW+4QCgmelm
QKdBpGNpm+cVgt2kXHnbdMU=
=cwST
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 03-17-2010, 02:30 AM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0148-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0148.html
Issue date: 2010-03-16
CVE Names: CVE-2010-0008 CVE-2010-0437
================================================== ===================

1. Summary:

Updated kernel packages that fix two security issues and several bugs are
now available for Red Hat Enterprise Linux 5.2 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5.2.z server) - i386, ia64, noarch, ppc, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function
in the Linux kernel Stream Control Transmission Protocol (SCTP)
implementation. A remote attacker could send a specially-crafted SCTP
packet to a target system, resulting in a denial of service.
(CVE-2010-0008, Important)

* a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail()
function in the Linux kernel. An attacker on the local network could
trigger this flaw by sending IPv6 traffic to a target system, leading to a
system crash (kernel OOPS) if dst->neighbour is NULL on the target system
when receiving an IPv6 packet. (CVE-2010-0437, Important)

This update also fixes the following bugs:

* programs compiled on x86, and that also call sched_rr_get_interval(),
were silently corrupted when run on 64-bit systems. With this update, when
such programs attempt to call sched_rr_get_interval() on 64-bit systems,
sys32_sched_rr_get_interval() is called instead, which resolves this issue.
(BZ#557682)

* the fix for CVE-2009-4538 provided by RHSA-2010:0079 introduced a
regression, preventing Wake on LAN (WoL) working for network devices using
the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for
such devices resulted in the following error, even when configuring valid
options:

"Cannot set new wake-on-lan settings: Operation not supported
not setting wol"

This update resolves this regression, and WoL now works as expected for
network devices using the e1000e driver. (BZ#559333)

* a number of bugs have been fixed in the copy_user routines for Intel 64
and AMD64 systems, one of which could have possibly led to data corruption.
(BZ#568305)

* on some systems, a race condition in the inode-based file event
notifications implementation caused soft lockups and the following
messages:

"BUG: warning at fs/inotify.c:181/set_dentry_child_flags()"
"BUG: soft lockup - CPU#[x] stuck for 10s!"

This update resolves this race condition, and also removes the inotify
debugging code from the kernel, due to race conditions in that code.
(BZ#568662)

* if a program that calls posix_fadvise() were compiled on x86, and then
run on a 64-bit system, that program could experience various problems,
including performance issues and the call to posix_fadvise() failing,
causing the program to not run as expected or even abort. With this update,
when such programs attempt to call posix_fadvise() on 64-bit systems,
sys32_fadvise64() is called instead, which resolves this issue. This update
also fixes other 32-bit system calls that were mistakenly called on 64-bit
systems (including systems running the kernel-xen kernel). (BZ#569595)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

555658 - CVE-2010-0008 kernel: sctp remote denial of service
557682 - [5.4] sched_rr_get_interval() destroys user data in 32-bit compat mode. [rhel-5.2.z]
559333 - e1000e: wol is broken on 2.6.18-185.el5 [rhel-5.2.z]
563781 - CVE-2010-0437 kernel: ipv6: fix ip6_dst_lookup_tail() NULL pointer dereference
568305 - [x86_64]: copy_user_c can zero more data than needed [rhel-5.2.z]
568662 - CRM 1908390 - BUG: warning at fs/inotify.c:181/set_dentry_child_flags() [rhel-5.2.z]
569595 - posix_fadvise() handles its arguments incorrectly in 32-bit compat mode. [rhel-5.2.z]

6. Package List:

Red Hat Enterprise Linux (v. 5.2.z server):

Source:
kernel-2.6.18-92.1.38.el5.src.rpm

i386:
kernel-2.6.18-92.1.38.el5.i686.rpm
kernel-PAE-2.6.18-92.1.38.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-92.1.38.el5.i686.rpm
kernel-PAE-devel-2.6.18-92.1.38.el5.i686.rpm
kernel-debug-2.6.18-92.1.38.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-92.1.38.el5.i686.rpm
kernel-debug-devel-2.6.18-92.1.38.el5.i686.rpm
kernel-debuginfo-2.6.18-92.1.38.el5.i686.rpm
kernel-debuginfo-common-2.6.18-92.1.38.el5.i686.rpm
kernel-devel-2.6.18-92.1.38.el5.i686.rpm
kernel-headers-2.6.18-92.1.38.el5.i386.rpm
kernel-xen-2.6.18-92.1.38.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-92.1.38.el5.i686.rpm
kernel-xen-devel-2.6.18-92.1.38.el5.i686.rpm

ia64:
kernel-2.6.18-92.1.38.el5.ia64.rpm
kernel-debug-2.6.18-92.1.38.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-92.1.38.el5.ia64.rpm
kernel-debug-devel-2.6.18-92.1.38.el5.ia64.rpm
kernel-debuginfo-2.6.18-92.1.38.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-92.1.38.el5.ia64.rpm
kernel-devel-2.6.18-92.1.38.el5.ia64.rpm
kernel-headers-2.6.18-92.1.38.el5.ia64.rpm
kernel-xen-2.6.18-92.1.38.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-92.1.38.el5.ia64.rpm
kernel-xen-devel-2.6.18-92.1.38.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-92.1.38.el5.noarch.rpm

ppc:
kernel-2.6.18-92.1.38.el5.ppc64.rpm
kernel-debug-2.6.18-92.1.38.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-92.1.38.el5.ppc64.rpm
kernel-debug-devel-2.6.18-92.1.38.el5.ppc64.rpm
kernel-debuginfo-2.6.18-92.1.38.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-92.1.38.el5.ppc64.rpm
kernel-devel-2.6.18-92.1.38.el5.ppc64.rpm
kernel-headers-2.6.18-92.1.38.el5.ppc.rpm
kernel-headers-2.6.18-92.1.38.el5.ppc64.rpm
kernel-kdump-2.6.18-92.1.38.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-92.1.38.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-92.1.38.el5.ppc64.rpm

s390x:
kernel-2.6.18-92.1.38.el5.s390x.rpm
kernel-debug-2.6.18-92.1.38.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-92.1.38.el5.s390x.rpm
kernel-debug-devel-2.6.18-92.1.38.el5.s390x.rpm
kernel-debuginfo-2.6.18-92.1.38.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-92.1.38.el5.s390x.rpm
kernel-devel-2.6.18-92.1.38.el5.s390x.rpm
kernel-headers-2.6.18-92.1.38.el5.s390x.rpm
kernel-kdump-2.6.18-92.1.38.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-92.1.38.el5.s390x.rpm
kernel-kdump-devel-2.6.18-92.1.38.el5.s390x.rpm

x86_64:
kernel-2.6.18-92.1.38.el5.x86_64.rpm
kernel-debug-2.6.18-92.1.38.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-92.1.38.el5.x86_64.rpm
kernel-debug-devel-2.6.18-92.1.38.el5.x86_64.rpm
kernel-debuginfo-2.6.18-92.1.38.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-92.1.38.el5.x86_64.rpm
kernel-devel-2.6.18-92.1.38.el5.x86_64.rpm
kernel-headers-2.6.18-92.1.38.el5.x86_64.rpm
kernel-xen-2.6.18-92.1.38.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-92.1.38.el5.x86_64.rpm
kernel-xen-devel-2.6.18-92.1.38.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-0008.html
https://www.redhat.com/security/data/cve/CVE-2010-0437.html
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLoEzdXlSAg2UNWIIRAjt9AJ4sV1X4t8cYdcxFkDI3GW fPfzt5rwCfVJ02
w7vdCwUu11Bv636Ufeuqvm8=
=bQqu
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 03-17-2010, 03:05 AM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0149-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0149.html
Issue date: 2010-03-16
CVE Names: CVE-2009-4141 CVE-2010-0008 CVE-2010-0437
================================================== ===================

1. Summary:

Updated kernel packages that fix three security issues and multiple bugs
are now available for Red Hat Enterprise Linux 5.3 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5.3.z server) - i386, ia64, noarch, ppc, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* a deficiency was found in the fasync_helper() implementation. This could
allow a local, unprivileged user to leverage a use-after-free of locked,
asynchronous file descriptors to cause a denial of service or privilege
escalation. (CVE-2009-4141, Important)

* a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function
in the Linux kernel Stream Control Transmission Protocol (SCTP)
implementation. A remote attacker could send a specially-crafted SCTP
packet to a target system, resulting in a denial of service.
(CVE-2010-0008, Important)

* a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail()
function in the Linux kernel. An attacker on the local network could
trigger this flaw by sending IPv6 traffic to a target system, leading to a
system crash (kernel OOPS) if dst->neighbour is NULL on the target system
when receiving an IPv6 packet. (CVE-2010-0437, Important)

This update also fixes the following bugs:

* programs compiled on x86, and that also call sched_rr_get_interval(),
were silently corrupted when run on 64-bit systems. With this update, when
such programs attempt to call sched_rr_get_interval() on 64-bit systems,
sys32_sched_rr_get_interval() is called instead, which resolves this issue.
(BZ#557683)

* the fix for CVE-2009-4538 provided by RHSA-2010:0053 introduced a
regression, preventing Wake on LAN (WoL) working for network devices using
the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for
such devices resulted in the following error, even when configuring valid
options:

"Cannot set new wake-on-lan settings: Operation not supported
not setting wol"

This update resolves this regression, and WoL now works as expected for
network devices using the e1000e driver. (BZ#559334)

* a number of bugs have been fixed in the copy_user routines for Intel 64
and AMD64 systems, one of which could have possibly led to data corruption.
(BZ#568307)

* on some systems, a race condition in the inode-based file event
notifications implementation caused soft lockups and the following
messages:

"BUG: warning at fs/inotify.c:181/set_dentry_child_flags()"
"BUG: soft lockup - CPU#[x] stuck for 10s!"

This update resolves this race condition, and also removes the inotify
debugging code from the kernel, due to race conditions in that code.
(BZ#568663)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

547906 - CVE-2009-4141 kernel: create_elf_tables can leave urandom in a bad state
555658 - CVE-2010-0008 kernel: sctp remote denial of service
557683 - [5.4] sched_rr_get_interval() destroys user data in 32-bit compat mode. [rhel-5.3.z]
559334 - e1000e: wol is broken on 2.6.18-185.el5 [rhel-5.3.z]
563781 - CVE-2010-0437 kernel: ipv6: fix ip6_dst_lookup_tail() NULL pointer dereference
568307 - [x86_64]: copy_user_c can zero more data than needed [rhel-5.3.z]
568663 - CRM 1908390 - BUG: warning at fs/inotify.c:181/set_dentry_child_flags() [rhel-5.3.z]

6. Package List:

Red Hat Enterprise Linux (v. 5.3.z server):

Source:
kernel-2.6.18-128.14.1.el5.src.rpm

i386:
kernel-2.6.18-128.14.1.el5.i686.rpm
kernel-PAE-2.6.18-128.14.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-128.14.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-128.14.1.el5.i686.rpm
kernel-debug-2.6.18-128.14.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-128.14.1.el5.i686.rpm
kernel-debug-devel-2.6.18-128.14.1.el5.i686.rpm
kernel-debuginfo-2.6.18-128.14.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-128.14.1.el5.i686.rpm
kernel-devel-2.6.18-128.14.1.el5.i686.rpm
kernel-headers-2.6.18-128.14.1.el5.i386.rpm
kernel-xen-2.6.18-128.14.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-128.14.1.el5.i686.rpm
kernel-xen-devel-2.6.18-128.14.1.el5.i686.rpm

ia64:
kernel-2.6.18-128.14.1.el5.ia64.rpm
kernel-debug-2.6.18-128.14.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-128.14.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-128.14.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-128.14.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-128.14.1.el5.ia64.rpm
kernel-devel-2.6.18-128.14.1.el5.ia64.rpm
kernel-headers-2.6.18-128.14.1.el5.ia64.rpm
kernel-xen-2.6.18-128.14.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-128.14.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-128.14.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-128.14.1.el5.noarch.rpm

ppc:
kernel-2.6.18-128.14.1.el5.ppc64.rpm
kernel-debug-2.6.18-128.14.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-128.14.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-128.14.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-128.14.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-128.14.1.el5.ppc64.rpm
kernel-devel-2.6.18-128.14.1.el5.ppc64.rpm
kernel-headers-2.6.18-128.14.1.el5.ppc.rpm
kernel-headers-2.6.18-128.14.1.el5.ppc64.rpm
kernel-kdump-2.6.18-128.14.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-128.14.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-128.14.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-128.14.1.el5.s390x.rpm
kernel-debug-2.6.18-128.14.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-128.14.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-128.14.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-128.14.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-128.14.1.el5.s390x.rpm
kernel-devel-2.6.18-128.14.1.el5.s390x.rpm
kernel-headers-2.6.18-128.14.1.el5.s390x.rpm
kernel-kdump-2.6.18-128.14.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-128.14.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-128.14.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-128.14.1.el5.x86_64.rpm
kernel-debug-2.6.18-128.14.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-128.14.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-128.14.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-128.14.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-128.14.1.el5.x86_64.rpm
kernel-devel-2.6.18-128.14.1.el5.x86_64.rpm
kernel-headers-2.6.18-128.14.1.el5.x86_64.rpm
kernel-xen-2.6.18-128.14.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-128.14.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-128.14.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-4141.html
https://www.redhat.com/security/data/cve/CVE-2010-0008.html
https://www.redhat.com/security/data/cve/CVE-2010-0437.html
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLoFUAXlSAg2UNWIIRAsMKAJsHHELEbCa7B/xil2chhTIlvC8TNQCdHWZY
VDIUwbHPU9NdZ0/mJObJQ/s=
=rNtZ
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 04-06-2010, 11:11 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0342-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0342.html
Issue date: 2010-04-06
CVE Names: CVE-2010-0008
================================================== ===================

1. Summary:

Updated kernel packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 4.7 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4.7.z - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux ES version 4.7.z - i386, ia64, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* a flaw was found in the sctp_rcv_ootb() function in the Linux kernel
Stream Control Transmission Protocol (SCTP) implementation. A remote
attacker could send a specially-crafted SCTP packet to a target system,
resulting in a denial of service. (CVE-2010-0008, Important)

This update also fixes the following bug:

* the fix for CVE-2009-4538 provided by RHSA-2010:0111 introduced a
regression, preventing Wake on LAN (WoL) working for network devices using
the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for
such devices resulted in the following error, even when configuring valid
options:

"Cannot set new wake-on-lan settings: Operation not supported not
setting wol"

This update resolves this regression, and WoL now works as expected for
network devices using the e1000e driver. (BZ#565495)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

555658 - CVE-2010-0008 kernel: sctp remote denial of service
565495 - e1000e: wol is broken in kernel 2.6.9-89.19 [rhel-4.7.z]

6. Package List:

Red Hat Enterprise Linux AS version 4.7.z:

Source:
kernel-2.6.9-78.0.30.EL.src.rpm
kernel-2.6.9-78.0.30.EL.src.rpm

i386:
kernel-2.6.9-78.0.30.EL.i686.rpm
kernel-2.6.9-78.0.30.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.30.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.30.EL.i686.rpm
kernel-devel-2.6.9-78.0.30.EL.i686.rpm
kernel-devel-2.6.9-78.0.30.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.30.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.30.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.30.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.30.EL.i686.rpm
kernel-smp-2.6.9-78.0.30.EL.i686.rpm
kernel-smp-2.6.9-78.0.30.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.30.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.30.EL.i686.rpm
kernel-xenU-2.6.9-78.0.30.EL.i686.rpm
kernel-xenU-2.6.9-78.0.30.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.30.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.30.EL.i686.rpm

ia64:
kernel-2.6.9-78.0.30.EL.ia64.rpm
kernel-2.6.9-78.0.30.EL.ia64.rpm
kernel-debuginfo-2.6.9-78.0.30.EL.ia64.rpm
kernel-debuginfo-2.6.9-78.0.30.EL.ia64.rpm
kernel-devel-2.6.9-78.0.30.EL.ia64.rpm
kernel-devel-2.6.9-78.0.30.EL.ia64.rpm
kernel-largesmp-2.6.9-78.0.30.EL.ia64.rpm
kernel-largesmp-2.6.9-78.0.30.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-78.0.30.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-78.0.30.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-78.0.30.EL.noarch.rpm
kernel-doc-2.6.9-78.0.30.EL.noarch.rpm

ppc:
kernel-2.6.9-78.0.30.EL.ppc64.rpm
kernel-2.6.9-78.0.30.EL.ppc64.rpm
kernel-2.6.9-78.0.30.EL.ppc64iseries.rpm
kernel-2.6.9-78.0.30.EL.ppc64iseries.rpm
kernel-debuginfo-2.6.9-78.0.30.EL.ppc64.rpm
kernel-debuginfo-2.6.9-78.0.30.EL.ppc64.rpm
kernel-debuginfo-2.6.9-78.0.30.EL.ppc64iseries.rpm
kernel-debuginfo-2.6.9-78.0.30.EL.ppc64iseries.rpm
kernel-devel-2.6.9-78.0.30.EL.ppc64.rpm
kernel-devel-2.6.9-78.0.30.EL.ppc64.rpm
kernel-devel-2.6.9-78.0.30.EL.ppc64iseries.rpm
kernel-devel-2.6.9-78.0.30.EL.ppc64iseries.rpm
kernel-largesmp-2.6.9-78.0.30.EL.ppc64.rpm
kernel-largesmp-2.6.9-78.0.30.EL.ppc64.rpm
kernel-largesmp-devel-2.6.9-78.0.30.EL.ppc64.rpm
kernel-largesmp-devel-2.6.9-78.0.30.EL.ppc64.rpm

s390:
kernel-2.6.9-78.0.30.EL.s390.rpm
kernel-2.6.9-78.0.30.EL.s390.rpm
kernel-debuginfo-2.6.9-78.0.30.EL.s390.rpm
kernel-debuginfo-2.6.9-78.0.30.EL.s390.rpm
kernel-devel-2.6.9-78.0.30.EL.s390.rpm
kernel-devel-2.6.9-78.0.30.EL.s390.rpm

s390x:
kernel-2.6.9-78.0.30.EL.s390x.rpm
kernel-2.6.9-78.0.30.EL.s390x.rpm
kernel-debuginfo-2.6.9-78.0.30.EL.s390x.rpm
kernel-debuginfo-2.6.9-78.0.30.EL.s390x.rpm
kernel-devel-2.6.9-78.0.30.EL.s390x.rpm
kernel-devel-2.6.9-78.0.30.EL.s390x.rpm

x86_64:
kernel-2.6.9-78.0.30.EL.x86_64.rpm
kernel-2.6.9-78.0.30.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.30.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.30.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.30.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.30.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.30.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.30.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.30.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.30.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.30.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.30.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.30.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.30.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.30.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.30.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.30.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.30.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 4.7.z:

Source:
kernel-2.6.9-78.0.30.EL.src.rpm
kernel-2.6.9-78.0.30.EL.src.rpm

i386:
kernel-2.6.9-78.0.30.EL.i686.rpm
kernel-2.6.9-78.0.30.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.30.EL.i686.rpm
kernel-debuginfo-2.6.9-78.0.30.EL.i686.rpm
kernel-devel-2.6.9-78.0.30.EL.i686.rpm
kernel-devel-2.6.9-78.0.30.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.30.EL.i686.rpm
kernel-hugemem-2.6.9-78.0.30.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.30.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.30.EL.i686.rpm
kernel-smp-2.6.9-78.0.30.EL.i686.rpm
kernel-smp-2.6.9-78.0.30.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.30.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.30.EL.i686.rpm
kernel-xenU-2.6.9-78.0.30.EL.i686.rpm
kernel-xenU-2.6.9-78.0.30.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.30.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.30.EL.i686.rpm

ia64:
kernel-2.6.9-78.0.30.EL.ia64.rpm
kernel-2.6.9-78.0.30.EL.ia64.rpm
kernel-debuginfo-2.6.9-78.0.30.EL.ia64.rpm
kernel-debuginfo-2.6.9-78.0.30.EL.ia64.rpm
kernel-devel-2.6.9-78.0.30.EL.ia64.rpm
kernel-devel-2.6.9-78.0.30.EL.ia64.rpm
kernel-largesmp-2.6.9-78.0.30.EL.ia64.rpm
kernel-largesmp-2.6.9-78.0.30.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-78.0.30.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-78.0.30.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-78.0.30.EL.noarch.rpm
kernel-doc-2.6.9-78.0.30.EL.noarch.rpm

x86_64:
kernel-2.6.9-78.0.30.EL.x86_64.rpm
kernel-2.6.9-78.0.30.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.30.EL.x86_64.rpm
kernel-debuginfo-2.6.9-78.0.30.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.30.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.30.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.30.EL.x86_64.rpm
kernel-largesmp-2.6.9-78.0.30.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.30.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.30.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.30.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.30.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.30.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.30.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.30.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.30.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.30.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.30.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-0008.html
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLu79uXlSAg2UNWIIRAjsDAJ9UcS8xM09U/gVqvv5UgUAVDUVw5wCgud8b
AtNNUqUKZBKAegR195M0bpc=
=Lq0B
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 04-27-2010, 01:01 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0380-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0380.html
Issue date: 2010-04-27
CVE Names: CVE-2009-4027 CVE-2009-4307 CVE-2010-0727
CVE-2010-1188
================================================== ===================

1. Summary:

Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 5.4 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5.4.z server) - i386, ia64, noarch, ppc, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security fixes:

* a race condition was found in the mac80211 implementation, a framework
used for writing drivers for wireless devices. An attacker could trigger
this flaw by sending a Delete Block ACK (DELBA) packet to a target system,
resulting in a remote denial of service. Note: This issue only affected
users on 802.11n networks, and that also use the iwlagn driver with Intel
wireless hardware. (CVE-2009-4027, Important)

* a use-after-free flaw was found in the tcp_rcv_state_process() function
in the Linux kernel TCP/IP protocol suite implementation. If a system using
IPv6 had the IPV6_RECVPKTINFO option set on a listening socket, a remote
attacker could send an IPv6 packet to that system, causing a kernel panic
(denial of service). (CVE-2010-1188, Important)

* a flaw was found in the gfs2_lock() implementation. The GFS2 locking code
could skip the lock operation for files that have the S_ISGID bit
(set-group-ID on execution) in their mode set. A local, unprivileged user
on a system that has a GFS2 file system mounted could use this flaw to
cause a kernel panic (denial of service). (CVE-2010-0727, Moderate)

* a divide-by-zero flaw was found in the ext4 file system code. A local
attacker could use this flaw to cause a denial of service by mounting a
specially-crafted ext4 file system. (CVE-2009-4307, Low)

Bug fixes:

* if a program that calls posix_fadvise() were compiled on x86, and then
run on a 64-bit system, that program could experience various problems,
including performance issues and the call to posix_fadvise() failing,
causing the program to not run as expected or even abort. With this update,
when such programs attempt to call posix_fadvise() on 64-bit systems,
sys32_fadvise64() is called instead, which resolves this issue. This update
also fixes other 32-bit system calls that were mistakenly called on 64-bit
systems (including systems running the kernel-xen kernel). (BZ#569597)

* on some systems able to set a P-State limit via the BIOS, it was not
possible to set the limit to a higher frequency if the system was rebooted
while a low limit was set:
"/sys/devices/system/cpu/cpu[x]/cpufreq/scaling_max_freq" would retain the
low limit in these situations. With this update, limits are correctly set,
even after being changed after a system reboot. (BZ#569727)

* certain Intel ICH hardware (using the e1000e driver) has an NFS filtering
capability that did not work as expected, causing memory corruption, which
could lead to kernel panics, or other unexpected behavior. In a reported
case, a panic occurred when running NFS connection tests. This update
resolves this issue by disabling the filtering capability. (BZ#569797)

* if "open(/proc/[PID]/[xxxx])" was called at the same time the process was
exiting, the call would fail with an EINVAL error (an incorrect error for
this situation). With this update, the correct error, ENOENT, is returned
in this situation. (BZ#571362)

* multiqueue is used for transmitting data, but a single queue transmit
ON/OFF scheme was used. This led to a race condition on systems with the
bnx2x driver in situations where one queue became full, but not stopped,
and the other queue enabled transmission. With this update, only a single
queue is used. (BZ#576951)

* the "/proc/sys/vm/mmap_min_addr" tunable helps prevent unprivileged
users from creating new memory mappings below the minimum address. The
sysctl value for mmap_min_addr could be changed by a process or user that
has an effective user ID (euid) of 0, even if the process or user does not
have the CAP_SYS_RAWIO capability. This update adds a capability check for
the CAP_SYS_RAWIO capability before allowing the mmap_min_addr value to be
changed. (BZ#577206)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

541149 - CVE-2009-4026 CVE-2009-4027 kernel: mac80211: fix spurious delBA handling
547251 - CVE-2009-4307 kernel: ext4: avoid divide by zero when trying to mount a corrupted file system
569597 - posix_fadvise() handles its arguments incorrectly in 32-bit compat mode. [rhel-5.4.z]
569727 - when booted with P-state limit, limit can never be increased [rhel-5.4.z]
569797 - e1000 & e1000e: Memory corruption/paging error when tx hang occurs [rhel-5.4.z]
570863 - CVE-2010-0727 bug in GFS/GFS2 locking code leads to dos
571362 - [5.4] open(/proc/PID/xxx) fails with EINVAL even though it should be ENOENT. [rhel-5.4.z]
576951 - [Broadcom 5.4.z bug] bnx2x: net device is in XON state while the Tx ring is full [rhel-5.4.z]
577206 - kernel: sysctl: require CAP_SYS_RAWIO to set mmap_min_addr [rhel-5.4.z]
577711 - CVE-2010-1188 kernel: ipv6: skb is unexpectedly freed

6. Package List:

Red Hat Enterprise Linux (v. 5.4.z server):

Source:
kernel-2.6.18-164.17.1.el5.src.rpm

i386:
kernel-2.6.18-164.17.1.el5.i686.rpm
kernel-PAE-2.6.18-164.17.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-164.17.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-164.17.1.el5.i686.rpm
kernel-debug-2.6.18-164.17.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-164.17.1.el5.i686.rpm
kernel-debug-devel-2.6.18-164.17.1.el5.i686.rpm
kernel-debuginfo-2.6.18-164.17.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-164.17.1.el5.i686.rpm
kernel-devel-2.6.18-164.17.1.el5.i686.rpm
kernel-headers-2.6.18-164.17.1.el5.i386.rpm
kernel-xen-2.6.18-164.17.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-164.17.1.el5.i686.rpm
kernel-xen-devel-2.6.18-164.17.1.el5.i686.rpm

ia64:
kernel-2.6.18-164.17.1.el5.ia64.rpm
kernel-debug-2.6.18-164.17.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-164.17.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-164.17.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-164.17.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-164.17.1.el5.ia64.rpm
kernel-devel-2.6.18-164.17.1.el5.ia64.rpm
kernel-headers-2.6.18-164.17.1.el5.ia64.rpm
kernel-xen-2.6.18-164.17.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-164.17.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-164.17.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-164.17.1.el5.noarch.rpm

ppc:
kernel-2.6.18-164.17.1.el5.ppc64.rpm
kernel-debug-2.6.18-164.17.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-164.17.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-164.17.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-164.17.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-164.17.1.el5.ppc64.rpm
kernel-devel-2.6.18-164.17.1.el5.ppc64.rpm
kernel-headers-2.6.18-164.17.1.el5.ppc.rpm
kernel-headers-2.6.18-164.17.1.el5.ppc64.rpm
kernel-kdump-2.6.18-164.17.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-164.17.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-164.17.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-164.17.1.el5.s390x.rpm
kernel-debug-2.6.18-164.17.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-164.17.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-164.17.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-164.17.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-164.17.1.el5.s390x.rpm
kernel-devel-2.6.18-164.17.1.el5.s390x.rpm
kernel-headers-2.6.18-164.17.1.el5.s390x.rpm
kernel-kdump-2.6.18-164.17.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-164.17.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-164.17.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-164.17.1.el5.x86_64.rpm
kernel-debug-2.6.18-164.17.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-164.17.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-164.17.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-164.17.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-164.17.1.el5.x86_64.rpm
kernel-devel-2.6.18-164.17.1.el5.x86_64.rpm
kernel-headers-2.6.18-164.17.1.el5.x86_64.rpm
kernel-xen-2.6.18-164.17.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-164.17.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-164.17.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-4027.html
https://www.redhat.com/security/data/cve/CVE-2009-4307.html
https://www.redhat.com/security/data/cve/CVE-2010-0727.html
https://www.redhat.com/security/data/cve/CVE-2010-1188.html
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFL1uAbXlSAg2UNWIIRAgxvAJ4nkPn7ld1oKOzVpBVrPQ OMLXWQCgCdHj8v
XfJgMvZ4f/Zh1dnAqCB659g=
=8YwC
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 05-06-2010, 07:21 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0398-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0398.html
Issue date: 2010-05-06
CVE Names: CVE-2010-0307 CVE-2010-0410 CVE-2010-0730
CVE-2010-1085 CVE-2010-1086
================================================== ===================

1. Summary:

Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* a flaw was found in the Unidirectional Lightweight Encapsulation (ULE)
implementation. A remote attacker could send a specially-crafted ISO
MPEG-2 Transport Stream (TS) frame to a target system, resulting in an
infinite loop (denial of service). (CVE-2010-1086, Important)

* on AMD64 systems, it was discovered that the kernel did not ensure the
ELF interpreter was available before making a call to the SET_PERSONALITY
macro. A local attacker could use this flaw to cause a denial of service by
running a 32-bit application that attempts to execute a 64-bit application.
(CVE-2010-0307, Moderate)

* a flaw was found in the kernel connector implementation. A local,
unprivileged user could trigger this flaw by sending an arbitrary number
of notification requests using specially-crafted netlink messages,
resulting in a denial of service. (CVE-2010-0410, Moderate)

* a flaw was found in the Memory-mapped I/O (MMIO) instruction decoder in
the Xen hypervisor implementation. An unprivileged guest user could use
this flaw to trick the hypervisor into emulating a certain instruction,
which could crash the guest (denial of service). (CVE-2010-0730, Moderate)

* a divide-by-zero flaw was found in the azx_position_ok() function in the
driver for Intel High Definition Audio, snd-hda-intel. A local,
unprivileged user could trigger this flaw to cause a kernel crash (denial
of service). (CVE-2010-1085, Moderate)

This update also fixes the following bugs:

* in some cases, booting a system with the "iommu=on" kernel parameter
resulted in a Xen hypervisor panic. (BZ#580199)

* the fnic driver flushed the Rx queue instead of the Tx queue after
fabric login. This caused crashes in some cases. (BZ#580829)

* "kernel unaligned access" warnings were logged to the dmesg log on some
systems. (BZ#580832)

* the "Northbridge Error, node 1, core: -1 K8 ECC error" error occurred on
some systems using the amd64_edac driver. (BZ#580836)

* in rare circumstances, when using kdump and booting a kernel with
"crashkernel=128M@16M", the kdump kernel did not boot after a crash.
(BZ#580838)

* TLB page table entry flushing was done incorrectly on IBM System z,
possibly causing crashes, subtle data inconsistency, or other issues.
(BZ#580839)

* iSCSI failover times were slower than in Red Hat Enterprise Linux 5.3.
(BZ#580840)

* fixed floating point state corruption after signal. (BZ#580841)

* in certain circumstances, under heavy load, certain network interface
cards using the bnx2 driver and configured to use MSI-X, could stop
processing interrupts and then network connectivity would cease.
(BZ#587799)

* cnic parts resets could cause a deadlock when the bnx2 device was
enslaved in a bonding device and that device had an associated VLAN.
(BZ#581148)

* some BIOS implementations initialized interrupt remapping hardware in a
way the Xen hypervisor implementation did not expect. This could have
caused a system hang during boot. (BZ#581150)

* AMD Magny-Cours systems panicked when booting a 32-bit kernel.
(BZ#580846)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

560547 - CVE-2010-0307 kernel: DoS on x86_64
561682 - CVE-2010-0410 kernel: OOM/crash in drivers/connector
567168 - CVE-2010-1085 kernel: ALSA: hda-intel: Avoid divide by zero crash
569237 - CVE-2010-1086 kernel: dvb-core: DoS bug in ULE decapsulation code
572971 - CVE-2010-0730 xen: emulator instruction decoding inconsistency
580199 - xen: clear ioapic registers on boot [rhel-5.5.z]
580829 - [Cisco 5.6 bug] fnic: flush Tx queue bug fix [rhel-5.5.z]
580832 - kernel unaligned messages from mptsas_firmware_event_work [rhel-5.5.z]
580836 - EDAC driver error on system with bad memory [rhel-5.5.z]
580838 - [5.4]System panic occurred during boot sequence with the server which carries 256GMB physical memory. [rhel-5.5.z]
580839 - kernel: correct TLB flush of page table entries concurrently used by another cpu [rhel-5.5.z]
580840 - REGRESSION: Fix iscsi failover time [rhel-5.5.z]
580841 - floating point register state corruption after handling SIGSEGV [rhel-5.5.z]
581148 - Kernel: network: bonding: scheduling while atomic: ifdown-eth/0x00000100/21775 [rhel-5.5.z]
581150 - [Intel 5.6 Virt Bug] [VT-d] Dom0 booting may hang on Westmere-EP with intremap enabled [rhel-5.5.z]
587799 - NIC doesn't register packets [rhel-5.5.z]

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-194.3.1.el5.src.rpm

i386:
kernel-2.6.18-194.3.1.el5.i686.rpm
kernel-PAE-2.6.18-194.3.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-194.3.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-194.3.1.el5.i686.rpm
kernel-debug-2.6.18-194.3.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-194.3.1.el5.i686.rpm
kernel-debug-devel-2.6.18-194.3.1.el5.i686.rpm
kernel-debuginfo-2.6.18-194.3.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-194.3.1.el5.i686.rpm
kernel-devel-2.6.18-194.3.1.el5.i686.rpm
kernel-headers-2.6.18-194.3.1.el5.i386.rpm
kernel-xen-2.6.18-194.3.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-194.3.1.el5.i686.rpm
kernel-xen-devel-2.6.18-194.3.1.el5.i686.rpm

noarch:
kernel-doc-2.6.18-194.3.1.el5.noarch.rpm

x86_64:
kernel-2.6.18-194.3.1.el5.x86_64.rpm
kernel-debug-2.6.18-194.3.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-194.3.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-194.3.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-194.3.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-194.3.1.el5.x86_64.rpm
kernel-devel-2.6.18-194.3.1.el5.x86_64.rpm
kernel-headers-2.6.18-194.3.1.el5.x86_64.rpm
kernel-xen-2.6.18-194.3.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-194.3.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-194.3.1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-194.3.1.el5.src.rpm

i386:
kernel-2.6.18-194.3.1.el5.i686.rpm
kernel-PAE-2.6.18-194.3.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-194.3.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-194.3.1.el5.i686.rpm
kernel-debug-2.6.18-194.3.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-194.3.1.el5.i686.rpm
kernel-debug-devel-2.6.18-194.3.1.el5.i686.rpm
kernel-debuginfo-2.6.18-194.3.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-194.3.1.el5.i686.rpm
kernel-devel-2.6.18-194.3.1.el5.i686.rpm
kernel-headers-2.6.18-194.3.1.el5.i386.rpm
kernel-xen-2.6.18-194.3.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-194.3.1.el5.i686.rpm
kernel-xen-devel-2.6.18-194.3.1.el5.i686.rpm

ia64:
kernel-2.6.18-194.3.1.el5.ia64.rpm
kernel-debug-2.6.18-194.3.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-194.3.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-194.3.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-194.3.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-194.3.1.el5.ia64.rpm
kernel-devel-2.6.18-194.3.1.el5.ia64.rpm
kernel-headers-2.6.18-194.3.1.el5.ia64.rpm
kernel-xen-2.6.18-194.3.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-194.3.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-194.3.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-194.3.1.el5.noarch.rpm

ppc:
kernel-2.6.18-194.3.1.el5.ppc64.rpm
kernel-debug-2.6.18-194.3.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-194.3.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-194.3.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-194.3.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-194.3.1.el5.ppc64.rpm
kernel-devel-2.6.18-194.3.1.el5.ppc64.rpm
kernel-headers-2.6.18-194.3.1.el5.ppc.rpm
kernel-headers-2.6.18-194.3.1.el5.ppc64.rpm
kernel-kdump-2.6.18-194.3.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-194.3.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-194.3.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-194.3.1.el5.s390x.rpm
kernel-debug-2.6.18-194.3.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-194.3.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-194.3.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-194.3.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-194.3.1.el5.s390x.rpm
kernel-devel-2.6.18-194.3.1.el5.s390x.rpm
kernel-headers-2.6.18-194.3.1.el5.s390x.rpm
kernel-kdump-2.6.18-194.3.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-194.3.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-194.3.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-194.3.1.el5.x86_64.rpm
kernel-debug-2.6.18-194.3.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-194.3.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-194.3.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-194.3.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-194.3.1.el5.x86_64.rpm
kernel-devel-2.6.18-194.3.1.el5.x86_64.rpm
kernel-headers-2.6.18-194.3.1.el5.x86_64.rpm
kernel-xen-2.6.18-194.3.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-194.3.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-194.3.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-0307.html
https://www.redhat.com/security/data/cve/CVE-2010-0410.html
https://www.redhat.com/security/data/cve/CVE-2010-0730.html
https://www.redhat.com/security/data/cve/CVE-2010-1085.html
https://www.redhat.com/security/data/cve/CVE-2010-1086.html
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFL4xXWXlSAg2UNWIIRAjNFAJ4no/FMWsSCS6sAV/NC/AMjk8Q0bwCcCsRR
KZA8JXiogM9FFwFCZ3kZ+NY=
=Nw6E
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 05-25-2010, 04:06 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0439-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0439.html
Issue date: 2010-05-25
CVE Names: CVE-2010-1188
================================================== ===================

1. Summary:

Updated kernel packages that fix one security issue and two bugs are now
available for Red Hat Enterprise Linux 5.3 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5.3.z server) - i386, ia64, noarch, ppc, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* a use-after-free flaw was found in the tcp_rcv_state_process() function
in the Linux kernel TCP/IP protocol suite implementation. If a system using
IPv6 had the IPV6_RECVPKTINFO option set on a listening socket, a remote
attacker could send an IPv6 packet to that system, causing a kernel panic
(denial of service). (CVE-2010-1188, Important)

This update also fixes the following bugs:

* a memory leak occurred when reading files on an NFS file system that was
mounted with the "noac" option, causing memory to slowly be consumed.
Unmounting the file system did not free the memory. With this update, the
memory is correctly freed, which resolves this issue. (BZ#588221)

* the RHSA-2009:0225 update fixed a bug where, in some cases, on systems
with the kdump service enabled, pressing Alt+SysRq+C to trigger a crash
resulted in a system hang; therefore, the system did not restart and boot
the dump-capture kernel as expected; no vmcore file was logged; and the
following message was displayed on the console:

BUG: warning at arch/[arch]/kernel/crash.c:[xxx]/nmi_shootdown_cpus() (Not
tainted)

The RHSA-2009:0225 update resolved this issue by not calling printk()
during a crash. It was later discovered that this fix did not resolve the
issue in all cases, since there was one condition where printk() was
still being called: at a warning condition inside the mdelay() call.

This update replaces mdelay() calls with udelay(), where such a warning
condition does not exist, which fully resolves this issue, allowing
Alt+SysRq+C to work as expected. (BZ#588211)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

577711 - CVE-2010-1188 kernel: ipv6: skb is unexpectedly freed
588211 - [RHEL5.3 GA] The kernel stalls before starting second kernel when pressing Alt+SysRq+c in graphical console [rhel-5.3.z]
588221 - memory leak when reading from files mounted with nfs mount option 'noac' [rhel-5.3.z]

6. Package List:

Red Hat Enterprise Linux (v. 5.3.z server):

Source:
kernel-2.6.18-128.17.1.el5.src.rpm

i386:
kernel-2.6.18-128.17.1.el5.i686.rpm
kernel-PAE-2.6.18-128.17.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-128.17.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-128.17.1.el5.i686.rpm
kernel-debug-2.6.18-128.17.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-128.17.1.el5.i686.rpm
kernel-debug-devel-2.6.18-128.17.1.el5.i686.rpm
kernel-debuginfo-2.6.18-128.17.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-128.17.1.el5.i686.rpm
kernel-devel-2.6.18-128.17.1.el5.i686.rpm
kernel-headers-2.6.18-128.17.1.el5.i386.rpm
kernel-xen-2.6.18-128.17.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-128.17.1.el5.i686.rpm
kernel-xen-devel-2.6.18-128.17.1.el5.i686.rpm

ia64:
kernel-2.6.18-128.17.1.el5.ia64.rpm
kernel-debug-2.6.18-128.17.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-128.17.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-128.17.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-128.17.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-128.17.1.el5.ia64.rpm
kernel-devel-2.6.18-128.17.1.el5.ia64.rpm
kernel-headers-2.6.18-128.17.1.el5.ia64.rpm
kernel-xen-2.6.18-128.17.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-128.17.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-128.17.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-128.17.1.el5.noarch.rpm

ppc:
kernel-2.6.18-128.17.1.el5.ppc64.rpm
kernel-debug-2.6.18-128.17.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-128.17.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-128.17.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-128.17.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-128.17.1.el5.ppc64.rpm
kernel-devel-2.6.18-128.17.1.el5.ppc64.rpm
kernel-headers-2.6.18-128.17.1.el5.ppc.rpm
kernel-headers-2.6.18-128.17.1.el5.ppc64.rpm
kernel-kdump-2.6.18-128.17.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-128.17.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-128.17.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-128.17.1.el5.s390x.rpm
kernel-debug-2.6.18-128.17.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-128.17.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-128.17.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-128.17.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-128.17.1.el5.s390x.rpm
kernel-devel-2.6.18-128.17.1.el5.s390x.rpm
kernel-headers-2.6.18-128.17.1.el5.s390x.rpm
kernel-kdump-2.6.18-128.17.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-128.17.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-128.17.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-128.17.1.el5.x86_64.rpm
kernel-debug-2.6.18-128.17.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-128.17.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-128.17.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-128.17.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-128.17.1.el5.x86_64.rpm
kernel-devel-2.6.18-128.17.1.el5.x86_64.rpm
kernel-headers-2.6.18-128.17.1.el5.x86_64.rpm
kernel-xen-2.6.18-128.17.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-128.17.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-128.17.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-1188.html
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFL+/VqXlSAg2UNWIIRAi1eAKCPkipRuh1h8MWA+H8iBvY9nJHXygCe Ow9M
JzCXowQgCxQ9JyvPcDV1ejo=
=W8Ik
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 06-16-2010, 12:07 AM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0474-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0474.html
Issue date: 2010-06-15
CVE Names: CVE-2009-3726 CVE-2010-1173 CVE-2010-1437
================================================== ===================

1. Summary:

Updated kernel packages that fix three security issues and several bugs are
now available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security fixes:

* a NULL pointer dereference flaw was found in the Linux kernel NFSv4
implementation. Several of the NFSv4 file locking functions failed to check
whether a file had been opened on the server before performing locking
operations on it. A local, unprivileged user on a system with an NFSv4
share mounted could possibly use this flaw to cause a kernel panic (denial
of service) or escalate their privileges. (CVE-2009-3726, Important)

* a flaw was found in the sctp_process_unk_param() function in the Linux
kernel Stream Control Transmission Protocol (SCTP) implementation. A remote
attacker could send a specially-crafted SCTP packet to an SCTP listening
port on a target system, causing a kernel panic (denial of service).
(CVE-2010-1173, Important)

* a race condition between finding a keyring by name and destroying a freed
keyring was found in the Linux kernel key management facility. A local,
unprivileged user could use this flaw to cause a kernel panic (denial of
service) or escalate their privileges. (CVE-2010-1437, Important)

Red Hat would like to thank Simon Vallet for responsibly reporting
CVE-2009-3726; and Jukka Taimisto and Olli Jarva of Codenomicon Ltd, Nokia
Siemens Networks, and Wind River on behalf of their customer, for
responsibly reporting CVE-2010-1173.

Bug fixes:

* RHBA-2007:0791 introduced a regression in the Journaling Block Device
(JBD). Under certain circumstances, removing a large file (such as 300 MB
or more) did not result in inactive memory being freed, leading to the
system having a large amount of inactive memory. Now, the memory is
correctly freed. (BZ#589155)

* the timer_interrupt() routine did not scale lost real ticks to logical
ticks correctly, possibly causing time drift for 64-bit Red Hat Enterprise
Linux 4 KVM (Kernel-based Virtual Machine) guests that were booted with the
"divider=x" kernel parameter set to a value greater than 1. "warning: many
lost ticks" messages may have been logged on the affected guest systems.
(BZ#590551)

* a bug could have prevented NFSv3 clients from having the most up-to-date
file attributes for files on a given NFSv3 file system. In cases where a
file type changed, such as if a file was removed and replaced with a
directory of the same name, the NFSv3 client may not have noticed this
change until stat(2) was called (for example, by running "ls -l").
(BZ#596372)

* RHBA-2007:0791 introduced bugs in the Linux kernel PCI-X subsystem. These
could have caused a system deadlock on some systems where the BIOS set the
default Maximum Memory Read Byte Count (MMRBC) to 4096, and that also use
the Intel PRO/1000 Linux driver, e1000. Errors such as "e1000: eth[x]:
e1000_clean_tx_irq: Detected Tx Unit Hang" were logged. (BZ#596374)

* an out of memory condition in a KVM guest, using the virtio-net network
driver and also under heavy network stress, could have resulted in
that guest being unable to receive network traffic. Users had to manually
remove and re-add the virtio_net module and restart the network service
before networking worked as expected. Such memory conditions no longer
prevent KVM guests receiving network traffic. (BZ#597310)

* when an SFQ qdisc that limited the queue size to two packets was added to
a network interface, sending traffic through that interface resulted in a
kernel crash. Such a qdisc no longer results in a kernel crash. (BZ#597312)

* when an NFS client opened a file with the O_TRUNC flag set, it received
a valid stateid, but did not use that stateid to perform the SETATTR call.
Such cases were rejected by Red Hat Enterprise Linux 4 NFS servers with an
"NFS4ERR_BAD_STATEID" error, possibly preventing some NFS clients from
writing files to an NFS file system. (BZ#597314)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

529227 - CVE-2009-3726 kernel: nfsv4: kernel panic in nfs4_proc_lock()
584645 - CVE-2010-1173 kernel: sctp: crash due to malformed SCTPChunkInit packet
585094 - CVE-2010-1437 kernel: keyrings: find_keyring_by_name() can gain the freed keyring
589155 - jbd not releasing data buffers, causing high inactive meory in RHEL4.6 /proc/meminfo [rhel-4.8.z]
590551 - time drift due to incorrect accounting of lost ticks with VXTIME_PMTMR mode and VXTIME_TSC mode if 'tick_divider' > 1 [rhel-4.8.z]
596372 - NFSv3 file attributes are not updated by READDIRPLUS reply [rhel-4.8.z]
596374 - e1000_clean_tx_irq: Detected Tx Unit Hang [rhel-4.8.z]
597310 - Lost the network in a KVM VM on top of 4.9 [rhel-4.8.z]
597312 - SFQ qdisc crashes with limit of 2 packets [rhel-4.8.z]
597314 - cthon test5 failing on nfsv4 with rhel6 client vs. rhel4 server [rhel-4.8.z]

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-89.0.26.EL.src.rpm

i386:
kernel-2.6.9-89.0.26.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.26.EL.i686.rpm
kernel-devel-2.6.9-89.0.26.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.26.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.26.EL.i686.rpm
kernel-smp-2.6.9-89.0.26.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.26.EL.i686.rpm
kernel-xenU-2.6.9-89.0.26.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.26.EL.i686.rpm

ia64:
kernel-2.6.9-89.0.26.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.0.26.EL.ia64.rpm
kernel-devel-2.6.9-89.0.26.EL.ia64.rpm
kernel-largesmp-2.6.9-89.0.26.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.0.26.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-89.0.26.EL.noarch.rpm

ppc:
kernel-2.6.9-89.0.26.EL.ppc64.rpm
kernel-2.6.9-89.0.26.EL.ppc64iseries.rpm
kernel-debuginfo-2.6.9-89.0.26.EL.ppc64.rpm
kernel-debuginfo-2.6.9-89.0.26.EL.ppc64iseries.rpm
kernel-devel-2.6.9-89.0.26.EL.ppc64.rpm
kernel-devel-2.6.9-89.0.26.EL.ppc64iseries.rpm
kernel-largesmp-2.6.9-89.0.26.EL.ppc64.rpm
kernel-largesmp-devel-2.6.9-89.0.26.EL.ppc64.rpm

s390:
kernel-2.6.9-89.0.26.EL.s390.rpm
kernel-debuginfo-2.6.9-89.0.26.EL.s390.rpm
kernel-devel-2.6.9-89.0.26.EL.s390.rpm

s390x:
kernel-2.6.9-89.0.26.EL.s390x.rpm
kernel-debuginfo-2.6.9-89.0.26.EL.s390x.rpm
kernel-devel-2.6.9-89.0.26.EL.s390x.rpm

x86_64:
kernel-2.6.9-89.0.26.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.26.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.26.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.26.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.26.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.26.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.26.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.26.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.26.EL.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-89.0.26.EL.src.rpm

i386:
kernel-2.6.9-89.0.26.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.26.EL.i686.rpm
kernel-devel-2.6.9-89.0.26.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.26.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.26.EL.i686.rpm
kernel-smp-2.6.9-89.0.26.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.26.EL.i686.rpm
kernel-xenU-2.6.9-89.0.26.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.26.EL.i686.rpm

noarch:
kernel-doc-2.6.9-89.0.26.EL.noarch.rpm

x86_64:
kernel-2.6.9-89.0.26.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.26.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.26.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.26.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.26.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.26.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.26.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.26.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.26.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-89.0.26.EL.src.rpm

i386:
kernel-2.6.9-89.0.26.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.26.EL.i686.rpm
kernel-devel-2.6.9-89.0.26.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.26.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.26.EL.i686.rpm
kernel-smp-2.6.9-89.0.26.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.26.EL.i686.rpm
kernel-xenU-2.6.9-89.0.26.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.26.EL.i686.rpm

ia64:
kernel-2.6.9-89.0.26.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.0.26.EL.ia64.rpm
kernel-devel-2.6.9-89.0.26.EL.ia64.rpm
kernel-largesmp-2.6.9-89.0.26.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.0.26.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-89.0.26.EL.noarch.rpm

x86_64:
kernel-2.6.9-89.0.26.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.26.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.26.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.26.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.26.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.26.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.26.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.26.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.26.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-89.0.26.EL.src.rpm

i386:
kernel-2.6.9-89.0.26.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.26.EL.i686.rpm
kernel-devel-2.6.9-89.0.26.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.26.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.26.EL.i686.rpm
kernel-smp-2.6.9-89.0.26.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.26.EL.i686.rpm
kernel-xenU-2.6.9-89.0.26.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.26.EL.i686.rpm

ia64:
kernel-2.6.9-89.0.26.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.0.26.EL.ia64.rpm
kernel-devel-2.6.9-89.0.26.EL.ia64.rpm
kernel-largesmp-2.6.9-89.0.26.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.0.26.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-89.0.26.EL.noarch.rpm

x86_64:
kernel-2.6.9-89.0.26.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.26.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.26.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.26.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.26.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.26.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.26.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.26.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.26.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-3726.html
https://www.redhat.com/security/data/cve/CVE-2010-1173.html
https://www.redhat.com/security/data/cve/CVE-2010-1437.html
http://www.redhat.com/security/updates/classification/#important
http://kbase.redhat.com/faq/docs/DOC-31052

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFMGBWaXlSAg2UNWIIRAkUbAJ90czdaWrqB/tD+CV3xWuRBey6GhQCfRO9e
hZNay9T4vFoXU9t3eMO8KSc=
=o6Vh
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 07-01-2010, 07:07 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0504-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0504.html
Issue date: 2010-07-01
CVE Names: CVE-2010-0291 CVE-2010-0622 CVE-2010-1087
CVE-2010-1088 CVE-2010-1173 CVE-2010-1187
CVE-2010-1436 CVE-2010-1437 CVE-2010-1641
================================================== ===================

1. Summary:

Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* multiple flaws were found in the mmap and mremap implementations. A local
user could use these flaws to cause a local denial of service or escalate
their privileges. (CVE-2010-0291, Important)

* a NULL pointer dereference flaw was found in the Fast Userspace Mutexes
(futexes) implementation. The unlock code path did not check if the futex
value associated with pi_state->owner had been modified. A local user could
use this flaw to modify the futex value, possibly leading to a denial of
service or privilege escalation when the pi_state->owner pointer is
dereferenced. (CVE-2010-0622, Important)

* a NULL pointer dereference flaw was found in the Linux kernel Network
File System (NFS) implementation. A local user on a system that has an
NFS-mounted file system could use this flaw to cause a denial of service or
escalate their privileges on that system. (CVE-2010-1087, Important)

* a flaw was found in the sctp_process_unk_param() function in the Linux
kernel Stream Control Transmission Protocol (SCTP) implementation. A remote
attacker could send a specially-crafted SCTP packet to an SCTP listening
port on a target system, causing a kernel panic (denial of service).
(CVE-2010-1173, Important)

* a flaw was found in the Linux kernel Transparent Inter-Process
Communication protocol (TIPC) implementation. If a client application, on a
local system where the tipc module is not yet in network mode, attempted to
send a message to a remote TIPC node, it would dereference a NULL pointer
on the local system, causing a kernel panic (denial of service).
(CVE-2010-1187, Important)

* a buffer overflow flaw was found in the Linux kernel Global File System 2
(GFS2) implementation. In certain cases, a quota could be written past the
end of a memory page, causing memory corruption, leaving the quota stored
on disk in an invalid state. A user with write access to a GFS2 file system
could trigger this flaw to cause a kernel crash (denial of service) or
escalate their privileges on the GFS2 server. This issue can only be
triggered if the GFS2 file system is mounted with the "quota=on" or
"quota=account" mount option. (CVE-2010-1436, Important)

* a race condition between finding a keyring by name and destroying a freed
keyring was found in the Linux kernel key management facility. A local user
could use this flaw to cause a kernel panic (denial of service) or escalate
their privileges. (CVE-2010-1437, Important)

* a flaw was found in the link_path_walk() function in the Linux kernel.
Using the file descriptor returned by the open() function with the
O_NOFOLLOW flag on a subordinate NFS-mounted file system, could result in a
NULL pointer dereference, causing a denial of service or privilege
escalation. (CVE-2010-1088, Moderate)

* a missing permission check was found in the gfs2_set_flags() function in
the Linux kernel GFS2 implementation. A local user could use this flaw to
change certain file attributes of files, on a GFS2 file system, that they
do not own. (CVE-2010-1641, Low)

Red Hat would like to thank Jukka Taimisto and Olli Jarva of Codenomicon
Ltd, Nokia Siemens Networks, and Wind River on behalf of their customer,
for responsibly reporting CVE-2010-1173; Mario Mikocevic for responsibly
reporting CVE-2010-1436; and Dan Rosenberg for responsibly reporting
CVE-2010-1641.

This update also fixes several bugs. Documentation for these bug fixes will
be available shortly from
http://www.redhat.com/docs/en-US/errata/RHSA-2010-0504/Kernel_Security_Upda
te/index.html

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

556703 - CVE-2010-0291 kernel: untangle the do_mremap()
563091 - CVE-2010-0622 kernel: futex: Handle user space corruption gracefully
567184 - CVE-2010-1087 kernel: NFS: Fix an Oops when truncating a file
567813 - CVE-2010-1088 kernel: fix LOOKUP_FOLLOW on automount "symlinks"
578057 - CVE-2010-1187 kernel: tipc: Fix oops on send prior to entering networked mode
584645 - CVE-2010-1173 kernel: sctp: crash due to malformed SCTPChunkInit packet
585094 - CVE-2010-1437 kernel: keyrings: find_keyring_by_name() can gain the freed keyring
586006 - CVE-2010-1436 kernel: gfs2 buffer overflow
587957 - Linux VM hangs while hot adding memory in VMware [rhel-5.5.z]
588219 - 25% performance regression of concurrent O_DIRECT writes. [rhel-5.5.z]
591493 - [Intel 5.6 Bug] Fix initialization of wakeup flags for e1000 [rhel-5.5.z]
591611 - virtio balloon should not use pages from kernel's reserve pools for fill requests [rhel-5.5.z]
592844 - RHEL5: tg3: 'SIOCSIFFLAGS: Invalid argument' setting IP [rhel-5.5.z]
592846 - missing power_meter release() function [rhel-5.5.z]
594054 - [5.5] SFQ qdisc crashes with limit of 2 packets [rhel-5.5.z]
594057 - [RHEL5] bonding mode 0 doesn't resend IGMP after a failure [rhel-5.5.z]
594061 - nfs: sys_read sometimes returns -EIO [rhel-5.5.z]
595579 - CVE-2010-1641 kernel: GFS2: The setflags ioctl() doesn't check file ownership
596384 - VFS: Busy inodes after unmount issue. [rhel-5.5.z]
596385 - implement dev_disable_lro for RHEL5 [rhel-5.5.z]
598355 - [5.5] SCTP: Check if the file structure is valid before checking the non-blocking flag [rhel-5.5.z]
599332 - e1000 and e1000e driver behaviour differences [rhel-5.5.z]
599730 - fasync_helper patch causing problems with GPFS [rhel-5.5.z]
599734 - should set ISVM bit (ECX:31) for CPUID leaf 0x00000001 [rhel-5.5.z]
599737 - vm.drop_caches corrupts hugepages and causes Oracle Database ORA-600 crashes [rhel-5.5.z]
599739 - PG_error bit is never cleared, even when a fresh I/O to the page succeeds [rhel-5.5.z]
600215 - [RHEL5] Netfilter modules unloading hangs [rhel-5.5.z]
600498 - netconsole fails with tg3 [rhel-5.5.z]
601080 - Timedrift on VM with pv_clock enabled, causing system hangs and sporadic time behaviour [rhel-5.5.z]
601090 - time drift due to incorrect accounting of lost ticks with VXTIME_PMTMR mode and VXTIME_TSC mode if 'tick_divider' > 1 [rhel-5.5.z]
607087 - bnx2x panic dumps with multiple interfaces enabled [rhel-5.5.z]

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-194.8.1.el5.src.rpm

i386:
kernel-2.6.18-194.8.1.el5.i686.rpm
kernel-PAE-2.6.18-194.8.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-194.8.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-194.8.1.el5.i686.rpm
kernel-debug-2.6.18-194.8.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-194.8.1.el5.i686.rpm
kernel-debug-devel-2.6.18-194.8.1.el5.i686.rpm
kernel-debuginfo-2.6.18-194.8.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-194.8.1.el5.i686.rpm
kernel-devel-2.6.18-194.8.1.el5.i686.rpm
kernel-headers-2.6.18-194.8.1.el5.i386.rpm
kernel-xen-2.6.18-194.8.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-194.8.1.el5.i686.rpm
kernel-xen-devel-2.6.18-194.8.1.el5.i686.rpm

noarch:
kernel-doc-2.6.18-194.8.1.el5.noarch.rpm

x86_64:
kernel-2.6.18-194.8.1.el5.x86_64.rpm
kernel-debug-2.6.18-194.8.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-194.8.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-194.8.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-194.8.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-194.8.1.el5.x86_64.rpm
kernel-devel-2.6.18-194.8.1.el5.x86_64.rpm
kernel-headers-2.6.18-194.8.1.el5.x86_64.rpm
kernel-xen-2.6.18-194.8.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-194.8.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-194.8.1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-194.8.1.el5.src.rpm

i386:
kernel-2.6.18-194.8.1.el5.i686.rpm
kernel-PAE-2.6.18-194.8.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-194.8.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-194.8.1.el5.i686.rpm
kernel-debug-2.6.18-194.8.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-194.8.1.el5.i686.rpm
kernel-debug-devel-2.6.18-194.8.1.el5.i686.rpm
kernel-debuginfo-2.6.18-194.8.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-194.8.1.el5.i686.rpm
kernel-devel-2.6.18-194.8.1.el5.i686.rpm
kernel-headers-2.6.18-194.8.1.el5.i386.rpm
kernel-xen-2.6.18-194.8.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-194.8.1.el5.i686.rpm
kernel-xen-devel-2.6.18-194.8.1.el5.i686.rpm

ia64:
kernel-2.6.18-194.8.1.el5.ia64.rpm
kernel-debug-2.6.18-194.8.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-194.8.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-194.8.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-194.8.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-194.8.1.el5.ia64.rpm
kernel-devel-2.6.18-194.8.1.el5.ia64.rpm
kernel-headers-2.6.18-194.8.1.el5.ia64.rpm
kernel-xen-2.6.18-194.8.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-194.8.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-194.8.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-194.8.1.el5.noarch.rpm

ppc:
kernel-2.6.18-194.8.1.el5.ppc64.rpm
kernel-debug-2.6.18-194.8.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-194.8.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-194.8.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-194.8.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-194.8.1.el5.ppc64.rpm
kernel-devel-2.6.18-194.8.1.el5.ppc64.rpm
kernel-headers-2.6.18-194.8.1.el5.ppc.rpm
kernel-headers-2.6.18-194.8.1.el5.ppc64.rpm
kernel-kdump-2.6.18-194.8.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-194.8.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-194.8.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-194.8.1.el5.s390x.rpm
kernel-debug-2.6.18-194.8.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-194.8.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-194.8.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-194.8.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-194.8.1.el5.s390x.rpm
kernel-devel-2.6.18-194.8.1.el5.s390x.rpm
kernel-headers-2.6.18-194.8.1.el5.s390x.rpm
kernel-kdump-2.6.18-194.8.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-194.8.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-194.8.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-194.8.1.el5.x86_64.rpm
kernel-debug-2.6.18-194.8.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-194.8.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-194.8.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-194.8.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-194.8.1.el5.x86_64.rpm
kernel-devel-2.6.18-194.8.1.el5.x86_64.rpm
kernel-headers-2.6.18-194.8.1.el5.x86_64.rpm
kernel-xen-2.6.18-194.8.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-194.8.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-194.8.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-0291.html
https://www.redhat.com/security/data/cve/CVE-2010-0622.html
https://www.redhat.com/security/data/cve/CVE-2010-1087.html
https://www.redhat.com/security/data/cve/CVE-2010-1088.html
https://www.redhat.com/security/data/cve/CVE-2010-1173.html
https://www.redhat.com/security/data/cve/CVE-2010-1187.html
https://www.redhat.com/security/data/cve/CVE-2010-1436.html
https://www.redhat.com/security/data/cve/CVE-2010-1437.html
https://www.redhat.com/security/data/cve/CVE-2010-1641.html
http://www.redhat.com/security/updates/classification/#important
http://kbase.redhat.com/faq/docs/DOC-31052
http://www.redhat.com/docs/en-US/errata/RHSA-2010-0504/Kernel_Security_Update/index.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFMLOcCXlSAg2UNWIIRAmAmAKCK/RPQqtlSMJJP3EkWxWmFRRYFiACgwcwT
6t0JPOft9iIbyleaOxbICJs=
=wng5
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 

Thread Tools




All times are GMT. The time now is 07:22 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org