FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Enterprise Watch List

 
 
LinkBack Thread Tools
 
Old 08-05-2010, 06:08 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0606-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0606.html
Issue date: 2010-08-05
CVE Names: CVE-2010-2248 CVE-2010-2521
================================================== ===================

1. Summary:

Updated kernel packages that fix multiple security issues and one bug are
now available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* a flaw was found in the CIFSSMBWrite() function in the Linux kernel
Common Internet File System (CIFS) implementation. A remote attacker could
send a specially-crafted SMB response packet to a target CIFS client,
resulting in a kernel panic (denial of service). (CVE-2010-2248, Important)

* buffer overflow flaws were found in the Linux kernel's implementation of
the server-side External Data Representation (XDR) for the Network File
System (NFS) version 4. An attacker on the local network could send a
specially-crafted large compound request to the NFSv4 server, which could
possibly result in a kernel panic (denial of service) or, potentially, code
execution. (CVE-2010-2521, Important)

This update also fixes the following bug:

* the rpc_call_async() function in the SUN Remote Procedure Call (RPC)
subsystem in the Linux kernel had a reference counting bug. In certain
situations, some Network Lock Manager (NLM) messages may have triggered
this bug on NFSv2 and NFSv3 servers, leading to a kernel panic (with
"kernel BUG at fs/lockd/host.c:[xxx]!" logged to "/var/log/messages").
(BZ#612962)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

608583 - CVE-2010-2248 kernel: cifs: Fix a kernel BUG with remote OS/2 server
612028 - CVE-2010-2521 kernel: nfsd4: bug in read_buf
612962 - [4.4] The kernel BUG occurred with the message 'fs/lockd/host.c:252!' [rhel-4.8.z]

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-89.0.28.EL.src.rpm

i386:
kernel-2.6.9-89.0.28.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.28.EL.i686.rpm
kernel-devel-2.6.9-89.0.28.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.28.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.28.EL.i686.rpm
kernel-smp-2.6.9-89.0.28.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.28.EL.i686.rpm
kernel-xenU-2.6.9-89.0.28.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.28.EL.i686.rpm

ia64:
kernel-2.6.9-89.0.28.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.0.28.EL.ia64.rpm
kernel-devel-2.6.9-89.0.28.EL.ia64.rpm
kernel-largesmp-2.6.9-89.0.28.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.0.28.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-89.0.28.EL.noarch.rpm

ppc:
kernel-2.6.9-89.0.28.EL.ppc64.rpm
kernel-2.6.9-89.0.28.EL.ppc64iseries.rpm
kernel-debuginfo-2.6.9-89.0.28.EL.ppc64.rpm
kernel-debuginfo-2.6.9-89.0.28.EL.ppc64iseries.rpm
kernel-devel-2.6.9-89.0.28.EL.ppc64.rpm
kernel-devel-2.6.9-89.0.28.EL.ppc64iseries.rpm
kernel-largesmp-2.6.9-89.0.28.EL.ppc64.rpm
kernel-largesmp-devel-2.6.9-89.0.28.EL.ppc64.rpm

s390:
kernel-2.6.9-89.0.28.EL.s390.rpm
kernel-debuginfo-2.6.9-89.0.28.EL.s390.rpm
kernel-devel-2.6.9-89.0.28.EL.s390.rpm

s390x:
kernel-2.6.9-89.0.28.EL.s390x.rpm
kernel-debuginfo-2.6.9-89.0.28.EL.s390x.rpm
kernel-devel-2.6.9-89.0.28.EL.s390x.rpm

x86_64:
kernel-2.6.9-89.0.28.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.28.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.28.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.28.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.28.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.28.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.28.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.28.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.28.EL.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-89.0.28.EL.src.rpm

i386:
kernel-2.6.9-89.0.28.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.28.EL.i686.rpm
kernel-devel-2.6.9-89.0.28.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.28.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.28.EL.i686.rpm
kernel-smp-2.6.9-89.0.28.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.28.EL.i686.rpm
kernel-xenU-2.6.9-89.0.28.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.28.EL.i686.rpm

noarch:
kernel-doc-2.6.9-89.0.28.EL.noarch.rpm

x86_64:
kernel-2.6.9-89.0.28.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.28.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.28.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.28.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.28.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.28.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.28.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.28.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.28.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-89.0.28.EL.src.rpm

i386:
kernel-2.6.9-89.0.28.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.28.EL.i686.rpm
kernel-devel-2.6.9-89.0.28.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.28.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.28.EL.i686.rpm
kernel-smp-2.6.9-89.0.28.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.28.EL.i686.rpm
kernel-xenU-2.6.9-89.0.28.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.28.EL.i686.rpm

ia64:
kernel-2.6.9-89.0.28.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.0.28.EL.ia64.rpm
kernel-devel-2.6.9-89.0.28.EL.ia64.rpm
kernel-largesmp-2.6.9-89.0.28.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.0.28.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-89.0.28.EL.noarch.rpm

x86_64:
kernel-2.6.9-89.0.28.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.28.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.28.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.28.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.28.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.28.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.28.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.28.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.28.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-89.0.28.EL.src.rpm

i386:
kernel-2.6.9-89.0.28.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.28.EL.i686.rpm
kernel-devel-2.6.9-89.0.28.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.28.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.28.EL.i686.rpm
kernel-smp-2.6.9-89.0.28.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.28.EL.i686.rpm
kernel-xenU-2.6.9-89.0.28.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.28.EL.i686.rpm

ia64:
kernel-2.6.9-89.0.28.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.0.28.EL.ia64.rpm
kernel-devel-2.6.9-89.0.28.EL.ia64.rpm
kernel-largesmp-2.6.9-89.0.28.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.0.28.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-89.0.28.EL.noarch.rpm

x86_64:
kernel-2.6.9-89.0.28.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.28.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.28.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.28.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.28.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.28.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.28.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.28.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.28.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-2248.html
https://www.redhat.com/security/data/cve/CVE-2010-2521.html
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFMWv4FXlSAg2UNWIIRAhl/AJ0TRP8E3fUOfx9y8bIDyks9Db/OtgCgsq0R
0BQYzEHyy4gIzgTVCMUHPF8=
=+Q8K
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 08-10-2010, 07:24 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0610-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0610.html
Issue date: 2010-08-10
CVE Names: CVE-2010-1084 CVE-2010-2066 CVE-2010-2070
CVE-2010-2226 CVE-2010-2248 CVE-2010-2521
CVE-2010-2524
================================================== ===================

1. Summary:

Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* instances of unsafe sprintf() use were found in the Linux kernel
Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO,
or RFCOMM sockets could result in arbitrary memory pages being overwritten.
A local, unprivileged user could use this flaw to cause a kernel panic
(denial of service) or escalate their privileges. (CVE-2010-1084,
Important)

* a flaw was found in the Xen hypervisor implementation when using the
Intel Itanium architecture, allowing guests to enter an unsupported state.
An unprivileged guest user could trigger this flaw by setting the BE (Big
Endian) bit of the Processor Status Register (PSR), leading to the guest
crashing (denial of service). (CVE-2010-2070, Important)

* a flaw was found in the CIFSSMBWrite() function in the Linux kernel
Common Internet File System (CIFS) implementation. A remote attacker could
send a specially-crafted SMB response packet to a target CIFS client,
resulting in a kernel panic (denial of service). (CVE-2010-2248, Important)

* buffer overflow flaws were found in the Linux kernel's implementation of
the server-side External Data Representation (XDR) for the Network File
System (NFS) version 4. An attacker on the local network could send a
specially-crafted large compound request to the NFSv4 server, which could
possibly result in a kernel panic (denial of service) or, potentially, code
execution. (CVE-2010-2521, Important)

* a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel
XFS file system implementation. A local user could use this flaw to read
write-only files, that they do not own, on an XFS file system. This could
lead to unintended information disclosure. (CVE-2010-2226, Moderate)

* a flaw was found in the dns_resolver upcall used by CIFS. A local,
unprivileged user could redirect a Microsoft Distributed File System link
to another IP address, tricking the client into mounting the share from a
server of the user's choosing. (CVE-2010-2524, Moderate)

* a missing check was found in the mext_check_arguments() function in the
ext4 file system code. A local user could use this flaw to cause the
MOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4
file system, if they have write permissions for that file. (CVE-2010-2066,
Low)

Red Hat would like to thank Neil Brown for reporting CVE-2010-1084, and Dan
Rosenberg for reporting CVE-2010-2226 and CVE-2010-2066.

This update also fixes several bugs. Documentation for these bug fixes will
be available shortly from the Technical Notes document linked to in the
References.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

576018 - CVE-2010-1084 kernel: bluetooth: potential bad memory access with sysfs files
586415 - CVE-2010-2070 /kernel/security/CVE-2006-0742 test cause kernel-xen panic on ia64
601006 - CVE-2010-2066 kernel: ext4: Make sure the MOVE_EXT ioctl can't overwrite append-only files
605158 - CVE-2010-2226 kernel: xfs swapext ioctl minor security issue
607483 - [Stratus 5.6 bug] Circular lock dep warning on cfq_exit_lock [rhel-5.5.z]
607486 - RHEL5u4 2.6.18-160.el5: modprobe of acpiphp on system with no hotpluggable stots causes kernel PANIC [rhel-5.5.z]
608583 - CVE-2010-2248 kernel: cifs: Fix a kernel BUG with remote OS/2 server
612028 - CVE-2010-2521 kernel: nfsd4: bug in read_buf
612166 - CVE-2010-2524 kernel: dns_resolver upcall security issue
612539 - [5.4]The addition of SAS disk fails because of the timeout. [rhel-5.5.z]
613688 - [NetApp 5.6 bug] QLogic FC firmware errors seen on RHEL 5.5 [rhel-5.5.z]
613900 - [RHEL5.5] TCP bandwidth problems with TPA and bnx2x cards [rhel-5.5.z]
615260 - [Broadcom 5.6 bug] cnic: Panic in cnic_iscsi_nl_msg_recv() [rhel-5.5.z]

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-194.11.1.el5.src.rpm

i386:
kernel-2.6.18-194.11.1.el5.i686.rpm
kernel-PAE-2.6.18-194.11.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-194.11.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-194.11.1.el5.i686.rpm
kernel-debug-2.6.18-194.11.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-194.11.1.el5.i686.rpm
kernel-debug-devel-2.6.18-194.11.1.el5.i686.rpm
kernel-debuginfo-2.6.18-194.11.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-194.11.1.el5.i686.rpm
kernel-devel-2.6.18-194.11.1.el5.i686.rpm
kernel-headers-2.6.18-194.11.1.el5.i386.rpm
kernel-xen-2.6.18-194.11.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-194.11.1.el5.i686.rpm
kernel-xen-devel-2.6.18-194.11.1.el5.i686.rpm

noarch:
kernel-doc-2.6.18-194.11.1.el5.noarch.rpm

x86_64:
kernel-2.6.18-194.11.1.el5.x86_64.rpm
kernel-debug-2.6.18-194.11.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-194.11.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-194.11.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-194.11.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-194.11.1.el5.x86_64.rpm
kernel-devel-2.6.18-194.11.1.el5.x86_64.rpm
kernel-headers-2.6.18-194.11.1.el5.x86_64.rpm
kernel-xen-2.6.18-194.11.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-194.11.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-194.11.1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-194.11.1.el5.src.rpm

i386:
kernel-2.6.18-194.11.1.el5.i686.rpm
kernel-PAE-2.6.18-194.11.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-194.11.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-194.11.1.el5.i686.rpm
kernel-debug-2.6.18-194.11.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-194.11.1.el5.i686.rpm
kernel-debug-devel-2.6.18-194.11.1.el5.i686.rpm
kernel-debuginfo-2.6.18-194.11.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-194.11.1.el5.i686.rpm
kernel-devel-2.6.18-194.11.1.el5.i686.rpm
kernel-headers-2.6.18-194.11.1.el5.i386.rpm
kernel-xen-2.6.18-194.11.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-194.11.1.el5.i686.rpm
kernel-xen-devel-2.6.18-194.11.1.el5.i686.rpm

ia64:
kernel-2.6.18-194.11.1.el5.ia64.rpm
kernel-debug-2.6.18-194.11.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-194.11.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-194.11.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-194.11.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-194.11.1.el5.ia64.rpm
kernel-devel-2.6.18-194.11.1.el5.ia64.rpm
kernel-headers-2.6.18-194.11.1.el5.ia64.rpm
kernel-xen-2.6.18-194.11.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-194.11.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-194.11.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-194.11.1.el5.noarch.rpm

ppc:
kernel-2.6.18-194.11.1.el5.ppc64.rpm
kernel-debug-2.6.18-194.11.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-194.11.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-194.11.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-194.11.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-194.11.1.el5.ppc64.rpm
kernel-devel-2.6.18-194.11.1.el5.ppc64.rpm
kernel-headers-2.6.18-194.11.1.el5.ppc.rpm
kernel-headers-2.6.18-194.11.1.el5.ppc64.rpm
kernel-kdump-2.6.18-194.11.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-194.11.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-194.11.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-194.11.1.el5.s390x.rpm
kernel-debug-2.6.18-194.11.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-194.11.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-194.11.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-194.11.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-194.11.1.el5.s390x.rpm
kernel-devel-2.6.18-194.11.1.el5.s390x.rpm
kernel-headers-2.6.18-194.11.1.el5.s390x.rpm
kernel-kdump-2.6.18-194.11.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-194.11.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-194.11.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-194.11.1.el5.x86_64.rpm
kernel-debug-2.6.18-194.11.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-194.11.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-194.11.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-194.11.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-194.11.1.el5.x86_64.rpm
kernel-devel-2.6.18-194.11.1.el5.x86_64.rpm
kernel-headers-2.6.18-194.11.1.el5.x86_64.rpm
kernel-xen-2.6.18-194.11.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-194.11.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-194.11.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-1084.html
https://www.redhat.com/security/data/cve/CVE-2010-2066.html
https://www.redhat.com/security/data/cve/CVE-2010-2070.html
https://www.redhat.com/security/data/cve/CVE-2010-2226.html
https://www.redhat.com/security/data/cve/CVE-2010-2248.html
https://www.redhat.com/security/data/cve/CVE-2010-2521.html
https://www.redhat.com/security/data/cve/CVE-2010-2524.html
http://www.redhat.com/security/updates/classification/#important
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.5_Technical_Notes/kernel.html#id3512211

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFMYad1XlSAg2UNWIIRAnUYAJ9j5orVnSDVRqRkgcXzJ4 YPunvD4wCdFIA8
ju6yuwwBnFVrezO8K+v6DJc=
=5UMN
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 08-30-2010, 01:51 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0660-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0660.html
Issue date: 2010-08-30
CVE Names: CVE-2010-2240 CVE-2010-2798
================================================== ===================

1. Summary:

Updated kernel packages that fix two security issues and multiple bugs are
now available for Red Hat Enterprise Linux 5.3 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5.3.z server) - i386, ia64, noarch, ppc, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* when an application has a stack overflow, the stack could silently
overwrite another memory mapped area instead of a segmentation fault
occurring, which could cause an application to execute arbitrary code,
possibly leading to privilege escalation. It is known that the X Window
System server can be used to trigger this flaw. (CVE-2010-2240, Important)

* a miscalculation of the size of the free space of the initial directory
entry in a directory leaf block was found in the Linux kernel Global File
System 2 (GFS2) implementation. A local, unprivileged user with write
access to a GFS2-mounted file system could perform a rename operation on
that file system to trigger a NULL pointer dereference, possibly resulting
in a denial of service or privilege escalation. (CVE-2010-2798, Important)

Red Hat would like to thank the X.Org security team for reporting
CVE-2010-2240, with upstream acknowledging Rafal Wojtczuk as the original
reporter; and Grant Diffey of CenITex for reporting CVE-2010-2798.

This update also fixes the following bugs:

* the Red Hat Enterprise Linux 5.3 General Availability (GA) release
introduced a regression in iSCSI failover time. While there was heavy I/O
on the iSCSI layer, attempting to log out of an iSCSI connection at the
same time a network problem was occurring, such as a switch dying or a
cable being pulled out, resulted in iSCSI failover taking several minutes.
With this update, failover occurs as expected. (BZ#583898)

* a bug was found in the way the megaraid_sas driver (for SAS based RAID
controllers) handled physical disks and management IOCTLs. All physical
disks were exported to the disk layer, allowing an oops in
megasas_complete_cmd_dpc() when completing the IOCTL command if a timeout
occurred. One possible trigger for this bug was running "mkfs". This update
resolves this issue by updating the megaraid_sas driver to version 4.31.
(BZ#619362)

* this update upgrades the bnx2x driver to version 1.52.1-6, and the bnx2x
firmware to version 1.52.1-6, incorporating multiple bug fixes and
enhancements. These fixes include: A race condition on systems using the
bnx2x driver due to multiqueue being used to transmit data, but only a
single queue transmit ON/OFF scheme being used (only a single queue is
used with this update); a bug that could have led to a kernel panic when
using iSCSI offload; and a bug that caused a firmware crash, causing
network devices using the bnx2x driver to lose network connectivity. When
this firmware crash occurred, errors such as "timeout polling for state"
and "Stop leading failed!" were logged. A system reboot was required to
restore network connectivity. (BZ#620663, BZ#620668, BZ#620669, BZ#620665)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

583898 - REGRESSION: Fix iscsi failover time [rhel-5.3.z]
606611 - CVE-2010-2240 kernel: mm: keep a guard page below a grow-down stack segment
620300 - CVE-2010-2798 kernel: gfs2: rename causes kernel panic
620663 - [Broadcom 5.4 FEAT] Update bnx2x to 1.48.105 [rhel-5.3.z]
620665 - [Broadcom 5.5 FEAT] Update bnx2x to 1.52.1-5 [rhel-5.3.z]
620668 - [Broadcom 5.5 feat] Update bnx2x firmware [rhel-5.3.z]
620669 - [Broadcom 5.5 bug] bnx2x: net device is in XON state while the Tx ring is full [rhel-5.3.z]

6. Package List:

Red Hat Enterprise Linux (v. 5.3.z server):

Source:
kernel-2.6.18-128.23.1.el5.src.rpm

i386:
kernel-2.6.18-128.23.1.el5.i686.rpm
kernel-PAE-2.6.18-128.23.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-128.23.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-128.23.1.el5.i686.rpm
kernel-debug-2.6.18-128.23.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-128.23.1.el5.i686.rpm
kernel-debug-devel-2.6.18-128.23.1.el5.i686.rpm
kernel-debuginfo-2.6.18-128.23.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-128.23.1.el5.i686.rpm
kernel-devel-2.6.18-128.23.1.el5.i686.rpm
kernel-headers-2.6.18-128.23.1.el5.i386.rpm
kernel-xen-2.6.18-128.23.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-128.23.1.el5.i686.rpm
kernel-xen-devel-2.6.18-128.23.1.el5.i686.rpm

ia64:
kernel-2.6.18-128.23.1.el5.ia64.rpm
kernel-debug-2.6.18-128.23.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-128.23.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-128.23.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-128.23.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-128.23.1.el5.ia64.rpm
kernel-devel-2.6.18-128.23.1.el5.ia64.rpm
kernel-headers-2.6.18-128.23.1.el5.ia64.rpm
kernel-xen-2.6.18-128.23.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-128.23.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-128.23.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-128.23.1.el5.noarch.rpm

ppc:
kernel-2.6.18-128.23.1.el5.ppc64.rpm
kernel-debug-2.6.18-128.23.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-128.23.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-128.23.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-128.23.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-128.23.1.el5.ppc64.rpm
kernel-devel-2.6.18-128.23.1.el5.ppc64.rpm
kernel-headers-2.6.18-128.23.1.el5.ppc.rpm
kernel-headers-2.6.18-128.23.1.el5.ppc64.rpm
kernel-kdump-2.6.18-128.23.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-128.23.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-128.23.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-128.23.1.el5.s390x.rpm
kernel-debug-2.6.18-128.23.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-128.23.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-128.23.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-128.23.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-128.23.1.el5.s390x.rpm
kernel-devel-2.6.18-128.23.1.el5.s390x.rpm
kernel-headers-2.6.18-128.23.1.el5.s390x.rpm
kernel-kdump-2.6.18-128.23.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-128.23.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-128.23.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-128.23.1.el5.x86_64.rpm
kernel-debug-2.6.18-128.23.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-128.23.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-128.23.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-128.23.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-128.23.1.el5.x86_64.rpm
kernel-devel-2.6.18-128.23.1.el5.x86_64.rpm
kernel-headers-2.6.18-128.23.1.el5.x86_64.rpm
kernel-xen-2.6.18-128.23.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-128.23.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-128.23.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-2240.html
https://www.redhat.com/security/data/cve/CVE-2010-2798.html
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFMe7cDXlSAg2UNWIIRAh1iAJ4iTOn8N3Zs/LVv/C8O23zDJoOwuACgsFTt
x1gmBN3M/Nd4AO3nLXALuGQ=
=QKGr
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 09-02-2010, 06:19 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0670-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0670.html
Issue date: 2010-09-02
CVE Names: CVE-2010-2240 CVE-2010-2798
================================================== ===================

1. Summary:

Updated kernel packages that fix two security issues and three bugs are now
available for Red Hat Enterprise Linux 5.4 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5.4.z server) - i386, ia64, noarch, ppc, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* When an application has a stack overflow, the stack could silently
overwrite another memory mapped area instead of a segmentation fault
occurring, which could cause an application to execute arbitrary code,
possibly leading to privilege escalation. It is known that the X Window
System server can be used to trigger this flaw. (CVE-2010-2240, Important)

* A miscalculation of the size of the free space of the initial directory
entry in a directory leaf block was found in the Linux kernel Global File
System 2 (GFS2) implementation. A local, unprivileged user with write
access to a GFS2-mounted file system could perform a rename operation on
that file system to trigger a NULL pointer dereference, possibly resulting
in a denial of service or privilege escalation. (CVE-2010-2798, Important)

Red Hat would like to thank the X.Org security team for reporting
CVE-2010-2240, with upstream acknowledging Rafal Wojtczuk as the original
reporter; and Grant Diffey of CenITex for reporting CVE-2010-2798.

This update also fixes the following bugs:

* Problems receiving network traffic correctly via a non-standard layer 3
protocol when using the ixgbe driver. This update corrects this issue.
(BZ#618275)

* A bug was found in the way the megaraid_sas driver (for SAS based RAID
controllers) handled physical disks and management IOCTLs. All physical
disks were exported to the disk layer, allowing an oops in
megasas_complete_cmd_dpc() when completing the IOCTL command if a timeout
occurred. One possible trigger for this bug was running "mkfs". This update
resolves this issue by updating the megaraid_sas driver to version 4.31.
(BZ#619363)

* Previously, Message Signaled Interrupts (MSI) resulted in PCI bus writes
to mask and unmask the MSI IRQ for a PCI device. These unnecessary PCI bus
writes resulted in the serialization of MSIs, leading to poor performance
on systems with high MSI load. This update adds a new kernel boot
parameter, msi_nolock, which forgoes the PCI bus writes and allows for
better simultaneous processing of MSIs. (BZ#621939)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

606611 - CVE-2010-2240 kernel: mm: keep a guard page below a grow-down stack segment
618275 - Received data corrupts when non standards L3 protocols are used on ixgbe [rhel-5.4.z]
619363 - [LSI 5.6 feat] update megaraid_sas to version 4.31 [rhel-5.4.z]
620300 - CVE-2010-2798 kernel: gfs2: rename causes kernel panic
621939 - Significant MSI performance issue due to redundant interrupt masking [rhel-5.4.z]

6. Package List:

Red Hat Enterprise Linux (v. 5.4.z server):

Source:
kernel-2.6.18-164.25.1.el5.src.rpm

i386:
kernel-2.6.18-164.25.1.el5.i686.rpm
kernel-PAE-2.6.18-164.25.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-164.25.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-164.25.1.el5.i686.rpm
kernel-debug-2.6.18-164.25.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-164.25.1.el5.i686.rpm
kernel-debug-devel-2.6.18-164.25.1.el5.i686.rpm
kernel-debuginfo-2.6.18-164.25.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-164.25.1.el5.i686.rpm
kernel-devel-2.6.18-164.25.1.el5.i686.rpm
kernel-headers-2.6.18-164.25.1.el5.i386.rpm
kernel-xen-2.6.18-164.25.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-164.25.1.el5.i686.rpm
kernel-xen-devel-2.6.18-164.25.1.el5.i686.rpm

ia64:
kernel-2.6.18-164.25.1.el5.ia64.rpm
kernel-debug-2.6.18-164.25.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-164.25.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-164.25.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-164.25.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-164.25.1.el5.ia64.rpm
kernel-devel-2.6.18-164.25.1.el5.ia64.rpm
kernel-headers-2.6.18-164.25.1.el5.ia64.rpm
kernel-xen-2.6.18-164.25.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-164.25.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-164.25.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-164.25.1.el5.noarch.rpm

ppc:
kernel-2.6.18-164.25.1.el5.ppc64.rpm
kernel-debug-2.6.18-164.25.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-164.25.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-164.25.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-164.25.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-164.25.1.el5.ppc64.rpm
kernel-devel-2.6.18-164.25.1.el5.ppc64.rpm
kernel-headers-2.6.18-164.25.1.el5.ppc.rpm
kernel-headers-2.6.18-164.25.1.el5.ppc64.rpm
kernel-kdump-2.6.18-164.25.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-164.25.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-164.25.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-164.25.1.el5.s390x.rpm
kernel-debug-2.6.18-164.25.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-164.25.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-164.25.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-164.25.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-164.25.1.el5.s390x.rpm
kernel-devel-2.6.18-164.25.1.el5.s390x.rpm
kernel-headers-2.6.18-164.25.1.el5.s390x.rpm
kernel-kdump-2.6.18-164.25.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-164.25.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-164.25.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-164.25.1.el5.x86_64.rpm
kernel-debug-2.6.18-164.25.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-164.25.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-164.25.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-164.25.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-164.25.1.el5.x86_64.rpm
kernel-devel-2.6.18-164.25.1.el5.x86_64.rpm
kernel-headers-2.6.18-164.25.1.el5.x86_64.rpm
kernel-xen-2.6.18-164.25.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-164.25.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-164.25.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-2240.html
https://www.redhat.com/security/data/cve/CVE-2010-2798.html
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFMf+pyXlSAg2UNWIIRAruyAJkBsiXvhvRRVoH4eLLtaf eJm3/WWwCguyWT
388ZNGJZ/EzJZWBo0YXyuKM=
=+eLB
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 09-29-2010, 02:58 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0723-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0723.html
Issue date: 2010-09-29
CVE Names: CVE-2010-1083 CVE-2010-2492 CVE-2010-2798
CVE-2010-2938 CVE-2010-2942 CVE-2010-2943
CVE-2010-3015
================================================== ===================

1. Summary:

Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A buffer overflow flaw was found in the ecryptfs_uid_hash() function in
the Linux kernel eCryptfs implementation. On systems that have the eCryptfs
netlink transport (Red Hat Enterprise Linux 5 does) or where the
"/dev/ecryptfs" file has world writable permissions (which it does not, by
default, on Red Hat Enterprise Linux 5), a local, unprivileged user could
use this flaw to cause a denial of service or possibly escalate their
privileges. (CVE-2010-2492, Important)

* A miscalculation of the size of the free space of the initial directory
entry in a directory leaf block was found in the Linux kernel Global File
System 2 (GFS2) implementation. A local, unprivileged user with write
access to a GFS2-mounted file system could perform a rename operation on
that file system to trigger a NULL pointer dereference, possibly resulting
in a denial of service or privilege escalation. (CVE-2010-2798, Important)

* A flaw was found in the Xen hypervisor implementation when running a
system that has an Intel CPU without Extended Page Tables (EPT) support.
While attempting to dump information about a crashing fully-virtualized
guest, the flaw could cause the hypervisor to crash the host as well. A
user with permissions to configure a fully-virtualized guest system could
use this flaw to crash the host. (CVE-2010-2938, Moderate)

* Information leak flaws were found in the Linux kernel's Traffic Control
Unit implementation. A local attacker could use these flaws to cause the
kernel to leak kernel memory to user-space, possibly leading to the
disclosure of sensitive information. (CVE-2010-2942, Moderate)

* A flaw was found in the Linux kernel's XFS file system implementation.
The file handle lookup could return an invalid inode as valid. If an XFS
file system was mounted via NFS (Network File System), a local attacker
could access stale data or overwrite existing data that reused the inodes.
(CVE-2010-2943, Moderate)

* An integer overflow flaw was found in the extent range checking code in
the Linux kernel's ext4 file system implementation. A local, unprivileged
user with write access to an ext4-mounted file system could trigger this
flaw by writing to a file at a very large file offset, resulting in a local
denial of service. (CVE-2010-3015, Moderate)

* An information leak flaw was found in the Linux kernel's USB
implementation. Certain USB errors could result in an uninitialized kernel
buffer being sent to user-space. An attacker with physical access to a
target system could use this flaw to cause an information leak.
(CVE-2010-1083, Low)

Red Hat would like to thank Andre Osterhues for reporting CVE-2010-2492;
Grant Diffey of CenITex for reporting CVE-2010-2798; Toshiyuki Okajima for
reporting CVE-2010-3015; and Marcus Meissner for reporting CVE-2010-1083.

This update also fixes several bugs. Documentation for these bug fixes will
be available shortly from the Technical Notes document linked to in the
References.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

566624 - CVE-2010-1083 kernel: information leak via userspace USB interface
611385 - CVE-2010-2492 kernel: ecryptfs_uid_hash() buffer overflow
620300 - CVE-2010-2798 kernel: gfs2: rename causes kernel panic
620490 - CVE-2010-2938 kernel: guest crashes on non-EPT machines may crash the host as well
620661 - ips driver sleeps while holding spin_lock [rhel-5.5.z]
621940 - Significant MSI performance issue due to redundant interrupt masking [rhel-5.5.z]
623141 - High CPU overhead from mapping/unmapping the zero page [rhel-5.5.z]
623143 - [5u6] Bonding in ALB mode sends ARP in loop [rhel-5.5.z]
624327 - CVE-2010-3015 kernel: integer overflow in ext4_ext_get_blocks()
624365 - cpu flags missing from /proc/cpuinfo [rhel-5.5.z]
624369 - need to backport 2e3219b5c8a2e44e0b83ae6e04f52f20a82ac0f2 [rhel-5.5.z]
624903 - CVE-2010-2942 kernel: net sched: fix some kernel memory leaks
624923 - CVE-2010-2943 kernel: xfs: validate inode numbers in file handles correctly
627194 - dasd: force online does not work. [rhel-5.5.z]
627195 - dasd: allocate fallback cqr for reserve/release [rhel-5.5.z]
629219 - [rhel5.6] XFS incorrectly validates inodes [rhel-5.5.z]
630978 - Detect and recover from cxgb3 adapter parity errors [rhel-5.5.z]

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-194.17.1.el5.src.rpm

i386:
kernel-2.6.18-194.17.1.el5.i686.rpm
kernel-PAE-2.6.18-194.17.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-194.17.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-194.17.1.el5.i686.rpm
kernel-debug-2.6.18-194.17.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-194.17.1.el5.i686.rpm
kernel-debug-devel-2.6.18-194.17.1.el5.i686.rpm
kernel-debuginfo-2.6.18-194.17.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-194.17.1.el5.i686.rpm
kernel-devel-2.6.18-194.17.1.el5.i686.rpm
kernel-headers-2.6.18-194.17.1.el5.i386.rpm
kernel-xen-2.6.18-194.17.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-194.17.1.el5.i686.rpm
kernel-xen-devel-2.6.18-194.17.1.el5.i686.rpm

noarch:
kernel-doc-2.6.18-194.17.1.el5.noarch.rpm

x86_64:
kernel-2.6.18-194.17.1.el5.x86_64.rpm
kernel-debug-2.6.18-194.17.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-194.17.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-194.17.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-194.17.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-194.17.1.el5.x86_64.rpm
kernel-devel-2.6.18-194.17.1.el5.x86_64.rpm
kernel-headers-2.6.18-194.17.1.el5.x86_64.rpm
kernel-xen-2.6.18-194.17.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-194.17.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-194.17.1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-194.17.1.el5.src.rpm

i386:
kernel-2.6.18-194.17.1.el5.i686.rpm
kernel-PAE-2.6.18-194.17.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-194.17.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-194.17.1.el5.i686.rpm
kernel-debug-2.6.18-194.17.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-194.17.1.el5.i686.rpm
kernel-debug-devel-2.6.18-194.17.1.el5.i686.rpm
kernel-debuginfo-2.6.18-194.17.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-194.17.1.el5.i686.rpm
kernel-devel-2.6.18-194.17.1.el5.i686.rpm
kernel-headers-2.6.18-194.17.1.el5.i386.rpm
kernel-xen-2.6.18-194.17.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-194.17.1.el5.i686.rpm
kernel-xen-devel-2.6.18-194.17.1.el5.i686.rpm

ia64:
kernel-2.6.18-194.17.1.el5.ia64.rpm
kernel-debug-2.6.18-194.17.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-194.17.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-194.17.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-194.17.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-194.17.1.el5.ia64.rpm
kernel-devel-2.6.18-194.17.1.el5.ia64.rpm
kernel-headers-2.6.18-194.17.1.el5.ia64.rpm
kernel-xen-2.6.18-194.17.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-194.17.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-194.17.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-194.17.1.el5.noarch.rpm

ppc:
kernel-2.6.18-194.17.1.el5.ppc64.rpm
kernel-debug-2.6.18-194.17.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-194.17.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-194.17.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-194.17.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-194.17.1.el5.ppc64.rpm
kernel-devel-2.6.18-194.17.1.el5.ppc64.rpm
kernel-headers-2.6.18-194.17.1.el5.ppc.rpm
kernel-headers-2.6.18-194.17.1.el5.ppc64.rpm
kernel-kdump-2.6.18-194.17.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-194.17.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-194.17.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-194.17.1.el5.s390x.rpm
kernel-debug-2.6.18-194.17.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-194.17.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-194.17.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-194.17.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-194.17.1.el5.s390x.rpm
kernel-devel-2.6.18-194.17.1.el5.s390x.rpm
kernel-headers-2.6.18-194.17.1.el5.s390x.rpm
kernel-kdump-2.6.18-194.17.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-194.17.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-194.17.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-194.17.1.el5.x86_64.rpm
kernel-debug-2.6.18-194.17.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-194.17.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-194.17.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-194.17.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-194.17.1.el5.x86_64.rpm
kernel-devel-2.6.18-194.17.1.el5.x86_64.rpm
kernel-headers-2.6.18-194.17.1.el5.x86_64.rpm
kernel-xen-2.6.18-194.17.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-194.17.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-194.17.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-1083.html
https://www.redhat.com/security/data/cve/CVE-2010-2492.html
https://www.redhat.com/security/data/cve/CVE-2010-2798.html
https://www.redhat.com/security/data/cve/CVE-2010-2938.html
https://www.redhat.com/security/data/cve/CVE-2010-2942.html
https://www.redhat.com/security/data/cve/CVE-2010-2943.html
https://www.redhat.com/security/data/cve/CVE-2010-3015.html
http://www.redhat.com/security/updates/classification/#important
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.5_Technical_Notes/kernel.html#id3512212

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFMo1PlXlSAg2UNWIIRAru4AKDDneLpnqm1NmKpeex587 DG+Kv0dQCaAm3q
IzNefLs41/QIrZpu4RGazlg=
=tYAt
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 11-10-2010, 06:27 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0842-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0842.html
Issue date: 2010-11-10
CVE Names: CVE-2010-2803 CVE-2010-2955 CVE-2010-2962
CVE-2010-3079 CVE-2010-3081 CVE-2010-3084
CVE-2010-3301 CVE-2010-3432 CVE-2010-3437
CVE-2010-3442 CVE-2010-3698 CVE-2010-3705
CVE-2010-3904
================================================== ===================

1. Summary:

Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* Missing sanity checks in the Intel i915 driver in the Linux kernel could
allow a local, unprivileged user to escalate their privileges.
(CVE-2010-2962, Important)

* compat_alloc_user_space() in the Linux kernel 32/64-bit compatibility
layer implementation was missing sanity checks. This function could be
abused in other areas of the Linux kernel if its length argument can be
controlled from user-space. On 64-bit systems, a local, unprivileged user
could use this flaw to escalate their privileges. (CVE-2010-3081,
Important)

* A buffer overflow flaw in niu_get_ethtool_tcam_all() in the niu Ethernet
driver in the Linux kernel, could allow a local user to cause a denial of
service or escalate their privileges. (CVE-2010-3084, Important)

* A flaw in the IA32 system call emulation provided in 64-bit Linux kernels
could allow a local user to escalate their privileges. (CVE-2010-3301,
Important)

* A flaw in sctp_packet_config() in the Linux kernel's Stream Control
Transmission Protocol (SCTP) implementation could allow a remote attacker
to cause a denial of service. (CVE-2010-3432, Important)

* A missing integer overflow check in snd_ctl_new() in the Linux kernel's
sound subsystem could allow a local, unprivileged user on a 32-bit system
to cause a denial of service or escalate their privileges. (CVE-2010-3442,
Important)

* A flaw was found in sctp_auth_asoc_get_hmac() in the Linux kernel's SCTP
implementation. When iterating through the hmac_ids array, it did not reset
the last id element if it was out of range. This could allow a remote
attacker to cause a denial of service. (CVE-2010-3705, Important)

* A function in the Linux kernel's Reliable Datagram Sockets (RDS) protocol
implementation was missing sanity checks, which could allow a local,
unprivileged user to escalate their privileges. (CVE-2010-3904, Important)

* A flaw in drm_ioctl() in the Linux kernel's Direct Rendering Manager
(DRM) implementation could allow a local, unprivileged user to cause an
information leak. (CVE-2010-2803, Moderate)

* It was found that wireless drivers might not always clear allocated
buffers when handling a driver-specific IOCTL information request. A local
user could trigger this flaw to cause an information leak. (CVE-2010-2955,
Moderate)

* A NULL pointer dereference flaw in ftrace_regex_lseek() in the Linux
kernel's ftrace implementation could allow a local, unprivileged user to
cause a denial of service. Note: The debugfs file system must be mounted
locally to exploit this issue. It is not mounted by default.
(CVE-2010-3079, Moderate)

* A flaw in the Linux kernel's packet writing driver could be triggered
via the PKT_CTRL_CMD_STATUS IOCTL request, possibly allowing a local,
unprivileged user with access to "/dev/pktcdvd/control" to cause an
information leak. Note: By default, only users in the cdrom group have
access to "/dev/pktcdvd/control". (CVE-2010-3437, Moderate)

* A flaw was found in the way KVM (Kernel-based Virtual Machine) handled
the reloading of fs and gs segment registers when they had invalid
selectors. A privileged host user with access to "/dev/kvm" could use this
flaw to crash the host. (CVE-2010-3698, Moderate)

Red Hat would like to thank Kees Cook for reporting CVE-2010-2962 and
CVE-2010-2803; Ben Hawkes for reporting CVE-2010-3081 and CVE-2010-3301;
Dan Rosenberg for reporting CVE-2010-3442, CVE-2010-3705, CVE-2010-3904,
and CVE-2010-3437; and Robert Swiecki for reporting CVE-2010-3079.

This update also fixes several bugs. Documentation for these bug fixes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

621435 - CVE-2010-2803 kernel: drm ioctls infoleak
628434 - CVE-2010-2955 kernel: wireless: fix 64K kernel heap content leak via ioctl
631623 - CVE-2010-3079 kernel: ftrace NULL ptr deref
632069 - CVE-2010-3084 kernel: niu: buffer overflow for ETHTOOL_GRXCLSRLALL
632292 - RHEL55.x32 crashes when installing under RHEL6 KVM on an AMD host [rhel-6.0.z]
633864 - block: fix s390 tape block driver crash that occurs when it switches the IO scheduler [rhel-6.0.z]
633865 - [FIPS140][RHEL6] kernel module should failed to load if DSA signature check fails when FIPS mode is on [rhel-6.0.z]
633964 - RHEL-UV: kernel panic on boot uvsw-sys [rhel-6.0.z]
633966 - winxp BSOD when boot with cpu mode name [rhel-6.0.z]
634449 - CVE-2010-3301 kernel: IA32 System Call Entry Point Vulnerability
634457 - CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow
634973 - Detect and recover from cxgb3 adapter parity errors [rhel-6.0.z]
634984 - RHEL6 can NOT boot(displays nothing) on boards with RS880 [rhel-6.0.z]
635951 - kernel-kdump-debuginfo rpm does not contain debug symbols for s390 [rhel-6.0.z]
636116 - MADV_HUGEPAGE undeclared [rhel-6.0.z]
637087 - Kernel Memory dump to a FCP device fails with panic [rhel-6.0.z]
637675 - CVE-2010-3432 kernel: sctp: do not reset the packet during sctp_packet_config
637688 - CVE-2010-2962 kernel: arbitrary kernel memory write via i915 GEM ioctl
638085 - CVE-2010-3437 kernel: pktcdvd ioctl dev_minor missing range check
638478 - CVE-2010-3442 kernel: prevent heap corruption in snd_ctl_new()
638973 - [RHEL6 Snapshot 13]: The boot parameters 'nomodeset xforcevesa' is needed to install on Precision M4500 [rhel-6.0.z]
639412 - block: must prevent merges of discard and write requests [rhel-6.0.z]
639879 - CVE-2010-3698 kvm: invalid selector in fs/gs causes kernel panic
640036 - CVE-2010-3705 kernel: sctp memory corruption in HMAC handling
641258 - fix split_huge_page error like mapcount 3 page_mapcount 2 [rhel-6.0.z]
641454 - Output 'JBD: spotted dirty metadata buffer' message when usrquota is enabled [rhel-6.0.z]
641455 - [Intel 6.0 Bug] NPIV broken in SW FCoE [rhel-6.0.z]
641456 - [Intel 6.1 Bug] FCoE Boot ROM, unable to see LUN during system install thru NPV [rhel-6.0.z]
641457 - FCoE: Do not fall back to non-FIP FLOGI [rhel-6.0.z]
641458 - vmstat incorrectly reports disk IO as swap in [rhel-6.0.z]
641459 - Don't lose dirty bits leading to data corruption during KSM swapping [rhel-6.0.z]
641460 - KSM: fix page_address_in_vma anon_vma oops [rhel-6.0.z]
641483 - Stack size mapping is decreased through mlock/munlock call [rhel-6.0.z]
641907 - lpfc driver oops during rhel6 installation with snapshot 12/13 and emulex FC [rhel-6.0.z]
642043 - slow memory leak in i915 module on all intel hw [rhel-6.0.z]
642045 - major memory leak in radeon driver due when scrolling certain sites in firefox [rhel-6.0.z]
642465 - CVE-2010-2963 kernel: v4l: VIDIOCSMICROCODE arbitrary write
642679 - kernel BUG at mm/huge_memory.c:1279! [rhel-6.0.z]
642680 - XFS: accounting of reclaimable inodes is incorrect [rhel-6.0.z]
642896 - CVE-2010-3904 RDS sockets local privilege escalation
644037 - kernel BUG at mm/huge_memory.c:1267! - mapcount 5 page_mapcount 4 [rhel-6.0.z]
644038 - avoid crashes: backport hold mm->page_table_lock patch [rhel-6.0.z]
644636 - kernel wastes huge amounts of memory due to CONFIG_IMA [rhel-6.0.z]
644926 - calling elevator_change immediately after blk_init_queue results in a null pointer dereference [rhel-6.0.z]
646994 - Booting AMD Dinar system results in softlockups in ttm code [rhel-6.0.z]

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-71.7.1.el6.src.rpm

i386:
kernel-2.6.32-71.7.1.el6.i686.rpm
kernel-debug-2.6.32-71.7.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-71.7.1.el6.i686.rpm
kernel-debug-devel-2.6.32-71.7.1.el6.i686.rpm
kernel-debuginfo-2.6.32-71.7.1.el6.i686.rpm
kernel-devel-2.6.32-71.7.1.el6.i686.rpm
kernel-headers-2.6.32-71.7.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-71.7.1.el6.noarch.rpm
kernel-firmware-2.6.32-71.7.1.el6.noarch.rpm
perf-2.6.32-71.7.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-71.7.1.el6.x86_64.rpm
kernel-debug-2.6.32-71.7.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-71.7.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-71.7.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-71.7.1.el6.x86_64.rpm
kernel-devel-2.6.32-71.7.1.el6.x86_64.rpm
kernel-headers-2.6.32-71.7.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-71.7.1.el6.src.rpm

noarch:
kernel-doc-2.6.32-71.7.1.el6.noarch.rpm
kernel-firmware-2.6.32-71.7.1.el6.noarch.rpm
perf-2.6.32-71.7.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-71.7.1.el6.x86_64.rpm
kernel-debug-2.6.32-71.7.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-71.7.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-71.7.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-71.7.1.el6.x86_64.rpm
kernel-devel-2.6.32-71.7.1.el6.x86_64.rpm
kernel-headers-2.6.32-71.7.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-71.7.1.el6.src.rpm

i386:
kernel-2.6.32-71.7.1.el6.i686.rpm
kernel-debug-2.6.32-71.7.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-71.7.1.el6.i686.rpm
kernel-debug-devel-2.6.32-71.7.1.el6.i686.rpm
kernel-debuginfo-2.6.32-71.7.1.el6.i686.rpm
kernel-devel-2.6.32-71.7.1.el6.i686.rpm
kernel-headers-2.6.32-71.7.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-71.7.1.el6.noarch.rpm
kernel-firmware-2.6.32-71.7.1.el6.noarch.rpm
perf-2.6.32-71.7.1.el6.noarch.rpm

ppc64:
kernel-2.6.32-71.7.1.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-71.7.1.el6.ppc64.rpm
kernel-debug-2.6.32-71.7.1.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-71.7.1.el6.ppc64.rpm
kernel-debug-devel-2.6.32-71.7.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-71.7.1.el6.ppc64.rpm
kernel-devel-2.6.32-71.7.1.el6.ppc64.rpm
kernel-headers-2.6.32-71.7.1.el6.ppc64.rpm

s390x:
kernel-2.6.32-71.7.1.el6.s390x.rpm
kernel-debug-2.6.32-71.7.1.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-71.7.1.el6.s390x.rpm
kernel-debug-devel-2.6.32-71.7.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-71.7.1.el6.s390x.rpm
kernel-devel-2.6.32-71.7.1.el6.s390x.rpm
kernel-headers-2.6.32-71.7.1.el6.s390x.rpm
kernel-kdump-2.6.32-71.7.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-71.7.1.el6.s390x.rpm
kernel-kdump-devel-2.6.32-71.7.1.el6.s390x.rpm

x86_64:
kernel-2.6.32-71.7.1.el6.x86_64.rpm
kernel-debug-2.6.32-71.7.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-71.7.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-71.7.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-71.7.1.el6.x86_64.rpm
kernel-devel-2.6.32-71.7.1.el6.x86_64.rpm
kernel-headers-2.6.32-71.7.1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-71.7.1.el6.src.rpm

i386:
kernel-2.6.32-71.7.1.el6.i686.rpm
kernel-debug-2.6.32-71.7.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-71.7.1.el6.i686.rpm
kernel-debug-devel-2.6.32-71.7.1.el6.i686.rpm
kernel-debuginfo-2.6.32-71.7.1.el6.i686.rpm
kernel-devel-2.6.32-71.7.1.el6.i686.rpm
kernel-headers-2.6.32-71.7.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-71.7.1.el6.noarch.rpm
kernel-firmware-2.6.32-71.7.1.el6.noarch.rpm
perf-2.6.32-71.7.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-71.7.1.el6.x86_64.rpm
kernel-debug-2.6.32-71.7.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-71.7.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-71.7.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-71.7.1.el6.x86_64.rpm
kernel-devel-2.6.32-71.7.1.el6.x86_64.rpm
kernel-headers-2.6.32-71.7.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-2803.html
https://www.redhat.com/security/data/cve/CVE-2010-2955.html
https://www.redhat.com/security/data/cve/CVE-2010-2962.html
https://www.redhat.com/security/data/cve/CVE-2010-3079.html
https://www.redhat.com/security/data/cve/CVE-2010-3081.html
https://www.redhat.com/security/data/cve/CVE-2010-3084.html
https://www.redhat.com/security/data/cve/CVE-2010-3301.html
https://www.redhat.com/security/data/cve/CVE-2010-3432.html
https://www.redhat.com/security/data/cve/CVE-2010-3437.html
https://www.redhat.com/security/data/cve/CVE-2010-3442.html
https://www.redhat.com/security/data/cve/CVE-2010-3698.html
https://www.redhat.com/security/data/cve/CVE-2010-3705.html
https://www.redhat.com/security/data/cve/CVE-2010-3904.html
http://www.redhat.com/security/updates/classification/#important
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/Technical_Notes/index.html#RHSA-2010:0842

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFM2vIpXlSAg2UNWIIRAhP5AKC0brl5x5ea/40EJlXWeMsduhLJUQCdE8oY
pU9zeM5DaNHONahSCqnBcuQ=
=j8JK
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 11-12-2010, 08:37 AM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0882-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0882.html
Issue date: 2010-11-12
CVE Names: CVE-2009-3080 CVE-2009-3620 CVE-2009-4536
CVE-2010-1188 CVE-2010-2240 CVE-2010-3081
================================================== ===================

1. Summary:

Updated kernel packages that fix several security issues and one bug are
now available for Red Hat Enterprise Linux 3 Extended Life Cycle Support
(ELS).

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (v. 3 ELS) - i386
Red Hat Enterprise Linux ES (v. 3 ELS) - i386

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* An array index error was found in the gdth driver in the Linux kernel. A
local user could send a specially-crafted IOCTL request that would cause a
denial of service or, possibly, privilege escalation. (CVE-2009-3080,
Important)

* NULL pointer dereference flaws were found in the r128 driver in the Linux
kernel. Checks to test if the Concurrent Command Engine state was
initialized were missing in private IOCTL functions. An attacker could use
these flaws to cause a local denial of service or escalate their
privileges. (CVE-2009-3620, Important)

* A flaw was found in the Intel PRO/1000 Linux driver, e1000, in the Linux
kernel. A remote attacker using packets larger than the MTU could bypass
the existing fragment check, resulting in partial, invalid frames being
passed to the network stack. This flaw could also possibly be used to
trigger a remote denial of service. (CVE-2009-4536, Important)

* A use-after-free flaw was found in the tcp_rcv_state_process() function
in the Linux kernel TCP/IP protocol suite implementation. If a system using
IPv6 had the IPV6_PKTINFO option set on a listening socket, a remote
attacker could send an IPv6 packet to that system, causing a kernel panic
(denial of service). (CVE-2010-1188, Important)

* When an application has a stack overflow, the stack could silently
overwrite another memory mapped area instead of a segmentation fault
occurring, which could cause an application to execute arbitrary code,
possibly leading to privilege escalation. It is known that the X Window
System server can be used to trigger this flaw. (CVE-2010-2240, Important)

* The compat_alloc_user_space() function in the Linux kernel 32/64-bit
compatibility layer implementation was missing sanity checks. This function
could be abused in other areas of the Linux kernel. On 64-bit systems, a
local, unprivileged user could use this flaw to escalate their privileges.
(CVE-2010-3081, Important)

Red Hat would like to thank the X.Org security team for reporting the
CVE-2010-2240 issue, with upstream acknowledging Rafal Wojtczuk as the
original reporter; and Ben Hawkes for reporting the CVE-2010-3081 issue.

This update also fixes the following bug:

* The RHSA-2009:1550 kernel update introduced a regression that prevented
certain custom kernel modules from loading, failing with "unresolved
symbol" errors. This update corrects this issue, allowing the affected
modules to load as expected. (BZ#556909)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

529597 - CVE-2009-3620 kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised
539414 - CVE-2009-3080 kernel: gdth: Prevent negative offsets in ioctl
552126 - CVE-2009-4536 kernel: e1000 issue reported at 26c3
556909 - unresolved symbol sock_recvmsg_Rsmp_4c34ff14
577711 - CVE-2010-1188 kernel: ipv6: skb is unexpectedly freed
606611 - CVE-2010-2240 kernel: mm: keep a guard page below a grow-down stack segment
634457 - CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow

6. Package List:

Red Hat Enterprise Linux AS (v. 3 ELS):

Source:
kernel-2.4.21-66.EL.src.rpm

i386:
kernel-2.4.21-66.EL.athlon.rpm
kernel-2.4.21-66.EL.i686.rpm
kernel-BOOT-2.4.21-66.EL.i386.rpm
kernel-debuginfo-2.4.21-66.EL.athlon.rpm
kernel-debuginfo-2.4.21-66.EL.i386.rpm
kernel-debuginfo-2.4.21-66.EL.i686.rpm
kernel-doc-2.4.21-66.EL.i386.rpm
kernel-hugemem-2.4.21-66.EL.i686.rpm
kernel-hugemem-unsupported-2.4.21-66.EL.i686.rpm
kernel-smp-2.4.21-66.EL.athlon.rpm
kernel-smp-2.4.21-66.EL.i686.rpm
kernel-smp-unsupported-2.4.21-66.EL.athlon.rpm
kernel-smp-unsupported-2.4.21-66.EL.i686.rpm
kernel-source-2.4.21-66.EL.i386.rpm
kernel-unsupported-2.4.21-66.EL.athlon.rpm
kernel-unsupported-2.4.21-66.EL.i686.rpm

Red Hat Enterprise Linux ES (v. 3 ELS):

Source:
kernel-2.4.21-66.EL.src.rpm

i386:
kernel-2.4.21-66.EL.athlon.rpm
kernel-2.4.21-66.EL.i686.rpm
kernel-BOOT-2.4.21-66.EL.i386.rpm
kernel-debuginfo-2.4.21-66.EL.athlon.rpm
kernel-debuginfo-2.4.21-66.EL.i386.rpm
kernel-debuginfo-2.4.21-66.EL.i686.rpm
kernel-doc-2.4.21-66.EL.i386.rpm
kernel-hugemem-2.4.21-66.EL.i686.rpm
kernel-hugemem-unsupported-2.4.21-66.EL.i686.rpm
kernel-smp-2.4.21-66.EL.athlon.rpm
kernel-smp-2.4.21-66.EL.i686.rpm
kernel-smp-unsupported-2.4.21-66.EL.athlon.rpm
kernel-smp-unsupported-2.4.21-66.EL.i686.rpm
kernel-source-2.4.21-66.EL.i386.rpm
kernel-unsupported-2.4.21-66.EL.athlon.rpm
kernel-unsupported-2.4.21-66.EL.i686.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-3080.html
https://www.redhat.com/security/data/cve/CVE-2009-3620.html
https://www.redhat.com/security/data/cve/CVE-2009-4536.html
https://www.redhat.com/security/data/cve/CVE-2010-1188.html
https://www.redhat.com/security/data/cve/CVE-2010-2240.html
https://www.redhat.com/security/data/cve/CVE-2010-3081.html
http://www.redhat.com/security/updates/classification/#important
https://access.redhat.com/kb/docs/DOC-40265
http://www.redhat.com/rhel/server/extended_lifecycle_support/

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFM3QrWXlSAg2UNWIIRAoRoAKCeqXq98m3zfAgZbR7mi6 KuhSsjuACfS8hW
hGzOl6G3TKuLORoaC9qF3zQ=
=jMer
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 11-16-2010, 06:20 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0893-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0893.html
Issue date: 2010-11-16
CVE Names: CVE-2010-2521
================================================== ===================

1. Summary:

Updated kernel packages that fix one security issue and three bugs are now
available for Red Hat Enterprise Linux 5.3 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5.3.z server) - i386, ia64, noarch, ppc, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* Buffer overflow flaws were found in the Linux kernel's implementation of
the server-side External Data Representation (XDR) for the Network File
System (NFS) version 4. An attacker on the local network could send a
specially-crafted large compound request to the NFSv4 server, which could
possibly result in a kernel panic (denial of service) or, potentially, code
execution. (CVE-2010-2521, Important)

This update also fixes the following bugs:

* A race condition existed when generating new process IDs with the result
that the wrong process could have been signaled or killed accidentally,
leading to various application faults. This update detects and disallows
the reuse of PID numbers. (BZ#638864)

* When multiple JBD-based (Journaling Block Device) file systems were
mounted concurrently, and no other JBD-based file systems were already
mounted, a race could occur between JBD slab cache creation and deletion.
(BZ#645653)

* A missing memory barrier caused a race condition in the AIO subsystem
between the read_events() and aio_complete() functions. This may have
caused a thread in read_events() to sleep indefinitely, possibly causing an
application hang. (BZ#638868)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

612028 - CVE-2010-2521 kernel: nfsd4: bug in read_buf
638864 - [5.5] a race in pid generation that causes pids to be reused immediately. [rhel-5.3.z]
638868 - race in aio_complete() leads to process hang [rhel-5.3.z]
645653 - [Patch] jbd slab cache creation/deletion is racey [rhel-5.3.z]

6. Package List:

Red Hat Enterprise Linux (v. 5.3.z server):

Source:
kernel-2.6.18-128.26.1.el5.src.rpm

i386:
kernel-2.6.18-128.26.1.el5.i686.rpm
kernel-PAE-2.6.18-128.26.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-128.26.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-128.26.1.el5.i686.rpm
kernel-debug-2.6.18-128.26.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-128.26.1.el5.i686.rpm
kernel-debug-devel-2.6.18-128.26.1.el5.i686.rpm
kernel-debuginfo-2.6.18-128.26.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-128.26.1.el5.i686.rpm
kernel-devel-2.6.18-128.26.1.el5.i686.rpm
kernel-headers-2.6.18-128.26.1.el5.i386.rpm
kernel-xen-2.6.18-128.26.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-128.26.1.el5.i686.rpm
kernel-xen-devel-2.6.18-128.26.1.el5.i686.rpm

ia64:
kernel-2.6.18-128.26.1.el5.ia64.rpm
kernel-debug-2.6.18-128.26.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-128.26.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-128.26.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-128.26.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-128.26.1.el5.ia64.rpm
kernel-devel-2.6.18-128.26.1.el5.ia64.rpm
kernel-headers-2.6.18-128.26.1.el5.ia64.rpm
kernel-xen-2.6.18-128.26.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-128.26.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-128.26.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-128.26.1.el5.noarch.rpm

ppc:
kernel-2.6.18-128.26.1.el5.ppc64.rpm
kernel-debug-2.6.18-128.26.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-128.26.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-128.26.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-128.26.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-128.26.1.el5.ppc64.rpm
kernel-devel-2.6.18-128.26.1.el5.ppc64.rpm
kernel-headers-2.6.18-128.26.1.el5.ppc.rpm
kernel-headers-2.6.18-128.26.1.el5.ppc64.rpm
kernel-kdump-2.6.18-128.26.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-128.26.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-128.26.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-128.26.1.el5.s390x.rpm
kernel-debug-2.6.18-128.26.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-128.26.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-128.26.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-128.26.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-128.26.1.el5.s390x.rpm
kernel-devel-2.6.18-128.26.1.el5.s390x.rpm
kernel-headers-2.6.18-128.26.1.el5.s390x.rpm
kernel-kdump-2.6.18-128.26.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-128.26.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-128.26.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-128.26.1.el5.x86_64.rpm
kernel-debug-2.6.18-128.26.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-128.26.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-128.26.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-128.26.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-128.26.1.el5.x86_64.rpm
kernel-devel-2.6.18-128.26.1.el5.x86_64.rpm
kernel-headers-2.6.18-128.26.1.el5.x86_64.rpm
kernel-xen-2.6.18-128.26.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-128.26.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-128.26.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-2521.html
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFM4tlIXlSAg2UNWIIRAuiKAKCMBlnSsY9IGitEtZI3CV rZMt2ssgCgoAP/
n7rq27KIcLFomWzJpvmxsK0=
=VJNZ
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 11-23-2010, 03:51 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0907-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0907.html
Issue date: 2010-11-23
CVE Names: CVE-2010-2521
================================================== ===================

1. Summary:

Updated kernel packages that fix one security issue and four bugs are now
available for Red Hat Enterprise Linux 5.4 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5.4.z server) - i386, ia64, noarch, ppc, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* Buffer overflow flaws were found in the Linux kernel's implementation of
the server-side External Data Representation (XDR) for the Network File
System (NFS) version 4. An attacker on the local network could send a
specially-crafted large compound request to the NFSv4 server, which could
possibly result in a kernel panic (denial of service) or, potentially, code
execution. (CVE-2010-2521, Important)

This update also fixes the following bugs:

* A race condition existed when generating new process IDs with the result
that the wrong process could have been signaled or killed accidentally,
leading to various application faults. This update detects and disallows
the reuse of PID numbers. (BZ#638865)

* In a two node cluster, moving 100 files between two folders using the
lock master was nearly instantaneous. However, not using the lock master
resulted in considerably worse performance on both GFS1 (Global File System
1) and GFS2 (Global File System 2) file systems. With this update, not
using the lock master does not lead to worsened performance on either of
the aforementioned file systems. (BZ#639071)

* The device naming changed after additional devices were added to the
system and caused various problems. With this update, device naming remains
constant after adding any additional devices. (BZ#646764)

* On some bnx2-based devices, frames could drop unexpectedly. This was
shown by the increasing "rx_fw_discards" values in the "ethtool
--statistics" output. With this update, frames are no longer dropped and
all bnx2-based devices work as expected. (BZ#649254)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

612028 - CVE-2010-2521 kernel: nfsd4: bug in read_buf
638865 - [5.5] a race in pid generation that causes pids to be reused immediately. [rhel-5.4.z]
639071 - GFS1 vs GFS2 performance issue [rhel-5.4.z]
646764 - RHEL5.6 Include DL580 G7 in bfsort whitelist [rhel-5.4.z]
649254 - bnx2 adapter periodically dropping received packets [rhel-5.4.z]

6. Package List:

Red Hat Enterprise Linux (v. 5.4.z server):

Source:
kernel-2.6.18-164.30.1.el5.src.rpm

i386:
kernel-2.6.18-164.30.1.el5.i686.rpm
kernel-PAE-2.6.18-164.30.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-164.30.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-164.30.1.el5.i686.rpm
kernel-debug-2.6.18-164.30.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-164.30.1.el5.i686.rpm
kernel-debug-devel-2.6.18-164.30.1.el5.i686.rpm
kernel-debuginfo-2.6.18-164.30.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-164.30.1.el5.i686.rpm
kernel-devel-2.6.18-164.30.1.el5.i686.rpm
kernel-headers-2.6.18-164.30.1.el5.i386.rpm
kernel-xen-2.6.18-164.30.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-164.30.1.el5.i686.rpm
kernel-xen-devel-2.6.18-164.30.1.el5.i686.rpm

ia64:
kernel-2.6.18-164.30.1.el5.ia64.rpm
kernel-debug-2.6.18-164.30.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-164.30.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-164.30.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-164.30.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-164.30.1.el5.ia64.rpm
kernel-devel-2.6.18-164.30.1.el5.ia64.rpm
kernel-headers-2.6.18-164.30.1.el5.ia64.rpm
kernel-xen-2.6.18-164.30.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-164.30.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-164.30.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-164.30.1.el5.noarch.rpm

ppc:
kernel-2.6.18-164.30.1.el5.ppc64.rpm
kernel-debug-2.6.18-164.30.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-164.30.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-164.30.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-164.30.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-164.30.1.el5.ppc64.rpm
kernel-devel-2.6.18-164.30.1.el5.ppc64.rpm
kernel-headers-2.6.18-164.30.1.el5.ppc.rpm
kernel-headers-2.6.18-164.30.1.el5.ppc64.rpm
kernel-kdump-2.6.18-164.30.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-164.30.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-164.30.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-164.30.1.el5.s390x.rpm
kernel-debug-2.6.18-164.30.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-164.30.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-164.30.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-164.30.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-164.30.1.el5.s390x.rpm
kernel-devel-2.6.18-164.30.1.el5.s390x.rpm
kernel-headers-2.6.18-164.30.1.el5.s390x.rpm
kernel-kdump-2.6.18-164.30.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-164.30.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-164.30.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-164.30.1.el5.x86_64.rpm
kernel-debug-2.6.18-164.30.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-164.30.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-164.30.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-164.30.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-164.30.1.el5.x86_64.rpm
kernel-devel-2.6.18-164.30.1.el5.x86_64.rpm
kernel-headers-2.6.18-164.30.1.el5.x86_64.rpm
kernel-xen-2.6.18-164.30.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-164.30.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-164.30.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-2521.html
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFM6/DwXlSAg2UNWIIRAuytAKCy9R9rjk4hzw9PgIMgvtI8eXvSUgCg xF1h
aBLB/1H0lRAexbq3x3PQdWU=
=yVb2
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 12-01-2010, 09:32 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0936-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0936.html
Issue date: 2010-12-01
CVE Names: CVE-2010-3432 CVE-2010-3442
================================================== ===================

1. Summary:

Updated kernel packages that fix two security issues and multiple bugs are
now available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security fixes:

* A flaw in sctp_packet_config() in the Linux kernel's Stream Control
Transmission Protocol (SCTP) implementation could allow a remote attacker
to cause a denial of service. (CVE-2010-3432, Important)

* A missing integer overflow check in snd_ctl_new() in the Linux kernel's
sound subsystem could allow a local, unprivileged user on a 32-bit system
to cause a denial of service or escalate their privileges. (CVE-2010-3442,
Important)

Red Hat would like to thank Dan Rosenberg for reporting CVE-2010-3442.

Bug fixes:

* Forward time drift was observed on virtual machines using PM
timer-based kernel tick accounting and running on KVM or the Microsoft
Hyper-V Server hypervisor. Virtual machines that were booted with the
divider=x kernel parameter set to a value greater than 1 and that showed
the following in the kernel boot messages were subject to this issue:

time.c: Using PM based timekeeping

Fine grained accounting for the PM timer is introduced which eliminates
this issue. However, this fix uncovered a bug in the Xen hypervisor,
possibly causing backward time drift. If this erratum is installed in Xen
HVM guests that meet the aforementioned conditions, it is recommended that
the host use kernel-xen-2.6.18-194.26.1.el5 or newer, which includes a fix
(BZ#641915) for the backward time drift. (BZ#629237)

* With multipath enabled, systems would occasionally halt when the
do_cciss_request function was used. This was caused by wrongly-generated
requests. Additional checks have been added to avoid the aforementioned
issue. (BZ#640193)

* A Sun X4200 system equipped with a QLogic HBA spontaneously rebooted and
logged a Hyper-Transport Sync Flood Error to the system event log. A
Maximum Memory Read Byte Count restriction was added to fix this bug.
(BZ#640919)

* For an active/backup bonding network interface with VLANs on top of it,
when a link failed over, it took a minute for the multicast domain to be
rejoined. This was caused by the driver not sending any IGMP join packets.
The driver now sends IGMP join packets and the multicast domain is rejoined
immediately. (BZ#641002)

* Replacing a disk and trying to rebuild it afterwards caused the system to
panic. When a domain validation request for a hot plugged drive was sent,
the mptscsi driver did not validate its existence. This could result in the
driver accessing random memory and causing the crash. A check has been
added that describes the newly-added device and reloads the iocPg3 data
from the firmware if needed. (BZ#641137)

* An attempt to create a VLAN interface on a bond of two bnx2 adapters in
two switch configurations resulted in a soft lockup after a few seconds.
This was caused by an incorrect use of a bonding pointer. With this update,
soft lockups no longer occur and creating a VLAN interface works as
expected. (BZ#641254)

* Erroneous pointer checks could have caused a kernel panic. This was due
to a critical value not being copied when a network buffer was duplicated
and consumed by multiple portions of the kernel's network stack. Fixing the
copy operation resolved this bug. (BZ#642746)

* A typo in a variable name caused it to be dereferenced in either mkdir()
or create() which could cause a kernel panic. (BZ#643342)

* SCSI high level drivers can submit SCSI commands which would never be
completed when the device was offline. This was caused by a missing
callback for the request to complete the given command. SCSI requests are
now terminated by calling their callback when a device is offline.
(BZ#644816)

* A kernel panic could have occurred on systems due to a recursive lock in
the 3c59x driver. Recursion is now avoided and this kernel panic no longer
occurs. (BZ#648407)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

629237 - time drift with VXTIME_PMTMR mode in case of early / short real ticks [rhel-4.8.z]
637675 - CVE-2010-3432 kernel: sctp: do not reset the packet during sctp_packet_config
638478 - CVE-2010-3442 kernel: prevent heap corruption in snd_ctl_new()
640193 - RHEL 4.8: With multipath enabled, system occasionally halts in do_cciss_request [rhel-4.8.z]
640919 - Work around HyperTransport Sync Flood Error on Sun X4200 with qla2xxx [rhel-4.8.z]
641002 - Bonded interface doesn't issue IGMP report (join) on slave interface during failover [rhel-4.8.z]
641137 - mptbase: panic with domain validation while rebuilding after the disk is replaced. [rhel-4.8.z]
641254 - [RHEL4.8.z] soft lockup on vlan with bonding in balance-alb mode [rhel-4.8.z]
642746 - RHEL4.8 panic in netif_receive_skb [rhel-4.8.z]
643342 - kernel: security: testing the wrong variable in create_by_name() [rhel-4.9] [rhel-4.8.z]
644816 - scsi_do_req() submitted commands (tape) never complete when device goes offline [rhel-4.8.z]
648407 - Kernel panic due to recursive lock in 3c59x driver. [rhel-4.8.z]

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-89.33.1.EL.src.rpm

i386:
kernel-2.6.9-89.33.1.EL.i686.rpm
kernel-debuginfo-2.6.9-89.33.1.EL.i686.rpm
kernel-devel-2.6.9-89.33.1.EL.i686.rpm
kernel-hugemem-2.6.9-89.33.1.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.33.1.EL.i686.rpm
kernel-smp-2.6.9-89.33.1.EL.i686.rpm
kernel-smp-devel-2.6.9-89.33.1.EL.i686.rpm
kernel-xenU-2.6.9-89.33.1.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.33.1.EL.i686.rpm

ia64:
kernel-2.6.9-89.33.1.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.33.1.EL.ia64.rpm
kernel-devel-2.6.9-89.33.1.EL.ia64.rpm
kernel-largesmp-2.6.9-89.33.1.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.33.1.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-89.33.1.EL.noarch.rpm

ppc:
kernel-2.6.9-89.33.1.EL.ppc64.rpm
kernel-2.6.9-89.33.1.EL.ppc64iseries.rpm
kernel-debuginfo-2.6.9-89.33.1.EL.ppc64.rpm
kernel-debuginfo-2.6.9-89.33.1.EL.ppc64iseries.rpm
kernel-devel-2.6.9-89.33.1.EL.ppc64.rpm
kernel-devel-2.6.9-89.33.1.EL.ppc64iseries.rpm
kernel-largesmp-2.6.9-89.33.1.EL.ppc64.rpm
kernel-largesmp-devel-2.6.9-89.33.1.EL.ppc64.rpm

s390:
kernel-2.6.9-89.33.1.EL.s390.rpm
kernel-debuginfo-2.6.9-89.33.1.EL.s390.rpm
kernel-devel-2.6.9-89.33.1.EL.s390.rpm

s390x:
kernel-2.6.9-89.33.1.EL.s390x.rpm
kernel-debuginfo-2.6.9-89.33.1.EL.s390x.rpm
kernel-devel-2.6.9-89.33.1.EL.s390x.rpm

x86_64:
kernel-2.6.9-89.33.1.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.33.1.EL.x86_64.rpm
kernel-devel-2.6.9-89.33.1.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.33.1.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.33.1.EL.x86_64.rpm
kernel-smp-2.6.9-89.33.1.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.33.1.EL.x86_64.rpm
kernel-xenU-2.6.9-89.33.1.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.33.1.EL.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-89.33.1.EL.src.rpm

i386:
kernel-2.6.9-89.33.1.EL.i686.rpm
kernel-debuginfo-2.6.9-89.33.1.EL.i686.rpm
kernel-devel-2.6.9-89.33.1.EL.i686.rpm
kernel-hugemem-2.6.9-89.33.1.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.33.1.EL.i686.rpm
kernel-smp-2.6.9-89.33.1.EL.i686.rpm
kernel-smp-devel-2.6.9-89.33.1.EL.i686.rpm
kernel-xenU-2.6.9-89.33.1.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.33.1.EL.i686.rpm

noarch:
kernel-doc-2.6.9-89.33.1.EL.noarch.rpm

x86_64:
kernel-2.6.9-89.33.1.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.33.1.EL.x86_64.rpm
kernel-devel-2.6.9-89.33.1.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.33.1.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.33.1.EL.x86_64.rpm
kernel-smp-2.6.9-89.33.1.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.33.1.EL.x86_64.rpm
kernel-xenU-2.6.9-89.33.1.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.33.1.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-89.33.1.EL.src.rpm

i386:
kernel-2.6.9-89.33.1.EL.i686.rpm
kernel-debuginfo-2.6.9-89.33.1.EL.i686.rpm
kernel-devel-2.6.9-89.33.1.EL.i686.rpm
kernel-hugemem-2.6.9-89.33.1.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.33.1.EL.i686.rpm
kernel-smp-2.6.9-89.33.1.EL.i686.rpm
kernel-smp-devel-2.6.9-89.33.1.EL.i686.rpm
kernel-xenU-2.6.9-89.33.1.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.33.1.EL.i686.rpm

ia64:
kernel-2.6.9-89.33.1.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.33.1.EL.ia64.rpm
kernel-devel-2.6.9-89.33.1.EL.ia64.rpm
kernel-largesmp-2.6.9-89.33.1.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.33.1.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-89.33.1.EL.noarch.rpm

x86_64:
kernel-2.6.9-89.33.1.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.33.1.EL.x86_64.rpm
kernel-devel-2.6.9-89.33.1.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.33.1.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.33.1.EL.x86_64.rpm
kernel-smp-2.6.9-89.33.1.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.33.1.EL.x86_64.rpm
kernel-xenU-2.6.9-89.33.1.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.33.1.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-89.33.1.EL.src.rpm

i386:
kernel-2.6.9-89.33.1.EL.i686.rpm
kernel-debuginfo-2.6.9-89.33.1.EL.i686.rpm
kernel-devel-2.6.9-89.33.1.EL.i686.rpm
kernel-hugemem-2.6.9-89.33.1.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.33.1.EL.i686.rpm
kernel-smp-2.6.9-89.33.1.EL.i686.rpm
kernel-smp-devel-2.6.9-89.33.1.EL.i686.rpm
kernel-xenU-2.6.9-89.33.1.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.33.1.EL.i686.rpm

ia64:
kernel-2.6.9-89.33.1.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.33.1.EL.ia64.rpm
kernel-devel-2.6.9-89.33.1.EL.ia64.rpm
kernel-largesmp-2.6.9-89.33.1.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.33.1.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-89.33.1.EL.noarch.rpm

x86_64:
kernel-2.6.9-89.33.1.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.33.1.EL.x86_64.rpm
kernel-devel-2.6.9-89.33.1.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.33.1.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.33.1.EL.x86_64.rpm
kernel-smp-2.6.9-89.33.1.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.33.1.EL.x86_64.rpm
kernel-xenU-2.6.9-89.33.1.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.33.1.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-3432.html
https://www.redhat.com/security/data/cve/CVE-2010-3442.html
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFM9sz7XlSAg2UNWIIRAlN/AKDDckY6bAV2xVqftkyW3ce3Jji7HwCfe4v/
9igIjj4oLWSd48BT6LTuI5s=
=WsSD
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 

Thread Tools




All times are GMT. The time now is 03:39 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org