FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Enterprise Watch List

 
 
LinkBack Thread Tools
 
Old 01-11-2011, 06:55 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2011:0007-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0007.html
Issue date: 2011-01-11
CVE Names: CVE-2010-2492 CVE-2010-3067 CVE-2010-3078
CVE-2010-3080 CVE-2010-3298 CVE-2010-3477
CVE-2010-3861 CVE-2010-3865 CVE-2010-3874
CVE-2010-3876 CVE-2010-3880 CVE-2010-4072
CVE-2010-4073 CVE-2010-4074 CVE-2010-4075
CVE-2010-4077 CVE-2010-4079 CVE-2010-4080
CVE-2010-4081 CVE-2010-4082 CVE-2010-4083
CVE-2010-4158 CVE-2010-4160 CVE-2010-4162
CVE-2010-4163 CVE-2010-4242 CVE-2010-4248
CVE-2010-4249 CVE-2010-4263 CVE-2010-4525
CVE-2010-4668
================================================== ===================

1. Summary:

Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64

3. Description:

* Buffer overflow in eCryptfs. When /dev/ecryptfs has world writable
permissions (which it does not, by default, on Red Hat Enterprise Linux 6),
a local, unprivileged user could use this flaw to cause a denial of service
or possibly escalate their privileges. (CVE-2010-2492, Important)

* Integer overflow in the RDS protocol implementation could allow a local,
unprivileged user to cause a denial of service or escalate their
privileges. (CVE-2010-3865, Important)

* Missing boundary checks in the PPP over L2TP sockets implementation could
allow a local, unprivileged user to cause a denial of service or escalate
their privileges. (CVE-2010-4160, Important)

* NULL pointer dereference in the igb driver. If both Single Root I/O
Virtualization (SR-IOV) and promiscuous mode were enabled on an interface
using igb, it could result in a denial of service when a tagged VLAN packet
is received on that interface. (CVE-2010-4263, Important)

* Missing initialization flaw in the XFS file system implementation, and in
the network traffic policing implementation, could allow a local,
unprivileged user to cause an information leak. (CVE-2010-3078,
CVE-2010-3477, Moderate)

* NULL pointer dereference in the Open Sound System compatible sequencer
driver could allow a local, unprivileged user with access to /dev/sequencer
to cause a denial of service. /dev/sequencer is only accessible to root and
users in the audio group by default. (CVE-2010-3080, Moderate)

* Flaw in the ethtool IOCTL handler could allow a local user to cause an
information leak. (CVE-2010-3861, Moderate)

* Flaw in bcm_connect() in the Controller Area Network (CAN) Broadcast
Manager. On 64-bit systems, writing the socket address may overflow the
procname character array. (CVE-2010-3874, Moderate)

* Flaw in the module for monitoring the sockets of INET transport
protocols could allow a local, unprivileged user to cause a denial of
service. (CVE-2010-3880, Moderate)

* Missing boundary checks in the block layer implementation could allow a
local, unprivileged user to cause a denial of service. (CVE-2010-4162,
CVE-2010-4163, CVE-2010-4668, Moderate)

* NULL pointer dereference in the Bluetooth HCI UART driver could allow a
local, unprivileged user to cause a denial of service. (CVE-2010-4242,
Moderate)

* Flaw in the Linux kernel CPU time clocks implementation for the POSIX
clock interface could allow a local, unprivileged user to cause a denial of
service. (CVE-2010-4248, Moderate)

* Flaw in the garbage collector for AF_UNIX sockets could allow a local,
unprivileged user to trigger a denial of service. (CVE-2010-4249, Moderate)

* Missing upper bound integer check in the AIO implementation could allow a
local, unprivileged user to cause an information leak. (CVE-2010-3067, Low)

* Missing initialization flaws could lead to information leaks.
(CVE-2010-3298, CVE-2010-3876, CVE-2010-4072, CVE-2010-4073, CVE-2010-4074,
CVE-2010-4075, CVE-2010-4077, CVE-2010-4079, CVE-2010-4080, CVE-2010-4081,
CVE-2010-4082, CVE-2010-4083, CVE-2010-4158, Low)

* Missing initialization flaw in KVM could allow a privileged host user
with access to /dev/kvm to cause an information leak. (CVE-2010-4525, Low)

Red Hat would like to thank Andre Osterhues for reporting CVE-2010-2492;
Thomas Pollet for reporting CVE-2010-3865; Dan Rosenberg for reporting
CVE-2010-4160, CVE-2010-3078, CVE-2010-3874, CVE-2010-4162, CVE-2010-4163,
CVE-2010-3298, CVE-2010-4073, CVE-2010-4074, CVE-2010-4075, CVE-2010-4077,
CVE-2010-4079, CVE-2010-4080, CVE-2010-4081, CVE-2010-4082, CVE-2010-4083,
and CVE-2010-4158; Kosuke Tatsukawa for reporting CVE-2010-4263; Tavis
Ormandy for reporting CVE-2010-3080 and CVE-2010-3067; Kees Cook for
reporting CVE-2010-3861 and CVE-2010-4072; Nelson Elhage for reporting
CVE-2010-3880; Alan Cox for reporting CVE-2010-4242; Vegard Nossum for
reporting CVE-2010-4249; Vasiliy Kulikov for reporting CVE-2010-3876; and
Stephan Mueller of atsec information security for reporting CVE-2010-4525.

4. Solution:

Users should upgrade to these updated packages, which contain
backported patches to correct these issues. Documentation for the bugs
fixed by this update will be available shortly from the Technical
Notes document, linked to in the References section. The system must
be rebooted for this update to take effect.

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

611385 - CVE-2010-2492 kernel: ecryptfs_uid_hash() buffer overflow
629441 - CVE-2010-3067 kernel: do_io_submit() infoleak
630551 - CVE-2010-3080 kernel: /dev/sequencer open failure is not handled correctly
630804 - CVE-2010-3078 kernel: xfs: XFS_IOC_FSGETXATTR ioctl memory leak
633140 - CVE-2010-3298 kernel: drivers/net/usb/hso.c: prevent reading uninitialized memory
636386 - CVE-2010-3477 kernel: net/sched/act_police.c infoleak
641410 - CVE-2010-4242 kernel: missing tty ops write function presence check in hci_uart_tty_open()
646725 - CVE-2010-3861 kernel: heap contents leak from ETHTOOL_GRXCLSRLALL
647391 - kernel BUG at mm/migrate.c:113! [rhel-6.0.z]
647416 - CVE-2010-3865 kernel: iovec integer overflow in net/rds/rdma.c
648408 - Do not mix FMODE_ and O_ flags with break_lease() and may_open() [rhel-6.0.z]
648656 - CVE-2010-4072 kernel: ipc/shm.c: reading uninitialized stack memory
648658 - CVE-2010-4073 kernel: ipc/compat*.c: reading uninitialized stack memory
648659 - CVE-2010-4074 kernel: drivers/usb/serial/mos*.c: reading uninitialized stack memory
648660 - CVE-2010-4075 kernel: drivers/serial/serial_core.c: reading uninitialized stack memory
648663 - CVE-2010-4077 kernel: drivers/char/nozomi.c: reading uninitialized stack memory
648666 - CVE-2010-4079 kernel: drivers/video/ivtv/ivtvfb.c: reading uninitialized stack memory
648669 - CVE-2010-4080 kernel: drivers/sound/pci/rme9652/hdsp.c: reading uninitialized stack memory
648670 - CVE-2010-4081 kernel: drivers/sound/pci/rme9652/hdspm.c: reading uninitialized stack memory
648671 - CVE-2010-4082 kernel: drivers/video/via/ioctl.c: reading uninitialized stack memory
648673 - CVE-2010-4083 kernel: ipc/sem.c: reading uninitialized stack memory
649695 - CVE-2010-3874 kernel: CAN minor heap overflow
649715 - CVE-2010-3876 kernel: net/packet/af_packet.c: reading uninitialized stack memory
651264 - CVE-2010-3880 kernel: logic error in INET_DIAG bytecode auditing
651698 - CVE-2010-4158 kernel: socket filters infoleak
651892 - CVE-2010-4160 kernel: L2TP send buffer allocation size overflows
652529 - CVE-2010-4162 kernel: bio: integer overflow page count when mapping/copying user data
652957 - CVE-2010-4163 CVE-2010-4668 kernel: panic when submitting certain 0-length I/O requests
653340 - [kvm] VIRT-IO NIC state is reported as 'unknown' on vm running over RHEL6 host [rhel-6.0.z]
656264 - CVE-2010-4248 kernel: posix-cpu-timers: workaround to suppress the problems with mt exec
656756 - CVE-2010-4249 kernel: unix socket local dos
658879 - kernel 2.6.32-84.el6 breaks systemtap [rhel-6.0.z]
659611 - lpfc: Fixed crashes for BUG_ONs hit in the lpfc_abort_handler [rhel-6.0.z]
660188 - CVE-2010-4263 kernel: igb panics when receiving tag vlan packet
660244 - lpfc: Set heartbeat timer off by default [rhel-6.0.z]
660591 - neighbour update causes an Oops when using tunnel device [rhel-6.0.z]
665470 - CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-71.14.1.el6.src.rpm

i386:
kernel-2.6.32-71.14.1.el6.i686.rpm
kernel-debug-2.6.32-71.14.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-71.14.1.el6.i686.rpm
kernel-debug-devel-2.6.32-71.14.1.el6.i686.rpm
kernel-debuginfo-2.6.32-71.14.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-71.14.1.el6.i686.rpm
kernel-devel-2.6.32-71.14.1.el6.i686.rpm
kernel-headers-2.6.32-71.14.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-71.14.1.el6.noarch.rpm
kernel-firmware-2.6.32-71.14.1.el6.noarch.rpm
perf-2.6.32-71.14.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debug-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-71.14.1.el6.x86_64.rpm
kernel-devel-2.6.32-71.14.1.el6.x86_64.rpm
kernel-headers-2.6.32-71.14.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-71.14.1.el6.src.rpm

noarch:
kernel-doc-2.6.32-71.14.1.el6.noarch.rpm
kernel-firmware-2.6.32-71.14.1.el6.noarch.rpm
perf-2.6.32-71.14.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debug-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-71.14.1.el6.x86_64.rpm
kernel-devel-2.6.32-71.14.1.el6.x86_64.rpm
kernel-headers-2.6.32-71.14.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-71.14.1.el6.src.rpm

i386:
kernel-2.6.32-71.14.1.el6.i686.rpm
kernel-debug-2.6.32-71.14.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-71.14.1.el6.i686.rpm
kernel-debug-devel-2.6.32-71.14.1.el6.i686.rpm
kernel-debuginfo-2.6.32-71.14.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-71.14.1.el6.i686.rpm
kernel-devel-2.6.32-71.14.1.el6.i686.rpm
kernel-headers-2.6.32-71.14.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-71.14.1.el6.noarch.rpm
kernel-firmware-2.6.32-71.14.1.el6.noarch.rpm
perf-2.6.32-71.14.1.el6.noarch.rpm

ppc64:
kernel-2.6.32-71.14.1.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-71.14.1.el6.ppc64.rpm
kernel-debug-2.6.32-71.14.1.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-71.14.1.el6.ppc64.rpm
kernel-debug-devel-2.6.32-71.14.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-71.14.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-71.14.1.el6.ppc64.rpm
kernel-devel-2.6.32-71.14.1.el6.ppc64.rpm
kernel-headers-2.6.32-71.14.1.el6.ppc64.rpm

s390x:
kernel-2.6.32-71.14.1.el6.s390x.rpm
kernel-debug-2.6.32-71.14.1.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-71.14.1.el6.s390x.rpm
kernel-debug-devel-2.6.32-71.14.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-71.14.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-71.14.1.el6.s390x.rpm
kernel-devel-2.6.32-71.14.1.el6.s390x.rpm
kernel-headers-2.6.32-71.14.1.el6.s390x.rpm
kernel-kdump-2.6.32-71.14.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-71.14.1.el6.s390x.rpm
kernel-kdump-devel-2.6.32-71.14.1.el6.s390x.rpm

x86_64:
kernel-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debug-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-71.14.1.el6.x86_64.rpm
kernel-devel-2.6.32-71.14.1.el6.x86_64.rpm
kernel-headers-2.6.32-71.14.1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-71.14.1.el6.src.rpm

i386:
kernel-2.6.32-71.14.1.el6.i686.rpm
kernel-debug-2.6.32-71.14.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-71.14.1.el6.i686.rpm
kernel-debug-devel-2.6.32-71.14.1.el6.i686.rpm
kernel-debuginfo-2.6.32-71.14.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-71.14.1.el6.i686.rpm
kernel-devel-2.6.32-71.14.1.el6.i686.rpm
kernel-headers-2.6.32-71.14.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-71.14.1.el6.noarch.rpm
kernel-firmware-2.6.32-71.14.1.el6.noarch.rpm
perf-2.6.32-71.14.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debug-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-71.14.1.el6.x86_64.rpm
kernel-devel-2.6.32-71.14.1.el6.x86_64.rpm
kernel-headers-2.6.32-71.14.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-2492.html
https://www.redhat.com/security/data/cve/CVE-2010-3067.html
https://www.redhat.com/security/data/cve/CVE-2010-3078.html
https://www.redhat.com/security/data/cve/CVE-2010-3080.html
https://www.redhat.com/security/data/cve/CVE-2010-3298.html
https://www.redhat.com/security/data/cve/CVE-2010-3477.html
https://www.redhat.com/security/data/cve/CVE-2010-3861.html
https://www.redhat.com/security/data/cve/CVE-2010-3865.html
https://www.redhat.com/security/data/cve/CVE-2010-3874.html
https://www.redhat.com/security/data/cve/CVE-2010-3876.html
https://www.redhat.com/security/data/cve/CVE-2010-3880.html
https://www.redhat.com/security/data/cve/CVE-2010-4072.html
https://www.redhat.com/security/data/cve/CVE-2010-4073.html
https://www.redhat.com/security/data/cve/CVE-2010-4074.html
https://www.redhat.com/security/data/cve/CVE-2010-4075.html
https://www.redhat.com/security/data/cve/CVE-2010-4077.html
https://www.redhat.com/security/data/cve/CVE-2010-4079.html
https://www.redhat.com/security/data/cve/CVE-2010-4080.html
https://www.redhat.com/security/data/cve/CVE-2010-4081.html
https://www.redhat.com/security/data/cve/CVE-2010-4082.html
https://www.redhat.com/security/data/cve/CVE-2010-4083.html
https://www.redhat.com/security/data/cve/CVE-2010-4158.html
https://www.redhat.com/security/data/cve/CVE-2010-4160.html
https://www.redhat.com/security/data/cve/CVE-2010-4162.html
https://www.redhat.com/security/data/cve/CVE-2010-4163.html
https://www.redhat.com/security/data/cve/CVE-2010-4242.html
https://www.redhat.com/security/data/cve/CVE-2010-4248.html
https://www.redhat.com/security/data/cve/CVE-2010-4249.html
https://www.redhat.com/security/data/cve/CVE-2010-4263.html
https://www.redhat.com/security/data/cve/CVE-2010-4525.html
https://www.redhat.com/security/data/cve/CVE-2010-4668.html
https://access.redhat.com/security/updates/classification/#important
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Technical_Notes/ape.html#RHSA-2011-0007

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFNLLV/XlSAg2UNWIIRAqBDAKCjp1MiP24Cf16Cs+w7fEZHYU5t8ACcDL PD
gdl8ty7ia2arkN9LDyAkKEU=
=EHqN
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 01-18-2011, 04:54 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2011:0162-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0162.html
Issue date: 2011-01-18
CVE Names: CVE-2010-3859 CVE-2010-3876 CVE-2010-4072
CVE-2010-4073 CVE-2010-4075 CVE-2010-4080
CVE-2010-4083 CVE-2010-4157 CVE-2010-4158
CVE-2010-4242 CVE-2010-4249
================================================== ===================

1. Summary:

Updated kernel packages that fix multiple security issues and two bugs are
now available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A heap overflow flaw was found in the Linux kernel's Transparent
Inter-Process Communication protocol (TIPC) implementation. A local,
unprivileged user could use this flaw to escalate their privileges.
(CVE-2010-3859, Important)

* Missing sanity checks were found in gdth_ioctl_alloc() in the gdth driver
in the Linux kernel. A local user with access to "/dev/gdth" on a 64-bit
system could use these flaws to cause a denial of service or escalate their
privileges. (CVE-2010-4157, Moderate)

* A NULL pointer dereference flaw was found in the Bluetooth HCI UART
driver in the Linux kernel. A local, unprivileged user could use this flaw
to cause a denial of service. (CVE-2010-4242, Moderate)

* A flaw was found in the Linux kernel's garbage collector for AF_UNIX
sockets. A local, unprivileged user could use this flaw to trigger a
denial of service (out-of-memory condition). (CVE-2010-4249, Moderate)

* Missing initialization flaws were found in the Linux kernel. A local,
unprivileged user could use these flaws to cause information leaks.
(CVE-2010-3876, CVE-2010-4072, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080,
CVE-2010-4083, CVE-2010-4158, Low)

Red Hat would like to thank Alan Cox for reporting CVE-2010-4242; Vegard
Nossum for reporting CVE-2010-4249; Vasiliy Kulikov for reporting
CVE-2010-3876; Kees Cook for reporting CVE-2010-4072; and Dan Rosenberg for
reporting CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4083, and
CVE-2010-4158.

This update also fixes the following bugs:

* A flaw was found in the Linux kernel where, if used in conjunction with
another flaw that can result in a kernel Oops, could possibly lead to
privilege escalation. It does not affect Red Hat Enterprise Linux 4 as the
sysctl panic_on_oops variable is turned on by default. However, as a
preventive measure if the variable is turned off by an administrator, this
update addresses the issue. Red Hat would like to thank Nelson Elhage for
reporting this vulnerability. (BZ#659568)

* On Intel I/O Controller Hub 9 (ICH9) hardware, jumbo frame support is
achieved by using page-based sk_buff buffers without any packet split. The
entire frame data is copied to the page(s) rather than some to the
skb->data area and some to the page(s) when performing a typical
packet-split. This caused problems with the filtering code and frames were
getting dropped before they were received by listening applications. This
bug could eventually lead to the IP address being released and not being
able to be re-acquired from DHCP if the MTU (Maximum Transfer Unit) was
changed (for an affected interface using the e1000e driver). With this
update, frames are no longer dropped and an IP address is correctly
re-acquired after a previous release. (BZ#664667)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

641410 - CVE-2010-4242 kernel: missing tty ops write function presence check in hci_uart_tty_open()
645867 - CVE-2010-3859 kernel: tipc: heap overflow in tipc_msg_build()
648656 - CVE-2010-4072 kernel: ipc/shm.c: reading uninitialized stack memory
648658 - CVE-2010-4073 kernel: ipc/compat*.c: reading uninitialized stack memory
648660 - CVE-2010-4075 kernel: drivers/serial/serial_core.c: reading uninitialized stack memory
648669 - CVE-2010-4080 kernel: drivers/sound/pci/rme9652/hdsp.c: reading uninitialized stack memory
648673 - CVE-2010-4083 kernel: ipc/sem.c: reading uninitialized stack memory
649715 - CVE-2010-3876 kernel: net/packet/af_packet.c: reading uninitialized stack memory
651147 - CVE-2010-4157 kernel: gdth: integer overflow in ioc_general()
651698 - CVE-2010-4158 kernel: socket filters infoleak
656756 - CVE-2010-4249 kernel: unix socket local dos
659568 - CVE-2010-4258 kernel: failure to revert address limit override in OOPS error path [rhel-4.8.z]

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-89.35.1.EL.src.rpm

i386:
kernel-2.6.9-89.35.1.EL.i686.rpm
kernel-debuginfo-2.6.9-89.35.1.EL.i686.rpm
kernel-devel-2.6.9-89.35.1.EL.i686.rpm
kernel-hugemem-2.6.9-89.35.1.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.35.1.EL.i686.rpm
kernel-smp-2.6.9-89.35.1.EL.i686.rpm
kernel-smp-devel-2.6.9-89.35.1.EL.i686.rpm
kernel-xenU-2.6.9-89.35.1.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.35.1.EL.i686.rpm

ia64:
kernel-2.6.9-89.35.1.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.35.1.EL.ia64.rpm
kernel-devel-2.6.9-89.35.1.EL.ia64.rpm
kernel-largesmp-2.6.9-89.35.1.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.35.1.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-89.35.1.EL.noarch.rpm

ppc:
kernel-2.6.9-89.35.1.EL.ppc64.rpm
kernel-2.6.9-89.35.1.EL.ppc64iseries.rpm
kernel-debuginfo-2.6.9-89.35.1.EL.ppc64.rpm
kernel-debuginfo-2.6.9-89.35.1.EL.ppc64iseries.rpm
kernel-devel-2.6.9-89.35.1.EL.ppc64.rpm
kernel-devel-2.6.9-89.35.1.EL.ppc64iseries.rpm
kernel-largesmp-2.6.9-89.35.1.EL.ppc64.rpm
kernel-largesmp-devel-2.6.9-89.35.1.EL.ppc64.rpm

s390:
kernel-2.6.9-89.35.1.EL.s390.rpm
kernel-debuginfo-2.6.9-89.35.1.EL.s390.rpm
kernel-devel-2.6.9-89.35.1.EL.s390.rpm

s390x:
kernel-2.6.9-89.35.1.EL.s390x.rpm
kernel-debuginfo-2.6.9-89.35.1.EL.s390x.rpm
kernel-devel-2.6.9-89.35.1.EL.s390x.rpm

x86_64:
kernel-2.6.9-89.35.1.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.35.1.EL.x86_64.rpm
kernel-devel-2.6.9-89.35.1.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.35.1.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.35.1.EL.x86_64.rpm
kernel-smp-2.6.9-89.35.1.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.35.1.EL.x86_64.rpm
kernel-xenU-2.6.9-89.35.1.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.35.1.EL.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-89.35.1.EL.src.rpm

i386:
kernel-2.6.9-89.35.1.EL.i686.rpm
kernel-debuginfo-2.6.9-89.35.1.EL.i686.rpm
kernel-devel-2.6.9-89.35.1.EL.i686.rpm
kernel-hugemem-2.6.9-89.35.1.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.35.1.EL.i686.rpm
kernel-smp-2.6.9-89.35.1.EL.i686.rpm
kernel-smp-devel-2.6.9-89.35.1.EL.i686.rpm
kernel-xenU-2.6.9-89.35.1.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.35.1.EL.i686.rpm

noarch:
kernel-doc-2.6.9-89.35.1.EL.noarch.rpm

x86_64:
kernel-2.6.9-89.35.1.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.35.1.EL.x86_64.rpm
kernel-devel-2.6.9-89.35.1.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.35.1.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.35.1.EL.x86_64.rpm
kernel-smp-2.6.9-89.35.1.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.35.1.EL.x86_64.rpm
kernel-xenU-2.6.9-89.35.1.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.35.1.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-89.35.1.EL.src.rpm

i386:
kernel-2.6.9-89.35.1.EL.i686.rpm
kernel-debuginfo-2.6.9-89.35.1.EL.i686.rpm
kernel-devel-2.6.9-89.35.1.EL.i686.rpm
kernel-hugemem-2.6.9-89.35.1.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.35.1.EL.i686.rpm
kernel-smp-2.6.9-89.35.1.EL.i686.rpm
kernel-smp-devel-2.6.9-89.35.1.EL.i686.rpm
kernel-xenU-2.6.9-89.35.1.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.35.1.EL.i686.rpm

ia64:
kernel-2.6.9-89.35.1.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.35.1.EL.ia64.rpm
kernel-devel-2.6.9-89.35.1.EL.ia64.rpm
kernel-largesmp-2.6.9-89.35.1.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.35.1.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-89.35.1.EL.noarch.rpm

x86_64:
kernel-2.6.9-89.35.1.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.35.1.EL.x86_64.rpm
kernel-devel-2.6.9-89.35.1.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.35.1.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.35.1.EL.x86_64.rpm
kernel-smp-2.6.9-89.35.1.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.35.1.EL.x86_64.rpm
kernel-xenU-2.6.9-89.35.1.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.35.1.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-89.35.1.EL.src.rpm

i386:
kernel-2.6.9-89.35.1.EL.i686.rpm
kernel-debuginfo-2.6.9-89.35.1.EL.i686.rpm
kernel-devel-2.6.9-89.35.1.EL.i686.rpm
kernel-hugemem-2.6.9-89.35.1.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.35.1.EL.i686.rpm
kernel-smp-2.6.9-89.35.1.EL.i686.rpm
kernel-smp-devel-2.6.9-89.35.1.EL.i686.rpm
kernel-xenU-2.6.9-89.35.1.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.35.1.EL.i686.rpm

ia64:
kernel-2.6.9-89.35.1.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.35.1.EL.ia64.rpm
kernel-devel-2.6.9-89.35.1.EL.ia64.rpm
kernel-largesmp-2.6.9-89.35.1.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.35.1.EL.ia64.rpm

noarch:
kernel-doc-2.6.9-89.35.1.EL.noarch.rpm

x86_64:
kernel-2.6.9-89.35.1.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.35.1.EL.x86_64.rpm
kernel-devel-2.6.9-89.35.1.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.35.1.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.35.1.EL.x86_64.rpm
kernel-smp-2.6.9-89.35.1.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.35.1.EL.x86_64.rpm
kernel-xenU-2.6.9-89.35.1.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.35.1.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-3859.html
https://www.redhat.com/security/data/cve/CVE-2010-3876.html
https://www.redhat.com/security/data/cve/CVE-2010-4072.html
https://www.redhat.com/security/data/cve/CVE-2010-4073.html
https://www.redhat.com/security/data/cve/CVE-2010-4075.html
https://www.redhat.com/security/data/cve/CVE-2010-4080.html
https://www.redhat.com/security/data/cve/CVE-2010-4083.html
https://www.redhat.com/security/data/cve/CVE-2010-4157.html
https://www.redhat.com/security/data/cve/CVE-2010-4158.html
https://www.redhat.com/security/data/cve/CVE-2010-4242.html
https://www.redhat.com/security/data/cve/CVE-2010-4249.html
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFNNdOqXlSAg2UNWIIRApwIAJoCwExeKiP2yfJmKMsdnM Q430nqqACeMNyS
eh801QkyvQ8d/dcT0XD+fus=
=ppWw
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 01-18-2011, 05:37 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2011:0163-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0163.html
Issue date: 2011-01-18
CVE Names: CVE-2010-4526
================================================== ===================

1. Summary:

Updated kernel packages that fix one security issue and three bugs are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* A flaw was found in the sctp_icmp_proto_unreachable() function in the
Linux kernel's Stream Control Transmission Protocol (SCTP) implementation.
A remote attacker could use this flaw to cause a denial of service.
(CVE-2010-4526, Important)

This update also fixes the following bugs:

* Due to an off-by-one error, gfs2_grow failed to take the very last "rgrp"
parameter into account when adding up the new free space. With this update,
the GFS2 kernel properly counts all the new resource groups and fixes the
"statfs" file correctly. (BZ#666792)

* Prior to this update, a multi-threaded application, which invoked
popen(3) internally, could cause a thread stall by FILE lock corruption.
The application program waited for a FILE lock in glibc, but the lock
seemed to be corrupted, which was caused by a race condition in the COW
(Copy On Write) logic. With this update, the race condition was corrected
and FILE lock corruption no longer occurs. (BZ#667050)

* If an error occurred during I/O, the SCSI driver reset the "megaraid_sas"
controller to restore it to normal state. However, on Red Hat Enterprise
Linux 5, the waiting time to allow a full reset completion for the
"megaraid_sas" controller was too short. The driver incorrectly recognized
the controller as stalled, and, as a result, the system stalled as well.
With this update, more time is given to the controller to properly restart,
thus, the controller operates as expected after being reset. (BZ#667141)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

664914 - CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect()
666792 - fsck.gfs2 reported statfs error after gfs2_grow [rhel-5.6.z]
667050 - COW corruption using popen(3). [rhel-5.6.z]
667141 - [RHEL5.6] megaraid_sas stalls after driver is reset [rhel-5.6.z]

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-238.1.1.el5.src.rpm

i386:
kernel-2.6.18-238.1.1.el5.i686.rpm
kernel-PAE-2.6.18-238.1.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-238.1.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-238.1.1.el5.i686.rpm
kernel-debug-2.6.18-238.1.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-238.1.1.el5.i686.rpm
kernel-debug-devel-2.6.18-238.1.1.el5.i686.rpm
kernel-debuginfo-2.6.18-238.1.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-238.1.1.el5.i686.rpm
kernel-devel-2.6.18-238.1.1.el5.i686.rpm
kernel-headers-2.6.18-238.1.1.el5.i386.rpm
kernel-xen-2.6.18-238.1.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-238.1.1.el5.i686.rpm
kernel-xen-devel-2.6.18-238.1.1.el5.i686.rpm

noarch:
kernel-doc-2.6.18-238.1.1.el5.noarch.rpm

x86_64:
kernel-2.6.18-238.1.1.el5.x86_64.rpm
kernel-debug-2.6.18-238.1.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-238.1.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-238.1.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-238.1.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-238.1.1.el5.x86_64.rpm
kernel-devel-2.6.18-238.1.1.el5.x86_64.rpm
kernel-headers-2.6.18-238.1.1.el5.x86_64.rpm
kernel-xen-2.6.18-238.1.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-238.1.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-238.1.1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-238.1.1.el5.src.rpm

i386:
kernel-2.6.18-238.1.1.el5.i686.rpm
kernel-PAE-2.6.18-238.1.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-238.1.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-238.1.1.el5.i686.rpm
kernel-debug-2.6.18-238.1.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-238.1.1.el5.i686.rpm
kernel-debug-devel-2.6.18-238.1.1.el5.i686.rpm
kernel-debuginfo-2.6.18-238.1.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-238.1.1.el5.i686.rpm
kernel-devel-2.6.18-238.1.1.el5.i686.rpm
kernel-headers-2.6.18-238.1.1.el5.i386.rpm
kernel-xen-2.6.18-238.1.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-238.1.1.el5.i686.rpm
kernel-xen-devel-2.6.18-238.1.1.el5.i686.rpm

ia64:
kernel-2.6.18-238.1.1.el5.ia64.rpm
kernel-debug-2.6.18-238.1.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-238.1.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-238.1.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-238.1.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-238.1.1.el5.ia64.rpm
kernel-devel-2.6.18-238.1.1.el5.ia64.rpm
kernel-headers-2.6.18-238.1.1.el5.ia64.rpm
kernel-xen-2.6.18-238.1.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-238.1.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-238.1.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-238.1.1.el5.noarch.rpm

ppc:
kernel-2.6.18-238.1.1.el5.ppc64.rpm
kernel-debug-2.6.18-238.1.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-238.1.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-238.1.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-238.1.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-238.1.1.el5.ppc64.rpm
kernel-devel-2.6.18-238.1.1.el5.ppc64.rpm
kernel-headers-2.6.18-238.1.1.el5.ppc.rpm
kernel-headers-2.6.18-238.1.1.el5.ppc64.rpm
kernel-kdump-2.6.18-238.1.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-238.1.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-238.1.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-238.1.1.el5.s390x.rpm
kernel-debug-2.6.18-238.1.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-238.1.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-238.1.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-238.1.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-238.1.1.el5.s390x.rpm
kernel-devel-2.6.18-238.1.1.el5.s390x.rpm
kernel-headers-2.6.18-238.1.1.el5.s390x.rpm
kernel-kdump-2.6.18-238.1.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-238.1.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-238.1.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-238.1.1.el5.x86_64.rpm
kernel-debug-2.6.18-238.1.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-238.1.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-238.1.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-238.1.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-238.1.1.el5.x86_64.rpm
kernel-devel-2.6.18-238.1.1.el5.x86_64.rpm
kernel-headers-2.6.18-238.1.1.el5.x86_64.rpm
kernel-xen-2.6.18-238.1.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-238.1.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-238.1.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-4526.html
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFNNd3ZXlSAg2UNWIIRAiN+AKC9NqCceOS+FbmFLs36S0 K8dRQbMwCfZm2a
ET9WD5TN0kO52O7vYSca3BU=
=zIP9
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 04-08-2011, 03:01 AM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2011:0421-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0421.html
Issue date: 2011-04-07
CVE Names: CVE-2010-3296 CVE-2010-4346 CVE-2010-4526
CVE-2010-4648 CVE-2010-4655 CVE-2010-4656
CVE-2011-0521 CVE-2011-0695 CVE-2011-0710
CVE-2011-0716 CVE-2011-1478
================================================== ===================

1. Summary:

Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A flaw was found in the sctp_icmp_proto_unreachable() function in the
Linux kernel's Stream Control Transmission Protocol (SCTP) implementation.
A remote attacker could use this flaw to cause a denial of service.
(CVE-2010-4526, Important)

* A missing boundary check was found in the dvb_ca_ioctl() function in the
Linux kernel's av7110 module. On systems that use old DVB cards that
require the av7110 module, a local, unprivileged user could use this flaw
to cause a denial of service or escalate their privileges. (CVE-2011-0521,
Important)

* A race condition was found in the way the Linux kernel's InfiniBand
implementation set up new connections. This could allow a remote user to
cause a denial of service. (CVE-2011-0695, Important)

* A heap overflow flaw in the iowarrior_write() function could allow a
user with access to an IO-Warrior USB device, that supports more than 8
bytes per report, to cause a denial of service or escalate their
privileges. (CVE-2010-4656, Moderate)

* A flaw was found in the way the Linux Ethernet bridge implementation
handled certain IGMP (Internet Group Management Protocol) packets. A local,
unprivileged user on a system that has a network interface in an Ethernet
bridge could use this flaw to crash that system. (CVE-2011-0716, Moderate)

* A NULL pointer dereference flaw was found in the Generic Receive Offload
(GRO) functionality in the Linux kernel's networking implementation. If
both GRO and promiscuous mode were enabled on an interface in a virtual LAN
(VLAN), it could result in a denial of service when a malformed VLAN frame
is received on that interface. (CVE-2011-1478, Moderate)

* A missing initialization flaw in the Linux kernel could lead to an
information leak. (CVE-2010-3296, Low)

* A missing security check in the Linux kernel's implementation of the
install_special_mapping() function could allow a local, unprivileged user
to bypass the mmap_min_addr protection mechanism. (CVE-2010-4346, Low)

* A logic error in the orinoco_ioctl_set_auth() function in the Linux
kernel's ORiNOCO wireless extensions support implementation could render
TKIP countermeasures ineffective when it is enabled, as it enabled the card
instead of shutting it down. (CVE-2010-4648, Low)

* A missing initialization flaw was found in the ethtool_get_regs()
function in the Linux kernel's ethtool IOCTL handler. A local user who has
the CAP_NET_ADMIN capability could use this flaw to cause an information
leak. (CVE-2010-4655, Low)

* An information leak was found in the Linux kernel's task_show_regs()
implementation. On IBM S/390 systems, a local, unprivileged user could use
this flaw to read /proc/[PID]/status files, allowing them to discover
the CPU register values of processes. (CVE-2011-0710, Low)

Red Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695; Kees
Cook for reporting CVE-2010-4656 and CVE-2010-4655; Dan Rosenberg for
reporting CVE-2010-3296; and Tavis Ormandy for reporting CVE-2010-4346.

This update also fixes several bugs. Documentation for these bug fixes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues, and fix the bugs noted in the Technical
Notes. The system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

633149 - CVE-2010-3296 kernel: drivers/net/cxgb3/cxgb3_main.c reading uninitialized stack memory
653648 - CVE-2011-0695 kernel: panic in ib_cm:cm_work_handler
662189 - CVE-2010-4346 kernel: install_special_mapping skips security_file_mmap check
664914 - CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect()
667907 - CVE-2010-4648 kernel: orinoco: fix TKIP countermeasure behaviour
672398 - CVE-2011-0521 kernel: av7110 negative array offset
672420 - CVE-2010-4656 kernel: iowarrior usb device heap overflow
672428 - CVE-2010-4655 kernel: heap contents leak for CAP_NET_ADMIN via ethtool ioctl
677850 - CVE-2011-0710 kernel: s390 task_show_regs infoleak
678169 - CVE-2011-0716 kernel: deficiency in processing igmp host membership reports in br_multicast
678558 - virtio_console driver never returns from selecting for write when the queue is full [rhel-6.0.z]
678559 - Disallow 0-sized writes to virtio ports to go through to host (leading to VM crash) [rhel-6.0.z]
678562 - writing to a virtio serial port while no one is listening on the host side hangs the guest [rhel-6.0.z]
680080 - Start multi RHEL5.5 64 bit guests triggers rtl8169_interrupt hang [rhel-6.0.z]
683442 - backport set_iounmap_nonlazy() to speedup reading of /proc/vmcore [rhel-6.0.z]
683445 - Backport upstream cacheing fix for optimizing reads from /proc/vmcore [rhel-6.0.z]
683781 - kvm: guest stale memory after migration [rhel-6.0.z]
683783 - guest kernel panic when boot with nmi_watchdog=1 [rhel-6.0.z]
683822 - kernel: restrict unprivileged access to kernel syslog [rhel-6.1] [rhel-6.0.z]
684267 - kernel: missing CONFIG_STRICT_DEVMEM=y in S390x [rhel-6.0.z]
684268 - virtio_net: missing schedule on oom [rhel-6.0.z]
691270 - CVE-2011-1478 kernel: gro: reset dev and skb_iff on skb reuse

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-71.24.1.el6.src.rpm

i386:
kernel-2.6.32-71.24.1.el6.i686.rpm
kernel-debug-2.6.32-71.24.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-71.24.1.el6.i686.rpm
kernel-debug-devel-2.6.32-71.24.1.el6.i686.rpm
kernel-debuginfo-2.6.32-71.24.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-71.24.1.el6.i686.rpm
kernel-devel-2.6.32-71.24.1.el6.i686.rpm
kernel-headers-2.6.32-71.24.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-71.24.1.el6.noarch.rpm
kernel-firmware-2.6.32-71.24.1.el6.noarch.rpm
perf-2.6.32-71.24.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-71.24.1.el6.x86_64.rpm
kernel-debug-2.6.32-71.24.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-71.24.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-71.24.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-71.24.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-71.24.1.el6.x86_64.rpm
kernel-devel-2.6.32-71.24.1.el6.x86_64.rpm
kernel-headers-2.6.32-71.24.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-71.24.1.el6.src.rpm

noarch:
kernel-doc-2.6.32-71.24.1.el6.noarch.rpm
kernel-firmware-2.6.32-71.24.1.el6.noarch.rpm
perf-2.6.32-71.24.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-71.24.1.el6.x86_64.rpm
kernel-debug-2.6.32-71.24.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-71.24.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-71.24.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-71.24.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-71.24.1.el6.x86_64.rpm
kernel-devel-2.6.32-71.24.1.el6.x86_64.rpm
kernel-headers-2.6.32-71.24.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-71.24.1.el6.src.rpm

i386:
kernel-2.6.32-71.24.1.el6.i686.rpm
kernel-debug-2.6.32-71.24.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-71.24.1.el6.i686.rpm
kernel-debug-devel-2.6.32-71.24.1.el6.i686.rpm
kernel-debuginfo-2.6.32-71.24.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-71.24.1.el6.i686.rpm
kernel-devel-2.6.32-71.24.1.el6.i686.rpm
kernel-headers-2.6.32-71.24.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-71.24.1.el6.noarch.rpm
kernel-firmware-2.6.32-71.24.1.el6.noarch.rpm
perf-2.6.32-71.24.1.el6.noarch.rpm

ppc64:
kernel-2.6.32-71.24.1.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-71.24.1.el6.ppc64.rpm
kernel-debug-2.6.32-71.24.1.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-71.24.1.el6.ppc64.rpm
kernel-debug-devel-2.6.32-71.24.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-71.24.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-71.24.1.el6.ppc64.rpm
kernel-devel-2.6.32-71.24.1.el6.ppc64.rpm
kernel-headers-2.6.32-71.24.1.el6.ppc64.rpm

s390x:
kernel-2.6.32-71.24.1.el6.s390x.rpm
kernel-debug-2.6.32-71.24.1.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-71.24.1.el6.s390x.rpm
kernel-debug-devel-2.6.32-71.24.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-71.24.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-71.24.1.el6.s390x.rpm
kernel-devel-2.6.32-71.24.1.el6.s390x.rpm
kernel-headers-2.6.32-71.24.1.el6.s390x.rpm
kernel-kdump-2.6.32-71.24.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-71.24.1.el6.s390x.rpm
kernel-kdump-devel-2.6.32-71.24.1.el6.s390x.rpm

x86_64:
kernel-2.6.32-71.24.1.el6.x86_64.rpm
kernel-debug-2.6.32-71.24.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-71.24.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-71.24.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-71.24.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-71.24.1.el6.x86_64.rpm
kernel-devel-2.6.32-71.24.1.el6.x86_64.rpm
kernel-headers-2.6.32-71.24.1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-71.24.1.el6.src.rpm

i386:
kernel-2.6.32-71.24.1.el6.i686.rpm
kernel-debug-2.6.32-71.24.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-71.24.1.el6.i686.rpm
kernel-debug-devel-2.6.32-71.24.1.el6.i686.rpm
kernel-debuginfo-2.6.32-71.24.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-71.24.1.el6.i686.rpm
kernel-devel-2.6.32-71.24.1.el6.i686.rpm
kernel-headers-2.6.32-71.24.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-71.24.1.el6.noarch.rpm
kernel-firmware-2.6.32-71.24.1.el6.noarch.rpm
perf-2.6.32-71.24.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-71.24.1.el6.x86_64.rpm
kernel-debug-2.6.32-71.24.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-71.24.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-71.24.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-71.24.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-71.24.1.el6.x86_64.rpm
kernel-devel-2.6.32-71.24.1.el6.x86_64.rpm
kernel-headers-2.6.32-71.24.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-3296.html
https://www.redhat.com/security/data/cve/CVE-2010-4346.html
https://www.redhat.com/security/data/cve/CVE-2010-4526.html
https://www.redhat.com/security/data/cve/CVE-2010-4648.html
https://www.redhat.com/security/data/cve/CVE-2010-4655.html
https://www.redhat.com/security/data/cve/CVE-2010-4656.html
https://www.redhat.com/security/data/cve/CVE-2011-0521.html
https://www.redhat.com/security/data/cve/CVE-2011-0695.html
https://www.redhat.com/security/data/cve/CVE-2011-0710.html
https://www.redhat.com/security/data/cve/CVE-2011-0716.html
https://www.redhat.com/security/data/cve/CVE-2011-1478.html
https://access.redhat.com/security/updates/classification/#important
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Technical_Notes/ape.html#RHSA-2011-0421

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFNnnnmXlSAg2UNWIIRAokpAJ47T5eKfpAoUk690nWwJe 4hja5HKACfccAt
3GRPKwf17XCubve3Nh9UxFU=
=2lM4
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 04-12-2011, 06:23 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2011:0429-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0429.html
Issue date: 2011-04-12
CVE Names: CVE-2010-4346 CVE-2011-0521 CVE-2011-0710
CVE-2011-1010 CVE-2011-1090 CVE-2011-1478
================================================== ===================

1. Summary:

Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A missing boundary check was found in the dvb_ca_ioctl() function in the
Linux kernel's av7110 module. On systems that use old DVB cards that
require the av7110 module, a local, unprivileged user could use this flaw
to cause a denial of service or escalate their privileges. (CVE-2011-0521,
Important)

* An inconsistency was found in the interaction between the Linux kernel's
method for allocating NFSv4 (Network File System version 4) ACL data and
the method by which it was freed. This inconsistency led to a kernel panic
which could be triggered by a local, unprivileged user with files owned by
said user on an NFSv4 share. (CVE-2011-1090, Moderate)

* A NULL pointer dereference flaw was found in the Generic Receive Offload
(GRO) functionality in the Linux kernel's networking implementation. If
both GRO and promiscuous mode were enabled on an interface in a virtual LAN
(VLAN), it could result in a denial of service when a malformed VLAN frame
is received on that interface. (CVE-2011-1478, Moderate)

* A missing security check in the Linux kernel's implementation of the
install_special_mapping() function could allow a local, unprivileged user
to bypass the mmap_min_addr protection mechanism. (CVE-2010-4346, Low)

* An information leak was found in the Linux kernel's task_show_regs()
implementation. On IBM S/390 systems, a local, unprivileged user could use
this flaw to read /proc/[PID]/status files, allowing them to discover the
CPU register values of processes. (CVE-2011-0710, Low)

* A missing validation check was found in the Linux kernel's
mac_partition() implementation, used for supporting file systems created
on Mac OS operating systems. A local attacker could use this flaw to cause
a denial of service by mounting a disk that contains specially-crafted
partitions. (CVE-2011-1010, Low)

Red Hat would like to thank Ryan Sweat for reporting CVE-2011-1478; Tavis
Ormandy for reporting CVE-2010-4346; and Timo Warns for reporting
CVE-2011-1010.

This update also fixes several bugs. Documentation for these bug fixes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues, and fix the bugs noted in the Technical
Notes. The system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

662189 - CVE-2010-4346 kernel: install_special_mapping skips security_file_mmap check
672398 - CVE-2011-0521 kernel: av7110 negative array offset
675664 - Kernel panic when restart network on vlan with bonding [rhel-5.6.z]
675909 - GFS2: Blocks not marked free on delete [rhel-5.6.z]
677173 - mpctl module doesn't release fasync_struct at file close [rhel-5.6.z]
677850 - CVE-2011-0710 kernel: s390 task_show_regs infoleak
679282 - CVE-2011-1010 kernel: fs/partitions: Validate map_count in Mac partition tables
680043 - [usb-audio] unable to set capture mixer levels [rhel-5.6.z]
680350 - WARNING: APIC timer calibration may be wrong [rhel-5.6.z]
681795 - [NetApp 5.6 Bug] Erroneous TPG ID check in SCSI ALUA Handler [rhel-5.6.z]
682641 - CVE-2011-1090 kernel: nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab
682673 - system fails to boot do to x86-64 kernel corrupting bios memory area [rhel-5.6.z]
683443 - kernel panic in pg_init_done - pgpath already deleted [rhel-5.6.z]
684128 - HP_GETHOSTINFO ioctl always causes mpt controller reset [rhel-5.6.z]
691270 - CVE-2011-1478 kernel: gro: reset dev and skb_iff on skb reuse

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-238.9.1.el5.src.rpm

i386:
kernel-2.6.18-238.9.1.el5.i686.rpm
kernel-PAE-2.6.18-238.9.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-238.9.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-238.9.1.el5.i686.rpm
kernel-debug-2.6.18-238.9.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-238.9.1.el5.i686.rpm
kernel-debug-devel-2.6.18-238.9.1.el5.i686.rpm
kernel-debuginfo-2.6.18-238.9.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-238.9.1.el5.i686.rpm
kernel-devel-2.6.18-238.9.1.el5.i686.rpm
kernel-headers-2.6.18-238.9.1.el5.i386.rpm
kernel-xen-2.6.18-238.9.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-238.9.1.el5.i686.rpm
kernel-xen-devel-2.6.18-238.9.1.el5.i686.rpm

noarch:
kernel-doc-2.6.18-238.9.1.el5.noarch.rpm

x86_64:
kernel-2.6.18-238.9.1.el5.x86_64.rpm
kernel-debug-2.6.18-238.9.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-238.9.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-238.9.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-238.9.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-238.9.1.el5.x86_64.rpm
kernel-devel-2.6.18-238.9.1.el5.x86_64.rpm
kernel-headers-2.6.18-238.9.1.el5.x86_64.rpm
kernel-xen-2.6.18-238.9.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-238.9.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-238.9.1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-238.9.1.el5.src.rpm

i386:
kernel-2.6.18-238.9.1.el5.i686.rpm
kernel-PAE-2.6.18-238.9.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-238.9.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-238.9.1.el5.i686.rpm
kernel-debug-2.6.18-238.9.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-238.9.1.el5.i686.rpm
kernel-debug-devel-2.6.18-238.9.1.el5.i686.rpm
kernel-debuginfo-2.6.18-238.9.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-238.9.1.el5.i686.rpm
kernel-devel-2.6.18-238.9.1.el5.i686.rpm
kernel-headers-2.6.18-238.9.1.el5.i386.rpm
kernel-xen-2.6.18-238.9.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-238.9.1.el5.i686.rpm
kernel-xen-devel-2.6.18-238.9.1.el5.i686.rpm

ia64:
kernel-2.6.18-238.9.1.el5.ia64.rpm
kernel-debug-2.6.18-238.9.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-238.9.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-238.9.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-238.9.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-238.9.1.el5.ia64.rpm
kernel-devel-2.6.18-238.9.1.el5.ia64.rpm
kernel-headers-2.6.18-238.9.1.el5.ia64.rpm
kernel-xen-2.6.18-238.9.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-238.9.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-238.9.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-238.9.1.el5.noarch.rpm

ppc:
kernel-2.6.18-238.9.1.el5.ppc64.rpm
kernel-debug-2.6.18-238.9.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-238.9.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-238.9.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-238.9.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-238.9.1.el5.ppc64.rpm
kernel-devel-2.6.18-238.9.1.el5.ppc64.rpm
kernel-headers-2.6.18-238.9.1.el5.ppc.rpm
kernel-headers-2.6.18-238.9.1.el5.ppc64.rpm
kernel-kdump-2.6.18-238.9.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-238.9.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-238.9.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-238.9.1.el5.s390x.rpm
kernel-debug-2.6.18-238.9.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-238.9.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-238.9.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-238.9.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-238.9.1.el5.s390x.rpm
kernel-devel-2.6.18-238.9.1.el5.s390x.rpm
kernel-headers-2.6.18-238.9.1.el5.s390x.rpm
kernel-kdump-2.6.18-238.9.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-238.9.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-238.9.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-238.9.1.el5.x86_64.rpm
kernel-debug-2.6.18-238.9.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-238.9.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-238.9.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-238.9.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-238.9.1.el5.x86_64.rpm
kernel-devel-2.6.18-238.9.1.el5.x86_64.rpm
kernel-headers-2.6.18-238.9.1.el5.x86_64.rpm
kernel-xen-2.6.18-238.9.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-238.9.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-238.9.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-4346.html
https://www.redhat.com/security/data/cve/CVE-2011-0521.html
https://www.redhat.com/security/data/cve/CVE-2011-0710.html
https://www.redhat.com/security/data/cve/CVE-2011-1010.html
https://www.redhat.com/security/data/cve/CVE-2011-1090.html
https://www.redhat.com/security/data/cve/CVE-2011-1478.html
https://access.redhat.com/security/updates/classification/#important
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Technical_Notes/kernel.html#RHSA-2011-0429

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFNpJiWXlSAg2UNWIIRArX+AKCsM5Z9LScHxsXNPOmicq SkCWbYFwCfeMGw
uolUV68MsEfsDXtO+szt0XE=
=yVdB
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 05-31-2011, 03:00 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2011:0833-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0833.html
Issue date: 2011-05-31
CVE Names: CVE-2011-0726 CVE-2011-1078 CVE-2011-1079
CVE-2011-1080 CVE-2011-1093 CVE-2011-1163
CVE-2011-1166 CVE-2011-1170 CVE-2011-1171
CVE-2011-1172 CVE-2011-1494 CVE-2011-1495
CVE-2011-1577 CVE-2011-1763
================================================== ===================

1. Summary:

Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A flaw in the dccp_rcv_state_process() function could allow a remote
attacker to cause a denial of service, even when the socket was already
closed. (CVE-2011-1093, Important)

* Multiple buffer overflow flaws were found in the Linux kernel's
Management Module Support for Message Passing Technology (MPT) based
controllers. A local, unprivileged user could use these flaws to cause a
denial of service, an information leak, or escalate their privileges.
(CVE-2011-1494, CVE-2011-1495, Important)

* A missing validation of a null-terminated string data structure element
in the bnep_sock_ioctl() function could allow a local user to cause an
information leak or a denial of service. (CVE-2011-1079, Moderate)

* Missing error checking in the way page tables were handled in the Xen
hypervisor implementation could allow a privileged guest user to cause the
host, and the guests, to lock up. (CVE-2011-1166, Moderate)

* A flaw was found in the way the Xen hypervisor implementation checked for
the upper boundary when getting a new event channel port. A privileged
guest user could use this flaw to cause a denial of service or escalate
their privileges. (CVE-2011-1763, Moderate)

* The start_code and end_code values in "/proc/[pid]/stat" were not
protected. In certain scenarios, this flaw could be used to defeat Address
Space Layout Randomization (ASLR). (CVE-2011-0726, Low)

* A missing initialization flaw in the sco_sock_getsockopt() function could
allow a local, unprivileged user to cause an information leak.
(CVE-2011-1078, Low)

* A missing validation of a null-terminated string data structure element
in the do_replace() function could allow a local user who has the
CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low)

* A buffer overflow flaw in the DEC Alpha OSF partition implementation in
the Linux kernel could allow a local attacker to cause an information leak
by mounting a disk that contains specially-crafted partition tables.
(CVE-2011-1163, Low)

* Missing validations of null-terminated string data structure elements in
the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(),
and do_arpt_get_ctl() functions could allow a local user who has the
CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170,
CVE-2011-1171, CVE-2011-1172, Low)

* A heap overflow flaw in the Linux kernel's EFI GUID Partition Table (GPT)
implementation could allow a local attacker to cause a denial of service
by mounting a disk that contains specially-crafted partition tables.
(CVE-2011-1577, Low)

Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and
CVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1078,
CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172; Kees Cook
for reporting CVE-2011-0726; and Timo Warns for reporting CVE-2011-1163
and CVE-2011-1577.

This update also fixes several bugs. Documentation for these bug fixes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues, and fix the bugs noted in the Technical
Notes. The system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

681259 - CVE-2011-1078 kernel: bt sco_conninfo infoleak
681260 - CVE-2011-1079 kernel: bnep device field missing NULL terminator
681262 - CVE-2011-1080 kernel: ebtables stack infoleak
682954 - CVE-2011-1093 kernel: dccp: fix oops on Reset after close
684569 - CVE-2011-0726 kernel: proc: protect mm start_code/end_code in /proc/pid/stat
688021 - CVE-2011-1163 kernel: fs/partitions: Corrupted OSF partition table infoleak
688156 - [5.6][REG]for some uses of 'nfsservctl' system call, the kernel crashes. [rhel-5.6.z]
688579 - CVE-2011-1166 kernel: xen: x86_64: fix error checking in arch_set_info_guest()
689321 - CVE-2011-1170 ipv4: netfilter: arp_tables: fix infoleak to userspace
689327 - CVE-2011-1171 ipv4: netfilter: ip_tables: fix infoleak to userspace
689345 - CVE-2011-1172 ipv6: netfilter: ip6_tables: fix infoleak to userspace
689699 - Deadlock between device driver attachment and device removal with a USB device [rhel-5.6.z]
689700 - [NetApp 5.6 Bug] QLogic 8G FC firmware dumps seen during IO [rhel-5.6.z]
690134 - Time runs too fast in a VM on processors with &gt; 4GHZ freq [rhel-5.6.z]
690239 - gfs2: creating large files suddenly slow to a crawl [rhel-5.6.z]
694021 - CVE-2011-1494 CVE-2011-1495 kernel: drivers/scsi/mpt2sas: prevent heap overflows
695976 - CVE-2011-1577 kernel: corrupted GUID partition tables can cause kernel oops
696136 - RHEL 5.6 (kernel -238) causes audio issues [rhel-5.6.z]
697448 - slab corruption after seeing some nfs-related BUG: warning [rhel-5.6.z]
699808 - dasd: fix race between open and offline [rhel-5.6.z]
701240 - CVE-2011-1763 kernel: xen: improper upper boundary check in get_free_port() function

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-238.12.1.el5.src.rpm

i386:
kernel-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.i686.rpm
kernel-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-headers-2.6.18-238.12.1.el5.i386.rpm
kernel-xen-2.6.18-238.12.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-xen-devel-2.6.18-238.12.1.el5.i686.rpm

noarch:
kernel-doc-2.6.18-238.12.1.el5.noarch.rpm

x86_64:
kernel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.x86_64.rpm
kernel-devel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-headers-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-238.12.1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-238.12.1.el5.src.rpm

i386:
kernel-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.i686.rpm
kernel-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-headers-2.6.18-238.12.1.el5.i386.rpm
kernel-xen-2.6.18-238.12.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-xen-devel-2.6.18-238.12.1.el5.i686.rpm

ia64:
kernel-2.6.18-238.12.1.el5.ia64.rpm
kernel-debug-2.6.18-238.12.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.ia64.rpm
kernel-devel-2.6.18-238.12.1.el5.ia64.rpm
kernel-headers-2.6.18-238.12.1.el5.ia64.rpm
kernel-xen-2.6.18-238.12.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-238.12.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-238.12.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-238.12.1.el5.noarch.rpm

ppc:
kernel-2.6.18-238.12.1.el5.ppc64.rpm
kernel-debug-2.6.18-238.12.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.ppc64.rpm
kernel-devel-2.6.18-238.12.1.el5.ppc64.rpm
kernel-headers-2.6.18-238.12.1.el5.ppc.rpm
kernel-headers-2.6.18-238.12.1.el5.ppc64.rpm
kernel-kdump-2.6.18-238.12.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-238.12.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-238.12.1.el5.s390x.rpm
kernel-debug-2.6.18-238.12.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.s390x.rpm
kernel-devel-2.6.18-238.12.1.el5.s390x.rpm
kernel-headers-2.6.18-238.12.1.el5.s390x.rpm
kernel-kdump-2.6.18-238.12.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-238.12.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-238.12.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.x86_64.rpm
kernel-devel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-headers-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-238.12.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-0726.html
https://www.redhat.com/security/data/cve/CVE-2011-1078.html
https://www.redhat.com/security/data/cve/CVE-2011-1079.html
https://www.redhat.com/security/data/cve/CVE-2011-1080.html
https://www.redhat.com/security/data/cve/CVE-2011-1093.html
https://www.redhat.com/security/data/cve/CVE-2011-1163.html
https://www.redhat.com/security/data/cve/CVE-2011-1166.html
https://www.redhat.com/security/data/cve/CVE-2011-1170.html
https://www.redhat.com/security/data/cve/CVE-2011-1171.html
https://www.redhat.com/security/data/cve/CVE-2011-1172.html
https://www.redhat.com/security/data/cve/CVE-2011-1494.html
https://www.redhat.com/security/data/cve/CVE-2011-1495.html
https://www.redhat.com/security/data/cve/CVE-2011-1577.html
https://www.redhat.com/security/data/cve/CVE-2011-1763.html
https://access.redhat.com/security/updates/classification/#important
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Technical_Notes/kernel.html#RHSA-2011-0833

8. Contact:

The Red Hat security contact is &lt;secalert@redhat.com&gt;. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFN5QJUXlSAg2UNWIIRAvvqAJoC95KwBDxXJEQIxkOxeZ aJ2DmPZACeOcLj
8Kmo6h7EJObjmrcRZP0n6p8=
=A5DX
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 06-01-2011, 08:04 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2011:0836-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0836.html
Issue date: 2011-06-01
CVE Names: CVE-2010-3858 CVE-2011-1598 CVE-2011-1748
CVE-2011-1770 CVE-2011-1771
================================================== ===================

1. Summary:

Updated kernel packages that fix multiple security issues and various bugs
are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* An integer underflow flaw, leading to a buffer overflow, was found in the
Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation.
This could allow a remote attacker to cause a denial of service.
(CVE-2011-1770, Important)

* Missing sanity checks were found in setup_arg_pages() in the Linux
kernel. When making the size of the argument and environment area on the
stack very large, it could trigger a BUG_ON(), resulting in a local denial
of service. (CVE-2010-3858, Moderate)

* A missing validation check was found in the bcm_release() and
raw_release() functions in the Linux kernel's Controller Area Network (CAN)
implementation. This could allow a local, unprivileged user to cause a
denial of service. (CVE-2011-1598, CVE-2011-1748, Moderate)

* The fix for Red Hat Bugzilla bug 656461, as provided in RHSA-2011:0542,
introduced a regression in the cifs_close() function in the Linux kernel's
Common Internet File System (CIFS) implementation. A local, unprivileged
user with write access to a CIFS file system could use this flaw to cause a
denial of service. (CVE-2011-1771, Moderate)

Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1770; Brad
Spengler for reporting CVE-2010-3858; and Oliver Hartkopp for reporting
CVE-2011-1748.

This update also fixes various bugs. Documentation for these bug fixes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which contain backported
patches to resolve these issues, and fix the bugs noted in the Technical
Notes. The system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

645222 - CVE-2010-3858 kernel: setup_arg_pages: diagnose excessive argument size
698057 - CVE-2011-1598 CVE-2011-1748 kernel: missing check in can/bcm and can/raw socket releases
703011 - CVE-2011-1770 kernel: dccp: handle invalid feature options length
703016 - CVE-2011-1771 kernel: cifs oops when creating file with O_DIRECT set
704014 - [brocade 6.1 bug] bfa fc staying tech preview [rhel-6.1.z]

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-131.2.1.el6.src.rpm

i386:
kernel-2.6.32-131.2.1.el6.i686.rpm
kernel-debug-2.6.32-131.2.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-131.2.1.el6.i686.rpm
kernel-debug-devel-2.6.32-131.2.1.el6.i686.rpm
kernel-debuginfo-2.6.32-131.2.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-131.2.1.el6.i686.rpm
kernel-devel-2.6.32-131.2.1.el6.i686.rpm
kernel-headers-2.6.32-131.2.1.el6.i686.rpm
perf-2.6.32-131.2.1.el6.i686.rpm
perf-debuginfo-2.6.32-131.2.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-131.2.1.el6.noarch.rpm
kernel-firmware-2.6.32-131.2.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-131.2.1.el6.x86_64.rpm
kernel-debug-2.6.32-131.2.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-131.2.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-131.2.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-131.2.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-131.2.1.el6.x86_64.rpm
kernel-devel-2.6.32-131.2.1.el6.x86_64.rpm
kernel-headers-2.6.32-131.2.1.el6.x86_64.rpm
perf-2.6.32-131.2.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-131.2.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-131.2.1.el6.src.rpm

noarch:
kernel-doc-2.6.32-131.2.1.el6.noarch.rpm
kernel-firmware-2.6.32-131.2.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-131.2.1.el6.x86_64.rpm
kernel-debug-2.6.32-131.2.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-131.2.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-131.2.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-131.2.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-131.2.1.el6.x86_64.rpm
kernel-devel-2.6.32-131.2.1.el6.x86_64.rpm
kernel-headers-2.6.32-131.2.1.el6.x86_64.rpm
perf-2.6.32-131.2.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-131.2.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-131.2.1.el6.src.rpm

i386:
kernel-2.6.32-131.2.1.el6.i686.rpm
kernel-debug-2.6.32-131.2.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-131.2.1.el6.i686.rpm
kernel-debug-devel-2.6.32-131.2.1.el6.i686.rpm
kernel-debuginfo-2.6.32-131.2.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-131.2.1.el6.i686.rpm
kernel-devel-2.6.32-131.2.1.el6.i686.rpm
kernel-headers-2.6.32-131.2.1.el6.i686.rpm
perf-2.6.32-131.2.1.el6.i686.rpm
perf-debuginfo-2.6.32-131.2.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-131.2.1.el6.noarch.rpm
kernel-firmware-2.6.32-131.2.1.el6.noarch.rpm

ppc64:
kernel-2.6.32-131.2.1.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-131.2.1.el6.ppc64.rpm
kernel-debug-2.6.32-131.2.1.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-131.2.1.el6.ppc64.rpm
kernel-debug-devel-2.6.32-131.2.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-131.2.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-131.2.1.el6.ppc64.rpm
kernel-devel-2.6.32-131.2.1.el6.ppc64.rpm
kernel-headers-2.6.32-131.2.1.el6.ppc64.rpm
perf-2.6.32-131.2.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-131.2.1.el6.ppc64.rpm

s390x:
kernel-2.6.32-131.2.1.el6.s390x.rpm
kernel-debug-2.6.32-131.2.1.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-131.2.1.el6.s390x.rpm
kernel-debug-devel-2.6.32-131.2.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-131.2.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-131.2.1.el6.s390x.rpm
kernel-devel-2.6.32-131.2.1.el6.s390x.rpm
kernel-headers-2.6.32-131.2.1.el6.s390x.rpm
kernel-kdump-2.6.32-131.2.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-131.2.1.el6.s390x.rpm
kernel-kdump-devel-2.6.32-131.2.1.el6.s390x.rpm
perf-2.6.32-131.2.1.el6.s390x.rpm
perf-debuginfo-2.6.32-131.2.1.el6.s390x.rpm

x86_64:
kernel-2.6.32-131.2.1.el6.x86_64.rpm
kernel-debug-2.6.32-131.2.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-131.2.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-131.2.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-131.2.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-131.2.1.el6.x86_64.rpm
kernel-devel-2.6.32-131.2.1.el6.x86_64.rpm
kernel-headers-2.6.32-131.2.1.el6.x86_64.rpm
perf-2.6.32-131.2.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-131.2.1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-131.2.1.el6.src.rpm

i386:
kernel-2.6.32-131.2.1.el6.i686.rpm
kernel-debug-2.6.32-131.2.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-131.2.1.el6.i686.rpm
kernel-debug-devel-2.6.32-131.2.1.el6.i686.rpm
kernel-debuginfo-2.6.32-131.2.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-131.2.1.el6.i686.rpm
kernel-devel-2.6.32-131.2.1.el6.i686.rpm
kernel-headers-2.6.32-131.2.1.el6.i686.rpm
perf-2.6.32-131.2.1.el6.i686.rpm
perf-debuginfo-2.6.32-131.2.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-131.2.1.el6.noarch.rpm
kernel-firmware-2.6.32-131.2.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-131.2.1.el6.x86_64.rpm
kernel-debug-2.6.32-131.2.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-131.2.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-131.2.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-131.2.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-131.2.1.el6.x86_64.rpm
kernel-devel-2.6.32-131.2.1.el6.x86_64.rpm
kernel-headers-2.6.32-131.2.1.el6.x86_64.rpm
perf-2.6.32-131.2.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-131.2.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-3858.html
https://www.redhat.com/security/data/cve/CVE-2011-1598.html
https://www.redhat.com/security/data/cve/CVE-2011-1748.html
https://www.redhat.com/security/data/cve/CVE-2011-1770.html
https://www.redhat.com/security/data/cve/CVE-2011-1771.html
https://access.redhat.com/security/updates/classification/#important
https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.1_Technical_Notes/kernel.html#RHSA-2011-0836

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFN5ptGXlSAg2UNWIIRAu1kAJ40qbd+V54qhfavnz2JKn 5cshDhagCcCfd5
r+j0vTdw17qDZ12PAK061sY=
=RjFO
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 06-22-2011, 12:01 AM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2011:0883-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0883.html
Issue date: 2011-06-21
CVE Names: CVE-2010-3881 CVE-2010-4251 CVE-2010-4805
CVE-2011-0999 CVE-2011-1010 CVE-2011-1082
CVE-2011-1090 CVE-2011-1163 CVE-2011-1170
CVE-2011-1171 CVE-2011-1172 CVE-2011-1182
CVE-2011-1494 CVE-2011-1495
================================================== ===================

1. Summary:

Updated kernel packages that fix several security issues and three bugs are
now available for Red Hat Enterprise Linux 6.0 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 6.0.z) - i386, noarch, ppc64, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update includes backported fixes for security issues. These issues,
except for CVE-2011-1182, only affected users of Red Hat Enterprise Linux
6.0 Extended Update Support as they have already been addressed for users
of Red Hat Enterprise Linux 6 in the 6.1 update, RHSA-2011:0542.

Security fixes:

* Buffer overflow flaws were found in the Linux kernel's Management Module
Support for Message Passing Technology (MPT) based controllers. A local,
unprivileged user could use these flaws to cause a denial of service, an
information leak, or escalate their privileges. (CVE-2011-1494,
CVE-2011-1495, Important)

* A flaw was found in the Linux kernel's networking subsystem. If the
number of packets received exceeded the receiver's buffer limit, they were
queued in a backlog, consuming memory, instead of being discarded. A remote
attacker could abuse this flaw to cause a denial of service (out-of-memory
condition). (CVE-2010-4251, CVE-2010-4805, Moderate)

* A flaw was found in the Linux kernel's Transparent Huge Pages (THP)
implementation. A local, unprivileged user could abuse this flaw to allow
the user stack (when it is using huge pages) to grow and cause a denial of
service. (CVE-2011-0999, Moderate)

* A flaw in the Linux kernel's Event Poll (epoll) implementation could
allow a local, unprivileged user to cause a denial of service.
(CVE-2011-1082, Moderate)

* An inconsistency was found in the interaction between the Linux kernel's
method for allocating NFSv4 (Network File System version 4) ACL data and
the method by which it was freed. This inconsistency led to a kernel panic
which could be triggered by a local, unprivileged user with files owned by
said user on an NFSv4 share. (CVE-2011-1090, Moderate)

* It was found that some structure padding and reserved fields in certain
data structures in KVM (Kernel-based Virtual Machine) were not initialized
properly before being copied to user-space. A privileged host user with
access to "/dev/kvm" could use this flaw to leak kernel stack memory to
user-space. (CVE-2010-3881, Low)

* A missing validation check was found in the Linux kernel's
mac_partition() implementation, used for supporting file systems created on
Mac OS operating systems. A local attacker could use this flaw to cause a
denial of service by mounting a disk that contains specially-crafted
partitions. (CVE-2011-1010, Low)

* A buffer overflow flaw in the DEC Alpha OSF partition implementation in
the Linux kernel could allow a local attacker to cause an information leak
by mounting a disk that contains specially-crafted partition tables.
(CVE-2011-1163, Low)

* Missing validations of null-terminated string data structure elements in
the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(),
and do_arpt_get_ctl() functions could allow a local user who has the
CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170,
CVE-2011-1171, CVE-2011-1172, Low)

* A missing validation check was found in the Linux kernel's signals
implementation. A local, unprivileged user could use this flaw to send
signals via the sigqueueinfo system call, with the si_code set to SI_TKILL
and with spoofed process and user IDs, to other processes. Note: This flaw
does not allow existing permission checks to be bypassed; signals can only
be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)

Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and
CVE-2011-1495; Nelson Elhage for reporting CVE-2011-1082; Vasiliy
Kulikov for reporting CVE-2010-3881, CVE-2011-1170, CVE-2011-1171, and
CVE-2011-1172; Timo Warns for reporting CVE-2011-1010 and CVE-2011-1163;
and Julien Tinnes of the Google Security Team for reporting CVE-2011-1182.

This update also fixes three bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.

4. Solution:

Users should upgrade to these updated packages, which contain
backported patches to resolve these issues, and fix the bugs noted in
the Technical Notes. The system must be rebooted for this update to
take effect.

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

649920 - CVE-2010-3881 kvm: arch/x86/kvm/x86.c: reading uninitialized stack memory
657303 - CVE-2010-4251 CVE-2010-4805 kernel: unlimited socket backlog DoS
678209 - CVE-2011-0999 kernel: thp: prevent hugepages during args/env copying into the user stack
679282 - CVE-2011-1010 kernel: fs/partitions: Validate map_count in Mac partition tables
681575 - CVE-2011-1082 kernel: potential kernel deadlock when creating circular epoll file structures
682641 - CVE-2011-1090 kernel: nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab
688021 - CVE-2011-1163 kernel: fs/partitions: Corrupted OSF partition table infoleak
689321 - CVE-2011-1170 kernel: ipv4: netfilter: arp_tables: fix infoleak to userspace
689327 - CVE-2011-1171 kernel: ipv4: netfilter: ip_tables: fix infoleak to userspace
689345 - CVE-2011-1172 kernel: ipv6: netfilter: ip6_tables: fix infoleak to userspace
690028 - CVE-2011-1182 kernel signal spoofing issue
694021 - CVE-2011-1494 CVE-2011-1495 kernel: drivers/scsi/mpt2sas: prevent heap overflows

6. Package List:

Red Hat Enterprise Linux Server (v. 6.0.z):

Source:
kernel-2.6.32-71.31.1.el6.src.rpm

i386:
kernel-2.6.32-71.31.1.el6.i686.rpm
kernel-debug-2.6.32-71.31.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-71.31.1.el6.i686.rpm
kernel-debug-devel-2.6.32-71.31.1.el6.i686.rpm
kernel-debuginfo-2.6.32-71.31.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-71.31.1.el6.i686.rpm
kernel-devel-2.6.32-71.31.1.el6.i686.rpm
kernel-headers-2.6.32-71.31.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-71.31.1.el6.noarch.rpm
kernel-firmware-2.6.32-71.31.1.el6.noarch.rpm
perf-2.6.32-71.31.1.el6.noarch.rpm

ppc64:
kernel-2.6.32-71.31.1.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-71.31.1.el6.ppc64.rpm
kernel-debug-2.6.32-71.31.1.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-71.31.1.el6.ppc64.rpm
kernel-debug-devel-2.6.32-71.31.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-71.31.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-71.31.1.el6.ppc64.rpm
kernel-devel-2.6.32-71.31.1.el6.ppc64.rpm
kernel-headers-2.6.32-71.31.1.el6.ppc64.rpm

s390x:
kernel-2.6.32-71.31.1.el6.s390x.rpm
kernel-debug-2.6.32-71.31.1.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-71.31.1.el6.s390x.rpm
kernel-debug-devel-2.6.32-71.31.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-71.31.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-71.31.1.el6.s390x.rpm
kernel-devel-2.6.32-71.31.1.el6.s390x.rpm
kernel-headers-2.6.32-71.31.1.el6.s390x.rpm
kernel-kdump-2.6.32-71.31.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-71.31.1.el6.s390x.rpm
kernel-kdump-devel-2.6.32-71.31.1.el6.s390x.rpm

x86_64:
kernel-2.6.32-71.31.1.el6.x86_64.rpm
kernel-debug-2.6.32-71.31.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-71.31.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-71.31.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-71.31.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-71.31.1.el6.x86_64.rpm
kernel-devel-2.6.32-71.31.1.el6.x86_64.rpm
kernel-headers-2.6.32-71.31.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-3881.html
https://www.redhat.com/security/data/cve/CVE-2010-4251.html
https://www.redhat.com/security/data/cve/CVE-2010-4805.html
https://www.redhat.com/security/data/cve/CVE-2011-0999.html
https://www.redhat.com/security/data/cve/CVE-2011-1010.html
https://www.redhat.com/security/data/cve/CVE-2011-1082.html
https://www.redhat.com/security/data/cve/CVE-2011-1090.html
https://www.redhat.com/security/data/cve/CVE-2011-1163.html
https://www.redhat.com/security/data/cve/CVE-2011-1170.html
https://www.redhat.com/security/data/cve/CVE-2011-1171.html
https://www.redhat.com/security/data/cve/CVE-2011-1172.html
https://www.redhat.com/security/data/cve/CVE-2011-1182.html
https://www.redhat.com/security/data/cve/CVE-2011-1494.html
https://www.redhat.com/security/data/cve/CVE-2011-1495.html
https://access.redhat.com/security/updates/classification/#important
https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Technical_Notes/ape.html#RHSA-2011-0883
https://rhn.redhat.com/errata/RHSA-2011-0542.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFOATDdXlSAg2UNWIIRAsfLAJ0c4Yavu6EcvuxP7NpRjS 9EvqwwfwCgwER7
4TFfZaweoMfot9qMfstjoso=
=sTNU
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 07-15-2011, 06:13 AM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2011:0927-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0927.html
Issue date: 2011-07-15
CVE Names: CVE-2010-4649 CVE-2011-0695 CVE-2011-0711
CVE-2011-1044 CVE-2011-1182 CVE-2011-1573
CVE-2011-1576 CVE-2011-1593 CVE-2011-1745
CVE-2011-1746 CVE-2011-1776 CVE-2011-1936
CVE-2011-2022 CVE-2011-2213 CVE-2011-2492
================================================== ===================

1. Summary:

Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,
unprivileged user to cause a denial of service or escalate their
privileges. (CVE-2010-4649, Important)

* A race condition in the way new InfiniBand connections were set up could
allow a remote user to cause a denial of service. (CVE-2011-0695,
Important)

* A flaw in the Stream Control Transmission Protocol (SCTP) implementation
could allow a remote attacker to cause a denial of service if the sysctl
"net.sctp.addip_enable" variable was turned on (it is off by default).
(CVE-2011-1573, Important)

* Flaws in the AGPGART driver implementation when handling certain IOCTL
commands could allow a local, unprivileged user to cause a denial of
service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022,
Important)

* An integer overflow flaw in agp_allocate_memory() could allow a local,
unprivileged user to cause a denial of service or escalate their
privileges. (CVE-2011-1746, Important)

* A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)
packets. An attacker on the local network could trigger this flaw by
sending specially-crafted packets to a target system, possibly causing a
denial of service. (CVE-2011-1576, Moderate)

* An integer signedness error in next_pidmap() could allow a local,
unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)

* A flaw in the way the Xen hypervisor implementation handled CPUID
instruction emulation during virtual machine exits could allow an
unprivileged guest user to crash a guest. This only affects systems that
have an Intel x86 processor with the Intel VT-x extension enabled.
(CVE-2011-1936, Moderate)

* A flaw in inet_diag_bc_audit() could allow a local, unprivileged user to
cause a denial of service (infinite loop). (CVE-2011-2213, Moderate)

* A missing initialization flaw in the XFS file system implementation
could lead to an information leak. (CVE-2011-0711, Low)

* A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to
cause an information leak. (CVE-2011-1044, Low)

* A missing validation check was found in the signals implementation. A
local, unprivileged user could use this flaw to send signals via the
sigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed
process and user IDs, to other processes. Note: This flaw does not allow
existing permission checks to be bypassed; signals can only be sent if your
privileges allow you to already do so. (CVE-2011-1182, Low)

* A heap overflow flaw in the EFI GUID Partition Table (GPT) implementation
could allow a local attacker to cause a denial of service by mounting a
disk containing specially-crafted partition tables. (CVE-2011-1776, Low)

* Structure padding in two structures in the Bluetooth implementation
was not initialized properly before being copied to user-space, possibly
allowing local, unprivileged users to leak kernel stack memory to
user-space. (CVE-2011-2492, Low)

Red Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695;
Vasiliy Kulikov for reporting CVE-2011-1745, CVE-2011-2022, and
CVE-2011-1746; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki for
reporting CVE-2011-1593; Dan Rosenberg for reporting CVE-2011-2213 and
CVE-2011-0711; Julien Tinnes of the Google Security Team for reporting
CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; and Marek Kroemeke
and Filip Palian for reporting CVE-2011-2492.

Bug fix documentation will be available shortly from the Technical Notes
document linked to in the References.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues, and fix the bugs noted in the Technical
Notes. The system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

653648 - CVE-2011-0695 kernel: panic in ib_cm:cm_work_handler
667916 - CVE-2010-4649 CVE-2011-1044 kernel: IB/uverbs: Handle large number of entries in poll CQ
677260 - CVE-2011-0711 kernel: xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1
690028 - CVE-2011-1182 kernel signal spoofing issue
695173 - CVE-2011-1576 kernel: net: Fix memory leak/corruption on VLAN GRO_DROP
695383 - CVE-2011-1573 kernel: sctp: fix to calc the INIT/INIT-ACK chunk length correctly to set
697822 - CVE-2011-1593 kernel: proc: signedness issue in next_pidmap()
698996 - CVE-2011-1745 CVE-2011-2022 kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls
698998 - CVE-2011-1746 kernel: agp: insufficient page_count parameter checking in agp_allocate_memory()
703019 - CVE-2011-2492 kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace
703026 - CVE-2011-1776 kernel: validate size of EFI GUID partition entries
703056 - [RHEL5.5] Panic in iscsi_sw_tcp_data_ready() [rhel-5.6.z]
706323 - CVE-2011-1936 kernel: xen: vmx: insecure cpuid vmexit
707899 - The pci resource for vf is not released after hot-removing Intel 82576 NIC [rhel-5.6.z]
711519 - GFS2: resource group bitmap corruption resulting in panics and withdraws
714536 - CVE-2011-2213 kernel: inet_diag: insufficient validation

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-238.19.1.el5.src.rpm

i386:
kernel-2.6.18-238.19.1.el5.i686.rpm
kernel-PAE-2.6.18-238.19.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-238.19.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-238.19.1.el5.i686.rpm
kernel-debug-2.6.18-238.19.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-238.19.1.el5.i686.rpm
kernel-debug-devel-2.6.18-238.19.1.el5.i686.rpm
kernel-debuginfo-2.6.18-238.19.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-238.19.1.el5.i686.rpm
kernel-devel-2.6.18-238.19.1.el5.i686.rpm
kernel-headers-2.6.18-238.19.1.el5.i386.rpm
kernel-xen-2.6.18-238.19.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-238.19.1.el5.i686.rpm
kernel-xen-devel-2.6.18-238.19.1.el5.i686.rpm

noarch:
kernel-doc-2.6.18-238.19.1.el5.noarch.rpm

x86_64:
kernel-2.6.18-238.19.1.el5.x86_64.rpm
kernel-debug-2.6.18-238.19.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-238.19.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-238.19.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-238.19.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-238.19.1.el5.x86_64.rpm
kernel-devel-2.6.18-238.19.1.el5.x86_64.rpm
kernel-headers-2.6.18-238.19.1.el5.x86_64.rpm
kernel-xen-2.6.18-238.19.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-238.19.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-238.19.1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-238.19.1.el5.src.rpm

i386:
kernel-2.6.18-238.19.1.el5.i686.rpm
kernel-PAE-2.6.18-238.19.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-238.19.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-238.19.1.el5.i686.rpm
kernel-debug-2.6.18-238.19.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-238.19.1.el5.i686.rpm
kernel-debug-devel-2.6.18-238.19.1.el5.i686.rpm
kernel-debuginfo-2.6.18-238.19.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-238.19.1.el5.i686.rpm
kernel-devel-2.6.18-238.19.1.el5.i686.rpm
kernel-headers-2.6.18-238.19.1.el5.i386.rpm
kernel-xen-2.6.18-238.19.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-238.19.1.el5.i686.rpm
kernel-xen-devel-2.6.18-238.19.1.el5.i686.rpm

ia64:
kernel-2.6.18-238.19.1.el5.ia64.rpm
kernel-debug-2.6.18-238.19.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-238.19.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-238.19.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-238.19.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-238.19.1.el5.ia64.rpm
kernel-devel-2.6.18-238.19.1.el5.ia64.rpm
kernel-headers-2.6.18-238.19.1.el5.ia64.rpm
kernel-xen-2.6.18-238.19.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-238.19.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-238.19.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-238.19.1.el5.noarch.rpm

ppc:
kernel-2.6.18-238.19.1.el5.ppc64.rpm
kernel-debug-2.6.18-238.19.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-238.19.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-238.19.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-238.19.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-238.19.1.el5.ppc64.rpm
kernel-devel-2.6.18-238.19.1.el5.ppc64.rpm
kernel-headers-2.6.18-238.19.1.el5.ppc.rpm
kernel-headers-2.6.18-238.19.1.el5.ppc64.rpm
kernel-kdump-2.6.18-238.19.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-238.19.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-238.19.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-238.19.1.el5.s390x.rpm
kernel-debug-2.6.18-238.19.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-238.19.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-238.19.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-238.19.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-238.19.1.el5.s390x.rpm
kernel-devel-2.6.18-238.19.1.el5.s390x.rpm
kernel-headers-2.6.18-238.19.1.el5.s390x.rpm
kernel-kdump-2.6.18-238.19.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-238.19.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-238.19.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-238.19.1.el5.x86_64.rpm
kernel-debug-2.6.18-238.19.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-238.19.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-238.19.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-238.19.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-238.19.1.el5.x86_64.rpm
kernel-devel-2.6.18-238.19.1.el5.x86_64.rpm
kernel-headers-2.6.18-238.19.1.el5.x86_64.rpm
kernel-xen-2.6.18-238.19.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-238.19.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-238.19.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-4649.html
https://www.redhat.com/security/data/cve/CVE-2011-0695.html
https://www.redhat.com/security/data/cve/CVE-2011-0711.html
https://www.redhat.com/security/data/cve/CVE-2011-1044.html
https://www.redhat.com/security/data/cve/CVE-2011-1182.html
https://www.redhat.com/security/data/cve/CVE-2011-1573.html
https://www.redhat.com/security/data/cve/CVE-2011-1576.html
https://www.redhat.com/security/data/cve/CVE-2011-1593.html
https://www.redhat.com/security/data/cve/CVE-2011-1745.html
https://www.redhat.com/security/data/cve/CVE-2011-1746.html
https://www.redhat.com/security/data/cve/CVE-2011-1776.html
https://www.redhat.com/security/data/cve/CVE-2011-1936.html
https://www.redhat.com/security/data/cve/CVE-2011-2022.html
https://www.redhat.com/security/data/cve/CVE-2011-2213.html
https://www.redhat.com/security/data/cve/CVE-2011-2492.html
https://access.redhat.com/security/updates/classification/#important
https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Technical_Notes/kernel.html#RHSA-2011-0927

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFOH9qRXlSAg2UNWIIRAjaUAJ0S0n+vF0EHrw02A8dlf7 6Pf3I7QQCgi8J5
ssh+iW4lgLvNHcwOjm51IzQ=
=E4l0
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 08-16-2011, 06:52 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2011:1163-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1163.html
Issue date: 2011-08-16
CVE Names: CVE-2011-1780 CVE-2011-2525
================================================== ===================

1. Summary:

Updated kernel packages that fix two security issues and three bugs are now
available for Red Hat Enterprise Linux 5.6 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update includes backported fixes for two security issues. These issues
only affected users of Red Hat Enterprise Linux 5.6 Extended Update
Support, as they have already been addressed for users of Red Hat
Enterprise Linux 5 in the 5.7 update, RHSA-2011:1065.

This update fixes the following security issues:

* A flaw was found in the way the Xen hypervisor implementation handled
instruction emulation during virtual machine exits. A malicious user-space
process running in an SMP guest could trick the emulator into reading a
different instruction than the one that caused the virtual machine to exit.
An unprivileged guest user could trigger this flaw to crash the host. This
only affects systems with both an AMD x86 processor and the AMD
Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)

* A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet
scheduler API implementation to be called on built-in qdisc structures. A
local, unprivileged user could use this flaw to trigger a NULL pointer
dereference, resulting in a denial of service. (CVE-2011-2525, Moderate)

This update also fixes the following bugs:

* A bug was found in the way the x86_emulate() function handled the IMUL
instruction in the Xen hypervisor. On systems without support for hardware
assisted paging (HAP), such as those running CPUs that do not have support
for (or those that have it disabled) Intel Extended Page Tables (EPT) or
AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), this bug
could cause fully-virtualized guests to crash or lead to silent memory
corruption. In reported cases, this issue occurred when booting
fully-virtualized Red Hat Enterprise Linux 6.1 guests with memory cgroups
enabled. (BZ#712884)

* A bug in the way the ibmvscsi driver handled interrupts may have
prevented automatic path recovery for multipath devices. This bug only
affected 64-bit PowerPC systems. (BZ#720929)

* The RHSA-2009:1243 update introduced a regression in the way file locking
on NFS (Network File System) was handled. This caused applications to hang
if they made a lock request on a file on an NFS version 2 or 3 file system
that was mounted with the "sec=krb5" option. With this update, the original
behavior of using mixed RPC authentication flavors for NFS and locking
requests has been restored. (BZ#722854)

Users should upgrade to these updated packages, which contain backported
patches to resolve these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

702657 - CVE-2011-1780 kernel: xen: svm: insufficiencies in handling emulated instructions during vm exits
712884 - RHEL6.1 32bit xen hvm guest crash randomly
719066 - [RHEL5.7][kernel-xen] HVM guests hang during installation on AMD systems
720552 - CVE-2011-2525 kernel: kernel: net_sched: fix qdisc_notify()

6. Package List:

Red Hat Enterprise Linux (v. 5 server):

Source:
kernel-2.6.18-238.21.1.el5.src.rpm

i386:
kernel-2.6.18-238.21.1.el5.i686.rpm
kernel-PAE-2.6.18-238.21.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-238.21.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-238.21.1.el5.i686.rpm
kernel-debug-2.6.18-238.21.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-238.21.1.el5.i686.rpm
kernel-debug-devel-2.6.18-238.21.1.el5.i686.rpm
kernel-debuginfo-2.6.18-238.21.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-238.21.1.el5.i686.rpm
kernel-devel-2.6.18-238.21.1.el5.i686.rpm
kernel-headers-2.6.18-238.21.1.el5.i386.rpm
kernel-xen-2.6.18-238.21.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-238.21.1.el5.i686.rpm
kernel-xen-devel-2.6.18-238.21.1.el5.i686.rpm

ia64:
kernel-2.6.18-238.21.1.el5.ia64.rpm
kernel-debug-2.6.18-238.21.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-238.21.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-238.21.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-238.21.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-238.21.1.el5.ia64.rpm
kernel-devel-2.6.18-238.21.1.el5.ia64.rpm
kernel-headers-2.6.18-238.21.1.el5.ia64.rpm
kernel-xen-2.6.18-238.21.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-238.21.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-238.21.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-238.21.1.el5.noarch.rpm

ppc:
kernel-2.6.18-238.21.1.el5.ppc64.rpm
kernel-debug-2.6.18-238.21.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-238.21.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-238.21.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-238.21.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-238.21.1.el5.ppc64.rpm
kernel-devel-2.6.18-238.21.1.el5.ppc64.rpm
kernel-headers-2.6.18-238.21.1.el5.ppc.rpm
kernel-headers-2.6.18-238.21.1.el5.ppc64.rpm
kernel-kdump-2.6.18-238.21.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-238.21.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-238.21.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-238.21.1.el5.s390x.rpm
kernel-debug-2.6.18-238.21.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-238.21.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-238.21.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-238.21.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-238.21.1.el5.s390x.rpm
kernel-devel-2.6.18-238.21.1.el5.s390x.rpm
kernel-headers-2.6.18-238.21.1.el5.s390x.rpm
kernel-kdump-2.6.18-238.21.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-238.21.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-238.21.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-238.21.1.el5.x86_64.rpm
kernel-debug-2.6.18-238.21.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-238.21.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-238.21.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-238.21.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-238.21.1.el5.x86_64.rpm
kernel-devel-2.6.18-238.21.1.el5.x86_64.rpm
kernel-headers-2.6.18-238.21.1.el5.x86_64.rpm
kernel-xen-2.6.18-238.21.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-238.21.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-238.21.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-1780.html
https://www.redhat.com/security/data/cve/CVE-2011-2525.html
https://access.redhat.com/security/updates/classification/#important
https://rhn.redhat.com/errata/RHSA-2011-1065.html
https://rhn.redhat.com/errata/RHSA-2009-1243.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFOSrwpXlSAg2UNWIIRAp5bAJ920IcBt+SqRNn2o6UnJN njba/PJwCgppgs
xaIZq+QiOYjoykX5QxCvnuw=
=9uC1
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 

Thread Tools




All times are GMT. The time now is 07:09 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org