SciLinux: CVE-2006-3469 kernel SL5.x i386/x86_64
Summary
Date: Mon, 4 Aug 2008 15:21:24 -0500Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: Re: Security ERRATA for mysql on SL4.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov" In-Reply-To: <488E379E.3080704@fnal.gov>We had a compiling problem on the SL4 x86_64 rpms. It has been fixed and is working now. Both the x86_64 and i386 rpm's have been rebuilt with the new name to keep consistency.No code has been changed. The rpm's were only recompiled.SL 4.x SRPMS:mysql-4.1.22-2.el4.sl.src.rpm i386:mysql-4.1.22-2.el4.sl.i386.rpmmysql-bench-4.1.22-2.el4.sl.i386.rpmmysql-devel-4.1.22-2.el4.sl.i386.rpmmysql-server-4.1.22-2.el4.sl.i386.rpm x86_64:mysql-4.1.22-2.el4.sl.i386.rpmmysql-4.1.22-2.el4.sl.x86_64.rpmmysql-bench-4.1.22-2.el4.sl.x86_64.rpmmysql-devel-4.1.22-2.el4.sl.i386.rpmmysql-devel-4.1.22-2.el4.sl.x86_64.rpmmysql-server-4.1.22-2.el4.sl.x86_64.rpmTroyTroy Dawson wrote:> Synopsis: Moderate: mysql security, bug fix, and enhancement update> Issue date: 2008-07-24> CVE Names: CVE-2006-3469 CVE-2006-4031 CVE-2007-2691> CVE-2008-2079> > MySQL did not correctly check directories used as arguments for the DATA> DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated> attacker could elevate their access privileges to tables created by other> database users. Note: this attack does not work on existing tables. An> attacker can only elevate their access to another user's tables as the> tables are created. As well, the names of these created tables need to be> predicted correctly for this attack to succeed. (CVE-2008-2079)> > MySQL did not require the "DROP" privilege for "RENAME TABLE" statements.> An authenticated user could use this flaw to rename arbitrary tables.> (CVE-2007-2691)> > MySQL allowed an authenticated user to access a table through a previously> created MERGE table, even after the user's privileges were revoked from the> original table, which might violate intended security policy. This is> addressed by allowing the MERGE storage engine to be disabled, which can be> done by running mysqld with the "--skip-merge" option. (CVE-2006-4031)> > A flaw in MySQL allowed an authenticated user to cause the MySQL daemon to> crash via crafted SQL queries. This only caused a temporary denial of> service, as the MySQL daemon is automatically restarted after the crash.> (CVE-2006-3469)> > As well, these updated packages fix the following bugs:> > * in the previous mysql packages, if a column name was referenced more> than once in an "ORDER BY" section of a query, a segmentation fault> occurred.> > * when MySQL failed to start, the init script returned a successful (0)> exit code. When using the Red Hat Cluster Suite, this may have caused> cluster services to report a successful start, even when MySQL failed to> start. In these updated packages, the init script returns the correct exit> codes, which resolves this issue.> > * it was possible to use the mysqld_safe command to specify invalid port> numbers (higher than 65536), causing invalid ports to be created, and, in> some cases, a "port number definition: unsigned short" error. In these> updated packages, when an invalid port number is specified, the default> port number is used.> > * when setting "myisam_repair_threads > 1", any repair set the index> cardinality to "1", regardless of the table size.> > * the MySQL init script no longer runs "chmod -R" on the entire database> directory tree during every startup.> > * when running "mysqldump" with the MySQL 4.0 compatibility mode option,> "--compatible=mysql40", mysqldump created dumps that omitted the> "auto_increment" field.> > As well, the MySQL init script now uses more reliable methods for> determining parameters, such as the data directory location.> > Note: these updated packages upgrade MySQL to version 4.1.22. For a full> list of bug fixes and enhancements, refer to the MySQL release notes:> http://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html> > SL 4.x> > SRPMS:> mysql-4.1.22-2.el4.src.rpm> i386:> mysql-4.1.22-2.el4.i386.rpm> mysql-bench-4.1.22-2.el4.i386.rpm> mysql-devel-4.1.22-2.el4.i386.rpm> mysql-server-4.1.22-2.el4.i386.rpm> x86_64:> mysql-4.1.22-2.el4.i386.rpm> mysql-4.1.22-2.el4.x86_64.rpm> mysql-bench-4.1.22-2.el4.x86_64.rpm> mysql-devel-4.1.22-2.el4.i386.rpm> mysql-devel-4.1.22-2.el4.x86_64.rpm> mysql-server-4.1.22-2.el4.x86_64.rpm> > -Connie Sieh> -Troy Dawson> > -- __________________________________________________Troy Dawson dawson@fnal.gov (630)840-6468Fermilab ComputingDivision/LCSI/CSI DSS Group__________________________________________________Date: Mon, 4 Aug 2008 15:21:35 -0500Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Re: Security ERRATA for thunderbird on SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov" In-Reply-To: <4888ABAE.30201@fnal.gov>We had a compiling problem on the SL4 x86_64 rpms. It has been fixed and is working now. Both the x86_64 and i386 rpm's have been rebuilt with the new name to keep consistency.No code has been changed. The rpm's were only recompiled.SL 4.x SRPMS:thunderbird-1.5.0.12-14.el4.sl.src.rpm i386:thunderbird-1.5.0.12-14.el4.sl.i386.rpm x86_64:thunderbird-1.5.0.12-14.el4.sl.x86_64.rpmTroyTroy Dawson wrote:> Synopsis: Moderate: thunderbird security update> Issue date: 2008-07-23> CVE Names: CVE-2008-2785 CVE-2008-2798 CVE-2008-2799> CVE-2008-2800 CVE-2008-2801 CVE-2008-2802> CVE-2008-2803 CVE-2008-2805 CVE-2008-2807> CVE-2008-2808 CVE-2008-2809 CVE-2008-2810> CVE-2008-2811> > Multiple flaws were found in the processing of malformed JavaScript> content. An HTML mail containing such malicious content could cause> Thunderbird to crash or, potentially, execute arbitrary code as the user> running Thunderbird. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)> > Several flaws were found in the processing of malformed HTML content. An> HTML mail containing malicious content could cause Thunderbird to crash or,> potentially, execute arbitrary code as the user running Thunderbird.> (CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)> > Several flaws were found in the way malformed HTML content was displayed.> An HTML mail containing specially-crafted content could, potentially, trick> a Thunderbird user into surrendering sensitive information. (CVE-2008-2800)> > Two local file disclosure flaws were found in Thunderbird. An HTML mail> containing malicious content could cause Thunderbird to reveal the contents> of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)> > A flaw was found in the way a malformed .properties file was processed by> Thunderbird. A malicious extension could read uninitialized memory,> possibly leaking sensitive data to the extension. (CVE-2008-2807)> > A flaw was found in the way Thunderbird escaped a listing of local file> names. If a user could be tricked into listing a local directory containing> malicious file names, arbitrary JavaScript could be run with the> permissions of the user running Thunderbird. (CVE-2008-2808)> > A flaw was found in the way Thunderbird displayed information about> self-signed certificates. It was possible for a self-signed certificate to> contain multiple alternate name entries, which were not all displayed to> the user, allowing them to mistakenly extend trust to an unknown site.> (CVE-2008-2809)> > Note: JavaScript support is disabled by default in Thunderbird. The above> issues are not exploitable unless JavaScript is enabled.> > SL 4.x> > SRPMS:> thunderbird-1.5.0.12-14.el4.src.rpm> i386:> thunderbird-1.5.0.12-14.el4.i386.rpm> x86_64:> thunderbird-1.5.0.12-14.el4.i386.rpm> > SL 5.x> > SRPMS:> thunderbird-2.0.0.16-1.el5.src.rpm> i386:> thunderbird-2.0.0.16-1.el5.i386.rpm> x86_64:> thunderbird-2.0.0.16-1.el5.x86_64.rpm> > -Connie Sieh> -Troy Dawson> > > -- __________________________________________________Troy Dawson dawson@fnal.gov (630)840-6468Fermilab ComputingDivision/LCSI/CSI DSS Group__________________________________________________Date: Mon, 4 Aug 2008 15:36:18 -0500Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Re: Security ERRATA for libxslt on SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov" In-Reply-To: <48937977.5050102@fnal.gov>There was a typo in the last e-mail, sorry about that.We had a compiling problem on the SL4 x86_64 rpms. It has been fixed and isworking now. Both the x86_64 and i386 rpm's have been rebuilt with the newname to keep consistency.No code has been changed. The rpm's were only recompiled.SL 4.x SRPMS:libxslt-1.1.11-1.el4_7.2.sl.src.rpm i386:libxslt-1.1.11-1.el4_7.2.sl.i386.rpmlibxslt-devel-1.1.11-1.el4_7.2.sl.i386.rpmlibxslt-python-1.1.11-1.el4_7.2.sl.i386.rpm x86_64:libxslt-1.1.11-1.el4_7.2.sl.i386.rpmlibxslt-1.1.11-1.el4_7.2.sl.x86_64.rpmlibxslt-devel-1.1.11-1.el4_7.2.sl.x86_64.rpmlibxslt-python-1.1.11-1.el4_7.2.sl.x86_64.rpmTroyTroy Dawson wrote:> Synopsis: Moderate: libxslt security update> Issue date: 2008-07-31> CVE Names: CVE-2008-2935>> A heap buffer overflow flaw was discovered in the RC4 libxslt library> extension. An attacker could create a malicious XSL file that would cause a> crash, or, possibly, execute arbitrary code with the privileges of the> application using the libxslt library to perform XSL transformations on> untrusted XSL style sheets. (CVE-2008-2935)>> SL 4.x>> SRPMS:> libxslt-1.1.11-1.el4_7.2.src.rpm> i386:> libxslt-1.1.11-1.el4_7.2.i386.rpm> libxslt-devel-1.1.11-1.el4_7.2.i386.rpm> libxslt-python-1.1.11-1.el4_7.2.i386.rpm> x86_64:> libxslt-1.1.11-1.el4_7.2.i386.rpm> libxslt-1.1.11-1.el4_7.2.x86_64.rpm> libxslt-devel-1.1.11-1.el4_7.2.x86_64.rpm> libxslt-python-1.1.11-1.el4_7.2.x86_64.rpm>> SL 5.x>> SRPMS:> libxslt-1.1.17-2.el5_2.2.src.rpm> i386:> libxslt-1.1.17-2.el5_2.2.i386.rpm> libxslt-devel-1.1.17-2.el5_2.2.i386.rpm> libxslt-python-1.1.17-2.el5_2.2.i386.rpm> x86_64:> libxslt-1.1.17-2.el5_2.2.i386.rpm> libxslt-1.1.17-2.el5_2.2.x86_64.rpm> libxslt-devel-1.1.17-2.el5_2.2.i386.rpm> libxslt-devel-1.1.17-2.el5_2.2.x86_64.rpm> libxslt-python-1.1.17-2.el5_2.2.x86_64.rpm>> -Connie Sieh> -Troy Dawson>>>--__________________________________________________Troy Dawson dawson@fnal.gov (630)840-6468Fermilab ComputingDivision/LCSI/CSI DSS Group__________________________________________________Date: Tue, 5 Aug 2008 15:09:07 -0500Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA for kernel on SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov" Synopsis: Important: kernel security and bug fix updateIssue date: 2008-08-04CVE Names: CVE-2008-2136 CVE-2008-1294 CVE-2008-2812These updated packages fix the following security issues:* a possible kernel memory leak was found in the Linux kernel SimpleInternet Transition (SIT) INET6 implementation. This could allow a localunprivileged user to cause a denial of service. (CVE-2008-2136, Important)* a flaw was found in the Linux kernel setrlimit system call, when settingRLIMIT_CPU to a certain value. This could allow a local unprivileged userto bypass the CPU time limit. (CVE-2008-1294, Moderate)* multiple NULL pointer dereferences were found in various Linux kernelnetwork drivers. These drivers were missing checks for terminal validity,which could allow privilege escalation. (CVE-2008-2812, Moderate)These updated packages fix the following bugs:* the GNU libc stub resolver is a minimal resolver that works with DomainName System (DNS) servers to satisfy requests from applications for names.The GNU libc stub resolver did not specify a source UDP port, and thereforeused predictable port numbers. This could have made DNS spoofing attackseasier.The Linux kernel has been updated to implement random UDP source portswhere none are specified by an application. This allows applications, suchas those using the GNU libc stub resolver, to use random UDP source ports,helping to make DNS spoofing attacks harder.* when using certain hardware, a bug in UART_BUG_TXEN may have causedincorrect hardware detection, causing data flow to "/dev/ttyS1" to hang.* a 50-75% drop in NFS server rewrite performance, compared to Red HatEnterprise Linux 4.6, has been resolved.* due a bug in the fast userspace mutex code, while one thread fetched apointer, another thread may have removed it, causing the first thread tofetch the wrong pointer, possibly causing a system crash.* on certain Hitachi hardware, removing the "uhci_hcd" module caused akernel oops, and the following error:BUG: warning at arch/ia64/kernel/iosapic.c:1001/iosapic_unregister_intr()Even after the "uhci_hcd" module was reloaded, there was no access to USBdevices. As well, on systems that have legacy interrupts,"acpi_unregister_gsi" incorrectly called "iosapci_unregister_intr()",causing warning messages to be logged.* when a page was mapped with mmap(), and "PROT_WRITE" was the only"prot" argument, the first read of that page caused a segmentation fault.If the page was read after it was written to, no fault occurred. This wasincompatible with the Red Hat Enterprise Linux 4 behavior.* due to a NULL pointer dereference in powernowk8_init(), a panic mayhave occurred.* certain error conditions handled by the bonding sysfs interface couldhave left rtnl_lock() unbalanced, either by locking and returning withoutunlocking, or by unlocking when it did not lock, possibly causing a"kernel: RTNL: assertion failed at net/core/fib_rules.c" error.* the kernel currently expects a maximum of six Machine Check Exception(MCE) banks to be exposed by a CPU. Certain CPUs have 7 or more, which mayhave caused the MCE to be incorrectly reported.* a race condition in UNIX domain sockets may have caused recv() to returnzero. For clusters, this may have caused unexpected failovers.* msgrcv() frequently returned an incorrect "ERESTARTNOHAND (514)" errornumber.* on certain Intel Itanium-based systems, when kdump was configured to haltthe system after a dump operation, after the "System halted." output, thekernel continued to output endless "soft lockup" messages.SL 5.x SRPMS:kernel-2.6.18-92.1.10.el5.src.rpm i386:kernel-2.6.18-92.1.10.el5.i686.rpmkernel-debug-2.6.18-92.1.10.el5.i686.rpmkernel-debug-devel-2.6.18-92.1.10.el5.i686.rpmkernel-devel-2.6.18-92.1.10.el5.i686.rpmkernel-doc-2.6.18-92.1.10.el5.noarch.rpmkernel-headers-2.6.18-92.1.10.el5.i386.rpmkernel-PAE-2.6.18-92.1.10.el5.i686.rpmkernel-PAE-devel-2.6.18-92.1.10.el5.i686.rpmkernel-xen-2.6.18-92.1.10.el5.i686.rpmkernel-xen-devel-2.6.18-92.1.10.el5.i686.rpm Dependancies:kernel-module-fuse-2.6.18-92.1.10.el5-2.6.3-1.sl5.i686.rpmkernel-module-fuse-2.6.18-92.1.10.el5PAE-2.6.3-1.sl5.i686.rpmkernel-module-fuse-2.6.18-92.1.10.el5xen-2.6.3-1.sl5.i686.rpmkernel-module-ipw3945-2.6.18-92.1.10.el5-1.2.0-2.sl5.i686.rpmkernel-module-ipw3945-2.6.18-92.1.10.el5PAE-1.2.0-2.sl5.i686.rpmkernel-module-ipw3945-2.6.18-92.1.10.el5xen-1.2.0-2.sl5.i686.rpmkernel-module-madwifi-2.6.18-92.1.10.el5-0.9.4-15.sl5.i686.rpmkernel-module-madwifi-2.6.18-92.1.10.el5PAE-0.9.4-15.sl5.i686.rpmkernel-module-madwifi-2.6.18-92.1.10.el5xen-0.9.4-15.sl5.i686.rpmkernel-module-madwifi-hal-2.6.18-92.1.10.el5-0.9.4-15.sl5.i686.rpmkernel-module-madwifi-hal-2.6.18-92.1.10.el5PAE-0.9.4-15.sl5.i686.rpmkernel-module-madwifi-hal-2.6.18-92.1.10.el5xen-0.9.4-15.sl5.i686.rpmkernel-module-ndiswrapper-2.6.18-92.1.10.el5-1.53-1.SL.i686.rpmkernel-module-ndiswrapper-2.6.18-92.1.10.el5PAE-1.53-1.SL.i686.rpmkernel-module-ndiswrapper-2.6.18-92.1.10.el5xen-1.53-1.SL.i686.rpmkernel-module-openafs-2.6.18-92.1.10.el5-1.4.7-68.SL5.i686.rpmkernel-module-openafs-2.6.18-92.1.10.el5PAE-1.4.7-68.SL5.i686.rpmkernel-module-openafs-2.6.18-92.1.10.el5xen-1.4.7-68.SL5.i686.rpmkernel-module-xfs-2.6.18-92.1.10.el5-0.4-1.sl5.i686.rpmkernel-module-xfs-2.6.18-92.1.10.el5PAE-0.4-1.sl5.i686.rpmkernel-module-xfs-2.6.18-92.1.10.el5xen-0.4-1.sl5.i686.rpm x86_64:kernel-2.6.18-92.1.10.el5.x86_64.rpmkernel-debug-2.6.18-92.1.10.el5.x86_64.rpmkernel-debug-devel-2.6.18-92.1.10.el5.x86_64.rpmkernel-devel-2.6.18-92.1.10.el5.x86_64.rpmkernel-doc-2.6.18-92.1.10.el5.noarch.rpmkernel-headers-2.6.18-92.1.10.el5.x86_64.rpmkernel-xen-2.6.18-92.1.10.el5.x86_64.rpmkernel-xen-devel-2.6.18-92.1.10.el5.x86_64.rpm Dependancies:kernel-module-fuse-2.6.18-92.1.10.el5-2.6.3-1.sl5.x86_64.rpmkernel-module-fuse-2.6.18-92.1.10.el5xen-2.6.3-1.sl5.x86_64.rpmkernel-module-ipw3945-2.6.18-92.1.10.el5-1.2.0-2.sl5.x86_64.rpmkernel-module-ipw3945-2.6.18-92.1.10.el5xen-1.2.0-2.sl5.x86_64.rpmkernel-module-madwifi-2.6.18-92.1.10.el5-0.9.4-15.sl5.x86_64.rpmkernel-module-madwifi-2.6.18-92.1.10.el5xen-0.9.4-15.sl5.x86_64.rpmkernel-module-madwifi-hal-2.6.18-92.1.10.el5-0.9.4-15.sl5.x86_64.rpmkernel-module-madwifi-hal-2.6.18-92.1.10.el5xen-0.9.4-15.sl5.x86_64.rpmkernel-module-ndiswrapper-2.6.18-92.1.10.el5-1.53-1.SL.x86_64.rpmkernel-module-ndiswrapper-2.6.18-92.1.10.el5xen-1.53-1.SL.x86_64.rpmkernel-module-openafs-2.6.18-92.1.10.el5-1.4.7-68.SL5.x86_64.rpmkernel-module-openafs-2.6.18-92.1.10.el5xen-1.4.7-68.SL5.x86_64.rpmkernel-module-xfs-2.6.18-92.1.10.el5-0.4-1.sl5.x86_64.rpmkernel-module-xfs-2.6.18-92.1.10.el5xen-0.4-1.sl5.x86_64.rpm-Connie Sieh-Troy Dawson