What Are You Looking For?

Sign Up
Date:         Thu, 18 Dec 2008 13:16:48 -0600
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA for kernel on SL3.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis: Important: kernel security and bug fix update
Issue date: 2008-12-16
CVE Names: CVE-2008-4210 CVE-2008-3275 CVE-2008-0598
                   CVE-2008-2136 CVE-2008-2812 CVE-2007-6063
                   CVE-2008-3525

This update addresses the following security issues:

* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and
64-bit emulation. This could allow a local, unprivileged user to prepare
and run a specially-crafted binary which would use this deficiency to leak
uninitialized and potentially sensitive data. (CVE-2008-0598, Important)

* a possible kernel memory leak was found in the Linux kernel Simple
Internet Transition (SIT) INET6 implementation. This could allow a local,
unprivileged user to cause a denial of service. (CVE-2008-2136, Important)

* missing capability checks were found in the SBNI WAN driver which could
allow a local user to bypass intended capability restrictions.
(CVE-2008-3525, Important)

* the do_truncate() and generic_file_splice_write() functions did not clear
the setuid and setgid bits. This could allow a local, unprivileged user to
obtain access to privileged information. (CVE-2008-4210, Important)

* a buffer overflow flaw was found in Integrated Services Digital Network
(ISDN) subsystem. A local, unprivileged user could use this flaw to cause a
denial of service. (CVE-2007-6063, Moderate)

* multiple NULL pointer dereferences were found in various Linux kernel
network drivers. These drivers were missing checks for terminal validity,
which could allow privilege escalation. (CVE-2008-2812, Moderate)

* a deficiency was found in the Linux kernel virtual filesystem (VFS)
implementation. This could allow a local, unprivileged user to attempt file
creation within deleted directories, possibly causing a denial of service.
(CVE-2008-3275, Moderate)

This update also fixes the following bugs:

* the incorrect kunmap function was used in nfs_xdr_readlinkres. kunmap()
was used where kunmap_atomic() should have been. As a consequence, if an
NFSv2 or NFSv3 server exported a volume containing a symlink which included
a path equal to or longer than the local system's PATH_MAX, accessing the
link caused a kernel oops. This has been corrected in this update.

* mptctl_gettargetinfo did not check if pIoc3 was NULL before using it as a
pointer. This caused a kernel panic in mptctl_gettargetinfo in some
circumstances. A check has been added which prevents this.

* lost tick compensation code in the timer interrupt routine triggered
without apparent cause. When running as a fully-virtualized client, this
spurious triggering caused the 64-bit version of Red Hat Enterprise Linux 3
to present highly inaccurate times. With this update the lost tick
compensation code is turned off when the operating system is running as a
fully-virtualized client under Xen or VMWare=AE.

SL 3.0.x

     SRPMS:
kernel-2.4.21-58.EL.src.rpm
     i386:
kernel-2.4.21-58.EL.athlon.rpm
kernel-2.4.21-58.EL.i686.rpm
kernel-BOOT-2.4.21-58.EL.i386.rpm
kernel-doc-2.4.21-58.EL.i386.rpm
kernel-hugemem-2.4.21-58.EL.i686.rpm
kernel-hugemem-unsupported-2.4.21-58.EL.i686.rpm
kernel-smp-2.4.21-58.EL.athlon.rpm
kernel-smp-2.4.21-58.EL.i686.rpm
kernel-smp-unsupported-2.4.21-58.EL.athlon.rpm
kernel-smp-unsupported-2.4.21-58.EL.i686.rpm
kernel-source-2.4.21-58.EL.i386.rpm
kernel-unsupported-2.4.21-58.EL.athlon.rpm
kernel-unsupported-2.4.21-58.EL.i686.rpm
   Dependancies:
kernel-module-openafs-2.4.21-57.EL-1.2.13-15.17.SL.athlon.rpm
kernel-module-openafs-2.4.21-57.EL-1.2.13-15.17.SL.i686.rpm
kernel-module-openafs-2.4.21-57.ELsmp-1.2.13-15.17.SL.athlon.rpm
kernel-module-openafs-2.4.21-57.ELsmp-1.2.13-15.17.SL.i686.rpm

     x86_64:
kernel-2.4.21-58.EL.ia32e.rpm
kernel-2.4.21-58.EL.x86_64.rpm
kernel-doc-2.4.21-58.EL.x86_64.rpm
kernel-smp-2.4.21-58.EL.x86_64.rpm
kernel-smp-unsupported-2.4.21-58.EL.x86_64.rpm
kernel-source-2.4.21-58.EL.x86_64.rpm
kernel-unsupported-2.4.21-58.EL.ia32e.rpm
kernel-unsupported-2.4.21-58.EL.x86_64.rpm
   Dependancies:
kernel-module-openafs-2.4.21-57.EL-1.2.13-15.17.SL.ia32e.rpm
kernel-module-openafs-2.4.21-57.EL-1.2.13-15.17.SL.x86_64.rpm
kernel-module-openafs-2.4.21-57.ELsmp-1.2.13-15.17.SL.x86_64.rpm

-Connie Sieh
-Troy Dawson
lastline

SciLinux: CVE-2008-4210 kernel SL3.x i386/x86_64

Important: kernel security and bug fix update

Summary

Date:         Thu, 18 Dec 2008 13:16:48 -0600Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA for kernel on SL3.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis: Important: kernel security and bug fix updateIssue date: 2008-12-16CVE Names: CVE-2008-4210 CVE-2008-3275 CVE-2008-0598                   CVE-2008-2136 CVE-2008-2812 CVE-2007-6063                   CVE-2008-3525This update addresses the following security issues:* Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and64-bit emulation. This could allow a local, unprivileged user to prepareand run a specially-crafted binary which would use this deficiency to leakuninitialized and potentially sensitive data. (CVE-2008-0598, Important)* a possible kernel memory leak was found in the Linux kernel SimpleInternet Transition (SIT) INET6 implementation. This could allow a local,unprivileged user to cause a denial of service. (CVE-2008-2136, Important)* missing capability checks were found in the SBNI WAN driver which couldallow a local user to bypass intended capability restrictions.(CVE-2008-3525, Important)* the do_truncate() and generic_file_splice_write() functions did not clearthe setuid and setgid bits. This could allow a local, unprivileged user toobtain access to privileged information. (CVE-2008-4210, Important)* a buffer overflow flaw was found in Integrated Services Digital Network(ISDN) subsystem. A local, unprivileged user could use this flaw to cause adenial of service. (CVE-2007-6063, Moderate)* multiple NULL pointer dereferences were found in various Linux kernelnetwork drivers. These drivers were missing checks for terminal validity,which could allow privilege escalation. (CVE-2008-2812, Moderate)* a deficiency was found in the Linux kernel virtual filesystem (VFS)implementation. This could allow a local, unprivileged user to attempt filecreation within deleted directories, possibly causing a denial of service.(CVE-2008-3275, Moderate)This update also fixes the following bugs:* the incorrect kunmap function was used in nfs_xdr_readlinkres. kunmap()was used where kunmap_atomic() should have been. As a consequence, if anNFSv2 or NFSv3 server exported a volume containing a symlink which includeda path equal to or longer than the local system's PATH_MAX, accessing thelink caused a kernel oops. This has been corrected in this update.* mptctl_gettargetinfo did not check if pIoc3 was NULL before using it as apointer. This caused a kernel panic in mptctl_gettargetinfo in somecircumstances. A check has been added which prevents this.* lost tick compensation code in the timer interrupt routine triggeredwithout apparent cause. When running as a fully-virtualized client, thisspurious triggering caused the 64-bit version of Red Hat Enterprise Linux 3to present highly inaccurate times. With this update the lost tickcompensation code is turned off when the operating system is running as afully-virtualized client under Xen or VMWare=AE.SL 3.0.x     SRPMS:kernel-2.4.21-58.EL.src.rpm     i386:kernel-2.4.21-58.EL.athlon.rpmkernel-2.4.21-58.EL.i686.rpmkernel-BOOT-2.4.21-58.EL.i386.rpmkernel-doc-2.4.21-58.EL.i386.rpmkernel-hugemem-2.4.21-58.EL.i686.rpmkernel-hugemem-unsupported-2.4.21-58.EL.i686.rpmkernel-smp-2.4.21-58.EL.athlon.rpmkernel-smp-2.4.21-58.EL.i686.rpmkernel-smp-unsupported-2.4.21-58.EL.athlon.rpmkernel-smp-unsupported-2.4.21-58.EL.i686.rpmkernel-source-2.4.21-58.EL.i386.rpmkernel-unsupported-2.4.21-58.EL.athlon.rpmkernel-unsupported-2.4.21-58.EL.i686.rpm   Dependancies:kernel-module-openafs-2.4.21-57.EL-1.2.13-15.17.SL.athlon.rpmkernel-module-openafs-2.4.21-57.EL-1.2.13-15.17.SL.i686.rpmkernel-module-openafs-2.4.21-57.ELsmp-1.2.13-15.17.SL.athlon.rpmkernel-module-openafs-2.4.21-57.ELsmp-1.2.13-15.17.SL.i686.rpm     x86_64:kernel-2.4.21-58.EL.ia32e.rpmkernel-2.4.21-58.EL.x86_64.rpmkernel-doc-2.4.21-58.EL.x86_64.rpmkernel-smp-2.4.21-58.EL.x86_64.rpmkernel-smp-unsupported-2.4.21-58.EL.x86_64.rpmkernel-source-2.4.21-58.EL.x86_64.rpmkernel-unsupported-2.4.21-58.EL.ia32e.rpmkernel-unsupported-2.4.21-58.EL.x86_64.rpm   Dependancies:kernel-module-openafs-2.4.21-57.EL-1.2.13-15.17.SL.ia32e.rpmkernel-module-openafs-2.4.21-57.EL-1.2.13-15.17.SL.x86_64.rpmkernel-module-openafs-2.4.21-57.ELsmp-1.2.13-15.17.SL.x86_64.rpm-Connie Sieh-Troy Dawsonlastline



Security Fixes

Severity

Related News

Krasue RAT Malware Hides on Linux Servers Using Embedded Rootkits

Dec 7, 2023

The Present & Future of Kernel Security: Linux's Unique Method for Securing Code

Dec 8, 2023

Kali Linux 2023.4 Released With New Hacking Tools

Dec 6, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo