What Are You Looking For?

Sign Up
Date:         Tue, 17 Mar 2009 15:01:18 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Important: kernel on SL4.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Important: kernel security and bug fix update
Issue date:	2009-03-12
CVE Names:	CVE-2008-5700 CVE-2009-0031 CVE-2009-0065
                 CVE-2009-0322

This update addresses the following security issues:

* a buffer overflow was found in the Linux kernel Partial Reliable 
Stream Control Transmission Protocol (PR-SCTP) implementation. This 
could, potentially, lead to a denial of service if a Forward-TSN chunk 
is received with a large stream ID. (CVE-2009-0065, Important)

* a memory leak was found in keyctl handling. A local, unprivileged user
could use this flaw to deplete kernel memory, eventually leading to a
denial of service. (CVE-2009-0031, Important)

* a deficiency was found in the Remote BIOS Update (RBU) driver for Dell
systems. This could allow a local, unprivileged user to cause a denial 
of service by reading zero bytes from the image_type or packet_size file 
in "/sys/devices/platform/dell_rbu/". (CVE-2009-0322, Important)

* a deficiency was found in the libATA implementation. This could,
potentially, lead to a denial of service. Note: by default, "/dev/sg*"
devices are accessible only to the root user. (CVE-2008-5700, Low)

This update also fixes the following bugs:

* when the hypervisor changed a page table entry (pte) mapping from
read-only to writable via a make_writable hypercall, accessing the 
changed page immediately following the change caused a spurious page 
fault. When trying to install a para-virtualized Scientific Linux 4 
guest on a Scientific Linux 5.3 dom0 host, this fault crashed the 
installer with a kernel backtrace. With this update, the "spurious" page 
fault is handled properly. (BZ#483748)

* net_rx_action could detect its cpu poll_list as non-empty, but have 
that same list reduced to empty by the poll_napi path. This resulted in 
garbage data being returned when net_rx_action calls list_entry, which 
subsequently resulted in several possible crash conditions. The race 
condition in the network code which caused this has been fixed. 
(BZ#475970, BZ#479681 & BZ#480741)

* a misplaced memory barrier at unlock_buffer() could lead to a 
concurrent h_refcounter update which produced a reference counter leak 
and, later, a double free in ext3_xattr_release_block(). Consequent to 
the double free, ext3 reported an error

    ext3_free_blocks_sb: bit already cleared for block [block number]

and mounted itself as read-only. With this update, the memory barrier is
now placed before the buffer head lock bit, forcing the write order and
preventing the double free. (BZ#476533)

* when the iptables module was unloaded, it was assumed the correct 
entry for removal had been found if "wrapper->ops->pf" matched the value 
passed in by "reg->pf". If several ops ranges were registered against 
the same protocol family, however, (which was likely if you had both 
ip_conntrack and ip_contrack_* loaded) this assumption could lead to 
NULL list pointers and cause a kernel panic. With this update, 
"wrapper->ops" is matched to pointer values "reg", which ensures the 
correct entry is removed and results in no NULL list pointers. (BZ#477147)

* when the pidmap page (used for tracking process ids, pids) incremented 
to an even page (ie the second, fourth, sixth, etc. pidmap page), the
alloc_pidmap() routine skipped the page. This resulted in "holes" in the
allocated pids. For example, after pid 32767, you would expect 32768 to 
be allocated. If the page skipping behavior presented, however, the pid
allocated after 32767 was 65536. With this update, alloc_pidmap() no 
longer skips alternate pidmap pages and allocated pid holes no longer 
occur. This fix also corrects an error which allowed pid_max to be set 
higher than the pid_max limit has been corrected. (BZ#479182)

The system must be rebooted for this update to take effect.

SL 4.x

     SRPMS:
kernel-2.6.9-78.0.17.EL.src.rpm
     i386:
kernel-2.6.9-78.0.17.EL.i686.rpm
kernel-devel-2.6.9-78.0.17.EL.i686.rpm
kernel-doc-2.6.9-78.0.17.EL.noarch.rpm
kernel-hugemem-2.6.9-78.0.17.EL.i686.rpm
kernel-hugemem-devel-2.6.9-78.0.17.EL.i686.rpm
kernel-smp-2.6.9-78.0.17.EL.i686.rpm
kernel-smp-devel-2.6.9-78.0.17.EL.i686.rpm
kernel-xenU-2.6.9-78.0.17.EL.i686.rpm
kernel-xenU-devel-2.6.9-78.0.17.EL.i686.rpm
   Dependancies:
kernel-module-fuse-2.6.9-78.0.17.EL-2.7.3-1.SL.i686.rpm
kernel-module-fuse-2.6.9-78.0.17.ELhugemem-2.7.3-1.SL.i686.rpm
kernel-module-fuse-2.6.9-78.0.17.ELsmp-2.7.3-1.SL.i686.rpm
kernel-module-fuse-2.6.9-78.0.17.ELxenU-2.7.3-1.SL.i686.rpm
kernel-module-ipw3945-2.6.9-78.0.17.EL-1.1.0-1.SL4.i686.rpm
kernel-module-ipw3945-2.6.9-78.0.17.ELhugemem-1.1.0-1.SL4.i686.rpm
kernel-module-ipw3945-2.6.9-78.0.17.ELsmp-1.1.0-1.SL4.i686.rpm
kernel-module-ipw3945-2.6.9-78.0.17.ELxenU-1.1.0-1.SL4.i686.rpm
kernel-module-madwifi-2.6.9-78.0.17.EL-0.9.4-10.sl4.i686.rpm
kernel-module-madwifi-2.6.9-78.0.17.ELhugemem-0.9.4-10.sl4.i686.rpm
kernel-module-madwifi-2.6.9-78.0.17.ELsmp-0.9.4-10.sl4.i686.rpm
kernel-module-madwifi-hal-2.6.9-78.0.17.EL-0.9.4-10.sl4.i686.rpm
kernel-module-madwifi-hal-2.6.9-78.0.17.ELhugemem-0.9.4-10.sl4.i686.rpm
kernel-module-madwifi-hal-2.6.9-78.0.17.ELsmp-0.9.4-10.sl4.i686.rpm
kernel-module-ndiswrapper-2.6.9-78.0.17.EL-1.41-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.9-78.0.17.ELhugemem-1.41-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.9-78.0.17.ELsmp-1.41-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.9-78.0.17.ELxenU-1.41-1.SL.i686.rpm
kernel-module-openafs-2.6.9-78.0.17.EL-1.4.7-68.SL4.i686.rpm
kernel-module-openafs-2.6.9-78.0.17.ELhugemem-1.4.7-68.SL4.i686.rpm
kernel-module-openafs-2.6.9-78.0.17.ELsmp-1.4.7-68.SL4.i686.rpm
kernel-module-openafs-2.6.9-78.0.17.ELxenU-1.4.7-68.SL4.i686.rpm
kernel-module-r1000-2.6.9-78.0.17.EL-2.2-2.SL4x.i686.rpm
kernel-module-r1000-2.6.9-78.0.17.ELhugemem-2.2-2.SL4x.i686.rpm
kernel-module-r1000-2.6.9-78.0.17.ELsmp-2.2-2.SL4x.i686.rpm
kernel-module-r1000-2.6.9-78.0.17.ELxenU-2.2-2.SL4x.i686.rpm

     x86_64:
kernel-2.6.9-78.0.17.EL.x86_64.rpm
kernel-devel-2.6.9-78.0.17.EL.x86_64.rpm
kernel-doc-2.6.9-78.0.17.EL.noarch.rpm
kernel-largesmp-2.6.9-78.0.17.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-78.0.17.EL.x86_64.rpm
kernel-smp-2.6.9-78.0.17.EL.x86_64.rpm
kernel-smp-devel-2.6.9-78.0.17.EL.x86_64.rpm
kernel-xenU-2.6.9-78.0.17.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-78.0.17.EL.x86_64.rpm
   Dependancies:
kernel-module-fuse-2.6.9-78.0.17.EL-2.7.3-1.SL.x86_64.rpm
kernel-module-fuse-2.6.9-78.0.17.ELlargesmp-2.7.3-1.SL.x86_64.rpm
kernel-module-fuse-2.6.9-78.0.17.ELsmp-2.7.3-1.SL.x86_64.rpm
kernel-module-fuse-2.6.9-78.0.17.ELxenU-2.7.3-1.SL.x86_64.rpm
kernel-module-ipw3945-2.6.9-78.0.17.EL-1.1.0-1.SL4.x86_64.rpm
kernel-module-ipw3945-2.6.9-78.0.17.ELlargesmp-1.1.0-1.SL4.x86_64.rpm
kernel-module-ipw3945-2.6.9-78.0.17.ELsmp-1.1.0-1.SL4.x86_64.rpm
kernel-module-ipw3945-2.6.9-78.0.17.ELxenU-1.1.0-1.SL4.x86_64.rpm
kernel-module-madwifi-2.6.9-78.0.17.EL-0.9.4-10.sl4.x86_64.rpm
kernel-module-madwifi-2.6.9-78.0.17.ELlargesmp-0.9.4-10.sl4.x86_64.rpm
kernel-module-madwifi-2.6.9-78.0.17.ELsmp-0.9.4-10.sl4.x86_64.rpm
kernel-module-madwifi-hal-2.6.9-78.0.17.EL-0.9.4-10.sl4.x86_64.rpm
kernel-module-madwifi-hal-2.6.9-78.0.17.ELlargesmp-0.9.4-10.sl4.x86_64.rpm
kernel-module-madwifi-hal-2.6.9-78.0.17.ELsmp-0.9.4-10.sl4.x86_64.rpm
kernel-module-ndiswrapper-2.6.9-78.0.17.EL-1.41-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.9-78.0.17.ELlargesmp-1.41-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.9-78.0.17.ELsmp-1.41-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.9-78.0.17.ELxenU-1.41-1.SL.x86_64.rpm
kernel-module-openafs-2.6.9-78.0.17.EL-1.4.7-68.SL4.x86_64.rpm
kernel-module-openafs-2.6.9-78.0.17.ELlargesmp-1.4.7-68.SL4.x86_64.rpm
kernel-module-openafs-2.6.9-78.0.17.ELsmp-1.4.7-68.SL4.x86_64.rpm
kernel-module-openafs-2.6.9-78.0.17.ELxenU-1.4.7-68.SL4.x86_64.rpm
kernel-module-r1000-2.6.9-78.0.17.EL-2.2-2.SL4x.x86_64.rpm
kernel-module-r1000-2.6.9-78.0.17.ELlargesmp-2.2-2.SL4x.x86_64.rpm
kernel-module-r1000-2.6.9-78.0.17.ELsmp-2.2-2.SL4x.x86_64.rpm
kernel-module-r1000-2.6.9-78.0.17.ELxenU-2.2-2.SL4x.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2008-5700 Important: kernel SL4.x i386/x86_64

Important: kernel security and bug fix update

Summary

Date:         Tue, 17 Mar 2009 15:01:18 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA Important: kernel on SL4.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Important: kernel security and bug fix updateIssue date:	2009-03-12CVE Names:	CVE-2008-5700 CVE-2009-0031 CVE-2009-0065                 CVE-2009-0322This update addresses the following security issues:* a buffer overflow was found in the Linux kernel Partial Reliable Stream Control Transmission Protocol (PR-SCTP) implementation. This could, potentially, lead to a denial of service if a Forward-TSN chunk is received with a large stream ID. (CVE-2009-0065, Important)* a memory leak was found in keyctl handling. A local, unprivileged usercould use this flaw to deplete kernel memory, eventually leading to adenial of service. (CVE-2009-0031, Important)* a deficiency was found in the Remote BIOS Update (RBU) driver for Dellsystems. This could allow a local, unprivileged user to cause a denial of service by reading zero bytes from the image_type or packet_size file in "/sys/devices/platform/dell_rbu/". (CVE-2009-0322, Important)* a deficiency was found in the libATA implementation. This could,potentially, lead to a denial of service. Note: by default, "/dev/sg*"devices are accessible only to the root user. (CVE-2008-5700, Low)This update also fixes the following bugs:* when the hypervisor changed a page table entry (pte) mapping fromread-only to writable via a make_writable hypercall, accessing the changed page immediately following the change caused a spurious page fault. When trying to install a para-virtualized Scientific Linux 4 guest on a Scientific Linux 5.3 dom0 host, this fault crashed the installer with a kernel backtrace. With this update, the "spurious" page fault is handled properly. (BZ#483748)* net_rx_action could detect its cpu poll_list as non-empty, but have that same list reduced to empty by the poll_napi path. This resulted in garbage data being returned when net_rx_action calls list_entry, which subsequently resulted in several possible crash conditions. The race condition in the network code which caused this has been fixed. (BZ#475970, BZ#479681 & BZ#480741)* a misplaced memory barrier at unlock_buffer() could lead to a concurrent h_refcounter update which produced a reference counter leak and, later, a double free in ext3_xattr_release_block(). Consequent to the double free, ext3 reported an error    ext3_free_blocks_sb: bit already cleared for block [block number]and mounted itself as read-only. With this update, the memory barrier isnow placed before the buffer head lock bit, forcing the write order andpreventing the double free. (BZ#476533)* when the iptables module was unloaded, it was assumed the correct entry for removal had been found if "wrapper->ops->pf" matched the value passed in by "reg->pf". If several ops ranges were registered against the same protocol family, however, (which was likely if you had both ip_conntrack and ip_contrack_* loaded) this assumption could lead to NULL list pointers and cause a kernel panic. With this update, "wrapper->ops" is matched to pointer values "reg", which ensures the correct entry is removed and results in no NULL list pointers. (BZ#477147)* when the pidmap page (used for tracking process ids, pids) incremented to an even page (ie the second, fourth, sixth, etc. pidmap page), thealloc_pidmap() routine skipped the page. This resulted in "holes" in theallocated pids. For example, after pid 32767, you would expect 32768 to be allocated. If the page skipping behavior presented, however, the pidallocated after 32767 was 65536. With this update, alloc_pidmap() no longer skips alternate pidmap pages and allocated pid holes no longer occur. This fix also corrects an error which allowed pid_max to be set higher than the pid_max limit has been corrected. (BZ#479182)The system must be rebooted for this update to take effect.SL 4.x     SRPMS:kernel-2.6.9-78.0.17.EL.src.rpm     i386:kernel-2.6.9-78.0.17.EL.i686.rpmkernel-devel-2.6.9-78.0.17.EL.i686.rpmkernel-doc-2.6.9-78.0.17.EL.noarch.rpmkernel-hugemem-2.6.9-78.0.17.EL.i686.rpmkernel-hugemem-devel-2.6.9-78.0.17.EL.i686.rpmkernel-smp-2.6.9-78.0.17.EL.i686.rpmkernel-smp-devel-2.6.9-78.0.17.EL.i686.rpmkernel-xenU-2.6.9-78.0.17.EL.i686.rpmkernel-xenU-devel-2.6.9-78.0.17.EL.i686.rpm   Dependancies:kernel-module-fuse-2.6.9-78.0.17.EL-2.7.3-1.SL.i686.rpmkernel-module-fuse-2.6.9-78.0.17.ELhugemem-2.7.3-1.SL.i686.rpmkernel-module-fuse-2.6.9-78.0.17.ELsmp-2.7.3-1.SL.i686.rpmkernel-module-fuse-2.6.9-78.0.17.ELxenU-2.7.3-1.SL.i686.rpmkernel-module-ipw3945-2.6.9-78.0.17.EL-1.1.0-1.SL4.i686.rpmkernel-module-ipw3945-2.6.9-78.0.17.ELhugemem-1.1.0-1.SL4.i686.rpmkernel-module-ipw3945-2.6.9-78.0.17.ELsmp-1.1.0-1.SL4.i686.rpmkernel-module-ipw3945-2.6.9-78.0.17.ELxenU-1.1.0-1.SL4.i686.rpmkernel-module-madwifi-2.6.9-78.0.17.EL-0.9.4-10.sl4.i686.rpmkernel-module-madwifi-2.6.9-78.0.17.ELhugemem-0.9.4-10.sl4.i686.rpmkernel-module-madwifi-2.6.9-78.0.17.ELsmp-0.9.4-10.sl4.i686.rpmkernel-module-madwifi-hal-2.6.9-78.0.17.EL-0.9.4-10.sl4.i686.rpmkernel-module-madwifi-hal-2.6.9-78.0.17.ELhugemem-0.9.4-10.sl4.i686.rpmkernel-module-madwifi-hal-2.6.9-78.0.17.ELsmp-0.9.4-10.sl4.i686.rpmkernel-module-ndiswrapper-2.6.9-78.0.17.EL-1.41-1.SL.i686.rpmkernel-module-ndiswrapper-2.6.9-78.0.17.ELhugemem-1.41-1.SL.i686.rpmkernel-module-ndiswrapper-2.6.9-78.0.17.ELsmp-1.41-1.SL.i686.rpmkernel-module-ndiswrapper-2.6.9-78.0.17.ELxenU-1.41-1.SL.i686.rpmkernel-module-openafs-2.6.9-78.0.17.EL-1.4.7-68.SL4.i686.rpmkernel-module-openafs-2.6.9-78.0.17.ELhugemem-1.4.7-68.SL4.i686.rpmkernel-module-openafs-2.6.9-78.0.17.ELsmp-1.4.7-68.SL4.i686.rpmkernel-module-openafs-2.6.9-78.0.17.ELxenU-1.4.7-68.SL4.i686.rpmkernel-module-r1000-2.6.9-78.0.17.EL-2.2-2.SL4x.i686.rpmkernel-module-r1000-2.6.9-78.0.17.ELhugemem-2.2-2.SL4x.i686.rpmkernel-module-r1000-2.6.9-78.0.17.ELsmp-2.2-2.SL4x.i686.rpmkernel-module-r1000-2.6.9-78.0.17.ELxenU-2.2-2.SL4x.i686.rpm     x86_64:kernel-2.6.9-78.0.17.EL.x86_64.rpmkernel-devel-2.6.9-78.0.17.EL.x86_64.rpmkernel-doc-2.6.9-78.0.17.EL.noarch.rpmkernel-largesmp-2.6.9-78.0.17.EL.x86_64.rpmkernel-largesmp-devel-2.6.9-78.0.17.EL.x86_64.rpmkernel-smp-2.6.9-78.0.17.EL.x86_64.rpmkernel-smp-devel-2.6.9-78.0.17.EL.x86_64.rpmkernel-xenU-2.6.9-78.0.17.EL.x86_64.rpmkernel-xenU-devel-2.6.9-78.0.17.EL.x86_64.rpm   Dependancies:kernel-module-fuse-2.6.9-78.0.17.EL-2.7.3-1.SL.x86_64.rpmkernel-module-fuse-2.6.9-78.0.17.ELlargesmp-2.7.3-1.SL.x86_64.rpmkernel-module-fuse-2.6.9-78.0.17.ELsmp-2.7.3-1.SL.x86_64.rpmkernel-module-fuse-2.6.9-78.0.17.ELxenU-2.7.3-1.SL.x86_64.rpmkernel-module-ipw3945-2.6.9-78.0.17.EL-1.1.0-1.SL4.x86_64.rpmkernel-module-ipw3945-2.6.9-78.0.17.ELlargesmp-1.1.0-1.SL4.x86_64.rpmkernel-module-ipw3945-2.6.9-78.0.17.ELsmp-1.1.0-1.SL4.x86_64.rpmkernel-module-ipw3945-2.6.9-78.0.17.ELxenU-1.1.0-1.SL4.x86_64.rpmkernel-module-madwifi-2.6.9-78.0.17.EL-0.9.4-10.sl4.x86_64.rpmkernel-module-madwifi-2.6.9-78.0.17.ELlargesmp-0.9.4-10.sl4.x86_64.rpmkernel-module-madwifi-2.6.9-78.0.17.ELsmp-0.9.4-10.sl4.x86_64.rpmkernel-module-madwifi-hal-2.6.9-78.0.17.EL-0.9.4-10.sl4.x86_64.rpmkernel-module-madwifi-hal-2.6.9-78.0.17.ELlargesmp-0.9.4-10.sl4.x86_64.rpmkernel-module-madwifi-hal-2.6.9-78.0.17.ELsmp-0.9.4-10.sl4.x86_64.rpmkernel-module-ndiswrapper-2.6.9-78.0.17.EL-1.41-1.SL.x86_64.rpmkernel-module-ndiswrapper-2.6.9-78.0.17.ELlargesmp-1.41-1.SL.x86_64.rpmkernel-module-ndiswrapper-2.6.9-78.0.17.ELsmp-1.41-1.SL.x86_64.rpmkernel-module-ndiswrapper-2.6.9-78.0.17.ELxenU-1.41-1.SL.x86_64.rpmkernel-module-openafs-2.6.9-78.0.17.EL-1.4.7-68.SL4.x86_64.rpmkernel-module-openafs-2.6.9-78.0.17.ELlargesmp-1.4.7-68.SL4.x86_64.rpmkernel-module-openafs-2.6.9-78.0.17.ELsmp-1.4.7-68.SL4.x86_64.rpmkernel-module-openafs-2.6.9-78.0.17.ELxenU-1.4.7-68.SL4.x86_64.rpmkernel-module-r1000-2.6.9-78.0.17.EL-2.2-2.SL4x.x86_64.rpmkernel-module-r1000-2.6.9-78.0.17.ELlargesmp-2.2-2.SL4x.x86_64.rpmkernel-module-r1000-2.6.9-78.0.17.ELsmp-2.2-2.SL4x.x86_64.rpmkernel-module-r1000-2.6.9-78.0.17.ELxenU-2.2-2.SL4x.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo