Date:         Tue, 25 Aug 2009 12:29:31 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Important: kernel on SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Important: kernel security and bug fix update
Issue date:	2009-08-24
CVE Names:	CVE-2009-2692 CVE-2009-2698

CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc
CVE-2009-2698 kernel: udp socket NULL ptr dereference

These updated packages fix the following security issues:

* a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This
macro did not initialize the sendpage operation in the proto_ops 
structure correctly. A local, unprivileged user could use this flaw to 
cause a local denial of service or escalate their privileges. 
(CVE-2009-2692, Important)

* a flaw was found in the udp_sendmsg() implementation in the Linux 
kernel when using the MSG_MORE flag on UDP sockets. A local, 
unprivileged user could use this flaw to cause a local denial of service 
or escalate their privileges. (CVE-2009-2698, Important)

These updated packages also fix the following bug:

* in the dlm code, a socket was allocated in tcp_connect_to_sock(), but 
was not freed in the error exit path. This bug led to a memory leak and 
an unresponsive system. A reported case of this bug occurred after 
running "cman_tool kill -n [nodename]". (BZ#515432)

The system must be rebooted for this update to take effect.

SL 5.x

     SRPMS:
kernel-2.6.18-128.7.1.el5.src.rpm
     i386:
kernel-2.6.18-128.7.1.el5.i686.rpm
kernel-debug-2.6.18-128.7.1.el5.i686.rpm
kernel-debug-devel-2.6.18-128.7.1.el5.i686.rpm
kernel-devel-2.6.18-128.7.1.el5.i686.rpm
kernel-doc-2.6.18-128.7.1.el5.noarch.rpm
kernel-headers-2.6.18-128.7.1.el5.i386.rpm
kernel-PAE-2.6.18-128.7.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-128.7.1.el5.i686.rpm
kernel-xen-2.6.18-128.7.1.el5.i686.rpm
kernel-xen-devel-2.6.18-128.7.1.el5.i686.rpm
   Dependancies:
kernel-module-aufs-2.6.18-128.7.1.el5-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-aufs-2.6.18-128.7.1.el5PAE-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-aufs-2.6.18-128.7.1.el5xen-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-fuse-2.6.18-128.7.1.el5-2.6.3-1.sl5.i686.rpm
kernel-module-fuse-2.6.18-128.7.1.el5PAE-2.6.3-1.sl5.i686.rpm
kernel-module-fuse-2.6.18-128.7.1.el5xen-2.6.3-1.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-128.7.1.el5-1.2.0-2.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-128.7.1.el5PAE-1.2.0-2.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-128.7.1.el5xen-1.2.0-2.sl5.i686.rpm
kernel-module-madwifi-2.6.18-128.7.1.el5-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-2.6.18-128.7.1.el5PAE-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-2.6.18-128.7.1.el5xen-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-128.7.1.el5-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-128.7.1.el5PAE-0.9.4-15.sl5.i686.rpm
kernel-module-madwifi-hal-2.6.18-128.7.1.el5xen-0.9.4-15.sl5.i686.rpm
kernel-module-ndiswrapper-2.6.18-128.7.1.el5-1.53-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.18-128.7.1.el5PAE-1.53-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.18-128.7.1.el5xen-1.53-1.SL.i686.rpm
kernel-module-openafs-2.6.18-128.7.1.el5-1.4.7-68.2.SL5.i686.rpm
kernel-module-openafs-2.6.18-128.7.1.el5PAE-1.4.7-68.2.SL5.i686.rpm
kernel-module-openafs-2.6.18-128.7.1.el5xen-1.4.7-68.2.SL5.i686.rpm
kernel-module-xfs-2.6.18-128.7.1.el5-0.4-2.sl5.i686.rpm
kernel-module-xfs-2.6.18-128.7.1.el5PAE-0.4-2.sl5.i686.rpm
kernel-module-xfs-2.6.18-128.7.1.el5xen-0.4-2.sl5.i686.rpm

     x86_64:
kernel-2.6.18-128.7.1.el5.x86_64.rpm
kernel-debug-2.6.18-128.7.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-128.7.1.el5.x86_64.rpm
kernel-devel-2.6.18-128.7.1.el5.x86_64.rpm
kernel-doc-2.6.18-128.7.1.el5.noarch.rpm
kernel-headers-2.6.18-128.7.1.el5.x86_64.rpm
kernel-xen-2.6.18-128.7.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-128.7.1.el5.x86_64.rpm
   Dependancies:
kernel-module-aufs-2.6.18-128.7.1.el5-0.20090202.cvs-6.sl5.x86_64.rpm
kernel-module-aufs-2.6.18-128.7.1.el5xen-0.20090202.cvs-6.sl5.x86_64.rpm
kernel-module-fuse-2.6.18-128.7.1.el5-2.6.3-1.sl5.x86_64.rpm
kernel-module-fuse-2.6.18-128.7.1.el5xen-2.6.3-1.sl5.x86_64.rpm
kernel-module-ipw3945-2.6.18-128.7.1.el5-1.2.0-2.sl5.x86_64.rpm
kernel-module-ipw3945-2.6.18-128.7.1.el5xen-1.2.0-2.sl5.x86_64.rpm
kernel-module-madwifi-2.6.18-128.7.1.el5-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-2.6.18-128.7.1.el5xen-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-hal-2.6.18-128.7.1.el5-0.9.4-15.sl5.x86_64.rpm
kernel-module-madwifi-hal-2.6.18-128.7.1.el5xen-0.9.4-15.sl5.x86_64.rpm
kernel-module-ndiswrapper-2.6.18-128.7.1.el5-1.53-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.18-128.7.1.el5xen-1.53-1.SL.x86_64.rpm
kernel-module-openafs-2.6.18-128.7.1.el5-1.4.7-68.2.SL5.x86_64.rpm
kernel-module-openafs-2.6.18-128.7.1.el5xen-1.4.7-68.2.SL5.x86_64.rpm
kernel-module-xfs-2.6.18-128.7.1.el5-0.4-2.sl5.x86_64.rpm
kernel-module-xfs-2.6.18-128.7.1.el5xen-0.4-2.sl5.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2009-2692 Important: kernel SL5.x i386/x86_64

Important: kernel security and bug fix update

Summary

Date:         Tue, 25 Aug 2009 12:29:31 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA Important: kernel on SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Important: kernel security and bug fix updateIssue date:	2009-08-24CVE Names:	CVE-2009-2692 CVE-2009-2698CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privescCVE-2009-2698 kernel: udp socket NULL ptr dereferenceThese updated packages fix the following security issues:* a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. Thismacro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important)* a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important)These updated packages also fix the following bug:* in the dlm code, a socket was allocated in tcp_connect_to_sock(), but was not freed in the error exit path. This bug led to a memory leak and an unresponsive system. A reported case of this bug occurred after running "cman_tool kill -n [nodename]". (BZ#515432)The system must be rebooted for this update to take effect.SL 5.x     SRPMS:kernel-2.6.18-128.7.1.el5.src.rpm     i386:kernel-2.6.18-128.7.1.el5.i686.rpmkernel-debug-2.6.18-128.7.1.el5.i686.rpmkernel-debug-devel-2.6.18-128.7.1.el5.i686.rpmkernel-devel-2.6.18-128.7.1.el5.i686.rpmkernel-doc-2.6.18-128.7.1.el5.noarch.rpmkernel-headers-2.6.18-128.7.1.el5.i386.rpmkernel-PAE-2.6.18-128.7.1.el5.i686.rpmkernel-PAE-devel-2.6.18-128.7.1.el5.i686.rpmkernel-xen-2.6.18-128.7.1.el5.i686.rpmkernel-xen-devel-2.6.18-128.7.1.el5.i686.rpm   Dependancies:kernel-module-aufs-2.6.18-128.7.1.el5-0.20090202.cvs-6.sl5.i686.rpmkernel-module-aufs-2.6.18-128.7.1.el5PAE-0.20090202.cvs-6.sl5.i686.rpmkernel-module-aufs-2.6.18-128.7.1.el5xen-0.20090202.cvs-6.sl5.i686.rpmkernel-module-fuse-2.6.18-128.7.1.el5-2.6.3-1.sl5.i686.rpmkernel-module-fuse-2.6.18-128.7.1.el5PAE-2.6.3-1.sl5.i686.rpmkernel-module-fuse-2.6.18-128.7.1.el5xen-2.6.3-1.sl5.i686.rpmkernel-module-ipw3945-2.6.18-128.7.1.el5-1.2.0-2.sl5.i686.rpmkernel-module-ipw3945-2.6.18-128.7.1.el5PAE-1.2.0-2.sl5.i686.rpmkernel-module-ipw3945-2.6.18-128.7.1.el5xen-1.2.0-2.sl5.i686.rpmkernel-module-madwifi-2.6.18-128.7.1.el5-0.9.4-15.sl5.i686.rpmkernel-module-madwifi-2.6.18-128.7.1.el5PAE-0.9.4-15.sl5.i686.rpmkernel-module-madwifi-2.6.18-128.7.1.el5xen-0.9.4-15.sl5.i686.rpmkernel-module-madwifi-hal-2.6.18-128.7.1.el5-0.9.4-15.sl5.i686.rpmkernel-module-madwifi-hal-2.6.18-128.7.1.el5PAE-0.9.4-15.sl5.i686.rpmkernel-module-madwifi-hal-2.6.18-128.7.1.el5xen-0.9.4-15.sl5.i686.rpmkernel-module-ndiswrapper-2.6.18-128.7.1.el5-1.53-1.SL.i686.rpmkernel-module-ndiswrapper-2.6.18-128.7.1.el5PAE-1.53-1.SL.i686.rpmkernel-module-ndiswrapper-2.6.18-128.7.1.el5xen-1.53-1.SL.i686.rpmkernel-module-openafs-2.6.18-128.7.1.el5-1.4.7-68.2.SL5.i686.rpmkernel-module-openafs-2.6.18-128.7.1.el5PAE-1.4.7-68.2.SL5.i686.rpmkernel-module-openafs-2.6.18-128.7.1.el5xen-1.4.7-68.2.SL5.i686.rpmkernel-module-xfs-2.6.18-128.7.1.el5-0.4-2.sl5.i686.rpmkernel-module-xfs-2.6.18-128.7.1.el5PAE-0.4-2.sl5.i686.rpmkernel-module-xfs-2.6.18-128.7.1.el5xen-0.4-2.sl5.i686.rpm     x86_64:kernel-2.6.18-128.7.1.el5.x86_64.rpmkernel-debug-2.6.18-128.7.1.el5.x86_64.rpmkernel-debug-devel-2.6.18-128.7.1.el5.x86_64.rpmkernel-devel-2.6.18-128.7.1.el5.x86_64.rpmkernel-doc-2.6.18-128.7.1.el5.noarch.rpmkernel-headers-2.6.18-128.7.1.el5.x86_64.rpmkernel-xen-2.6.18-128.7.1.el5.x86_64.rpmkernel-xen-devel-2.6.18-128.7.1.el5.x86_64.rpm   Dependancies:kernel-module-aufs-2.6.18-128.7.1.el5-0.20090202.cvs-6.sl5.x86_64.rpmkernel-module-aufs-2.6.18-128.7.1.el5xen-0.20090202.cvs-6.sl5.x86_64.rpmkernel-module-fuse-2.6.18-128.7.1.el5-2.6.3-1.sl5.x86_64.rpmkernel-module-fuse-2.6.18-128.7.1.el5xen-2.6.3-1.sl5.x86_64.rpmkernel-module-ipw3945-2.6.18-128.7.1.el5-1.2.0-2.sl5.x86_64.rpmkernel-module-ipw3945-2.6.18-128.7.1.el5xen-1.2.0-2.sl5.x86_64.rpmkernel-module-madwifi-2.6.18-128.7.1.el5-0.9.4-15.sl5.x86_64.rpmkernel-module-madwifi-2.6.18-128.7.1.el5xen-0.9.4-15.sl5.x86_64.rpmkernel-module-madwifi-hal-2.6.18-128.7.1.el5-0.9.4-15.sl5.x86_64.rpmkernel-module-madwifi-hal-2.6.18-128.7.1.el5xen-0.9.4-15.sl5.x86_64.rpmkernel-module-ndiswrapper-2.6.18-128.7.1.el5-1.53-1.SL.x86_64.rpmkernel-module-ndiswrapper-2.6.18-128.7.1.el5xen-1.53-1.SL.x86_64.rpmkernel-module-openafs-2.6.18-128.7.1.el5-1.4.7-68.2.SL5.x86_64.rpmkernel-module-openafs-2.6.18-128.7.1.el5xen-1.4.7-68.2.SL5.x86_64.rpmkernel-module-xfs-2.6.18-128.7.1.el5-0.4-2.sl5.x86_64.rpmkernel-module-xfs-2.6.18-128.7.1.el5xen-0.4-2.sl5.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News