Date:         Thu, 18 Mar 2010 12:31:43 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Important: kernel on SL4.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Important: kernel security and bug fix update
Issue date:	2010-03-16
CVE Names:	CVE-2009-4271 CVE-2010-0003 CVE-2010-0007
                   CVE-2010-0008 CVE-2010-0307

This update fixes the following security issues:

* a NULL pointer dereference flaw was found in the sctp_rcv_ootb() 
function in the Linux kernel Stream Control Transmission Protocol (SCTP)
implementation. A remote attacker could send a specially-crafted SCTP
packet to a target system, resulting in a denial of service.
(CVE-2010-0008, Important)

* a NULL pointer dereference flaw was found in the Linux kernel. During 
a core dump, the kernel did not check if the Virtual Dynamically-linked
Shared Object page was accessible. On Intel 64 and AMD64 systems, a 
local, unprivileged user could use this flaw to cause a kernel panic by 
running a crafted 32-bit application. (CVE-2009-4271, Important)

* an information leak was found in the print_fatal_signal() 
implementation in the Linux kernel. When 
"/proc/sys/kernel/print-fatal-signals" is set to 1 (the default value is 
0), memory that is reachable by the kernel could be leaked to 
user-space. This issue could also result in a system crash. Note that 
this flaw only affected the i386 architecture. (CVE-2010-0003,
Moderate)

* on AMD64 systems, it was discovered that the kernel did not ensure the
ELF interpreter was available before making a call to the 
SET_PERSONALITY macro. A local attacker could use this flaw to cause a 
denial of service by running a 32-bit application that attempts to 
execute a 64-bit application. (CVE-2010-0307, Moderate)

* missing capability checks were found in the ebtables implementation, 
used for creating an Ethernet bridge firewall. This could allow a local,
unprivileged user to bypass intended capability restrictions and modify
ebtables rules. (CVE-2010-0007, Low)

This update also fixes the following bugs:

* under some circumstances, a locking bug could have caused an online 
ext3 file system resize to deadlock, which may have, in turn, caused the 
file system or the entire system to become unresponsive. In either case, 
a reboot was required after the deadlock. With this update, using 
resize2fs to perform an online resize of an ext3 file system works as 
expected. (BZ#553135)

* some ATA and SCSI devices were not honoring the barrier=1 mount 
option, which could result in data loss after a crash or power loss. 
This update applies a patch to the Linux SCSI driver to ensure ordered 
write caching. This solution does not provide cache flushes; however, it 
does provide data integrity on devices that have no write caching (or 
where write caching is disabled) and no command queuing. For systems 
that have command queuing or write cache enabled there is no guarantee 
of data integrity after a crash. (BZ#560563)

* it was found that lpfc_find_target() could loop continuously when
scanning a list of nodes due to a missing spinlock. This missing 
spinlock allowed the list to be changed after the list_empty() test, 
resulting in a NULL value, causing the loop. This update adds the 
spinlock, resolving the issue. (BZ#561453)

* the fix for CVE-2009-4538 provided by RHSA-2010:0020 introduced a
regression, preventing Wake on LAN (WoL) working for network devices 
using the Intel PRO/1000 Linux driver, e1000e. Attempting to configure 
WoL for such devices resulted in the following error, even when 
configuring valid options:

"Cannot set new wake-on-lan settings: Operation not supported
not setting wol"

This update resolves this regression, and WoL now works as expected for
network devices using the e1000e driver. (BZ#565496)

The system must be rebooted for this update to take effect.

SL 4.x

     SRPMS:
kernel-2.6.9-89.0.23.EL.src.rpm
     i386:
kernel-2.6.9-89.0.23.EL.i686.rpm
kernel-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-doc-2.6.9-89.0.23.EL.noarch.rpm
kernel-hugemem-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.i686.rpm
   Dependancies:
kernel-module-fuse-2.6.9-89.0.23.EL-2.7.3-1.SL.i686.rpm
kernel-module-fuse-2.6.9-89.0.23.ELhugemem-2.7.3-1.SL.i686.rpm
kernel-module-fuse-2.6.9-89.0.23.ELsmp-2.7.3-1.SL.i686.rpm
kernel-module-fuse-2.6.9-89.0.23.ELxenU-2.7.3-1.SL.i686.rpm
kernel-module-ipw3945-2.6.9-89.0.23.EL-1.1.0-1.SL4.i686.rpm
kernel-module-ipw3945-2.6.9-89.0.23.ELhugemem-1.1.0-1.SL4.i686.rpm
kernel-module-ipw3945-2.6.9-89.0.23.ELsmp-1.1.0-1.SL4.i686.rpm
kernel-module-ipw3945-2.6.9-89.0.23.ELxenU-1.1.0-1.SL4.i686.rpm
kernel-module-madwifi-2.6.9-89.0.23.EL-0.9.4-10.sl4.i686.rpm
kernel-module-madwifi-2.6.9-89.0.23.ELhugemem-0.9.4-10.sl4.i686.rpm
kernel-module-madwifi-2.6.9-89.0.23.ELsmp-0.9.4-10.sl4.i686.rpm
kernel-module-madwifi-hal-2.6.9-89.0.23.EL-0.9.4-10.sl4.i686.rpm
kernel-module-madwifi-hal-2.6.9-89.0.23.ELhugemem-0.9.4-10.sl4.i686.rpm
kernel-module-madwifi-hal-2.6.9-89.0.23.ELsmp-0.9.4-10.sl4.i686.rpm
kernel-module-ndiswrapper-2.6.9-89.0.23.EL-1.41-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.9-89.0.23.ELhugemem-1.41-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.9-89.0.23.ELsmp-1.41-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.9-89.0.23.ELxenU-1.41-1.SL.i686.rpm
kernel-module-openafs-2.6.9-89.0.23.EL-1.4.7-68.2.SL4.i686.rpm
kernel-module-openafs-2.6.9-89.0.23.ELhugemem-1.4.7-68.2.SL4.i686.rpm
kernel-module-openafs-2.6.9-89.0.23.ELsmp-1.4.7-68.2.SL4.i686.rpm
kernel-module-openafs-2.6.9-89.0.23.ELxenU-1.4.7-68.2.SL4.i686.rpm
kernel-module-r1000-2.6.9-89.0.23.EL-2.2-2.SL4x.i686.rpm
kernel-module-r1000-2.6.9-89.0.23.ELhugemem-2.2-2.SL4x.i686.rpm
kernel-module-r1000-2.6.9-89.0.23.ELsmp-2.2-2.SL4x.i686.rpm
kernel-module-r1000-2.6.9-89.0.23.ELxenU-2.2-2.SL4x.i686.rpm
kernel-module-squashfs-2.6.9-89.0.23.EL-3.1.2-3.i686.rpm
kernel-module-squashfs-2.6.9-89.0.23.ELhugemem-3.1.2-3.i686.rpm
kernel-module-squashfs-2.6.9-89.0.23.ELsmp-3.1.2-3.i686.rpm
kernel-module-squashfs-2.6.9-89.0.23.ELxenU-3.1.2-3.i686.rpm
kernel-module-unionfs-2.6.9-89.0.23.EL-1.1.5-3.i686.rpm
kernel-module-unionfs-2.6.9-89.0.23.ELsmp-1.1.5-3.i686.rpm

     x86_64:
kernel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-doc-2.6.9-89.0.23.EL.noarch.rpm
kernel-largesmp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.x86_64.rpm
   Dependancies:
kernel-module-fuse-2.6.9-89.0.23.EL-2.7.3-1.el4_8.x86_64.rpm
kernel-module-fuse-2.6.9-89.0.23.ELlargesmp-2.7.3-1.el4_8.x86_64.rpm
kernel-module-fuse-2.6.9-89.0.23.ELsmp-2.7.3-1.el4_8.x86_64.rpm
kernel-module-fuse-2.6.9-89.0.23.ELxenU-2.7.3-1.el4_8.x86_64.rpm
kernel-module-ipw3945-2.6.9-89.0.23.EL-1.1.0-1.SL4.x86_64.rpm
kernel-module-ipw3945-2.6.9-89.0.23.ELlargesmp-1.1.0-1.SL4.x86_64.rpm
kernel-module-ipw3945-2.6.9-89.0.23.ELsmp-1.1.0-1.SL4.x86_64.rpm
kernel-module-ipw3945-2.6.9-89.0.23.ELxenU-1.1.0-1.SL4.x86_64.rpm
kernel-module-madwifi-2.6.9-89.0.23.EL-0.9.4-10.sl4.x86_64.rpm
kernel-module-madwifi-2.6.9-89.0.23.ELlargesmp-0.9.4-10.sl4.x86_64.rpm
kernel-module-madwifi-2.6.9-89.0.23.ELsmp-0.9.4-10.sl4.x86_64.rpm
kernel-module-madwifi-hal-2.6.9-89.0.23.EL-0.9.4-10.sl4.x86_64.rpm
kernel-module-madwifi-hal-2.6.9-89.0.23.ELlargesmp-0.9.4-10.sl4.x86_64.rpm
kernel-module-madwifi-hal-2.6.9-89.0.23.ELsmp-0.9.4-10.sl4.x86_64.rpm
kernel-module-ndiswrapper-2.6.9-89.0.23.EL-1.41-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.9-89.0.23.ELlargesmp-1.41-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.9-89.0.23.ELsmp-1.41-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.9-89.0.23.ELxenU-1.41-1.SL.x86_64.rpm
kernel-module-openafs-2.6.9-89.0.23.EL-1.4.7-68.2.SL4.x86_64.rpm
kernel-module-openafs-2.6.9-89.0.23.ELlargesmp-1.4.7-68.2.SL4.x86_64.rpm
kernel-module-openafs-2.6.9-89.0.23.ELsmp-1.4.7-68.2.SL4.x86_64.rpm
kernel-module-openafs-2.6.9-89.0.23.ELxenU-1.4.7-68.2.SL4.x86_64.rpm
kernel-module-r1000-2.6.9-89.0.23.EL-2.2-2.SL4x.x86_64.rpm
kernel-module-r1000-2.6.9-89.0.23.ELlargesmp-2.2-2.SL4x.x86_64.rpm
kernel-module-r1000-2.6.9-89.0.23.ELsmp-2.2-2.SL4x.x86_64.rpm
kernel-module-r1000-2.6.9-89.0.23.ELxenU-2.2-2.SL4x.x86_64.rpm
kernel-module-squashfs-2.6.9-89.0.23.EL-3.1.2-3.el4_8.x86_64.rpm
kernel-module-squashfs-2.6.9-89.0.23.ELlargesmp-3.1.2-3.el4_8.x86_64.rpm
kernel-module-squashfs-2.6.9-89.0.23.ELsmp-3.1.2-3.el4_8.x86_64.rpm
kernel-module-squashfs-2.6.9-89.0.23.ELxenU-3.1.2-3.el4_8.x86_64.rpm
kernel-module-unionfs-2.6.9-89.0.23.EL-1.1.5-3.el4_8.x86_64.rpm
kernel-module-unionfs-2.6.9-89.0.23.ELsmp-1.1.5-3.el4_8.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2009-4271 Important: kernel SL4.x i386/x86_64

Important: kernel security and bug fix update

Summary

* a NULL pointer dereference flaw was found in the sctp_rcv_ootb()function in the Linux kernel Stream Control Transmission Protocol (SCTP)implementation. A remote attacker could send a specially-crafted SCTPpacket to a target system, resulting in a denial of service.(CVE-2010-0008, Important)* a NULL pointer dereference flaw was found in the Linux kernel. Duringa core dump, the kernel did not check if the Virtual Dynamically-linkedShared Object page was accessible. On Intel 64 and AMD64 systems, alocal, unprivileged user could use this flaw to cause a kernel panic byrunning a crafted 32-bit application. (CVE-2009-4271, Important)* an information leak was found in the print_fatal_signal()implementation in the Linux kernel. When"/proc/sys/kernel/print-fatal-signals" is set to 1 (the default value is0), memory that is reachable by the kernel could be leaked touser-space. This issue could also result in a system crash. Note thatthis flaw only affected the i386 architecture. (CVE-2010-0003,Moderate)* on AMD64 systems, it was discovered that the kernel did not ensure theELF interpreter was available before making a call to theSET_PERSONALITY macro. A local attacker could use this flaw to cause adenial of service by running a 32-bit application that attempts toexecute a 64-bit application. (CVE-2010-0307, Moderate)* missing capability checks were found in the ebtables implementation,used for creating an Ethernet bridge firewall. This could allow a local,unprivileged user to bypass intended capability restrictions and modifyebtables rules. (CVE-2010-0007, Low)This update also fixes the following bugs:* under some circumstances, a locking bug could have caused an onlineext3 file system resize to deadlock, which may have, in turn, caused thefile system or the entire system to become unresponsive. In either case,a reboot was required after the deadlock. With this update, usingresize2fs to perform an online resize of an ext3 file system works asexpected. (BZ#553135)* some ATA and SCSI devices were not honoring the barrier=1 mountoption, which could result in data loss after a crash or power loss.This update applies a patch to the Linux SCSI driver to ensure orderedwrite caching. This solution does not provide cache flushes; however, itdoes provide data integrity on devices that have no write caching (orwhere write caching is disabled) and no command queuing. For systemsthat have command queuing or write cache enabled there is no guaranteeof data integrity after a crash. (BZ#560563)* it was found that lpfc_find_target() could loop continuously whenscanning a list of nodes due to a missing spinlock. This missingspinlock allowed the list to be changed after the list_empty() test,resulting in a NULL value, causing the loop. This update adds thespinlock, resolving the issue. (BZ#561453)* the fix for CVE-2009-4538 provided by RHSA-2010:0020 introduced aregression, preventing Wake on LAN (WoL) working for network devicesusing the Intel PRO/1000 Linux driver, e1000e. Attempting to configureWoL for such devices resulted in the following error, even whenconfiguring valid options:"Cannot set new wake-on-lan settings: Operation not supportednot setting wol"This update resolves this regression, and WoL now works as expected fornetwork devices using the e1000e driver. (BZ#565496)The system must be rebooted for this update to take effect.



Security Fixes

Severity
Issued Date: : 2010-03-16
CVE Names: CVE-2009-4271 CVE-2010-0003 CVE-2010-0007
CVE-2010-0008 CVE-2010-0307
This update fixes the following security issues:

Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved