Date:         Tue, 9 Feb 2010 10:20:15 -0600
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      FASTBUGS for SL 4.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

The following FASTBUGS have been uploaded to


          i386:
audit-1.0.16-4.el4_8.1.i386.rpm
audit-libs-1.0.16-4.el4_8.1.i386.rpm
audit-libs-devel-1.0.16-4.el4_8.1.i386.rpm
bind-9.2.4-30.el4_8.5.i386.rpm
bind-chroot-9.2.4-30.el4_8.5.i386.rpm
bind-devel-9.2.4-30.el4_8.5.i386.rpm
bind-libs-9.2.4-30.el4_8.5.i386.rpm
bind-utils-9.2.4-30.el4_8.5.i386.rpm
nss_ldap-253-7.el4_8.1.i386.rpm
parted-1.6.19-23.EL.1.i386.rpm
parted-devel-1.6.19-23.EL.1.i386.rpm
rgmanager-1.9.87-1.el4_8.1.i386.rpm
         x86_64:
audit-1.0.16-4.el4_8.1.x86_64.rpm
audit-libs-1.0.16-4.el4_8.1.i386.rpm
audit-libs-1.0.16-4.el4_8.1.x86_64.rpm
audit-libs-devel-1.0.16-4.el4_8.1.x86_64.rpm
bind-9.2.4-30.el4_8.5.x86_64.rpm
bind-chroot-9.2.4-30.el4_8.5.x86_64.rpm
bind-devel-9.2.4-30.el4_8.5.x86_64.rpm
bind-libs-9.2.4-30.el4_8.5.i386.rpm
bind-libs-9.2.4-30.el4_8.5.x86_64.rpm
bind-utils-9.2.4-30.el4_8.5.x86_64.rpm
nss_ldap-253-7.el4_8.1.i386.rpm
nss_ldap-253-7.el4_8.1.x86_64.rpm
parted-1.6.19-23.EL.1.x86_64.rpm
parted-devel-1.6.19-23.EL.1.x86_64.rpm
rgmanager-1.9.87-1.el4_8.1.x86_64.rpm


-Connie Sieh
-Troy Dawson
Date:         Tue, 9 Feb 2010 10:25:16 -0600
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      FASTBUGS for SL 5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

The following FASTBUGS have been uploaded to



         i386:
coolkey-1.1.0-14.el5.i386.rpm
coolkey-devel-1.1.0-14.el5.i386.rpm
esc-1.1.0-11.el5.i386.rpm
iscsi-initiator-utils-6.2.0.871-0.12.el5_4.1.i386.rpm
systemtap-0.9.7-5.el5_4.1.i386.rpm
systemtap-client-0.9.7-5.el5_4.1.i386.rpm
systemtap-initscript-0.9.7-5.el5_4.1.i386.rpm
systemtap-runtime-0.9.7-5.el5_4.1.i386.rpm
systemtap-sdt-devel-0.9.7-5.el5_4.1.i386.rpm
systemtap-server-0.9.7-5.el5_4.1.i386.rpm
systemtap-testsuite-0.9.7-5.el5_4.1.i386.rpm

        x86_64:
coolkey-1.1.0-14.el5.i386.rpm
coolkey-1.1.0-14.el5.x86_64.rpm
coolkey-devel-1.1.0-14.el5.i386.rpm
coolkey-devel-1.1.0-14.el5.x86_64.rpm
esc-1.1.0-11.el5.x86_64.rpm
iscsi-initiator-utils-6.2.0.871-0.12.el5_4.1.x86_64.rpm
systemtap-0.9.7-5.el5_4.1.x86_64.rpm
systemtap-client-0.9.7-5.el5_4.1.x86_64.rpm
systemtap-initscript-0.9.7-5.el5_4.1.x86_64.rpm
systemtap-runtime-0.9.7-5.el5_4.1.x86_64.rpm
systemtap-sdt-devel-0.9.7-5.el5_4.1.i386.rpm
systemtap-sdt-devel-0.9.7-5.el5_4.1.x86_64.rpm
systemtap-server-0.9.7-5.el5_4.1.x86_64.rpm
systemtap-testsuite-0.9.7-5.el5_4.1.x86_64.rpm


-Connie Sieh
-Troy Dawson
Date:         Tue, 9 Feb 2010 11:33:28 -0600
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Important: kvm on SL5.4 i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Important: kvm security and bug fix update
Issue date:	2010-02-09
CVE Names:	CVE-2010-0297 CVE-2010-0298 CVE-2010-0306
                 CVE-2010-0309

The x86 emulator implementation was missing a check for the Current
Privilege Level (CPL) and I/O Privilege Level (IOPL). A user in a guest
could leverage these flaws to cause a denial of service (guest crash) or
possibly escalate their privileges within that guest. (CVE-2010-0298,
CVE-2010-0306)

A flaw was found in the Programmable Interval Timer (PIT) emulation. 
Access to the internal data structure pit_state, which represents the 
data state of the emulated PIT, was not properly validated in the 
pit_ioport_read() function. A privileged guest user could use this flaw 
to crash the host. (CVE-2010-0309)

A flaw was found in the USB passthrough handling code. A 
specially-crafted USB packet sent from inside a guest could be used to 
trigger a buffer overflow in the usb_host_handle_control() function, 
which runs under the QEMU-KVM context on the host. A user in a guest 
could leverage this flaw to cause a denial of service (guest hang or 
crash) or possibly escalate their privileges within the host. 
(CVE-2010-0297)

This update also fixes the following bugs:

* pvclock MSR values were not preserved during remote migration, causing
time drift for guests. (BZ#537028)

* SMBIOS table 4 data is now generated for Windows guests. (BZ#545874)

* if the qemu-kvm "-net user" option was used, unattended Windows XP
installations did not receive an IP address after reboot. (BZ#546562)

* when being restored from migration, a race condition caused Windows
Server 2008 R2 guests to hang during shutdown. (BZ#546563)

* the kernel symbol checking on the kvm-kmod build process has a safety
check for ABI changes. (BZ#547293)

* on hosts without high-res timers, Windows Server 2003 guests 
experienced significant time drift. (BZ#547625)

* in some situations, installing Windows Server 2008 R2 from an ISO 
image resulted in a blue screen "BAD_POOL_HEADER" stop error. (BZ#548368)

* a bug in the grow_refcount_table() error handling caused infinite
recursion in some cases. This caused the qemu-kvm process to hang and
eventually crash. (BZ#552159)

* for Windows Server 2003 R2, Service Pack 2, 32-bit guests, an 
"unhandled vm exit" error could occur during reboot on some systems. 
(BZ#552518)

* for Windows guests, QEMU could attempt to stop a stopped audio device,
resulting in a "snd_playback_stop: ASSERT playback_channel->base.active
failed" error. (BZ#552519)

* the Hypercall driver did not reset the device on power-down. (BZ#552528)

* mechanisms have been added to make older savevm versions to be emitted 
in some cases. (BZ#552529)

* an error in the Makefile prevented users from using the source RPM to
install KVM. (BZ#552530)

* guests became unresponsive and could use up to 100% CPU when running
certain benchmark tests with more than 7 guests running simultaneously.
(BZ#553249)

* QEMU could terminate randomly with virtio-net and SMP enabled.
(BZ#561022)

NOTE - The following procedure must be performed before this update will 
take effect:

1) Stop all KVM guest virtual machines.

2) Either reboot the hypervisor machine or, as the root user, remove 
(using "modprobe -r [module]") and reload (using "modprobe [module]") 
all of the following modules which are currently running (determined 
using "lsmod"): kvm, ksm, kvm-intel or kvm-amd.

3) Restart the KVM guest virtual machines.

SL 5.x

     SRPMS:
kvm-83-105.el5_4.22.src.rpm
     x86_64:
kmod-kvm-83-105.el5_4.22.x86_64.rpm
kvm-83-105.el5_4.22.x86_64.rpm
kvm-qemu-img-83-105.el5_4.22.x86_64.rpm
kvm-tools-83-105.el5_4.22.x86_64.rpm

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2010-0297 Important: kvm SL5.4 i386/x86_64

Important: kvm security and bug fix update

Summary

Privilege Level (CPL) and I/O Privilege Level (IOPL). A user in a guestcould leverage these flaws to cause a denial of service (guest crash) orpossibly escalate their privileges within that guest. (CVE-2010-0298,CVE-2010-0306)A flaw was found in the Programmable Interval Timer (PIT) emulation.Access to the internal data structure pit_state, which represents thedata state of the emulated PIT, was not properly validated in thepit_ioport_read() function. A privileged guest user could use this flawto crash the host. (CVE-2010-0309)A flaw was found in the USB passthrough handling code. Aspecially-crafted USB packet sent from inside a guest could be used totrigger a buffer overflow in the usb_host_handle_control() function,which runs under the QEMU-KVM context on the host. A user in a guestcould leverage this flaw to cause a denial of service (guest hang orcrash) or possibly escalate their privileges within the host.(CVE-2010-0297)This update also fixes the following bugs:* pvclock MSR values were not preserved during remote migration, causingtime drift for guests. (BZ#537028)* SMBIOS table 4 data is now generated for Windows guests. (BZ#545874)* if the qemu-kvm "-net user" option was used, unattended Windows XPinstallations did not receive an IP address after reboot. (BZ#546562)* when being restored from migration, a race condition caused WindowsServer 2008 R2 guests to hang during shutdown. (BZ#546563)* the kernel symbol checking on the kvm-kmod build process has a safetycheck for ABI changes. (BZ#547293)* on hosts without high-res timers, Windows Server 2003 guestsexperienced significant time drift. (BZ#547625)* in some situations, installing Windows Server 2008 R2 from an ISOimage resulted in a blue screen "BAD_POOL_HEADER" stop error. (BZ#548368)* a bug in the grow_refcount_table() error handling caused infiniterecursion in some cases. This caused the qemu-kvm process to hang andeventually crash. (BZ#552159)* for Windows Server 2003 R2, Service Pack 2, 32-bit guests, an"unhandled vm exit" error could occur during reboot on some systems.(BZ#552518)* for Windows guests, QEMU could attempt to stop a stopped audio device,resulting in a "snd_playback_stop: ASSERT playback_channel->base.activefailed" error. (BZ#552519)* the Hypercall driver did not reset the device on power-down. (BZ#552528)* mechanisms have been added to make older savevm versions to be emittedin some cases. (BZ#552529)* an error in the Makefile prevented users from using the source RPM toinstall KVM. (BZ#552530)* guests became unresponsive and could use up to 100% CPU when runningcertain benchmark tests with more than 7 guests running simultaneously.(BZ#553249)* QEMU could terminate randomly with virtio-net and SMP enabled.(BZ#561022)NOTE - The following procedure must be performed before this update willtake effect:1) Stop all KVM guest virtual machines.2) Either reboot the hypervisor machine or, as the root user, remove(using "modprobe -r [module]") and reload (using "modprobe [module]")all of the following modules which are currently running (determinedusing "lsmod"): kvm, ksm, kvm-intel or kvm-amd.3) Restart the KVM guest virtual machines.SL 5.xSRPMS:kvm-83-105.el5_4.22.src.rpmx86_64:kmod-kvm-83-105.el5_4.22.x86_64.rpmkvm-83-105.el5_4.22.x86_64.rpmkvm-qemu-img-83-105.el5_4.22.x86_64.rpmkvm-tools-83-105.el5_4.22.x86_64.rpm-Connie Sieh-Troy Dawson



Security Fixes

Severity
Issued Date: : 2010-02-09
CVE Names: CVE-2010-0297 CVE-2010-0298 CVE-2010-0306
CVE-2010-0309
The x86 emulator implementation was missing a check for the Current

Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved