Scientific Linux: CVE-2010-0727 Moderate: GFS Kernel Panic Fix

Date: Wed, 31 Mar 2010 17:00:22 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Moderate: GFS on SL3.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Moderate: GFS security and bug fix update
Issue date:	2010-03-30
CVE Names:	CVE-2010-0727

A flaw was found in the gfs_lock() implementation. The GFS locking code
could skip the lock operation for files that have the S_ISGID bit
(set-group-ID on execution) in their mode set. A local, unprivileged
user on a system that has a GFS file system mounted could use this flaw
to cause a kernel panic. (CVE-2010-0727)

As well, these updated GFS packages are in sync with the latest kernel
(2.4.21-63.EL). The modules in earlier GFS packages fail to load because
they do not match the running kernel. It is possible to force-load the
modules; however, with this update, force-loading the modules is not
required. (BZ#525198)

Users are advised to upgrade to these latest GFS packages, which resolve
this issue and are updated for use with the 2.4.21-63.EL kernel.

SL 3.0.x

 SRPMS:
GFS-6.0.2.36-13.src.rpm
 i386:
GFS-6.0.2.36-13.i686.rpm
GFS-devel-6.0.2.36-13.i686.rpm
GFS-modules-6.0.2.36-13.i686.rpm
GFS-modules-hugemem-6.0.2.36-13.i686.rpm
GFS-modules-smp-6.0.2.36-13.i686.rpm
 x86_64:
GFS-6.0.2.36-13.x86_64.rpm
GFS-devel-6.0.2.36-13.x86_64.rpm
GFS-modules-6.0.2.36-13.x86_64.rpm
GFS-modules-smp-6.0.2.36-13.x86_64.rpm

-Connie Sieh
-Troy Dawson