Scientific Linux 5.x Important Kernel Update for DoS Mitigation

Feb 09, 2011 •

LinuxSecurity Advisories

3 - 5 min read

Scientific Large Esm H500

Topics Covered

security advisory denial of service kernel important update Scientific Linux

Important: kernel security and bug fix update

Date: Wed, 9 Feb 2011 15:26:08 -0600
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux

From: Troy Dawson 
Subject: Security ERRATA Important: kernel on SL5.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."

Synopsis:	Important: kernel security and bug fix update
Issue date:	2011-01-18
CVE Names:	CVE-2010-4526

This update fixes the following security issue:

* A flaw was found in the sctp_icmp_proto_unreachable() function in the
Linux kernel's Stream Control Transmission Protocol (SCTP)
implementation. A remote attacker could use this flaw to cause a denial
of service. (CVE-2010-4526, Important)

This update also fixes the following bugs:

* Due to an off-by-one error, gfs2_grow failed to take the very last
"rgrp" parameter into account when adding up the new free space. With
this update, the GFS2 kernel properly counts all the new resource groups
and fixes the "statfs" file correctly. (BZ#666792)

* Prior to this update, a multi-threaded application, which invoked
popen(3) internally, could cause a thread stall by FILE lock corruption.
The application program waited for a FILE lock in glibc, but the lock
seemed to be corrupted, which was caused by a race condition in the COW
(Copy On Write) logic. With this update, the race condition was
corrected and FILE lock corruption no longer occurs. (BZ#667050)

* If an error occurred during I/O, the SCSI driver reset the
"megaraid_sas" controller to restore it to normal state. However, on
Scientific Linux 5, the waiting time to allow a full reset completion
for the "megaraid_sas" controller was too short. The driver incorrectly
recognized the controller as stalled, and, as a result, the system
stalled as well. With this update, more time is given to the controller
to properly restart, thus, the controller operates as expected after
being reset. (BZ#667141)

The system must be rebooted for this update to take effect.

SL 5.x

 SRPMS:
kernel-2.6.18-238.1.1.el5.src.rpm
 i386:
kernel-2.6.18-238.1.1.el5.i686.rpm
kernel-debug-2.6.18-238.1.1.el5.i686.rpm
kernel-debug-devel-2.6.18-238.1.1.el5.i686.rpm
kernel-devel-2.6.18-238.1.1.el5.i686.rpm
kernel-doc-2.6.18-238.1.1.el5.noarch.rpm
kernel-headers-2.6.18-238.1.1.el5.i386.rpm
kernel-PAE-2.6.18-238.1.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-238.1.1.el5.i686.rpm
kernel-xen-2.6.18-238.1.1.el5.i686.rpm
kernel-xen-devel-2.6.18-238.1.1.el5.i686.rpm
 Dependancies:
kernel-module-aufs-2.6.18-238.1.1.el5-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-aufs-2.6.18-238.1.1.el5PAE-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-aufs-2.6.18-238.1.1.el5xen-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-238.1.1.el5-1.2.0-2.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-238.1.1.el5PAE-1.2.0-2.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-238.1.1.el5xen-1.2.0-2.sl5.i686.rpm
kernel-module-ndiswrapper-2.6.18-238.1.1.el5-1.55-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.18-238.1.1.el5PAE-1.55-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.18-238.1.1.el5xen-1.55-1.SL.i686.rpm
kernel-module-openafs-2.6.18-238.1.1.el5-1.4.12-79.sl5.i686.rpm
kernel-module-openafs-2.6.18-238.1.1.el5PAE-1.4.12-79.sl5.i686.rpm
kernel-module-openafs-2.6.18-238.1.1.el5xen-1.4.12-79.sl5.i686.rpm
kernel-module-xfs-2.6.18-238.1.1.el5-0.4-2.sl5.i686.rpm
kernel-module-xfs-2.6.18-238.1.1.el5PAE-0.4-2.sl5.i686.rpm
kernel-module-xfs-2.6.18-238.1.1.el5xen-0.4-2.sl5.i686.rpm

 x86_64:
kernel-2.6.18-238.1.1.el5.x86_64.rpm
kernel-debug-2.6.18-238.1.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-238.1.1.el5.x86_64.rpm
kernel-devel-2.6.18-238.1.1.el5.x86_64.rpm
kernel-doc-2.6.18-238.1.1.el5.noarch.rpm
kernel-headers-2.6.18-238.1.1.el5.x86_64.rpm
kernel-xen-2.6.18-238.1.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-238.1.1.el5.x86_64.rpm
 Dependancies:
kernel-module-aufs-2.6.18-238.1.1.el5-0.20090202.cvs-6.sl5.x86_64.rpm
kernel-module-aufs-2.6.18-238.1.1.el5xen-0.20090202.cvs-6.sl5.x86_64.rpm
kernel-module-ipw3945-2.6.18-238.1.1.el5-1.2.0-2.sl5.x86_64.rpm
kernel-module-ipw3945-2.6.18-238.1.1.el5xen-1.2.0-2.sl5.x86_64.rpm
kernel-module-ndiswrapper-2.6.18-238.1.1.el5-1.55-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.18-238.1.1.el5xen-1.55-1.SL.x86_64.rpm
kernel-module-openafs-2.6.18-238.1.1.el5-1.4.11-76.sl5.x86_64.rpm
kernel-module-openafs-2.6.18-238.1.1.el5-1.4.12-79.sl5.x86_64.rpm
kernel-module-openafs-2.6.18-238.1.1.el5xen-1.4.11-76.sl5.x86_64.rpm
kernel-module-openafs-2.6.18-238.1.1.el5xen-1.4.12-79.sl5.x86_64.rpm

-Connie Sieh
-Troy Dawson

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here