Stay Secure with the Latest Linux Advisories

security advisorydenial of servicebug fix

SciLinux: CVE-2009-2692 Important Kernel Update for SL5.x

Important: kernel security and bug fix update. Date: Tue, 25 Aug 2009 12:29:31 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Important: kernel on SL5.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." Synopsis: Important: kernel security and bug fix update Issue date: 2009-08-24 CVE Names: CVE-2009-2692 CVE-2009-2698 CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc CVE-2009-2698 kernel: udp socket NULL ptr dereference These updated packages fix the following security issues: * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) These updated packages also fix the following bug: * in the dlm code, a socket was allocated in tcp_connect_to_sock(), but was not freed in the error exit path. This bug led to a memory leak and an unresponsive system. A reported case of this bug occurred after running "cman_tool kill -n [nodename]". (BZ#515432) The system must be rebooted for this update to take effect. SL 5.x SRPMS: kernel-2.6.18-128.7.1.el5.src.rpm i386: kernel-2.6.18-128.7.1.el5.i686.rpm kernel-debug-2.6.18-128.7.1.el5.i686.rpm kernel-debug-devel-2.6.18-128.7.1.el5.i686.rpm kernel-devel-2.6.18-128.7.1.el5.i686.rpm kernel-doc-2.6.18-128.7.1.el5.noarch.rpm kernel-headers-2.6.18-128.7.1.el5.i386.rpm kernel-PAE-2.6.18-128.7.1.el5.i686.rpm kernel-PAE-devel-2.6.18-128.7.1.el5.i686.rpm kernel-xen-2.6.18-128.7.1.el5.i686.rpm kernel-xen-devel-2.6.18-128.7.1.el5.i686.rpm Dependancies: kernel-module-aufs-2.6.18-128.7.1.el5-0.20090202.cvs-6.sl5.i686.rpm kernel-module-aufs-2.6.18-128.7.1.el5PAE-0.20090202.cvs-6.sl5.i686.rpm kernel-module-aufs-2.6.18-128.7.1.el5xen-0.20090202.cvs-6.sl5.i686.rpm kernel-module-fuse-2.6.18-128.7.1.el5-2.6.3-1.sl5.i686.rpm kernel-module-fuse-2.6.18-128.7.1.el5PAE-2.6.3-1.sl5.i686.rpm kernel-module-fuse-2.6.18-128.7.1.el5xen-2.6.3-1.sl5.i686.rpm kernel-module-ipw3945-2.6.18-128.7.1.el5-1.2.0-2.sl5.i686.rpm kernel-module-ipw3945-2.6.18-128.7.1.el5PAE-1.2.0-2.sl5.i686.rpm kernel-module-ipw3945-2.6.18-128.7.1.el5xen-1.2.0-2.sl5.i686.rpm kernel-module-madwifi-2.6.18-128.7.1.el5-0.9.4-15.sl5.i686.rpm kernel-module-madwifi-2.6.18-128.7.1.el5PAE-0.9.4-15.sl5.i686.rpm kernel-module-madwifi-2.6.18-128.7.1.el5xen-0.9.4-15.sl5.i686.rpm kernel-module-madwifi-hal-2.6.18-128.7.1.el5-0.9.4-15.sl5.i686.rpm kernel-module-madwifi-hal-2.6.18-128.7.1.el5PAE-0.9.4-15.sl5.i686.rpm kernel-module-madwifi-hal-2.6.18-128.7.1.el5xen-0.9.4-15.sl5.i686.rpm kernel-module-ndiswrapper-2.6.18-128.7.1.el5-1.53-1.SL.i686.rpm kernel-module-ndiswrapper-2.6.18-128.7.1.el5PAE-1.53-1.SL.i686.rpm kernel-module-ndiswrapper-2.6.18-128.7.1.el5xen-1.53-1.SL.i686.rpm kernel-module-openafs-2.6.18-128.7.1.el5-1.4.7-68.2.SL5.i686.rpm kernel-module-openafs-2.6.18-128.7.1.el5PAE-1.4.7-68.2.SL5.i686.rpm kernel-module-openafs-2.6.18-128.7.1.el5xen-1.4.7-68.2.SL5.i686.rpm kernel-module-xfs-2.6.18-128.7.1.el5-0.4-2.sl5.i686.rpm kernel-module-xfs-2.6.18-128.7.1.el5PAE-0.4-2.sl5.i686.rpm kernel-module-xfs-2.6.18-128.7.1.el5xen-0.4-2.sl5.i686.rpm x86_64: kernel-2.6.18-128.7.1.el5.x86_64.rpm kernel-debug-2.6.18-128.7.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-128.7.1.el5.x86_64.rpm kernel-devel-2.6.18-128.7.1.el5.x86_64.rpm kernel-doc-2.6.18-128.7.1.el5.noarch.rpm kernel-headers-2.6.18-128.7.1.el5.x86_64.rpm kernel-xen-2.6.18-128.7.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-128.7.1.el5.x86_64.rpm Dependancies: kernel-module-aufs-2.6.18-128.7.1.el5-0.20090202.cvs-6.sl5.x86_64.rpm kernel-module-aufs-2.6.18-128.7.1.el5xen-0.20090202.cvs-6.sl5.x86_64.rpm kernel-module-fuse-2.6.18-128.7.1.el5-2.6.3-1.sl5.x86_64.rpm kernel-module-fuse-2.6.18-128.7.1.el5xen-2.6.3-1.sl5.x86_64.rpm kernel-module-ipw3945-2.6.18-128.7.1.el5-1.2.0-2.sl5.x86_64.rpm kernel-module-ipw3945-2.6.18-128.7.1.el5xen-1.2.0-2.sl5.x86_64.rpm kernel-module-madwifi-2.6.18-128.7.1.el5-0.9.4-15.sl5.x86_64.rpm kernel-module-madwifi-2.6.18-128.7.1.el5xen-0.9.4-15.sl5.x86_64.rpm kernel-module-madwifi-hal-2.6.18-128.7.1.el5-0.9.4-15.sl5.x86_64.rpm kernel-module-madwifi-hal-2.6.18-128.7.1.el5xen-0.9.4-15.sl5.x86_64.rpm kernel-module-ndiswrapper-2.6.18-128.7.1.el5-1.53-1.SL.x86_64.rpm kernel-module-ndiswrapper-2.6.18-128.7.1.el5xen-1.53-1.SL.x86_64.rpm kernel-module-openafs-2.6.18-128.7.1.el5-1.4.7-68.2.SL5.x86_64.rpm kernel-module-openafs-2.6.18-128.7.1.el5xen-1.4.7-68.2.SL5.x86_64.rpm kernel-module-xfs-2.6.18-128.7.1.el5-0.4-2.sl5.x86_64.rpm kernel-module-xfs-2.6.18-128.7.1.el5xen-0.4-2.sl5.x86_64.rpm -Connie Sieh -Troy Dawson . The recent kernel security patch for SL5.x addresses significant vulnerabilities and issues to improve overall system reliability and safeguard against potential threats.. kernel security, SL5 updates, bug fixes, denial of service, privilege escalation. . Severity: Important. LinuxSecurity.com Team

Aug 25, 2009 •Important Scientific Linux