Scientific Linux alert SL-kern-20111020 (kernel) [LWN.net]


From:
    	       riehecky@fnal.gov 
To:
    	       scientific-linux-errata@fnal.gov 
Subject:
    	       Security ERRATA Important: kernel on SL5.x i386/x86_64 
Date:
    	       Mon, 24 Oct 2011 13:07:30 -0500
Message-ID:
    	       <201110241807.p9OI7Uq7027647@fefmon2.fnal.gov>
Archive-link:
    	       Article, Thread
              
Synopsis:    Important: kernel security, bug fix, and enhancement update
Issue Date:  2011-10-20
CVE Numbers: CVE-2011-1160
             CVE-2011-1585
             CVE-2011-2484
             CVE-2011-2496
             CVE-2009-4067
             CVE-2011-2695
             CVE-2011-2699
             CVE-2011-2723
             CVE-2011-3131
             CVE-2011-2942
             CVE-2011-1833
             CVE-2011-3188
             CVE-2011-3191
             CVE-2011-3209
             CVE-2011-3347


The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security fixes:

* The maximum file offset handling for ext4 file systems could allow a
local, unprivileged user to cause a denial of service. (CVE-2011-2695,
Important)

* IPv6 fragment identification value generation could allow a remote
attacker to disrupt a target system's networking, preventing legitimate
users from accessing its services. (CVE-2011-2699, Important)

* A malicious CIFS (Common Internet File System) server could send a
specially-crafted response to a directory read request that would result in
a denial of service or privilege escalation on a system that has a CIFS
share mounted. (CVE-2011-3191, Important)

* A local attacker could use mount.ecryptfs_private to mount (and then
access) a directory they would otherwise not have access to. Note: To
correct this issue, a ecryptfs-utils update must also be
installed. (CVE-2011-1833, Moderate)

* A flaw in the taskstats subsystem could allow a local, unprivileged user
to cause excessive CPU time and memory use. (CVE-2011-2484, Moderate)

* Mapping expansion handling could allow a local, unprivileged user to
cause a denial of service. (CVE-2011-2496, Moderate)

* GRO (Generic Receive Offload) fields could be left in an inconsistent
state. An attacker on the local network could use this flaw to cause a
denial of service. GRO is enabled by default in all network drivers that
support it. (CVE-2011-2723, Moderate)

* A previous update introduced a regression in the Ethernet bridge
implementation. If a system had an interface in a bridge, and an attacker
on the local network could send packets to that interface, they could cause
a denial of service on that system. Xen hypervisor and KVM (Kernel-based
Virtual Machine) hosts often deploy bridge interfaces. (CVE-2011-2942,
Moderate)

* A flaw in the Xen hypervisor IOMMU error handling implementation could
allow a privileged guest user, within a guest operating system that has
direct control of a PCI device, to cause performance degradation on the
host and possibly cause it to hang. (CVE-2011-3131, Moderate)

* IPv4 and IPv6 protocol sequence number and fragment ID generation could
allow a man-in-the-middle attacker to inject packets and possibly hijack
connections. Protocol sequence number and fragment IDs are now more random.
(CVE-2011-3188, Moderate)

* A flaw in the kernel's clock implementation could allow a local,
unprivileged user to cause a denial of service. (CVE-2011-3209, Moderate)

* Non-member VLAN (virtual LAN) packet handling for interfaces in
promiscuous mode and also using the be2net driver could allow an attacker
on the local network to cause a denial of service. (CVE-2011-3347,
Moderate)

* A flaw in the auerswald USB driver could allow a local, unprivileged user
to cause a denial of service or escalate their privileges by inserting a
specially-crafted USB device. (CVE-2009-4067, Low)

* A flaw in the Trusted Platform Module (TPM) implementation could allow a
local, unprivileged user to leak information to user space. (CVE-2011-1160,
Low)

* A local, unprivileged user could possibly mount a CIFS share that
requires authentication without knowing the correct password if the mount
was already mounted by another local user. (CVE-2011-1585, Low)


SL5:
  i386
     kernel-2.6.18-274.7.1.el5.i686.rpm
     kernel-debug-2.6.18-274.7.1.el5.i686.rpm
     kernel-debug-debuginfo-2.6.18-274.7.1.el5.i686.rpm
     kernel-debug-devel-2.6.18-274.7.1.el5.i686.rpm
     kernel-debuginfo-2.6.18-274.7.1.el5.i686.rpm
     kernel-debuginfo-common-2.6.18-274.7.1.el5.i686.rpm
     kernel-devel-2.6.18-274.7.1.el5.i686.rpm
     kernel-headers-2.6.18-274.7.1.el5.i386.rpm
     kernel-PAE-2.6.18-274.7.1.el5.i686.rpm
     kernel-PAE-debuginfo-2.6.18-274.7.1.el5.i686.rpm
     kernel-PAE-devel-2.6.18-274.7.1.el5.i686.rpm
     kernel-xen-2.6.18-274.7.1.el5.i686.rpm
     kernel-xen-debuginfo-2.6.18-274.7.1.el5.i686.rpm
     kernel-xen-devel-2.6.18-274.7.1.el5.i686.rpm
  noarch
     kernel-doc-2.6.18-274.7.1.el5.noarch.rpm
  x86_64
     kernel-2.6.18-274.7.1.el5.x86_64.rpm
     kernel-debug-2.6.18-274.7.1.el5.x86_64.rpm
     kernel-debug-debuginfo-2.6.18-274.7.1.el5.x86_64.rpm
     kernel-debug-devel-2.6.18-274.7.1.el5.x86_64.rpm
     kernel-debuginfo-2.6.18-274.7.1.el5.x86_64.rpm
     kernel-debuginfo-common-2.6.18-274.7.1.el5.x86_64.rpm
     kernel-devel-2.6.18-274.7.1.el5.x86_64.rpm
     kernel-headers-2.6.18-274.7.1.el5.x86_64.rpm
     kernel-xen-2.6.18-274.7.1.el5.x86_64.rpm
     kernel-xen-debuginfo-2.6.18-274.7.1.el5.x86_64.rpm
     kernel-xen-devel-2.6.18-274.7.1.el5.x86_64.rpm

- Scientific Linux Development Team
(Log in to post comments)