Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2007.0467 -- [Linux][RedHat] Important: kernel security update 27 June 2007 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel Publisher: Red Hat Operating System: Red Hat Enterprise Linux 4 Linux variants Impact: Denial of Service Access Privileged Data Access: Remote/Unauthenticated CVE Names: CVE-2007-3104 CVE-2007-2876 CVE-2007-2525 CVE-2007-2172 CVE-2007-1353 CVE-2007-0958 CVE-2007-0773 CVE-2006-7203 CVE-2006-5158 Ref: ESB-2007.0325 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2007-0488.html Comment: This advisory references vulnerabilities in the Linux kernel that also affect distributions other than Red Hat. It is recommended that administrators running Linux check for an updated version of the kernel for their system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2007:0488-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0488.html Issue date: 2007-06-25 Updated on: 2007-06-25 Product: Red Hat Enterprise Linux Keywords: nahant kernel update CVE Names: CVE-2006-5158 CVE-2006-7203 CVE-2007-0773 CVE-2007-0958 CVE-2007-1353 CVE-2007-2172 CVE-2007-2525 CVE-2007-2876 CVE-2007-3104 - - --------------------------------------------------------------------- 1. Summary: Updated kernel packages that fix several security issues and bugs in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64 3. Problem description: The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below: * a flaw in the connection tracking support for SCTP that allowed a remote user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-2876, Important) * a flaw in the mount handling routine for 64-bit systems that allowed a local user to cause denial of service (crash). (CVE-2006-7203, Important) * a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access. (CVE-2007-2172, Important) * a flaw in the PPP over Ethernet implementation that allowed a local user to cause a denial of service (memory consumption) by creating a socket using connect and then releasing it before the PPPIOCGCHAN ioctl has been called. (CVE-2007-2525, Important) * a flaw in the fput ioctl handling of 32-bit applications running on 64-bit platforms that allowed a local user to cause a denial of service (panic). (CVE-2007-0773, Important) * a flaw in the NFS locking daemon that allowed a local user to cause denial of service (deadlock). (CVE-2006-5158, Moderate) * a flaw in the sysfs_readdir function that allowed a local user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-3104, Moderate) * a flaw in the core-dump handling that allowed a local user to create core dumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low) * a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak. (CVE-2007-1353, Low) In addition, the following bugs were addressed: * the NFS could recurse on the same spinlock. Also, NFS, under certain conditions, did not completely clean up Posix locks on a file close, leading to mount failures. * the 32bit compatibility didn't return to userspace correct values for the rt_sigtimedwait system call. * the count for unused inodes could be incorrect at times, resulting in dirty data not being written to disk in a timely manner. * the cciss driver had an incorrect disk size calculation (off-by-one error) which prevented disk dumps. Red Hat would like to thank Ilja van Sprundel and the OpenVZ Linux kernel team for reporting issues fixed in this erratum. All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 240855 - kernel spinlock panic in inode.c 241784 - dirty data is not flushed on a timely manner 242558 - CVE-2007-3104 Null pointer to an inode in a dentry can cause an oops in sysfs_readdir 243251 - CVE-2006-5158 NFS lockd deadlock 243252 - CVE-2007-0773 lost fput in a 32-bit ioctl on 64-bit x86 systems 243256 - CVE-2007-0958 core-dumping unreadable binaries via PT_INTERP 243259 - CVE-2007-1353 Bluetooth setsockopt() information leaks 243261 - CVE-2007-2172 fib_semantics.c out of bounds access vulnerability 243262 - CVE-2007-2525 PPPoE socket PPPIOCGCHAN denial of service 243263 - CVE-2006-7203 oops in compat_sys_mount() when data pointer is NULL 243746 - CVE-2007-2876 {ip, nf}_conntrack_sctp: remotely triggerable NULL ptr dereference 243902 - diskdump to cciss fails due to off-by-one size calculation 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-55.0.2.EL.src.rpm 99e36cd288068ee8eb5382302909d103 kernel-2.6.9-55.0.2.EL.src.rpm i386: 7821a3e31be7aa7d16cca26ba3691ef0 kernel-2.6.9-55.0.2.EL.i686.rpm fe75d3fedb4a869125bd3e0c4327cc80 kernel-debuginfo-2.6.9-55.0.2.EL.i686.rpm dea713e9b6b7f9497d677aa50d873d89 kernel-devel-2.6.9-55.0.2.EL.i686.rpm a20b25971292f11f3d43a046403e42a2 kernel-hugemem-2.6.9-55.0.2.EL.i686.rpm 59dfdedcecb4e008c672005e1d8ccf17 kernel-hugemem-devel-2.6.9-55.0.2.EL.i686.rpm eee3f4fe239170496024e48d1ce2313f kernel-smp-2.6.9-55.0.2.EL.i686.rpm b507f1a0fd4d9807fb49f2a9f0cc2c8c kernel-smp-devel-2.6.9-55.0.2.EL.i686.rpm 98f637d317257901254bc54239d394fc kernel-xenU-2.6.9-55.0.2.EL.i686.rpm ec18be5a978d728ffe02efe5c998ed07 kernel-xenU-devel-2.6.9-55.0.2.EL.i686.rpm ia64: c905be71187c3609d4173aafd8216d8d kernel-2.6.9-55.0.2.EL.ia64.rpm 7cfee66805e9ed58cfc574e7bcbc5b1e kernel-debuginfo-2.6.9-55.0.2.EL.ia64.rpm 6ebbde3eb96857b7b21316018878a89b kernel-devel-2.6.9-55.0.2.EL.ia64.rpm 24185d3d81b622debf4749163951b860 kernel-largesmp-2.6.9-55.0.2.EL.ia64.rpm 6d225459226713128623323d8b46f9fb kernel-largesmp-devel-2.6.9-55.0.2.EL.ia64.rpm noarch: 271ee0352607674b31cf6a73f36e363b kernel-doc-2.6.9-55.0.2.EL.noarch.rpm ppc: d41d5baa1e29b246f612c1492a0d5086 kernel-2.6.9-55.0.2.EL.ppc64.rpm a2a047d9ae3d85c55a51f8dbe029c193 kernel-2.6.9-55.0.2.EL.ppc64iseries.rpm a06093113f7d4d2379179d59ee001377 kernel-debuginfo-2.6.9-55.0.2.EL.ppc64.rpm fae5c3b1a858ffab5c5cd83ab19d2212 kernel-debuginfo-2.6.9-55.0.2.EL.ppc64iseries.rpm fcf60609ac3b4893fcc6834b1f2fe6ca kernel-devel-2.6.9-55.0.2.EL.ppc64.rpm 154ac36b8c4ad1081a7a512e412a2bd2 kernel-devel-2.6.9-55.0.2.EL.ppc64iseries.rpm 9286ed2b16bf97d1986051787429e1c9 kernel-largesmp-2.6.9-55.0.2.EL.ppc64.rpm 165d186de7e13c87dc43712e4e789a3e kernel-largesmp-devel-2.6.9-55.0.2.EL.ppc64.rpm s390: fe466acf4194827b25458b9a1dc94e26 kernel-2.6.9-55.0.2.EL.s390.rpm 816a6a10ce4cb6a147ecfedf5f0ba4c3 kernel-debuginfo-2.6.9-55.0.2.EL.s390.rpm bd82f6634a93798eaa1b28aa37b5f482 kernel-devel-2.6.9-55.0.2.EL.s390.rpm s390x: 8b6383a35b1ee7f2c84150b569f2bbe3 kernel-2.6.9-55.0.2.EL.s390x.rpm 9ca5472fc06fffd848b231d22618168a kernel-debuginfo-2.6.9-55.0.2.EL.s390x.rpm 3a4b3363f578859a84e6d83af753ea6c kernel-devel-2.6.9-55.0.2.EL.s390x.rpm x86_64: 4b6c56a9e0ba5944c9d53588c8091bf5 kernel-2.6.9-55.0.2.EL.x86_64.rpm 2e1a4598f4a316735a46973ae57ebaf7 kernel-debuginfo-2.6.9-55.0.2.EL.x86_64.rpm 5213a93b0d19069e503f87c4804b4fec kernel-devel-2.6.9-55.0.2.EL.x86_64.rpm a7786619743e275208358df03f45bd9c kernel-largesmp-2.6.9-55.0.2.EL.x86_64.rpm 7627d84ef02124db2297008fdf08eaaf kernel-largesmp-devel-2.6.9-55.0.2.EL.x86_64.rpm 3e507edb063001e6ef0f7d374f44de17 kernel-smp-2.6.9-55.0.2.EL.x86_64.rpm 34c063e6ff7b0388f8ce6ea61c819b28 kernel-smp-devel-2.6.9-55.0.2.EL.x86_64.rpm a9233bbe6790be33bdfdde003148ab89 kernel-xenU-2.6.9-55.0.2.EL.x86_64.rpm 418886b79b33d3c017728af5c96ffc07 kernel-xenU-devel-2.6.9-55.0.2.EL.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-55.0.2.EL.src.rpm 99e36cd288068ee8eb5382302909d103 kernel-2.6.9-55.0.2.EL.src.rpm i386: 7821a3e31be7aa7d16cca26ba3691ef0 kernel-2.6.9-55.0.2.EL.i686.rpm fe75d3fedb4a869125bd3e0c4327cc80 kernel-debuginfo-2.6.9-55.0.2.EL.i686.rpm dea713e9b6b7f9497d677aa50d873d89 kernel-devel-2.6.9-55.0.2.EL.i686.rpm a20b25971292f11f3d43a046403e42a2 kernel-hugemem-2.6.9-55.0.2.EL.i686.rpm 59dfdedcecb4e008c672005e1d8ccf17 kernel-hugemem-devel-2.6.9-55.0.2.EL.i686.rpm eee3f4fe239170496024e48d1ce2313f kernel-smp-2.6.9-55.0.2.EL.i686.rpm b507f1a0fd4d9807fb49f2a9f0cc2c8c kernel-smp-devel-2.6.9-55.0.2.EL.i686.rpm 98f637d317257901254bc54239d394fc kernel-xenU-2.6.9-55.0.2.EL.i686.rpm ec18be5a978d728ffe02efe5c998ed07 kernel-xenU-devel-2.6.9-55.0.2.EL.i686.rpm noarch: 271ee0352607674b31cf6a73f36e363b kernel-doc-2.6.9-55.0.2.EL.noarch.rpm x86_64: 4b6c56a9e0ba5944c9d53588c8091bf5 kernel-2.6.9-55.0.2.EL.x86_64.rpm 2e1a4598f4a316735a46973ae57ebaf7 kernel-debuginfo-2.6.9-55.0.2.EL.x86_64.rpm 5213a93b0d19069e503f87c4804b4fec kernel-devel-2.6.9-55.0.2.EL.x86_64.rpm a7786619743e275208358df03f45bd9c kernel-largesmp-2.6.9-55.0.2.EL.x86_64.rpm 7627d84ef02124db2297008fdf08eaaf kernel-largesmp-devel-2.6.9-55.0.2.EL.x86_64.rpm 3e507edb063001e6ef0f7d374f44de17 kernel-smp-2.6.9-55.0.2.EL.x86_64.rpm 34c063e6ff7b0388f8ce6ea61c819b28 kernel-smp-devel-2.6.9-55.0.2.EL.x86_64.rpm a9233bbe6790be33bdfdde003148ab89 kernel-xenU-2.6.9-55.0.2.EL.x86_64.rpm 418886b79b33d3c017728af5c96ffc07 kernel-xenU-devel-2.6.9-55.0.2.EL.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-55.0.2.EL.src.rpm 99e36cd288068ee8eb5382302909d103 kernel-2.6.9-55.0.2.EL.src.rpm i386: 7821a3e31be7aa7d16cca26ba3691ef0 kernel-2.6.9-55.0.2.EL.i686.rpm fe75d3fedb4a869125bd3e0c4327cc80 kernel-debuginfo-2.6.9-55.0.2.EL.i686.rpm dea713e9b6b7f9497d677aa50d873d89 kernel-devel-2.6.9-55.0.2.EL.i686.rpm a20b25971292f11f3d43a046403e42a2 kernel-hugemem-2.6.9-55.0.2.EL.i686.rpm 59dfdedcecb4e008c672005e1d8ccf17 kernel-hugemem-devel-2.6.9-55.0.2.EL.i686.rpm eee3f4fe239170496024e48d1ce2313f kernel-smp-2.6.9-55.0.2.EL.i686.rpm b507f1a0fd4d9807fb49f2a9f0cc2c8c kernel-smp-devel-2.6.9-55.0.2.EL.i686.rpm 98f637d317257901254bc54239d394fc kernel-xenU-2.6.9-55.0.2.EL.i686.rpm ec18be5a978d728ffe02efe5c998ed07 kernel-xenU-devel-2.6.9-55.0.2.EL.i686.rpm ia64: c905be71187c3609d4173aafd8216d8d kernel-2.6.9-55.0.2.EL.ia64.rpm 7cfee66805e9ed58cfc574e7bcbc5b1e kernel-debuginfo-2.6.9-55.0.2.EL.ia64.rpm 6ebbde3eb96857b7b21316018878a89b kernel-devel-2.6.9-55.0.2.EL.ia64.rpm 24185d3d81b622debf4749163951b860 kernel-largesmp-2.6.9-55.0.2.EL.ia64.rpm 6d225459226713128623323d8b46f9fb kernel-largesmp-devel-2.6.9-55.0.2.EL.ia64.rpm noarch: 271ee0352607674b31cf6a73f36e363b kernel-doc-2.6.9-55.0.2.EL.noarch.rpm x86_64: 4b6c56a9e0ba5944c9d53588c8091bf5 kernel-2.6.9-55.0.2.EL.x86_64.rpm 2e1a4598f4a316735a46973ae57ebaf7 kernel-debuginfo-2.6.9-55.0.2.EL.x86_64.rpm 5213a93b0d19069e503f87c4804b4fec kernel-devel-2.6.9-55.0.2.EL.x86_64.rpm a7786619743e275208358df03f45bd9c kernel-largesmp-2.6.9-55.0.2.EL.x86_64.rpm 7627d84ef02124db2297008fdf08eaaf kernel-largesmp-devel-2.6.9-55.0.2.EL.x86_64.rpm 3e507edb063001e6ef0f7d374f44de17 kernel-smp-2.6.9-55.0.2.EL.x86_64.rpm 34c063e6ff7b0388f8ce6ea61c819b28 kernel-smp-devel-2.6.9-55.0.2.EL.x86_64.rpm a9233bbe6790be33bdfdde003148ab89 kernel-xenU-2.6.9-55.0.2.EL.x86_64.rpm 418886b79b33d3c017728af5c96ffc07 kernel-xenU-devel-2.6.9-55.0.2.EL.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-55.0.2.EL.src.rpm 99e36cd288068ee8eb5382302909d103 kernel-2.6.9-55.0.2.EL.src.rpm i386: 7821a3e31be7aa7d16cca26ba3691ef0 kernel-2.6.9-55.0.2.EL.i686.rpm fe75d3fedb4a869125bd3e0c4327cc80 kernel-debuginfo-2.6.9-55.0.2.EL.i686.rpm dea713e9b6b7f9497d677aa50d873d89 kernel-devel-2.6.9-55.0.2.EL.i686.rpm a20b25971292f11f3d43a046403e42a2 kernel-hugemem-2.6.9-55.0.2.EL.i686.rpm 59dfdedcecb4e008c672005e1d8ccf17 kernel-hugemem-devel-2.6.9-55.0.2.EL.i686.rpm eee3f4fe239170496024e48d1ce2313f kernel-smp-2.6.9-55.0.2.EL.i686.rpm b507f1a0fd4d9807fb49f2a9f0cc2c8c kernel-smp-devel-2.6.9-55.0.2.EL.i686.rpm 98f637d317257901254bc54239d394fc kernel-xenU-2.6.9-55.0.2.EL.i686.rpm ec18be5a978d728ffe02efe5c998ed07 kernel-xenU-devel-2.6.9-55.0.2.EL.i686.rpm ia64: c905be71187c3609d4173aafd8216d8d kernel-2.6.9-55.0.2.EL.ia64.rpm 7cfee66805e9ed58cfc574e7bcbc5b1e kernel-debuginfo-2.6.9-55.0.2.EL.ia64.rpm 6ebbde3eb96857b7b21316018878a89b kernel-devel-2.6.9-55.0.2.EL.ia64.rpm 24185d3d81b622debf4749163951b860 kernel-largesmp-2.6.9-55.0.2.EL.ia64.rpm 6d225459226713128623323d8b46f9fb kernel-largesmp-devel-2.6.9-55.0.2.EL.ia64.rpm noarch: 271ee0352607674b31cf6a73f36e363b kernel-doc-2.6.9-55.0.2.EL.noarch.rpm x86_64: 4b6c56a9e0ba5944c9d53588c8091bf5 kernel-2.6.9-55.0.2.EL.x86_64.rpm 2e1a4598f4a316735a46973ae57ebaf7 kernel-debuginfo-2.6.9-55.0.2.EL.x86_64.rpm 5213a93b0d19069e503f87c4804b4fec kernel-devel-2.6.9-55.0.2.EL.x86_64.rpm a7786619743e275208358df03f45bd9c kernel-largesmp-2.6.9-55.0.2.EL.x86_64.rpm 7627d84ef02124db2297008fdf08eaaf kernel-largesmp-devel-2.6.9-55.0.2.EL.x86_64.rpm 3e507edb063001e6ef0f7d374f44de17 kernel-smp-2.6.9-55.0.2.EL.x86_64.rpm 34c063e6ff7b0388f8ce6ea61c819b28 kernel-smp-devel-2.6.9-55.0.2.EL.x86_64.rpm a9233bbe6790be33bdfdde003148ab89 kernel-xenU-2.6.9-55.0.2.EL.x86_64.rpm 418886b79b33d3c017728af5c96ffc07 kernel-xenU-devel-2.6.9-55.0.2.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5158 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7203 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0958 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1353 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2525 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2876 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3104 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFGgASWXlSAg2UNWIIRAuIcAKCE0+4GtgpwUWl5hC480sqk4UilOgCgnpmI 2fvuVbefA0Z5vHC+x1uBUJY= =pKqc - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRoGbtyh9+71yA2DNAQKzZgQAlohx6alRmxBosBQ21msO0Ar40r1bURSE aJB+fbLhNcMPWXUY0CBWTxRMnO3Azi5YZE+Qnf4lJ5ZTlXAruJdg/UAAfSyHNZZA Y4x+sTULm2pzf5eRhJWkP0loAJPTcO8BTYbfChG+lmSTyzlQ0y2lAMj/2lWXs/yM Sur7OJV9hGw= =M4op -----END PGP SIGNATURE-----