Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2009.1643 Important: kernel security and bug fix update 16 December 2009 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 5 Red Hat Enterprise Linux WS/Desktop 5 Red Hat Enterprise Linux Server 5.2.z Red Hat Enterprise Linux AS/ES/WS 4 Red Hat Enterprise Linux Desktop 4 Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Denial of Service -- Existing Account Increased Privileges -- Existing Account Access Privileged Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2009-3726 CVE-2009-3621 CVE-2009-3620 CVE-2009-3613 CVE-2009-3612 CVE-2009-3547 CVE-2009-2910 CVE-2009-2695 Reference: ESB-2009.1588 ESB-2009.1581 ESB-2009.1542 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2009-1670.html https://rhn.redhat.com/errata/RHSA-2009-1671.html https://rhn.redhat.com/errata/RHSA-2009-1672.html Comment: This bulletin contains three (3) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2009:1670-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1670.html Issue date: 2009-12-15 CVE Names: CVE-2009-3612 CVE-2009-3620 CVE-2009-3621 CVE-2009-3726 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * NULL pointer dereference flaws in the r128 driver. Checks to test if the Concurrent Command Engine state was initialized were missing in private IOCTL functions. An attacker could use these flaws to cause a local denial of service or escalate their privileges. (CVE-2009-3620, Important) * a NULL pointer dereference flaw in the NFSv4 implementation. Several NFSv4 file locking functions failed to check whether a file had been opened on the server before performing locking operations on it. A local user on a system with an NFSv4 share mounted could possibly use this flaw to cause a denial of service or escalate their privileges. (CVE-2009-3726, Important) * a flaw in tcf_fill_node(). A certain data structure in this function was not initialized properly before being copied to user-space. This could lead to an information leak. (CVE-2009-3612, Moderate) * unix_stream_connect() did not check if a UNIX domain socket was in the shutdown state. This could lead to a deadlock. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2009-3621, Moderate) Knowledgebase DOC-20536 has steps to mitigate NULL pointer dereference flaws. Bug fixes: * frequently changing a CPU between online and offline caused a kernel panic on some systems. (BZ#545583) * for the LSI Logic LSI53C1030 Ultra320 SCSI controller, read commands sent could receive incorrect data, preventing correct data transfer. (BZ#529308) * pciehp could not detect PCI Express hot plug slots on some systems. (BZ#530383) * soft lockups: inotify race and contention on dcache_lock. (BZ#533822, BZ#537019) * priority ordered lists are now used for threads waiting for a given mutex. (BZ#533858) * a deadlock in DLM could cause GFS2 file systems to lock up. (BZ#533859) * use-after-free bug in the audit subsystem crashed certain systems when running usermod. (BZ#533861) * on certain hardware configurations, a kernel panic when the Broadcom iSCSI offload driver (bnx2i.ko and cnic.ko) was loaded. (BZ#537014) * qla2xxx: Enabled MSI-X, and correctly handle the module parameter to control it. This improves performance for certain systems. (BZ#537020) * system crash when reading the cpuaffinity file on a system. (BZ#537346) * suspend-resume problems on systems with lots of logical CPUs, e.g. BX-EX. (BZ#539674) * off-by-one error in the legacy PCI bus check. (BZ#539675) * TSC was not made available on systems with multi-clustered APICs. This could cause slow performance for time-sensitive applications. (BZ#539676) * ACPI: ARB_DISABLE now disabled on platforms that do not need it. (BZ#539677) * fix node to core and power-aware scheduling issues, and a kernel panic during boot on certain AMD Opteron processors. (BZ#539678, BZ#540469, BZ#539680, BZ#539682) * APIC timer interrupt issues on some AMD Opteron systems prevented achieving full power savings. (BZ#539681) * general OProfile support for some newer Intel processors. (BZ#539683) * system crash during boot when NUMA is enabled on systems using MC and kernel-xen. (BZ#539684) * on some larger systems, performance issues due to a spinlock. (BZ#539685) * APIC errors when IOMMU is enabled on some AMD Opteron systems. (BZ#539687) * on some AMD Opteron systems, repeatedly taking a CPU offline then online caused a system hang. (BZ#539688) * I/O page fault errors on some systems. (BZ#539689) * certain memory configurations could cause the kernel-xen kernel to fail to boot on some AMD Opteron systems. (BZ#539690) * NMI watchdog is now disabled for offline CPUs. (BZ#539691) * duplicate directories in /proc/acpi/processor/ on BX-EX systems. (BZ#539692) * links did not come up when using bnx2x with certain Broadcom devices. (BZ#540381) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 528868 - CVE-2009-3612 kernel: tcf_fill_node() infoleak due to typo in 9ef1d4c7 529227 - CVE-2009-3726 kernel: nfsv4: kernel panic in nfs4_proc_lock() 529308 - [5.4]The errata 28 fix on LSI53C1030 hasn't been included yet. [rhel-5.4.z] 529597 - CVE-2009-3620 kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised 529626 - CVE-2009-3621 kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket 530383 - [5.3] PCIe hotplug slot detection failure [rhel-5.4.z] 533822 - CRM 1908390 - BUG: warning at fs/inotify.c:181/set_dentry_child_flags() [rhel-5.4.z] 533858 - threads on pthread_mutex_lock wake in fifo order, but posix specifies by priority [rhel-5.4.z] 533859 - dlm_recv deadlock under memory pressure while processing GFP_KERNEL locks. [rhel-5.4.z] 533861 - system crashes in audit_update_watch() [rhel-5.4.z] 537014 - Panic on boot when loading iscsid with broadcom NIC [rhel-5.4.z] 537019 - kernel: BUG: soft lockup with dcache_lock [rhel-5.4.z] 537020 - [QLogic 5.4.z bug] qla2xxx - enable MSI-X and correct/cleanup irq request code [rhel-5.4.z] 537346 - kernel: NULL pointer dereference in pci_bus_show_cpuaffinity() [rhel-5.4.z] 539675 - [Intel 5.5 FEAT] Add ability to access Nehalem uncore config space [rhel-5.4.z] 539676 - [Intel 5.5 FEAT] Support Intel multi-APIC-cluster systems [rhel-5.4.z] 539677 - [Intel 5.5 FEAT] ACPI: Disable ARB_DISABLE on platforms where it is not needed [rhel-5.4.z] 539678 - Fix node to core association [rhel-5.4.z] 539680 - Fix Power-aware scheduling [rhel-5.4.z] 539681 - Fix AMD erratum - server C1E [rhel-5.4.z] 539682 - Fix kernel panic while booting RHEL5 32-bit kernel [rhel-5.4.z] 539683 - [Intel 5.5 FEAT] Oprofile: Add support for arch perfmon - kernel component [rhel-5.4.z] 539684 - EXPERIMENTAL EX/MC: Fix Xen NUMA [rhel-5.4.z] 539685 - [Intel 5.5 FEAT] Fix spinlock issue which causes performance impact on large systems [rhel-5.4.z] 539687 - EXPERIMENTAL MC/EX: Fix APIC error IOMMU issues [rhel-5.4.z] 539688 - EXPERIMENTAL MC/EX: Issue when bringing CPU offline and online with 32-bit kernel [rhel-5.4.z] 539689 - EXPERIMENTAL EX/MC: AMD IOMMU Linux driver with latest BIOS has IO PAGE FAULTS [rhel-5.4.z] 539690 - EXPERIMENTAL MC/EX: Incorrect memory setup can cause Xen crash [rhel-5.4.z] 539691 - [Intel 5.5 BUG] NMI and Watchdog are not disabled on CPU when CPU is off-lined [rhel-5.4.z] 540381 - Broadcom Everest Dual port 10Gb with SFP+ (57711) NIC fails with no link [rhel-5.4.z] 540469 - EXPERIMENTAL EX/MC: Fix node to core issue [rhel-5.4.z] 545583 - kernel panic when doing cpu offline/online frequently on hp-dl785g5-01.rhts.eng.bos.redhat.com [rhel-5.4.z] 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-164.9.1.el5.src.rpm i386: kernel-2.6.18-164.9.1.el5.i686.rpm kernel-PAE-2.6.18-164.9.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-164.9.1.el5.i686.rpm kernel-PAE-devel-2.6.18-164.9.1.el5.i686.rpm kernel-debug-2.6.18-164.9.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-164.9.1.el5.i686.rpm kernel-debug-devel-2.6.18-164.9.1.el5.i686.rpm kernel-debuginfo-2.6.18-164.9.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-164.9.1.el5.i686.rpm kernel-devel-2.6.18-164.9.1.el5.i686.rpm kernel-headers-2.6.18-164.9.1.el5.i386.rpm kernel-xen-2.6.18-164.9.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-164.9.1.el5.i686.rpm kernel-xen-devel-2.6.18-164.9.1.el5.i686.rpm noarch: kernel-doc-2.6.18-164.9.1.el5.noarch.rpm x86_64: kernel-2.6.18-164.9.1.el5.x86_64.rpm kernel-debug-2.6.18-164.9.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-164.9.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-164.9.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-164.9.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-164.9.1.el5.x86_64.rpm kernel-devel-2.6.18-164.9.1.el5.x86_64.rpm kernel-headers-2.6.18-164.9.1.el5.x86_64.rpm kernel-xen-2.6.18-164.9.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-164.9.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-164.9.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-164.9.1.el5.src.rpm i386: kernel-2.6.18-164.9.1.el5.i686.rpm kernel-PAE-2.6.18-164.9.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-164.9.1.el5.i686.rpm kernel-PAE-devel-2.6.18-164.9.1.el5.i686.rpm kernel-debug-2.6.18-164.9.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-164.9.1.el5.i686.rpm kernel-debug-devel-2.6.18-164.9.1.el5.i686.rpm kernel-debuginfo-2.6.18-164.9.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-164.9.1.el5.i686.rpm kernel-devel-2.6.18-164.9.1.el5.i686.rpm kernel-headers-2.6.18-164.9.1.el5.i386.rpm kernel-xen-2.6.18-164.9.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-164.9.1.el5.i686.rpm kernel-xen-devel-2.6.18-164.9.1.el5.i686.rpm ia64: kernel-2.6.18-164.9.1.el5.ia64.rpm kernel-debug-2.6.18-164.9.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-164.9.1.el5.ia64.rpm kernel-debug-devel-2.6.18-164.9.1.el5.ia64.rpm kernel-debuginfo-2.6.18-164.9.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-164.9.1.el5.ia64.rpm kernel-devel-2.6.18-164.9.1.el5.ia64.rpm kernel-headers-2.6.18-164.9.1.el5.ia64.rpm kernel-xen-2.6.18-164.9.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-164.9.1.el5.ia64.rpm kernel-xen-devel-2.6.18-164.9.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-164.9.1.el5.noarch.rpm ppc: kernel-2.6.18-164.9.1.el5.ppc64.rpm kernel-debug-2.6.18-164.9.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-164.9.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-164.9.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-164.9.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-164.9.1.el5.ppc64.rpm kernel-devel-2.6.18-164.9.1.el5.ppc64.rpm kernel-headers-2.6.18-164.9.1.el5.ppc.rpm kernel-headers-2.6.18-164.9.1.el5.ppc64.rpm kernel-kdump-2.6.18-164.9.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-164.9.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-164.9.1.el5.ppc64.rpm s390x: kernel-2.6.18-164.9.1.el5.s390x.rpm kernel-debug-2.6.18-164.9.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-164.9.1.el5.s390x.rpm kernel-debug-devel-2.6.18-164.9.1.el5.s390x.rpm kernel-debuginfo-2.6.18-164.9.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-164.9.1.el5.s390x.rpm kernel-devel-2.6.18-164.9.1.el5.s390x.rpm kernel-headers-2.6.18-164.9.1.el5.s390x.rpm kernel-kdump-2.6.18-164.9.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-164.9.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-164.9.1.el5.s390x.rpm x86_64: kernel-2.6.18-164.9.1.el5.x86_64.rpm kernel-debug-2.6.18-164.9.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-164.9.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-164.9.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-164.9.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-164.9.1.el5.x86_64.rpm kernel-devel-2.6.18-164.9.1.el5.x86_64.rpm kernel-headers-2.6.18-164.9.1.el5.x86_64.rpm kernel-xen-2.6.18-164.9.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-164.9.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-164.9.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-3612.html https://www.redhat.com/security/data/cve/CVE-2009-3620.html https://www.redhat.com/security/data/cve/CVE-2009-3621.html https://www.redhat.com/security/data/cve/CVE-2009-3726.html http://www.redhat.com/security/updates/classification/#important http://kbase.redhat.com/faq/docs/DOC-20536 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLJ8maXlSAg2UNWIIRAspdAJ9snL9coMoBs6EsIPtbeGSFN1rkVwCfZoZ4 GF10zDJTMEN78Yztkoy4UAU= =vFYn - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2009:1671-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1671.html Issue date: 2009-12-15 CVE Names: CVE-2009-2910 CVE-2009-3613 CVE-2009-3620 CVE-2009-3621 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. pci_unmap_single() presented a memory leak that could lead to IOMMU space exhaustion and a system crash. An attacker on the local network could trigger this flaw by using jumbo frames for large amounts of network traffic. (CVE-2009-3613, Important) * NULL pointer dereference flaws were found in the r128 driver in the Linux kernel. Checks to test if the Concurrent Command Engine state was initialized were missing in private IOCTL functions. An attacker could use these flaws to cause a local denial of service or escalate their privileges. (CVE-2009-3620, Important) * an information leak was found in the Linux kernel. On AMD64 systems, 32-bit processes could access and read certain 64-bit registers by temporarily switching themselves to 64-bit mode. (CVE-2009-2910, Moderate) * the unix_stream_connect() function in the Linux kernel did not check if a UNIX domain socket was in the shutdown state. This could lead to a deadlock. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2009-3621, Moderate) This update also fixes the following bugs: * an iptables rule with the recent module and a hit count value greater than the ip_pkt_list_tot parameter (the default is 20), did not have any effect over packets, as the hit count could not be reached. (BZ#529306) * in environments that use dual-controller storage devices with the cciss driver, Device-Mapper Multipath maps could not be detected and configured, due to the cciss driver not exporting the bus attribute via sysfs. This attribute is now exported. (BZ#529309) * the kernel crashed with a divide error when a certain joystick was attached. (BZ#532027) * a bug in the mptctl_do_mpt_command() function in the mpt driver may have resulted in crashes during boot on i386 systems with certain adapters using the mpt driver, and also running the hugemem kernel. (BZ#533798) * on certain hardware, the igb driver was unable to detect link statuses correctly. This may have caused problems for network bonding, such as failover not occurring. (BZ#534105) * the RHSA-2009:1024 update introduced a regression. After updating to Red Hat Enterprise Linux 4.8 and rebooting, network links often failed to be brought up for interfaces using the forcedeth driver. "no link during initialization" messages may have been logged. (BZ#534112) * the RHSA-2009:1024 update introduced a second regression. On certain systems, PS/2 keyboards failed to work. (BZ#537344) * a bug in checksum offload calculations could have crashed the bnx2x firmware when the iptable_nat module was loaded, causing network traffic to stop. (BZ#537013) * a check has been added to the IPv4 code to make sure that the routing table data structure, rt, is not NULL, to help prevent future bugs in functions that call ip_append_data() from being exploitable. (BZ#537016) * possible kernel pointer dereferences on systems with several NFS mounts (a mixture of "-o lock" and "-o nolock"), which in rare cases may have caused a system crash, have been resolved. (BZ#537017) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 526788 - CVE-2009-2910 kernel: x86_64 32 bit process register leak 529137 - CVE-2009-3613 kernel: flood ping cause out-of-iommu error and panic when mtu larger than 1500 529306 - kernel: ipt_recent: sanity check hit count [rhel-4.9] [rhel-4.8.z] 529309 - CCISS device-mapper-multipath support: missing sysfs attributes [rhel-4.8.z] 529597 - CVE-2009-3620 kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised 529626 - CVE-2009-3621 kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket 532027 - kernel hid-input.c divide error crash [rhel-4.8.z] 533798 - [Cisco/LSI 4.8.z bug] mptctl module dereferences a userspace address, triggering a crash [rhel-4.8.z] 534105 - EL4.8: igb driver fails to detect link status change on SERDES interface [rhel-4.8.z] 534112 - Upgrade from RHEL4U7 to U8 fails to bring up networking with forcedeth driver. [simple patch] [rhel-4.8.z] 537013 - bnx2x fails when iptables is on [rhel-4.8.z] 537016 - kernel: ipv4: make ip_append_data() handle NULL routing table [rhel-4.8.z] 537017 - NLM: Fix Oops in nlmclnt_mark_reclaim() [rhel-4.8.z] 537344 - RHEL4.8 regression: PS/2 keyboard doesn't work on PRIMERGY TX120S1 [rhel-4.8.z] 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-89.0.18.EL.src.rpm i386: kernel-2.6.9-89.0.18.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.18.EL.i686.rpm kernel-devel-2.6.9-89.0.18.EL.i686.rpm kernel-hugemem-2.6.9-89.0.18.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.18.EL.i686.rpm kernel-smp-2.6.9-89.0.18.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.18.EL.i686.rpm kernel-xenU-2.6.9-89.0.18.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.18.EL.i686.rpm ia64: kernel-2.6.9-89.0.18.EL.ia64.rpm kernel-debuginfo-2.6.9-89.0.18.EL.ia64.rpm kernel-devel-2.6.9-89.0.18.EL.ia64.rpm kernel-largesmp-2.6.9-89.0.18.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.0.18.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.0.18.EL.noarch.rpm ppc: kernel-2.6.9-89.0.18.EL.ppc64.rpm kernel-2.6.9-89.0.18.EL.ppc64iseries.rpm kernel-debuginfo-2.6.9-89.0.18.EL.ppc64.rpm kernel-debuginfo-2.6.9-89.0.18.EL.ppc64iseries.rpm kernel-devel-2.6.9-89.0.18.EL.ppc64.rpm kernel-devel-2.6.9-89.0.18.EL.ppc64iseries.rpm kernel-largesmp-2.6.9-89.0.18.EL.ppc64.rpm kernel-largesmp-devel-2.6.9-89.0.18.EL.ppc64.rpm s390: kernel-2.6.9-89.0.18.EL.s390.rpm kernel-debuginfo-2.6.9-89.0.18.EL.s390.rpm kernel-devel-2.6.9-89.0.18.EL.s390.rpm s390x: kernel-2.6.9-89.0.18.EL.s390x.rpm kernel-debuginfo-2.6.9-89.0.18.EL.s390x.rpm kernel-devel-2.6.9-89.0.18.EL.s390x.rpm x86_64: kernel-2.6.9-89.0.18.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.18.EL.x86_64.rpm kernel-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.18.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-smp-2.6.9-89.0.18.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.18.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.18.EL.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-89.0.18.EL.src.rpm i386: kernel-2.6.9-89.0.18.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.18.EL.i686.rpm kernel-devel-2.6.9-89.0.18.EL.i686.rpm kernel-hugemem-2.6.9-89.0.18.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.18.EL.i686.rpm kernel-smp-2.6.9-89.0.18.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.18.EL.i686.rpm kernel-xenU-2.6.9-89.0.18.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.18.EL.i686.rpm noarch: kernel-doc-2.6.9-89.0.18.EL.noarch.rpm x86_64: kernel-2.6.9-89.0.18.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.18.EL.x86_64.rpm kernel-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.18.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-smp-2.6.9-89.0.18.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.18.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.18.EL.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-89.0.18.EL.src.rpm i386: kernel-2.6.9-89.0.18.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.18.EL.i686.rpm kernel-devel-2.6.9-89.0.18.EL.i686.rpm kernel-hugemem-2.6.9-89.0.18.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.18.EL.i686.rpm kernel-smp-2.6.9-89.0.18.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.18.EL.i686.rpm kernel-xenU-2.6.9-89.0.18.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.18.EL.i686.rpm ia64: kernel-2.6.9-89.0.18.EL.ia64.rpm kernel-debuginfo-2.6.9-89.0.18.EL.ia64.rpm kernel-devel-2.6.9-89.0.18.EL.ia64.rpm kernel-largesmp-2.6.9-89.0.18.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.0.18.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.0.18.EL.noarch.rpm x86_64: kernel-2.6.9-89.0.18.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.18.EL.x86_64.rpm kernel-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.18.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-smp-2.6.9-89.0.18.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.18.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.18.EL.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-89.0.18.EL.src.rpm i386: kernel-2.6.9-89.0.18.EL.i686.rpm kernel-debuginfo-2.6.9-89.0.18.EL.i686.rpm kernel-devel-2.6.9-89.0.18.EL.i686.rpm kernel-hugemem-2.6.9-89.0.18.EL.i686.rpm kernel-hugemem-devel-2.6.9-89.0.18.EL.i686.rpm kernel-smp-2.6.9-89.0.18.EL.i686.rpm kernel-smp-devel-2.6.9-89.0.18.EL.i686.rpm kernel-xenU-2.6.9-89.0.18.EL.i686.rpm kernel-xenU-devel-2.6.9-89.0.18.EL.i686.rpm ia64: kernel-2.6.9-89.0.18.EL.ia64.rpm kernel-debuginfo-2.6.9-89.0.18.EL.ia64.rpm kernel-devel-2.6.9-89.0.18.EL.ia64.rpm kernel-largesmp-2.6.9-89.0.18.EL.ia64.rpm kernel-largesmp-devel-2.6.9-89.0.18.EL.ia64.rpm noarch: kernel-doc-2.6.9-89.0.18.EL.noarch.rpm x86_64: kernel-2.6.9-89.0.18.EL.x86_64.rpm kernel-debuginfo-2.6.9-89.0.18.EL.x86_64.rpm kernel-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-largesmp-2.6.9-89.0.18.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-smp-2.6.9-89.0.18.EL.x86_64.rpm kernel-smp-devel-2.6.9-89.0.18.EL.x86_64.rpm kernel-xenU-2.6.9-89.0.18.EL.x86_64.rpm kernel-xenU-devel-2.6.9-89.0.18.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-2910.html https://www.redhat.com/security/data/cve/CVE-2009-3613.html https://www.redhat.com/security/data/cve/CVE-2009-3620.html https://www.redhat.com/security/data/cve/CVE-2009-3621.html http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLJ8m7XlSAg2UNWIIRAsWJAJ4mEMYJQj0Ip6III9iOvjX2Sy8IUwCfQn4X Fcu+dr6IYIeh7sWonyPng2A= =Sw46 - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2009:1672-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1672.html Issue date: 2009-12-15 CVE Names: CVE-2009-2695 CVE-2009-3547 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5.2 Extended Update Support. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5.2.z server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a system with SELinux enforced was more permissive in allowing local users in the unconfined_t domain to map low memory areas even if the mmap_min_addr restriction was enabled. This could aid in the local exploitation of NULL pointer dereference bugs. (CVE-2009-2695, Important) * a NULL pointer dereference flaw was found in each of the following functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could be released by other processes before it is used to update the pipe's reader and writer counters. This could lead to a local denial of service or privilege escalation. (CVE-2009-3547, Important) This update also fixes the following bug: * a bug in the IPv6 implementation in the Linux kernel could have caused an unbalanced reference count. When using network bonding, this bug may have caused a hang when shutting the system down via "shutdown -h", or prevented the network service from being stopped via "service network stop". (BZ#538409) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 517830 - CVE-2009-2695 kernel: SELinux and mmap_min_addr 530490 - CVE-2009-3547 kernel: fs: pipe.c null pointer dereference 538409 - Unbalance reference count in ndisc_recv_ns [rhel-5.2.z] 6. Package List: Red Hat Enterprise Linux (v. 5.2.z server): Source: kernel-2.6.18-92.1.32.el5.src.rpm i386: kernel-2.6.18-92.1.32.el5.i686.rpm kernel-PAE-2.6.18-92.1.32.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-92.1.32.el5.i686.rpm kernel-PAE-devel-2.6.18-92.1.32.el5.i686.rpm kernel-debug-2.6.18-92.1.32.el5.i686.rpm kernel-debug-debuginfo-2.6.18-92.1.32.el5.i686.rpm kernel-debug-devel-2.6.18-92.1.32.el5.i686.rpm kernel-debuginfo-2.6.18-92.1.32.el5.i686.rpm kernel-debuginfo-common-2.6.18-92.1.32.el5.i686.rpm kernel-devel-2.6.18-92.1.32.el5.i686.rpm kernel-headers-2.6.18-92.1.32.el5.i386.rpm kernel-xen-2.6.18-92.1.32.el5.i686.rpm kernel-xen-debuginfo-2.6.18-92.1.32.el5.i686.rpm kernel-xen-devel-2.6.18-92.1.32.el5.i686.rpm ia64: kernel-2.6.18-92.1.32.el5.ia64.rpm kernel-debug-2.6.18-92.1.32.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-92.1.32.el5.ia64.rpm kernel-debug-devel-2.6.18-92.1.32.el5.ia64.rpm kernel-debuginfo-2.6.18-92.1.32.el5.ia64.rpm kernel-debuginfo-common-2.6.18-92.1.32.el5.ia64.rpm kernel-devel-2.6.18-92.1.32.el5.ia64.rpm kernel-headers-2.6.18-92.1.32.el5.ia64.rpm kernel-xen-2.6.18-92.1.32.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-92.1.32.el5.ia64.rpm kernel-xen-devel-2.6.18-92.1.32.el5.ia64.rpm noarch: kernel-doc-2.6.18-92.1.32.el5.noarch.rpm ppc: kernel-2.6.18-92.1.32.el5.ppc64.rpm kernel-debug-2.6.18-92.1.32.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-92.1.32.el5.ppc64.rpm kernel-debug-devel-2.6.18-92.1.32.el5.ppc64.rpm kernel-debuginfo-2.6.18-92.1.32.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-92.1.32.el5.ppc64.rpm kernel-devel-2.6.18-92.1.32.el5.ppc64.rpm kernel-headers-2.6.18-92.1.32.el5.ppc.rpm kernel-headers-2.6.18-92.1.32.el5.ppc64.rpm kernel-kdump-2.6.18-92.1.32.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-92.1.32.el5.ppc64.rpm kernel-kdump-devel-2.6.18-92.1.32.el5.ppc64.rpm s390x: kernel-2.6.18-92.1.32.el5.s390x.rpm kernel-debug-2.6.18-92.1.32.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-92.1.32.el5.s390x.rpm kernel-debug-devel-2.6.18-92.1.32.el5.s390x.rpm kernel-debuginfo-2.6.18-92.1.32.el5.s390x.rpm kernel-debuginfo-common-2.6.18-92.1.32.el5.s390x.rpm kernel-devel-2.6.18-92.1.32.el5.s390x.rpm kernel-headers-2.6.18-92.1.32.el5.s390x.rpm kernel-kdump-2.6.18-92.1.32.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-92.1.32.el5.s390x.rpm kernel-kdump-devel-2.6.18-92.1.32.el5.s390x.rpm x86_64: kernel-2.6.18-92.1.32.el5.x86_64.rpm kernel-debug-2.6.18-92.1.32.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-92.1.32.el5.x86_64.rpm kernel-debug-devel-2.6.18-92.1.32.el5.x86_64.rpm kernel-debuginfo-2.6.18-92.1.32.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-92.1.32.el5.x86_64.rpm kernel-devel-2.6.18-92.1.32.el5.x86_64.rpm kernel-headers-2.6.18-92.1.32.el5.x86_64.rpm kernel-xen-2.6.18-92.1.32.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-92.1.32.el5.x86_64.rpm kernel-xen-devel-2.6.18-92.1.32.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-2695.html https://www.redhat.com/security/data/cve/CVE-2009-3547.html http://www.redhat.com/security/updates/classification/#important http://kbase.redhat.com/faq/docs/DOC-20481 http://kbase.redhat.com/faq/docs/DOC-18042 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLJ8nSXlSAg2UNWIIRAuGnAJ9efdo7qm9BIyy6BShaIuL/xM/gYQCgmi+Q lJzYPF4hmKplmx4ibhEhB4Y= =Q//E - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iD8DBQFLKDg6NVH5XJJInbgRAvL7AJ9M7Y1NUCNAlU7WtcHEOc0JxYBX6QCfcETk FaWrBxSObtyXqcIokCzgozQ= =3T6G -----END PGP SIGNATURE-----