Mehrere Probleme in kernel
ID: | RHSA-2007:0488-01 |
Distribution: | Red Hat |
Plattformen: | Red Hat Enterprise Linux |
Datum: | Di, 26. Juni 2007, 12:04 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7203 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0958 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1353 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2525 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2876 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3104 |
Applikationen: | Linux |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2007:0488-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0488.html Issue date: 2007-06-25 Updated on: 2007-06-25 Product: Red Hat Enterprise Linux Keywords: nahant kernel update CVE Names: CVE-2006-5158 CVE-2006-7203 CVE-2007-0773 CVE-2007-0958 CVE-2007-1353 CVE-2007-2172 CVE-2007-2525 CVE-2007-2876 CVE-2007-3104 - --------------------------------------------------------------------- 1. Summary: Updated kernel packages that fix several security issues and bugs in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64 3. Problem description: The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below: * a flaw in the connection tracking support for SCTP that allowed a remote user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-2876, Important) * a flaw in the mount handling routine for 64-bit systems that allowed a local user to cause denial of service (crash). (CVE-2006-7203, Important) * a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access. (CVE-2007-2172, Important) * a flaw in the PPP over Ethernet implementation that allowed a local user to cause a denial of service (memory consumption) by creating a socket using connect and then releasing it before the PPPIOCGCHAN ioctl has been called. (CVE-2007-2525, Important) * a flaw in the fput ioctl handling of 32-bit applications running on 64-bit platforms that allowed a local user to cause a denial of service (panic). (CVE-2007-0773, Important) * a flaw in the NFS locking daemon that allowed a local user to cause denial of service (deadlock). (CVE-2006-5158, Moderate) * a flaw in the sysfs_readdir function that allowed a local user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-3104, Moderate) * a flaw in the core-dump handling that allowed a local user to create core dumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low) * a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak. (CVE-2007-1353, Low) In addition, the following bugs were addressed: * the NFS could recurse on the same spinlock. Also, NFS, under certain conditions, did not completely clean up Posix locks on a file close, leading to mount failures. * the 32bit compatibility didn't return to userspace correct values for the rt_sigtimedwait system call. * the count for unused inodes could be incorrect at times, resulting in dirty data not being written to disk in a timely manner. * the cciss driver had an incorrect disk size calculation (off-by-one error) which prevented disk dumps. Red Hat would like to thank Ilja van Sprundel and the OpenVZ Linux kernel team for reporting issues fixed in this erratum. All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 240855 - kernel spinlock panic in inode.c 241784 - dirty data is not flushed on a timely manner 242558 - CVE-2007-3104 Null pointer to an inode in a dentry can cause an oops in sysfs_readdir 243251 - CVE-2006-5158 NFS lockd deadlock 243252 - CVE-2007-0773 lost fput in a 32-bit ioctl on 64-bit x86 systems 243256 - CVE-2007-0958 core-dumping unreadable binaries via PT_INTERP 243259 - CVE-2007-1353 Bluetooth setsockopt() information leaks 243261 - CVE-2007-2172 fib_semantics.c out of bounds access vulnerability 243262 - CVE-2007-2525 PPPoE socket PPPIOCGCHAN denial of service 243263 - CVE-2006-7203 oops in compat_sys_mount() when data pointer is NULL 243746 - CVE-2007-2876 {ip, nf}_conntrack_sctp: remotely triggerable NULL ptr dereference 243902 - diskdump to cciss fails due to off-by-one size calculation 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-55.0.2.EL.src.rpm 99e36cd288068ee8eb5382302909d103 kernel-2.6.9-55.0.2.EL.src.rpm i386: 7821a3e31be7aa7d16cca26ba3691ef0 kernel-2.6.9-55.0.2.EL.i686.rpm fe75d3fedb4a869125bd3e0c4327cc80 kernel-debuginfo-2.6.9-55.0.2.EL.i686.rpm dea713e9b6b7f9497d677aa50d873d89 kernel-devel-2.6.9-55.0.2.EL.i686.rpm a20b25971292f11f3d43a046403e42a2 kernel-hugemem-2.6.9-55.0.2.EL.i686.rpm 59dfdedcecb4e008c672005e1d8ccf17 kernel-hugemem-devel-2.6.9-55.0.2.EL.i686.rpm eee3f4fe239170496024e48d1ce2313f kernel-smp-2.6.9-55.0.2.EL.i686.rpm b507f1a0fd4d9807fb49f2a9f0cc2c8c kernel-smp-devel-2.6.9-55.0.2.EL.i686.rpm 98f637d317257901254bc54239d394fc kernel-xenU-2.6.9-55.0.2.EL.i686.rpm ec18be5a978d728ffe02efe5c998ed07 kernel-xenU-devel-2.6.9-55.0.2.EL.i686.rpm ia64: c905be71187c3609d4173aafd8216d8d kernel-2.6.9-55.0.2.EL.ia64.rpm 7cfee66805e9ed58cfc574e7bcbc5b1e kernel-debuginfo-2.6.9-55.0.2.EL.ia64.rpm 6ebbde3eb96857b7b21316018878a89b kernel-devel-2.6.9-55.0.2.EL.ia64.rpm 24185d3d81b622debf4749163951b860 kernel-largesmp-2.6.9-55.0.2.EL.ia64.rpm 6d225459226713128623323d8b46f9fb kernel-largesmp-devel-2.6.9-55.0.2.EL.ia64.rpm noarch: 271ee0352607674b31cf6a73f36e363b kernel-doc-2.6.9-55.0.2.EL.noarch.rpm ppc: d41d5baa1e29b246f612c1492a0d5086 kernel-2.6.9-55.0.2.EL.ppc64.rpm a2a047d9ae3d85c55a51f8dbe029c193 kernel-2.6.9-55.0.2.EL.ppc64iseries.rpm a06093113f7d4d2379179d59ee001377 kernel-debuginfo-2.6.9-55.0.2.EL.ppc64.rpm fae5c3b1a858ffab5c5cd83ab19d2212 kernel-debuginfo-2.6.9-55.0.2.EL.ppc64iseries.rpm fcf60609ac3b4893fcc6834b1f2fe6ca kernel-devel-2.6.9-55.0.2.EL.ppc64.rpm 154ac36b8c4ad1081a7a512e412a2bd2 kernel-devel-2.6.9-55.0.2.EL.ppc64iseries.rpm 9286ed2b16bf97d1986051787429e1c9 kernel-largesmp-2.6.9-55.0.2.EL.ppc64.rpm 165d186de7e13c87dc43712e4e789a3e kernel-largesmp-devel-2.6.9-55.0.2.EL.ppc64.rpm s390: fe466acf4194827b25458b9a1dc94e26 kernel-2.6.9-55.0.2.EL.s390.rpm 816a6a10ce4cb6a147ecfedf5f0ba4c3 kernel-debuginfo-2.6.9-55.0.2.EL.s390.rpm bd82f6634a93798eaa1b28aa37b5f482 kernel-devel-2.6.9-55.0.2.EL.s390.rpm s390x: 8b6383a35b1ee7f2c84150b569f2bbe3 kernel-2.6.9-55.0.2.EL.s390x.rpm 9ca5472fc06fffd848b231d22618168a kernel-debuginfo-2.6.9-55.0.2.EL.s390x.rpm 3a4b3363f578859a84e6d83af753ea6c kernel-devel-2.6.9-55.0.2.EL.s390x.rpm x86_64: 4b6c56a9e0ba5944c9d53588c8091bf5 kernel-2.6.9-55.0.2.EL.x86_64.rpm 2e1a4598f4a316735a46973ae57ebaf7 kernel-debuginfo-2.6.9-55.0.2.EL.x86_64.rpm 5213a93b0d19069e503f87c4804b4fec kernel-devel-2.6.9-55.0.2.EL.x86_64.rpm a7786619743e275208358df03f45bd9c kernel-largesmp-2.6.9-55.0.2.EL.x86_64.rpm 7627d84ef02124db2297008fdf08eaaf kernel-largesmp-devel-2.6.9-55.0.2.EL.x86_64.rpm 3e507edb063001e6ef0f7d374f44de17 kernel-smp-2.6.9-55.0.2.EL.x86_64.rpm 34c063e6ff7b0388f8ce6ea61c819b28 kernel-smp-devel-2.6.9-55.0.2.EL.x86_64.rpm a9233bbe6790be33bdfdde003148ab89 kernel-xenU-2.6.9-55.0.2.EL.x86_64.rpm 418886b79b33d3c017728af5c96ffc07 kernel-xenU-devel-2.6.9-55.0.2.EL.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-55.0.2.EL.src.rpm 99e36cd288068ee8eb5382302909d103 kernel-2.6.9-55.0.2.EL.src.rpm i386: 7821a3e31be7aa7d16cca26ba3691ef0 kernel-2.6.9-55.0.2.EL.i686.rpm fe75d3fedb4a869125bd3e0c4327cc80 kernel-debuginfo-2.6.9-55.0.2.EL.i686.rpm dea713e9b6b7f9497d677aa50d873d89 kernel-devel-2.6.9-55.0.2.EL.i686.rpm a20b25971292f11f3d43a046403e42a2 kernel-hugemem-2.6.9-55.0.2.EL.i686.rpm 59dfdedcecb4e008c672005e1d8ccf17 kernel-hugemem-devel-2.6.9-55.0.2.EL.i686.rpm eee3f4fe239170496024e48d1ce2313f kernel-smp-2.6.9-55.0.2.EL.i686.rpm b507f1a0fd4d9807fb49f2a9f0cc2c8c kernel-smp-devel-2.6.9-55.0.2.EL.i686.rpm 98f637d317257901254bc54239d394fc kernel-xenU-2.6.9-55.0.2.EL.i686.rpm ec18be5a978d728ffe02efe5c998ed07 kernel-xenU-devel-2.6.9-55.0.2.EL.i686.rpm noarch: 271ee0352607674b31cf6a73f36e363b kernel-doc-2.6.9-55.0.2.EL.noarch.rpm x86_64: 4b6c56a9e0ba5944c9d53588c8091bf5 kernel-2.6.9-55.0.2.EL.x86_64.rpm 2e1a4598f4a316735a46973ae57ebaf7 kernel-debuginfo-2.6.9-55.0.2.EL.x86_64.rpm 5213a93b0d19069e503f87c4804b4fec kernel-devel-2.6.9-55.0.2.EL.x86_64.rpm a7786619743e275208358df03f45bd9c kernel-largesmp-2.6.9-55.0.2.EL.x86_64.rpm 7627d84ef02124db2297008fdf08eaaf kernel-largesmp-devel-2.6.9-55.0.2.EL.x86_64.rpm 3e507edb063001e6ef0f7d374f44de17 kernel-smp-2.6.9-55.0.2.EL.x86_64.rpm 34c063e6ff7b0388f8ce6ea61c819b28 kernel-smp-devel-2.6.9-55.0.2.EL.x86_64.rpm a9233bbe6790be33bdfdde003148ab89 kernel-xenU-2.6.9-55.0.2.EL.x86_64.rpm 418886b79b33d3c017728af5c96ffc07 kernel-xenU-devel-2.6.9-55.0.2.EL.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-55.0.2.EL.src.rpm 99e36cd288068ee8eb5382302909d103 kernel-2.6.9-55.0.2.EL.src.rpm i386: 7821a3e31be7aa7d16cca26ba3691ef0 kernel-2.6.9-55.0.2.EL.i686.rpm fe75d3fedb4a869125bd3e0c4327cc80 kernel-debuginfo-2.6.9-55.0.2.EL.i686.rpm dea713e9b6b7f9497d677aa50d873d89 kernel-devel-2.6.9-55.0.2.EL.i686.rpm a20b25971292f11f3d43a046403e42a2 kernel-hugemem-2.6.9-55.0.2.EL.i686.rpm 59dfdedcecb4e008c672005e1d8ccf17 kernel-hugemem-devel-2.6.9-55.0.2.EL.i686.rpm eee3f4fe239170496024e48d1ce2313f kernel-smp-2.6.9-55.0.2.EL.i686.rpm b507f1a0fd4d9807fb49f2a9f0cc2c8c kernel-smp-devel-2.6.9-55.0.2.EL.i686.rpm 98f637d317257901254bc54239d394fc kernel-xenU-2.6.9-55.0.2.EL.i686.rpm ec18be5a978d728ffe02efe5c998ed07 kernel-xenU-devel-2.6.9-55.0.2.EL.i686.rpm ia64: c905be71187c3609d4173aafd8216d8d kernel-2.6.9-55.0.2.EL.ia64.rpm 7cfee66805e9ed58cfc574e7bcbc5b1e kernel-debuginfo-2.6.9-55.0.2.EL.ia64.rpm 6ebbde3eb96857b7b21316018878a89b kernel-devel-2.6.9-55.0.2.EL.ia64.rpm 24185d3d81b622debf4749163951b860 kernel-largesmp-2.6.9-55.0.2.EL.ia64.rpm 6d225459226713128623323d8b46f9fb kernel-largesmp-devel-2.6.9-55.0.2.EL.ia64.rpm noarch: 271ee0352607674b31cf6a73f36e363b kernel-doc-2.6.9-55.0.2.EL.noarch.rpm x86_64: 4b6c56a9e0ba5944c9d53588c8091bf5 kernel-2.6.9-55.0.2.EL.x86_64.rpm 2e1a4598f4a316735a46973ae57ebaf7 kernel-debuginfo-2.6.9-55.0.2.EL.x86_64.rpm 5213a93b0d19069e503f87c4804b4fec kernel-devel-2.6.9-55.0.2.EL.x86_64.rpm a7786619743e275208358df03f45bd9c kernel-largesmp-2.6.9-55.0.2.EL.x86_64.rpm 7627d84ef02124db2297008fdf08eaaf kernel-largesmp-devel-2.6.9-55.0.2.EL.x86_64.rpm 3e507edb063001e6ef0f7d374f44de17 kernel-smp-2.6.9-55.0.2.EL.x86_64.rpm 34c063e6ff7b0388f8ce6ea61c819b28 kernel-smp-devel-2.6.9-55.0.2.EL.x86_64.rpm a9233bbe6790be33bdfdde003148ab89 kernel-xenU-2.6.9-55.0.2.EL.x86_64.rpm 418886b79b33d3c017728af5c96ffc07 kernel-xenU-devel-2.6.9-55.0.2.EL.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-55.0.2.EL.src.rpm 99e36cd288068ee8eb5382302909d103 kernel-2.6.9-55.0.2.EL.src.rpm i386: 7821a3e31be7aa7d16cca26ba3691ef0 kernel-2.6.9-55.0.2.EL.i686.rpm fe75d3fedb4a869125bd3e0c4327cc80 kernel-debuginfo-2.6.9-55.0.2.EL.i686.rpm dea713e9b6b7f9497d677aa50d873d89 kernel-devel-2.6.9-55.0.2.EL.i686.rpm a20b25971292f11f3d43a046403e42a2 kernel-hugemem-2.6.9-55.0.2.EL.i686.rpm 59dfdedcecb4e008c672005e1d8ccf17 kernel-hugemem-devel-2.6.9-55.0.2.EL.i686.rpm eee3f4fe239170496024e48d1ce2313f kernel-smp-2.6.9-55.0.2.EL.i686.rpm b507f1a0fd4d9807fb49f2a9f0cc2c8c kernel-smp-devel-2.6.9-55.0.2.EL.i686.rpm 98f637d317257901254bc54239d394fc kernel-xenU-2.6.9-55.0.2.EL.i686.rpm ec18be5a978d728ffe02efe5c998ed07 kernel-xenU-devel-2.6.9-55.0.2.EL.i686.rpm ia64: c905be71187c3609d4173aafd8216d8d kernel-2.6.9-55.0.2.EL.ia64.rpm 7cfee66805e9ed58cfc574e7bcbc5b1e kernel-debuginfo-2.6.9-55.0.2.EL.ia64.rpm 6ebbde3eb96857b7b21316018878a89b kernel-devel-2.6.9-55.0.2.EL.ia64.rpm 24185d3d81b622debf4749163951b860 kernel-largesmp-2.6.9-55.0.2.EL.ia64.rpm 6d225459226713128623323d8b46f9fb kernel-largesmp-devel-2.6.9-55.0.2.EL.ia64.rpm noarch: 271ee0352607674b31cf6a73f36e363b kernel-doc-2.6.9-55.0.2.EL.noarch.rpm x86_64: 4b6c56a9e0ba5944c9d53588c8091bf5 kernel-2.6.9-55.0.2.EL.x86_64.rpm 2e1a4598f4a316735a46973ae57ebaf7 kernel-debuginfo-2.6.9-55.0.2.EL.x86_64.rpm 5213a93b0d19069e503f87c4804b4fec kernel-devel-2.6.9-55.0.2.EL.x86_64.rpm a7786619743e275208358df03f45bd9c kernel-largesmp-2.6.9-55.0.2.EL.x86_64.rpm 7627d84ef02124db2297008fdf08eaaf kernel-largesmp-devel-2.6.9-55.0.2.EL.x86_64.rpm 3e507edb063001e6ef0f7d374f44de17 kernel-smp-2.6.9-55.0.2.EL.x86_64.rpm 34c063e6ff7b0388f8ce6ea61c819b28 kernel-smp-devel-2.6.9-55.0.2.EL.x86_64.rpm a9233bbe6790be33bdfdde003148ab89 kernel-xenU-2.6.9-55.0.2.EL.x86_64.rpm 418886b79b33d3c017728af5c96ffc07 kernel-xenU-devel-2.6.9-55.0.2.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5158 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7203 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0958 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1353 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2525 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2876 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3104 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is |