Date:         Thu, 1 Nov 2007 16:54:53 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA for kernel on SL4.x i386/x86_64
Comments: To: scientific-linux-errata@fnal.gov

Synopsis:	Important: kernel security update
Issue date:	2007-11-01
CVE Names:	CVE-2006-6921 CVE-2007-2878 CVE-2007-3105
                 CVE-2007-3739 CVE-2007-3740 CVE-2007-3843
                 CVE-2007-3848 CVE-2007-4308 CVE-2007-4571

* A flaw was found in the handling of process death signals. This allowed a
local user to send arbitrary signals to the suid-process executed by that
user. A successful exploitation of this flaw depends on the structure of
the suid-program and its signal handling. (CVE-2007-3848, Important)

* A flaw was found in the CIFS file system. This could cause the umask
values of a process to not be honored on CIFS file systems where UNIX
extensions are supported. (CVE-2007-3740, Important)

* A flaw was found in the VFAT compat ioctl handling on 64-bit systems.
This allowed a local user to corrupt a kernel_dirent struct and cause a
denial of service. (CVE-2007-2878, Important)

* A flaw was found in the Advanced Linux Sound Architecture (ALSA). A local
user who had the ability to read the /proc/driver/snd-page-alloc file could
see portions of kernel memory. (CVE-2007-4571, Moderate)

* A flaw was found in the aacraid SCSI driver. This allowed a local user to
make ioctl calls to the driver that should be restricted to privileged
users. (CVE-2007-4308, Moderate)

* A flaw was found in the stack expansion when using the hugetlb kernel on
PowerPC systems. This allowed a local user to cause a denial of service.
(CVE-2007-3739, Moderate)

* A flaw was found in the handling of zombie processes. A local user could
create processes that would not be properly reaped which could lead to a
denial of service. (CVE-2006-6921, Moderate)

* A flaw was found in the CIFS file system handling. The mount option
"sec=" did not enable integrity checking or produce an error message if
used. (CVE-2007-3843, Low)

* A flaw was found in the random number generator implementation that
allowed a local user to cause a denial of service or possibly gain
privileges. This flaw could be exploited if the root user raised the
default wakeup threshold over the size of the output pool.
(CVE-2007-3105, Low)

Additionally, the following bugs were fixed:

* A flaw was found in the kernel netpoll code, creating a potential
deadlock condition.  If the xmit_lock for a given network interface is
held, and a subsequent netpoll event is generated from within the lock
owning context (a console message for example), deadlock on that cpu will
result, because the netpoll code will attempt to re-acquire the xmit_lock.
  The fix is to, in the netpoll code, only attempt to take the lock, and
fail if it is already acquired (rather than block on it), and queue the
message to be sent for later delivery.  Any user of netpoll code in the
kernel (netdump or netconsole services), is exposed to this problem, and
should resolve the issue by upgrading to this kernel release immediately.

* A flaw was found where, under 64-bit mode (x86_64), AMD processors were
not able to address greater than a 40-bit physical address space; and Intel
processors were only able to address up to a 36-bit physical address space.
The fix is to increase the physical addressing for an AMD processor to 48
bits, and an Intel processor to 38 bits.

* A flaw was found in the xenU kernel that may prevent a paravirtualized
guest with more than one CPU from starting when running under an Scientific
Linux 5.1 hypervisor.  The fix is to allow your Scientific Linux 4 Xen SMP
guests to boot under a 5.1 hypervisor.

SL 4.x

   SRPMS:
kernel-2.6.9-55.0.12.EL.src.rpm
   i386:
kernel-2.6.9-55.0.12.EL.i686.rpm
kernel-devel-2.6.9-55.0.12.EL.i686.rpm
kernel-doc-2.6.9-55.0.12.EL.noarch.rpm
kernel-hugemem-2.6.9-55.0.12.EL.i686.rpm
kernel-hugemem-devel-2.6.9-55.0.12.EL.i686.rpm
kernel-smp-2.6.9-55.0.12.EL.i686.rpm
kernel-smp-devel-2.6.9-55.0.12.EL.i686.rpm
kernel-xenU-2.6.9-55.0.12.EL.i686.rpm
kernel-xenU-devel-2.6.9-55.0.12.EL.i686.rpm
   Dependancies:
kernel-module-fuse-2.6.9-55.0.12.EL-2.5.3-1.SL.i686.rpm
kernel-module-fuse-2.6.9-55.0.12.ELhugemem-2.5.3-1.SL.i686.rpm
kernel-module-fuse-2.6.9-55.0.12.ELsmp-2.5.3-1.SL.i686.rpm
kernel-module-fuse-2.6.9-55.0.12.ELxenU-2.5.3-1.SL.i686.rpm
kernel-module-ipw3945-2.6.9-55.0.12.EL-1.1.0-1.SL4.i686.rpm
kernel-module-ipw3945-2.6.9-55.0.12.ELhugemem-1.1.0-1.SL4.i686.rpm
kernel-module-ipw3945-2.6.9-55.0.12.ELsmp-1.1.0-1.SL4.i686.rpm
kernel-module-ipw3945-2.6.9-55.0.12.ELxenU-1.1.0-1.SL4.i686.rpm
kernel-module-madwifi-2.6.9-55.0.12.EL-0.9.3.1-10.sl4.i686.rpm
kernel-module-madwifi-2.6.9-55.0.12.ELhugemem-0.9.3.1-10.sl4.i686.rpm
kernel-module-madwifi-2.6.9-55.0.12.ELsmp-0.9.3.1-10.sl4.i686.rpm
kernel-module-madwifi-hal-2.6.9-55.0.12.EL-0.9.3.1-10.sl4.i686.rpm
kernel-module-madwifi-hal-2.6.9-55.0.12.ELhugemem-0.9.3.1-10.sl4.i686.rpm
kernel-module-madwifi-hal-2.6.9-55.0.12.ELsmp-0.9.3.1-10.sl4.i686.rpm
kernel-module-ndiswrapper-2.6.9-55.0.12.EL-1.41-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.9-55.0.12.ELhugemem-1.41-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.9-55.0.12.ELsmp-1.41-1.SL.i686.rpm
kernel-module-ndiswrapper-2.6.9-55.0.12.ELxenU-1.41-1.SL.i686.rpm
kernel-module-openafs-2.6.9-55.0.12.EL-1.4.4-46.SL4.i686.rpm
kernel-module-openafs-2.6.9-55.0.12.ELhugemem-1.4.4-46.SL4.i686.rpm
kernel-module-openafs-2.6.9-55.0.12.ELsmp-1.4.4-46.SL4.i686.rpm
kernel-module-openafs-2.6.9-55.0.12.ELxenU-1.4.4-46.SL4.i686.rpm
kernel-module-r1000-2.6.9-55.0.12.EL-2.2-2.SL4x.i686.rpm
kernel-module-r1000-2.6.9-55.0.12.ELhugemem-2.2-2.SL4x.i686.rpm
kernel-module-r1000-2.6.9-55.0.12.ELsmp-2.2-2.SL4x.i686.rpm
kernel-module-r1000-2.6.9-55.0.12.ELxenU-2.2-2.SL4x.i686.rpm

   x86_64:
kernel-2.6.9-55.0.12.EL.x86_64.rpm
kernel-devel-2.6.9-55.0.12.EL.x86_64.rpm
kernel-doc-2.6.9-55.0.12.EL.noarch.rpm
kernel-largesmp-2.6.9-55.0.12.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-55.0.12.EL.x86_64.rpm
kernel-smp-2.6.9-55.0.12.EL.x86_64.rpm
kernel-smp-devel-2.6.9-55.0.12.EL.x86_64.rpm
kernel-xenU-2.6.9-55.0.12.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-55.0.12.EL.x86_64.rpm
   Dependancies:
kernel-module-fuse-2.6.9-55.0.12.EL-2.5.3-1.SL.x86_64.rpm
kernel-module-fuse-2.6.9-55.0.12.ELlargesmp-2.5.3-1.SL.x86_64.rpm
kernel-module-fuse-2.6.9-55.0.12.ELsmp-2.5.3-1.SL.x86_64.rpm
kernel-module-fuse-2.6.9-55.0.12.ELxenU-2.5.3-1.SL.x86_64.rpm
kernel-module-ipw3945-2.6.9-55.0.12.EL-1.1.0-1.SL4.x86_64.rpm
kernel-module-ipw3945-2.6.9-55.0.12.ELlargesmp-1.1.0-1.SL4.x86_64.rpm
kernel-module-ipw3945-2.6.9-55.0.12.ELsmp-1.1.0-1.SL4.x86_64.rpm
kernel-module-ipw3945-2.6.9-55.0.12.ELxenU-1.1.0-1.SL4.x86_64.rpm
kernel-module-madwifi-2.6.9-55.0.12.EL-0.9.3.1-10.sl4.x86_64.rpm
kernel-module-madwifi-2.6.9-55.0.12.ELlargesmp-0.9.3.1-10.sl4.x86_64.rpm
kernel-module-madwifi-2.6.9-55.0.12.ELsmp-0.9.3.1-10.sl4.x86_64.rpm
kernel-module-madwifi-hal-2.6.9-55.0.12.EL-0.9.3.1-10.sl4.x86_64.rpm
kernel-module-madwifi-hal-2.6.9-55.0.12.ELlargesmp-0.9.3.1-10.sl4.x86_64.rpm
kernel-module-madwifi-hal-2.6.9-55.0.12.ELsmp-0.9.3.1-10.sl4.x86_64.rpm
kernel-module-ndiswrapper-2.6.9-55.0.12.EL-1.41-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.9-55.0.12.ELlargesmp-1.41-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.9-55.0.12.ELsmp-1.41-1.SL.x86_64.rpm
kernel-module-ndiswrapper-2.6.9-55.0.12.ELxenU-1.41-1.SL.x86_64.rpm
kernel-module-openafs-2.6.9-55.0.12.EL-1.4.4-46.SL4.x86_64.rpm
kernel-module-openafs-2.6.9-55.0.12.ELlargesmp-1.4.4-46.SL4.x86_64.rpm
kernel-module-openafs-2.6.9-55.0.12.ELsmp-1.4.4-46.SL4.x86_64.rpm
kernel-module-openafs-2.6.9-55.0.12.ELxenU-1.4.4-46.SL4.x86_64.rpm
kernel-module-r1000-2.6.9-55.0.12.EL-2.2-2.SL4x.x86_64.rpm
kernel-module-r1000-2.6.9-55.0.12.ELlargesmp-2.2-2.SL4x.x86_64.rpm
kernel-module-r1000-2.6.9-55.0.12.ELsmp-2.2-2.SL4x.x86_64.rpm
kernel-module-r1000-2.6.9-55.0.12.ELxenU-2.2-2.SL4x.x86_64.rpm

NOTE: At the time of this writting, The Upstream Vendor had not released the 
source rpm's for the GFS kernel modules.  When they do, we will recompile them 
and push them out.  But we felt it was better to get the kernel out as soon as 
possible.

-Connie Sieh
-Troy Dawson

SciLinux: CVE-2006-6921 kernel SL4.x i386/x86_64

Important: kernel security update

Summary

Date:         Thu, 1 Nov 2007 16:54:53 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA for kernel on SL4.x i386/x86_64Comments: To: scientific-linux-errata@fnal.govSynopsis:	Important: kernel security updateIssue date:	2007-11-01CVE Names:	CVE-2006-6921 CVE-2007-2878 CVE-2007-3105                 CVE-2007-3739 CVE-2007-3740 CVE-2007-3843                 CVE-2007-3848 CVE-2007-4308 CVE-2007-4571* A flaw was found in the handling of process death signals. This allowed alocal user to send arbitrary signals to the suid-process executed by thatuser. A successful exploitation of this flaw depends on the structure ofthe suid-program and its signal handling. (CVE-2007-3848, Important)* A flaw was found in the CIFS file system. This could cause the umaskvalues of a process to not be honored on CIFS file systems where UNIXextensions are supported. (CVE-2007-3740, Important)* A flaw was found in the VFAT compat ioctl handling on 64-bit systems.This allowed a local user to corrupt a kernel_dirent struct and cause adenial of service. (CVE-2007-2878, Important)* A flaw was found in the Advanced Linux Sound Architecture (ALSA). A localuser who had the ability to read the /proc/driver/snd-page-alloc file couldsee portions of kernel memory. (CVE-2007-4571, Moderate)* A flaw was found in the aacraid SCSI driver. This allowed a local user tomake ioctl calls to the driver that should be restricted to privilegedusers. (CVE-2007-4308, Moderate)* A flaw was found in the stack expansion when using the hugetlb kernel onPowerPC systems. This allowed a local user to cause a denial of service.(CVE-2007-3739, Moderate)* A flaw was found in the handling of zombie processes. A local user couldcreate processes that would not be properly reaped which could lead to adenial of service. (CVE-2006-6921, Moderate)* A flaw was found in the CIFS file system handling. The mount option"sec=" did not enable integrity checking or produce an error message ifused. (CVE-2007-3843, Low)* A flaw was found in the random number generator implementation thatallowed a local user to cause a denial of service or possibly gainprivileges. This flaw could be exploited if the root user raised thedefault wakeup threshold over the size of the output pool.(CVE-2007-3105, Low)Additionally, the following bugs were fixed:* A flaw was found in the kernel netpoll code, creating a potentialdeadlock condition.  If the xmit_lock for a given network interface isheld, and a subsequent netpoll event is generated from within the lockowning context (a console message for example), deadlock on that cpu willresult, because the netpoll code will attempt to re-acquire the xmit_lock.  The fix is to, in the netpoll code, only attempt to take the lock, andfail if it is already acquired (rather than block on it), and queue themessage to be sent for later delivery.  Any user of netpoll code in thekernel (netdump or netconsole services), is exposed to this problem, andshould resolve the issue by upgrading to this kernel release immediately.* A flaw was found where, under 64-bit mode (x86_64), AMD processors werenot able to address greater than a 40-bit physical address space; and Intelprocessors were only able to address up to a 36-bit physical address space.The fix is to increase the physical addressing for an AMD processor to 48bits, and an Intel processor to 38 bits.* A flaw was found in the xenU kernel that may prevent a paravirtualizedguest with more than one CPU from starting when running under an ScientificLinux 5.1 hypervisor.  The fix is to allow your Scientific Linux 4 Xen SMPguests to boot under a 5.1 hypervisor.SL 4.x   SRPMS:kernel-2.6.9-55.0.12.EL.src.rpm   i386:kernel-2.6.9-55.0.12.EL.i686.rpmkernel-devel-2.6.9-55.0.12.EL.i686.rpmkernel-doc-2.6.9-55.0.12.EL.noarch.rpmkernel-hugemem-2.6.9-55.0.12.EL.i686.rpmkernel-hugemem-devel-2.6.9-55.0.12.EL.i686.rpmkernel-smp-2.6.9-55.0.12.EL.i686.rpmkernel-smp-devel-2.6.9-55.0.12.EL.i686.rpmkernel-xenU-2.6.9-55.0.12.EL.i686.rpmkernel-xenU-devel-2.6.9-55.0.12.EL.i686.rpm   Dependancies:kernel-module-fuse-2.6.9-55.0.12.EL-2.5.3-1.SL.i686.rpmkernel-module-fuse-2.6.9-55.0.12.ELhugemem-2.5.3-1.SL.i686.rpmkernel-module-fuse-2.6.9-55.0.12.ELsmp-2.5.3-1.SL.i686.rpmkernel-module-fuse-2.6.9-55.0.12.ELxenU-2.5.3-1.SL.i686.rpmkernel-module-ipw3945-2.6.9-55.0.12.EL-1.1.0-1.SL4.i686.rpmkernel-module-ipw3945-2.6.9-55.0.12.ELhugemem-1.1.0-1.SL4.i686.rpmkernel-module-ipw3945-2.6.9-55.0.12.ELsmp-1.1.0-1.SL4.i686.rpmkernel-module-ipw3945-2.6.9-55.0.12.ELxenU-1.1.0-1.SL4.i686.rpmkernel-module-madwifi-2.6.9-55.0.12.EL-0.9.3.1-10.sl4.i686.rpmkernel-module-madwifi-2.6.9-55.0.12.ELhugemem-0.9.3.1-10.sl4.i686.rpmkernel-module-madwifi-2.6.9-55.0.12.ELsmp-0.9.3.1-10.sl4.i686.rpmkernel-module-madwifi-hal-2.6.9-55.0.12.EL-0.9.3.1-10.sl4.i686.rpmkernel-module-madwifi-hal-2.6.9-55.0.12.ELhugemem-0.9.3.1-10.sl4.i686.rpmkernel-module-madwifi-hal-2.6.9-55.0.12.ELsmp-0.9.3.1-10.sl4.i686.rpmkernel-module-ndiswrapper-2.6.9-55.0.12.EL-1.41-1.SL.i686.rpmkernel-module-ndiswrapper-2.6.9-55.0.12.ELhugemem-1.41-1.SL.i686.rpmkernel-module-ndiswrapper-2.6.9-55.0.12.ELsmp-1.41-1.SL.i686.rpmkernel-module-ndiswrapper-2.6.9-55.0.12.ELxenU-1.41-1.SL.i686.rpmkernel-module-openafs-2.6.9-55.0.12.EL-1.4.4-46.SL4.i686.rpmkernel-module-openafs-2.6.9-55.0.12.ELhugemem-1.4.4-46.SL4.i686.rpmkernel-module-openafs-2.6.9-55.0.12.ELsmp-1.4.4-46.SL4.i686.rpmkernel-module-openafs-2.6.9-55.0.12.ELxenU-1.4.4-46.SL4.i686.rpmkernel-module-r1000-2.6.9-55.0.12.EL-2.2-2.SL4x.i686.rpmkernel-module-r1000-2.6.9-55.0.12.ELhugemem-2.2-2.SL4x.i686.rpmkernel-module-r1000-2.6.9-55.0.12.ELsmp-2.2-2.SL4x.i686.rpmkernel-module-r1000-2.6.9-55.0.12.ELxenU-2.2-2.SL4x.i686.rpm   x86_64:kernel-2.6.9-55.0.12.EL.x86_64.rpmkernel-devel-2.6.9-55.0.12.EL.x86_64.rpmkernel-doc-2.6.9-55.0.12.EL.noarch.rpmkernel-largesmp-2.6.9-55.0.12.EL.x86_64.rpmkernel-largesmp-devel-2.6.9-55.0.12.EL.x86_64.rpmkernel-smp-2.6.9-55.0.12.EL.x86_64.rpmkernel-smp-devel-2.6.9-55.0.12.EL.x86_64.rpmkernel-xenU-2.6.9-55.0.12.EL.x86_64.rpmkernel-xenU-devel-2.6.9-55.0.12.EL.x86_64.rpm   Dependancies:kernel-module-fuse-2.6.9-55.0.12.EL-2.5.3-1.SL.x86_64.rpmkernel-module-fuse-2.6.9-55.0.12.ELlargesmp-2.5.3-1.SL.x86_64.rpmkernel-module-fuse-2.6.9-55.0.12.ELsmp-2.5.3-1.SL.x86_64.rpmkernel-module-fuse-2.6.9-55.0.12.ELxenU-2.5.3-1.SL.x86_64.rpmkernel-module-ipw3945-2.6.9-55.0.12.EL-1.1.0-1.SL4.x86_64.rpmkernel-module-ipw3945-2.6.9-55.0.12.ELlargesmp-1.1.0-1.SL4.x86_64.rpmkernel-module-ipw3945-2.6.9-55.0.12.ELsmp-1.1.0-1.SL4.x86_64.rpmkernel-module-ipw3945-2.6.9-55.0.12.ELxenU-1.1.0-1.SL4.x86_64.rpmkernel-module-madwifi-2.6.9-55.0.12.EL-0.9.3.1-10.sl4.x86_64.rpmkernel-module-madwifi-2.6.9-55.0.12.ELlargesmp-0.9.3.1-10.sl4.x86_64.rpmkernel-module-madwifi-2.6.9-55.0.12.ELsmp-0.9.3.1-10.sl4.x86_64.rpmkernel-module-madwifi-hal-2.6.9-55.0.12.EL-0.9.3.1-10.sl4.x86_64.rpmkernel-module-madwifi-hal-2.6.9-55.0.12.ELlargesmp-0.9.3.1-10.sl4.x86_64.rpmkernel-module-madwifi-hal-2.6.9-55.0.12.ELsmp-0.9.3.1-10.sl4.x86_64.rpmkernel-module-ndiswrapper-2.6.9-55.0.12.EL-1.41-1.SL.x86_64.rpmkernel-module-ndiswrapper-2.6.9-55.0.12.ELlargesmp-1.41-1.SL.x86_64.rpmkernel-module-ndiswrapper-2.6.9-55.0.12.ELsmp-1.41-1.SL.x86_64.rpmkernel-module-ndiswrapper-2.6.9-55.0.12.ELxenU-1.41-1.SL.x86_64.rpmkernel-module-openafs-2.6.9-55.0.12.EL-1.4.4-46.SL4.x86_64.rpmkernel-module-openafs-2.6.9-55.0.12.ELlargesmp-1.4.4-46.SL4.x86_64.rpmkernel-module-openafs-2.6.9-55.0.12.ELsmp-1.4.4-46.SL4.x86_64.rpmkernel-module-openafs-2.6.9-55.0.12.ELxenU-1.4.4-46.SL4.x86_64.rpmkernel-module-r1000-2.6.9-55.0.12.EL-2.2-2.SL4x.x86_64.rpmkernel-module-r1000-2.6.9-55.0.12.ELlargesmp-2.2-2.SL4x.x86_64.rpmkernel-module-r1000-2.6.9-55.0.12.ELsmp-2.2-2.SL4x.x86_64.rpmkernel-module-r1000-2.6.9-55.0.12.ELxenU-2.2-2.SL4x.x86_64.rpmNOTE: At the time of this writting, The Upstream Vendor had not released the source rpm's for the GFS kernel modules.  When they do, we will recompile them and push them out.  But we felt it was better to get the kernel out as soon as possible.-Connie Sieh-Troy Dawson



Security Fixes

Severity

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved