Date: 17 March 2010
References: ESB-2010.0015 ESB-2010.0071 ESB-2010.0058 ESB-2010.0060 ESB-2010.0101 ESB-2010.0122 ESB-2010.0155 ESB-2010.0162 ESB-2010.0181 ESB-2010.0264
ESB-2010.0268 ESB-2010.0330 ESB-2010.0934 ESB-2010.1055.2 ESB-2011.0536
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2010.0253
Important: kernel security and bug fix update
17 March 2010
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: kernel
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Increased Privileges -- Existing Account
Overwrite Arbitrary Files -- Existing Account
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2010-0437 CVE-2010-0415 CVE-2010-0307
CVE-2010-0008 CVE-2010-0007 CVE-2010-0003
CVE-2009-4538 CVE-2009-4308 CVE-2009-4271
CVE-2009-4141
Reference: ESB-2010.0181
ESB-2010.0162
ESB-2010.0155
ESB-2010.0122
ESB-2010.0101
ESB-2010.0071
ESB-2010.0060
ESB-2010.0058
ESB-2010.0015
Original Bulletin:
https://rhn.redhat.com/errata/RHSA-2010-0146.html
https://rhn.redhat.com/errata/RHSA-2010-0147.html
https://rhn.redhat.com/errata/RHSA-2010-0148.html
https://rhn.redhat.com/errata/RHSA-2010-0149.html
Comment: This bulletin contains four (4) Red Hat Security Advisories
relating to the linux kernel affecting Red Hat Enterprise Linux 4,
5, 5.2 Extended Update Support and 5.3 Extended Update Support.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0146-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0146.html
Issue date: 2010-03-16
CVE Names: CVE-2009-4271 CVE-2010-0003 CVE-2010-0007
CVE-2010-0008 CVE-2010-0307
=====================================================================
1. Summary:
Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 4.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
* a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function
in the Linux kernel Stream Control Transmission Protocol (SCTP)
implementation. A remote attacker could send a specially-crafted SCTP
packet to a target system, resulting in a denial of service.
(CVE-2010-0008, Important)
* a NULL pointer dereference flaw was found in the Linux kernel. During a
core dump, the kernel did not check if the Virtual Dynamically-linked
Shared Object page was accessible. On Intel 64 and AMD64 systems, a local,
unprivileged user could use this flaw to cause a kernel panic by running a
crafted 32-bit application. (CVE-2009-4271, Important)
* an information leak was found in the print_fatal_signal() implementation
in the Linux kernel. When "/proc/sys/kernel/print-fatal-signals" is set to
1 (the default value is 0), memory that is reachable by the kernel could be
leaked to user-space. This issue could also result in a system crash. Note
that this flaw only affected the i386 architecture. (CVE-2010-0003,
Moderate)
* on AMD64 systems, it was discovered that the kernel did not ensure the
ELF interpreter was available before making a call to the SET_PERSONALITY
macro. A local attacker could use this flaw to cause a denial of service by
running a 32-bit application that attempts to execute a 64-bit application.
(CVE-2010-0307, Moderate)
* missing capability checks were found in the ebtables implementation, used
for creating an Ethernet bridge firewall. This could allow a local,
unprivileged user to bypass intended capability restrictions and modify
ebtables rules. (CVE-2010-0007, Low)
This update also fixes the following bugs:
* under some circumstances, a locking bug could have caused an online ext3
file system resize to deadlock, which may have, in turn, caused the file
system or the entire system to become unresponsive. In either case, a
reboot was required after the deadlock. With this update, using resize2fs
to perform an online resize of an ext3 file system works as expected.
(BZ#553135)
* some ATA and SCSI devices were not honoring the barrier=1 mount option,
which could result in data loss after a crash or power loss. This update
applies a patch to the Linux SCSI driver to ensure ordered write caching.
This solution does not provide cache flushes; however, it does provide
data integrity on devices that have no write caching (or where write
caching is disabled) and no command queuing. For systems that have command
queuing or write cache enabled there is no guarantee of data integrity
after a crash. (BZ#560563)
* it was found that lpfc_find_target() could loop continuously when
scanning a list of nodes due to a missing spinlock. This missing spinlock
allowed the list to be changed after the list_empty() test, resulting in a
NULL value, causing the loop. This update adds the spinlock, resolving the
issue. (BZ#561453)
* the fix for CVE-2009-4538 provided by RHSA-2010:0020 introduced a
regression, preventing Wake on LAN (WoL) working for network devices using
the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for
such devices resulted in the following error, even when configuring valid
options:
"Cannot set new wake-on-lan settings: Operation not supported
not setting wol"
This update resolves this regression, and WoL now works as expected for
network devices using the e1000e driver. (BZ#565496)
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
5. Bugs fixed (http://bugzilla.redhat.com/):
548876 - CVE-2009-4271 kernel: 32bit process on 64bit system can trigger a kernel panic
553135 - ext2online resize hangs [rhel-4.8.z]
554578 - CVE-2010-0003 kernel: infoleak if print-fatal-signals=1
555238 - CVE-2010-0007 kernel: netfilter: ebtables: enforce CAP_NET_ADMIN
555658 - CVE-2010-0008 kernel: sctp remote denial of service
560547 - CVE-2010-0307 kernel: DoS on x86_64
560563 - Write barrier operations not working for libata and general SCSI disks [rhel-4.8.z]
561453 - [Emulex 4.9 bug] lpfc driver doesn't acquire lock when searching hba for target [rhel-4.8.z]
565496 - e1000e: wol is broken in kernel 2.6.9-89.19 [rhel-4.8.z]
6. Package List:
Red Hat Enterprise Linux AS version 4:
Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-89.0.23.EL.src.rpm
i386:
kernel-2.6.9-89.0.23.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.i686.rpm
kernel-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.i686.rpm
ia64:
kernel-2.6.9-89.0.23.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.ia64.rpm
kernel-devel-2.6.9-89.0.23.EL.ia64.rpm
kernel-largesmp-2.6.9-89.0.23.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.ia64.rpm
noarch:
kernel-doc-2.6.9-89.0.23.EL.noarch.rpm
ppc:
kernel-2.6.9-89.0.23.EL.ppc64.rpm
kernel-2.6.9-89.0.23.EL.ppc64iseries.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.ppc64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.ppc64iseries.rpm
kernel-devel-2.6.9-89.0.23.EL.ppc64.rpm
kernel-devel-2.6.9-89.0.23.EL.ppc64iseries.rpm
kernel-largesmp-2.6.9-89.0.23.EL.ppc64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.ppc64.rpm
s390:
kernel-2.6.9-89.0.23.EL.s390.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.s390.rpm
kernel-devel-2.6.9-89.0.23.EL.s390.rpm
s390x:
kernel-2.6.9-89.0.23.EL.s390x.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.s390x.rpm
kernel-devel-2.6.9-89.0.23.EL.s390x.rpm
x86_64:
kernel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-89.0.23.EL.src.rpm
i386:
kernel-2.6.9-89.0.23.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.i686.rpm
kernel-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.i686.rpm
noarch:
kernel-doc-2.6.9-89.0.23.EL.noarch.rpm
x86_64:
kernel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-89.0.23.EL.src.rpm
i386:
kernel-2.6.9-89.0.23.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.i686.rpm
kernel-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.i686.rpm
ia64:
kernel-2.6.9-89.0.23.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.ia64.rpm
kernel-devel-2.6.9-89.0.23.EL.ia64.rpm
kernel-largesmp-2.6.9-89.0.23.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.ia64.rpm
noarch:
kernel-doc-2.6.9-89.0.23.EL.noarch.rpm
x86_64:
kernel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-89.0.23.EL.src.rpm
i386:
kernel-2.6.9-89.0.23.EL.i686.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.i686.rpm
kernel-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-2.6.9-89.0.23.EL.i686.rpm
kernel-hugemem-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-2.6.9-89.0.23.EL.i686.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-2.6.9-89.0.23.EL.i686.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.i686.rpm
ia64:
kernel-2.6.9-89.0.23.EL.ia64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.ia64.rpm
kernel-devel-2.6.9-89.0.23.EL.ia64.rpm
kernel-largesmp-2.6.9-89.0.23.EL.ia64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.ia64.rpm
noarch:
kernel-doc-2.6.9-89.0.23.EL.noarch.rpm
x86_64:
kernel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-debuginfo-2.6.9-89.0.23.EL.x86_64.rpm
kernel-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-largesmp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-2.6.9-89.0.23.EL.x86_64.rpm
kernel-smp-devel-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-2.6.9-89.0.23.EL.x86_64.rpm
kernel-xenU-devel-2.6.9-89.0.23.EL.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2009-4271.html
https://www.redhat.com/security/data/cve/CVE-2010-0003.html
https://www.redhat.com/security/data/cve/CVE-2010-0007.html
https://www.redhat.com/security/data/cve/CVE-2010-0008.html
https://www.redhat.com/security/data/cve/CVE-2010-0307.html
http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2010 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFLoEzRXlSAg2UNWIIRAhx+AKCTPAIwNCqfILjnZt+fwfzoArW+4QCgmelm
QKdBpGNpm+cVgt2kXHnbdMU=
=cwST
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0147-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0147.html
Issue date: 2010-03-16
CVE Names: CVE-2009-4308 CVE-2010-0003 CVE-2010-0007
CVE-2010-0008 CVE-2010-0415 CVE-2010-0437
=====================================================================
1. Summary:
Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security fixes:
* a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function
in the Linux kernel Stream Control Transmission Protocol (SCTP)
implementation. A remote attacker could send a specially-crafted SCTP
packet to a target system, resulting in a denial of service.
(CVE-2010-0008, Important)
* a missing boundary check was found in the do_move_pages() function in
the memory migration functionality in the Linux kernel. A local user could
use this flaw to cause a local denial of service or an information leak.
(CVE-2010-0415, Important)
* a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail()
function in the Linux kernel. An attacker on the local network could
trigger this flaw by sending IPv6 traffic to a target system, leading to a
system crash (kernel OOPS) if dst->neighbour is NULL on the target system
when receiving an IPv6 packet. (CVE-2010-0437, Important)
* a NULL pointer dereference flaw was found in the ext4 file system code in
the Linux kernel. A local attacker could use this flaw to trigger a local
denial of service by mounting a specially-crafted, journal-less ext4 file
system, if that file system forced an EROFS error. (CVE-2009-4308,
Moderate)
* an information leak was found in the print_fatal_signal() implementation
in the Linux kernel. When "/proc/sys/kernel/print-fatal-signals" is set to
1 (the default value is 0), memory that is reachable by the kernel could be
leaked to user-space. This issue could also result in a system crash. Note
that this flaw only affected the i386 architecture. (CVE-2010-0003,
Moderate)
* missing capability checks were found in the ebtables implementation, used
for creating an Ethernet bridge firewall. This could allow a local,
unprivileged user to bypass intended capability restrictions and modify
ebtables rules. (CVE-2010-0007, Low)
Bug fixes:
* a bug prevented Wake on LAN (WoL) being enabled on certain Intel
hardware. (BZ#543449)
* a race issue in the Journaling Block Device. (BZ#553132)
* programs compiled on x86, and that also call sched_rr_get_interval(),
were silently corrupted when run on 64-bit systems. (BZ#557684)
* the RHSA-2010:0019 update introduced a regression, preventing WoL from
working for network devices using the e1000e driver. (BZ#559335)
* adding a bonding interface in mode balance-alb to a bridge was not
functional. (BZ#560588)
* some KVM (Kernel-based Virtual Machine) guests experienced slow
performance (and possibly a crash) after suspend/resume. (BZ#560640)
* on some systems, VF cannot be enabled in dom0. (BZ#560665)
* on systems with certain network cards, a system crash occurred after
enabling GRO. (BZ#561417)
* for x86 KVM guests with pvclock enabled, the boot clocks were registered
twice, possibly causing KVM to write data to a random memory area during
the guest's life. (BZ#561454)
* serious performance degradation for 32-bit applications, that map (mmap)
thousands of small files, when run on a 64-bit system. (BZ#562746)
* improved kexec/kdump handling. Previously, on some systems under heavy
load, kexec/kdump was not functional. (BZ#562772)
* dom0 was unable to boot when using the Xen hypervisor on a system with a
large number of logical CPUs. (BZ#562777)
* a fix for a bug that could potentially cause file system corruption.
(BZ#564281)
* a bug caused infrequent cluster issues for users of GFS2. (BZ#564288)
* gfs2_delete_inode failed on read-only file systems. (BZ#564290)
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
5. Bugs fixed (http://bugzilla.redhat.com/):
547255 - CVE-2009-4308 kernel: ext4: Avoid null pointer dereference when decoding EROFS w/o a journal
553132 - [Patch] jbd slab cache creation/deletion is racey [rhel-5.4.z]
554578 - CVE-2010-0003 kernel: infoleak if print-fatal-signals=1
555238 - CVE-2010-0007 kernel: netfilter: ebtables: enforce CAP_NET_ADMIN
555658 - CVE-2010-0008 kernel: sctp remote denial of service
557684 - [5.4] sched_rr_get_interval() destroys user data in 32-bit compat mode. [rhel-5.4.z]
559335 - e1000e: wol is broken on 2.6.18-185.el5 [rhel-5.4.z]
560588 - Adding bonding in balance-alb mode to bridge causes host network connectivity to be lost [rhel-5.4.z]
560640 - Call trace error display when resume from suspend to disk (ide block) - pvclock related [rhel-5.4.z]
560665 - [SR-IOV] VF can not be enabled in Dom0 [rhel-5.4.z]
561417 - Kernel panic when using GRO through ixgbe driver and xen bridge [rhel-5.4.z]
561454 - kvm pvclock on i386 suffers from double registering [rhel-5.4.z]
562582 - CVE-2010-0415 kernel: sys_move_pages infoleak
562746 - Strange vm performance degradation moving 32 bit app from RHEL 4.6 32bit to 5.4 64bit [rhel-5.4.z]
562772 - 5.5 - cciss backport some upstream bits to improve kexec/kdump [rhel-5.4.z]
562777 - [RHEL5 Xen] EXPERIMENTAL EX/MC: Dom0 soft lockups on >64-way system from hard-virt patches [rhel-5.4.z]
563781 - CVE-2010-0437 kernel: ipv6: fix ip6_dst_lookup_tail() NULL pointer dereference
564281 - Please implement upstream fix for potential filesystem corruption bug [rhel-5.4.z]
564288 - GFS2 Filesystem Withdrawal: fatal: invalid metadata block [rhel-5.4.z]
564290 - 1916556 - GFS2 gfs2_delete_inode failing on RO filesystem [rhel-5.4.z]
6. Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-164.15.1.el5.src.rpm
i386:
kernel-2.6.18-164.15.1.el5.i686.rpm
kernel-PAE-2.6.18-164.15.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-164.15.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-164.15.1.el5.i686.rpm
kernel-debug-2.6.18-164.15.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-164.15.1.el5.i686.rpm
kernel-debug-devel-2.6.18-164.15.1.el5.i686.rpm
kernel-debuginfo-2.6.18-164.15.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-164.15.1.el5.i686.rpm
kernel-devel-2.6.18-164.15.1.el5.i686.rpm
kernel-headers-2.6.18-164.15.1.el5.i386.rpm
kernel-xen-2.6.18-164.15.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-164.15.1.el5.i686.rpm
kernel-xen-devel-2.6.18-164.15.1.el5.i686.rpm
noarch:
kernel-doc-2.6.18-164.15.1.el5.noarch.rpm
x86_64:
kernel-2.6.18-164.15.1.el5.x86_64.rpm
kernel-debug-2.6.18-164.15.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-164.15.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-164.15.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-164.15.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-164.15.1.el5.x86_64.rpm
kernel-devel-2.6.18-164.15.1.el5.x86_64.rpm
kernel-headers-2.6.18-164.15.1.el5.x86_64.rpm
kernel-xen-2.6.18-164.15.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-164.15.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-164.15.1.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-164.15.1.el5.src.rpm
i386:
kernel-2.6.18-164.15.1.el5.i686.rpm
kernel-PAE-2.6.18-164.15.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-164.15.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-164.15.1.el5.i686.rpm
kernel-debug-2.6.18-164.15.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-164.15.1.el5.i686.rpm
kernel-debug-devel-2.6.18-164.15.1.el5.i686.rpm
kernel-debuginfo-2.6.18-164.15.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-164.15.1.el5.i686.rpm
kernel-devel-2.6.18-164.15.1.el5.i686.rpm
kernel-headers-2.6.18-164.15.1.el5.i386.rpm
kernel-xen-2.6.18-164.15.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-164.15.1.el5.i686.rpm
kernel-xen-devel-2.6.18-164.15.1.el5.i686.rpm
ia64:
kernel-2.6.18-164.15.1.el5.ia64.rpm
kernel-debug-2.6.18-164.15.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-164.15.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-164.15.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-164.15.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-164.15.1.el5.ia64.rpm
kernel-devel-2.6.18-164.15.1.el5.ia64.rpm
kernel-headers-2.6.18-164.15.1.el5.ia64.rpm
kernel-xen-2.6.18-164.15.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-164.15.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-164.15.1.el5.ia64.rpm
noarch:
kernel-doc-2.6.18-164.15.1.el5.noarch.rpm
ppc:
kernel-2.6.18-164.15.1.el5.ppc64.rpm
kernel-debug-2.6.18-164.15.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-164.15.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-164.15.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-164.15.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-164.15.1.el5.ppc64.rpm
kernel-devel-2.6.18-164.15.1.el5.ppc64.rpm
kernel-headers-2.6.18-164.15.1.el5.ppc.rpm
kernel-headers-2.6.18-164.15.1.el5.ppc64.rpm
kernel-kdump-2.6.18-164.15.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-164.15.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-164.15.1.el5.ppc64.rpm
s390x:
kernel-2.6.18-164.15.1.el5.s390x.rpm
kernel-debug-2.6.18-164.15.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-164.15.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-164.15.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-164.15.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-164.15.1.el5.s390x.rpm
kernel-devel-2.6.18-164.15.1.el5.s390x.rpm
kernel-headers-2.6.18-164.15.1.el5.s390x.rpm
kernel-kdump-2.6.18-164.15.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-164.15.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-164.15.1.el5.s390x.rpm
x86_64:
kernel-2.6.18-164.15.1.el5.x86_64.rpm
kernel-debug-2.6.18-164.15.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-164.15.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-164.15.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-164.15.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-164.15.1.el5.x86_64.rpm
kernel-devel-2.6.18-164.15.1.el5.x86_64.rpm
kernel-headers-2.6.18-164.15.1.el5.x86_64.rpm
kernel-xen-2.6.18-164.15.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-164.15.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-164.15.1.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2009-4308.html
https://www.redhat.com/security/data/cve/CVE-2010-0003.html
https://www.redhat.com/security/data/cve/CVE-2010-0007.html
https://www.redhat.com/security/data/cve/CVE-2010-0008.html
https://www.redhat.com/security/data/cve/CVE-2010-0415.html
https://www.redhat.com/security/data/cve/CVE-2010-0437.html
http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2010 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFLoEyyXlSAg2UNWIIRAvflAJsEoPULkoHoW6J3ww40pY67AeH5GgCfRAqI
RLQD6oYwCLZPptzp6TyEmHw=
=JQ+a
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0148-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0148.html
Issue date: 2010-03-16
CVE Names: CVE-2010-0008 CVE-2010-0437
=====================================================================
1. Summary:
Updated kernel packages that fix two security issues and several bugs are
now available for Red Hat Enterprise Linux 5.2 Extended Update Support.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5.2.z server) - i386, ia64, noarch, ppc, s390x, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
* a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function
in the Linux kernel Stream Control Transmission Protocol (SCTP)
implementation. A remote attacker could send a specially-crafted SCTP
packet to a target system, resulting in a denial of service.
(CVE-2010-0008, Important)
* a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail()
function in the Linux kernel. An attacker on the local network could
trigger this flaw by sending IPv6 traffic to a target system, leading to a
system crash (kernel OOPS) if dst->neighbour is NULL on the target system
when receiving an IPv6 packet. (CVE-2010-0437, Important)
This update also fixes the following bugs:
* programs compiled on x86, and that also call sched_rr_get_interval(),
were silently corrupted when run on 64-bit systems. With this update, when
such programs attempt to call sched_rr_get_interval() on 64-bit systems,
sys32_sched_rr_get_interval() is called instead, which resolves this issue.
(BZ#557682)
* the fix for CVE-2009-4538 provided by RHSA-2010:0079 introduced a
regression, preventing Wake on LAN (WoL) working for network devices using
the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for
such devices resulted in the following error, even when configuring valid
options:
"Cannot set new wake-on-lan settings: Operation not supported
not setting wol"
This update resolves this regression, and WoL now works as expected for
network devices using the e1000e driver. (BZ#559333)
* a number of bugs have been fixed in the copy_user routines for Intel 64
and AMD64 systems, one of which could have possibly led to data corruption.
(BZ#568305)
* on some systems, a race condition in the inode-based file event
notifications implementation caused soft lockups and the following
messages:
"BUG: warning at fs/inotify.c:181/set_dentry_child_flags()"
"BUG: soft lockup - CPU#[x] stuck for 10s!"
This update resolves this race condition, and also removes the inotify
debugging code from the kernel, due to race conditions in that code.
(BZ#568662)
* if a program that calls posix_fadvise() were compiled on x86, and then
run on a 64-bit system, that program could experience various problems,
including performance issues and the call to posix_fadvise() failing,
causing the program to not run as expected or even abort. With this update,
when such programs attempt to call posix_fadvise() on 64-bit systems,
sys32_fadvise64() is called instead, which resolves this issue. This update
also fixes other 32-bit system calls that were mistakenly called on 64-bit
systems (including systems running the kernel-xen kernel). (BZ#569595)
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
5. Bugs fixed (http://bugzilla.redhat.com/):
555658 - CVE-2010-0008 kernel: sctp remote denial of service
557682 - [5.4] sched_rr_get_interval() destroys user data in 32-bit compat mode. [rhel-5.2.z]
559333 - e1000e: wol is broken on 2.6.18-185.el5 [rhel-5.2.z]
563781 - CVE-2010-0437 kernel: ipv6: fix ip6_dst_lookup_tail() NULL pointer dereference
568305 - [x86_64]: copy_user_c can zero more data than needed [rhel-5.2.z]
568662 - CRM 1908390 - BUG: warning at fs/inotify.c:181/set_dentry_child_flags() [rhel-5.2.z]
569595 - posix_fadvise() handles its arguments incorrectly in 32-bit compat mode. [rhel-5.2.z]
6. Package List:
Red Hat Enterprise Linux (v. 5.2.z server):
Source:
kernel-2.6.18-92.1.38.el5.src.rpm
i386:
kernel-2.6.18-92.1.38.el5.i686.rpm
kernel-PAE-2.6.18-92.1.38.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-92.1.38.el5.i686.rpm
kernel-PAE-devel-2.6.18-92.1.38.el5.i686.rpm
kernel-debug-2.6.18-92.1.38.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-92.1.38.el5.i686.rpm
kernel-debug-devel-2.6.18-92.1.38.el5.i686.rpm
kernel-debuginfo-2.6.18-92.1.38.el5.i686.rpm
kernel-debuginfo-common-2.6.18-92.1.38.el5.i686.rpm
kernel-devel-2.6.18-92.1.38.el5.i686.rpm
kernel-headers-2.6.18-92.1.38.el5.i386.rpm
kernel-xen-2.6.18-92.1.38.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-92.1.38.el5.i686.rpm
kernel-xen-devel-2.6.18-92.1.38.el5.i686.rpm
ia64:
kernel-2.6.18-92.1.38.el5.ia64.rpm
kernel-debug-2.6.18-92.1.38.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-92.1.38.el5.ia64.rpm
kernel-debug-devel-2.6.18-92.1.38.el5.ia64.rpm
kernel-debuginfo-2.6.18-92.1.38.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-92.1.38.el5.ia64.rpm
kernel-devel-2.6.18-92.1.38.el5.ia64.rpm
kernel-headers-2.6.18-92.1.38.el5.ia64.rpm
kernel-xen-2.6.18-92.1.38.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-92.1.38.el5.ia64.rpm
kernel-xen-devel-2.6.18-92.1.38.el5.ia64.rpm
noarch:
kernel-doc-2.6.18-92.1.38.el5.noarch.rpm
ppc:
kernel-2.6.18-92.1.38.el5.ppc64.rpm
kernel-debug-2.6.18-92.1.38.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-92.1.38.el5.ppc64.rpm
kernel-debug-devel-2.6.18-92.1.38.el5.ppc64.rpm
kernel-debuginfo-2.6.18-92.1.38.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-92.1.38.el5.ppc64.rpm
kernel-devel-2.6.18-92.1.38.el5.ppc64.rpm
kernel-headers-2.6.18-92.1.38.el5.ppc.rpm
kernel-headers-2.6.18-92.1.38.el5.ppc64.rpm
kernel-kdump-2.6.18-92.1.38.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-92.1.38.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-92.1.38.el5.ppc64.rpm
s390x:
kernel-2.6.18-92.1.38.el5.s390x.rpm
kernel-debug-2.6.18-92.1.38.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-92.1.38.el5.s390x.rpm
kernel-debug-devel-2.6.18-92.1.38.el5.s390x.rpm
kernel-debuginfo-2.6.18-92.1.38.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-92.1.38.el5.s390x.rpm
kernel-devel-2.6.18-92.1.38.el5.s390x.rpm
kernel-headers-2.6.18-92.1.38.el5.s390x.rpm
kernel-kdump-2.6.18-92.1.38.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-92.1.38.el5.s390x.rpm
kernel-kdump-devel-2.6.18-92.1.38.el5.s390x.rpm
x86_64:
kernel-2.6.18-92.1.38.el5.x86_64.rpm
kernel-debug-2.6.18-92.1.38.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-92.1.38.el5.x86_64.rpm
kernel-debug-devel-2.6.18-92.1.38.el5.x86_64.rpm
kernel-debuginfo-2.6.18-92.1.38.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-92.1.38.el5.x86_64.rpm
kernel-devel-2.6.18-92.1.38.el5.x86_64.rpm
kernel-headers-2.6.18-92.1.38.el5.x86_64.rpm
kernel-xen-2.6.18-92.1.38.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-92.1.38.el5.x86_64.rpm
kernel-xen-devel-2.6.18-92.1.38.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2010-0008.html
https://www.redhat.com/security/data/cve/CVE-2010-0437.html
http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2010 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFLoEzdXlSAg2UNWIIRAjt9AJ4sV1X4t8cYdcxFkDI3GWfPfzt5rwCfVJ02
w7vdCwUu11Bv636Ufeuqvm8=
=bQqu
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2010:0149-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0149.html
Issue date: 2010-03-16
CVE Names: CVE-2009-4141 CVE-2010-0008 CVE-2010-0437
=====================================================================
1. Summary:
Updated kernel packages that fix three security issues and multiple bugs
are now available for Red Hat Enterprise Linux 5.3 Extended Update Support.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5.3.z server) - i386, ia64, noarch, ppc, s390x, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
* a deficiency was found in the fasync_helper() implementation. This could
allow a local, unprivileged user to leverage a use-after-free of locked,
asynchronous file descriptors to cause a denial of service or privilege
escalation. (CVE-2009-4141, Important)
* a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function
in the Linux kernel Stream Control Transmission Protocol (SCTP)
implementation. A remote attacker could send a specially-crafted SCTP
packet to a target system, resulting in a denial of service.
(CVE-2010-0008, Important)
* a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail()
function in the Linux kernel. An attacker on the local network could
trigger this flaw by sending IPv6 traffic to a target system, leading to a
system crash (kernel OOPS) if dst->neighbour is NULL on the target system
when receiving an IPv6 packet. (CVE-2010-0437, Important)
This update also fixes the following bugs:
* programs compiled on x86, and that also call sched_rr_get_interval(),
were silently corrupted when run on 64-bit systems. With this update, when
such programs attempt to call sched_rr_get_interval() on 64-bit systems,
sys32_sched_rr_get_interval() is called instead, which resolves this issue.
(BZ#557683)
* the fix for CVE-2009-4538 provided by RHSA-2010:0053 introduced a
regression, preventing Wake on LAN (WoL) working for network devices using
the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for
such devices resulted in the following error, even when configuring valid
options:
"Cannot set new wake-on-lan settings: Operation not supported
not setting wol"
This update resolves this regression, and WoL now works as expected for
network devices using the e1000e driver. (BZ#559334)
* a number of bugs have been fixed in the copy_user routines for Intel 64
and AMD64 systems, one of which could have possibly led to data corruption.
(BZ#568307)
* on some systems, a race condition in the inode-based file event
notifications implementation caused soft lockups and the following
messages:
"BUG: warning at fs/inotify.c:181/set_dentry_child_flags()"
"BUG: soft lockup - CPU#[x] stuck for 10s!"
This update resolves this race condition, and also removes the inotify
debugging code from the kernel, due to race conditions in that code.
(BZ#568663)
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
5. Bugs fixed (http://bugzilla.redhat.com/):
547906 - CVE-2009-4141 kernel: create_elf_tables can leave urandom in a bad state
555658 - CVE-2010-0008 kernel: sctp remote denial of service
557683 - [5.4] sched_rr_get_interval() destroys user data in 32-bit compat mode. [rhel-5.3.z]
559334 - e1000e: wol is broken on 2.6.18-185.el5 [rhel-5.3.z]
563781 - CVE-2010-0437 kernel: ipv6: fix ip6_dst_lookup_tail() NULL pointer dereference
568307 - [x86_64]: copy_user_c can zero more data than needed [rhel-5.3.z]
568663 - CRM 1908390 - BUG: warning at fs/inotify.c:181/set_dentry_child_flags() [rhel-5.3.z]
6. Package List:
Red Hat Enterprise Linux (v. 5.3.z server):
Source:
kernel-2.6.18-128.14.1.el5.src.rpm
i386:
kernel-2.6.18-128.14.1.el5.i686.rpm
kernel-PAE-2.6.18-128.14.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-128.14.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-128.14.1.el5.i686.rpm
kernel-debug-2.6.18-128.14.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-128.14.1.el5.i686.rpm
kernel-debug-devel-2.6.18-128.14.1.el5.i686.rpm
kernel-debuginfo-2.6.18-128.14.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-128.14.1.el5.i686.rpm
kernel-devel-2.6.18-128.14.1.el5.i686.rpm
kernel-headers-2.6.18-128.14.1.el5.i386.rpm
kernel-xen-2.6.18-128.14.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-128.14.1.el5.i686.rpm
kernel-xen-devel-2.6.18-128.14.1.el5.i686.rpm
ia64:
kernel-2.6.18-128.14.1.el5.ia64.rpm
kernel-debug-2.6.18-128.14.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-128.14.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-128.14.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-128.14.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-128.14.1.el5.ia64.rpm
kernel-devel-2.6.18-128.14.1.el5.ia64.rpm
kernel-headers-2.6.18-128.14.1.el5.ia64.rpm
kernel-xen-2.6.18-128.14.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-128.14.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-128.14.1.el5.ia64.rpm
noarch:
kernel-doc-2.6.18-128.14.1.el5.noarch.rpm
ppc:
kernel-2.6.18-128.14.1.el5.ppc64.rpm
kernel-debug-2.6.18-128.14.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-128.14.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-128.14.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-128.14.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-128.14.1.el5.ppc64.rpm
kernel-devel-2.6.18-128.14.1.el5.ppc64.rpm
kernel-headers-2.6.18-128.14.1.el5.ppc.rpm
kernel-headers-2.6.18-128.14.1.el5.ppc64.rpm
kernel-kdump-2.6.18-128.14.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-128.14.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-128.14.1.el5.ppc64.rpm
s390x:
kernel-2.6.18-128.14.1.el5.s390x.rpm
kernel-debug-2.6.18-128.14.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-128.14.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-128.14.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-128.14.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-128.14.1.el5.s390x.rpm
kernel-devel-2.6.18-128.14.1.el5.s390x.rpm
kernel-headers-2.6.18-128.14.1.el5.s390x.rpm
kernel-kdump-2.6.18-128.14.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-128.14.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-128.14.1.el5.s390x.rpm
x86_64:
kernel-2.6.18-128.14.1.el5.x86_64.rpm
kernel-debug-2.6.18-128.14.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-128.14.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-128.14.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-128.14.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-128.14.1.el5.x86_64.rpm
kernel-devel-2.6.18-128.14.1.el5.x86_64.rpm
kernel-headers-2.6.18-128.14.1.el5.x86_64.rpm
kernel-xen-2.6.18-128.14.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-128.14.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-128.14.1.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2009-4141.html
https://www.redhat.com/security/data/cve/CVE-2010-0008.html
https://www.redhat.com/security/data/cve/CVE-2010-0437.html
http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2010 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFLoFUAXlSAg2UNWIIRAsMKAJsHHELEbCa7B/xil2chhTIlvC8TNQCdHWZY
VDIUwbHPU9NdZ0/mJObJQ/s=
=rNtZ
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFLoF00/iFOrG6YcBERAmIdAJ9Ixbaew0ys6qtABwn6rX0dE2+KRQCeK++U
cSuh2Psnj5EuIe4t3MFweg8=
=nE3Q
-----END PGP SIGNATURE-----
|