Date: 13 June 2007
References: ESB-2007.0228 ESB-2007.0325 ESB-2007.0607 ESB-2007.0971 ESB-2008.0240 ESB-2008.0469
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2007.0063 -- [Linux][RedHat]
Important: kernel security update
13 June 2007
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: kernel
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 3
Linux variants
Impact: Execute Arbitrary Code/Commands
Increased Privileges
Read-only Data Access
Denial of Service
Access: Remote/Unauthenticated
Existing Account
CVE Names: CVE-2006-6535 CVE-2006-6106 CVE-2006-6056
CVE-2006-6054 CVE-2006-6053 CVE-2006-5823
CVE-2006-5757 CVE-2006-5754 CVE-2006-5753
CVE-2006-5751 CVE-2006-5619 CVE-2006-5174
CVE-2006-4814 CVE-2006-4813 CVE-2006-4538
CVE-2007-1592
Ref: ESB-2007.0325
Original Bulletin: https://rhn.redhat.com/errata/RHSA-2007-0014.html
https://rhn.redhat.com/errata/RHSA-2007-0436.html
Comment: This advisory references vulnerabilities in the Linux kernel that
also affects distributions other than Red Hat. It is recommended
that administrators running Linux check for an updated version of
the kernel for their system.
This bulletin contains two Red Hat advisories fixing kernel
vulnerabilities in RHEL 4 and RHEL 3 respectively.
Revision History: June 13 2007: Updates available for RHEL3
January 31 2007: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Important: kernel security update
Advisory ID: RHSA-2007:0014-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0014.html
Issue date: 2007-01-30
Updated on: 2007-01-30
Product: Red Hat Enterprise Linux
Keywords: nahant kernel update
CVE Names: CVE-2006-4538 CVE-2006-4813 CVE-2006-4814
CVE-2006-5174 CVE-2006-5619 CVE-2006-5751
CVE-2006-5753 CVE-2006-5754 CVE-2006-5757
CVE-2006-5823 CVE-2006-6053 CVE-2006-6054
CVE-2006-6056 CVE-2006-6106 CVE-2006-6535
- - ---------------------------------------------------------------------
1. Summary:
Updated kernel packages that fix several security issues in the Red Hat
Enterprise Linux 4 kernel are now available.
This security advisory has been rated as having important security impact
by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64
3. Problem description:
The Linux kernel handles the basic functions of the operating system.
These new kernel packages contain fixes for the security issues described
below:
* a flaw in the get_fdb_entries function of the network bridging support
that allowed a local user to cause a denial of service (crash) or allow a
potential privilege escalation (CVE-2006-5751, Important)
* an information leak in the _block_prepare_write function that allowed a
local user to read kernel memory (CVE-2006-4813, Important)
* an information leak in the copy_from_user() implementation on s390 and
s390x platforms that allowed a local user to read kernel memory
(CVE-2006-5174, Important)
* a flaw in the handling of /proc/net/ip6_flowlabel that allowed a local
user to cause a denial of service (infinite loop) (CVE-2006-5619, Important)
* a flaw in the AIO handling that allowed a local user to cause a denial of
service (panic) (CVE-2006-5754, Important)
* a race condition in the mincore system core that allowed a local user to
cause a denial of service (system hang) (CVE-2006-4814, Moderate)
* a flaw in the ELF handling on ia64 and sparc architectures which
triggered a cross-region memory mapping and allowed a local user to cause a
denial of service (CVE-2006-4538, Moderate)
* a flaw in the dev_queue_xmit function of the network subsystem that
allowed a local user to cause a denial of service (data corruption)
(CVE-2006-6535, Moderate)
* a flaw in the handling of CAPI messages over Bluetooth that allowed a
remote system to cause a denial of service or potential code execution.
This flaw is only exploitable if a privileged user establishes a connection
to a malicious remote device (CVE-2006-6106, Moderate)
* a flaw in the listxattr system call that allowed a local user to cause a
denial of service (data corruption) or potential privilege escalation. To
successfully exploit this flaw the existence of a bad inode is required
first (CVE-2006-5753, Moderate)
* a flaw in the __find_get_block_slow function that allowed a local
privileged user to cause a denial of service (CVE-2006-5757, Low)
* various flaws in the supported filesystems that allowed a local
privileged user to cause a denial of service (CVE-2006-5823, CVE-2006-6053,
CVE-2006-6054, CVE-2006-6056, Low)
In addition to the security issues described above, fixes for the following
bugs were included:
* initialization error of the tg3 driver with some BCM5703x network card
* a memory leak in the audit subsystem
* x86_64 nmi watchdog timeout is too short
* ext2/3 directory reads fail intermittently
Red Hat would like to thank Dmitriy Monakhov and Kostantin Khorenko for
reporting issues fixed in this erratum.
All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels
to the packages associated with their machine architecture and
configurations as listed in this erratum.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
180663 - CVE-2006-4814 Race condition in mincore can cause "ps -ef" to hang
205335 - CVE-2006-4538 Local DoS with corrupted ELF
206328 - CVE-2006-5757 Linux kernel Filesystem Mount Dead Loop
207463 - CVE-2006-4813 Information leak in __block_prepare_write()
209435 - CVE-2006-5174 copy_from_user information leak on s390
212144 - CVE-2006-6535 unbalanced local_bh_enable() in dev_queue_xmit()
213214 - CVE-2006-5619 Lockup via /proc/net/ip6_flowlabel
213921 - SAN file systems becoming read-only
214288 - CVE-2006-5757 ISO9660 __find_get_block_slow() denial of service
216452 - CVE-2006-5751 Linux kernel get_fdb_entries() integer overflow
216958 - CVE-2006-5823 zlib_inflate memory corruption
217011 - CVE-2006-6056 SELinux superblock_doinit denial of service
217021 - CVE-2006-6054 ext2_check_page denial of service
217030 - CVE-2006-6053 ext3fs_dirhash denial of service
218602 - CVE-2006-6106 Multiple problems in net/bluetooth/cmtp/capi.c
220677 - CVE-2006-5753 listxattr syscall can corrupt user space programs
220971 - CVE-2006-5754 kernel panic in aio_free_ring()
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-42.0.8.EL.src.rpm
4c5a52437396f7a13656d571c953f23d kernel-2.6.9-42.0.8.EL.src.rpm
i386:
9a273bb88feb2ba6de0a729f4303da77 kernel-2.6.9-42.0.8.EL.i686.rpm
bc271f3c7db9510f305efc3d571218fb kernel-debuginfo-2.6.9-42.0.8.EL.i686.rpm
dcdbe50947e78445971d26b80088d4a5 kernel-devel-2.6.9-42.0.8.EL.i686.rpm
eaf0c5906009b600ae0d0b4d8dc10689 kernel-hugemem-2.6.9-42.0.8.EL.i686.rpm
4fda55afc62edb207d19859be66d0643 kernel-hugemem-devel-2.6.9-42.0.8.EL.i686.rpm
1a036e3aaa5ffc09a15e5941e33c37a0 kernel-smp-2.6.9-42.0.8.EL.i686.rpm
425feebacc995306ad28e58b35a94956 kernel-smp-devel-2.6.9-42.0.8.EL.i686.rpm
ia64:
42c3f6b694e25790958aed0aecc5bcd0 kernel-2.6.9-42.0.8.EL.ia64.rpm
a340710c18598dbace8534359937e156 kernel-debuginfo-2.6.9-42.0.8.EL.ia64.rpm
63d60b16a797bc511c1978eb785d4a51 kernel-devel-2.6.9-42.0.8.EL.ia64.rpm
88c4b888ee5568cc25edf1a9ff870fbb kernel-largesmp-2.6.9-42.0.8.EL.ia64.rpm
af29b49da4539869697ae837515efdd9 kernel-largesmp-devel-2.6.9-42.0.8.EL.ia64.rpm
noarch:
632e04bf2018dc6ce16f8ea48fd7ef06 kernel-doc-2.6.9-42.0.8.EL.noarch.rpm
ppc:
4177872245f3a38f80cd48416d3e26ec kernel-2.6.9-42.0.8.EL.ppc64.rpm
1bced0760a374adb51c0be3558d08c0f kernel-2.6.9-42.0.8.EL.ppc64iseries.rpm
c258aeb007e926474f354c2460277063 kernel-debuginfo-2.6.9-42.0.8.EL.ppc64.rpm
52c874905009c6084d42517924baeb92 kernel-debuginfo-2.6.9-42.0.8.EL.ppc64iseries.rpm
6d8b0391759a4ebb0fdd0ab9557f6e2b kernel-devel-2.6.9-42.0.8.EL.ppc64.rpm
504c22fedffe3211e3baf7cead42f4b2 kernel-devel-2.6.9-42.0.8.EL.ppc64iseries.rpm
67ba325845e53adb47491270cce6f25c kernel-largesmp-2.6.9-42.0.8.EL.ppc64.rpm
6913c4c29c66596002cafbeaf5e302e5 kernel-largesmp-devel-2.6.9-42.0.8.EL.ppc64.rpm
s390:
465a450fa33240414a60c8fc6b667d93 kernel-2.6.9-42.0.8.EL.s390.rpm
e0af614fd161d713f71dc8e68e359d6a kernel-debuginfo-2.6.9-42.0.8.EL.s390.rpm
85fd0c3ec8835e8db559534cea3c6499 kernel-devel-2.6.9-42.0.8.EL.s390.rpm
s390x:
7b864b4442b5bfeead88fc3e71ec23ed kernel-2.6.9-42.0.8.EL.s390x.rpm
efbaa832acbda6abd53df156978f3af1 kernel-debuginfo-2.6.9-42.0.8.EL.s390x.rpm
8aefa3b6fba894952ec26f65e531b3a9 kernel-devel-2.6.9-42.0.8.EL.s390x.rpm
x86_64:
8c9145fdf63eef95fb496e66c38d4bc7 kernel-2.6.9-42.0.8.EL.x86_64.rpm
9299ae524c8c721e345d87f2b9bdcef6 kernel-debuginfo-2.6.9-42.0.8.EL.x86_64.rpm
e008222f297bf17d90b61445c7d70076 kernel-devel-2.6.9-42.0.8.EL.x86_64.rpm
144ff394474bea230f46727ec9ed49c2 kernel-largesmp-2.6.9-42.0.8.EL.x86_64.rpm
7d419a43de741200d188a389c3f6fa75 kernel-largesmp-devel-2.6.9-42.0.8.EL.x86_64.rpm
d8bb03294708f82e5724db0907d208dc kernel-smp-2.6.9-42.0.8.EL.x86_64.rpm
b825e00d12216be12e3a15c5be7b8082 kernel-smp-devel-2.6.9-42.0.8.EL.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-42.0.8.EL.src.rpm
4c5a52437396f7a13656d571c953f23d kernel-2.6.9-42.0.8.EL.src.rpm
i386:
9a273bb88feb2ba6de0a729f4303da77 kernel-2.6.9-42.0.8.EL.i686.rpm
bc271f3c7db9510f305efc3d571218fb kernel-debuginfo-2.6.9-42.0.8.EL.i686.rpm
dcdbe50947e78445971d26b80088d4a5 kernel-devel-2.6.9-42.0.8.EL.i686.rpm
eaf0c5906009b600ae0d0b4d8dc10689 kernel-hugemem-2.6.9-42.0.8.EL.i686.rpm
4fda55afc62edb207d19859be66d0643 kernel-hugemem-devel-2.6.9-42.0.8.EL.i686.rpm
1a036e3aaa5ffc09a15e5941e33c37a0 kernel-smp-2.6.9-42.0.8.EL.i686.rpm
425feebacc995306ad28e58b35a94956 kernel-smp-devel-2.6.9-42.0.8.EL.i686.rpm
noarch:
632e04bf2018dc6ce16f8ea48fd7ef06 kernel-doc-2.6.9-42.0.8.EL.noarch.rpm
x86_64:
8c9145fdf63eef95fb496e66c38d4bc7 kernel-2.6.9-42.0.8.EL.x86_64.rpm
9299ae524c8c721e345d87f2b9bdcef6 kernel-debuginfo-2.6.9-42.0.8.EL.x86_64.rpm
e008222f297bf17d90b61445c7d70076 kernel-devel-2.6.9-42.0.8.EL.x86_64.rpm
144ff394474bea230f46727ec9ed49c2 kernel-largesmp-2.6.9-42.0.8.EL.x86_64.rpm
7d419a43de741200d188a389c3f6fa75 kernel-largesmp-devel-2.6.9-42.0.8.EL.x86_64.rpm
d8bb03294708f82e5724db0907d208dc kernel-smp-2.6.9-42.0.8.EL.x86_64.rpm
b825e00d12216be12e3a15c5be7b8082 kernel-smp-devel-2.6.9-42.0.8.EL.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-42.0.8.EL.src.rpm
4c5a52437396f7a13656d571c953f23d kernel-2.6.9-42.0.8.EL.src.rpm
i386:
9a273bb88feb2ba6de0a729f4303da77 kernel-2.6.9-42.0.8.EL.i686.rpm
bc271f3c7db9510f305efc3d571218fb kernel-debuginfo-2.6.9-42.0.8.EL.i686.rpm
dcdbe50947e78445971d26b80088d4a5 kernel-devel-2.6.9-42.0.8.EL.i686.rpm
eaf0c5906009b600ae0d0b4d8dc10689 kernel-hugemem-2.6.9-42.0.8.EL.i686.rpm
4fda55afc62edb207d19859be66d0643 kernel-hugemem-devel-2.6.9-42.0.8.EL.i686.rpm
1a036e3aaa5ffc09a15e5941e33c37a0 kernel-smp-2.6.9-42.0.8.EL.i686.rpm
425feebacc995306ad28e58b35a94956 kernel-smp-devel-2.6.9-42.0.8.EL.i686.rpm
ia64:
42c3f6b694e25790958aed0aecc5bcd0 kernel-2.6.9-42.0.8.EL.ia64.rpm
a340710c18598dbace8534359937e156 kernel-debuginfo-2.6.9-42.0.8.EL.ia64.rpm
63d60b16a797bc511c1978eb785d4a51 kernel-devel-2.6.9-42.0.8.EL.ia64.rpm
88c4b888ee5568cc25edf1a9ff870fbb kernel-largesmp-2.6.9-42.0.8.EL.ia64.rpm
af29b49da4539869697ae837515efdd9 kernel-largesmp-devel-2.6.9-42.0.8.EL.ia64.rpm
noarch:
632e04bf2018dc6ce16f8ea48fd7ef06 kernel-doc-2.6.9-42.0.8.EL.noarch.rpm
x86_64:
8c9145fdf63eef95fb496e66c38d4bc7 kernel-2.6.9-42.0.8.EL.x86_64.rpm
9299ae524c8c721e345d87f2b9bdcef6 kernel-debuginfo-2.6.9-42.0.8.EL.x86_64.rpm
e008222f297bf17d90b61445c7d70076 kernel-devel-2.6.9-42.0.8.EL.x86_64.rpm
144ff394474bea230f46727ec9ed49c2 kernel-largesmp-2.6.9-42.0.8.EL.x86_64.rpm
7d419a43de741200d188a389c3f6fa75 kernel-largesmp-devel-2.6.9-42.0.8.EL.x86_64.rpm
d8bb03294708f82e5724db0907d208dc kernel-smp-2.6.9-42.0.8.EL.x86_64.rpm
b825e00d12216be12e3a15c5be7b8082 kernel-smp-devel-2.6.9-42.0.8.EL.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-42.0.8.EL.src.rpm
4c5a52437396f7a13656d571c953f23d kernel-2.6.9-42.0.8.EL.src.rpm
i386:
9a273bb88feb2ba6de0a729f4303da77 kernel-2.6.9-42.0.8.EL.i686.rpm
bc271f3c7db9510f305efc3d571218fb kernel-debuginfo-2.6.9-42.0.8.EL.i686.rpm
dcdbe50947e78445971d26b80088d4a5 kernel-devel-2.6.9-42.0.8.EL.i686.rpm
eaf0c5906009b600ae0d0b4d8dc10689 kernel-hugemem-2.6.9-42.0.8.EL.i686.rpm
4fda55afc62edb207d19859be66d0643 kernel-hugemem-devel-2.6.9-42.0.8.EL.i686.rpm
1a036e3aaa5ffc09a15e5941e33c37a0 kernel-smp-2.6.9-42.0.8.EL.i686.rpm
425feebacc995306ad28e58b35a94956 kernel-smp-devel-2.6.9-42.0.8.EL.i686.rpm
ia64:
42c3f6b694e25790958aed0aecc5bcd0 kernel-2.6.9-42.0.8.EL.ia64.rpm
a340710c18598dbace8534359937e156 kernel-debuginfo-2.6.9-42.0.8.EL.ia64.rpm
63d60b16a797bc511c1978eb785d4a51 kernel-devel-2.6.9-42.0.8.EL.ia64.rpm
88c4b888ee5568cc25edf1a9ff870fbb kernel-largesmp-2.6.9-42.0.8.EL.ia64.rpm
af29b49da4539869697ae837515efdd9 kernel-largesmp-devel-2.6.9-42.0.8.EL.ia64.rpm
noarch:
632e04bf2018dc6ce16f8ea48fd7ef06 kernel-doc-2.6.9-42.0.8.EL.noarch.rpm
x86_64:
8c9145fdf63eef95fb496e66c38d4bc7 kernel-2.6.9-42.0.8.EL.x86_64.rpm
9299ae524c8c721e345d87f2b9bdcef6 kernel-debuginfo-2.6.9-42.0.8.EL.x86_64.rpm
e008222f297bf17d90b61445c7d70076 kernel-devel-2.6.9-42.0.8.EL.x86_64.rpm
144ff394474bea230f46727ec9ed49c2 kernel-largesmp-2.6.9-42.0.8.EL.x86_64.rpm
7d419a43de741200d188a389c3f6fa75 kernel-largesmp-devel-2.6.9-42.0.8.EL.x86_64.rpm
d8bb03294708f82e5724db0907d208dc kernel-smp-2.6.9-42.0.8.EL.x86_64.rpm
b825e00d12216be12e3a15c5be7b8082 kernel-smp-devel-2.6.9-42.0.8.EL.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5751
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6535
http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFFv1h/XlSAg2UNWIIRAibaAJ9UFgB89W5J2+5B4QeJuuElzkPw8gCfTfja
2cotYMtskfMOUyzB75sJlO4=
=ziV5
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Important: Updated kernel packages for Red Hat Enterprise Linux 3 Update 9
Advisory ID: RHSA-2007:0436-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0436.html
Issue date: 2007-06-07
Updated on: 2007-06-11
Product: Red Hat Enterprise Linux
Keywords: taroon kernel update
Obsoletes: RHSA-2006:0710
CVE Names: CVE-2006-5823 CVE-2006-6054 CVE-2007-1592
- - ---------------------------------------------------------------------
1. Summary:
Updated kernel packages are now available as part of ongoing support and
maintenance of Red Hat Enterprise Linux version 3. This is the ninth
regular update.
This security advisory has been rated as having important security impact
by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
3. Problem description:
The Linux kernel handles the basic functions of the operating system.
This is the ninth regular kernel update to Red Hat Enterprise Linux 3.
There were no new features introduced by this update. The only changes
that have been included address critical customer needs or security
issues (elaborated below).
Key areas affected by fixes in this update include the networking
subsystem, dcache handling, the ext2 and ext3 file systems, the USB
subsystem, ACPI handling, and the audit subsystem. There were also
several isolated fixes in the tg3, e1000, megaraid_sas, and aacraid
device drivers.
The following security bugs were fixed in this update:
* a flaw in the cramfs file system that allowed invalid compressed
data to cause memory corruption (CVE-2006-5823, low)
* a flaw in the ext2 file system that allowed an invalid inode size
to cause a denial of service (system hang) (CVE-2006-6054, low)
* a flaw in IPV6 flow label handling that allowed a local user to
cause a denial of service (crash) (CVE-2007-1592, important)
Note: The kernel-unsupported package contains various drivers and modules
that are unsupported and therefore might contain security problems that
have not been addressed.
All Red Hat Enterprise Linux 3 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum.
4. Solution:
Before applying this update, make sure that all previously released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
128616 - acl permissions over nfs
137374 - Need fix for: [NETFILTER]: Fix checksum bug for multicast/broadcast packets on postrouting hook.
144794 - tg3 driver on BCM5703X won't load. Says tg3: Could not obtain valid ethernet address, aborting.
164855 - u5 patch that turned on Dprintk's in arch/x86_64/kernel/smpboot.c
171007 - powermate module does not recognize Griffin Powermate device
173350 - jbd I/O errors after ext3 orphan processing on readonly device
177300 - hugetlb_get_unmapped_area may overflow in X86_64 compat mode
189052 - Kernel panic on shutdown or poweroff on SMP
192796 - cut/paste bug in kscand
199542 - Data corruption after IO error on swap (RHEL3)
209154 - High speed USB HID devices not working in RHEL3
216960 - CVE-2006-5823 zlib_inflate memory corruption
217022 - CVE-2006-6054 ext2_check_page denial of service
217930 - [RHEL3] Netdump for 8139cp driver
224600 - running 32-bit executables on x86_64/ia64/s390x causes negative "vm_committed_space" value
226895 - Kernel oops when loading ipmi_si module
231912 - Laus doesn't audit detach event
232221 - Laus dev.audit.attach-all doesn't attach to init
232336 - Enable use of PAL_HALT_LIGHT for idle loop as non-default option
233262 - ipv6 OOPS triggerable by any user
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-50.EL.src.rpm
c79722a872a08eb82398a58749f270cf kernel-2.4.21-50.EL.src.rpm
i386:
7cfbe7d0110e0c1381b73177104119ec kernel-2.4.21-50.EL.athlon.rpm
7203347beb0c4659f63bebb1e487b009 kernel-2.4.21-50.EL.i686.rpm
5c994b0987b31010cb0a825e022aee84 kernel-BOOT-2.4.21-50.EL.i386.rpm
fae1d5c55370b3247bdaeb8c554d0ce5 kernel-debuginfo-2.4.21-50.EL.athlon.rpm
aba8af6dc7681e0ec6296478caa5afbe kernel-debuginfo-2.4.21-50.EL.i386.rpm
dfeb338d473d9f4ea25e4c5f009f93a4 kernel-debuginfo-2.4.21-50.EL.i686.rpm
277167db623567d2772f53c9442aab79 kernel-doc-2.4.21-50.EL.i386.rpm
fe20ef598810be1ee1eb5a7b34994e63 kernel-hugemem-2.4.21-50.EL.i686.rpm
4c19a2a12f011afbcf8ee09dfe19d9b5 kernel-hugemem-unsupported-2.4.21-50.EL.i686.rpm
1ceae1fcc0a9d53ee80ca959f077d1bf kernel-smp-2.4.21-50.EL.athlon.rpm
71e88c7296ff3dacdccfdac4e3071df2 kernel-smp-2.4.21-50.EL.i686.rpm
59b44b72919e9aa6ca57bd5eaafd686b kernel-smp-unsupported-2.4.21-50.EL.athlon.rpm
57239b02735863035421e6b4f9152790 kernel-smp-unsupported-2.4.21-50.EL.i686.rpm
2e0d8c5c9d320ba251483de4ebb30d68 kernel-source-2.4.21-50.EL.i386.rpm
1543ab5008587ee48e77f6ff55e3b69e kernel-unsupported-2.4.21-50.EL.athlon.rpm
f6b4df392ef5cdc8760377f802d8d0d8 kernel-unsupported-2.4.21-50.EL.i686.rpm
ia64:
4ecbfd266438b2f64846b583608886f3 kernel-2.4.21-50.EL.ia64.rpm
26e27e76ff1b0034115ea29ed665f5d3 kernel-debuginfo-2.4.21-50.EL.ia64.rpm
29ad4e24dbfdfdc3898ed12a960c7fac kernel-doc-2.4.21-50.EL.ia64.rpm
bc1684ae959c30fa809b0ed9304b0aad kernel-source-2.4.21-50.EL.ia64.rpm
cde442e6c7fba9087ac7c92ee40748e3 kernel-unsupported-2.4.21-50.EL.ia64.rpm
ppc:
2f7744a0ce4d5828b24dfb11f3582f62 kernel-2.4.21-50.EL.ppc64iseries.rpm
0deb3e0d8635dd62587ab8cc5dd15b4f kernel-2.4.21-50.EL.ppc64pseries.rpm
e5fcea12133e5a85b23ae7cf828293c1 kernel-debuginfo-2.4.21-50.EL.ppc64.rpm
c7ecd608935b1b1207f35d1b8b9cb034 kernel-debuginfo-2.4.21-50.EL.ppc64iseries.rpm
7217c44962ebcd635ac4db43cd85ece5 kernel-debuginfo-2.4.21-50.EL.ppc64pseries.rpm
b72e3d9dfbcdc60ef35784860f1aefe7 kernel-doc-2.4.21-50.EL.ppc64.rpm
e066a029b086eca8621082f6113aca8b kernel-source-2.4.21-50.EL.ppc64.rpm
ade7659061ea001fc8dccf356350584e kernel-unsupported-2.4.21-50.EL.ppc64iseries.rpm
908c4d68a46a7731a639efde75bfe8be kernel-unsupported-2.4.21-50.EL.ppc64pseries.rpm
s390:
7cc098163ea8521e71fa5cb9599e430a kernel-2.4.21-50.EL.s390.rpm
f471fbb4022ea086cb3dd9715be0904e kernel-debuginfo-2.4.21-50.EL.s390.rpm
8d4aede1a46ed6da1e6162cc67cb13ce kernel-doc-2.4.21-50.EL.s390.rpm
f57c2055269270541629220914a7bfd1 kernel-source-2.4.21-50.EL.s390.rpm
9bd2949e1681035d8d9ae7667a09a43b kernel-unsupported-2.4.21-50.EL.s390.rpm
s390x:
76811eb47f700e3abb5058b271db6098 kernel-2.4.21-50.EL.s390x.rpm
a4767cbfb6887b6d538a9380aecd6478 kernel-debuginfo-2.4.21-50.EL.s390x.rpm
349a97363d9b77d2397f59bf1719cc80 kernel-doc-2.4.21-50.EL.s390x.rpm
cf755ee59b7fa3e5cc50267eae6efb3d kernel-source-2.4.21-50.EL.s390x.rpm
3b4a567c303cd51b61e9f77dc2eea76a kernel-unsupported-2.4.21-50.EL.s390x.rpm
x86_64:
da285ae8b8a1d4dc3fe0411861488119 kernel-2.4.21-50.EL.ia32e.rpm
5f7e05a4ca91441fdd52d79da1886dfe kernel-2.4.21-50.EL.x86_64.rpm
9e2be2ea882e105ea3926d41bf1442be kernel-debuginfo-2.4.21-50.EL.ia32e.rpm
a7b578a947b841e1334135c97fa0d390 kernel-debuginfo-2.4.21-50.EL.x86_64.rpm
fe43cb360a3130855db0404bda411cd1 kernel-doc-2.4.21-50.EL.x86_64.rpm
6ca6c1e84c6f11ac9dc40c27d40b9473 kernel-smp-2.4.21-50.EL.x86_64.rpm
9d3594ab2e34a316668685dbe2ed4511 kernel-smp-unsupported-2.4.21-50.EL.x86_64.rpm
5e2951403ef3036cd82b70fc91e86100 kernel-source-2.4.21-50.EL.x86_64.rpm
372d28ebf73a915bb4fdf8b4433910ac kernel-unsupported-2.4.21-50.EL.ia32e.rpm
90fb18a58a605af3337fcaf7e69b8010 kernel-unsupported-2.4.21-50.EL.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-50.EL.src.rpm
c79722a872a08eb82398a58749f270cf kernel-2.4.21-50.EL.src.rpm
i386:
7cfbe7d0110e0c1381b73177104119ec kernel-2.4.21-50.EL.athlon.rpm
7203347beb0c4659f63bebb1e487b009 kernel-2.4.21-50.EL.i686.rpm
5c994b0987b31010cb0a825e022aee84 kernel-BOOT-2.4.21-50.EL.i386.rpm
fae1d5c55370b3247bdaeb8c554d0ce5 kernel-debuginfo-2.4.21-50.EL.athlon.rpm
aba8af6dc7681e0ec6296478caa5afbe kernel-debuginfo-2.4.21-50.EL.i386.rpm
dfeb338d473d9f4ea25e4c5f009f93a4 kernel-debuginfo-2.4.21-50.EL.i686.rpm
277167db623567d2772f53c9442aab79 kernel-doc-2.4.21-50.EL.i386.rpm
fe20ef598810be1ee1eb5a7b34994e63 kernel-hugemem-2.4.21-50.EL.i686.rpm
4c19a2a12f011afbcf8ee09dfe19d9b5 kernel-hugemem-unsupported-2.4.21-50.EL.i686.rpm
1ceae1fcc0a9d53ee80ca959f077d1bf kernel-smp-2.4.21-50.EL.athlon.rpm
71e88c7296ff3dacdccfdac4e3071df2 kernel-smp-2.4.21-50.EL.i686.rpm
59b44b72919e9aa6ca57bd5eaafd686b kernel-smp-unsupported-2.4.21-50.EL.athlon.rpm
57239b02735863035421e6b4f9152790 kernel-smp-unsupported-2.4.21-50.EL.i686.rpm
2e0d8c5c9d320ba251483de4ebb30d68 kernel-source-2.4.21-50.EL.i386.rpm
1543ab5008587ee48e77f6ff55e3b69e kernel-unsupported-2.4.21-50.EL.athlon.rpm
f6b4df392ef5cdc8760377f802d8d0d8 kernel-unsupported-2.4.21-50.EL.i686.rpm
x86_64:
da285ae8b8a1d4dc3fe0411861488119 kernel-2.4.21-50.EL.ia32e.rpm
5f7e05a4ca91441fdd52d79da1886dfe kernel-2.4.21-50.EL.x86_64.rpm
9e2be2ea882e105ea3926d41bf1442be kernel-debuginfo-2.4.21-50.EL.ia32e.rpm
a7b578a947b841e1334135c97fa0d390 kernel-debuginfo-2.4.21-50.EL.x86_64.rpm
fe43cb360a3130855db0404bda411cd1 kernel-doc-2.4.21-50.EL.x86_64.rpm
6ca6c1e84c6f11ac9dc40c27d40b9473 kernel-smp-2.4.21-50.EL.x86_64.rpm
9d3594ab2e34a316668685dbe2ed4511 kernel-smp-unsupported-2.4.21-50.EL.x86_64.rpm
5e2951403ef3036cd82b70fc91e86100 kernel-source-2.4.21-50.EL.x86_64.rpm
372d28ebf73a915bb4fdf8b4433910ac kernel-unsupported-2.4.21-50.EL.ia32e.rpm
90fb18a58a605af3337fcaf7e69b8010 kernel-unsupported-2.4.21-50.EL.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-50.EL.src.rpm
c79722a872a08eb82398a58749f270cf kernel-2.4.21-50.EL.src.rpm
i386:
7cfbe7d0110e0c1381b73177104119ec kernel-2.4.21-50.EL.athlon.rpm
7203347beb0c4659f63bebb1e487b009 kernel-2.4.21-50.EL.i686.rpm
5c994b0987b31010cb0a825e022aee84 kernel-BOOT-2.4.21-50.EL.i386.rpm
fae1d5c55370b3247bdaeb8c554d0ce5 kernel-debuginfo-2.4.21-50.EL.athlon.rpm
aba8af6dc7681e0ec6296478caa5afbe kernel-debuginfo-2.4.21-50.EL.i386.rpm
dfeb338d473d9f4ea25e4c5f009f93a4 kernel-debuginfo-2.4.21-50.EL.i686.rpm
277167db623567d2772f53c9442aab79 kernel-doc-2.4.21-50.EL.i386.rpm
fe20ef598810be1ee1eb5a7b34994e63 kernel-hugemem-2.4.21-50.EL.i686.rpm
4c19a2a12f011afbcf8ee09dfe19d9b5 kernel-hugemem-unsupported-2.4.21-50.EL.i686.rpm
1ceae1fcc0a9d53ee80ca959f077d1bf kernel-smp-2.4.21-50.EL.athlon.rpm
71e88c7296ff3dacdccfdac4e3071df2 kernel-smp-2.4.21-50.EL.i686.rpm
59b44b72919e9aa6ca57bd5eaafd686b kernel-smp-unsupported-2.4.21-50.EL.athlon.rpm
57239b02735863035421e6b4f9152790 kernel-smp-unsupported-2.4.21-50.EL.i686.rpm
2e0d8c5c9d320ba251483de4ebb30d68 kernel-source-2.4.21-50.EL.i386.rpm
1543ab5008587ee48e77f6ff55e3b69e kernel-unsupported-2.4.21-50.EL.athlon.rpm
f6b4df392ef5cdc8760377f802d8d0d8 kernel-unsupported-2.4.21-50.EL.i686.rpm
ia64:
4ecbfd266438b2f64846b583608886f3 kernel-2.4.21-50.EL.ia64.rpm
26e27e76ff1b0034115ea29ed665f5d3 kernel-debuginfo-2.4.21-50.EL.ia64.rpm
29ad4e24dbfdfdc3898ed12a960c7fac kernel-doc-2.4.21-50.EL.ia64.rpm
bc1684ae959c30fa809b0ed9304b0aad kernel-source-2.4.21-50.EL.ia64.rpm
cde442e6c7fba9087ac7c92ee40748e3 kernel-unsupported-2.4.21-50.EL.ia64.rpm
x86_64:
da285ae8b8a1d4dc3fe0411861488119 kernel-2.4.21-50.EL.ia32e.rpm
5f7e05a4ca91441fdd52d79da1886dfe kernel-2.4.21-50.EL.x86_64.rpm
9e2be2ea882e105ea3926d41bf1442be kernel-debuginfo-2.4.21-50.EL.ia32e.rpm
a7b578a947b841e1334135c97fa0d390 kernel-debuginfo-2.4.21-50.EL.x86_64.rpm
fe43cb360a3130855db0404bda411cd1 kernel-doc-2.4.21-50.EL.x86_64.rpm
6ca6c1e84c6f11ac9dc40c27d40b9473 kernel-smp-2.4.21-50.EL.x86_64.rpm
9d3594ab2e34a316668685dbe2ed4511 kernel-smp-unsupported-2.4.21-50.EL.x86_64.rpm
5e2951403ef3036cd82b70fc91e86100 kernel-source-2.4.21-50.EL.x86_64.rpm
372d28ebf73a915bb4fdf8b4433910ac kernel-unsupported-2.4.21-50.EL.ia32e.rpm
90fb18a58a605af3337fcaf7e69b8010 kernel-unsupported-2.4.21-50.EL.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-50.EL.src.rpm
c79722a872a08eb82398a58749f270cf kernel-2.4.21-50.EL.src.rpm
i386:
7cfbe7d0110e0c1381b73177104119ec kernel-2.4.21-50.EL.athlon.rpm
7203347beb0c4659f63bebb1e487b009 kernel-2.4.21-50.EL.i686.rpm
5c994b0987b31010cb0a825e022aee84 kernel-BOOT-2.4.21-50.EL.i386.rpm
fae1d5c55370b3247bdaeb8c554d0ce5 kernel-debuginfo-2.4.21-50.EL.athlon.rpm
aba8af6dc7681e0ec6296478caa5afbe kernel-debuginfo-2.4.21-50.EL.i386.rpm
dfeb338d473d9f4ea25e4c5f009f93a4 kernel-debuginfo-2.4.21-50.EL.i686.rpm
277167db623567d2772f53c9442aab79 kernel-doc-2.4.21-50.EL.i386.rpm
fe20ef598810be1ee1eb5a7b34994e63 kernel-hugemem-2.4.21-50.EL.i686.rpm
4c19a2a12f011afbcf8ee09dfe19d9b5 kernel-hugemem-unsupported-2.4.21-50.EL.i686.rpm
1ceae1fcc0a9d53ee80ca959f077d1bf kernel-smp-2.4.21-50.EL.athlon.rpm
71e88c7296ff3dacdccfdac4e3071df2 kernel-smp-2.4.21-50.EL.i686.rpm
59b44b72919e9aa6ca57bd5eaafd686b kernel-smp-unsupported-2.4.21-50.EL.athlon.rpm
57239b02735863035421e6b4f9152790 kernel-smp-unsupported-2.4.21-50.EL.i686.rpm
2e0d8c5c9d320ba251483de4ebb30d68 kernel-source-2.4.21-50.EL.i386.rpm
1543ab5008587ee48e77f6ff55e3b69e kernel-unsupported-2.4.21-50.EL.athlon.rpm
f6b4df392ef5cdc8760377f802d8d0d8 kernel-unsupported-2.4.21-50.EL.i686.rpm
ia64:
4ecbfd266438b2f64846b583608886f3 kernel-2.4.21-50.EL.ia64.rpm
26e27e76ff1b0034115ea29ed665f5d3 kernel-debuginfo-2.4.21-50.EL.ia64.rpm
29ad4e24dbfdfdc3898ed12a960c7fac kernel-doc-2.4.21-50.EL.ia64.rpm
bc1684ae959c30fa809b0ed9304b0aad kernel-source-2.4.21-50.EL.ia64.rpm
cde442e6c7fba9087ac7c92ee40748e3 kernel-unsupported-2.4.21-50.EL.ia64.rpm
x86_64:
da285ae8b8a1d4dc3fe0411861488119 kernel-2.4.21-50.EL.ia32e.rpm
5f7e05a4ca91441fdd52d79da1886dfe kernel-2.4.21-50.EL.x86_64.rpm
9e2be2ea882e105ea3926d41bf1442be kernel-debuginfo-2.4.21-50.EL.ia32e.rpm
a7b578a947b841e1334135c97fa0d390 kernel-debuginfo-2.4.21-50.EL.x86_64.rpm
fe43cb360a3130855db0404bda411cd1 kernel-doc-2.4.21-50.EL.x86_64.rpm
6ca6c1e84c6f11ac9dc40c27d40b9473 kernel-smp-2.4.21-50.EL.x86_64.rpm
9d3594ab2e34a316668685dbe2ed4511 kernel-smp-unsupported-2.4.21-50.EL.x86_64.rpm
5e2951403ef3036cd82b70fc91e86100 kernel-source-2.4.21-50.EL.x86_64.rpm
372d28ebf73a915bb4fdf8b4433910ac kernel-unsupported-2.4.21-50.EL.ia32e.rpm
90fb18a58a605af3337fcaf7e69b8010 kernel-unsupported-2.4.21-50.EL.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1592
http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGbYwhXlSAg2UNWIIRAu21AJ4u7MYtxy5/U0mOX2xTWtLf2sy+rACeN9zM
+sZgNmsh32K6L0l5/v0eeOI=
=Omh9
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRm+Muyh9+71yA2DNAQIv2AP/UbuCytgjwZm+Bo4xKJvmZXxwt3RJv8RA
eCNT5Vgn7qHA9JdWrrjuJkUfdLodp8u+lwGCDgM5Zh3COMS/VfedVlwkZkuZbGXR
K4rVYAOkf1ETHN+d2vDcuKiIX8UDC9GykjBaFV52GiGXPXgBSpjNXrQdrYg1aGZu
1sHXQcnjc7c=
=64ca
-----END PGP SIGNATURE-----
|