Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2008.0233 -- [Linux][RedHat] Important: kernel security and bug fix update 6 March 2008 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel Publisher: Red Hat Operating System: Red Hat Linux Linux variants Impact: Denial of Service Modify Arbitrary Files Access Privileged Data Access: Existing Account CVE Names: CVE-2007-6694 CVE-2007-6207 CVE-2007-6063 CVE-2007-5938 CVE-2006-6921 Ref: AA-2007.0111 ESB-2007.0857 ESB-2008.0108 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2008-0154.html Comment: This advisory references vulnerabilities in the Linux kernel that also affect distributions other than Red Hat. It is recommended that administrators running Linux check for an updated version of the kernel for their system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2008:0154-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0154.html Issue date: 2008-03-05 CVE Names: CVE-2006-6921 CVE-2007-5938 CVE-2007-6063 CVE-2007-6207 CVE-2007-6694 ===================================================================== 1. Summary: Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * a flaw in the hypervisor for hosts running on Itanium architectures allowed an Intel VTi domain to read arbitrary physical memory from other Intel VTi domains, which could make information available to unauthorized users. (CVE-2007-6207, Important) * two buffer overflow flaws were found in ISDN subsystem. A local unprivileged user could use these flaws to cause a denial of service. (CVE-2007-5938: Important, CVE-2007-6063: Moderate) * a possible NULL pointer dereference was found in the subsystem used for showing CPU information, as used by CHRP systems on PowerPC architectures. This may have allowed a local unprivileged user to cause a denial of service (crash). (CVE-2007-6694, Moderate) * a flaw was found in the handling of zombie processes. A local user could create processes that would not be properly reaped, possibly causing a denial of service. (CVE-2006-6921, Moderate) As well, these updated packages fix the following bugs: * a bug was found in the Linux kernel audit subsystem. When the audit daemon was setup to log the execve system call with a large number of arguments, the kernel could run out of memory, causing a kernel panic. * on IBM System z architectures, using the IBM Hardware Management Console to toggle IBM FICON channel path ids (CHPID) caused a file ID miscompare, possibly causing data corruption. * when running the IA-32 Execution Layer (IA-32EL) or a Java VM on Itanium architectures, a bug in the address translation in the hypervisor caused the wrong address to be registered, causing Dom0 to hang. * on Itanium architectures, frequent Corrected Platform Error errors may have caused the hypervisor to hang. * when enabling a CPU without hot plug support, routines for checking the presence of the CPU were missing. The CPU tried to access its own resources, causing a kernel panic. * after updating to kernel-2.6.18-53.el5, a bug in the CCISS driver caused the HP Array Configuration Utility CLI to become unstable, possibly causing a system hang, or a kernel panic. * a bug in NFS directory caching could have caused different hosts to have different views of NFS directories. * on Itanium architectures, the Corrected Machine Check Interrupt masked hot-added CPUs as disabled. * when running Oracle database software on the Intel 64 and AMD64 architectures, if an SGA larger than 4GB was created, and had hugepages allocated to it, the hugepages were not freed after database shutdown. * in a clustered environment, when two or more NFS clients had the same logical volume mounted, and one of them modified a file on the volume, NULL characters may have been inserted, possibly causing data corruption. These updated packages resolve several severe issues in the lpfc driver: * a system hang after LUN discovery. * a general fault protection, a NULL pointer dereference, or slab corruption could occur while running a debug on the kernel. * the inability to handle kernel paging requests in "lpfc_get_scsi_buf". * erroneous structure references caused certain FC discovery routines to reference and change "lpfc_nodelist" structures, even after they were freed. * the lpfc driver failed to interpret certain fields correctly, causing tape backup software to fail. Tape drives reported "Illegal Request". * the lpfc driver did not clear structures correctly, resulting in SCSI I/Os being rejected by targets, and causing errors. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 302921 - CVE-2006-6921 kernel: denial of service with wedged processes 310651 - audit: Logging execve arguments, out of memory in audit_expand (kernel panic) 385861 - CVE-2007-5938 NULL dereference in iwl driver 392101 - CVE-2007-6063 Linux Kernel isdn_net_setcfg buffer overflow 396751 - CVE-2007-6694 /proc/cpuinfo DoS on some ppc machines 402911 - LTC39906-[BBDQ] FICON DS8000: File ID Miscompare after CHPID off via HMC 406881 - CVE-2007-6207 [5.2][XEN] Security: some HVM domain can access another domain memory. 424191 - [Xen][5.1.z] Running IA32EL or java-vm causes dom0 hung 424271 - Severe issues in 5.1 lpfc driver: Request update to 8.1.10.12 428290 - [Xen ia64] hypervisor sometimes hangs on Corrected Platform Errors 429108 - [5.1] Panic if user enable a cpu which is not prepared for hotplug. 429515 - scsi: cciss - incompatability between hpacucli and RHEL 5.1 Kernel 429539 - NFS: Fix directory caching problem - with test case and patch. 430632 - CMCI is left disabled on hot-added processors 431522 - RHEL 5.1 regression in hugepages due to pagetable sharing patch 432078 - Null bytes in files access by 2 or more NFS clients 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-53.1.14.el5.src.rpm i386: kernel-2.6.18-53.1.14.el5.i686.rpm kernel-PAE-2.6.18-53.1.14.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-53.1.14.el5.i686.rpm kernel-PAE-devel-2.6.18-53.1.14.el5.i686.rpm kernel-debug-2.6.18-53.1.14.el5.i686.rpm kernel-debug-debuginfo-2.6.18-53.1.14.el5.i686.rpm kernel-debug-devel-2.6.18-53.1.14.el5.i686.rpm kernel-debuginfo-2.6.18-53.1.14.el5.i686.rpm kernel-debuginfo-common-2.6.18-53.1.14.el5.i686.rpm kernel-devel-2.6.18-53.1.14.el5.i686.rpm kernel-headers-2.6.18-53.1.14.el5.i386.rpm kernel-xen-2.6.18-53.1.14.el5.i686.rpm kernel-xen-debuginfo-2.6.18-53.1.14.el5.i686.rpm kernel-xen-devel-2.6.18-53.1.14.el5.i686.rpm noarch: kernel-doc-2.6.18-53.1.14.el5.noarch.rpm x86_64: kernel-2.6.18-53.1.14.el5.x86_64.rpm kernel-debug-2.6.18-53.1.14.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-53.1.14.el5.x86_64.rpm kernel-debug-devel-2.6.18-53.1.14.el5.x86_64.rpm kernel-debuginfo-2.6.18-53.1.14.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-53.1.14.el5.x86_64.rpm kernel-devel-2.6.18-53.1.14.el5.x86_64.rpm kernel-headers-2.6.18-53.1.14.el5.x86_64.rpm kernel-xen-2.6.18-53.1.14.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-53.1.14.el5.x86_64.rpm kernel-xen-devel-2.6.18-53.1.14.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-53.1.14.el5.src.rpm i386: kernel-2.6.18-53.1.14.el5.i686.rpm kernel-PAE-2.6.18-53.1.14.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-53.1.14.el5.i686.rpm kernel-PAE-devel-2.6.18-53.1.14.el5.i686.rpm kernel-debug-2.6.18-53.1.14.el5.i686.rpm kernel-debug-debuginfo-2.6.18-53.1.14.el5.i686.rpm kernel-debug-devel-2.6.18-53.1.14.el5.i686.rpm kernel-debuginfo-2.6.18-53.1.14.el5.i686.rpm kernel-debuginfo-common-2.6.18-53.1.14.el5.i686.rpm kernel-devel-2.6.18-53.1.14.el5.i686.rpm kernel-headers-2.6.18-53.1.14.el5.i386.rpm kernel-xen-2.6.18-53.1.14.el5.i686.rpm kernel-xen-debuginfo-2.6.18-53.1.14.el5.i686.rpm kernel-xen-devel-2.6.18-53.1.14.el5.i686.rpm ia64: kernel-2.6.18-53.1.14.el5.ia64.rpm kernel-debug-2.6.18-53.1.14.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-53.1.14.el5.ia64.rpm kernel-debug-devel-2.6.18-53.1.14.el5.ia64.rpm kernel-debuginfo-2.6.18-53.1.14.el5.ia64.rpm kernel-debuginfo-common-2.6.18-53.1.14.el5.ia64.rpm kernel-devel-2.6.18-53.1.14.el5.ia64.rpm kernel-headers-2.6.18-53.1.14.el5.ia64.rpm kernel-xen-2.6.18-53.1.14.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-53.1.14.el5.ia64.rpm kernel-xen-devel-2.6.18-53.1.14.el5.ia64.rpm noarch: kernel-doc-2.6.18-53.1.14.el5.noarch.rpm ppc: kernel-2.6.18-53.1.14.el5.ppc64.rpm kernel-debug-2.6.18-53.1.14.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-53.1.14.el5.ppc64.rpm kernel-debug-devel-2.6.18-53.1.14.el5.ppc64.rpm kernel-debuginfo-2.6.18-53.1.14.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-53.1.14.el5.ppc64.rpm kernel-devel-2.6.18-53.1.14.el5.ppc64.rpm kernel-headers-2.6.18-53.1.14.el5.ppc.rpm kernel-headers-2.6.18-53.1.14.el5.ppc64.rpm kernel-kdump-2.6.18-53.1.14.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-53.1.14.el5.ppc64.rpm kernel-kdump-devel-2.6.18-53.1.14.el5.ppc64.rpm s390x: kernel-2.6.18-53.1.14.el5.s390x.rpm kernel-debug-2.6.18-53.1.14.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-53.1.14.el5.s390x.rpm kernel-debug-devel-2.6.18-53.1.14.el5.s390x.rpm kernel-debuginfo-2.6.18-53.1.14.el5.s390x.rpm kernel-debuginfo-common-2.6.18-53.1.14.el5.s390x.rpm kernel-devel-2.6.18-53.1.14.el5.s390x.rpm kernel-headers-2.6.18-53.1.14.el5.s390x.rpm x86_64: kernel-2.6.18-53.1.14.el5.x86_64.rpm kernel-debug-2.6.18-53.1.14.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-53.1.14.el5.x86_64.rpm kernel-debug-devel-2.6.18-53.1.14.el5.x86_64.rpm kernel-debuginfo-2.6.18-53.1.14.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-53.1.14.el5.x86_64.rpm kernel-devel-2.6.18-53.1.14.el5.x86_64.rpm kernel-headers-2.6.18-53.1.14.el5.x86_64.rpm kernel-xen-2.6.18-53.1.14.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-53.1.14.el5.x86_64.rpm kernel-xen-devel-2.6.18-53.1.14.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6921 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5938 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6207 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6694 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2008 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHzqdFXlSAg2UNWIIRAqfQAKC81K/fwTcLE6oV79i5OX8G71MhhgCgtOan //RTCG3v8oOczn9EgQ2+5RI= =31js - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBR88uLSh9+71yA2DNAQJWCgP9FGTPaCqg4ToOAHm9L6Nt+65hBIkr00J9 jkiPMnM4gOIv7I0EAJGM7hztvI0+lDtqkzc9kAIoZVCrsFxs9XRan9zOFPjn33wQ sqKWQc8V/aMnBigRhaubjENzpT5XrI+T20tkqC0h9M6/zmg3wd7+Y2AUVMZzrVRk BJBDij680oY= =JKhQ -----END PGP SIGNATURE-----