kernel-2.6.18-128.13AXS3

エラータID: AXSA:2009-433:12

Release date: 
Monday, December 21, 2009 - 15:23
Subject: 
kernel-2.6.18-128.13AXS3
Affected Channels: 
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity: 
High
Description: 

The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.
Security bug fixed with this release:
CVE-2009-2695
The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the default configuration of the allow_unconfined_mmap_low boolean in SELinux on Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a requirement for the CAP_SYS_RAWIO capability for these mmap operations, and (4) interaction between the mmap_min_addr protection mechanism and certain application programs.
CVE-2009-2908
The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a negative dentry and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount.
CVE-2009-3228
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.
CVE-2009-3286
NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails.
CVE-2009-3547
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
CVE-2009-3613
The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.
Other fixed bugs:
- removed a warning message that would appear at boot time when HPET is enabled in the BIOS

Solution: 

Update packages.

CVEs: 
CVE-2009-2695
The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the default configuration of the allow_unconfined_mmap_low boolean in SELinux on Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a requirement for the CAP_SYS_RAWIO capability for these mmap operations, and (4) interaction between the mmap_min_addr protection mechanism and certain application programs.
CVE-2009-2908
The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount.
CVE-2009-3228
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.
CVE-2009-3286
NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails.
CVE-2009-3547
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
CVE-2009-3613
The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping.




Additional Info: 

N/A

Download: 

SRPMS
  1. kernel-2.6.18-128.13AXS3.src.rpm
    MD5: a71f432f998ca908b88115db91698229
    SHA-256: fdca232e8e94803acc321870ec41e973086f6f5bf443349224ff38408de9c7aa
    Size: 66.37 MB

Asianux Server 3 for x86
  1. kernel-2.6.18-128.13AXS3.i686.rpm
    MD5: 526a66b62303a4cc5208ab0f91719599
    SHA-256: af1e65a090bae640650c3b88222cc872523911bbcf34543f16767ce4dc67c88e
    Size: 15.29 MB
  2. kernel-devel-2.6.18-128.13AXS3.i686.rpm
    MD5: 9b4702211a903fdaa748c74b7538bb3a
    SHA-256: e5d439f242d08835adfeb7901d1ec02c55fe42cfb3fb010806c098511540591b
    Size: 5.10 MB
  3. kernel-PAE-2.6.18-128.13AXS3.i686.rpm
    MD5: f81964e6669a92072c3bafd87fe391c7
    SHA-256: 83c64a9743ef8a894c4f973d0f5c1c90ebc76f2a923aa3bd4ce09258727b19fd
    Size: 15.30 MB
  4. kernel-PAE-devel-2.6.18-128.13AXS3.i686.rpm
    MD5: c00d29dbdda96af164e1a5070b5e37cc
    SHA-256: 22ed9b25e5f25d6d27bb1d127377594a40ec0d5fa6ec8d2459d1697435a80571
    Size: 5.11 MB
  5. kernel-xen-2.6.18-128.13AXS3.i686.rpm
    MD5: 0f8791614528fc27cc3648e17005c2b6
    SHA-256: 402b429d5fa2fabf6b470649573b1b7b8c1ebb731fe02a36837934e7dd1af59f
    Size: 16.27 MB
  6. kernel-xen-devel-2.6.18-128.13AXS3.i686.rpm
    MD5: 26bb8a729df524af9038f4252aebbeb7
    SHA-256: cb71f4f443d4f83cb8dabf8d77a4dbcbd3e70634dd9ea5594ad2aa9acca5eeff
    Size: 5.11 MB
  7. kernel-doc-2.6.18-128.13AXS3.noarch.rpm
    MD5: 5a651c42956add93a72bd7e209634734
    SHA-256: ecdef0bda89c973ed37b57834003f26b2cbb50db36054d86d363439ea1372f01
    Size: 2.92 MB
  8. kernel-headers-2.6.18-128.13AXS3.i386.rpm
    MD5: c6a61e088d684f94755e44b924c655b6
    SHA-256: a71c30d322562106f5edaae3d6108911232d9774ecf6b9ee72b3857c6876c6b2
    Size: 943.70 kB

Asianux Server 3 for x86_64
  1. kernel-2.6.18-128.13AXS3.x86_64.rpm
    MD5: 348f0b1b82c4499c8212f26f190fde6c
    SHA-256: e7b9bdb6e1755ffea2a80c3a86cda14a6ef51012c74574f11efa41c2561a20d4
    Size: 16.85 MB
  2. kernel-devel-2.6.18-128.13AXS3.x86_64.rpm
    MD5: 4217d9368985deb3905df9f38959439f
    SHA-256: d0875417e1874ec8587dc06f3c9053098f87ef0da376e545ffd4a442dbf8fd60
    Size: 5.29 MB
  3. kernel-headers-2.6.18-128.13AXS3.x86_64.rpm
    MD5: 9c4cff20a5e9338a4a9c46c512d0dd2f
    SHA-256: f0d3dbba16288238f7c5cc00822c199d8b9960cd3a7979d2397aa1e73ff40b38
    Size: 0.96 MB
  4. kernel-xen-2.6.18-128.13AXS3.x86_64.rpm
    MD5: f48fed9e4359db3471a8f261ee3bfca7
    SHA-256: 6a077c03cb05d95917d5aefd5b3a52f69936895fdca67f1cc8ac044e0346b676
    Size: 17.50 MB
  5. kernel-xen-devel-2.6.18-128.13AXS3.x86_64.rpm
    MD5: 61db18d5546095aa774ae6c1dda1afe6
    SHA-256: dde76d16918cb07676c44b46eb0cbe01ad71d4682fc0255f4f1bf03f6af0842a
    Size: 5.29 MB
  6. kernel-doc-2.6.18-128.13AXS3.noarch.rpm
    MD5: ecebc8b5cef032a5eaf8ed6add625467
    SHA-256: eaf9a8fe8c0b0e31a12226816b6de87acdd794f4390ec72f0a720c1eb5dd364f
    Size: 2.92 MB