kernel-2.6.18-194.4.AXS3

エラータID: AXSA:2010-426:13

Release date: 
Wednesday, August 25, 2010 - 21:00
Subject: 
kernel-2.6.18-194.4.AXS3
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.
Security issues fixed in this release:
CVE-2010-1084
Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allows remote attackers to cause a denial of service (memory corruption) via a large number of Bluetooth sockets, related to the size of sysfs files in:
(1) net/bluetooth/l2cap.c,
(2) net/bluetooth/rfcomm/core.c,
(3) net/bluetooth/rfcomm/sock.c,
(4) net/bluetooth/sco.c.
CVE-2010-2070
arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and possibly other kernel versions, when running on IA-64 architectures, allows local users to cause a denial of service and "turn on BE by modifying the user mask of the PSR," as demonstrated via exploitation of CVE-2006-0742.
CVE-2010-2066
CVE-2010-2226
CVE-2010-2248
CVE-2010-2521
CVE-2010-2524
No information available at the time of writing, see the links below.
Fixed bugs:
See the changelog, summarized here:
- [scsi] qla2xxx: update firmware to version 5.03.02
- [message] mptsas: fix disk add failing due to timeout
- [block] cfq-iosched: fix bad locking in changed_ioprio
- [block] cfq-iosched: kill cfq_exit_lock
- [net] tcp: fix rcv mss estimate for lro
- [net] cnic: fix panic when nl msg rcvd when device down
- [pci] acpiphp: fix missing acpiphp_glue_exit

Solution: 

Update packages.

CVEs: 
CVE-2010-1084
Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allows remote attackers to cause a denial of service (memory corruption) via a large number of Bluetooth sockets, related to the size of sysfs files in (1) net/bluetooth/l2cap.c, (2) net/bluetooth/rfcomm/core.c, (3) net/bluetooth/rfcomm/sock.c, and (4) net/bluetooth/sco.c.
CVE-2010-2066
The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor.
CVE-2010-2070
arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and possibly other kernel versions, when running on IA-64 architectures, allows local users to cause a denial of service and "turn on BE by modifying the user mask of the PSR," as demonstrated via exploitation of CVE-2006-0742.
CVE-2010-2226
The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file.
CVE-2010-2248
fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel before 2.6.34-rc4 allows remote attackers to cause a denial of service (panic) via an SMB response packet with an invalid CountHigh value, as demonstrated by a response from an OS/2 server, related to the CIFSSMBWrite and CIFSSMBWrite2 functions.
CVE-2010-2521
Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the read_buf and nfsd4_decode_compound functions.
CVE-2010-2524
The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals.
Additional Info: 

N/A

Download: 

SRPMS
  1. kernel-2.6.18-194.4.AXS3.src.rpm
    MD5: 1b9ef3f46e525b4976346fff25724aaf
    SHA-256: 434fc6c7bc0aa350e4a85dff9d5c7b2f8b15746d3d18a7bcf99b320f6be5c522
    Size: 80.43 MB

Asianux Server 3 for x86
  1. kernel-2.6.18-194.4.AXS3.i686.rpm
    MD5: c042327e5bc4a3bedc66816258516724
    SHA-256: 07a7be2c51b1318056f84283605a725b0ad1c23bbd038fdedb4f178a4fa67308
    Size: 17.22 MB
  2. kernel-devel-2.6.18-194.4.AXS3.i686.rpm
    MD5: 94fb6ee11ff4fa9133384b8895b56a85
    SHA-256: 90817ee6a03aad54274679195fdbcac73914b87b59f3771353d6ef2dfe95ae6e
    Size: 5.58 MB
  3. kernel-PAE-2.6.18-194.4.AXS3.i686.rpm
    MD5: 982865a726d520726fd34144e9b3a711
    SHA-256: 551f4140bdcde0f6b0ee5d30da769e688ce578ba266ef6d1c658ff90398bf72f
    Size: 17.24 MB
  4. kernel-PAE-devel-2.6.18-194.4.AXS3.i686.rpm
    MD5: 2661659f050551872576e4e8cdfb81e5
    SHA-256: c1aed9329a94b2a25058bfb12cf6d09a66b0c692420d0b693af601b2cc72ce53
    Size: 5.59 MB
  5. kernel-xen-2.6.18-194.4.AXS3.i686.rpm
    MD5: f1e64e9a770a03bb159fa65a2fd51c11
    SHA-256: b9d82a7caca5fcdeed426deea0118a0f13839dd48829eb5cc41108a9b5dffecb
    Size: 18.34 MB
  6. kernel-xen-devel-2.6.18-194.4.AXS3.i686.rpm
    MD5: 71121015a49c9b411e0c105edb52689b
    SHA-256: 2971afa77b1c1b5a85b7b271bcbcdc951a28fae3eafe05b66892e23fc7ca8587
    Size: 5.59 MB
  7. kernel-doc-2.6.18-194.4.AXS3.noarch.rpm
    MD5: 7aeaedee11a8cae0b4d0ab6c1f51e88b
    SHA-256: 7ad285778c1e52bd11fc944114a645051bf1612cc4236d39bfc9fa2ec54c631c
    Size: 3.06 MB
  8. kernel-headers-2.6.18-194.4.AXS3.i386.rpm
    MD5: 0a2d8840cba3b8e186669e3e8987ed0e
    SHA-256: 7412f7e5217840c838fd6bba45cf35b1893d00683d268a310a9c2c7788c79f27
    Size: 1.06 MB

Asianux Server 3 for x86_64
  1. kernel-2.6.18-194.4.AXS3.x86_64.rpm
    MD5: 2d166ee905d05f6fcef5c39b99f88161
    SHA-256: 61189d9bb9c6918bc4cc3386c35839219219115fe2626a675753e5dd90641a49
    Size: 19.15 MB
  2. kernel-devel-2.6.18-194.4.AXS3.x86_64.rpm
    MD5: 56031d47615297794bce0615f3bc51a8
    SHA-256: c904dd99b0e7836ae3b6e85325ff77747424694866eaa90c01d69cad7993ec69
    Size: 5.58 MB
  3. kernel-headers-2.6.18-194.4.AXS3.x86_64.rpm
    MD5: e606e45fef1aaf388f8f09b108446b32
    SHA-256: 9821a361112f3b47f9bbe55d762aaa0c935bdfa448ac3fca00199b2ffa8d1030
    Size: 1.10 MB
  4. kernel-xen-2.6.18-194.4.AXS3.x86_64.rpm
    MD5: 0eaabd5c472b46e081f2596c9e2d0c10
    SHA-256: a11e11fd1fc54bc1f458fad5f38cf05199205b2f1758faaa53d2dd2e5fd6dbee
    Size: 20.05 MB
  5. kernel-xen-devel-2.6.18-194.4.AXS3.x86_64.rpm
    MD5: 84a8e1d2926d8d5b421481e6bcd29cb4
    SHA-256: a2c80fc7562dfa9da50a0e060552c9af4201039164cd84782f7a213bd4e7dd21
    Size: 5.58 MB
  6. kernel-doc-2.6.18-194.4.AXS3.noarch.rpm
    MD5: d43d5eee64fe9dbe93233aac26156178
    SHA-256: 41cc528069950ad1dcbfbf5b2f9757cb0484f91d6a7a7754f10fde80a7e841e3
    Size: 3.06 MB