kernel-2.6.18-194.9.AXS3

エラータID: AXSA:2010-500:18

Release date: 
Tuesday, November 23, 2010 - 15:56
Subject: 
kernel-2.6.18-194.9.AXS3
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.
Security issues fixed with this release;
CVE-2010-3066
No description available at the time of writing, see the CVE links below.
CVE-2010-3067
Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call.
CVE-2010-3078
The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.
CVE-2010-3086
No description available at the time of writing, see the CVE links below.
CVE-2010-3477
The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942.

Solution: 

Update packages.

CVEs: 
CVE-2010-3066
The io_submit_one function in fs/aio.c in the Linux kernel before 2.6.23 allows local users to cause a denial of service (NULL pointer dereference) via a crafted io_submit system call with an IOCB_FLAG_RESFD flag.
CVE-2010-3067
Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call.
CVE-2010-3078
The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.
CVE-2010-3086
include/asm-x86/futex.h in the Linux kernel before 2.6.25 does not properly implement exception fixup, which allows local users to cause a denial of service (panic) via an invalid application that triggers a page fault.
CVE-2010-3477
The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942.
Additional Info: 

N/A

Download: 

SRPMS
  1. kernel-2.6.18-194.9.AXS3.src.rpm
    MD5: 02e84a9f3eea28c14c52a36a0fd331d8
    SHA-256: 6b5227361a0ba63c23fc89afb3428ee9108eada831e0f6620b9d9062712f49ea
    Size: 80.56 MB

Asianux Server 3 for x86
  1. kernel-2.6.18-194.9.AXS3.i686.rpm
    MD5: 6b863ab15427915946185fe379e9004a
    SHA-256: 2c52838b33ace63a66ad0fd77774ba7595d140e4d2fe0a4541e1f0d8ec07a072
    Size: 17.24 MB
  2. kernel-devel-2.6.18-194.9.AXS3.i686.rpm
    MD5: 7c37706d1b06eb0a1b1dfdc9550bfc1b
    SHA-256: 4f8eb456953b99dfa15aa20d599c0aa3121e9b392a30d6985ea6f007aaa6731a
    Size: 5.59 MB
  3. kernel-PAE-2.6.18-194.9.AXS3.i686.rpm
    MD5: 23b175cd3f03a4177ca70e270c9cccad
    SHA-256: 954452066b050b6b5dab194e7285d1f70b1383f542a8c1d102680b113c68b32e
    Size: 17.26 MB
  4. kernel-PAE-devel-2.6.18-194.9.AXS3.i686.rpm
    MD5: 1650482804a1ff43bcef0ba1b18da74f
    SHA-256: 7fef44b860c0fac41a16a87d66222596bde467613d2096c683ec8c9772f92796
    Size: 5.60 MB
  5. kernel-xen-2.6.18-194.9.AXS3.i686.rpm
    MD5: dbb36b46f144ed8d3ecda24ca63a97e0
    SHA-256: 816f9f67cff4d43c849491413cfbc458c3846a19e81aeea013d748bc3d00b940
    Size: 18.36 MB
  6. kernel-xen-devel-2.6.18-194.9.AXS3.i686.rpm
    MD5: 2da6d3321520c3fd917658195af71018
    SHA-256: 4c2c0d11867c39c5e219a0ba82bd9f869ba620dcb1fea13719598f62f3f85fd7
    Size: 5.60 MB
  7. kernel-doc-2.6.18-194.9.AXS3.noarch.rpm
    MD5: 724b10725d7dc15e16a5836d42ef1f8b
    SHA-256: 6fc9224eb585fe067aa4971c8fa1a269651a455dc950bbf27dd4fd2e0b641a32
    Size: 3.07 MB
  8. kernel-headers-2.6.18-194.9.AXS3.i386.rpm
    MD5: 75c2220e188edc2f99af00737f44bf83
    SHA-256: df1323fcdfe64d55c441e69fb7e69feb38606528f30ef64e7dc8a6d7c44e7b2d
    Size: 1.07 MB

Asianux Server 3 for x86_64
  1. kernel-2.6.18-194.9.AXS3.x86_64.rpm
    MD5: 713cf4bccb1f3b90001177ffdaa4dc84
    SHA-256: 04769cafdda83e406ae051079b81c76f7083ed8bacacb51fc09e3552014a22fd
    Size: 19.17 MB
  2. kernel-devel-2.6.18-194.9.AXS3.x86_64.rpm
    MD5: 18fdb6649e52eff976c90b9d9a636250
    SHA-256: 1b2c090db3c81d410741b73966d3b4169dbefa8afb18b7dfed06ceb0b534bb51
    Size: 5.60 MB
  3. kernel-headers-2.6.18-194.9.AXS3.x86_64.rpm
    MD5: ea6a8b549725847bc7c7c04a2afc2acf
    SHA-256: 0fb165407ded6422864fbae639b8a1d1764ec87f0b4a274ad131d70f131afc11
    Size: 1.10 MB
  4. kernel-xen-2.6.18-194.9.AXS3.x86_64.rpm
    MD5: 3acd2322db31189cf29cc88d763bf913
    SHA-256: f6bc8e3a7848116b2833d85624060430ac014d38cfcb1822101599611e502386
    Size: 20.07 MB
  5. kernel-xen-devel-2.6.18-194.9.AXS3.x86_64.rpm
    MD5: 3590d922154ab66471c8cedd7ce5608d
    SHA-256: d5cae8eb1db797fb47cfc19928783551f86afc5b583cf4c522146fe274f1bbd4
    Size: 5.60 MB
  6. kernel-doc-2.6.18-194.9.AXS3.noarch.rpm
    MD5: a39e559b72a9eb49bf0ed1d09338af54
    SHA-256: 1d9db004d9248b4313730f4b43010c4ca7f6c7fc1ffa39c2d2d8acf0faf3df37
    Size: 3.07 MB