kernel-2.6.18-194.10.AXS3

エラータID: AXSA:2011-47:01

Release date: 
Monday, February 21, 2011 - 20:33
Subject: 
kernel-2.6.18-194.10.AXS3
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

The kernel package contains the Linux kernel (vmlinuz), the core of your Asianux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.
Security issues fixed with this release:
CVE-2009-3080
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
CVE-2009-3620
The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.
CVE-2009-4536
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.
CVE-2010-1188
Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20, when IPV6_RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state, which is not properly handled causes the skb structure to be freed.
CVE-2010-2240
The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server.
CVE-2010-3081
The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a 'stack pointer underflow' issue, as exploited in the wild in September 2010.

Solution: 

Update packages.

CVEs: 
CVE-2009-3080
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
CVE-2009-3620
The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.
CVE-2009-4536
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.
CVE-2010-1188
Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20, when IPV6_RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state, which is not properly handled and causes the skb structure to be freed.
CVE-2010-2240
The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server.
CVE-2010-3081
The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.




Additional Info: 

N/A

Download: 

SRPMS
  1. kernel-2.6.18-194.10.AXS3.src.rpm
    MD5: 07db7c2d7f81fd4c3f8ac4eb4e12819e
    SHA-256: 576d75543fb945d17cffcbab6342da44fad01096585b74ac941c3dd807e964a4
    Size: 80.62 MB

Asianux Server 3 for x86
  1. kernel-2.6.18-194.10.AXS3.i686.rpm
    MD5: 8cfd2cb37a05baa297c3a94b117390c3
    SHA-256: 4aef71199c8e7856c3590574a0a243885f78e93c917cc4ad94f79954d41e60ff
    Size: 17.24 MB
  2. kernel-devel-2.6.18-194.10.AXS3.i686.rpm
    MD5: f69ad102aa2b42411eccc9e942bfde7b
    SHA-256: e90a8faedb488141c2e7208166e3353aa48fe200f49bd94bd9c0508b893eaee2
    Size: 5.60 MB
  3. kernel-PAE-2.6.18-194.10.AXS3.i686.rpm
    MD5: 9659849dcb5de8dcbe1d8ba6797191d3
    SHA-256: 8a16e80e220359e743bd7bba9d0842f6ebdd929730c346825144dbeec88c55e9
    Size: 17.27 MB
  4. kernel-PAE-devel-2.6.18-194.10.AXS3.i686.rpm
    MD5: de07264084e8475051cd435e47d012dd
    SHA-256: d497ea76100fc41bc012b4fd99eb61e2550a6ac92c7771fda7e08b0c28a245fb
    Size: 5.60 MB
  5. kernel-xen-2.6.18-194.10.AXS3.i686.rpm
    MD5: 326cfaf1e75b3bdf1da0fb45b8e41c8c
    SHA-256: 39d6e0dbf6aaeaf319d3dba52982005cdcdadd852a7934d450cf55f04835bc75
    Size: 18.36 MB
  6. kernel-xen-devel-2.6.18-194.10.AXS3.i686.rpm
    MD5: ef2d3d0eecfa42bda9d360c28c23ad81
    SHA-256: aba10f8f495684a6e39a3f29a3cc223d3ad9a3dd6e9d93ff1a89baebe7141e00
    Size: 5.60 MB
  7. kernel-doc-2.6.18-194.10.AXS3.noarch.rpm
    MD5: 48f3a56d9b10187c856fc61e670304ae
    SHA-256: 2213fdc1809da5ce2ab688c12298d033b96538398b33c861db70bbd15f258dc1
    Size: 3.07 MB
  8. kernel-headers-2.6.18-194.10.AXS3.i386.rpm
    MD5: 92eafee423dde816301263bdd462f426
    SHA-256: dea704cfe4287cd5899dd89e1f36a39770545d973b12d84c9d25ef09d1d9b593
    Size: 1.07 MB

Asianux Server 3 for x86_64
  1. kernel-2.6.18-194.10.AXS3.x86_64.rpm
    MD5: 4667ba5a90f2ff71994b064fb0032be4
    SHA-256: 02d003a799441dac4aba030a97dce172270f3da7c43726ec2c5e8b4f2242b810
    Size: 19.17 MB
  2. kernel-devel-2.6.18-194.10.AXS3.x86_64.rpm
    MD5: 0824bab6eec9d55d52c0ebf58e4a2a71
    SHA-256: f2bacc7c26c32370d369b222d8ccdd55f9c7822bd7ff6804adf98cc3527728e2
    Size: 5.59 MB
  3. kernel-headers-2.6.18-194.10.AXS3.x86_64.rpm
    MD5: 9d2c8b0cd728101af93a36d4c2db0607
    SHA-256: 162c8dde58e7f77360d8fb6d0d582ebb231fd4e8a67320f9edc070bd69b65807
    Size: 1.11 MB
  4. kernel-xen-2.6.18-194.10.AXS3.x86_64.rpm
    MD5: 3d3c22e1b14734b02507074a0fa697cf
    SHA-256: 45bfbfeea0da638b895d4ada93e4ccf244bc6197cf6186475b6312f07ab23ae1
    Size: 20.08 MB
  5. kernel-xen-devel-2.6.18-194.10.AXS3.x86_64.rpm
    MD5: 87c7899eba6392bebc03b5cd74de5c83
    SHA-256: 36d2ab5121277ac06a3c6c7f51ce29ba094ad3429d14946d50e3c4a01f62ff71
    Size: 5.60 MB
  6. kernel-doc-2.6.18-194.10.AXS3.noarch.rpm
    MD5: 788aa6fb9b09577d3da61b76f404149f
    SHA-256: e9b4f60347335bd337920f92adf3cdf84d1a956484ef5216fa9d137eeb56765d
    Size: 3.07 MB