kernel-2.6.18-8.17AXS3

エラータID: AXSA:2008-82:04

Release date: 
Sunday, September 28, 2008 - 15:45
Subject: 
kernel-2.6.18-8.17AXS3
Affected Channels: 
Asianux Server 3 for ppc
Asianux Server 3 for ia64
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity: 
High
Description: 

The kernel packages contain the Linux kernel, the core of any Linux
operating system.
CVE-2007-5498: The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service (host OS crash) via a request that specifies a large number of blocks.
CVE-2008-0007: Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset.
CVE-2008-1367: gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.
CVE-2008-1375: Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.
CVE-2008-1619: The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers to cause a denial of service (dom0 panic) via certain traffic, as demonstrated using an FTP stress test tool.
CVE-2008-1669: Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain re-ordered access to the descriptor table.
CVE-2007-5093: The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 relies on user space to close the device

Solution: 

Update packages

CVEs: 
CVE-2007-5498
The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service (host OS crash) via a request that specifies a large number of blocks.
CVE-2008-0007
Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset.
CVE-2008-1367
gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.
CVE-2008-1375
Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.
CVE-2008-1619
The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers to cause a denial of service (dom0 panic) via certain traffic, as demonstrated using an FTP stress test tool.
CVE-2008-1669
Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table."
CVE-2007-5093
The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 "relies on user space to close the device," which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consumption in khubd) by not closing the device after the disconnect is invoked. NOTE: this rarely crosses privilege boundaries, unless the attacker can convince the victim to unplug the affected device.
CVE-2007-6282
The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV.
CVE-2008-1615
Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls.
CVE-2007-6712
Integer overflow in the hrtimer_forward function (hrtimer.c) in Linux kernel 2.6.21-rc4, when running on 64-bit systems, allows local users to cause a denial of service (infinite loop) via a timer with a large expiry value, which causes the timer to always be expired.
CVE-2008-0598
Unspecified vulnerability in the 32-bit and 64-bit emulation in the Linux kernel 2.6.9, 2.6.18, and probably other versions allows local users to read uninitialized memory via unknown vectors involving a crafted binary.
CVE-2008-2358
Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges via an invalid feature length, which leads to a heap-based buffer overflow.
CVE-2008-2729
arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information.
CVE-2008-1294
Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits.
CVE-2008-2136
Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count.
CVE-2008-2826
Integer overflow in the sctp_getsockopt_local_addrs_old function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service (resource consumption and system outage) via vectors involving a large addr_num field in an sctp_getaddrs_old data structure.
CVE-2008-2812
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
Additional Info: 

N/A

Download: 

Asianux Server 3 for x86
  1. kernel-2.6.18-8.17AXS3.i686.rpm
    MD5: 878da8b50a4d6a3e8c0469ca8da99d39
    SHA-256: 7f38559e0d505314206c1acf88b351e9a3e0a3576a5318103c0d76635987daed
    Size: 12.82 MB
  2. kernel-devel-2.6.18-8.17AXS3.i686.rpm
    MD5: ec9dfb364a4557be237066a777ec364f
    SHA-256: e575e216bedfcf5c0152c28c421b664a32ce2ff3a6f4ea2d9aa92df384b52cd9
    Size: 4.72 MB
  3. kernel-PAE-2.6.18-8.17AXS3.i686.rpm
    MD5: 0f5ece45f48a7fc01829ac4a5a3c5d25
    SHA-256: 9909988c653390612b689c09f8d902925b942dbc5d19dd07a1c7fb6962b06ae1
    Size: 12.83 MB
  4. kernel-PAE-devel-2.6.18-8.17AXS3.i686.rpm
    MD5: 50a7fe53bd211d190f5cc16e22f490a8
    SHA-256: ffd43702580592041298b978e777e86908e546f2e78c1788229e433dd73ce937
    Size: 4.73 MB
  5. kernel-xen-2.6.18-8.17AXS3.i686.rpm
    MD5: 6848b5caac207314fd9714b8a2d23f0f
    SHA-256: 27d1ce6040357bddad693fecda5a64e17bfaf22d23ede0a4ed6e58d7d90d1cf3
    Size: 13.41 MB
  6. kernel-xen-devel-2.6.18-8.17AXS3.i686.rpm
    MD5: 83ff6a9c9a98b9a2990db68690533b1d
    SHA-256: 62ca9ade0809920ad39a88d32c92820727509e172d9b88e08af25e995bdb2032
    Size: 12.59 MB
  7. kernel-doc-2.6.18-8.17AXS3.noarch.rpm
    MD5: a8154e06fcdba9fa5b242323c40470db
    SHA-256: a48c37fc0bdd66e3d89f7d0dfad3aaa24446768001e2c10047baa5bc55dadd04
    Size: 2.77 MB
  8. kernel-headers-2.6.18-8.17AXS3.i386.rpm
    MD5: a46eacd835feebadde8855125af036c6
    SHA-256: 223a6653b765f23dbbc831fe2e5a52d93da0d93782388cf4b7e18a07c5282fa3
    Size: 757.91 kB

Asianux Server 3 for x86_64
  1. kernel-2.6.18-8.17AXS3.x86_64.rpm
    MD5: aa0674dc79779c98731810b923bb704c
    SHA-256: 948fd2255668985650aa02106ae7487eeaf5262067a795ffaada4fde47e66017
    Size: 14.91 MB
  2. kernel-devel-2.6.18-8.17AXS3.x86_64.rpm
    MD5: c0341b81a5f03560daf6c026ac6447f6
    SHA-256: 576cf61aeebf36a36f5013aad542b7e49db23c071bc89ab14fdf0e7d31d3e8dd
    Size: 4.90 MB
  3. kernel-headers-2.6.18-8.17AXS3.x86_64.rpm
    MD5: f8d18aefb31909ed8da54e47afb49bd0
    SHA-256: b24c0cd7a8fc5c420d1afcee5d6d950772ebc614fc521462c9ad6c3c38d7d1be
    Size: 795.05 kB
  4. kernel-xen-2.6.18-8.17AXS3.x86_64.rpm
    MD5: 260ea2add1fa3da345e33392b3ac3851
    SHA-256: 8189bfa2efc091cfc308930801397082ef44ff1ebabc177aaa92b5e0a24b09f5
    Size: 15.20 MB
  5. kernel-xen-devel-2.6.18-8.17AXS3.x86_64.rpm
    MD5: 5989a36308127f4c0de7684f14fda572
    SHA-256: 25e15fa525b6360569512f2374e26096d3ea8587a709e1a4731991875c8a5c4f
    Size: 13.04 MB
  6. kernel-doc-2.6.18-8.17AXS3.noarch.rpm
    MD5: a807dde6aa6da60bb699fa7cecb81967
    SHA-256: b4e6833eeadb887a3cd77b9db82fad98f2ee3e64e794066ad20a89c284253857
    Size: 2.77 MB