kernel-2.6.18-194.12.AXS3

エラータID: AXSA:2011-194:03

Release date: 
Thursday, May 19, 2011 - 10:21
Subject: 
kernel-2.6.18-194.12.AXS3
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.
Security issues fixed with this release:
CVE-2010-4346
The install_special_mapping function in mm/mmap.c in the Linux kernel before 2.6.37-rc6 does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application.
CVE-2011-0521
The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a negative value.
CVE-2011-1010
Buffer overflow in the mac_partition function in fs/partitions/mac.c in the Linux kernel before 2.6.37.2 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via a malformed Mac OS partition table.
CVE-2011-1090
The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service (panic) via a crafted attempt to set an ACL.
CVE-2011-1478
No description available at the time of writing, please refer to the CVE links below.

Solution: 

Update packages.

CVEs: 
CVE-2010-4346
The install_special_mapping function in mm/mmap.c in the Linux kernel before 2.6.37-rc6 does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application.
CVE-2011-0521
The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a negative value.
CVE-2011-1010
Buffer overflow in the mac_partition function in fs/partitions/mac.c in the Linux kernel before 2.6.37.2 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via a malformed Mac OS partition table.
CVE-2011-1090
The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service (panic) via a crafted attempt to set an ACL.
CVE-2011-1478
The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of service (NULL pointer dereference) via a malformed VLAN frame.
Additional Info: 

N/A

Download: 

Asianux Server 3 for x86
  1. kernel-2.6.18-194.12.AXS3.i686.rpm
    MD5: 9f7ce75386b5728dffe22561cd94ccdc
    SHA-256: e73c1538c79a6f831993c67ce8ea827df3080b9f1896761763ed51dfa0fb6c85
    Size: 17.26 MB
  2. kernel-devel-2.6.18-194.12.AXS3.i686.rpm
    MD5: a95354af5407bb8817779717f32a02d5
    SHA-256: 22a502a84e81bff5c382e091f853290ca40d0359dc5ad9c789bd549afad8456f
    Size: 5.60 MB
  3. kernel-PAE-2.6.18-194.12.AXS3.i686.rpm
    MD5: 896f14c146c2939636a5e601b2bd9139
    SHA-256: add013c9c97f86ce75142f75ec2739781fb0c7239ff39e0a13d357757d05daef
    Size: 17.28 MB
  4. kernel-PAE-devel-2.6.18-194.12.AXS3.i686.rpm
    MD5: 9c40f6d3bc995c540651a9ea80230215
    SHA-256: 0a5444ee8037d0a475b17a06a1d2369aa1c839c47dfe1598ac5b49174c19799f
    Size: 5.61 MB
  5. kernel-xen-2.6.18-194.12.AXS3.i686.rpm
    MD5: 3d0fcfa059a301535fd193e9ac10c9f4
    SHA-256: 2bbac54f61e97221841a7af0bab8ee230195a0933638895531c8f7a68101dd84
    Size: 18.37 MB
  6. kernel-xen-devel-2.6.18-194.12.AXS3.i686.rpm
    MD5: ad5c30b04ff183c5542c79bb5ec4c347
    SHA-256: 176aa057be05db268b4ed04310b6873868bd84361c11b99b70c606aa0014d651
    Size: 5.61 MB
  7. kernel-doc-2.6.18-194.12.AXS3.noarch.rpm
    MD5: 23420bc25862e601fbfda0958632c7a4
    SHA-256: 6d9cea40952bf145aa38580fa0f2bd5c0640e3ba7ca48ae33290d3d375226d73
    Size: 3.08 MB
  8. kernel-headers-2.6.18-194.12.AXS3.i386.rpm
    MD5: 15cc2df4ca7ecccac4a7c8796116e21e
    SHA-256: 42e1a2e71ca637543602e40c128ce5e27febb5294929d6730625484402a45b91
    Size: 1.08 MB

Asianux Server 3 for x86_64
  1. kernel-2.6.18-194.12.AXS3.x86_64.rpm
    MD5: bdd2245d5daaa1f2dfb60ae1accc5ca4
    SHA-256: 5abdcf6059a2f3dbebd5a79a03d4044521a751d1b96fde558c80f0d6abb2b8f1
    Size: 19.19 MB
  2. kernel-devel-2.6.18-194.12.AXS3.x86_64.rpm
    MD5: 1837d95dcb79e7f4f1f377c2101dc1ca
    SHA-256: dda85b35966b6bae41a75249388bff764634359ca2d6bcef06d82c9c2f23366a
    Size: 5.61 MB
  3. kernel-headers-2.6.18-194.12.AXS3.x86_64.rpm
    MD5: 19e36d284af8d3dc01741849b6c8da8c
    SHA-256: 74f63cda0b8cd5ba19419cd86cc2c0fce3fcebffa9db2ec424a8d9eb00f0dbb6
    Size: 1.11 MB
  4. kernel-xen-2.6.18-194.12.AXS3.x86_64.rpm
    MD5: b114f9f8d2deb7d9a97843626ae011bb
    SHA-256: 7c7b4664b54dac5a138d4871d0f7bf2a60b929a404a73fe94b3047ffbe244025
    Size: 20.09 MB
  5. kernel-xen-devel-2.6.18-194.12.AXS3.x86_64.rpm
    MD5: 8e2c303803a3c66e2f2183b16bca0a12
    SHA-256: 4c682d0778274e1ff90506a50ffe3635a356534748bc9d619e720d60d8b2fb01
    Size: 5.61 MB
  6. kernel-doc-2.6.18-194.12.AXS3.noarch.rpm
    MD5: d9478ea512db05503fd32737b64b2623
    SHA-256: 3ca4bc414b7bfdd26a9627f319a6b0c80539d04fa9ad6a7d9f138f777fdc96bf
    Size: 3.08 MB