kernel-2.6.18-274.6.AXS3

エラータID: AXSA:2012-251:02

Release date: 
Tuesday, March 6, 2012 - 20:44
Subject: 
kernel-2.6.18-274.6.AXS3
Affected Channels: 
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity: 
High
Description: 

The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.
Security issues fixes with this release:
CVE-2011-1020
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.
CVE-2011-4077
Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.
CVE-2011-4132
The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an invalid log first block value.
CVE-2011-4325
The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly initializing certain data, which allows local users to cause a denial of service (NULL pointer dereference and O_DIRECT oops), as demonstrated using diotest4 from LTP.
CVE-2011-4330
Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field.
CVE-2011-3637
CVE-2011-4324
CVE-2011-4348
CVE-2011-3638
CVE-2011-4086
CVE-2011-4127
CVE-2012-0028
CVE-2012-0207
No description available at the time of writing, please refer to the CVE links below.
Fixed bugs:
- If an SCSI scan was initiated on a host in recovery mode, the scan failed without any error output; this has been fixed and the SCSI layer now waits for the host to recover before starting scan operations.
- Because SG_IO ioctls were not previously implemented correctly, sending an SG_IO ioctl request to a virtio-blk disk caused the sending thread to enter an uninterruptible sleep state. SG_IO ioctls are now rejected by the virtio-blk driver: the ioctl system call will simply return an ENOTTY (Inappropriate ioctl for device) error and the thread will continue normally.

Solution: 

Update packages.

CVEs: 
CVE-2011-1020
The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.
CVE-2011-4077
Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.
CVE-2011-4132
The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an "invalid log first block value."
CVE-2011-4325
The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly initializing certain data, which allows local users to cause a denial of service (NULL pointer dereference and O_DIRECT oops), as demonstrated using diotest4 from LTP.
CVE-2011-4330
Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field.
CVE-2011-3637
The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (OOPS) via vectors that trigger an m_start error.
CVE-2011-4324
The encode_share_access function in fs/nfs/nfs4xdr.c in the Linux kernel before 2.6.29 allows local users to cause a denial of service (BUG and system crash) by using the mknod system call with a pathname on an NFSv4 filesystem.
CVE-2011-4348
Race condition in the sctp_rcv function in net/sctp/input.c in the Linux kernel before 2.6.29 allows remote attackers to cause a denial of service (system hang) via SCTP packets. NOTE: in some environments, this issue exists because of an incomplete fix for CVE-2011-2482.
CVE-2011-3638
fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations.
CVE-2011-4086
The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the _Delay and _Unwritten buffer head states, which allows local users to cause a denial of service (system crash) by leveraging the presence of an ext4 filesystem that was mounted with a journal.
CVE-2011-4127
The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.
CVE-2012-0028
The robust futex implementation in the Linux kernel before 2.6.28 does not properly handle processes that make exec system calls, which allows local users to cause a denial of service or possibly gain privileges by writing to a memory location in a child process.
CVE-2012-0207
The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.


Additional Info: 

N/A

Download: 

SRPMS
  1. kernel-2.6.18-274.6.AXS3.src.rpm
    MD5: 3517e14150b65773d88a9730b91f9d31
    SHA-256: 0b20a5f9f77be4b356571d76b7d4fab498fc6363bdd2ca2326ff8719b6b9fd52
    Size: 63.30 MB

Asianux Server 3 for x86
  1. kernel-2.6.18-274.6.AXS3.i686.rpm
    MD5: 5e19d59daebe0b684f363142df2e2452
    SHA-256: b532a19e701345e3807c49656ca9539f20d81daf3b0ff843c34be0f6111b00d5
    Size: 18.75 MB
  2. kernel-devel-2.6.18-274.6.AXS3.i686.rpm
    MD5: 114e3cb8c3c57e4c752474877367987a
    SHA-256: b3e5e6a85d299ab3709e187196c3093562da60558807310abc4098366ef77e30
    Size: 5.83 MB
  3. kernel-doc-2.6.18-274.6.AXS3.noarch.rpm
    MD5: d62ed740b053e91db4cac521c6b2b520
    SHA-256: 9ce92dfffbf1673eaf18f1500cdf2f4030e9d8ce0781375120fab4d8daf41eb9
    Size: 3.29 MB
  4. kernel-headers-2.6.18-274.6.AXS3.i386.rpm
    MD5: f9f916618b361451f959e209c5d29a8f
    SHA-256: cc750e8beef9073812057084f4bdff11f384b690b5e859565b3c6cf55e0036cf
    Size: 1.27 MB
  5. kernel-PAE-2.6.18-274.6.AXS3.i686.rpm
    MD5: c1af603cb23a0748635cf795a0197d15
    SHA-256: e169f9c76232613afda2c885f7d12e46b2b3c5f4bd7317d3b99b92b7faf7f441
    Size: 18.77 MB
  6. kernel-PAE-devel-2.6.18-274.6.AXS3.i686.rpm
    MD5: 96c5102bb8df60f8afebe61a769601af
    SHA-256: 4440a44e6ceaf5be757f1425bb50f7e2b0f83344f9c63008f12ec8693b7b7d2c
    Size: 5.83 MB
  7. kernel-xen-2.6.18-274.6.AXS3.i686.rpm
    MD5: 2ba1506a405d9aa8fbe74d5fd8c36aa3
    SHA-256: d08e2daae148b80dbf8d56de40fcacca2a5f40b041974a8fde9f95e4b0da5bf0
    Size: 19.92 MB
  8. kernel-xen-devel-2.6.18-274.6.AXS3.i686.rpm
    MD5: 8ff223e2bfcd5a33a4b6fd7cc02d735b
    SHA-256: 763a406b63acde82dc9edfd7c4cd41c2bb2bad9f68e56d38b228896d2b00cd46
    Size: 5.84 MB

Asianux Server 3 for x86_64
  1. kernel-2.6.18-274.6.AXS3.x86_64.rpm
    MD5: b6dcf3dfe82d4a4ad4a258813104bce7
    SHA-256: 17784f0db28a46b50fb76a1d1e2647e1e043f3f5683bdb3189d64928cb11170e
    Size: 20.84 MB
  2. kernel-devel-2.6.18-274.6.AXS3.x86_64.rpm
    MD5: 0f5d598fc8e850fd8990e3d328c0a185
    SHA-256: 29bf595f3116563f4f9d705d288739663a66dd0119333a2270c01526544dece7
    Size: 5.83 MB
  3. kernel-doc-2.6.18-274.6.AXS3.noarch.rpm
    MD5: 1773beeee2f6ca842e249213aec8354e
    SHA-256: 367a89cfa870ce0925d1c0921933773296c0a678e659cea15719eaaf763f70d3
    Size: 3.29 MB
  4. kernel-headers-2.6.18-274.6.AXS3.x86_64.rpm
    MD5: 7f1cb79d4ebd0ef0e3f959c923869353
    SHA-256: 22f1abda1e7776fa932f6b42bdb5a2a568c5b1c5b1d8bf08a007e5402ec1ec27
    Size: 1.30 MB
  5. kernel-xen-2.6.18-274.6.AXS3.x86_64.rpm
    MD5: a8aa340e7e9ddb92c994d64b55edb939
    SHA-256: 22c6b55b1b7423482b6ccfffc0870521a25b9fa350649d825fc4455b87b5e12a
    Size: 21.77 MB
  6. kernel-xen-devel-2.6.18-274.6.AXS3.x86_64.rpm
    MD5: 98fa05d121983c1acb8b29ae4042bfa7
    SHA-256: b6fa3db9addea36f622883d60040417bdbe9da98467ad8f1e24492c333556aa2
    Size: 5.84 MB