kernel-2.6.18-348.6.AXS3

エラータID: AXSA:2013-580:06

Release date: 
Wednesday, July 31, 2013 - 10:10
Subject: 
kernel-2.6.18-348.6.AXS3
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

Security issues fixed with this release:

• CVE-2012-6544
The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation.

• CVE-2012-6545
The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.

• CVE-2013-0914
The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call.

• CVE-2013-1929
Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure.

• CVE-2013-3222
The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

• CVE-2013-3224
The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

• CVE-2013-3231
The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

• CVE-2013-3235
net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Solution: 

Update packages.

CVEs: 
CVE-2012-6544
The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation.
CVE-2012-6545
The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.
CVE-2013-0914
The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call.
CVE-2013-1929
Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure.
CVE-2013-3222
The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
CVE-2013-3224
The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
CVE-2013-3231
The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
CVE-2013-3235
net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Additional Info: 

N/A

Download: 

SRPMS
  1. kernel-2.6.18-348.6.AXS3.src.rpm
    MD5: b6d45b7834fd47e8d9605a132419209f
    SHA-256: 58f3f5f21c4046a1e9fbc7c38f98b6ed31bca2478681fb4a15b9d4937fae63b2
    Size: 65.87 MB

Asianux Server 3 for x86
  1. kernel-2.6.18-348.6.AXS3.i686.rpm
    MD5: 9166e9eb427d03e408ef3b341ce1e601
    SHA-256: 9a5a397f6b2d909af4b26804647b3e783bd542d6242ef0eaf4b9cc6416ed1436
    Size: 19.80 MB
  2. kernel-devel-2.6.18-348.6.AXS3.i686.rpm
    MD5: 9f12d06ace2a13ae695cd6a185722c5b
    SHA-256: e8378d076bd04f50524b738ceb891381c41f8ba888371a34f039c0cdca190a14
    Size: 6.05 MB
  3. kernel-doc-2.6.18-348.6.AXS3.noarch.rpm
    MD5: ca31128a711d54d7f857cc20989ffc33
    SHA-256: 62e665ca492a109b85b568aa428319149e7a9d517ff411f2e91a6f3546c12e93
    Size: 3.48 MB
  4. kernel-headers-2.6.18-348.6.AXS3.i386.rpm
    MD5: 680b39fe91da2ee185601e9c43983f9e
    SHA-256: e255bd216963a1bb7dcfb546f901b8b48fb8634cea6a44679090a72366f5b12f
    Size: 1.45 MB
  5. kernel-PAE-2.6.18-348.6.AXS3.i686.rpm
    MD5: a27c096bc2fdaa6df3d58fc5f4ba7739
    SHA-256: e2efe9590022e50e247935b59d739731df5870b8bbf2bc75676a6642904cadad
    Size: 19.82 MB
  6. kernel-PAE-devel-2.6.18-348.6.AXS3.i686.rpm
    MD5: ce1c4fc5d051e1f54e493c36cbf4db88
    SHA-256: fb29e0a6a33651f149c574e34d729e68d1373924a53de556560819eae32d02e0
    Size: 6.06 MB
  7. kernel-xen-2.6.18-348.6.AXS3.i686.rpm
    MD5: 618dc9c496d1e9e8dbd17183294cbb61
    SHA-256: 433374d2e7ed62d2ff0c5efcc7301827a69ed04bae3d5f24f23b1adb92758e47
    Size: 20.92 MB
  8. kernel-xen-devel-2.6.18-348.6.AXS3.i686.rpm
    MD5: 09231f09d566651bd264828049d2de27
    SHA-256: 84d61728f5c4bd32ef4ea6f13365552f97da74ba9c8e22d44d080d22606f77cd
    Size: 6.06 MB

Asianux Server 3 for x86_64
  1. kernel-2.6.18-348.6.AXS3.x86_64.rpm
    MD5: 31f6da812dcda7ab54d11fe93250df67
    SHA-256: b14ae012bd8614bff476e763fe0e0dfd2a058e93ed7f99833a581b3e4d129548
    Size: 22.11 MB
  2. kernel-devel-2.6.18-348.6.AXS3.x86_64.rpm
    MD5: 7faf2dc80fb98998eafdc58927f08172
    SHA-256: f37c75dfc9c7bf9af531d443fcf18fabe01876d261a1b2bd029d218fc9366b2d
    Size: 6.05 MB
  3. kernel-doc-2.6.18-348.6.AXS3.noarch.rpm
    MD5: 91370051ddd147513237c3136a6dd10d
    SHA-256: 576adc127166d9b381b787a6ebae736b25c087734020bfeaeb47c4a716b61824
    Size: 3.48 MB
  4. kernel-headers-2.6.18-348.6.AXS3.x86_64.rpm
    MD5: 80512b1d1303923cd5468b4909953468
    SHA-256: b066d1929a957b304e2236c1cf26b067fdb643449b5f0e2ffde50288af87ac70
    Size: 1.49 MB
  5. kernel-xen-2.6.18-348.6.AXS3.x86_64.rpm
    MD5: 0cfdaadd927e8c46a25cfe69c68ae736
    SHA-256: 7b0255a85169d9ff894283bc968b4e6e7ccb4cd993968af29b3c966807ca4757
    Size: 22.97 MB
  6. kernel-xen-devel-2.6.18-348.6.AXS3.x86_64.rpm
    MD5: fd8ed56c786dfbf5b03e4aea6fcf8dca
    SHA-256: 0fcff6320ffb31106df44bbc8d4e7e05ddc5718299fa2bdcdbb2e1310ce9eb95
    Size: 6.05 MB