kernel-2.6.18-53.13AXS3
エラータID: AXSA:2008-501:06
The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.
CVE-2007-6417:
The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash).
CVE-2007-6716:
fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test.
CVE-2008-2931:
The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.
CVE-2008-3272:
The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information.
CVE-2008-3275:
The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service (overflow of the UBIFS orphan area) via a series of attempted file creations within deleted directories.
- [cpufreq] : coordinate to keep abi compatibility [Bug 4145]
- revert : CVE-2007-4571 : Convert snd-page-alloc proc file to use seq_file for
- alsa [Bug 4145]
- [sky2] : Disable checksum on Yukon2-XL to prevent an annoying error message caused by the chip glitch [Bug 4898]
- [scsi] replace : megaraid_sas: wait for cmd_status to change [Bug 4543]
- [nfs] sunrpc: fix hang due to eventd deadlock [Bug 4703]
- [nfs] sunrpc: fix a race in rpciod_down [Bug 4703]
- [scsi] megaraid_sas: wait for cmd_status to change [Bug 4543]
- [scsi] megaraid_sas: many illegal interrupts appear [Bug 4779]
- [cpufreq] Add check for dmi_data in powernow_k8 driver [Bug 4604]
- [MAZE] Update MAZE to replace [Bug 4774]
- [cpufreq] revert: Hot fix about cpufreq [Bug 4604]
- [cxgb3] revert: Merge cxgb3 driver version 1.0.129a. Although TOE can work with CONFIG_TCP_OFFLOAD, we disable by default. [Bug 4145]
- [net] ipv6: Drop packets for loopback address from outside of the box [Bug 4546]
- [scsi] lpfc: Update version from 8.1.10.9 to 8.2.0.22 with bug fix [Bug 4462]
- [cpufreq] Hot fix about cpufreq [Bug 3958]
- [cpufreq] Hot fix about cpufreq [Bug 4531]
- [x86] Correct cpu cache info for Intel Tolapai [Bug 4475]
- [x86] Support ICH10 [Bug 4527]
- [misc] Fix a deadlock about smp_send_stop when panic [Bug 4205]
- [misc] Fix a deadlock on on_each_cpu [Bug 4345]
- [x86] report_lost_ticks fix up [Bug 4161]
- [e1000e] Revert 7.6.15.5-NAPI and update to 0.2.9.5 [Bug 4247]
- [net] (IPV6) Accept routing header only when hdr->segments_left is zero [Bug 4377]
- [net] (IPV6) Fix BUG of ndisc_send_redirect () backport from 2.6.20 [Bug 4379]
- [net] (IPV6) Fix ICMPv6 redirect handling with target multicast address backport from 2.6.23 [Bug 4379]
- [net] (IPV6) Defer IPv6 device initialization until a valid qdisc is specified [Bug 4380]
- [ioat] Update ioat device ids [Bug 4289]
- CVE-2007-4571 : Convert snd-page-alloc proc file to use seq_file for alsa
- CVE-2007-4997 : off-by-two integer underflow for ieee80211
- CVE-2007-5494 : missing dput in do_lookup error leaks dentries for fs
- [fs] sysfs: store inode nrs in s_ino {CVE-2007-3104}
- [fs] sysfs: fix condition check in sysfs_drop_dentry () CVE-2007-3104}
- [fs] sysfs: fix race condition around sd->s_dentry {CVE-2007-3104} []
- [fs] core dump file ownership{CVE-2007-6206}
- [fs] corruption by unprivileged user in directories {CVE-2008-0001}
- CVE-2008-0600 : kernel vmsplice_to_pipe flaw
- CVE-2006-6921 : Denial of service with wedged processes
- CVE-2007-6063 : fix possible isdn_net buffer overflows
- CVE-2007-6694 : fix possible strncmp NULL pointer usage
- CVE-2007-5938 : fix NULL dereference in iwl driver
- [KAHO] Delete Debug option [Bug 4290]
- [KAHO] Fix the invalid state change [Bug 4291]
- [KAHO] Fix the deadlock in consecutive memory allocation [Bug 4292]
- [KAHO] Fix typo in error message [Bug 4293]
- [MAZE] Update MAZE to replace [Bug 4309]
- [e1000e] Fix network link down when repeating to reboot [Bug 4184]
- [MAZE] Update MAZE to replace [Bug 4181]
- [E7221] Add E7221 pci ids to kernel [Bug 3909]
- [IA64] forbid ptrace changes psr.ri to 3 [Bug 3576]
- [igb] Backport .6.18 [Bug 4129]
- [stex] Update 06.0205.00 [Bug 3858]
- [ocfs2] Update version number to 1.2.8 [Bug 4073]
- [e1000e] Fix unknown symbol e1000_intr_msi [Bug 4105]
- [e1000e] Fix ethtool gets a wrong driver name [Bug 4144]
- [IOAPIC] Fix IOAPIC uniqe ID checking [Bug 4057]
- [cxgb3] Merge cxgb3 driver version 1.0.129a. Although TOE can work with CONFIG_TCP_OFFLOAD, we disable by default. [Bug 3928]
- [ixgbe] Add support ixgbe-1.3.16.1 [ Bug 3950]
- [dca] Add a new module dca which depend by ioat && ixgbe
- [igb] Update igb driver to version 1.2.22 [Bug 3954]
- [ioat] Update ioat driver to version 1.9 and support unisys [Bug 3956]
- [ACPICA] Fix acpi-cpufreq boot crash due to _PSD return-by-reference [ Bug 3957]
- [e1000e] Update e1000e to v7.6.15 with replace [Bug 4055]
- [comptemp] Add support coretemp driver for hwmon using a snapshot of torvalds/linux-2.6.git [Bug 4071]
- [it87] Add IT8716F/IT8718F/IT8726F support [Bug 4072]
- [ocfs2] Update ocfs2 driver to version 1.2.8-2 [Bug 4073]
- [PCI IDS] Update pci_ids
HT1000
MCP67/73/77
VIA VT8237S
INTEL TOLAPAI
BCM82XX
- [KAHO] Add KAHO runtime binary ion (bug#4019)
- [MAZE] Add MAZE Monitoring function (bug#4025)
- [SCTP] Upgrade of based codes to 2.6.21 of stock kernel and bug fix for AXS3SP1 (, bug#4027)
- Build Base Kernel For Asianux
- Merge patches from AX20 SP2
- Merge patches from AXS3
- [GFS2] handle multiple demote requests
- [scsi] megaraid_sas: kabi fix for /proc entries
- [sound] allow creation of null parent devices
- [net] iwlwifi: avoid BUG_ON in tx cmd queue processing
- [GFS2] Get super block a different way
- [GFS2] dlm: schedule during recovery loops
- Revert: [pata] IDE (siimage) panics when DRAC4 reset
- Revert: [net] bonding: convert timers to workqueues
- [pata] enable IDE (siimage) DRAC4
- [GFS2] gfs2_writepage(s) workaround
- [scsi] aacraid: Missing ioctl permission checks {CVE-2007-4308}
- [GFS2] Solve journaling/{release|invalidate}page issues
- [GFS2] Fix i_cache stale entry
- [GFS2] deadlock running revolver load with lock_nolock
Update packages
Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has died.
The sysfs_readdir function in the Linux kernel 2.6, as used in Red Hat Enterprise Linux (RHEL) 4.5 and other distributions, allows users to cause a denial of service (kernel OOPS) by dereferencing a null pointer to an inode in a dentry.
The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges.
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.
The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.
Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an "off-by-two error."
Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP.
The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwl_get_hw_mode return value without checking for NULL, which might allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors during module initialization.
Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function.
The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.
The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference.
VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.
The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.
fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test.
The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash).
The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories.
The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which allows local users to obtain sensitive information.
The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.
From Asianux Server 3 SP1 updated packages.