kernel-2.6.18-238.2.AXS3
エラータID: AXSA:2011-282:05
リリース日:
2011/09/13 Tuesday - 11:52
題名:
kernel-2.6.18-238.2.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。<br />
<br />
[Enhancement]<br />
- ベースバージョンをRHEL5.6にアップグレードしました。<br />
RHEL5.6のカーネルをベースにいくつかのバグフィックスと装置のサポートを行っています。<br />
- qla4xxxドライバを5.02.04.02.05.06-d0にアップグレードしました。<br />
- qla2xxxドライバを8.03.01.05.05.06-kにアップグレードしました。<br />
- lpfcドライバを8.2.0.87.1pにアップグレードしました。<br />
- fusionドライバを3.4.15にアップグレードしました。<br />
- mpt2sasドライバを05.101.00.02にアップグレードしました。<br />
- 3w-9xxxドライバを2.26.08.007-2.6.18RHにアップグレードしました。<br />
- megaraid_sasドライバを4.31にアップグレードしました。<br />
- bnx2iドライバを2.1.3にアップグレードしました。<br />
- be2netドライバを2.102.518rにアップグレードしました。<br />
- enicドライバを1.4.1.2にアップグレードしました。<br />
- netxen_nicドライバを4.0.74にアップグレードしました。<br />
- bnx2ドライバを2.0.8-rhにアップグレードしました。<br />
- tg3ドライバを3.108にアップグレードしました。<br />
- e1000eドライバを1.2.7-k2にアップグレードしました。<br />
- sfcドライバをカーネル2.6.36相当にアップグレードしました。<br />
- qlgeドライバを1.00.00.25にアップグレードしました。<br />
- ixgbeドライバを2.0.84-k2にアップグレードしました。
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2011-1478
The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of service (NULL pointer dereference) via a malformed VLAN frame.
The napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of service (NULL pointer dereference) via a malformed VLAN frame.
CVE-2011-1763
The get_free_port function in Xen allows local authenticated DomU users to cause a denial of service or possibly gain privileges via unspecified vectors involving a new event channel port.
The get_free_port function in Xen allows local authenticated DomU users to cause a denial of service or possibly gain privileges via unspecified vectors involving a new event channel port.
CVE-2011-1166
Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables.
Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables.
CVE-2011-1080
The do_replace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability to replace a table, and then reading a modprobe command line.
The do_replace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability to replace a table, and then reading a modprobe command line.
CVE-2011-1079
The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command.
The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command.
CVE-2011-1078
The sco_sock_getsockopt_old function in net/bluetooth/sco.c in the Linux kernel before 2.6.39 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via the SCO_CONNINFO option.
The sco_sock_getsockopt_old function in net/bluetooth/sco.c in the Linux kernel before 2.6.39 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via the SCO_CONNINFO option.
CVE-2010-4343
drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file.
drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file.
CVE-2010-4263
The igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Linux kernel before 2.6.34, when Single Root I/O Virtualization (SR-IOV) and promiscuous mode are enabled but no VLANs are registered, allows remote attackers to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via a VLAN tagged frame.
The igb_receive_skb function in drivers/net/igb/igb_main.c in the Intel Gigabit Ethernet (aka igb) subsystem in the Linux kernel before 2.6.34, when Single Root I/O Virtualization (SR-IOV) and promiscuous mode are enabled but no VLANs are registered, allows remote attackers to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via a VLAN tagged frame.
CVE-2010-4255
The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.
The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.
CVE-2010-4243
fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.
fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.
CVE-2010-4238
The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information.
The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information.
CVE-2010-4158
The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter.
The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter.
CVE-2010-4081
The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call.
The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call.
CVE-2010-4080
The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call.
The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call.
CVE-2010-4075
The uart_get_count function in drivers/serial/serial_core.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.
The uart_get_count function in drivers/serial/serial_core.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.
CVE-2010-4073
The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c.
The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c.
CVE-2010-4072
The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."
The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."
CVE-2010-3877
The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.
The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.
CVE-2010-3296
The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIO_GET_QSET_NUM ioctl call.
The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIO_GET_QSET_NUM ioctl call.
CVE-2010-4526
Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.
Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.
追加情報:
Asianux 3 SP4向けのパッケージです。
ダウンロード:
SRPMS
- kernel-2.6.18-238.2.AXS3.src.rpm
MD5: 697b98d9bf30db41e9a63e55cf2b2585
SHA-256: 1d4265b9fbde2874f53635df63ef8dda2d691403a5bf9e2c4e558602f0569864
Size: 86.04 MB
Asianux Server 3 for x86
- kernel-2.6.18-238.2.AXS3.i686.rpm
MD5: ba27b0b20aab446906350752277cc8c8
SHA-256: 5322cc63a6ba09d0b4da425b83cc5a0ffb63a2b7d96b15f417fbf1cf10cd2a9d
Size: 17.54 MB - kernel-debug-devel-2.6.18-238.2.AXS3.i686.rpm
MD5: 1dece7870b7d4986492f3bde6a4b6fd2
SHA-256: d3d911bb122734be78581f31f008051f0b426f0be32ebb7d04e462f8a4421097
Size: 5.75 MB - kernel-devel-2.6.18-238.2.AXS3.i686.rpm
MD5: 260e2e16e002b3fa39272c60a54a9426
SHA-256: 238e9291cd224b386178088f30b5fb5394fa17758fd42df714f3d28f227a99cb
Size: 5.69 MB - kernel-PAE-2.6.18-238.2.AXS3.i686.rpm
MD5: 2a139ce209f6899a9db32dd2ff2e2d51
SHA-256: 0b4978b9e5f36ca3bbca3675aac542573b05a0fe28dbe6c5feda13a992f47519
Size: 17.56 MB - kernel-PAE-devel-2.6.18-238.2.AXS3.i686.rpm
MD5: a00cf71b9c910fc1eb4a78d8ac73478d
SHA-256: dea562697857367d51e1e213904d0b7e1111712af59ba19bfd64e457797736d2
Size: 5.70 MB - kernel-xen-2.6.18-238.2.AXS3.i686.rpm
MD5: 537dbc3c06cdc9b2c2c35d6aa860472f
SHA-256: 194d27f072209c105d5caad449d5b330feac89e142f18b39a0216f681799980c
Size: 18.69 MB - kernel-xen-devel-2.6.18-238.2.AXS3.i686.rpm
MD5: cd308d2f9e2b46caec1689fa54551796
SHA-256: 8a96454a4fc5ae1d8388e57e6e8732b3559947041c14373093e6e225882783cf
Size: 5.70 MB - kernel-doc-2.6.18-238.2.AXS3.noarch.rpm
MD5: 9bee8d133851669a1454559122f6734b
SHA-256: e4dc707dab6a75fe78fec38b0de161f09b38d20d2ea9a8c3572aad5ea06c5bf9
Size: 3.16 MB - kernel-headers-2.6.18-238.2.AXS3.i386.rpm
MD5: 86f941cb2d04ab8fe574152dfc56a761
SHA-256: 4ebfc5b7cd4041e8bb979b7697f572e2d2e9dc7029b941dc11dcc34ca080b062
Size: 1.15 MB
Asianux Server 3 for x86_64
- kernel-2.6.18-238.2.AXS3.x86_64.rpm
MD5: 51aa40ff5ea809e160b91900953048e6
SHA-256: 3af20933a2b53508423654b2363906f128ffa0dfd70c2fa2500f00503951bec6
Size: 19.60 MB - kernel-debug-devel-2.6.18-238.2.AXS3.x86_64.rpm
MD5: e5b152942d126e969aaa0c5318c2cc62
SHA-256: c0e8f900f4d9de14c887154a97fa0f60ac51427a8bac692f90a22bcf5e047ea1
Size: 5.75 MB - kernel-devel-2.6.18-238.2.AXS3.x86_64.rpm
MD5: 00b3fe7100e94c391e5260f49ca7d301
SHA-256: 00120c1a2af23d7ede75e7990b610cc26d1a00a5ab84c5d73e558918b2bd658a
Size: 5.69 MB - kernel-headers-2.6.18-238.2.AXS3.x86_64.rpm
MD5: 01347472952a773cb4767e99b48f6a23
SHA-256: 1d4b33693b6600817d41e751c71339c636bed8c7b908dc3ec4f6dc60c12a3348
Size: 1.19 MB - kernel-xen-2.6.18-238.2.AXS3.x86_64.rpm
MD5: 5c6f714809e69ffd06cd6b755b0395c4
SHA-256: 46a5eeeeeaa4abd03d8e9d5c72546148d389a905af936b178f9c6d2d43482cbe
Size: 20.54 MB - kernel-xen-devel-2.6.18-238.2.AXS3.x86_64.rpm
MD5: 7fd67b2bd03c696d98037abcbc8bd6f7
SHA-256: b8e4ec68a932ebddcc743db93ea88ffd71aac31b8a8bdc000c2ebd6ac80f0e10
Size: 5.70 MB - kernel-doc-2.6.18-238.2.AXS3.noarch.rpm
MD5: 655c88808496bc3c3e8cb8da178d8289
SHA-256: 7b85d720762bd52dc1397f88711850f86d191e8e76538d190a38334880965345
Size: 3.16 MB