kernel-2.6.32-220.23.1.el6
エラータID: AXSA:2012-646:05
以下項目について対処しました。
[Security Fix]
• CVE-2012-1601
The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.
• CVE-2012-0044
Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call.
• CVE-2012-1179
psThe Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS, related to the pmd_none_or_clear_bad function and page faults for huge pages.
• CVE-2012-2121
The KVM implementation in the Linux kernel before 3.3.4 does not properly anage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices.
• CVE-2012-2123
The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR.
• CVE-2012-2136
• CVE-2012-2137
• CVE-2012-2372
• CVE-2012-2373
• CVE-2012-2119
• CVE-2011-4086
No description available at the time of writing.
パッケージをアップデートしてください。
The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.
Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call.
The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS, related to the pmd_none_or_clear_bad function and page faults for huge pages.
The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices.
The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR.
The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device.
Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function.
The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping.
The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition.
The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the _Delay and _Unwritten buffer head states, which allows local users to cause a denial of service (system crash) by leveraging the presence of an ext4 filesystem that was mounted with a journal.
Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length.
N/A
SRPMS
- kernel-2.6.32-220.23.1.el6.src.rpm
MD5: 46feae393f09723e832c7e316adeb6f3
SHA-256: 7bea500af21e6fdabdb40a87d17791ed6258ac7b106ab9180949a5d471713eda
Size: 74.66 MB
Asianux Server 4 for x86
- kernel-2.6.32-220.23.1.el6.i686.rpm
MD5: d528305cc76349f84b96e23fe42d1357
SHA-256: a10842e5da3655046bd5ab8a816ea20ac0abbf94445f561487777492ff91c774
Size: 22.34 MB - kernel-debug-2.6.32-220.23.1.el6.i686.rpm
MD5: 1ab69c82611268483a758dfb3f53ef03
SHA-256: e431f80566d45153982214e0f5fe63f64db5199f99080cd89c05555b5b038e00
Size: 22.82 MB - kernel-debug-devel-2.6.32-220.23.1.el6.i686.rpm
MD5: 972a1f033367618684460788c6c34033
SHA-256: 9f40916e9b74f0d05bf5c1f77eebe64b0f9c50698e743133d2a6859d3a3c8b79
Size: 7.29 MB - kernel-devel-2.6.32-220.23.1.el6.i686.rpm
MD5: fde6af26462c8f4f37105759a1b92fac
SHA-256: e7808c62c4fe691f37d23a20bb37d1ff27210123ff9979cac3651a33052ad223
Size: 7.25 MB - kernel-doc-2.6.32-220.23.1.el6.noarch.rpm
MD5: b63dcafd2743a86575534be35d9a7e51
SHA-256: 97481c4451a318b08227f3cd631c4f9bcdb9842ab5500be4baf25e221f83ee1f
Size: 9.16 MB - kernel-firmware-2.6.32-220.23.1.el6.noarch.rpm
MD5: 930b3ef1e62a54ecc297dca1ffda837c
SHA-256: f912deb65343434700a8659d5ad62bc63a98d577cab35c49070c0405ecef04fe
Size: 6.25 MB - kernel-headers-2.6.32-220.23.1.el6.i686.rpm
MD5: db6004f72133b3824a55c0715a5af221
SHA-256: 0b3e3fb18f327e7b2bd89b71c8f0ff93e9317033b00c330739e267ed046338bc
Size: 1.63 MB - perf-2.6.32-220.23.1.el6.i686.rpm
MD5: 45acc707882d478ea57b25f52e19b0bf
SHA-256: 1de8dbe332d91bd17926ff6017d8deb7678c07534df4d0a2eb1f176e30b9ac04
Size: 1.28 MB
Asianux Server 4 for x86_64
- kernel-2.6.32-220.23.1.el6.x86_64.rpm
MD5: fa0eeefa4832eba2fd7a5f9dc5ec5af7
SHA-256: 4399511879ff638db4bd2f06d987078ae13a2121c89f479c3cd95a5ed02390e0
Size: 24.30 MB - kernel-debug-2.6.32-220.23.1.el6.x86_64.rpm
MD5: 2918a6c80a29ddab1c389ad738a2b30c
SHA-256: 4e9ba664d6c3696868c9abbcbc57ad6e4a9abffc4ca80edc6190d5b394746788
Size: 24.86 MB - kernel-debug-devel-2.6.32-220.23.1.el6.x86_64.rpm
MD5: 3258b434143580de38ef1093708ba798
SHA-256: f7d50d2e6f0201bbc53f12d12f2918d14246080871ca79e204a2a246a7e5e542
Size: 7.33 MB - kernel-devel-2.6.32-220.23.1.el6.x86_64.rpm
MD5: d3e30556970c85e7258279b9ffd0ca91
SHA-256: e4cbbc76d6493dc221775dc1b4fed0d0f93dc5c97b50942933fc4f3a880bc60c
Size: 7.29 MB - kernel-doc-2.6.32-220.23.1.el6.noarch.rpm
MD5: 64908570d8b53489a7ea4ab580563252
SHA-256: da49beff26675461d08363c3e603fa37620e3c74e198ecfd034cd47a2e394744
Size: 9.16 MB - kernel-firmware-2.6.32-220.23.1.el6.noarch.rpm
MD5: 18636696d63bc34bdc09c643b6ddd4ec
SHA-256: 1e8ff34555f76342879bdd119f4df0454fb3dbf7908f5277b173617f5660941b
Size: 6.25 MB - kernel-headers-2.6.32-220.23.1.el6.x86_64.rpm
MD5: 0dffa64bd8e8aa1fd54d28b1c6076565
SHA-256: 3487472dc0bdde770f20152673615ae4fc2373b0435a3e78ab6fa4289c7cf64c
Size: 1.63 MB - perf-2.6.32-220.23.1.el6.x86_64.rpm
MD5: cbb4308c824254eca79eb6c9b3eeee62
SHA-256: 0b5b35171b7bcb203751b81b059b52ed6689f8f756229123f1631909295d6725
Size: 1.29 MB