kernel-2.6.32-358.11.1.el6
エラータID: AXSA:2013-540:05
リリース日:
2013/07/18 Thursday - 11:41
題名:
kernel-2.6.32-358.11.1.el6
影響のあるチャネル:
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- 特定の Red Hat パッチを適用した 2.6.32-358.11.1.el6 よりも前のカーネルパッケージの KVM サブシステムには、PV EOI 機能を適切に実装していないため、サービス拒否 (ホスト OS クラッシュ) 状態を引き起こすことをゲスト OS ユーザーに許可する脆弱性が存在します。 (CVE-2013-1935)
- KVM サブシステムには、ゲストの物理アドレス空間で使用するメモリの割り当て時にカーネルアドレスが指定されているかどうかをチェックしないため、巧妙に細工されたアプリケーションにより、権限の取得やカーネルメモリから重要な情報を取得することをローカルユーザーに許可する脆弱性が存在します。 (CVE-2013-1943)
- veth (virtual Ethernet) ドライバには、輻輳が発生している間ソケットバッファを適切に管理しないため、二重解放エラー (double-free error)と併せたソケットバッファ消費による不足を利用し、サービス拒否 (システムクラッシュ) 状態にすることを第三者に許可する脆弱性が存在します。 (CVE-2013-2017)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2013-1935
A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly implement the PV EOI feature, which allows guest OS users to cause a denial of service (host OS crash) by leveraging a time window during which interrupts are disabled but copy_to_user function calls are possible.
A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly implement the PV EOI feature, which allows guest OS users to cause a denial of service (host OS crash) by leveraging a time window during which interrupts are disabled but copy_to_user function calls are possible.
CVE-2013-1943
The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.
The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.
CVE-2013-2017
The veth (aka virtual Ethernet) driver in the Linux kernel before 2.6.34 does not properly manage skbs during congestion, which allows remote attackers to cause a denial of service (system crash) by leveraging lack of skb consumption in conjunction with a double-free error.
The veth (aka virtual Ethernet) driver in the Linux kernel before 2.6.34 does not properly manage skbs during congestion, which allows remote attackers to cause a denial of service (system crash) by leveraging lack of skb consumption in conjunction with a double-free error.
追加情報:
N/A
ダウンロード:
SRPMS
- kernel-2.6.32-358.11.1.el6.src.rpm
MD5: 6f8b8239d34cd3f80f2c6a3738af3794
SHA-256: e6dd8195b460c7a5f2d930439fad9e3986cdaf2dc5535ae45a952efa4c162f14
Size: 85.09 MB
Asianux Server 4 for x86
- kernel-2.6.32-358.11.1.el6.i686.rpm
MD5: 81e6e34efa20588fd15f6c61d1159b4c
SHA-256: bdaf178d0b8b43aa0d0e89b40784cc9e9b755c9853232ac8da61d64a4907e422
Size: 24.08 MB - kernel-debug-2.6.32-358.11.1.el6.i686.rpm
MD5: a8ab754a7d5a8bbde70a05913b29c080
SHA-256: fa3e225ffd2f0cea8fa922127fe8789d5d97ba071246a5cd10ba2dd677255135
Size: 24.61 MB - kernel-debug-devel-2.6.32-358.11.1.el6.i686.rpm
MD5: ce9234d22888e9e7cd8baeb989e14338
SHA-256: e55390a383ee5a7a39bfc649cfd7d22302b586aaef5a410adad32c7bf67d090e
Size: 8.18 MB - kernel-devel-2.6.32-358.11.1.el6.i686.rpm
MD5: 28225cb26e780cb8fa10b9a288665812
SHA-256: 7b024fef5ac5b7fcaf60772a2de906d1708922718bfd88a2c69aa602885ce31a
Size: 8.14 MB - kernel-doc-2.6.32-358.11.1.el6.noarch.rpm
MD5: c31e9d0b87bbefa814140fe090fdc1e5
SHA-256: b939c804415bee2c4ada8b01ff32f644a4969b386cc5f0ceefbe692434123402
Size: 9.95 MB - kernel-firmware-2.6.32-358.11.1.el6.noarch.rpm
MD5: cef46b341aee90ab03f1b997077a0b83
SHA-256: 5280d2e8d94c713077bc7a2921ac844367d7b23a9ce7956aa925ee630c3d2095
Size: 10.93 MB - kernel-headers-2.6.32-358.11.1.el6.i686.rpm
MD5: 3194ad56f423fae1a69e1e833a56b938
SHA-256: 4062237cb8f45252b864e2927cfef4bd30a032700c1e5691bf32db15a201883e
Size: 2.33 MB - perf-2.6.32-358.11.1.el6.i686.rpm
MD5: 613329d71fe1dc40894a950d170a6512
SHA-256: e25e06fe6dfa0376dc61ff77ca27212d1b065ad6f9ea71f5b0b47102bfb6c556
Size: 2.03 MB
Asianux Server 4 for x86_64
- kernel-2.6.32-358.11.1.el6.x86_64.rpm
MD5: 8115be3455da7418aa865517eb4e3544
SHA-256: ad8eff0ecacf0dfa935042d110621bf1cbf10563c5f223a83f667fcf6eb6dc38
Size: 26.12 MB - kernel-debug-2.6.32-358.11.1.el6.x86_64.rpm
MD5: dcdfcc3b7a89c3ae5f60d15de600572e
SHA-256: 1f77af259ab8fcf48e1f6775c1b3e1de99cf36e04e30d409c6b4c5e76d49bd9e
Size: 26.73 MB - kernel-debug-devel-2.6.32-358.11.1.el6.x86_64.rpm
MD5: e8ecae043c885ee6df7485efe5bb9d3f
SHA-256: ae331b202571d292f4ba4a2d1d1b6acd1d7fb223fa569bd297121a0ce1265c01
Size: 8.23 MB - kernel-devel-2.6.32-358.11.1.el6.x86_64.rpm
MD5: b03501ec898113ffb6973458d98502d7
SHA-256: 77080809351d84f86b3312d90de0afb92d25616df8035e7a635d7a43dd8407fd
Size: 8.19 MB - kernel-doc-2.6.32-358.11.1.el6.noarch.rpm
MD5: fecf246e6a5db5717a9fc40536573402
SHA-256: f5af0d34312129441ff4256aa3666e226e8d0f3e725d2669e7b8197db191d7a3
Size: 9.94 MB - kernel-firmware-2.6.32-358.11.1.el6.noarch.rpm
MD5: 33c792f6efa7cd8250295813cad4a130
SHA-256: a2c3deec6a83dd86498856f40e25eab25497f571c5f1cb1fb27cd4689668e988
Size: 10.93 MB - kernel-headers-2.6.32-358.11.1.el6.x86_64.rpm
MD5: c59ba1e1312f9f4e91f8559c1e0ea7ca
SHA-256: 2e1cbdc446453b4eaf136c925932bfbec0fdb73c632bf3de3d4d899995ce4602
Size: 2.33 MB - perf-2.6.32-358.11.1.el6.x86_64.rpm
MD5: 6e8679c14ea1ae9e42e5015c474bacde
SHA-256: 7cbb2755b1eb39a634d8b727d876c58e6b901447fbe8d01d5130d4a95b447bfb
Size: 2.05 MB