kernel-2.6.18-53.16AXS3
エラータID: AXSA:2008-531:11
リリース日:
2008/12/18 Thursday - 21:40
題名:
kernel-2.6.18-53.16AXS3
影響のあるチャネル:
Asianux Server 3 for ppc
Asianux Server 3 for x86
Asianux Server 3 for ia64
Asianux Server 3 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Linuxカーネルの仮想メモリの実装に欠陥が見つかりました。これが原因で、権限のないローカルユーザがサービス拒否を引き起こす可能性がありましたが、これを修正しました。(CVE-2008-2372)
- LinuxカーネルのDatagram Congestion Control Protocol(DCCP)の実装に整数オーバフローが発見されました。これが原因で、リモートの攻撃者がサービス拒否を引き起こす可能性がありましたが、これを修正しました。
なお、デフォルトでは、リモートDCCPはSELinuxによってブロックされます。(CVE-2008-2376)
- Virtual Dynamic Shared Object(vDSO)の実装にバウンダリチェックの欠落があり、これが原因で、権限のないローカルユーザがサービス拒否を引き起こしたり権限を昇格できる可能性がありましたが、これを修正しました。(CVE-2008-3527)
- do_truncate()とgeneric_file_splice_write()の2つの関数が、setuidおよびsetgidビットをクリアしていませんでした。これが原因で、権限のないローカルユーザが権限の必要な情報へのアクセス権を取得できる可能性がありましたが、これを修正しました。(CVE-2008-3833)(CVE-2008-4210)(CVE-2008-4302)
[Bug Fix]
- 起動時のSCSI装置がコントロール命令受付前に、SCSIに対する問い合わせが発行された場合、そのSCSI装置が使用不可になってしまう問題がありましたが、これを修正しました。
- coreダンプファイルの解析時に共有メモリ領域を参照できませんでしたが、この領域のメモリ内容を参照できるように修正しました。
/proc/<pid>/coredump_filter を通して、プロセスのコアダンプ時に出力されるメモリセグメントをカスタマイズできるようになりました。
- IDEのIT8213は使用できませんでしたが、この問題を修正しました。
- ATCA-7221の内蔵flash memoryにアクセスできませんでしたが、この問題を修正しました。
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2008-2372
The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE optimization and results in allocation of "useless newly zeroed pages."
The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE optimization and results in allocation of "useless newly zeroed pages."
CVE-2008-3276
Integer overflow in the dccp_setsockopt_change function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a denial of service (panic) via a crafted integer value, related to Change L and Change R options without at least one byte in the dccpsf_val field.
Integer overflow in the dccp_setsockopt_change function in net/dccp/proto.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a denial of service (panic) via a crafted integer value, related to Change L and Change R options without at least one byte in the dccpsf_val field.
CVE-2008-3527
arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions.
arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions.
CVE-2008-3833
The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210.
The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210.
CVE-2008-4210
fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.
CVE-2008-4302
fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool.
fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool.
追加情報:
N/A
ダウンロード:
SRPMS
- kernel-2.6.18-53.16AXS3.src.rpm
MD5: 9485e2803ea9cbf1d7dfeb5ddb89ae1e
SHA-256: c5af1cadc6a2a517fdd4c11e29d03d1719d6d158f7a05439b6ecfca1b797685c
Size: 53.84 MB
Asianux Server 3 for x86
- kernel-2.6.18-53.16AXS3.i686.rpm
MD5: f80c80e231b868d4fc0b8eebda6165bc
SHA-256: d5f132b86602c79274331c3a7d2b82529b423f1ff5b1b1269f29d3d7f96d6f8b
Size: 13.52 MB - kernel-devel-2.6.18-53.16AXS3.i686.rpm
MD5: 0cca84daafc41ad6fc28c4eca6fcfeba
SHA-256: 8a8be15b2e11034c3b165490aff6a82ff3bfdd37ecc9fdbc1d18a0cb705adf9a
Size: 4.87 MB - kernel-PAE-2.6.18-53.16AXS3.i686.rpm
MD5: 3b21520df35320efb3279582a55be21a
SHA-256: d6f785baa559dd13cbec89c1316d4509951b292a32dae44179100b80f995493c
Size: 13.53 MB - kernel-PAE-devel-2.6.18-53.16AXS3.i686.rpm
MD5: 4fd3f826309d02368cfd51b0da875335
SHA-256: 5915eebf0a72dc5e57b229ff0d90d3cfb0185e1a0b315941207106bcd2974955
Size: 4.88 MB - kernel-xen-2.6.18-53.16AXS3.i686.rpm
MD5: a77217acbe848d14131a721dc7d2cd03
SHA-256: d2ff05061559ccc89d8b630ca2118a4e49deae954a2bc4642184bc93f94431f6
Size: 14.48 MB - kernel-xen-devel-2.6.18-53.16AXS3.i686.rpm
MD5: b7142b98ec3e5b6fb8cae1c0073c0e73
SHA-256: 2eff8acfe21deef1a564c76ee01b9786717eae9206cbd144afe5953ae2b7c936
Size: 4.88 MB - kernel-doc-2.6.18-53.16AXS3.noarch.rpm
MD5: 03eb07060d777d048d65999978efd93c
SHA-256: df7ba685237abc4e9456dc80e1546e52b73372f988e41bf74d2ec9944ab29baa
Size: 2.82 MB - kernel-headers-2.6.18-53.16AXS3.i386.rpm
MD5: 21331f2733834c33df80eabd4b6d902c
SHA-256: 05dd26796eb61d95839ab39658ff8620d5ea4cbb474913aff2237177ff006c67
Size: 804.47 kB
Asianux Server 3 for x86_64
- kernel-2.6.18-53.16AXS3.x86_64.rpm
MD5: 34039afc79407fbde4864726589b3f2f
SHA-256: f104e6cbdfa1397fda80878fec922964f16dd85a13ac7d623466cac9eaf00a4d
Size: 15.70 MB - kernel-devel-2.6.18-53.16AXS3.x86_64.rpm
MD5: 9262af94390cb6fb391581cda3d6468d
SHA-256: 110cd4762edf098dfbf427330376a05863b64e043269898702408a359d9cc266
Size: 5.06 MB - kernel-headers-2.6.18-53.16AXS3.x86_64.rpm
MD5: b4a5f14bcec5f308bd4e631762fd81db
SHA-256: 2392652bd905644f9c630fbd3ac9867c2efd40ca5ee68f0ec24844ba2566c0b3
Size: 842.24 kB - kernel-xen-2.6.18-53.16AXS3.x86_64.rpm
MD5: 2f64085166b8814f9df76432cb2fb0cb
SHA-256: de3439e7dd17311ec3cc64ded4eb5416a8900442d0b8e4d839d2648ab77e40b2
Size: 16.36 MB - kernel-xen-devel-2.6.18-53.16AXS3.x86_64.rpm
MD5: c3e5ae632442a8280159b70d0a15b32a
SHA-256: d85107186aa95af8766fff17af423b2c6ceafd5bb6f718231c817ad6e0a4a91c
Size: 5.06 MB - kernel-doc-2.6.18-53.16AXS3.noarch.rpm
MD5: 5d2637cb728c3b10a93b233de4e3139f
SHA-256: ec672031ef47b6af8446141ab0835e16d6a4d949a32754b240b1db4529ea3fe4
Size: 2.82 MB