kernel (SL5)

By Scientific Linux Team on October 24, 2011

Synopsis: Important: kernel security, bug fix, and enhancement update
Issue Date: 2011-10-20
CVE Numbers: CVE-2011-2695
CVE-2011-1160
CVE-2011-1585
CVE-2011-2484
CVE-2011-2496
CVE-2011-2723
CVE-2011-1833
CVE-2009-4067
CVE-2011-2699
CVE-2011-3131
CVE-2011-2942
CVE-2011-3188
CVE-2011-3191
CVE-2011-3209
CVE-2011-3347

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security fixes:

* The maximum file offset handling for ext4 file systems could allow a
local, unprivileged user to cause a denial of service. (CVE-2011-2695,
Important)

* IPv6 fragment identification value generation could allow a remote
attacker to disrupt a target system’s networking, preventing legitimate
users from accessing its services. (CVE-2011-2699, Important)

* A malicious CIFS (Common Internet File System) server could send a
specially-crafted response to a directory read request that would result in
a denial of service or privilege escalation on a system that has a CIFS
share mounted. (CVE-2011-3191, Important)

* A local attacker could use mount.ecryptfs_private to mount (and then
access) a directory they would otherwise not have access to. Note: To
correct this issue, the RHSA-2011:1241 ecryptfs-utils update must also be
installed. (CVE-2011-1833, Moderate)

* A flaw in the taskstats subsystem could allow a local, unprivileged user
to cause excessive CPU time and memory use. (CVE-2011-2484, Moderate)

* Mapping expansion handling could allow a local, unprivileged user to
cause a denial of service. (CVE-2011-2496, Moderate)

* GRO (Generic Receive Offload) fields could be left in an inconsistent
state. An attacker on the local network could use this flaw to cause a
denial of service. GRO is enabled by default in all network drivers that
support it. (CVE-2011-2723, Moderate)

* RHSA-2011:1065 introduced a regression in the Ethernet bridge
implementation. If a system had an interface in a bridge, and an attacker
on the local network could send packets to that interface, they could cause
a denial of service on that system. Xen hypervisor and KVM (Kernel-based
Virtual Machine) hosts often deploy bridge interfaces. (CVE-2011-2942,
Moderate)

* A flaw in the Xen hypervisor IOMMU error handling implementation could
allow a privileged guest user, within a guest operating system that has
direct control of a PCI device, to cause performance degradation on the
host and possibly cause it to hang. (CVE-2011-3131, Moderate)

* IPv4 and IPv6 protocol sequence number and fragment ID generation could
allow a man-in-the-middle attacker to inject packets and possibly hijack
connections. Protocol sequence number and fragment IDs are now more random.
(CVE-2011-3188, Moderate)

* A flaw in the kernel’s clock implementation could allow a local,
unprivileged user to cause a denial of service. (CVE-2011-3209, Moderate)

* Non-member VLAN (virtual LAN) packet handling for interfaces in
promiscuous mode and also using the be2net driver could allow an attacker
on the local network to cause a denial of service. (CVE-2011-3347,
Moderate)

* A flaw in the auerswald USB driver could allow a local, unprivileged user
to cause a denial of service or escalate their privileges by inserting a
specially-crafted USB device. (CVE-2009-4067, Low)

* A flaw in the Trusted Platform Module (TPM) implementation could allow a
local, unprivileged user to leak information to user space. (CVE-2011-1160,
Low)

* A local, unprivileged user could possibly mount a CIFS share that
requires authentication without knowing the correct password if the mount
was already mounted by another local user. (CVE-2011-1585, Low)

Red Hat would like to thank Fernando Gont for reporting CVE-2011-2699;
Darren Lavender for reporting CVE-2011-3191; the Ubuntu Security Team for
reporting CVE-2011-1833; Vasiliy Kulikov of Openwall for reporting
CVE-2011-2484; Robert Swiecki for reporting CVE-2011-2496; Brent Meshier
for reporting CVE-2011-2723; Dan Kaminsky for reporting CVE-2011-3188;
Yasuaki Ishimatsu for reporting CVE-2011-3209; Somnath Kotur for reporting
CVE-2011-3347; Rafael Dominguez Vega for reporting CVE-2009-4067; and Peter
Huewe for reporting CVE-2011-1160. The Ubuntu Security Team acknowledges
Vasiliy Kulikov of Openwall and Dan Rosenberg as the original reporters of
CVE-2011-1833.

SL5
x86_64
kernel-2.6.18-274.7.1.el5.x86_64.rpm
kernel-debug-2.6.18-274.7.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-274.7.1.el5.x86_64.rpm
kernel-devel-2.6.18-274.7.1.el5.x86_64.rpm
kernel-headers-2.6.18-274.7.1.el5.x86_64.rpm
kernel-xen-2.6.18-274.7.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-274.7.1.el5.x86_64.rpm
i386
kernel-2.6.18-274.7.1.el5.i686.rpm
kernel-debug-2.6.18-274.7.1.el5.i686.rpm
kernel-debug-devel-2.6.18-274.7.1.el5.i686.rpm
kernel-devel-2.6.18-274.7.1.el5.i686.rpm
kernel-headers-2.6.18-274.7.1.el5.i386.rpm
kernel-PAE-2.6.18-274.7.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-274.7.1.el5.i686.rpm
kernel-xen-2.6.18-274.7.1.el5.i686.rpm
kernel-xen-devel-2.6.18-274.7.1.el5.i686.rpm
noarch
kernel-doc-2.6.18-274.7.1.el5.noarch.rpm

– Scientific Linux Development Team