[Oraclevm-errata] OVMSA-2009-0004 Important: Oracle VM 2.1 kernel security fix update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Thu Apr 16 14:27:27 PDT 2009
Oracle VM Security Advisory OVMSA-2009-0004
The following updated rpms for Oracle VM 2.1 have been uploaded to the
Unbreakable Linux Network:
i386:
kernel-BOOT-devel-2.6.18-8.1.15.1.30.el5.i686.rpm
kernel-BOOT-2.6.18-8.1.15.1.30.el5.i686.rpm
kernel-kdump-2.6.18-8.1.15.1.30.el5.i686.rpm
kernel-kdump-devel-2.6.18-8.1.15.1.30.el5.i686.rpm
kernel-ovs-2.6.18-8.1.15.1.30.el5.i686.rpm
kernel-ovs-devel-2.6.18-8.1.15.1.30.el5.i686.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/SRPMS-updates/kernel-2.6.18-8.1.15.1.30.el5.src.rpm
Description of changes:
Following Security fixes are released in this errata:
CVE-2008-3528 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528>
The error-reporting functionality in (1) fs/ext2/dir.c, (2)
fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel
2.6.26.5 does not limit the number of printk console messages that
report directory corruption, which allows physically proximate attackers
to cause a denial of service (temporary system hang) by mounting a
filesystem that has corrupted dir->i_size and dir->i_blocks values and
performing (a) read or (b) write operations. NOTE: there are limited
scenarios in which this crosses privilege boundaries.
CVE-2008-5700 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5700>
libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts
for SG_IO requests, which allows local users to cause a denial of
service (Programmed I/O mode on drives) via multiple simultaneous
invocations of an unspecified test program.
CVE-2009-0028 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028>
The clone system call in the Linux kernel 2.6.28 and earlier allows
local users to send arbitrary signals to a parent process from an
unprivileged child process by launching an additional child process with
the CLONE_PARENT flag, and then letting this new process exit.
CVE-2009-0322 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0322>
drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and
2.6.28.x before 2.6.28.2, allows local users to cause a denial of
service (system crash) via a read system call that specifies zero bytes
from the (1) image_type or (2) packet_size file in
/sys/devices/platform/dell_rbu/.
CVE-2009-0675 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0675>
The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel
before 2.6.28.6 permits SKFP_CLR_STATS requests only when the
CAP_NET_ADMIN capability is absent, instead of when this capability is
present, which allows local users to reset the driver statistics,
related to an "inverted logic" issue.
CVE-2009-0676 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676>
The sock_getsockopt function in net/core/sock.c in the Linux kernel
before 2.6.28.6 does not initialize a certain structure member, which
allows local users to obtain potentially sensitive information from
kernel memory via an SO_BSDCOMPAT getsockopt request.
[2.6.18-8.1.15.1.30.el5]
- CVE-2008-3528 - [fs] ext[234]: directory corruption DoS (Eugene Teo )
[459601 459604]
- CVE-2008-5700 - [block] enforce a minimum SG_IO timeout (Eugene Teo )
[475405 475406]
- CVE-2009-0322 - [firmware] dell_rbu: prevent oops (Don Howard )
[482941 482942]
- CVE-2009-0028 - [misc] minor signal handling vulnerability (Oleg
Nesterov ) [479963 479964]
- CVE-2009-0676 - [net] memory disclosure in SO_BSDCOMPAT gsopt (Eugene
Teo ) [486517 486518]
- CVE-2009-0675 - [net] skfp_ioctl inverted logic flaw (Eugene Teo )
[486539 486540]
- CVE-2009-0778 - not required
- CVE-2009-0269 - not required
[2.6.18-8.1.15.1.29.el5]
- Enable enic
- Finish porting infrastructure for fnic but disable it on 32bit
[2.6.18-8.1.15.1.28.el5]
- Add netconsole support for bonding in dom0 (Tina Yang) [orabug 8231228]
[2.6.18-8.1.15.1.27.el5]
- Add Cisco fnic/enic support, requires fc infrastructure from el5u3
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.oracle.com/pipermail/oraclevm-errata/attachments/20090416/ff5471ff/attachment.html
More information about the Oraclevm-errata
mailing list