[Oraclevm-errata] OVMSA-2009-0004 Important: Oracle VM 2.1 kernel security fix update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Thu Apr 16 14:27:27 PDT 2009 

Oracle VM Security Advisory OVMSA-2009-0004

The following updated rpms for Oracle VM 2.1 have been uploaded to the 
Unbreakable Linux Network:

i386:
kernel-BOOT-devel-2.6.18-8.1.15.1.30.el5.i686.rpm
kernel-BOOT-2.6.18-8.1.15.1.30.el5.i686.rpm
kernel-kdump-2.6.18-8.1.15.1.30.el5.i686.rpm
kernel-kdump-devel-2.6.18-8.1.15.1.30.el5.i686.rpm
kernel-ovs-2.6.18-8.1.15.1.30.el5.i686.rpm
kernel-ovs-devel-2.6.18-8.1.15.1.30.el5.i686.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/SRPMS-updates/kernel-2.6.18-8.1.15.1.30.el5.src.rpm

Description of changes:

Following Security fixes are released in this errata:

CVE-2008-3528 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528>
The error-reporting functionality in (1) fs/ext2/dir.c, (2) 
fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 
2.6.26.5 does not limit the number of printk console messages that 
report directory corruption, which allows physically proximate attackers 
to cause a denial of service (temporary system hang) by mounting a 
filesystem that has corrupted dir->i_size and dir->i_blocks values and 
performing (a) read or (b) write operations. NOTE: there are limited 
scenarios in which this crosses privilege boundaries.

CVE-2008-5700 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5700>
libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts 
for SG_IO requests, which allows local users to cause a denial of 
service (Programmed I/O mode on drives) via multiple simultaneous 
invocations of an unspecified test program.

CVE-2009-0028 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028>
The clone system call in the Linux kernel 2.6.28 and earlier allows 
local users to send arbitrary signals to a parent process from an 
unprivileged child process by launching an additional child process with 
the CLONE_PARENT flag, and then letting this new process exit.
 
CVE-2009-0322 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0322>
drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 
2.6.28.x before 2.6.28.2, allows local users to cause a denial of 
service (system crash) via a read system call that specifies zero bytes 
from the (1) image_type or (2) packet_size file in 
/sys/devices/platform/dell_rbu/.
 
CVE-2009-0675 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0675>
The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel 
before 2.6.28.6 permits SKFP_CLR_STATS requests only when the 
CAP_NET_ADMIN capability is absent, instead of when this capability is 
present, which allows local users to reset the driver statistics, 
related to an "inverted logic" issue.
 
CVE-2009-0676 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676>
The sock_getsockopt function in net/core/sock.c in the Linux kernel 
before 2.6.28.6 does not initialize a certain structure member, which 
allows local users to obtain potentially sensitive information from 
kernel memory via an SO_BSDCOMPAT getsockopt request.


[2.6.18-8.1.15.1.30.el5]
- CVE-2008-3528 - [fs] ext[234]: directory corruption DoS (Eugene Teo ) 
[459601 459604]
- CVE-2008-5700 - [block] enforce a minimum SG_IO timeout (Eugene Teo ) 
[475405 475406]
- CVE-2009-0322 - [firmware] dell_rbu: prevent oops (Don Howard ) 
[482941 482942]
- CVE-2009-0028 - [misc] minor signal handling vulnerability (Oleg 
Nesterov ) [479963 479964]
- CVE-2009-0676 - [net] memory disclosure in SO_BSDCOMPAT gsopt (Eugene 
Teo ) [486517 486518]
- CVE-2009-0675 - [net] skfp_ioctl inverted logic flaw (Eugene Teo ) 
[486539 486540]
- CVE-2009-0778 - not required
- CVE-2009-0269 - not required

[2.6.18-8.1.15.1.29.el5]
- Enable enic
- Finish porting infrastructure for fnic but disable it on 32bit

[2.6.18-8.1.15.1.28.el5]
- Add netconsole support for bonding in dom0 (Tina Yang) [orabug 8231228]

[2.6.18-8.1.15.1.27.el5]
- Add Cisco fnic/enic support, requires fc infrastructure from el5u3

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.oracle.com/pipermail/oraclevm-errata/attachments/20090416/ff5471ff/attachment.html

More information about the Oraclevm-errata mailing list