[Oraclevm-errata] OVMSA-2009-0017 Important: Oracle VM 2.1 kernel security fix update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Fri Aug 14 09:14:21 PDT 2009 

Oracle VM Security Advisory OVMSA-2009-0017

The following updated rpms for Oracle VM 2.1 have been uploaded to the 
Unbreakable Linux Network:

i386:
kernel-BOOT-devel-2.6.18-8.1.15.5.1.el5.i686.rpm
kernel-BOOT-2.6.18-8.1.15.5.1.el5.i686.rpm
kernel-kdump-2.6.18-8.1.15.5.1.el5.i686.rpm
kernel-kdump-devel-2.6.18-8.1.15.5.1.el5.i686.rpm
kernel-ovs-2.6.18-8.1.15.5.1.el5.i686.rpm
kernel-ovs-devel-2.6.18-8.1.15.5.1.el5.i686.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/SRPMS-updates/kernel-2.6.18-8.1.15.5.1.el5.src.rpm



SRPMS:

Description of changes:

Following Security fixes are released in this errata:

CVE-2009-1895 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895>
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a 
PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT 
and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, 
which makes it easier for local users to leverage the details of memory 
usage to (1) conduct NULL pointer dereference attacks, (2) bypass the 
mmap_min_addr protection mechanism, or (3) defeat address space layout 
randomization (ASLR).

CVE-2007-5966 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5966>
Integer overflow in the hrtimer_start function in kernel/hrtimer.c in 
the Linux kernel before 2.6.23.10 allows local users to execute 
arbitrary code or cause a denial of service (panic) via a large relative 
timeout value. NOTE: some of these details are obtained from third party 
information.

CVE-2009-1389 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1389>
Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the 
Linux kernel before 2.6.30 allows remote attackers to cause a denial of 
service (kernel memory corruption and crash) via a long packet.

[2.6.18-8.1.15.5.1.el5]
- [misc] personality handling: fix PER_CLEAR_ON_SETID (Vitaly Mayatskikh 
) [511173 508842] {CVE-2009-1895}
- [misc] hrtimer: fix a soft lockup (Amerigo Wang ) [418061 418071] 
{CVE-2007-5966}
- [net] r8169: fix crash when large packets are received (Ivan Vecera ) 
[504731 504732] {CVE-2009-1389}

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.oracle.com/pipermail/oraclevm-errata/attachments/20090814/b001b737/attachment.html

More information about the Oraclevm-errata mailing list