[Oraclevm-errata] OVMSA-2009-0017 Important: Oracle VM 2.1 kernel security fix update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Fri Aug 14 09:14:21 PDT 2009
Oracle VM Security Advisory OVMSA-2009-0017
The following updated rpms for Oracle VM 2.1 have been uploaded to the
Unbreakable Linux Network:
i386:
kernel-BOOT-devel-2.6.18-8.1.15.5.1.el5.i686.rpm
kernel-BOOT-2.6.18-8.1.15.5.1.el5.i686.rpm
kernel-kdump-2.6.18-8.1.15.5.1.el5.i686.rpm
kernel-kdump-devel-2.6.18-8.1.15.5.1.el5.i686.rpm
kernel-ovs-2.6.18-8.1.15.5.1.el5.i686.rpm
kernel-ovs-devel-2.6.18-8.1.15.5.1.el5.i686.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/SRPMS-updates/kernel-2.6.18-8.1.15.5.1.el5.src.rpm
SRPMS:
Description of changes:
Following Security fixes are released in this errata:
CVE-2009-1895 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895>
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a
PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT
and MMAP_PAGE_ZERO flags when executing a setuid or setgid program,
which makes it easier for local users to leverage the details of memory
usage to (1) conduct NULL pointer dereference attacks, (2) bypass the
mmap_min_addr protection mechanism, or (3) defeat address space layout
randomization (ASLR).
CVE-2007-5966 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5966>
Integer overflow in the hrtimer_start function in kernel/hrtimer.c in
the Linux kernel before 2.6.23.10 allows local users to execute
arbitrary code or cause a denial of service (panic) via a large relative
timeout value. NOTE: some of these details are obtained from third party
information.
CVE-2009-1389 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1389>
Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the
Linux kernel before 2.6.30 allows remote attackers to cause a denial of
service (kernel memory corruption and crash) via a long packet.
[2.6.18-8.1.15.5.1.el5]
- [misc] personality handling: fix PER_CLEAR_ON_SETID (Vitaly Mayatskikh
) [511173 508842] {CVE-2009-1895}
- [misc] hrtimer: fix a soft lockup (Amerigo Wang ) [418061 418071]
{CVE-2007-5966}
- [net] r8169: fix crash when large packets are received (Ivan Vecera )
[504731 504732] {CVE-2009-1389}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.oracle.com/pipermail/oraclevm-errata/attachments/20090814/b001b737/attachment.html
More information about the Oraclevm-errata
mailing list