[Oraclevm-errata] OVMSA-2009-0009 Important: Oracle VM 2.1 kernel security fix update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Mon May 18 10:53:51 PDT 2009

Oracle VM Security Advisory OVMSA-2009-0009

The following updated rpms for Oracle VM 2.1 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

Following Security fixes are released in this errata:

CVE-2008-4307 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4307>
Race condition in the do_setlk function in fs/nfs/file.c in the Linux
kernel before 2.6.26 allows local users to cause a denial of service
(crash) via vectors resulting in an interrupted RPC call that leads to
a stray FL_POSIX lock, related to improper handling of a race between
fcntl and close in the EINTR case.

CVE-2009-1337 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337>
The exit_notify function in kernel/exit.c in the Linux kernel before
2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability
is held, which allows local users to send an arbitrary signal to a
process by running a program that modifies the exit_signal field and
then uses an exec system call to launch a setuid application.

CVE-2009-0834 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0834>
The audit_syscall_entry function in the Linux kernel and
earlier on the x86_64 platform does not properly handle (1) a 32-bit
process making a 64-bit syscall or (2) a 64-bit process making a
32-bit syscall, which allows local users to bypass certain syscall
audit configurations via crafted syscalls, a related issue to
CVE-2009-0342 and CVE-2009-0343.

CVE-2009-1336 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1336>
fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly
initialize a certain structure member that stores the maximum NFS
filename length, which allows local users to cause a denial of service
(OOPS) via a long filename, related to the encode_lookup function.

- CVE-2008-4307 -[nfs] remove bogus lock-if-signalled case (Bryn M. 
Reeves ) [456287 456288]
- CVE-2009-1337 - [misc] exit_notify: kill the wrong capable check 
[494270 494271]
- CVE-2009-0834 - [ptrace] audit_syscall_entry to use right syscall 
number (Jiri Pirko ) [488001 488002]
- CVE-2009-1336 - [nfs] v4: client crash on file lookup with long names 
(Sachin S. Prabhu ) [494078 493942]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.oracle.com/pipermail/oraclevm-errata/attachments/20090518/af509765/attachment.html 

More information about the Oraclevm-errata mailing list