[Oraclevm-errata] OVMSA-2009-0009 Important: Oracle VM 2.1 kernel security fix update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Mon May 18 10:53:51 PDT 2009
Oracle VM Security Advisory OVMSA-2009-0009
The following updated rpms for Oracle VM 2.1 have been uploaded to the
Unbreakable Linux Network:
i386:
kernel-BOOT-devel-2.6.18-8.1.15.1.32.el5.i686.rpm
kernel-BOOT-2.6.18-8.1.15.1.32.el5.i686.rpm
kernel-kdump-2.6.18-8.1.15.1.32.el5.i686.rpm
kernel-kdump-devel-2.6.18-8.1.15.1.32.el5.i686.rpm
kernel-ovs-2.6.18-8.1.15.1.32.el5.i686.rpm
kernel-ovs-devel-2.6.18-8.1.15.1.32.el5.i686.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/SRPMS-updates/kernel-2.6.18-8.1.15.1.32.el5.src.rpm
Description of changes:
Following Security fixes are released in this errata:
CVE-2008-4307 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4307>
Race condition in the do_setlk function in fs/nfs/file.c in the Linux
kernel before 2.6.26 allows local users to cause a denial of service
(crash) via vectors resulting in an interrupted RPC call that leads to
a stray FL_POSIX lock, related to improper handling of a race between
fcntl and close in the EINTR case.
CVE-2009-1337 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337>
The exit_notify function in kernel/exit.c in the Linux kernel before
2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability
is held, which allows local users to send an arbitrary signal to a
process by running a program that modifies the exit_signal field and
then uses an exec system call to launch a setuid application.
CVE-2009-0834 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0834>
The audit_syscall_entry function in the Linux kernel 2.6.28.7 and
earlier on the x86_64 platform does not properly handle (1) a 32-bit
process making a 64-bit syscall or (2) a 64-bit process making a
32-bit syscall, which allows local users to bypass certain syscall
audit configurations via crafted syscalls, a related issue to
CVE-2009-0342 and CVE-2009-0343.
CVE-2009-1336 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1336>
fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly
initialize a certain structure member that stores the maximum NFS
filename length, which allows local users to cause a denial of service
(OOPS) via a long filename, related to the encode_lookup function.
[2.6.18-8.1.15.1.32.el5]
- CVE-2008-4307 -[nfs] remove bogus lock-if-signalled case (Bryn M.
Reeves ) [456287 456288]
- CVE-2009-1337 - [misc] exit_notify: kill the wrong capable check
[494270 494271]
- CVE-2009-0834 - [ptrace] audit_syscall_entry to use right syscall
number (Jiri Pirko ) [488001 488002]
- CVE-2009-1336 - [nfs] v4: client crash on file lookup with long names
(Sachin S. Prabhu ) [494078 493942]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.oracle.com/pipermail/oraclevm-errata/attachments/20090518/af509765/attachment.html
More information about the Oraclevm-errata
mailing list