Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Pat Riehecky <riehecky-13hema8v3vg <at> public.gmane.org>
Subject: Security ERRATA Moderate: kernel on SL5.x i386/x86_64
Newsgroups: gmane.linux.scientific.errata
Date: Wednesday 23rd October 2013 13:18:52 UTC (over 2 years ago)
Synopsis:          Moderate: kernel security and bug fix update
Advisory ID:       SLSA-2013:1449-1
Issue Date:        2013-10-22
CVE Numbers:       CVE-2013-4299
                   CVE-2013-0343
                   CVE-2013-4345
                   CVE-2013-4368
--

* A flaw was found in the way the Linux kernel handled the creation of
temporary IPv6 addresses. If the IPv6 privacy extension was enabled
(/proc/sys/net/ipv6/conf/eth0/use_tempaddr is set to '2'), an attacker on
the local network could disable IPv6 temporary address generation, leading
to a potential information disclosure. (CVE-2013-0343, Moderate)

* An information leak flaw was found in the way Linux kernel's device
mapper subsystem, under certain conditions, interpreted data written to
snapshot block devices. An attacker could use this flaw to read data from
disk blocks in free space, which are normally inaccessible.
(CVE-2013-4299, Moderate)

* An off-by-one flaw was found in the way the ANSI CPRNG implementation in
the Linux kernel processed non-block size aligned requests. This could
lead to random numbers being generated with less bits of entropy than
expected when ANSI CPRNG was used. (CVE-2013-4345, Moderate)

* An information leak flaw was found in the way Xen hypervisor emulated
the OUTS instruction for 64-bit paravirtualized guests. A privileged guest
user could use this flaw to leak hypervisor stack memory to the guest.
(CVE-2013-4368, Moderate)

This update also fixes the following bug:

* A bug in the GFS2 code prevented glock work queues from freeing glock-
related memory while the glock memory shrinker repeatedly queued a large
number of demote requests, for example when performing a simultaneous
backup of several live GFS2 volumes with a large file count. As a
consequence, the glock work queues became overloaded which resulted in a
high CPU usage and the GFS2 file systems being unresponsive for a
significant amount of time. A patch has been applied to alleviate this
problem by calling the yield() function after scheduling a certain amount
of tasks on the glock work queues. The problem can now occur only with
extremely high work loads.

The system must be rebooted for this update to take effect.
--

SL5
  x86_64
    kernel-2.6.18-371.1.2.el5.x86_64.rpm
    kernel-debug-2.6.18-371.1.2.el5.x86_64.rpm
    kernel-debug-debuginfo-2.6.18-371.1.2.el5.x86_64.rpm
    kernel-debug-devel-2.6.18-371.1.2.el5.x86_64.rpm
    kernel-debuginfo-2.6.18-371.1.2.el5.x86_64.rpm
    kernel-debuginfo-common-2.6.18-371.1.2.el5.x86_64.rpm
    kernel-devel-2.6.18-371.1.2.el5.x86_64.rpm
    kernel-headers-2.6.18-371.1.2.el5.x86_64.rpm
    kernel-xen-2.6.18-371.1.2.el5.x86_64.rpm
    kernel-xen-debuginfo-2.6.18-371.1.2.el5.x86_64.rpm
    kernel-xen-devel-2.6.18-371.1.2.el5.x86_64.rpm
  i386
    kernel-2.6.18-371.1.2.el5.i686.rpm
    kernel-PAE-2.6.18-371.1.2.el5.i686.rpm
    kernel-PAE-debuginfo-2.6.18-371.1.2.el5.i686.rpm
    kernel-PAE-devel-2.6.18-371.1.2.el5.i686.rpm
    kernel-debug-2.6.18-371.1.2.el5.i686.rpm
    kernel-debug-debuginfo-2.6.18-371.1.2.el5.i686.rpm
    kernel-debug-devel-2.6.18-371.1.2.el5.i686.rpm
    kernel-debuginfo-2.6.18-371.1.2.el5.i686.rpm
    kernel-debuginfo-common-2.6.18-371.1.2.el5.i686.rpm
    kernel-devel-2.6.18-371.1.2.el5.i686.rpm
    kernel-headers-2.6.18-371.1.2.el5.i386.rpm
    kernel-xen-2.6.18-371.1.2.el5.i686.rpm
    kernel-xen-debuginfo-2.6.18-371.1.2.el5.i686.rpm
    kernel-xen-devel-2.6.18-371.1.2.el5.i686.rpm
  noarch
    kernel-doc-2.6.18-371.1.2.el5.noarch.rpm

- Scientific Linux Development Team
 
CD: 2ms