[Oraclevm-errata] OVMSA-2008-2005 Important: Oracle VM 2.1 kernel security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Wed Sep 24 10:06:27 PDT 2008
Oracle VM Server Security Advisory OVMSA-2008-2005
The following updated rpms for Oracle VM Server 2.1 have been uploaded
to the Unbreakable Linux Network:
i386:
kernel-BOOT-2.6.18-8.1.15.1.19.el5.i686.rpm
kernel-BOOT-devel-2.6.18-8.1.15.1.19.el5.i686.rpm
kernel-kdump-2.6.18-8.1.15.1.19.el5.i686.rpm
kernel-kdump-devel-2.6.18-8.1.15.1.19.el5.i686.rpm
kernel-ovs-2.6.18-8.1.15.1.19.el5.i686.rpm
kernel-ovs-devel-2.6.18-8.1.15.1.19.el5.i686.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/SRPMS-updates/kernel-2.6.18-8.1.15.1.19.el5.src.rpm
This update addresses following security issues:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6282
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6712
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2358
Description of changes:
[2.6.18-8.1.15.1.19.el5]
- fix utrace dead_engine ops race
- fix ptrace_attach leak
[2.6.18-8.1.15.1.18.el5]
- CVE-2007-5093: kernel PWC driver DoS
- CVE-2007-6282: IPSec ESP kernel panics
- CVE-2007-6712: kernel: infinite loop in highres timers (kernel hang)
- CVE-2008-1615: kernel: ptrace: Unprivileged crash on x86_64 %cs corruption
- CVE-2008-1294: kernel: setrlimit(RLIMIT_CPUINFO) with zero value
doesn't inherit properly across children
- CVE-2008-2136: kernel: sit memory leak
- CVE-2008-2812: kernel: NULL ptr dereference in multiple network
drivers due to missing checks in tty code
- restore linux-2.6-x86-clear-df-flag-for-signal-handlers.patch
- restore linux-2.6-utrace.patch / linux-2.6-xen-utrace.patch
[2.6.18-8.1.15.1.17.el5]
- Kernel security erratas for OVM 2.1.2 from bz#5932:
- CVE-2007-6063: isdn: fix possible isdn_net buffer overflows
- CVE-2007-3104 Null pointer to an inode in a dentry can cause an oops
in sysfs_readdir
- CVE-2008-0598: write() system call vulnerability
- CVE-2008-1375: kernel: race condition in dnotify
- CVE-2008-0001: kernel: filesystem corruption by unprivileged user via
directory truncation
- CVE-2008-2358: dccp: sanity check feature length
- CVE-2007-5938: NULL dereference in iwl driver
- RHSA-2008:0508: kernel: [x86_64] The string instruction version didn't
zero the output on exception.
- kernel: clear df flag for signal handlers
- fs: missing dput in do_lookup error leaks dentries
- sysfs: fix condition check in sysfs_drop_dentry()
- sysfs: fix race condition around sd->s_dentry
- ieee80211: off-by-two integer underflow
More information about the Oraclevm-errata
mailing list