[lkml] 20070129 [PATCH] Don't allow the stack to grow into hugetlb reserved regions

23955

26760

26955

26978

27436

27747

27913

29058

http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm

DSA-1378

DSA-1504

RHSA-2007:0705

RHSA-2007:0939

RHSA-2007:1049

USN-518-1

https://bugzilla.redhat.com/show_bug.cgi?id=253313

kernel-stack-expansion-dos(36592)

oval:org.mitre.oval:def:11455

From Red Hat Security Advisory 2007:1049 :

Updated kernel packages that fix several security issues and a bug in the Red Hat Enterprise Linux 3 kernel are now available.

This update has been rated as having important security impact by the Red Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

A flaw was found in the handling of process death signals. This allowed a local user to send arbitrary signals to the suid-process executed by that user. A successful exploitation of this flaw depends on the structure of the suid-program and its signal handling.
(CVE-2007-3848, Important)

A flaw was found in the IPv4 forwarding base. This allowed a local user to cause a denial of service. (CVE-2007-2172, Important)

A flaw was found where a corrupted executable file could cause cross-region memory mappings on Itanium systems. This allowed a local user to cause a denial of service. (CVE-2006-4538, Moderate)

A flaw was found in the stack expansion when using the hugetlb kernel on PowerPC systems. This allowed a local user to cause a denial of service. (CVE-2007-3739, Moderate)

A flaw was found in the aacraid SCSI driver. This allowed a local user to make ioctl calls to the driver that should be restricted to privileged users. (CVE-2007-4308, Moderate)

As well, these updated packages fix the following bug :

* a bug in the TCP header prediction code may have caused 'TCP:
Treason uncloaked!' messages to be logged. In certain situations this may have lead to TCP connections hanging or aborting.

Red Hat Enterprise Linux 3 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

From Red Hat Security Advisory 2007:0939 :

Updated kernel packages that fix various security issues in the Red Hat Enterprise Linux 4 kernel are now available.

This update has been rated as having important security impact by the Red Hat Security Response Team.

The Linux kernel is the core of the operating system.

These updated kernel packages contain fixes for the following security issues :

* A flaw was found in the handling of process death signals. This allowed a local user to send arbitrary signals to the suid-process executed by that user. A successful exploitation of this flaw depends on the structure of the suid-program and its signal handling.
(CVE-2007-3848, Important)

* A flaw was found in the CIFS file system. This could cause the umask values of a process to not be honored on CIFS file systems where UNIX extensions are supported. (CVE-2007-3740, Important)

* A flaw was found in the VFAT compat ioctl handling on 64-bit systems. This allowed a local user to corrupt a kernel_dirent struct and cause a denial of service. (CVE-2007-2878, Important)

* A flaw was found in the Advanced Linux Sound Architecture (ALSA). A local user who had the ability to read the /proc/driver/snd-page-alloc file could see portions of kernel memory. (CVE-2007-4571, Moderate)

* A flaw was found in the aacraid SCSI driver. This allowed a local user to make ioctl calls to the driver that should be restricted to privileged users. (CVE-2007-4308, Moderate)

* A flaw was found in the stack expansion when using the hugetlb kernel on PowerPC systems. This allowed a local user to cause a denial of service. (CVE-2007-3739, Moderate)

* A flaw was found in the handling of zombie processes. A local user could create processes that would not be properly reaped which could lead to a denial of service. (CVE-2006-6921, Moderate)

* A flaw was found in the CIFS file system handling. The mount option 'sec=' did not enable integrity checking or produce an error message if used. (CVE-2007-3843, Low)

* A flaw was found in the random number generator implementation that allowed a local user to cause a denial of service or possibly gain privileges. This flaw could be exploited if the root user raised the default wakeup threshold over the size of the output pool.
(CVE-2007-3105, Low)

Additionally, the following bugs were fixed :

* A flaw was found in the kernel netpoll code, creating a potential deadlock condition. If the xmit_lock for a given network interface is held, and a subsequent netpoll event is generated from within the lock owning context (a console message for example), deadlock on that cpu will result, because the netpoll code will attempt to re-acquire the xmit_lock. The fix is to, in the netpoll code, only attempt to take the lock, and fail if it is already acquired (rather than block on it), and queue the message to be sent for later delivery. Any user of netpoll code in the kernel (netdump or netconsole services), is exposed to this problem, and should resolve the issue by upgrading to this kernel release immediately.

* A flaw was found where, under 64-bit mode (x86_64), AMD processors were not able to address greater than a 40-bit physical address space;
and Intel processors were only able to address up to a 36-bit physical address space. The fix is to increase the physical addressing for an AMD processor to 48 bits, and an Intel processor to 38 bits. Please see the Red Hat Knowledgebase for more detailed information.

* A flaw was found in the xenU kernel that may prevent a paravirtualized guest with more than one CPU from starting when running under an Enterprise Linux 5.1 hypervisor. The fix is to allow your Enterprise Linux 4 Xen SMP guests to boot under a 5.1 hypervisor.
Please see the Red Hat Knowledgebase for more detailed information.

Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

From Red Hat Security Advisory 2007:0705 :

Updated kernel packages that fix various security issues in the Red Hat Enterprise Linux 5 kernel are now available.

This update has been rated as having important security impact by the Red Hat Security Response Team.

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the following security issues :

* a flaw in the DRM driver for Intel graphics cards that allowed a local user to access any part of the main memory. To access the DRM functionality a user must have access to the X server which is granted through the graphical login. This also only affected systems with an Intel 965 or later graphic chipset. (CVE-2007-3851, Important)

* a flaw in the VFAT compat ioctl handling on 64-bit systems that allowed a local user to corrupt a kernel_dirent struct and cause a denial of service (system crash). (CVE-2007-2878, Important)

* a flaw in the connection tracking support for SCTP that allowed a remote user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-2876, Important)

* flaw in the CIFS filesystem which could cause the umask values of a process to not be honored. This affected CIFS filesystems where the Unix extensions are supported. (CVE-2007-3740, Important)

* a flaw in the stack expansion when using the hugetlb kernel on PowerPC systems that allowed a local user to cause a denial of service. (CVE-2007-3739, Moderate)

* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a denial of service or potential remote access. Exploitation would require the attacker to be able to send arbitrary frames over the ISDN network to the victim's machine. (CVE-2007-1217, Moderate)

* a flaw in the cpuset support that allowed a local user to obtain sensitive information from kernel memory. To exploit this the cpuset filesystem would have to already be mounted. (CVE-2007-2875, Moderate)

* a flaw in the CIFS handling of the mount option 'sec=' that didn't enable integrity checking and didn't produce any error message.
(CVE-2007-3843, Low)

Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to correct these issues.

A flaw was found in the handling of process death signals. This allowed a local user to send arbitrary signals to the suid-process executed by that user. A successful exploitation of this flaw depends on the structure of the suid-program and its signal handling.
(CVE-2007-3848, Important)

A flaw was found in the IPv4 forwarding base. This allowed a local user to cause a denial of service. (CVE-2007-2172, Important)

A flaw was found where a corrupted executable file could cause cross-region memory mappings on Itanium systems. This allowed a local user to cause a denial of service. (CVE-2006-4538, Moderate)

A flaw was found in the stack expansion when using the hugetlb kernel on PowerPC systems. This allowed a local user to cause a denial of service. (CVE-2007-3739, Moderate)

A flaw was found in the aacraid SCSI driver. This allowed a local user to make ioctl calls to the driver that should be restricted to privileged users. (CVE-2007-4308, Moderate)

As well, these updated packages fix the following bug :

  - a bug in the TCP header prediction code may have caused     'TCP: Treason uncloaked!' messages to be logged. In     certain situations this may have lead to TCP connections     hanging or aborting.

- A flaw was found in the handling of process death     signals. This allowed a local user to send arbitrary     signals to the suid-process executed by that user. A     successful exploitation of this flaw depends on the     structure of the suid-program and its signal handling.
    (CVE-2007-3848, Important)

  - A flaw was found in the CIFS file system. This could     cause the umask values of a process to not be honored on     CIFS file systems where UNIX extensions are supported.
    (CVE-2007-3740, Important)

  - A flaw was found in the VFAT compat ioctl handling on     64-bit systems. This allowed a local user to corrupt a     kernel_dirent struct and cause a denial of service.
    (CVE-2007-2878, Important)

  - A flaw was found in the Advanced Linux Sound     Architecture (ALSA). A local user who had the ability to     read the /proc/driver/snd-page-alloc file could see     portions of kernel memory. (CVE-2007-4571, Moderate)

  - A flaw was found in the aacraid SCSI driver. This     allowed a local user to make ioctl calls to the driver     that should be restricted to privileged users.
    (CVE-2007-4308, Moderate)

  - A flaw was found in the stack expansion when using the     hugetlb kernel on PowerPC systems. This allowed a local     user to cause a denial of service. (CVE-2007-3739,     Moderate)

  - A flaw was found in the handling of zombie processes. A     local user could create processes that would not be     properly reaped which could lead to a denial of service.
    (CVE-2006-6921, Moderate)

  - A flaw was found in the CIFS file system handling. The     mount option 'sec=' did not enable integrity checking or     produce an error message if used. (CVE-2007-3843, Low)

  - A flaw was found in the random number generator     implementation that allowed a local user to cause a     denial of service or possibly gain privileges. This flaw     could be exploited if the root user raised the default     wakeup threshold over the size of the output pool.
    (CVE-2007-3105, Low)

Additionally, the following bugs were fixed :

  - A flaw was found in the kernel netpoll code, creating a     potential deadlock condition. If the xmit_lock for a     given network interface is held, and a subsequent     netpoll event is generated from within the lock owning     context (a console message for example), deadlock on     that cpu will result, because the netpoll code will     attempt to re-acquire the xmit_lock. The fix is to, in     the netpoll code, only attempt to take the lock, and     fail if it is already acquired (rather than block on     it), and queue the message to be sent for later     delivery. Any user of netpoll code in the kernel     (netdump or netconsole services), is exposed to this     problem, and should resolve the issue by upgrading to     this kernel release immediately.

  - A flaw was found where, under 64-bit mode (x86_64), AMD     processors were not able to address greater than a     40-bit physical address space; and Intel processors were     only able to address up to a 36-bit physical address     space. The fix is to increase the physical addressing     for an AMD processor to 48 bits, and an Intel processor     to 38 bits.

  - A flaw was found in the xenU kernel that may prevent a     paravirtualized guest with more than one CPU from     starting when running under an Scientific Linux 5.1     hypervisor. The fix is to allow your Scientific Linux 4     Xen SMP guests to boot under a 5.1 hypervisor.

Updated kernel packages that fix various security issues in the Red Hat Enterprise Linux 5 kernel are now available.

This update has been rated as having important security impact by the Red Hat Security Response Team.

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the following security issues :

* a flaw in the DRM driver for Intel graphics cards that allowed a local user to access any part of the main memory. To access the DRM functionality a user must have access to the X server which is granted through the graphical login. This also only affected systems with an Intel 965 or later graphic chipset. (CVE-2007-3851, Important)

* a flaw in the VFAT compat ioctl handling on 64-bit systems that allowed a local user to corrupt a kernel_dirent struct and cause a denial of service (system crash). (CVE-2007-2878, Important)

* a flaw in the connection tracking support for SCTP that allowed a remote user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-2876, Important)

* flaw in the CIFS filesystem which could cause the umask values of a process to not be honored. This affected CIFS filesystems where the Unix extensions are supported. (CVE-2007-3740, Important)

* a flaw in the stack expansion when using the hugetlb kernel on PowerPC systems that allowed a local user to cause a denial of service. (CVE-2007-3739, Moderate)

* a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a denial of service or potential remote access. Exploitation would require the attacker to be able to send arbitrary frames over the ISDN network to the victim's machine. (CVE-2007-1217, Moderate)

* a flaw in the cpuset support that allowed a local user to obtain sensitive information from kernel memory. To exploit this the cpuset filesystem would have to already be mounted. (CVE-2007-2875, Moderate)

* a flaw in the CIFS handling of the mount option 'sec=' that didn't enable integrity checking and didn't produce any error message.
(CVE-2007-3843, Low)

Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to correct these issues.

Updated kernel packages that fix various security issues in the Red Hat Enterprise Linux 4 kernel are now available.

This update has been rated as having important security impact by the Red Hat Security Response Team.

The Linux kernel is the core of the operating system.

These updated kernel packages contain fixes for the following security issues :

* A flaw was found in the handling of process death signals. This allowed a local user to send arbitrary signals to the suid-process executed by that user. A successful exploitation of this flaw depends on the structure of the suid-program and its signal handling.
(CVE-2007-3848, Important)

* A flaw was found in the CIFS file system. This could cause the umask values of a process to not be honored on CIFS file systems where UNIX extensions are supported. (CVE-2007-3740, Important)

* A flaw was found in the VFAT compat ioctl handling on 64-bit systems. This allowed a local user to corrupt a kernel_dirent struct and cause a denial of service. (CVE-2007-2878, Important)

* A flaw was found in the Advanced Linux Sound Architecture (ALSA). A local user who had the ability to read the /proc/driver/snd-page-alloc file could see portions of kernel memory. (CVE-2007-4571, Moderate)

* A flaw was found in the aacraid SCSI driver. This allowed a local user to make ioctl calls to the driver that should be restricted to privileged users. (CVE-2007-4308, Moderate)

* A flaw was found in the stack expansion when using the hugetlb kernel on PowerPC systems. This allowed a local user to cause a denial of service. (CVE-2007-3739, Moderate)

* A flaw was found in the handling of zombie processes. A local user could create processes that would not be properly reaped which could lead to a denial of service. (CVE-2006-6921, Moderate)

* A flaw was found in the CIFS file system handling. The mount option 'sec=' did not enable integrity checking or produce an error message if used. (CVE-2007-3843, Low)

* A flaw was found in the random number generator implementation that allowed a local user to cause a denial of service or possibly gain privileges. This flaw could be exploited if the root user raised the default wakeup threshold over the size of the output pool.
(CVE-2007-3105, Low)

Additionally, the following bugs were fixed :

* A flaw was found in the kernel netpoll code, creating a potential deadlock condition. If the xmit_lock for a given network interface is held, and a subsequent netpoll event is generated from within the lock owning context (a console message for example), deadlock on that cpu will result, because the netpoll code will attempt to re-acquire the xmit_lock. The fix is to, in the netpoll code, only attempt to take the lock, and fail if it is already acquired (rather than block on it), and queue the message to be sent for later delivery. Any user of netpoll code in the kernel (netdump or netconsole services), is exposed to this problem, and should resolve the issue by upgrading to this kernel release immediately.

* A flaw was found where, under 64-bit mode (x86_64), AMD processors were not able to address greater than a 40-bit physical address space;
and Intel processors were only able to address up to a 36-bit physical address space. The fix is to increase the physical addressing for an AMD processor to 48 bits, and an Intel processor to 38 bits. Please see the Red Hat Knowledgebase for more detailed information.

* A flaw was found in the xenU kernel that may prevent a paravirtualized guest with more than one CPU from starting when running under an Enterprise Linux 5.1 hypervisor. The fix is to allow your Enterprise Linux 4 Xen SMP guests to boot under a 5.1 hypervisor.
Please see the Red Hat Knowledgebase for more detailed information.

Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2006-5823     LMH reported a potential local DoS which could be     exploited by a malicious user with the privileges to     mount and read a corrupted cramfs filesystem.

  - CVE-2006-6054     LMH reported a potential local DoS which could be     exploited by a malicious user with the privileges to     mount and read a corrupted ext2 filesystem.

  - CVE-2006-6058     LMH reported an issue in the minix filesystem that     allows local users with mount privileges to create a DoS     (printk flood) by mounting a specially crafted corrupt     filesystem.

  - CVE-2006-7203     OpenVZ Linux kernel team reported an issue in the smbfs     filesystem which can be exploited by local users to     cause a DoS (oops) during mount.

  - CVE-2007-1353     Ilja van Sprundel discovered that kernel memory could be     leaked via the Bluetooth setsockopt call due to an     uninitialized stack buffer. This could be used by local     attackers to read the contents of sensitive kernel     memory.

  - CVE-2007-2172     Thomas Graf reported a typo in the DECnet protocol     handler that could be used by a local attacker to     overrun an array via crafted packets, potentially     resulting in a Denial of Service (system crash). A     similar issue exists in the IPV4 protocol handler and     will be fixed in a subsequent update.

  - CVE-2007-2525     Florian Zumbiehl discovered a memory leak in the PPPOE     subsystem caused by releasing a socket before     PPPIOCGCHAN is called upon it. This could be used by a     local user to DoS a system by consuming all available     memory.

  - CVE-2007-3105     The PaX Team discovered a potential buffer overflow in     the random number generator which may permit local users     to cause a denial of service or gain additional     privileges. This issue is not believed to effect default     Debian installations where only root has sufficient     privileges to exploit it.

  - CVE-2007-3739     Adam Litke reported a potential local denial of service     (oops) on powerpc platforms resulting from unchecked VMA     expansion into address space reserved for hugetlb pages.

  - CVE-2007-3740     Steve French reported that CIFS filesystems with     CAP_UNIX enabled were not honoring a process' umask     which may lead to unintentionally relaxed permissions.

  - CVE-2007-3848     Wojciech Purczynski discovered that pdeath_signal was     not being reset properly under certain conditions which     may allow local users to gain privileges by sending     arbitrary signals to suid binaries.

  - CVE-2007-4133     Hugh Dickins discovered a potential local DoS (panic) in     hugetlbfs. A misconversion of hugetlb_vmtruncate_list to     prio_tree may allow local users to trigger a BUG_ON()     call in exit_mmap.

  - CVE-2007-4308     Alan Cox reported an issue in the aacraid driver that     allows unprivileged local users to make ioctl calls     which should be restricted to admin privileges.

  - CVE-2007-4573     Wojciech Purczynski discovered a vulnerability that can     be exploited by a local user to obtain superuser     privileges on x86_64 systems. This resulted from     improper clearing of the high bits of registers during     ia32 system call emulation. This vulnerability is     relevant to the Debian amd64 port as well as users of     the i386 port who run the amd64 linux-image flavour.

  - CVE-2007-5093     Alex Smith discovered an issue with the pwc driver for     certain webcam devices. If the device is removed while a     userspace application has it open, the driver will wait     for userspace to close the device, resulting in a     blocked USB subsystem. This issue is of low security     impact as it requires the attacker to either have     physical access to the system or to convince a user with     local access to remove the device on their behalf.

  - CVE-2007-6063     Venustech AD-LAB discovered a a buffer overflow in the     isdn ioctl handling, exploitable by a local user.

  - CVE-2007-6151     ADLAB discovered a possible memory overrun in the ISDN     subsystem that may permit a local user to overwrite     kernel memory by issuing ioctls with unterminated data.

  - CVE-2007-6206     Blake Frantz discovered that when a core file owned by a     non-root user exists, and a root-owned process dumps     core over it, the core file retains its original     ownership. This could be used by a local user to gain     access to sensitive information.

  - CVE-2007-6694     Cyrill Gorcunov reported a NULL pointer dereference in     code specific to the CHRP PowerPC platforms. Local users     could exploit this issue to achieve a Denial of Service     (DoS).

  - CVE-2008-0007     Nick Piggin of SuSE discovered a number of issues in     subsystems which register a fault handler for memory     mapped areas. This issue can be exploited by local users     to achieve a Denial of Service (DoS) and possibly     execute arbitrary code.

The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update :

                             Debian 3.1 (sarge)            kernel-image-2.6.8-alpha    2.6.8-17sarge1                kernel-image-2.6.8-amd64    2.6.8-17sarge1                kernel-image-2.6.8-hppa     2.6.8-7sarge1                 kernel-image-2.6.8-i386     2.6.8-17sarge1                kernel-image-2.6.8-ia64     2.6.8-15sarge1                kernel-image-2.6.8-m68k     2.6.8-5sarge1                 kernel-image-2.6.8-s390     2.6.8-6sarge1                 kernel-image-2.6.8-sparc    2.6.8-16sarge1                kernel-patch-powerpc-2.6.8  2.6.8-13sarge1                fai-kernels                 1.9.1sarge8

Updated kernel packages that fix several security issues and a bug in the Red Hat Enterprise Linux 3 kernel are now available.

This update has been rated as having important security impact by the Red Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

A flaw was found in the handling of process death signals. This allowed a local user to send arbitrary signals to the suid-process executed by that user. A successful exploitation of this flaw depends on the structure of the suid-program and its signal handling.
(CVE-2007-3848, Important)

A flaw was found in the IPv4 forwarding base. This allowed a local user to cause a denial of service. (CVE-2007-2172, Important)

A flaw was found where a corrupted executable file could cause cross-region memory mappings on Itanium systems. This allowed a local user to cause a denial of service. (CVE-2006-4538, Moderate)

A flaw was found in the stack expansion when using the hugetlb kernel on PowerPC systems. This allowed a local user to cause a denial of service. (CVE-2007-3739, Moderate)

A flaw was found in the aacraid SCSI driver. This allowed a local user to make ioctl calls to the driver that should be restricted to privileged users. (CVE-2007-4308, Moderate)

As well, these updated packages fix the following bug :

* a bug in the TCP header prediction code may have caused 'TCP:
Treason uncloaked!' messages to be logged. In certain situations this may have lead to TCP connections hanging or aborting.

Red Hat Enterprise Linux 3 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

Evan Teran discovered that the Linux kernel ptrace routines did not correctly handle certain requests robustly. Local attackers could exploit this to crash the system, causing a denial of service.
(CVE-2007-3731)

It was discovered that hugetlb kernels on PowerPC systems did not prevent the stack from colliding with reserved kernel memory. Local attackers could exploit this and crash the system, causing a denial of service. (CVE-2007-3739)

It was discovered that certain CIFS filesystem actions did not honor the umask of a process. Local attackers could exploit this to gain additional privileges. (CVE-2007-3740)

Wojciech Purczynski discovered that the Linux kernel ia32 syscall emulation in x86_64 kernels did not correctly clear the high bits of registers. Local attackers could exploit this to gain root privileges.
(CVE-2007-4573).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2007-3731     Evan Teran discovered a potential local denial of     service (oops) in the handling of PTRACE_SETREGS and     PTRACE_SINGLESTEP requests.

  - CVE-2007-3739     Adam Litke reported a potential local denial of service     (oops) on powerpc platforms resulting from unchecked VMA     expansion into address space reserved for hugetlb pages.

  - CVE-2007-3740     Matt Keenan reported that CIFS filesystems with CAP_UNIX     enabled were not honoring a process' umask which may     lead to unintentionally relaxed permissions.

  - CVE-2007-4573     Wojciech Purczynski discovered a vulnerability that can     be exploited by a local user to obtain superuser     privileges on x86_64 systems. This resulted from     improper clearing of the high bits of registers during     ia32 system call emulation. This vulnerability is     relevant to the Debian amd64 port as well as users of     the i386 port who run the amd64 linux-image flavour.

  - CVE-2007-4849     Michael Stone reported an issue with the JFFS2     filesystem. Legacy modes for inodes that were created     with POSIX ACL support enabled were not being written     out to the medium, resulting in incorrect permissions     upon remount.

These problems have been fixed in the stable distribution in version 2.6.18.dfsg.1-13etch3.

This advisory has been updated to include a build for the arm architecture, which was not yet available at the time of DSA-1378-1.

The following matrix lists additional packages that were rebuilt for compatibility with or to take advantage of this update :

                           Debian 4.0 (etch)           fai-kernels               1.17+etch.13etch3           user-mode-linux           2.6.18-1um-2etch.13etch3

The remote CentOS system is missing a security update which has been documented in Red Hat advisory RHSA-2007-1049.

The remote CentOS system is missing a security update which has been documented in Red Hat advisory RHSA-2007-0939.

The remote CentOS system is missing a security update which has been documented in Red Hat advisory RHSA-2007-0705.

ID	Name	Product	Family	Severity
67609	Oracle Linux 3 : kernel (ELSA-2007-1049)	Nessus	Oracle Linux Local Security Checks	medium
67580	Oracle Linux 4 : kernel (ELSA-2007-0939)	Nessus	Oracle Linux Local Security Checks	medium
67543	Oracle Linux 5 : kernel (ELSA-2007-0705)	Nessus	Oracle Linux Local Security Checks	medium
60321	Scientific Linux Security Update : kernel on SL3.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
60280	Scientific Linux Security Update : kernel on SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
43648	CentOS 5 : kernel (CESA-2007:0705)	Nessus	CentOS Local Security Checks	medium
37953	CentOS 4 : kernel (CESA-2007:0939)	Nessus	CentOS Local Security Checks	medium
31148	Debian DSA-1504-1 : kernel-source-2.6.8 - several vulnerabilities	Nessus	Debian Local Security Checks	high
29203	RHEL 3 : kernel (RHSA-2007:1049)	Nessus	Red Hat Local Security Checks	medium
29190	CentOS 3 : kernel (CESA-2007:1049)	Nessus	CentOS Local Security Checks	medium
28123	Ubuntu 6.06 LTS / 6.10 / 7.04 : linux-source-2.6.15, linux-source-2.6.17, linux-source-2.6.20 vulnerabilities (USN-518-1)	Nessus	Ubuntu Local Security Checks	high
27616	RHEL 4 : kernel (RHSA-2007:0939)	Nessus	Red Hat Local Security Checks	medium
26208	Debian DSA-1378-2 : linux-2.6 - several vulnerabilities	Nessus	Debian Local Security Checks	high
26050	RHEL 5 : kernel (RHSA-2007:0705)	Nessus	Red Hat Local Security Checks	medium
801441	CentOS RHSA-2007-1049 Security Check	Log Correlation Engine	Generic	high
801439	CentOS RHSA-2007-0939 Security Check	Log Correlation Engine	Generic	high
801434	CentOS RHSA-2007-0705 Security Check	Log Correlation Engine	Generic	high

CVE-2007-3739

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins