[LU-877] Kernel update [RHEL6.1 2.6.32-131.21.1.el6] Created: 24/Nov/11  Updated: 29/Jan/12  Resolved: 29/Jan/12

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: Lustre 1.8.7
Fix Version/s: None

Type: Improvement Priority: Minor
Reporter: Yang Sheng Assignee: Yang Sheng
Resolution: Fixed Votes: 0
Labels: None

Rank (Obsolete): 10656

 Description   

This update fixes the following security issues:

  • IPv6 fragment identification value generation could allow a remote
    attacker to disrupt a target system's networking, preventing legitimate
    users from accessing its services. (CVE-2011-2699, Important)
  • A signedness issue was found in the Linux kernel's CIFS (Common Internet
    File System) implementation. A malicious CIFS server could send a
    specially-crafted response to a directory read request that would result in
    a denial of service or privilege escalation on a system that has a CIFS
    share mounted. (CVE-2011-3191, Important)
  • A flaw was found in the way the Linux kernel handled fragmented IPv6 UDP
    datagrams over the bridge with UDP Fragmentation Offload (UFO)
    functionality on. A remote attacker could use this flaw to cause a denial
    of service. (CVE-2011-4326, Important)
  • The way IPv4 and IPv6 protocol sequence numbers and fragment IDs were
    generated could allow a man-in-the-middle attacker to inject packets and
    possibly hijack connections. Protocol sequence numbers and fragment IDs are
    now more random. (CVE-2011-3188, Moderate)
  • A buffer overflow flaw was found in the Linux kernel's FUSE (Filesystem
    in Userspace) implementation. A local user in the fuse group who has access
    to mount a FUSE file system could use this flaw to cause a denial of
    service. (CVE-2011-3353, Moderate)
  • A flaw was found in the b43 driver in the Linux kernel. If a system had
    an active wireless interface that uses the b43 driver, an attacker able to
    send a specially-crafted frame to that interface could cause a denial of
    service. (CVE-2011-3359, Moderate)
  • A flaw was found in the way CIFS shares with DFS referrals at their root
    were handled. An attacker on the local network who is able to deploy a
    malicious CIFS server could create a CIFS network share that, when mounted,
    would cause the client system to crash. (CVE-2011-3363, Moderate)
  • A flaw was found in the way the Linux kernel handled VLAN 0 frames with
    the priority tag set. When using certain network drivers, an attacker on
    the local network could use this flaw to cause a denial of service.
    (CVE-2011-3593, Moderate)
  • A flaw in the way memory containing security-related data was handled in
    tpm_read() could allow a local, unprivileged user to read the results of a
    previously run TPM command. (CVE-2011-1162, Low)
  • A heap overflow flaw was found in the Linux kernel's EFI GUID Partition
    Table (GPT) implementation. A local attacker could use this flaw to cause
    a denial of service by mounting a disk that contains specially-crafted
    partition tables. (CVE-2011-1577, Low)
  • The I/O statistics from the taskstats subsystem could be read without
    any restrictions. A local, unprivileged user could use this flaw to gather
    confidential information, such as the length of a password used in a
    process. (CVE-2011-2494, Low)
  • It was found that the perf tool, a part of the Linux kernel's Performance
    Events implementation, could load its configuration file from the current
    working directory. If a local user with access to the perf tool were
    tricked into running perf in a directory that contains a specially-crafted
    configuration file, it could cause perf to overwrite arbitrary files and
    directories accessible to that user. (CVE-2011-2905, Low)

 Comments   
Comment by Yang Sheng [ 29/Jan/12 ]

Close since RHEL6.2 has released.

Generated at Sat Feb 10 01:11:15 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.