kernel 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1250584048
업데이트 : 2009.08.18
상세내용
2.4.37-4 update
- update 2.4.37.5
- build: fix genksyms segfault in pcigame.c
- build: do not let genksyms silently fail anymore
- net: fix possible NULL dereference in sock_sendpage()
- tulip: Fix for MTU problems with 802.1q tagged frames
- lib: memcmp must be exported without module versioning
- lib: fix again memcmp export issues in the arch ksyms only
- usb-storage: fix "READ CAPACITY failed" errors with USB flash drives
- md/raid5: silent out the "switching cache buffer size" messages
- personality: clear MMAP_PAGE_ZERO on exec if mmap_min_addr is set
- kernel/resource.c: fix sign extension in reserve_setup()
- vlan: Slab memleak fix
- br2684: allocation out of atomic context
- br2684: fix double freeing skb
- usb: pr_debug ehci structure bug
- usb: Add support for Teac HD-35PU
- r8169: fix erroneous receive packet size settings
- r8169: reject fragmented frames to prevent panics with large frames
- r8169: avoid rx descriptors leak when receiving erroneous frames
- r8169: reset the chip on receive fifo overflows
- r8169: rate-limit the messages displayed in interrupt context
- agp: remove uid comparison as security check
- ipv6: Disallow rediculious flowlabel option sizes.
- net: amend the fix for SO_BSDCOMPAT gsopt infoleak
- e1000: fix bug with shared interrupt during reset
- e1000: add missing length check to e1000 receive routine
- sctp: Avoid memory overflow while FWD-TSN chunk is received with bad stream ID
- exit_notify: fix regression uncovered by the CAP_KILL fix
- af_rose/x25: Sanity check the maximum user frame size
- exit_notify: kill the wrong capable(CAP_KILL) check
- copy_process: fix CLONE_PARENT && parent_exec_id interaction
- CAP_FS_MASK: add CAP_LINUX_IMMUTABLE and CAP_MKNOD
- ATM: ensure we don't listen twice on a socket
- bonding: fix panic when taking bond interface down before removing module
- forcedeth: fix checksum flag
- net: Fix recursive descent in __scm_destroy().
- ext: Avoid printk floods in the face of directory
- hfsplus: fix Buffer overflow with a corrupted image
- netfilter: snmp nat leaks memory in case of failure
- backport vlan device unregister fix
- security: avoid calling a NULL function pointer in drivers/video/tvaudio.c
- tcp: Clear probes_out more aggressively in tcp_ack().
- x86 would not build without CONFIG_VT
- pc_keyb: fix breakage on ia64/mips/mips64
- netfilter: ip6t_{hbh,dst}: Rejects not-strict mode on rule insertion
- [PPPOE]: Missing result check in __pppoe_xmit().
- udf: fix uid/gid permissions
- net pppoe: Check packet length on all receive paths
- ipv6: use timer pending
- sctp: Do not leak memory on multiple listen() calls
- sctp: Allow only 1 listening socket with SO_REUSEADDR
- sky2: fix uninitialized "mss" variable in sky2_xmit_frame()
- Correct the upto value during list conntrack information
- 3c980-TX needs EXTRA_PREAMBLE
- ACPI: check a return value correctly in acpi_power_get_context()
- signal.h: use an explicit cast to silent compiler warnings
driver update
- update megaraid_sas driver to 04.08
- update 3w-9xxx driver to 9.5.2
- update aacraid driver to 1.1.5-2453
- update bnx2 driver to 1.8.5b
- update e1000 driver to 8.0.9
- update r8168 driver to 8.013.00
- update tg3 driver to 3.92n
security issue
- CVE-2009-2692 fix possible NULL dereference in sock_sendpage()
- CVE-2008-1673 asn1: additional sanity checking during BER decoding
- CVE-2008-2136 sit: Add missing kfree_skb() on pskb_may_pull() failure
- CVE-2008-2826 sctp: Make sure N * sizeof(union sctp_addr) does not overflow
- CVE-2008-3525 wan: Missing capability checks in sbni_ioctl()
- CVE-2005-0504 old buffer overflow in moxa driver
- CVE-2008-5300 Fix soft lockups/OOM issues w/ unix garbage collector
- CVE-2008-3275 Linux kernel local filesystem DoS
- CVE-2008-4210 Remove suid/sgid bits on truncate()
AAR 81XX Driver support:
ftp://mirror.XX.oops.org/pub/AnNyung/1.0/Packages/kernel 에서 해당 드라이브 image
를 구할 수 있습니다.
Intel Core 2 이상의 CPU 에서 RAM 4G 이상 사용할 경우에는 bigmem 커널을 이용해야
4G 가 인식이 됩니다. (Opteron Dual core 장비에서는 테스트를 못해 봤습니다. ^^)
Autoupdates 지원 : Pakcages System
pkgkernel 이용
http://annyung.oops.org/?m=pkgadm&p=pkgkernel 참조
update 패키지
RPMS :
. kernel-2.4.37-4.i686.rpm
. kernel-bigmem-2.4.37-4.i686.rpm
. kernel-PIII-2.4.37-4.i686.rpm
. kernel-PIV-2.4.37-4.i686.rpm
. kernel-source-2.4.37-4.i386.rpm
. kernel-header-2.4.37-4.i386.rpm
SRPMS :
. kernel-2.4.37-4.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3525
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5300
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4210
|