Red Hat 9038 Published by

Red Hat has released the following kernel updates: [RHSA-2012:1541-01] Moderate: kernel security and bug fix update, [RHSA-2012:1540-01] Important: kernel security, bug fix, and enhancement update, and [RHSA-2012:1491-01] Important: kernel-rt security and bug fix update



[RHSA-2012:1541-01] Moderate: kernel security and bug fix update
=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: kernel security and bug fix update
Advisory ID: RHSA-2012:1541-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1541.html
Issue date: 2012-12-04
CVE Names: CVE-2011-4131 CVE-2012-2313
=====================================================================

1. Summary:

Updated kernel packages that fix two security issues and several bugs are
now available for Red Hat Enterprise Linux 6.2 Extended Update Support.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server EUS (v. 6.2) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 6.2) - i386, ppc64, s390x, x86_64

3. Description:

These packages contain the Linux kernel.

Security fixes:

* A malicious NFSv4 server could return a crafted reply to a GETACL
request, causing a denial of service on the client. (CVE-2011-4131,
Moderate)

* A flaw in the dl2k driver could allow a local, unprivileged user to issue
potentially harmful IOCTLs, possibly causing Ethernet adapters using the
driver to malfunction (such as losing network connectivity).
(CVE-2012-2313, Low)

Red Hat would like to thank Andy Adamson for reporting CVE-2011-4131, and
Stephan Mueller for reporting CVE-2012-2313.

Bug fixes:

* A kernel oops occurred in the nf_nat code when a bogus pointer was
dereferenced in the nf_conn_nat structure. Consequently, if Source Network
Address Translation (SNAT) was performed, incorrect information could be
received by other CTS (Clear to Send) signals. A conntrack entry is now
placed in the source hash after SNAT has been completed, which prevents the
described problems. (BZ#865715)

* Previously, the ixgbe_setup_tc() function was called recursively when the
set_state() CEE (Convergence Enhanced Ethernet) API routine was called in
IEEE DCBX (Data Center Bridging eXchange) mode. This is considered unsafe
according to the IEEE standards. With this update, the ixgbe driver has
been modified to no longer call the set_state() routine in IEEE DCBX mode.
The driver now calls routines of the PFC (Priority-based Flow Control) and
ETS (Enhanced Transmission Selection) extensions instead of the CEE
extension routines in IEEE DCBX mode. (BZ#867859)

* A Symmetric Multi Processing (SMP) race condition between the munmap()
and exit() function could lead to false-positive triggering of the BUG_ON()
macro if Transparent Huge Pages (THP) were enabled. This update fixes the
race condition, which avoids false-positive triggering of the BUG_ON()
macro in this scenario. (BZ#875121)

* The kernel allows high priority real time tasks, such as tasks scheduled
with the SCHED_FIFO policy, to be throttled. Previously, the CPU stop tasks
were scheduled as high priority real time tasks and could be thus throttled
accordingly. However, the replenishment timer, which is responsible for
clearing a throttle flag on tasks, could be pending on the just disabled
CPU. This could lead to the situation that the throttled tasks were never
scheduled to run. Consequently, if any of such tasks was needed to complete
the CPU disabling, the system became unresponsive. This update introduces a
new scheduler class, which gives a task the highest possible system
priority and such a task cannot be throttled. The stop-task scheduling
class is now used for the CPU stop tasks, and the system shutdown completes
as expected in the scenario described. (BZ#876078)

* Previously, XFS log buffers were handled incorrectly so that XFS could,
in certain circumstances, incorrectly read metadata from the journal during
XFS log recovery. As a consequence, XFS log recovery terminated with an
error message and prevented the file system from being mounted. This
problem could result in a loss of data if the user forcibly emptied the log
to allow the file system to be mounted. This update ensures that metadata
is read correctly from the log and journal recovery thus completes
successfully, and the file system mounts as expected. (BZ#876498)

* Previously, kernel was allowed to reduce the number of unnecessary commit
calls by skipping the commit when there was a large number of outstanding
pages being written. However, a test on the number of commits (ncommit) did
not properly handle the edge case when ncommit was zero. Consequently,
inodes sometimes remained on the sb->s_dirty list and could not be freed by
the inode cache shrinker. As a result, the nfs_inode_cache structure grew
very large over time. With this update, the call to the nfs_write_inode()
function is immediately returned when commit == 0, thus fixing this bug.
(BZ#877394)

4. Solution:

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

747106 - CVE-2011-4131 kernel: nfs4_getfacl decoding kernel oops
818820 - CVE-2012-2313 kernel: unfiltered netdev rio_ioctl access by users

6. Package List:

Red Hat Enterprise Linux Server EUS (v. 6.2):

Source:
kernel-2.6.32-220.30.1.el6.src.rpm

i386:
kernel-2.6.32-220.30.1.el6.i686.rpm
kernel-debug-2.6.32-220.30.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-220.30.1.el6.i686.rpm
kernel-debug-devel-2.6.32-220.30.1.el6.i686.rpm
kernel-debuginfo-2.6.32-220.30.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.30.1.el6.i686.rpm
kernel-devel-2.6.32-220.30.1.el6.i686.rpm
kernel-headers-2.6.32-220.30.1.el6.i686.rpm
perf-2.6.32-220.30.1.el6.i686.rpm
perf-debuginfo-2.6.32-220.30.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-220.30.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-220.30.1.el6.noarch.rpm
kernel-firmware-2.6.32-220.30.1.el6.noarch.rpm

ppc64:
kernel-2.6.32-220.30.1.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-220.30.1.el6.ppc64.rpm
kernel-debug-2.6.32-220.30.1.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-220.30.1.el6.ppc64.rpm
kernel-debug-devel-2.6.32-220.30.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-220.30.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-220.30.1.el6.ppc64.rpm
kernel-devel-2.6.32-220.30.1.el6.ppc64.rpm
kernel-headers-2.6.32-220.30.1.el6.ppc64.rpm
perf-2.6.32-220.30.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-220.30.1.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-220.30.1.el6.ppc64.rpm

s390x:
kernel-2.6.32-220.30.1.el6.s390x.rpm
kernel-debug-2.6.32-220.30.1.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-220.30.1.el6.s390x.rpm
kernel-debug-devel-2.6.32-220.30.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-220.30.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-220.30.1.el6.s390x.rpm
kernel-devel-2.6.32-220.30.1.el6.s390x.rpm
kernel-headers-2.6.32-220.30.1.el6.s390x.rpm
kernel-kdump-2.6.32-220.30.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-220.30.1.el6.s390x.rpm
kernel-kdump-devel-2.6.32-220.30.1.el6.s390x.rpm
perf-2.6.32-220.30.1.el6.s390x.rpm
perf-debuginfo-2.6.32-220.30.1.el6.s390x.rpm
python-perf-debuginfo-2.6.32-220.30.1.el6.s390x.rpm

x86_64:
kernel-2.6.32-220.30.1.el6.x86_64.rpm
kernel-debug-2.6.32-220.30.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-220.30.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-220.30.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.30.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.30.1.el6.x86_64.rpm
kernel-devel-2.6.32-220.30.1.el6.x86_64.rpm
kernel-headers-2.6.32-220.30.1.el6.x86_64.rpm
perf-2.6.32-220.30.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.30.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-220.30.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 6.2):

Source:
kernel-2.6.32-220.30.1.el6.src.rpm

i386:
kernel-debug-debuginfo-2.6.32-220.30.1.el6.i686.rpm
kernel-debuginfo-2.6.32-220.30.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.30.1.el6.i686.rpm
perf-debuginfo-2.6.32-220.30.1.el6.i686.rpm
python-perf-2.6.32-220.30.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-220.30.1.el6.i686.rpm

ppc64:
kernel-debug-debuginfo-2.6.32-220.30.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-220.30.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-220.30.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-220.30.1.el6.ppc64.rpm
python-perf-2.6.32-220.30.1.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-220.30.1.el6.ppc64.rpm

s390x:
kernel-debug-debuginfo-2.6.32-220.30.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-220.30.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-220.30.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-220.30.1.el6.s390x.rpm
perf-debuginfo-2.6.32-220.30.1.el6.s390x.rpm
python-perf-2.6.32-220.30.1.el6.s390x.rpm
python-perf-debuginfo-2.6.32-220.30.1.el6.s390x.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-220.30.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.30.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.30.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.30.1.el6.x86_64.rpm
python-perf-2.6.32-220.30.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-220.30.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-4131.html
https://www.redhat.com/security/data/cve/CVE-2012-2313.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
[RHSA-2012:1540-01] Important: kernel security, bug fix, and enhancement update
=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel security, bug fix, and enhancement update
Advisory ID: RHSA-2012:1540-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1540.html
Issue date: 2012-12-04
CVE Names: CVE-2012-2372 CVE-2012-3552 CVE-2012-4508
CVE-2012-4535 CVE-2012-4537 CVE-2012-5513
=====================================================================

1. Summary:

Updated kernel packages that fix multiple security issues, two bugs, and
add two enhancements are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

3. Description:

These packages contain the Linux kernel.

Security fixes:

* A race condition in the way asynchronous I/O and fallocate() interacted
when using ext4 could allow a local, unprivileged user to obtain random
data from a deleted file. (CVE-2012-4508, Important)

* A flaw in the way the Xen hypervisor implementation range checked guest
provided addresses in the XENMEM_exchange hypercall could allow a
malicious, para-virtualized guest administrator to crash the hypervisor or,
potentially, escalate their privileges, allowing them to execute arbitrary
code at the hypervisor level. (CVE-2012-5513, Important)

* A flaw in the Reliable Datagram Sockets (RDS) protocol implementation
could allow a local, unprivileged user to cause a denial of service.
(CVE-2012-2372, Moderate)

* A race condition in the way access to inet->opt ip_options was
synchronized in the Linux kernel's TCP/IP protocol suite implementation.
Depending on the network facing applications running on the system, a
remote attacker could possibly trigger this flaw to cause a denial of
service. A local, unprivileged user could use this flaw to cause a denial
of service regardless of the applications the system runs. (CVE-2012-3552,
Moderate)

* The Xen hypervisor implementation did not properly restrict the period
values used to initialize per VCPU periodic timers. A privileged guest user
could cause an infinite loop on the physical CPU. If the watchdog were
enabled, it would detect said loop and panic the host system.
(CVE-2012-4535, Moderate)

* A flaw in the way the Xen hypervisor implementation handled
set_p2m_entry() error conditions could allow a privileged,
fully-virtualized guest user to crash the hypervisor. (CVE-2012-4537,
Moderate)

Red Hat would like to thank Theodore Ts'o for reporting CVE-2012-4508; the
Xen project for reporting CVE-2012-5513, CVE-2012-4535, and CVE-2012-4537;
and Hafid Lin for reporting CVE-2012-3552. Upstream acknowledges Dmitry
Monakhov as the original reporter of CVE-2012-4508. CVE-2012-2372 was
discovered by Li Honggang of Red Hat.

Bug fixes:

* Previously, the interrupt handlers of the qla2xxx driver could clear
pending interrupts right after the IRQ lines were attached during system
start-up. Consequently, the kernel could miss the interrupt that reported
completion of the link initialization, and the qla2xxx driver then failed
to detect all attached LUNs. With this update, the qla2xxx driver has been
modified to no longer clear interrupt bits after attaching the IRQ lines.
The driver now correctly detects all attached LUNs as expected. (BZ#870118)

* The Ethernet channel bonding driver reported the MII (Media Independent
Interface) status of the bond interface in 802.3ad mode as being up even
though the MII status of all of the slave devices was down. This could pose
a problem if the MII status of the bond interface was used to determine if
failover should occur. With this update, the agg_device_up() function has
been added to the bonding driver, which allows the driver to report the
link status of the bond interface correctly, that is, down when all of its
slaves are down, in the 802.3ad mode. (BZ#877943)

Enhancements:

* This update backports several changes from the latest upstream version of
the bnx2x driver. The most important change, the remote-fault link
detection feature, allows the driver to periodically scan the physical link
layer for remote faults. If the physical link appears to be up and a fault
is detected, the driver indicates that the link is down. When the fault is
cleared, the driver indicates that the link is up again. (BZ#870120)

* The INET socket interface has been modified to send a warning message
when the ip_options structure is allocated directly by a third-party module
using the kmalloc() function. (BZ#874973)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues and add these enhancements. The system must
be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

822754 - CVE-2012-2372 kernel: rds-ping cause kernel panic
853465 - CVE-2012-3552 kernel: net: slab corruption due to improper synchronization around inet->opt
869904 - CVE-2012-4508 kernel: ext4: AIO vs fallocate stale data exposure
870086 - CVE-2012-4535 kernel: xen: VCPU timer overflow leads to PCPU deadlock and host death-by-watchdog
870101 - CVE-2012-4537 kernel: xen: Memory mapping failure can crash Xen
874973 - net: WARN if struct ip_options was allocated directly by kmalloc [rhel-5.8.z]
877391 - CVE-2012-5513 kernel: xen: XENMEM_exchange may overwrite hypervisor memory

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-308.24.1.el5.src.rpm

i386:
kernel-2.6.18-308.24.1.el5.i686.rpm
kernel-PAE-2.6.18-308.24.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-308.24.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-308.24.1.el5.i686.rpm
kernel-debug-2.6.18-308.24.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-308.24.1.el5.i686.rpm
kernel-debug-devel-2.6.18-308.24.1.el5.i686.rpm
kernel-debuginfo-2.6.18-308.24.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-308.24.1.el5.i686.rpm
kernel-devel-2.6.18-308.24.1.el5.i686.rpm
kernel-headers-2.6.18-308.24.1.el5.i386.rpm
kernel-xen-2.6.18-308.24.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-308.24.1.el5.i686.rpm
kernel-xen-devel-2.6.18-308.24.1.el5.i686.rpm

noarch:
kernel-doc-2.6.18-308.24.1.el5.noarch.rpm

x86_64:
kernel-2.6.18-308.24.1.el5.x86_64.rpm
kernel-debug-2.6.18-308.24.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-308.24.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-308.24.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-308.24.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-308.24.1.el5.x86_64.rpm
kernel-devel-2.6.18-308.24.1.el5.x86_64.rpm
kernel-headers-2.6.18-308.24.1.el5.x86_64.rpm
kernel-xen-2.6.18-308.24.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-308.24.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-308.24.1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-308.24.1.el5.src.rpm

i386:
kernel-2.6.18-308.24.1.el5.i686.rpm
kernel-PAE-2.6.18-308.24.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-308.24.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-308.24.1.el5.i686.rpm
kernel-debug-2.6.18-308.24.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-308.24.1.el5.i686.rpm
kernel-debug-devel-2.6.18-308.24.1.el5.i686.rpm
kernel-debuginfo-2.6.18-308.24.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-308.24.1.el5.i686.rpm
kernel-devel-2.6.18-308.24.1.el5.i686.rpm
kernel-headers-2.6.18-308.24.1.el5.i386.rpm
kernel-xen-2.6.18-308.24.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-308.24.1.el5.i686.rpm
kernel-xen-devel-2.6.18-308.24.1.el5.i686.rpm

ia64:
kernel-2.6.18-308.24.1.el5.ia64.rpm
kernel-debug-2.6.18-308.24.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-308.24.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-308.24.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-308.24.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-308.24.1.el5.ia64.rpm
kernel-devel-2.6.18-308.24.1.el5.ia64.rpm
kernel-headers-2.6.18-308.24.1.el5.ia64.rpm
kernel-xen-2.6.18-308.24.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-308.24.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-308.24.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-308.24.1.el5.noarch.rpm

ppc:
kernel-2.6.18-308.24.1.el5.ppc64.rpm
kernel-debug-2.6.18-308.24.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-308.24.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-308.24.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-308.24.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-308.24.1.el5.ppc64.rpm
kernel-devel-2.6.18-308.24.1.el5.ppc64.rpm
kernel-headers-2.6.18-308.24.1.el5.ppc.rpm
kernel-headers-2.6.18-308.24.1.el5.ppc64.rpm
kernel-kdump-2.6.18-308.24.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-308.24.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-308.24.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-308.24.1.el5.s390x.rpm
kernel-debug-2.6.18-308.24.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-308.24.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-308.24.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-308.24.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-308.24.1.el5.s390x.rpm
kernel-devel-2.6.18-308.24.1.el5.s390x.rpm
kernel-headers-2.6.18-308.24.1.el5.s390x.rpm
kernel-kdump-2.6.18-308.24.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-308.24.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-308.24.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-308.24.1.el5.x86_64.rpm
kernel-debug-2.6.18-308.24.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-308.24.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-308.24.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-308.24.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-308.24.1.el5.x86_64.rpm
kernel-devel-2.6.18-308.24.1.el5.x86_64.rpm
kernel-headers-2.6.18-308.24.1.el5.x86_64.rpm
kernel-xen-2.6.18-308.24.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-308.24.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-308.24.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2012-2372.html
https://www.redhat.com/security/data/cve/CVE-2012-3552.html
https://www.redhat.com/security/data/cve/CVE-2012-4508.html
https://www.redhat.com/security/data/cve/CVE-2012-4535.html
https://www.redhat.com/security/data/cve/CVE-2012-4537.html
https://www.redhat.com/security/data/cve/CVE-2012-5513.html
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
[RHSA-2012:1491-01] Important: kernel-rt security and bug fix update
=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2012:1491-01
Product: Red Hat Enterprise MRG for RHEL-6
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1491.html
Issue date: 2012-12-04
CVE Names: CVE-2012-0957 CVE-2012-2133 CVE-2012-3400
CVE-2012-3430 CVE-2012-3511 CVE-2012-3520
CVE-2012-4508 CVE-2012-4565
=====================================================================

1. Summary:

Updated kernel-rt packages that fix several security issues and multiple
bugs are now available for Red Hat Enterprise MRG 2.2.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64

3. Description:

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A flaw was found in the way Netlink messages without SCM_CREDENTIALS
(used for authentication) data set were handled. When not explicitly set,
the data was sent but with all values set to 0, including the process ID
and user ID, causing the Netlink message to appear as if it were sent with
root privileges. A local, unprivileged user could use this flaw to send
spoofed Netlink messages to an application, possibly resulting in the
application performing privileged operations if it relied on
SCM_CREDENTIALS data for the authentication of Netlink messages.
(CVE-2012-3520, Important)

* A race condition was found in the way asynchronous I/O and fallocate()
interacted when using the ext4 file system. A local, unprivileged user
could use this flaw to expose random data from an extent whose data blocks
have not yet been written, and thus contain data from a deleted file.
(CVE-2012-4508, Important)

* A use-after-free flaw was found in the Linux kernel's memory management
subsystem in the way quota handling for huge pages was performed. A local,
unprivileged user could use this flaw to cause a denial of service or,
potentially, escalate their privileges. (CVE-2012-2133, Moderate)

* A use-after-free flaw was found in the madvise() system call
implementation in the Linux kernel. A local, unprivileged user could use
this flaw to cause a denial of service or, potentially, escalate their
privileges. (CVE-2012-3511, Moderate)

* A divide-by-zero flaw was found in the TCP Illinois congestion control
algorithm implementation in the Linux kernel. If the TCP Illinois
congestion control algorithm were in use (the sysctl
net.ipv4.tcp_congestion_control variable set to "illinois"), a local,
unprivileged user could trigger this flaw and cause a denial of service.
(CVE-2012-4565, Moderate)

* An information leak flaw was found in the uname() system call
implementation in the Linux kernel. A local, unprivileged user could use
this flaw to leak kernel stack memory to user-space by setting the UNAME26
personality and then calling the uname() system call. (CVE-2012-0957, Low)

* Buffer overflow flaws were found in the udf_load_logicalvol() function in
the Universal Disk Format (UDF) file system implementation in the Linux
kernel. An attacker with physical access to a system could use these flaws
to cause a denial of service or escalate their privileges. (CVE-2012-3400,
Low)

* A flaw was found in the way the msg_namelen variable in the rds_recvmsg()
function of the Linux kernel's Reliable Datagram Sockets (RDS) protocol
implementation was initialized. A local, unprivileged user could use this
flaw to leak kernel stack memory to user-space. (CVE-2012-3430, Low)

Red Hat would like to thank Pablo Neira Ayuso for reporting CVE-2012-3520;
Theodore Ts'o for reporting CVE-2012-4508; Shachar Raindel for reporting
CVE-2012-2133; and Kees Cook for reporting CVE-2012-0957. Upstream
acknowledges Dmitry Monakhov as the original reporter of CVE-2012-4508. The
CVE-2012-4565 issue was discovered by Rodrigo Freire of Red Hat, and the
CVE-2012-3430 issue was discovered by the Red Hat InfiniBand team.

This update also fixes multiple bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which upgrade the kernel-rt
kernel to version kernel-rt-3.2.33-rt50, and correct these issues. The
system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

817430 - CVE-2012-2133 kernel: use after free bug in "quota" handling
820039 - CVE-2012-3430 kernel: recv{from,msg}() on an rds socket can leak kernel memory
843130 - RFE kernel: net: mitigate blind reset attacks using RST and SYN bits
843139 - CVE-2012-3400 kernel: udf: buffer overflow when parsing sparing table
849734 - CVE-2012-3511 kernel: mm: use-after-free in madvise_remove()
850449 - CVE-2012-3520 kernel: af_netlink: invalid handling of SCM_CREDENTIALS passing
856243 - kernel-rt-debug potential deadlock
859226 - iptables and other tools unable to log to rsyslog
862877 - CVE-2012-0957 kernel: uts: stack memory leak in UNAME26
864568 - Rebase MRG Realtime kernel to latest upstream 3.2 stable RT release
869904 - CVE-2012-4508 kernel: ext4: AIO vs fallocate stale data exposure
871848 - CVE-2012-4565 kernel: net: divide by zero in tcp algorithm illinois

6. Package List:

MRG Realtime for RHEL 6 Server v.2:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/kernel-rt-3.2.33-rt50.66.el6rt.src.rpm

noarch:
kernel-rt-doc-3.2.33-rt50.66.el6rt.noarch.rpm
kernel-rt-firmware-3.2.33-rt50.66.el6rt.noarch.rpm
mrg-rt-release-3.2.33-rt50.66.el6rt.noarch.rpm

x86_64:
kernel-rt-3.2.33-rt50.66.el6rt.x86_64.rpm
kernel-rt-debug-3.2.33-rt50.66.el6rt.x86_64.rpm
kernel-rt-debug-debuginfo-3.2.33-rt50.66.el6rt.x86_64.rpm
kernel-rt-debug-devel-3.2.33-rt50.66.el6rt.x86_64.rpm
kernel-rt-debuginfo-3.2.33-rt50.66.el6rt.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.2.33-rt50.66.el6rt.x86_64.rpm
kernel-rt-devel-3.2.33-rt50.66.el6rt.x86_64.rpm
kernel-rt-trace-3.2.33-rt50.66.el6rt.x86_64.rpm
kernel-rt-trace-debuginfo-3.2.33-rt50.66.el6rt.x86_64.rpm
kernel-rt-trace-devel-3.2.33-rt50.66.el6rt.x86_64.rpm
kernel-rt-vanilla-3.2.33-rt50.66.el6rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-3.2.33-rt50.66.el6rt.x86_64.rpm
kernel-rt-vanilla-devel-3.2.33-rt50.66.el6rt.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2012-0957.html
https://www.redhat.com/security/data/cve/CVE-2012-2133.html
https://www.redhat.com/security/data/cve/CVE-2012-3400.html
https://www.redhat.com/security/data/cve/CVE-2012-3430.html
https://www.redhat.com/security/data/cve/CVE-2012-3511.html
https://www.redhat.com/security/data/cve/CVE-2012-3520.html
https://www.redhat.com/security/data/cve/CVE-2012-4508.html
https://www.redhat.com/security/data/cve/CVE-2012-4565.html
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/sec-Red_Hat_Enterprise_Linux_6.html#RHSA-2012-1491

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.