FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Enterprise Watch List

 
 
LinkBack Thread Tools
 
Old 09-06-2011, 10:32 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2011:1212-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1212.html
Issue date: 2011-09-06
CVE Names: CVE-2011-2482 CVE-2011-2491 CVE-2011-2495
CVE-2011-2517 CVE-2011-2519 CVE-2011-2901
================================================== ===================

1. Summary:

Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A NULL pointer dereference flaw was found in the Linux kernel's Stream
Control Transmission Protocol (SCTP) implementation. A remote attacker
could send a specially-crafted SCTP packet to a target system, resulting in
a denial of service. (CVE-2011-2482, Important)

* A flaw in the Linux kernel's client-side NFS Lock Manager (NLM)
implementation could allow a local, unprivileged user to cause a denial of
service. (CVE-2011-2491, Important)

* Buffer overflow flaws in the Linux kernel's netlink-based wireless
configuration interface implementation could allow a local user, who has
the CAP_NET_ADMIN capability, to cause a denial of service or escalate
their privileges on systems that have an active wireless interface.
(CVE-2011-2517, Important)

* A flaw was found in the way the Linux kernel's Xen hypervisor
implementation emulated the SAHF instruction. When using a
fully-virtualized guest on a host that does not use hardware assisted
paging (HAP), such as those running CPUs that do not have support for (or
those that have it disabled) Intel Extended Page Tables (EPT) or AMD
Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged
guest user could trigger this flaw to cause the hypervisor to crash.
(CVE-2011-2519, Moderate)

* An off-by-one flaw was found in the __addr_ok() macro in the Linux
kernel's Xen hypervisor implementation when running on 64-bit systems. A
privileged guest user could trigger this flaw to cause the hypervisor to
crash. (CVE-2011-2901, Moderate)

* /proc/[PID]/io is world-readable by default. Previously, these files
could be read without any further restrictions. A local, unprivileged user
could read these files, belonging to other, possibly privileged processes
to gather confidential information, such as the length of a password used
in a process. (CVE-2011-2495, Low)

Red Hat would like to thank Vasily Averin for reporting CVE-2011-2491, and
Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.

This update also fixes several bugs. Documentation for these bug fixes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues, and fix the bugs noted in the Technical
Notes. The system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

709393 - CVE-2011-2491 kernel: rpc task leak after flock()ing NFS share
712885 - RHEL6.1 32bit xen hvm guest crash randomly
714867 - CVE-2011-2482 kernel: sctp dos
716825 - CVE-2011-2495 kernel: /proc/PID/io infoleak
718152 - CVE-2011-2517 kernel: nl80211: missing check for valid SSID size in scan operations
718882 - CVE-2011-2519 kernel: xen: x86_emulate: fix SAHF emulation
727590 - [xfs] mis-sized O_DIRECT I/O results in hung task timeouts [rhel-5.7.z]
727835 - xfs_error_report() oops when passed-in mp is NULL [rhel-5.7.z]
728042 - CVE-2011-2901 kernel: xen: off-by-one shift in x86_64 __addr_ok()

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-274.3.1.el5.src.rpm

i386:
kernel-2.6.18-274.3.1.el5.i686.rpm
kernel-PAE-2.6.18-274.3.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-274.3.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-274.3.1.el5.i686.rpm
kernel-debug-2.6.18-274.3.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-274.3.1.el5.i686.rpm
kernel-debug-devel-2.6.18-274.3.1.el5.i686.rpm
kernel-debuginfo-2.6.18-274.3.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-274.3.1.el5.i686.rpm
kernel-devel-2.6.18-274.3.1.el5.i686.rpm
kernel-headers-2.6.18-274.3.1.el5.i386.rpm
kernel-xen-2.6.18-274.3.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-274.3.1.el5.i686.rpm
kernel-xen-devel-2.6.18-274.3.1.el5.i686.rpm

noarch:
kernel-doc-2.6.18-274.3.1.el5.noarch.rpm

x86_64:
kernel-2.6.18-274.3.1.el5.x86_64.rpm
kernel-debug-2.6.18-274.3.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-274.3.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-274.3.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-274.3.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-274.3.1.el5.x86_64.rpm
kernel-devel-2.6.18-274.3.1.el5.x86_64.rpm
kernel-headers-2.6.18-274.3.1.el5.x86_64.rpm
kernel-xen-2.6.18-274.3.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-274.3.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-274.3.1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-274.3.1.el5.src.rpm

i386:
kernel-2.6.18-274.3.1.el5.i686.rpm
kernel-PAE-2.6.18-274.3.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-274.3.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-274.3.1.el5.i686.rpm
kernel-debug-2.6.18-274.3.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-274.3.1.el5.i686.rpm
kernel-debug-devel-2.6.18-274.3.1.el5.i686.rpm
kernel-debuginfo-2.6.18-274.3.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-274.3.1.el5.i686.rpm
kernel-devel-2.6.18-274.3.1.el5.i686.rpm
kernel-headers-2.6.18-274.3.1.el5.i386.rpm
kernel-xen-2.6.18-274.3.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-274.3.1.el5.i686.rpm
kernel-xen-devel-2.6.18-274.3.1.el5.i686.rpm

ia64:
kernel-2.6.18-274.3.1.el5.ia64.rpm
kernel-debug-2.6.18-274.3.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-274.3.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-274.3.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-274.3.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-274.3.1.el5.ia64.rpm
kernel-devel-2.6.18-274.3.1.el5.ia64.rpm
kernel-headers-2.6.18-274.3.1.el5.ia64.rpm
kernel-xen-2.6.18-274.3.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-274.3.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-274.3.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-274.3.1.el5.noarch.rpm

ppc:
kernel-2.6.18-274.3.1.el5.ppc64.rpm
kernel-debug-2.6.18-274.3.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-274.3.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-274.3.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-274.3.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-274.3.1.el5.ppc64.rpm
kernel-devel-2.6.18-274.3.1.el5.ppc64.rpm
kernel-headers-2.6.18-274.3.1.el5.ppc.rpm
kernel-headers-2.6.18-274.3.1.el5.ppc64.rpm
kernel-kdump-2.6.18-274.3.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-274.3.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-274.3.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-274.3.1.el5.s390x.rpm
kernel-debug-2.6.18-274.3.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-274.3.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-274.3.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-274.3.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-274.3.1.el5.s390x.rpm
kernel-devel-2.6.18-274.3.1.el5.s390x.rpm
kernel-headers-2.6.18-274.3.1.el5.s390x.rpm
kernel-kdump-2.6.18-274.3.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-274.3.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-274.3.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-274.3.1.el5.x86_64.rpm
kernel-debug-2.6.18-274.3.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-274.3.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-274.3.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-274.3.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-274.3.1.el5.x86_64.rpm
kernel-devel-2.6.18-274.3.1.el5.x86_64.rpm
kernel-headers-2.6.18-274.3.1.el5.x86_64.rpm
kernel-xen-2.6.18-274.3.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-274.3.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-274.3.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-2482.html
https://www.redhat.com/security/data/cve/CVE-2011-2491.html
https://www.redhat.com/security/data/cve/CVE-2011-2495.html
https://www.redhat.com/security/data/cve/CVE-2011-2517.html
https://www.redhat.com/security/data/cve/CVE-2011-2519.html
https://www.redhat.com/security/data/cve/CVE-2011-2901.html
https://access.redhat.com/security/updates/classification/#important
https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/kernel.html#RHSA-2011-1212

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFOZp97XlSAg2UNWIIRAl6HAJ448Y45tpukFIai3463Z+ ttCEzm/gCgv9PX
0jTLTpYmehlHG6s+bVc/ipQ=
=ndTX
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 11-22-2011, 03:50 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2011:1465-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1465.html
Issue date: 2011-11-22
CVE Names: CVE-2011-1162 CVE-2011-1577 CVE-2011-2494
CVE-2011-2699 CVE-2011-2905 CVE-2011-3188
CVE-2011-3191 CVE-2011-3353 CVE-2011-3359
CVE-2011-3363 CVE-2011-3593 CVE-2011-4326
================================================== ===================

1. Summary:

Updated kernel packages that fix multiple security issues and various bugs
are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* IPv6 fragment identification value generation could allow a remote
attacker to disrupt a target system's networking, preventing legitimate
users from accessing its services. (CVE-2011-2699, Important)

* A signedness issue was found in the Linux kernel's CIFS (Common Internet
File System) implementation. A malicious CIFS server could send a
specially-crafted response to a directory read request that would result in
a denial of service or privilege escalation on a system that has a CIFS
share mounted. (CVE-2011-3191, Important)

* A flaw was found in the way the Linux kernel handled fragmented IPv6 UDP
datagrams over the bridge with UDP Fragmentation Offload (UFO)
functionality on. A remote attacker could use this flaw to cause a denial
of service. (CVE-2011-4326, Important)

* The way IPv4 and IPv6 protocol sequence numbers and fragment IDs were
generated could allow a man-in-the-middle attacker to inject packets and
possibly hijack connections. Protocol sequence numbers and fragment IDs are
now more random. (CVE-2011-3188, Moderate)

* A buffer overflow flaw was found in the Linux kernel's FUSE (Filesystem
in Userspace) implementation. A local user in the fuse group who has access
to mount a FUSE file system could use this flaw to cause a denial of
service. (CVE-2011-3353, Moderate)

* A flaw was found in the b43 driver in the Linux kernel. If a system had
an active wireless interface that uses the b43 driver, an attacker able to
send a specially-crafted frame to that interface could cause a denial of
service. (CVE-2011-3359, Moderate)

* A flaw was found in the way CIFS shares with DFS referrals at their root
were handled. An attacker on the local network who is able to deploy a
malicious CIFS server could create a CIFS network share that, when mounted,
would cause the client system to crash. (CVE-2011-3363, Moderate)

* A flaw was found in the way the Linux kernel handled VLAN 0 frames with
the priority tag set. When using certain network drivers, an attacker on
the local network could use this flaw to cause a denial of service.
(CVE-2011-3593, Moderate)

* A flaw in the way memory containing security-related data was handled in
tpm_read() could allow a local, unprivileged user to read the results of a
previously run TPM command. (CVE-2011-1162, Low)

* A heap overflow flaw was found in the Linux kernel's EFI GUID Partition
Table (GPT) implementation. A local attacker could use this flaw to cause
a denial of service by mounting a disk that contains specially-crafted
partition tables. (CVE-2011-1577, Low)

* The I/O statistics from the taskstats subsystem could be read without
any restrictions. A local, unprivileged user could use this flaw to gather
confidential information, such as the length of a password used in a
process. (CVE-2011-2494, Low)

* It was found that the perf tool, a part of the Linux kernel's Performance
Events implementation, could load its configuration file from the current
working directory. If a local user with access to the perf tool were
tricked into running perf in a directory that contains a specially-crafted
configuration file, it could cause perf to overwrite arbitrary files and
directories accessible to that user. (CVE-2011-2905, Low)

Red Hat would like to thank Fernando Gont for reporting CVE-2011-2699;
Darren Lavender for reporting CVE-2011-3191; Dan Kaminsky for reporting
CVE-2011-3188; Yogesh Sharma for reporting CVE-2011-3363; Gideon Naim for
reporting CVE-2011-3593; Peter Huewe for reporting CVE-2011-1162; Timo
Warns for reporting CVE-2011-1577; and Vasiliy Kulikov of Openwall for
reporting CVE-2011-2494.

This update also fixes various bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.

4. Solution:

Users should upgrade to these updated packages, which contain
backported patches to correct these issues, and fix the bugs noted in
the Technical Notes. The system must be rebooted for this update to
take effect.

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

695976 - CVE-2011-1577 kernel: corrupted GUID partition tables can cause kernel oops
716842 - CVE-2011-2494 kernel: taskstats io infoleak
723429 - CVE-2011-2699 kernel: ipv6: make fragment identifications less predictable
729808 - CVE-2011-2905 kernel: perf tools: may parse user-controlled configuration file
732629 - CVE-2011-1162 kernel: tpm: infoleak
732658 - CVE-2011-3188 kernel: net: improve sequence number generation
732869 - CVE-2011-3191 kernel: cifs: signedness issue in CIFSFindNext()
736761 - CVE-2011-3353 kernel: fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message
738202 - CVE-2011-3359 kernel: b43: allocate receive buffers big enough for max frame len + offset
738291 - CVE-2011-3363 kernel: cifs: always do is_path_accessible check in cifs_mount
740352 - make guest mode entry to be rcu quiescent state [rhel-6.1.z]
741166 - enclosure fix [rhel-6.1.z]
742846 - CVE-2011-3593 kernel: vlan: fix panic when handling priority tagged frames
743807 - igb: failed to activate WOL on 2nd LAN port on i350 [rhel-6.1.z]
744811 - Non-responsive scsi target leads to excessive scsi recovery and dm-mp failover time [rhel-6.1.z]
748808 - Host got crash when guest running netperf client with UDP_STREAM protocol with IPV6 [rhel-6.1.z]
755584 - CVE-2011-4326 kernel: wrong headroom check in udp6_ufo_fragment()

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-131.21.1.el6.src.rpm

i386:
kernel-2.6.32-131.21.1.el6.i686.rpm
kernel-debug-2.6.32-131.21.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-131.21.1.el6.i686.rpm
kernel-debug-devel-2.6.32-131.21.1.el6.i686.rpm
kernel-debuginfo-2.6.32-131.21.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-131.21.1.el6.i686.rpm
kernel-devel-2.6.32-131.21.1.el6.i686.rpm
kernel-headers-2.6.32-131.21.1.el6.i686.rpm
perf-2.6.32-131.21.1.el6.i686.rpm
perf-debuginfo-2.6.32-131.21.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-131.21.1.el6.noarch.rpm
kernel-firmware-2.6.32-131.21.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-131.21.1.el6.x86_64.rpm
kernel-debug-2.6.32-131.21.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-131.21.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-131.21.1.el6.x86_64.rpm
kernel-devel-2.6.32-131.21.1.el6.x86_64.rpm
kernel-headers-2.6.32-131.21.1.el6.x86_64.rpm
perf-2.6.32-131.21.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-131.21.1.el6.src.rpm

noarch:
kernel-doc-2.6.32-131.21.1.el6.noarch.rpm
kernel-firmware-2.6.32-131.21.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-131.21.1.el6.x86_64.rpm
kernel-debug-2.6.32-131.21.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-131.21.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-131.21.1.el6.x86_64.rpm
kernel-devel-2.6.32-131.21.1.el6.x86_64.rpm
kernel-headers-2.6.32-131.21.1.el6.x86_64.rpm
perf-2.6.32-131.21.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-131.21.1.el6.src.rpm

i386:
kernel-2.6.32-131.21.1.el6.i686.rpm
kernel-debug-2.6.32-131.21.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-131.21.1.el6.i686.rpm
kernel-debug-devel-2.6.32-131.21.1.el6.i686.rpm
kernel-debuginfo-2.6.32-131.21.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-131.21.1.el6.i686.rpm
kernel-devel-2.6.32-131.21.1.el6.i686.rpm
kernel-headers-2.6.32-131.21.1.el6.i686.rpm
perf-2.6.32-131.21.1.el6.i686.rpm
perf-debuginfo-2.6.32-131.21.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-131.21.1.el6.noarch.rpm
kernel-firmware-2.6.32-131.21.1.el6.noarch.rpm

ppc64:
kernel-2.6.32-131.21.1.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-131.21.1.el6.ppc64.rpm
kernel-debug-2.6.32-131.21.1.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-131.21.1.el6.ppc64.rpm
kernel-debug-devel-2.6.32-131.21.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-131.21.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-131.21.1.el6.ppc64.rpm
kernel-devel-2.6.32-131.21.1.el6.ppc64.rpm
kernel-headers-2.6.32-131.21.1.el6.ppc64.rpm
perf-2.6.32-131.21.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-131.21.1.el6.ppc64.rpm

s390x:
kernel-2.6.32-131.21.1.el6.s390x.rpm
kernel-debug-2.6.32-131.21.1.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-131.21.1.el6.s390x.rpm
kernel-debug-devel-2.6.32-131.21.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-131.21.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-131.21.1.el6.s390x.rpm
kernel-devel-2.6.32-131.21.1.el6.s390x.rpm
kernel-headers-2.6.32-131.21.1.el6.s390x.rpm
kernel-kdump-2.6.32-131.21.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-131.21.1.el6.s390x.rpm
kernel-kdump-devel-2.6.32-131.21.1.el6.s390x.rpm
perf-2.6.32-131.21.1.el6.s390x.rpm
perf-debuginfo-2.6.32-131.21.1.el6.s390x.rpm

x86_64:
kernel-2.6.32-131.21.1.el6.x86_64.rpm
kernel-debug-2.6.32-131.21.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-131.21.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-131.21.1.el6.x86_64.rpm
kernel-devel-2.6.32-131.21.1.el6.x86_64.rpm
kernel-headers-2.6.32-131.21.1.el6.x86_64.rpm
perf-2.6.32-131.21.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-131.21.1.el6.src.rpm

i386:
kernel-2.6.32-131.21.1.el6.i686.rpm
kernel-debug-2.6.32-131.21.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-131.21.1.el6.i686.rpm
kernel-debug-devel-2.6.32-131.21.1.el6.i686.rpm
kernel-debuginfo-2.6.32-131.21.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-131.21.1.el6.i686.rpm
kernel-devel-2.6.32-131.21.1.el6.i686.rpm
kernel-headers-2.6.32-131.21.1.el6.i686.rpm
perf-2.6.32-131.21.1.el6.i686.rpm
perf-debuginfo-2.6.32-131.21.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-131.21.1.el6.noarch.rpm
kernel-firmware-2.6.32-131.21.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-131.21.1.el6.x86_64.rpm
kernel-debug-2.6.32-131.21.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-131.21.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-131.21.1.el6.x86_64.rpm
kernel-devel-2.6.32-131.21.1.el6.x86_64.rpm
kernel-headers-2.6.32-131.21.1.el6.x86_64.rpm
perf-2.6.32-131.21.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-131.21.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-1162.html
https://www.redhat.com/security/data/cve/CVE-2011-1577.html
https://www.redhat.com/security/data/cve/CVE-2011-2494.html
https://www.redhat.com/security/data/cve/CVE-2011-2699.html
https://www.redhat.com/security/data/cve/CVE-2011-2905.html
https://www.redhat.com/security/data/cve/CVE-2011-3188.html
https://www.redhat.com/security/data/cve/CVE-2011-3191.html
https://www.redhat.com/security/data/cve/CVE-2011-3353.html
https://www.redhat.com/security/data/cve/CVE-2011-3359.html
https://www.redhat.com/security/data/cve/CVE-2011-3363.html
https://www.redhat.com/security/data/cve/CVE-2011-3593.html
https://www.redhat.com/security/data/cve/CVE-2011-4326.html
https://access.redhat.com/security/updates/classification/#important
https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.1_Technical_Notes/kernel.html#RHSA-2011-1465

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFOy9KxXlSAg2UNWIIRApHRAKCrfJt7aIrWnGPf3TwUZK tul/8YUgCgtpZE
l5BuL6rArAsWl76KlBJjWFw=
=0G9b
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 12-13-2011, 09:08 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2011:1813-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1813.html
Issue date: 2011-12-13
CVE Names: CVE-2011-2482 CVE-2011-2491 CVE-2011-2495
CVE-2011-2517 CVE-2011-2519 CVE-2011-2901
================================================== ===================

1. Summary:

Updated kernel packages that fix several security issues and various bugs
are now available for Red Hat Enterprise Linux 5.6 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, noarch, ppc, s390x, x86_64

3. Description:

These packages contain the Linux kernel.

This update fixes the following security issues:

* A flaw in the Stream Control Transmission Protocol (SCTP) implementation
could allow a remote attacker to cause a denial of service by sending a
specially-crafted SCTP packet to a target system. (CVE-2011-2482,
Important)

If you do not run applications that use SCTP, you can prevent the sctp
module from being loaded by adding the following to the end of the
"/etc/modprobe.d/blacklist.conf" file:

blacklist sctp

This way, the sctp module cannot be loaded accidentally, which may occur
if an application that requires SCTP is started. A reboot is not necessary
for this change to take effect.

* A flaw in the client-side NFS Lock Manager (NLM) implementation could
allow a local, unprivileged user to cause a denial of service.
(CVE-2011-2491, Important)

* Flaws in the netlink-based wireless configuration interface could allow
a local user, who has the CAP_NET_ADMIN capability, to cause a denial of
service or escalate their privileges on systems that have an active
wireless interface. (CVE-2011-2517, Important)

* A flaw was found in the way the Linux kernel's Xen hypervisor
implementation emulated the SAHF instruction. When using a
fully-virtualized guest on a host that does not use hardware assisted
paging (HAP), such as those running CPUs that do not have support for (or
those that have it disabled) Intel Extended Page Tables (EPT) or AMD
Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged
guest user could trigger this flaw to cause the hypervisor to crash.
(CVE-2011-2519, Moderate)

* A flaw in the __addr_ok() macro in the Linux kernel's Xen hypervisor
implementation when running on 64-bit systems could allow a privileged
guest user to crash the hypervisor. (CVE-2011-2901, Moderate)

* /proc/[PID]/io is world-readable by default. Previously, these files
could be read without any further restrictions. A local, unprivileged user
could read these files, belonging to other, possibly privileged processes
to gather confidential information, such as the length of a password used
in a process. (CVE-2011-2495, Low)

Red Hat would like to thank Vasily Averin for reporting CVE-2011-2491, and
Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.

This update also fixes the following bugs:

* On Broadcom PCI cards that use the tg3 driver, the operational state of a
network device, represented by the value in
"/sys/class/net/ethX/operstate", was not initialized by default.
Consequently, the state was reported as "unknown" when the tg3 network
device was actually in the "up" state. This update modifies the tg3 driver
to properly set the operstate value. (BZ#744699)

* A KVM (Kernel-based Virtual Machine) guest can get preempted by the host,
when a higher priority process needs to run. When a guest is not running
for several timer interrupts in a row, ticks could be lost, resulting in
the jiffies timer advancing slower than expected and timeouts taking longer
than expected. To correct for the issue of lost ticks,
do_timer_tsc_timekeeping() checks a reference clock source (kvm-clock when
running as a KVM guest) to see if timer interrupts have been missed. If so,
jiffies is incremented by the number of missed timer interrupts, ensuring
that programs are woken up on time. (BZ#747874)

* When a block device object was allocated, the bd_super field was not
being explicitly initialized to NULL. Previously, users of the block device
object could set bd_super to NULL when the object was released by calling
the kill_block_super() function. Certain third-party file systems do not
always use this function, and bd_super could therefore become uninitialized
when the object was allocated again. This could cause a kernel panic in the
blkdev_releasepage() function, when the uninitialized bd_super field was
dereferenced. Now, bd_super is properly initialized in the bdget()
function, and the kernel panic no longer occurs. (BZ#751137)

4. Solution:

Users should upgrade to these updated packages, which contain
backported patches to resolve these issues. The system must be
rebooted for this update to take effect.

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

709393 - CVE-2011-2491 kernel: rpc task leak after flock()ing NFS share
714867 - CVE-2011-2482 kernel: sctp dos
716825 - CVE-2011-2495 kernel: /proc/PID/io infoleak
718152 - CVE-2011-2517 kernel: nl80211: missing check for valid SSID size in scan operations
718882 - CVE-2011-2519 kernel: xen: x86_emulate: fix SAHF emulation
728042 - CVE-2011-2901 kernel: xen: off-by-one shift in x86_64 __addr_ok()

6. Package List:

Red Hat Enterprise Linux EUS (v. 5.6 server):

Source:
kernel-2.6.18-238.31.1.el5.src.rpm

i386:
kernel-2.6.18-238.31.1.el5.i686.rpm
kernel-PAE-2.6.18-238.31.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-238.31.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-238.31.1.el5.i686.rpm
kernel-debug-2.6.18-238.31.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-238.31.1.el5.i686.rpm
kernel-debug-devel-2.6.18-238.31.1.el5.i686.rpm
kernel-debuginfo-2.6.18-238.31.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-238.31.1.el5.i686.rpm
kernel-devel-2.6.18-238.31.1.el5.i686.rpm
kernel-headers-2.6.18-238.31.1.el5.i386.rpm
kernel-xen-2.6.18-238.31.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-238.31.1.el5.i686.rpm
kernel-xen-devel-2.6.18-238.31.1.el5.i686.rpm

ia64:
kernel-2.6.18-238.31.1.el5.ia64.rpm
kernel-debug-2.6.18-238.31.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-238.31.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-238.31.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-238.31.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-238.31.1.el5.ia64.rpm
kernel-devel-2.6.18-238.31.1.el5.ia64.rpm
kernel-headers-2.6.18-238.31.1.el5.ia64.rpm
kernel-xen-2.6.18-238.31.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-238.31.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-238.31.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-238.31.1.el5.noarch.rpm

ppc:
kernel-2.6.18-238.31.1.el5.ppc64.rpm
kernel-debug-2.6.18-238.31.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-238.31.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-238.31.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-238.31.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-238.31.1.el5.ppc64.rpm
kernel-devel-2.6.18-238.31.1.el5.ppc64.rpm
kernel-headers-2.6.18-238.31.1.el5.ppc.rpm
kernel-headers-2.6.18-238.31.1.el5.ppc64.rpm
kernel-kdump-2.6.18-238.31.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-238.31.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-238.31.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-238.31.1.el5.s390x.rpm
kernel-debug-2.6.18-238.31.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-238.31.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-238.31.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-238.31.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-238.31.1.el5.s390x.rpm
kernel-devel-2.6.18-238.31.1.el5.s390x.rpm
kernel-headers-2.6.18-238.31.1.el5.s390x.rpm
kernel-kdump-2.6.18-238.31.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-238.31.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-238.31.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-238.31.1.el5.x86_64.rpm
kernel-debug-2.6.18-238.31.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-238.31.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-238.31.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-238.31.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-238.31.1.el5.x86_64.rpm
kernel-devel-2.6.18-238.31.1.el5.x86_64.rpm
kernel-headers-2.6.18-238.31.1.el5.x86_64.rpm
kernel-xen-2.6.18-238.31.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-238.31.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-238.31.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-2482.html
https://www.redhat.com/security/data/cve/CVE-2011-2491.html
https://www.redhat.com/security/data/cve/CVE-2011-2495.html
https://www.redhat.com/security/data/cve/CVE-2011-2517.html
https://www.redhat.com/security/data/cve/CVE-2011-2519.html
https://www.redhat.com/security/data/cve/CVE-2011-2901.html
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFO58y+XlSAg2UNWIIRAvRlAKC0Qm0s8J9L86DbHpZvJx kh5tjOiwCeOHjb
MFFoSfPI/5HPPNKuMt6pwRw=
=eZIl
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 12-22-2011, 05:31 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2011:1849-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1849.html
Issue date: 2011-12-22
CVE Names: CVE-2011-4127
================================================== ===================

1. Summary:

Updated kernel packages that fix one security issue and various bugs are
now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security fix:

* Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM volumes
resulted in the requests being passed to the underlying block device. If a
privileged user only had access to a single partition or LVM volume, they
could use this flaw to bypass those restrictions and gain read and write
access (and be able to issue other SCSI commands) to the entire block
device.

In KVM (Kernel-based Virtual Machine) environments using raw format virtio
disks backed by a partition or LVM volume, a privileged guest user could
bypass intended restrictions and issue read and write requests (and other
SCSI commands) on the host, and possibly access the data of other guests
that reside on the same underlying block device. Partition-based and
LVM-based storage pools are not used by default. Refer to Red Hat Bugzilla
bug 752375 for further details and a mitigation script for users who cannot
apply this update immediately. (CVE-2011-4127, Important)

Bug fixes:

* Previously, idle load balancer kick requests from other CPUs could be
serviced without first receiving an inter-processor interrupt (IPI). This
could have led to a deadlock. (BZ#750459)

* This update fixes a performance regression that may have caused processes
(including KVM guests) to hang for a number of seconds. (BZ#751403)

* When md_raid1_unplug_device() was called while holding a spinlock, under
certain device failure conditions, it was possible for the lock to be
requested again, deeper in the call chain, causing a deadlock. Now,
md_raid1_unplug_device() is no longer called while holding a spinlock.
(BZ#755545)

* In hpet_next_event(), an interrupt could have occurred between the read
and write of the HPET (High Performance Event Timer) and the value of
HPET_COUNTER was then beyond that being written to the comparator
(HPET_Tn_CMP). Consequently, the timers were overdue for up to several
minutes. Now, a comparison is performed between the value of the counter
and the comparator in the HPET code. If the counter is beyond the
comparator, the "-ETIME" error code is returned. (BZ#756426)

* Index allocation in the virtio-blk module was based on a monotonically
increasing variable "index". Consequently, released indexes were not reused
and after a period of time, no new were available. Now, virtio-blk uses the
ida API to allocate indexes. (BZ#756427)

* A bug related to Context Caching existed in the Intel IOMMU support
module. On some newer Intel systems, the Context Cache mode has changed
from previous hardware versions, potentially exposing a Context coherency
race. The bug was exposed when performing a series of hot plug and unplug
operations of a Virtual Function network device which was immediately
configured into the network stack, i.e., successfully performed dynamic
host configuration protocol (DHCP). When the coherency race occurred, the
assigned device would not work properly in the guest virtual machine. With
this update, the Context coherency is corrected and the race and
potentially resulting device assignment failure no longer occurs.
(BZ#757671)

* The align_va_addr kernel parameter was ignored if secondary CPUs were
initialized. This happened because the parameter settings were overridden
during the initialization of secondary CPUs. Also, the align_va_addr
parameter documentation contained incorrect parameter arguments. With this
update, the underlying code has been modified to prevent the overriding and
the documentation has been updated. This update also removes the unused
code introduced by the patch for BZ#739456. (BZ#758028)

* Dell systems based on a future Intel processor with graphics acceleration
required the selection of the install system with basic video driver
installation option. This update removes this requirement. (BZ#758513)

4. Solution:

Users should upgrade to these updated packages, which contain
backported patches to resolve these issues. The system must be
rebooted for this update to take effect.

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

752375 - CVE-2011-4127 kernel: possible privilege escalation via SG_IO ioctl

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-220.2.1.el6.src.rpm

i386:
kernel-2.6.32-220.2.1.el6.i686.rpm
kernel-debug-2.6.32-220.2.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-220.2.1.el6.i686.rpm
kernel-debug-devel-2.6.32-220.2.1.el6.i686.rpm
kernel-debuginfo-2.6.32-220.2.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.2.1.el6.i686.rpm
kernel-devel-2.6.32-220.2.1.el6.i686.rpm
kernel-headers-2.6.32-220.2.1.el6.i686.rpm
perf-2.6.32-220.2.1.el6.i686.rpm
perf-debuginfo-2.6.32-220.2.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-220.2.1.el6.noarch.rpm
kernel-firmware-2.6.32-220.2.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debug-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.2.1.el6.x86_64.rpm
kernel-devel-2.6.32-220.2.1.el6.x86_64.rpm
kernel-headers-2.6.32-220.2.1.el6.x86_64.rpm
perf-2.6.32-220.2.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-220.2.1.el6.src.rpm

i386:
kernel-debug-debuginfo-2.6.32-220.2.1.el6.i686.rpm
kernel-debuginfo-2.6.32-220.2.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.2.1.el6.i686.rpm
perf-debuginfo-2.6.32-220.2.1.el6.i686.rpm
python-perf-2.6.32-220.2.1.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.2.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm
python-perf-2.6.32-220.2.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-220.2.1.el6.src.rpm

noarch:
kernel-doc-2.6.32-220.2.1.el6.noarch.rpm
kernel-firmware-2.6.32-220.2.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debug-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.2.1.el6.x86_64.rpm
kernel-devel-2.6.32-220.2.1.el6.x86_64.rpm
kernel-headers-2.6.32-220.2.1.el6.x86_64.rpm
perf-2.6.32-220.2.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-220.2.1.el6.src.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.2.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm
python-perf-2.6.32-220.2.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.2.1.el6.src.rpm

i386:
kernel-2.6.32-220.2.1.el6.i686.rpm
kernel-debug-2.6.32-220.2.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-220.2.1.el6.i686.rpm
kernel-debug-devel-2.6.32-220.2.1.el6.i686.rpm
kernel-debuginfo-2.6.32-220.2.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.2.1.el6.i686.rpm
kernel-devel-2.6.32-220.2.1.el6.i686.rpm
kernel-headers-2.6.32-220.2.1.el6.i686.rpm
perf-2.6.32-220.2.1.el6.i686.rpm
perf-debuginfo-2.6.32-220.2.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-220.2.1.el6.noarch.rpm
kernel-firmware-2.6.32-220.2.1.el6.noarch.rpm

ppc64:
kernel-2.6.32-220.2.1.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-220.2.1.el6.ppc64.rpm
kernel-debug-2.6.32-220.2.1.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-220.2.1.el6.ppc64.rpm
kernel-debug-devel-2.6.32-220.2.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-220.2.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-220.2.1.el6.ppc64.rpm
kernel-devel-2.6.32-220.2.1.el6.ppc64.rpm
kernel-headers-2.6.32-220.2.1.el6.ppc64.rpm
perf-2.6.32-220.2.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-220.2.1.el6.ppc64.rpm

s390x:
kernel-2.6.32-220.2.1.el6.s390x.rpm
kernel-debug-2.6.32-220.2.1.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-220.2.1.el6.s390x.rpm
kernel-debug-devel-2.6.32-220.2.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-220.2.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-220.2.1.el6.s390x.rpm
kernel-devel-2.6.32-220.2.1.el6.s390x.rpm
kernel-headers-2.6.32-220.2.1.el6.s390x.rpm
kernel-kdump-2.6.32-220.2.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-220.2.1.el6.s390x.rpm
kernel-kdump-devel-2.6.32-220.2.1.el6.s390x.rpm
perf-2.6.32-220.2.1.el6.s390x.rpm
perf-debuginfo-2.6.32-220.2.1.el6.s390x.rpm

x86_64:
kernel-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debug-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.2.1.el6.x86_64.rpm
kernel-devel-2.6.32-220.2.1.el6.x86_64.rpm
kernel-headers-2.6.32-220.2.1.el6.x86_64.rpm
perf-2.6.32-220.2.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.2.1.el6.src.rpm

i386:
kernel-debug-debuginfo-2.6.32-220.2.1.el6.i686.rpm
kernel-debuginfo-2.6.32-220.2.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.2.1.el6.i686.rpm
perf-debuginfo-2.6.32-220.2.1.el6.i686.rpm
python-perf-2.6.32-220.2.1.el6.i686.rpm

ppc64:
kernel-debug-debuginfo-2.6.32-220.2.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-220.2.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-220.2.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-220.2.1.el6.ppc64.rpm
python-perf-2.6.32-220.2.1.el6.ppc64.rpm

s390x:
kernel-debug-debuginfo-2.6.32-220.2.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-220.2.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-220.2.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-220.2.1.el6.s390x.rpm
perf-debuginfo-2.6.32-220.2.1.el6.s390x.rpm
python-perf-2.6.32-220.2.1.el6.s390x.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.2.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm
python-perf-2.6.32-220.2.1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-220.2.1.el6.src.rpm

i386:
kernel-2.6.32-220.2.1.el6.i686.rpm
kernel-debug-2.6.32-220.2.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-220.2.1.el6.i686.rpm
kernel-debug-devel-2.6.32-220.2.1.el6.i686.rpm
kernel-debuginfo-2.6.32-220.2.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.2.1.el6.i686.rpm
kernel-devel-2.6.32-220.2.1.el6.i686.rpm
kernel-headers-2.6.32-220.2.1.el6.i686.rpm
perf-2.6.32-220.2.1.el6.i686.rpm
perf-debuginfo-2.6.32-220.2.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-220.2.1.el6.noarch.rpm
kernel-firmware-2.6.32-220.2.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debug-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.2.1.el6.x86_64.rpm
kernel-devel-2.6.32-220.2.1.el6.x86_64.rpm
kernel-headers-2.6.32-220.2.1.el6.x86_64.rpm
perf-2.6.32-220.2.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-220.2.1.el6.src.rpm

i386:
kernel-debug-debuginfo-2.6.32-220.2.1.el6.i686.rpm
kernel-debuginfo-2.6.32-220.2.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.2.1.el6.i686.rpm
perf-debuginfo-2.6.32-220.2.1.el6.i686.rpm
python-perf-2.6.32-220.2.1.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.2.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.2.1.el6.x86_64.rpm
python-perf-2.6.32-220.2.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-4127.html
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=752375

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFO83c5XlSAg2UNWIIRAuJtAJ98txuaLKDJJVKyqeQYJG V/y1QzlACeM36i
agY8/kiZ0JVeCcy8lv3QU+g=
=9Owq
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 01-23-2012, 07:23 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2012:0052-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0052.html
Issue date: 2012-01-23
CVE Names: CVE-2012-0056
================================================== ===================

1. Summary:

Updated kernel packages that fix one security issue and three bugs are now
available for for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* It was found that permissions were not checked properly in the Linux
kernel when handling the /proc/[pid]/mem writing functionality. A local,
unprivileged user could use this flaw to escalate their privileges. Refer
to Red Hat Knowledgebase article DOC-69129, linked to in the References,
for further information. (CVE-2012-0056, Important)

Red Hat would like to thank Jüri Aedla for reporting this issue.

This update fixes the following bugs:

* The RHSA-2011:1849 kernel update introduced a bug in the Linux kernel
scheduler, causing a "WARNING: at kernel/sched.c:5915 thread_return"
message and a call trace to be logged. This message was harmless, and was
not due to any system malfunctions or adverse behavior. With this update,
the WARN_ON_ONCE() call in the scheduler that caused this harmless message
has been removed. (BZ#768288)

* The RHSA-2011:1530 kernel update introduced a regression in the way
the Linux kernel maps ELF headers for kernel modules into kernel memory.
If a third-party kernel module is compiled on a Red Hat Enterprise Linux
system with a kernel prior to RHSA-2011:1530, then loading that module on
a system with RHSA-2011:1530 kernel would result in corruption of one byte
in the memory reserved for the module. In some cases, this could prevent
the module from functioning correctly. (BZ#769595)

* On some SMP systems the tsc may erroneously be marked as unstable during
early system boot or while the system is under heavy load. A "Clocksource
tsc unstable" message was logged when this occurred. As a result the system
would switch to the slower access, but higher precision HPET clock.

The "tsc=reliable" kernel parameter is supposed to avoid this problem by
indicating that the system has a known good clock, however, the parameter
only affected run time checks. A fix has been put in to avoid the boot
time checks so that the TSC remains as the clock for the duration of
system runtime. (BZ#755867)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

782642 - CVE-2012-0056 kernel: proc: /proc/<pid>/mem mem_write insufficient permission checking

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-220.4.1.el6.src.rpm

i386:
kernel-2.6.32-220.4.1.el6.i686.rpm
kernel-debug-2.6.32-220.4.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-220.4.1.el6.i686.rpm
kernel-debug-devel-2.6.32-220.4.1.el6.i686.rpm
kernel-debuginfo-2.6.32-220.4.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.4.1.el6.i686.rpm
kernel-devel-2.6.32-220.4.1.el6.i686.rpm
kernel-headers-2.6.32-220.4.1.el6.i686.rpm
perf-2.6.32-220.4.1.el6.i686.rpm
perf-debuginfo-2.6.32-220.4.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-220.4.1.el6.noarch.rpm
kernel-firmware-2.6.32-220.4.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debug-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.4.1.el6.x86_64.rpm
kernel-devel-2.6.32-220.4.1.el6.x86_64.rpm
kernel-headers-2.6.32-220.4.1.el6.x86_64.rpm
perf-2.6.32-220.4.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-220.4.1.el6.src.rpm

i386:
kernel-debug-debuginfo-2.6.32-220.4.1.el6.i686.rpm
kernel-debuginfo-2.6.32-220.4.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.4.1.el6.i686.rpm
perf-debuginfo-2.6.32-220.4.1.el6.i686.rpm
python-perf-2.6.32-220.4.1.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.4.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm
python-perf-2.6.32-220.4.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-220.4.1.el6.src.rpm

noarch:
kernel-doc-2.6.32-220.4.1.el6.noarch.rpm
kernel-firmware-2.6.32-220.4.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debug-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.4.1.el6.x86_64.rpm
kernel-devel-2.6.32-220.4.1.el6.x86_64.rpm
kernel-headers-2.6.32-220.4.1.el6.x86_64.rpm
perf-2.6.32-220.4.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-220.4.1.el6.src.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.4.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm
python-perf-2.6.32-220.4.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.4.1.el6.src.rpm

i386:
kernel-2.6.32-220.4.1.el6.i686.rpm
kernel-debug-2.6.32-220.4.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-220.4.1.el6.i686.rpm
kernel-debug-devel-2.6.32-220.4.1.el6.i686.rpm
kernel-debuginfo-2.6.32-220.4.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.4.1.el6.i686.rpm
kernel-devel-2.6.32-220.4.1.el6.i686.rpm
kernel-headers-2.6.32-220.4.1.el6.i686.rpm
perf-2.6.32-220.4.1.el6.i686.rpm
perf-debuginfo-2.6.32-220.4.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-220.4.1.el6.noarch.rpm
kernel-firmware-2.6.32-220.4.1.el6.noarch.rpm

ppc64:
kernel-2.6.32-220.4.1.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-220.4.1.el6.ppc64.rpm
kernel-debug-2.6.32-220.4.1.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-220.4.1.el6.ppc64.rpm
kernel-debug-devel-2.6.32-220.4.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-220.4.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-220.4.1.el6.ppc64.rpm
kernel-devel-2.6.32-220.4.1.el6.ppc64.rpm
kernel-headers-2.6.32-220.4.1.el6.ppc64.rpm
perf-2.6.32-220.4.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-220.4.1.el6.ppc64.rpm

s390x:
kernel-2.6.32-220.4.1.el6.s390x.rpm
kernel-debug-2.6.32-220.4.1.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-220.4.1.el6.s390x.rpm
kernel-debug-devel-2.6.32-220.4.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-220.4.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-220.4.1.el6.s390x.rpm
kernel-devel-2.6.32-220.4.1.el6.s390x.rpm
kernel-headers-2.6.32-220.4.1.el6.s390x.rpm
kernel-kdump-2.6.32-220.4.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-220.4.1.el6.s390x.rpm
kernel-kdump-devel-2.6.32-220.4.1.el6.s390x.rpm
perf-2.6.32-220.4.1.el6.s390x.rpm
perf-debuginfo-2.6.32-220.4.1.el6.s390x.rpm

x86_64:
kernel-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debug-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.4.1.el6.x86_64.rpm
kernel-devel-2.6.32-220.4.1.el6.x86_64.rpm
kernel-headers-2.6.32-220.4.1.el6.x86_64.rpm
perf-2.6.32-220.4.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.4.1.el6.src.rpm

i386:
kernel-debug-debuginfo-2.6.32-220.4.1.el6.i686.rpm
kernel-debuginfo-2.6.32-220.4.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.4.1.el6.i686.rpm
perf-debuginfo-2.6.32-220.4.1.el6.i686.rpm
python-perf-2.6.32-220.4.1.el6.i686.rpm

ppc64:
kernel-debug-debuginfo-2.6.32-220.4.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-220.4.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-220.4.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-220.4.1.el6.ppc64.rpm
python-perf-2.6.32-220.4.1.el6.ppc64.rpm

s390x:
kernel-debug-debuginfo-2.6.32-220.4.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-220.4.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-220.4.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-220.4.1.el6.s390x.rpm
perf-debuginfo-2.6.32-220.4.1.el6.s390x.rpm
python-perf-2.6.32-220.4.1.el6.s390x.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.4.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm
python-perf-2.6.32-220.4.1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-220.4.1.el6.src.rpm

i386:
kernel-2.6.32-220.4.1.el6.i686.rpm
kernel-debug-2.6.32-220.4.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-220.4.1.el6.i686.rpm
kernel-debug-devel-2.6.32-220.4.1.el6.i686.rpm
kernel-debuginfo-2.6.32-220.4.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.4.1.el6.i686.rpm
kernel-devel-2.6.32-220.4.1.el6.i686.rpm
kernel-headers-2.6.32-220.4.1.el6.i686.rpm
perf-2.6.32-220.4.1.el6.i686.rpm
perf-debuginfo-2.6.32-220.4.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-220.4.1.el6.noarch.rpm
kernel-firmware-2.6.32-220.4.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debug-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.4.1.el6.x86_64.rpm
kernel-devel-2.6.32-220.4.1.el6.x86_64.rpm
kernel-headers-2.6.32-220.4.1.el6.x86_64.rpm
perf-2.6.32-220.4.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-220.4.1.el6.src.rpm

i386:
kernel-debug-debuginfo-2.6.32-220.4.1.el6.i686.rpm
kernel-debuginfo-2.6.32-220.4.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.4.1.el6.i686.rpm
perf-debuginfo-2.6.32-220.4.1.el6.i686.rpm
python-perf-2.6.32-220.4.1.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.4.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.4.1.el6.x86_64.rpm
python-perf-2.6.32-220.4.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2012-0056.html
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/kb/docs/DOC-69129

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPHcGTXlSAg2UNWIIRApQqAJ9/SpcEYh2K2lg06AunBWYR0APx6gCgsCvN
f6KkbVEmaTccoUJ6Q1w4Za0=
=Dfkr
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 02-09-2012, 03:48 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2012:0107-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0107.html
Issue date: 2012-02-09
CVE Names: CVE-2011-3638 CVE-2011-4086 CVE-2011-4127
CVE-2012-0028 CVE-2012-0207
================================================== ===================

1. Summary:

Updated kernel packages that fix multiple security issues and two bugs are
now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* Using the SG_IO ioctl to issue SCSI requests to partitions or LVM volumes
resulted in the requests being passed to the underlying block device. If a
privileged user only had access to a single partition or LVM volume, they
could use this flaw to bypass those restrictions and gain read and write
access (and be able to issue other SCSI commands) to the entire block
device. Refer to Red Hat Knowledgebase article DOC-67874, linked to in the
References, for further details about this issue. (CVE-2011-4127,
Important)

* A flaw was found in the way the Linux kernel handled robust list pointers
of user-space held futexes across exec() calls. A local, unprivileged user
could use this flaw to cause a denial of service or, eventually, escalate
their privileges. (CVE-2012-0028, Important)

* A flaw was found in the Linux kernel in the way splitting two extents in
ext4_ext_convert_to_initialized() worked. A local, unprivileged user with
the ability to mount and unmount ext4 file systems could use this flaw to
cause a denial of service. (CVE-2011-3638, Moderate)

* A flaw was found in the way the Linux kernel's journal_unmap_buffer()
function handled buffer head states. On systems that have an ext4 file
system with a journal mounted, a local, unprivileged user could use this
flaw to cause a denial of service. (CVE-2011-4086, Moderate)

* A divide-by-zero flaw was found in the Linux kernel's igmp_heard_query()
function. An attacker able to send certain IGMP (Internet Group Management
Protocol) packets to a target system could use this flaw to cause a denial
of service. (CVE-2012-0207, Moderate)

Red Hat would like to thank Zheng Liu for reporting CVE-2011-3638, and
Simon McVittie for reporting CVE-2012-0207.

This update also fixes the following bugs:

* When a host was in recovery mode and a SCSI scan operation was initiated,
the scan operation failed and provided no error output. This bug has been
fixed and the SCSI layer now waits for recovery of the host to complete
scan operations for devices. (BZ#772162)

* SG_IO ioctls were not implemented correctly in the Red Hat Enterprise
Linux 5 virtio-blk driver. Sending an SG_IO ioctl request to a virtio-blk
disk caused the sending thread to enter an uninterruptible sleep state ("D"
state). With this update, SG_IO ioctls are rejected by the virtio-blk
driver: the ioctl system call will simply return an ENOTTY ("Inappropriate
ioctl for device") error and the thread will continue normally. (BZ#773322)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

747942 - CVE-2011-3638 kernel: ext4: ext4_ext_insert_extent() kernel oops
749143 - CVE-2011-4086 kernel: jbd2: unmapped buffer with _Unwritten or _Delay flags set can lead to DoS
752375 - CVE-2011-4127 kernel: possible privilege escalation via SG_IO ioctl
771764 - CVE-2012-0028 kernel: futex: clear robust_list on execve
772867 - CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-274.18.1.el5.src.rpm

i386:
kernel-2.6.18-274.18.1.el5.i686.rpm
kernel-PAE-2.6.18-274.18.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-274.18.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-274.18.1.el5.i686.rpm
kernel-debug-2.6.18-274.18.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-274.18.1.el5.i686.rpm
kernel-debug-devel-2.6.18-274.18.1.el5.i686.rpm
kernel-debuginfo-2.6.18-274.18.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-274.18.1.el5.i686.rpm
kernel-devel-2.6.18-274.18.1.el5.i686.rpm
kernel-headers-2.6.18-274.18.1.el5.i386.rpm
kernel-xen-2.6.18-274.18.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-274.18.1.el5.i686.rpm
kernel-xen-devel-2.6.18-274.18.1.el5.i686.rpm

noarch:
kernel-doc-2.6.18-274.18.1.el5.noarch.rpm

x86_64:
kernel-2.6.18-274.18.1.el5.x86_64.rpm
kernel-debug-2.6.18-274.18.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-274.18.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-274.18.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-274.18.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-274.18.1.el5.x86_64.rpm
kernel-devel-2.6.18-274.18.1.el5.x86_64.rpm
kernel-headers-2.6.18-274.18.1.el5.x86_64.rpm
kernel-xen-2.6.18-274.18.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-274.18.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-274.18.1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-274.18.1.el5.src.rpm

i386:
kernel-2.6.18-274.18.1.el5.i686.rpm
kernel-PAE-2.6.18-274.18.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-274.18.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-274.18.1.el5.i686.rpm
kernel-debug-2.6.18-274.18.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-274.18.1.el5.i686.rpm
kernel-debug-devel-2.6.18-274.18.1.el5.i686.rpm
kernel-debuginfo-2.6.18-274.18.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-274.18.1.el5.i686.rpm
kernel-devel-2.6.18-274.18.1.el5.i686.rpm
kernel-headers-2.6.18-274.18.1.el5.i386.rpm
kernel-xen-2.6.18-274.18.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-274.18.1.el5.i686.rpm
kernel-xen-devel-2.6.18-274.18.1.el5.i686.rpm

ia64:
kernel-2.6.18-274.18.1.el5.ia64.rpm
kernel-debug-2.6.18-274.18.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-274.18.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-274.18.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-274.18.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-274.18.1.el5.ia64.rpm
kernel-devel-2.6.18-274.18.1.el5.ia64.rpm
kernel-headers-2.6.18-274.18.1.el5.ia64.rpm
kernel-xen-2.6.18-274.18.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-274.18.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-274.18.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-274.18.1.el5.noarch.rpm

ppc:
kernel-2.6.18-274.18.1.el5.ppc64.rpm
kernel-debug-2.6.18-274.18.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-274.18.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-274.18.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-274.18.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-274.18.1.el5.ppc64.rpm
kernel-devel-2.6.18-274.18.1.el5.ppc64.rpm
kernel-headers-2.6.18-274.18.1.el5.ppc.rpm
kernel-headers-2.6.18-274.18.1.el5.ppc64.rpm
kernel-kdump-2.6.18-274.18.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-274.18.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-274.18.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-274.18.1.el5.s390x.rpm
kernel-debug-2.6.18-274.18.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-274.18.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-274.18.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-274.18.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-274.18.1.el5.s390x.rpm
kernel-devel-2.6.18-274.18.1.el5.s390x.rpm
kernel-headers-2.6.18-274.18.1.el5.s390x.rpm
kernel-kdump-2.6.18-274.18.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-274.18.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-274.18.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-274.18.1.el5.x86_64.rpm
kernel-debug-2.6.18-274.18.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-274.18.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-274.18.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-274.18.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-274.18.1.el5.x86_64.rpm
kernel-devel-2.6.18-274.18.1.el5.x86_64.rpm
kernel-headers-2.6.18-274.18.1.el5.x86_64.rpm
kernel-xen-2.6.18-274.18.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-274.18.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-274.18.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-3638.html
https://www.redhat.com/security/data/cve/CVE-2011-4086.html
https://www.redhat.com/security/data/cve/CVE-2011-4127.html
https://www.redhat.com/security/data/cve/CVE-2012-0028.html
https://www.redhat.com/security/data/cve/CVE-2012-0207.html
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/kb/docs/DOC-67874

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPM/ifXlSAg2UNWIIRAjj/AJ4iEIz4M5bBrWcuoLxFTqO5bur7AwCePivb
hjyRG2XpmZoDMmhhOtx8Ww0=
=5hL4
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 03-06-2012, 05:49 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2012:0358-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0358.html
Issue date: 2012-03-06
CVE Names: CVE-2011-1898 CVE-2011-2699 CVE-2011-4127
CVE-2011-4330 CVE-2012-0028
================================================== ===================

1. Summary:

Updated kernel packages that fix several security issues and various bugs
are now available for Red Hat Enterprise Linux 5.6 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, noarch, ppc, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* Using PCI passthrough without interrupt remapping support allowed Xen
hypervisor guests to generate MSI interrupts and thus potentially inject
traps. A privileged guest user could use this flaw to crash the host or
possibly escalate their privileges on the host. The fix for this issue can
prevent PCI passthrough working and guests starting. Refer to Red Hat
Bugzilla bug 715555 for details. (CVE-2011-1898, Important)

* IPv6 fragment identification value generation could allow a remote
attacker to disrupt a target system's networking, preventing legitimate
users from accessing its services. (CVE-2011-2699, Important)

* Using the SG_IO ioctl to issue SCSI requests to partitions or LVM volumes
resulted in the requests being passed to the underlying block device. If a
privileged user only had access to a single partition or LVM volume, they
could use this flaw to bypass those restrictions and gain read and write
access (and be able to issue other SCSI commands) to the entire block
device. Refer to Red Hat Knowledgebase article 67869, linked to in the
References, for further details about this issue. (CVE-2011-4127,
Important)

* A flaw was found in the way the Linux kernel handled robust list pointers
of user-space held futexes across exec() calls. A local, unprivileged user
could use this flaw to cause a denial of service or, eventually, escalate
their privileges. (CVE-2012-0028, Important)

* A missing boundary check was found in the Linux kernel's HFS file system
implementation. A local attacker could use this flaw to cause a denial of
service or escalate their privileges by mounting a specially-crafted disk.
(CVE-2011-4330, Moderate)

Red Hat would like to thank Fernando Gont for reporting CVE-2011-2699, and
Clement Lecigne for reporting CVE-2011-4330.

This update also fixes the following bugs:

* Previously, all timers for a Xen fully-virtualized domain were based on
the time stamp counter (TSC) of the underlying physical CPU. This could
cause observed time to go backwards on some hosts. This update moves all
timers except HPET to the Xen monotonic system time, which fixes the bug as
long as the HPET is removed from the configuration of the domain.
(BZ#773359)

* Previously, tests of the Microsoft Server Virtualization Validation
Program (SVVP) detected unreliability of the emulated HPET (High
Performance Event Timer) on some hosts. Now, HPET can be configured as a
per-domain configuration option; if it is disabled, the guest chooses a
more reliable timer source. Disabling HPET is suggested for Windows guests,
as well as fully-virtualized Linux guests that show occasional "time went
backwards" errors in the console. (BZ#773360)

* SG_IO ioctls were not implemented correctly in the Red Hat Enterprise
Linux 5 virtio-blk driver. Sending an SG_IO ioctl request to a virtio-blk
disk caused the sending thread to enter an uninterruptible sleep state ("D"
state). With this update, SG_IO ioctls are rejected by the virtio-blk
driver; the ioctl system call simply returns an ENOTTY ("Inappropriate
ioctl for device") error and the thread continues normally. (BZ#784658)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

715555 - CVE-2011-1898 virt: VT-d (PCI passthrough) MSI trap injection
723429 - CVE-2011-2699 kernel: ipv6: make fragment identifications less predictable
752375 - CVE-2011-4127 kernel: possible privilege escalation via SG_IO ioctl
755431 - CVE-2011-4330 kernel: hfs: add sanity check for file name length
771764 - CVE-2012-0028 kernel: futex: clear robust_list on execve
773360 - provide option to disable HPET [rhel-5.6.z]
784658 - Install RHEV-H to virtual machine cause VM kernel panic when boot [rhel-5.6.z]

6. Package List:

Red Hat Enterprise Linux EUS (v. 5.6 server):

Source:
kernel-2.6.18-238.35.1.el5.src.rpm

i386:
kernel-2.6.18-238.35.1.el5.i686.rpm
kernel-PAE-2.6.18-238.35.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-238.35.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-238.35.1.el5.i686.rpm
kernel-debug-2.6.18-238.35.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-238.35.1.el5.i686.rpm
kernel-debug-devel-2.6.18-238.35.1.el5.i686.rpm
kernel-debuginfo-2.6.18-238.35.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-238.35.1.el5.i686.rpm
kernel-devel-2.6.18-238.35.1.el5.i686.rpm
kernel-headers-2.6.18-238.35.1.el5.i386.rpm
kernel-xen-2.6.18-238.35.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-238.35.1.el5.i686.rpm
kernel-xen-devel-2.6.18-238.35.1.el5.i686.rpm

ia64:
kernel-2.6.18-238.35.1.el5.ia64.rpm
kernel-debug-2.6.18-238.35.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-238.35.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-238.35.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-238.35.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-238.35.1.el5.ia64.rpm
kernel-devel-2.6.18-238.35.1.el5.ia64.rpm
kernel-headers-2.6.18-238.35.1.el5.ia64.rpm
kernel-xen-2.6.18-238.35.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-238.35.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-238.35.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-238.35.1.el5.noarch.rpm

ppc:
kernel-2.6.18-238.35.1.el5.ppc64.rpm
kernel-debug-2.6.18-238.35.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-238.35.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-238.35.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-238.35.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-238.35.1.el5.ppc64.rpm
kernel-devel-2.6.18-238.35.1.el5.ppc64.rpm
kernel-headers-2.6.18-238.35.1.el5.ppc.rpm
kernel-headers-2.6.18-238.35.1.el5.ppc64.rpm
kernel-kdump-2.6.18-238.35.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-238.35.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-238.35.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-238.35.1.el5.s390x.rpm
kernel-debug-2.6.18-238.35.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-238.35.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-238.35.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-238.35.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-238.35.1.el5.s390x.rpm
kernel-devel-2.6.18-238.35.1.el5.s390x.rpm
kernel-headers-2.6.18-238.35.1.el5.s390x.rpm
kernel-kdump-2.6.18-238.35.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-238.35.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-238.35.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-238.35.1.el5.x86_64.rpm
kernel-debug-2.6.18-238.35.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-238.35.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-238.35.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-238.35.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-238.35.1.el5.x86_64.rpm
kernel-devel-2.6.18-238.35.1.el5.x86_64.rpm
kernel-headers-2.6.18-238.35.1.el5.x86_64.rpm
kernel-xen-2.6.18-238.35.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-238.35.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-238.35.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-1898.html
https://www.redhat.com/security/data/cve/CVE-2011-2699.html
https://www.redhat.com/security/data/cve/CVE-2011-4127.html
https://www.redhat.com/security/data/cve/CVE-2011-4330.html
https://www.redhat.com/security/data/cve/CVE-2012-0028.html
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/knowledge/articles/66747
https://bugzilla.redhat.com/show_bug.cgi?id=715555
https://access.redhat.com/knowledge/articles/67869

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPVlwUXlSAg2UNWIIRArbgAJ4nS24vqdMhzVidOIv5ag ZAbgtZ2ACgqSov
quQhiIgGEEc0llcwVVSof/c=
=Rcn6
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 05-29-2012, 06:24 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2012:0690-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0690.html
Issue date: 2012-05-29
CVE Names: CVE-2012-2136
================================================== ===================

1. Summary:

Updated kernel packages that fix one security issue and various bugs are
now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* It was found that the data_len parameter of the sock_alloc_send_pskb()
function in the Linux kernel's networking implementation was not validated
before use. A local user with access to a TUN/TAP virtual interface could
use this flaw to crash the system or, potentially, escalate their
privileges. Note that unprivileged users cannot access TUN/TAP devices
until the root user grants them access. (CVE-2012-2136, Important)

This update also fixes various bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which contain backported
patches to correct this issue, and fix the bugs noted in the Technical
Notes. The system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

816289 - CVE-2012-2136 kernel: net: insufficient data_len validation in sock_alloc_send_pskb()

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-308.8.1.el5.src.rpm

i386:
kernel-2.6.18-308.8.1.el5.i686.rpm
kernel-PAE-2.6.18-308.8.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-308.8.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-308.8.1.el5.i686.rpm
kernel-debug-2.6.18-308.8.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-308.8.1.el5.i686.rpm
kernel-debug-devel-2.6.18-308.8.1.el5.i686.rpm
kernel-debuginfo-2.6.18-308.8.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-308.8.1.el5.i686.rpm
kernel-devel-2.6.18-308.8.1.el5.i686.rpm
kernel-headers-2.6.18-308.8.1.el5.i386.rpm
kernel-xen-2.6.18-308.8.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-308.8.1.el5.i686.rpm
kernel-xen-devel-2.6.18-308.8.1.el5.i686.rpm

noarch:
kernel-doc-2.6.18-308.8.1.el5.noarch.rpm

x86_64:
kernel-2.6.18-308.8.1.el5.x86_64.rpm
kernel-debug-2.6.18-308.8.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-308.8.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-308.8.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-308.8.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-308.8.1.el5.x86_64.rpm
kernel-devel-2.6.18-308.8.1.el5.x86_64.rpm
kernel-headers-2.6.18-308.8.1.el5.x86_64.rpm
kernel-xen-2.6.18-308.8.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-308.8.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-308.8.1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-308.8.1.el5.src.rpm

i386:
kernel-2.6.18-308.8.1.el5.i686.rpm
kernel-PAE-2.6.18-308.8.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-308.8.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-308.8.1.el5.i686.rpm
kernel-debug-2.6.18-308.8.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-308.8.1.el5.i686.rpm
kernel-debug-devel-2.6.18-308.8.1.el5.i686.rpm
kernel-debuginfo-2.6.18-308.8.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-308.8.1.el5.i686.rpm
kernel-devel-2.6.18-308.8.1.el5.i686.rpm
kernel-headers-2.6.18-308.8.1.el5.i386.rpm
kernel-xen-2.6.18-308.8.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-308.8.1.el5.i686.rpm
kernel-xen-devel-2.6.18-308.8.1.el5.i686.rpm

ia64:
kernel-2.6.18-308.8.1.el5.ia64.rpm
kernel-debug-2.6.18-308.8.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-308.8.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-308.8.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-308.8.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-308.8.1.el5.ia64.rpm
kernel-devel-2.6.18-308.8.1.el5.ia64.rpm
kernel-headers-2.6.18-308.8.1.el5.ia64.rpm
kernel-xen-2.6.18-308.8.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-308.8.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-308.8.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-308.8.1.el5.noarch.rpm

ppc:
kernel-2.6.18-308.8.1.el5.ppc64.rpm
kernel-debug-2.6.18-308.8.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-308.8.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-308.8.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-308.8.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-308.8.1.el5.ppc64.rpm
kernel-devel-2.6.18-308.8.1.el5.ppc64.rpm
kernel-headers-2.6.18-308.8.1.el5.ppc.rpm
kernel-headers-2.6.18-308.8.1.el5.ppc64.rpm
kernel-kdump-2.6.18-308.8.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-308.8.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-308.8.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-308.8.1.el5.s390x.rpm
kernel-debug-2.6.18-308.8.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-308.8.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-308.8.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-308.8.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-308.8.1.el5.s390x.rpm
kernel-devel-2.6.18-308.8.1.el5.s390x.rpm
kernel-headers-2.6.18-308.8.1.el5.s390x.rpm
kernel-kdump-2.6.18-308.8.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-308.8.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-308.8.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-308.8.1.el5.x86_64.rpm
kernel-debug-2.6.18-308.8.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-308.8.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-308.8.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-308.8.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-308.8.1.el5.x86_64.rpm
kernel-devel-2.6.18-308.8.1.el5.x86_64.rpm
kernel-headers-2.6.18-308.8.1.el5.x86_64.rpm
kernel-xen-2.6.18-308.8.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-308.8.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-308.8.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2012-2136.html
https://access.redhat.com/security/updates/classification/#important
https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.8_Technical_Notes/kernel.html#RHSA-2012-0690

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPxRQsXlSAg2UNWIIRApMMAJ0e0EEaSRgf3myi2iw3kk s9lSLIrQCgv3X0
3MoU8cPLf6Fe5b1wZU59Ybc=
=KnKI
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 06-18-2012, 01:52 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2012:0743-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0743.html
Issue date: 2012-06-18
CVE Names: CVE-2012-0044 CVE-2012-1179 CVE-2012-2119
CVE-2012-2121 CVE-2012-2123 CVE-2012-2136
CVE-2012-2137 CVE-2012-2372 CVE-2012-2373
================================================== ===================

1. Summary:

Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A local, unprivileged user could use an integer overflow flaw in
drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their
privileges. (CVE-2012-0044, Important)

* A buffer overflow flaw was found in the macvtap device driver, used for
creating a bridged network between the guest and the host in KVM
(Kernel-based Virtual Machine) environments. A privileged guest user in a
KVM guest could use this flaw to crash the host. Note: This issue only
affected hosts that have the vhost_net module loaded with the
experimental_zcopytx module option enabled (it is not enabled by default),
and that also have macvtap configured for at least one guest.
(CVE-2012-2119, Important)

* When a set user ID (setuid) application is executed, certain personality
flags for controlling the application's behavior are cleared (that is, a
privileged application will not be affected by those flags). It was found
that those flags were not cleared if the application was made privileged
via file system capabilities. A local, unprivileged user could use this
flaw to change the behavior of such applications, allowing them to bypass
intended restrictions. Note that for default installations, no application
shipped by Red Hat for Red Hat Enterprise Linux is made privileged via file
system capabilities. (CVE-2012-2123, Important)

* It was found that the data_len parameter of the sock_alloc_send_pskb()
function in the Linux kernel's networking implementation was not validated
before use. A privileged guest user in a KVM guest could use this flaw to
crash the host or, possibly, escalate their privileges on the host.
(CVE-2012-2136, Important)

* A buffer overflow flaw was found in the setup_routing_entry() function in
the KVM subsystem of the Linux kernel in the way the Message Signaled
Interrupts (MSI) routing entry was handled. A local, unprivileged user
could use this flaw to cause a denial of service or, possibly, escalate
their privileges. (CVE-2012-2137, Important)

* A race condition was found in the Linux kernel's memory management
subsystem in the way pmd_none_or_clear_bad(), when called with mmap_sem in
read mode, and Transparent Huge Pages (THP) page faults interacted. A
privileged user in a KVM guest with the ballooning functionality enabled
could potentially use this flaw to crash the host. A local, unprivileged
user could use this flaw to crash the system. (CVE-2012-1179, Moderate)

* A flaw was found in the way device memory was handled during guest device
removal. Upon successful device removal, memory used by the device was not
properly unmapped from the corresponding IOMMU or properly released from
the kernel, leading to a memory leak. A malicious user on a KVM host who
has the ability to assign a device to a guest could use this flaw to crash
the host. (CVE-2012-2121, Moderate)

* A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS)
protocol implementation. A local, unprivileged user could use this flaw to
cause a denial of service. (CVE-2012-2372, Moderate)

* A race condition was found in the Linux kernel's memory management
subsystem in the way pmd_populate() and pte_offset_map_lock() interacted on
32-bit x86 systems with more than 4GB of RAM. A local, unprivileged user
could use this flaw to cause a denial of service. (CVE-2012-2373, Moderate)

Red Hat would like to thank Chen Haogang for reporting CVE-2012-0044.

This update also fixes several bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues, and fix the bugs noted in the Technical
Notes. The system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

772894 - CVE-2012-0044 kernel: drm: integer overflow in drm_mode_dirtyfb_ioctl()
803793 - CVE-2012-1179 kernel: thp:__split_huge_page() mapcount != page_mapcount BUG_ON()
806722 - CVE-2012-2123 kernel: fcaps: clear the same personality flags as suid when fcaps are used
814149 - CVE-2012-2121 kvm: device assignment page leak
814278 - CVE-2012-2119 kernel: macvtap: zerocopy: vector length is not validated before pinning user pages
814657 - kernel crash at ieee80211_mgd_probe_ap_send [rhel-6.2.z]
816151 - CVE-2012-2137 kernel: kvm: buffer overflow in kvm_set_irq()
816226 - add option to disable 5GHz band to iwlwifi [rhel-6.2.z]
816289 - CVE-2012-2136 kernel: net: insufficient data_len validation in sock_alloc_send_pskb()
818504 - Disable LRO for all NICs that have LRO enabled [rhel-6.2.z]
818505 - xen: fix drive naming [rhel-6.2.z]
819614 - 2.6.32-220 kernel does not work on a HP DL385G6 with HP Smart Array P410 controller and hpsa driver [rhel-6.2.z]
822754 - CVE-2012-2372 kernel: rds-ping cause kernel panic
822821 - CVE-2012-2373 kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm

i386:
kernel-2.6.32-220.23.1.el6.i686.rpm
kernel-debug-2.6.32-220.23.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-220.23.1.el6.i686.rpm
kernel-debug-devel-2.6.32-220.23.1.el6.i686.rpm
kernel-debuginfo-2.6.32-220.23.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.23.1.el6.i686.rpm
kernel-devel-2.6.32-220.23.1.el6.i686.rpm
kernel-headers-2.6.32-220.23.1.el6.i686.rpm
perf-2.6.32-220.23.1.el6.i686.rpm
perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-220.23.1.el6.noarch.rpm
kernel-firmware-2.6.32-220.23.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debug-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.23.1.el6.x86_64.rpm
kernel-devel-2.6.32-220.23.1.el6.x86_64.rpm
kernel-headers-2.6.32-220.23.1.el6.x86_64.rpm
perf-2.6.32-220.23.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm

i386:
kernel-debug-debuginfo-2.6.32-220.23.1.el6.i686.rpm
kernel-debuginfo-2.6.32-220.23.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.23.1.el6.i686.rpm
perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm
python-perf-2.6.32-220.23.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.23.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
python-perf-2.6.32-220.23.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm

noarch:
kernel-doc-2.6.32-220.23.1.el6.noarch.rpm
kernel-firmware-2.6.32-220.23.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debug-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.23.1.el6.x86_64.rpm
kernel-devel-2.6.32-220.23.1.el6.x86_64.rpm
kernel-headers-2.6.32-220.23.1.el6.x86_64.rpm
perf-2.6.32-220.23.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.23.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
python-perf-2.6.32-220.23.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm

i386:
kernel-2.6.32-220.23.1.el6.i686.rpm
kernel-debug-2.6.32-220.23.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-220.23.1.el6.i686.rpm
kernel-debug-devel-2.6.32-220.23.1.el6.i686.rpm
kernel-debuginfo-2.6.32-220.23.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.23.1.el6.i686.rpm
kernel-devel-2.6.32-220.23.1.el6.i686.rpm
kernel-headers-2.6.32-220.23.1.el6.i686.rpm
perf-2.6.32-220.23.1.el6.i686.rpm
perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-220.23.1.el6.noarch.rpm
kernel-firmware-2.6.32-220.23.1.el6.noarch.rpm

ppc64:
kernel-2.6.32-220.23.1.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-220.23.1.el6.ppc64.rpm
kernel-debug-2.6.32-220.23.1.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-220.23.1.el6.ppc64.rpm
kernel-debug-devel-2.6.32-220.23.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-220.23.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-220.23.1.el6.ppc64.rpm
kernel-devel-2.6.32-220.23.1.el6.ppc64.rpm
kernel-headers-2.6.32-220.23.1.el6.ppc64.rpm
perf-2.6.32-220.23.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-220.23.1.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-220.23.1.el6.ppc64.rpm

s390x:
kernel-2.6.32-220.23.1.el6.s390x.rpm
kernel-debug-2.6.32-220.23.1.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-220.23.1.el6.s390x.rpm
kernel-debug-devel-2.6.32-220.23.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-220.23.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-220.23.1.el6.s390x.rpm
kernel-devel-2.6.32-220.23.1.el6.s390x.rpm
kernel-headers-2.6.32-220.23.1.el6.s390x.rpm
kernel-kdump-2.6.32-220.23.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-220.23.1.el6.s390x.rpm
kernel-kdump-devel-2.6.32-220.23.1.el6.s390x.rpm
perf-2.6.32-220.23.1.el6.s390x.rpm
perf-debuginfo-2.6.32-220.23.1.el6.s390x.rpm
python-perf-debuginfo-2.6.32-220.23.1.el6.s390x.rpm

x86_64:
kernel-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debug-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.23.1.el6.x86_64.rpm
kernel-devel-2.6.32-220.23.1.el6.x86_64.rpm
kernel-headers-2.6.32-220.23.1.el6.x86_64.rpm
perf-2.6.32-220.23.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm

i386:
kernel-debug-debuginfo-2.6.32-220.23.1.el6.i686.rpm
kernel-debuginfo-2.6.32-220.23.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.23.1.el6.i686.rpm
perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm
python-perf-2.6.32-220.23.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm

ppc64:
kernel-debug-debuginfo-2.6.32-220.23.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-220.23.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-220.23.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-220.23.1.el6.ppc64.rpm
python-perf-2.6.32-220.23.1.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-220.23.1.el6.ppc64.rpm

s390x:
kernel-debug-debuginfo-2.6.32-220.23.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-220.23.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-220.23.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-220.23.1.el6.s390x.rpm
perf-debuginfo-2.6.32-220.23.1.el6.s390x.rpm
python-perf-2.6.32-220.23.1.el6.s390x.rpm
python-perf-debuginfo-2.6.32-220.23.1.el6.s390x.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.23.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
python-perf-2.6.32-220.23.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm

i386:
kernel-2.6.32-220.23.1.el6.i686.rpm
kernel-debug-2.6.32-220.23.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-220.23.1.el6.i686.rpm
kernel-debug-devel-2.6.32-220.23.1.el6.i686.rpm
kernel-debuginfo-2.6.32-220.23.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.23.1.el6.i686.rpm
kernel-devel-2.6.32-220.23.1.el6.i686.rpm
kernel-headers-2.6.32-220.23.1.el6.i686.rpm
perf-2.6.32-220.23.1.el6.i686.rpm
perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-220.23.1.el6.noarch.rpm
kernel-firmware-2.6.32-220.23.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debug-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.23.1.el6.x86_64.rpm
kernel-devel-2.6.32-220.23.1.el6.x86_64.rpm
kernel-headers-2.6.32-220.23.1.el6.x86_64.rpm
perf-2.6.32-220.23.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-220.23.1.el6.src.rpm

i386:
kernel-debug-debuginfo-2.6.32-220.23.1.el6.i686.rpm
kernel-debuginfo-2.6.32-220.23.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-220.23.1.el6.i686.rpm
perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm
python-perf-2.6.32-220.23.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-220.23.1.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-220.23.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm
python-perf-2.6.32-220.23.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-220.23.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2012-0044.html
https://www.redhat.com/security/data/cve/CVE-2012-1179.html
https://www.redhat.com/security/data/cve/CVE-2012-2119.html
https://www.redhat.com/security/data/cve/CVE-2012-2121.html
https://www.redhat.com/security/data/cve/CVE-2012-2123.html
https://www.redhat.com/security/data/cve/CVE-2012-2136.html
https://www.redhat.com/security/data/cve/CVE-2012-2137.html
https://www.redhat.com/security/data/cve/CVE-2012-2372.html
https://www.redhat.com/security/data/cve/CVE-2012-2373.html
https://access.redhat.com/security/updates/classification/#important
https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.2_Technical_Notes/kernel.html#RHSA-2012-0743

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFP3zJcXlSAg2UNWIIRAlFPAJ9ov0UCSkIqz63r+6YXL9 bf0+ADOQCfUIzx
w/ZsFuOkCnr15/XGPkEszEQ=
=D/pm
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 06-26-2012, 06:45 PM
 
Default Important: kernel security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2012:1042-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1042.html
Issue date: 2012-06-26
CVE Names: CVE-2011-4347 CVE-2012-0038 CVE-2012-0044
CVE-2012-1097 CVE-2012-1179
================================================== ===================

1. Summary:

Updated kernel packages that fix various security issues and three bugs are
now available for Red Hat Enterprise Linux 6.1 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server EUS (v. 6.1) - i386, noarch, ppc64, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A local, unprivileged user could use an integer overflow flaw in
drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their
privileges. (CVE-2012-0044, Important)

* It was found that the kvm_vm_ioctl_assign_device() function in the KVM
(Kernel-based Virtual Machine) subsystem of a Linux kernel did not check if
the user requesting device assignment was privileged or not. A local,
unprivileged user on the host could assign unused PCI devices, or even
devices that were in use and whose resources were not properly claimed by
the respective drivers, which could result in the host crashing.
(CVE-2011-4347, Moderate)

* A flaw was found in the way the Linux kernel's XFS file system
implementation handled on-disk Access Control Lists (ACLs). A local,
unprivileged user could use this flaw to cause a denial of service or
escalate their privileges by mounting a specially-crafted disk.
(CVE-2012-0038, Moderate)

* It was found that the Linux kernel's register set (regset) common
infrastructure implementation did not check if the required get and set
handlers were initialized. A local, unprivileged user could use this flaw
to cause a denial of service by performing a register set operation with a
ptrace() PTRACE_SETREGSET or PTRACE_GETREGSET request. (CVE-2012-1097,
Moderate)

* A race condition was found in the Linux kernel's memory management
subsystem in the way pmd_none_or_clear_bad(), when called with mmap_sem in
read mode, and Transparent Huge Pages (THP) page faults interacted. A
privileged user in a KVM guest with the ballooning functionality enabled
could potentially use this flaw to crash the host. A local, unprivileged
user could use this flaw to crash the system. (CVE-2012-1179, Moderate)

Red Hat would like to thank Chen Haogang for reporting CVE-2012-0044; Sasha
Levin for reporting CVE-2011-4347; Wang Xi for reporting CVE-2012-0038; and
H. Peter Anvin for reporting CVE-2012-1097.

This update also fixes the following bugs:

* When a RoCE (RDMA over Converged Ethernet) adapter with active RoCE
communications was taken down suddenly (either by adapter failure or the
intentional shutdown of the interface), the ongoing RoCE communications
could cause the kernel to panic and render the machine unusable. A patch
has been provided to protect the kernel in this situation and to pass an
error up to the application still using the interface after it has been
taken down instead. (BZ#799944)

* The fix for Red Hat Bugzilla bug 713494, released via RHSA-2011:0928,
introduced a regression. Attempting to change the state of certain
features, such as GRO (Generic Receive Offload) or TSO (TCP segment
offloading), for a 10 Gigabit Ethernet card that is being used in a
virtual LAN (VLAN) resulted in a kernel panic. (BZ#816974)

* If a new file was created on a Network File System version 4 (NFSv4)
share, the ownership was set to nfsnobody (-2) until it was possible to
upcall to the idmapper. As a consequence, subsequent file system operations
could incorrectly use "-2" for the user and group IDs for the given file,
causing certain operations to fail. In reported cases, this issue also
caused "Viminfo file is not writable" errors for users running Vim with
files on an NFSv4 share. (BZ#820960)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

756084 - CVE-2011-4347 kernel: kvm: device assignment DoS
772894 - CVE-2012-0044 kernel: drm: integer overflow in drm_mode_dirtyfb_ioctl()
773280 - CVE-2012-0038 kernel: xfs heap overflow
799209 - CVE-2012-1097 kernel: regset: Prevent null pointer reference on readonly regsets
803793 - CVE-2012-1179 kernel: thp:__split_huge_page() mapcount != page_mapcount BUG_ON()

6. Package List:

Red Hat Enterprise Linux Server EUS (v. 6.1):

Source:
kernel-2.6.32-131.29.1.el6.src.rpm

i386:
kernel-2.6.32-131.29.1.el6.i686.rpm
kernel-debug-2.6.32-131.29.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-131.29.1.el6.i686.rpm
kernel-debug-devel-2.6.32-131.29.1.el6.i686.rpm
kernel-debuginfo-2.6.32-131.29.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-131.29.1.el6.i686.rpm
kernel-devel-2.6.32-131.29.1.el6.i686.rpm
kernel-headers-2.6.32-131.29.1.el6.i686.rpm
perf-2.6.32-131.29.1.el6.i686.rpm
perf-debuginfo-2.6.32-131.29.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-131.29.1.el6.noarch.rpm
kernel-firmware-2.6.32-131.29.1.el6.noarch.rpm

ppc64:
kernel-2.6.32-131.29.1.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-131.29.1.el6.ppc64.rpm
kernel-debug-2.6.32-131.29.1.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-131.29.1.el6.ppc64.rpm
kernel-debug-devel-2.6.32-131.29.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-131.29.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-131.29.1.el6.ppc64.rpm
kernel-devel-2.6.32-131.29.1.el6.ppc64.rpm
kernel-headers-2.6.32-131.29.1.el6.ppc64.rpm
perf-2.6.32-131.29.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-131.29.1.el6.ppc64.rpm

s390x:
kernel-2.6.32-131.29.1.el6.s390x.rpm
kernel-debug-2.6.32-131.29.1.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-131.29.1.el6.s390x.rpm
kernel-debug-devel-2.6.32-131.29.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-131.29.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-131.29.1.el6.s390x.rpm
kernel-devel-2.6.32-131.29.1.el6.s390x.rpm
kernel-headers-2.6.32-131.29.1.el6.s390x.rpm
kernel-kdump-2.6.32-131.29.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-131.29.1.el6.s390x.rpm
kernel-kdump-devel-2.6.32-131.29.1.el6.s390x.rpm
perf-2.6.32-131.29.1.el6.s390x.rpm
perf-debuginfo-2.6.32-131.29.1.el6.s390x.rpm

x86_64:
kernel-2.6.32-131.29.1.el6.x86_64.rpm
kernel-debug-2.6.32-131.29.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-131.29.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-131.29.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-131.29.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-131.29.1.el6.x86_64.rpm
kernel-devel-2.6.32-131.29.1.el6.x86_64.rpm
kernel-headers-2.6.32-131.29.1.el6.x86_64.rpm
perf-2.6.32-131.29.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-131.29.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-4347.html
https://www.redhat.com/security/data/cve/CVE-2012-0038.html
https://www.redhat.com/security/data/cve/CVE-2012-0044.html
https://www.redhat.com/security/data/cve/CVE-2012-1097.html
https://www.redhat.com/security/data/cve/CVE-2012-1179.html
https://access.redhat.com/security/updates/classification/#important
https://rhn.redhat.com/errata/RHSA-2011-0928.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFP6gMxXlSAg2UNWIIRAp0hAJ9EpNvBTuIJV1vvvNpd9N 6ciCmK0QCfd3R7
A3SX3RBMjY6D37NcWXCZU2o=
=aZdF
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 

Thread Tools




All times are GMT. The time now is 08:58 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org