FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Enterprise Watch List

 
 
LinkBack Thread Tools
 
Old 02-04-2009, 02:11 PM
 
Default Important: kernel-rt security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2009:0053-01
Product: Red Hat Enterprise MRG for RHEL-5
Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0053.html
Issue date: 2009-02-04
CVE Names: CVE-2008-5079 CVE-2008-5134 CVE-2008-5182
CVE-2008-5300 CVE-2008-5700 CVE-2009-0065
================================================== ===================

1. Summary:

Updated kernel packages that fix several security issues and several bugs
are now available for Red Hat Enterprise MRG 1.1.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

MRG Realtime for RHEL 5 Server - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

These updated packages address the following security issues:

* a flaw was found in the Asynchronous Transfer Mode (ATM) subsystem. A
local, unprivileged user could use the flaw to listen on the same socket
more than once, possibly causing a denial of service. (CVE-2008-5079,
Important)

* a buffer overflow flaw was found in the libertas driver. This could,
potentially, lead to a remote denial of service when an invalid beacon or
probe response was received. (CVE-2008-5134, Important)

* a race condition was found in the Linux kernel "inotify" watch removal
and umount implementation. This could allow a local, unprivileged user
to cause a privilege escalation or a denial of service. (CVE-2008-5182,
Important)

* the sendmsg() function in the Linux kernel did not block during UNIX
socket garbage collection. This could, potentially, lead to a local denial
of service. (CVE-2008-5300, Important)

* a buffer overflow was found in the Linux kernel Partial Reliable Stream
Control Transmission Protocol (PR-SCTP) implementation. This could,
potentially, lead to a denial of service if a Forward-TSN chunk is received
with a large stream ID. (CVE-2009-0065, Important)

* a deficiency was found in the libATA implementation. This could,
potentially, lead to a denial of service. By default, the "/dev/sg*"
devices are accessible only to the root user. (CVE-2008-5700, Low)

These updated packages also address numerous bugs, including the following:

* a race condition caused the timer to stop responding. This was fixed by
correcting the behavior of the alloc_posix_timer() function.

* the kernel was behaving differently for varying file capabilities. This
was resolved by ensuring the get_file_caps() function was preceded by
clearing bprm->caps_*.

* a check was included on the limit of the shadow.bytes array, to prevent
value outside the limits being written and over riding other data areas.

* the kernel-rt-2.6.24.7-81.el5rt kernel displayed a warning on boot
stating that the hwclock failed. This was due to a compatibility problem
with the Red Hat Enterprise Linux 5 file system. It was resolved by adding
a new udev rule that ensured /dev was set up correctly.

* the GPS clock daemon was becoming unstable due to a problem in adjtimex.
The issue was located and corrected.

* the events_trace tracer was providing bad parameters to syscalls on i386
machines. This was due to the sys_call interface needing to use the
assembly linked annotation and the edx register being used before it was
stored on the stack. Both these issues were corrected.

All Red Hat Enterprise MRG users should install this update which addresses
these vulnerabilities and fixes these bugs. For this update to take effect,
the system must be rebooted.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

470758 - kernel: file caps: always start with clear bprm->caps_*
470761 - CVE-2008-5134 kernel: libertas: fix buffer overrun
471835 - kernel: V4L/DVB (9621): Avoid writing outside shadow.bytes[] array
472277 - CRM 1871016 adjtimex causing instability on GPS clock daemon
472325 - CVE-2008-5182 kernel: fix inotify watch removal/umount races
473259 - CVE-2008-5300 kernel: fix soft lockups/OOM issues with unix socket garbage collector
473696 - CVE-2008-5079 Linux Kernel 'atm module' Local Denial of Service
474495 - CVE-2008-5700 kernel: enforce a minimum SG_IO timeout
474683 - event trace syscall on i386 has bogus parameters
478800 - CVE-2009-0065 kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID

6. Package List:

MRG Realtime for RHEL 5 Server:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/kernel-rt-2.6.24.7-101.el5rt.src.rpm

i386:
kernel-rt-2.6.24.7-101.el5rt.i686.rpm
kernel-rt-debug-2.6.24.7-101.el5rt.i686.rpm
kernel-rt-debug-debuginfo-2.6.24.7-101.el5rt.i686.rpm
kernel-rt-debug-devel-2.6.24.7-101.el5rt.i686.rpm
kernel-rt-debuginfo-2.6.24.7-101.el5rt.i686.rpm
kernel-rt-debuginfo-common-2.6.24.7-101.el5rt.i686.rpm
kernel-rt-devel-2.6.24.7-101.el5rt.i686.rpm
kernel-rt-trace-2.6.24.7-101.el5rt.i686.rpm
kernel-rt-trace-debuginfo-2.6.24.7-101.el5rt.i686.rpm
kernel-rt-trace-devel-2.6.24.7-101.el5rt.i686.rpm
kernel-rt-vanilla-2.6.24.7-101.el5rt.i686.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-101.el5rt.i686.rpm
kernel-rt-vanilla-devel-2.6.24.7-101.el5rt.i686.rpm

noarch:
kernel-rt-doc-2.6.24.7-101.el5rt.noarch.rpm

x86_64:
kernel-rt-2.6.24.7-101.el5rt.x86_64.rpm
kernel-rt-debug-2.6.24.7-101.el5rt.x86_64.rpm
kernel-rt-debug-debuginfo-2.6.24.7-101.el5rt.x86_64.rpm
kernel-rt-debug-devel-2.6.24.7-101.el5rt.x86_64.rpm
kernel-rt-debuginfo-2.6.24.7-101.el5rt.x86_64.rpm
kernel-rt-debuginfo-common-2.6.24.7-101.el5rt.x86_64.rpm
kernel-rt-devel-2.6.24.7-101.el5rt.x86_64.rpm
kernel-rt-trace-2.6.24.7-101.el5rt.x86_64.rpm
kernel-rt-trace-debuginfo-2.6.24.7-101.el5rt.x86_64.rpm
kernel-rt-trace-devel-2.6.24.7-101.el5rt.x86_64.rpm
kernel-rt-vanilla-2.6.24.7-101.el5rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-101.el5rt.x86_64.rpm
kernel-rt-vanilla-devel-2.6.24.7-101.el5rt.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5300
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5700
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0065
http://www.redhat.com/security/updates/classification/#important
http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/1.1/html/MRG_Release_Notes/

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2009 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFJia/0XlSAg2UNWIIRAt9LAJ9gj1yDSvB09gzDHQasj6mZmLYIOwCgm NOz
ukWV6dRFkPO4mAUbPPtd7u0=
=a5ov
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 01-21-2010, 01:18 PM
 
Default Important: kernel-rt security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2010:0041-01
Product: Red Hat Enterprise MRG for RHEL-5
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0041.html
Issue date: 2010-01-21
CVE Names: CVE-2009-3080 CVE-2009-4021 CVE-2009-4536
CVE-2009-4537 CVE-2009-4538
================================================== ===================

1. Summary:

Updated kernel-rt packages that fix multiple security issues and several
bugs are now available for Red Hat Enterprise MRG 1.2.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

MRG Realtime for RHEL 5 Server - i386, noarch, x86_64

3. Description:

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* an array index error was found in the gdth driver in the Linux kernel. A
local user could send a specially-crafted IOCTL request that would cause a
denial of service or, possibly, privilege escalation. (CVE-2009-3080,
Important)

* a flaw was found in the FUSE implementation in the Linux kernel. When a
system is low on memory, fuse_put_request() could dereference an invalid
pointer, possibly leading to a local denial of service or privilege
escalation. (CVE-2009-4021, Important)

* a flaw was found in each of the following Intel PRO/1000 Linux drivers in
the Linux kernel: e1000 and e1000e. A remote attacker using packets larger
than the MTU could bypass the existing fragment check, resulting in
partial, invalid frames being passed to the network stack. These flaws
could also possibly be used to trigger a remote denial of service.
(CVE-2009-4536, CVE-2009-4538, Important)

* a flaw was found in the Realtek r8169 Ethernet driver in the Linux
kernel. Receiving overly-long frames with a certain revision of the network
cards supported by this driver could possibly result in a remote denial of
service. (CVE-2009-4537, Important)

This update also fixes the following bugs:

* the "function tracer" from ftrace could eventually present problems when
a module was unloaded during a tracing session. Some of the related call
site entries for that module were not removed from ftrace's internal lists
and could lead to confusing "oops" error messages. The call site entries
are now removed correctly, and the errors no longer occur. (BZ#537472)

* when using the kernel in tickless (or NOHZ) mode, time was not
accumulated one tick at a time. This created latencies when the accumulated
interval grew large. Time is now accumulated logarithmically and latencies
related to tickless mode no longer occur. (BZ#538370)

* running the "cset set" command was resulting in unsafe access to a
structure that could be concurrently changed. This was eventually causing
the kernel to crash. The operations were repositioned so that they no
longer add locks, to minimize performance penalties. (BZ#541080)

* the function used to calculate system load called different functions to
count the tasks in running and interpretable states. On systems with a
large number of CPUs, this could result in several TLB and cache misses.
These functions have now been combined, and the problem has been
significantly reduced. (BZ#552860)

* when legacy PCI bus checks occurred, an off-by-one error would present.
Scanning 255 PCI buses is now allowed as 0xff is a valid bus, and the error
no longer occurs. (BZ#552874)

* on systems with 8 or more CPUs, an unnecessary anon_vma lock acquisition
in vma_adjust() was causing a decrease in throughput. Code from the
upstream kernel was backported, and the throughput decrease no longer
exists. (BZ#552876)

* the scheduler function double_lock_balance() favors logically lower CPUs.
This could cause logically higher CPUs to be starved if run queues were
under a lot of pressure, resulting in latencies. The algorithm has been
adjusted so that it is fairer, and logically higher CPUs no longer risk
being starved. (BZ#552877)

These updated packages also include other bug fixes. Users are directed to
the Red Hat Enterprise MRG 1.2 Release Notes for information on those
fixes, available shortly from:

http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

537472 - ftrace function tracer triggers integrity check failure
538734 - CVE-2009-4021 kernel: fuse: prevent fuse_put_request on invalid pointer
539414 - CVE-2009-3080 kernel: gdth: Prevent negative offsets in ioctl
541080 - MRG Kernel crashes when we run "cset set" command, but the crash is random.
550907 - CVE-2009-4537 kernel: r8169 issue reported at 26c3
551214 - CVE-2009-4538 kernel: e1000e frame fragment issue
552126 - CVE-2009-4536 kernel: e1000 issue reported at 26c3

6. Package List:

MRG Realtime for RHEL 5 Server:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/kernel-rt-2.6.24.7-146.el5rt.src.rpm

i386:
kernel-rt-2.6.24.7-146.el5rt.i686.rpm
kernel-rt-debug-2.6.24.7-146.el5rt.i686.rpm
kernel-rt-debug-debuginfo-2.6.24.7-146.el5rt.i686.rpm
kernel-rt-debug-devel-2.6.24.7-146.el5rt.i686.rpm
kernel-rt-debuginfo-2.6.24.7-146.el5rt.i686.rpm
kernel-rt-debuginfo-common-2.6.24.7-146.el5rt.i686.rpm
kernel-rt-devel-2.6.24.7-146.el5rt.i686.rpm
kernel-rt-trace-2.6.24.7-146.el5rt.i686.rpm
kernel-rt-trace-debuginfo-2.6.24.7-146.el5rt.i686.rpm
kernel-rt-trace-devel-2.6.24.7-146.el5rt.i686.rpm
kernel-rt-vanilla-2.6.24.7-146.el5rt.i686.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-146.el5rt.i686.rpm
kernel-rt-vanilla-devel-2.6.24.7-146.el5rt.i686.rpm

noarch:
kernel-rt-doc-2.6.24.7-146.el5rt.noarch.rpm

x86_64:
kernel-rt-2.6.24.7-146.el5rt.x86_64.rpm
kernel-rt-debug-2.6.24.7-146.el5rt.x86_64.rpm
kernel-rt-debug-debuginfo-2.6.24.7-146.el5rt.x86_64.rpm
kernel-rt-debug-devel-2.6.24.7-146.el5rt.x86_64.rpm
kernel-rt-debuginfo-2.6.24.7-146.el5rt.x86_64.rpm
kernel-rt-debuginfo-common-2.6.24.7-146.el5rt.x86_64.rpm
kernel-rt-devel-2.6.24.7-146.el5rt.x86_64.rpm
kernel-rt-trace-2.6.24.7-146.el5rt.x86_64.rpm
kernel-rt-trace-debuginfo-2.6.24.7-146.el5rt.x86_64.rpm
kernel-rt-trace-devel-2.6.24.7-146.el5rt.x86_64.rpm
kernel-rt-vanilla-2.6.24.7-146.el5rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-146.el5rt.x86_64.rpm
kernel-rt-vanilla-devel-2.6.24.7-146.el5rt.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-3080.html
https://www.redhat.com/security/data/cve/CVE-2009-4021.html
https://www.redhat.com/security/data/cve/CVE-2009-4536.html
https://www.redhat.com/security/data/cve/CVE-2009-4537.html
https://www.redhat.com/security/data/cve/CVE-2009-4538.html
http://www.redhat.com/security/updates/classification/#important
http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLWGGVXlSAg2UNWIIRAuKlAKCrKCUDQ3BIaeumzkFhWB 8h+ORSAgCcCgb6
TYIyTlxPCjpZX4kQ8UVADOE=
=+xaZ
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 03-23-2010, 02:57 PM
 
Default Important: kernel-rt security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2010:0161-01
Product: Red Hat Enterprise MRG for RHEL-5
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0161.html
Issue date: 2010-03-23
CVE Names: CVE-2009-4141 CVE-2010-0003 CVE-2010-0007
CVE-2010-0291 CVE-2010-0410 CVE-2010-0415
CVE-2010-0437 CVE-2010-0622
================================================== ===================

1. Summary:

Updated kernel-rt packages that fix multiple security issues and several
bugs are now available for Red Hat Enterprise MRG 1.2.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

MRG Realtime for RHEL 5 Server - i386, noarch, x86_64

3. Description:

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* a deficiency was found in the fasync_helper() implementation. This could
allow a local, unprivileged user to leverage a use-after-free of locked,
asynchronous file descriptors to cause a denial of service or privilege
escalation. (CVE-2009-4141, Important)

* multiple flaws were found in the mmap and mremap implementations. A
local, unprivileged user could use these flaws to cause a local denial of
service or escalate their privileges. (CVE-2010-0291, Important)

* a missing boundary check was found in the do_move_pages() function in the
memory migration functionality. A local user could use this flaw to cause a
local denial of service or an information leak. (CVE-2010-0415, Important)

* a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail()
function. An attacker on the local network could trigger this flaw by
sending IPv6 traffic to a target system, leading to a system crash (kernel
OOPS) if dst->neighbour is NULL on the target system when receiving an IPv6
packet. (CVE-2010-0437, Important)

* a NULL pointer dereference flaw was found in the Fast Userspace Mutexes
(futexes) implementation. The unlock code path did not check if the futex
value associated with pi_state->owner had been modified. A local user could
use this flaw to modify the futex value, possibly leading to a denial of
service or privilege escalation when the pi_state->owner pointer is
dereferenced. (CVE-2010-0622, Important)

* an information leak was found in the print_fatal_signal() implementation.
When "/proc/sys/kernel/print-fatal-signals" is set to 1 (the default value
is 0), memory that is reachable by the kernel could be leaked to
user-space. This issue could also result in a system crash. Note that this
flaw only affected the i386 architecture. (CVE-2010-0003, Moderate)

* a flaw was found in the kernel connector implementation. A local,
unprivileged user could trigger this flaw by sending an arbitrary amount of
notification requests using specially-crafted netlink messages, resulting
in a denial of service. (CVE-2010-0410, Moderate)

* missing capability checks were found in the ebtables implementation, used
for creating an Ethernet bridge firewall. This could allow a local,
unprivileged user to bypass intended capability restrictions and modify
ebtables rules. (CVE-2010-0007, Low)

This update also fixes the following bugs:

* references were missing for two LSI MegaRAID SAS controllers already
supported by the kernel, preventing systems using these controllers from
booting. (BZ#554664)

* a typo in the fix for CVE-2009-2691 resulted in gdb being unable to read
core files created by gcore. (BZ#554965)

* values for certain pointers used by the kernel, which should be
undereferencable, could potentially be abused when a kernel OOPS occurs.
Values that are harder to dereference are now used. (BZ#555227)

* this update redesigns the locking scheme of the TTY process group
(tty->pgrp) structure, due to race conditions introduced when tty->pgrp
started using struct pid instead of pid_t. (BZ#559101)

* the way the NFS kernel server used iget() and the way in which it kept
its cache of inode information, could have led to (mainly on busy file
servers) inconsistencies between the local file system and the file system
being served to clients. (BZ#561275)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

547906 - CVE-2009-4141 kernel: create_elf_tables can leave urandom in a bad state
554578 - CVE-2010-0003 kernel: infoleak if print-fatal-signals=1
554664 - MRG current has a very old megaraid_sas driver
554965 - gcore tool produces unusable corefile with MRG kernel
555238 - CVE-2010-0007 kernel: netfilter: ebtables: enforce CAP_NET_ADMIN
556703 - CVE-2010-0291 kernel: untangle the do_mremap()
561275 - kernel: serious ugliness in iget() uses by nfsd [mrg-1]
561682 - CVE-2010-0410 kernel: OOM/crash in drivers/connector
562582 - CVE-2010-0415 kernel: sys_move_pages infoleak
563091 - CVE-2010-0622 kernel: futex: Handle user space corruption gracefully
563781 - CVE-2010-0437 kernel: ipv6: fix ip6_dst_lookup_tail() NULL pointer dereference

6. Package List:

MRG Realtime for RHEL 5 Server:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/kernel-rt-2.6.24.7-149.el5rt.src.rpm

i386:
kernel-rt-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-debug-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-debug-debuginfo-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-debug-devel-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-debuginfo-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-debuginfo-common-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-devel-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-trace-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-trace-debuginfo-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-trace-devel-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-vanilla-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-149.el5rt.i686.rpm
kernel-rt-vanilla-devel-2.6.24.7-149.el5rt.i686.rpm

noarch:
kernel-rt-doc-2.6.24.7-149.el5rt.noarch.rpm

x86_64:
kernel-rt-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-debug-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-debug-debuginfo-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-debug-devel-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-debuginfo-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-debuginfo-common-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-devel-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-trace-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-trace-debuginfo-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-trace-devel-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-vanilla-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-149.el5rt.x86_64.rpm
kernel-rt-vanilla-devel-2.6.24.7-149.el5rt.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-4141.html
https://www.redhat.com/security/data/cve/CVE-2010-0003.html
https://www.redhat.com/security/data/cve/CVE-2010-0007.html
https://www.redhat.com/security/data/cve/CVE-2010-0291.html
https://www.redhat.com/security/data/cve/CVE-2010-0410.html
https://www.redhat.com/security/data/cve/CVE-2010-0415.html
https://www.redhat.com/security/data/cve/CVE-2010-0437.html
https://www.redhat.com/security/data/cve/CVE-2010-0622.html
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLqOTAXlSAg2UNWIIRAqEnAJ9PcReXgHmM9+pdfygigH VGsggt8gCfdSbS
RjCs09nuCAhBEYXbEidE+/s=
=opcK
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 08-17-2010, 04:05 PM
 
Default Important: kernel-rt security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2010:0631-01
Product: Red Hat Enterprise MRG for RHEL-5
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0631.html
Issue date: 2010-08-17
CVE Names: CVE-2008-7256 CVE-2009-4138 CVE-2010-1083
CVE-2010-1084 CVE-2010-1086 CVE-2010-1087
CVE-2010-1088 CVE-2010-1162 CVE-2010-1173
CVE-2010-1437 CVE-2010-1643 CVE-2010-2240
CVE-2010-2248 CVE-2010-2521
================================================== ===================

1. Summary:

Updated kernel-rt packages that fix multiple security issues and several
bugs are now available for Red Hat Enterprise MRG 1.2.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

MRG Realtime for RHEL 5 Server - i386, noarch, x86_64

3. Description:

These packages contain the Linux kernel, the core of any Linux operating
system.

Security fixes:

* unsafe sprintf() use in the Bluetooth implementation. Creating a large
number of Bluetooth L2CAP, SCO, or RFCOMM sockets could result in arbitrary
memory pages being overwritten, allowing a local, unprivileged user to
cause a denial of service or escalate their privileges. (CVE-2010-1084,
Important)

* a flaw in the Unidirectional Lightweight Encapsulation implementation,
allowing a remote attacker to send a specially-crafted ISO MPEG-2 Transport
Stream frame to a target system, resulting in a denial of service.
(CVE-2010-1086, Important)

* NULL pointer dereference in nfs_wb_page_cancel(), allowing a local user
on a system that has an NFS-mounted file system to cause a denial of
service or escalate their privileges on that system. (CVE-2010-1087,
Important)

* flaw in sctp_process_unk_param(), allowing a remote attacker to send a
specially-crafted SCTP packet to an SCTP listening port on a target system,
causing a denial of service. (CVE-2010-1173, Important)

* race condition between finding a keyring by name and destroying a freed
keyring in the key management facility, allowing a local, unprivileged
user to cause a denial of service or escalate their privileges.
(CVE-2010-1437, Important)

* systems using the kernel NFS server to export a shared memory file system
and that have the sysctl overcommit_memory variable set to never overcommit
(a value of 2; by default, it is set to 0), may experience a NULL pointer
dereference, allowing a local, unprivileged user to cause a denial of
service or escalate their privileges. (CVE-2008-7256, CVE-2010-1643,
Important)

* when an application has a stack overflow, the stack could silently
overwrite another memory mapped area instead of a segmentation fault
occurring, which could lead to local privilege escalation on 64-bit
systems. This issue is fixed with an implementation of a stack guard
feature. (CVE-2010-2240, Important)

* flaw in CIFSSMBWrite() could allow a remote attacker to send a
specially-crafted SMB response packet to a target CIFS client, resulting in
a denial of service. (CVE-2010-2248, Important)

* buffer overflow flaws in the kernel's implementation of the server-side
XDR for NFSv4 could allow an attacker on the local network to send a
specially-crafted large compound request to the NFSv4 server, possibly
resulting in a denial of service or code execution. (CVE-2010-2521,
Important)

* NULL pointer dereference in the firewire-ohci driver used for OHCI
compliant IEEE 1394 controllers could allow a local, unprivileged user with
access to /dev/fw* files to issue certain IOCTL calls, causing a denial of
service or privilege escalation. The FireWire modules are blacklisted by
default. If enabled, only root has access to the files noted above by
default. (CVE-2009-4138, Moderate)

* flaw in the link_path_walk() function. Using the file descriptor
returned by open() with the O_NOFOLLOW flag on a subordinate NFS-mounted
file system, could result in a NULL pointer dereference, causing a denial
of service or privilege escalation. (CVE-2010-1088, Moderate)

* memory leak in release_one_tty() could allow a local, unprivileged user
to cause a denial of service. (CVE-2010-1162, Moderate)

* information leak in the USB implementation. Certain USB errors could
result in an uninitialized kernel buffer being sent to user-space. An
attacker with physical access to a target system could use this flaw to
cause an information leak. (CVE-2010-1083, Low)

Red Hat would like to thank Neil Brown for reporting CVE-2010-1084; Ang Way
Chuang for reporting CVE-2010-1086; Jukka Taimisto and Olli Jarva of
Codenomicon Ltd, Nokia Siemens Networks, and Wind River on behalf of their
customer, for responsibly reporting CVE-2010-1173; the X.Org security team
for reporting CVE-2010-2240, with upstream acknowledging Rafal Wojtczuk as
the original reporter; and Marcus Meissner for reporting CVE-2010-1083.

4. Solution:

Users should upgrade to these updated packages, which contain
backported patches to correct these issues and fix the bugs noted in
the Kernel Security Update document, linked to in the References. The
system must be rebooted for this update to take effect.

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

547236 - CVE-2009-4138 kernel: firewire: ohci: handle receive packets with a data length of zero
555671 - MRG -146/-147 kernels have older broadcom drivers compared with RHEL5.4
562075 - kernel: vfs: add MNT_NOFOLLOW flag to umount(2) [mrg-1]
566624 - CVE-2010-1083 kernel: information leak via userspace USB interface
567184 - CVE-2010-1087 kernel: NFS: Fix an Oops when truncating a file
567813 - CVE-2010-1088 kernel: fix LOOKUP_FOLLOW on automount "symlinks"
569237 - CVE-2010-1086 kernel: dvb-core: DoS bug in ULE decapsulation code
576018 - CVE-2010-1084 kernel: bluetooth: potential bad memory access with sysfs files
582076 - CVE-2010-1162 kernel: tty: release_one_tty() forgets to put pids
584645 - CVE-2010-1173 kernel: sctp: crash due to malformed SCTPChunkInit packet
585094 - CVE-2010-1437 kernel: keyrings: find_keyring_by_name() can gain the freed keyring
594630 - kernel: security: testing the wrong variable in create_by_name() [mrg-1]
595970 - CVE-2008-7256 CVE-2010-1643 kernel: nfsd: fix vm overcommit crash
601210 - Fusion MPT misc device (ioctl) driver too verbose in message/fusion/mptctl.c::mptctl_ioctl()
606611 - CVE-2010-2240 kernel: mm: keep a guard page below a grow-down stack segment
608583 - CVE-2010-2248 kernel: cifs: Fix a kernel BUG with remote OS/2 server
612028 - CVE-2010-2521 kernel: nfsd4: bug in read_buf

6. Package List:

MRG Realtime for RHEL 5 Server:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/kernel-rt-2.6.24.7-161.el5rt.src.rpm

i386:
kernel-rt-2.6.24.7-161.el5rt.i686.rpm
kernel-rt-debug-2.6.24.7-161.el5rt.i686.rpm
kernel-rt-debug-debuginfo-2.6.24.7-161.el5rt.i686.rpm
kernel-rt-debug-devel-2.6.24.7-161.el5rt.i686.rpm
kernel-rt-debuginfo-2.6.24.7-161.el5rt.i686.rpm
kernel-rt-debuginfo-common-2.6.24.7-161.el5rt.i686.rpm
kernel-rt-devel-2.6.24.7-161.el5rt.i686.rpm
kernel-rt-trace-2.6.24.7-161.el5rt.i686.rpm
kernel-rt-trace-debuginfo-2.6.24.7-161.el5rt.i686.rpm
kernel-rt-trace-devel-2.6.24.7-161.el5rt.i686.rpm
kernel-rt-vanilla-2.6.24.7-161.el5rt.i686.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-161.el5rt.i686.rpm
kernel-rt-vanilla-devel-2.6.24.7-161.el5rt.i686.rpm

noarch:
kernel-rt-doc-2.6.24.7-161.el5rt.noarch.rpm
kernel-rt-firmware-2.6.24.7-161.el5rt.noarch.rpm

x86_64:
kernel-rt-2.6.24.7-161.el5rt.x86_64.rpm
kernel-rt-debug-2.6.24.7-161.el5rt.x86_64.rpm
kernel-rt-debug-debuginfo-2.6.24.7-161.el5rt.x86_64.rpm
kernel-rt-debug-devel-2.6.24.7-161.el5rt.x86_64.rpm
kernel-rt-debuginfo-2.6.24.7-161.el5rt.x86_64.rpm
kernel-rt-debuginfo-common-2.6.24.7-161.el5rt.x86_64.rpm
kernel-rt-devel-2.6.24.7-161.el5rt.x86_64.rpm
kernel-rt-trace-2.6.24.7-161.el5rt.x86_64.rpm
kernel-rt-trace-debuginfo-2.6.24.7-161.el5rt.x86_64.rpm
kernel-rt-trace-devel-2.6.24.7-161.el5rt.x86_64.rpm
kernel-rt-vanilla-2.6.24.7-161.el5rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-161.el5rt.x86_64.rpm
kernel-rt-vanilla-devel-2.6.24.7-161.el5rt.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2008-7256.html
https://www.redhat.com/security/data/cve/CVE-2009-4138.html
https://www.redhat.com/security/data/cve/CVE-2010-1083.html
https://www.redhat.com/security/data/cve/CVE-2010-1084.html
https://www.redhat.com/security/data/cve/CVE-2010-1086.html
https://www.redhat.com/security/data/cve/CVE-2010-1087.html
https://www.redhat.com/security/data/cve/CVE-2010-1088.html
https://www.redhat.com/security/data/cve/CVE-2010-1162.html
https://www.redhat.com/security/data/cve/CVE-2010-1173.html
https://www.redhat.com/security/data/cve/CVE-2010-1437.html
https://www.redhat.com/security/data/cve/CVE-2010-1643.html
https://www.redhat.com/security/data/cve/CVE-2010-2240.html
https://www.redhat.com/security/data/cve/CVE-2010-2248.html
https://www.redhat.com/security/data/cve/CVE-2010-2521.html
http://www.redhat.com/security/updates/classification/#important
http://www.redhat.com/docs/en-US/errata/RHSA-2010-0631/Kernel_Security_Update/index.html
https://access.redhat.com/kb/docs/DOC-31052

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFMarMbXlSAg2UNWIIRAggfAKC0sYKQtjtDN+1Ejjuu2I US8EMR/gCdGxFj
Jkg8YiOC+2sBVv8FQuZDo+k=
=w/rL
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 10-08-2010, 02:14 AM
 
Default Important: kernel-rt security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2010:0758-01
Product: Red Hat Enterprise MRG for RHEL-5
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0758.html
Issue date: 2010-10-07
CVE Names: CVE-2010-3067 CVE-2010-3081
================================================== ===================

1. Summary:

Updated kernel-rt packages that fix two security issues and three bugs are
now available for Red Hat Enterprise MRG 1.2.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

MRG Realtime for RHEL 5 Server - i386, noarch, x86_64

3. Description:

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* The compat_alloc_user_space() function in the Linux kernel 32/64-bit
compatibility layer implementation was missing sanity checks. This function
could be abused in other areas of the Linux kernel if its length argument
can be controlled from user-space. On 64-bit systems, a local, unprivileged
user could use this flaw to escalate their privileges. (CVE-2010-3081,
Important)

* A missing upper bound integer check was found in the sys_io_submit()
function in the Linux kernel asynchronous I/O implementation. A local,
unprivileged user could use this flaw to cause an information leak.
(CVE-2010-3067, Low)

Red Hat would like to thank Ben Hawkes for reporting CVE-2010-3081, and
Tavis Ormandy for reporting CVE-2010-3067.

This update also fixes the following bugs:

* The RHSA-2010:0631 kernel-rt update resolved an issue (CVE-2010-2240)
where, when an application has a stack overflow, the stack could silently
overwrite another memory mapped area instead of a segmentation fault
occurring. This update implements the official upstream fixes for that
issue. Note: This is not a security regression. The original fix was
complete. (BZ#624604)

* In certain circumstances, under heavy load, certain network interface
cards using the bnx2 driver, and configured to use MSI-X, could stop
processing interrupts and then network connectivity would cease.
(BZ#622952)

* This update upgrades the tg3 driver to version 3.110. (BZ#640334)

Users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues. The system must be rebooted for
this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

624604 - Backport official CVE-2010-2240 fixes
629441 - CVE-2010-3067 kernel: do_io_submit() infoleak
634457 - CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow
640334 - update MRG 1.2 tg3 driver to latest upstream driver

6. Package List:

MRG Realtime for RHEL 5 Server:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/kernel-rt-2.6.24.7-169.el5rt.src.rpm

i386:
kernel-rt-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-debug-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-debug-debuginfo-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-debug-devel-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-debuginfo-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-debuginfo-common-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-devel-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-trace-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-trace-debuginfo-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-trace-devel-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-vanilla-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-169.el5rt.i686.rpm
kernel-rt-vanilla-devel-2.6.24.7-169.el5rt.i686.rpm

noarch:
kernel-rt-doc-2.6.24.7-169.el5rt.noarch.rpm

x86_64:
kernel-rt-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-debug-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-debug-debuginfo-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-debug-devel-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-debuginfo-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-debuginfo-common-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-devel-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-trace-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-trace-debuginfo-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-trace-devel-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-vanilla-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-2.6.24.7-169.el5rt.x86_64.rpm
kernel-rt-vanilla-devel-2.6.24.7-169.el5rt.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-3067.html
https://www.redhat.com/security/data/cve/CVE-2010-3081.html
http://www.redhat.com/security/updates/classification/#important
https://access.redhat.com/kb/docs/DOC-40265

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFMrn5rXlSAg2UNWIIRAtkJAJ9zViQx8rPkLhA3aIbxKK FtAq4MDQCdFhum
FEsRHkaDDFvvezLqEtWG1Lc=
=fh3M
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 12-08-2010, 06:56 PM
 
Default Important: kernel-rt security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2010:0958-01
Product: Red Hat Enterprise MRG for RHEL-5
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0958.html
Issue date: 2010-12-08
CVE Names: CVE-2010-2962 CVE-2010-3432 CVE-2010-3442
CVE-2010-3705 CVE-2010-3858 CVE-2010-3861
CVE-2010-3874 CVE-2010-3876 CVE-2010-3880
CVE-2010-4072 CVE-2010-4073 CVE-2010-4074
CVE-2010-4075 CVE-2010-4077 CVE-2010-4079
CVE-2010-4080 CVE-2010-4082 CVE-2010-4083
CVE-2010-4157 CVE-2010-4158 CVE-2010-4169
================================================== ===================

1. Summary:

Updated kernel-rt packages that fix multiple security issues and three bugs
are now available for Red Hat Enterprise MRG 1.3.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

MRG Realtime for RHEL 5 Server - i386, noarch, x86_64

3. Description:

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

Security fixes:

* Missing sanity checks in the Intel i915 driver in the Linux kernel could
allow a local, unprivileged user to escalate their privileges.
(CVE-2010-2962, Important)

* A flaw in sctp_packet_config() in the Linux kernel's Stream Control
Transmission Protocol (SCTP) implementation could allow a remote attacker
to cause a denial of service. (CVE-2010-3432, Important)

* A missing integer overflow check in snd_ctl_new() in the Linux kernel's
sound subsystem could allow a local, unprivileged user on a 32-bit system
to cause a denial of service or escalate their privileges. (CVE-2010-3442,
Important)

* A flaw in sctp_auth_asoc_get_hmac() in the Linux kernel's SCTP
implementation. When iterating through the hmac_ids array, it did not reset
the last id element if it was out of range. This could allow a remote
attacker to cause a denial of service. (CVE-2010-3705, Important)

* Missing sanity checks in setup_arg_pages() in the Linux kernel. When
making the size of the argument and environment area on the stack very
large, it could trigger a BUG_ON(), resulting in a local denial of service.
(CVE-2010-3858, Moderate)

* A flaw in ethtool_get_rxnfc() in the Linux kernel's ethtool IOCTL
handler. When it is called with a large info.rule_cnt, it could allow a
local user to cause an information leak. (CVE-2010-3861, Moderate)

* A flaw in bcm_connect() in the Linux kernel's Controller Area Network
(CAN) Broadcast Manager. On 64-bit systems, writing the socket address may
overflow the procname character array. (CVE-2010-3874, Moderate)

* A flaw in inet_csk_diag_dump() in the Linux kernel's module for
monitoring the sockets of INET transport protocols. By sending a netlink
message with certain bytecode, a local, unprivileged user could cause a
denial of service. (CVE-2010-3880, Moderate)

* Missing sanity checks in gdth_ioctl_alloc() in the gdth driver in the
Linux kernel, could allow a local user with access to "/dev/gdth" on a
64-bit system to cause a denial of service or escalate their privileges.
(CVE-2010-4157, Moderate)

* A use-after-free flaw in the mprotect() system call could allow a local,
unprivileged user to cause a local denial of service. (CVE-2010-4169,
Moderate)

* Missing initialization flaws in the Linux kernel could lead to
information leaks. (CVE-2010-3876, CVE-2010-4072, CVE-2010-4073,
CVE-2010-4074, CVE-2010-4075, CVE-2010-4077, CVE-2010-4079, CVE-2010-4080,
CVE-2010-4082, CVE-2010-4083, CVE-2010-4158, Low)

Red Hat would like to thank Kees Cook for reporting CVE-2010-2962,
CVE-2010-3861, and CVE-2010-4072; Dan Rosenberg for reporting
CVE-2010-3442, CVE-2010-3705, CVE-2010-3874, CVE-2010-4073, CVE-2010-4074,
CVE-2010-4075, CVE-2010-4077, CVE-2010-4079, CVE-2010-4080, CVE-2010-4082,
CVE-2010-4083, and CVE-2010-4158; Brad Spengler for reporting
CVE-2010-3858; Nelson Elhage for reporting CVE-2010-3880; and Vasiliy
Kulikov for reporting CVE-2010-3876.

Bug fixes:

* A vulnerability in the 32-bit compatibility code for the VIDIOCSMICROCODE
IOCTL in the Video4Linux implementation. It does not affect Red Hat
Enterprise MRG, but as a preventive measure, this update removes the code.
Red Hat would like to thank Kees Cook for reporting this vulnerability.
(BZ#642469)

* The kernel-rt spec file was missing the crypto, drm, generated, and trace
header directories when generating the kernel-rt-devel package, resulting
in out-of-tree modules failing to build. (BZ#608784)

* On computers without a supported Performance Monitoring Unit, a crash
would occur when running the "perf top" command, and occasionally other
perf commands. perf software events are now marked as IRQ safe to avoid
this crash. (BZ#647434)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

608784 - cannot build third-party modules based upon 2.6.33.5-rt* packages
637675 - CVE-2010-3432 kernel: sctp: do not reset the packet during sctp_packet_config
637688 - CVE-2010-2962 kernel: arbitrary kernel memory write via i915 GEM ioctl
638478 - CVE-2010-3442 kernel: prevent heap corruption in snd_ctl_new()
640036 - CVE-2010-3705 kernel: sctp memory corruption in HMAC handling
642469 - CVE-2010-2963 kernel: v4l: VIDIOCSMICROCODE arbitrary write [mrg-1.3]
645222 - CVE-2010-3858 kernel: setup_arg_pages: diagnose excessive argument size
646725 - CVE-2010-3861 kernel: heap contents leak from ETHTOOL_GRXCLSRLALL
647434 - perf: Mark software events as irqsafe
648656 - CVE-2010-4072 kernel: ipc/shm.c: reading uninitialized stack memory
648658 - CVE-2010-4073 kernel: ipc/compat*.c: reading uninitialized stack memory
648659 - CVE-2010-4074 kernel: drivers/usb/serial/mos*.c: reading uninitialized stack memory
648660 - CVE-2010-4075 kernel: drivers/serial/serial_core.c: reading uninitialized stack memory
648663 - CVE-2010-4077 kernel: drivers/char/nozomi.c: reading uninitialized stack memory
648666 - CVE-2010-4079 kernel: drivers/video/ivtv/ivtvfb.c: reading uninitialized stack memory
648669 - CVE-2010-4080 kernel: drivers/sound/pci/rme9652/hdsp.c: reading uninitialized stack memory
648671 - CVE-2010-4082 kernel: drivers/video/via/ioctl.c: reading uninitialized stack memory
648673 - CVE-2010-4083 kernel: ipc/sem.c: reading uninitialized stack memory
649695 - CVE-2010-3874 kernel: CAN info leak/minor heap overflow
649715 - CVE-2010-3876 kernel: net/packet/af_packet.c: reading uninitialized stack memory
651147 - CVE-2010-4157 kernel: gdth: integer overflow in ioc_general()
651264 - CVE-2010-3880 kernel: logic error in INET_DIAG bytecode auditing
651671 - CVE-2010-4169 kernel: perf bug
651698 - CVE-2010-4158 kernel: socket filters infoleak

6. Package List:

MRG Realtime for RHEL 5 Server:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/kernel-rt-2.6.33.7-rt29.47.el5rt.src.rpm

i386:
kernel-rt-2.6.33.7-rt29.47.el5rt.i686.rpm
kernel-rt-debug-2.6.33.7-rt29.47.el5rt.i686.rpm
kernel-rt-debug-debuginfo-2.6.33.7-rt29.47.el5rt.i686.rpm
kernel-rt-debug-devel-2.6.33.7-rt29.47.el5rt.i686.rpm
kernel-rt-debuginfo-2.6.33.7-rt29.47.el5rt.i686.rpm
kernel-rt-debuginfo-common-2.6.33.7-rt29.47.el5rt.i686.rpm
kernel-rt-devel-2.6.33.7-rt29.47.el5rt.i686.rpm
kernel-rt-trace-2.6.33.7-rt29.47.el5rt.i686.rpm
kernel-rt-trace-debuginfo-2.6.33.7-rt29.47.el5rt.i686.rpm
kernel-rt-trace-devel-2.6.33.7-rt29.47.el5rt.i686.rpm
kernel-rt-vanilla-2.6.33.7-rt29.47.el5rt.i686.rpm
kernel-rt-vanilla-debuginfo-2.6.33.7-rt29.47.el5rt.i686.rpm
kernel-rt-vanilla-devel-2.6.33.7-rt29.47.el5rt.i686.rpm
perf-2.6.33.7-rt29.47.el5rt.i686.rpm
perf-debuginfo-2.6.33.7-rt29.47.el5rt.i686.rpm

noarch:
kernel-rt-doc-2.6.33.7-rt29.47.el5rt.noarch.rpm

x86_64:
kernel-rt-2.6.33.7-rt29.47.el5rt.x86_64.rpm
kernel-rt-debug-2.6.33.7-rt29.47.el5rt.x86_64.rpm
kernel-rt-debug-debuginfo-2.6.33.7-rt29.47.el5rt.x86_64.rpm
kernel-rt-debug-devel-2.6.33.7-rt29.47.el5rt.x86_64.rpm
kernel-rt-debuginfo-2.6.33.7-rt29.47.el5rt.x86_64.rpm
kernel-rt-debuginfo-common-2.6.33.7-rt29.47.el5rt.x86_64.rpm
kernel-rt-devel-2.6.33.7-rt29.47.el5rt.x86_64.rpm
kernel-rt-trace-2.6.33.7-rt29.47.el5rt.x86_64.rpm
kernel-rt-trace-debuginfo-2.6.33.7-rt29.47.el5rt.x86_64.rpm
kernel-rt-trace-devel-2.6.33.7-rt29.47.el5rt.x86_64.rpm
kernel-rt-vanilla-2.6.33.7-rt29.47.el5rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-2.6.33.7-rt29.47.el5rt.x86_64.rpm
kernel-rt-vanilla-devel-2.6.33.7-rt29.47.el5rt.x86_64.rpm
perf-2.6.33.7-rt29.47.el5rt.x86_64.rpm
perf-debuginfo-2.6.33.7-rt29.47.el5rt.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-2962.html
https://www.redhat.com/security/data/cve/CVE-2010-3432.html
https://www.redhat.com/security/data/cve/CVE-2010-3442.html
https://www.redhat.com/security/data/cve/CVE-2010-3705.html
https://www.redhat.com/security/data/cve/CVE-2010-3858.html
https://www.redhat.com/security/data/cve/CVE-2010-3861.html
https://www.redhat.com/security/data/cve/CVE-2010-3874.html
https://www.redhat.com/security/data/cve/CVE-2010-3876.html
https://www.redhat.com/security/data/cve/CVE-2010-3880.html
https://www.redhat.com/security/data/cve/CVE-2010-4072.html
https://www.redhat.com/security/data/cve/CVE-2010-4073.html
https://www.redhat.com/security/data/cve/CVE-2010-4074.html
https://www.redhat.com/security/data/cve/CVE-2010-4075.html
https://www.redhat.com/security/data/cve/CVE-2010-4077.html
https://www.redhat.com/security/data/cve/CVE-2010-4079.html
https://www.redhat.com/security/data/cve/CVE-2010-4080.html
https://www.redhat.com/security/data/cve/CVE-2010-4082.html
https://www.redhat.com/security/data/cve/CVE-2010-4083.html
https://www.redhat.com/security/data/cve/CVE-2010-4157.html
https://www.redhat.com/security/data/cve/CVE-2010-4158.html
https://www.redhat.com/security/data/cve/CVE-2010-4169.html
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFM/+LlXlSAg2UNWIIRAn8PAJ4xFBVdWI5Eh9ZBCaBs2vpEQpLU0wC fdg3g
a0MdrCyeuuzqS7ocPAJ4oLE=
=MLpI
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 03-10-2011, 07:57 PM
 
Default Important: kernel-rt security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2011:0330-01
Product: Red Hat Enterprise MRG for RHEL-5
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0330.html
Issue date: 2011-03-10
CVE Names: CVE-2010-3477 CVE-2010-4160 CVE-2010-4162
CVE-2010-4163 CVE-2010-4165 CVE-2010-4242
CVE-2010-4248 CVE-2010-4249 CVE-2010-4250
CVE-2010-4346 CVE-2010-4347 CVE-2010-4565
CVE-2010-4648 CVE-2010-4649 CVE-2010-4655
CVE-2010-4656 CVE-2010-4668 CVE-2011-0521
CVE-2011-1044
================================================== ===================

1. Summary:

Updated kernel-rt packages that fix multiple security issues and three bugs
are now available for Red Hat Enterprise MRG 1.3.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

MRG Realtime for RHEL 5 Server - i386, noarch, x86_64

3. Description:

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

Security fixes:

* Missing boundary checks in the PPP over L2TP sockets implementation could
allow a local, unprivileged user to cause a denial of service or escalate
their privileges. (CVE-2010-4160, Important)

* Integer overflow in ib_uverbs_poll_cq() could allow a local, unprivileged
user to cause a denial of service or escalate their privileges.
(CVE-2010-4649, Important)

* Missing boundary check in dvb_ca_ioctl() in the av7110 module. On systems
using old DVB cards requiring the av7110 module, a local, unprivileged user
could use this flaw to cause a denial of service or escalate their
privileges. (CVE-2011-0521, Important)

* Flaw in tcf_act_police_dump() in the network traffic policing
implementation could allow a local, unprivileged user to cause an
information leak. (CVE-2010-3477, Moderate)

* Missing boundary checks in the block layer implementation could allow a
local, unprivileged user to cause a denial of service. (CVE-2010-4162,
CVE-2010-4163, CVE-2010-4668, Moderate)

* Divide-by-zero flaw in tcp_select_initial_window() in the Linux kernel's
TCP/IP protocol suite implementation could allow a local, unprivileged user
to cause a denial of service. (CVE-2010-4165, Moderate)

* NULL pointer dereference flaw in the Bluetooth HCI UART driver could
allow a local, unprivileged user to cause a denial of service.
(CVE-2010-4242, Moderate)

* Flaw in the CPU time clocks implementation for the POSIX clock interface
could allow a local, unprivileged user to cause a denial of service.
(CVE-2010-4248, Moderate)

* Flaw in the garbage collector for AF_UNIX sockets could allow a local,
unprivileged user to trigger a denial of service (out-of-memory condition).
(CVE-2010-4249, Moderate)

* Memory leak in the inotify_init() system call. In some cases, it could
leak a group, which could allow a local, unprivileged user to eventually
cause a denial of service. (CVE-2010-4250, Moderate)

* /sys/kernel/debug/acpi/custom_method had world-writable permissions,
which could allow a local, unprivileged user to escalate their privileges.
Note: The debugfs file system must be mounted locally to exploit this
issue. It is not mounted by default. (CVE-2010-4347, Moderate)

* Heap overflow in iowarrior_write() could allow a user with access to an
IO-Warrior USB device to cause a denial of service or escalate their
privileges. (CVE-2010-4656, Moderate)

* Missing security check in the Linux kernel's implementation of the
install_special_mapping routine could allow a local, unprivileged user to
bypass the mmap_min_addr protection mechanism. (CVE-2010-4346, Low)

* Information leak in bcm_connect() in the Controller Area Network (CAN)
Broadcast Manager implementation could allow a local, unprivileged user to
leak kernel mode addresses in /proc/net/can-bcm. (CVE-2010-4565, Low)

* A logic error in orinoco_ioctl_set_auth() in the Linux kernel's ORiNOCO
wireless extensions support implementation could render TKIP
countermeasures ineffective when it is enabled, as it enabled the card
instead of shutting it down. (CVE-2010-4648, Low)

* Missing initialization flaw in ethtool_get_regs() could allow a local
user who has the CAP_NET_ADMIN capability to cause an information leak.
(CVE-2010-4655, Low)

* Flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to
cause an information leak. (CVE-2011-1044, Low)

Red Hat would like to thank Dan Rosenberg for reporting CVE-2010-4160,
CVE-2010-4162, CVE-2010-4163, CVE-2010-4668, and CVE-2010-4565; Steve Chen
for reporting CVE-2010-4165; Alan Cox for reporting CVE-2010-4242; Vegard
Nossum for reporting CVE-2010-4249 and CVE-2010-4250; Kees Cook for
reporting CVE-2010-4656 and CVE-2010-4655; and Tavis Ormandy for reporting
CVE-2010-4346.

This update also fixes three bugs. Documentation for these bug fixes will
be available shortly from the Technical Notes document linked to in the
References section.

4. Solution:

Users should upgrade to these updated kernel-rt packages. They are
based on upstream version 2.6.33.7.2-rt30 (despite package naming) and
correct these issues. The system must be rebooted for this update to
take effect.

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

636386 - CVE-2010-3477 kernel: net/sched/act_police.c infoleak
641410 - CVE-2010-4242 kernel: missing tty ops write function presence check in hci_uart_tty_open()
651892 - CVE-2010-4160 kernel: L2TP send buffer allocation size overflows
652508 - CVE-2010-4165 kernel: possible kernel oops from user MSS
652529 - CVE-2010-4162 kernel: bio: integer overflow page count when mapping/copying user data
652957 - CVE-2010-4163 CVE-2010-4668 kernel: panic when submitting certain 0-length I/O requests
656264 - CVE-2010-4248 kernel: posix-cpu-timers: workaround to suppress the problems with mt exec
656756 - CVE-2010-4249 kernel: unix socket local dos
656830 - CVE-2010-4250 kernel: inotify memory leak
659574 - CVE-2010-4258 kernel: failure to revert address limit override in OOPS error path [mrg-1.3]
662189 - CVE-2010-4346 kernel: install_special_mapping skips security_file_mmap check
663542 - CVE-2010-4347 kernel: local privilege escalation via /sys/kernel/debug/acpi/custom_method
664544 - CVE-2010-4565 kernel: CAN info leak
667907 - CVE-2010-4648 kernel: orinoco: fix TKIP countermeasure behaviour
667916 - CVE-2010-4649 CVE-2011-1044 kernel: IB/uverbs: Handle large number of entries in poll CQ
672398 - CVE-2011-0521 kernel: av7110 negative array offset
672420 - CVE-2010-4656 kernel: iowarrior usb device heap overflow
672428 - CVE-2010-4655 kernel: heap contents leak for CAP_NET_ADMIN via ethtool ioctl

6. Package List:

MRG Realtime for RHEL 5 Server:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/kernel-rt-2.6.33.7-rt29.55.el5rt.src.rpm

i386:
kernel-rt-2.6.33.7-rt29.55.el5rt.i686.rpm
kernel-rt-debug-2.6.33.7-rt29.55.el5rt.i686.rpm
kernel-rt-debug-debuginfo-2.6.33.7-rt29.55.el5rt.i686.rpm
kernel-rt-debug-devel-2.6.33.7-rt29.55.el5rt.i686.rpm
kernel-rt-debuginfo-2.6.33.7-rt29.55.el5rt.i686.rpm
kernel-rt-debuginfo-common-2.6.33.7-rt29.55.el5rt.i686.rpm
kernel-rt-devel-2.6.33.7-rt29.55.el5rt.i686.rpm
kernel-rt-trace-2.6.33.7-rt29.55.el5rt.i686.rpm
kernel-rt-trace-debuginfo-2.6.33.7-rt29.55.el5rt.i686.rpm
kernel-rt-trace-devel-2.6.33.7-rt29.55.el5rt.i686.rpm
kernel-rt-vanilla-2.6.33.7-rt29.55.el5rt.i686.rpm
kernel-rt-vanilla-debuginfo-2.6.33.7-rt29.55.el5rt.i686.rpm
kernel-rt-vanilla-devel-2.6.33.7-rt29.55.el5rt.i686.rpm
perf-2.6.33.7-rt29.55.el5rt.i686.rpm
perf-debuginfo-2.6.33.7-rt29.55.el5rt.i686.rpm

noarch:
kernel-rt-doc-2.6.33.7-rt29.55.el5rt.noarch.rpm

x86_64:
kernel-rt-2.6.33.7-rt29.55.el5rt.x86_64.rpm
kernel-rt-debug-2.6.33.7-rt29.55.el5rt.x86_64.rpm
kernel-rt-debug-debuginfo-2.6.33.7-rt29.55.el5rt.x86_64.rpm
kernel-rt-debug-devel-2.6.33.7-rt29.55.el5rt.x86_64.rpm
kernel-rt-debuginfo-2.6.33.7-rt29.55.el5rt.x86_64.rpm
kernel-rt-debuginfo-common-2.6.33.7-rt29.55.el5rt.x86_64.rpm
kernel-rt-devel-2.6.33.7-rt29.55.el5rt.x86_64.rpm
kernel-rt-trace-2.6.33.7-rt29.55.el5rt.x86_64.rpm
kernel-rt-trace-debuginfo-2.6.33.7-rt29.55.el5rt.x86_64.rpm
kernel-rt-trace-devel-2.6.33.7-rt29.55.el5rt.x86_64.rpm
kernel-rt-vanilla-2.6.33.7-rt29.55.el5rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-2.6.33.7-rt29.55.el5rt.x86_64.rpm
kernel-rt-vanilla-devel-2.6.33.7-rt29.55.el5rt.x86_64.rpm
perf-2.6.33.7-rt29.55.el5rt.x86_64.rpm
perf-debuginfo-2.6.33.7-rt29.55.el5rt.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-3477.html
https://www.redhat.com/security/data/cve/CVE-2010-4160.html
https://www.redhat.com/security/data/cve/CVE-2010-4162.html
https://www.redhat.com/security/data/cve/CVE-2010-4163.html
https://www.redhat.com/security/data/cve/CVE-2010-4165.html
https://www.redhat.com/security/data/cve/CVE-2010-4242.html
https://www.redhat.com/security/data/cve/CVE-2010-4248.html
https://www.redhat.com/security/data/cve/CVE-2010-4249.html
https://www.redhat.com/security/data/cve/CVE-2010-4250.html
https://www.redhat.com/security/data/cve/CVE-2010-4346.html
https://www.redhat.com/security/data/cve/CVE-2010-4347.html
https://www.redhat.com/security/data/cve/CVE-2010-4565.html
https://www.redhat.com/security/data/cve/CVE-2010-4648.html
https://www.redhat.com/security/data/cve/CVE-2010-4649.html
https://www.redhat.com/security/data/cve/CVE-2010-4655.html
https://www.redhat.com/security/data/cve/CVE-2010-4656.html
https://www.redhat.com/security/data/cve/CVE-2010-4668.html
https://www.redhat.com/security/data/cve/CVE-2011-0521.html
https://www.redhat.com/security/data/cve/CVE-2011-1044.html
https://access.redhat.com/security/updates/classification/#important
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/1.3/html/Technical_Notes/chap-Package_Updates.html#RHSA-2011-0330

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFNeTsrXlSAg2UNWIIRAlygAJwN1qWRvHTL0hg3dWJ3Ki 2JuOBXdgCfew1i
A5AG5zgqnX11kLZiKmQyuTc=
=h5c7
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 05-10-2011, 06:18 PM
 
Default Important: kernel-rt security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2011:0500-01
Product: Red Hat Enterprise MRG for RHEL-5
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0500.html
Issue date: 2011-05-10
CVE Names: CVE-2011-0695 CVE-2011-0711 CVE-2011-0726
CVE-2011-1010 CVE-2011-1013 CVE-2011-1019
CVE-2011-1078 CVE-2011-1079 CVE-2011-1080
CVE-2011-1082 CVE-2011-1093 CVE-2011-1163
CVE-2011-1170 CVE-2011-1171 CVE-2011-1172
================================================== ===================

1. Summary:

Updated kernel-rt packages that fix multiple security issues and various
bugs are now available for Red Hat Enterprise MRG 1.3.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

MRG Realtime for RHEL 5 Server - i386, noarch, x86_64

3. Description:

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A race condition in the way the Linux kernel's InfiniBand implementation
set up new connections could allow a remote user to cause a denial of
service. (CVE-2011-0695, Important)

* An integer signedness flaw in drm_modeset_ctl() could allow a local,
unprivileged user to cause a denial of service or escalate their
privileges. (CVE-2011-1013, Important)

* A flaw in dccp_rcv_state_process() could allow a remote attacker to cause
a denial of service, even when the socket was already closed.
(CVE-2011-1093, Important)

* A missing validation of a null-terminated string data structure element
in bnep_sock_ioctl() could allow a local user to cause an information leak
or a denial of service. (CVE-2011-1079, Moderate)

* A flaw in the Linux kernel's Event Poll (epoll) implementation could
allow a local, unprivileged user to cause a denial of service.
(CVE-2011-1082, Moderate)

* A missing initialization flaw in the XFS file system implementation could
lead to an information leak. (CVE-2011-0711, Low)

* The start_code and end_code values in "/proc/[pid]/stat" were not
protected. In certain scenarios, this flaw could be used to defeat Address
Space Layout Randomization (ASLR). (CVE-2011-0726, Low)

* A missing validation check in the Linux kernel's mac_partition()
implementation, used for supporting file systems created on Mac OS
operating systems, could allow a local attacker to cause a denial of
service by mounting a disk that contains specially-crafted partitions.
(CVE-2011-1010, Low)

* A flaw in dev_load() could allow a local user who has the CAP_NET_ADMIN
capability to load arbitrary modules from "/lib/modules/", instead of only
netdev modules. (CVE-2011-1019, Low)

* A missing initialization flaw in sco_sock_getsockopt_old() could allow a
local, unprivileged user to cause an information leak. (CVE-2011-1078, Low)

* A buffer overflow flaw in the DEC Alpha OSF partition implementation in
the Linux kernel could allow a local attacker to cause an information leak
by mounting a disk that contains specially-crafted partition tables.
(CVE-2011-1163, Low)

* Missing validations of null-terminated string data structure elements
in the do_replace(), compat_do_replace(), do_ipt_get_ctl(),
do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user
who has the CAP_NET_ADMIN capability to cause an information leak.
(CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1080, Low)

Red Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695;
Vasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1019, CVE-2011-1078,
CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, and CVE-2011-1080; Nelson
Elhage for reporting CVE-2011-1082; Dan Rosenberg for reporting
CVE-2011-0711; Kees Cook for reporting CVE-2011-0726; and Timo Warns for
reporting CVE-2011-1010 and CVE-2011-1163.

This update also fixes various bugs. Documentation for these bug fixes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which upgrade the kernel-rt
kernel to version 2.6.33.9-rt31, and correct these issues. The system must
be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

653648 - CVE-2011-0695 kernel: panic in ib_cm:cm_work_handler
677260 - CVE-2011-0711 kernel: xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1
679282 - CVE-2011-1010 kernel: fs/partitions: Validate map_count in Mac partition tables
679925 - CVE-2011-1013 kernel: drm_modeset_ctl signedness issue
680360 - CVE-2011-1019 kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN
681259 - CVE-2011-1078 kernel: bt sco_conninfo infoleak
681260 - CVE-2011-1079 kernel: bnep device field missing NULL terminator
681262 - CVE-2011-1080 kernel: ebtables stack infoleak
681575 - CVE-2011-1082 kernel: potential kernel deadlock when creating circular epoll file structures
682954 - CVE-2011-1093 kernel: dccp: fix oops on Reset after close
684569 - CVE-2011-0726 kernel: proc: protect mm start_code/end_code in /proc/pid/stat
688021 - CVE-2011-1163 kernel: fs/partitions: Corrupted OSF partition table infoleak
689321 - CVE-2011-1170 ipv4: netfilter: arp_tables: fix infoleak to userspace
689327 - CVE-2011-1171 ipv4: netfilter: ip_tables: fix infoleak to userspace
689345 - CVE-2011-1172 ipv6: netfilter: ip6_tables: fix infoleak to userspace
692665 - bnx2x NICs occassionally do not come up on boot

6. Package List:

MRG Realtime for RHEL 5 Server:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/kernel-rt-2.6.33.9-rt31.64.el5rt.src.rpm

i386:
kernel-rt-2.6.33.9-rt31.64.el5rt.i686.rpm
kernel-rt-debug-2.6.33.9-rt31.64.el5rt.i686.rpm
kernel-rt-debug-debuginfo-2.6.33.9-rt31.64.el5rt.i686.rpm
kernel-rt-debug-devel-2.6.33.9-rt31.64.el5rt.i686.rpm
kernel-rt-debuginfo-2.6.33.9-rt31.64.el5rt.i686.rpm
kernel-rt-debuginfo-common-2.6.33.9-rt31.64.el5rt.i686.rpm
kernel-rt-devel-2.6.33.9-rt31.64.el5rt.i686.rpm
kernel-rt-trace-2.6.33.9-rt31.64.el5rt.i686.rpm
kernel-rt-trace-debuginfo-2.6.33.9-rt31.64.el5rt.i686.rpm
kernel-rt-trace-devel-2.6.33.9-rt31.64.el5rt.i686.rpm
kernel-rt-vanilla-2.6.33.9-rt31.64.el5rt.i686.rpm
kernel-rt-vanilla-debuginfo-2.6.33.9-rt31.64.el5rt.i686.rpm
kernel-rt-vanilla-devel-2.6.33.9-rt31.64.el5rt.i686.rpm
perf-2.6.33.9-rt31.64.el5rt.i686.rpm
perf-debuginfo-2.6.33.9-rt31.64.el5rt.i686.rpm

noarch:
kernel-rt-doc-2.6.33.9-rt31.64.el5rt.noarch.rpm

x86_64:
kernel-rt-2.6.33.9-rt31.64.el5rt.x86_64.rpm
kernel-rt-debug-2.6.33.9-rt31.64.el5rt.x86_64.rpm
kernel-rt-debug-debuginfo-2.6.33.9-rt31.64.el5rt.x86_64.rpm
kernel-rt-debug-devel-2.6.33.9-rt31.64.el5rt.x86_64.rpm
kernel-rt-debuginfo-2.6.33.9-rt31.64.el5rt.x86_64.rpm
kernel-rt-debuginfo-common-2.6.33.9-rt31.64.el5rt.x86_64.rpm
kernel-rt-devel-2.6.33.9-rt31.64.el5rt.x86_64.rpm
kernel-rt-trace-2.6.33.9-rt31.64.el5rt.x86_64.rpm
kernel-rt-trace-debuginfo-2.6.33.9-rt31.64.el5rt.x86_64.rpm
kernel-rt-trace-devel-2.6.33.9-rt31.64.el5rt.x86_64.rpm
kernel-rt-vanilla-2.6.33.9-rt31.64.el5rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-2.6.33.9-rt31.64.el5rt.x86_64.rpm
kernel-rt-vanilla-devel-2.6.33.9-rt31.64.el5rt.x86_64.rpm
perf-2.6.33.9-rt31.64.el5rt.x86_64.rpm
perf-debuginfo-2.6.33.9-rt31.64.el5rt.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-0695.html
https://www.redhat.com/security/data/cve/CVE-2011-0711.html
https://www.redhat.com/security/data/cve/CVE-2011-0726.html
https://www.redhat.com/security/data/cve/CVE-2011-1010.html
https://www.redhat.com/security/data/cve/CVE-2011-1013.html
https://www.redhat.com/security/data/cve/CVE-2011-1019.html
https://www.redhat.com/security/data/cve/CVE-2011-1078.html
https://www.redhat.com/security/data/cve/CVE-2011-1079.html
https://www.redhat.com/security/data/cve/CVE-2011-1080.html
https://www.redhat.com/security/data/cve/CVE-2011-1082.html
https://www.redhat.com/security/data/cve/CVE-2011-1093.html
https://www.redhat.com/security/data/cve/CVE-2011-1163.html
https://www.redhat.com/security/data/cve/CVE-2011-1170.html
https://www.redhat.com/security/data/cve/CVE-2011-1171.html
https://www.redhat.com/security/data/cve/CVE-2011-1172.html
https://access.redhat.com/security/updates/classification/#important
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/1.3/html/Technical_Notes/RHSA-2011-0500.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFNyYEtXlSAg2UNWIIRAmxmAJ9ywz4C0KHUJDhJSC4IuM 7d+EnC0ACePY1/
DCsJ+Fm6hnIhdDmh0lcD1uI=
=xL/Q
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 09-12-2011, 07:51 PM
 
Default Important: kernel-rt security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2011:1253-01
Product: Red Hat Enterprise MRG for RHEL-6
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1253.html
Issue date: 2011-09-12
CVE Names: CVE-2010-4243 CVE-2010-4526 CVE-2011-1020
CVE-2011-1021 CVE-2011-1090 CVE-2011-1160
CVE-2011-1478 CVE-2011-1479 CVE-2011-1494
CVE-2011-1495 CVE-2011-1576 CVE-2011-1577
CVE-2011-1585 CVE-2011-1593 CVE-2011-1598
CVE-2011-1745 CVE-2011-1746 CVE-2011-1748
CVE-2011-1767 CVE-2011-1768 CVE-2011-1770
CVE-2011-1776 CVE-2011-2022 CVE-2011-2183
CVE-2011-2213 CVE-2011-2484 CVE-2011-2491
CVE-2011-2492 CVE-2011-2495 CVE-2011-2496
CVE-2011-2497 CVE-2011-2517 CVE-2011-2695
================================================== ===================

1. Summary:

Updated kernel-rt packages that fix multiple security issues and various
bugs are now available for Red Hat Enterprise MRG 2.0.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64

3. Description:

Security fixes:

* A flaw in the SCTP and DCCP implementations could allow a remote attacker
to cause a denial of service. (CVE-2010-4526, CVE-2011-1770, Important)

* Flaws in the Management Module Support for Message Passing Technology
(MPT) based controllers could allow a local, unprivileged user to cause a
denial of service, an information leak, or escalate their privileges.
(CVE-2011-1494, CVE-2011-1495, Important)

* Flaws in the AGPGART driver, and a flaw in agp_allocate_memory(), could
allow a local user to cause a denial of service or escalate their
privileges. (CVE-2011-1745, CVE-2011-2022, CVE-2011-1746, Important)

* A flaw in the client-side NLM implementation could allow a local,
unprivileged user to cause a denial of service. (CVE-2011-2491, Important)

* A flaw in the Bluetooth implementation could allow a remote attacker to
cause a denial of service or escalate their privileges. (CVE-2011-2497,
Important)

* Flaws in the netlink-based wireless configuration interface could allow a
local user, who has the CAP_NET_ADMIN capability, to cause a denial of
service or escalate their privileges on systems that have an active
wireless interface. (CVE-2011-2517, Important)

* The maximum file offset handling for ext4 file systems could allow a
local, unprivileged user to cause a denial of service. (CVE-2011-2695,
Important)

* A local, unprivileged user could allocate large amounts of memory not
visible to the OOM killer, causing a denial of service. (CVE-2010-4243,
Moderate)

* The proc file system could allow a local, unprivileged user to obtain
sensitive information or possibly cause integrity issues. (CVE-2011-1020,
Moderate)

* A local, privileged user could possibly write arbitrary kernel memory via
/sys/kernel/debug/acpi/custom_method. (CVE-2011-1021, Moderate)

* Inconsistency in the methods for allocating and freeing NFSv4 ACL data;
CVE-2010-4250 fix caused a regression; a flaw in next_pidmap() and
inet_diag_bc_audit(); flaws in the CAN implementation; a race condition in
the memory merging support; a flaw in the taskstats subsystem; and the way
mapping expansions were handled could allow a local, unprivileged user to
cause a denial of service. (CVE-2011-1090, CVE-2011-1479, CVE-2011-1593,
CVE-2011-2213, CVE-2011-1598, CVE-2011-1748, CVE-2011-2183, CVE-2011-2484,
CVE-2011-2496, Moderate)

* A flaw in GRO could result in a denial of service when a malformed VLAN
frame is received. (CVE-2011-1478, Moderate)

* napi_reuse_skb() could be called on VLAN packets allowing an attacker on
the local network to possibly trigger a denial of service. (CVE-2011-1576,
Moderate)

* A denial of service could occur if packets were received while the ipip
or ip_gre module was being loaded. (CVE-2011-1767, CVE-2011-1768, Moderate)

* Information leaks. (CVE-2011-1160, CVE-2011-2492, CVE-2011-2495, Low)

* Flaws in the EFI GUID Partition Table implementation could allow a local
attacker to cause a denial of service. (CVE-2011-1577, CVE-2011-1776, Low)

* While a user has a CIFS share mounted that required successful
authentication, a local, unprivileged user could mount that share without
knowing the correct password if mount.cifs was setuid root. (CVE-2011-1585,
Low)

Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1770,
CVE-2011-1494, CVE-2011-1495, CVE-2011-2497, and CVE-2011-2213; Vasiliy
Kulikov of Openwall for reporting CVE-2011-1745, CVE-2011-2022,
CVE-2011-1746, CVE-2011-2484, and CVE-2011-2495; Vasily Averin for
reporting CVE-2011-2491; Brad Spengler for reporting CVE-2010-4243; Kees
Cook for reporting CVE-2011-1020; Robert Swiecki for reporting
CVE-2011-1593 and CVE-2011-2496; Oliver Hartkopp for reporting
CVE-2011-1748; Andrea Righi for reporting CVE-2011-2183; Ryan Sweat for
reporting CVE-2011-1478 and CVE-2011-1576; Peter Huewe for reporting
CVE-2011-1160; Marek Kroemeke and Filip Palian for reporting CVE-2011-2492;
and Timo Warns for reporting CVE-2011-1577 and CVE-2011-1776.

4. Solution:

This update also fixes various bugs. Documentation for these bug fixes
will be available shortly from the Technical Notes document linked to
in the References section.

Users should upgrade to these updated packages, which correct these
issues, and fix the bugs noted in the Technical Notes. The system
must be rebooted for this update to take effect.

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

625688 - CVE-2010-4243 kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads
664914 - CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect()
680358 - CVE-2011-1020 kernel: no access restrictions of /proc/pid/* after setuid program exec
680841 - CVE-2011-1021 kernel: /sys/kernel/debug/acpi/custom_method can bypass module restrictions
681987 - crash module required for RT kernel
682641 - CVE-2011-1090 kernel: nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab
684671 - CVE-2011-1160 kernel: tpm infoleaks
691270 - CVE-2011-1478 kernel: gro: reset dev and skb_iff on skb reuse
691793 - CVE-2011-1479 kernel: DoS (crash) due slab corruption in inotify_init1 (incomplete fix for CVE-2010-4250)
694021 - CVE-2011-1494 CVE-2011-1495 kernel: drivers/scsi/mpt2sas: prevent heap overflows
695173 - CVE-2011-1576 kernel: net: Fix memory leak/corruption on VLAN GRO_DROP
695976 - CVE-2011-1577 kernel: corrupted GUID partition tables can cause kernel oops
697394 - CVE-2011-1585 kernel: cifs session reuse
697822 - CVE-2011-1593 kernel: proc: signedness issue in next_pidmap()
698057 - CVE-2011-1598 CVE-2011-1748 kernel: missing check in can/bcm and can/raw socket releases
698996 - CVE-2011-1745 CVE-2011-2022 kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls
698998 - CVE-2011-1746 kernel: agp: insufficient page_count parameter checking in agp_allocate_memory()
702303 - CVE-2011-1767 CVE-2011-1768 kernel: netns vs proto registration ordering
703011 - CVE-2011-1770 kernel: dccp: handle invalid feature options length
703019 - CVE-2011-2492 kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace
703026 - CVE-2011-1776 kernel: validate size of EFI GUID partition entries
709393 - CVE-2011-2491 kernel: rpc task leak after flock()ing NFS share
710158 - CONFIG_NF_CT_ACCT is deprecated in kernel-rt-2.6.33.9-rt31.66.el6rt
710338 - CVE-2011-2183 kernel: ksm: race between ksmd and exiting task
714536 - CVE-2011-2213 kernel: inet_diag: insufficient validation
715436 - CVE-2011-2484 kernel: taskstats: duplicate entries in listener mode can lead to DoS
716538 - CVE-2011-2496 kernel: mm: avoid wrapping vm_pgoff in mremap() and stack expansions
716805 - CVE-2011-2497 kernel: bluetooth: buffer overflow in l2cap config request
716825 - CVE-2011-2495 kernel: /proc/PID/io infoleak
718152 - CVE-2011-2517 kernel: nl80211: missing check for valid SSID size in scan operations
722557 - CVE-2011-2695 kernel: ext4: kernel panic when writing data to the last block of sparse file
728310 - MRG/RT 2.6.33.9-rt31.73 is missing cxgb3/t3fw-7.10.0.bin firmware files
728551 - add /sys/kernel/realtime entry

6. Package List:

MRG Realtime for RHEL 6 Server v.2:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/kernel-rt-2.6.33.9-rt31.75.el6rt.src.rpm

noarch:
kernel-rt-doc-2.6.33.9-rt31.75.el6rt.noarch.rpm
kernel-rt-firmware-2.6.33.9-rt31.75.el6rt.noarch.rpm

x86_64:
kernel-rt-2.6.33.9-rt31.75.el6rt.x86_64.rpm
kernel-rt-debug-2.6.33.9-rt31.75.el6rt.x86_64.rpm
kernel-rt-debug-debuginfo-2.6.33.9-rt31.75.el6rt.x86_64.rpm
kernel-rt-debug-devel-2.6.33.9-rt31.75.el6rt.x86_64.rpm
kernel-rt-debuginfo-2.6.33.9-rt31.75.el6rt.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-2.6.33.9-rt31.75.el6rt.x86_64.rpm
kernel-rt-devel-2.6.33.9-rt31.75.el6rt.x86_64.rpm
kernel-rt-trace-2.6.33.9-rt31.75.el6rt.x86_64.rpm
kernel-rt-trace-debuginfo-2.6.33.9-rt31.75.el6rt.x86_64.rpm
kernel-rt-trace-devel-2.6.33.9-rt31.75.el6rt.x86_64.rpm
kernel-rt-vanilla-2.6.33.9-rt31.75.el6rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-2.6.33.9-rt31.75.el6rt.x86_64.rpm
kernel-rt-vanilla-devel-2.6.33.9-rt31.75.el6rt.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-4243.html
https://www.redhat.com/security/data/cve/CVE-2010-4526.html
https://www.redhat.com/security/data/cve/CVE-2011-1020.html
https://www.redhat.com/security/data/cve/CVE-2011-1021.html
https://www.redhat.com/security/data/cve/CVE-2011-1090.html
https://www.redhat.com/security/data/cve/CVE-2011-1160.html
https://www.redhat.com/security/data/cve/CVE-2011-1478.html
https://www.redhat.com/security/data/cve/CVE-2011-1479.html
https://www.redhat.com/security/data/cve/CVE-2011-1494.html
https://www.redhat.com/security/data/cve/CVE-2011-1495.html
https://www.redhat.com/security/data/cve/CVE-2011-1576.html
https://www.redhat.com/security/data/cve/CVE-2011-1577.html
https://www.redhat.com/security/data/cve/CVE-2011-1585.html
https://www.redhat.com/security/data/cve/CVE-2011-1593.html
https://www.redhat.com/security/data/cve/CVE-2011-1598.html
https://www.redhat.com/security/data/cve/CVE-2011-1745.html
https://www.redhat.com/security/data/cve/CVE-2011-1746.html
https://www.redhat.com/security/data/cve/CVE-2011-1748.html
https://www.redhat.com/security/data/cve/CVE-2011-1767.html
https://www.redhat.com/security/data/cve/CVE-2011-1768.html
https://www.redhat.com/security/data/cve/CVE-2011-1770.html
https://www.redhat.com/security/data/cve/CVE-2011-1776.html
https://www.redhat.com/security/data/cve/CVE-2011-2022.html
https://www.redhat.com/security/data/cve/CVE-2011-2183.html
https://www.redhat.com/security/data/cve/CVE-2011-2213.html
https://www.redhat.com/security/data/cve/CVE-2011-2484.html
https://www.redhat.com/security/data/cve/CVE-2011-2491.html
https://www.redhat.com/security/data/cve/CVE-2011-2492.html
https://www.redhat.com/security/data/cve/CVE-2011-2495.html
https://www.redhat.com/security/data/cve/CVE-2011-2496.html
https://www.redhat.com/security/data/cve/CVE-2011-2497.html
https://www.redhat.com/security/data/cve/CVE-2011-2517.html
https://www.redhat.com/security/data/cve/CVE-2011-2695.html
https://access.redhat.com/security/updates/classification/#important
https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2.0/html/Technical_Notes/index.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFObmKpXlSAg2UNWIIRAu/+AKC5klLY86rE+GjnaB/PpvDxdnA5JQCeMAh8
/3pm1OOL516ZQdr1dp5MUI0=
=s43q
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 01-10-2012, 07:24 PM
 
Default Important: kernel-rt security and bug fix update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2012:0010-01
Product: Red Hat Enterprise MRG for RHEL-6
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0010.html
Issue date: 2012-01-10
CVE Names: CVE-2011-1162 CVE-2011-2494 CVE-2011-2723
CVE-2011-2898 CVE-2011-3188 CVE-2011-3191
CVE-2011-3353 CVE-2011-3359 CVE-2011-3363
CVE-2011-3637 CVE-2011-4081 CVE-2011-4110
CVE-2011-4132 CVE-2011-4326
================================================== ===================

1. Summary:

Updated kernel-rt packages that fix several security issues and two bugs
are now available for Red Hat Enterprise MRG 2.0.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64

3. Description:

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A malicious CIFS (Common Internet File System) server could send a
specially-crafted response to a directory read request that would result in
a denial of service or privilege escalation on a system that has a CIFS
share mounted. (CVE-2011-3191, Important)

* The way fragmented IPv6 UDP datagrams over the bridge with UDP
Fragmentation Offload (UFO) functionality on were handled could allow a
remote attacker to cause a denial of service. (CVE-2011-4326, Important)

* GRO (Generic Receive Offload) fields could be left in an inconsistent
state. An attacker on the local network could use this flaw to cause a
denial of service. GRO is enabled by default in all network drivers that
support it. (CVE-2011-2723, Moderate)

* IPv4 and IPv6 protocol sequence number and fragment ID generation could
allow a man-in-the-middle attacker to inject packets and possibly hijack
connections. Protocol sequence numbers and fragment IDs are now more
random. (CVE-2011-3188, Moderate)

* A flaw in the FUSE (Filesystem in Userspace) implementation could allow
a local user in the fuse group who has access to mount a FUSE file system
to cause a denial of service. (CVE-2011-3353, Moderate)

* A flaw in the b43 driver. If a system had an active wireless interface
that uses the b43 driver, an attacker able to send a specially-crafted
frame to that interface could cause a denial of service. (CVE-2011-3359,
Moderate)

* A flaw in the way CIFS shares with DFS referrals at their root were
handled could allow an attacker on the local network, who is able to deploy
a malicious CIFS server, to create a CIFS network share that, when mounted,
would cause the client system to crash. (CVE-2011-3363, Moderate)

* A flaw in the m_stop() implementation could allow a local, unprivileged
user to trigger a denial of service. (CVE-2011-3637, Moderate)

* Flaws in ghash_update() and ghash_final() could allow a local,
unprivileged user to cause a denial of service. (CVE-2011-4081, Moderate)

* A flaw in the key management facility could allow a local, unprivileged
user to cause a denial of service via the keyctl utility. (CVE-2011-4110,
Moderate)

* A flaw in the Journaling Block Device (JBD) could allow a local attacker
to crash the system by mounting a specially-crafted ext3 or ext4 disk.
(CVE-2011-4132, Moderate)

* A flaw in the way memory containing security-related data was handled in
tpm_read() could allow a local, unprivileged user to read the results of a
previously run TPM command. (CVE-2011-1162, Low)

* I/O statistics from the taskstats subsystem could be read without any
restrictions, which could allow a local, unprivileged user to gather
confidential information, such as the length of a password used in a
process. (CVE-2011-2494, Low)

* Flaws in tpacket_rcv() and packet_recvmsg() could allow a local,
unprivileged user to leak information to user-space. (CVE-2011-2898, Low)

Red Hat would like to thank Darren Lavender for reporting CVE-2011-3191;
Brent Meshier for reporting CVE-2011-2723; Dan Kaminsky for reporting
CVE-2011-3188; Yogesh Sharma for reporting CVE-2011-3363; Nick Bowler for
reporting CVE-2011-4081; Peter Huewe for reporting CVE-2011-1162; and
Vasiliy Kulikov of Openwall for reporting CVE-2011-2494.

This update also fixes the following bugs:

* Previously, a mismatch in the build-id of the kernel-rt and the one in
the related debuginfo package caused failures in SystemTap and perf.
(BZ#768413)

* IBM x3650m3 systems were not able to boot the MRG Realtime kernel because
they require a pmcraid driver that was not available. The pmcraid driver is
included in this update. (BZ#753992)

Users should upgrade to these updated packages, which correct these issues.
The system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

716842 - CVE-2011-2494 kernel: taskstats io infoleak
726552 - CVE-2011-2723 kernel: gro: only reset frag0 when skb can be pulled
728023 - CVE-2011-2898 kernel: af_packet: infoleak
732629 - CVE-2011-1162 kernel: tpm: infoleak
732658 - CVE-2011-3188 kernel: net: improve sequence number generation
732869 - CVE-2011-3191 kernel: cifs: signedness issue in CIFSFindNext()
736761 - CVE-2011-3353 kernel: fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message
738202 - CVE-2011-3359 kernel: b43: allocate receive buffers big enough for max frame len + offset
738291 - CVE-2011-3363 kernel: cifs: always do is_path_accessible check in cifs_mount
747848 - CVE-2011-3637 kernel: proc: fix oops on invalid /proc/<pid>/maps access
749475 - CVE-2011-4081 kernel: crypto: ghash: null pointer deref if no key is set
751297 - CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type
753341 - CVE-2011-4132 kernel: jbd/jbd2: invalid value of first log block leads to oops
755584 - CVE-2011-4326 kernel: wrong headroom check in udp6_ufo_fragment()

6. Package List:

MRG Realtime for RHEL 6 Server v.2:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/kernel-rt-2.6.33.9-rt31.79.el6rt.src.rpm

noarch:
kernel-rt-doc-2.6.33.9-rt31.79.el6rt.noarch.rpm
kernel-rt-firmware-2.6.33.9-rt31.79.el6rt.noarch.rpm

x86_64:
kernel-rt-2.6.33.9-rt31.79.el6rt.x86_64.rpm
kernel-rt-debug-2.6.33.9-rt31.79.el6rt.x86_64.rpm
kernel-rt-debug-debuginfo-2.6.33.9-rt31.79.el6rt.x86_64.rpm
kernel-rt-debug-devel-2.6.33.9-rt31.79.el6rt.x86_64.rpm
kernel-rt-debuginfo-2.6.33.9-rt31.79.el6rt.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-2.6.33.9-rt31.79.el6rt.x86_64.rpm
kernel-rt-devel-2.6.33.9-rt31.79.el6rt.x86_64.rpm
kernel-rt-trace-2.6.33.9-rt31.79.el6rt.x86_64.rpm
kernel-rt-trace-debuginfo-2.6.33.9-rt31.79.el6rt.x86_64.rpm
kernel-rt-trace-devel-2.6.33.9-rt31.79.el6rt.x86_64.rpm
kernel-rt-vanilla-2.6.33.9-rt31.79.el6rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-2.6.33.9-rt31.79.el6rt.x86_64.rpm
kernel-rt-vanilla-devel-2.6.33.9-rt31.79.el6rt.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-1162.html
https://www.redhat.com/security/data/cve/CVE-2011-2494.html
https://www.redhat.com/security/data/cve/CVE-2011-2723.html
https://www.redhat.com/security/data/cve/CVE-2011-2898.html
https://www.redhat.com/security/data/cve/CVE-2011-3188.html
https://www.redhat.com/security/data/cve/CVE-2011-3191.html
https://www.redhat.com/security/data/cve/CVE-2011-3353.html
https://www.redhat.com/security/data/cve/CVE-2011-3359.html
https://www.redhat.com/security/data/cve/CVE-2011-3363.html
https://www.redhat.com/security/data/cve/CVE-2011-3637.html
https://www.redhat.com/security/data/cve/CVE-2011-4081.html
https://www.redhat.com/security/data/cve/CVE-2011-4110.html
https://www.redhat.com/security/data/cve/CVE-2011-4132.html
https://www.redhat.com/security/data/cve/CVE-2011-4326.html
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPDJ6FXlSAg2UNWIIRAsrYAKCLerKtJ4QtRBX9XbrUMn 6hOusSYACcDy1x
DrRqrqyb3B96r051baGDAZU=
=M480
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 

Thread Tools




All times are GMT. The time now is 12:46 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org