Home / mailingsPDF  

[RHSA-2012:0862-04] Moderate: Red Hat Enterprise Linux 6 kernel

Posted on 20 June 2012
RedHat

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat Enterprise Linux 6 kernel security, bug fix and enhancement update
Advisory ID: RHSA-2012:0862-04
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0862.html
Issue date: 2012-06-20
CVE Names: CVE-2011-1083 CVE-2011-4131
=====================================================================

1. Summary:

Updated kernel packages that fix two security issues, address several
hundred bugs and add numerous enhancements are now available as part of the
ongoing support and maintenance of Red Hat Enterprise Linux version 6. This
is the third regular update.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A flaw was found in the way the Linux kernel's Event Poll (epoll)
subsystem handled large, nested epoll structures. A local, unprivileged
user could use this flaw to cause a denial of service. (CVE-2011-1083,
Moderate)

* A malicious Network File System version 4 (NFSv4) server could return a
crafted reply to a GETACL request, causing a denial of service on the
client. (CVE-2011-4131, Moderate)

Red Hat would like to thank Nelson Elhage for reporting CVE-2011-1083, and
Andy Adamson for reporting CVE-2011-4131.

This update also fixes several hundred bugs and adds enhancements. Refer to
the Red Hat Enterprise Linux 6.3 Release Notes for information on the most
significant of these changes, and the Technical Notes for further
information, both linked to in the References.

All Red Hat Enterprise Linux 6 users are advised to install these updated
packages, which correct these issues, and fix the bugs and add the
enhancements noted in the Red Hat Enterprise Linux 6.3 Release Notes and
Technical Notes. The system must be rebooted for this update to take
effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

542378 - fix suspend to disk of virtio block
596419 - capability check in pci_read_config() bypasses lsm/selinux
623913 - [virtio] virtio-serial doesn't work after s3/s4 in kvm guest.
624189 - [virtio] virtio-balloon doesn't work after s3/s4 in kvm guest.
624756 - idle time accounted for twice in /proc/stat for Xen guest
645365 - KVM: Implement emulation of emulated virtual PMU
681578 - CVE-2011-1083 kernel: excessive in kernel CPU consumption when creating large nested epoll structures
694801 - Guest fail to resume from S4 if guest using kvmclock
726369 - host reboot auto when run guest with cgroup charge_migrate enabled
727700 - Anomaly in mbind memory map causing Java Hotspot JVM Seg fault with NUMA aware ParallelScavange GC
729586 - xen: fix drive naming
735105 - ext4 corruption via Ceph userspace program
738151 - xHCI driver died after times of attach/detach usb3 hub(with usb3 device) from usb3 root hub
745713 - command-line clocksource override fails
745775 - Unable to unmount autofs filesystems inside a container
745952 - cxgb4: remove forgotten real_num_tx_queues inicialization
746929 - nVidia NVS 300 -- won't boot
747034 - nVidia NVS 450 -- won't boot
747106 - CVE-2011-4131 kernel: nfs4_getfacl decoding kernel oops
749117 - extN: new file created even if open(2) returned -EPERM
752137 - memcg: catch memcg page accounting leaks in debug kernel
755046 - max_segments in dm is always 128
756307 - Failed to boot RHEL6.2 hvm guest with three NICs when using xvdx disk
757040 - Network RPS miscellaneous bugs, RPS unusable
758707 - hpsa: Add IRQF_SHARED back in for the non-MSI(X) interrupt handler
766554 - ecryptfs keeps directory busy even after umount
767992 - nfnetlink_log.h - missing definitions in userspace
769652 - scsi_alloc_sdev can leak memory
770250 - readdir64_r calls fail with ELOOP
772317 - Disable LRO for all NICs that have LRO enabled
772874 - cifs: multiple process stuck waiting for page lock
773219 - Detach a busy block device for 64 bit pv guest sometimes crash
773705 - cifs: i/o error on copying file > 102336 bytes
781524 - AMD IOMMU driver hands out dma handles that are in the MSI address range
784351 - IMA audit events don't show success correctly
784856 - KVM: expose FMA4 & TBM to guest
786149 - CIFS DFS doesn't work in kernel versions 2.6.32-220.x.x.el6.x86_64
786610 - PCI device reset can cause a kernel bug
786693 - Fix recently identified races within the autofs kernel wait code
788562 - kvm guest hangs when hot-plugged vcpu is onlined due to uninitialized hv_clock
790418 - Request for kernal ABI additions
790961 - pNFS: Auto-load the pNFS kernel module
796099 - add myri10ge firmware
799075 - Fix setting of bio flags
800041 - iSER (iscsi rdma) connection can get broken as of missing receive buffers
801111 - [Mellanox 6.3 Feature]: update mlx4_en driver to support SRIOV
803132 - [Kernel-251] Guest got reboot instead of wakeup after resume from S3 with kvmclock
803187 - Guest mouse and keyboard got unresponsive after resume from S3 with virtio devices
803239 - Call Trace when use netfront NIC on RHEL6.3 HVM guest with xen_emul_unplug=never
803620 - backport vpmu fixes from upstream
807215 - after host S4 the guest can not work normally
807354 - xenpv guests fail to find root device
808571 - rhel 6.3 -- add relevant wireless fixes from upstream 3.2.y tree
809231 - merged back raid image (with change tracking) doesn't appear to get synced properly
810222 - Revert "[virt] xen: mask MTRR feature from guest BZ#750758"
811669 - Suspend/resume of an out-of-sync RAID LV will cause the sync process to stall
812259 - add option to disable 5GHz band to iwlwifi
813550 - [REGRESSION] be2iscsi: fix softirq errors when logging in and doing IO
813678 - [FCoE Target] Please disable debug logging of "tcm_fc" "ft_dump_cmd 2700002a 00009aba 000000bc 00000000"
813948 - DM RAID: Reintegrating RAID1 devices causes fullsync even when partial would do
814302 - large writes to ext4 may return incorrect value
815751 - cifs: Show backupuid/gid in /proc/mounts
815785 - kdump fails with lapic error in xen hvm guest
816099 - Guest doesn't let host know of open virtio console ports after resume
816569 - Cannot un/mute audio via alsamixer for HDA codec CX20561 (Hermosa)
817236 - Regression since 2.6.32-266.el6 AMD host writes 150+ GB dmesg logs
818371 - kernel crashes when snapshots of mounted raid volumes are taken
820507 - idle field does not increase monotonically in /proc/stat
822189 - [RHEL6.3][kernel debug] Connectathon 'Special' test failures NFSv2,3
824287 - [REGRESSION] be2iscsi: fix dma free size mismatch

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-279.el6.src.rpm

i386:
kernel-2.6.32-279.el6.i686.rpm
kernel-debug-2.6.32-279.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-279.el6.i686.rpm
kernel-debug-devel-2.6.32-279.el6.i686.rpm
kernel-debuginfo-2.6.32-279.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-279.el6.i686.rpm
kernel-devel-2.6.32-279.el6.i686.rpm
kernel-headers-2.6.32-279.el6.i686.rpm
perf-2.6.32-279.el6.i686.rpm
perf-debuginfo-2.6.32-279.el6.i686.rpm
python-perf-debuginfo-2.6.32-279.el6.i686.rpm

noarch:
kernel-doc-2.6.32-279.el6.noarch.rpm
kernel-firmware-2.6.32-279.el6.noarch.rpm

x86_64:
kernel-2.6.32-279.el6.x86_64.rpm
kernel-debug-2.6.32-279.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-279.el6.x86_64.rpm
kernel-debug-devel-2.6.32-279.el6.x86_64.rpm
kernel-debuginfo-2.6.32-279.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-279.el6.x86_64.rpm
kernel-devel-2.6.32-279.el6.x86_64.rpm
kernel-headers-2.6.32-279.el6.x86_64.rpm
perf-2.6.32-279.el6.x86_64.rpm
perf-debuginfo-2.6.32-279.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-279.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-279.el6.src.rpm

i386:
kernel-debug-debuginfo-2.6.32-279.el6.i686.rpm
kernel-debuginfo-2.6.32-279.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-279.el6.i686.rpm
perf-debuginfo-2.6.32-279.el6.i686.rpm
python-perf-2.6.32-279.el6.i686.rpm
python-perf-debuginfo-2.6.32-279.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-279.el6.x86_64.rpm
kernel-debuginfo-2.6.32-279.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-279.el6.x86_64.rpm
perf-debuginfo-2.6.32-279.el6.x86_64.rpm
python-perf-2.6.32-279.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-279.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-279.el6.src.rpm

noarch:
kernel-doc-2.6.32-279.el6.noarch.rpm
kernel-firmware-2.6.32-279.el6.noarch.rpm

x86_64:
kernel-2.6.32-279.el6.x86_64.rpm
kernel-debug-2.6.32-279.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-279.el6.x86_64.rpm
kernel-debug-devel-2.6.32-279.el6.x86_64.rpm
kernel-debuginfo-2.6.32-279.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-279.el6.x86_64.rpm
kernel-devel-2.6.32-279.el6.x86_64.rpm
kernel-headers-2.6.32-279.el6.x86_64.rpm
perf-2.6.32-279.el6.x86_64.rpm
perf-debuginfo-2.6.32-279.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-279.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-279.el6.src.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-279.el6.x86_64.rpm
kernel-debuginfo-2.6.32-279.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-279.el6.x86_64.rpm
perf-debuginfo-2.6.32-279.el6.x86_64.rpm
python-perf-2.6.32-279.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-279.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-279.el6.src.rpm

i386:
kernel-2.6.32-279.el6.i686.rpm
kernel-debug-2.6.32-279.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-279.el6.i686.rpm
kernel-debug-devel-2.6.32-279.el6.i686.rpm
kernel-debuginfo-2.6.32-279.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-279.el6.i686.rpm
kernel-devel-2.6.32-279.el6.i686.rpm
kernel-headers-2.6.32-279.el6.i686.rpm
perf-2.6.32-279.el6.i686.rpm
perf-debuginfo-2.6.32-279.el6.i686.rpm
python-perf-debuginfo-2.6.32-279.el6.i686.rpm

noarch:
kernel-doc-2.6.32-279.el6.noarch.rpm
kernel-firmware-2.6.32-279.el6.noarch.rpm

ppc64:
kernel-2.6.32-279.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-279.el6.ppc64.rpm
kernel-debug-2.6.32-279.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-279.el6.ppc64.rpm
kernel-debug-devel-2.6.32-279.el6.ppc64.rpm
kernel-debuginfo-2.6.32-279.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-279.el6.ppc64.rpm
kernel-devel-2.6.32-279.el6.ppc64.rpm
kernel-headers-2.6.32-279.el6.ppc64.rpm
perf-2.6.32-279.el6.ppc64.rpm
perf-debuginfo-2.6.32-279.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-279.el6.ppc64.rpm

s390x:
kernel-2.6.32-279.el6.s390x.rpm
kernel-debug-2.6.32-279.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-279.el6.s390x.rpm
kernel-debug-devel-2.6.32-279.el6.s390x.rpm
kernel-debuginfo-2.6.32-279.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-279.el6.s390x.rpm
kernel-devel-2.6.32-279.el6.s390x.rpm
kernel-headers-2.6.32-279.el6.s390x.rpm
kernel-kdump-2.6.32-279.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-279.el6.s390x.rpm
kernel-kdump-devel-2.6.32-279.el6.s390x.rpm
perf-2.6.32-279.el6.s390x.rpm
perf-debuginfo-2.6.32-279.el6.s390x.rpm
python-perf-debuginfo-2.6.32-279.el6.s390x.rpm

x86_64:
kernel-2.6.32-279.el6.x86_64.rpm
kernel-debug-2.6.32-279.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-279.el6.x86_64.rpm
kernel-debug-devel-2.6.32-279.el6.x86_64.rpm
kernel-debuginfo-2.6.32-279.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-279.el6.x86_64.rpm
kernel-devel-2.6.32-279.el6.x86_64.rpm
kernel-headers-2.6.32-279.el6.x86_64.rpm
perf-2.6.32-279.el6.x86_64.rpm
perf-debuginfo-2.6.32-279.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-279.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-279.el6.src.rpm

i386:
kernel-debug-debuginfo-2.6.32-279.el6.i686.rpm
kernel-debuginfo-2.6.32-279.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-279.el6.i686.rpm
perf-debuginfo-2.6.32-279.el6.i686.rpm
python-perf-2.6.32-279.el6.i686.rpm
python-perf-debuginfo-2.6.32-279.el6.i686.rpm

ppc64:
kernel-debug-debuginfo-2.6.32-279.el6.ppc64.rpm
kernel-debuginfo-2.6.32-279.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-279.el6.ppc64.rpm
perf-debuginfo-2.6.32-279.el6.ppc64.rpm
python-perf-2.6.32-279.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-279.el6.ppc64.rpm

s390x:
kernel-debug-debuginfo-2.6.32-279.el6.s390x.rpm
kernel-debuginfo-2.6.32-279.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-279.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-279.el6.s390x.rpm
perf-debuginfo-2.6.32-279.el6.s390x.rpm
python-perf-2.6.32-279.el6.s390x.rpm
python-perf-debuginfo-2.6.32-279.el6.s390x.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-279.el6.x86_64.rpm
kernel-debuginfo-2.6.32-279.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-279.el6.x86_64.rpm
perf-debuginfo-2.6.32-279.el6.x86_64.rpm
python-perf-2.6.32-279.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-279.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-279.el6.src.rpm

i386:
kernel-2.6.32-279.el6.i686.rpm
kernel-debug-2.6.32-279.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-279.el6.i686.rpm
kernel-debug-devel-2.6.32-279.el6.i686.rpm
kernel-debuginfo-2.6.32-279.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-279.el6.i686.rpm
kernel-devel-2.6.32-279.el6.i686.rpm
kernel-headers-2.6.32-279.el6.i686.rpm
perf-2.6.32-279.el6.i686.rpm
perf-debuginfo-2.6.32-279.el6.i686.rpm
python-perf-debuginfo-2.6.32-279.el6.i686.rpm

noarch:
kernel-doc-2.6.32-279.el6.noarch.rpm
kernel-firmware-2.6.32-279.el6.noarch.rpm

x86_64:
kernel-2.6.32-279.el6.x86_64.rpm
kernel-debug-2.6.32-279.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-279.el6.x86_64.rpm
kernel-debug-devel-2.6.32-279.el6.x86_64.rpm
kernel-debuginfo-2.6.32-279.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-279.el6.x86_64.rpm
kernel-devel-2.6.32-279.el6.x86_64.rpm
kernel-headers-2.6.32-279.el6.x86_64.rpm
perf-2.6.32-279.el6.x86_64.rpm
perf-debuginfo-2.6.32-279.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-279.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-279.el6.src.rpm

i386:
kernel-debug-debuginfo-2.6.32-279.el6.i686.rpm
kernel-debuginfo-2.6.32-279.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-279.el6.i686.rpm
perf-debuginfo-2.6.32-279.el6.i686.rpm
python-perf-2.6.32-279.el6.i686.rpm
python-perf-debuginfo-2.6.32-279.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-279.el6.x86_64.rpm
kernel-debuginfo-2.6.32-279.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-279.el6.x86_64.rpm
perf-debuginfo-2.6.32-279.el6.x86_64.rpm
python-perf-2.6.32-279.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-279.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-1083.html
https://www.redhat.com/security/data/cve/CVE-2011-4131.html
https://access.redhat.com/security/updates/classification/#moderate
https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/kernel.html#RHSA-2012-0862
https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.3_Release_Notes/index.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.

 

TOP