Red Hat Security Advisory: kernel security and bug fix update Security Advisory secalert@redhat.com Red Hat Security Response Team RHSA-2012:1304 Final 1 1 2012-09-25T17:21:00Z Current version 2012-09-25T17:21:00Z 2012-09-25T17:21:00Z Red Hat rhsa-to-cvrf 1.0.1484 2012-09-25T18:59:02Z Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * An integer overflow flaw was found in the i915_gem_do_execbuffer() function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. This issue only affected 32-bit systems. (CVE-2012-2384, Moderate) * A memory leak flaw was found in the way the Linux kernel's memory subsystem handled resource clean up in the mmap() failure path when the MAP_HUGETLB flag was set. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2390, Moderate) * A race condition was found in the way access to inet->opt ip_options was synchronized in the Linux kernel's TCP/IP protocol suite implementation. Depending on the network facing applications running on the system, a remote attacker could possibly trigger this flaw to cause a denial of service. A local, unprivileged user could use this flaw to cause a denial of service regardless of the applications the system runs. (CVE-2012-3552, Moderate) * A flaw was found in the way the Linux kernel's dl2k driver, used by certain D-Link Gigabit Ethernet adapters, restricted IOCTLs. A local, unprivileged user could use this flaw to issue potentially harmful IOCTLs, which could cause Ethernet adapters using the dl2k driver to malfunction (for example, losing network connectivity). (CVE-2012-2313, Low) * A flaw was found in the way the msg_namelen variable in the rds_recvmsg() function of the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation was initialized. A local, unprivileged user could use this flaw to leak kernel stack memory to user-space. (CVE-2012-3430, Low) Red Hat would like to thank Hafid Lin for reporting CVE-2012-3552, and Stephan Mueller for reporting CVE-2012-2313. The CVE-2012-3430 issue was discovered by the Red Hat InfiniBand team. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. Please see https://www.redhat.com/footer/terms-of-use.html Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate https://rhn.redhat.com/errata/RHSA-2012-1304.html https://rhn.redhat.com/errata/RHSA-2012-1304.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/kernel.html#RHSA-2012-1304 https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/kernel.html#RHSA-2012-1304 https://bugzilla.redhat.com/show_bug.cgi?id=842982 https://bugzilla.redhat.com/show_bug.cgi?id=842982 https://bugzilla.redhat.com/show_bug.cgi?id=847945 https://bugzilla.redhat.com/show_bug.cgi?id=847945 https://bugzilla.redhat.com/show_bug.cgi?id=849051 https://bugzilla.redhat.com/show_bug.cgi?id=849051 https://bugzilla.redhat.com/show_bug.cgi?id=851444 https://bugzilla.redhat.com/show_bug.cgi?id=851444 Red Hat Enterprise Linux HPC Node Optional (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Workstation (v. 6) Red Hat Enterprise Linux Desktop Optional (v. 6) Red Hat Enterprise Linux Workstation Optional (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux Server Optional (v. 6) kernel-2.6.32-279.9.1.el6.src.rpm kernel-2.6.32-279.9.1.el6 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6) kernel-2.6.32-279.9.1.el6 as a component of Red Hat Enterprise Linux Server (v. 6) kernel-2.6.32-279.9.1.el6 as a component of Red Hat Enterprise Linux Workstation (v. 6) kernel-2.6.32-279.9.1.el6 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6) kernel-2.6.32-279.9.1.el6 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6) kernel-2.6.32-279.9.1.el6 as a component of Red Hat Enterprise Linux HPC Node (v. 6) kernel-2.6.32-279.9.1.el6 as a component of Red Hat Enterprise Linux Desktop (v. 6) kernel-2.6.32-279.9.1.el6 as a component of Red Hat Enterprise Linux Server Optional (v. 6) A flaw was found in the way the Linux kernel's dl2k driver, used by certain D-Link Gigabit Ethernet adapters, restricted IOCTLs. A local, unprivileged user could use this flaw to issue potentially harmful IOCTLs, which could cause Ethernet adapters using the dl2k driver to malfunction (for example, losing network connectivity). 2012-04-26T00:00:00Z 2012-04-26T00:00:00Z CVE-2012-2313 6Client-6.3.z:kernel-2.6.32-279.9.1.el6 6Client-optional-6.3.z:kernel-2.6.32-279.9.1.el6 6ComputeNode-6.3.z:kernel-2.6.32-279.9.1.el6 6ComputeNode-optional-6.3.z:kernel-2.6.32-279.9.1.el6 6Server-6.3.z:kernel-2.6.32-279.9.1.el6 6Server-optional-6.3.z:kernel-2.6.32-279.9.1.el6 6Workstation-6.3.z:kernel-2.6.32-279.9.1.el6 6Workstation-optional-6.3.z:kernel-2.6.32-279.9.1.el6 Low 1.2 AV:L/AC:H/Au:N/C:N/I:N/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. https://rhn.redhat.com/errata/RHSA-2012-1304.html https://www.redhat.com/security/data/cve/CVE-2012-2313.html CVE-2012-2313 https://bugzilla.redhat.com/show_bug.cgi?id=818820 bz#818820: CVE-2012-2313 kernel: unfiltered netdev rio_ioctl access by users Red Hat would like to thank Stephan Mueller for reporting this issue. An integer overflow flaw was found in the i915_gem_do_execbuffer() function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. This issue only affected 32-bit systems. 2012-05-21T00:00:00Z 2012-04-23T00:00:00Z CVE-2012-2384 6Client-6.3.z:kernel-2.6.32-279.9.1.el6 6Client-optional-6.3.z:kernel-2.6.32-279.9.1.el6 6ComputeNode-6.3.z:kernel-2.6.32-279.9.1.el6 6ComputeNode-optional-6.3.z:kernel-2.6.32-279.9.1.el6 6Server-6.3.z:kernel-2.6.32-279.9.1.el6 6Server-optional-6.3.z:kernel-2.6.32-279.9.1.el6 6Workstation-6.3.z:kernel-2.6.32-279.9.1.el6 6Workstation-optional-6.3.z:kernel-2.6.32-279.9.1.el6 Moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. https://rhn.redhat.com/errata/RHSA-2012-1304.html https://www.redhat.com/security/data/cve/CVE-2012-2384.html CVE-2012-2384 https://bugzilla.redhat.com/show_bug.cgi?id=824178 bz#824178: CVE-2012-2384 kernel: drm/i915: integer overflow in i915_gem_do_execbuffer() A memory leak flaw was found in the way the Linux kernel's memory subsystem handled resource clean up in the mmap() failure path when the MAP_HUGETLB flag was set. A local, unprivileged user could use this flaw to cause a denial of service. 2012-05-22T00:00:00Z 2012-05-17T00:00:00Z CVE-2012-2390 6Client-6.3.z:kernel-2.6.32-279.9.1.el6 6Client-optional-6.3.z:kernel-2.6.32-279.9.1.el6 6ComputeNode-6.3.z:kernel-2.6.32-279.9.1.el6 6ComputeNode-optional-6.3.z:kernel-2.6.32-279.9.1.el6 6Server-6.3.z:kernel-2.6.32-279.9.1.el6 6Server-optional-6.3.z:kernel-2.6.32-279.9.1.el6 6Workstation-6.3.z:kernel-2.6.32-279.9.1.el6 6Workstation-optional-6.3.z:kernel-2.6.32-279.9.1.el6 Moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. https://rhn.redhat.com/errata/RHSA-2012-1304.html https://www.redhat.com/security/data/cve/CVE-2012-2390.html CVE-2012-2390 https://bugzilla.redhat.com/show_bug.cgi?id=824345 bz#824345: CVE-2012-2390 kernel: huge pages: memory leak on mmap failure A flaw was found in the way the msg_namelen variable in the rds_recvmsg() function of the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation was initialized. A local, unprivileged user could use this flaw to leak kernel stack memory to user-space. 2012-05-08T00:00:00Z 2012-07-23T00:00:00Z CVE-2012-3430 6Client-6.3.z:kernel-2.6.32-279.9.1.el6 6Client-optional-6.3.z:kernel-2.6.32-279.9.1.el6 6ComputeNode-6.3.z:kernel-2.6.32-279.9.1.el6 6ComputeNode-optional-6.3.z:kernel-2.6.32-279.9.1.el6 6Server-6.3.z:kernel-2.6.32-279.9.1.el6 6Server-optional-6.3.z:kernel-2.6.32-279.9.1.el6 6Workstation-6.3.z:kernel-2.6.32-279.9.1.el6 6Workstation-optional-6.3.z:kernel-2.6.32-279.9.1.el6 Low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. https://rhn.redhat.com/errata/RHSA-2012-1304.html https://www.redhat.com/security/data/cve/CVE-2012-3430.html CVE-2012-3430 https://bugzilla.redhat.com/show_bug.cgi?id=820039 bz#820039: CVE-2012-3430 kernel: recv{from,msg}() on an rds socket can leak kernel memory This issue was discovered by the Red Hat InfiniBand team. A race condition was found in the way access to inet->opt ip_options was synchronized in the Linux kernel's TCP/IP protocol suite implementation. Depending on the network facing applications running on the system, a remote attacker could possibly trigger this flaw to cause a denial of service. A local, unprivileged user could use this flaw to cause a denial of service regardless of the applications the system runs. 2012-06-05T00:00:00Z 2011-04-21T00:00:00Z CVE-2012-3552 6Client-6.3.z:kernel-2.6.32-279.9.1.el6 6Client-optional-6.3.z:kernel-2.6.32-279.9.1.el6 6ComputeNode-6.3.z:kernel-2.6.32-279.9.1.el6 6ComputeNode-optional-6.3.z:kernel-2.6.32-279.9.1.el6 6Server-6.3.z:kernel-2.6.32-279.9.1.el6 6Server-optional-6.3.z:kernel-2.6.32-279.9.1.el6 6Workstation-6.3.z:kernel-2.6.32-279.9.1.el6 6Workstation-optional-6.3.z:kernel-2.6.32-279.9.1.el6 Moderate 5.4 AV:N/AC:H/Au:N/C:N/I:N/A:C Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. https://rhn.redhat.com/errata/RHSA-2012-1304.html https://www.redhat.com/security/data/cve/CVE-2012-3552.html CVE-2012-3552 https://bugzilla.redhat.com/show_bug.cgi?id=853465 bz#853465: CVE-2012-3552 kernel: net: slab corruption due to improper synchronization around inet->opt Red Hat would like to thank Hafid Lin for reporting this issue.