Red Hat Enterprise Linux 6: RHSA-2011:0007-01 Important Kernel Updates
red hat
January 11, 2011
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6
Solution
Users should upgrade to these updated packages, which contain
backported patches to correct these issues. Documentation for the bugs
fixed by this update will be available shortly from the Technical
Notes document, linked to in the References section. The system must
be rebooted for this update to take effect.
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.
Summary
* Buffer overflow in eCryptfs. When /dev/ecryptfs has world writable
permissions (which it does not, by default, on Red Hat Enterprise Linux 6),
a local, unprivileged user could use this flaw to cause a denial of service
or possibly escalate their privileges. (CVE-2010-2492, Important)
* Integer overflow in the RDS protocol implementation could allow a local,
unprivileged user to cause a denial of service or escalate their
privileges. (CVE-2010-3865, Important)
* Missing boundary checks in the PPP over L2TP sockets implementation could
allow a local, unprivileged user to cause a denial of service or escalate
their privileges. (CVE-2010-4160, Important)
* NULL pointer dereference in the igb driver. If both Single Root I/O
Virtualization (SR-IOV) and promiscuous mode were enabled on an interface
using igb, it could result in a denial of service when a tagged VLAN packet
is received on that interface. (CVE-2010-4263, Important)
* Missing initialization flaw in the XFS file system implementation, and in
the network traffic policing implementation, could allow a local,
unprivileged user to cause an information leak. (CVE-2010-3078,
CVE-2010-3477, Moderate)
* NULL pointer dereference in the Open Sound System compatible sequencer
driver could allow a local, unprivileged user with access to /dev/sequencer
to cause a denial of service. /dev/sequencer is only accessible to root and
users in the audio group by default. (CVE-2010-3080, Moderate)
* Flaw in the ethtool IOCTL handler could allow a local user to cause an
information leak. (CVE-2010-3861, Moderate)
* Flaw in bcm_connect() in the Controller Area Network (CAN) Broadcast
Manager. On 64-bit systems, writing the socket address may overflow the
procname character array. (CVE-2010-3874, Moderate)
* Flaw in the module for monitoring the sockets of INET transport
protocols could allow a local, unprivileged user to cause a denial of
service. (CVE-2010-3880, Moderate)
* Missing boundary checks in the block layer implementation could allow a
local, unprivileged user to cause a denial of service. (CVE-2010-4162,
CVE-2010-4163, CVE-2010-4668, Moderate)
* NULL pointer dereference in the Bluetooth HCI UART driver could allow a
local, unprivileged user to cause a denial of service. (CVE-2010-4242,
Moderate)
* Flaw in the Linux kernel CPU time clocks implementation for the POSIX
clock interface could allow a local, unprivileged user to cause a denial of
service. (CVE-2010-4248, Moderate)
* Flaw in the garbage collector for AF_UNIX sockets could allow a local,
unprivileged user to trigger a denial of service. (CVE-2010-4249, Moderate)
* Missing upper bound integer check in the AIO implementation could allow a
local, unprivileged user to cause an information leak. (CVE-2010-3067, Low)
* Missing initialization flaws could lead to information leaks.
(CVE-2010-3298, CVE-2010-3876, CVE-2010-4072, CVE-2010-4073, CVE-2010-4074,
CVE-2010-4075, CVE-2010-4077, CVE-2010-4079, CVE-2010-4080, CVE-2010-4081,
CVE-2010-4082, CVE-2010-4083, CVE-2010-4158, Low)
* Missing initialization flaw in KVM could allow a privileged host user
with access to /dev/kvm to cause an information leak. (CVE-2010-4525, Low)
Red Hat would like to thank Andre Osterhues for reporting CVE-2010-2492;
Thomas Pollet for reporting CVE-2010-3865; Dan Rosenberg for reporting
CVE-2010-4160, CVE-2010-3078, CVE-2010-3874, CVE-2010-4162, CVE-2010-4163,
CVE-2010-3298, CVE-2010-4073, CVE-2010-4074, CVE-2010-4075, CVE-2010-4077,
CVE-2010-4079, CVE-2010-4080, CVE-2010-4081, CVE-2010-4082, CVE-2010-4083,
and CVE-2010-4158; Kosuke Tatsukawa for reporting CVE-2010-4263; Tavis
Ormandy for reporting CVE-2010-3080 and CVE-2010-3067; Kees Cook for
reporting CVE-2010-3861 and CVE-2010-4072; Nelson Elhage for reporting
CVE-2010-3880; Alan Cox for reporting CVE-2010-4242; Vegard Nossum for
reporting CVE-2010-4249; Vasiliy Kulikov for reporting CVE-2010-3876; and
Stephan Mueller of atsec information security for reporting CVE-2010-4525.
References
https://access.redhat.com/security/cve/CVE-2010-2492 https://access.redhat.com/security/cve/CVE-2010-3067 https://access.redhat.com/security/cve/CVE-2010-3078 https://access.redhat.com/security/cve/CVE-2010-3080 https://access.redhat.com/security/cve/CVE-2010-3298 https://access.redhat.com/security/cve/CVE-2010-3477 https://access.redhat.com/security/cve/CVE-2010-3861 https://access.redhat.com/security/cve/CVE-2010-3865 https://access.redhat.com/security/cve/CVE-2010-3874 https://access.redhat.com/security/cve/CVE-2010-3876 https://access.redhat.com/security/cve/CVE-2010-3880 https://access.redhat.com/security/cve/CVE-2010-4072 https://access.redhat.com/security/cve/CVE-2010-4073 https://access.redhat.com/security/cve/CVE-2010-4074 https://access.redhat.com/security/cve/CVE-2010-4075 https://access.redhat.com/security/cve/CVE-2010-4077 https://access.redhat.com/security/cve/CVE-2010-4079 https://access.redhat.com/security/cve/CVE-2010-4080 https://access.redhat.com/security/cve/CVE-2010-4081 https://access.redhat.com/security/cve/CVE-2010-4082 https://access.redhat.com/security/cve/CVE-2010-4083 https://access.redhat.com/security/cve/CVE-2010-4158 https://access.redhat.com/security/cve/CVE-2010-4160 https://access.redhat.com/security/cve/CVE-2010-4162 Read the Full Advisory
Package List
Red Hat Enterprise Linux Desktop (v. 6):
Source:
i386:
kernel-2.6.32-71.14.1.el6.i686.rpm
kernel-debug-2.6.32-71.14.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-71.14.1.el6.i686.rpm
kernel-debug-devel-2.6.32-71.14.1.el6.i686.rpm
kernel-debuginfo-2.6.32-71.14.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-71.14.1.el6.i686.rpm
kernel-devel-2.6.32-71.14.1.el6.i686.rpm
kernel-headers-2.6.32-71.14.1.el6.i686.rpm
noarch:
kernel-doc-2.6.32-71.14.1.el6.noarch.rpm
kernel-firmware-2.6.32-71.14.1.el6.noarch.rpm
perf-2.6.32-71.14.1.el6.noarch.rpm
x86_64:
kernel-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debug-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-71.14.1.el6.x86_64.rpm
kernel-devel-2.6.32-71.14.1.el6.x86_64.rpm
kernel-headers-2.6.32-71.14.1.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
noarch:
kernel-doc-2.6.32-71.14.1.el6.noarch.rpm
kernel-firmware-2.6.32-71.14.1.el6.noarch.rpm
perf-2.6.32-71.14.1.el6.noarch.rpm
x86_64:
kernel-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debug-2.6.32-71.14.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-71.14.1.el6.x86_64.rpm
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2011:0007-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2011:0007.html
Issue date: 2011-01-11
Topic
Updated kernel packages that fix multiple security issues and several bugsare now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. Common Vulnerability Scoring System (CVSS) basescores, which give detailed severity ratings, are available for eachvulnerability from the CVE links in the References section.
Relevant Releases Architectures
Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
Bugs Fixed
611385 - CVE-2010-2492 kernel: ecryptfs_uid_hash() buffer overflow
629441 - CVE-2010-3067 kernel: do_io_submit() infoleak
630551 - CVE-2010-3080 kernel: /dev/sequencer open failure is not handled correctly
630804 - CVE-2010-3078 kernel: xfs: XFS_IOC_FSGETXATTR ioctl memory leak
633140 - CVE-2010-3298 kernel: drivers/net/usb/hso.c: prevent reading uninitialized memory
636386 - CVE-2010-3477 kernel: net/sched/act_police.c infoleak
641410 - CVE-2010-4242 kernel: missing tty ops write function presence check in hci_uart_tty_open()
646725 - CVE-2010-3861 kernel: heap contents leak from ETHTOOL_GRXCLSRLALL
647391 - kernel BUG at mm/migrate.c:113! [rhel-6.0.z]
647416 - CVE-2010-3865 kernel: iovec integer overflow in net/rds/rdma.c
648408 - Do not mix FMODE_ and O_ flags with break_lease() and may_open() [rhel-6.0.z]
648656 - CVE-2010-4072 kernel: ipc/shm.c: reading uninitialized stack memory
648658 - CVE-2010-4073 kernel: ipc/compat*.c: reading uninitialized stack memory
648659 - CVE-2010-4074 kernel: drivers/usb/serial/mos*.c: reading uninitialized stack memory
648660 - CVE-2010-4075 kernel: drivers/serial/serial_core.c: reading uninitialized stack memory
648663 - CVE-2010-4077 kernel: drivers/char/nozomi.c: reading uninitialized stack memory
648666 - CVE-2010-4079 kernel: drivers/video/ivtv/ivtvfb.c: reading uninitialized stack memory
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!