Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 533
Alerts This Week
Warning Icon 1 533

Scientific Linux: CVE-2012-4508 Critical Kernel Security Update

Scientific Large Esm H446
Important: kernel security update
Date: Thu, 14 Mar 2013 09:39:54 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: kernel on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: kernel security update
Issue Date: 2013-02-21
CVE Numbers: CVE-2012-4508
 CVE-2012-4542
 CVE-2013-0190
 CVE-2013-0309
 CVE-2013-0310
 CVE-2013-0311
--

This update fixes the following security issues:

* A race condition was found in the way asynchronous I/O and fallocate()
interacted when using the ext4 file system. A local, unprivileged user could
use this flaw to expose random data from an extent whose data blocks have not
yet been written, and thus contain data from a deleted file. (CVE-2012-4508,
Important)

* A flaw was found in the way the vhost kernel module handled descriptors that
spanned multiple regions. A privileged guest user in a KVM guest could use this
flaw to crash the host or, potentially, escalate their privileges on the host.
(CVE-2013-0311, Important)

* It was found that the default SCSI command filter does not accommodate
commands that overlap across device classes. A privileged guest user could
potentially use this flaw to write arbitrary data to a LUN that is passed-
through as read-only. (CVE-2012-4542, Moderate)

* A flaw was found in the way the xen_failsafe_callback() function in the Linux
kernel handled the failed iret (interrupt return) instruction notification from
the Xen hypervisor. An unprivileged user in a 32-bit para-virtualized guest
could use this flaw to crash the guest. (CVE-2013-0190, Moderate)

* A flaw was found in the way pmd_present() interacted with PROT_NONE memory
ranges when transparent hugepages were in use. A local, unprivileged user could
use this flaw to crash the system. (CVE-2013-0309, Moderate)

* A flaw was found in the way CIPSO (Common IP Security Option) IP options were
validated when set from user mode. A local user able to set CIPSO IP options on
the socket could use this flaw to crash the system. (CVE-2013-0310, Moderate)

The system must be rebooted for this update to take effect.
--

SL6
 x86_64
 kernel-2.6.32-358.el6.x86_64.rpm
 kernel-debug-2.6.32-358.el6.x86_64.rpm
 kernel-debug-debuginfo-2.6.32-358.el6.x86_64.rpm
 kernel-debug-devel-2.6.32-358.el6.x86_64.rpm
 kernel-debuginfo-2.6.32-358.el6.x86_64.rpm
 kernel-debuginfo-common-x86_64-2.6.32-358.el6.x86_64.rpm
 kernel-devel-2.6.32-358.el6.x86_64.rpm
 kernel-headers-2.6.32-358.el6.x86_64.rpm
 perf-2.6.32-358.el6.x86_64.rpm
 perf-debuginfo-2.6.32-358.el6.x86_64.rpm
 python-perf-debuginfo-2.6.32-358.el6.x86_64.rpm
 python-perf-2.6.32-358.el6.x86_64.rpm
 i386
 kernel-2.6.32-358.el6.i686.rpm
 kernel-debug-2.6.32-358.el6.i686.rpm
 kernel-debug-debuginfo-2.6.32-358.el6.i686.rpm
 kernel-debug-devel-2.6.32-358.el6.i686.rpm
 kernel-debuginfo-2.6.32-358.el6.i686.rpm
 kernel-debuginfo-common-i686-2.6.32-358.el6.i686.rpm
 kernel-devel-2.6.32-358.el6.i686.rpm
 kernel-headers-2.6.32-358.el6.i686.rpm
 perf-2.6.32-358.el6.i686.rpm
 perf-debuginfo-2.6.32-358.el6.i686.rpm
 python-perf-debuginfo-2.6.32-358.el6.i686.rpm
 python-perf-2.6.32-358.el6.i686.rpm
 noarch
 kernel-doc-2.6.32-358.el6.noarch.rpm
 kernel-firmware-2.6.32-358.el6.noarch.rpm

Added for dependency resolution:
SL6
 x86_64
 kmod-openafs-1.6.2-4.SL64.el6.noarch.rpm
 kmod-openafs-279-1.6.2-0.144.sl6.279.x86_64.rpm
 kmod-openafs-358-1.6.2-0.144.sl6.358.0.1.x86_64.rpm
 i386
 kmod-openafs-1.6.2-4.SL64.el6.noarch.rpm
 kmod-openafs-279-1.6.2-0.144.sl6.279.i686.rpm
 kmod-openafs-358-1.6.2-0.144.sl6.358.0.1.i686.rpm

- Scientific Linux Development Team