Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 568
Alerts This Week
Warning Icon 1 568

Scientific Linux Security Update: SLSA-2013:0744-1 Kernel Fixes & Issues

Scientific Large Esm H446
Important: kernel security and bug fix update
Date: Tue, 23 Apr 2013 09:31:44 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 6x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

i386:
ksh-20100621-19.el6_4.3.i686.rpm
libblkid-2.17.2-12.9.el6_4.2.i686.rpm
libblkid-devel-2.17.2-12.9.el6_4.2.i686.rpm
libuuid-2.17.2-12.9.el6_4.2.i686.rpm
libuuid-devel-2.17.2-12.9.el6_4.2.i686.rpm
libvirt-0.10.2-18.el6_4.4.i686.rpm
libvirt-client-0.10.2-18.el6_4.4.i686.rpm
libvirt-devel-0.10.2-18.el6_4.4.i686.rpm
libvirt-python-0.10.2-18.el6_4.4.i686.rpm
net-snmp-5.5-44.el6_4.1.i686.rpm
net-snmp-devel-5.5-44.el6_4.1.i686.rpm
net-snmp-libs-5.5-44.el6_4.1.i686.rpm
net-snmp-perl-5.5-44.el6_4.1.i686.rpm
net-snmp-python-5.5-44.el6_4.1.i686.rpm
net-snmp-utils-5.5-44.el6_4.1.i686.rpm
util-linux-ng-2.17.2-12.9.el6_4.2.i686.rpm
uuidd-2.17.2-12.9.el6_4.2.i686.rpm

x86_64:
ksh-20100621-19.el6_4.3.x86_64.rpm
libblkid-2.17.2-12.9.el6_4.2.i686.rpm
libblkid-2.17.2-12.9.el6_4.2.x86_64.rpm
libblkid-devel-2.17.2-12.9.el6_4.2.i686.rpm
libblkid-devel-2.17.2-12.9.el6_4.2.x86_64.rpm
libuuid-2.17.2-12.9.el6_4.2.i686.rpm
libuuid-2.17.2-12.9.el6_4.2.x86_64.rpm
libuuid-devel-2.17.2-12.9.el6_4.2.i686.rpm
libuuid-devel-2.17.2-12.9.el6_4.2.x86_64.rpm
libvirt-0.10.2-18.el6_4.4.x86_64.rpm
libvirt-client-0.10.2-18.el6_4.4.i686.rpm
libvirt-client-0.10.2-18.el6_4.4.x86_64.rpm
libvirt-devel-0.10.2-18.el6_4.4.i686.rpm
libvirt-devel-0.10.2-18.el6_4.4.x86_64.rpm
libvirt-lock-sanlock-0.10.2-18.el6_4.4.x86_64.rpm
libvirt-python-0.10.2-18.el6_4.4.x86_64.rpm
net-snmp-5.5-44.el6_4.1.x86_64.rpm
net-snmp-devel-5.5-44.el6_4.1.i686.rpm
net-snmp-devel-5.5-44.el6_4.1.x86_64.rpm
net-snmp-libs-5.5-44.el6_4.1.i686.rpm
net-snmp-libs-5.5-44.el6_4.1.x86_64.rpm
net-snmp-perl-5.5-44.el6_4.1.x86_64.rpm
net-snmp-python-5.5-44.el6_4.1.x86_64.rpm
net-snmp-utils-5.5-44.el6_4.1.x86_64.rpm
util-linux-ng-2.17.2-12.9.el6_4.2.i686.rpm
util-linux-ng-2.17.2-12.9.el6_4.2.x86_64.rpm
uuidd-2.17.2-12.9.el6_4.2.x86_64.rpm
Date: Wed, 24 Apr 2013 14:05:06 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: kernel on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: kernel security and bug fix update
Advisory ID: SLSA-2013:0744-1
Issue Date: 2013-04-23
CVE Numbers: CVE-2013-0349
 CVE-2013-1767
 CVE-2013-1773
 CVE-2013-1774
 CVE-2013-1792
 CVE-2013-1796
 CVE-2013-1797
 CVE-2013-1798
 CVE-2013-1827
 CVE-2013-1826
 CVE-2013-0913
 CVE-2012-6547
 CVE-2012-6546
 CVE-2012-6537
--

* An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way the Intel i915 driver in the Linux kernel handled the
allocation of the buffer used for relocation copies. A local user with
console access could use this flaw to cause a denial of service or
escalate their privileges. (CVE-2013-0913, Important)

* A buffer overflow flaw was found in the way UTF-8 characters were
converted to UTF-16 in the utf8s_to_utf16s() function of the Linux
kernel's FAT file system implementation. A local user able to mount a FAT
file system with the "utf8=1" option could use this flaw to crash the
system or, potentially, to escalate their privileges. (CVE-2013-1773,
Important)

* A flaw was found in the way KVM handled guest time updates when the
buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine
state register (MSR) crossed a page boundary. A privileged guest user
could use this flaw to crash the host or, potentially, escalate their
privileges, allowing them to execute arbitrary code at the host kernel
level. (CVE-2013-1796, Important)

* A potential use-after-free flaw was found in the way KVM handled guest
time updates when the GPA (guest physical address) the guest registered by
writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into
a movable or removable memory region of the hosting user-space process (by
default, QEMU-KVM) on the host. If that memory region is deregistered from
KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory
reused, a privileged guest user could potentially use this flaw to
escalate their privileges on the host. (CVE-2013-1797, Important)

* A flaw was found in the way KVM emulated IOAPIC (I/O Advanced
Programmable Interrupt Controller). A missing validation check in the
ioapic_read_indirect() function could allow a privileged guest user to
crash the host, or read a substantial portion of host kernel memory.
(CVE-2013-1798, Important)

* A race condition in install_user_keyrings(), leading to a NULL pointer
dereference, was found in the key management facility. A local,
unprivileged user could use this flaw to cause a denial of service.
(CVE-2013-1792, Moderate)

* A NULL pointer dereference in the XFRM implementation could allow a
local user who has the CAP_NET_ADMIN capability to cause a denial of
service. (CVE-2013-1826, Moderate)

* A NULL pointer dereference in the Datagram Congestion Control Protocol
(DCCP) implementation could allow a local user to cause a denial of
service. (CVE-2013-1827, Moderate)

* Information leak flaws in the XFRM implementation could allow a local
user who has the CAP_NET_ADMIN capability to leak kernel stack memory to
user-space. (CVE-2012-6537, Low)

* Two information leak flaws in the Asynchronous Transfer Mode (ATM)
subsystem could allow a local, unprivileged user to leak kernel stack
memory to user-space. (CVE-2012-6546, Low)

* An information leak was found in the TUN/TAP device driver in the
networking implementation. A local user with access to a TUN/TAP virtual
interface could use this flaw to leak kernel stack memory to user-space.
(CVE-2012-6547, Low)

* An information leak in the Bluetooth implementation could allow a local
user who has the CAP_NET_ADMIN capability to leak kernel stack memory to
user-space. (CVE-2013-0349, Low)

* A use-after-free flaw was found in the tmpfs implementation. A local
user able to mount and unmount a tmpfs file system could use this flaw to
cause a denial of service or, potentially, escalate their privileges.
(CVE-2013-1767, Low)

* A NULL pointer dereference was found in the Linux kernel's USB Inside
Out Edgeport Serial Driver implementation. An attacker with physical
access to a system could use this flaw to cause a denial of service.
(CVE-2013-1774, Low)
--

SL6
 x86_64
 kernel-2.6.32-358.6.1.el6.x86_64.rpm
 kernel-debug-2.6.32-358.6.1.el6.x86_64.rpm
 kernel-debug-debuginfo-2.6.32-358.6.1.el6.x86_64.rpm
 kernel-debug-devel-2.6.32-358.6.1.el6.x86_64.rpm
 kernel-debuginfo-2.6.32-358.6.1.el6.x86_64.rpm
 kernel-debuginfo-common-x86_64-2.6.32-358.6.1.el6.x86_64.rpm
 kernel-devel-2.6.32-358.6.1.el6.x86_64.rpm
 kernel-headers-2.6.32-358.6.1.el6.x86_64.rpm
 perf-2.6.32-358.6.1.el6.x86_64.rpm
 perf-debuginfo-2.6.32-358.6.1.el6.x86_64.rpm
 python-perf-debuginfo-2.6.32-358.6.1.el6.x86_64.rpm
 python-perf-2.6.32-358.6.1.el6.x86_64.rpm
 i386
 kernel-2.6.32-358.6.1.el6.i686.rpm
 kernel-debug-2.6.32-358.6.1.el6.i686.rpm
 kernel-debug-debuginfo-2.6.32-358.6.1.el6.i686.rpm
 kernel-debug-devel-2.6.32-358.6.1.el6.i686.rpm
 kernel-debuginfo-2.6.32-358.6.1.el6.i686.rpm
 kernel-debuginfo-common-i686-2.6.32-358.6.1.el6.i686.rpm
 kernel-devel-2.6.32-358.6.1.el6.i686.rpm
 kernel-headers-2.6.32-358.6.1.el6.i686.rpm
 perf-2.6.32-358.6.1.el6.i686.rpm
 perf-debuginfo-2.6.32-358.6.1.el6.i686.rpm
 python-perf-debuginfo-2.6.32-358.6.1.el6.i686.rpm
 python-perf-2.6.32-358.6.1.el6.i686.rpm
 noarch
 kernel-doc-2.6.32-358.6.1.el6.noarch.rpm
 kernel-firmware-2.6.32-358.6.1.el6.noarch.rpm

- Scientific Linux Development Team