Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -4 articles for you...
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorysecurity patchimportant update

openSUSE Leap 15.2: 2021:0579-1 Important Kernel Security Fixes

An update that solves 12 vulnerabilities and has 15 fixes is now available. . openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0579-1 Rating: important References: #1047233 #1065729 #1113295 #1152489 #1154353 #1155518 #1156395 #1167574 #1175995 #1178181 #1181507 #1183405 #1184074 #1184120 #1184194 #1184211 #1184388 #1184391 #1184393 #1184485 #1184509 #1184511 #1184512 #1184514 #1184583 #1184585 #1184647 Cross-References: CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2021-28950 CVE-2021-29154 CVE-2021-30002 CVE-2021-3483 CVSS scores: CVE-2020-25670 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2020-36310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36311 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36312 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36322 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-28950 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29154 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-30002 (NVD) : 6.2CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has 15 fixes is now available. Description: The openSUSE Linux Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393). - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120). - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194). - CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ). - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511). - CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512). - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181). - CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211). The following non-security bugs were fixed: - ALSA: aloop: Fix initialization of controls (git-fixes). - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes). - appletalk: Fix skb allocation size in loopback case (git-fixes). - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes). - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes). - ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes). - ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes). - ASoC: max98373: Added30ms turn on/off time delay (git-fixes). - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes). - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes). - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes). - atl1c: fix error return code in atl1c_probe() (git-fixes). - atl1e: fix error return code in atl1e_probe() (git-fixes). - batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"-> reserved field (git-fixes). - bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518). - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518). - bpf, sockmap: Fix sk-> prot unhash op reset (bsc#1155518). - brcmfmac: clear EAP/association status bits on linkdown events (git-fixes). - bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes). - cifs: change noisy error message to FYI (bsc#1181507). - cifs_debug: use %pd instead of messing with -> d_name (bsc#1181507). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: New optype for session operations (bsc#1181507). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - clk: fix invalid usage of list cursor in register (git-fixes). - clk: fix invalid usage of list cursor in unregister (git-fixes). - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes). - dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485). - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes). - drm/amdgpu: check alignment on CPU page for bo map (git-fixes). - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes). - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074). - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes). - drm/msm: Ratelimit invalid-fence message (git-fixes). - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes). - enetc: Fix reporting of h/w packet counters (git-fixes). - fix Patch-mainline: patches.suse/cifs_debug-use-pd-instead-of-messing-with-d_name.patch - fix patch metadata - fuse: fix bad inode (bsc#1184211). - fuse: fix live lock in fuse_iget() (bsc#1184211). - gianfar: Handle error code at MAC address change (git-fixes). - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025). - i40e: Fix sparse error: 'vsi-> netdev' could be null (jsc#SLE-8025). - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926). - iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585). - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - libbpf: Fix INSTALL flag order (bsc#1155518). - libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518). - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes). - mac80211: choose first enabled channel for monitor (git-fixes). - mac80211: fix TXQ AC confusion (git-fixes). - mISDN: fix crash in fritzpci (git-fixes). - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes). - net: b44: fix error return code in b44_init_one() (git-fixes). - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes). - net: hns3: Remove the left over redundant check & assignment (bsc#1154353). - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes). - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464). - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes). - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes). - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes). - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405) - net: wan/lmc: unregister device when no matching device is found (git-fixes). - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes). - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes). - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729). - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes). - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729). - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395). - powerpc/sstep: Fix darn emulation (bsc#1156395). - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395). - powerpc/sstep: Fix load-store and update emulation (bsc#1156395). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes). - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489). - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes). - rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12. - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally. - samples/bpf: Fix possible hang in xdpsock with multiple threads (bsc#1155518). - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes). - staging: comedi: cb_pcidas64: fix request_irq() warn (git-fixes). - staging: comedi: cb_pcidas: fix request_irq() warn (git-fixes). - thermal/core: Add NULL pointer check before using cooling device stats (git-fixes). - USB:cdc-acm: downgrade message to debug (git-fixes). - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes). - usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes). - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes). - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489). - x86/ioapic: Ignore IRQ2 again (bsc#1152489). - x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489). - xen/events: fix setting irq affinity (bsc#1184583). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-579=1 Package List: - openSUSE Leap 15.2 (x86_64): kernel-debug-5.3.18-lp152.72.1 kernel-debug-debuginfo-5.3.18-lp152.72.1 kernel-debug-debugsource-5.3.18-lp152.72.1 kernel-debug-devel-5.3.18-lp152.72.1 kernel-debug-devel-debuginfo-5.3.18-lp152.72.1 kernel-default-5.3.18-lp152.72.1 kernel-default-base-5.3.18-lp152.72.1.lp152.8.30.1 kernel-default-base-rebuild-5.3.18-lp152.72.1.lp152.8.30.1 kernel-default-debuginfo-5.3.18-lp152.72.1 kernel-default-debugsource-5.3.18-lp152.72.1 kernel-default-devel-5.3.18-lp152.72.1 kernel-default-devel-debuginfo-5.3.18-lp152.72.1 kernel-kvmsmall-5.3.18-lp152.72.1 kernel-kvmsmall-debuginfo-5.3.18-lp152.72.1 kernel-kvmsmall-debugsource-5.3.18-lp152.72.1 kernel-kvmsmall-devel-5.3.18-lp152.72.1 kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.72.1 kernel-obs-build-5.3.18-lp152.72.1 kernel-obs-build-debugsource-5.3.18-lp152.72.1 kernel-obs-qa-5.3.18-lp152.72.1 kernel-preempt-5.3.18-lp152.72.1 kernel-preempt-debuginfo-5.3.18-lp152.72.1 kernel-preempt-debugsource-5.3.18-lp152.72.1 kernel-preempt-devel-5.3.18-lp152.72.1 kernel-preempt-devel-debuginfo-5.3.18-lp152.72.1 kernel-syms-5.3.18-lp152.72.1 - openSUSE Leap 15.2 (noarch): kernel-devel-5.3.18-lp152.72.1 kernel-docs-5.3.18-lp152.72.1 kernel-docs-html-5.3.18-lp152.72.1 kernel-macros-5.3.18-lp152.72.1 kernel-source-5.3.18-lp152.72.1 kernel-source-vanilla-5.3.18-lp152.72.1 References: https://www.suse.com/security/cve/CVE-2020-25670.html https://www.suse.com/security/cve/CVE-2020-25671.html https://www.suse.com/security/cve/CVE-2020-25672.html https://www.suse.com/security/cve/CVE-2020-25673.html https://www.suse.com/security/cve/CVE-2020-36310.html https://www.suse.com/security/cve/CVE-2020-36311.html https://www.suse.com/security/cve/CVE-2020-36312.html https://www.suse.com/security/cve/CVE-2020-36322.html https://www.suse.com/security/cve/CVE-2021-28950.html https://www.suse.com/security/cve/CVE-2021-29154.html https://www.suse.com/security/cve/CVE-2021-30002.html https://www.suse.com/security/cve/CVE-2021-3483.html https://bugzilla.suse.com/1047233 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1113295 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1155518 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1167574 https://bugzilla.suse.com/1175995 https://bugzilla.suse.com/1178181 https://bugzilla.suse.com/1181507 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1184074 https://bugzilla.suse.com/1184120 https://bugzilla.suse.com/1184194 https://bugzilla.suse.com/1184211 https://bugzilla.suse.com/1184388 https://bugzilla.suse.com/1184391 https://bugzilla.suse.com/1184393 https://bugzilla.suse.com/1184485 https://bugzilla.suse.com/1184509 https://bugzilla.suse.com/1184511 https://bugzilla.suse.com/1184512 https://bugzilla.suse.com/1184514 https://bugzilla.suse.com/1184583 https://bugzilla.suse.com/1184585 https://bugzilla.suse.com/1184647 . An important enhancement for openSUSE Leap 15.2's Linux Kernel resolves 12 problems, addressing severe bugs and security risks.. openSUSE security, kernel updates, Linux security fixes, system patch management. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Apr 19, 2021 Important OpenSUSE
98
Ls Advisories Redhat Esm H240
Price Tag 1security issuebuffer overflowred hat

Red Hat: RHSA-2015:0987-01 Important: Kernel Buffer Overflow Fix

Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2015:0987-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:0987.html Issue date: 2015-05-12 CVE Names: CVE-2015-3331 ==================================================================== 1. Summary: Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AEC-GCM mode IPSecsecurity association. (CVE-2015-3331, Important) This update also fixes the following bugs: * Previously, the kernel audit subsystem did not correctly track file path names which could lead to empty, or "(null)" path names in the PATH audit records. This update fixes the bug by correctly tracking file path names and displaying the names in the audit PATH records. (BZ#1197746) * Due to a change in the internal representation of field types, AUDIT_LOGINUID set to -1 (4294967295) by the audit API was asymmetrically converted to an AUDIT_LOGINUID_SET field with a value of 0, unrecognized by an older audit API. To fix this bug, the kernel takes note about the way the rule has been formulated and reports the rule in the originally given form. As a result, older versions of audit provide a report as expected, in the AUDIT_LOGINUID field type form, whereas the newer versions can migrate to the new AUDIT_LOGINUID_SET filed type. (BZ#1197748) * The GFS2 file system "Splice Read" operation, which is used for the sendfile() function, was not properly allocating a required multi-block reservation structure in memory. Consequently, when the GFS2 block allocator was called to assign blocks of data, it attempted to dereference the structure, which resulted in a kernel panic. With this update, "Splice read" operation properly allocates the necessary reservation structure in memory prior to calling the block allocator, and sendfile() thus works properly for GFS2. (BZ#1201256) * Moving an Open vSwitch (OVS) internal vport to a different net name space and subsequently deleting that name space led to a kernel panic. This bug has been fixed by removing the OVS internal vport at net name space deletion. (BZ#1202357) * Previously, the kernel audit subsystem was not correctly handling file and directory moves, leading to audit records that did not match the audit file watches. This fix correctly handles moves such that the audit file watches work correctly. (BZ#1202358) * Due to a regression, the crypto adapter could not be setonline. A patch has been provided that fixes the device registration process so that the device can be used also before the registration process is completed, thus fixing this bug. (BZ#1205300) * Due to incorrect calculation for entropy during the entropy addition, the amount of entropy in the /dev/random file could be overestimated. The formula for the entropy addition has been changed, thus fixing this bug. (BZ#1211288) * Previously, the ansi_cprng and drbg utilities did not obey the call convention and returned the positive value on success instead of the correct value of zero. Consequently, Internet Protocol Security (IPsec) terminated unexpectedly when ansi_cprng or drbg were used. With this update, ansi_cprng and drbg have been changed to return zero on success, and IPsec now functions correctly. (BZ#1211487) * Due to a failure to clear the timestamp flag when reusing a tx descriptor in the mlx4_en driver, programs that did not request a hardware timestamp packet on their sent data received it anyway, resulting in unexpected behavior in certain applications. With this update, when reusing the tx descriptor in the mlx4_en driver in the aforementioned situation, the hardware timestamp flag is cleared, and applications now behave as expected. (BZ#1209240) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1213322 - CVE-2015-3331 Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI 6. Package List: Red Hat Enterprise Linux Client (v.7): Source: kernel-3.10.0-229.4.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.4.2.el7.noarch.rpm kernel-doc-3.10.0-229.4.2.el7.noarch.rpm x86_64: kernel-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.4.2.el7.x86_64.rpm kernel-devel-3.10.0-229.4.2.el7.x86_64.rpm kernel-headers-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.4.2.el7.x86_64.rpm perf-3.10.0-229.4.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.4.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm python-perf-3.10.0-229.4.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v.7): Source: kernel-3.10.0-229.4.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.4.2.el7.noarch.rpm kernel-doc-3.10.0-229.4.2.el7.noarch.rpm x86_64: kernel-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.4.2.el7.x86_64.rpm kernel-devel-3.10.0-229.4.2.el7.x86_64.rpm kernel-headers-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.4.2.el7.x86_64.rpm perf-3.10.0-229.4.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.4.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm python-perf-3.10.0-229.4.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: kernel-3.10.0-229.4.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.4.2.el7.noarch.rpm kernel-doc-3.10.0-229.4.2.el7.noarch.rpm ppc64: kernel-3.10.0-229.4.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-229.4.2.el7.ppc64.rpm kernel-debug-3.10.0-229.4.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-229.4.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-229.4.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.4.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.4.2.el7.ppc64.rpm kernel-devel-3.10.0-229.4.2.el7.ppc64.rpm kernel-headers-3.10.0-229.4.2.el7.ppc64.rpm kernel-tools-3.10.0-229.4.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.4.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-229.4.2.el7.ppc64.rpm perf-3.10.0-229.4.2.el7.ppc64.rpm perf-debuginfo-3.10.0-229.4.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.ppc64.rpm s390x: kernel-3.10.0-229.4.2.el7.s390x.rpm kernel-debug-3.10.0-229.4.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-229.4.2.el7.s390x.rpm kernel-debug-devel-3.10.0-229.4.2.el7.s390x.rpm kernel-debuginfo-3.10.0-229.4.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.4.2.el7.s390x.rpm kernel-devel-3.10.0-229.4.2.el7.s390x.rpm kernel-headers-3.10.0-229.4.2.el7.s390x.rpm kernel-kdump-3.10.0-229.4.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.4.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-229.4.2.el7.s390x.rpm perf-3.10.0-229.4.2.el7.s390x.rpm perf-debuginfo-3.10.0-229.4.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.s390x.rpm x86_64: kernel-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.4.2.el7.x86_64.rpm kernel-devel-3.10.0-229.4.2.el7.x86_64.rpm kernel-headers-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.4.2.el7.x86_64.rpm perf-3.10.0-229.4.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-229.4.2.ael7b.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.4.2.ael7b.noarch.rpm kernel-doc-3.10.0-229.4.2.ael7b.noarch.rpm ppc64le: kernel-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-bootwrapper-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-debug-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-debug-debuginfo-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-devel-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-headers-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-tools-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-tools-libs-3.10.0-229.4.2.ael7b.ppc64le.rpm perf-3.10.0-229.4.2.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.4.2.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.4.2.ael7b.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v.7): ppc64: kernel-debug-debuginfo-3.10.0-229.4.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.4.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.4.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.4.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-229.4.2.el7.ppc64.rpm perf-debuginfo-3.10.0-229.4.2.el7.ppc64.rpm python-perf-3.10.0-229.4.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.ppc64.rpm s390x: kernel-debug-debuginfo-3.10.0-229.4.2.el7.s390x.rpm kernel-debuginfo-3.10.0-229.4.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.4.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.4.2.el7.s390x.rpm perf-debuginfo-3.10.0-229.4.2.el7.s390x.rpm python-perf-3.10.0-229.4.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.s390x.rpm x86_64: kernel-debug-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.4.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm python-perf-3.10.0-229.4.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: kernel-debug-debuginfo-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-debug-devel-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.4.2.ael7b.ppc64le.rpm kernel-tools-libs-devel-3.10.0-229.4.2.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.4.2.ael7b.ppc64le.rpm python-perf-3.10.0-229.4.2.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.4.2.ael7b.ppc64le.rpm Red Hat Enterprise Linux Workstation (v.7): Source: kernel-3.10.0-229.4.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.4.2.el7.noarch.rpm kernel-doc-3.10.0-229.4.2.el7.noarch.rpm x86_64: kernel-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.4.2.el7.x86_64.rpm kernel-devel-3.10.0-229.4.2.el7.x86_64.rpm kernel-headers-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.4.2.el7.x86_64.rpm perf-3.10.0-229.4.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.4.2.el7.x86_64.rpm perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm python-perf-3.10.0-229.4.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.4.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3331 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. . The latest Red Hat kernel update tackles significant security issues and resolves existing bugs, enhancing overall stability and patching critical vulnerabilities.. Kernel Update, Red Hat Security, Important Advisory, System Bugs, Critical Fixes. . Severity: Important. LinuxSecurity.com Team

Calendar 2 May 12, 2015 Important Red Hat
Banner 1 1028x280 1708121660 1771599717
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryRed Hatkernel update

Red Hat Enterprise Linux 6 RHSA-2013:1645-02 Important: Kernel Update

Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the fifth regular update.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Enterprise Linux 6 kernel update Advisory ID: RHSA-2013:1645-02 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:1645.html Issue date: 2013-11-21 CVE Names: CVE-2012-6542 CVE-2012-6545 CVE-2013-0343 CVE-2013-1928 CVE-2013-1929 CVE-2013-2164 CVE-2013-2234 CVE-2013-2851 CVE-2013-2888 CVE-2013-2889 CVE-2013-2892 CVE-2013-3231 CVE-2013-4345 CVE-2013-4387 CVE-2013-4591 CVE-2013-4592 ==================================================================== 1. Summary: Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the fifth regular update. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386,ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload (UFO) feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-4387, Important) * A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled (/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on the local network could disable IPv6 temporary address generation, leading to a potential information disclosure. (CVE-2013-0343, Moderate) * A flaw was found in the way the Linux kernel handled HID (Human Interface Device) reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2888, Moderate) * An off-by-one flaw was found in the way the ANSI CPRNG implementation in the Linux kernel processed non-block size aligned requests. This could lead to random numbers being generated with less bits of entropy than expected when ANSI CPRNG was used. (CVE-2013-4345, Moderate) * It was found that the fix for CVE-2012-2375 released via RHSA-2012:1580 accidentally removed a check for small-sized result buffers. A local, unprivileged user with access to an NFSv4 mount with ACL support could use this flaw to crash the system or, potentially, escalate their privileges on the system . (CVE-2013-4591, Moderate) * A flaw was found in the way IOMMU memory mappings were handled when moving memory slots. A malicious user on a KVM host who has the ability to assign a device to a guestcould use this flaw to crash the host. (CVE-2013-4592, Moderate) * Heap-based buffer overflow flaws were found in the way the Zeroplus and Pantherlord/GreenAsia game controllers handled HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2889, CVE-2013-2892, Moderate) * Two information leak flaws were found in the logical link control (LLC) implementation in the Linux kernel. A local, unprivileged user could use these flaws to leak kernel stack memory to user space. (CVE-2012-6542, CVE-2013-3231, Low) * A heap-based buffer overflow in the way the tg3 Ethernet driver parsed the vital product data (VPD) of devices could allow an attacker with physical access to a system to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1929, Low) * Information leak flaws in the Linux kernel could allow a privileged, local user to leak kernel memory to user space. (CVE-2012-6545, CVE-2013-1928, CVE-2013-2164, CVE-2013-2234, Low) * A format string flaw was found in the Linux kernel's block layer. A privileged, local user could potentially use this flaw to escalate their privileges to kernel level (ring0). (CVE-2013-2851, Low) Red Hat would like to thank Stephan Mueller for reporting CVE-2013-4345, and Kees Cook for reporting CVE-2013-2851. This update also fixes several hundred bugs and adds enhancements. Refer to the Red Hat Enterprise Linux 6.5 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.5 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevantto your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 627128 - kernel spec: devel_post macro: hardlink fc typo 734728 - cifs: asynchronous readpages support 796364 - sbc_fitpc2_wdt NULL pointer dereference 815908 - NFSv4 server support for numeric IDs 831158 - dm-crypt: Fix possible mempool deadlock 834919 - JBD: Spotted dirty metadata buffer 851269 - kernel-debug: enable CONFIG_JBD_DEBUG 856764 - RHEL 6.5 Common Network Backports Tracker 859562 - DM RAID: 'sync' table argument is ineffective. 873659 - virt: Clocksource tsc unstable (delta = 474712882 ns). Enable clocksource failover by adding clocksource_failover kernel parameter. 876528 - Set-group-ID (SGID) bit not inherited on XFS file system with ACLs on directory 889973 - "kernel: device-mapper: table: 253:3: snapshot-origin: unknown target type" 903297 - FCoE target: backport drivers/target from upstream 908093 - gfs2: withdraw does not wait for gfs_controld 913660 - nfs client crashes during open 914664 - CVE-2013-0343 kernel: handling of IPv6 temporary addresses 918239 - kernel-2.6.32-358.0.1 doesn't boot at virtual machine on Xen Cloud Platform 920752 - cannot open device nodes for writing on RO filesystems 922322 - CVE-2012-6542 Kernel: llc: information leak via getsockname 922404 - CVE-2012-6545 Kernel: Bluetooth: RFCOMM - information leak 928207 - transfer data using two port from guest to host,guest hang and call trace 949567 - CVE-2013-1928 Kernel: information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE 949932 - CVE-2013-1929 Kernel: tg3: buffer overflow in VPD firmwareparsing 953097 - virtio-rng, boot the guest with two rng device, cat /dev/hwrng in guest, guest will call trace 956094 - CVE-2013-3231 Kernel: llc: Fix missing msg_namelen update in llc_ui_recvmsg 969515 - CVE-2013-2851 kernel: block: passing disk names as format strings 973100 - CVE-2013-2164 Kernel: information leak in cdrom driver 980995 - CVE-2013-2234 Kernel: net: information leak in AF_KEY notify 990806 - BUG: soft lockup - CPU#0 stuck for 63s! [killall5:7385] 999890 - CVE-2013-2889 Kernel: HID: zeroplus: heap overflow flaw 1000429 - CVE-2013-2892 Kernel: HID: pantherlord: heap overflow flaw 1000451 - CVE-2013-2888 Kernel: HID: memory corruption flaw 1007690 - CVE-2013-4345 kernel: ansi_cprng: off by one error in non-block size request 1011927 - CVE-2013-4387 Kernel: net: IPv6: panic when UFO=On for an interface 1014867 - xfssyncd and flush device threads hang in xlog_grant_head_wait 1031678 - CVE-2013-4591 kernel: nfs: missing check for buffer length in __nfs4_get_acl_uncached 1031702 - CVE-2013-4592 kernel: kvm: memory leak when memory slot is moved with assigned device 6. Package List: Red Hat Enterprise Linux Desktop (v.6): Source: i386: kernel-2.6.32-431.el6.i686.rpm kernel-debug-2.6.32-431.el6.i686.rpm kernel-debug-debuginfo-2.6.32-431.el6.i686.rpm kernel-debug-devel-2.6.32-431.el6.i686.rpm kernel-debuginfo-2.6.32-431.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.el6.i686.rpm kernel-devel-2.6.32-431.el6.i686.rpm kernel-headers-2.6.32-431.el6.i686.rpm perf-2.6.32-431.el6.i686.rpm perf-debuginfo-2.6.32-431.el6.i686.rpm python-perf-debuginfo-2.6.32-431.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-431.el6.noarch.rpm kernel-doc-2.6.32-431.el6.noarch.rpm kernel-firmware-2.6.32-431.el6.noarch.rpm x86_64: kernel-2.6.32-431.el6.x86_64.rpm kernel-debug-2.6.32-431.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.el6.x86_64.rpm kernel-devel-2.6.32-431.el6.x86_64.rpm kernel-headers-2.6.32-431.el6.x86_64.rpm perf-2.6.32-431.el6.x86_64.rpm perf-debuginfo-2.6.32-431.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: i386: kernel-debug-debuginfo-2.6.32-431.el6.i686.rpm kernel-debuginfo-2.6.32-431.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.el6.i686.rpm perf-debuginfo-2.6.32-431.el6.i686.rpm python-perf-2.6.32-431.el6.i686.rpm python-perf-debuginfo-2.6.32-431.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.el6.x86_64.rpm perf-debuginfo-2.6.32-431.el6.x86_64.rpm python-perf-2.6.32-431.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v.6): Source: noarch: kernel-abi-whitelists-2.6.32-431.el6.noarch.rpm kernel-doc-2.6.32-431.el6.noarch.rpm kernel-firmware-2.6.32-431.el6.noarch.rpm x86_64: kernel-2.6.32-431.el6.x86_64.rpm kernel-debug-2.6.32-431.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.el6.x86_64.rpm kernel-devel-2.6.32-431.el6.x86_64.rpm kernel-headers-2.6.32-431.el6.x86_64.rpm perf-2.6.32-431.el6.x86_64.rpm perf-debuginfo-2.6.32-431.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: x86_64: kernel-debug-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.el6.x86_64.rpm perf-debuginfo-2.6.32-431.el6.x86_64.rpm python-perf-2.6.32-431.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.el6.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: i386: kernel-2.6.32-431.el6.i686.rpm kernel-debug-2.6.32-431.el6.i686.rpm kernel-debug-debuginfo-2.6.32-431.el6.i686.rpm kernel-debug-devel-2.6.32-431.el6.i686.rpm kernel-debuginfo-2.6.32-431.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.el6.i686.rpm kernel-devel-2.6.32-431.el6.i686.rpm kernel-headers-2.6.32-431.el6.i686.rpm perf-2.6.32-431.el6.i686.rpm perf-debuginfo-2.6.32-431.el6.i686.rpm python-perf-debuginfo-2.6.32-431.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-431.el6.noarch.rpm kernel-doc-2.6.32-431.el6.noarch.rpm kernel-firmware-2.6.32-431.el6.noarch.rpm ppc64: kernel-2.6.32-431.el6.ppc64.rpm kernel-bootwrapper-2.6.32-431.el6.ppc64.rpm kernel-debug-2.6.32-431.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-431.el6.ppc64.rpm kernel-debug-devel-2.6.32-431.el6.ppc64.rpm kernel-debuginfo-2.6.32-431.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-431.el6.ppc64.rpm kernel-devel-2.6.32-431.el6.ppc64.rpm kernel-headers-2.6.32-431.el6.ppc64.rpm perf-2.6.32-431.el6.ppc64.rpm perf-debuginfo-2.6.32-431.el6.ppc64.rpm python-perf-debuginfo-2.6.32-431.el6.ppc64.rpm s390x: kernel-2.6.32-431.el6.s390x.rpm kernel-debug-2.6.32-431.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-431.el6.s390x.rpm kernel-debug-devel-2.6.32-431.el6.s390x.rpm kernel-debuginfo-2.6.32-431.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-431.el6.s390x.rpm kernel-devel-2.6.32-431.el6.s390x.rpm kernel-headers-2.6.32-431.el6.s390x.rpm kernel-kdump-2.6.32-431.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-431.el6.s390x.rpm kernel-kdump-devel-2.6.32-431.el6.s390x.rpm perf-2.6.32-431.el6.s390x.rpm perf-debuginfo-2.6.32-431.el6.s390x.rpm python-perf-debuginfo-2.6.32-431.el6.s390x.rpm x86_64: kernel-2.6.32-431.el6.x86_64.rpm kernel-debug-2.6.32-431.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.el6.x86_64.rpm kernel-devel-2.6.32-431.el6.x86_64.rpm kernel-headers-2.6.32-431.el6.x86_64.rpm perf-2.6.32-431.el6.x86_64.rpm perf-debuginfo-2.6.32-431.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: i386: kernel-debug-debuginfo-2.6.32-431.el6.i686.rpm kernel-debuginfo-2.6.32-431.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.el6.i686.rpm perf-debuginfo-2.6.32-431.el6.i686.rpm python-perf-2.6.32-431.el6.i686.rpm python-perf-debuginfo-2.6.32-431.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-431.el6.ppc64.rpm kernel-debuginfo-2.6.32-431.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-431.el6.ppc64.rpm perf-debuginfo-2.6.32-431.el6.ppc64.rpm python-perf-2.6.32-431.el6.ppc64.rpm python-perf-debuginfo-2.6.32-431.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-431.el6.s390x.rpm kernel-debuginfo-2.6.32-431.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-431.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-431.el6.s390x.rpm perf-debuginfo-2.6.32-431.el6.s390x.rpm python-perf-2.6.32-431.el6.s390x.rpm python-perf-debuginfo-2.6.32-431.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.el6.x86_64.rpm perf-debuginfo-2.6.32-431.el6.x86_64.rpm python-perf-2.6.32-431.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v.6): Source: i386: kernel-2.6.32-431.el6.i686.rpm kernel-debug-2.6.32-431.el6.i686.rpm kernel-debug-debuginfo-2.6.32-431.el6.i686.rpm kernel-debug-devel-2.6.32-431.el6.i686.rpm kernel-debuginfo-2.6.32-431.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.el6.i686.rpm kernel-devel-2.6.32-431.el6.i686.rpm kernel-headers-2.6.32-431.el6.i686.rpm perf-2.6.32-431.el6.i686.rpm perf-debuginfo-2.6.32-431.el6.i686.rpm python-perf-debuginfo-2.6.32-431.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-431.el6.noarch.rpm kernel-doc-2.6.32-431.el6.noarch.rpm kernel-firmware-2.6.32-431.el6.noarch.rpm x86_64: kernel-2.6.32-431.el6.x86_64.rpm kernel-debug-2.6.32-431.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.el6.x86_64.rpm kernel-devel-2.6.32-431.el6.x86_64.rpm kernel-headers-2.6.32-431.el6.x86_64.rpm perf-2.6.32-431.el6.x86_64.rpm perf-debuginfo-2.6.32-431.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: i386: kernel-debug-debuginfo-2.6.32-431.el6.i686.rpm kernel-debuginfo-2.6.32-431.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.el6.i686.rpm perf-debuginfo-2.6.32-431.el6.i686.rpm python-perf-2.6.32-431.el6.i686.rpm python-perf-debuginfo-2.6.32-431.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.el6.x86_64.rpm perf-debuginfo-2.6.32-431.el6.x86_64.rpm python-perf-2.6.32-431.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7.References: https://access.redhat.com/security/cve/CVE-2012-6542 https://access.redhat.com/security/cve/CVE-2012-6545 https://access.redhat.com/security/cve/CVE-2013-0343 https://access.redhat.com/security/cve/CVE-2013-1928 https://access.redhat.com/security/cve/CVE-2013-1929 https://access.redhat.com/security/cve/CVE-2013-2164 https://access.redhat.com/security/cve/CVE-2013-2234 https://access.redhat.com/security/cve/CVE-2013-2851 https://access.redhat.com/security/cve/CVE-2013-2888 https://access.redhat.com/security/cve/CVE-2013-2889 https://access.redhat.com/security/cve/CVE-2013-2892 https://access.redhat.com/security/cve/CVE-2013-3231 https://access.redhat.com/security/cve/CVE-2013-4345 https://access.redhat.com/security/cve/CVE-2013-4387 https://access.redhat.com/security/cve/CVE-2013-4591 https://access.redhat.com/security/cve/CVE-2013-4592 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.5_Release_Notes/index.html https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/kernel.html#RHSA-2013-1645 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSjY5WXlSAg2UNWIIRAuHSAJ4zspC6c0F3dA1sbYegYTGXWG0APwCeODoR Za69iTI1KBy4b8uFSqU5p4A=Mkqs -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . New kernel updates improve security measures and address multiple bugs in Red Hat Enterprise Linux 6. More information below.. Red Hat Enterprise Linux,Kernel Update,Security Patch,System Bugs. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Nov 21, 2013 Important Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryRed Hatimportant

Red Hat 5.6 RHSA-2012:0720-01 Important: Kernel Security Fix

Updated kernel packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2012:0720-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2012:0720.html Issue date: 2012-06-12 CVE Names: CVE-2012-0217 CVE-2012-1583 ==================================================================== 1. Summary: Updated kernel packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. (CVE-2012-0217, Important) Note: For Red Hat Enterprise Linux guests, only privileged guest users can exploit CVE-2012-0217. * A flaw in the xfrm6_tunnel_rcv()function in the Linux kernel's IPv6 implementation could lead to a use-after-free or double free flaw in tunnel6_rcv(). A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the xfrm6_tunnel kernel module loaded, causing it to crash. (CVE-2012-1583, Important) If you do not run applications that use xfrm6_tunnel, you can prevent the xfrm6_tunnel module from being loaded by creating (as the root user) a "/etc/modprobe.d/xfrm6_tunnel.conf" file, and adding the following line to it: blacklist xfrm6_tunnel This way, the xfrm6_tunnel module cannot be loaded accidentally. A reboot is not necessary for this change to take effect. Red Hat would like to thank the Xen project for reporting CVE-2012-0217. Upstream acknowledges Rafal Wojtczuk as the original reporter of CVE-2012-0217. This update also fixes the following bugs: * Under rare circumstances, a bug in the vsyscall interface caused the gdb debugger to terminate unexpectedly with a segmentation fault when run on the AMD64 or Intel 64 architecture. A patch has been provided to address this issue and the crashes no longer occur in the described scenario. (BZ#807929) * Incorrect duplicate MAC addresses were being used on a rack network daughter card that contained a quad-port Intel I350 Gigabit Ethernet Controller. With this update, the underlying source code has been modified to address this issue, and correct MAC addresses are now used under all circumstances. (BZ#813195) * When the Fibre Channel (FC) layer sets a device to "running", the layer also scans for other new devices. Previously, there was a race condition between these two operations. Consequently, for certain targets, thousands of invalid devices were created by the SCSI layer and the udev service. This update ensures that the FC layer always sets a device to "online" before scanning for others, thus fixing this bug. Additionally, when attempting to transition priority groups on a busy FC device, the multipath layer retriedimmediately. If this was the only available path, a large number of retry operations were performed in a short period of time. Consequently, the logging of retry messages slowed down the system. This bug has been fixed by ensuring that the DM Multipath feature delays retry operations in the described scenario. (BZ#816683) * Due to incorrect use of the list_for_each_entry_safe() macro, the enumeration of remote procedure calls (RPCs) priority wait queue tasks stored in the tk_wait.links list failed. As a consequence, the rpc_wake_up() and rpc_wake_up_status() functions failed to wake up all tasks. This caused the system to become unresponsive and could significantly decrease system performance. Now, the list_for_each_entry_safe() macro is no longer used in rpc_wake_up(), ensuring reasonable system performance. (BZ#817570) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 752304 - CVE-2012-1583 kernel: ipv6: panic using raw sockets 813428 - CVE-2012-0217 kernel: x86-64: avoid sysret to non-canonical address 817570 - Fix RPC priority queue wake up all tasks processing [rhel-5.6.z] 6. Package List: Red Hat Enterprise Linux EUS (v. 5.6server): Source: kernel-2.6.18-238.39.1.el5.src.rpm i386: kernel-2.6.18-238.39.1.el5.i686.rpm kernel-PAE-2.6.18-238.39.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.39.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.39.1.el5.i686.rpm kernel-debug-2.6.18-238.39.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.39.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.39.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.39.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.39.1.el5.i686.rpm kernel-devel-2.6.18-238.39.1.el5.i686.rpm kernel-headers-2.6.18-238.39.1.el5.i386.rpm kernel-xen-2.6.18-238.39.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.39.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.39.1.el5.i686.rpm ia64: kernel-2.6.18-238.39.1.el5.ia64.rpm kernel-debug-2.6.18-238.39.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-238.39.1.el5.ia64.rpm kernel-debug-devel-2.6.18-238.39.1.el5.ia64.rpm kernel-debuginfo-2.6.18-238.39.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-238.39.1.el5.ia64.rpm kernel-devel-2.6.18-238.39.1.el5.ia64.rpm kernel-headers-2.6.18-238.39.1.el5.ia64.rpm kernel-xen-2.6.18-238.39.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-238.39.1.el5.ia64.rpm kernel-xen-devel-2.6.18-238.39.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-238.39.1.el5.noarch.rpm ppc: kernel-2.6.18-238.39.1.el5.ppc64.rpm kernel-debug-2.6.18-238.39.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-238.39.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-238.39.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-238.39.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-238.39.1.el5.ppc64.rpm kernel-devel-2.6.18-238.39.1.el5.ppc64.rpm kernel-headers-2.6.18-238.39.1.el5.ppc.rpm kernel-headers-2.6.18-238.39.1.el5.ppc64.rpm kernel-kdump-2.6.18-238.39.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-238.39.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-238.39.1.el5.ppc64.rpm s390x: kernel-2.6.18-238.39.1.el5.s390x.rpm kernel-debug-2.6.18-238.39.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-238.39.1.el5.s390x.rpm kernel-debug-devel-2.6.18-238.39.1.el5.s390x.rpm kernel-debuginfo-2.6.18-238.39.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-238.39.1.el5.s390x.rpm kernel-devel-2.6.18-238.39.1.el5.s390x.rpm kernel-headers-2.6.18-238.39.1.el5.s390x.rpm kernel-kdump-2.6.18-238.39.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-238.39.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-238.39.1.el5.s390x.rpm x86_64: kernel-2.6.18-238.39.1.el5.x86_64.rpm kernel-debug-2.6.18-238.39.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.39.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.39.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.39.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.39.1.el5.x86_64.rpm kernel-devel-2.6.18-238.39.1.el5.x86_64.rpm kernel-headers-2.6.18-238.39.1.el5.x86_64.rpm kernel-xen-2.6.18-238.39.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.39.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.39.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2012-0217 https://access.redhat.com/security/cve/CVE-2012-1583 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2012 Red Hat, Inc. . Kernel update for Red Hat Enterprise Linux addresses important security issues and bugs, enhancing system stability.. Red Hat Enterprise Linux,kernel update,security issues,system bugs,xfrm6_tunnel. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jun 12, 2012 Important Red Hat
Banner 1 1028x280 1708121660 1771599717
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorykernel updateRed Hat Enterprise Linux

Red Hat Linux 4 RHSA-2008:0607-01 Important: Kernel Memory Leak DoS

Updated kernel packages that fix a security issue and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.. ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2008:0607-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2008:0607.html Issue date: 2008-07-23 CVE Names: CVE-2008-2136 ==================================================================== 1. Summary: Updated kernel packages that fix a security issue and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issue: * a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2008-2136, Important) As well, these updated packages fix the following bugs: * a possible kernel hang on hugemem systems, due to a bug in NFS, which may have caused systems to become unresponsive, has been resolved. * an inappropriate exit condition occurred in the architecture-specific "mmap()" realization, which fell into an infinite loop under certain conditions. On 64-bit systems, thisissue may have manifested itself to users as a soft lockup, or process hangs. * due to a bug in hardware initialization in the "ohci_hcd" kernel module, the kernel may have failed with a NULL pointer dereference. On 64-bit PowerPC systems, this may have caused booting to fail, and drop to xmon. On other platforms, a kernel oops occurred. * due to insufficient locks in task termination code, a panic may have occurred in the "sys_times()" system call on SMP machines. Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 446031 - CVE-2008-2136 kernel: sit memory leak 450185 - [RHEL 4] cffimtgsaslx08 hung 450760 - Patch for bug 360281 "Odd behaviour in mmap" introduces regression 450865 - kernel failed to boot and dropped to xmon 455072 - kernel panic with kernel version 2.6.9-67.0.20.EL 6. Package List: Red Hat Enterprise Linux AS version4: Source: i386: kernel-2.6.9-67.0.22.EL.i686.rpm kernel-debuginfo-2.6.9-67.0.22.EL.i686.rpm kernel-devel-2.6.9-67.0.22.EL.i686.rpm kernel-hugemem-2.6.9-67.0.22.EL.i686.rpm kernel-hugemem-devel-2.6.9-67.0.22.EL.i686.rpm kernel-smp-2.6.9-67.0.22.EL.i686.rpm kernel-smp-devel-2.6.9-67.0.22.EL.i686.rpm kernel-xenU-2.6.9-67.0.22.EL.i686.rpm kernel-xenU-devel-2.6.9-67.0.22.EL.i686.rpm ia64: kernel-2.6.9-67.0.22.EL.ia64.rpm kernel-debuginfo-2.6.9-67.0.22.EL.ia64.rpm kernel-devel-2.6.9-67.0.22.EL.ia64.rpm kernel-largesmp-2.6.9-67.0.22.EL.ia64.rpm kernel-largesmp-devel-2.6.9-67.0.22.EL.ia64.rpm noarch: kernel-doc-2.6.9-67.0.22.EL.noarch.rpm ppc: kernel-2.6.9-67.0.22.EL.ppc64.rpm kernel-2.6.9-67.0.22.EL.ppc64iseries.rpm kernel-debuginfo-2.6.9-67.0.22.EL.ppc64.rpm kernel-debuginfo-2.6.9-67.0.22.EL.ppc64iseries.rpm kernel-devel-2.6.9-67.0.22.EL.ppc64.rpm kernel-devel-2.6.9-67.0.22.EL.ppc64iseries.rpm kernel-largesmp-2.6.9-67.0.22.EL.ppc64.rpm kernel-largesmp-devel-2.6.9-67.0.22.EL.ppc64.rpm s390: kernel-2.6.9-67.0.22.EL.s390.rpm kernel-debuginfo-2.6.9-67.0.22.EL.s390.rpm kernel-devel-2.6.9-67.0.22.EL.s390.rpm s390x: kernel-2.6.9-67.0.22.EL.s390x.rpm kernel-debuginfo-2.6.9-67.0.22.EL.s390x.rpm kernel-devel-2.6.9-67.0.22.EL.s390x.rpm x86_64: kernel-2.6.9-67.0.22.EL.x86_64.rpm kernel-debuginfo-2.6.9-67.0.22.EL.x86_64.rpm kernel-devel-2.6.9-67.0.22.EL.x86_64.rpm kernel-largesmp-2.6.9-67.0.22.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-67.0.22.EL.x86_64.rpm kernel-smp-2.6.9-67.0.22.EL.x86_64.rpm kernel-smp-devel-2.6.9-67.0.22.EL.x86_64.rpm kernel-xenU-2.6.9-67.0.22.EL.x86_64.rpm kernel-xenU-devel-2.6.9-67.0.22.EL.x86_64.rpm Red Hat Enterprise Linux Desktop version4: Source: i386: kernel-2.6.9-67.0.22.EL.i686.rpm kernel-debuginfo-2.6.9-67.0.22.EL.i686.rpm kernel-devel-2.6.9-67.0.22.EL.i686.rpm kernel-hugemem-2.6.9-67.0.22.EL.i686.rpm kernel-hugemem-devel-2.6.9-67.0.22.EL.i686.rpm kernel-smp-2.6.9-67.0.22.EL.i686.rpm kernel-smp-devel-2.6.9-67.0.22.EL.i686.rpm kernel-xenU-2.6.9-67.0.22.EL.i686.rpm kernel-xenU-devel-2.6.9-67.0.22.EL.i686.rpm noarch: kernel-doc-2.6.9-67.0.22.EL.noarch.rpm x86_64: kernel-2.6.9-67.0.22.EL.x86_64.rpm kernel-debuginfo-2.6.9-67.0.22.EL.x86_64.rpm kernel-devel-2.6.9-67.0.22.EL.x86_64.rpm kernel-largesmp-2.6.9-67.0.22.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-67.0.22.EL.x86_64.rpm kernel-smp-2.6.9-67.0.22.EL.x86_64.rpm kernel-smp-devel-2.6.9-67.0.22.EL.x86_64.rpm kernel-xenU-2.6.9-67.0.22.EL.x86_64.rpm kernel-xenU-devel-2.6.9-67.0.22.EL.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: kernel-2.6.9-67.0.22.EL.i686.rpm kernel-debuginfo-2.6.9-67.0.22.EL.i686.rpm kernel-devel-2.6.9-67.0.22.EL.i686.rpm kernel-hugemem-2.6.9-67.0.22.EL.i686.rpm kernel-hugemem-devel-2.6.9-67.0.22.EL.i686.rpm kernel-smp-2.6.9-67.0.22.EL.i686.rpm kernel-smp-devel-2.6.9-67.0.22.EL.i686.rpm kernel-xenU-2.6.9-67.0.22.EL.i686.rpm kernel-xenU-devel-2.6.9-67.0.22.EL.i686.rpm ia64: kernel-2.6.9-67.0.22.EL.ia64.rpm kernel-debuginfo-2.6.9-67.0.22.EL.ia64.rpm kernel-devel-2.6.9-67.0.22.EL.ia64.rpm kernel-largesmp-2.6.9-67.0.22.EL.ia64.rpm kernel-largesmp-devel-2.6.9-67.0.22.EL.ia64.rpm noarch: kernel-doc-2.6.9-67.0.22.EL.noarch.rpm x86_64: kernel-2.6.9-67.0.22.EL.x86_64.rpm kernel-debuginfo-2.6.9-67.0.22.EL.x86_64.rpm kernel-devel-2.6.9-67.0.22.EL.x86_64.rpm kernel-largesmp-2.6.9-67.0.22.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-67.0.22.EL.x86_64.rpm kernel-smp-2.6.9-67.0.22.EL.x86_64.rpm kernel-smp-devel-2.6.9-67.0.22.EL.x86_64.rpm kernel-xenU-2.6.9-67.0.22.EL.x86_64.rpm kernel-xenU-devel-2.6.9-67.0.22.EL.x86_64.rpm Red Hat Enterprise Linux WS version4: Source: i386: kernel-2.6.9-67.0.22.EL.i686.rpm kernel-debuginfo-2.6.9-67.0.22.EL.i686.rpm kernel-devel-2.6.9-67.0.22.EL.i686.rpm kernel-hugemem-2.6.9-67.0.22.EL.i686.rpm kernel-hugemem-devel-2.6.9-67.0.22.EL.i686.rpm kernel-smp-2.6.9-67.0.22.EL.i686.rpm kernel-smp-devel-2.6.9-67.0.22.EL.i686.rpm kernel-xenU-2.6.9-67.0.22.EL.i686.rpm kernel-xenU-devel-2.6.9-67.0.22.EL.i686.rpm ia64: kernel-2.6.9-67.0.22.EL.ia64.rpm kernel-debuginfo-2.6.9-67.0.22.EL.ia64.rpm kernel-devel-2.6.9-67.0.22.EL.ia64.rpm kernel-largesmp-2.6.9-67.0.22.EL.ia64.rpm kernel-largesmp-devel-2.6.9-67.0.22.EL.ia64.rpm noarch: kernel-doc-2.6.9-67.0.22.EL.noarch.rpm x86_64: kernel-2.6.9-67.0.22.EL.x86_64.rpm kernel-debuginfo-2.6.9-67.0.22.EL.x86_64.rpm kernel-devel-2.6.9-67.0.22.EL.x86_64.rpm kernel-largesmp-2.6.9-67.0.22.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-67.0.22.EL.x86_64.rpm kernel-smp-2.6.9-67.0.22.EL.x86_64.rpm kernel-smp-devel-2.6.9-67.0.22.EL.x86_64.rpm kernel-xenU-2.6.9-67.0.22.EL.x86_64.rpm kernel-xenU-devel-2.6.9-67.0.22.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2008-2136 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2008 Red Hat, Inc. . Major Red Hat kernel upgrade addressing severe vulnerabilities and defects, enhancing system integrity and safeguarding security.. Red Hat Security, Kernel Updates, System Security, Kernel Fixes. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jul 23, 2008 Important Red Hat
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here