Lucene search

K
redhatRedHatRHSA-2012:0010
HistoryJan 10, 2012 - 12:00 a.m.

(RHSA-2012:0010) Important: kernel-rt security and bug fix update

2012-01-1000:00:00
access.redhat.com
32

EPSS

0.016

Percentile

87.3%

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

  • A malicious CIFS (Common Internet File System) server could send a
    specially-crafted response to a directory read request that would result in
    a denial of service or privilege escalation on a system that has a CIFS
    share mounted. (CVE-2011-3191, Important)

  • The way fragmented IPv6 UDP datagrams over the bridge with UDP
    Fragmentation Offload (UFO) functionality on were handled could allow a
    remote attacker to cause a denial of service. (CVE-2011-4326, Important)

  • GRO (Generic Receive Offload) fields could be left in an inconsistent
    state. An attacker on the local network could use this flaw to cause a
    denial of service. GRO is enabled by default in all network drivers that
    support it. (CVE-2011-2723, Moderate)

  • IPv4 and IPv6 protocol sequence number and fragment ID generation could
    allow a man-in-the-middle attacker to inject packets and possibly hijack
    connections. Protocol sequence numbers and fragment IDs are now more
    random. (CVE-2011-3188, Moderate)

  • A flaw in the FUSE (Filesystem in Userspace) implementation could allow
    a local user in the fuse group who has access to mount a FUSE file system
    to cause a denial of service. (CVE-2011-3353, Moderate)

  • A flaw in the b43 driver. If a system had an active wireless interface
    that uses the b43 driver, an attacker able to send a specially-crafted
    frame to that interface could cause a denial of service. (CVE-2011-3359,
    Moderate)

  • A flaw in the way CIFS shares with DFS referrals at their root were
    handled could allow an attacker on the local network, who is able to deploy
    a malicious CIFS server, to create a CIFS network share that, when mounted,
    would cause the client system to crash. (CVE-2011-3363, Moderate)

  • A flaw in the m_stop() implementation could allow a local, unprivileged
    user to trigger a denial of service. (CVE-2011-3637, Moderate)

  • Flaws in ghash_update() and ghash_final() could allow a local,
    unprivileged user to cause a denial of service. (CVE-2011-4081, Moderate)

  • A flaw in the key management facility could allow a local, unprivileged
    user to cause a denial of service via the keyctl utility. (CVE-2011-4110,
    Moderate)

  • A flaw in the Journaling Block Device (JBD) could allow a local attacker
    to crash the system by mounting a specially-crafted ext3 or ext4 disk.
    (CVE-2011-4132, Moderate)

  • A flaw in the way memory containing security-related data was handled in
    tpm_read() could allow a local, unprivileged user to read the results of a
    previously run TPM command. (CVE-2011-1162, Low)

  • I/O statistics from the taskstats subsystem could be read without any
    restrictions, which could allow a local, unprivileged user to gather
    confidential information, such as the length of a password used in a
    process. (CVE-2011-2494, Low)

  • Flaws in tpacket_rcv() and packet_recvmsg() could allow a local,
    unprivileged user to leak information to user-space. (CVE-2011-2898, Low)

Red Hat would like to thank Darren Lavender for reporting CVE-2011-3191;
Brent Meshier for reporting CVE-2011-2723; Dan Kaminsky for reporting
CVE-2011-3188; Yogesh Sharma for reporting CVE-2011-3363; Nick Bowler for
reporting CVE-2011-4081; Peter Huewe for reporting CVE-2011-1162; and
Vasiliy Kulikov of Openwall for reporting CVE-2011-2494.

This update also fixes the following bugs:

  • Previously, a mismatch in the build-id of the kernel-rt and the one in
    the related debuginfo package caused failures in SystemTap and perf.
    (BZ#768413)

  • IBM x3650m3 systems were not able to boot the MRG Realtime kernel because
    they require a pmcraid driver that was not available. The pmcraid driver is
    included in this update. (BZ#753992)

Users should upgrade to these updated packages, which correct these issues.
The system must be rebooted for this update to take effect.