(RHSA-2012:0670) Important: kernel-rt security and bug fix update

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

• When a set user ID (setuid) application is executed, certain personality
  flags for controlling the application’s behavior are cleared (that is, a
  privileged application will not be affected by those flags). It was found
  that those flags were not cleared if the application was made privileged
  via file system capabilities. A local, unprivileged user could use this
  flaw to change the behavior of such applications, allowing them to bypass
  intended restrictions. Note that for default installations, no application
  shipped by Red Hat for Red Hat Enterprise MRG is made privileged via file
  system capabilities. (CVE-2012-2123, Important)

• A flaw was found in the way the Linux kernel’s journal_unmap_buffer()
  function handled buffer head states. On systems that have an ext4 file
  system with a journal mounted, a local, unprivileged user could use this
  flaw to cause a denial of service. (CVE-2011-4086, Moderate)

This update also fixes the following bugs:

• The CAP_SYS_ADMIN check was missing from the dmesg_restrict feature.
  Consequently, an unprivileged and jailed root user could bypass the
  dmesg_restrict protection. This update adds CAP_SYS_ADMIN to both
  dmesg_restrict and kptr_restrict, which only allows writing to
  dmesg_restrict when root has CAP_SYS_ADMIN. (BZ#808271)

• Previously, the _copy_from_pages() function, which is used to copy data
  from the temporary buffer to the user-passed buffer, was passed the wrong
  size parameter when copying data. Consequently, if the user provided a
  buffer greater than PAGE_SIZE, the getxattr() syscalls were handled
  incorrectly. This update fixes _copy_from_pages() to use the ACL length,
  which uses a correctly-sized buffer. (BZ#753230)

• Some older versions of hardware or their software could not recognize
  certain commands and would log messages for illegal or unsupported errors
  the driver could not properly handle. This bug has been fixed and no bogus
  error messages are now returned in the described scenario. (BZ#813892)

• Previously, the qla2x00_poll() function did the local_irq_save() call
  before calling qla24xx_intr_handler(), which had a spinlock. Since
  spinlocks are sleepable in the real-time kernel, it is not allowed to call
  them with interrupts disabled. This scenario produced error messages and
  could cause a system deadlock. With this update, the
  local_irq_save_nort(flags) function is used to save flags without disabling
  interrupts, which prevents potential deadlocks and removes the error
  messages. (BZ#818220)

Users should upgrade to these updated packages, which correct these issues.
The system must be rebooted for this update to take effect.