(RHSA-2013:1292) Moderate: kernel security and bug fix update

2013-09-26T04:00:00
ID RHSA-2013:1292
Type redhat
Reporter RedHat
Modified 2017-09-08T11:55:29

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues:

  • A use-after-free flaw was found in the madvise() system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2012-3511, Moderate)

  • A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-4162, Moderate)

  • An information leak flaw in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. (CVE-2013-2141, Low)

Red Hat would like to thank Hannes Frederic Sowa for reporting CVE-2013-4162.

This update also fixes the following bugs:

  • A bug in the be2net driver prevented communication between NICs using be2net. This update applies a patch addressing this problem along with several other upstream patches that fix various other problems. Traffic between NICs using the be2net driver now proceeds as expected. (BZ#983864)

  • A recent patch fixing a problem that prevented communication between NICs using the be2net driver caused the firmware of NICs to become unresponsive, and thus triggered a kernel panic. The problem was caused by unnecessary usage of a hardware workaround that allows skipping VLAN tag insertion. A patch has been applied and the workaround is now used only when the multi-channel configuration is enabled on the NIC. Note that the bug only affected the NICs with firmware version 4.2.xxxx. (BZ#999819)

  • A bug in the autofs4 mount expiration code could cause the autofs4 module to falsely report a busy tree of NFS mounts as "not in use". Consequently, automount attempted to unmount the tree and failed with a "failed to umount offset" error, leaving the mount tree to appear as empty directories. A patch has been applied to remove an incorrectly used autofs dentry mount check and the aforementioned problem no longer occurs. (BZ#1001488)

  • A race condition in the be_open function in the be2net driver could trigger the BUG_ON() macro, which resulted in a kernel panic. A patch addressing this problem has been applied and the race condition is now avoided by enabling polling before enabling interrupts globally. The kernel no longer panics in this situation. (BZ#1005239)

All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.