Bug Fix Advisory kernel-rt bug fix update

Advisory: RHBA-2012:0044-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2012-01-23
Last updated on: 2012-01-23
Affected Products: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)


Updated kernel-rt packages that fix various bugs are now available for Red Hat
Enterprise MRG 2.1.

The kernel-rt package has been upgraded to upstream version 3.0, which provides
a number of bug fixes and enhancements over the previous version. (BZ#725485)

This update fixes the following bugs:

* Some applications use flawed versioning logic that cannot recognize new Linux
kernel versions in the format of 3.x.y. As a workaround to this bug in external
applications, the new uname26 utility has been added to MRG Realtime 2.1. This
utility activates the 2.6 personality kernel patch to transform data returned by
the uname(2) system call to the format of 2.6.40+[minor_release_number], and
then executes the actual application. (BZ#749575)

* The recvmmsg() and sendmmsg() system calls were missing from the code and were
previously unavailable. This update restores the code with the system calls.

* The /proc/kcore virtual file could be read beyond the ELF (Executable and
Linkable Format) header file info and a malicious root user could read the file
beyond the ELF header information. Now, kcore can be read only to its ELF header
file information as intended. (BZ#663865)

* The %pK printk format specifier was not added when printing the data from the
/proc/kallsyms and /proc/ modules interfaces. This could cause kernel address
leaks. With this update, %pK is properly used when returning data from the
interfaces. (BZ#679263)

* The kernel and kernel-rt packages delivered the same set of kernel man pages.
Consequently, file conflicts occurred when both kernel-doc and kernel-rt-doc
were being installed. This update adds the rt suffix to the files with
kernel-rt-doc man pages and the file conflicts no longer occur. (BZ#711488)

* Both the Red Hat Enterprise Linux kernel and the Red Hat Enterprise MRG
Realtime kernel delivered the /lib/firmware/WHENCE file, which caused an
installation conflict. With this update, this file has been moved to a versioned
directory in the Realtime kernel, thus fixing this bug. (BZ#725028)

* The cred_alloc_blank() function called the abort_creds(new) function with
new->security == NULL and new->magic == 0 if the security_cred_alloc_blank()
function returned an error. As a result, the BUG() function was triggered if
SELinux was enabled or if the CONFIG_DEBUG_CREDENTIALS property was active. Now,
new->magic is set before the security_cred_alloc_blank() function is called and
cred->security with the NULL value in creds_are_invalid() and
selinux_cred_free() functions is now handled gracefully. (BZ#717905)

* Certain kernel static data areas and kernel modules have writable or
executable memory areas. Prior to this update, malicious software could
overwrite the data and potentially execute code in these areas. With this
update, the RO (Read-Only) and NX (No eXecute) bits have been added to the
memory areas to prevent such actions. (BZ#679272)

Users of kernel-rt are advised to upgrade to these updated packages, which fix
these bugs. The system must be rebooted for this update to take effect.


Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at

Updated packages

Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)

File outdated by:  RHSA-2017:1297
    MD5: b92f8c46ed8fd59a459aa8f7e1160e8a
SHA-256: b967bf55c20c0a9f2520c9a48b639426f8125efb6476d51b202501efb10b4da4
File outdated by:  RHSA-2017:1297
    MD5: 37b3ddc8f6a9433b6a58dae4bbc575a4
SHA-256: f093d425bbc73fb2cf85345f8a27835db2b5d281c846f3dc9f8e31615e7fe6fb
File outdated by:  RHSA-2017:1297
    MD5: 5f396e4bb6c173cc7aa9d559c95daa1e
SHA-256: 8b31e74c487d465c9b139c5fee7147fed77ee5ef11cc2f52bc8dc20c980be6f1
File outdated by:  RHSA-2017:1297
    MD5: 4951d66915c75c669d72f37f46ff1ed6
SHA-256: 37f215be3783b973f134a8f44c36761a14e7c230af6f97e38c851d62da8c87f6
File outdated by:  RHSA-2017:1297
    MD5: 8d2ae9bd7595722fae5a8b4e939f3d36
SHA-256: d3d54af47d4a25675e62d955336628e53e31a4f163d80b8aaa2c4ba28ede4ce7
File outdated by:  RHSA-2017:1297
    MD5: aa2710db41cfd0dfd3f2e650cc283da8
SHA-256: 3c07742b92350dd8df3530b2ec56ec94b8d4f9f784f60d3faa7fa5a6d1f6ed8a
File outdated by:  RHSA-2017:1297
    MD5: f2a2486ced5c356c519b964dd83479a6
SHA-256: 1372463399a57a5af676494dab5a02d58a0a5e48fc50cf27c964dd7a5413bae1
File outdated by:  RHSA-2017:1297
    MD5: e5e915c86f3d3547305b00c8d4441150
SHA-256: e9ac4fb59f07aad1756c2f53cb71c40807ade42f7618064c10809d441a5f58ab
File outdated by:  RHSA-2017:1297
    MD5: e25509a023141751bec485b5ab8ede0a
SHA-256: 13e2f8e1ac0a7206c1e49e39e8b081432ed2c638ed51848b719c17b4f4afa9fc
File outdated by:  RHSA-2017:1297
    MD5: 988de6af8941e5f722fe10897d5c5442
SHA-256: 1fb70bae8ce7d968f03521bd1f9eb19bc479f83f294f1f8542ab2d76fa8442c5
File outdated by:  RHSA-2017:1297
    MD5: 4f21260d7961d7644cad3a0650a52baa
SHA-256: 72ed7cabefcd3a91c84969544d608cc531bcec6587b5e8352e80c4b2f727e758
File outdated by:  RHSA-2017:1297
    MD5: 2fc2a21f6925a8872fa149c1877c11a9
SHA-256: da252cc70a2691736aa9edc12950a223936ff52c7c7b870ae5a172d601933186
File outdated by:  RHSA-2017:1297
    MD5: 402c2e2a62cdec2dbbb0334ab1d9751d
SHA-256: 122f609baada03da19a8161c21c182974cce863c441ab0cdf6f480703b47f51c
File outdated by:  RHSA-2017:1297
    MD5: b9c5188177b3416a70244614a20bab74
SHA-256: 0dc5382e0fc23f06b6df8040ff21c818fad5028b2c3e1f4caab19d7ac6a3d94f
File outdated by:  RHSA-2017:1297
    MD5: d2f989c93e0b390e47929ac665a329f8
SHA-256: 74451271541afb58c0d20dd1c99621a4c54a7ea32ea99961b132af5b43ee98e1
File outdated by:  RHSA-2017:1297
    MD5: ee67b66ddc1235eccfc17273c8b01757
SHA-256: dd16660e61af77c35dd88deaacfb7281e1b3a40de2ae48793bb3737645d4f628
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

679263 - [RFE] kernel: kptr_restrict for hiding kernel pointers from unprivileged users [mrg-2.1]
749575 - Add a personality to report 2.6.x version number

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/