Skip to navigation

Security Advisory Important: kernel security and bug fix update

Advisory: RHSA-2011:0883-1
Type: Security Advisory
Severity: Important
Issued on: 2011-06-21
Last updated on: 2011-06-21
Affected Products: Red Hat Enterprise Linux Server EUS (v. 6.0.z)
CVEs (cve.mitre.org): CVE-2010-3881
CVE-2010-4251
CVE-2010-4805
CVE-2011-0999
CVE-2011-1010
CVE-2011-1082
CVE-2011-1090
CVE-2011-1163
CVE-2011-1170
CVE-2011-1171
CVE-2011-1172
CVE-2011-1182
CVE-2011-1494
CVE-2011-1495

Details

Updated kernel packages that fix several security issues and three bugs are
now available for Red Hat Enterprise Linux 6.0 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update includes backported fixes for security issues. These issues,
except for CVE-2011-1182, only affected users of Red Hat Enterprise Linux
6.0 Extended Update Support as they have already been addressed for users
of Red Hat Enterprise Linux 6 in the 6.1 update, RHSA-2011:0542.

Security fixes:

* Buffer overflow flaws were found in the Linux kernel's Management Module
Support for Message Passing Technology (MPT) based controllers. A local,
unprivileged user could use these flaws to cause a denial of service, an
information leak, or escalate their privileges. (CVE-2011-1494,
CVE-2011-1495, Important)

* A flaw was found in the Linux kernel's networking subsystem. If the
number of packets received exceeded the receiver's buffer limit, they were
queued in a backlog, consuming memory, instead of being discarded. A remote
attacker could abuse this flaw to cause a denial of service (out-of-memory
condition). (CVE-2010-4251, CVE-2010-4805, Moderate)

* A flaw was found in the Linux kernel's Transparent Huge Pages (THP)
implementation. A local, unprivileged user could abuse this flaw to allow
the user stack (when it is using huge pages) to grow and cause a denial of
service. (CVE-2011-0999, Moderate)

* A flaw in the Linux kernel's Event Poll (epoll) implementation could
allow a local, unprivileged user to cause a denial of service.
(CVE-2011-1082, Moderate)

* An inconsistency was found in the interaction between the Linux kernel's
method for allocating NFSv4 (Network File System version 4) ACL data and
the method by which it was freed. This inconsistency led to a kernel panic
which could be triggered by a local, unprivileged user with files owned by
said user on an NFSv4 share. (CVE-2011-1090, Moderate)

* It was found that some structure padding and reserved fields in certain
data structures in KVM (Kernel-based Virtual Machine) were not initialized
properly before being copied to user-space. A privileged host user with
access to "/dev/kvm" could use this flaw to leak kernel stack memory to
user-space. (CVE-2010-3881, Low)

* A missing validation check was found in the Linux kernel's
mac_partition() implementation, used for supporting file systems created on
Mac OS operating systems. A local attacker could use this flaw to cause a
denial of service by mounting a disk that contains specially-crafted
partitions. (CVE-2011-1010, Low)

* A buffer overflow flaw in the DEC Alpha OSF partition implementation in
the Linux kernel could allow a local attacker to cause an information leak
by mounting a disk that contains specially-crafted partition tables.
(CVE-2011-1163, Low)

* Missing validations of null-terminated string data structure elements in
the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(),
and do_arpt_get_ctl() functions could allow a local user who has the
CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170,
CVE-2011-1171, CVE-2011-1172, Low)

* A missing validation check was found in the Linux kernel's signals
implementation. A local, unprivileged user could use this flaw to send
signals via the sigqueueinfo system call, with the si_code set to SI_TKILL
and with spoofed process and user IDs, to other processes. Note: This flaw
does not allow existing permission checks to be bypassed; signals can only
be sent if your privileges allow you to already do so. (CVE-2011-1182, Low)

Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and
CVE-2011-1495; Nelson Elhage for reporting CVE-2011-1082; Vasiliy
Kulikov for reporting CVE-2010-3881, CVE-2011-1170, CVE-2011-1171, and
CVE-2011-1172; Timo Warns for reporting CVE-2011-1010 and CVE-2011-1163;
and Julien Tinnes of the Google Security Team for reporting CVE-2011-1182.

This update also fixes three bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.


Solution

Users should upgrade to these updated packages, which contain
backported patches to resolve these issues, and fix the bugs noted in
the Technical Notes. The system must be rebooted for this update to
take effect.

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

Updated packages

Red Hat Enterprise Linux Server EUS (v. 6.0.z)

SRPMS:
kernel-2.6.32-71.31.1.el6.src.rpm
File outdated by:  RHSA-2012:1114
    MD5: 6034d95eb04c53af22a27030b1b21a4a
SHA-256: b9d334c8033b4aa56b5a683da12cf4f703d989fdf7e93f0e9be06d15fd437171
 
IA-32:
kernel-2.6.32-71.31.1.el6.i686.rpm
File outdated by:  RHSA-2012:1114
    MD5: d443f4ba289aee62e43f13b3c9d45096
SHA-256: ed46f32b0ed5aaf453fe042e34f34b5525ea3849b7a2fc57f60ffdda2120d193
kernel-debug-2.6.32-71.31.1.el6.i686.rpm
File outdated by:  RHSA-2012:1114
    MD5: 7d2bc2bf63d55b5a862b94ed9b69c178
SHA-256: 684dcc318f4a895b18e7c00bd7097e09a3d210484f26301c9a80eceb28056fd6
kernel-debug-debuginfo-2.6.32-71.31.1.el6.i686.rpm
File outdated by:  RHSA-2012:1114
    MD5: c0a820187712e2e08b65adf945682d3d
SHA-256: 8220c6dfddc91336395c8aef2ee38e84fecf17099737f18eb3ffad4751a5884b
kernel-debug-devel-2.6.32-71.31.1.el6.i686.rpm
File outdated by:  RHSA-2012:1114
    MD5: b03e2916fe909b5c64f56b67d62aa217
SHA-256: 3fa4eda969263bfcfb9d7431bd25b8b9f512f2f4106b68913c03678aad4db161
kernel-debuginfo-2.6.32-71.31.1.el6.i686.rpm
File outdated by:  RHSA-2012:1114
    MD5: 6d1fbdc25a7e3bd8cbe09636bc245104
SHA-256: 3d28ced29e43e82edfc8cd3065df3eeef467c02e6037bc18c6cf6f9c726fa44f
kernel-debuginfo-common-i686-2.6.32-71.31.1.el6.i686.rpm
File outdated by:  RHSA-2012:1114
    MD5: 4727c3c4c3110d279872f9f5bf46bfc4
SHA-256: 16c2f4d82d36643c17624e385f232ff3b41cf2d4525599ef79e9ce1c3ea71f71
kernel-devel-2.6.32-71.31.1.el6.i686.rpm
File outdated by:  RHSA-2012:1114
    MD5: f1ad9c7748d5106531141f33cb93ce8f
SHA-256: bc16f2d77114417cef9e2b2ce8df6af6eb4ba195a4fcaca530316102951d402d
kernel-doc-2.6.32-71.31.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: 593abaf80b6d2f7c297c0c6dd1d985e8
SHA-256: 275d27b81742aac94ef99dc1c4caaeeff2a7f561fb621b7f0efdb2f26ac80bc7
kernel-firmware-2.6.32-71.31.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: fc916911a0736c577b1b99b0b8b62874
SHA-256: 61c49c98e1fd96293f5718c558fc9224430f1b32fda7e65f26f6253a10d30588
kernel-headers-2.6.32-71.31.1.el6.i686.rpm
File outdated by:  RHSA-2012:1114
    MD5: f57a63d68d1d2b597e5cfbe6198bb78a
SHA-256: 2b3cdf9731482c1d7990f0446a03aaa65ace92918770e8f988b9f335f9d182fb
perf-2.6.32-71.31.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: 10c3ce8639efba352d08424f6ed53bea
SHA-256: fcfa5e0251a4a5de51cff66bfcd7c700f421a4a5aa38e5a47e1497f515c70f08
 
PPC:
kernel-2.6.32-71.31.1.el6.ppc64.rpm
File outdated by:  RHSA-2012:1114
    MD5: c803706015bb79baaf92851967c8eabe
SHA-256: 9f9fb38bb1aaeb5bc030fe4f09c8ad0414d514b499c79e8fac3a438048323d98
kernel-bootwrapper-2.6.32-71.31.1.el6.ppc64.rpm
File outdated by:  RHSA-2012:1114
    MD5: 249e59304c5e0e2a35635db087eae8a9
SHA-256: bd594b69a388a70142d284268993b093eb4cc8a585d190aefccf8b97f205cf3a
kernel-debug-2.6.32-71.31.1.el6.ppc64.rpm
File outdated by:  RHSA-2012:1114
    MD5: aed70f27c6b1575602a82970c203ae49
SHA-256: 27ebc02f9004303e67643a261843359d959e6525945dc2000c935c5dd9a85638
kernel-debug-debuginfo-2.6.32-71.31.1.el6.ppc64.rpm
File outdated by:  RHSA-2012:1114
    MD5: 0c9668a017951557c176dba4ee3ae8fa
SHA-256: dabbe916ebadb049d699b96d1c3194c258b54569861a604d85467324c32d9804
kernel-debug-devel-2.6.32-71.31.1.el6.ppc64.rpm
File outdated by:  RHSA-2012:1114
    MD5: 5f48998c1c829e75f94ffc8849b70533
SHA-256: 9d3653939de7ec0512d4a4bb08c368220dc9c8577b701bb6f920b7827dbb6fbf
kernel-debuginfo-2.6.32-71.31.1.el6.ppc64.rpm
File outdated by:  RHSA-2012:1114
    MD5: ad4f3a957e14d87ed5b6b34ed3ba3dec
SHA-256: 49f129aea4f36b62a10e8d0985c57f13c80463081a99fc2d3ba10e2121e75ed3
kernel-debuginfo-common-ppc64-2.6.32-71.31.1.el6.ppc64.rpm
File outdated by:  RHSA-2012:1114
    MD5: 9ffd74ecab25f84a9944a5652055272e
SHA-256: 20ddb69e88610a0a677208120622495ac2d1f7b4f9954bdea081e34f0040ad65
kernel-devel-2.6.32-71.31.1.el6.ppc64.rpm
File outdated by:  RHSA-2012:1114
    MD5: 92118c074e91baf296421b01968a503d
SHA-256: ad46b4a0df575b3a6c23503f9f0b8fe94f8ded9b35a5429cfebba0c8f8a89004
kernel-doc-2.6.32-71.31.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: 593abaf80b6d2f7c297c0c6dd1d985e8
SHA-256: 275d27b81742aac94ef99dc1c4caaeeff2a7f561fb621b7f0efdb2f26ac80bc7
kernel-firmware-2.6.32-71.31.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: fc916911a0736c577b1b99b0b8b62874
SHA-256: 61c49c98e1fd96293f5718c558fc9224430f1b32fda7e65f26f6253a10d30588
kernel-headers-2.6.32-71.31.1.el6.ppc64.rpm
File outdated by:  RHSA-2012:1114
    MD5: 62b607b64b72de67364435df204964fe
SHA-256: 9b9ce1bb37fbdf0823e875ee1b41bb496020be76818b62ade7af81a8cae8ad08
perf-2.6.32-71.31.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: 10c3ce8639efba352d08424f6ed53bea
SHA-256: fcfa5e0251a4a5de51cff66bfcd7c700f421a4a5aa38e5a47e1497f515c70f08
 
s390x:
kernel-2.6.32-71.31.1.el6.s390x.rpm
File outdated by:  RHSA-2012:1114
    MD5: e95d315d256ecbcd9806a4617431943c
SHA-256: 02d764ee2e76d606eab86f46c28aefdabf9637d044ab107027fa20e61073638c
kernel-debug-2.6.32-71.31.1.el6.s390x.rpm
File outdated by:  RHSA-2012:1114
    MD5: 6eae24d395c67840b17113dce8228085
SHA-256: 33af6470fa3fa41e80c4f02ea25e7b1353d430c6930a7349febb571d935c9536
kernel-debug-debuginfo-2.6.32-71.31.1.el6.s390x.rpm
File outdated by:  RHSA-2012:1114
    MD5: f5f0f2fc1a4c026acf33f6ee2051d201
SHA-256: 6e0cd7f4195c8d93771c6208909db79505bb4daefdaa5e5b2cc4ae8f7a676f92
kernel-debug-devel-2.6.32-71.31.1.el6.s390x.rpm
File outdated by:  RHSA-2012:1114
    MD5: de478da1e5770925d0c41be41399f294
SHA-256: e1bd3908e5719ce375c2b2aecc7e3ca06d3fb92ea73f913d9da7d0c53e232dae
kernel-debuginfo-2.6.32-71.31.1.el6.s390x.rpm
File outdated by:  RHSA-2012:1114
    MD5: d63bc15cdc050cab3c616288bb39ea82
SHA-256: 470b0931bbeb3eea050f6450467062be947e00182729a1d2e81a8f670336e5be
kernel-debuginfo-common-s390x-2.6.32-71.31.1.el6.s390x.rpm
File outdated by:  RHSA-2012:1114
    MD5: 4ce1212e0a4febf24f8dd4c7e6a95eed
SHA-256: e25e382dc4dd4f4ee5ea66b02821ff807d77e0f9537c5c6b08ef78b27b5d832b
kernel-devel-2.6.32-71.31.1.el6.s390x.rpm
File outdated by:  RHSA-2012:1114
    MD5: e269ab26aaf2c78058a9403e2dd8baab
SHA-256: 02a9e60a367ddb8fd2eb3ce87f487e2324187e764d517c241a77a190ba9ea973
kernel-doc-2.6.32-71.31.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: 593abaf80b6d2f7c297c0c6dd1d985e8
SHA-256: 275d27b81742aac94ef99dc1c4caaeeff2a7f561fb621b7f0efdb2f26ac80bc7
kernel-firmware-2.6.32-71.31.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: fc916911a0736c577b1b99b0b8b62874
SHA-256: 61c49c98e1fd96293f5718c558fc9224430f1b32fda7e65f26f6253a10d30588
kernel-headers-2.6.32-71.31.1.el6.s390x.rpm
File outdated by:  RHSA-2012:1114
    MD5: 1389a53ed79b4b9417480158f890be5f
SHA-256: 99206711d300eef627411014d31b343d490a610876d9c0c92d7f5cdc4a2f3710
kernel-kdump-2.6.32-71.31.1.el6.s390x.rpm
File outdated by:  RHSA-2012:1114
    MD5: 5d011150e5bf1dfe427ccc63904a743e
SHA-256: d882fedbd491f88108772b0e2869d41905685359c328e350e202f07defaa4dac
kernel-kdump-debuginfo-2.6.32-71.31.1.el6.s390x.rpm
File outdated by:  RHSA-2012:1114
    MD5: 508355d426ed6354a1e1761251fdab99
SHA-256: e2c6d6d4a02d46f027a0f56eb278a403243aef882766bbb56fd10b46261e0e0b
kernel-kdump-devel-2.6.32-71.31.1.el6.s390x.rpm
File outdated by:  RHSA-2012:1114
    MD5: f306af1bc253b574703ec9b38db0bef4
SHA-256: 72933036eb7838002d97c30c3edb8845e9bb2fcfe94a51ff7c9801b2e00e44e8
perf-2.6.32-71.31.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: 10c3ce8639efba352d08424f6ed53bea
SHA-256: fcfa5e0251a4a5de51cff66bfcd7c700f421a4a5aa38e5a47e1497f515c70f08
 
x86_64:
kernel-2.6.32-71.31.1.el6.x86_64.rpm
File outdated by:  RHSA-2012:1114
    MD5: f23403654ae60828a615ac0bab6d706f
SHA-256: f6c0cbd205f3aef654113f522b2465a7dce9d9db2dfa71229f613034080b6e3e
kernel-debug-2.6.32-71.31.1.el6.x86_64.rpm
File outdated by:  RHSA-2012:1114
    MD5: 19a09b79738c1e766505cfc521b3587d
SHA-256: 6e09334800dc4c8cc7c58d3d59107a341280fec0209c41913e977f9ba94325d3
kernel-debug-debuginfo-2.6.32-71.31.1.el6.x86_64.rpm
File outdated by:  RHSA-2012:1114
    MD5: a279cd63a28017135280ae50abab790c
SHA-256: ff61c09ad7e8f12db1d74ee54024a69dac04de54830726df4c1db68c5180d4c8
kernel-debug-devel-2.6.32-71.31.1.el6.x86_64.rpm
File outdated by:  RHSA-2012:1114
    MD5: 7884324ac8907caf0f9a5f4907a6fd71
SHA-256: b676b1c0493486b3933167a8e1f8bc484cab93b1d31dd3d7acb62a20bd8daa4e
kernel-debuginfo-2.6.32-71.31.1.el6.x86_64.rpm
File outdated by:  RHSA-2012:1114
    MD5: e21c2d8ca9cf6e60fc120578949894f9
SHA-256: b43eec890c50f1ef59effc07ba163fe07bc8776b69e147be2fd04e66f869e3ff
kernel-debuginfo-common-x86_64-2.6.32-71.31.1.el6.x86_64.rpm
File outdated by:  RHSA-2012:1114
    MD5: f3ffc6f7b2c39fba82fdf3847fbfa561
SHA-256: 9ab76b0fac01a4101faa37438e6b7dbfff9fcbc67be0d4dc63343f09c628e228
kernel-devel-2.6.32-71.31.1.el6.x86_64.rpm
File outdated by:  RHSA-2012:1114
    MD5: 041bcd63b7249fbc6ad4e94d4a86e4be
SHA-256: 5edc264bef518e6f42a84b77c621ae6c7ce8e051b53f7b5894216da053660667
kernel-doc-2.6.32-71.31.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: 593abaf80b6d2f7c297c0c6dd1d985e8
SHA-256: 275d27b81742aac94ef99dc1c4caaeeff2a7f561fb621b7f0efdb2f26ac80bc7
kernel-firmware-2.6.32-71.31.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: fc916911a0736c577b1b99b0b8b62874
SHA-256: 61c49c98e1fd96293f5718c558fc9224430f1b32fda7e65f26f6253a10d30588
kernel-headers-2.6.32-71.31.1.el6.x86_64.rpm
File outdated by:  RHSA-2012:1114
    MD5: a71dbe635019d3ed57130169bf312d33
SHA-256: 7ac1bff89bf3adebefb01067d28800a0caac6370c0329adceab2dd9332d8408f
perf-2.6.32-71.31.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: 10c3ce8639efba352d08424f6ed53bea
SHA-256: fcfa5e0251a4a5de51cff66bfcd7c700f421a4a5aa38e5a47e1497f515c70f08
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

649920 - CVE-2010-3881 kvm: arch/x86/kvm/x86.c: reading uninitialized stack memory
657303 - CVE-2010-4251 CVE-2010-4805 kernel: unlimited socket backlog DoS
678209 - CVE-2011-0999 kernel: thp: prevent hugepages during args/env copying into the user stack
679282 - CVE-2011-1010 kernel: fs/partitions: Validate map_count in Mac partition tables
681575 - CVE-2011-1082 kernel: potential kernel deadlock when creating circular epoll file structures
682641 - CVE-2011-1090 kernel: nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab
688021 - CVE-2011-1163 kernel: fs/partitions: Corrupted OSF partition table infoleak
689321 - CVE-2011-1170 kernel: ipv4: netfilter: arp_tables: fix infoleak to userspace
689327 - CVE-2011-1171 kernel: ipv4: netfilter: ip_tables: fix infoleak to userspace
689345 - CVE-2011-1172 kernel: ipv6: netfilter: ip6_tables: fix infoleak to userspace
690028 - CVE-2011-1182 kernel signal spoofing issue
694021 - CVE-2011-1494 CVE-2011-1495 kernel: drivers/scsi/mpt2sas: prevent heap overflows


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/