Skip to navigation

Security Advisory Moderate: kernel security, bug fix, and enhancement update

Advisory: RHSA-2011:1106-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-08-02
Last updated on: 2011-08-02
Affected Products: Red Hat Enterprise Linux Server EUS (v. 6.0.z)
CVEs (cve.mitre.org): CVE-2011-1576

Details

Updated kernel packages that fix one security issue, several bugs, and add
various enhancements are now available for Red Hat Enterprise Linux 6.0
Extended Update Support.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)
packets. An attacker on the local network could trigger this flaw by
sending specially-crafted packets to a target system, possibly causing a
denial of service. (CVE-2011-1576, Moderate)

Red Hat would like to thank Ryan Sweat for reporting this issue.

This update also fixes the following bugs:

* The LSI SAS2 controller firmware issued an 0x620f fault while performing
I/O operations and with a Task Manager running, causing possible data
corruption. This update corrects this issue. (BZ#710625)

* The crashkernel memory region can overlap the RunTime Abstraction
Services (RTAS) memory region. If the crashkernel memory region was freed,
the RTAS memory region was freed as well and the system would crash. With
this update, the crash_free_reserved_phys_range() function is overridden
and overlaps with the RTAS memory region are checked so that system crashes
no longer occur. (BZ#710626)

* If the microcode module was loaded, saving and restoring a Xen guest
returned a warning message and a backtrace error. With this update,
backtrace errors are no longer returned, and saving and restoring a Xen
guest works as expected. (BZ#710632)

* When the Distributed Lock Manager (DLM) queued three callbacks for a lock
in the following sequence: blocking - completion - blocking, it would
consider the final blocking callback redundant and skip it. Because the
callback was skipped, GFS would not release the lock, causing processes on
other nodes to wait indefinitely for it. With this update, the DLM does not
skip the necessary blocking callback. (BZ#710642)

* The XFRM_SUB_POLICY feature causes all bundles to be at the finest
granularity possible. As a result of the data structure used to implement
this, the system performance would drop considerably. This update disables
a part of XFRM_SUB_POLICY, eliminating the poor performance at the cost of
sub-IP address selection granularity in the policy. (BZ#710645)

* A kernel panic in the mpt2sas driver could occur on an IBM system using a
drive with SMART (Self-Monitoring, Analysis and Reporting Technology)
issues. This was because the driver was sending an SEP request while the
kernel was in the interrupt context, causing the driver to enter the sleep
state. With this update, a fake event is now executed from the interrupt
context, assuring the SEP request is properly issued. (BZ#714189)

Finally, this update provides the following enhancements:

* This update introduces a kernel module option that allows the Flow
Director to be disabled. (BZ#711549)

* This update introduces parallel port printer support for Red Hat
Enterprise Linux 6. (BZ#713825)

* This update restricts access to the /proc/kcore file to ELF headers only.
(BZ#710638)

Users should upgrade to these updated packages, which contain backported
patches to resolve these issues and add these enhancements. The system must
be rebooted for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

Updated packages

Red Hat Enterprise Linux Server EUS (v. 6.0.z)

SRPMS:
kernel-2.6.32-71.34.1.el6.src.rpm
File outdated by:  RHSA-2012:1114
    MD5: f9760b1fd63db697a346db5817f4c6de
SHA-256: 558d9611d3aa187a0b7d0b86ad93c53eb09e858ea1f9dce1a5e1441f13007c86
 
IA-32:
kernel-2.6.32-71.34.1.el6.i686.rpm
File outdated by:  RHSA-2012:1114
    MD5: 4dc3c26833f990bfdc0a944cab6c70fa
SHA-256: 7ad131cd74f476460bc10a6952c9669a20222b9526126c6fbbfe5b177764adca
kernel-debug-2.6.32-71.34.1.el6.i686.rpm
File outdated by:  RHSA-2012:1114
    MD5: 4fd537a6cc81ea5aec89acc9d95a87f1
SHA-256: 32a378b5e8843834077f6e6be7a89363e42d33967c9b2e6867b145f5c80a629a
kernel-debug-debuginfo-2.6.32-71.34.1.el6.i686.rpm
File outdated by:  RHSA-2012:1114
    MD5: be18207d69bc99029e1ef8749c6e2cab
SHA-256: 350ea7580c97ee900ab9bad9d3e39a645fd1f4e722b1e9af7aa582f147f76c3c
kernel-debug-devel-2.6.32-71.34.1.el6.i686.rpm
File outdated by:  RHSA-2012:1114
    MD5: 27bbaf067fd3dc63ec06072d8435f993
SHA-256: a26a0685934cc5d8138148dcc8bc45c67d8e0e500f9be8338c33c4b6ff270b98
kernel-debuginfo-2.6.32-71.34.1.el6.i686.rpm
File outdated by:  RHSA-2012:1114
    MD5: b66a8319798d839cfb597ffe2e2dc3f3
SHA-256: 02a0f80c9ca3757b424b50be947f23e67254705464cd0363b207099cf1f49743
kernel-debuginfo-common-i686-2.6.32-71.34.1.el6.i686.rpm
File outdated by:  RHSA-2012:1114
    MD5: 62987aa570ffc8c3ca59a3240e904172
SHA-256: 59632edee6ecdb9f3a1b3cd71eb10c8fec00d477d0ff45f6b71bdadef53b2722
kernel-devel-2.6.32-71.34.1.el6.i686.rpm
File outdated by:  RHSA-2012:1114
    MD5: aab3f94cc6a7ba66dc70b27a36aee23f
SHA-256: 6370c401e5cd72dceb726ce45f24fbf33102bb090e96e90f1aecd2a886979bfb
kernel-doc-2.6.32-71.34.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: 0045c5ea7f064801fc1d0b47aa5fbd99
SHA-256: b0348ebe8caaead07b34358b85b32c6ef969f80da85b887d7a7d2741fd8af421
kernel-firmware-2.6.32-71.34.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: d92aa0081c38e7cb11b9a976af5ffdb0
SHA-256: 871e31f2fac8a6f4637fb0a9f4881227a7dfedea0d415aa73ea968127ce8875c
kernel-headers-2.6.32-71.34.1.el6.i686.rpm
File outdated by:  RHSA-2012:1114
    MD5: ae48eeac4537a63ff7c1983aab56d5e1
SHA-256: 1b572cf42cdba6551af23aa3a80e4a7f118a411a272bc0a78a2e0f1bcd500362
perf-2.6.32-71.34.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: f76b42b9998fe1fcd06e988e9548ba73
SHA-256: 74173ca01b69206a7fe6428f32e18e097eb59a5d90efc1f2f81d4131dea81815
 
PPC:
kernel-2.6.32-71.34.1.el6.ppc64.rpm
File outdated by:  RHSA-2012:1114
    MD5: 1290fdb7d65101a7ba5867cc054e08d0
SHA-256: 8155980d79e149aa112d3da76dc99dbbe4a9d707dda1187c43fb6b36aed6ce04
kernel-bootwrapper-2.6.32-71.34.1.el6.ppc64.rpm
File outdated by:  RHSA-2012:1114
    MD5: b53a7ec332be4cd8f0db611f08b4d860
SHA-256: a85f0b51ef2196d75a682cb08ff615bcff06602e0d45a67a554f94b00b76e28c
kernel-debug-2.6.32-71.34.1.el6.ppc64.rpm
File outdated by:  RHSA-2012:1114
    MD5: ae8961a30e64a41b4dcbe204eca675ec
SHA-256: 68eba5a13b44cb1766bef66c81f09bbf5b3a3a601106309219a47989d91a0885
kernel-debug-debuginfo-2.6.32-71.34.1.el6.ppc64.rpm
File outdated by:  RHSA-2012:1114
    MD5: 9ed807f6524847a64e4b32991e1cd61e
SHA-256: 50cd537aa36ad45a227f0a6c25c5f702af54bc61b1a23b85849ef8d03d8eb4e8
kernel-debug-devel-2.6.32-71.34.1.el6.ppc64.rpm
File outdated by:  RHSA-2012:1114
    MD5: d44c2ff57d9128531aa69797a51a5853
SHA-256: 98c94abb2b24aea9160137041a79c4696f5364fc49988dac2e02422bd7e24787
kernel-debuginfo-2.6.32-71.34.1.el6.ppc64.rpm
File outdated by:  RHSA-2012:1114
    MD5: f106fc4b1e5f3874411a656a3321ee45
SHA-256: 415c609ab21e03be4c08afe0a73bbd37403f8b16ba859bddbde96a05be16558e
kernel-debuginfo-common-ppc64-2.6.32-71.34.1.el6.ppc64.rpm
File outdated by:  RHSA-2012:1114
    MD5: 33a2bf560264a17500f0d78a3f342bfd
SHA-256: 6ea24fced13027e521946cd30e8fc41a7f0f46adb4dd6f45d744f70f9cb90637
kernel-devel-2.6.32-71.34.1.el6.ppc64.rpm
File outdated by:  RHSA-2012:1114
    MD5: 76507b2ce34da901f90e72faa01a7f15
SHA-256: 85d09b96c6a02c1f8c03b0e39cba0d0b4d9c26d1a029e72cbd213f80d91a65d5
kernel-doc-2.6.32-71.34.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: 0045c5ea7f064801fc1d0b47aa5fbd99
SHA-256: b0348ebe8caaead07b34358b85b32c6ef969f80da85b887d7a7d2741fd8af421
kernel-firmware-2.6.32-71.34.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: d92aa0081c38e7cb11b9a976af5ffdb0
SHA-256: 871e31f2fac8a6f4637fb0a9f4881227a7dfedea0d415aa73ea968127ce8875c
kernel-headers-2.6.32-71.34.1.el6.ppc64.rpm
File outdated by:  RHSA-2012:1114
    MD5: 83a95df9aa7746f885b2fbcabe821e7a
SHA-256: 90151408019e3426fe0f22810b09822ee0515ab99b99dcef0b3a21ea3e826b94
perf-2.6.32-71.34.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: f76b42b9998fe1fcd06e988e9548ba73
SHA-256: 74173ca01b69206a7fe6428f32e18e097eb59a5d90efc1f2f81d4131dea81815
 
s390x:
kernel-2.6.32-71.34.1.el6.s390x.rpm
File outdated by:  RHSA-2012:1114
    MD5: c1e3c1af37df0acefc4e8fef116a830c
SHA-256: 19fe67bb747f4aff126c788ad0f049ba82b7a4927e13e4cb4704a7955c448bda
kernel-debug-2.6.32-71.34.1.el6.s390x.rpm
File outdated by:  RHSA-2012:1114
    MD5: 846f29aa0e92824141a8ca60f7116024
SHA-256: 367ab0a81a3d30b3c13cfdbe0f0d8b2b179d8545e072e396a893e8cb1571488b
kernel-debug-debuginfo-2.6.32-71.34.1.el6.s390x.rpm
File outdated by:  RHSA-2012:1114
    MD5: 36ef04873111222849fc16707ae05254
SHA-256: efafa895c860b2dfd27d4b83cc4614f75b2045afbd54595649b596c8e1c23f92
kernel-debug-devel-2.6.32-71.34.1.el6.s390x.rpm
File outdated by:  RHSA-2012:1114
    MD5: 8304cf539bc925253af85ab1c20bd51a
SHA-256: a16d5d86d25a6c194f578aad561639524d3da4f8c63be2c084756673b2ccfa03
kernel-debuginfo-2.6.32-71.34.1.el6.s390x.rpm
File outdated by:  RHSA-2012:1114
    MD5: 44370bf88d45e01101acb621b9922d82
SHA-256: 40ff9fa317fe633420a598aefafc32e6d3d1533fc97c01d7c18d7850276a7d98
kernel-debuginfo-common-s390x-2.6.32-71.34.1.el6.s390x.rpm
File outdated by:  RHSA-2012:1114
    MD5: 92b05cc8c610ddb0b70a3f322b16478c
SHA-256: 3c8f50b021a80cf21e367bfef5c058275ebba64134db45373173efc9e5764718
kernel-devel-2.6.32-71.34.1.el6.s390x.rpm
File outdated by:  RHSA-2012:1114
    MD5: 3f4d8840d9ee104694e1388a175227ea
SHA-256: 74ee64f355e88f1c35bb624bbc6f5526b86d62534e4e45f2eb184c5bc28ef8de
kernel-doc-2.6.32-71.34.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: 0045c5ea7f064801fc1d0b47aa5fbd99
SHA-256: b0348ebe8caaead07b34358b85b32c6ef969f80da85b887d7a7d2741fd8af421
kernel-firmware-2.6.32-71.34.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: d92aa0081c38e7cb11b9a976af5ffdb0
SHA-256: 871e31f2fac8a6f4637fb0a9f4881227a7dfedea0d415aa73ea968127ce8875c
kernel-headers-2.6.32-71.34.1.el6.s390x.rpm
File outdated by:  RHSA-2012:1114
    MD5: bd78de3dcd2d35f11c59bb3b4feba66d
SHA-256: 14683407ed9c0dead4a3dbb6ad39297bd01050274f00eb320fdb59724eb84dcc
kernel-kdump-2.6.32-71.34.1.el6.s390x.rpm
File outdated by:  RHSA-2012:1114
    MD5: f621ad52ab37ad57eba64cc4853f4de9
SHA-256: c0a4f105ac65ed0bb66a17a7b3d9135aa78abd7438f65ba97129b50903467868
kernel-kdump-debuginfo-2.6.32-71.34.1.el6.s390x.rpm
File outdated by:  RHSA-2012:1114
    MD5: 21e28d1ef30560c7422184b109cb23bc
SHA-256: f33e97f924451611b1fb664698f482cc71e357aee79e1c833cb9919e085fca05
kernel-kdump-devel-2.6.32-71.34.1.el6.s390x.rpm
File outdated by:  RHSA-2012:1114
    MD5: 95e2fe91bffc0cc88508cf93893fada2
SHA-256: 1dea0f521229861bf4f0006da59bf96d2609efdec42eabce766b0eb019b15c63
perf-2.6.32-71.34.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: f76b42b9998fe1fcd06e988e9548ba73
SHA-256: 74173ca01b69206a7fe6428f32e18e097eb59a5d90efc1f2f81d4131dea81815
 
x86_64:
kernel-2.6.32-71.34.1.el6.x86_64.rpm
File outdated by:  RHSA-2012:1114
    MD5: d26e271b3a9ca0c563411763be6c3a4e
SHA-256: b25716f0c490b0633b976e809ec99fcc3db9f72c04a43af8d624a6cd58b0d30e
kernel-debug-2.6.32-71.34.1.el6.x86_64.rpm
File outdated by:  RHSA-2012:1114
    MD5: d412819de1495dadf0d7dc7218a00eb2
SHA-256: 62472b615f6e66d60e34bbd7cc1a73ae550b4e3c259307928760f016d2cd88fd
kernel-debug-debuginfo-2.6.32-71.34.1.el6.x86_64.rpm
File outdated by:  RHSA-2012:1114
    MD5: 07db513c03f165c45920322abfc5a6fc
SHA-256: f722c83e44eb79fac82b340fcdf85f2fc28ab4990aa6486ab192d55e3b9732ca
kernel-debug-devel-2.6.32-71.34.1.el6.x86_64.rpm
File outdated by:  RHSA-2012:1114
    MD5: 93de106d2a7002fb7a5e06958f3fdb43
SHA-256: 1915dd19e5619d061b901ec9a1742d74898444ab2e3ba147b62fde69ba70264a
kernel-debuginfo-2.6.32-71.34.1.el6.x86_64.rpm
File outdated by:  RHSA-2012:1114
    MD5: b941783e33b1e5be651a9442bdf80780
SHA-256: d386d274e2b8dbe2f1a606d6c4d1245e99d69208e6b5a28e62793665874b90d3
kernel-debuginfo-common-x86_64-2.6.32-71.34.1.el6.x86_64.rpm
File outdated by:  RHSA-2012:1114
    MD5: e5131e6c86d005d7a550e7039f22a287
SHA-256: eb4d89459322a2ac2b338bd6a600a1dd065b691d802d7feb3377e3fe6fb2b18d
kernel-devel-2.6.32-71.34.1.el6.x86_64.rpm
File outdated by:  RHSA-2012:1114
    MD5: ee0ff48613f8948bd9e62bde4fac0703
SHA-256: b89a24ac0393712fae1a851581e7a8a2732bf74fe3f5a12b8e85961646580274
kernel-doc-2.6.32-71.34.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: 0045c5ea7f064801fc1d0b47aa5fbd99
SHA-256: b0348ebe8caaead07b34358b85b32c6ef969f80da85b887d7a7d2741fd8af421
kernel-firmware-2.6.32-71.34.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: d92aa0081c38e7cb11b9a976af5ffdb0
SHA-256: 871e31f2fac8a6f4637fb0a9f4881227a7dfedea0d415aa73ea968127ce8875c
kernel-headers-2.6.32-71.34.1.el6.x86_64.rpm
File outdated by:  RHSA-2012:1114
    MD5: b9a3ef5b39b609848b0386628ad97f84
SHA-256: c3d149a319da8bdbe1818e5f948a2fc0f82122899cbb3817d50c47604c952fb8
perf-2.6.32-71.34.1.el6.noarch.rpm
File outdated by:  RHSA-2012:1114
    MD5: f76b42b9998fe1fcd06e988e9548ba73
SHA-256: 74173ca01b69206a7fe6428f32e18e097eb59a5d90efc1f2f81d4131dea81815
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

695173 - CVE-2011-1576 kernel: net: Fix memory leak/corruption on VLAN GRO_DROP
710632 - xen microcode WARN on save-restore
710638 - kernel: restrict access to /proc/kcore to just elf headers [rhel-6.0.z]
710642 - GFS2: inode glock stuck without holder
710645 - Big performance regression found on connect/request/response test through IPSEC (openswan) transport
713825 - Parallel port issue in RHEL 6.0 server
714189 - System Hang when there is smart error on IBM platform


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/