Skip to navigation

Security Advisory Moderate: kernel security and bug fix update

Advisory: RHSA-2012:0116-1
Type: Security Advisory
Severity: Moderate
Issued on: 2012-02-14
Last updated on: 2012-02-14
Affected Products: Red Hat Enterprise Linux Server EUS (v. 6.1.z)
CVEs (cve.mitre.org): CVE-2011-1020
CVE-2011-3347
CVE-2011-3638
CVE-2011-4110

Details

Updated kernel packages that fix various security issues and several bugs
are now available for Red Hat Enterprise Linux 6.1 Extended Update Support.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* The proc file system could allow a local, unprivileged user to obtain
sensitive information or possibly cause integrity issues. (CVE-2011-1020,
Moderate)

* Non-member VLAN (virtual LAN) packet handling for interfaces in
promiscuous mode and also using the be2net driver could allow an attacker
on the local network to cause a denial of service. (CVE-2011-3347,
Moderate)

* A missing validation flaw was found in the Linux kernel's m_stop()
implementation. A local, unprivileged user could use this flaw to trigger
a denial of service. (CVE-2011-3637, Moderate)

* A flaw was found in the Linux kernel in the way splitting two extents in
ext4_ext_convert_to_initialized() worked. A local, unprivileged user with
the ability to mount and unmount ext4 file systems could use this flaw to
cause a denial of service. (CVE-2011-3638, Moderate)

* A NULL pointer dereference flaw was found in the way the Linux kernel's
key management facility handled user-defined key types. A local,
unprivileged user could use the keyctl utility to cause a denial of
service. (CVE-2011-4110, Moderate)

Red Hat would like to thank Kees Cook for reporting CVE-2011-1020; Somnath
Kotur for reporting CVE-2011-3347; and Zheng Liu for reporting
CVE-2011-3638.

This update also fixes several bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues, and fix the bugs noted in the Technical
Notes. The system must be rebooted for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

Updated packages

Red Hat Enterprise Linux Server EUS (v. 6.1.z)

SRPMS:
kernel-2.6.32-131.25.1.el6.src.rpm
File outdated by:  RHSA-2013:0841
    MD5: 432f66951c27943ba19997852481807e
SHA-256: ee859b51992319905846547bd6e9667896432823440f07f0b7cc8e7d6b3e14c8
 
IA-32:
kernel-2.6.32-131.25.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: ae768edae78d00c3c8bfb33c406319e6
SHA-256: 9442f83841827e240ef4747f7de0b341e33db682b59ae7c4980adbec7f34f829
kernel-debug-2.6.32-131.25.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: 233e435a867509a86281cb5fccaa2537
SHA-256: c708de7cc5112ba50dc9ff1a637c066b4d1545a0d46dea7ca9436cd4b4567604
kernel-debug-debuginfo-2.6.32-131.25.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: fbdcc5248b54e1a783c82896ccaa9768
SHA-256: 8fc010299811aecdc2ff3fcd93855d47a2108bb08f997af321a8ac354f778db4
kernel-debug-devel-2.6.32-131.25.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: a36b880144289840cb0981ffae8a3653
SHA-256: 73f668e8c28981ae0945b6f1914a19ff1b7580eb87f47487ec0c595c33f3cd36
kernel-debuginfo-2.6.32-131.25.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: 09e9faf1879750cf307a59002abebb96
SHA-256: 83555744a562ba887e4fdee45f85efa23c67ce74e4b15756437f24d0445e7d63
kernel-debuginfo-common-i686-2.6.32-131.25.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: 9c02c32bb89fab341109635bb9449dcb
SHA-256: 3ba2852f9050c7b4036dde9aeabdeb08b56d8fb45f1ff549b4f1db58fc777dab
kernel-devel-2.6.32-131.25.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: 2b63379209ce7d4be0a478daa43c339d
SHA-256: 2076d4765e222a78b536a1379dcb00965145c25d119f10c4333f79f30e8dc6e2
kernel-doc-2.6.32-131.25.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: 1cfcd9be87a15f8f253345696a66f3a7
SHA-256: b002dce308308c2f7b0f9730a91ea8571f4784351773939247324aaf82f03e8f
kernel-firmware-2.6.32-131.25.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: f194f7f04cd213ff01721728381df5ac
SHA-256: 97cdc972d01d33d5b5dddaabf76b48439a410f1a14baafc9a0ba3fda1eb905f0
kernel-headers-2.6.32-131.25.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: ad8689f6854b4da8800d63d23e323010
SHA-256: cdce970cba37de90a69747772109385bbd1709ca87a313332b9fc7b582743c12
perf-2.6.32-131.25.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: e908a42e52e425db818405818b189bec
SHA-256: ff957f2a8032d398ee3dd7cbe9f440a0ba481768faa42849c8b46f59e6201371
perf-debuginfo-2.6.32-131.25.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: 56d6ed4e2839bb3b1140ed4160ece1bd
SHA-256: 3cd512699b3666bb49650cc9afdd1469c1f161d81de1d747e2913060372082bf
 
PPC:
kernel-2.6.32-131.25.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: d1ad369e2423db7c66a9edf95c4e2fd7
SHA-256: 41a0ad975872b7e6083ce2d38ba8ea579bc119038f5c50287df6c234236d1a5d
kernel-bootwrapper-2.6.32-131.25.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: b5f29760648be8171496df7d31c54569
SHA-256: 9a80af122e8f966f53033bd356d132f4d75dae69d5a08756e8faa604b1e9dd40
kernel-debug-2.6.32-131.25.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: fa890ff10bae85ee4f031965c4e1eb04
SHA-256: 725928a62fe590793188e6fb2dd5b51a771ddde82fdec582d0a96d8e21b635e6
kernel-debug-debuginfo-2.6.32-131.25.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 672e139c0a4e128555570ef2ddb1cf52
SHA-256: a34139f1225ba78d22cf630a603d68b209d770cacda00b99509aade7b329f7cc
kernel-debug-devel-2.6.32-131.25.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: de542d936dec1aa45fd9ee49a01d6a81
SHA-256: 32828eefa7379b04994ed23aac5f0eec260c28fbbe8648e7f5aa78259c62a4d2
kernel-debuginfo-2.6.32-131.25.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: d5c74a14503e658e8a7680f43cb50067
SHA-256: d318cd463ec522b858c9957a37323b00469c217d8244862c545ee5f5c9adebcf
kernel-debuginfo-common-ppc64-2.6.32-131.25.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: dc3ba8b0f4ce969c71eb2f6cb9b9688a
SHA-256: c777d90df1c0eac352eabf70a908fb5df8b3dd8e71ed67b9e1a358349ce3dec2
kernel-devel-2.6.32-131.25.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: a216d6fb4a18437b464e1ec131768efe
SHA-256: 830e7f67f21920b748175151b1467f3b84b5bdb888f45500e84845a96ff87fbf
kernel-doc-2.6.32-131.25.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: 1cfcd9be87a15f8f253345696a66f3a7
SHA-256: b002dce308308c2f7b0f9730a91ea8571f4784351773939247324aaf82f03e8f
kernel-firmware-2.6.32-131.25.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: f194f7f04cd213ff01721728381df5ac
SHA-256: 97cdc972d01d33d5b5dddaabf76b48439a410f1a14baafc9a0ba3fda1eb905f0
kernel-headers-2.6.32-131.25.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: cf3205296da13d36344b01789ec3971a
SHA-256: 0f6ba2ee731d76b2a5194d167fc671cf84cd540c54a18ac0b00fcad73daac97e
perf-2.6.32-131.25.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 8ff24e7405d550d18e848fe24894f7b4
SHA-256: 72a1e28217a3b8ed4d2ae1be0bf357292021fa4f7b67069d24acaae82dd62817
perf-debuginfo-2.6.32-131.25.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: f1c35f279caf66b68e2c25aa31b75713
SHA-256: a9a49e88038bb5a431136239351aa4f12bff0453e88dd8a5cfea47189b633b0f
 
s390x:
kernel-2.6.32-131.25.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 832028572b88dbc4f7bdb85be7e1a910
SHA-256: 17ea73b22a840a36257a835e214fc53eb0a42bd194371d366e6e919af0e34118
kernel-debug-2.6.32-131.25.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 19e695fb68f0527c24beec7502fa48b3
SHA-256: 28d2c688cd10838a02a270f523fdc0992483a47f4e9c5c5b08cdcd51fe378b0b
kernel-debug-debuginfo-2.6.32-131.25.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 802a9f88a9231d3d9045c6e451468373
SHA-256: 73f583b5b3e811c6ccc820f96cdf42a2e0a0e1d7910e3da6e2e774dec5b79187
kernel-debug-devel-2.6.32-131.25.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 7fce8fc0ba6e256352f2aaca6d5b7ed5
SHA-256: 1b7a1801d97351504f288ea66167c123deb21603fa755cc95cd1555fbd2b7344
kernel-debuginfo-2.6.32-131.25.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: f62bce9c2517ffb6182226ca5bead2e5
SHA-256: fb2ff11c116e35acd59d6b30703290558816adae06d889d5b12918b43f2ef0ad
kernel-debuginfo-common-s390x-2.6.32-131.25.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 66a96bfd5f35cd0f4db4df3d275a2a97
SHA-256: 4a5ecce656ddc6f04f9cec2651ac4da9e06368e1d13e6b64e8b1cfd56079160f
kernel-devel-2.6.32-131.25.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 4bf36258ee77b46bfd16b5d9d4c4c3c5
SHA-256: d58dbc31f5ef2c693f871bb35017e14e566ffce4c88e3e9d4f58e9546a2c3c51
kernel-doc-2.6.32-131.25.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: 1cfcd9be87a15f8f253345696a66f3a7
SHA-256: b002dce308308c2f7b0f9730a91ea8571f4784351773939247324aaf82f03e8f
kernel-firmware-2.6.32-131.25.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: f194f7f04cd213ff01721728381df5ac
SHA-256: 97cdc972d01d33d5b5dddaabf76b48439a410f1a14baafc9a0ba3fda1eb905f0
kernel-headers-2.6.32-131.25.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: c671051620d6fde7713843cbd1e25f53
SHA-256: 8c37a0110c63c1979cbbb3dfa75473af680cf20fab2f96873112d6a81b52e4d8
kernel-kdump-2.6.32-131.25.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 78f4a562e4237cff1bdbed53a14ed815
SHA-256: d6caa4617809fbc3d6a730028bd5b2dd56ce0f3c16390363fd3cb96e6c5beffa
kernel-kdump-debuginfo-2.6.32-131.25.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 34ab56b72f78dae01b6662dfb5ae2245
SHA-256: 68c039c56e0c7c27719a473ad72398f2ce5a7d6ad3296308889e9fdc8fd76f6a
kernel-kdump-devel-2.6.32-131.25.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: b739ec4f2e57efbaf59e9721a65af1f2
SHA-256: 279d9fdd9c01d54134f0dd7f38218d3024a2ae01276c7d169a2ac0de3a685815
perf-2.6.32-131.25.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: b82b5a6f7211fa3f3cf98bad351d3f92
SHA-256: 24923cfa7eb332a686108c37c444c3447fcc0efb3a73b31d269b0fe7b26d9ab6
perf-debuginfo-2.6.32-131.25.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 7071008cbe478a186ca41f8efcd626eb
SHA-256: 805934cbdd3a387536a37f4287d2e0ef92e2c4bfd7a3e98c752d880c5764aca3
 
x86_64:
kernel-2.6.32-131.25.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: ada5103fb4ea91adc99ea57169bb96a3
SHA-256: 8f1873ed34a9e8685bc8c2f4d1013e08a6577bb596ca058e8e6bf85ccd5066f9
kernel-debug-2.6.32-131.25.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 5ddcdef0cca3ceccb8fb4db7fe0cef92
SHA-256: 46ee59ef8831f83c24ed0ef70ccdb74b39576893f55e3a389c9e89968b90bc53
kernel-debug-debuginfo-2.6.32-131.25.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 141dc6598c9e5b58811900a22335deb1
SHA-256: 243b4e23bb2558ddfff2f5c0440a8a8064d821ae4a31dc07d79b5d33deb86da4
kernel-debug-devel-2.6.32-131.25.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 75fe33a0c77eb7d918dbb9c22b45c7f4
SHA-256: 7605a69e6a9e9cf76327b76a333503c643141f56641f70afdf239a150f47340f
kernel-debuginfo-2.6.32-131.25.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 58a56bc228fc1226cee32db7d3328fb6
SHA-256: 4ded642f6c70f6cf54c9b977f6e528a347e0c068f8b49c2edf99efa46dd90a8b
kernel-debuginfo-common-x86_64-2.6.32-131.25.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 328ddeeefa72db4394cf3204eefa8cc4
SHA-256: d67b087b668742040027e79896f81bb31e6c55050eef0d485e50d4f9038c8d9a
kernel-devel-2.6.32-131.25.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 6873579500352b80075563df028be09a
SHA-256: c99312e8180432e170c1a8258aa0d8da0587cd141e510be087c076bd433205f9
kernel-doc-2.6.32-131.25.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: 1cfcd9be87a15f8f253345696a66f3a7
SHA-256: b002dce308308c2f7b0f9730a91ea8571f4784351773939247324aaf82f03e8f
kernel-firmware-2.6.32-131.25.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: f194f7f04cd213ff01721728381df5ac
SHA-256: 97cdc972d01d33d5b5dddaabf76b48439a410f1a14baafc9a0ba3fda1eb905f0
kernel-headers-2.6.32-131.25.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 6c72e12baa16a35affde132e9652db1d
SHA-256: 66035cb0754fb58d4cc1ff35dc1c647a2037737027fd861ab986ce2a2bfe0441
perf-2.6.32-131.25.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 7449413e17191cf5bee3a1168b59fbe5
SHA-256: 9c3a1191ea8e973aaf817741a25afad1343dffa9829f64de5a1d2446ce85d6a3
perf-debuginfo-2.6.32-131.25.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: d71329562d786f8032554f7cac24858d
SHA-256: da404ac74ce3cc16b843a6cf8f801abb0c32cfa2c485039163eecc05dae06c9e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

680358 - CVE-2011-1020 kernel: no access restrictions of /proc/pid/* after setuid program exec
736425 - CVE-2011-3347 kernel: be2net: promiscuous mode and non-member VLAN packets DoS
747848 - CVE-2011-3637 kernel: proc: fix oops on invalid /proc/<pid>/maps access
747942 - CVE-2011-3638 kernel: ext4: ext4_ext_insert_extent() kernel oops
751297 - CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/