Skip to navigation

Security Advisory Important: kernel security, bug fix, and enhancement update

Advisory: RHSA-2012:0480-1
Type: Security Advisory
Severity: Important
Issued on: 2012-04-17
Last updated on: 2012-04-17
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2012-1583

Details

Updated kernel packages that fix one security issue, various bugs, and add
one enhancement are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* A flaw in the xfrm6_tunnel_rcv() function in the Linux kernel's IPv6
implementation could lead to a use-after-free or double free flaw in
tunnel6_rcv(). A remote attacker could use this flaw to send
specially-crafted packets to a target system that is using IPv6 and also
has the xfrm6_tunnel kernel module loaded, causing it to crash.
(CVE-2012-1583, Important)

If you do not run applications that use xfrm6_tunnel, you can prevent the
xfrm6_tunnel module from being loaded by creating (as the root user) a
"/etc/modprobe.d/xfrm6_tunnel.conf" file, and adding the following line to
it:

blacklist xfrm6_tunnel

This way, the xfrm6_tunnel module cannot be loaded accidentally. A reboot
is not necessary for this change to take effect.

This update also fixes various bugs and adds an enhancement. Documentation
for these changes will be available shortly from the Technical Notes
document linked to in the References section.

Users should upgrade to these updated packages, which contain backported
patches to correct this issue, and fix the bugs and add the enhancement
noted in the Technical Notes. The system must be rebooted for this update
to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
kernel-2.6.18-308.4.1.el5.src.rpm
File outdated by:  RHSA-2014:0285
    MD5: 168a02cfc39550ab5b4be82c593d4b2a
SHA-256: 79754b3a6ffeec4566f706fd9e50d249fb6cda588d6c632cec57555b29a573fa
 
IA-32:
kernel-2.6.18-308.4.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: db97b1bfdf7acb9a7e8cc9bde12899d1
SHA-256: 13706ed66a4456fdcecbf77f627928e72b4e70436829d1195680d54b4d25fe95
kernel-PAE-2.6.18-308.4.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: 552a577705cebe53e4a537db7b5f9ca7
SHA-256: 1be12810fe03deea6304f87915aa331e9cd4664160455a99d0af883f3ac3815c
kernel-PAE-devel-2.6.18-308.4.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: 52bc4ae144bf5b8bf7070dcf8d679aea
SHA-256: 6ee5a33f2e611c90f69c708e056db2a9dbbe703d26c09b507d9d66ef155e1762
kernel-debug-2.6.18-308.4.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: 6eb5bb7b593192aaf6985c639aa81d47
SHA-256: e9f5e93e961e9bb763ea4312f6e6fb9a5d894ef7961b2b4a6d602fa4dabe3a7f
kernel-debug-devel-2.6.18-308.4.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: b9883740060a7634b65860e4a205ca0c
SHA-256: 2511f2a394d2ebef7f9e6151e6ebcf746d61186191d0cb63dd11a9e818007c4b
kernel-devel-2.6.18-308.4.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: 0cf750f90d1ea7bf20c967a4c5f1541d
SHA-256: 3b50c931a0d0c10951eb369f2f2322df6f51b8b200801a772897ca936073d15a
kernel-doc-2.6.18-308.4.1.el5.noarch.rpm
File outdated by:  RHSA-2014:0285
    MD5: f681f6fd0f0eb77a38112e1089f40111
SHA-256: 28a8288dbcccd9b44aff6f868ee148041b90ab9597db6999f437de01b8db6c67
kernel-headers-2.6.18-308.4.1.el5.i386.rpm
File outdated by:  RHSA-2014:0285
    MD5: f6fdea5d7692fbbf1c32040abcb347ca
SHA-256: c23ce23760ff779f4d174157bcb62fef86012ccac42349303ed494badc7cc9c0
kernel-xen-2.6.18-308.4.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: e89bde586064010943e79430a0f6804a
SHA-256: 3de39af9cdeb269ddec756fe271ee669172153f226d6940bbf6b30c8c86be153
kernel-xen-devel-2.6.18-308.4.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: 8cbec43b0d512613cf9f69f987a00e3e
SHA-256: b6f65c8347aa0174ee3a11961e94ba12447765726c670f125bdb7ec4185b885b
 
IA-64:
kernel-2.6.18-308.4.1.el5.ia64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 2efc52999d1645cef2f0865b1a1b6261
SHA-256: bb2db320e5d8690d478ea2e9bb247f6e1b604ff15cb6c9b4336f0ffe97d94ae4
kernel-debug-2.6.18-308.4.1.el5.ia64.rpm
File outdated by:  RHSA-2014:0285
    MD5: c4eeb7c3053a05b08dee416907b4dd52
SHA-256: f913d45f666da00361ae4242672d5fcd9ae2e6f2c5254cb1a1ba39ded61ac2a1
kernel-debug-devel-2.6.18-308.4.1.el5.ia64.rpm
File outdated by:  RHSA-2014:0285
    MD5: a0e5f5667f9233e635d693f632fd0c80
SHA-256: aa747cfd3906453a548bfcd8e0db900672ddb4e123ee352befa42d35aa00017a
kernel-devel-2.6.18-308.4.1.el5.ia64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 9d3a20460b753bfbb88c8a44957fc14c
SHA-256: d071a889cd5604381d9cf306024513a7215a08de18687d9c03cc333376cca036
kernel-doc-2.6.18-308.4.1.el5.noarch.rpm
File outdated by:  RHSA-2014:0285
    MD5: f681f6fd0f0eb77a38112e1089f40111
SHA-256: 28a8288dbcccd9b44aff6f868ee148041b90ab9597db6999f437de01b8db6c67
kernel-headers-2.6.18-308.4.1.el5.ia64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 4909a5ca2b63badec86d3853e891fe4d
SHA-256: 40c1e71f3dac73eec71c7a491a568364fe5fae9d1eaacad75490f7f7d6d00cfa
kernel-xen-2.6.18-308.4.1.el5.ia64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 4308d4f81bcdcd057c00332fa55d49b1
SHA-256: d5dfd1933c2e91e12b416c0f595a4da66ea590d994d0e78a21317c70cc25812e
kernel-xen-devel-2.6.18-308.4.1.el5.ia64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 4d2d6e303a127c38eab7b858b4c1feb4
SHA-256: e03a85c3deb33e4305e9acdc3bc47435368651bdd26de1fb34398ff91fe12cc5
 
PPC:
kernel-2.6.18-308.4.1.el5.ppc64.rpm
File outdated by:  RHSA-2014:0285
    MD5: b1d9434245e6b40870be55e365afc6b8
SHA-256: c6920d1834d86dcd0f935a5826a75f4a57c6c4d5128c685cfd1dcba59f5913f4
kernel-debug-2.6.18-308.4.1.el5.ppc64.rpm
File outdated by:  RHSA-2014:0285
    MD5: f9944bfb1581bb0d9f590d14a861352c
SHA-256: 92272572841b82792c945934f32dd23973c15effd08bd308b31000befc41dfa2
kernel-debug-devel-2.6.18-308.4.1.el5.ppc64.rpm
File outdated by:  RHSA-2014:0285
    MD5: ed9ccb49a69b267bacbe2f352f5b0b84
SHA-256: 50b893992e93cf4be72d105d5709747bd238301fb216e08a8f7555648b515dc0
kernel-devel-2.6.18-308.4.1.el5.ppc64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 9d2c298f9e7e86bf8a5a8bb19fbeaf07
SHA-256: efaab8233e6638449ca6efe9e15dfa70f80fbf99a54f4f3070aba33259462a20
kernel-doc-2.6.18-308.4.1.el5.noarch.rpm
File outdated by:  RHSA-2014:0285
    MD5: f681f6fd0f0eb77a38112e1089f40111
SHA-256: 28a8288dbcccd9b44aff6f868ee148041b90ab9597db6999f437de01b8db6c67
kernel-headers-2.6.18-308.4.1.el5.ppc.rpm
File outdated by:  RHSA-2014:0285
    MD5: eb585dbd76aecc62eb6d3c1e95d0cc39
SHA-256: da2e8f01ecf609fb634211f8c41867c7e4f8eb47fe636649652e14c90725da19
kernel-headers-2.6.18-308.4.1.el5.ppc64.rpm
File outdated by:  RHSA-2014:0285
    MD5: e6f3e4206593d7f80142447e2b67edbc
SHA-256: 52429bb9d64e2e44cf6ccaf7fb37cd8d8a91e70c2338e7caae8319b2da26abef
kernel-kdump-2.6.18-308.4.1.el5.ppc64.rpm
File outdated by:  RHSA-2014:0285
    MD5: e1fe46600010b78d7616effea759fdb7
SHA-256: 12ad8b4f7d670371a2838ca54217b8acace8645cf5f38b479f4ba874a6244e21
kernel-kdump-devel-2.6.18-308.4.1.el5.ppc64.rpm
File outdated by:  RHSA-2014:0285
    MD5: a07fe8721ed019cc672da2ae4361bd4d
SHA-256: 945acbc2e54999b5b7cbc59f8bf9c1c78bc37203d02a563874edaf6ca8a9e72c
 
s390x:
kernel-2.6.18-308.4.1.el5.s390x.rpm
File outdated by:  RHSA-2014:0285
    MD5: c8031cfa3f2a75378fed33198d9a1f8b
SHA-256: 875571a66653f112093180289efff99a3a7f1331b156fca80d08af3840da1abc
kernel-debug-2.6.18-308.4.1.el5.s390x.rpm
File outdated by:  RHSA-2014:0285
    MD5: a132a4d4b3b379d150ccf46a341771e8
SHA-256: 4d7da2d99b1b018a0d75faa506def2f4a75c2fd8b9e76e1b072c2ac423d66ac6
kernel-debug-devel-2.6.18-308.4.1.el5.s390x.rpm
File outdated by:  RHSA-2014:0285
    MD5: 3eb7c5d64c4e6cf1856026b52d931b04
SHA-256: 9ec4bcf896fa1eeced8285ec6e40e459170c0064a91a77e17cc6e8a79a53aa0c
kernel-devel-2.6.18-308.4.1.el5.s390x.rpm
File outdated by:  RHSA-2014:0285
    MD5: 5a091be5969fa35bfba30ee0e3cd5f86
SHA-256: dc3c89da8b4cfe7f11a0ab2f7ea9ccee024bff9cc0883b6836f8a6a4a0a2c6c4
kernel-doc-2.6.18-308.4.1.el5.noarch.rpm
File outdated by:  RHSA-2014:0285
    MD5: f681f6fd0f0eb77a38112e1089f40111
SHA-256: 28a8288dbcccd9b44aff6f868ee148041b90ab9597db6999f437de01b8db6c67
kernel-headers-2.6.18-308.4.1.el5.s390x.rpm
File outdated by:  RHSA-2014:0285
    MD5: 57d3b4891cdf3ad80f8f3480433ef6d0
SHA-256: 819b4e9868510f72ffdcd7dc8787b1894f87368b40d0f4df7aca384fe6fa5c80
kernel-kdump-2.6.18-308.4.1.el5.s390x.rpm
File outdated by:  RHSA-2014:0285
    MD5: d59ed0b93ff8f4a377ed3992ebf334ef
SHA-256: 8be76258c19c129e8bab035100e9a202da9347dcc122d2afa11a718896710d47
kernel-kdump-devel-2.6.18-308.4.1.el5.s390x.rpm
File outdated by:  RHSA-2014:0285
    MD5: d0bf22745e80e4c2ef319897eee0133c
SHA-256: d8cd7a6d004d7bafde32f89c0148e36d686dac75e5d3ea7626c8f4571c34614d
 
x86_64:
kernel-2.6.18-308.4.1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 411e070adfd82c3afbbdf019bf4f0419
SHA-256: 892d8d85d91f2c742085f3ad2be95e84f5d13b7d5f7f20dade394f20d1ef7755
kernel-debug-2.6.18-308.4.1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 9a463437704aae078f4fb9938cb3bf4a
SHA-256: 1d4df2a0fe445292f023bff124072d1092bc9c800d1cb512cbbca6cfe24d8c11
kernel-debug-devel-2.6.18-308.4.1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 02b7e1fc1ae2d45c990af6276f94aaea
SHA-256: 8acadc7775088a1b38c53ed10cd5162b2e01c697b2b4d0785a6949065565a53d
kernel-devel-2.6.18-308.4.1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 1f1f5c9c6f8cdb4fb8519b8d3ecd1a85
SHA-256: b44802a284b49699cf2f567c631a465c829018326c047fe9533c0eeb5f8fbf61
kernel-doc-2.6.18-308.4.1.el5.noarch.rpm
File outdated by:  RHSA-2014:0285
    MD5: f681f6fd0f0eb77a38112e1089f40111
SHA-256: 28a8288dbcccd9b44aff6f868ee148041b90ab9597db6999f437de01b8db6c67
kernel-headers-2.6.18-308.4.1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: bafa10537440053bc2b95f139bb5a7f6
SHA-256: ac7499cf68fb0a00575b4c705f784510392efb0af75505f19feb189c5433c5ea
kernel-xen-2.6.18-308.4.1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: eb1a0cfa52f223837e9fdec7d3d2b48f
SHA-256: 4e82263523c20043ae1de9c435cef4cae713fb2a1ffa3429eedf195c4f0d0c1d
kernel-xen-devel-2.6.18-308.4.1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 7cbe48cb855f534e3a13f95265f7409d
SHA-256: 4fe7deefd02f1c30416c497bbf1f7e4184cfb0f7c2520ac8494438f891a352b1
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
kernel-2.6.18-308.4.1.el5.src.rpm
File outdated by:  RHSA-2014:0285
    MD5: 168a02cfc39550ab5b4be82c593d4b2a
SHA-256: 79754b3a6ffeec4566f706fd9e50d249fb6cda588d6c632cec57555b29a573fa
 
IA-32:
kernel-2.6.18-308.4.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: db97b1bfdf7acb9a7e8cc9bde12899d1
SHA-256: 13706ed66a4456fdcecbf77f627928e72b4e70436829d1195680d54b4d25fe95
kernel-PAE-2.6.18-308.4.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: 552a577705cebe53e4a537db7b5f9ca7
SHA-256: 1be12810fe03deea6304f87915aa331e9cd4664160455a99d0af883f3ac3815c
kernel-PAE-devel-2.6.18-308.4.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: 52bc4ae144bf5b8bf7070dcf8d679aea
SHA-256: 6ee5a33f2e611c90f69c708e056db2a9dbbe703d26c09b507d9d66ef155e1762
kernel-debug-2.6.18-308.4.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: 6eb5bb7b593192aaf6985c639aa81d47
SHA-256: e9f5e93e961e9bb763ea4312f6e6fb9a5d894ef7961b2b4a6d602fa4dabe3a7f
kernel-debug-devel-2.6.18-308.4.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: b9883740060a7634b65860e4a205ca0c
SHA-256: 2511f2a394d2ebef7f9e6151e6ebcf746d61186191d0cb63dd11a9e818007c4b
kernel-devel-2.6.18-308.4.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: 0cf750f90d1ea7bf20c967a4c5f1541d
SHA-256: 3b50c931a0d0c10951eb369f2f2322df6f51b8b200801a772897ca936073d15a
kernel-doc-2.6.18-308.4.1.el5.noarch.rpm
File outdated by:  RHSA-2014:0285
    MD5: f681f6fd0f0eb77a38112e1089f40111
SHA-256: 28a8288dbcccd9b44aff6f868ee148041b90ab9597db6999f437de01b8db6c67
kernel-headers-2.6.18-308.4.1.el5.i386.rpm
File outdated by:  RHSA-2014:0285
    MD5: f6fdea5d7692fbbf1c32040abcb347ca
SHA-256: c23ce23760ff779f4d174157bcb62fef86012ccac42349303ed494badc7cc9c0
kernel-xen-2.6.18-308.4.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: e89bde586064010943e79430a0f6804a
SHA-256: 3de39af9cdeb269ddec756fe271ee669172153f226d6940bbf6b30c8c86be153
kernel-xen-devel-2.6.18-308.4.1.el5.i686.rpm
File outdated by:  RHSA-2014:0285
    MD5: 8cbec43b0d512613cf9f69f987a00e3e
SHA-256: b6f65c8347aa0174ee3a11961e94ba12447765726c670f125bdb7ec4185b885b
 
x86_64:
kernel-2.6.18-308.4.1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 411e070adfd82c3afbbdf019bf4f0419
SHA-256: 892d8d85d91f2c742085f3ad2be95e84f5d13b7d5f7f20dade394f20d1ef7755
kernel-debug-2.6.18-308.4.1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 9a463437704aae078f4fb9938cb3bf4a
SHA-256: 1d4df2a0fe445292f023bff124072d1092bc9c800d1cb512cbbca6cfe24d8c11
kernel-debug-devel-2.6.18-308.4.1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 02b7e1fc1ae2d45c990af6276f94aaea
SHA-256: 8acadc7775088a1b38c53ed10cd5162b2e01c697b2b4d0785a6949065565a53d
kernel-devel-2.6.18-308.4.1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 1f1f5c9c6f8cdb4fb8519b8d3ecd1a85
SHA-256: b44802a284b49699cf2f567c631a465c829018326c047fe9533c0eeb5f8fbf61
kernel-doc-2.6.18-308.4.1.el5.noarch.rpm
File outdated by:  RHSA-2014:0285
    MD5: f681f6fd0f0eb77a38112e1089f40111
SHA-256: 28a8288dbcccd9b44aff6f868ee148041b90ab9597db6999f437de01b8db6c67
kernel-headers-2.6.18-308.4.1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: bafa10537440053bc2b95f139bb5a7f6
SHA-256: ac7499cf68fb0a00575b4c705f784510392efb0af75505f19feb189c5433c5ea
kernel-xen-2.6.18-308.4.1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: eb1a0cfa52f223837e9fdec7d3d2b48f
SHA-256: 4e82263523c20043ae1de9c435cef4cae713fb2a1ffa3429eedf195c4f0d0c1d
kernel-xen-devel-2.6.18-308.4.1.el5.x86_64.rpm
File outdated by:  RHSA-2014:0285
    MD5: 7cbe48cb855f534e3a13f95265f7409d
SHA-256: 4fe7deefd02f1c30416c497bbf1f7e4184cfb0f7c2520ac8494438f891a352b1
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

752304 - CVE-2012-1583 kernel: ipv6: panic using raw sockets
801726 - RHEL5.8 NFSv4 regression - "ls" returns "-ENOTDIR" when listing a subdirectory of exported mount [rhel-5.8.z]


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/