Skip to navigation

Security Advisory Important: kernel security and bug fix update

Advisory: RHSA-2012:1042-1
Type: Security Advisory
Severity: Important
Issued on: 2012-06-26
Last updated on: 2012-06-26
Affected Products: Red Hat Enterprise Linux Server EUS (v. 6.1.z)
CVEs (cve.mitre.org): CVE-2011-4347
CVE-2012-0038
CVE-2012-0044
CVE-2012-1097
CVE-2012-1179

Details

Updated kernel packages that fix various security issues and three bugs are
now available for Red Hat Enterprise Linux 6.1 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A local, unprivileged user could use an integer overflow flaw in
drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their
privileges. (CVE-2012-0044, Important)

* It was found that the kvm_vm_ioctl_assign_device() function in the KVM
(Kernel-based Virtual Machine) subsystem of a Linux kernel did not check if
the user requesting device assignment was privileged or not. A local,
unprivileged user on the host could assign unused PCI devices, or even
devices that were in use and whose resources were not properly claimed by
the respective drivers, which could result in the host crashing.
(CVE-2011-4347, Moderate)

* A flaw was found in the way the Linux kernel's XFS file system
implementation handled on-disk Access Control Lists (ACLs). A local,
unprivileged user could use this flaw to cause a denial of service or
escalate their privileges by mounting a specially-crafted disk.
(CVE-2012-0038, Moderate)

* It was found that the Linux kernel's register set (regset) common
infrastructure implementation did not check if the required get and set
handlers were initialized. A local, unprivileged user could use this flaw
to cause a denial of service by performing a register set operation with a
ptrace() PTRACE_SETREGSET or PTRACE_GETREGSET request. (CVE-2012-1097,
Moderate)

* A race condition was found in the Linux kernel's memory management
subsystem in the way pmd_none_or_clear_bad(), when called with mmap_sem in
read mode, and Transparent Huge Pages (THP) page faults interacted. A
privileged user in a KVM guest with the ballooning functionality enabled
could potentially use this flaw to crash the host. A local, unprivileged
user could use this flaw to crash the system. (CVE-2012-1179, Moderate)

Red Hat would like to thank Chen Haogang for reporting CVE-2012-0044; Sasha
Levin for reporting CVE-2011-4347; Wang Xi for reporting CVE-2012-0038; and
H. Peter Anvin for reporting CVE-2012-1097.

This update also fixes the following bugs:

* When a RoCE (RDMA over Converged Ethernet) adapter with active RoCE
communications was taken down suddenly (either by adapter failure or the
intentional shutdown of the interface), the ongoing RoCE communications
could cause the kernel to panic and render the machine unusable. A patch
has been provided to protect the kernel in this situation and to pass an
error up to the application still using the interface after it has been
taken down instead. (BZ#799944)

* The fix for Red Hat Bugzilla bug 713494, released via RHSA-2011:0928,
introduced a regression. Attempting to change the state of certain
features, such as GRO (Generic Receive Offload) or TSO (TCP segment
offloading), for a 10 Gigabit Ethernet card that is being used in a
virtual LAN (VLAN) resulted in a kernel panic. (BZ#816974)

* If a new file was created on a Network File System version 4 (NFSv4)
share, the ownership was set to nfsnobody (-2) until it was possible to
upcall to the idmapper. As a consequence, subsequent file system operations
could incorrectly use "-2" for the user and group IDs for the given file,
causing certain operations to fail. In reported cases, this issue also
caused "Viminfo file is not writable" errors for users running Vim with
files on an NFSv4 share. (BZ#820960)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

Updated packages

Red Hat Enterprise Linux Server EUS (v. 6.1.z)

SRPMS:
kernel-2.6.32-131.29.1.el6.src.rpm
File outdated by:  RHSA-2013:0841
    MD5: a179fba28eac4c250197b42761408ea6
SHA-256: 8746fe3f6b198dce344c8c1d55ed83c1e2629c0e9a19c0d25d56a2fb68a5a5bc
 
IA-32:
kernel-2.6.32-131.29.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: 425b247f41938dc12ae5f110a3ffde86
SHA-256: 11f86999bc1af46eb659ae1280e0ac57d29290ff7f5b3385612f5a8521f5bad2
kernel-debug-2.6.32-131.29.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: 371e9faa70395e0a7ee305e4962b32dd
SHA-256: f17739d9dd1f9393ae8389d1020b84a0aaeb60a7afc458146de3f88da1f1818b
kernel-debug-debuginfo-2.6.32-131.29.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: 2e59a4c82e34fe44ff6ed5b9d971f063
SHA-256: 681e2d3dff0cb0c3a8b395b9cb64e021d401c13a7e16f656b342fe4e22e6f9e7
kernel-debug-devel-2.6.32-131.29.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: 6371dc620f805361b7ee67ccfc6eb7e0
SHA-256: c236af0096371f39e965bdcfe97554c504546c5e5e996e5f60cf15ba6ff9f65e
kernel-debuginfo-2.6.32-131.29.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: e08e5a238fcff59e47ef5371976112b3
SHA-256: 21aa1814c31459206e8834e3166be334a4ea626ad6ce79f65b719a89e2727982
kernel-debuginfo-common-i686-2.6.32-131.29.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: fe974ec892296ccc8fe73ff24f35134d
SHA-256: e427b5e0e485255d834651407156584623a1bf215ff8dd2c77480d50d41922dc
kernel-devel-2.6.32-131.29.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: cbcb8ee06628b3444c98eff61d66acad
SHA-256: 91abd7ea56f7b5c91cb5f69c6e82ca60ceae8c118997452ba4ba07e1798413bf
kernel-doc-2.6.32-131.29.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: 91bf610873fb57bd64f148f7073b8834
SHA-256: 2ad717164c6814a68744bd7c6293b6f793a17b77d167091c78844bdf0abc0055
kernel-firmware-2.6.32-131.29.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: cb87407449255f53a1aa94ced22647a2
SHA-256: e07f271cca29f84e70dffb206506d68d5fe69a7ee9b602de4e6f9a4a1280ade6
kernel-headers-2.6.32-131.29.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: de9841cb7a8c5ee7e2bba07f25637401
SHA-256: 6b7a9eeb173223770680fd1639b8b2bac35455dc87e127d5fe4ec7681f190fbc
perf-2.6.32-131.29.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: cd2cce9e704e26b04c3a152652fd31ed
SHA-256: 7cd589242fac8149f12ae5950c4dbd7ffdf4c32f88cc20d4ef34f251d2b2ab50
perf-debuginfo-2.6.32-131.29.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: 5ac06c5560c856b09a04bd0a7b135d99
SHA-256: f6b769b09ad1b737fcbf1ad0cd6479f964f2bbc96db32901133a6f7ace5540f6
 
PPC:
kernel-2.6.32-131.29.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 97c5c1df727010cdb809f33e905ed0e5
SHA-256: fd73ee041b297c203dc8a8d1c22ffead3679127bba5cebf1fbae9a4201c65a96
kernel-bootwrapper-2.6.32-131.29.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: a24c9ba04f55136bf5463e732aa53288
SHA-256: 2f1485735d21560ab78805f4ecae968cf7ffc357a46786706db92fa0c24663c9
kernel-debug-2.6.32-131.29.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: b0c702585d4a2ce37828dc204807e648
SHA-256: 6729703243a301f4c118fcefdcde75bbcd4718db24dd611ac133b1b887a45f28
kernel-debug-debuginfo-2.6.32-131.29.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: c3448a5729843e2e5e212f7e95097fe3
SHA-256: 52c3ec694e60e1d165cd750b17944625d1ed019386278dab55f0ba60025863b5
kernel-debug-devel-2.6.32-131.29.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 195cca5f5b7cab86ced52ab09ff51aa6
SHA-256: 09429520b2843b175079da8ab535bba89a097be5d86dd7df797628db3886516d
kernel-debuginfo-2.6.32-131.29.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: af5a10e8289d2aa613a5b281f5fe74e6
SHA-256: 8cba990ec2b7f1c015bac840ac3fb9697b105357880c7a2c1b5750a3574c7cf9
kernel-debuginfo-common-ppc64-2.6.32-131.29.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 5bab8d2e361ac705b2d74075a9a6b5e1
SHA-256: a7f794c95fe81790604ec25ebda03d4b75ac063e07a1337d116c43144bf29ecc
kernel-devel-2.6.32-131.29.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: b4d2608fc8917a76fe39470ec1156447
SHA-256: 55a5735deda0ab3e3eb128701cf2766d008dbd26b941b7510fd80b723158b7f0
kernel-doc-2.6.32-131.29.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: 91bf610873fb57bd64f148f7073b8834
SHA-256: 2ad717164c6814a68744bd7c6293b6f793a17b77d167091c78844bdf0abc0055
kernel-firmware-2.6.32-131.29.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: cb87407449255f53a1aa94ced22647a2
SHA-256: e07f271cca29f84e70dffb206506d68d5fe69a7ee9b602de4e6f9a4a1280ade6
kernel-headers-2.6.32-131.29.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 420cc786fb6cebb20ad161a5ee0b4268
SHA-256: 680e86e119a365b8db4524421aefbe4135f2d8f9d421e7ed0e961cadf6709659
perf-2.6.32-131.29.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: e14b0cedcef26bc4f90281ff2e009bc8
SHA-256: b359eaab68b66e20109a57b25506ab3641feeb02e115c7555148b5713edd6d07
perf-debuginfo-2.6.32-131.29.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: e0bef2a748fbe66e6f05d28041d9e50d
SHA-256: 8ea9591a8f726848e84bfbc53e7f10fdc3ba9a5ba6a447fa7d96ed58b27d9a30
 
s390x:
kernel-2.6.32-131.29.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 125fa2f24babcbcd1588015ec9785fa1
SHA-256: 63b4a1f74befd4137b4e099063f824f8bbd7b16414851b1594403f713d764fbe
kernel-debug-2.6.32-131.29.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 2a5e2dfa7107094b777ea536cbaf0e1d
SHA-256: cb96b569b4d14cb5462221c2a8abdec2cb62de2fc5aa4d35432c06bf56eb8f65
kernel-debug-debuginfo-2.6.32-131.29.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 001948f5056bd4a98f6d83a0129c4c96
SHA-256: 918198d29220e2228caae95a708e2a9f8b3588bc7e79d705a12da02c7e78368c
kernel-debug-devel-2.6.32-131.29.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 4eeefe6c2c1cdbf1c1973ac70df7589c
SHA-256: 6f417da00eaa217b75191ef74e9cad5ec199e3524a8ae3b3b10abcf1ddcf7c1e
kernel-debuginfo-2.6.32-131.29.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 80254c88a4551ebf1491ee3c3aa79ca9
SHA-256: e4734b1a52cef68aa388bdf201e061e2f727a933d84893563fc070d644f5c227
kernel-debuginfo-common-s390x-2.6.32-131.29.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 2863d075a5cf0ddb5a5636e75529da4d
SHA-256: 9557bc8bf7a0930fb2a9da7e72d8e60e35a59523523838b6f900f4d23b565b7d
kernel-devel-2.6.32-131.29.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 2d47abf2621f99ac506026a53f47d95a
SHA-256: 45cce5a65275eaab9ef60c72b4742eebf35b4e5f1c410dd76b6664d994216ffb
kernel-doc-2.6.32-131.29.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: 91bf610873fb57bd64f148f7073b8834
SHA-256: 2ad717164c6814a68744bd7c6293b6f793a17b77d167091c78844bdf0abc0055
kernel-firmware-2.6.32-131.29.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: cb87407449255f53a1aa94ced22647a2
SHA-256: e07f271cca29f84e70dffb206506d68d5fe69a7ee9b602de4e6f9a4a1280ade6
kernel-headers-2.6.32-131.29.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 01d7c7471c1a33de00ca2af5a530c5f1
SHA-256: 87475901301abed6220fb8c83cc2c2703e4964e6a5aa829fe79717d325c08161
kernel-kdump-2.6.32-131.29.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 87e1e2e90d96b610e749ee2218a48767
SHA-256: 19e960d7f87f6f58d9d4e4f9398e3f0dc54c6692c2f69b8519864669dbb4312d
kernel-kdump-debuginfo-2.6.32-131.29.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 01f7f067af2cea0ef43fa56fc3c7f3cf
SHA-256: dc05059e975fe78f8615e26fd18cf17a146116f9fe60c9871c09a8cb2b79e090
kernel-kdump-devel-2.6.32-131.29.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 48701cac5ac3e8441ce4f37ca51d8deb
SHA-256: 1a3dcc1ab2f48e73ee4bb19bab00a77fe272a1a9f42864eea2d5ad922dfc4268
perf-2.6.32-131.29.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 24db028f1d2f156dafcc6c76db124399
SHA-256: ae0c3d9784565fa324134afe76de2ee38daa8a29b224b7d24c6ec15ae2c099fe
perf-debuginfo-2.6.32-131.29.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 1a3c27012a144352c04003b15731f392
SHA-256: 63d1ffe34bb2db3323442115251eb6ec89aaee1b60702cd4ba40ced776faa525
 
x86_64:
kernel-2.6.32-131.29.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: fba62bb6f905e7027c19a7f0b5a23968
SHA-256: ed27d265808aa402e8243763db39e834a63a43e397109a59ef7b5a71698d2e79
kernel-debug-2.6.32-131.29.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: f19633b9b68c95e27f54f1632a8cd440
SHA-256: 485f7a3a3bb3ad74f4fcb8efa4f37b6ec81cb75b91a7878563fc5426f68a962b
kernel-debug-debuginfo-2.6.32-131.29.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 4ff6129c1d09fa3d82125b0c1124ba95
SHA-256: 0cb75187e76f2eb025805240a8e68c3bee1dc1290c0d55448f3d5fd2e346f57e
kernel-debug-devel-2.6.32-131.29.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 642c61cbedbf867f7e7e9e1933ca2354
SHA-256: 0a44b0037329cb16c757e4feb77c32e39860df61845677d2f2eeb836bda56c98
kernel-debuginfo-2.6.32-131.29.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 0930355f3d8ddb7a84a3aa2be4a32319
SHA-256: 90eb5f4f2ffba66eb2e56d730085689f0d884d107673bfc6705179d5e7eccd47
kernel-debuginfo-common-x86_64-2.6.32-131.29.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 4723ffcfe73a0ff5ece8f74dd53e64f9
SHA-256: aafa7a75a3c5c04ea362fc0fe9b23d797a2724fcce33c7076345410c50ac6c85
kernel-devel-2.6.32-131.29.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: ab621c9ccc5991c27f2f602926c4284f
SHA-256: af3e550769bb951f59d5bf0735b9bb653329e48f88ebbb994585ecc7f1961103
kernel-doc-2.6.32-131.29.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: 91bf610873fb57bd64f148f7073b8834
SHA-256: 2ad717164c6814a68744bd7c6293b6f793a17b77d167091c78844bdf0abc0055
kernel-firmware-2.6.32-131.29.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: cb87407449255f53a1aa94ced22647a2
SHA-256: e07f271cca29f84e70dffb206506d68d5fe69a7ee9b602de4e6f9a4a1280ade6
kernel-headers-2.6.32-131.29.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: c80f9e517e9a18a8b947c22b0e98269f
SHA-256: 605cecfbc695e7f64fcb898532348e2a63da9b2147e1680875adc81dbade4df5
perf-2.6.32-131.29.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 321520318eed93ff5eaba0679a18bf1c
SHA-256: ad17d12204bfb2649a6350b45cbca2b35e9758d33eb6682450605518b73c2d20
perf-debuginfo-2.6.32-131.29.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 22c00959a471cbf6f303d443b610dfaf
SHA-256: d59a39def238e686dd8b4b3203781221fa7ffad5b411ef12a9b8eaff386e283d
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

756084 - CVE-2011-4347 kernel: kvm: device assignment DoS
772894 - CVE-2012-0044 kernel: drm: integer overflow in drm_mode_dirtyfb_ioctl()
773280 - CVE-2012-0038 kernel: xfs heap overflow
799209 - CVE-2012-1097 kernel: regset: Prevent null pointer reference on readonly regsets
803793 - CVE-2012-1179 kernel: thp:__split_huge_page() mapcount != page_mapcount BUG_ON()


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/