Skip to navigation

Security Advisory Moderate: kernel-rt security, bug fix, and enhancement update

Advisory: RHSA-2012:1282-1
Type: Security Advisory
Severity: Moderate
Issued on: 2012-09-19
Last updated on: 2012-09-19
Affected Products: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)
CVEs (cve.mitre.org): CVE-2012-4398

Details

Updated kernel-rt packages that fix one security issue, several bugs, and
add enhancements are now available for Red Hat Enterprise MRG 2.2.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* It was found that a deadlock could occur in the Out of Memory (OOM)
killer. A process could trigger this deadlock by consuming a large amount
of memory, and then causing request_module() to be called. A local,
unprivileged user could use this flaw to cause a denial of service
(excessive memory consumption). (CVE-2012-4398, Moderate)

Red Hat would like to thank Tetsuo Handa for reporting this issue.

The kernel-rt packages have been upgraded to upstream version 3.2, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#798421)

This update also fixes various bugs and adds enhancements. Documentation
for these changes will be available shortly from the Technical Notes
document linked to in the References section.

Users should upgrade to these updated kernel-rt packages, which correct
this issue, fix these bugs, and add these enhancements. The system must
be rebooted for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

Updated packages

Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)

SRPMS:
kernel-rt-3.2.23-rt37.56.el6rt.src.rpm
File outdated by:  RHBA-2014:0381
    MD5: f989e57aab6570f05a30ceacf16883e5
SHA-256: 6267e5f0960b59d7802dca8233b34a3c3aa867178f6d4fec6745c5db8b2ed08d
rt-firmware-1.0-3.el6_3.src.rpm
File outdated by:  RHBA-2013:1293
    MD5: 21e01d5cad8fe5a7e53285b7d9a900d3
SHA-256: 1aab03ac36c7b80236893a20af050ac543962a2d601b156a7c1f6af6a65e6433
 
x86_64:
kernel-rt-3.2.23-rt37.56.el6rt.x86_64.rpm
File outdated by:  RHBA-2014:0381
    MD5: a44b74e9463c970e3edf7504233d7e5b
SHA-256: 6b3773a57b7870e0f7fadc2dcb1f68f797ca645fa62d8309c493d1320434d1a3
kernel-rt-debug-3.2.23-rt37.56.el6rt.x86_64.rpm
File outdated by:  RHBA-2014:0381
    MD5: a49ebd00f76248647d656cbe069a977a
SHA-256: d58d7c85278512c2cbc9deb262a0ad7de2bdf2eac98c268eac2d75e51da8352c
kernel-rt-debug-debuginfo-3.2.23-rt37.56.el6rt.x86_64.rpm
File outdated by:  RHBA-2014:0381
    MD5: 07f78b83cc52d95cc77edaaddec8a2cb
SHA-256: 706b2e63b7afaba29358cfe2d87cf58388299676c7de01e81adf3a88bc7f1b04
kernel-rt-debug-devel-3.2.23-rt37.56.el6rt.x86_64.rpm
File outdated by:  RHBA-2014:0381
    MD5: ec1abbaf3ac02a29a6a10e38561baea1
SHA-256: 8343de646f3cc8291dc13fc0ad7a712d449e853ca28ee99400896124954e89ac
kernel-rt-debuginfo-3.2.23-rt37.56.el6rt.x86_64.rpm
File outdated by:  RHBA-2014:0381
    MD5: 90a5d7eaf2da878ff6c282677f6cb1ce
SHA-256: 339f3440ce59b191f8f03f11d8e3a4cd0056243eea273b5063606ab9bbcaca08
kernel-rt-debuginfo-common-x86_64-3.2.23-rt37.56.el6rt.x86_64.rpm
File outdated by:  RHBA-2014:0381
    MD5: 37651f37a448cbc7a92316937fc244e3
SHA-256: b754938d08bf9f9171c9f5b074c07ca85fd4f354855a9f4c617d0c1dec013f72
kernel-rt-devel-3.2.23-rt37.56.el6rt.x86_64.rpm
File outdated by:  RHBA-2014:0381
    MD5: a9ac66be912ed0cee5bee258c9ed91b5
SHA-256: 1bb388abb24de528c79c3fe32a5ca25fe8a67841454c46065cf53d4147a580ef
kernel-rt-doc-3.2.23-rt37.56.el6rt.noarch.rpm
File outdated by:  RHBA-2014:0381
    MD5: 4b9e455df568066548c208d3b2e7be8f
SHA-256: 0d20448d7a22c4a244d16e00bc8a3ed0625db3f35452494e594f0e6c0376f008
kernel-rt-firmware-3.2.23-rt37.56.el6rt.noarch.rpm
File outdated by:  RHBA-2014:0381
    MD5: e41dd950b3c3a6571a6b02acd5935028
SHA-256: 6e5ba5de3f2c5e239f35a33d01c583a38c8a9ad9cc602f7c886baf3469cffecb
kernel-rt-trace-3.2.23-rt37.56.el6rt.x86_64.rpm
File outdated by:  RHBA-2014:0381
    MD5: 4c1fe828d9b657f32ad93e16527f5b65
SHA-256: 6b903bed9ce68df7b73e2e9a9f67ee359eb5220521bef4d26f4d094d5da4984d
kernel-rt-trace-debuginfo-3.2.23-rt37.56.el6rt.x86_64.rpm
File outdated by:  RHBA-2014:0381
    MD5: 6673b540a67128715dd10fabf88b5d9e
SHA-256: 2e81e48fd4788c63aadea68cabb7fcc78e749e5bd2ea148fbbd33c5a1b2e1a00
kernel-rt-trace-devel-3.2.23-rt37.56.el6rt.x86_64.rpm
File outdated by:  RHBA-2014:0381
    MD5: 1ab35684e0bd5ad8deeece2392125cf9
SHA-256: 520e37ea6738d093a9309dd4af35e33d247f9e1ebd7a87408f20b827572c7ad8
kernel-rt-vanilla-3.2.23-rt37.56.el6rt.x86_64.rpm
File outdated by:  RHBA-2014:0381
    MD5: fca6611440d9a6f618982395037743ce
SHA-256: 70ff29a067c85ecdf173dc6b9476f5590977c2ab7cacc6dc31c732e0881128b5
kernel-rt-vanilla-debuginfo-3.2.23-rt37.56.el6rt.x86_64.rpm
File outdated by:  RHBA-2014:0381
    MD5: cc170d87f821929cd6f09c4ed13d8be7
SHA-256: 70e1c5153fa35545dd93be7b41f7796339b2b806098c05be5a4722f8a5b35dd9
kernel-rt-vanilla-devel-3.2.23-rt37.56.el6rt.x86_64.rpm
File outdated by:  RHBA-2014:0381
    MD5: 0b5c6f3e715aadef4a31afa3651d92db
SHA-256: 7d5f09f2449d7fbe448c76ae139310e402495f47589ba9274a24aad9f33a8b3a
mrg-rt-release-3.2.23-rt37.56.el6rt.noarch.rpm
File outdated by:  RHSA-2013:1490
    MD5: 2804c92148ab40aba2591b4e051919b1
SHA-256: 59db686fa8c38be187415463287d45e6b0fbfc0fb33b13418c4abfee71a61e4e
rt-firmware-1.0-3.el6_3.noarch.rpm
File outdated by:  RHBA-2013:1293
    MD5: 452ca2da757ca12db524ea5574ed17e9
SHA-256: 0ff05324ad27bd58b926f3ddff144ef77a7b8af0c0738c9ec992ff70f5c7dc34
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

725799 - diskless support for MRG 2.x
786083 - iptables unable to log to rsyslog
798421 - Rebase MRG RT kernel to 3.2-rtX series
798423 - InfiniBand stack refresh in MRG RT
799385 - Thread can dead lock in migrate timers
799386 - The futex proxy handler grabs the pi_lock without disabling interrupts
799389 - lglocks can be taken and never released on cpu offline and onlining
799391 - Tasks waiting on a state change of another task may get wrong result
799399 - ftrace_dump() can cause issues on RT
814689 - missing /proc/sys/crypto/fips_enabled in 3.2.14-rt24.22.el6rt.x86_64 causes openssh errors
815937 - 3.0.25-rt44.57.el6rt.x86_64 missing firmware rtl_nic/rtl8168e-2.fw
825344 - new mrg-rt-release sub-package [mrg2.2]
834583 - kernel-rt-3.2.20-rt32.44.el6rt.x86_64 floods the console with "DMAR [fault reason 02] Present bit in context entry is clear"
842680 - kernel 3.2.23-rt37.49.el6rt.x86_64 doesn't create symlinks to /lib/firmware/mrg-rt-firmware
853474 - CVE-2012-4398 kernel: request_module() OOM local DoS


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/