Skip to navigation

Security Advisory Important: kernel security and bug fix update

Advisory: RHSA-2012:1430-1
Type: Security Advisory
Severity: Important
Issued on: 2012-11-06
Last updated on: 2012-11-06
Affected Products: Red Hat Enterprise Linux Server EUS (v. 6.1.z)
CVEs (cve.mitre.org): CVE-2012-3412

Details

Updated kernel packages that fix one security issue and three bugs are now
available for Red Hat Enterprise Linux 6.1 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* A flaw was found in the way socket buffers (skb) requiring TSO (TCP
segment offloading) were handled by the sfc driver. If the skb did not fit
within the minimum-size of the transmission queue, the network card could
repeatedly reset itself. A remote attacker could use this flaw to cause a
denial of service. (CVE-2012-3412, Important)

Red Hat would like to thank Ben Hutchings of Solarflare (tm) for reporting
this issue.

This update also fixes the following bugs:

* In the hpet_next_event() function, an interrupt could have occurred
between the read and write of the HPET (High Precision Event Timer) and the
value of HPET_COUNTER was then beyond that being written to the comparator
(HPET_Tn_CMP). Consequently, the timers were overdue for up to several
minutes. Now, a comparison is performed between the value of the counter
and the comparator in the HPET code. If the counter is beyond the
comparator, the "-ETIME" error code is returned, which fixes this bug.
(BZ#855280)

* Traffic to the NFS server could trigger a kernel oops in the
svc_tcp_clear_pages() function. The source code has been modified, and the
kernel oops no longer occurs in this scenario. (BZ#856104)

* A kernel oops occurred in the nf_nat code when a bogus pointer was
dereferenced in the nf_conn_nat structure. Consequently, if Source Network
Address Translation (SNAT) was performed, incorrect information could be
received by other CTS (Clear to Send) signals. A conntrack entry is now
placed in the source hash after SNAT has been completed, which prevents the
described problems. (BZ#865714)

Users should upgrade to these updated packages, which contain backported
patches to resolve these issues. The system must be rebooted for this
update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

Updated packages

Red Hat Enterprise Linux Server EUS (v. 6.1.z)

SRPMS:
kernel-2.6.32-131.35.1.el6.src.rpm
File outdated by:  RHSA-2013:0841
    MD5: 8fb94e5f966b24dbafb7a5617e99e1de
SHA-256: dca013fe39fdc45b6f63807a879cb1d0af7be622d3bc942a1bee3ca7b3fbc36d
 
IA-32:
kernel-2.6.32-131.35.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: f21ff53be20be8e7bc7c9127e5475f3a
SHA-256: 3e2fb7c1a3a9336c458586ecab47b331bafafd29d4fbcd4e5e63a57a40be87b3
kernel-debug-2.6.32-131.35.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: 74747dc1a41495382d3c4c5132f827cd
SHA-256: f22765bbd12d1946ca9b4410d9c9369caa4c557644a627e182de6637a5779191
kernel-debug-debuginfo-2.6.32-131.35.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: 418ef1d0aa530a485f3aa73559ba001a
SHA-256: 4381e90ad43dc275625062f43716511ca29a5a98551d5a6d25ee4c755e003dd5
kernel-debug-devel-2.6.32-131.35.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: bd0bebd172aaa83982a40d2708e5725b
SHA-256: 8bf13db27cf03a51585064596cbf33bb023f92cf4a1f1d88420008695132ffe2
kernel-debuginfo-2.6.32-131.35.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: ef75f8b88587e2bfa6fc388a43d41da9
SHA-256: 8c50ffb70fe4ef5b69c7855529ec547ab1947d31a7a950acba15eb5830222dc7
kernel-debuginfo-common-i686-2.6.32-131.35.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: d8347f781f0f0b26e8e79ce601cdada5
SHA-256: a94aeb8b5e99fb2191322491e395b8c6b7e7db8c5fa01a0f2289a9250c9574da
kernel-devel-2.6.32-131.35.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: 0b8b6cb4431d3082c2484f9e5f0a3a3b
SHA-256: ea3af25a33e1a8acf49e887367ade47980d9a4ac71816402fb7c683406ec481d
kernel-doc-2.6.32-131.35.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: 69309c2290be01092364fee74b2cbb2d
SHA-256: 471ee9555202786dcf688c53e27587565b4334e7439838321671a6619b78659d
kernel-firmware-2.6.32-131.35.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: fad27aefc361d6f865c8a7b4ef6b77b1
SHA-256: adbda799a58a393508f81ef3d8de89e040ffbc09a57310d71f06409bac73f90c
kernel-headers-2.6.32-131.35.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: de81007b6c4167fb15f5ebad3123fd1a
SHA-256: a12567905ad050893d3c2df3f3e742173234218eaa69a9e19e16d648b218a13e
perf-2.6.32-131.35.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: 3c40092c9105bcaf5ae1ad76079a23bd
SHA-256: d157574d4e231473263cbe14adf2f8572e2f8dff55054436be65493f628bc2c6
perf-debuginfo-2.6.32-131.35.1.el6.i686.rpm
File outdated by:  RHSA-2013:0841
    MD5: ce41118bd9287566e062a7aa2d4f031a
SHA-256: 7188dd23d07380689b98b5b4de72660122cf8224ab6fc15a84548a3e84bd4db4
 
PPC:
kernel-2.6.32-131.35.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 7040610abdfd45fa3287174d8c1c1831
SHA-256: 9e5be5018835ecdc9078958e3fbfba0639326a59f201a80eb532f0dc5d81df1d
kernel-bootwrapper-2.6.32-131.35.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 6137024f022199f919f0d36d8ef166f3
SHA-256: a4f0a172af6db0199bb4af567ae2367b5bf9ea51296438276e08b3a20262b306
kernel-debug-2.6.32-131.35.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: badfc58ca354457fb2ec5d59651bec1f
SHA-256: 2b05c13788e4d0c57c3f71dbd429affdb7ad27e61ed603397459457135446287
kernel-debug-debuginfo-2.6.32-131.35.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 516742cce036235775f13bcce1675c2a
SHA-256: 902da3cccc5629c674426342057a5a81f244a0cf73d463a3878b77c7e39ed37b
kernel-debug-devel-2.6.32-131.35.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: a01f847224426625a0cea9861ff5fb26
SHA-256: a4285621c951c2c59656f1ff0554f44e21b57a2d8021566a3ddc4bcb37ff0437
kernel-debuginfo-2.6.32-131.35.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 52265a11271e3a121588fd423ffe72bc
SHA-256: 24751f0b69ad8e2f39cf7fccecc54a1e476fc79d6d36155c29357f280a84d127
kernel-debuginfo-common-ppc64-2.6.32-131.35.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 28a20088bb598dda1462c1a3af0d7329
SHA-256: 8117c88fb3f8896ee986fb304687efdc1ee13c9d1ce7b0465d77452455ef1b25
kernel-devel-2.6.32-131.35.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 9d59d099cd16d51ec25d8010cef96497
SHA-256: 52618c4d1ffa5393354a4cec0127719d592bfb6572693db3a9aa2ea9728d3574
kernel-doc-2.6.32-131.35.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: 69309c2290be01092364fee74b2cbb2d
SHA-256: 471ee9555202786dcf688c53e27587565b4334e7439838321671a6619b78659d
kernel-firmware-2.6.32-131.35.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: fad27aefc361d6f865c8a7b4ef6b77b1
SHA-256: adbda799a58a393508f81ef3d8de89e040ffbc09a57310d71f06409bac73f90c
kernel-headers-2.6.32-131.35.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 2f0277411e3c8e050151a70976230d2b
SHA-256: 9dec70d1d6c7532e865b6f67ae4615376e75c64afc3996125a0879a1600d6f43
perf-2.6.32-131.35.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 445e36893d772461cc3c76e47e6463e7
SHA-256: fe9e66f7a2955747573c502248f1ab5878bbe25edbb71d8a0435b03ac736b7f5
perf-debuginfo-2.6.32-131.35.1.el6.ppc64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 1f7a1ba8caad37b1ab4ab28a3e46070a
SHA-256: 5bb36f5cb7cc10945e41441464d7c9735a66d171b719fe9245888d0ba1e3eed7
 
s390x:
kernel-2.6.32-131.35.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: d4c3c71e9fe6e37e872867309611c29b
SHA-256: e0bbe1983489549212427ee3fd9aa20bbdd94d550022cb21da3b864716cd6a3e
kernel-debug-2.6.32-131.35.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 29302966b091f9b23de6d1e63eaa060c
SHA-256: 10de9f0db2e0458c4408329c5bb4fa49d235e93a6a5988971774df020f76638c
kernel-debug-debuginfo-2.6.32-131.35.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 69abe7f893db742afb421906834c7faa
SHA-256: b7e20221731e90d81e601b7e568ccfdc9d4370b7b14ee5883c5db69d3e1ef5b0
kernel-debug-devel-2.6.32-131.35.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 7a5b2fb366262f3a79a7560f4f132ea6
SHA-256: 59986acaa3e96328b11dbd277c4c08978cfd3525469dacd79a3dabf7ab241189
kernel-debuginfo-2.6.32-131.35.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 21d56e86181af517c85b5ca9e0a96b7f
SHA-256: 49aaeefc25022d9437d7507e9e5839fd12ba61429b074fd59e2e16d4d6565a98
kernel-debuginfo-common-s390x-2.6.32-131.35.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 7da5144a938b130c6184ae5867cdab3a
SHA-256: a139189c107b1897b46d796aa47330ffcdca62eb674e252d4ef2900c3ba4405c
kernel-devel-2.6.32-131.35.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 4b52701e58f21452430e27f47cb418e8
SHA-256: 58166fe442bfe567269cbabc2812d9c14d93253c70f0ee7508e3dfa8a6805a99
kernel-doc-2.6.32-131.35.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: 69309c2290be01092364fee74b2cbb2d
SHA-256: 471ee9555202786dcf688c53e27587565b4334e7439838321671a6619b78659d
kernel-firmware-2.6.32-131.35.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: fad27aefc361d6f865c8a7b4ef6b77b1
SHA-256: adbda799a58a393508f81ef3d8de89e040ffbc09a57310d71f06409bac73f90c
kernel-headers-2.6.32-131.35.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 7ca24714e4081f0ae09034478b2107a8
SHA-256: d535b2d5b8cb3dc99f9bde75b9155304addc641645e9ec018087cd41d96af883
kernel-kdump-2.6.32-131.35.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 67e86848fd224cc6a6290112adccbab0
SHA-256: 3d2367a7a92ee3c8d22d6514d4b75374a431bcdfe1ed516b98533ef2f6693208
kernel-kdump-debuginfo-2.6.32-131.35.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: 2c1be7e8b3ea9d3748fb7858e00cf2d9
SHA-256: ef6201c1410a3ca0a81d5d7532555001979a9c0ea39139e228ee55f11613865f
kernel-kdump-devel-2.6.32-131.35.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: b2726d94ea7259b722ab393e582858f3
SHA-256: cf4af630f18fb0a77a875307e9b69a931aca4e25c6411f33fecdb4d00da66a97
perf-2.6.32-131.35.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: fb25a1b663ebfe5af384648ce9d342b8
SHA-256: 1aaf23346aa2c48206ecfd3e9fbcd3e2efdbacb80f8406c1e93257a1901d567d
perf-debuginfo-2.6.32-131.35.1.el6.s390x.rpm
File outdated by:  RHSA-2013:0841
    MD5: b74211f534d77d97af36031f301950d2
SHA-256: a79b0ae09451fb59f86e25e8facd1e6641262d79ba1e6a905e1a67eeb4b7f82f
 
x86_64:
kernel-2.6.32-131.35.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 46b93e0ccbe672350b64f5f5457e0125
SHA-256: a2b3cf3c073e7647a04fd69ae5edd421d0c1bc556380ccdac6c19abaeef09659
kernel-debug-2.6.32-131.35.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 64e3806aa45ce6067540a586050221d8
SHA-256: 4706bebd1b2ac717a306e86c818e687e148901a6c958d5595a9962be54d57d46
kernel-debug-debuginfo-2.6.32-131.35.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 3e4a3196c42528c64b794964e2b7ec59
SHA-256: 17ec1e7b506e5251907221ea2c2519c624a949e8635ff37b3219d08be7ba649c
kernel-debug-devel-2.6.32-131.35.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: fc4c4bc1dc85aa57eadcf344d2eceb88
SHA-256: 8080a4c60d01bbaf0ebcfcdbe56567356f05e7a222e7a06ccd7449b14c7dc135
kernel-debuginfo-2.6.32-131.35.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 0fdff7d9984179e0ea3cd17d37612c04
SHA-256: c769302ccf74ea527ef92b8e17f1ff1c3660c2602261e64a8855f9c4f42b8059
kernel-debuginfo-common-x86_64-2.6.32-131.35.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: adcc0d01225c20602208f3b428dfab24
SHA-256: 2e65c59d1497cc272393133470dd0e7778de3c776237e3dfe677150783111d5b
kernel-devel-2.6.32-131.35.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 7c47bf322ac9f8a3d7f589d7632b214a
SHA-256: a5703088b7eaae497a2fd4f0df35fc08b70d68cdb42a1828daa987887b45961b
kernel-doc-2.6.32-131.35.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: 69309c2290be01092364fee74b2cbb2d
SHA-256: 471ee9555202786dcf688c53e27587565b4334e7439838321671a6619b78659d
kernel-firmware-2.6.32-131.35.1.el6.noarch.rpm
File outdated by:  RHSA-2013:0841
    MD5: fad27aefc361d6f865c8a7b4ef6b77b1
SHA-256: adbda799a58a393508f81ef3d8de89e040ffbc09a57310d71f06409bac73f90c
kernel-headers-2.6.32-131.35.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 954f0dd5a1fd59969554238ced697f96
SHA-256: 001a30a7123bef4fe5fd7f2df524b1b44db92a56f9e83b7204c6a14ed2590103
perf-2.6.32-131.35.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: e76840b0d99d0e05a5e4400fd3d4b4e5
SHA-256: ca39ec9fbfeea189fd9480023001944b96add0b46d746be3eff501119aa79408
perf-debuginfo-2.6.32-131.35.1.el6.x86_64.rpm
File outdated by:  RHSA-2013:0841
    MD5: 18c1677ede8c62d3a9a5301dbdddf38d
SHA-256: 7590f18e23c8627bd278c04e8e64ccef642917a1030a4783f9d44cce8ca78de5
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

844714 - CVE-2012-3412 kernel: sfc: potential remote denial of service through TCP MSS option


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/