Skip to navigation

Security Advisory Important: kernel security and bug fix update

Advisory: RHSA-2013:0928-1
Type: Security Advisory
Severity: Important
Issued on: 2013-06-11
Last updated on: 2013-06-11
Affected Products: Red Hat Enterprise Linux Server EUS (v. 6.3.z)
CVEs (cve.mitre.org): CVE-2012-4542
CVE-2013-0311
CVE-2013-1767
CVE-2013-1773
CVE-2013-1796
CVE-2013-1797
CVE-2013-1798
CVE-2013-1848

Details

Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 6.3 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A flaw was found in the way the vhost kernel module handled descriptors
that spanned multiple regions. A privileged guest user in a KVM
(Kernel-based Virtual Machine) guest could use this flaw to crash the host
or, potentially, escalate their privileges on the host. (CVE-2013-0311,
Important)

* A buffer overflow flaw was found in the way UTF-8 characters were
converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's
FAT file system implementation. A local user able to mount a FAT file
system with the "utf8=1" option could use this flaw to crash the system or,
potentially, to escalate their privileges. (CVE-2013-1773, Important)

* A flaw was found in the way KVM handled guest time updates when the
buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine
state register (MSR) crossed a page boundary. A privileged guest user could
use this flaw to crash the host or, potentially, escalate their privileges,
allowing them to execute arbitrary code at the host kernel level.
(CVE-2013-1796, Important)

* A potential use-after-free flaw was found in the way KVM handled guest
time updates when the GPA (guest physical address) the guest registered by
writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a
movable or removable memory region of the hosting user-space process (by
default, QEMU-KVM) on the host. If that memory region is deregistered from
KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory
reused, a privileged guest user could potentially use this flaw to escalate
their privileges on the host. (CVE-2013-1797, Important)

* A flaw was found in the way KVM emulated IOAPIC (I/O Advanced
Programmable Interrupt Controller). A missing validation check in the
ioapic_read_indirect() function could allow a privileged guest user to
crash the host, or read a substantial portion of host kernel memory.
(CVE-2013-1798, Important)

* It was found that the default SCSI command filter does not accommodate
commands that overlap across device classes. A privileged guest user could
potentially use this flaw to write arbitrary data to a LUN that is
passed-through as read-only. (CVE-2012-4542, Moderate)

* A use-after-free flaw was found in the tmpfs implementation. A local user
able to mount and unmount a tmpfs file system could use this flaw to cause
a denial of service or, potentially, escalate their privileges.
(CVE-2013-1767, Low)

* A format string flaw was found in the ext3_msg() function in the Linux
kernel's ext3 file system implementation. A local user who is able to mount
an ext3 file system could use this flaw to cause a denial of service or,
potentially, escalate their privileges. (CVE-2013-1848, Low)

Red Hat would like to thank Andrew Honig of Google for reporting the
CVE-2013-1796, CVE-2013-1797, and CVE-2013-1798 issues. The CVE-2012-4542
issue was discovered by Paolo Bonzini of Red Hat.

This update also fixes several bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

Updated packages

Red Hat Enterprise Linux Server EUS (v. 6.3.z)

SRPMS:
kernel-2.6.32-279.31.1.el6.src.rpm
File outdated by:  RHSA-2014:0419
    MD5: f827507d268017c4b097bef963a828ca
SHA-256: 856d22c961ffceb97fba6b7d01fec0cc130316ef5b729a3c0f2589f5ecf3949e
 
IA-32:
kernel-2.6.32-279.31.1.el6.i686.rpm
File outdated by:  RHSA-2014:0419
    MD5: 73bb54eaf280eca696d616d611ead2e7
SHA-256: df07c30a2a55e4eacda85b2c7c490b3953758770e3b80f2af943fa2533ad1320
kernel-debug-2.6.32-279.31.1.el6.i686.rpm
File outdated by:  RHSA-2014:0419
    MD5: 4ce159d77a6d16385c9d81220ce13278
SHA-256: 7170d1252ae63a29d7e00ecfe7ff22fa9648a3003332645cc8794b09b7704013
kernel-debug-debuginfo-2.6.32-279.31.1.el6.i686.rpm
File outdated by:  RHSA-2014:0419
    MD5: a08dc2c622773b4e2089668c94714b5b
SHA-256: 52ca7a5b9408353af073c2894d0fa877a15663cda0def255a5580ee2d8145647
kernel-debug-devel-2.6.32-279.31.1.el6.i686.rpm
File outdated by:  RHSA-2014:0419
    MD5: b83522d335f3c53f8bfa9106ce36a766
SHA-256: 321a165c8fdff6b8e8f650160cd9bcf14c4a6ed189af723d5cd8a0bf4b200fa9
kernel-debuginfo-2.6.32-279.31.1.el6.i686.rpm
File outdated by:  RHSA-2014:0419
    MD5: 9c38ca6ce6bed89e5116c995a76f553d
SHA-256: ad9a9d6e23b53df383291aafe465fcf795db51d07f6dba574077f9f46db58259
kernel-debuginfo-common-i686-2.6.32-279.31.1.el6.i686.rpm
File outdated by:  RHSA-2014:0419
    MD5: 692501c45412bf19a32c2d3072af96dc
SHA-256: ce7ca63cd6b1e134fefa80eb6050b2db0b6265bd47d6547225d201420e52fc1e
kernel-devel-2.6.32-279.31.1.el6.i686.rpm
File outdated by:  RHSA-2014:0419
    MD5: af6898cf6530391c9f642fa23a313ce0
SHA-256: 4127ed78c6d47a8dbfd67bfbd33a5bdbad57af663e33036e9a5415dc20b6452a
kernel-doc-2.6.32-279.31.1.el6.noarch.rpm
File outdated by:  RHSA-2014:0419
    MD5: 822f572a3e3a0692ec89ae281a609853
SHA-256: 692daa85d9dbbf4054fdc19303a1eb3fcacd86d0b399a5af10872df636404280
kernel-firmware-2.6.32-279.31.1.el6.noarch.rpm
File outdated by:  RHSA-2014:0419
    MD5: b9b9bfb0e5a1a430871a9c4921940006
SHA-256: 4bcb7bedfa2b2c64fbcebc08d81e9866bb705c18182c1d547ff55dbe288c3723
kernel-headers-2.6.32-279.31.1.el6.i686.rpm
File outdated by:  RHSA-2014:0419
    MD5: 8740667697fc83a9dc4fc67705ea5ec5
SHA-256: e8a55be9c9da902477bf8e52928c14ea1f81a3ac7b65ffeffda96f387cb6ae88
perf-2.6.32-279.31.1.el6.i686.rpm
File outdated by:  RHSA-2014:0419
    MD5: c52b360649afb6d0efce2fd78c2e4868
SHA-256: 962f47a57df1564e8fcd0b9301bc08458db8b1b2febe8c0da92ea97be0eb9c5d
perf-debuginfo-2.6.32-279.31.1.el6.i686.rpm
File outdated by:  RHSA-2014:0419
    MD5: 0cbc6b856ccdb8b25b2428891e2871ce
SHA-256: daa0be1c6fe2ff8da13408cf8379c4fd22996feafa8d5ac3423841ce98a67397
python-perf-2.6.32-279.31.1.el6.i686.rpm
File outdated by:  RHSA-2014:0419
    MD5: 0936a3942b2da29a2f7a2efcbcec4a51
SHA-256: 893ce91d7849b73f9978deb0e92317542ae4d21b8eeefd380946bfaad10dd145
python-perf-debuginfo-2.6.32-279.31.1.el6.i686.rpm
File outdated by:  RHSA-2014:0419
    MD5: 0dfbec5c28021f04758ce544bdba272b
SHA-256: 5de07ed8e24fe9a50008d9993f314707fcfc8fee7652cf458b5392b062b55db2
 
PPC:
kernel-2.6.32-279.31.1.el6.ppc64.rpm
File outdated by:  RHSA-2014:0419
    MD5: c6c220e29bdcb6432a943313efcb9ee9
SHA-256: 4e00bf14f43aef8188272efbc4ad2756235104bb5f3b8a203c2bec7f6c16ca13
kernel-bootwrapper-2.6.32-279.31.1.el6.ppc64.rpm
File outdated by:  RHSA-2014:0419
    MD5: 830e4eb4c508d3ec207dbff16664b701
SHA-256: 5865bdfdaf36fda8537b6b6ea30332f797ecfd5812a4115ac3e5e1fff154fcf4
kernel-debug-2.6.32-279.31.1.el6.ppc64.rpm
File outdated by:  RHSA-2014:0419
    MD5: 1db6d8b107fe54a7e6db1e09799a9f97
SHA-256: 0f4a1c416ad3016a12941825aeef9ea5e8ecb5c5bb62fe697335f33fd8865c3d
kernel-debug-debuginfo-2.6.32-279.31.1.el6.ppc64.rpm
File outdated by:  RHSA-2014:0419
    MD5: b702b39f15d83fa1a45eb32fa37b1b06
SHA-256: e3882f94322c55833c693389d5c79aafb614abefceb06b8f2cb8c6bc24040fbb
kernel-debug-devel-2.6.32-279.31.1.el6.ppc64.rpm
File outdated by:  RHSA-2014:0419
    MD5: df34e18bac916e9cda0d4dfb2c25d597
SHA-256: a17dcd2e3efbefad93b9ce2e97041a029f9b92ebdd33fa11d55f6ad811d86e47
kernel-debuginfo-2.6.32-279.31.1.el6.ppc64.rpm
File outdated by:  RHSA-2014:0419
    MD5: dbe2235e5938af9bc6f5b0e59f02e620
SHA-256: ba4feb2d0926c05cb873a1045f46f5d0e345b34fabc869029e96ada8fe6d5d16
kernel-debuginfo-common-ppc64-2.6.32-279.31.1.el6.ppc64.rpm
File outdated by:  RHSA-2014:0419
    MD5: d84219eec9eaeb7666533facfdf28220
SHA-256: 79c66956c2e402931a38eae01dab08e0de43f05d3b9f24507adebb553cd3efda
kernel-devel-2.6.32-279.31.1.el6.ppc64.rpm
File outdated by:  RHSA-2014:0419
    MD5: 6db76b84b0fa7d33df1cce842c9a4d8a
SHA-256: d492df12bfbf8937288f9aeba0cd3381ec2a8d9c7451e78e412b7e876b13e8d1
kernel-doc-2.6.32-279.31.1.el6.noarch.rpm
File outdated by:  RHSA-2014:0419
    MD5: 822f572a3e3a0692ec89ae281a609853
SHA-256: 692daa85d9dbbf4054fdc19303a1eb3fcacd86d0b399a5af10872df636404280
kernel-firmware-2.6.32-279.31.1.el6.noarch.rpm
File outdated by:  RHSA-2014:0419
    MD5: b9b9bfb0e5a1a430871a9c4921940006
SHA-256: 4bcb7bedfa2b2c64fbcebc08d81e9866bb705c18182c1d547ff55dbe288c3723
kernel-headers-2.6.32-279.31.1.el6.ppc64.rpm
File outdated by:  RHSA-2014:0419
    MD5: 47d75c9e8939671fffb978d6e11438bf
SHA-256: f302806e91f37110e326388d3ac512c531b59f3e78eeb9ad7ab5c8cdf5acd969
perf-2.6.32-279.31.1.el6.ppc64.rpm
File outdated by:  RHSA-2014:0419
    MD5: 365450e09e459c6cfe8e719975ed082e
SHA-256: e62142c6fa6a9eee890bc6870642c5c2f391b14b187c173da23eb374d3cfd98c
perf-debuginfo-2.6.32-279.31.1.el6.ppc64.rpm
File outdated by:  RHSA-2014:0419
    MD5: 60bb6ae971703019ff62c9b62a550f2d
SHA-256: 32e9445d4535c79512f55ba81323fafb0d638cd92f9398f0cfb70d14988c172d
python-perf-2.6.32-279.31.1.el6.ppc64.rpm
File outdated by:  RHSA-2014:0419
    MD5: 48af1a4480d57833fe253efcfc6871c2
SHA-256: 7efbec07cddb62fcc12fdcb698932be91595d3ac5d7122b57b3734093324bbc8
python-perf-debuginfo-2.6.32-279.31.1.el6.ppc64.rpm
File outdated by:  RHSA-2014:0419
    MD5: 3e5d18c06b100672e1b464f3a90e62a6
SHA-256: 116a6673a2bc8c232818ab124e3caeda7cbc22439ce2b3219b3b4ef68362b11c
 
s390x:
kernel-2.6.32-279.31.1.el6.s390x.rpm
File outdated by:  RHSA-2014:0419
    MD5: 69073d7954f3b3991f0c4514f4782ef8
SHA-256: 18413d5d1ca473ced130b86ac1f5de39541f1251b95c50ecafdac82446f4d3f1
kernel-debug-2.6.32-279.31.1.el6.s390x.rpm
File outdated by:  RHSA-2014:0419
    MD5: 4e55c1eea8350196e47ad0c80739364e
SHA-256: 09af6d1873c1dde4232a664f021c808e6e3a942ed5ca0946d969685bce858649
kernel-debug-debuginfo-2.6.32-279.31.1.el6.s390x.rpm
File outdated by:  RHSA-2014:0419
    MD5: 1e81addd7827378e9c639098650dbce2
SHA-256: 6bb1b036d9311d9216b8279b5449ce8afd9809d945337d10988db0e360ee15c7
kernel-debug-devel-2.6.32-279.31.1.el6.s390x.rpm
File outdated by:  RHSA-2014:0419
    MD5: a86fbb0a5d2d5d1c2526ae01b5152263
SHA-256: 50220bcf09a38b0710d48e515a3879dcc7c2e1b10964ab9e25e93d9592160f63
kernel-debuginfo-2.6.32-279.31.1.el6.s390x.rpm
File outdated by:  RHSA-2014:0419
    MD5: e51c3dba87e80d77ac138f1063afbfd6
SHA-256: 0fb3b7b256201d9c3885ef3c2b54a8a4ea93ddad7895f2a99087867e09ac7e10
kernel-debuginfo-common-s390x-2.6.32-279.31.1.el6.s390x.rpm
File outdated by:  RHSA-2014:0419
    MD5: 4605a2b4394ec296b347dd80c27ce3d4
SHA-256: 573ba0cc859fe7da46f9280da309c9a8807fa406a12d6121c57bee68ac9192b8
kernel-devel-2.6.32-279.31.1.el6.s390x.rpm
File outdated by:  RHSA-2014:0419
    MD5: 42ccc2653e321440e5dd20242590c513
SHA-256: b7ea72afb0d65753ad58a847f90572b90232c08126f6e1cac7e1aacf41e74fba
kernel-doc-2.6.32-279.31.1.el6.noarch.rpm
File outdated by:  RHSA-2014:0419
    MD5: 822f572a3e3a0692ec89ae281a609853
SHA-256: 692daa85d9dbbf4054fdc19303a1eb3fcacd86d0b399a5af10872df636404280
kernel-firmware-2.6.32-279.31.1.el6.noarch.rpm
File outdated by:  RHSA-2014:0419
    MD5: b9b9bfb0e5a1a430871a9c4921940006
SHA-256: 4bcb7bedfa2b2c64fbcebc08d81e9866bb705c18182c1d547ff55dbe288c3723
kernel-headers-2.6.32-279.31.1.el6.s390x.rpm
File outdated by:  RHSA-2014:0419
    MD5: 34273c85ac832386b8fd43d3bcc3567d
SHA-256: 60883169ba35923d08590074d26b64758da5a0d3e229da4a4286bfa994c53f3b
kernel-kdump-2.6.32-279.31.1.el6.s390x.rpm
File outdated by:  RHSA-2014:0419
    MD5: a293b230248c055a9f9aa5b095db51ff
SHA-256: 3c934e5e18e71f9dd9a35e0bdfc37d07a9cab0f442054fd87c4d17edba25f9f3
kernel-kdump-debuginfo-2.6.32-279.31.1.el6.s390x.rpm
File outdated by:  RHSA-2014:0419
    MD5: 3ca3e8448b98bf939f2eab5e29570b79
SHA-256: 0625d615fb12d62ade917af8c34c71c21bfd2cdc430a4249578bbf54bfe33ad7
kernel-kdump-devel-2.6.32-279.31.1.el6.s390x.rpm
File outdated by:  RHSA-2014:0419
    MD5: 090ee9ede5abf2e068cfc09046b210b0
SHA-256: 08c80af63f05aa758007ddaf78f00fa3c83714f7dffa72c676315527b73fe4b1
perf-2.6.32-279.31.1.el6.s390x.rpm
File outdated by:  RHSA-2014:0419
    MD5: ad5a8b48956e7a4e93b153788dd01a7f
SHA-256: bc28edb10950180f3b11d44ac87a4cc8ce6f9d7ffc648d170a0b8da390a9e1cf
perf-debuginfo-2.6.32-279.31.1.el6.s390x.rpm
File outdated by:  RHSA-2014:0419
    MD5: a43fac938d6c469eb14d3bd89ff3a8ee
SHA-256: 229679ac2ca7c02618fe1db2e51d6a132dc9b749fa540f8264f84b6708fa9e1b
python-perf-2.6.32-279.31.1.el6.s390x.rpm
File outdated by:  RHSA-2014:0419
    MD5: b4c6767984c5e7cda475f39c04f75ded
SHA-256: 452687fd15d42aab033d964bc869b426aad488644b3b96c492feebb933991c40
python-perf-debuginfo-2.6.32-279.31.1.el6.s390x.rpm
File outdated by:  RHSA-2014:0419
    MD5: 0c65945acc07a939a397f160bf48b5d2
SHA-256: bab9ea46875fa32693d3fb9364aa7ac2934830c596e7a68df83aaadd4e861022
 
x86_64:
kernel-2.6.32-279.31.1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0419
    MD5: 043d9cf261af014edac5b48ab2b84381
SHA-256: 13ec84e9fb9087b7b57334950ac1a86efec2fe48446930c1f8b6b459a0df0b82
kernel-debug-2.6.32-279.31.1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0419
    MD5: 86189a3063bde049ec1cabd85f6f4ab4
SHA-256: 63f177e20874ab08e502b8cab024171e4d8e27b7d35569f345b3058043a515a8
kernel-debug-debuginfo-2.6.32-279.31.1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0419
    MD5: 3b3b7f5ce244a026ab4c63f7c12ea5b1
SHA-256: dfe93d24ed5f48b4c2ecce2f0b1464d4915011e455d2a223a9f3c48a2b78dcc1
kernel-debug-devel-2.6.32-279.31.1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0419
    MD5: 494e4f43b62e467994c7f74a19a6e9ed
SHA-256: 1ba76e235a4af3b892d7eacb18313cf81e8804951a6c34c3fdd58e381bb41863
kernel-debuginfo-2.6.32-279.31.1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0419
    MD5: 182e2840c5ff2a1663a7d8fc0dcc617c
SHA-256: 13c77714e19310ab74580a06f113d2bc0561e2e163a7059a71d90630841c2317
kernel-debuginfo-common-x86_64-2.6.32-279.31.1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0419
    MD5: c219a81fd3fad62c549f0157c7316e25
SHA-256: e868014b83fb2e84c8f3def99f214b055269509a4d1eeffd1f923eb97d505804
kernel-devel-2.6.32-279.31.1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0419
    MD5: 1f3293743e28829664bdc5c1330a1a99
SHA-256: 2c86774dc9b4c5e9bc63282e099e56fc39f5217f8597466130a3741a976f088c
kernel-doc-2.6.32-279.31.1.el6.noarch.rpm
File outdated by:  RHSA-2014:0419
    MD5: 822f572a3e3a0692ec89ae281a609853
SHA-256: 692daa85d9dbbf4054fdc19303a1eb3fcacd86d0b399a5af10872df636404280
kernel-firmware-2.6.32-279.31.1.el6.noarch.rpm
File outdated by:  RHSA-2014:0419
    MD5: b9b9bfb0e5a1a430871a9c4921940006
SHA-256: 4bcb7bedfa2b2c64fbcebc08d81e9866bb705c18182c1d547ff55dbe288c3723
kernel-headers-2.6.32-279.31.1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0419
    MD5: 78f08173c057bb64a58edf1f554737f5
SHA-256: 8a5c8e611aa0db377c9b2b7308103e4ca1443fc961bebf44d0340b3a983dc026
perf-2.6.32-279.31.1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0419
    MD5: 589396b53d45550b351801b3c1218222
SHA-256: 578c0b7432fba7ad7729ed458202353800ea32f1e4b2bb431fd43e7a8ee125fa
perf-debuginfo-2.6.32-279.31.1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0419
    MD5: 7fad8c594265647d6fb58f62d9abdce9
SHA-256: 961612a267086dfabbe48d788c82f6f5d4cdf84df697fc8180b6a476a290a6a2
python-perf-2.6.32-279.31.1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0419
    MD5: 864673d94721e2b2d8e27f4007ddbe4f
SHA-256: ae3a67ba7cd46fde08d20cfb83b60cd2aef8f19e3dbd64b5c44b7bdc3fa5261c
python-perf-debuginfo-2.6.32-279.31.1.el6.x86_64.rpm
File outdated by:  RHSA-2014:0419
    MD5: 9aeb9827a207ac9816a26248b7318f83
SHA-256: fae0a33a244443b43df487709adc6f290e03d22c5755f381910b00df0087a70d
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

875360 - CVE-2012-4542 kernel: block: default SCSI command filter does not accomodate commands overlap across device classes
912905 - CVE-2013-0311 kernel: vhost: fix length for cross region descriptor
915592 - CVE-2013-1767 Kernel: tmpfs: fix use-after-free of mempolicy object
916115 - CVE-2013-1773 kernel: VFAT slab-based buffer overflow
917012 - CVE-2013-1796 kernel: kvm: buffer overflow in handling of MSR_KVM_SYSTEM_TIME
917013 - CVE-2013-1797 kernel: kvm: after free issue with the handling of MSR_KVM_SYSTEM_TIME
917017 - CVE-2013-1798 kernel: kvm: out-of-bounds access in ioapic indirect register reads
920783 - CVE-2013-1848 kernel: ext3: format string issues


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/