Security Advisory Important: kernel security and bug fix update

Advisory: RHSA-2014:0593-1
Type: Security Advisory
Severity: Important
Issued on: 2014-06-03
Last updated on: 2014-06-03
Affected Products: Red Hat Enterprise Linux Server EUS (v. 6.3.z)
CVEs (cve.mitre.org): CVE-2014-0077
CVE-2014-2523

Details

Updated kernel packages that fix two security issues and one bug are now
available for Red Hat Enterprise Linux 6.3 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel's netfilter connection
tracking implementation for Datagram Congestion Control Protocol (DCCP)
packets used the skb_header_pointer() function. A remote attacker could use
this flaw to send a specially crafted DCCP packet to crash the system or,
potentially, escalate their privileges on the system. (CVE-2014-2523,
Important)

* A flaw was found in the way the handle_rx() function handled large
network packets when mergeable buffers were disabled. A privileged guest
user could use this flaw to crash the host or corrupt QEMU process memory
on the host, which could potentially result in arbitrary code execution on
the host with the privileges of the QEMU process. (CVE-2014-0077, Moderate)

The CVE-2014-0077 issue was discovered by Michael S. Tsirkin of Red Hat.

This update also fixes the following bug:

* Prior to this update, a guest-provided value was used as the head length
of the socket buffer allocated on the host. If the host was under heavy
memory load and the guest-provided value was too large, the allocation
could have failed, resulting in stalls and packet drops in the guest's Tx
path. With this update, the guest-provided value has been limited to a
reasonable size so that socket buffer allocations on the host succeed
regardless of the memory load on the host, and guests can send packets
without experiencing packet drops or stalls. (BZ#1092350)

All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not use
"rpm -Uvh" as that will remove the running kernel binaries from your
system. You may use "rpm -e" to remove old kernels after determining that
the new kernel functions properly on your system.

Updated packages

Red Hat Enterprise Linux Server EUS (v. 6.3.z)

SRPMS:
kernel-2.6.32-279.46.1.el6.src.rpm     MD5: d2309f2aa5f22ccab40c458f1eb0fe68
SHA-256: 0cf0ed504137939d030cbc1a4b320e8e14694e6c9dbd265361e8812453bca636
 
IA-32:
kernel-2.6.32-279.46.1.el6.i686.rpm     MD5: 26dcfa8f0f83f42c4f012484625f242a
SHA-256: 947e6729e968d988007cbb1bef80bb33cd0a7dc00abe3a3476014e92c9c0dc12
kernel-debug-2.6.32-279.46.1.el6.i686.rpm     MD5: 73b29cb6a24273e44b8b7056e77492b5
SHA-256: 30edff1fd5f2b986c46a2eddd8020756a64129b85605aa70d2ac7e5f7cdd0e7b
kernel-debug-debuginfo-2.6.32-279.46.1.el6.i686.rpm     MD5: 4164d388da2857b22d577e043b112af9
SHA-256: 7b22c320d950e71a0054822ea829171f3669343864dc69e4cd8a980f6257414e
kernel-debug-devel-2.6.32-279.46.1.el6.i686.rpm     MD5: ade3a3cbdf00f0bd3297ec695846ff01
SHA-256: 7107f7f1120175d44fa0b2f64ed6adb2d17789fb0f5cff274e91a0b094c56a13
kernel-debuginfo-2.6.32-279.46.1.el6.i686.rpm     MD5: f5153d224802f6bf1811009946e11f6e
SHA-256: f275f2a3b27afdf902005b6c185303a4236c248595d931159c02781f15118c67
kernel-debuginfo-common-i686-2.6.32-279.46.1.el6.i686.rpm     MD5: 1e1e8509973d8448a95018c9ea12aaf4
SHA-256: 36bd95f73170cfcfe881d8df96e8dfc3f512e99b8f984ff9df81e86aa1903915
kernel-devel-2.6.32-279.46.1.el6.i686.rpm     MD5: 072eb7caf53a7285af039362a6d2ed79
SHA-256: ecb8ea9ef0992b509489db1eac0f802d11f7c5985e927329666d36fb825e5f81
kernel-doc-2.6.32-279.46.1.el6.noarch.rpm     MD5: a38eaeae645c906b7612427096627433
SHA-256: f0e9432897d4c80e52f14041dd55e9b076f44db047314171fa34ba1618fdbae8
kernel-firmware-2.6.32-279.46.1.el6.noarch.rpm     MD5: 9850f0f7267335819621655db0419d78
SHA-256: ad93f311928d11d4ab945f9ecd8150991213cbf60b0553617776d3ea22a22f7c
kernel-headers-2.6.32-279.46.1.el6.i686.rpm     MD5: a4657c90571aadd64f5bb5e82ab400af
SHA-256: b1e0cb3a9dbc371d3e641d5d0553de6789589700e7298b586f6585f4000f443c
perf-2.6.32-279.46.1.el6.i686.rpm     MD5: d05ea74df978e6860f4d07dc6ad5f1ab
SHA-256: b9876874ad69d09fa5bb989cfe218aee0c4964f2f8a3093f27ca9585a5e81ab6
perf-debuginfo-2.6.32-279.46.1.el6.i686.rpm     MD5: fe658db3466c9dbc91206567adb37fa7
SHA-256: b308e936a877df623760e82192eaf7251ea4a6ef29a1c4c5facc1ad0ef92de8c
python-perf-2.6.32-279.46.1.el6.i686.rpm     MD5: f67902ff6ec67e18881e450e7e187264
SHA-256: e7162189ad7fc524276c8bd704c7183486921af945a12e3fbbfdeadbdf43b5a1
python-perf-debuginfo-2.6.32-279.46.1.el6.i686.rpm     MD5: c1226296e705c5db8fd0e9f48b2ba923
SHA-256: 202035ceae900ce805f39637aef559fb9711400081f468f0968de904da656ed0
 
PPC:
kernel-2.6.32-279.46.1.el6.ppc64.rpm     MD5: bee71bab4d85c34ae1b3eed9223d0bd6
SHA-256: 77e804613147326bf976d66b2419d35dcf274d0a8c755ed7a95b8599317a567c
kernel-bootwrapper-2.6.32-279.46.1.el6.ppc64.rpm     MD5: d96be17658a175784d4279080c760c92
SHA-256: e2b5f5bce68ee826c6c2377b0c1daead1911ae704a7ef663e4fd0668c15b203f
kernel-debug-2.6.32-279.46.1.el6.ppc64.rpm     MD5: 6ce62d23ec7698118f56ec7253577e3b
SHA-256: 8f452204f46c0c462f1f2bcb1e5d241ccff17a1a67b27dc18eb079b30eba3dec
kernel-debug-debuginfo-2.6.32-279.46.1.el6.ppc64.rpm     MD5: 1afdfeb31ab041cd1d2e2919bbd8067d
SHA-256: 60b77c370e76b3eb9b6c20d30c8fee1468e579d55f9c7bcb90d8da992e0a6876
kernel-debug-devel-2.6.32-279.46.1.el6.ppc64.rpm     MD5: 155feba29b799c91bd1a49f07934b5d2
SHA-256: 76d401dac4b20e3731ad9d145feed0ed9b729fc9944d632be76afffbd31830e0
kernel-debuginfo-2.6.32-279.46.1.el6.ppc64.rpm     MD5: 7152ad5dd21c83e00313d02b7d6d1a0c
SHA-256: 97fa1a83d5c86ac0f40b243d93f3015bdb05eef01eab47d2829034bb214ec5e7
kernel-debuginfo-common-ppc64-2.6.32-279.46.1.el6.ppc64.rpm     MD5: 2fe5e991083035204e191370b38b9529
SHA-256: 7d42c6dc37743dc0593c7396aa13b3dd106ce669c5797454edfdfa48a5b5cfc2
kernel-devel-2.6.32-279.46.1.el6.ppc64.rpm     MD5: c072d2b3e52a9b4c3d80486faea11395
SHA-256: 740b7135b0c043ac3cef39039e0bbcc22bcf3ee1d0cc2b280a00d060f5341c11
kernel-doc-2.6.32-279.46.1.el6.noarch.rpm     MD5: a38eaeae645c906b7612427096627433
SHA-256: f0e9432897d4c80e52f14041dd55e9b076f44db047314171fa34ba1618fdbae8
kernel-firmware-2.6.32-279.46.1.el6.noarch.rpm     MD5: 9850f0f7267335819621655db0419d78
SHA-256: ad93f311928d11d4ab945f9ecd8150991213cbf60b0553617776d3ea22a22f7c
kernel-headers-2.6.32-279.46.1.el6.ppc64.rpm     MD5: f32868c1ffc5892a29a785b926cfcc02
SHA-256: b7acd7c42488a67d0cf5caf482dc58ce35d18359259ca0a52e247ba25a9f71e0
perf-2.6.32-279.46.1.el6.ppc64.rpm     MD5: 97597202cc773345edcdd165acc2f348
SHA-256: f5a66dac28162f8f2917cc00de96991916d2a3643d3466cc1e0c5db9d6e9f1e1
perf-debuginfo-2.6.32-279.46.1.el6.ppc64.rpm     MD5: a24a87212111f974823bab8b190cb69f
SHA-256: 59de886fa3e12d1ea224bcdf9490d891ecbfb7bae8dec3d4c1c2da681ec018d6
python-perf-2.6.32-279.46.1.el6.ppc64.rpm     MD5: 387c14d1e1f67e836cf2560b8be9fff0
SHA-256: 8c407c46817a9463ec3382eb96c79f34e88f926ae73d680a4d2caca62b58442c
python-perf-debuginfo-2.6.32-279.46.1.el6.ppc64.rpm     MD5: 39f44702bb3614f94ce2f79976231d12
SHA-256: 476df17ba4f4c6a6e82fd20ac484ecfcfeccf06007887a6a4ef5c293fa403f26
 
s390x:
kernel-2.6.32-279.46.1.el6.s390x.rpm     MD5: d3d1cbf428bfba1137bf30a5e1785586
SHA-256: 650c53cf57c2de69a2a9d51f46801c5bbbcefd57ae9d5be790c58165ad642d16
kernel-debug-2.6.32-279.46.1.el6.s390x.rpm     MD5: 83f61bcfb1a73c89db6dff19f37ad60c
SHA-256: 0cf31bf3c5cf7c44e6716aa1a1c3a2859c210d51315d39797a7edb865b123429
kernel-debug-debuginfo-2.6.32-279.46.1.el6.s390x.rpm     MD5: 2c092d1d577b5f9261e02156993ef552
SHA-256: d13cd9ed7202f2c0e3c96804dd53d74127d1fd01978f17d37ceca1c5eefa3428
kernel-debug-devel-2.6.32-279.46.1.el6.s390x.rpm     MD5: 642ceee9b6e8c684c97e438f103df48b
SHA-256: 3254a1472dda0050c858ed85f3003bf51298629cbe4cc7bf261f36bae21636c1
kernel-debuginfo-2.6.32-279.46.1.el6.s390x.rpm     MD5: 4a9a71573a76fbf44e87679e0c81120d
SHA-256: f7e28a3dc616944180d2ffa07e28f2c9d0df720f99c8d53d564b2296fe00c8fc
kernel-debuginfo-common-s390x-2.6.32-279.46.1.el6.s390x.rpm     MD5: ec7621e10b5412e53b2a7ad7afa92591
SHA-256: 08777dc99d0fdd46b3bccb75af892eed9f68cc369e10d94f93fe0a4ed561891e
kernel-devel-2.6.32-279.46.1.el6.s390x.rpm     MD5: 22102cd86f9e9d58d69330cda826d005
SHA-256: f047e18617d6f576329eac75ae7bf76398708ea89d1ee215fa0475a0b042fb35
kernel-doc-2.6.32-279.46.1.el6.noarch.rpm     MD5: a38eaeae645c906b7612427096627433
SHA-256: f0e9432897d4c80e52f14041dd55e9b076f44db047314171fa34ba1618fdbae8
kernel-firmware-2.6.32-279.46.1.el6.noarch.rpm     MD5: 9850f0f7267335819621655db0419d78
SHA-256: ad93f311928d11d4ab945f9ecd8150991213cbf60b0553617776d3ea22a22f7c
kernel-headers-2.6.32-279.46.1.el6.s390x.rpm     MD5: af2e06086947d4e743783a9143c3c752
SHA-256: f9c6df961496c52e79c99f1e2cb5f669480cdd4579eaf7cbc54d0d06ac060f0f
kernel-kdump-2.6.32-279.46.1.el6.s390x.rpm     MD5: 3be314d58834eac4c76021267d884dbc
SHA-256: 65cbd950b1a9ef0009fd869bd34ca7a8c8fcefde9151e81b9b5f7634e1a21ffb
kernel-kdump-debuginfo-2.6.32-279.46.1.el6.s390x.rpm     MD5: a8dcb7d85baff90edec6589d7757d79b
SHA-256: 7d4ef098de3516f2728ddfa0c31f918681ab24abe82e371a07716e37d0c09509
kernel-kdump-devel-2.6.32-279.46.1.el6.s390x.rpm     MD5: 077d6d6dffba6c0bdc984ad831b7ead2
SHA-256: 2d9b58905e00cf747c84bce999a548ad6214203845e3f1266226df17840ddd14
perf-2.6.32-279.46.1.el6.s390x.rpm     MD5: 3d0e37d3e4f3c7c5f4a41c5c00bec9b5
SHA-256: bf3272da33f16100af5c54a4e973dd5542aed06dc45cb6fbc08d76ea881737f1
perf-debuginfo-2.6.32-279.46.1.el6.s390x.rpm     MD5: 4f833f5d74c1f8a8c2c6069bec39fd85
SHA-256: 50c9054742146765541768f57d75697e3e72cc568c28123a43902014f0ff9b18
python-perf-2.6.32-279.46.1.el6.s390x.rpm     MD5: 055d3003d51bd82fd779a22cac98c7d2
SHA-256: 9262f6948934c10e47155d5d14e59aa74276d6df282c6e47b45de4d5a193d387
python-perf-debuginfo-2.6.32-279.46.1.el6.s390x.rpm     MD5: 1f77c8816474f715681c42c0bb6a1397
SHA-256: e150b15faeec5035393533deb7b3a62121fd836e73522276a600225c4a810e1d
 
x86_64:
kernel-2.6.32-279.46.1.el6.x86_64.rpm     MD5: 2f5f06a54539b53a06b59bba65540ee4
SHA-256: bc5482b98229c516ad6be8bdde64cb6718e090f0d3daa5af527aeaacd2c43d49
kernel-debug-2.6.32-279.46.1.el6.x86_64.rpm     MD5: e68b9f56bc53cb933ed95262edb12ee4
SHA-256: 5b20e1dbc61a8b392de4c54749fe30724cce1fc3e62297cffac2f115045e4e12
kernel-debug-debuginfo-2.6.32-279.46.1.el6.x86_64.rpm     MD5: 21eb71e771a64feeb7a99ae74769d03c
SHA-256: ac914a281e7d14bf71750c1b81ba7d0f151308360d2f1da445ce58a0d0f1deca
kernel-debug-devel-2.6.32-279.46.1.el6.x86_64.rpm     MD5: c5bb7841da37590886ebf1444605da6d
SHA-256: 61da6a2370483c1df48587ea072adc562ac62b4c8261f4916a67c81a1cbed4b2
kernel-debuginfo-2.6.32-279.46.1.el6.x86_64.rpm     MD5: 94bcb2de3282a3a782730ffcb3458b1e
SHA-256: 6890ef944b330828e181d15e69af8636505ac75e9fb0c6022964ba91fe431417
kernel-debuginfo-common-x86_64-2.6.32-279.46.1.el6.x86_64.rpm     MD5: 55e2ae35bf881761e2c2db9bdb658dba
SHA-256: 489e702ea8ce5b7ab1be7ace27f679f7538997e1c45a5c6b54dd9ea5b8fb756e
kernel-devel-2.6.32-279.46.1.el6.x86_64.rpm     MD5: 340c207a60b8337e9235d1068c3f5487
SHA-256: 5d7729510a3d63ba9d351330d818401b4d4e0c0e0b05c7861705eb9b576f0c5e
kernel-doc-2.6.32-279.46.1.el6.noarch.rpm     MD5: a38eaeae645c906b7612427096627433
SHA-256: f0e9432897d4c80e52f14041dd55e9b076f44db047314171fa34ba1618fdbae8
kernel-firmware-2.6.32-279.46.1.el6.noarch.rpm     MD5: 9850f0f7267335819621655db0419d78
SHA-256: ad93f311928d11d4ab945f9ecd8150991213cbf60b0553617776d3ea22a22f7c
kernel-headers-2.6.32-279.46.1.el6.x86_64.rpm     MD5: 7fdcc2ddc1753f886558bae5bbb1a798
SHA-256: 593244bf7e354b68d4e9371cc6ead9b0fbb08b772d572405ab0f3292cb5b25ff
perf-2.6.32-279.46.1.el6.x86_64.rpm     MD5: a520e951d94f6c49d05c581445a5b0f0
SHA-256: 80f59f0a66441c0374ad802ba545bf9b6ca4ada502ba0069f7a6a39d95ec2ef9
perf-debuginfo-2.6.32-279.46.1.el6.x86_64.rpm     MD5: 29282b8633c276473c7e9ea1f99463b7
SHA-256: fd902654de4dffe407029ee4eb1086d94da32e6676a1da4e5e2e54bacf94f2c2
python-perf-2.6.32-279.46.1.el6.x86_64.rpm     MD5: ab09a6f4b9266aadae76e6e03cfe3c0c
SHA-256: f9f0fe445d1259d69acb324661c77325255803db7bbde59cac0608ae10294dd2
python-perf-debuginfo-2.6.32-279.46.1.el6.x86_64.rpm     MD5: 8d1fb1499f11e67cbd3dc4686f202f8d
SHA-256: b5fce9f25e473da63a66f10f6fcbd640e20c1f4126262bdc4009d50b4baca66b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1064440 - CVE-2014-0077 kernel: vhost-net: insufficiency in handling of big packets in handle_rx()
1077343 - CVE-2014-2523 kernel: netfilter: nf_conntrack_dccp: incorrect skb_header_pointer API usages


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/