Date: 01 June 2011
References: ESB-2011.0487 ESB-2011.0536 ESB-2011.0537 ESB-2011.0559 ESB-2011.0658 ESB-2011.0663 ESB-2011.0930 ESB-2011.1173 ESB-2012.0772
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2011.0578
Important: kernel security and bug fix update
1 June 2011
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: kernel
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 5
Red Hat Enterprise Linux WS/Desktop 5
Impact/Access: Root Compromise -- Existing Account
Access Privileged Data -- Existing Account
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2011-1763 CVE-2011-1577 CVE-2011-1495
CVE-2011-1494 CVE-2011-1172 CVE-2011-1171
CVE-2011-1170 CVE-2011-1166 CVE-2011-1163
CVE-2011-1093 CVE-2011-1080 CVE-2011-1079
CVE-2011-1078 CVE-2011-0726
Reference: ESB-2011.0559
ESB-2011.0537
ESB-2011.0536
ESB-2011.0487
Original Bulletin:
https://rhn.redhat.com/errata/RHSA-2011-0833.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2011:0833-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0833.html
Issue date: 2011-05-31
CVE Names: CVE-2011-0726 CVE-2011-1078 CVE-2011-1079
CVE-2011-1080 CVE-2011-1093 CVE-2011-1163
CVE-2011-1166 CVE-2011-1170 CVE-2011-1171
CVE-2011-1172 CVE-2011-1494 CVE-2011-1495
CVE-2011-1577 CVE-2011-1763
=====================================================================
1. Summary:
Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
* A flaw in the dccp_rcv_state_process() function could allow a remote
attacker to cause a denial of service, even when the socket was already
closed. (CVE-2011-1093, Important)
* Multiple buffer overflow flaws were found in the Linux kernel's
Management Module Support for Message Passing Technology (MPT) based
controllers. A local, unprivileged user could use these flaws to cause a
denial of service, an information leak, or escalate their privileges.
(CVE-2011-1494, CVE-2011-1495, Important)
* A missing validation of a null-terminated string data structure element
in the bnep_sock_ioctl() function could allow a local user to cause an
information leak or a denial of service. (CVE-2011-1079, Moderate)
* Missing error checking in the way page tables were handled in the Xen
hypervisor implementation could allow a privileged guest user to cause the
host, and the guests, to lock up. (CVE-2011-1166, Moderate)
* A flaw was found in the way the Xen hypervisor implementation checked for
the upper boundary when getting a new event channel port. A privileged
guest user could use this flaw to cause a denial of service or escalate
their privileges. (CVE-2011-1763, Moderate)
* The start_code and end_code values in "/proc/[pid]/stat" were not
protected. In certain scenarios, this flaw could be used to defeat Address
Space Layout Randomization (ASLR). (CVE-2011-0726, Low)
* A missing initialization flaw in the sco_sock_getsockopt() function could
allow a local, unprivileged user to cause an information leak.
(CVE-2011-1078, Low)
* A missing validation of a null-terminated string data structure element
in the do_replace() function could allow a local user who has the
CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low)
* A buffer overflow flaw in the DEC Alpha OSF partition implementation in
the Linux kernel could allow a local attacker to cause an information leak
by mounting a disk that contains specially-crafted partition tables.
(CVE-2011-1163, Low)
* Missing validations of null-terminated string data structure elements in
the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(),
and do_arpt_get_ctl() functions could allow a local user who has the
CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170,
CVE-2011-1171, CVE-2011-1172, Low)
* A heap overflow flaw in the Linux kernel's EFI GUID Partition Table (GPT)
implementation could allow a local attacker to cause a denial of service
by mounting a disk that contains specially-crafted partition tables.
(CVE-2011-1577, Low)
Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and
CVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1078,
CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172; Kees Cook
for reporting CVE-2011-0726; and Timo Warns for reporting CVE-2011-1163
and CVE-2011-1577.
This update also fixes several bugs. Documentation for these bug fixes will
be available shortly from the Technical Notes document linked to in the
References section.
Users should upgrade to these updated packages, which contain backported
patches to correct these issues, and fix the bugs noted in the Technical
Notes. The system must be rebooted for this update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.
5. Bugs fixed (http://bugzilla.redhat.com/):
681259 - CVE-2011-1078 kernel: bt sco_conninfo infoleak
681260 - CVE-2011-1079 kernel: bnep device field missing NULL terminator
681262 - CVE-2011-1080 kernel: ebtables stack infoleak
682954 - CVE-2011-1093 kernel: dccp: fix oops on Reset after close
684569 - CVE-2011-0726 kernel: proc: protect mm start_code/end_code in /proc/pid/stat
688021 - CVE-2011-1163 kernel: fs/partitions: Corrupted OSF partition table infoleak
688156 - [5.6][REG]for some uses of 'nfsservctl' system call, the kernel crashes. [rhel-5.6.z]
688579 - CVE-2011-1166 kernel: xen: x86_64: fix error checking in arch_set_info_guest()
689321 - CVE-2011-1170 ipv4: netfilter: arp_tables: fix infoleak to userspace
689327 - CVE-2011-1171 ipv4: netfilter: ip_tables: fix infoleak to userspace
689345 - CVE-2011-1172 ipv6: netfilter: ip6_tables: fix infoleak to userspace
689699 - Deadlock between device driver attachment and device removal with a USB device [rhel-5.6.z]
689700 - [NetApp 5.6 Bug] QLogic 8G FC firmware dumps seen during IO [rhel-5.6.z]
690134 - Time runs too fast in a VM on processors with > 4GHZ freq [rhel-5.6.z]
690239 - gfs2: creating large files suddenly slow to a crawl [rhel-5.6.z]
694021 - CVE-2011-1494 CVE-2011-1495 kernel: drivers/scsi/mpt2sas: prevent heap overflows
695976 - CVE-2011-1577 kernel: corrupted GUID partition tables can cause kernel oops
696136 - RHEL 5.6 (kernel -238) causes audio issues [rhel-5.6.z]
697448 - slab corruption after seeing some nfs-related BUG: warning [rhel-5.6.z]
699808 - dasd: fix race between open and offline [rhel-5.6.z]
701240 - CVE-2011-1763 kernel: xen: improper upper boundary check in get_free_port() function
6. Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-238.12.1.el5.src.rpm
i386:
kernel-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.i686.rpm
kernel-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-headers-2.6.18-238.12.1.el5.i386.rpm
kernel-xen-2.6.18-238.12.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-xen-devel-2.6.18-238.12.1.el5.i686.rpm
noarch:
kernel-doc-2.6.18-238.12.1.el5.noarch.rpm
x86_64:
kernel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.x86_64.rpm
kernel-devel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-headers-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-238.12.1.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-238.12.1.el5.src.rpm
i386:
kernel-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.i686.rpm
kernel-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-headers-2.6.18-238.12.1.el5.i386.rpm
kernel-xen-2.6.18-238.12.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-xen-devel-2.6.18-238.12.1.el5.i686.rpm
ia64:
kernel-2.6.18-238.12.1.el5.ia64.rpm
kernel-debug-2.6.18-238.12.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.ia64.rpm
kernel-devel-2.6.18-238.12.1.el5.ia64.rpm
kernel-headers-2.6.18-238.12.1.el5.ia64.rpm
kernel-xen-2.6.18-238.12.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-238.12.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-238.12.1.el5.ia64.rpm
noarch:
kernel-doc-2.6.18-238.12.1.el5.noarch.rpm
ppc:
kernel-2.6.18-238.12.1.el5.ppc64.rpm
kernel-debug-2.6.18-238.12.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.ppc64.rpm
kernel-devel-2.6.18-238.12.1.el5.ppc64.rpm
kernel-headers-2.6.18-238.12.1.el5.ppc.rpm
kernel-headers-2.6.18-238.12.1.el5.ppc64.rpm
kernel-kdump-2.6.18-238.12.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-238.12.1.el5.ppc64.rpm
s390x:
kernel-2.6.18-238.12.1.el5.s390x.rpm
kernel-debug-2.6.18-238.12.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.s390x.rpm
kernel-devel-2.6.18-238.12.1.el5.s390x.rpm
kernel-headers-2.6.18-238.12.1.el5.s390x.rpm
kernel-kdump-2.6.18-238.12.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-238.12.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-238.12.1.el5.s390x.rpm
x86_64:
kernel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.x86_64.rpm
kernel-devel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-headers-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-238.12.1.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2011-0726.html
https://www.redhat.com/security/data/cve/CVE-2011-1078.html
https://www.redhat.com/security/data/cve/CVE-2011-1079.html
https://www.redhat.com/security/data/cve/CVE-2011-1080.html
https://www.redhat.com/security/data/cve/CVE-2011-1093.html
https://www.redhat.com/security/data/cve/CVE-2011-1163.html
https://www.redhat.com/security/data/cve/CVE-2011-1166.html
https://www.redhat.com/security/data/cve/CVE-2011-1170.html
https://www.redhat.com/security/data/cve/CVE-2011-1171.html
https://www.redhat.com/security/data/cve/CVE-2011-1172.html
https://www.redhat.com/security/data/cve/CVE-2011-1494.html
https://www.redhat.com/security/data/cve/CVE-2011-1495.html
https://www.redhat.com/security/data/cve/CVE-2011-1577.html
https://www.redhat.com/security/data/cve/CVE-2011-1763.html
https://access.redhat.com/security/updates/classification/#important
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Technical_Notes/kernel.html#RHSA-2011-0833
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFN5QJUXlSAg2UNWIIRAvvqAJoC95KwBDxXJEQIxkOxeZaJ2DmPZACeOcLj
8Kmo6h7EJObjmrcRZP0n6p8=
=A5DX
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFN5aAX/iFOrG6YcBERAuuyAKCr1IwqKYnbQSbV8fLj2HI/v3h52QCgwQNF
4dqvApKFflkwpjaTWtHzYJY=
=zGEg
-----END PGP SIGNATURE-----
|