copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » Security Bul... » AusCERT Exte... » ESB-2012.0748 - [RedHat] kernel-rt: Denial of servic...
 

ESB-2012.0748 - [RedHat] kernel-rt: Denial of service - Existing account
Date: 09 August 2012
References: ESB-2012.0666  ESB-2012.0917  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2012.0748
              Moderate: kernel-rt security and bug fix update
                               9 August 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kernel-rt
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 6
Impact/Access:     Denial of Service -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2012-3375 CVE-2012-2390 

Reference:         ESB-2012.0666

Original Bulletin: 
   https://rhn.redhat.com/errata/RHSA-2012-1150.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: kernel-rt security and bug fix update
Advisory ID:       RHSA-2012:1150-01
Product:           Red Hat Enterprise MRG for RHEL-6
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2012-1150.html
Issue date:        2012-08-08
CVE Names:         CVE-2012-2390 CVE-2012-3375 
=====================================================================

1. Summary:

Updated kernel-rt packages that fix two security issues and two bugs are
now available for Red Hat Enterprise MRG 2.1.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64

3. Description:

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A memory leak flaw was found in the way the Linux kernel's memory
subsystem handled resource clean up in the mmap() failure path when the
MAP_HUGETLB flag was set. A local, unprivileged user could use this flaw to
cause a denial of service. (CVE-2012-2390, Moderate)

* A flaw was found in the way the Linux kernel's Event Poll (epoll)
subsystem handled resource clean up when an ELOOP error code was returned.
A local, unprivileged user could use this flaw to cause a denial of
service. (CVE-2012-3375, Moderate)

This update also fixes the following bugs:

* The MRG 2.1 realtime kernel lacked support for automatic memory
reservation for the kdump kernel, as present in Red Hat Enterprise Linux
kernels. Using the parameter crashkernel=auto on the kernel boot command
line led to kdump being disabled because no memory was correctly reserved.
Support for crashkernel=auto has been implemented in the 3.0 realtime
kernel and now when the crashkernel=auto parameter is specified, machines
with more than 4GB of RAM have the amount of memory required by the kdump
kernel calculated and reserved. (BZ#820427)

* The current bnx2x driver in the MRG 2.1 realtime kernel had faulty
support for the network adapter PCI ID 14e4:168e and did not work
correctly. The bnx2x driver was updated to include support for this network
adapter. (BZ#839037)

Users should upgrade to these updated packages, which upgrade the kernel-rt
kernel to version kernel-rt-3.0.36-rt57, and correct these issues. The
system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

824345 - CVE-2012-2390 kernel: huge pages: memory leak on mmap failure
837502 - CVE-2012-3375 kernel: epoll: can leak file descriptors when returning -ELOOP

6. Package List:

MRG Realtime for RHEL 6 Server v.2:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/kernel-rt-3.0.36-rt57.66.el6rt.src.rpm

noarch:
kernel-rt-doc-3.0.36-rt57.66.el6rt.noarch.rpm
kernel-rt-firmware-3.0.36-rt57.66.el6rt.noarch.rpm

x86_64:
kernel-rt-3.0.36-rt57.66.el6rt.x86_64.rpm
kernel-rt-debug-3.0.36-rt57.66.el6rt.x86_64.rpm
kernel-rt-debug-debuginfo-3.0.36-rt57.66.el6rt.x86_64.rpm
kernel-rt-debug-devel-3.0.36-rt57.66.el6rt.x86_64.rpm
kernel-rt-debuginfo-3.0.36-rt57.66.el6rt.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.0.36-rt57.66.el6rt.x86_64.rpm
kernel-rt-devel-3.0.36-rt57.66.el6rt.x86_64.rpm
kernel-rt-trace-3.0.36-rt57.66.el6rt.x86_64.rpm
kernel-rt-trace-debuginfo-3.0.36-rt57.66.el6rt.x86_64.rpm
kernel-rt-trace-devel-3.0.36-rt57.66.el6rt.x86_64.rpm
kernel-rt-vanilla-3.0.36-rt57.66.el6rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-3.0.36-rt57.66.el6rt.x86_64.rpm
kernel-rt-vanilla-devel-3.0.36-rt57.66.el6rt.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2012-2390.html
https://www.redhat.com/security/data/cve/CVE-2012-3375.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFQIpeaXlSAg2UNWIIRAm72AKCb7Rag3OkfxGyo36NHNiC4ft4plgCbBjJT
hhAnnNvnle5CxkDCCEuiUpg=
=Y9b7
- -----END PGP SIGNATURE-----


- -- 
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUCMO0+4yVqjM2NGpAQIbGQ/+K9IHrskiy5QRoumhz/fbzotS+0tITxCm
rQFgEE3vICA2QPe5/gviaf1XQFLdN0LGc9kzsKUvtWfZc7Sjb1IijmHShS+Ejmyi
tzdLtyRdrKCPXAlBf8aORwmkVglfge6y0Y+McY8lSJ4QawnrdXtzznIRo1wi9aEG
X+XdzVJlX3rs9KjtYky4k2iDKkSLwJFBTP9Xpwj5BUcUZNrmjjpG9pNYkiVRIykc
L48M6ljsgnYpixO5b8hdX+qwVejROJarrshEQaT+B8FbyKallG5GFWT638sJMpUX
/Pp/1dUlxSPC+zJ1MTr4ysMOHAy8r1jHpREeDkXVv9iqMB7ozPA6z84nJevHPQ9G
KQKfskW+8+Wt+gx8bWjApuVsk1/0RKJZDZY9DS9/7PgqsTnV1ytW9oR+cBiKyTAx
i2H6iyV2BJEIAlxOB+pVX4sL1EeCS/LtySHWaO0ZMZf/nAfUBLtTaX2PiLALCWZE
VMEgNodNQaXps8EqBWjwh1lls8x/q7uEhZRWCBHXkmkVsHGusC2dfwVMGz6/YJV9
cWd75b4yNhYEokr3Q1K9MAaQuwGy8gcEsCtHtxaImHieCKAmt0VbkP3H18UOMqY3
swdnGyy5397hlNG473uXCOoIjVmOcnqKBQ3R4C87PVCXAnQcOcrjgdbk01SSPI7h
RY8tNWDSTjY=
=OnKJ
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/render.html?cid=1980&it=16173