Synopsis

kernel-rt bug fix update

Type/Severity

Bug Fix Advisory

Topic

Updated kernel-rt packages that fix various bugs are now available for Red Hat
Enterprise MRG 2.1.

Description

The kernel-rt package has been upgraded to upstream version 3.0, which provides
a number of bug fixes and enhancements over the previous version. (BZ#725485)

This update fixes the following bugs:

• Some applications use flawed versioning logic that cannot recognize new Linux
  kernel versions in the format of 3.x.y. As a workaround to this bug in external
  applications, the new uname26 utility has been added to MRG Realtime 2.1. This
  utility activates the 2.6 personality kernel patch to transform data returned by
  the uname(2) system call to the format of 2.6.40+[minor_release_number], and
  then executes the actual application. (BZ#749575)
  
• The recvmmsg() and sendmmsg() system calls were missing from the code and were
  previously unavailable. This update restores the code with the system calls.
  (BZ#708407)
  
• The /proc/kcore virtual file could be read beyond the ELF (Executable and
  Linkable Format) header file info and a malicious root user could read the file
  beyond the ELF header information. Now, kcore can be read only to its ELF header
  file information as intended. (BZ#663865)
  
• The %pK printk format specifier was not added when printing the data from the
  /proc/kallsyms and /proc/ modules interfaces. This could cause kernel address
  leaks. With this update, %pK is properly used when returning data from the
  interfaces. (BZ#679263)
  
• The kernel and kernel-rt packages delivered the same set of kernel man pages.
  Consequently, file conflicts occurred when both kernel-doc and kernel-rt-doc
  were being installed. This update adds the rt suffix to the files with
  kernel-rt-doc man pages and the file conflicts no longer occur. (BZ#711488)
  
• Both the Red Hat Enterprise Linux kernel and the Red Hat Enterprise MRG
  Realtime kernel delivered the /lib/firmware/WHENCE file, which caused an
  installation conflict. With this update, this file has been moved to a versioned
  directory in the Realtime kernel, thus fixing this bug. (BZ#725028)
  
• The cred_alloc_blank() function called the abort_creds(new) function with
  new->security == NULL and new->magic == 0 if the security_cred_alloc_blank()
  function returned an error. As a result, the BUG() function was triggered if
  SELinux was enabled or if the CONFIG_DEBUG_CREDENTIALS property was active. Now,
  new->magic is set before the security_cred_alloc_blank() function is called and
  cred->security with the NULL value in creds_are_invalid() and
  selinux_cred_free() functions is now handled gracefully. (BZ#717905)
  
• Certain kernel static data areas and kernel modules have writable or
  executable memory areas. Prior to this update, malicious software could
  overwrite the data and potentially execute code in these areas. With this
  update, the RO (Read-Only) and NX (No eXecute) bits have been added to the
  memory areas to prevent such actions. (BZ#679272)
  

Users of kernel-rt are advised to upgrade to these updated packages, which fix
these bugs. The system must be rebooted for this update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

• MRG Realtime 2 x86_64

Fixes

• BZ - 679263 - [RFE] kernel: kptr_restrict for hiding kernel pointers from unprivileged users [mrg-2.1]
• BZ - 749575 - Add a personality to report 2.6.x version number

CVEs

(none)

References

(none)

MRG Realtime 2

SRPM
kernel-rt-3.0.9-rt26.45.el6rt.src.rpm	SHA-256: b967bf55c20c0a9f2520c9a48b639426f8125efb6476d51b202501efb10b4da4
x86_64
kernel-rt-3.0.9-rt26.45.el6rt.x86_64.rpm	SHA-256: f093d425bbc73fb2cf85345f8a27835db2b5d281c846f3dc9f8e31615e7fe6fb
kernel-rt-debug-3.0.9-rt26.45.el6rt.x86_64.rpm	SHA-256: 8b31e74c487d465c9b139c5fee7147fed77ee5ef11cc2f52bc8dc20c980be6f1
kernel-rt-debug-debuginfo-3.0.9-rt26.45.el6rt.x86_64.rpm	SHA-256: 37f215be3783b973f134a8f44c36761a14e7c230af6f97e38c851d62da8c87f6
kernel-rt-debug-devel-3.0.9-rt26.45.el6rt.x86_64.rpm	SHA-256: d3d54af47d4a25675e62d955336628e53e31a4f163d80b8aaa2c4ba28ede4ce7
kernel-rt-debuginfo-3.0.9-rt26.45.el6rt.x86_64.rpm	SHA-256: 3c07742b92350dd8df3530b2ec56ec94b8d4f9f784f60d3faa7fa5a6d1f6ed8a
kernel-rt-debuginfo-common-x86_64-3.0.9-rt26.45.el6rt.x86_64.rpm	SHA-256: 1372463399a57a5af676494dab5a02d58a0a5e48fc50cf27c964dd7a5413bae1
kernel-rt-devel-3.0.9-rt26.45.el6rt.x86_64.rpm	SHA-256: e9ac4fb59f07aad1756c2f53cb71c40807ade42f7618064c10809d441a5f58ab
kernel-rt-doc-3.0.9-rt26.45.el6rt.noarch.rpm	SHA-256: 13e2f8e1ac0a7206c1e49e39e8b081432ed2c638ed51848b719c17b4f4afa9fc
kernel-rt-firmware-3.0.9-rt26.45.el6rt.noarch.rpm	SHA-256: 1fb70bae8ce7d968f03521bd1f9eb19bc479f83f294f1f8542ab2d76fa8442c5
kernel-rt-trace-3.0.9-rt26.45.el6rt.x86_64.rpm	SHA-256: 72ed7cabefcd3a91c84969544d608cc531bcec6587b5e8352e80c4b2f727e758
kernel-rt-trace-debuginfo-3.0.9-rt26.45.el6rt.x86_64.rpm	SHA-256: da252cc70a2691736aa9edc12950a223936ff52c7c7b870ae5a172d601933186
kernel-rt-trace-devel-3.0.9-rt26.45.el6rt.x86_64.rpm	SHA-256: 122f609baada03da19a8161c21c182974cce863c441ab0cdf6f480703b47f51c
kernel-rt-vanilla-3.0.9-rt26.45.el6rt.x86_64.rpm	SHA-256: 0dc5382e0fc23f06b6df8040ff21c818fad5028b2c3e1f4caab19d7ac6a3d94f
kernel-rt-vanilla-debuginfo-3.0.9-rt26.45.el6rt.x86_64.rpm	SHA-256: 74451271541afb58c0d20dd1c99621a4c54a7ea32ea99961b132af5b43ee98e1
kernel-rt-vanilla-devel-3.0.9-rt26.45.el6rt.x86_64.rpm	SHA-256: dd16660e61af77c35dd88deaacfb7281e1b3a40de2ae48793bb3737645d4f628