RHBA-2012:0044 - Bug Fix Advisory

Topic

Updated kernel-rt packages that fix various bugs are now available for Red Hat
Enterprise MRG 2.1.

Description

The kernel-rt package has been upgraded to upstream version 3.0, which provides
a number of bug fixes and enhancements over the previous version. (BZ#725485)

This update fixes the following bugs:

• Some applications use flawed versioning logic that cannot recognize new Linux

kernel versions in the format of 3.x.y. As a workaround to this bug in external
applications, the new uname26 utility has been added to MRG Realtime 2.1. This
utility activates the 2.6 personality kernel patch to transform data returned by
the uname(2) system call to the format of 2.6.40+[minor_release_number], and
then executes the actual application. (BZ#749575)

• The recvmmsg() and sendmmsg() system calls were missing from the code and were

previously unavailable. This update restores the code with the system calls.
(BZ#708407)

• The /proc/kcore virtual file could be read beyond the ELF (Executable and

Linkable Format) header file info and a malicious root user could read the file
beyond the ELF header information. Now, kcore can be read only to its ELF header
file information as intended. (BZ#663865)

• The %pK printk format specifier was not added when printing the data from the

/proc/kallsyms and /proc/ modules interfaces. This could cause kernel address
leaks. With this update, %pK is properly used when returning data from the
interfaces. (BZ#679263)

• The kernel and kernel-rt packages delivered the same set of kernel man pages.

Consequently, file conflicts occurred when both kernel-doc and kernel-rt-doc
were being installed. This update adds the rt suffix to the files with
kernel-rt-doc man pages and the file conflicts no longer occur. (BZ#711488)

• Both the Red Hat Enterprise Linux kernel and the Red Hat Enterprise MRG

Realtime kernel delivered the /lib/firmware/WHENCE file, which caused an
installation conflict. With this update, this file has been moved to a versioned
directory in the Realtime kernel, thus fixing this bug. (BZ#725028)

• The cred_alloc_blank() function called the abort_creds(new) function with

new->security == NULL and new->magic == 0 if the security_cred_alloc_blank()
function returned an error. As a result, the BUG() function was triggered if
SELinux was enabled or if the CONFIG_DEBUG_CREDENTIALS property was active. Now,
new->magic is set before the security_cred_alloc_blank() function is called and
cred->security with the NULL value in creds_are_invalid() and
selinux_cred_free() functions is now handled gracefully. (BZ#717905)

• Certain kernel static data areas and kernel modules have writable or

executable memory areas. Prior to this update, malicious software could
overwrite the data and potentially execute code in these areas. With this
update, the RO (Read-Only) and NX (No eXecute) bits have been added to the
memory areas to prevent such actions. (BZ#679272)

Users of kernel-rt are advised to upgrade to these updated packages, which fix
these bugs. The system must be rebooted for this update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

• MRG Realtime 2 x86_64

Fixes

• BZ - 679263 - [RFE] kernel: kptr_restrict for hiding kernel pointers from unprivileged users [mrg-2.1]
• BZ - 749575 - Add a personality to report 2.6.x version number

CVEs

(none)

References

(none)