Red Hat Product Errata RHSA-2011:1813 - Security Advisory

Issued:: 2011-12-13
Updated:: 2011-12-13

RHSA-2011:1813 - Security Advisory

Overview
Updated Packages

Synopsis

Important: kernel security and bug fix update

Type/Severity

Security Advisory: Important

Topic

Updated kernel packages that fix several security issues and various bugs
are now available for Red Hat Enterprise Linux 5.6 Extended Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Description

These packages contain the Linux kernel.

This update fixes the following security issues:

A flaw in the Stream Control Transmission Protocol (SCTP) implementation
could allow a remote attacker to cause a denial of service by sending a
specially-crafted SCTP packet to a target system. (CVE-2011-2482,
Important)

If you do not run applications that use SCTP, you can prevent the sctp
module from being loaded by adding the following to the end of the
"/etc/modprobe.d/blacklist.conf" file:

blacklist sctp

This way, the sctp module cannot be loaded accidentally, which may occur
if an application that requires SCTP is started. A reboot is not necessary
for this change to take effect.

A flaw in the client-side NFS Lock Manager (NLM) implementation could
allow a local, unprivileged user to cause a denial of service.
(CVE-2011-2491, Important)
Flaws in the netlink-based wireless configuration interface could allow
a local user, who has the CAP_NET_ADMIN capability, to cause a denial of
service or escalate their privileges on systems that have an active
wireless interface. (CVE-2011-2517, Important)
A flaw was found in the way the Linux kernel's Xen hypervisor
implementation emulated the SAHF instruction. When using a
fully-virtualized guest on a host that does not use hardware assisted
paging (HAP), such as those running CPUs that do not have support for (or
those that have it disabled) Intel Extended Page Tables (EPT) or AMD
Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged
guest user could trigger this flaw to cause the hypervisor to crash.
(CVE-2011-2519, Moderate)
A flaw in the __addr_ok() macro in the Linux kernel's Xen hypervisor
implementation when running on 64-bit systems could allow a privileged
guest user to crash the hypervisor. (CVE-2011-2901, Moderate)
/proc/[PID]/io is world-readable by default. Previously, these files
could be read without any further restrictions. A local, unprivileged user
could read these files, belonging to other, possibly privileged processes
to gather confidential information, such as the length of a password used
in a process. (CVE-2011-2495, Low)

Red Hat would like to thank Vasily Averin for reporting CVE-2011-2491, and
Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.

This update also fixes the following bugs:

On Broadcom PCI cards that use the tg3 driver, the operational state of a
network device, represented by the value in
"/sys/class/net/ethX/operstate", was not initialized by default.
Consequently, the state was reported as "unknown" when the tg3 network
device was actually in the "up" state. This update modifies the tg3 driver
to properly set the operstate value. (BZ#744699)
A KVM (Kernel-based Virtual Machine) guest can get preempted by the host,
when a higher priority process needs to run. When a guest is not running
for several timer interrupts in a row, ticks could be lost, resulting in
the jiffies timer advancing slower than expected and timeouts taking longer
than expected. To correct for the issue of lost ticks,
do_timer_tsc_timekeeping() checks a reference clock source (kvm-clock when
running as a KVM guest) to see if timer interrupts have been missed. If so,
jiffies is incremented by the number of missed timer interrupts, ensuring
that programs are woken up on time. (BZ#747874)
When a block device object was allocated, the bd_super field was not
being explicitly initialized to NULL. Previously, users of the block device
object could set bd_super to NULL when the object was released by calling
the kill_block_super() function. Certain third-party file systems do not
always use this function, and bd_super could therefore become uninitialized
when the object was allocated again. This could cause a kernel panic in the
blkdev_releasepage() function, when the uninitialized bd_super field was
dereferenced. Now, bd_super is properly initialized in the bdget()
function, and the kernel panic no longer occurs. (BZ#751137)

Solution

Users should upgrade to these updated packages, which contain
backported patches to resolve these issues. The system must be
rebooted for this update to take effect.

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

Affected Products

Red Hat Enterprise Linux Server - Extended Update Support 5.6 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 5.6 ia64
Red Hat Enterprise Linux Server - Extended Update Support 5.6 i386
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.6 x86_64
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.6 i386
Red Hat Enterprise Linux Server - AUS 5.6 x86_64
Red Hat Enterprise Linux Server - AUS 5.6 ia64
Red Hat Enterprise Linux Server - AUS 5.6 i386
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.6 s390x
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.6 ppc

Fixes

BZ - 709393 - CVE-2011-2491 kernel: rpc task leak after flock()ing NFS share
BZ - 714867 - CVE-2011-2482 kernel: sctp dos
BZ - 716825 - CVE-2011-2495 kernel: /proc/PID/io infoleak
BZ - 718152 - CVE-2011-2517 kernel: nl80211: missing check for valid SSID size in scan operations
BZ - 718882 - CVE-2011-2519 kernel: xen: x86_emulate: fix SAHF emulation
BZ - 728042 - CVE-2011-2901 kernel: xen: off-by-one shift in x86_64 __addr_ok()

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - Extended Update Support 5.6

SRPM
kernel-2.6.18-238.31.1.el5.src.rpm	SHA-256: ee37f92843dfa07a7de8da0a1a7b45aa7807621a2f813d75b6562af486f3d0bb
x86_64
kernel-2.6.18-238.31.1.el5.x86_64.rpm	SHA-256: 5646bfb0c420cf71f7a4c8cd649d191ec84d1a477f11a5c40cc29399219295d4
kernel-debug-2.6.18-238.31.1.el5.x86_64.rpm	SHA-256: 3e39afaf2ab2e78e167e919f3679c460028d2ed7f6d1228879d257f12e823b3c
kernel-debug-devel-2.6.18-238.31.1.el5.x86_64.rpm	SHA-256: af999a7ef337a757e40a3323c378fe2eb212963c5156ae12f3472eadbd3575f8
kernel-devel-2.6.18-238.31.1.el5.x86_64.rpm	SHA-256: 91221d35c81d5eee4512a547a0185cbb08833bcb5a098cb869bf3d21afbd69c1
kernel-doc-2.6.18-238.31.1.el5.noarch.rpm	SHA-256: c72e53e832fa129052617f39bded354c137e0fe1d8a92acb4f7a258f8d12e720
kernel-headers-2.6.18-238.31.1.el5.x86_64.rpm	SHA-256: aa35d6353cf4e8289b1e3135f798c12ae15a2584e2f08fca1c98587740b19fe9
kernel-xen-2.6.18-238.31.1.el5.x86_64.rpm	SHA-256: 84ae0b6340a99ea5f3d255b039980b9b416e54a65986b550946c0ebdcd32caa0
kernel-xen-devel-2.6.18-238.31.1.el5.x86_64.rpm	SHA-256: b9491a12ee0d1d3d5926ba0cf91062739b9cd9c140969374a6fe68e5c6fe543f
ia64
kernel-2.6.18-238.31.1.el5.ia64.rpm	SHA-256: db34ff74574b59b40504a0f973f65eabfdba417a00e965aa06990d7b438546ec
kernel-debug-2.6.18-238.31.1.el5.ia64.rpm	SHA-256: 3485a4883bd2375602f4a0e731a184f1064022afa8363f140cfb65a9b9c90422
kernel-debug-devel-2.6.18-238.31.1.el5.ia64.rpm	SHA-256: 420a6548c14e30060bc5d431af32bd387c566f20367dc65609dc623f6bdc3055
kernel-devel-2.6.18-238.31.1.el5.ia64.rpm	SHA-256: 353eaf2f6bcfb8c2e85c86bce0042d093c372fe3bcd948f7166881fe53f49cd9
kernel-doc-2.6.18-238.31.1.el5.noarch.rpm	SHA-256: c72e53e832fa129052617f39bded354c137e0fe1d8a92acb4f7a258f8d12e720
kernel-headers-2.6.18-238.31.1.el5.ia64.rpm	SHA-256: 1127068c7ceca01d5cfe8e81c28d5f92589a9b83db61401863ee6b443f001bb6
kernel-xen-2.6.18-238.31.1.el5.ia64.rpm	SHA-256: e8d18d77b7e2189fa7fc14b9f74d464973d4384563d68f6002c96827adb6cc32
kernel-xen-devel-2.6.18-238.31.1.el5.ia64.rpm	SHA-256: 1c2a5e6952e2fd297276087a0b622b47681840752adb21a0deeaf6cb23e1c56c
i386
kernel-2.6.18-238.31.1.el5.i686.rpm	SHA-256: 544499433564ca79eb1756cbf5204149ebde5ab17442c7b74a928926de05aec4
kernel-PAE-2.6.18-238.31.1.el5.i686.rpm	SHA-256: 1f8605cf2e06e427c783af14617858342050427fa92cd6032f0f6c01bd25d5bf
kernel-PAE-devel-2.6.18-238.31.1.el5.i686.rpm	SHA-256: 5ebff5485320982622672a6268cb3750e951804c1a6c6b6d2277b35beaf5ea3d
kernel-debug-2.6.18-238.31.1.el5.i686.rpm	SHA-256: f77ba2586103ba4e7ba47312111ca7624aa165051f7f433e16dbe4b0811deb58
kernel-debug-devel-2.6.18-238.31.1.el5.i686.rpm	SHA-256: 8890c1d291fc2142ca22c78bf7a48261363ed608d997c86896d8c6dbe98b3552
kernel-devel-2.6.18-238.31.1.el5.i686.rpm	SHA-256: 9b040ccebdf53715480532e189233e245e997c57c33c235ff6465f30ff1a407d
kernel-doc-2.6.18-238.31.1.el5.noarch.rpm	SHA-256: c72e53e832fa129052617f39bded354c137e0fe1d8a92acb4f7a258f8d12e720
kernel-headers-2.6.18-238.31.1.el5.i386.rpm	SHA-256: dd0c7fdc92cc608d2516c16252510793cbad7559124e6f5232c7a3fdd157a766
kernel-xen-2.6.18-238.31.1.el5.i686.rpm	SHA-256: e2e15b7117bdf5449b7e2114d9ed62b9623f8a2e258f1e593ae04078ee5b5d18
kernel-xen-devel-2.6.18-238.31.1.el5.i686.rpm	SHA-256: 69f8842cba15ed219c2d999673028ee96e3c5066697db461fdc80e58993bf46b

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.6

SRPM
kernel-2.6.18-238.31.1.el5.src.rpm	SHA-256: ee37f92843dfa07a7de8da0a1a7b45aa7807621a2f813d75b6562af486f3d0bb
s390x
kernel-2.6.18-238.31.1.el5.s390x.rpm	SHA-256: cc3205975511f92fa7c6d31ada96cbd3f0e55e41ea4b6b46fefc820387548dae
kernel-debug-2.6.18-238.31.1.el5.s390x.rpm	SHA-256: ddcdea6f525a25f4d22f6857d1ba03b93018994e36c4bc13e90f8e5c11362891
kernel-debug-devel-2.6.18-238.31.1.el5.s390x.rpm	SHA-256: f61ccc37aa04190afe73049b0effebe3231bab66fbd3b267ebd947ea509fe2bc
kernel-devel-2.6.18-238.31.1.el5.s390x.rpm	SHA-256: b6456f25daa2bd8639ad319eeb57d7e64785d4d3a5956358b5dd2bd11d885802
kernel-doc-2.6.18-238.31.1.el5.noarch.rpm	SHA-256: c72e53e832fa129052617f39bded354c137e0fe1d8a92acb4f7a258f8d12e720
kernel-headers-2.6.18-238.31.1.el5.s390x.rpm	SHA-256: 54e6f380bf1dc3bbe6f6afa1bd9b918c1fc8b9809f63987dbabe72f0a0a7b7cf
kernel-kdump-2.6.18-238.31.1.el5.s390x.rpm	SHA-256: 0579bc37eb422a78d5588e8ced4aaade1a3bda587c70133b3deb757fa70d78ec
kernel-kdump-devel-2.6.18-238.31.1.el5.s390x.rpm	SHA-256: 635bf0cc2fb129442744b22363ebaf57f341b4365124237cb61d5a880f3b43a0

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.6

SRPM
kernel-2.6.18-238.31.1.el5.src.rpm	SHA-256: ee37f92843dfa07a7de8da0a1a7b45aa7807621a2f813d75b6562af486f3d0bb
ppc
kernel-2.6.18-238.31.1.el5.ppc64.rpm	SHA-256: 833e3f7c13d727198e4153763dd9c9ed6ae0fbd2aad068b0fed99fdd5dc30d4a
kernel-debug-2.6.18-238.31.1.el5.ppc64.rpm	SHA-256: 320baf82bee000fc6e82a7c65faf02f0ef866650409f29a28cb7f26f3fa06c6c
kernel-debug-devel-2.6.18-238.31.1.el5.ppc64.rpm	SHA-256: 072ba2177f1094971c1246fb689b40e7a266fa010d37e32dce06f4c1514fa901
kernel-devel-2.6.18-238.31.1.el5.ppc64.rpm	SHA-256: 1dedb1b0ef8a1a04ade8356252724fa9ee7a986303032e1e6baa9e2c96e62935
kernel-doc-2.6.18-238.31.1.el5.noarch.rpm	SHA-256: c72e53e832fa129052617f39bded354c137e0fe1d8a92acb4f7a258f8d12e720
kernel-headers-2.6.18-238.31.1.el5.ppc.rpm	SHA-256: ee2e821d174253346fcc94ca354e5bfbef3916c91539faf2d199b3268170be81
kernel-headers-2.6.18-238.31.1.el5.ppc64.rpm	SHA-256: 4c66891b0ccb9b08bcc578ed0ee5f88c54e9cd5e06008ab9f288d3decd7ebf56
kernel-kdump-2.6.18-238.31.1.el5.ppc64.rpm	SHA-256: 1e6a735c1fb52f6ffb5baff9fbc225b362809e3dfa5d719adbe750815f1aacbb
kernel-kdump-devel-2.6.18-238.31.1.el5.ppc64.rpm	SHA-256: 0f1cdb23fcf723625b8f3407e9d99fb018a876ffb7bdfbab70da4916d04e7648

Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.6

SRPM
kernel-2.6.18-238.31.1.el5.src.rpm	SHA-256: ee37f92843dfa07a7de8da0a1a7b45aa7807621a2f813d75b6562af486f3d0bb
x86_64
kernel-2.6.18-238.31.1.el5.x86_64.rpm	SHA-256: 5646bfb0c420cf71f7a4c8cd649d191ec84d1a477f11a5c40cc29399219295d4
kernel-debug-2.6.18-238.31.1.el5.x86_64.rpm	SHA-256: 3e39afaf2ab2e78e167e919f3679c460028d2ed7f6d1228879d257f12e823b3c
kernel-debug-devel-2.6.18-238.31.1.el5.x86_64.rpm	SHA-256: af999a7ef337a757e40a3323c378fe2eb212963c5156ae12f3472eadbd3575f8
kernel-devel-2.6.18-238.31.1.el5.x86_64.rpm	SHA-256: 91221d35c81d5eee4512a547a0185cbb08833bcb5a098cb869bf3d21afbd69c1
kernel-doc-2.6.18-238.31.1.el5.noarch.rpm	SHA-256: c72e53e832fa129052617f39bded354c137e0fe1d8a92acb4f7a258f8d12e720
kernel-headers-2.6.18-238.31.1.el5.x86_64.rpm	SHA-256: aa35d6353cf4e8289b1e3135f798c12ae15a2584e2f08fca1c98587740b19fe9
kernel-xen-2.6.18-238.31.1.el5.x86_64.rpm	SHA-256: 84ae0b6340a99ea5f3d255b039980b9b416e54a65986b550946c0ebdcd32caa0
kernel-xen-devel-2.6.18-238.31.1.el5.x86_64.rpm	SHA-256: b9491a12ee0d1d3d5926ba0cf91062739b9cd9c140969374a6fe68e5c6fe543f
i386
kernel-2.6.18-238.31.1.el5.i686.rpm	SHA-256: 544499433564ca79eb1756cbf5204149ebde5ab17442c7b74a928926de05aec4
kernel-PAE-2.6.18-238.31.1.el5.i686.rpm	SHA-256: 1f8605cf2e06e427c783af14617858342050427fa92cd6032f0f6c01bd25d5bf
kernel-PAE-devel-2.6.18-238.31.1.el5.i686.rpm	SHA-256: 5ebff5485320982622672a6268cb3750e951804c1a6c6b6d2277b35beaf5ea3d
kernel-debug-2.6.18-238.31.1.el5.i686.rpm	SHA-256: f77ba2586103ba4e7ba47312111ca7624aa165051f7f433e16dbe4b0811deb58
kernel-debug-devel-2.6.18-238.31.1.el5.i686.rpm	SHA-256: 8890c1d291fc2142ca22c78bf7a48261363ed608d997c86896d8c6dbe98b3552
kernel-devel-2.6.18-238.31.1.el5.i686.rpm	SHA-256: 9b040ccebdf53715480532e189233e245e997c57c33c235ff6465f30ff1a407d
kernel-doc-2.6.18-238.31.1.el5.noarch.rpm	SHA-256: c72e53e832fa129052617f39bded354c137e0fe1d8a92acb4f7a258f8d12e720
kernel-headers-2.6.18-238.31.1.el5.i386.rpm	SHA-256: dd0c7fdc92cc608d2516c16252510793cbad7559124e6f5232c7a3fdd157a766
kernel-xen-2.6.18-238.31.1.el5.i686.rpm	SHA-256: e2e15b7117bdf5449b7e2114d9ed62b9623f8a2e258f1e593ae04078ee5b5d18
kernel-xen-devel-2.6.18-238.31.1.el5.i686.rpm	SHA-256: 69f8842cba15ed219c2d999673028ee96e3c5066697db461fdc80e58993bf46b

Red Hat Enterprise Linux Server - AUS 5.6

SRPM
kernel-2.6.18-238.31.1.el5.src.rpm	SHA-256: ee37f92843dfa07a7de8da0a1a7b45aa7807621a2f813d75b6562af486f3d0bb
x86_64
kernel-2.6.18-238.31.1.el5.x86_64.rpm	SHA-256: 5646bfb0c420cf71f7a4c8cd649d191ec84d1a477f11a5c40cc29399219295d4
kernel-debug-2.6.18-238.31.1.el5.x86_64.rpm	SHA-256: 3e39afaf2ab2e78e167e919f3679c460028d2ed7f6d1228879d257f12e823b3c
kernel-debug-devel-2.6.18-238.31.1.el5.x86_64.rpm	SHA-256: af999a7ef337a757e40a3323c378fe2eb212963c5156ae12f3472eadbd3575f8
kernel-devel-2.6.18-238.31.1.el5.x86_64.rpm	SHA-256: 91221d35c81d5eee4512a547a0185cbb08833bcb5a098cb869bf3d21afbd69c1
kernel-doc-2.6.18-238.31.1.el5.noarch.rpm	SHA-256: c72e53e832fa129052617f39bded354c137e0fe1d8a92acb4f7a258f8d12e720
kernel-headers-2.6.18-238.31.1.el5.x86_64.rpm	SHA-256: aa35d6353cf4e8289b1e3135f798c12ae15a2584e2f08fca1c98587740b19fe9
kernel-xen-2.6.18-238.31.1.el5.x86_64.rpm	SHA-256: 84ae0b6340a99ea5f3d255b039980b9b416e54a65986b550946c0ebdcd32caa0
kernel-xen-devel-2.6.18-238.31.1.el5.x86_64.rpm	SHA-256: b9491a12ee0d1d3d5926ba0cf91062739b9cd9c140969374a6fe68e5c6fe543f
ia64
kernel-2.6.18-238.31.1.el5.ia64.rpm	SHA-256: db34ff74574b59b40504a0f973f65eabfdba417a00e965aa06990d7b438546ec
kernel-debug-2.6.18-238.31.1.el5.ia64.rpm	SHA-256: 3485a4883bd2375602f4a0e731a184f1064022afa8363f140cfb65a9b9c90422
kernel-debug-devel-2.6.18-238.31.1.el5.ia64.rpm	SHA-256: 420a6548c14e30060bc5d431af32bd387c566f20367dc65609dc623f6bdc3055
kernel-devel-2.6.18-238.31.1.el5.ia64.rpm	SHA-256: 353eaf2f6bcfb8c2e85c86bce0042d093c372fe3bcd948f7166881fe53f49cd9
kernel-doc-2.6.18-238.31.1.el5.noarch.rpm	SHA-256: c72e53e832fa129052617f39bded354c137e0fe1d8a92acb4f7a258f8d12e720
kernel-headers-2.6.18-238.31.1.el5.ia64.rpm	SHA-256: 1127068c7ceca01d5cfe8e81c28d5f92589a9b83db61401863ee6b443f001bb6
kernel-xen-2.6.18-238.31.1.el5.ia64.rpm	SHA-256: e8d18d77b7e2189fa7fc14b9f74d464973d4384563d68f6002c96827adb6cc32
kernel-xen-devel-2.6.18-238.31.1.el5.ia64.rpm	SHA-256: 1c2a5e6952e2fd297276087a0b622b47681840752adb21a0deeaf6cb23e1c56c
i386
kernel-2.6.18-238.31.1.el5.i686.rpm	SHA-256: 544499433564ca79eb1756cbf5204149ebde5ab17442c7b74a928926de05aec4
kernel-PAE-2.6.18-238.31.1.el5.i686.rpm	SHA-256: 1f8605cf2e06e427c783af14617858342050427fa92cd6032f0f6c01bd25d5bf
kernel-PAE-devel-2.6.18-238.31.1.el5.i686.rpm	SHA-256: 5ebff5485320982622672a6268cb3750e951804c1a6c6b6d2277b35beaf5ea3d
kernel-debug-2.6.18-238.31.1.el5.i686.rpm	SHA-256: f77ba2586103ba4e7ba47312111ca7624aa165051f7f433e16dbe4b0811deb58
kernel-debug-devel-2.6.18-238.31.1.el5.i686.rpm	SHA-256: 8890c1d291fc2142ca22c78bf7a48261363ed608d997c86896d8c6dbe98b3552
kernel-devel-2.6.18-238.31.1.el5.i686.rpm	SHA-256: 9b040ccebdf53715480532e189233e245e997c57c33c235ff6465f30ff1a407d
kernel-doc-2.6.18-238.31.1.el5.noarch.rpm	SHA-256: c72e53e832fa129052617f39bded354c137e0fe1d8a92acb4f7a258f8d12e720
kernel-headers-2.6.18-238.31.1.el5.i386.rpm	SHA-256: dd0c7fdc92cc608d2516c16252510793cbad7559124e6f5232c7a3fdd157a766
kernel-xen-2.6.18-238.31.1.el5.i686.rpm	SHA-256: e2e15b7117bdf5449b7e2114d9ed62b9623f8a2e258f1e593ae04078ee5b5d18
kernel-xen-devel-2.6.18-238.31.1.el5.i686.rpm	SHA-256: 69f8842cba15ed219c2d999673028ee96e3c5066697db461fdc80e58993bf46b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories