Red Hat Customer Portal

Skip to main content

Main Navigation

  • Products & Services
    • Back
    • View All Products
    • Infrastructure and Management
      • Back
      • Red Hat Enterprise Linux
      • Red Hat Virtualization
      • Red Hat Identity Management
      • Red Hat Directory Server
      • Red Hat Certificate System
      • Red Hat Satellite
      • Red Hat Subscription Management
      • Red Hat Update Infrastructure
      • Red Hat Insights
      • Red Hat Ansible Automation Platform
    • Cloud Computing
      • Back
      • Red Hat CloudForms
      • Red Hat OpenStack Platform
      • Red Hat OpenShift Container Platform
      • Red Hat OpenShift Online
      • Red Hat OpenShift Dedicated
      • Red Hat Advanced Cluster Management for Kubernetes
      • Red Hat Quay
      • Red Hat CodeReady Workspaces
    • Storage
      • Back
      • Red Hat Gluster Storage
      • Red Hat Hyperconverged Infrastructure
      • Red Hat Ceph Storage
      • Red Hat Openshift Container Storage
    • Runtimes
      • Back
      • Red Hat Runtimes
      • Red Hat JBoss Enterprise Application Platform
      • Red Hat Data Grid
      • Red Hat JBoss Web Server
      • Red Hat Single Sign On
      • Red Hat support for Spring Boot
      • Red Hat build of Node.js
      • Red Hat build of Thorntail
      • Red Hat build of Eclipse Vert.x
      • Red Hat build of OpenJDK
      • Red Hat build of Quarkus
      • Red Hat CodeReady Studio
    • Integration and Automation
      • Back
      • Red Hat Integration
      • Red Hat Fuse
      • Red Hat AMQ
      • Red Hat 3scale API Management
      • Red Hat JBoss Data Virtualization
      • Red Hat Process Automation
      • Red Hat Process Automation Manager
      • Red Hat Decision Manager
    • Support
    • Production Support
    • Development Support
    • Product Life Cycles
    • Documentation
    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    • Services
    • Consulting
    • Technical Account Management
    • Training & Certifications
    • Ecosystem Catalog
    • Partner Resources
    • Red Hat in the Public Cloud
  • Tools
    • Back
    • Red Hat Insights
    • Tools
    • Troubleshoot a product issue
    • Packages
    • Errata
    • Customer Portal Labs
    • Explore Labs
    • Configuration
    • Deployment
    • Security
    • Troubleshooting
  • Security
    • Back
    • Product Security Center
    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Security Labs
    • Resources
    • Overview
    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community
    • Back
    • Customer Portal Community
    • Discussions
    • Blogs
    • Private Groups
    • Community Activity
    • Customer Events
    • Red Hat Convergence
    • Red Hat Summit
    • Stories
    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Account
    • Back
    • Log In
    • Register
    • Red Hat Account Number:
    • Account Details
    • User Management
    • Account Maintenance
    • My Profile
    • Notifications
    • Help
    • Log Out
  • Language
    • Back
    • English
    • 한국어
    • 日本語
    • 中文 (中国)
Red Hat Customer Portal
  • Products & Services
    • Back
    • View All Products
    • Infrastructure and Management
      • Back
      • Red Hat Enterprise Linux
      • Red Hat Virtualization
      • Red Hat Identity Management
      • Red Hat Directory Server
      • Red Hat Certificate System
      • Red Hat Satellite
      • Red Hat Subscription Management
      • Red Hat Update Infrastructure
      • Red Hat Insights
      • Red Hat Ansible Automation Platform
    • Cloud Computing
      • Back
      • Red Hat CloudForms
      • Red Hat OpenStack Platform
      • Red Hat OpenShift Container Platform
      • Red Hat OpenShift Online
      • Red Hat OpenShift Dedicated
      • Red Hat Advanced Cluster Management for Kubernetes
      • Red Hat Quay
      • Red Hat CodeReady Workspaces
    • Storage
      • Back
      • Red Hat Gluster Storage
      • Red Hat Hyperconverged Infrastructure
      • Red Hat Ceph Storage
      • Red Hat Openshift Container Storage
    • Runtimes
      • Back
      • Red Hat Runtimes
      • Red Hat JBoss Enterprise Application Platform
      • Red Hat Data Grid
      • Red Hat JBoss Web Server
      • Red Hat Single Sign On
      • Red Hat support for Spring Boot
      • Red Hat build of Node.js
      • Red Hat build of Thorntail
      • Red Hat build of Eclipse Vert.x
      • Red Hat build of OpenJDK
      • Red Hat build of Quarkus
      • Red Hat CodeReady Studio
    • Integration and Automation
      • Back
      • Red Hat Integration
      • Red Hat Fuse
      • Red Hat AMQ
      • Red Hat 3scale API Management
      • Red Hat JBoss Data Virtualization
      • Red Hat Process Automation
      • Red Hat Process Automation Manager
      • Red Hat Decision Manager
    • Support
    • Production Support
    • Development Support
    • Product Life Cycles
    • Documentation
    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    • Services
    • Consulting
    • Technical Account Management
    • Training & Certifications
    • Ecosystem Catalog
    • Partner Resources
    • Red Hat in the Public Cloud
  • Tools
    • Back
    • Red Hat Insights
    • Tools
    • Troubleshoot a product issue
    • Packages
    • Errata
    • Customer Portal Labs
    • Explore Labs
    • Configuration
    • Deployment
    • Security
    • Troubleshooting
  • Security
    • Back
    • Product Security Center
    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Security Labs
    • Resources
    • Overview
    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community
    • Back
    • Customer Portal Community
    • Discussions
    • Blogs
    • Private Groups
    • Community Activity
    • Customer Events
    • Red Hat Convergence
    • Red Hat Summit
    • Stories
    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Account
    • Back
    • Log In
    • Register
    • Red Hat Account Number:
    • Account Details
    • User Management
    • Account Maintenance
    • My Profile
    • Notifications
    • Help
    • Log Out
  • Language
    • Back
    • English
    • 한국어
    • 日本語
    • 中文 (中国)
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Search
  • Log In
  • Language
Or troubleshoot an issue.

Log in to Your Red Hat Account

Log In

Your Red Hat account gives you access to your profile, preferences, and services, depending on your status.

Register

If you are a new customer, register now for access to product evaluations and purchasing capabilities.

Need access to an account?

If your company has an existing Red Hat account, your organization administrator can grant you access.

If you have any questions, please contact customer service.

Red Hat Account Number:

Red Hat Account

  • Account Details
  • User Management
  • Account Maintenance
  • Account Team

Customer Portal

  • My Profile
  • Notifications
  • Help

For your security, if you’re on a public computer and have finished using your Red Hat services, please be sure to log out.

Log Out

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)
Red Hat Customer Portal Red Hat Customer Portal
  • Products & Services
  • Tools
  • Security
  • Community
  • Infrastructure and Management

  • Cloud Computing

  • Storage

  • Runtimes

  • Integration and Automation

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS
  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat Openshift Container Storage
  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus
  • Red Hat CodeReady Studio
  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
View All Products
  • Support
  • Production Support
  • Development Support
  • Product Life Cycles

Services

  • Consulting
  • Technical Account Management
  • Training & Certifications
  • Documentation
  • Red Hat Enterprise Linux
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Ecosystem Catalog
  • Red Hat in the Public Cloud
  • Partner Resources

Tools

  • Troubleshoot a product issue
  • Packages
  • Errata
  • Customer Portal Labs
  • Configuration
  • Deployment
  • Security
  • Troubleshooting

Red Hat Insights

Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

  • Learn more
  • Go to Insights

Red Hat Product Security Center

Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

Product Security Center

Security Updates

  • Security Advisories
  • Red Hat CVE Database
  • Security Labs

Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

  • View Responses

Resources

  • Overview
  • Security Blog
  • Security Measurement
  • Severity Ratings
  • Backporting Policies
  • Product Signing (GPG) Keys

Customer Portal Community

  • Discussions
  • Blogs
  • Private Groups
  • Community Activity

Customer Events

  • Red Hat Convergence
  • Red Hat Summit

Stories

  • Red Hat Subscription Value
  • You Asked. We Acted.
  • Open Source Communities
Red Hat Product Errata RHSA-2013:1490 - Security Advisory
Issued:
2013-10-31
Updated:
2013-10-31

RHSA-2013:1490 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Topic

Updated kernel-rt packages that fix multiple security issues and one bug
are now available for Red Hat Enterprise MRG 2.4.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Description

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

  • A flaw was found in the way IP packets with an Internet Header Length

(ihl) of zero were processed in the skb_flow_dissect() function in the
Linux kernel. A remote attacker could use this flaw to trigger an infinite
loop in the kernel, leading to a denial of service. (CVE-2013-4348,
Important)

  • A flaw was found in the way the Linux kernel's IPv6 implementation

handled certain UDP packets when the UDP Fragmentation Offload (UFO)
feature was enabled. A remote attacker could use this flaw to crash the
system or, potentially, escalate their privileges on the system.
(CVE-2013-4387, Important)

  • A flaw was found in the way the Linux kernel handled the creation of

temporary IPv6 addresses. If the IPv6 privacy extension was enabled
(/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on
the local network could disable IPv6 temporary address generation, leading
to a potential information disclosure. (CVE-2013-0343, Moderate)

  • A flaw was found in the way the Linux kernel handled HID (Human Interface

Device) reports with an out-of-bounds Report ID. An attacker with physical
access to the system could use this flaw to crash the system or,
potentially, escalate their privileges on the system. (CVE-2013-2888,
Moderate)

  • Heap-based buffer overflow flaws were found in the way the

Pantherlord/GreenAsia game controller driver, the Logitech force feedback
drivers, and the Logitech Unifying receivers driver handled HID reports.
An attacker with physical access to the system could use these flaws to
crash the system or, potentially, escalate their privileges on the system.
(CVE-2013-2892, CVE-2013-2893, CVE-2013-2895, Moderate)

  • A NULL pointer dereference flaw was found in the way the N-Trig touch

screen driver handled HID reports. An attacker with physical access to the
system could use this flaw to crash the system, resulting in a denial of
service. (CVE-2013-2896, Moderate)

  • An information leak flaw was found in the way the Linux kernel's device

mapper subsystem, under certain conditions, interpreted data written to
snapshot block devices. An attacker could use this flaw to read data from
disk blocks in free space, which are normally inaccessible. (CVE-2013-4299,
Moderate)

  • A use-after-free flaw was found in the tun_set_iff() function in the

Universal TUN/TAP device driver implementation in the Linux kernel.
A privileged user could use this flaw to crash the system or, potentially,
further escalate their privileges on the system. (CVE-2013-4343, Moderate)

  • An off-by-one flaw was found in the way the ANSI CPRNG implementation in

the Linux kernel processed non-block size aligned requests. This could lead
to random numbers being generated with less bits of entropy than expected
when ANSI CPRNG was used. (CVE-2013-4345, Moderate)

  • A flaw was found in the way the Linux kernel's IPv6 SCTP implementation

interacted with the IPsec subsystem. This resulted in unencrypted SCTP
packets being sent over the network even though IPsec encryption was
enabled. An attacker able to inspect these SCTP packets could use this flaw
to obtain potentially sensitive information. (CVE-2013-4350, Moderate)

Red Hat would like to thank Fujitsu for reporting CVE-2013-4299 and Stephan
Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue was discovered
by Jason Wang of Red Hat.

Bug fix:

  • RoCE appeared to be supported in the MRG Realtime kernel even when the

required user space packages from the HPN channel were not installed.
The Realtime kernel now checks for the HPN channel packages before exposing
the RoCE interfaces. RoCE devices appear as plain 10GigE devices if the
needed HPN channel user space packages are not installed. (BZ#1012993)

Users should upgrade to these updated packages, which upgrade the kernel-rt
kernel to version kernel-rt-3.8.13-rt14, and correct these issues.
The system must be rebooted for this update to take effect.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not use
"rpm -Uvh" as that will remove the running kernel binaries from your
system. You may use "rpm -e" to remove old kernels after determining that
the new kernel functions properly on your system.

Affected Products

  • MRG Realtime 2 x86_64

Fixes

  • BZ - 914664 - CVE-2013-0343 kernel: handling of IPv6 temporary addresses
  • BZ - 1000360 - CVE-2013-2895 Kernel: HID: logitech-dj: heap overflow flaw
  • BZ - 1000414 - CVE-2013-2893 Kernel: HID: LG: heap overflow flaw
  • BZ - 1000429 - CVE-2013-2892 Kernel: HID: pantherlord: heap overflow flaw
  • BZ - 1000451 - CVE-2013-2888 Kernel: HID: memory corruption flaw
  • BZ - 1000494 - CVE-2013-2896 Kernel: HID: ntrig: NULL pointer dereference
  • BZ - 1004233 - CVE-2013-4299 kernel: dm: dm-snapshot data leak
  • BZ - 1007690 - CVE-2013-4345 kernel: ansi_cprng: off by one error in non-block size request
  • BZ - 1007733 - CVE-2013-4343 Kernel: net: use-after-free TUNSETIFF
  • BZ - 1007872 - CVE-2013-4350 kernel: net: sctp: ipv6 ipsec encryption bug in sctp_v6_xmit
  • BZ - 1007939 - CVE-2013-4348 kernel: net: deadloop path in skb_flow_dissect()
  • BZ - 1011927 - CVE-2013-4387 Kernel: net: IPv6: panic when UFO=On for an interface
  • BZ - 1012993 - mlx4: Don't show RoCE interfaces if the hpn channel is not installed

CVEs

  • CVE-2013-4299
  • CVE-2013-0343
  • CVE-2013-4345
  • CVE-2013-4343
  • CVE-2013-4348
  • CVE-2013-2895
  • CVE-2013-2896
  • CVE-2013-2888
  • CVE-2013-4387
  • CVE-2013-2892
  • CVE-2013-2893
  • CVE-2013-4350

References

  • https://access.redhat.com/security/updates/classification/#important
  • Note: More recent versions of these packages may be available. Click a package name for more details.

    MRG Realtime 2

    SRPM
    kernel-rt-3.8.13-rt14.25.el6rt.src.rpm SHA-256: 3977b5015d445261a6cc791e1d06ce3500658935373b3cc48dc040ac89bb2708
    x86_64
    kernel-rt-3.8.13-rt14.25.el6rt.x86_64.rpm SHA-256: e98e95e7ab7e83d26ed4ff061c14f25e73090f88b0ca14f1cb88a5e9e04f33fa
    kernel-rt-debug-3.8.13-rt14.25.el6rt.x86_64.rpm SHA-256: dd3289040b6aeb6685cd1779687135d4860dcacd3ec24765156337a30173fd76
    kernel-rt-debug-debuginfo-3.8.13-rt14.25.el6rt.x86_64.rpm SHA-256: 6ae84998f65f2532dc113a13fefd2ae623cb4982df7096e3956e65d6e37e4357
    kernel-rt-debug-devel-3.8.13-rt14.25.el6rt.x86_64.rpm SHA-256: a3141f64f42ad2c37f130089243cea833d1a9e281822af64bf6c067c711d0b46
    kernel-rt-debuginfo-3.8.13-rt14.25.el6rt.x86_64.rpm SHA-256: 6cc315872c9f9276d2faf7a94d815c1bfba56c8e49709bff7ec65e9a7bb54a6c
    kernel-rt-debuginfo-common-x86_64-3.8.13-rt14.25.el6rt.x86_64.rpm SHA-256: 4592f4c704020ac7d52283ae65be47d03f639fa7fba246f400026c358ec397b8
    kernel-rt-devel-3.8.13-rt14.25.el6rt.x86_64.rpm SHA-256: 400a52e7b986aa6ee49b68cc6e5feaf4e38e8c5537f0170af21afd03990dc323
    kernel-rt-doc-3.8.13-rt14.25.el6rt.noarch.rpm SHA-256: 3166dfc04126bc10b6501a334b5968f10d6296c9417487e68a03284baff0d634
    kernel-rt-firmware-3.8.13-rt14.25.el6rt.noarch.rpm SHA-256: 31f3d7cbd5952aaf81c4fba93fba246e31d6127dcfad07fe61ef192f1278fa57
    kernel-rt-trace-3.8.13-rt14.25.el6rt.x86_64.rpm SHA-256: 4080102497bed1e41a8b9973bc859fc021a8b83901d5f02ee49b9030d605ccb2
    kernel-rt-trace-debuginfo-3.8.13-rt14.25.el6rt.x86_64.rpm SHA-256: b83b1c94c3351c45e4c128846f809d3b051b05562b7b01f3a5c57a979fb9f90a
    kernel-rt-trace-devel-3.8.13-rt14.25.el6rt.x86_64.rpm SHA-256: 3298a3fcbb8907d025e080e7837668d6275aa1a8edfaf63ffa3d408a0f45779d
    kernel-rt-vanilla-3.8.13-rt14.25.el6rt.x86_64.rpm SHA-256: f741e58062290f740485dd51f05dd2de96150402c2b41f282c619b9756b32467
    kernel-rt-vanilla-debuginfo-3.8.13-rt14.25.el6rt.x86_64.rpm SHA-256: 643e9baa6a0c58a529082a28d00056aafef831389090f8afc238ac67c9e245b9
    kernel-rt-vanilla-devel-3.8.13-rt14.25.el6rt.x86_64.rpm SHA-256: ad63c8c91ba5776f44e24ea65d9f7444743ec8b37a69a27bec5421ea58fe47a6
    mrg-rt-release-3.8.13-rt14.25.el6rt.noarch.rpm SHA-256: 64cbdd4f75167b46b9de9144234d3bb9fe8de3ce7292b009c2ceb181149c9693

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

    Red Hat

    Quick Links

    • Downloads
    • Subscriptions
    • Support Cases
    • Customer Service
    • Product Documentation

    Help

    • Contact Us
    • Customer Portal FAQ
    • Log-in Assistance

    Site Info

    • Trust Red Hat
    • Browser Support Policy
    • Accessibility
    • Awards and Recognition
    • Colophon

    Related Sites

    • redhat.com
    • openshift.com
    • developers.redhat.com
    • connect.redhat.com
    • cloud.redhat.com

    About

    • Red Hat Subscription Value
    • About Red Hat
    • Red Hat Jobs
    Copyright © 2021 Red Hat, Inc.
    • Privacy Statement
    • Customer Portal Terms of Use
    • All Policies and Guidelines
    Red Hat Summit
    Twitter Facebook