Red Hat Product Errata RHSA-2014:0100 - Security Advisory

Issued:: 2014-01-28
Updated:: 2014-01-28

RHSA-2014:0100 - Security Advisory

Overview
Updated Packages

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Topic

Updated kernel-rt packages that fix multiple security issues and several
bugs are now available for Red Hat Enterprise MRG 2.4.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Description

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

A flaw was found in the way the Linux kernel's TCP/IP protocol suite
implementation handled sending of certain UDP packets over sockets that
used the UDP_CORK option when the UDP Fragmentation Offload (UFO) feature
was enabled on the output device. A local, unprivileged user could use this
flaw to cause a denial of service or, potentially, escalate their
privileges on the system. (CVE-2013-4470, Important)
A flaw was found in the way the perf_trace_event_perm() function in the
Linux kernel checked permissions for the function tracer functionality.
An unprivileged local user could use this flaw to enable function tracing
and cause a denial of service on the system. (CVE-2013-2930, Moderate)
A flaw was found in the way the net_ctl_permissions() function in the
Linux kernel checked access permissions. A local, unprivileged user could
potentially use this flaw to access certain files in /proc/sys/net
regardless of the underlying file system permissions. (CVE-2013-4270,
Moderate)
A flaw was found in the way the Linux kernel's Adaptec RAID controller
(aacraid) checked permissions of compat IOCTLs. A local attacker could use
this flaw to bypass intended security restrictions. (CVE-2013-6383,
Moderate)
A flaw was found in the way the get_dumpable() function return value was
interpreted in the ptrace subsystem of the Linux kernel. When
'fs.suid_dumpable' was set to 2, a local, unprivileged local user could
use this flaw to bypass intended ptrace restrictions and obtain
potentially sensitive information. (CVE-2013-2929, Low)
An invalid pointer dereference flaw was found in the Marvell 8xxx
Libertas WLAN (libertas) driver in the Linux kernel. A local user able to
write to a file that is provided by the libertas driver and located on the
debug file system (debugfs) could use this flaw to crash the system. Note:
The debugfs file system must be mounted locally to exploit this issue.
It is not mounted by default. (CVE-2013-6378, Low)
A NULL pointer dereference flaw was found in the Linux kernel's IPv6
source address-based routing implementation. A local attacker who has the
CAP_NET_ADMIN capability could use this flaw to crash the system.
(CVE-2013-6431, Low)

Red Hat would like to thank Hannes Frederic Sowa for reporting
CVE-2013-4470. The CVE-2013-4270 issue was discovered by Miroslav Vadkerti
of Red Hat.

This update also fixes multiple bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which upgrade the kernel-rt
kernel to version kernel-rt-3.8.13-rt27, correct these issues, and fix the
bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system must
be rebooted for this update to take effect.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not use
"rpm -Uvh" as that will remove the running kernel binaries from your
system. You may use "rpm -e" to remove old kernels after determining that
the new kernel functions properly on your system.

Affected Products

MRG Realtime 2 x86_64

Fixes

BZ - 1016729 - Apply IB performance patches to 3.8 realtime kernel
BZ - 1023477 - CVE-2013-4470 Kernel: net: memory corruption with UDP_CORK and UFO
BZ - 1027752 - CVE-2013-4270 kernel: net: permissions flaw in /proc/sys/net
BZ - 1027778 - CVE-2013-2930 kernel: perf/ftrace: insufficient check in perf_trace_event_perm()
BZ - 1028148 - CVE-2013-2929 kernel: exec/ptrace: get_dumpable() incorrect tests
BZ - 1033530 - CVE-2013-6383 Kernel: AACRAID Driver compat IOCTL missing capability check
BZ - 1033578 - CVE-2013-6378 Kernel: drivers: libertas: potential oops in debugfs
BZ - 1037770 - Recent -rt kernels compiled without CONFIG_NETFILTER_XT_MATCH_ADDRTYPE
BZ - 1039054 - CVE-2013-6431 kernel: net: fib: fib6_add: potential NULL pointer dereference
BZ - 1039743 - kernel: panic when unloading ip6_tunnel module

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

MRG Realtime 2

SRPM
kernel-rt-3.8.13-rt27.33.el6rt.src.rpm	SHA-256: 58f2573facc586ca63e07f6acacb555ab697f69328bc0bf837b2a842e2532729
x86_64
kernel-rt-3.8.13-rt27.33.el6rt.x86_64.rpm	SHA-256: 7e7c8c0995914e378e38a1b2d7ab6d6f8062b2792a5671b51faa2afde5433348
kernel-rt-debug-3.8.13-rt27.33.el6rt.x86_64.rpm	SHA-256: b1de1846b717e17fcd896f120f6126700db6964a8c2678b941282aa0f383d8ee
kernel-rt-debug-debuginfo-3.8.13-rt27.33.el6rt.x86_64.rpm	SHA-256: af40ed828dafb1f69ae3ec5e07a0363f393287937b1aa8f5222d3d58f57637c5
kernel-rt-debug-devel-3.8.13-rt27.33.el6rt.x86_64.rpm	SHA-256: 885dbec6c83af3b7b6023cbe1ac659c3f0f744e2e2969642dbe3a3f7f050f132
kernel-rt-debuginfo-3.8.13-rt27.33.el6rt.x86_64.rpm	SHA-256: 4516d5572b6191f33e4515b8d927612b6dd541a60cb8ea4a1317a5ad3d1c384a
kernel-rt-debuginfo-common-x86_64-3.8.13-rt27.33.el6rt.x86_64.rpm	SHA-256: 0769e076cd91642eb053c0f2f4ff3df842cbdf23a1923834f397466522f4efe8
kernel-rt-devel-3.8.13-rt27.33.el6rt.x86_64.rpm	SHA-256: 51cfb9c8db441dc0a7cb9a261de0b235e3001f5870dd973dc4c214e312cf5843
kernel-rt-doc-3.8.13-rt27.33.el6rt.noarch.rpm	SHA-256: c6894699520fa74b6ae140fa0fc34d008450f587202bc8b4d4d19f3a9ad7cad3
kernel-rt-firmware-3.8.13-rt27.33.el6rt.noarch.rpm	SHA-256: 03591397c98407025afad2063b2efff5a1205006c999af33827bfe65c1c5ebfc
kernel-rt-trace-3.8.13-rt27.33.el6rt.x86_64.rpm	SHA-256: 9fc8c9f5ea5525cc8ac430ed3f93b5a77158c8501766dacaf956af934f0ef3d9
kernel-rt-trace-debuginfo-3.8.13-rt27.33.el6rt.x86_64.rpm	SHA-256: 299f4403b2c214d5e81e82d6c3bc1e1a530cca645ded300dfebd46561aada5f1
kernel-rt-trace-devel-3.8.13-rt27.33.el6rt.x86_64.rpm	SHA-256: e86bf59081024305dad08a8e9864811e99e552ee8e2653e9a5875f73ff4209ab
kernel-rt-vanilla-3.8.13-rt27.33.el6rt.x86_64.rpm	SHA-256: 183100f1080e6b925401b3f780948f9f990812b56122f916b63d513279671192
kernel-rt-vanilla-debuginfo-3.8.13-rt27.33.el6rt.x86_64.rpm	SHA-256: 9182b3c8b0306475125f12e703ef1d3119d15153a94ce026029817173f4ab5c0
kernel-rt-vanilla-devel-3.8.13-rt27.33.el6rt.x86_64.rpm	SHA-256: 5f564c4485f560f231c48c46f43800736737167a02d8ce3da700c184c4a22051

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories