RedHatRHSA-2012:0010(RHSA-2012:0010) Important: kernel-rt security and bug fix update
0.016 Low
EPSS
Percentile
87.3%
The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
-
A malicious CIFS (Common Internet File System) server could send a
specially-crafted response to a directory read request that would result in
a denial of service or privilege escalation on a system that has a CIFS
share mounted. (CVE-2011-3191, Important) -
The way fragmented IPv6 UDP datagrams over the bridge with UDP
Fragmentation Offload (UFO) functionality on were handled could allow a
remote attacker to cause a denial of service. (CVE-2011-4326, Important) -
GRO (Generic Receive Offload) fields could be left in an inconsistent
state. An attacker on the local network could use this flaw to cause a
denial of service. GRO is enabled by default in all network drivers that
support it. (CVE-2011-2723, Moderate) -
IPv4 and IPv6 protocol sequence number and fragment ID generation could
allow a man-in-the-middle attacker to inject packets and possibly hijack
connections. Protocol sequence numbers and fragment IDs are now more
random. (CVE-2011-3188, Moderate) -
A flaw in the FUSE (Filesystem in Userspace) implementation could allow
a local user in the fuse group who has access to mount a FUSE file system
to cause a denial of service. (CVE-2011-3353, Moderate) -
A flaw in the b43 driver. If a system had an active wireless interface
that uses the b43 driver, an attacker able to send a specially-crafted
frame to that interface could cause a denial of service. (CVE-2011-3359,
Moderate) -
A flaw in the way CIFS shares with DFS referrals at their root were
handled could allow an attacker on the local network, who is able to deploy
a malicious CIFS server, to create a CIFS network share that, when mounted,
would cause the client system to crash. (CVE-2011-3363, Moderate) -
A flaw in the m_stop() implementation could allow a local, unprivileged
user to trigger a denial of service. (CVE-2011-3637, Moderate) -
Flaws in ghash_update() and ghash_final() could allow a local,
unprivileged user to cause a denial of service. (CVE-2011-4081, Moderate) -
A flaw in the key management facility could allow a local, unprivileged
user to cause a denial of service via the keyctl utility. (CVE-2011-4110,
Moderate) -
A flaw in the Journaling Block Device (JBD) could allow a local attacker
to crash the system by mounting a specially-crafted ext3 or ext4 disk.
(CVE-2011-4132, Moderate) -
A flaw in the way memory containing security-related data was handled in
tpm_read() could allow a local, unprivileged user to read the results of a
previously run TPM command. (CVE-2011-1162, Low) -
I/O statistics from the taskstats subsystem could be read without any
restrictions, which could allow a local, unprivileged user to gather
confidential information, such as the length of a password used in a
process. (CVE-2011-2494, Low) -
Flaws in tpacket_rcv() and packet_recvmsg() could allow a local,
unprivileged user to leak information to user-space. (CVE-2011-2898, Low)
Red Hat would like to thank Darren Lavender for reporting CVE-2011-3191;
Brent Meshier for reporting CVE-2011-2723; Dan Kaminsky for reporting
CVE-2011-3188; Yogesh Sharma for reporting CVE-2011-3363; Nick Bowler for
reporting CVE-2011-4081; Peter Huewe for reporting CVE-2011-1162; and
Vasiliy Kulikov of Openwall for reporting CVE-2011-2494.
This update also fixes the following bugs:
-
Previously, a mismatch in the build-id of the kernel-rt and the one in
the related debuginfo package caused failures in SystemTap and perf.
(BZ#768413) -
IBM x3650m3 systems were not able to boot the MRG Realtime kernel because
they require a pmcraid driver that was not available. The pmcraid driver is
included in this update. (BZ#753992)
Users should upgrade to these updated packages, which correct these issues.
The system must be rebooted for this update to take effect.
Related
