Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2011.0866 Important: kernel security, bug fix, and enhancement update 24 August 2011 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux WS/Desktop 6 Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Denial of Service -- Existing Account Increased Privileges -- Existing Account Access Privileged Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2011-2695 CVE-2011-2689 CVE-2011-2517 CVE-2011-2497 CVE-2011-2495 CVE-2011-2492 CVE-2011-2491 CVE-2011-2213 CVE-2011-2183 CVE-2011-1898 CVE-2011-1776 CVE-2011-1593 CVE-2011-1576 CVE-2011-1182 Reference: ESB-2011.0758 ESB-2011.0728 ESB-2011.0663 ESB-2011.0559 ESB-2011.0487 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2011-1189.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2011:1189-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1189.html Issue date: 2011-08-23 CVE Names: CVE-2011-1182 CVE-2011-1576 CVE-2011-1593 CVE-2011-1776 CVE-2011-1898 CVE-2011-2183 CVE-2011-2213 CVE-2011-2491 CVE-2011-2492 CVE-2011-2495 CVE-2011-2497 CVE-2011-2517 CVE-2011-2689 CVE-2011-2695 ===================================================================== 1. Summary: Updated kernel packages that fix several security issues, various bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: Security issues: * Using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Refer to Red Hat Bugzilla bug 715555 for details. (CVE-2011-1898, Important) * Flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2491, Important) * Integer underflow in the Bluetooth implementation could allow a remote attacker to cause a denial of service or escalate their privileges by sending a specially-crafted request to a target system via Bluetooth. (CVE-2011-2497, Important) * Buffer overflows in the netlink-based wireless configuration interface implementation could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface. (CVE-2011-2517, Important) * Flaw in the way the maximum file offset was handled for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important) * Flaw allowed napi_reuse_skb() to be called on VLAN packets. An attacker on the local network could use this flaw to send crafted packets to a target, possibly causing a denial of service. (CVE-2011-1576, Moderate) * Integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate) * Race condition in the memory merging support (KSM) could allow a local, unprivileged user to cause a denial of service. KSM is off by default, but on systems running VDSM, or on KVM hosts, it is likely turned on by the ksm/ksmtuned services. (CVE-2011-2183, Moderate) * Flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2213, Moderate) * Flaw in the way space was allocated in the Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Setting quotas to prevent users from using all available disk space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate) * Local, unprivileged users could send signals via the sigqueueinfo system call, with si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low) * Heap overflow in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing crafted partition tables. (CVE-2011-1776, Low) * Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low) * /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process. (CVE-2011-2495, Low) Red Hat would like to thank Vasily Averin for reporting CVE-2011-2491; Dan Rosenberg for reporting CVE-2011-2497 and CVE-2011-2213; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki for reporting CVE-2011-1593; Andrea Righi for reporting CVE-2011-2183; Julien Tinnes of the Google Security Team for reporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; Marek Kroemeke and Filip Palian for reporting CVE-2011-2492; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2495. 4. Solution: Refer to the Technical Notes, available shortly from the link in the References, for bug fix and enhancement details. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancements noted in the Technical Notes. The system must be rebooted for this update to take effect. Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 690028 - CVE-2011-1182 kernel signal spoofing issue 695173 - CVE-2011-1576 kernel: net: Fix memory leak/corruption on VLAN GRO_DROP 697822 - CVE-2011-1593 kernel: proc: signedness issue in next_pidmap() 703019 - CVE-2011-2492 kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace 703026 - CVE-2011-1776 kernel: validate size of EFI GUID partition entries 709393 - CVE-2011-2491 kernel: rpc task leak after flock()ing NFS share 710338 - CVE-2011-2183 kernel: ksm: race between ksmd and exiting task 713827 - Parallel port issue in RHEL 6.0 server 714536 - CVE-2011-2213 kernel: inet_diag: insufficient validation 714982 - GFS2: Update to rhel6.1 broke dovecot writing to a gfs2 filesystem 715555 - CVE-2011-1898 virt: VT-d (PCI passthrough) MSI trap injection 716539 - bump domain memory limits [6.1.z] 716805 - CVE-2011-2497 kernel: bluetooth: buffer overflow in l2cap config request 716825 - CVE-2011-2495 kernel: /proc/PID/io infoleak 718152 - CVE-2011-2517 kernel: nl80211: missing check for valid SSID size in scan operations 720861 - CVE-2011-2689 kernel: gfs2: make sure fallocate bytes is a multiple of blksize 722557 - CVE-2011-2695 kernel: ext4: kernel panic when writing data to the last block of sparse file 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-131.12.1.el6.src.rpm i386: kernel-2.6.32-131.12.1.el6.i686.rpm kernel-debug-2.6.32-131.12.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.i686.rpm kernel-debug-devel-2.6.32-131.12.1.el6.i686.rpm kernel-debuginfo-2.6.32-131.12.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.12.1.el6.i686.rpm kernel-devel-2.6.32-131.12.1.el6.i686.rpm kernel-headers-2.6.32-131.12.1.el6.i686.rpm perf-2.6.32-131.12.1.el6.i686.rpm perf-debuginfo-2.6.32-131.12.1.el6.i686.rpm noarch: kernel-doc-2.6.32-131.12.1.el6.noarch.rpm kernel-firmware-2.6.32-131.12.1.el6.noarch.rpm x86_64: kernel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.12.1.el6.x86_64.rpm kernel-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-headers-2.6.32-131.12.1.el6.x86_64.rpm perf-2.6.32-131.12.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-131.12.1.el6.src.rpm noarch: kernel-doc-2.6.32-131.12.1.el6.noarch.rpm kernel-firmware-2.6.32-131.12.1.el6.noarch.rpm x86_64: kernel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.12.1.el6.x86_64.rpm kernel-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-headers-2.6.32-131.12.1.el6.x86_64.rpm perf-2.6.32-131.12.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-131.12.1.el6.src.rpm i386: kernel-2.6.32-131.12.1.el6.i686.rpm kernel-debug-2.6.32-131.12.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.i686.rpm kernel-debug-devel-2.6.32-131.12.1.el6.i686.rpm kernel-debuginfo-2.6.32-131.12.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.12.1.el6.i686.rpm kernel-devel-2.6.32-131.12.1.el6.i686.rpm kernel-headers-2.6.32-131.12.1.el6.i686.rpm perf-2.6.32-131.12.1.el6.i686.rpm perf-debuginfo-2.6.32-131.12.1.el6.i686.rpm noarch: kernel-doc-2.6.32-131.12.1.el6.noarch.rpm kernel-firmware-2.6.32-131.12.1.el6.noarch.rpm ppc64: kernel-2.6.32-131.12.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-131.12.1.el6.ppc64.rpm kernel-debug-2.6.32-131.12.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-131.12.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-131.12.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-131.12.1.el6.ppc64.rpm kernel-devel-2.6.32-131.12.1.el6.ppc64.rpm kernel-headers-2.6.32-131.12.1.el6.ppc64.rpm perf-2.6.32-131.12.1.el6.ppc64.rpm perf-debuginfo-2.6.32-131.12.1.el6.ppc64.rpm s390x: kernel-2.6.32-131.12.1.el6.s390x.rpm kernel-debug-2.6.32-131.12.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.s390x.rpm kernel-debug-devel-2.6.32-131.12.1.el6.s390x.rpm kernel-debuginfo-2.6.32-131.12.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-131.12.1.el6.s390x.rpm kernel-devel-2.6.32-131.12.1.el6.s390x.rpm kernel-headers-2.6.32-131.12.1.el6.s390x.rpm kernel-kdump-2.6.32-131.12.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-131.12.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-131.12.1.el6.s390x.rpm perf-2.6.32-131.12.1.el6.s390x.rpm perf-debuginfo-2.6.32-131.12.1.el6.s390x.rpm x86_64: kernel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.12.1.el6.x86_64.rpm kernel-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-headers-2.6.32-131.12.1.el6.x86_64.rpm perf-2.6.32-131.12.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-131.12.1.el6.src.rpm i386: kernel-2.6.32-131.12.1.el6.i686.rpm kernel-debug-2.6.32-131.12.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.i686.rpm kernel-debug-devel-2.6.32-131.12.1.el6.i686.rpm kernel-debuginfo-2.6.32-131.12.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.12.1.el6.i686.rpm kernel-devel-2.6.32-131.12.1.el6.i686.rpm kernel-headers-2.6.32-131.12.1.el6.i686.rpm perf-2.6.32-131.12.1.el6.i686.rpm perf-debuginfo-2.6.32-131.12.1.el6.i686.rpm noarch: kernel-doc-2.6.32-131.12.1.el6.noarch.rpm kernel-firmware-2.6.32-131.12.1.el6.noarch.rpm x86_64: kernel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.12.1.el6.x86_64.rpm kernel-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-headers-2.6.32-131.12.1.el6.x86_64.rpm perf-2.6.32-131.12.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1182.html https://www.redhat.com/security/data/cve/CVE-2011-1576.html https://www.redhat.com/security/data/cve/CVE-2011-1593.html https://www.redhat.com/security/data/cve/CVE-2011-1776.html https://www.redhat.com/security/data/cve/CVE-2011-1898.html https://www.redhat.com/security/data/cve/CVE-2011-2183.html https://www.redhat.com/security/data/cve/CVE-2011-2213.html https://www.redhat.com/security/data/cve/CVE-2011-2491.html https://www.redhat.com/security/data/cve/CVE-2011-2492.html https://www.redhat.com/security/data/cve/CVE-2011-2495.html https://www.redhat.com/security/data/cve/CVE-2011-2497.html https://www.redhat.com/security/data/cve/CVE-2011-2517.html https://www.redhat.com/security/data/cve/CVE-2011-2689.html https://www.redhat.com/security/data/cve/CVE-2011-2695.html https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.1_Technical_Notes/kernel.html#RHSA-2011-1189 https://bugzilla.redhat.com/show_bug.cgi?id=715555 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOU72NXlSAg2UNWIIRAvuvAJ0XW+pjVB73eYV6dyMHJAKRZqTyygCeIAtM +72YbSFubpSk5fCdBrnH5XY= =wVAB - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBTlRXSu4yVqjM2NGpAQLenA//fiNUPvkWwWU7EufEqXahC65ASENCGeAe /Z19pGBUsOmC20eeT5wsrrefsiiMrrff7CpQJbjajxBA+upotqIPlWZ+6ulhcplG 2zjqJV9KZS7CnnI5qxUCKOpHzlYI0GESuOIU/9TGIRPdlxTTx0gWgiHOvWKS5bIP sUy4Tn2HHKW3hvjzKSW3L1tLJNIrtAXZ84rf/HMp29NiDhcZNp4r2c02bHqk0yQG mnSkH3qZbPVnZxf28Bwy7RI323BmtxwuKP6BNvaSlZA/VTVLsJxeXAQb2gXKyeJW nIZHcHM5bErRH6JD/3BJHkIi5bEB38Zlwhd5K11Etm5JKpqzPhx06hQ5w5jgln0X giX18lbWnmzMG1C55NGKHedAQDswx6vo8I/8BFquPU/QJmfxjwS96tNGr79+WetP gVykjPYs5LiWHLoApAin95EQ1ue7++7ZtPAja3rZXr+iKwVQv4C7so3o6uc4eWHx PS6pGrW+CFDWHwkp7nX2FmkxHwOcPYgQoZl0S+3/GV6EG9MmUz4jv+dgDqbhyXq2 limjq+vf4IuSICGkz+oNzBFW81Lj6EQzDUAdJXkZlvdKJCLJ39FfUk7lHENMgZQt AWHWNZj5aXRmmUeAr8K8hJnDOmZHXVqHzb4g98JIg7FmPuKzefBQ1svKHBGfiDyh FaJsSOs6jqo= =w6I2 -----END PGP SIGNATURE-----