Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[RHSA-2012:0150-03] Moderate: Red Hat Enterprise Linux 5.8 kernel update

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

=====================================================================

Red Hat Security Advisory

 

Synopsis: Moderate: Red Hat Enterprise Linux 5.8 kernel update

Advisory ID: RHSA-2012:0150-03

Product: Red Hat Enterprise Linux

Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0150.html

Issue date: 2012-02-21

CVE Names: CVE-2011-1083

=====================================================================

 

1. Summary:

 

Updated kernel packages that fix one security issue, address several

hundred bugs, and add numerous enhancements are now available as part of

the ongoing support and maintenance of Red Hat Enterprise Linux version 5.

This is the eighth regular update.

 

The Red Hat Security Response Team has rated this update as having moderate

security impact. A Common Vulnerability Scoring System (CVSS) base score,

which gives a detailed severity rating, is available from the CVE link in

the References section.

 

2. Relevant releases/architectures:

 

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

 

3. Description:

 

The kernel packages contain the Linux kernel, the core of any Linux

operating system.

 

This update fixes the following security issue:

 

* A flaw was found in the way the Linux kernel's Event Poll (epoll)

subsystem handled large, nested epoll structures. A local, unprivileged

user could use this flaw to cause a denial of service. (CVE-2011-1083,

Moderate)

 

Red Hat would like to thank Nelson Elhage for reporting this issue.

 

These updated kernel packages include a number of bug fixes and

enhancements. Space precludes documenting all of these changes in this

advisory. Users are directed to the Red Hat Enterprise Linux 5.8 Technical

Notes, linked to in the References, for information on the most significant

of these changes.

 

All Red Hat Enterprise Linux 5 users are advised to install these updated

packages, which correct these issues and add these enhancements. The system

must be rebooted for this update to take effect.

 

4. Solution:

 

Before applying this update, make sure all previously-released errata

relevant to your system have been applied.

 

This update is available via the Red Hat Network. Details on how to

use the Red Hat Network to apply this update are available at

https://access.redhat.com/kb/docs/DOC-11259

 

To install kernel packages manually, use "rpm -ivh [package]". Do not

use "rpm -Uvh" as that will remove the running kernel binaries from

your system. You may use "rpm -e" to remove old kernels after

determining that the new kernel functions properly on your system.

 

5. Bugs fixed (http://bugzilla.redhat.com/):

 

485173 - kernel/module-verify-sig.c with memory uncleaned bug

516170 - kernel multipath driver behaves badly on medium errors

526862 - [RHEL5 Xen]: Mask out CPU features by default

543064 - No NUMA node hash function found on a EX machine

571737 - Cannot use Quickcam Pro 9000 with Ekiga, fails with "uvcvideo: Failed to query ..."

585935 - Bug in RHEL-5.4/5.5 nfs_access_cache_shrinker

608156 - kernel panic if bonding initialization fails

618317 - RFE: RHEL5 Xen: support online dynamic resize of guest virtual disks

664653 - [5.4] OS cannot recognize DVD disk replace in rescue mode.

668027 - unexpected error message when sending a unsolicited NA from user code

668529 - Spare disk added to a raid1 array by mdadm command is dropped upon next boot.

674663 - vlapic: Fix possible guest tick losing after save/restore

681578 - CVE-2011-1083 kernel: excessive in kernel CPU consumption when creating large nested epoll structures

681902 - GFS2: Add readahead to sequential directory traversal

683372 - NFS4: Incorrect server behavior when using OPEN call with O_CREATE on a directory on which the process has no WRITE permissions.

688673 - PCI Virtual Function Passthrough - SR-IOV, Paravirt Guest fails to obtain IRQ after reboot

688791 - dropwatch>stop: Waiting for deactivation ack (forever)

691087 - Incorrect values in /proc/sys/vm/dirty_writeback_centises and dirty_expire_centisecs

694625 - Non-responsive scsi target leads to excessive scsi recovery and dm-mp failover time

697021 - Patch needed to allow MTU >1500 on vif prior to connecting to bridge

698842 - kvmclock: MP-BIOS bug: 8254 timer not connected to IO-APIC

698928 - VLAN interface with changed MAC address fails to communicate

700565 - RHEL6.1 32bit xen hvm guest crash randomly

700752 - 32-bit PV guest crash on restore on x64_86 host

700886 - RHEL5.6 TSC used as default clock source on multi-chassis system

703150 - multiple resource leaks on error paths in blkfront and netfront

703505 - 300 seconds time shift in vdso version of clock_gettime()

704921 - panic in cifsd code after unexpected lookup error -88.

706339 - open/closed files in cifs mount points

707966 - 2.6.18-238.1.1.el5 or newer won't boot under Xen HVM due to linux-2.6-virt-nmi-don-t-print-nmi-stuck-messages-on-guests.patch

709271 - net.ipv6.conf.default.dad_transmits has no effect on tentative IPv6 addresses

709515 - Kernel panic at nfs4_callback_compound+0x2dd

711070 - mask the SMEP bit for PV, do the same or backport SMEP emulation for HVM

712439 - Backport "x86: extend debug key 't' to collect useful clock skew info"

712440 - Backport "vmx: Print advanced features during boot"

712441 - Backport "x86/hvm: fix off-by-one errors in vcpuid range checks"

713702 - pull missing fixes from upstream x86_emulate()

714053 - couple nice-to-have xen hypervisor patches

714670 - TCP_CRR and concurrent TCP stream tests over IPv6 sometime fails on rhel5.7

715501 - ext4: Don't error out the fs if the user tries to make a file too big

716834 - 'dmesg' command is swamped with the message: pci_set_power_state(): 0000:05:05.0: state=3, current state=5

717434 - Unable to attach a cdrom device to guest domain

717850 - miss xmit_hash_policy=layer2+3 in modinfo bonding output

718232 - [xfs] mis-sized O_DIRECT I/O results in hung task timeouts

718641 - Can't change lacp_rate in bonding mode=802.3ad

718988 - [EL5.7] igb: failed to activate WOL on 2nd LAN port on i350

720347 - RHEL 6.1 Xen paravirt guest is getting network outage during live migration (host side)

720551 - xfs_error_report() oops when passed-in mp is NULL

720936 - Windows guests may hang/BSOD on some AMD processors.

720986 - vlapic: backport EOI fast path

723755 - win2003 i386 guest BSOD when created with e1000 nic

728508 - Huge performance regression in NFS client

729261 - ext3/ext4 mbcache causes high CPU load

732752 - exclude VMX_PROCBASED_CTL2 from the MSRs a VMX guest is allowed to access

733416 - netfront MTU drops to 1500 after domain migration

734708 - xen modules - unable to handle kernel NULL pointer dereference

734900 - Panic, NMI Watchdog detected LOCKUP on CPU 6

735477 - nfs4_getfacl decoding causes kernel oops

740203 - Host crash when pass-through fails

740299 - [RTC] - The ioctl RTC_IRPQ_READ doesn't return the correct value

742880 - [RFE] backport Xen watchdog (hypervisor side only)

752626 - BNX2I: Fixed the endian on TTT for NOP out transmission

753729 - system cannot suspend with "stopping tasks timed out - bnx2i_thread/0 remaining"

771592 - Install RHEV-H to virtual machine cause VM kernel panic when boot

772578 - [ALL LANG] [anaconda] The installation halted when clicking 'Skip' button (select 'Skip entering Installation Number')

 

6. Package List:

 

Red Hat Enterprise Linux Desktop (v. 5 client):

 

Source:

ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-308.el5.src.rpm

 

i386:

kernel-2.6.18-308.el5.i686.rpm

kernel-PAE-2.6.18-308.el5.i686.rpm

kernel-PAE-debuginfo-2.6.18-308.el5.i686.rpm

kernel-PAE-devel-2.6.18-308.el5.i686.rpm

kernel-debug-2.6.18-308.el5.i686.rpm

kernel-debug-debuginfo-2.6.18-308.el5.i686.rpm

kernel-debug-devel-2.6.18-308.el5.i686.rpm

kernel-debuginfo-2.6.18-308.el5.i686.rpm

kernel-debuginfo-common-2.6.18-308.el5.i686.rpm

kernel-devel-2.6.18-308.el5.i686.rpm

kernel-headers-2.6.18-308.el5.i386.rpm

kernel-xen-2.6.18-308.el5.i686.rpm

kernel-xen-debuginfo-2.6.18-308.el5.i686.rpm

kernel-xen-devel-2.6.18-308.el5.i686.rpm

 

noarch:

kernel-doc-2.6.18-308.el5.noarch.rpm

 

x86_64:

kernel-2.6.18-308.el5.x86_64.rpm

kernel-debug-2.6.18-308.el5.x86_64.rpm

kernel-debug-debuginfo-2.6.18-308.el5.x86_64.rpm

kernel-debug-devel-2.6.18-308.el5.x86_64.rpm

kernel-debuginfo-2.6.18-308.el5.x86_64.rpm

kernel-debuginfo-common-2.6.18-308.el5.x86_64.rpm

kernel-devel-2.6.18-308.el5.x86_64.rpm

kernel-headers-2.6.18-308.el5.x86_64.rpm

kernel-xen-2.6.18-308.el5.x86_64.rpm

kernel-xen-debuginfo-2.6.18-308.el5.x86_64.rpm

kernel-xen-devel-2.6.18-308.el5.x86_64.rpm

 

Red Hat Enterprise Linux (v. 5 server):

 

Source:

ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-308.el5.src.rpm

 

i386:

kernel-2.6.18-308.el5.i686.rpm

kernel-PAE-2.6.18-308.el5.i686.rpm

kernel-PAE-debuginfo-2.6.18-308.el5.i686.rpm

kernel-PAE-devel-2.6.18-308.el5.i686.rpm

kernel-debug-2.6.18-308.el5.i686.rpm

kernel-debug-debuginfo-2.6.18-308.el5.i686.rpm

kernel-debug-devel-2.6.18-308.el5.i686.rpm

kernel-debuginfo-2.6.18-308.el5.i686.rpm

kernel-debuginfo-common-2.6.18-308.el5.i686.rpm

kernel-devel-2.6.18-308.el5.i686.rpm

kernel-headers-2.6.18-308.el5.i386.rpm

kernel-xen-2.6.18-308.el5.i686.rpm

kernel-xen-debuginfo-2.6.18-308.el5.i686.rpm

kernel-xen-devel-2.6.18-308.el5.i686.rpm

 

ia64:

kernel-2.6.18-308.el5.ia64.rpm

kernel-debug-2.6.18-308.el5.ia64.rpm

kernel-debug-debuginfo-2.6.18-308.el5.ia64.rpm

kernel-debug-devel-2.6.18-308.el5.ia64.rpm

kernel-debuginfo-2.6.18-308.el5.ia64.rpm

kernel-debuginfo-common-2.6.18-308.el5.ia64.rpm

kernel-devel-2.6.18-308.el5.ia64.rpm

kernel-headers-2.6.18-308.el5.ia64.rpm

kernel-xen-2.6.18-308.el5.ia64.rpm

kernel-xen-debuginfo-2.6.18-308.el5.ia64.rpm

kernel-xen-devel-2.6.18-308.el5.ia64.rpm

 

noarch:

kernel-doc-2.6.18-308.el5.noarch.rpm

 

ppc:

kernel-2.6.18-308.el5.ppc64.rpm

kernel-debug-2.6.18-308.el5.ppc64.rpm

kernel-debug-debuginfo-2.6.18-308.el5.ppc64.rpm

kernel-debug-devel-2.6.18-308.el5.ppc64.rpm

kernel-debuginfo-2.6.18-308.el5.ppc64.rpm

kernel-debuginfo-common-2.6.18-308.el5.ppc64.rpm

kernel-devel-2.6.18-308.el5.ppc64.rpm

kernel-headers-2.6.18-308.el5.ppc.rpm

kernel-headers-2.6.18-308.el5.ppc64.rpm

kernel-kdump-2.6.18-308.el5.ppc64.rpm

kernel-kdump-debuginfo-2.6.18-308.el5.ppc64.rpm

kernel-kdump-devel-2.6.18-308.el5.ppc64.rpm

 

s390x:

kernel-2.6.18-308.el5.s390x.rpm

kernel-debug-2.6.18-308.el5.s390x.rpm

kernel-debug-debuginfo-2.6.18-308.el5.s390x.rpm

kernel-debug-devel-2.6.18-308.el5.s390x.rpm

kernel-debuginfo-2.6.18-308.el5.s390x.rpm

kernel-debuginfo-common-2.6.18-308.el5.s390x.rpm

kernel-devel-2.6.18-308.el5.s390x.rpm

kernel-headers-2.6.18-308.el5.s390x.rpm

kernel-kdump-2.6.18-308.el5.s390x.rpm

kernel-kdump-debuginfo-2.6.18-308.el5.s390x.rpm

kernel-kdump-devel-2.6.18-308.el5.s390x.rpm

 

x86_64:

kernel-2.6.18-308.el5.x86_64.rpm

kernel-debug-2.6.18-308.el5.x86_64.rpm

kernel-debug-debuginfo-2.6.18-308.el5.x86_64.rpm

kernel-debug-devel-2.6.18-308.el5.x86_64.rpm

kernel-debuginfo-2.6.18-308.el5.x86_64.rpm

kernel-debuginfo-common-2.6.18-308.el5.x86_64.rpm

kernel-devel-2.6.18-308.el5.x86_64.rpm

kernel-headers-2.6.18-308.el5.x86_64.rpm

kernel-xen-2.6.18-308.el5.x86_64.rpm

kernel-xen-debuginfo-2.6.18-308.el5.x86_64.rpm

kernel-xen-devel-2.6.18-308.el5.x86_64.rpm

 

These packages are GPG signed by Red Hat for security. Our key and

details on how to verify the signature are available from

https://access.redhat.com/security/team/key/#package

 

7. References:

 

https://www.redhat.com/security/data/cve/CVE-2011-1083.html

https://access.redhat.com/security/updates/classification/#moderate

https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.8_Technical_Notes/kernel.html#RHSA-2012-0150

 

8. Contact:

 

The Red Hat security contact is . More contact

details at https://access.redhat.com/security/team/contact/

 

Copyright 2012 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.4 (GNU/Linux)

 

iD8DBQFPQyRGXlSAg2UNWIIRArL8AJ4p5o/4QRlcwsYv1Qg91KI+8qsrqwCeM1ks

+b77f5VxTGHGM3BoAB80Ymc=

=wl+4

-----END PGP SIGNATURE-----

 

 

--

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×