RHSA-2011:0421: Important: kernel security and bug fix update

First published: Thu Apr 07 2011(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br>This update fixes the following security issues:<br><li> A flaw was found in the sctp_icmp_proto_unreachable() function in the</li> Linux kernel's Stream Control Transmission Protocol (SCTP) implementation.<br>A remote attacker could use this flaw to cause a denial of service.<br>(CVE-2010-4526, Important)<br><li> A missing boundary check was found in the dvb_ca_ioctl() function in the</li> Linux kernel's av7110 module. On systems that use old DVB cards that<br>require the av7110 module, a local, unprivileged user could use this flaw<br>to cause a denial of service or escalate their privileges. (CVE-2011-0521,<br>Important)<br><li> A race condition was found in the way the Linux kernel's InfiniBand</li> implementation set up new connections. This could allow a remote user to<br>cause a denial of service. (CVE-2011-0695, Important)<br><li> A heap overflow flaw in the iowarrior_write() function could allow a</li> user with access to an IO-Warrior USB device, that supports more than 8<br>bytes per report, to cause a denial of service or escalate their<br>privileges. (CVE-2010-4656, Moderate)<br><li> A flaw was found in the way the Linux Ethernet bridge implementation</li> handled certain IGMP (Internet Group Management Protocol) packets. A local,<br>unprivileged user on a system that has a network interface in an Ethernet<br>bridge could use this flaw to crash that system. (CVE-2011-0716, Moderate)<br><li> A NULL pointer dereference flaw was found in the Generic Receive Offload</li> (GRO) functionality in the Linux kernel's networking implementation. If<br>both GRO and promiscuous mode were enabled on an interface in a virtual LAN<br>(VLAN), it could result in a denial of service when a malformed VLAN frame<br>is received on that interface. (CVE-2011-1478, Moderate)<br><li> A missing initialization flaw in the Linux kernel could lead to an</li> information leak. (CVE-2010-3296, Low)<br><li> A missing security check in the Linux kernel's implementation of the</li> install_special_mapping() function could allow a local, unprivileged user<br>to bypass the mmap_min_addr protection mechanism. (CVE-2010-4346, Low)<br><li> A logic error in the orinoco_ioctl_set_auth() function in the Linux</li> kernel's ORiNOCO wireless extensions support implementation could render<br>TKIP countermeasures ineffective when it is enabled, as it enabled the card<br>instead of shutting it down. (CVE-2010-4648, Low)<br><li> A missing initialization flaw was found in the ethtool_get_regs()</li> function in the Linux kernel's ethtool IOCTL handler. A local user who has<br>the CAP_NET_ADMIN capability could use this flaw to cause an information<br>leak. (CVE-2010-4655, Low)<br><li> An information leak was found in the Linux kernel's task_show_regs()</li> implementation. On IBM S/390 systems, a local, unprivileged user could use<br>this flaw to read /proc/[PID]/status files, allowing them to discover<br>the CPU register values of processes. (CVE-2011-0710, Low)<br>Red Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695; Kees<br>Cook for reporting CVE-2010-4656 and CVE-2010-4655; Dan Rosenberg for<br>reporting CVE-2010-3296; and Tavis Ormandy for reporting CVE-2010-4346.<br>This update also fixes several bugs. Documentation for these bug fixes will<br>be available shortly from the Technical Notes document linked to in the<br>References section.<br>Users should upgrade to these updated packages, which contain backported<br>patches to correct these issues, and fix the bugs noted in the Technical<br>Notes. The system must be rebooted for this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2011:0421
• agent/severity
• agent/title
• agent/weakness
• agent/references
• agent/tags
• agent/type
• agent/description
• agent/event
• agent/first-publish-date
• agent/softwarecombine
• agent/remedy
• agent/last-modified-date
• package-manager/redhat