RHSA-2011:0429: Important: kernel security and bug fix update

First published: Tue Apr 12 2011(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br>This update fixes the following security issues:<br><li> A missing boundary check was found in the dvb_ca_ioctl() function in the</li> Linux kernel's av7110 module. On systems that use old DVB cards that<br>require the av7110 module, a local, unprivileged user could use this flaw<br>to cause a denial of service or escalate their privileges. (CVE-2011-0521,<br>Important)<br><li> An inconsistency was found in the interaction between the Linux kernel's</li> method for allocating NFSv4 (Network File System version 4) ACL data and<br>the method by which it was freed. This inconsistency led to a kernel panic<br>which could be triggered by a local, unprivileged user with files owned by<br>said user on an NFSv4 share. (CVE-2011-1090, Moderate)<br><li> A NULL pointer dereference flaw was found in the Generic Receive Offload</li> (GRO) functionality in the Linux kernel's networking implementation. If<br>both GRO and promiscuous mode were enabled on an interface in a virtual LAN<br>(VLAN), it could result in a denial of service when a malformed VLAN frame<br>is received on that interface. (CVE-2011-1478, Moderate)<br><li> A missing security check in the Linux kernel's implementation of the</li> install_special_mapping() function could allow a local, unprivileged user<br>to bypass the mmap_min_addr protection mechanism. (CVE-2010-4346, Low)<br><li> An information leak was found in the Linux kernel's task_show_regs()</li> implementation. On IBM S/390 systems, a local, unprivileged user could use<br>this flaw to read /proc/[PID]/status files, allowing them to discover the<br>CPU register values of processes. (CVE-2011-0710, Low)<br><li> A missing validation check was found in the Linux kernel's</li> mac_partition() implementation, used for supporting file systems created<br>on Mac OS operating systems. A local attacker could use this flaw to cause<br>a denial of service by mounting a disk that contains specially-crafted<br>partitions. (CVE-2011-1010, Low)<br>Red Hat would like to thank Ryan Sweat for reporting CVE-2011-1478; Tavis<br>Ormandy for reporting CVE-2010-4346; and Timo Warns for reporting<br>CVE-2011-1010.<br>This update also fixes several bugs. Documentation for these bug fixes will<br>be available shortly from the Technical Notes document linked to in the<br>References section.<br>Users should upgrade to these updated packages, which contain backported<br>patches to correct these issues, and fix the bugs noted in the Technical<br>Notes. The system must be rebooted for this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• collector/redhat-errata
• anchor-id/RHSA-2011:0429
• package-manager/redhat