RHSA-2011:0500: Important: kernel-rt security and bug fix update

First published: Tue May 10 2011(Updated: )

The kernel-rt packages contain the Linux kernel, the core of any Linux<br>operating system.<br>This update fixes the following security issues:<br><li> A race condition in the way the Linux kernel's InfiniBand implementation</li> set up new connections could allow a remote user to cause a denial of<br>service. (CVE-2011-0695, Important)<br><li> An integer signedness flaw in drm_modeset_ctl() could allow a local,</li> unprivileged user to cause a denial of service or escalate their<br>privileges. (CVE-2011-1013, Important)<br><li> A flaw in dccp_rcv_state_process() could allow a remote attacker to cause</li> a denial of service, even when the socket was already closed.<br>(CVE-2011-1093, Important)<br><li> A missing validation of a null-terminated string data structure element</li> in bnep_sock_ioctl() could allow a local user to cause an information leak<br>or a denial of service. (CVE-2011-1079, Moderate)<br><li> A flaw in the Linux kernel's Event Poll (epoll) implementation could</li> allow a local, unprivileged user to cause a denial of service.<br>(CVE-2011-1082, Moderate)<br><li> A missing initialization flaw in the XFS file system implementation could</li> lead to an information leak. (CVE-2011-0711, Low)<br><li> The start_code and end_code values in "/proc/[pid]/stat" were not</li> protected. In certain scenarios, this flaw could be used to defeat Address<br>Space Layout Randomization (ASLR). (CVE-2011-0726, Low)<br><li> A missing validation check in the Linux kernel's mac_partition()</li> implementation, used for supporting file systems created on Mac OS<br>operating systems, could allow a local attacker to cause a denial of<br>service by mounting a disk that contains specially-crafted partitions.<br>(CVE-2011-1010, Low)<br><li> A flaw in dev_load() could allow a local user who has the CAP_NET_ADMIN</li> capability to load arbitrary modules from "/lib/modules/", instead of only<br>netdev modules. (CVE-2011-1019, Low)<br><li> A missing initialization flaw in sco_sock_getsockopt_old() could allow a</li> local, unprivileged user to cause an information leak. (CVE-2011-1078, Low)<br><li> A buffer overflow flaw in the DEC Alpha OSF partition implementation in</li> the Linux kernel could allow a local attacker to cause an information leak<br>by mounting a disk that contains specially-crafted partition tables.<br>(CVE-2011-1163, Low)<br><li> Missing validations of null-terminated string data structure elements</li> in the do_replace(), compat_do_replace(), do_ipt_get_ctl(),<br>do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user<br>who has the CAP_NET_ADMIN capability to cause an information leak.<br>(CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1080, Low)<br>Red Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695;<br>Vasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1019, CVE-2011-1078,<br>CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, and CVE-2011-1080; Nelson<br>Elhage for reporting CVE-2011-1082; Dan Rosenberg for reporting<br>CVE-2011-0711; Kees Cook for reporting CVE-2011-0726; and Timo Warns for<br>reporting CVE-2011-1010 and CVE-2011-1163.<br>This update also fixes various bugs. Documentation for these bug fixes will<br>be available shortly from the Technical Notes document linked to in the<br>References section.<br>Users should upgrade to these updated packages, which upgrade the kernel-rt<br>kernel to version 2.6.33.9-rt31, and correct these issues. The system must<br>be rebooted for this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2011:0500
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness