RHSA-2011:0927: Important: kernel security and bug fix update

First published: Fri Jul 15 2011(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br>This update fixes the following security issues:<br><li> An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,</li> unprivileged user to cause a denial of service or escalate their<br>privileges. (CVE-2010-4649, Important)<br><li> A race condition in the way new InfiniBand connections were set up could</li> allow a remote user to cause a denial of service. (CVE-2011-0695,<br>Important)<br><li> A flaw in the Stream Control Transmission Protocol (SCTP) implementation</li> could allow a remote attacker to cause a denial of service if the sysctl<br>"net.sctp.addip_enable" variable was turned on (it is off by default).<br>(CVE-2011-1573, Important)<br><li> Flaws in the AGPGART driver implementation when handling certain IOCTL</li> commands could allow a local, unprivileged user to cause a denial of<br>service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022,<br>Important)<br><li> An integer overflow flaw in agp_allocate_memory() could allow a local,</li> unprivileged user to cause a denial of service or escalate their<br>privileges. (CVE-2011-1746, Important)<br><li> A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)</li> packets. An attacker on the local network could trigger this flaw by<br>sending specially-crafted packets to a target system, possibly causing a<br>denial of service. (CVE-2011-1576, Moderate)<br><li> An integer signedness error in next_pidmap() could allow a local,</li> unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)<br><li> A flaw in the way the Xen hypervisor implementation handled CPUID</li> instruction emulation during virtual machine exits could allow an<br>unprivileged guest user to crash a guest. This only affects systems that<br>have an Intel x86 processor with the Intel VT-x extension enabled.<br>(CVE-2011-1936, Moderate)<br><li> A flaw in inet_diag_bc_audit() could allow a local, unprivileged user to</li> cause a denial of service (infinite loop). (CVE-2011-2213, Moderate)<br><li> A missing initialization flaw in the XFS file system implementation</li> could lead to an information leak. (CVE-2011-0711, Low)<br><li> A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to</li> cause an information leak. (CVE-2011-1044, Low)<br><li> A missing validation check was found in the signals implementation. A</li> local, unprivileged user could use this flaw to send signals via the<br>sigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed<br>process and user IDs, to other processes. Note: This flaw does not allow<br>existing permission checks to be bypassed; signals can only be sent if your<br>privileges allow you to already do so. (CVE-2011-1182, Low)<br><li> A heap overflow flaw in the EFI GUID Partition Table (GPT) implementation</li> could allow a local attacker to cause a denial of service by mounting a<br>disk containing specially-crafted partition tables. (CVE-2011-1776, Low)<br><li> Structure padding in two structures in the Bluetooth implementation</li> was not initialized properly before being copied to user-space, possibly<br>allowing local, unprivileged users to leak kernel stack memory to<br>user-space. (CVE-2011-2492, Low)<br>Red Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695;<br>Vasiliy Kulikov for reporting CVE-2011-1745, CVE-2011-2022, and<br>CVE-2011-1746; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki for<br>reporting CVE-2011-1593; Dan Rosenberg for reporting CVE-2011-2213 and<br>CVE-2011-0711; Julien Tinnes of the Google Security Team for reporting<br>CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; and Marek Kroemeke<br>and Filip Palian for reporting CVE-2011-2492.<br>Bug fix documentation will be available shortly from the Technical Notes<br>document linked to in the References.<br>Users should upgrade to these updated packages, which contain backported<br>patches to correct these issues, and fix the bugs noted in the Technical<br>Notes. The system must be rebooted for this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2011:0927
• agent/title
• agent/severity
• agent/references
• agent/weakness
• agent/type
• agent/tags
• agent/event
• agent/description
• agent/first-publish-date
• agent/softwarecombine
• agent/remedy
• agent/last-modified-date
• package-manager/redhat