RHSA-2011:1479: Important: kernel security, bug fix, and enhancement update

First published: Tue Nov 29 2011(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br>This update fixes the following security issues:<br><li> Using PCI passthrough without interrupt remapping support allowed Xen</li> hypervisor guests to generate MSI interrupts and thus potentially inject<br>traps. A privileged guest user could use this flaw to crash the host or<br>possibly escalate their privileges on the host. The fix for this issue can<br>prevent PCI passthrough working and guests starting. Refer to Red Hat<br>Bugzilla bug 715555 for details. (CVE-2011-1898, Important)<br><li> A flaw was found in the way CIFS (Common Internet File System) shares</li> with DFS referrals at their root were handled. An attacker on the local<br>network who is able to deploy a malicious CIFS server could create a CIFS<br>network share that, when mounted, would cause the client system to crash.<br>(CVE-2011-3363, Moderate)<br><li> A NULL pointer dereference flaw was found in the way the Linux kernel's</li> key management facility handled user-defined key types. A local,<br>unprivileged user could use the keyctl utility to cause a denial of<br>service. (CVE-2011-4110, Moderate)<br><li> A flaw in the way memory containing security-related data was handled in</li> tpm_read() could allow a local, unprivileged user to read the results of a<br>previously run TPM command. (CVE-2011-1162, Low)<br><li> A NULL pointer dereference flaw was found in the Linux kernel's HFS file</li> system implementation. A local attacker could use this flaw to cause a<br>denial of service by mounting a disk that contains a specially-crafted HFS<br>file system with a corrupted MDB extent record. (CVE-2011-2203, Low)<br><li> The I/O statistics from the taskstats subsystem could be read without</li> any restrictions. A local, unprivileged user could use this flaw to gather<br>confidential information, such as the length of a password used in a<br>process. (CVE-2011-2494, Low)<br>Red Hat would like to thank Yogesh Sharma for reporting CVE-2011-3363;<br>Peter Huewe for reporting CVE-2011-1162; Clement Lecigne for reporting<br>CVE-2011-2203; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2494.<br>This update also fixes several bugs and adds one enhancement. Documentation<br>for these changes will be available shortly from the Technical Notes<br>document linked to in the References section.<br>Users should upgrade to these updated packages, which contain backported<br>patches to correct these issues, and fix the bugs and add the enhancement<br>noted in the Technical Notes. The system must be rebooted for this update<br>to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2011:1479
• agent/severity
• agent/title
• agent/weakness
• agent/references
• agent/description
• agent/tags
• agent/type
• agent/event
• agent/softwarecombine
• agent/first-publish-date
• agent/last-modified-date
• agent/remedy
• package-manager/redhat