RHSA-2013:0829: Important: kernel-rt security and bug fix update
First published: Mon May 20 2013(Updated: )
Security fixes:<br><li> It was found that the kernel-rt update RHBA-2012:0044 introduced an</li> integer conversion issue in the Linux kernel's Performance Events<br>implementation. This led to a user-supplied index into the<br>perf_swevent_enabled array not being validated properly, resulting in<br>out-of-bounds kernel memory access. A local, unprivileged user could use<br>this flaw to escalate their privileges. (CVE-2013-2094, Important)<br>A public exploit for CVE-2013-2094 that affects Red Hat Enterprise MRG 2 is<br>available. Refer to Red Hat Knowledge Solution 373743, linked to in the<br>References, for further information and mitigation instructions for users<br>who are unable to immediately apply this update.<br><li> An integer overflow flaw, leading to a heap-based buffer overflow, was</li> found in the way the Intel i915 driver in the Linux kernel handled the<br>allocation of the buffer used for relocation copies. A local user with<br>console access could use this flaw to cause a denial of service or escalate<br>their privileges. (CVE-2013-0913, Important)<br><li> It was found that the Linux kernel used effective user and group IDs</li> instead of real ones when passing messages with SCM_CREDENTIALS ancillary<br>data. A local, unprivileged user could leverage this flaw with a set user<br>ID (setuid) application, allowing them to escalate their privileges.<br>(CVE-2013-1979, Important)<br><li> A race condition in install_user_keyrings(), leading to a NULL pointer</li> dereference, was found in the key management facility. A local,<br>unprivileged user could use this flaw to cause a denial of service.<br>(CVE-2013-1792, Moderate)<br><li> A NULL pointer dereference flaw was found in the Linux kernel's XFS file</li> system implementation. A local user who is able to mount an XFS file<br>system could use this flaw to cause a denial of service. (CVE-2013-1819,<br>Moderate)<br><li> An information leak was found in the Linux kernel's POSIX signals</li> implementation. A local, unprivileged user could use this flaw to bypass<br>the Address Space Layout Randomization (ASLR) security feature.<br>(CVE-2013-0914, Low)<br><li> A use-after-free flaw was found in the tmpfs implementation. A local user</li> able to mount and unmount a tmpfs file system could use this flaw to cause<br>a denial of service or, potentially, escalate their privileges.<br>(CVE-2013-1767, Low)<br><li> A NULL pointer dereference flaw was found in the Linux kernel's USB</li> Inside Out Edgeport Serial Driver implementation. A local user with<br>physical access to a system and with access to a USB device's tty file<br>could use this flaw to cause a denial of service. (CVE-2013-1774, Low)<br><li> A format string flaw was found in the ext3_msg() function in the Linux</li> kernel's ext3 file system implementation. A local user who is able to<br>mount an ext3 file system could use this flaw to cause a denial of service<br>or, potentially, escalate their privileges. (CVE-2013-1848, Low)<br><li> A heap-based buffer overflow flaw was found in the Linux kernel's</li> cdc-wdm driver, used for USB CDC WCM device management. An attacker with<br>physical access to a system could use this flaw to cause a denial of<br>service or, potentially, escalate their privileges. (CVE-2013-1860, Low)<br><li> A heap-based buffer overflow in the way the tg3 Ethernet driver parsed</li> the vital product data (VPD) of devices could allow an attacker with<br>physical access to a system to cause a denial of service or, potentially,<br>escalate their privileges. (CVE-2013-1929, Low)<br><li> Information leaks in the Linux kernel's cryptographic API could allow a</li> local user who has the CAP_NET_ADMIN capability to leak kernel stack memory<br>to user-space. (CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, Low)<br><li> Information leaks in the Linux kernel could allow a local, unprivileged</li> user to leak kernel stack memory to user-space. (CVE-2013-2634,<br>CVE-2013-2635, CVE-2013-3076, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225,<br>CVE-2013-3231, Low)<br>Red Hat would like to thank Andy Lutomirski for reporting CVE-2013-1979.<br>CVE-2013-1792 was discovered by Mateusz Guzik of Red Hat EMEA GSS SEG Team.<br>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <3.6.11.2-rt33.39.el6 | 3.6.11.2-rt33.39.el6 |
| redhat/kernel-rt-debug | <3.6.11.2-rt33.39.el6 | 3.6.11.2-rt33.39.el6 |
| redhat/kernel-rt-debug-debuginfo | <3.6.11.2-rt33.39.el6 | 3.6.11.2-rt33.39.el6 |
| redhat/kernel-rt-debug-devel | <3.6.11.2-rt33.39.el6 | 3.6.11.2-rt33.39.el6 |
| redhat/kernel-rt-debuginfo | <3.6.11.2-rt33.39.el6 | 3.6.11.2-rt33.39.el6 |
| redhat/kernel-rt-devel | <3.6.11.2-rt33.39.el6 | 3.6.11.2-rt33.39.el6 |
| redhat/kernel-rt-doc | <3.6.11.2-rt33.39.el6 | 3.6.11.2-rt33.39.el6 |
| redhat/kernel-rt-firmware | <3.6.11.2-rt33.39.el6 | 3.6.11.2-rt33.39.el6 |
| redhat/kernel-rt-trace | <3.6.11.2-rt33.39.el6 | 3.6.11.2-rt33.39.el6 |
| redhat/kernel-rt-trace-debuginfo | <3.6.11.2-rt33.39.el6 | 3.6.11.2-rt33.39.el6 |
| redhat/kernel-rt-trace-devel | <3.6.11.2-rt33.39.el6 | 3.6.11.2-rt33.39.el6 |
| redhat/kernel-rt-vanilla | <3.6.11.2-rt33.39.el6 | 3.6.11.2-rt33.39.el6 |
| redhat/kernel-rt-vanilla-debuginfo | <3.6.11.2-rt33.39.el6 | 3.6.11.2-rt33.39.el6 |
| redhat/kernel-rt-vanilla-devel | <3.6.11.2-rt33.39.el6 | 3.6.11.2-rt33.39.el6 |
| redhat/mrg-rt-release | <3.6.11.2-rt33.39.el6 | 3.6.11.2-rt33.39.el6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=915592
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=916191
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=916646
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=918009
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=918098
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=918512
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=920471
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=920499
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=920783
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=921970
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=924689
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=924690
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=927026
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=949932
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=955216
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=955599
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=955629
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=955649
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=956094
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=956162
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=962792
- https://access.redhat.com/security/updates/classification/#important
- https://access.redhat.com/site/solutions/373743
- https://rhn.redhat.com/errata/RHBA-2012-0044.html
- https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/RHSA-2013-0829.html
- https://access.redhat.com/errata/RHSA-2013:0829 (Advisory)
- collector/redhat-errata
- anchor-id/RHSA-2013:0829
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- package-manager/redhat