RHSA-2013:1292: Moderate: kernel security and bug fix update

First published: Thu Sep 26 2013(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br>This update fixes the following security issues:<br><li> A use-after-free flaw was found in the madvise() system call</li> implementation in the Linux kernel. A local, unprivileged user could use<br>this flaw to cause a denial of service or, potentially, escalate their<br>privileges. (CVE-2012-3511, Moderate)<br><li> A flaw was found in the way the Linux kernel's TCP/IP protocol suite</li> implementation handled IPv6 sockets that used the UDP_CORK option. A local,<br>unprivileged user could use this flaw to cause a denial of service.<br>(CVE-2013-4162, Moderate)<br><li> An information leak flaw in the Linux kernel could allow a local,</li> unprivileged user to leak kernel memory to user-space. (CVE-2013-2141, Low)<br>Red Hat would like to thank Hannes Frederic Sowa for reporting<br>CVE-2013-4162.<br>This update also fixes the following bugs:<br><li> A bug in the be2net driver prevented communication between NICs using</li> be2net. This update applies a patch addressing this problem along with<br>several other upstream patches that fix various other problems. Traffic<br>between NICs using the be2net driver now proceeds as expected. (BZ#983864)<br><li> A recent patch fixing a problem that prevented communication between</li> NICs using the be2net driver caused the firmware of NICs to become<br>unresponsive, and thus triggered a kernel panic. The problem was caused by<br>unnecessary usage of a hardware workaround that allows skipping VLAN tag<br>insertion. A patch has been applied and the workaround is now used only<br>when the multi-channel configuration is enabled on the NIC. Note that the<br>bug only affected the NICs with firmware version 4.2.xxxx. (BZ#999819)<br><li> A bug in the autofs4 mount expiration code could cause the autofs4</li> module to falsely report a busy tree of NFS mounts as "not in use".<br>Consequently, automount attempted to unmount the tree and failed with<br>a "failed to umount offset" error, leaving the mount tree to appear as<br>empty directories. A patch has been applied to remove an incorrectly used<br>autofs dentry mount check and the aforementioned problem no longer occurs.<br>(BZ#1001488)<br><li> A race condition in the be_open function in the be2net driver could</li> trigger the BUG_ON() macro, which resulted in a kernel panic. A patch<br>addressing this problem has been applied and the race condition is now<br>avoided by enabling polling before enabling interrupts globally. The<br>kernel no longer panics in this situation. (BZ#1005239)<br>All kernel users are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues. The system must be<br>rebooted for this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2013:1292
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• package-manager/redhat