Executive Summary

Summary
Title Red Hat Enterprise Linux 5.8 kernel update
Informations
Name RHSA-2012:0150 First vendor Publication 2012-02-21
Vendor RedHat Last vendor Modification 2012-02-21
Severity (Vendor) Moderate Revision 03

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 4.9 Attack Range Local
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated kernel packages that fix one security issue, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the eighth regular update.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issue:

* A flaw was found in the way the Linux kernel's Event Poll (epoll) subsystem handled large, nested epoll structures. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-1083, Moderate)

Red Hat would like to thank Nelson Elhage for reporting this issue.

These updated kernel packages include a number of bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.8 Technical Notes, linked to in the References, for information on the most significant of these changes.

All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

485173 - kernel/module-verify-sig.c with memory uncleaned bug 516170 - kernel multipath driver behaves badly on medium errors 526862 - [RHEL5 Xen]: Mask out CPU features by default 543064 - No NUMA node hash function found on a EX machine 571737 - Cannot use Quickcam Pro 9000 with Ekiga, fails with "uvcvideo: Failed to query ..." 585935 - Bug in RHEL-5.4/5.5 nfs_access_cache_shrinker 608156 - kernel panic if bonding initialization fails 618317 - RFE: RHEL5 Xen: support online dynamic resize of guest virtual disks 664653 - [5.4] OS cannot recognize DVD disk replace in rescue mode. 668027 - unexpected error message when sending a unsolicited NA from user code 668529 - Spare disk added to a raid1 array by mdadm command is dropped upon next boot. 674663 - vlapic: Fix possible guest tick losing after save/restore 681578 - CVE-2011-1083 kernel: excessive in kernel CPU consumption when creating large nested epoll structures 681902 - GFS2: Add readahead to sequential directory traversal 683372 - NFS4: Incorrect server behavior when using OPEN call with O_CREATE on a directory on which the process has no WRITE permissions. 688673 - PCI Virtual Function Passthrough - SR-IOV, Paravirt Guest fails to obtain IRQ after reboot 688791 - dropwatch>stop: Waiting for deactivation ack (forever) 691087 - Incorrect values in /proc/sys/vm/dirty_writeback_centises and dirty_expire_centisecs 694625 - Non-responsive scsi target leads to excessive scsi recovery and dm-mp failover time 697021 - Patch needed to allow MTU >1500 on vif prior to connecting to bridge 698842 - kvmclock: MP-BIOS bug: 8254 timer not connected to IO-APIC 698928 - VLAN interface with changed MAC address fails to communicate 700565 - RHEL6.1 32bit xen hvm guest crash randomly 700752 - 32-bit PV guest crash on restore on x64_86 host 700886 - RHEL5.6 TSC used as default clock source on multi-chassis system 703150 - multiple resource leaks on error paths in blkfront and netfront 703505 - 300 seconds time shift in vdso version of clock_gettime() 704921 - panic in cifsd code after unexpected lookup error -88. 706339 - open/closed files in cifs mount points 707966 - 2.6.18-238.1.1.el5 or newer won't boot under Xen HVM due to linux-2.6-virt-nmi-don-t-print-nmi-stuck-messages-on-guests.patch 709271 - net.ipv6.conf.default.dad_transmits has no effect on tentative IPv6 addresses 709515 - Kernel panic at nfs4_callback_compound+0x2dd 711070 - mask the SMEP bit for PV, do the same or backport SMEP emulation for HVM 712439 - Backport "x86: extend debug key 't' to collect useful clock skew info" 712440 - Backport "vmx: Print advanced features during boot" 712441 - Backport "x86/hvm: fix off-by-one errors in vcpuid range checks" 713702 - pull missing fixes from upstream x86_emulate() 714053 - couple nice-to-have xen hypervisor patches 714670 - TCP_CRR and concurrent TCP stream tests over IPv6 sometime fails on rhel5.7 715501 - ext4: Don't error out the fs if the user tries to make a file too big 716834 - 'dmesg' command is swamped with the message: pci_set_power_state(): 0000:05:05.0: state=3, current state=5 717434 - Unable to attach a cdrom device to guest domain 717850 - miss xmit_hash_policy=layer2+3 in modinfo bonding output 718232 - [xfs] mis-sized O_DIRECT I/O results in hung task timeouts 718641 - Can't change lacp_rate in bonding mode=802.3ad 718988 - [EL5.7] igb: failed to activate WOL on 2nd LAN port on i350 720347 - RHEL 6.1 Xen paravirt guest is getting network outage during live migration (host side) 720551 - xfs_error_report() oops when passed-in mp is NULL 720936 - Windows guests may hang/BSOD on some AMD processors. 720986 - vlapic: backport EOI fast path 723755 - win2003 i386 guest BSOD when created with e1000 nic 728508 - Huge performance regression in NFS client 729261 - ext3/ext4 mbcache causes high CPU load 732752 - exclude VMX_PROCBASED_CTL2 from the MSRs a VMX guest is allowed to access 733416 - netfront MTU drops to 1500 after domain migration 734708 - xen modules - unable to handle kernel NULL pointer dereference 734900 - Panic, NMI Watchdog detected LOCKUP on CPU 6 735477 - nfs4_getfacl decoding causes kernel oops 740203 - Host crash when pass-through fails 740299 - [RTC] - The ioctl RTC_IRPQ_READ doesn't return the correct value 742880 - [RFE] backport Xen watchdog (hypervisor side only) 752626 - BNX2I: Fixed the endian on TTT for NOP out transmission 753729 - system cannot suspend with "stopping tasks timed out - bnx2i_thread/0 remaining" 771592 - Install RHEV-H to virtual machine cause VM kernel panic when boot 772578 - [ALL LANG] [anaconda] The installation halted when clicking 'Skip' button (select 'Skip entering Installation Number')

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2012-0150.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21343
 
Oval ID: oval:org.mitre.oval:def:21343
Title: RHSA-2012:0150: Red Hat Enterprise Linux 5.8 kernel update (Moderate)
Description: The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
Family: unix Class: patch
Reference(s): RHSA-2012:0150-03
CVE-2011-1083
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22915
 
Oval ID: oval:org.mitre.oval:def:22915
Title: ELSA-2012:0150: Oracle Linux 5.x.8 kernel update (Moderate)
Description: The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.
Family: unix Class: patch
Reference(s): ELSA-2012:0150-03
CVE-2011-1083
Version: 6
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27798
 
Oval ID: oval:org.mitre.oval:def:27798
Title: DEPRECATED: ELSA-2012-0150 -- Oracle Linux 5.8 kernel security and bug update (moderate)
Description: kernel [2.6.18-308.el5] - [scsi] lpfc: Update lpfc version for 8.2.0.108.4p driver release (Rob Evers) [784073] - [scsi] lpfc: Fix FCP EQ memory check init w/single int vector (Rob Evers) [784073]
Family: unix Class: patch
Reference(s): ELSA-2012-0150
CVE-2011-1083
Version: 4
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27877
 
Oval ID: oval:org.mitre.oval:def:27877
Title: ELSA-2012-0150-1 -- Oracle Linux 5.8 kernel security and bug update (moderate)
Description: A flaw was found in the way the Linux kernel's Event Poll (epoll) subsystem handled large, nested epoll structures. A local, unprivileged user could use this flaw to cause a denial of service.
Family: unix Class: patch
Reference(s): ELSA-2012-0150-1
CVE-2011-1083
Version: 5
Platform(s): Oracle Linux 5
Product(s): kernel
ocfs2
oracleasm
kernel-PAE
kernel-PAE-devel
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-headers
kernel-xen
kernel-xen-devel
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 1361
Os 1
Os 1
Os 1
Os 2
Os 4

OpenVAS Exploits

Date Description
2012-07-30 Name : CentOS Update for kernel CESA-2012:1061 centos5
File : nvt/gb_CESA-2012_1061_kernel_centos5.nasl
2012-07-30 Name : CentOS Update for kernel CESA-2012:0862 centos6
File : nvt/gb_CESA-2012_0862_kernel_centos6.nasl
2012-07-16 Name : RedHat Update for kernel RHSA-2012:1061-01
File : nvt/gb_RHSA-2012_1061-01_kernel.nasl
2012-06-25 Name : Fedora Update for kernel FEDORA-2012-8931
File : nvt/gb_fedora_2012_8931_kernel_fc15.nasl
2012-06-22 Name : RedHat Update for Red Hat Enterprise Linux 6 kernel RHSA-2012:0862-04
File : nvt/gb_RHSA-2012_0862-04_Red_Hat_Enterprise_Linux_6_kernel.nasl
2012-05-17 Name : Fedora Update for kernel FEDORA-2012-7594
File : nvt/gb_fedora_2012_7594_kernel_fc15.nasl
2012-04-26 Name : Fedora Update for kernel FEDORA-2012-6406
File : nvt/gb_fedora_2012_6406_kernel_fc15.nasl
2012-03-29 Name : Fedora Update for kernel FEDORA-2012-3715
File : nvt/gb_fedora_2012_3715_kernel_fc15.nasl
2012-03-16 Name : Fedora Update for kernel FEDORA-2012-3356
File : nvt/gb_fedora_2012_3356_kernel_fc15.nasl
2012-03-07 Name : Fedora Update for kernel FEDORA-2012-2753
File : nvt/gb_fedora_2012_2753_kernel_fc15.nasl
2012-02-13 Name : Fedora Update for kernel FEDORA-2012-1503
File : nvt/gb_fedora_2012_1503_kernel_fc15.nasl
2012-01-25 Name : Fedora Update for kernel FEDORA-2012-0861
File : nvt/gb_fedora_2012_0861_kernel_fc15.nasl
2012-01-16 Name : Fedora Update for kernel FEDORA-2012-0492
File : nvt/gb_fedora_2012_0492_kernel_fc15.nasl
2011-12-12 Name : Fedora Update for kernel FEDORA-2011-16621
File : nvt/gb_fedora_2011_16621_kernel_fc15.nasl
2011-12-02 Name : Fedora Update for kernel FEDORA-2011-16346
File : nvt/gb_fedora_2011_16346_kernel_fc14.nasl
2011-11-18 Name : Fedora Update for kernel FEDORA-2011-15856
File : nvt/gb_fedora_2011_15856_kernel_fc15.nasl
2011-11-08 Name : Fedora Update for kernel FEDORA-2011-15241
File : nvt/gb_fedora_2011_15241_kernel_fc14.nasl
2011-07-18 Name : Ubuntu Update for linux USN-1167-1
File : nvt/gb_ubuntu_USN_1167_1.nasl
2011-07-08 Name : Ubuntu Update for linux USN-1160-1
File : nvt/gb_ubuntu_USN_1160_1.nasl
2011-06-06 Name : Ubuntu Update for linux USN-1141-1
File : nvt/gb_ubuntu_USN_1141_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
71265 Linux Kernel epoll Nested Structures Local DoS

Linux Kernel contains a flaw that may allow a local denial of service. The issue is triggered when error within the epoll implementation occurs, allowing a local attacker to use nested epoll structures to cause a denial of service via high CPU consumption.

Nessus® Vulnerability Scanner

Date Description
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0287-1.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2013-0039.nasl - Type : ACT_GATHER_INFO
2014-11-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0168.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-756.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-342.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-235.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-100.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-22.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1061-1.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0150.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-2026.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-2025.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0862.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1061.nasl - Type : ACT_GATHER_INFO
2013-01-25 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-120428.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1129.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120710_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-07-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1061.nasl - Type : ACT_GATHER_INFO
2012-07-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0862.nasl - Type : ACT_GATHER_INFO
2012-07-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1061.nasl - Type : ACT_GATHER_INFO
2012-06-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0862.nasl - Type : ACT_GATHER_INFO
2012-04-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-120418.nasl - Type : ACT_GATHER_INFO
2012-02-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0150.nasl - Type : ACT_GATHER_INFO
2011-11-18 Name : The remote Fedora host is missing a security update.
File : fedora_2011-15856.nasl - Type : ACT_GATHER_INFO
2011-11-07 Name : The remote Fedora host is missing a security update.
File : fedora_2011-15241.nasl - Type : ACT_GATHER_INFO
2011-07-14 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1167-1.nasl - Type : ACT_GATHER_INFO
2011-06-29 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1160-1.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1141-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:55:40
  • Multiple Updates