LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

February 2013

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA February 2013

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Moderate: kernel on SL6.x i386/x86_64
From:	Pat Riehecky <[log in to unmask]>
Reply To:	Pat Riehecky <[log in to unmask]>
Date:	Wed, 6 Feb 2013 09:14:56 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (70 lines)

Synopsis:          Moderate: kernel security and bug fix update
Issue Date:        2013-02-05
CVE Numbers:       CVE-2012-4398
                    CVE-2012-4461
                    CVE-2012-4530
--

This update fixes the following security issues:

* It was found that a deadlock could occur in the Out of Memory (OOM) 
killer. A
process could trigger this deadlock by consuming a large amount of 
memory, and
then causing request_module() to be called. A local, unprivileged user could
use this flaw to cause a denial of service (excessive memory consumption).
(CVE-2012-4398, Moderate)

* A flaw was found in the way the KVM (Kernel-based Virtual Machine) 
subsystem
handled guests attempting to run with the X86_CR4_OSXSAVE CPU feature 
flag set.
On hosts without the XSAVE CPU feature, a local, unprivileged user could use
this flaw to crash the host system. (The "grep --color xsave /proc/cpuinfo"
command can be used to verify if your system has the XSAVE CPU feature.)
(CVE-2012-4461, Moderate)

* A memory disclosure flaw was found in the way the load_script() 
function in
the binfmt_script binary format handler handled excessive recursions. A 
local,
unprivileged user could use this flaw to leak kernel stack memory to 
user-space
by executing specially-crafted scripts. (CVE-2012-4530, Low)

The system must be rebooted for this update to take effect.
--

SL6
   x86_64
     kernel-2.6.32-279.22.1.el6.x86_64.rpm
     kernel-debug-2.6.32-279.22.1.el6.x86_64.rpm
     kernel-debug-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm
     kernel-debug-devel-2.6.32-279.22.1.el6.x86_64.rpm
     kernel-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm
     kernel-debuginfo-common-x86_64-2.6.32-279.22.1.el6.x86_64.rpm
     kernel-devel-2.6.32-279.22.1.el6.x86_64.rpm
     kernel-headers-2.6.32-279.22.1.el6.x86_64.rpm
     perf-2.6.32-279.22.1.el6.x86_64.rpm
     perf-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm
     python-perf-debuginfo-2.6.32-279.22.1.el6.x86_64.rpm
     python-perf-2.6.32-279.22.1.el6.x86_64.rpm
   i386
     kernel-2.6.32-279.22.1.el6.i686.rpm
     kernel-debug-2.6.32-279.22.1.el6.i686.rpm
     kernel-debug-debuginfo-2.6.32-279.22.1.el6.i686.rpm
     kernel-debug-devel-2.6.32-279.22.1.el6.i686.rpm
     kernel-debuginfo-2.6.32-279.22.1.el6.i686.rpm
     kernel-debuginfo-common-i686-2.6.32-279.22.1.el6.i686.rpm
     kernel-devel-2.6.32-279.22.1.el6.i686.rpm
     kernel-headers-2.6.32-279.22.1.el6.i686.rpm
     perf-2.6.32-279.22.1.el6.i686.rpm
     perf-debuginfo-2.6.32-279.22.1.el6.i686.rpm
     python-perf-debuginfo-2.6.32-279.22.1.el6.i686.rpm
     python-perf-2.6.32-279.22.1.el6.i686.rpm
   noarch
     kernel-doc-2.6.32-279.22.1.el6.noarch.rpm
     kernel-firmware-2.6.32-279.22.1.el6.noarch.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV