Synopsis: Important: kernel security update Issue Date: 2013-02-21 CVE Numbers: CVE-2012-4508 CVE-2012-4542 CVE-2013-0190 CVE-2013-0309 CVE-2013-0310 CVE-2013-0311 -- This update fixes the following security issues: * A race condition was found in the way asynchronous I/O and fallocate() interacted when using the ext4 file system. A local, unprivileged user could use this flaw to expose random data from an extent whose data blocks have not yet been written, and thus contain data from a deleted file. (CVE-2012-4508, Important) * A flaw was found in the way the vhost kernel module handled descriptors that spanned multiple regions. A privileged guest user in a KVM guest could use this flaw to crash the host or, potentially, escalate their privileges on the host. (CVE-2013-0311, Important) * It was found that the default SCSI command filter does not accommodate commands that overlap across device classes. A privileged guest user could potentially use this flaw to write arbitrary data to a LUN that is passed- through as read-only. (CVE-2012-4542, Moderate) * A flaw was found in the way the xen_failsafe_callback() function in the Linux kernel handled the failed iret (interrupt return) instruction notification from the Xen hypervisor. An unprivileged user in a 32-bit para-virtualized guest could use this flaw to crash the guest. (CVE-2013-0190, Moderate) * A flaw was found in the way pmd_present() interacted with PROT_NONE memory ranges when transparent hugepages were in use. A local, unprivileged user could use this flaw to crash the system. (CVE-2013-0309, Moderate) * A flaw was found in the way CIPSO (Common IP Security Option) IP options were validated when set from user mode. A local user able to set CIPSO IP options on the socket could use this flaw to crash the system. (CVE-2013-0310, Moderate) The system must be rebooted for this update to take effect. -- SL6 x86_64 kernel-2.6.32-358.el6.x86_64.rpm kernel-debug-2.6.32-358.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.el6.x86_64.rpm kernel-devel-2.6.32-358.el6.x86_64.rpm kernel-headers-2.6.32-358.el6.x86_64.rpm perf-2.6.32-358.el6.x86_64.rpm perf-debuginfo-2.6.32-358.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.el6.x86_64.rpm python-perf-2.6.32-358.el6.x86_64.rpm i386 kernel-2.6.32-358.el6.i686.rpm kernel-debug-2.6.32-358.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.el6.i686.rpm kernel-debug-devel-2.6.32-358.el6.i686.rpm kernel-debuginfo-2.6.32-358.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.el6.i686.rpm kernel-devel-2.6.32-358.el6.i686.rpm kernel-headers-2.6.32-358.el6.i686.rpm perf-2.6.32-358.el6.i686.rpm perf-debuginfo-2.6.32-358.el6.i686.rpm python-perf-debuginfo-2.6.32-358.el6.i686.rpm python-perf-2.6.32-358.el6.i686.rpm noarch kernel-doc-2.6.32-358.el6.noarch.rpm kernel-firmware-2.6.32-358.el6.noarch.rpm Added for dependency resolution: SL6 x86_64 kmod-openafs-1.6.2-4.SL64.el6.noarch.rpm kmod-openafs-279-1.6.2-0.144.sl6.279.x86_64.rpm kmod-openafs-358-1.6.2-0.144.sl6.358.0.1.x86_64.rpm i386 kmod-openafs-1.6.2-4.SL64.el6.noarch.rpm kmod-openafs-279-1.6.2-0.144.sl6.279.i686.rpm kmod-openafs-358-1.6.2-0.144.sl6.358.0.1.i686.rpm - Scientific Linux Development Team