Red Hat Local Security Checks : RedHat Security Advisory RHSA-2012:1150

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.71922

Category: Red Hat Local Security Checks

Title: RedHat Security Advisory RHSA-2012:1150

Summary: NOSUMMARY

Description: Description:
The remote host is missing updates announced in
advisory RHSA-2012:1150.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A memory leak flaw was found in the way the Linux kernel's memory
subsystem handled resource clean up in the mmap() failure path when the
MAP_HUGETLB flag was set. A local, unprivileged user could use this flaw to
cause a denial of service. (CVE-2012-2390, Moderate)

* A flaw was found in the way the Linux kernel's Event Poll (epoll)
subsystem handled resource clean up when an ELOOP error code was returned.
A local, unprivileged user could use this flaw to cause a denial of
service. (CVE-2012-3375, Moderate)

This update also fixes the following bugs:

* The MRG 2.1 realtime kernel lacked support for automatic memory
reservation for the kdump kernel, as present in Red Hat Enterprise Linux
kernels. Using the parameter crashkernel=auto on the kernel boot command
line led to kdump being disabled because no memory was correctly reserved.
Support for crashkernel=auto has been implemented in the 3.0 realtime
kernel and now when the crashkernel=auto parameter is specified, machines
with more than 4GB of RAM have the amount of memory required by the kdump
kernel calculated and reserved. (BZ#820427)

* The current bnx2x driver in the MRG 2.1 realtime kernel had faulty
support for the network adapter PCI ID 14e4:168e and did not work
correctly. The bnx2x driver was updated to include support for this network
adapter. (BZ#839037)

Users should upgrade to these updated packages, which upgrade the kernel-rt
kernel to version kernel-rt-3.0.36-rt57, and correct these issues. The
system must be rebooted for this update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2012-1150.html

Risk factor : Medium

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-2390
USN-1515-1
http://www.ubuntu.com/usn/USN-1515-1
USN-1535-1
http://www.ubuntu.com/usn/USN-1535-1
[oss-security] 20120523 Re: CVE Request -- kernel: huge pages: memory leak on mmap failure
http://www.openwall.com/lists/oss-security/2012/05/23/14
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c50ac050811d6485616a193eb0f37bfbd191cc89
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.2
https://bugzilla.redhat.com/show_bug.cgi?id=824345
https://github.com/torvalds/linux/commit/c50ac050811d6485616a193eb0f37bfbd191cc89
Common Vulnerability Exposure (CVE) ID: CVE-2012-3375
1027237
http://www.securitytracker.com/id?1027237
51164
http://secunia.com/advisories/51164
USN-1529-1
http://ubuntu.com/usn/usn-1529-1
[oss-security] 20120704 Re: CVE Request -- kernel: epoll: can leak file descriptors when returning -ELOOP
http://www.openwall.com/lists/oss-security/2012/07/04/2
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=13d518074a952d33d47c428419693f63389547e9
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24
https://bugzilla.redhat.com/show_bug.cgi?id=837502
https://downloads.avaya.com/css/P8/documents/100165733
https://github.com/torvalds/linux/commit/13d518074a952d33d47c428419693f63389547e9

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.71922
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2012:1150
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2012:1150. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A memory leak flaw was found in the way the Linux kernel's memory subsystem handled resource clean up in the mmap() failure path when the MAP_HUGETLB flag was set. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2390, Moderate) * A flaw was found in the way the Linux kernel's Event Poll (epoll) subsystem handled resource clean up when an ELOOP error code was returned. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-3375, Moderate) This update also fixes the following bugs: * The MRG 2.1 realtime kernel lacked support for automatic memory reservation for the kdump kernel, as present in Red Hat Enterprise Linux kernels. Using the parameter crashkernel=auto on the kernel boot command line led to kdump being disabled because no memory was correctly reserved. Support for crashkernel=auto has been implemented in the 3.0 realtime kernel and now when the crashkernel=auto parameter is specified, machines with more than 4GB of RAM have the amount of memory required by the kdump kernel calculated and reserved. (BZ#820427) * The current bnx2x driver in the MRG 2.1 realtime kernel had faulty support for the network adapter PCI ID 14e4:168e and did not work correctly. The bnx2x driver was updated to include support for this network adapter. (BZ#839037) Users should upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.0.36-rt57, and correct these issues. The system must be rebooted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2012-1150.html Risk factor : Medium
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2390 USN-1515-1 http://www.ubuntu.com/usn/USN-1515-1 USN-1535-1 http://www.ubuntu.com/usn/USN-1535-1 [oss-security] 20120523 Re: CVE Request -- kernel: huge pages: memory leak on mmap failure http://www.openwall.com/lists/oss-security/2012/05/23/14 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c50ac050811d6485616a193eb0f37bfbd191cc89 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.2 https://bugzilla.redhat.com/show_bug.cgi?id=824345 https://github.com/torvalds/linux/commit/c50ac050811d6485616a193eb0f37bfbd191cc89 Common Vulnerability Exposure (CVE) ID: CVE-2012-3375 1027237 http://www.securitytracker.com/id?1027237 51164 http://secunia.com/advisories/51164 USN-1529-1 http://ubuntu.com/usn/usn-1529-1 [oss-security] 20120704 Re: CVE Request -- kernel: epoll: can leak file descriptors when returning -ELOOP http://www.openwall.com/lists/oss-security/2012/07/04/2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=13d518074a952d33d47c428419693f63389547e9 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24 https://bugzilla.redhat.com/show_bug.cgi?id=837502 https://downloads.avaya.com/css/P8/documents/100165733 https://github.com/torvalds/linux/commit/13d518074a952d33d47c428419693f63389547e9
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com