Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2011:1321
The remote host is missing updates announced in
advisory RHSA-2011:1321.

The kernel packages contain the Linux kernel.

Security fix:

* A flaw in skb_gro_header_slow() in the Linux kernel could lead to GRO
(Generic Receive Offload) fields being left in an inconsistent state. An
attacker on the local network could use this flaw to trigger a denial of
service. (CVE-2011-2723, Moderate)

Red Hat would like to thank Brent Meshier for reporting this issue.

Bug fixes:

* When reading a file from a subdirectory in /proc/bus/pci/ while
hot-unplugging the device related to that file, the system will crash. Now,
the kernel correctly handles the simultaneous removal of a device and
access to the representation of that device in the proc file system.

* RHSA-2011:0017 introduced a regression: Non-disk SCSI devices (except for
tape drives) such as enclosure or CD-ROM devices were hidden when attached
to a SAS based RAID controller that uses the megaraid_sas driver. With this
update, such devices are accessible, as expected. (BZ#726487)

* The fix for CVE-2010-3432 provided in RHSA-2011:0004 introduced a
regression: Information in sctp_packet_config(), which was called before
appending data chunks to a packet, was not reset, causing considerably poor
SCTP (Stream Control Transmission Protocol) performance. With this update,
the packet information is reset after transmission. (BZ#727591)

* Certain systems do not correctly set the ACPI FADT APIC mode bit. They
set the bit to cluster mode instead of physical mode which caused these
systems to boot without the TSC (Time Stamp Counter). With this update, the
ACPI FADT check has been removed due to its unreliability. (BZ#728162)

* Performance when invalidating and rereading cached data as a glock moves
around the cluster with GFS2 is improved. (BZ#729082)

* Performance issues occurred when multiple nodes attempted to call mmap()
on the same inode at the same time on a GFS2 file system, as it was using
an exclusive glock. With this update, a shared lock is used when noatime
is set on the mount, allowing mmap() operations to occur in parallel,
fixing this bug. Note that this issue only refers to mmap() system calls,
and not to subsequent page faults. (BZ#729090)

* Some of the functions in the GFS2 file system were not reserving enough
space for the resource group header in a transaction and for resource
groups bit blocks that get added when a memory allocation is performed.
That resulted in failed write and allocation operations. With this update,
GFS2 makes sure to reserve space in the described scenario, using the new
gfs2_rg_blocks() inline function. (BZ#729092)

* When GFS2 grew the file system, it never reread the rindex file during
the grow. This is necessary for large grows when the file system is almost
full, and GFS2 needs to use some of the space allocated earlier in the grow
to complete it. Now, if GFS2 fails to reserve the necessary space and the
rindex data is not up-to-date, it rereads it. (BZ#729094)

* Previously, when the Xen hypervisor split a 2 MB page into 4 KB pages, it
linked the new page from PDE (Page Directory Entry) before it filled
entries of the page with appropriate data. Consequently, when doing a live
migration with EPT (Extended Page Tables) enabled on a non-idle guest
running with more than two virtual CPUs, the guest often terminated
unexpectedly. With this update, the Xen hypervisor prepares the page table
entry first, and then links it in. (BZ#730684)

* Changes made to TSC as a clock source for IRQs caused virtual machines
running under the VMware ESX or ESXi hypervisors to become unresponsive
during the initial kernel boot process. With this update, the
enable_tsc_timer flag enables the do_timer_tsc_timekeeping() function to be
called in the do_timer_interrupt_hook() function, preventing a deadlock in
the timer interrupt handler. (BZ#730688)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Medium

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-2723
BugTraq ID: 48929
HPdes Security Advisory: HPSBGN02970
Common Vulnerability Exposure (CVE) ID: CVE-2010-3432
BugTraq ID: 43480
Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search)
Debian Security Information: DSA-2126 (Google Search)
SuSE Security Announcement: SUSE-SA:2011:001 (Google Search)
SuSE Security Announcement: SUSE-SA:2011:007 (Google Search)
CopyrightCopyright (c) 2011 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.