Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-2035

Kernel update [RHEL6.3 2.6.32-279.11.1.el6]

Details

    • Improvement
    • Resolution: Fixed
    • Minor
    • None
    • None
    • None
    • 4197

    Description

      This update fixes the following security issues:

      • An integer overflow flaw was found in the i915_gem_do_execbuffer()
        function in the Intel i915 driver in the Linux kernel. A local,
        unprivileged user could use this flaw to cause a denial of service. This
        issue only affected 32-bit systems. (CVE-2012-2384, Moderate)
      • A memory leak flaw was found in the way the Linux kernel's memory
        subsystem handled resource clean up in the mmap() failure path when the
        MAP_HUGETLB flag was set. A local, unprivileged user could use this flaw to
        cause a denial of service. (CVE-2012-2390, Moderate)
      • A race condition was found in the way access to inet->opt ip_options was
        synchronized in the Linux kernel's TCP/IP protocol suite implementation.
        Depending on the network facing applications running on the system, a
        remote attacker could possibly trigger this flaw to cause a denial of
        service. A local, unprivileged user could use this flaw to cause a denial
        of service regardless of the applications the system runs. (CVE-2012-3552,
        Moderate)
      • A flaw was found in the way the Linux kernel's dl2k driver, used by
        certain D-Link Gigabit Ethernet adapters, restricted IOCTLs. A local,
        unprivileged user could use this flaw to issue potentially harmful IOCTLs,
        which could cause Ethernet adapters using the dl2k driver to malfunction
        (for example, losing network connectivity). (CVE-2012-2313, Low)
      • A flaw was found in the way the msg_namelen variable in the rds_recvmsg()
        function of the Linux kernel's Reliable Datagram Sockets (RDS) protocol
        implementation was initialized. A local, unprivileged user could use this
        flaw to leak kernel stack memory to user-space. (CVE-2012-3430, Low)

      Bugs fixed (http://bugzilla.redhat.com/):

      818820 - CVE-2012-2313 kernel: unfiltered netdev rio_ioctl access by users
      820039 - CVE-2012-3430 kernel: recv

      {from,msg}

      () on an rds socket can leak kernel memory
      824178 - CVE-2012-2384 kernel: drm/i915: integer overflow in i915_gem_do_execbuffer()
      824345 - CVE-2012-2390 kernel: huge pages: memory leak on mmap failure
      842982 - Change network with netconsole loaded cause kernel panic [rhel-6.3.z]
      847945 - nfs_attr_use_mounted_on_file() returns wrong value [rhel-6.3.z]
      849051 - dlm: deadlock between dlm_send and dlm_controld [rhel-6.3.z]
      851444 - [qemu-kvm] [hot-plug] qemu-process (RHEL6.3 guest) goes into D state during nic hot unplug (netdev_del hostnet1) [rhel-6.3.z]
      853465 - CVE-2012-3552 kernel: net: slab corruption due to improper synchronization around inet->opt

      Attachments

        Activity

          [LU-2035] Kernel update [RHEL6.3 2.6.32-279.11.1.el6]
          simmonsja James A Simmons added a comment - - edited

          Updated the patch to remove the extra wordiness. The patch is at http://review.whamcloud.com/#change,4131 for master. I also have a patch for 2.1 at http://review.whamcloud.com/#change,3811

          simmonsja James A Simmons added a comment - - edited Updated the patch to remove the extra wordiness. The patch is at http://review.whamcloud.com/#change,4131 for master. I also have a patch for 2.1 at http://review.whamcloud.com/#change,3811

          I kind of like the idea of just updating the supported version. IMHO the simplest change is best. Don't think all the extra wordiness to refer to a JIRA bug adds much useful info.

          bogl Bob Glossman (Inactive) added a comment - I kind of like the idea of just updating the supported version. IMHO the simplest change is best. Don't think all the extra wordiness to refer to a JIRA bug adds much useful info.

          Makes sense. With the last patch it was discussed about what to add to lustre/Changelog. It has been suggested not to add anymore JIRA Update RHEL6.2 kernel sections but only update the supported kernel section. I tend to agree. Perhaps we should to make it tidy remove the other kernel updates as well? Looking for suggestions for next patch

          simmonsja James A Simmons added a comment - Makes sense. With the last patch it was discussed about what to add to lustre/Changelog. It has been suggested not to add anymore JIRA Update RHEL6.2 kernel sections but only update the supported kernel section. I tend to agree. Perhaps we should to make it tidy remove the other kernel updates as well? Looking for suggestions for next patch

          2.6.32-279.11.1.el6 is now in our 6.3 update repositories.

          joshua Joshua Kugler (Inactive) added a comment - 2.6.32-279.11.1.el6 is now in our 6.3 update repositories.

          There is already an even later version available: 2.6.32-279.11.1.el6
          Maybe we should skip 279.9.1 and go right to 279.11.1

          bogl Bob Glossman (Inactive) added a comment - There is already an even later version available: 2.6.32-279.11.1.el6 Maybe we should skip 279.9.1 and go right to 279.11.1

          This kernel is now in our 6.3 repositories.

          joshua Joshua Kugler (Inactive) added a comment - This kernel is now in our 6.3 repositories.

          People

            ys Yang Sheng
            ys Yang Sheng
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: