Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-4620

Kernel update [RHEL6.5 2.6.32-431.5.1.el6]

Details

    • Improvement
    • Resolution: Fixed
    • Blocker
    • Lustre 2.6.0, Lustre 2.5.1
    • None
    • 12645

    Description

      This update fixes the following security issues:

      • A buffer overflow flaw was found in the way the qeth_snmp_command()
        function in the Linux kernel's QETH network device driver implementation
        handled SNMP IOCTL requests with an out-of-bounds length. A local,
        unprivileged user could use this flaw to crash the system or, potentially,
        escalate their privileges on the system. (CVE-2013-6381, Important)
      • A flaw was found in the way the get_dumpable() function return value was
        interpreted in the ptrace subsystem of the Linux kernel. When
        'fs.suid_dumpable' was set to 2, a local, unprivileged local user could
        use this flaw to bypass intended ptrace restrictions and obtain
        potentially sensitive information. (CVE-2013-2929, Low)
      • It was found that certain protocol handlers in the Linux kernel's
        networking implementation could set the addr_len value without initializing
        the associated data structure. A local, unprivileged user could use this
        flaw to leak kernel stack memory to user space using the recvmsg, recvfrom,
        and recvmmsg system calls (CVE-2013-7263, CVE-2013-7265, Low).

      This update also fixes several bugs.

      Bugs fixed (https://bugzilla.redhat.com/):

      1028148 - CVE-2013-2929 kernel: exec/ptrace: get_dumpable() incorrect tests
      1033600 - CVE-2013-6381 Kernel: qeth: buffer overflow in snmp ioctl
      1035875 - CVE-2013-7263 CVE-2013-7265 Kernel: net: leakage of uninitialized memory to user-space via recv syscalls

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. LU-4628 Kernel update [RHEL6.5 2.6.32-431.5.1.el6]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            [LU-4620] Kernel update [RHEL6.5 2.6.32-431.5.1.el6]
            jaylan Jay Lan (Inactive) added a comment -

            Plan to land this one for 2.4.x also?

            jaylan Jay Lan (Inactive) added a comment - Plan to land this one for 2.4.x also?
            pjones Peter Jones added a comment -

            Landed for 2.5.1 and 2.6

            pjones Peter Jones added a comment - Landed for 2.5.1 and 2.6
            bogl Bob Glossman (Inactive) added a comment -

            in b2_5:
            http://review.whamcloud.com/9318

            bogl Bob Glossman (Inactive) added a comment - in b2_5: http://review.whamcloud.com/9318
            bogl Bob Glossman (Inactive) added a comment -

            client builds failing. apparently need some TEI work for the new version. example errors:

            +++ yumdownloader --destdir /var/lib/jenkins/lbuild-data/kernelrpm/2.6.32/rhel6/i686/yum61HYOn kernel-devel-2.6.32-431.5.1.el6
+++ fatal 1 'failed to fetch kernel-devel-2.6.32-431.5.1.el6 with yumdownloader.'
+++ cleanup
+++ true
+++ error 'failed to fetch kernel-devel-2.6.32-431.5.1.el6 with yumdownloader.'
+++ local 'msg=failed to fetch kernel-devel-2.6.32-431.5.1.el6 with yumdownloader.'
+++ '[' -n 'failed to fetch kernel-devel-2.6.32-431.5.1.el6 with yumdownloader.' ']'
+++ echo -e '\nlbuild: failed to fetch kernel-devel-2.6.32-431.5.1.el6 with yumdownloader.'

lbuild: failed to fetch kernel-devel-2.6.32-431.5.1.el6 with yumdownloader.

            will enter a new TEI ticket

            bogl Bob Glossman (Inactive) added a comment - client builds failing. apparently need some TEI work for the new version. example errors: +++ yumdownloader --destdir /var/lib/jenkins/lbuild-data/kernelrpm/2.6.32/rhel6/i686/yum61HYOn kernel-devel-2.6.32-431.5.1.el6 +++ fatal 1 'failed to fetch kernel-devel-2.6.32-431.5.1.el6 with yumdownloader.' +++ cleanup +++ true +++ error 'failed to fetch kernel-devel-2.6.32-431.5.1.el6 with yumdownloader.' +++ local 'msg=failed to fetch kernel-devel-2.6.32-431.5.1.el6 with yumdownloader.' +++ '[' -n 'failed to fetch kernel-devel-2.6.32-431.5.1.el6 with yumdownloader.' ']' +++ echo -e '\nlbuild: failed to fetch kernel-devel-2.6.32-431.5.1.el6 with yumdownloader.' lbuild: failed to fetch kernel-devel-2.6.32-431.5.1.el6 with yumdownloader. will enter a new TEI ticket
            bogl Bob Glossman (Inactive) added a comment -

            http://review.whamcloud.com/9253

            bogl Bob Glossman (Inactive) added a comment - http://review.whamcloud.com/9253

            People

              bogl Bob Glossman (Inactive)
              bogl Bob Glossman (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: