https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 https://jira.whamcloud.com/browse/LU-1511 Lustre <p>This update fixes the following security issues:</p> <ul> <li>It was found that the Xen hypervisor implementation as shipped with Red<br/> Hat Enterprise Linux 5 did not properly restrict the syscall return<br/> addresses in the sysret return path to canonical addresses. An unprivileged<br/> user in a 64-bit para-virtualized guest, that is running on a 64-bit host<br/> that has an Intel CPU, could use this flaw to crash the host or,<br/> potentially, escalate their privileges, allowing them to execute arbitrary<br/> code at the hypervisor level. (CVE-2012-0217, Important)</li> </ul> <ul> <li>It was found that guests could trigger a bug in earlier AMD CPUs, leading<br/> to a CPU hard lockup, when running on the Xen hypervisor implementation. An<br/> unprivileged user in a 64-bit para-virtualized guest could use this flaw to<br/> crash the host. Warning: After installing this update, hosts that are using<br/> an affected AMD CPU (refer to Red Hat Bugzilla bug #824966 for a list) will<br/> fail to boot. In order to boot such hosts, the new kernel parameter,<br/> allow_unsafe, can be used ("allow_unsafe=on"). This option should only be<br/> used with hosts that are running trusted guests, as setting it to "on"<br/> reintroduces the flaw (allowing guests to crash the host). (CVE-2012-2934,<br/> Moderate)</li> </ul> <p>Note: For Red Hat Enterprise Linux guests, only privileged guest users can<br/> exploit the CVE-2012-0217 and CVE-2012-2934 issues.</p> <p>Bugs fixed (<a href="http://bugzilla.redhat.com/):" class="external-link" target="_blank" rel="nofollow noopener">http://bugzilla.redhat.com/):</a></p> <p>813428 - CVE-2012-0217 kernel: x86-64: avoid sysret to non-canonical address<br/> 824966 - CVE-2012-2934 kernel: denial of service due to AMD Erratum #121</p> LU-1511

Kernel update [RHEL5.8 2.6.18-308.11.1.el5]

Improvement Minor Resolved Fixed Yang Sheng Yang Sheng Tue, 12 Jun 2012 11:43:38 +0000 Fri, 22 Feb 2013 11:16:59 +0000 Tue, 28 Aug 2012 13:17:16 +0000 Lustre 2.1.3 Lustre 1.8.9 0 2 <p>This update fixes the following security issue:</p> <ul> <li>A flaw was found in the way the Linux kernel's dl2k driver, used by<br/> certain D-Link Gigabit Ethernet adapters, restricted IOCTLs. A local,<br/> unprivileged user could use this flaw to issue potentially harmful IOCTLs,<br/> which could cause Ethernet adapters using the dl2k driver to malfunction<br/> (for example, losing network connectivity). (CVE-2012-2313, Low)</li> </ul> <p>Bugs fixed (<a href="http://bugzilla.redhat.com/):" class="external-link" target="_blank" rel="nofollow noopener">http://bugzilla.redhat.com/):</a></p> <p>818820 - CVE-2012-2313 kernel: unfiltered netdev rio_ioctl access by users</p> <p>This update landed for 2.1.3. Please create a new ticket to track any more current RHEL5.8 updates - thanks</p> Related Development Rank 1|hzva1b: Rank (Obsolete) 5160