- Issued:
- 2016-03-15
- Updated:
- 2016-03-15
RHSA-2016:0450 - Important: kernel security update
Synopsis
Important: kernel security update
Type/Severity
Security Advisory Important
Topic
Updated kernel packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Description
The kernel packages contain the Linux kernel, the core of any Linux operating system.
-
An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system. (CVE-2013-2596, Important)
-
It was found that the Xen hypervisor x86 CPU emulator implementation did not correctly handle certain instructions with segment overrides, potentially resulting in a memory corruption. A malicious guest user could use this flaw to read arbitrary data relating to other guests, cause a denial of service on the host, or potentially escalate their privileges on the host. (CVE-2015-2151, Important)
This update also fixes the following bugs:
-
Previously, the CPU power of a CPU group could be zero. As a consequence, a kernel panic occurred at "find_busiest_group+570" with do_divide_error. The provided patch ensures that the division is only performed if the CPU power is not zero, and the aforementioned panic no longer occurs. (BZ#1209728)
-
Prior to this update, a bug occurred when performing an online resize of an ext4 file system which had been previously converted from ext3. As a consequence, the kernel crashed. The provided patch fixes online resizing for such file systems by limiting the blockgroup search loop for non-extent files, and the mentioned kernel crash no longer occurs. (BZ#1301100)
All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Power, big endian | 5 | ppc |
| Red Hat Enterprise Linux for IBM z Systems | 5 | s390x |
| Red Hat Enterprise Linux Workstation | 5 | x86_64 |
| Red Hat Enterprise Linux Workstation | 5 | i386 |
| Red Hat Enterprise Linux Server | 5 | x86_64 |
| Red Hat Enterprise Linux Server | 5 | ia64 |
| Red Hat Enterprise Linux Server | 5 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 5 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 5 | i386 |
| Red Hat Enterprise Linux Desktop | 5 | x86_64 |
| Red Hat Enterprise Linux Desktop | 5 | i386 |
Updated Packages
- kernel-debuginfo-common-2.6.18-409.el5.x86_64.rpm
- kernel-debuginfo-2.6.18-409.el5.s390x.rpm
- kernel-debuginfo-common-2.6.18-409.el5.s390x.rpm
- kernel-headers-2.6.18-409.el5.x86_64.rpm
- kernel-headers-2.6.18-409.el5.s390x.rpm
- kernel-devel-2.6.18-409.el5.s390x.rpm
- kernel-debug-devel-2.6.18-409.el5.ppc64.rpm
- kernel-kdump-2.6.18-409.el5.ppc64.rpm
- kernel-xen-devel-2.6.18-409.el5.i686.rpm
- kernel-2.6.18-409.el5.s390x.rpm
- kernel-xen-2.6.18-409.el5.i686.rpm
- kernel-kdump-devel-2.6.18-409.el5.ppc64.rpm
- kernel-debug-debuginfo-2.6.18-409.el5.s390x.rpm
- kernel-debug-devel-2.6.18-409.el5.ia64.rpm
- kernel-xen-2.6.18-409.el5.x86_64.rpm
- kernel-headers-2.6.18-409.el5.ppc64.rpm
- kernel-xen-devel-2.6.18-409.el5.x86_64.rpm
- kernel-debuginfo-2.6.18-409.el5.ia64.rpm
- kernel-debuginfo-common-2.6.18-409.el5.i686.rpm
- kernel-debuginfo-2.6.18-409.el5.i686.rpm
- kernel-headers-2.6.18-409.el5.i386.rpm
- kernel-2.6.18-409.el5.ppc64.rpm
- kernel-debug-2.6.18-409.el5.s390x.rpm
- kernel-2.6.18-409.el5.src.rpm
- kernel-devel-2.6.18-409.el5.x86_64.rpm
- kernel-kdump-debuginfo-2.6.18-409.el5.s390x.rpm
- kernel-debug-devel-2.6.18-409.el5.s390x.rpm
- kernel-debug-debuginfo-2.6.18-409.el5.i686.rpm
- kernel-devel-2.6.18-409.el5.i686.rpm
- kernel-debuginfo-2.6.18-409.el5.ppc64.rpm
- kernel-headers-2.6.18-409.el5.ia64.rpm
- kernel-debug-2.6.18-409.el5.x86_64.rpm
- kernel-debug-2.6.18-409.el5.i686.rpm
- kernel-2.6.18-409.el5.i686.rpm
- kernel-xen-debuginfo-2.6.18-409.el5.x86_64.rpm
- kernel-debug-devel-2.6.18-409.el5.x86_64.rpm
- kernel-debug-debuginfo-2.6.18-409.el5.x86_64.rpm
- kernel-PAE-2.6.18-409.el5.i686.rpm
- kernel-devel-2.6.18-409.el5.ia64.rpm
- kernel-PAE-debuginfo-2.6.18-409.el5.i686.rpm
- kernel-headers-2.6.18-409.el5.ppc.rpm
- kernel-debug-2.6.18-409.el5.ppc64.rpm
- kernel-xen-debuginfo-2.6.18-409.el5.ia64.rpm
- kernel-kdump-devel-2.6.18-409.el5.s390x.rpm
- kernel-debuginfo-common-2.6.18-409.el5.ia64.rpm
- kernel-PAE-devel-2.6.18-409.el5.i686.rpm
- kernel-debuginfo-2.6.18-409.el5.x86_64.rpm
- kernel-debug-2.6.18-409.el5.ia64.rpm
- kernel-xen-debuginfo-2.6.18-409.el5.i686.rpm
- kernel-xen-2.6.18-409.el5.ia64.rpm
- kernel-debug-devel-2.6.18-409.el5.i686.rpm
- kernel-kdump-2.6.18-409.el5.s390x.rpm
- kernel-debug-debuginfo-2.6.18-409.el5.ppc64.rpm
- kernel-kdump-debuginfo-2.6.18-409.el5.ppc64.rpm
- kernel-debug-debuginfo-2.6.18-409.el5.ia64.rpm
- kernel-debuginfo-common-2.6.18-409.el5.ppc64.rpm
- kernel-devel-2.6.18-409.el5.ppc64.rpm
- kernel-2.6.18-409.el5.ia64.rpm
- kernel-xen-devel-2.6.18-409.el5.ia64.rpm
- kernel-2.6.18-409.el5.x86_64.rpm
- kernel-doc-2.6.18-409.el5.noarch.rpm
Fixes
CVEs
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.