Newest Plugins

Oracle JRockit R27 < R27.7.2.5 / R28 < R28.2.3.13 Multiple Vulnerabilities (April 2012 CPU)


Synopsis:

The remote Windows host contains a programming platform that is
affected by multiple vulnerabilities.

Description:

The remote host has a version of Oracle JRockit that is affected by
multiple vulnerabilities that could allow a remote attacker to
compromise system confidentiality and integrity via unspecified
vectors.

See also :

http://www.nessus.org/u?9865fa8a

Solution :

Upgrade to version R27.7.2.5 / R28.2.3.13 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Ubuntu 10.04 LTS / 12.04 LTS / 14.04 : cups vulnerability (USN-2293-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Francisco Alonso discovered that the CUPS web interface incorrectly
validated permissions on rss files. A local attacker could possibly
use this issue to bypass file permissions and read arbitrary files,
possibly leading to a privilege escalation.

Solution :

Update the affected cups package.

Risk factor :

High

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/srpm/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

It was discovered that the Hotspot component in OpenJDK did not
properly verify bytecode from the class files. An untrusted Java
application or applet could possibly use these flaws to bypass Java
sandbox restrictions. (CVE-2014-4216, CVE-2014-4219)

A format string flaw was discovered in the Hotspot component event
logger in OpenJDK. An untrusted Java application or applet could use
this flaw to crash the Java Virtual Machine or, potentially, execute
arbitrary code with the privileges of the Java Virtual Machine.
(CVE-2014-2490)

An improper permission check issue was discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could
use this flaw to bypass Java sandbox restrictions. (CVE-2014-4262)

Multiple flaws were discovered in the JMX, Libraries, Security, and
Serviceability components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass certain Java sandbox
restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4252,
CVE-2014-4266)

It was discovered that the RSA algorithm in the Security component in
OpenJDK did not sufficiently perform blinding while performing
operations that were using private keys. An attacker able to measure
timing differences of those operations could possibly leak information
about the used keys. (CVE-2014-4244)

The Diffie-Hellman (DH) key exchange algorithm implementation in the
Security component in OpenJDK failed to validate public DH parameters
properly. This could cause OpenJDK to accept and use weak parameters,
allowing an attacker to recover the negotiated key. (CVE-2014-4263)

This update also fixes the following bug :

- Prior to this update, an application accessing an
unsynchronized HashMap could potentially enter an
infinite loop and consume an excessive amount of CPU
resources. This update resolves this issue.

All running instances of OpenJDK Java must be restarted for the update
to take effect.

See also :

http://www.nessus.org/u?24575feb

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2014:0907)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated java-1.6.0-openjdk packages that fix multiple security issues
and one bug are now available for Red Hat Enterprise Linux 5, 6, and
7.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.

It was discovered that the Hotspot component in OpenJDK did not
properly verify bytecode from the class files. An untrusted Java
application or applet could possibly use these flaws to bypass Java
sandbox restrictions. (CVE-2014-4216, CVE-2014-4219)

A format string flaw was discovered in the Hotspot component event
logger in OpenJDK. An untrusted Java application or applet could use
this flaw to crash the Java Virtual Machine or, potentially, execute
arbitrary code with the privileges of the Java Virtual Machine.
(CVE-2014-2490)

An improper permission check issue was discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could
use this flaw to bypass Java sandbox restrictions. (CVE-2014-4262)

Multiple flaws were discovered in the JMX, Libraries, Security, and
Serviceability components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass certain Java sandbox
restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4252,
CVE-2014-4266)

It was discovered that the RSA algorithm in the Security component in
OpenJDK did not sufficiently perform blinding while performing
operations that were using private keys. An attacker able to measure
timing differences of those operations could possibly leak information
about the used keys. (CVE-2014-4244)

The Diffie-Hellman (DH) key exchange algorithm implementation in the
Security component in OpenJDK failed to validate public DH parameters
properly. This could cause OpenJDK to accept and use weak parameters,
allowing an attacker to recover the negotiated key. (CVE-2014-4263)

The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat
Product Security.

This update also fixes the following bug :

* Prior to this update, an application accessing an unsynchronized
HashMap could potentially enter an infinite loop and consume an
excessive amount of CPU resources. This update resolves this issue.
(BZ#1115580)

All users of java-1.6.0-openjdk are advised to upgrade to these
updated packages, which resolve these issues. All running instances of
OpenJDK Java must be restarted for the update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-2490.html
https://www.redhat.com/security/data/cve/CVE-2014-4209.html
https://www.redhat.com/security/data/cve/CVE-2014-4216.html
https://www.redhat.com/security/data/cve/CVE-2014-4218.html
https://www.redhat.com/security/data/cve/CVE-2014-4219.html
https://www.redhat.com/security/data/cve/CVE-2014-4244.html
https://www.redhat.com/security/data/cve/CVE-2014-4252.html
https://www.redhat.com/security/data/cve/CVE-2014-4262.html
https://www.redhat.com/security/data/cve/CVE-2014-4263.html
https://www.redhat.com/security/data/cve/CVE-2014-4266.html
http://rhn.redhat.com/errata/RHSA-2014-0907.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 : MRG (RHSA-2014:0859)


Synopsis:

The remote Red Hat host is missing a security update.

Description:

An updated cumin package that fixes two security issues is now
available for Red Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux
5.

The Red Hat Security Response Team has rated this update as having
Moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

It was found that if Cumin were asked to display a link name
containing non-ASCII characters, the request would terminate with an
error. If data containing non-ASCII characters were added to the
database (such as via Cumin or Wallaby), requests to load said data
would terminate and the requested page would not be displayed until an
administrator cleans the database. (CVE-2012-2682)

It was found that Cumin did not set the HttpOnly flag on session
cookies. This could allow a malicious script to access the session
cookie. (CVE-2014-0174)

These issues were discovered by Stanislav Graf of Red Hat.

All users of cumin with Red Hat Enterprise MRG 2.5 for Red Hat
Enterprise Linux 5 are advised to upgrade to this updated package,
which corrects these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-2682.html
https://www.redhat.com/security/data/cve/CVE-2014-0174.html
http://rhn.redhat.com/errata/RHSA-2014-0859.html

Solution :

Update the affected cumin package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2014:0858)


Synopsis:

The remote Red Hat host is missing a security update.

Description:

An updated cumin package that fixes two security issues is now
available for Red Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux
6.

The Red Hat Security Response Team has rated this update as having
Moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

It was found that if Cumin were asked to display a link name
containing non-ASCII characters, the request would terminate with an
error. If data containing non-ASCII characters were added to the
database (such as via Cumin or Wallaby), requests to load said data
would terminate and the requested page would not be displayed until an
administrator cleans the database. (CVE-2012-2682)

It was found that Cumin did not set the HttpOnly flag on session
cookies. This could allow a malicious script to access the session
cookie. (CVE-2014-0174)

These issues were discovered by Stanislav Graf of Red Hat.

All users of cumin with Red Hat Enterprise MRG 2.5 for Red Hat
Enterprise Linux 6 are advised to upgrade to this updated package,
which corrects these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-2682.html
https://www.redhat.com/security/data/cve/CVE-2014-0174.html
http://rhn.redhat.com/errata/RHSA-2014-0858.html

Solution :

Update the affected cumin package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2014:0557)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel-rt packages that fix multiple security issues are now
available for Red Hat Enterprise MRG 2.5.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

* A race condition leading to a use-after-free flaw was found in the
way the Linux kernel's TCP/IP protocol suite implementation handled
the addition of fragments to the LRU (Last-Recently Used) list under
certain conditions. A remote attacker could use this flaw to crash the
system or, potentially, escalate their privileges on the system by
sending a large amount of specially crafted fragmented packets to that
system. (CVE-2014-0100, Important)

* A race condition flaw, leading to heap-based buffer overflows, was
found in the way the Linux kernel's N_TTY line discipline (LDISC)
implementation handled concurrent processing of echo output and TTY
write operations originating from user space when the underlying TTY
driver was PTY. An unprivileged, local user could use this flaw to
crash the system or, potentially, escalate their privileges on the
system. (CVE-2014-0196, Important)

* A flaw was found in the way the Linux kernel's floppy driver handled
user space provided data in certain error code paths while processing
FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX
could use this flaw to free (using the kfree() function) arbitrary
kernel memory. (CVE-2014-1737, Important)

* It was found that the Linux kernel's floppy driver leaked internal
kernel memory addresses to user space during the processing of the
FDRAWCMD IOCTL command. A local user with write access to /dev/fdX
could use this flaw to obtain information about the kernel heap
arrangement. (CVE-2014-1738, Low)

Note: A local user with write access to /dev/fdX could use these two
flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate
their privileges on the system.

* A use-after-free flaw was found in the way the ping_init_sock()
function of the Linux kernel handled the group_info reference counter.
A local, unprivileged user could use this flaw to crash the system or,
potentially, escalate their privileges on the system. (CVE-2014-2851,
Important)

* It was found that a remote attacker could use a race condition flaw
in the ath_tx_aggr_sleep() function to crash the system by creating
large network traffic on the system's Atheros 9k wireless network
adapter. (CVE-2014-2672, Moderate)

* A NULL pointer dereference flaw was found in the
rds_iw_laddr_check() function in the Linux kernel's implementation of
Reliable Datagram Sockets (RDS). A local, unprivileged user could use
this flaw to crash the system. (CVE-2014-2678, Moderate)

* A race condition flaw was found in the way the Linux kernel's
mac80211 subsystem implementation handled synchronization between TX
and STA wake-up code paths. A remote attacker could use this flaw to
crash the system. (CVE-2014-2706, Moderate)

* It was found that the try_to_unmap_cluster() function in the Linux
kernel's Memory Managment subsystem did not properly handle page
locking in certain cases, which could potentially trigger the BUG_ON()
macro in the mlock_vma_page() function. A local, unprivileged user
could use this flaw to crash the system. (CVE-2014-3122, Moderate)

Red Hat would like to thank Matthew Daley for reporting CVE-2014-1737
and CVE-2014-1738. The CVE-2014-0100 issue was discovered by Nikolay
Aleksandrov of Red Hat.

Users are advised to upgrade to these updated packages, which upgrade
the kernel-rt kernel to version kernel-rt-3.10.33-rt32.34 and correct
these issues. The system must be rebooted for this update to take
effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-0100.html
https://www.redhat.com/security/data/cve/CVE-2014-0196.html
https://www.redhat.com/security/data/cve/CVE-2014-1737.html
https://www.redhat.com/security/data/cve/CVE-2014-1738.html
https://www.redhat.com/security/data/cve/CVE-2014-2672.html
https://www.redhat.com/security/data/cve/CVE-2014-2678.html
https://www.redhat.com/security/data/cve/CVE-2014-2706.html
https://www.redhat.com/security/data/cve/CVE-2014-2851.html
https://www.redhat.com/security/data/cve/CVE-2014-3122.html
http://rhn.redhat.com/errata/RHSA-2014-0557.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 : MRG (RHSA-2014:0441)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated Messaging component packages that fix one security issue,
several bugs, and add various enhancements are now available for Red
Hat Enterprise MRG 2.5 for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
Moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

MRG Messaging is a high-speed reliable messaging distribution for
Linux based on AMQP (Advanced Message Queuing Protocol), an open
protocol standard for enterprise messaging that is designed to make
mission critical messaging widely available as a standard service, and
to make enterprise messaging interoperable across platforms,
programming languages, and vendors. MRG Messaging includes an AMQP
0-10 messaging broker
AMQP 0-10 client libraries for C++, Java JMS,
and Python
as well as persistence libraries and management tools.

It was found that MRG Management Console (cumin) used the crypt(3)
DES-based hash function to hash passwords. DES-based hashing has known
weaknesses that allow an attacker to more easily recover plain text
passwords from hashes via brute-force guessing. An attacker able to
compromise a cumin user database could potentially use this flaw to
recover plain text passwords from the password hashes stored in that
database. (CVE-2013-6445)

Note: In deployments where user account information is stored in a
database managed by cumin, it is recommended that users change their
passwords after this update is applied.

This issue was discovered by Tomáš Nováčik of the Red Hat MRG
Quality Engineering team.

This update also fixes several bugs and adds enhancements.
Documentation for these changes will be available shortly from the
Technical Notes document linked to in the References section.

All users of the Messaging capabilities of Red Hat Enterprise MRG are
advised to upgrade to these updated packages, which resolve these
issues and add these enhancements. After installing the updated
packages, stop the cluster by either running 'service qpidd stop' on
all nodes, or 'qpid-cluster --all-stop' on any one of the cluster
nodes. Once stopped, restart the cluster with 'service qpidd start' on
all nodes for the update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-6445.html
http://www.nessus.org/u?ae491241
http://rhn.redhat.com/errata/RHSA-2014-0441.html

Solution :

Update the affected cumin and / or mrg-release packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2014:0440)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated Grid component packages that fix two security issues, multiple
bugs, and provide several enhancements are now available for Red Hat
Enterprise MRG 2.5 for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
Moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

MRG Grid provides high-throughput computing and enables enterprises to
achieve higher peak computing capacity as well as improved
infrastructure utilization by leveraging their existing technology to
build high performance grids. MRG Grid provides a job-queueing
mechanism, scheduling policy, and a priority scheme, as well as
resource monitoring and resource management. Users submit their jobs
to MRG Grid, where they are placed into a queue. MRG Grid then chooses
when and where to run the jobs based upon a policy, carefully monitors
their progress, and ultimately informs the user upon completion.

A buffer over-read flaw was found in the way MongoDB handled BSON
data. A database user permitted to insert BSON data into a MongoDB
server could use this flaw to read server memory, potentially
disclosing sensitive data. (CVE-2012-6619)

Note: This update addresses CVE-2012-6619 by enabling the '--objcheck'
option in the /etc/mongodb.conf file. If you have edited this file,
the updated version will be stored as /etc/mongodb.conf.rpmnew, and
you will need to merge the changes into /etc/mongodb.conf manually.

It was found that MRG Management Console (cumin) used the crypt(3)
DES-based hash function to hash passwords. DES-based hashing has known
weaknesses that allow an attacker to recover plain text passwords from
hashes. An attacker able to compromise a cumin user database could
potentially use this flaw to recover plain text passwords from the
password hashes stored in that database. (CVE-2013-6445)

Note: In deployments where user account information is stored in a
database managed by cumin, it is recommended that users change their
passwords after this update is applied.

The CVE-2013-6445 issue was discovered by Tomáš Nováčik of the Red
Hat MRG Quality Engineering team.

These updated packages for Red Hat Enterprise Linux 6 also provide
numerous bug fixes and enhancements for the Grid component of Red Hat
Enterprise MRG. Space precludes documenting all of these changes in
this advisory. Refer to the Red Hat Enterprise MRG 2 Technical Notes
document, available shortly from the link in the References section,
for information on these changes.

All users of the Grid capabilities of Red Hat Enterprise MRG are
advised to upgrade to these updated packages, which correct these
issues and add these enhancements.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-6619.html
https://www.redhat.com/security/data/cve/CVE-2013-6445.html
http://www.nessus.org/u?ae491241
http://rhn.redhat.com/errata/RHSA-2014-0440.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2014:0439)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel-rt packages that fix multiple security issues, several
bugs, and add various enhancements are now available for Red Hat
Enterprise MRG 2.5.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

* A denial of service flaw was found in the way the Linux kernel's
IPv6 implementation processed IPv6 router advertisement (RA) packets.
An attacker able to send a large number of RA packets to a target
system could potentially use this flaw to crash the target system.
(CVE-2014-2309, Important)

* A flaw was found in the way the Linux kernel's netfilter connection
tracking implementation for Datagram Congestion Control Protocol
(DCCP) packets used the skb_header_pointer() function. A remote
attacker could use this flaw to send a specially crafted DCCP packet
to crash the system or, potentially, escalate their privileges on the
system. (CVE-2014-2523, Important)

* A flaw was found in the way the Linux kernel's CIFS implementation
handled uncached write operations with specially crafted iovec
structures. An unprivileged local user with access to a CIFS share
could use this flaw to crash the system, leak kernel memory, or,
potentially, escalate their privileges on the system. (CVE-2014-0069,
Moderate)

* A flaw was found in the way the Linux kernel handled pending
Floating Pointer Unit (FPU) exceptions during the switching of tasks.
A local attacker could use this flaw to terminate arbitrary processes
on the system, causing a denial of service, or, potentially, escalate
their privileges on the system. Note that this flaw only affected
systems using AMD CPUs on both 32-bit and 64-bit architectures.
(CVE-2014-1438, Moderate)

* It was found that certain protocol handlers in the Linux kernel's
networking implementation could set the addr_len value without
initializing the associated data structure. A local, unprivileged user
could use this flaw to leak kernel stack memory to user space using
the recvmsg, recvfrom, and recvmmsg system calls. (CVE-2013-7263,
CVE-2013-7265, Low)

* An information leak flaw was found in the Linux kernel's netfilter
connection tracking IRC NAT helper implementation that could allow a
remote attacker to disclose portions of kernel stack memory during IRC
DCC (Direct Client-to-Client) communication over NAT. (CVE-2014-1690,
Low)

* A denial of service flaw was discovered in the way the Linux
kernel's SELinux implementation handled files with an empty SELinux
security context. A local user who has the CAP_MAC_ADMIN capability
could use this flaw to crash the system. (CVE-2014-1874, Low)

Red Hat would like to thank Al Viro for reporting CVE-2014-0069. The
CVE-2014-1690 issue was discovered by Daniel Borkmann of Red Hat.

This update also fixes several bugs and adds multiple enhancements.
Documentation for these changes will be available shortly from the
Technical Notes document linked to in the References section.

Users are advised to upgrade to these updated packages, which upgrade
the kernel-rt kernel to version kernel-rt-3.10.33-rt32.33, correct
these issues, and fix the bugs and add the enhancements noted in the
Red Hat Enterprise MRG 2 Technical Notes. The system must be rebooted
for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-4483.html
https://www.redhat.com/security/data/cve/CVE-2013-7263.html
https://www.redhat.com/security/data/cve/CVE-2013-7265.html
https://www.redhat.com/security/data/cve/CVE-2013-7339.html
https://www.redhat.com/security/data/cve/CVE-2014-0069.html
https://www.redhat.com/security/data/cve/CVE-2014-1438.html
https://www.redhat.com/security/data/cve/CVE-2014-1690.html
https://www.redhat.com/security/data/cve/CVE-2014-1874.html
https://www.redhat.com/security/data/cve/CVE-2014-2309.html
https://www.redhat.com/security/data/cve/CVE-2014-2523.html
http://www.nessus.org/u?ae491241
http://rhn.redhat.com/errata/RHSA-2014-0439.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 : MRG (RHSA-2014:0261)


Synopsis:

The remote Red Hat host is missing a security update.

Description:

This is the one-month notification for the retirement of Red Hat
Enterprise MRG Version 1 for Red Hat Enterprise Linux 5. This
notification applies only to those customers with subscriptions for
Red Hat Enterprise MRG Version 1 for Red Hat Enterprise Linux 5.

In accordance with the Red Hat Enterprise MRG Life Cycle policy, the
Red Hat Enterprise MRG product, which includes MRG-Messaging,
MRG-Realtime, and MRG-Grid, Version 1 offering for Red Hat Enterprise
Linux 5 will be retired as of March 31, 2014, and support will no
longer be provided.

Accordingly, Red Hat will no longer provide updated packages,
including critical impact security patches or urgent priority bug
fixes, for MRG-Messaging, MRG-Realtime, and MRG-Grid Version 1 on Red
Hat Enterprise Linux 5 after that date. In addition, technical support
through Red Hat's Global Support Services will no longer be provided
for Red Hat Enterprise MRG Version 1 on Red Hat Enterprise Linux 5
after March 31, 2014.

We encourage customers to plan their migration from Red Hat Enterprise
MRG Version 1 for Red Hat Enterprise Linux 5 to Red Hat Enterprise MRG
Version 2 on either Red Hat Enterprise Linux 5 or Red Hat Enterprise
Linux 6. As a benefit of the Red Hat subscription model, customers can
use their active Red Hat Enterprise MRG subscriptions to entitle any
system on a currently supported version of those products.

Details of the Red Hat Enterprise MRG life cycle can be found here:
https://access.redhat.com/site/support/policy/updates/mrg/

See also :

https://access.redhat.com/site/support/policy/updates/mrg/
http://rhn.redhat.com/errata/RHSA-2014-0261.html

Solution :

Update the affected mrg-release package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2014:0100)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel-rt packages that fix multiple security issues and
several bugs are now available for Red Hat Enterprise MRG 2.4.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel's TCP/IP protocol suite
implementation handled sending of certain UDP packets over sockets
that used the UDP_CORK option when the UDP Fragmentation Offload (UFO)
feature was enabled on the output device. A local, unprivileged user
could use this flaw to cause a denial of service or, potentially,
escalate their privileges on the system. (CVE-2013-4470, Important)

* A flaw was found in the way the perf_trace_event_perm() function in
the Linux kernel checked permissions for the function tracer
functionality. An unprivileged local user could use this flaw to
enable function tracing and cause a denial of service on the system.
(CVE-2013-2930, Moderate)

* A flaw was found in the way the net_ctl_permissions() function in
the Linux kernel checked access permissions. A local, unprivileged
user could potentially use this flaw to access certain files in
/proc/sys/net regardless of the underlying file system permissions.
(CVE-2013-4270, Moderate)

* A flaw was found in the way the Linux kernel's Adaptec RAID
controller (aacraid) checked permissions of compat IOCTLs. A local
attacker could use this flaw to bypass intended security restrictions.
(CVE-2013-6383, Moderate)

* A flaw was found in the way the get_dumpable() function return value
was interpreted in the ptrace subsystem of the Linux kernel. When
'fs.suid_dumpable' was set to 2, a local, unprivileged local user
could use this flaw to bypass intended ptrace restrictions and obtain
potentially sensitive information. (CVE-2013-2929, Low)

* An invalid pointer dereference flaw was found in the Marvell 8xxx
Libertas WLAN (libertas) driver in the Linux kernel. A local user able
to write to a file that is provided by the libertas driver and located
on the debug file system (debugfs) could use this flaw to crash the
system. Note: The debugfs file system must be mounted locally to
exploit this issue. It is not mounted by default. (CVE-2013-6378, Low)

* A NULL pointer dereference flaw was found in the Linux kernel's IPv6
source address-based routing implementation. A local attacker who has
the CAP_NET_ADMIN capability could use this flaw to crash the system.
(CVE-2013-6431, Low)

Red Hat would like to thank Hannes Frederic Sowa for reporting
CVE-2013-4470. The CVE-2013-4270 issue was discovered by Miroslav
Vadkerti of Red Hat.

This update also fixes multiple bugs. Documentation for these changes
will be available shortly from the Technical Notes document linked to
in the References section.

Users should upgrade to these updated packages, which upgrade the
kernel-rt kernel to version kernel-rt-3.8.13-rt27, correct these
issues, and fix the bugs noted in the Red Hat Enterprise MRG 2
Technical Notes. The system must be rebooted for this update to take
effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-2929.html
https://www.redhat.com/security/data/cve/CVE-2013-2930.html
https://www.redhat.com/security/data/cve/CVE-2013-4270.html
https://www.redhat.com/security/data/cve/CVE-2013-4470.html
https://www.redhat.com/security/data/cve/CVE-2013-6378.html
https://www.redhat.com/security/data/cve/CVE-2013-6383.html
https://www.redhat.com/security/data/cve/CVE-2013-6431.html
http://www.nessus.org/u?ae491241
http://rhn.redhat.com/errata/RHSA-2014-0100.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2013:1852)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated Grid component packages that fix multiple security issues are
now available for Red Hat Enterprise MRG 2.4 for Red Hat Enterprise
Linux 6.

The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

MRG Grid provides high-throughput computing and enables enterprises to
achieve higher peak computing capacity as well as improved
infrastructure utilization by leveraging their existing technology to
build high performance grids. MRG Grid provides a job-queueing
mechanism, scheduling policy, and a priority scheme, as well as
resource monitoring and resource management. Users submit their jobs
to MRG Grid, where they are placed into a queue. MRG Grid then chooses
when and where to run the jobs based upon a policy, carefully monitors
their progress, and ultimately informs the user upon completion.

It was found that, when using RubyGems, the connection could be
redirected from HTTPS to HTTP. This could lead to a user believing
they are installing a gem via HTTPS, when the connection may have been
silently downgraded to HTTP. (CVE-2012-2125)

It was found that RubyGems did not verify SSL connections. This could
lead to man-in-the-middle attacks. (CVE-2012-2126)

It was discovered that the rubygems API validated version strings
using an unsafe regular expression. An application making use of this
API to process a version string from an untrusted source could be
vulnerable to a denial of service attack through CPU exhaustion.
(CVE-2013-4287)

A flaw was found in the way cumin enforced user roles, allowing an
unprivileged cumin user to access a range of resources without having
the appropriate role. A remote, authenticated attacker could use this
flaw to access privileged information, and perform a variety of
privileged operations. (CVE-2013-4404)

It was found that multiple forms in the cumin web interface did not
protect against Cross-Site Request Forgery (CSRF) attacks. If a remote
attacker could trick a user, who is logged into the cumin web
interface, into visiting a specially crafted URL, the attacker could
perform actions in the context of the logged in user. (CVE-2013-4405)

It was found that cumin did not properly escape input from the 'Max
allowance' field in the 'Set limit' form of the cumin web interface. A
remote attacker could use this flaw to perform cross-site scripting
(XSS) attacks against victims by tricking them into visiting a
specially crafted URL. (CVE-2013-4414)

A flaw was found in the way cumin parsed POST request data. A remote
attacker could potentially use this flaw to perform SQL injection
attacks on cumin's database. (CVE-2013-4461)

Red Hat would like to thank Rubygems upstream for reporting
CVE-2013-4287. Upstream acknowledges Damir Sharipov as the original
reporter of CVE-2013-4287. The CVE-2013-4404, CVE-2013-4405,
CVE-2013-4414, and CVE-2013-4461 issues were discovered by Tomáš
Nováčik of the Red Hat MRG Quality Engineering team.

All users of the Grid capabilities of Red Hat Enterprise MRG are
advised to upgrade to these updated packages, which correct these
issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-2125.html
https://www.redhat.com/security/data/cve/CVE-2012-2126.html
https://www.redhat.com/security/data/cve/CVE-2013-4287.html
https://www.redhat.com/security/data/cve/CVE-2013-4404.html
https://www.redhat.com/security/data/cve/CVE-2013-4405.html
https://www.redhat.com/security/data/cve/CVE-2013-4414.html
https://www.redhat.com/security/data/cve/CVE-2013-4461.html
http://rhn.redhat.com/errata/RHSA-2013-1852.html

Solution :

Update the affected cumin and / or rubygems packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 : MRG (RHSA-2013:1851)


Synopsis:

The remote Red Hat host is missing a security update.

Description:

An updated Grid component package that fixes multiple security issues
is now available for Red Hat Enterprise MRG 2.4 for Red Hat Enterprise
Linux 5.

The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

[Updated 17 December 2013] This erratum previously incorrectly listed
RubyGems issues CVE-2012-2125, CVE-2012-2126 and CVE-2013-4287 as
addressed by this update. However, the rubygems component is not
included as part of Red Hat Enterprise MRG 2.4 for Red Hat Enterprise
Linux 5 and is only included as part of Red Hat Enterprise MRG 2.4 for
Red Hat Enterprise Linux 6. These issues were corrected there via
RHSA-2013:1852.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

MRG Grid provides high-throughput computing and enables enterprises to
achieve higher peak computing capacity as well as improved
infrastructure utilization by leveraging their existing technology to
build high performance grids. MRG Grid provides a job-queueing
mechanism, scheduling policy, and a priority scheme, as well as
resource monitoring and resource management. Users submit their jobs
to MRG Grid, where they are placed into a queue. MRG Grid then chooses
when and where to run the jobs based upon a policy, carefully monitors
their progress, and ultimately informs the user upon completion.

A flaw was found in the way cumin enforced user roles, allowing an
unprivileged cumin user to access a range of resources without having
the appropriate role. A remote, authenticated attacker could use this
flaw to access privileged information, and perform a variety of
privileged operations. (CVE-2013-4404)

It was found that multiple forms in the cumin web interface did not
protect against Cross-Site Request Forgery (CSRF) attacks. If a remote
attacker could trick a user, who is logged into the cumin web
interface, into visiting a specially crafted URL, the attacker could
perform actions in the context of the logged in user. (CVE-2013-4405)

It was found that cumin did not properly escape input from the 'Max
allowance' field in the 'Set limit' form of the cumin web interface. A
remote attacker could use this flaw to perform cross-site scripting
(XSS) attacks against victims by tricking them into visiting a
specially crafted URL. (CVE-2013-4414)

A flaw was found in the way cumin parsed POST request data. A remote
attacker could potentially use this flaw to perform SQL injection
attacks on cumin's database. (CVE-2013-4461)

The CVE-2013-4404, CVE-2013-4405, CVE-2013-4414, and CVE-2013-4461
issues were discovered by Tomáš Nováčik of the Red Hat MRG Quality
Engineering team.

All users of the Grid capabilities of Red Hat Enterprise MRG are
advised to upgrade to this updated package, which corrects these
issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-4404.html
https://www.redhat.com/security/data/cve/CVE-2013-4405.html
https://www.redhat.com/security/data/cve/CVE-2013-4414.html
https://www.redhat.com/security/data/cve/CVE-2013-4461.html
http://rhn.redhat.com/errata/RHSA-2013-1851.html

Solution :

Update the affected cumin package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2013:1490)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel-rt packages that fix multiple security issues and one
bug are now available for Red Hat Enterprise MRG 2.4.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way IP packets with an Internet Header
Length (ihl) of zero were processed in the skb_flow_dissect() function
in the Linux kernel. A remote attacker could use this flaw to trigger
an infinite loop in the kernel, leading to a denial of service.
(CVE-2013-4348, Important)

* A flaw was found in the way the Linux kernel's IPv6 implementation
handled certain UDP packets when the UDP Fragmentation Offload (UFO)
feature was enabled. A remote attacker could use this flaw to crash
the system or, potentially, escalate their privileges on the system.
(CVE-2013-4387, Important)

* A flaw was found in the way the Linux kernel handled the creation of
temporary IPv6 addresses. If the IPv6 privacy extension was enabled
(/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on
the local network could disable IPv6 temporary address generation,
leading to a potential information disclosure. (CVE-2013-0343,
Moderate)

* A flaw was found in the way the Linux kernel handled HID (Human
Interface Device) reports with an out-of-bounds Report ID. An attacker
with physical access to the system could use this flaw to crash the
system or, potentially, escalate their privileges on the system.
(CVE-2013-2888, Moderate)

* Heap-based buffer overflow flaws were found in the way the
Pantherlord/GreenAsia game controller driver, the Logitech force
feedback drivers, and the Logitech Unifying receivers driver handled
HID reports. An attacker with physical access to the system could use
these flaws to crash the system or, potentially, escalate their
privileges on the system. (CVE-2013-2892, CVE-2013-2893,
CVE-2013-2895, Moderate)

* A NULL pointer dereference flaw was found in the way the N-Trig
touch screen driver handled HID reports. An attacker with physical
access to the system could use this flaw to crash the system,
resulting in a denial of service. (CVE-2013-2896, Moderate)

* An information leak flaw was found in the way the Linux kernel's
device mapper subsystem, under certain conditions, interpreted data
written to snapshot block devices. An attacker could use this flaw to
read data from disk blocks in free space, which are normally
inaccessible. (CVE-2013-4299, Moderate)

* A use-after-free flaw was found in the tun_set_iff() function in the
Universal TUN/TAP device driver implementation in the Linux kernel. A
privileged user could use this flaw to crash the system or,
potentially, further escalate their privileges on the system.
(CVE-2013-4343, Moderate)

* An off-by-one flaw was found in the way the ANSI CPRNG
implementation in the Linux kernel processed non-block size aligned
requests. This could lead to random numbers being generated with less
bits of entropy than expected when ANSI CPRNG was used.
(CVE-2013-4345, Moderate)

* A flaw was found in the way the Linux kernel's IPv6 SCTP
implementation interacted with the IPsec subsystem. This resulted in
unencrypted SCTP packets being sent over the network even though IPsec
encryption was enabled. An attacker able to inspect these SCTP packets
could use this flaw to obtain potentially sensitive information.
(CVE-2013-4350, Moderate)

Red Hat would like to thank Fujitsu for reporting CVE-2013-4299 and
Stephan Mueller for reporting CVE-2013-4345. The CVE-2013-4348 issue
was discovered by Jason Wang of Red Hat.

Bug fix :

* RoCE appeared to be supported in the MRG Realtime kernel even when
the required user space packages from the HPN channel were not
installed. The Realtime kernel now checks for the HPN channel packages
before exposing the RoCE interfaces. RoCE devices appear as plain
10GigE devices if the needed HPN channel user space packages are not
installed. (BZ#1012993)

Users should upgrade to these updated packages, which upgrade the
kernel-rt kernel to version kernel-rt-3.8.13-rt14, and correct these
issues. The system must be rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-0343.html
https://www.redhat.com/security/data/cve/CVE-2013-2888.html
https://www.redhat.com/security/data/cve/CVE-2013-2892.html
https://www.redhat.com/security/data/cve/CVE-2013-2893.html
https://www.redhat.com/security/data/cve/CVE-2013-2895.html
https://www.redhat.com/security/data/cve/CVE-2013-2896.html
https://www.redhat.com/security/data/cve/CVE-2013-4299.html
https://www.redhat.com/security/data/cve/CVE-2013-4343.html
https://www.redhat.com/security/data/cve/CVE-2013-4345.html
https://www.redhat.com/security/data/cve/CVE-2013-4348.html
https://www.redhat.com/security/data/cve/CVE-2013-4350.html
https://www.redhat.com/security/data/cve/CVE-2013-4387.html
http://rhn.redhat.com/errata/RHSA-2013-1490.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 : MRG (RHSA-2013:1399)


Synopsis:

The remote Red Hat host is missing a security update.

Description:

This is the 6-month notification for the retirement of Red Hat
Enterprise MRG Version 1 and Version 2 for Red Hat Enterprise Linux 5.

In accordance with the Red Hat Enterprise MRG Life Cycle policy, the
Red Hat Enterprise MRG products, which include the MRG-Messaging,
MRG-Realtime, and MRG-Grid, Version 1 and Version 2 offerings for Red
Hat Enterprise Linux 5 will be retired as of March 31, 2014, and
support will no longer be provided.

Accordingly, Red Hat will no longer provide updated packages,
including critical impact security patches or urgent priority bug
fixes, for MRG-Messaging, MRG-Realtime, and MRG-Grid on Red Hat
Enterprise Linux 5 after that date. In addition, technical support
through Red Hat's Global Support Services will no longer be provided
for these products on Red Hat Enterprise Linux 5 after March 31, 2014.

Note: This notification applies only to those customers with
subscriptions for Red Hat Enterprise MRG Version 1 and Version 2 for
Red Hat Enterprise Linux 5.

We encourage customers to plan their migration from Red Hat Enterprise
MRG Version 1 and Version 2 for Red Hat Enterprise Linux 5 to Red Hat
Enterprise MRG Version 2 on Red Hat Enterprise Linux 6. As a benefit
of the Red Hat subscription model, customers can use their active Red
Hat Enterprise MRG subscriptions to entitle any system on a currently
supported version of that product.

Details of the Red Hat Enterprise MRG life cycle can be found here:
https://access.redhat.com/support/policy/updates/mrg/

See also :

https://access.redhat.com/support/policy/updates/mrg/
http://rhn.redhat.com/errata/RHSA-2013-1399.html

Solution :

Update the affected mrg-release package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 : MRG (RHSA-2013:1295)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated Grid component packages that fix one security issue, multiple
bugs, and add various enhancements are now available for Red Hat
Enterprise MRG 2.4 for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

MRG Grid provides high-throughput computing and enables enterprises to
achieve higher peak computing capacity as well as improved
infrastructure utilization by leveraging their existing technology to
build high performance grids. MRG Grid provides a job-queueing
mechanism, scheduling policy, and a priority scheme, as well as
resource monitoring and resource management. Users submit their jobs
to MRG Grid, where they are placed into a queue. MRG Grid then chooses
when and where to run the jobs based upon a policy, carefully monitors
their progress, and ultimately informs the user upon completion.

A denial of service flaw was found in the way cumin, a web management
console for MRG, processed certain Ajax update queries. A remote
attacker could use this flaw to issue a specially crafted HTTP
request, causing excessive use of CPU time and memory on the system.
(CVE-2013-4284)

The CVE-2013-4284 issue was discovered by Tomas Novacik of Red Hat.

These updated packages for Red Hat Enterprise Linux 5 provide numerous
enhancements and bug fixes for the Grid component of MRG. Some of the
most important enhancements include :

* Improved resource utilization with scheduler driven slot
partitioning * Enhanced integration with existing user & group
management technology, specifically allowing group and netgroup
specifications in HTCondor security policies * Addition of global job
priorities, allowing for priority to span scaled-out queues * Reduced
memory utilization per running job

Space precludes documenting all of these changes in this advisory.
Refer to the Red Hat Enterprise MRG 2 Technical Notes document,
available shortly from the link in the References section, for
information on these changes.

All users of the Grid capabilities of Red Hat Enterprise MRG are
advised to upgrade to these updated packages, which correct this
issue, and fix the bugs and add the enhancements noted in the Red Hat
Enterprise MRG 2 Technical Notes.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-4284.html
http://www.nessus.org/u?ae491241
http://rhn.redhat.com/errata/RHSA-2013-1295.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2013:1294)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated Grid component packages that fix one security issue, multiple
bugs, and add various enhancements are now available for Red Hat
Enterprise MRG 2.4 for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

MRG Grid provides high-throughput computing and enables enterprises to
achieve higher peak computing capacity as well as improved
infrastructure utilization by leveraging their existing technology to
build high performance grids. MRG Grid provides a job-queueing
mechanism, scheduling policy, and a priority scheme, as well as
resource monitoring and resource management. Users submit their jobs
to MRG Grid, where they are placed into a queue. MRG Grid then chooses
when and where to run the jobs based upon a policy, carefully monitors
their progress, and ultimately informs the user upon completion.

A denial of service flaw was found in the way cumin, a web management
console for MRG, processed certain Ajax update queries. A remote
attacker could use this flaw to issue a specially crafted HTTP
request, causing excessive use of CPU time and memory on the system.
(CVE-2013-4284)

The CVE-2013-4284 issue was discovered by Tomas Novacik of Red Hat.

These updated packages for Red Hat Enterprise Linux 6 provide numerous
enhancements and bug fixes for the Grid component of MRG. Some of the
most important enhancements include :

* Improved resource utilization with scheduler driven slot
partitioning * Enhanced integration with existing user & group
management technology, specifically allowing group and netgroup
specifications in HTCondor security policies * Addition of global job
priorities, allowing for priority to span scaled-out queues * Reduced
memory utilization per running job

Space precludes documenting all of these changes in this advisory.
Refer to the Red Hat Enterprise MRG 2 Technical Notes document,
available shortly from the link in the References section, for
information on these changes.

All users of the Grid capabilities of Red Hat Enterprise MRG are
advised to upgrade to these updated packages, which correct this
issue, and fix the bugs and add the enhancements noted in the Red Hat
Enterprise MRG 2 Technical Notes.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-4284.html
http://www.nessus.org/u?ae491241
http://rhn.redhat.com/errata/RHSA-2013-1294.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2013:1264)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel-rt packages that fix several security issues and
multiple bugs are now available for Red Hat Enterprise MRG 2.3.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues :

* A heap-based buffer overflow flaw was found in the Linux kernel's
iSCSI target subsystem. A remote attacker could use a
specially-crafted iSCSI request to cause a denial of service on a
system or, potentially, escalate their privileges on that system.
(CVE-2013-2850, Important)

* A flaw was found in the Linux kernel's Performance Events
implementation. On systems with certain Intel processors, a local,
unprivileged user could use this flaw to cause a denial of service by
leveraging the perf subsystem to write into the reserved bits of the
OFFCORE_RSP_0 and OFFCORE_RSP_1 model-specific registers.
(CVE-2013-2146, Moderate)

* An invalid pointer dereference flaw was found in the Linux kernel's
TCP/IP protocol suite implementation. A local, unprivileged user could
use this flaw to crash the system or, potentially, escalate their
privileges on the system by using sendmsg() with an IPv6 socket
connected to an IPv4 destination. (CVE-2013-2232, Moderate)

* Two flaws were found in the way the Linux kernel's TCP/IP protocol
suite implementation handled IPv6 sockets that used the UDP_CORK
option. A local, unprivileged user could use these flaws to cause a
denial of service. (CVE-2013-4162, CVE-2013-4163, Moderate)

* A flaw was found in the Linux kernel's Chipidea USB driver. A local,
unprivileged user could use this flaw to cause a denial of service.
(CVE-2013-2058, Low)

* Information leak flaws in the Linux kernel could allow a privileged,
local user to leak kernel memory to user-space. (CVE-2013-2147,
CVE-2013-2164, CVE-2013-2234, CVE-2013-2237, Low)

* Information leak flaws in the Linux kernel could allow a local,
unprivileged user to leak kernel memory to user-space. (CVE-2013-2141,
CVE-2013-2148, Low)

* A format string flaw was found in the Linux kernel's block layer. A
privileged, local user could potentially use this flaw to escalate
their privileges to kernel level (ring0). (CVE-2013-2851, Low)

* A format string flaw was found in the b43_do_request_fw() function
in the Linux kernel's b43 driver implementation. A local user who is
able to specify the 'fwpostfix' b43 module parameter could use this
flaw to cause a denial of service or, potentially, escalate their
privileges. (CVE-2013-2852, Low)

* A NULL pointer dereference flaw was found in the Linux kernel's
ftrace and function tracer implementations. A local user who has the
CAP_SYS_ADMIN capability could use this flaw to cause a denial of
service. (CVE-2013-3301, Low)

Red Hat would like to thank Kees Cook for reporting CVE-2013-2850,
CVE-2013-2851, and CVE-2013-2852
and Hannes Frederic Sowa for
reporting CVE-2013-4162 and CVE-2013-4163.

This update also fixes the following bugs :

* The following drivers have been updated, fixing a number of bugs:
myri10ge, bna, enic, mlx4, bgmac, bcma, cxgb3, cxgb4, qlcnic, r8169,
be2net, e100, e1000, e1000e, igb, ixgbe, brcm80211, cpsw, pch_gbe,
bfin_mac, bnx2x, bnx2, cnic, tg3, and sfc. (BZ#974138)

* The realtime kernel was not built with the CONFIG_NET_DROP_WATCH
kernel configuration option enabled. As such, attempting to run the
dropwatch command resulted in the following error :

Unable to find NET_DM family, dropwatch can't work Cleaning up on
socket creation error

With this update, the realtime kernel is built with the
CONFIG_NET_DROP_WATCH option, allowing dropwatch to work as expected.
(BZ#979417)

Users should upgrade to these updated packages, which upgrade the
kernel-rt kernel to version kernel-rt-3.6.11.5-rt37, and correct these
issues. The system must be rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-2058.html
https://www.redhat.com/security/data/cve/CVE-2013-2141.html
https://www.redhat.com/security/data/cve/CVE-2013-2146.html
https://www.redhat.com/security/data/cve/CVE-2013-2147.html
https://www.redhat.com/security/data/cve/CVE-2013-2148.html
https://www.redhat.com/security/data/cve/CVE-2013-2164.html
https://www.redhat.com/security/data/cve/CVE-2013-2232.html
https://www.redhat.com/security/data/cve/CVE-2013-2234.html
https://www.redhat.com/security/data/cve/CVE-2013-2237.html
https://www.redhat.com/security/data/cve/CVE-2013-2850.html
https://www.redhat.com/security/data/cve/CVE-2013-2851.html
https://www.redhat.com/security/data/cve/CVE-2013-2852.html
https://www.redhat.com/security/data/cve/CVE-2013-3301.html
https://www.redhat.com/security/data/cve/CVE-2013-4162.html
https://www.redhat.com/security/data/cve/CVE-2013-4163.html
http://rhn.redhat.com/errata/RHSA-2013-1264.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.9
(CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2013:1172)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated condor packages that fix one security issue are now available
for Red Hat Enterprise MRG 2.3 for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

HTCondor is a specialized workload management system for
compute-intensive jobs. It provides a job queuing mechanism,
scheduling policy, priority scheme, and resource monitoring and
management.

A denial of service flaw was found in the way HTCondor's policy
definition evaluator processed certain policy definitions. If an
administrator used an attribute defined on a job in a CONTINUE, KILL,
PREEMPT, or SUSPEND condor_startd policy, a remote HTCondor service
user could use this flaw to cause condor_startd to exit by submitting
a job that caused such a policy definition to be evaluated to either
the ERROR or UNDEFINED states. (CVE-2013-4255)

Note: This issue did not affect the default HTCondor configuration.

This issue was found by Matthew Farrellee of Red Hat.

All Red Hat Enterprise MRG 2.3 users are advised to upgrade to these
updated packages, which contain a backported patch to correct this
issue. HTCondor must be restarted for the update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-4255.html
http://rhn.redhat.com/errata/RHSA-2013-1172.html

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 : MRG (RHSA-2013:1171)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated condor packages that fix one security issue are now available
for Red Hat Enterprise MRG 2.3 for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

HTCondor is a specialized workload management system for
compute-intensive jobs. It provides a job queuing mechanism,
scheduling policy, priority scheme, and resource monitoring and
management.

A denial of service flaw was found in the way HTCondor's policy
definition evaluator processed certain policy definitions. If an
administrator used an attribute defined on a job in a CONTINUE, KILL,
PREEMPT, or SUSPEND condor_startd policy, a remote HTCondor service
user could use this flaw to cause condor_startd to exit by submitting
a job that caused such a policy definition to be evaluated to either
the ERROR or UNDEFINED states. (CVE-2013-4255)

Note: This issue did not affect the default HTCondor configuration.

This issue was found by Matthew Farrellee of Red Hat.

All Red Hat Enterprise MRG 2.3 users are advised to upgrade to these
updated packages, which contain a backported patch to correct this
issue. HTCondor must be restarted for the update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-4255.html
http://rhn.redhat.com/errata/RHSA-2013-1171.html

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2013:1170)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated mongodb and pymongo packages that fix two security issues and
add one enhancement are now available for Red Hat Enterprise MRG 2.3
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

MongoDB is a NoSQL database. PyMongo provides tools for working with
MongoDB.

A flaw was found in the run() function implementation in MongoDB. A
database user permitted to send database queries to a MongoDB server
could use this flaw to crash the server or, possibly, execute
arbitrary code with the privileges of the mongodb user.
(CVE-2013-1892)

A NULL pointer dereference flaw was found in PyMongo. An invalid DBRef
record received from a MongoDB server could cause an application using
PyMongo to crash. (CVE-2013-2132)

Note: In Red Hat Enterprise MRG Grid, MongoDB is not accessed by users
directly and is only accessed by other Grid services, such as Condor
and Cumin.

This update also adds the following enhancement :

* Previously, MongoDB was configured to listen for connections on all
network interfaces. This could allow remote users to access the
database if the firewall was configured to allow access to the MongoDB
port (access is blocked by the default firewall configuration in Red
Hat Enterprise Linux). This update changes the configuration to only
listen on the loopback interface by default. (BZ#892767)

Users of Red Hat Enterprise MRG 2.3 for Red Hat Enterprise Linux 6 are
advised to upgrade to these updated packages, which contain backported
patches to resolve these issues and add this enhancement. After
installing this update, MongoDB will be restarted automatically.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-1892.html
https://www.redhat.com/security/data/cve/CVE-2013-2132.html
http://rhn.redhat.com/errata/RHSA-2013-1170.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.2
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2013:1024)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated Messaging component packages that fix one security issue and
multiple bugs are now available for Red Hat Enterprise MRG 2.3 for Red
Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

MRG Messaging is a high-speed reliable messaging distribution for
Linux based on AMQP (Advanced Message Queuing Protocol), an open
protocol standard for enterprise messaging that is designed to make
mission critical messaging widely available as a standard service, and
to make enterprise messaging interoperable across platforms,
programming languages, and vendors. MRG Messaging includes an AMQP
0-10 messaging broker
AMQP 0-10 client libraries for C++, Java JMS,
and Python
as well as persistence libraries and management tools.

It was discovered that the Qpid Python client library for AMQP did not
properly perform TLS/SSL certificate validation of the remote server's
certificate, even when the 'ssl_trustfile' connection option was
specified. A rogue server could use this flaw to conduct
man-in-the-middle attacks, possibly leading to the disclosure of
sensitive information. (CVE-2013-1909)

With this update, Python programs can instruct the library to validate
server certificates by specifying a path to a file containing trusted
CA certificates.

This issue was discovered by Petr Matousek of the Red Hat MRG
Messaging team.

This update also fixes multiple bugs. Documentation for these changes
will be available shortly from the Technical Notes document linked to
in the References section.

All users of the Messaging capabilities of Red Hat Enterprise MRG 2.3
are advised to upgrade to these updated packages, which resolve the
issues noted in the Red Hat Enterprise MRG 2 Technical Notes. After
installing the updated packages, stop the cluster by either running
'service qpidd stop' on all nodes, or 'qpid-cluster --all-stop' on any
one of the cluster nodes. Once stopped, restart the cluster with
'service qpidd start' on all nodes for the update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-1909.html
http://www.nessus.org/u?ae491241
http://rhn.redhat.com/errata/RHSA-2013-1024.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 4.8
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2013:0829)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel-rt packages that fix several security issues and
multiple bugs are now available for Red Hat Enterprise MRG 2.3.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Security fixes :

* It was found that the kernel-rt update RHBA-2012:0044 introduced an
integer conversion issue in the Linux kernel's Performance Events
implementation. This led to a user-supplied index into the
perf_swevent_enabled array not being validated properly, resulting in
out-of-bounds kernel memory access. A local, unprivileged user could
use this flaw to escalate their privileges. (CVE-2013-2094, Important)

A public exploit for CVE-2013-2094 that affects Red Hat Enterprise MRG
2 is available. Refer to Red Hat Knowledge Solution 373743, linked to
in the References, for further information and mitigation instructions
for users who are unable to immediately apply this update.

* An integer overflow flaw, leading to a heap-based buffer overflow,
was found in the way the Intel i915 driver in the Linux kernel handled
the allocation of the buffer used for relocation copies. A local user
with console access could use this flaw to cause a denial of service
or escalate their privileges. (CVE-2013-0913, Important)

* It was found that the Linux kernel used effective user and group IDs
instead of real ones when passing messages with SCM_CREDENTIALS
ancillary data. A local, unprivileged user could leverage this flaw
with a set user ID (setuid) application, allowing them to escalate
their privileges. (CVE-2013-1979, Important)

* A race condition in install_user_keyrings(), leading to a NULL
pointer dereference, was found in the key management facility. A
local, unprivileged user could use this flaw to cause a denial of
service. (CVE-2013-1792, Moderate)

* A NULL pointer dereference flaw was found in the Linux kernel's XFS
file system implementation. A local user who is able to mount an XFS
file system could use this flaw to cause a denial of service.
(CVE-2013-1819, Moderate)

* An information leak was found in the Linux kernel's POSIX signals
implementation. A local, unprivileged user could use this flaw to
bypass the Address Space Layout Randomization (ASLR) security feature.
(CVE-2013-0914, Low)

* A use-after-free flaw was found in the tmpfs implementation. A local
user able to mount and unmount a tmpfs file system could use this flaw
to cause a denial of service or, potentially, escalate their
privileges. (CVE-2013-1767, Low)

* A NULL pointer dereference flaw was found in the Linux kernel's USB
Inside Out Edgeport Serial Driver implementation. A local user with
physical access to a system and with access to a USB device's tty file
could use this flaw to cause a denial of service. (CVE-2013-1774, Low)

* A format string flaw was found in the ext3_msg() function in the
Linux kernel's ext3 file system implementation. A local user who is
able to mount an ext3 file system could use this flaw to cause a
denial of service or, potentially, escalate their privileges.
(CVE-2013-1848, Low)

* A heap-based buffer overflow flaw was found in the Linux kernel's
cdc-wdm driver, used for USB CDC WCM device management. An attacker
with physical access to a system could use this flaw to cause a denial
of service or, potentially, escalate their privileges. (CVE-2013-1860,
Low)

* A heap-based buffer overflow in the way the tg3 Ethernet driver
parsed the vital product data (VPD) of devices could allow an attacker
with physical access to a system to cause a denial of service or,
potentially, escalate their privileges. (CVE-2013-1929, Low)

* Information leaks in the Linux kernel's cryptographic API could
allow a local user who has the CAP_NET_ADMIN capability to leak kernel
stack memory to user-space. (CVE-2013-2546, CVE-2013-2547,
CVE-2013-2548, Low)

* Information leaks in the Linux kernel could allow a local,
unprivileged user to leak kernel stack memory to user-space.
(CVE-2013-2634, CVE-2013-2635, CVE-2013-3076, CVE-2013-3222,
CVE-2013-3224, CVE-2013-3225, CVE-2013-3231, Low)

Red Hat would like to thank Andy Lutomirski for reporting
CVE-2013-1979. CVE-2013-1792 was discovered by Mateusz Guzik of Red
Hat EMEA GSS SEG Team.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-0913.html
https://www.redhat.com/security/data/cve/CVE-2013-0914.html
https://www.redhat.com/security/data/cve/CVE-2013-1767.html
https://www.redhat.com/security/data/cve/CVE-2013-1774.html
https://www.redhat.com/security/data/cve/CVE-2013-1792.html
https://www.redhat.com/security/data/cve/CVE-2013-1819.html
https://www.redhat.com/security/data/cve/CVE-2013-1848.html
https://www.redhat.com/security/data/cve/CVE-2013-1860.html
https://www.redhat.com/security/data/cve/CVE-2013-1929.html
https://www.redhat.com/security/data/cve/CVE-2013-1979.html
https://www.redhat.com/security/data/cve/CVE-2013-2094.html
https://www.redhat.com/security/data/cve/CVE-2013-2546.html
https://www.redhat.com/security/data/cve/CVE-2013-2547.html
https://www.redhat.com/security/data/cve/CVE-2013-2548.html
https://www.redhat.com/security/data/cve/CVE-2013-2634.html
https://www.redhat.com/security/data/cve/CVE-2013-2635.html
https://www.redhat.com/security/data/cve/CVE-2013-3076.html
https://www.redhat.com/security/data/cve/CVE-2013-3222.html
https://www.redhat.com/security/data/cve/CVE-2013-3224.html
https://www.redhat.com/security/data/cve/CVE-2013-3225.html
https://www.redhat.com/security/data/cve/CVE-2013-3231.html
https://access.redhat.com/site/solutions/373743
https://rhn.redhat.com/errata/RHBA-2012-0044.html
http://www.nessus.org/u?ae491241
http://rhn.redhat.com/errata/RHSA-2013-0829.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2013:0622)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel-rt packages that fix several security issues and three
bugs are now available for Red Hat Enterprise MRG 2.3.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues :

* A flaw was found in the way file permission checks for the
'/dev/cpu/[x]/msr' files were performed in restricted root
environments (for example, when using a capability-based security
model). A local user with the ability to write to these files could
use this flaw to escalate their privileges to kernel level, for
example, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268,
Important)

* A race condition was found in the way the Linux kernel's ptrace
implementation handled PTRACE_SETREGS requests when the debuggee was
woken due to a SIGKILL signal instead of being stopped. A local,
unprivileged user could use this flaw to escalate their privileges.
(CVE-2013-0871, Important)

* An out-of-bounds access flaw was found in the way
SOCK_DIAG_BY_FAMILY Netlink messages were processed in the Linux
kernel. A local, unprivileged user could use this flaw to escalate
their privileges. (CVE-2013-1763, Important)

* It was found that the default SCSI command filter does not
accommodate commands that overlap across device classes. A privileged
guest user could potentially use this flaw to write arbitrary data to
a LUN that is passed-through as read-only. (CVE-2012-4542, Moderate)

* A flaw was found in the way the __skb_recv_datagram() function in
the Linux kernel processed payload-less socket buffers (skb) when the
MSG_PEEK option was requested. A local, unprivileged user could use
this flaw to cause a denial of service (infinite loop).
(CVE-2013-0290, Moderate)

The CVE-2012-4542 issue was discovered by Paolo Bonzini of Red Hat.

This update also fixes the following bugs :

* There was high contention on run-queue lock when load balancing
before idling, causing latency spikes on high CPU core count systems.
With this update, IPI is used to send notification to cores with
pending work, and the cores push the work rather than trying to pull
it, resolving this issue. (BZ#858396)

* Previously, ACPI lock was converted to an rt_mutex, leading to a
traceback when scheduling while atomic. With this update, ACPI lock
has been converted back to a raw spinlock. (BZ#909965)

* Fibre Channel (FC)/iSCSI device state was set to off-line and after
a timeout, not set back to running. Such a device would not come back
online after a fast_io_fail or timeout. With this update, an explicit
check for the device being offline has been added, and the device is
set back to running when re-initializing, allowing devices to recover
after a failure or timeout. (BZ#912942)

Users should upgrade to these updated packages, which correct these
issues. The system must be rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-4542.html
https://www.redhat.com/security/data/cve/CVE-2013-0268.html
https://www.redhat.com/security/data/cve/CVE-2013-0290.html
https://www.redhat.com/security/data/cve/CVE-2013-0871.html
https://www.redhat.com/security/data/cve/CVE-2013-1763.html
http://rhn.redhat.com/errata/RHSA-2013-0622.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2013:0566)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel-rt packages that fix several security issues and
multiple bugs are now available for Red Hat Enterprise MRG 2.3.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues :

* A buffer overflow flaw was found in the way UTF-8 characters were
converted to UTF-16 in the utf8s_to_utf16s() function of the Linux
kernel's FAT file system implementation. A local user able to mount a
FAT file system with the 'utf8=1' option could use this flaw to crash
the system or, potentially, to escalate their privileges.
(CVE-2013-1773, Important)

* It was found that the RHSA-2012:0333 update did not correctly fix
the CVE-2011-4131 issue. A malicious Network File System version 4
(NFSv4) server could return a crafted reply to a GETACL request,
causing a denial of service on the client. (CVE-2012-2375, Moderate)

* A memory disclosure flaw was found in the way the load_script()
function in the binfmt_script binary format handler handled excessive
recursions. A local, unprivileged user could use this flaw to leak
kernel stack memory to user-space by executing specially-crafted
scripts. (CVE-2012-4530, Low)

* A flaw was found in the way file permission checks for the
'/dev/kmsg' file were performed in restricted root environments (for
example, when using a capability-based security model). A local user
able to write to this file could cause a denial of service.
(CVE-2013-1772, Low)

The CVE-2012-2375 issue was discovered by Jian Li of Red Hat.

This update also fixes multiple bugs. Documentation for these changes
will be available shortly from the Technical Notes document linked to
in the References section.

Users should upgrade to these updated packages, which upgrade the
kernel-rt kernel to version kernel-rt-3.6.11-rt28, correct these
issues, and fix the bugs noted in the Red Hat Enterprise MRG 2
Technical Notes. The system must be rebooted for this update to take
effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-2375.html
https://www.redhat.com/security/data/cve/CVE-2012-4530.html
https://www.redhat.com/security/data/cve/CVE-2013-1772.html
https://www.redhat.com/security/data/cve/CVE-2013-1773.html
https://rhn.redhat.com/errata/RHSA-2012-0333.html
http://www.nessus.org/u?385bfeb4
http://rhn.redhat.com/errata/RHSA-2013-0566.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 4.9
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2013:0565)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated Grid component packages that fix one security issue, multiple
bugs, and add various enhancements are now available for Red Hat
Enterprise MRG 2.3 for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

MRG Grid provides high-throughput computing and enables enterprises to
achieve higher peak computing capacity as well as improved
infrastructure utilization by leveraging their existing technology to
build high performance grids. MRG Grid provides a job-queueing
mechanism, scheduling policy, and a priority scheme, as well as
resource monitoring and resource management. Users submit their jobs
to MRG Grid, where they are placed into a queue. MRG Grid then chooses
when and where to run the jobs based upon a policy, carefully monitors
their progress, and ultimately informs the user upon completion.

It was found that attempting to remove a job via
'/usr/share/condor/aviary/jobcontrol.py' with CPROC in square brackets
caused condor_schedd to crash. If aviary_query_server was configured
to listen to public interfaces, this could allow a remote attacker to
cause a denial of service condition in condor_schedd. While
condor_schedd was restarted by the condor_master process after each
exit, condor_master would throttle back restarts after each crash.
This would slowly increment to the defined MASTER_BACKOFF_CEILING
value (3600 seconds/1 hour, by default). (CVE-2012-4462)

The CVE-2012-4462 issue was discovered by Daniel Horak of the Red Hat
Enterprise MRG Quality Engineering Team.

These updated packages for Red Hat Enterprise Linux 6 provide numerous
enhancements and bug fixes for the Grid component of MRG. Some of the
most important enhancements include :

* Release of HTCondor 7.8 * OS integration with control groups
(cgroups) * Kerberos integration and HTML5 interactivity in the
management console * Historical data reporting in the management
console as Technology Preview * Job data availability from MongoDB as
Technology Preview * Updated EC2 AMI and instance tagging support *
Enhanced negotiation and accounting * Enhanced DAG workflow management
* Enhancements to configuration inspection, node inventory, and
configuration of walk-in or dynamic resources * High availability for
Aviary

Space precludes documenting all of these changes in this advisory.
Refer to the Red Hat Enterprise MRG 2 Technical Notes document,
available shortly from the link in the References section, for
information on these changes.

All users of the Grid capabilities of Red Hat Enterprise MRG are
advised to upgrade to these updated packages, which correct this
issue, and fix the bugs and add the enhancements noted in the Red Hat
Enterprise MRG 2 Technical Notes.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-4462.html
http://www.nessus.org/u?385bfeb4
http://rhn.redhat.com/errata/RHSA-2013-0565.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 : MRG (RHSA-2013:0564)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated Grid component packages that fix one security issue, multiple
bugs, and add various enhancements are now available for Red Hat
Enterprise MRG 2.3 for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

MRG Grid provides high-throughput computing and enables enterprises to
achieve higher peak computing capacity as well as improved
infrastructure utilization by leveraging their existing technology to
build high performance grids. MRG Grid provides a job-queueing
mechanism, scheduling policy, and a priority scheme, as well as
resource monitoring and resource management. Users submit their jobs
to MRG Grid, where they are placed into a queue. MRG Grid then chooses
when and where to run the jobs based upon a policy, carefully monitors
their progress, and ultimately informs the user upon completion.

It was found that attempting to remove a job via
'/usr/share/condor/aviary/jobcontrol.py' with CPROC in square brackets
caused condor_schedd to crash. If aviary_query_server was configured
to listen to public interfaces, this could allow a remote attacker to
cause a denial of service condition in condor_schedd. While
condor_schedd was restarted by the condor_master process after each
exit, condor_master would throttle back restarts after each crash.
This would slowly increment to the defined MASTER_BACKOFF_CEILING
value (3600 seconds/1 hour, by default). (CVE-2012-4462)

The CVE-2012-4462 issue was discovered by Daniel Horak of the Red Hat
Enterprise MRG Quality Engineering Team.

These updated packages for Red Hat Enterprise Linux 5 provide numerous
enhancements and bug fixes for the Grid component of MRG. Some of the
most important enhancements include :

* Release of HTCondor 7.8 * OS integration with control groups
(cgroups) * Kerberos integration and HTML5 interactivity in the
management console * Historical data reporting in the management
console as Technology Preview * Job data availability from MongoDB as
Technology Preview * Updated EC2 AMI and instance tagging support *
Enhanced negotiation and accounting * Enhanced DAG workflow management
* Enhancements to configuration inspection, node inventory, and
configuration of walk-in or dynamic resources * High availability for
Aviary

Space precludes documenting all of these changes in this advisory.
Refer to the Red Hat Enterprise MRG 2 Technical Notes document,
available shortly from the link in the References section, for
information on these changes.

All users of the Grid capabilities of Red Hat Enterprise MRG are
advised to upgrade to these updated packages, which correct this
issue, and fix the bugs and add the enhancements noted in the Red Hat
Enterprise MRG 2 Technical Notes.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-4462.html
http://www.nessus.org/u?385bfeb4
http://rhn.redhat.com/errata/RHSA-2013-0564.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2013:0562)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated Messaging component packages that fix multiple security
issues, several bugs, and add various enhancements are now available
for Red Hat Enterprise MRG 2.3 for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

MRG Messaging is a high-speed reliable messaging distribution for
Linux based on AMQP (Advanced Message Queuing Protocol), an open
protocol standard for enterprise messaging that is designed to make
mission critical messaging widely available as a standard service, and
to make enterprise messaging interoperable across platforms,
programming languages, and vendors. MRG Messaging includes an AMQP
0-10 messaging broker
AMQP 0-10 client libraries for C++, Java JMS,
and Python
as well as persistence libraries and management tools.

It was found that the Apache Qpid daemon (qpidd) treated AMQP
connections with the federation_tag attribute set as a
broker-to-broker connection, rather than a client-to-server
connection. This resulted in the source user ID of messages not being
checked. A client that can establish an AMQP connection with the
broker could use this flaw to bypass intended authentication. For
Condor users, if condor-aviary is installed, this flaw could be used
to submit jobs that would run as any user (except root, as Condor does
not run jobs as root). (CVE-2012-4446)

It was found that the AMQP type decoder in qpidd allowed arbitrary
data types in certain messages. A remote attacker could use this flaw
to send a message containing an excessively large amount of data,
causing qpidd to allocate a large amount of memory. qpidd would then
be killed by the Out of Memory killer (denial of service).
(CVE-2012-4458)

An integer overflow flaw, leading to an out-of-bounds read, was found
in the Qpid qpid::framing::Buffer::checkAvailable() function. An
unauthenticated, remote attacker could send a specially-crafted
message to Qpid, causing it to crash. (CVE-2012-4459)

The CVE-2012-4446, CVE-2012-4458, and CVE-2012-4459 issues were
discovered by Florian Weimer of the Red Hat Product Security Team.

This update also fixes several bugs and adds enhancements.
Documentation for these changes will be available shortly from the
Technical Notes document linked to in the References section.

All users of the Messaging capabilities of Red Hat Enterprise MRG are
advised to upgrade to these updated packages, which resolve these
issues, and fix the bugs and add the enhancements noted in the Red Hat
Enterprise MRG 2 Technical Notes. After installing the updated
packages, stop the cluster by either running 'service qpidd stop' on
all nodes, or 'qpid-cluster --all-stop' on any one of the cluster
nodes. Once stopped, restart the cluster with 'service qpidd start' on
all nodes for the update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-4446.html
https://www.redhat.com/security/data/cve/CVE-2012-4458.html
https://www.redhat.com/security/data/cve/CVE-2012-4459.html
http://www.nessus.org/u?385bfeb4
http://rhn.redhat.com/errata/RHSA-2013-0562.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 : MRG (RHSA-2013:0561)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated Messaging component packages that fix multiple security
issues, several bugs, and add various enhancements are now available
for Red Hat Enterprise MRG 2.3 for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

MRG Messaging is a high-speed reliable messaging distribution for
Linux based on AMQP (Advanced Message Queuing Protocol), an open
protocol standard for enterprise messaging that is designed to make
mission critical messaging widely available as a standard service, and
to make enterprise messaging interoperable across platforms,
programming languages, and vendors. MRG Messaging includes an AMQP
0-10 messaging broker
AMQP 0-10 client libraries for C++, Java JMS,
and Python
as well as persistence libraries and management tools.

It was found that the Apache Qpid daemon (qpidd) treated AMQP
connections with the federation_tag attribute set as a
broker-to-broker connection, rather than a client-to-server
connection. This resulted in the source user ID of messages not being
checked. A client that can establish an AMQP connection with the
broker could use this flaw to bypass intended authentication. For
Condor users, if condor-aviary is installed, this flaw could be used
to submit jobs that would run as any user (except root, as Condor does
not run jobs as root). (CVE-2012-4446)

It was found that the AMQP type decoder in qpidd allowed arbitrary
data types in certain messages. A remote attacker could use this flaw
to send a message containing an excessively large amount of data,
causing qpidd to allocate a large amount of memory. qpidd would then
be killed by the Out of Memory killer (denial of service).
(CVE-2012-4458)

An integer overflow flaw, leading to an out-of-bounds read, was found
in the Qpid qpid::framing::Buffer::checkAvailable() function. An
unauthenticated, remote attacker could send a specially-crafted
message to Qpid, causing it to crash. (CVE-2012-4459)

The CVE-2012-4446, CVE-2012-4458, and CVE-2012-4459 issues were
discovered by Florian Weimer of the Red Hat Product Security Team.

This update also fixes several bugs and adds enhancements.
Documentation for these changes will be available shortly from the
Technical Notes document linked to in the References section.

All users of the Messaging capabilities of Red Hat Enterprise MRG are
advised to upgrade to these updated packages, which resolve these
issues, and fix the bugs and add the enhancements noted in the Red Hat
Enterprise MRG 2 Technical Notes. After installing the updated
packages, stop the cluster by either running 'service qpidd stop' on
all nodes, or 'qpid-cluster --all-stop' on any one of the cluster
nodes. Once stopped, restart the cluster with 'service qpidd start' on
all nodes for the update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-4446.html
https://www.redhat.com/security/data/cve/CVE-2012-4458.html
https://www.redhat.com/security/data/cve/CVE-2012-4459.html
http://www.nessus.org/u?385bfeb4
http://rhn.redhat.com/errata/RHSA-2013-0561.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2012:1491)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel-rt packages that fix several security issues and
multiple bugs are now available for Red Hat Enterprise MRG 2.2.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues :

* A flaw was found in the way Netlink messages without SCM_CREDENTIALS
(used for authentication) data set were handled. When not explicitly
set, the data was sent but with all values set to 0, including the
process ID and user ID, causing the Netlink message to appear as if it
were sent with root privileges. A local, unprivileged user could use
this flaw to send spoofed Netlink messages to an application, possibly
resulting in the application performing privileged operations if it
relied on SCM_CREDENTIALS data for the authentication of Netlink
messages. (CVE-2012-3520, Important)

* A race condition was found in the way asynchronous I/O and
fallocate() interacted when using the ext4 file system. A local,
unprivileged user could use this flaw to expose random data from an
extent whose data blocks have not yet been written, and thus contain
data from a deleted file. (CVE-2012-4508, Important)

* A use-after-free flaw was found in the Linux kernel's memory
management subsystem in the way quota handling for huge pages was
performed. A local, unprivileged user could use this flaw to cause a
denial of service or, potentially, escalate their privileges.
(CVE-2012-2133, Moderate)

* A use-after-free flaw was found in the madvise() system call
implementation in the Linux kernel. A local, unprivileged user could
use this flaw to cause a denial of service or, potentially, escalate
their privileges. (CVE-2012-3511, Moderate)

* A divide-by-zero flaw was found in the TCP Illinois congestion
control algorithm implementation in the Linux kernel. If the TCP
Illinois congestion control algorithm were in use (the sysctl
net.ipv4.tcp_congestion_control variable set to 'illinois'), a local,
unprivileged user could trigger this flaw and cause a denial of
service. (CVE-2012-4565, Moderate)

* An information leak flaw was found in the uname() system call
implementation in the Linux kernel. A local, unprivileged user could
use this flaw to leak kernel stack memory to user-space by setting the
UNAME26 personality and then calling the uname() system call.
(CVE-2012-0957, Low)

* Buffer overflow flaws were found in the udf_load_logicalvol()
function in the Universal Disk Format (UDF) file system implementation
in the Linux kernel. An attacker with physical access to a system
could use these flaws to cause a denial of service or escalate their
privileges. (CVE-2012-3400, Low)

* A flaw was found in the way the msg_namelen variable in the
rds_recvmsg() function of the Linux kernel's Reliable Datagram Sockets
(RDS) protocol implementation was initialized. A local, unprivileged
user could use this flaw to leak kernel stack memory to user-space.
(CVE-2012-3430, Low)

Red Hat would like to thank Pablo Neira Ayuso for reporting
CVE-2012-3520
Theodore Ts'o for reporting CVE-2012-4508
Shachar
Raindel for reporting CVE-2012-2133
and Kees Cook for reporting
CVE-2012-0957. Upstream acknowledges Dmitry Monakhov as the original
reporter of CVE-2012-4508. The CVE-2012-4565 issue was discovered by
Rodrigo Freire of Red Hat, and the CVE-2012-3430 issue was discovered
by the Red Hat InfiniBand team.

This update also fixes multiple bugs. Documentation for these changes
will be available shortly from the Technical Notes document linked to
in the References section.

Users should upgrade to these updated packages, which upgrade the
kernel-rt kernel to version kernel-rt-3.2.33-rt50, and correct these
issues. The system must be rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-0957.html
https://www.redhat.com/security/data/cve/CVE-2012-2133.html
https://www.redhat.com/security/data/cve/CVE-2012-3400.html
https://www.redhat.com/security/data/cve/CVE-2012-3430.html
https://www.redhat.com/security/data/cve/CVE-2012-3511.html
https://www.redhat.com/security/data/cve/CVE-2012-3520.html
https://www.redhat.com/security/data/cve/CVE-2012-4508.html
https://www.redhat.com/security/data/cve/CVE-2012-4565.html
http://www.nessus.org/u?385bfeb4
http://rhn.redhat.com/errata/RHSA-2012-1491.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2012:1282)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel-rt packages that fix one security issue, several bugs,
and add enhancements are now available for Red Hat Enterprise MRG 2.2.

The Red Hat Security Response Team has rated this update as having
moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue :

* It was found that a deadlock could occur in the Out of Memory (OOM)
killer. A process could trigger this deadlock by consuming a large
amount of memory, and then causing request_module() to be called. A
local, unprivileged user could use this flaw to cause a denial of
service (excessive memory consumption). (CVE-2012-4398, Moderate)

Red Hat would like to thank Tetsuo Handa for reporting this issue.

The kernel-rt packages have been upgraded to upstream version 3.2,
which provides a number of bug fixes and enhancements over the
previous version. (BZ#798421)

This update also fixes various bugs and adds enhancements.
Documentation for these changes will be available shortly from the
Technical Notes document linked to in the References section.

Users should upgrade to these updated kernel-rt packages, which
correct this issue, fix these bugs, and add these enhancements. The
system must be rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-4398.html
http://www.nessus.org/u?385bfeb4
http://rhn.redhat.com/errata/RHSA-2012-1282.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2012:1281)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated Grid component packages that fix several security issues, add
various enhancements and fix multiple bugs are now available for Red
Hat Enterprise MRG 2 for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

A number of unprotected resources (web pages, export functionality,
image viewing) were found in Cumin. An unauthenticated user could
bypass intended access restrictions, resulting in information
disclosure. (CVE-2012-2680)

Cumin could generate weak session keys, potentially allowing remote
attackers to predict session keys and obtain unauthorized access to
Cumin. (CVE-2012-2681)

Multiple cross-site scripting flaws in Cumin could allow remote
attackers to inject arbitrary web script on a web page displayed by
Cumin. (CVE-2012-2683)

An SQL injection flaw in Cumin could allow remote attackers to
manipulate the contents of the back-end database via a
specially-crafted URL. (CVE-2012-2684)

When Cumin handled image requests, clients could request images of
arbitrary sizes. This could result in large memory allocations on the
Cumin server, leading to an out-of-memory condition. (CVE-2012-2685)

Cumin did not protect against Cross-Site Request Forgery attacks. If
an attacker could trick a user, who was logged into the Cumin web
interface, into visiting a specially-crafted web page, it could lead
to unauthorized command execution in the Cumin web interface with the
privileges of the logged-in user. (CVE-2012-2734)

A session fixation flaw was found in Cumin. An authenticated user able
to pre-set the Cumin session cookie in a victim's browser could
possibly use this flaw to steal the victim's session after they log
into Cumin. (CVE-2012-2735)

It was found that authenticated users could send a specially-crafted
HTTP POST request to Cumin that would cause it to submit a job
attribute change to Condor. This could be used to change internal
Condor attributes, including the Owner attribute, which could allow
Cumin users to elevate their privileges. (CVE-2012-3459)

It was discovered that Condor's file system authentication challenge
accepted directories with weak permissions (for example, world
readable, writable and executable permissions). If a user created a
directory with such permissions, a local attacker could rename it,
allowing them to execute jobs with the privileges of the victim user.
(CVE-2012-3492)

It was discovered that Condor exposed private information in the data
in the ClassAds format served by condor_startd. An unauthenticated
user able to connect to condor_startd's port could request a ClassAd
for a running job, provided they could guess or brute-force the PID of
the job. This could expose the ClaimId which, if obtained, could be
used to control the job as well as start new jobs on the system.
(CVE-2012-3493)

It was discovered that the ability to abort a job in Condor only
required WRITE authorization, instead of a combination of WRITE
authorization and job ownership. This could allow an authenticated
attacker to bypass intended restrictions and abort any idle job on the
system. (CVE-2012-3491)

The above issues were discovered by Florian Weimer of the Red Hat
Product Security Team.

This update also provides defense in depth patches for Condor.
(BZ#848212, BZ#835592, BZ#841173, BZ#843476)

These updated packages for Red Hat Enterprise Linux 6 provide numerous
enhancements and bug fixes for the Grid component of MRG. Some
highlights include :

* Integration with Red Hat Enterprise Virtualization Manager via
Deltacloud * Role enforcement in Cumin * Cumin authentication
integration with LDAP * Enhanced Red Hat HA integration managing
multiple-schedulers nodes * Generic local resource limits for
partitionable slots * Concurrency limit groups

Space precludes documenting all of these changes in this advisory.
Refer to the Red Hat Enterprise MRG 2 Technical Notes document, linked
to in the References section, for information on these changes.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-2680.html
https://www.redhat.com/security/data/cve/CVE-2012-2681.html
https://www.redhat.com/security/data/cve/CVE-2012-2683.html
https://www.redhat.com/security/data/cve/CVE-2012-2684.html
https://www.redhat.com/security/data/cve/CVE-2012-2685.html
https://www.redhat.com/security/data/cve/CVE-2012-2734.html
https://www.redhat.com/security/data/cve/CVE-2012-2735.html
https://www.redhat.com/security/data/cve/CVE-2012-3459.html
https://www.redhat.com/security/data/cve/CVE-2012-3491.html
https://www.redhat.com/security/data/cve/CVE-2012-3492.html
https://www.redhat.com/security/data/cve/CVE-2012-3493.html
http://www.nessus.org/u?385bfeb4
http://rhn.redhat.com/errata/RHSA-2012-1281.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2012:1279)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated Messaging component packages that fix one security issue,
multiple bugs, and add various enhancements are now available for Red
Hat Enterprise MRG 2.2 for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

MRG Messaging is a high-speed reliable messaging distribution for
Linux based on AMQP (Advanced Message Queuing Protocol), an open
protocol standard for enterprise messaging that is designed to make
mission critical messaging widely available as a standard service, and
to make enterprise messaging interoperable across platforms,
programming languages, and vendors. MRG Messaging includes an AMQP
0-10 messaging broker
AMQP 0-10 client libraries for C++, Java JMS,
and Python
as well as persistence libraries and management tools.

It was discovered that the Apache Qpid daemon (qpidd) did not require
authentication for 'catch-up' shadow connections created when a new
broker joins a cluster. A malicious client could use this flaw to
bypass client authentication. (CVE-2012-3467)

This update also fixes multiple bugs and adds enhancements.
Documentation for these changes will be available shortly from the
Technical Notes document linked to in the References section.

All users of the Messaging capabilities of Red Hat Enterprise MRG 2.2
are advised to upgrade to these updated packages, which resolve the
issues and add the enhancements noted in the Red Hat Enterprise MRG 2
Technical Notes. After installing the updated packages, stop the
cluster by either running 'service qpidd stop' on all nodes, or
'qpid-cluster --all-stop' on any one of the cluster nodes. Once
stopped, restart the cluster with 'service qpidd start' on all nodes
for the update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-3467.html
http://www.nessus.org/u?385bfeb4
http://rhn.redhat.com/errata/RHSA-2012-1279.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 : MRG (RHSA-2012:1278)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated Grid component packages that fix several security issues, add
various enhancements and fix multiple bugs are now available for Red
Hat Enterprise MRG 2 for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

A number of unprotected resources (web pages, export functionality,
image viewing) were found in Cumin. An unauthenticated user could
bypass intended access restrictions, resulting in information
disclosure. (CVE-2012-2680)

Cumin could generate weak session keys, potentially allowing remote
attackers to predict session keys and obtain unauthorized access to
Cumin. (CVE-2012-2681)

Multiple cross-site scripting flaws in Cumin could allow remote
attackers to inject arbitrary web script on a web page displayed by
Cumin. (CVE-2012-2683)

An SQL injection flaw in Cumin could allow remote attackers to
manipulate the contents of the back-end database via a
specially-crafted URL. (CVE-2012-2684)

When Cumin handled image requests, clients could request images of
arbitrary sizes. This could result in large memory allocations on the
Cumin server, leading to an out-of-memory condition. (CVE-2012-2685)

Cumin did not protect against Cross-Site Request Forgery attacks. If
an attacker could trick a user, who was logged into the Cumin web
interface, into visiting a specially-crafted web page, it could lead
to unauthorized command execution in the Cumin web interface with the
privileges of the logged-in user. (CVE-2012-2734)

A session fixation flaw was found in Cumin. An authenticated user able
to pre-set the Cumin session cookie in a victim's browser could
possibly use this flaw to steal the victim's session after they log
into Cumin. (CVE-2012-2735)

It was found that authenticated users could send a specially-crafted
HTTP POST request to Cumin that would cause it to submit a job
attribute change to Condor. This could be used to change internal
Condor attributes, including the Owner attribute, which could allow
Cumin users to elevate their privileges. (CVE-2012-3459)

It was discovered that Condor's file system authentication challenge
accepted directories with weak permissions (for example, world
readable, writable and executable permissions). If a user created a
directory with such permissions, a local attacker could rename it,
allowing them to execute jobs with the privileges of the victim user.
(CVE-2012-3492)

It was discovered that Condor exposed private information in the data
in the ClassAds format served by condor_startd. An unauthenticated
user able to connect to condor_startd's port could request a ClassAd
for a running job, provided they could guess or brute-force the PID of
the job. This could expose the ClaimId which, if obtained, could be
used to control the job as well as start new jobs on the system.
(CVE-2012-3493)

It was discovered that the ability to abort a job in Condor only
required WRITE authorization, instead of a combination of WRITE
authorization and job ownership. This could allow an authenticated
attacker to bypass intended restrictions and abort any idle job on the
system. (CVE-2012-3491)

The above issues were discovered by Florian Weimer of the Red Hat
Product Security Team.

This update also provides defense in depth patches for Condor.
(BZ#848212, BZ#835592, BZ#841173, BZ#843476)

These updated packages for Red Hat Enterprise Linux 5 provide numerous
enhancements and bug fixes for the Grid component of MRG. Some
highlights include :

* Integration with Red Hat Enterprise Virtualization Manager via
Deltacloud * Role enforcement in Cumin * Cumin authentication
integration with LDAP * Enhanced Red Hat HA integration managing
multiple-schedulers nodes * Generic local resource limits for
partitionable slots * Concurrency limit groups

Space precludes documenting all of these changes in this advisory.
Refer to the Red Hat Enterprise MRG 2 Technical Notes document, linked
to in the References section, for information on these changes.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-2680.html
https://www.redhat.com/security/data/cve/CVE-2012-2681.html
https://www.redhat.com/security/data/cve/CVE-2012-2683.html
https://www.redhat.com/security/data/cve/CVE-2012-2684.html
https://www.redhat.com/security/data/cve/CVE-2012-2685.html
https://www.redhat.com/security/data/cve/CVE-2012-2734.html
https://www.redhat.com/security/data/cve/CVE-2012-2735.html
https://www.redhat.com/security/data/cve/CVE-2012-3459.html
https://www.redhat.com/security/data/cve/CVE-2012-3491.html
https://www.redhat.com/security/data/cve/CVE-2012-3492.html
https://www.redhat.com/security/data/cve/CVE-2012-3493.html
http://www.nessus.org/u?385bfeb4
http://rhn.redhat.com/errata/RHSA-2012-1278.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 : MRG (RHSA-2012:1277)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated Messaging component packages that fix two security issues,
multiple bugs, and add various enhancements are now available for Red
Hat Enterprise MRG 2.2 for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

MRG Messaging is a high-speed reliable messaging distribution for
Linux based on AMQP (Advanced Message Queuing Protocol), an open
protocol standard for enterprise messaging that is designed to make
mission critical messaging widely available as a standard service, and
to make enterprise messaging interoperable across platforms,
programming languages, and vendors. MRG Messaging includes an AMQP
0-10 messaging broker
AMQP 0-10 client libraries for C++, Java JMS,
and Python
as well as persistence libraries and management tools.

It was discovered that the Apache Qpid daemon (qpidd) did not allow
the number of connections from clients to be restricted. A malicious
client could use this flaw to open an excessive amount of connections,
preventing other legitimate clients from establishing a connection to
qpidd. (CVE-2012-2145)

To address CVE-2012-2145, new qpidd configuration options were
introduced: max-negotiate-time defines the time during which initial
protocol negotiation must succeed, connection-limit-per-user and
connection-limit-per-ip can be used to limit the number of connections
per user and client host IP. Refer to the qpidd manual page for
additional details.

It was discovered that qpidd did not require authentication for
'catch-up' shadow connections created when a new broker joins a
cluster. A malicious client could use this flaw to bypass client
authentication. (CVE-2012-3467)

This update also fixes multiple bugs and adds enhancements.
Documentation for these changes will be available shortly from the
Technical Notes document linked to in the References section.

All users of the Messaging capabilities of Red Hat Enterprise MRG 2.2
are advised to upgrade to these updated packages, which resolve the
issues and add the enhancements noted in the Red Hat Enterprise MRG 2
Technical Notes. After installing the updated packages, stop the
cluster by either running 'service qpidd stop' on all nodes, or
'qpid-cluster --all-stop' on any one of the cluster nodes. Once
stopped, restart the cluster with 'service qpidd start' on all nodes
for the update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-2145.html
https://www.redhat.com/security/data/cve/CVE-2012-3467.html
http://www.nessus.org/u?385bfeb4
http://rhn.redhat.com/errata/RHSA-2012-1277.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2012:1169)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated condor packages that fix one security issue are now available
for Red Hat Enterprise MRG 2.1 for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System
(CVSS) base score, which gives a detailed severity rating, is
available from the CVE link in the References section.

Condor is a specialized workload management system for
compute-intensive jobs. It provides a job queuing mechanism,
scheduling policy, priority scheme, and resource monitoring and
management.

Condor installations that rely solely upon host-based authentication
were vulnerable to an attacker who controls an IP, its reverse-DNS
entry and has knowledge of a target site's security configuration.
With this control and knowledge, the attacker could bypass the target
site's host-based authentication and be authorized to perform
privileged actions (i.e. actions requiring ALLOW_ADMINISTRATOR or
ALLOW_WRITE). Condor deployments using host-based authentication that
contain no hostnames (IPs or IP globs only) or use authentication
stronger than host-based are not vulnerable. (CVE-2012-3416)

Note: Condor will not run jobs as root
therefore, this flaw cannot
lead to a compromise of the root user account.

Red Hat would like to thank Ken Hahn and Dan Bradley for reporting
this issue.

All Red Hat Enterprise MRG 2.1 users are advised to upgrade to these
updated packages, which contain a backported patch to correct this
issue. Condor must be restarted for the update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-3416.html
http://rhn.redhat.com/errata/RHSA-2012-1169.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 5 : condor (RHSA-2012:1168)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated condor packages that fix one security issue are now available
for Red Hat Enterprise MRG 2.1 for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System
(CVSS) base score, which gives a detailed severity rating, is
available from the CVE link in the References section.

Condor is a specialized workload management system for
compute-intensive jobs. It provides a job queuing mechanism,
scheduling policy, priority scheme, and resource monitoring and
management.

Condor installations that rely solely upon host-based authentication
were vulnerable to an attacker who controls an IP, its reverse-DNS
entry and has knowledge of a target site's security configuration.
With this control and knowledge, the attacker could bypass the target
site's host-based authentication and be authorized to perform
privileged actions (i.e. actions requiring ALLOW_ADMINISTRATOR or
ALLOW_WRITE). Condor deployments using host-based authentication that
contain no hostnames (IPs or IP globs only) or use authentication
stronger than host-based are not vulnerable. (CVE-2012-3416)

Note: Condor will not run jobs as root
therefore, this flaw cannot
lead to a compromise of the root user account.

Red Hat would like to thank Ken Hahn and Dan Bradley for reporting
this issue.

All Red Hat Enterprise MRG 2.1 users are advised to upgrade to these
updated packages, which contain a backported patch to correct this
issue. Condor must be restarted for the update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-3416.html
http://rhn.redhat.com/errata/RHSA-2012-1168.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2012:1150)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel-rt packages that fix two security issues and two bugs
are now available for Red Hat Enterprise MRG 2.1.

The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues :

* A memory leak flaw was found in the way the Linux kernel's memory
subsystem handled resource clean up in the mmap() failure path when
the MAP_HUGETLB flag was set. A local, unprivileged user could use
this flaw to cause a denial of service. (CVE-2012-2390, Moderate)

* A flaw was found in the way the Linux kernel's Event Poll (epoll)
subsystem handled resource clean up when an ELOOP error code was
returned. A local, unprivileged user could use this flaw to cause a
denial of service. (CVE-2012-3375, Moderate)

This update also fixes the following bugs :

* The MRG 2.1 realtime kernel lacked support for automatic memory
reservation for the kdump kernel, as present in Red Hat Enterprise
Linux kernels. Using the parameter crashkernel=auto on the kernel boot
command line led to kdump being disabled because no memory was
correctly reserved. Support for crashkernel=auto has been implemented
in the 3.0 realtime kernel and now when the crashkernel=auto parameter
is specified, machines with more than 4GB of RAM have the amount of
memory required by the kdump kernel calculated and reserved.
(BZ#820427)

* The current bnx2x driver in the MRG 2.1 realtime kernel had faulty
support for the network adapter PCI ID 14e4:168e and did not work
correctly. The bnx2x driver was updated to include support for this
network adapter. (BZ#839037)

Users should upgrade to these updated packages, which upgrade the
kernel-rt kernel to version kernel-rt-3.0.36-rt57, and correct these
issues. The system must be rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-2390.html
https://www.redhat.com/security/data/cve/CVE-2012-3375.html
http://rhn.redhat.com/errata/RHSA-2012-1150.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

RHEL 6 : MRG (RHSA-2012:0670)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel-rt packages that fix two security issues and various
bugs are now available for Red Hat Enterprise MRG 2.1.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues :

* When a set user ID (setuid) application is executed, certain
personality flags for controlling the application's behavior are
cleared (that is, a privileged application will not be affected by
those flags). It was found that those flags were not cleared if the
application was made privileged via file system capabilities. A local,
unprivileged user could use this flaw to change the behavior of such
applications, allowing them to bypass intended restrictions. Note that
for default installations, no application shipped by Red Hat for Red
Hat Enterprise MRG is made privileged via file system capabilities.
(CVE-2012-2123, Important)

* A flaw was found in the way the Linux kernel's
journal_unmap_buffer() function handled buffer head states. On systems
that have an ext4 file system with a journal mounted, a local,
unprivileged user could use this flaw to cause a denial of service.
(CVE-2011-4086, Moderate)

This update also fixes the following bugs :

* The CAP_SYS_ADMIN check was missing from the dmesg_restrict feature.
Consequently, an unprivileged and jailed root user could bypass the
dmesg_restrict protection. This update adds CAP_SYS_ADMIN to both
dmesg_restrict and kptr_restrict, which only allows writing to
dmesg_restrict when root has CAP_SYS_ADMIN. (BZ#808271)

* Previously, the _copy_from_pages() function, which is used to copy
data from the temporary buffer to the user-passed buffer, was passed
the wrong size parameter when copying data. Consequently, if the user
provided a buffer greater than PAGE_SIZE, the getxattr() syscalls were
handled incorrectly. This update fixes _copy_from_pages() to use the
ACL length, which uses a correctly-sized buffer. (BZ#753230)

* Some older versions of hardware or their software could not
recognize certain commands and would log messages for illegal or
unsupported errors the driver could not properly handle. This bug has
been fixed and no bogus error messages are now returned in the
described scenario. (BZ#813892)

* Previously, the qla2x00_poll() function did the local_irq_save()
call before calling qla24xx_intr_handler(), which had a spinlock.
Since spinlocks are sleepable in the real-time kernel, it is not
allowed to call them with interrupts disabled. This scenario produced
error messages and could cause a system deadlock. With this update,
the local_irq_save_nort(flags) function is used to save flags without
disabling interrupts, which prevents potential deadlocks and removes
the error messages. (BZ#818220)

Users should upgrade to these updated packages, which correct these
issues. The system must be rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2011-4086.html
https://www.redhat.com/security/data/cve/CVE-2012-2123.html
http://rhn.redhat.com/errata/RHSA-2012-0670.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.