RHEL 5 : kernel (RHSA-2012:1087)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated kernel packages that fix one security issue and multiple bugs
are now available for Red Hat Enterprise Linux 5.6 Extended Update
Support.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System
(CVSS) base score, which gives a detailed severity rating, is
available from the CVE link in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue :

* It was found that the data_len parameter of the
sock_alloc_send_pskb() function in the Linux kernel's networking
implementation was not validated before use. A local user with access
to a TUN/TAP virtual interface could use this flaw to crash the system
or, potentially, escalate their privileges. Note that unprivileged
users cannot access TUN/TAP devices until the root user grants them
access. (CVE-2012-2136, Important)

This update also fixes the following bugs :

* An insufficiently designed calculation in the CPU accelerator in the
previous kernel caused an arithmetic overflow in the sched_clock()
function when system uptime exceeded 208.5 days. This overflow led to
a kernel panic on the systems using the Time Stamp Counter (TSC) or
Virtual Machine Interface (VMI) clock source. This update corrects the
described calculation so that this arithmetic overflow and kernel
panic can no longer occur under these circumstances. (BZ#825981,
BZ#835449)

* Previously, a race condition between the
journal_write_metadata_buffer() and jbd_unlock_bh_state() functions
could occur. Consequently, another thread could call the
get_write_access() function on the buffer head and cause the wrong
data to be written into the journal. If the system terminated
unexpectedly or was shut down incorrectly, subsequent file system
journal replay could result in file system corruption. This update
fixes the race condition and the file system corruption no longer
occurs in the described scenario. (BZ#833764)

* When the kvmclock initialization was used in a guest, it could write
to the Time Stamp Counter (TSC) and, under certain circumstances,
could cause the kernel to become unresponsive on boot. With this
update, TSC synchronization, which is unnecessary due to kvmclock, has
been disabled, thus fixing this bug. (BZ#834557)

Users should upgrade to these updated packages, which contain
backported patches to correct these issues. The system must be
rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-2136.html
http://rhn.redhat.com/errata/RHSA-2012-1087.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 64048 ()

Bugtraq ID: 53721

CVE ID: CVE-2012-2136