RHEL 6 : MRG (RHSA-2012:1150)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated kernel-rt packages that fix two security issues and two bugs
are now available for Red Hat Enterprise MRG 2.1.

The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues :

* A memory leak flaw was found in the way the Linux kernel's memory
subsystem handled resource clean up in the mmap() failure path when
the MAP_HUGETLB flag was set. A local, unprivileged user could use
this flaw to cause a denial of service. (CVE-2012-2390, Moderate)

* A flaw was found in the way the Linux kernel's Event Poll (epoll)
subsystem handled resource clean up when an ELOOP error code was
returned. A local, unprivileged user could use this flaw to cause a
denial of service. (CVE-2012-3375, Moderate)

This update also fixes the following bugs :

* The MRG 2.1 realtime kernel lacked support for automatic memory
reservation for the kdump kernel, as present in Red Hat Enterprise
Linux kernels. Using the parameter crashkernel=auto on the kernel boot
command line led to kdump being disabled because no memory was
correctly reserved. Support for crashkernel=auto has been implemented
in the 3.0 realtime kernel and now when the crashkernel=auto parameter
is specified, machines with more than 4GB of RAM have the amount of
memory required by the kdump kernel calculated and reserved.
(BZ#820427)

* The current bnx2x driver in the MRG 2.1 realtime kernel had faulty
support for the network adapter PCI ID 14e4:168e and did not work
correctly. The bnx2x driver was updated to include support for this
network adapter. (BZ#839037)

Users should upgrade to these updated packages, which upgrade the
kernel-rt kernel to version kernel-rt-3.0.36-rt57, and correct these
issues. The system must be rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-2390.html
https://www.redhat.com/security/data/cve/CVE-2012-3375.html
http://rhn.redhat.com/errata/RHSA-2012-1150.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 76645 ()

Bugtraq ID: 53668
54283

CVE ID: CVE-2012-2390
CVE-2012-3375

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now