RHEL 6 : Red Hat Enterprise Linux 6 kernel update (Important) (RHSA-2013:0496)

medium Nessus Plugin ID 65171

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0496 advisory.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues:

* A race condition was found in the way asynchronous I/O and fallocate() interacted when using the ext4 file system. A local, unprivileged user could use this flaw to expose random data from an extent whose data blocks have not yet been written, and thus contain data from a deleted file.
(CVE-2012-4508, Important)

* A flaw was found in the way the vhost kernel module handled descriptors that spanned multiple regions. A privileged guest user in a KVM guest could use this flaw to crash the host or, potentially, escalate their privileges on the host. (CVE-2013-0311, Important)

* It was found that the default SCSI command filter does not accommodate commands that overlap across device classes. A privileged guest user could potentially use this flaw to write arbitrary data to a LUN that is passed-through as read-only. (CVE-2012-4542, Moderate)

* A flaw was found in the way the xen_failsafe_callback() function in the Linux kernel handled the failed iret (interrupt return) instruction notification from the Xen hypervisor. An unprivileged user in a 32-bit para-virtualized guest could use this flaw to crash the guest.
(CVE-2013-0190, Moderate)

* A flaw was found in the way pmd_present() interacted with PROT_NONE memory ranges when transparent hugepages were in use. A local, unprivileged user could use this flaw to crash the system. (CVE-2013-0309, Moderate)

* A flaw was found in the way CIPSO (Common IP Security Option) IP options were validated when set from user mode. A local user able to set CIPSO IP options on the socket could use this flaw to crash the system.
(CVE-2013-0310, Moderate)

Red Hat would like to thank Theodore Ts'o for reporting CVE-2012-4508, and Andrew Cooper of Citrix for reporting CVE-2013-0190. Upstream acknowledges Dmitry Monakhov as the original reporter of CVE-2012-4508. The CVE-2012-4542 issue was discovered by Paolo Bonzini of Red Hat.

This update also fixes several hundred bugs and adds enhancements. Refer to the Red Hat Enterprise Linux 6.4 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References.

All Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.4 Release Notes and Technical Notes. The system must be rebooted for this update to take effect.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=842435

https://bugzilla.redhat.com/show_bug.cgi?id=844542

https://bugzilla.redhat.com/show_bug.cgi?id=844579

https://bugzilla.redhat.com/show_bug.cgi?id=844582

https://bugzilla.redhat.com/show_bug.cgi?id=844583

https://bugzilla.redhat.com/show_bug.cgi?id=845233

https://bugzilla.redhat.com/show_bug.cgi?id=846585

https://bugzilla.redhat.com/show_bug.cgi?id=846702

https://bugzilla.redhat.com/show_bug.cgi?id=847722

https://bugzilla.redhat.com/show_bug.cgi?id=849223

https://bugzilla.redhat.com/show_bug.cgi?id=850642

https://bugzilla.redhat.com/show_bug.cgi?id=851312

https://bugzilla.redhat.com/show_bug.cgi?id=854066

https://bugzilla.redhat.com/show_bug.cgi?id=854584

https://bugzilla.redhat.com/show_bug.cgi?id=855436

https://bugzilla.redhat.com/show_bug.cgi?id=855448

https://bugzilla.redhat.com/show_bug.cgi?id=857555

https://bugzilla.redhat.com/show_bug.cgi?id=857792

https://bugzilla.redhat.com/show_bug.cgi?id=857956

https://bugzilla.redhat.com/show_bug.cgi?id=858292

https://bugzilla.redhat.com/show_bug.cgi?id=858850

https://bugzilla.redhat.com/show_bug.cgi?id=859242

https://bugzilla.redhat.com/show_bug.cgi?id=859259

https://bugzilla.redhat.com/show_bug.cgi?id=859355

https://bugzilla.redhat.com/show_bug.cgi?id=860404

https://bugzilla.redhat.com/show_bug.cgi?id=862025

https://bugzilla.redhat.com/show_bug.cgi?id=863077

https://bugzilla.redhat.com/show_bug.cgi?id=863212

https://bugzilla.redhat.com/show_bug.cgi?id=865380

https://bugzilla.redhat.com/show_bug.cgi?id=865666

https://bugzilla.redhat.com/show_bug.cgi?id=865929

https://bugzilla.redhat.com/show_bug.cgi?id=866271

http://www.nessus.org/u?0b1e7bfa

http://www.nessus.org/u?26d95d4a

http://www.nessus.org/u?ff08c7f2

https://access.redhat.com/errata/RHSA-2013:0496

https://access.redhat.com/security/updates/classification/#important

https://bugzilla.redhat.com/show_bug.cgi?id=664586

https://bugzilla.redhat.com/show_bug.cgi?id=700324

https://bugzilla.redhat.com/show_bug.cgi?id=734051

https://bugzilla.redhat.com/show_bug.cgi?id=735768

https://bugzilla.redhat.com/show_bug.cgi?id=749273

https://bugzilla.redhat.com/show_bug.cgi?id=758202

https://bugzilla.redhat.com/show_bug.cgi?id=767886

https://bugzilla.redhat.com/show_bug.cgi?id=784174

https://bugzilla.redhat.com/show_bug.cgi?id=796352

https://bugzilla.redhat.com/show_bug.cgi?id=796992

https://bugzilla.redhat.com/show_bug.cgi?id=807503

https://bugzilla.redhat.com/show_bug.cgi?id=808112

https://bugzilla.redhat.com/show_bug.cgi?id=813137

https://bugzilla.redhat.com/show_bug.cgi?id=813227

https://bugzilla.redhat.com/show_bug.cgi?id=816059

https://bugzilla.redhat.com/show_bug.cgi?id=816308

https://bugzilla.redhat.com/show_bug.cgi?id=816880

https://bugzilla.redhat.com/show_bug.cgi?id=816888

https://bugzilla.redhat.com/show_bug.cgi?id=817243

https://bugzilla.redhat.com/show_bug.cgi?id=821060

https://bugzilla.redhat.com/show_bug.cgi?id=821463

https://bugzilla.redhat.com/show_bug.cgi?id=822075

https://bugzilla.redhat.com/show_bug.cgi?id=823018

https://bugzilla.redhat.com/show_bug.cgi?id=823625

https://bugzilla.redhat.com/show_bug.cgi?id=823630

https://bugzilla.redhat.com/show_bug.cgi?id=823842

https://bugzilla.redhat.com/show_bug.cgi?id=823843

https://bugzilla.redhat.com/show_bug.cgi?id=823878

https://bugzilla.redhat.com/show_bug.cgi?id=823902

https://bugzilla.redhat.com/show_bug.cgi?id=823934

https://bugzilla.redhat.com/show_bug.cgi?id=824065

https://bugzilla.redhat.com/show_bug.cgi?id=824964

https://bugzilla.redhat.com/show_bug.cgi?id=825009

https://bugzilla.redhat.com/show_bug.cgi?id=826067

https://bugzilla.redhat.com/show_bug.cgi?id=826650

https://bugzilla.redhat.com/show_bug.cgi?id=827474

https://bugzilla.redhat.com/show_bug.cgi?id=829031

https://bugzilla.redhat.com/show_bug.cgi?id=830977

https://bugzilla.redhat.com/show_bug.cgi?id=832252

https://bugzilla.redhat.com/show_bug.cgi?id=832301

https://bugzilla.redhat.com/show_bug.cgi?id=832486

https://bugzilla.redhat.com/show_bug.cgi?id=834097

https://bugzilla.redhat.com/show_bug.cgi?id=836803

https://bugzilla.redhat.com/show_bug.cgi?id=837871

https://bugzilla.redhat.com/show_bug.cgi?id=839266

https://bugzilla.redhat.com/show_bug.cgi?id=839984

https://bugzilla.redhat.com/show_bug.cgi?id=840458

https://bugzilla.redhat.com/show_bug.cgi?id=841578

https://bugzilla.redhat.com/show_bug.cgi?id=841604

https://bugzilla.redhat.com/show_bug.cgi?id=841622

https://bugzilla.redhat.com/show_bug.cgi?id=841983

https://bugzilla.redhat.com/show_bug.cgi?id=842312

https://bugzilla.redhat.com/show_bug.cgi?id=866417

https://bugzilla.redhat.com/show_bug.cgi?id=867169

https://bugzilla.redhat.com/show_bug.cgi?id=867688

https://bugzilla.redhat.com/show_bug.cgi?id=868233

https://bugzilla.redhat.com/show_bug.cgi?id=869856

https://bugzilla.redhat.com/show_bug.cgi?id=869904

https://bugzilla.redhat.com/show_bug.cgi?id=870246

https://bugzilla.redhat.com/show_bug.cgi?id=870297

https://bugzilla.redhat.com/show_bug.cgi?id=871350

https://bugzilla.redhat.com/show_bug.cgi?id=871630

https://bugzilla.redhat.com/show_bug.cgi?id=871968

https://bugzilla.redhat.com/show_bug.cgi?id=872229

https://bugzilla.redhat.com/show_bug.cgi?id=872232

https://bugzilla.redhat.com/show_bug.cgi?id=872799

https://bugzilla.redhat.com/show_bug.cgi?id=873226

https://bugzilla.redhat.com/show_bug.cgi?id=873462

https://bugzilla.redhat.com/show_bug.cgi?id=873816

https://bugzilla.redhat.com/show_bug.cgi?id=874322

https://bugzilla.redhat.com/show_bug.cgi?id=874539

https://bugzilla.redhat.com/show_bug.cgi?id=875309

https://bugzilla.redhat.com/show_bug.cgi?id=875360

https://bugzilla.redhat.com/show_bug.cgi?id=896038

https://bugzilla.redhat.com/show_bug.cgi?id=912898

https://bugzilla.redhat.com/show_bug.cgi?id=912900

https://bugzilla.redhat.com/show_bug.cgi?id=912905

Plugin Details

Severity: Medium

ID: 65171

File Name: redhat-RHSA-2013-0496.nasl

Version: 1.23

Type: local

Agent: unix

Published: 3/10/2013

Updated: 11/4/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: Medium

Base Score: 6.6

Temporal Score: 4.9

Vector: CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2013-0310

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2013-0309

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:redhat:enterprise_linux:kernel-headers, p-cpe:/a:redhat:enterprise_linux:kernel-firmware, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-kdump, p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper, p-cpe:/a:redhat:enterprise_linux:python-perf, p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:perf

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 2/21/2013

Vulnerability Publication Date: 12/21/2012

Reference Information

CVE: CVE-2012-4508, CVE-2012-4542, CVE-2013-0190, CVE-2013-0309, CVE-2013-0310, CVE-2013-0311

BID: 56238, 57433, 58046, 58052, 58053, 58088

CWE: 476

RHSA: 2013:0496