Bug 838961

Summary: CVE-2012-3375 not included in the Kernel changelog for kernel-2.6.18-308.11.1.el5.src.rpm
Product: Red Hat Enterprise Linux 5 Reporter: Johnny Hughes <jhughes>
Component: kernelAssignee: Red Hat Kernel Manager <kernel-mgr>
Status: CLOSED NOTABUG QA Contact: Red Hat Kernel QE team <kernel-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 5.8CC: toracat, vdanen
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-07-10 15:37:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Johnny Hughes 2012-07-10 14:00:02 UTC 
Description of problem:
The latest kernel in RHEL-5 (kernel-2.6.18-308.11.1.el5.src.rpm) is described here:
http://rhn.redhat.com/errata/RHSA-2012-1061.html

That description says the bug fixes CVE-2012-3375, however that CVE is NOT in the changelog for the kernel.

Also, in looking at the kernel changelog, the following entries are detailed:

* Fri Jun 15 2012 Alexander Gordeev <agordeev> [2.6.18-308.11.1.el5]
* Thu Jun 14 2012 Alexander Gordeev <agordeev> [2.6.18-308.10.1.el5]
* Wed Jun 06 2012 Alexander Gordeev <agordeev> [2.6.18-308.9.1.el5]
* Fri May 04 2012 Alexander Gordeev <agordeev> [2.6.18-308.8.1.el5]

Note:  There was a 2.6.18-308.8.2.el5 kernel released on Jun2 12th, however there is no 2.6.18-308.8.2.el5 entry in this kernel.  Are all the 2.6.18-308.8.2.el5 changes also included in the 2.6.18-308.11.1.el5 kernel?
Comment 1 Vincent Danen 2012-07-10 15:37:55 UTC 
Hi, Johnny.  The changelog entry in question for CVE-2012-3375 is:

- [fs] epoll: clear the tfile_check_list on -ELOOP (Jason Baron) [829670 817131]

The 2.6.18-308.2.el5 kernel was to fix some xen issues:

https://rhn.redhat.com/errata/RHSA-2012-0721.html

Those fixes are included in and noted in the 2.6.18-308.10.1.el5 changelog:

* Thu Jun 14 2012 Alexander Gordeev <agordeev> [2.6.18-308.10.1.el5]
- [xen] x86_64: check address on trap handlers or guest callbacks (Paolo Bonzini) [813430 813431] {CVE-2012-0217}
- [xen] x86_64: Do not execute sysret with a non-canonical return address (Paolo Bonzini) [813430 813431] {CVE-2012-0217}
- [xen] x86: prevent hv boot on AMD CPUs with Erratum 121 (Laszlo Ersek) [824969 824970] {CVE-2012-2934}

The primary difference in the changelog from 308.8.2.el5 vs 308.10.1.el5 is that the CVE name was not known at the time of 308.8.2.el5 for the last issue (CVE-2012-2934).

I suspect the same may be true here, and a future kernel will note that CVE name.

To answer the second question, yes, those fixes are present in 308.11.1.el5.