Red Hat Product Errata RHSA-2016:1051 - Security Advisory

Issued:: 2016-05-12
Updated:: 2016-05-12

RHSA-2016:1051 - Security Advisory

Overview
Updated Packages

Synopsis

Important: kernel-rt security, bug fix, and enhancement update

Type/Severity

Security Advisory: Important

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system.

The following packages have been upgraded to a newer upstream version: kernel-rt (3.10.0-327.18.2). This version provides a number of bug fixes and enhancements, including:

[scsi] bnx2fc: Fix FCP RSP residual parsing and remove explicit logouts
[scsi] mpt3sas: Fix for Asynchronous completion of timedout IO and task abort of timedout IO
[scsi] scsi_error: should not get sense for timeout IO in scsi error handler
[scsi] Revert libiscsi: Reduce locking contention in fast path
[mm] madvise: fix MADV_WILLNEED on shmem swapouts
[cpufreq] intel_pstate: decrease number of "HWP enabled" messages and enable HWP per CPU
[kernel] sched: Robustify topology setup
[kernel] sched/fair: Disable tg load_avg/runnable_avg update for root_task_group
[kernel] sched/fair: Move hot load_avg/runnable_avg into separate cacheline
[ib] mlx5: Fix RC transport send queue overhead computation
[fs] nfsd: fix clp->cl_revoked list deletion causing softlock in nfsd
[fs] ceph: multiple updates

(BZ#1322033)

Security Fix(es):

A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system. (CVE-2016-0758, Important)

Red Hat would like to thank Philip Pettersson of Samsung for reporting this issue.

Bug Fix(es):

The hotplug lock and the console semaphore could be acquired in an incorrect order, which could previously lead to a deadlock causing the system console to freeze. The underlying code has been adjusted to acquire the locks in the correct order, resolving the bug with the console. (BZ#1324767)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

Red Hat Enterprise Linux for Real Time 7 x86_64
Red Hat Enterprise Linux for Real Time for NFV 7 x86_64

Fixes

BZ - 1300257 - CVE-2016-0758 kernel: tags with indefinite length can corrupt pointers in asn1_find_indefinite_length()
BZ - 1322033 - kernel-rt: update to the RHEL7.2.z batch#4 source tree

CVEs

CVE-2016-0758

References

http://www.redhat.com/security/updates/classification/#normal

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for Real Time 7

SRPM
kernel-rt-3.10.0-327.18.2.rt56.223.el7_2.src.rpm	SHA-256: 96605b9e7c1f80bf2528c1819bdec950f0ef2b6e792424ce71ee8c06122cd991
x86_64
kernel-rt-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: 2ef611ed359ed284f80a2efbc4e06a8099ba9d5750729bbd86e09fb6e58f786a
kernel-rt-debug-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: d8924fa81456261778c98f4278f125262657b25589e35367474efb73faec4da0
kernel-rt-debug-debuginfo-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: 26a88f1d962a8b66025d1badad2302d186c9e40483e425a0fd9d1b166fbdf01d
kernel-rt-debug-devel-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: b0d7bf8dc4ad1528779daa3df3e0e7b678c4d1b20a578496d18f4ecccc157c01
kernel-rt-debuginfo-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: 55ac386709afe8516403279716d289a0d81688be87f48ea8bc80c9d46fbccce2
kernel-rt-debuginfo-common-x86_64-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: 2f75b03dbb51bed602dae6384953853b15817c785980c991b1012b1c6a03c02b
kernel-rt-devel-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: e1e9dbeca27514c09cb9029c1e5acc19a52cbf8ef13e97d7c33558c764acc34b
kernel-rt-doc-3.10.0-327.18.2.rt56.223.el7_2.noarch.rpm	SHA-256: 8e8ec0cb57d9610cf2ae5f82c0442b53581826190b60bacdc6ba37ec096e1fa7
kernel-rt-trace-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: fcae66bd99cd860411d607297df77cb83b9f5651fccf8c2e7788d3b4c000e8f2
kernel-rt-trace-debuginfo-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: de9452e0dc3fe5f7ad346b878aab6a48bf1a217b4fd49361fee92101ff267f35
kernel-rt-trace-devel-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: 47bd4af1c13c809b6a3c866f51e8f68664eb03ec38be6b866467219f65ce41b6

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM
kernel-rt-3.10.0-327.18.2.rt56.223.el7_2.src.rpm	SHA-256: 96605b9e7c1f80bf2528c1819bdec950f0ef2b6e792424ce71ee8c06122cd991
x86_64
kernel-rt-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: 2ef611ed359ed284f80a2efbc4e06a8099ba9d5750729bbd86e09fb6e58f786a
kernel-rt-debug-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: d8924fa81456261778c98f4278f125262657b25589e35367474efb73faec4da0
kernel-rt-debug-debuginfo-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: 26a88f1d962a8b66025d1badad2302d186c9e40483e425a0fd9d1b166fbdf01d
kernel-rt-debug-devel-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: b0d7bf8dc4ad1528779daa3df3e0e7b678c4d1b20a578496d18f4ecccc157c01
kernel-rt-debug-kvm-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: 3a8b6481436b2dae986cc901395960a588848ef5c6121ed520b899b90264d48c
kernel-rt-debug-kvm-debuginfo-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: 3e63e3b92691ce4ee6a59442ca5ea8cf2446f60eaa881967159e6d079069cfca
kernel-rt-debuginfo-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: 55ac386709afe8516403279716d289a0d81688be87f48ea8bc80c9d46fbccce2
kernel-rt-debuginfo-common-x86_64-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: 2f75b03dbb51bed602dae6384953853b15817c785980c991b1012b1c6a03c02b
kernel-rt-devel-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: e1e9dbeca27514c09cb9029c1e5acc19a52cbf8ef13e97d7c33558c764acc34b
kernel-rt-doc-3.10.0-327.18.2.rt56.223.el7_2.noarch.rpm	SHA-256: 8e8ec0cb57d9610cf2ae5f82c0442b53581826190b60bacdc6ba37ec096e1fa7
kernel-rt-kvm-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: 5c75c60b611d1385d7d615d1e36b244a4453d504d39a97faa65e8a9f2b3aea97
kernel-rt-kvm-debuginfo-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: ec06922eaa684a77747c27e0897c3f3b3d836211a2536f5d123e12f56263939e
kernel-rt-trace-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: fcae66bd99cd860411d607297df77cb83b9f5651fccf8c2e7788d3b4c000e8f2
kernel-rt-trace-debuginfo-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: de9452e0dc3fe5f7ad346b878aab6a48bf1a217b4fd49361fee92101ff267f35
kernel-rt-trace-devel-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: 47bd4af1c13c809b6a3c866f51e8f68664eb03ec38be6b866467219f65ce41b6
kernel-rt-trace-kvm-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: cbbdd717a2de7d220fffe2d98d19f01c75a8654147aff8c21729fb27f98f3709
kernel-rt-trace-kvm-debuginfo-3.10.0-327.18.2.rt56.223.el7_2.x86_64.rpm	SHA-256: 08fb924319798d97e99cc79d44e52b1fe4b2dbd6ad83a597295674a77a31a3c6

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories