Red Hat Product Errata RHSA-2016:1301 - Security Advisory
Issued:
2016-06-23
Updated:
2016-06-23

RHSA-2016:1301 - Security Advisory

Synopsis

Important: kernel-rt security, bug fix, and enhancement update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

The following packages have been upgraded to a newer upstream version:
kernel-rt (3.10.0-327.22.1). This version provides a number of bug fixes
and enhancements, including:

  • [netdrv] ixgbevf: fix spoofed packets with random MAC and use ether_addr_copy instead of memcpy
  • [mm] mmu_notifier: fix memory corruption
  • [mm] hugetlbfs: optimize when NUMA=n
  • [mm] optimize put_mems_allowed() usage
  • [x86] mm: suitable memory should go to ZONE_MOVABLE
  • [fs] xfs: fix splice/direct-IO deadlock
  • [acpi] tables: Add acpi_subtable_proc to ACPI table parsers
  • [acpi] table: Add new function to get table entries
  • [net] ipv6: Nonlocal bind
  • [net] ipv4: bind ip_nonlocal_bind to current netns

(BZ#1335747)

Security Fix(es):

  • A flaw was found in the way certain interfaces of the Linux kernel's

Infiniband subsystem used write() as bi-directional ioctl() replacement,
which could lead to insufficient memory security checks when being invoked
using the the splice() system call. A local unprivileged user on a system
with either Infiniband hardware present or RDMA Userspace Connection
Manager Access module explicitly loaded, could use this flaw to escalate
their privileges on the system. (CVE-2016-4565, Important)

  • A race condition flaw was found in the way the Linux kernel's SCTP

implementation handled sctp_accept() during the processing of heartbeat
timeout events. A remote attacker could use this flaw to prevent further
connections to be accepted by the SCTP server running on the system,
resulting in a denial of service. (CVE-2015-8767, Moderate)

  • A flaw was found in the way the realtime kernel processed specially

crafted ICMP echo requests. A remote attacker could use this flaw to
trigger a sysrql function based on values in the ICMP packet, allowing them
to remotely restart the system. Note that this feature is not enabled by
default and requires elevated privileges to be configured. (CVE-2016-3707,
Moderate)

Red Hat would like to thank Jann Horn for reporting CVE-2016-4565.

Bug Fix(es):

  • Previously, configuration changes to the Hewlett Packard Smart Array

(HPSA) driver during I/O operations could set the phys_disk pointer to
NULL. Consequently, kernel oops could occur while the HPSA driver was
submitting ioaccel2 commands. An upstream patch has been provided to fix
this bug, and the oops in the hpsa_scsi_ioaccel_raid_map() function no
longer occurs. (BZ#1335411)

  • In a previous code update one extra spin_lock operation was left

untouched. Consequently, a deadlock could occur when looping through cache
pages. With this update, the extra lock operation has been removed from
the source code and the deadlock no longer occurs in the described
situation. (BZ#1327073)

Solution

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 7 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
  • Red Hat Enterprise Linux for Real Time for x86_64 - Extended Life Cycle Support 7 x86_64

Fixes

  • BZ - 1297389 - CVE-2015-8767 kernel: SCTP denial of service during timeout
  • BZ - 1310570 - CVE-2016-4565 kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko
  • BZ - 1327073 - deadlock in fscache code (merge error)
  • BZ - 1327484 - CVE-2016-3707 kernel-rt: Sending SysRq command via ICMP echo request
  • BZ - 1334459 - rt: Use IPI to trigger RT task push migration instead of pulling
  • BZ - 1335747 - kernel-rt: update to the RHEL7.2.z batch#5 source tree

Red Hat Enterprise Linux for Real Time 7

SRPM
kernel-rt-3.10.0-327.22.2.rt56.230.el7_2.src.rpm SHA-256: b157a98dabd623213fb3a6b4db79dc416e3b01756503054fa2e2b7b551779880
x86_64
kernel-rt-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 420e7423c97414a1971c04cbfce960177b2223eacee4436d05cc15a75a451d2f
kernel-rt-debug-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: a5df78ea2d51b99b99190c17b9d985b2f856841fd4419719e60f3d29bce7aa7d
kernel-rt-debug-debuginfo-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 6461f7068763e9291f39492e48f51b61914122e6bc35da882eefd9dc55741740
kernel-rt-debug-devel-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 25332a2bb3af550325fbd4f87865be988264a7e1e7291143b5be7ea2a76aa4e2
kernel-rt-debuginfo-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 78e5ca8b3606f538ecd18e67659c0a7a97be62a3d62717f35ebe1882e5674cd1
kernel-rt-debuginfo-common-x86_64-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: e6b51d6973c7ee7ba733aeb900486d29925596f709daa6c37706a80d6b0dd95e
kernel-rt-devel-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 44fd2b5187b6b2093ddfba97b1880da327344fe2a242c51b7937720bf6b2ebeb
kernel-rt-doc-3.10.0-327.22.2.rt56.230.el7_2.noarch.rpm SHA-256: 01dc1a7928d0a49535fe0fa0d2d07c9f058e3e54b43057290612314e7405ab88
kernel-rt-trace-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 8c146623cbb70bf9a6e9d8f4361e452bf609c8f92fc4b665d7e83789eb8c1523
kernel-rt-trace-debuginfo-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 9d9963ddb76b8fd4010a086c3e439ab7b01ce7d505b8481a0bfc389d944a32d2
kernel-rt-trace-devel-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 2024f3eb514906a2e92b40a45d3ba3ece7a08fb5f11a04e975897544a6e3c092

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM
kernel-rt-3.10.0-327.22.2.rt56.230.el7_2.src.rpm SHA-256: b157a98dabd623213fb3a6b4db79dc416e3b01756503054fa2e2b7b551779880
x86_64
kernel-rt-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 420e7423c97414a1971c04cbfce960177b2223eacee4436d05cc15a75a451d2f
kernel-rt-debug-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: a5df78ea2d51b99b99190c17b9d985b2f856841fd4419719e60f3d29bce7aa7d
kernel-rt-debug-debuginfo-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 6461f7068763e9291f39492e48f51b61914122e6bc35da882eefd9dc55741740
kernel-rt-debug-devel-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 25332a2bb3af550325fbd4f87865be988264a7e1e7291143b5be7ea2a76aa4e2
kernel-rt-debug-kvm-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 9f1b1a956c89c2fb973b32840256b2da1068a191a77ce60eadc11cae4bf50f27
kernel-rt-debug-kvm-debuginfo-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 9f6d3751e540f021187bd864e6de3ea427abf0f0784e8223cacdf286f08fc043
kernel-rt-debuginfo-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 78e5ca8b3606f538ecd18e67659c0a7a97be62a3d62717f35ebe1882e5674cd1
kernel-rt-debuginfo-common-x86_64-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: e6b51d6973c7ee7ba733aeb900486d29925596f709daa6c37706a80d6b0dd95e
kernel-rt-devel-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 44fd2b5187b6b2093ddfba97b1880da327344fe2a242c51b7937720bf6b2ebeb
kernel-rt-doc-3.10.0-327.22.2.rt56.230.el7_2.noarch.rpm SHA-256: 01dc1a7928d0a49535fe0fa0d2d07c9f058e3e54b43057290612314e7405ab88
kernel-rt-kvm-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 63e5f0af5e50c322de6516ac78c239beaea5952faf01f46b40a84e9976a96059
kernel-rt-kvm-debuginfo-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: cb23fd650a384584fee8726b0acb2d9f74fcd9204a7836581b901e9bdd909132
kernel-rt-trace-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 8c146623cbb70bf9a6e9d8f4361e452bf609c8f92fc4b665d7e83789eb8c1523
kernel-rt-trace-debuginfo-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 9d9963ddb76b8fd4010a086c3e439ab7b01ce7d505b8481a0bfc389d944a32d2
kernel-rt-trace-devel-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 2024f3eb514906a2e92b40a45d3ba3ece7a08fb5f11a04e975897544a6e3c092
kernel-rt-trace-kvm-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 966cd739697ef0c19b60e1834160418d35bf70349c0850ada45d202726775f6a
kernel-rt-trace-kvm-debuginfo-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: b11edef1ebc187c397308c3329fc7a6d85a6b85eb8bfa4d42737236a7a4d5c55

Red Hat Enterprise Linux for Real Time for x86_64 - Extended Life Cycle Support 7

SRPM
kernel-rt-3.10.0-327.22.2.rt56.230.el7_2.src.rpm SHA-256: b157a98dabd623213fb3a6b4db79dc416e3b01756503054fa2e2b7b551779880
x86_64
kernel-rt-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 420e7423c97414a1971c04cbfce960177b2223eacee4436d05cc15a75a451d2f
kernel-rt-debug-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: a5df78ea2d51b99b99190c17b9d985b2f856841fd4419719e60f3d29bce7aa7d
kernel-rt-debug-debuginfo-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 6461f7068763e9291f39492e48f51b61914122e6bc35da882eefd9dc55741740
kernel-rt-debug-devel-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 25332a2bb3af550325fbd4f87865be988264a7e1e7291143b5be7ea2a76aa4e2
kernel-rt-debuginfo-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 78e5ca8b3606f538ecd18e67659c0a7a97be62a3d62717f35ebe1882e5674cd1
kernel-rt-debuginfo-common-x86_64-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: e6b51d6973c7ee7ba733aeb900486d29925596f709daa6c37706a80d6b0dd95e
kernel-rt-devel-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 44fd2b5187b6b2093ddfba97b1880da327344fe2a242c51b7937720bf6b2ebeb
kernel-rt-doc-3.10.0-327.22.2.rt56.230.el7_2.noarch.rpm SHA-256: 01dc1a7928d0a49535fe0fa0d2d07c9f058e3e54b43057290612314e7405ab88
kernel-rt-trace-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 8c146623cbb70bf9a6e9d8f4361e452bf609c8f92fc4b665d7e83789eb8c1523
kernel-rt-trace-debuginfo-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 9d9963ddb76b8fd4010a086c3e439ab7b01ce7d505b8481a0bfc389d944a32d2
kernel-rt-trace-devel-3.10.0-327.22.2.rt56.230.el7_2.x86_64.rpm SHA-256: 2024f3eb514906a2e92b40a45d3ba3ece7a08fb5f11a04e975897544a6e3c092

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.