Issued:
2016-08-18
Updated:
2016-08-18

RHSA-2016:1632 - Security Advisory

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

It was found that the RFC 5961 challenge ACK rate limiting as implemented
in the Linux kernel's networking subsystem allowed an off-path attacker to
leak certain information about a given connection by creating congestion on
the global challenge ACK rate limit counter and then measuring the changes
by probing packets. An off-path attacker could use this flaw to either
terminate TCP connection and/or inject payload into non-secured TCP
connection between two endpoints on the network. (CVE-2016-5696, Important)

Red Hat would like to thank Yue Cao from Cyber Security Group in the CS
department of University of California, Riverside, for reporting this issue.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 7 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 7 x86_64

Fixes

  • BZ - 1354708 - CVE-2016-5696 kernel: challenge ACK counter information disclosure.

Red Hat Enterprise Linux for Real Time 7

SRPM
kernel-rt-3.10.0-327.28.3.rt56.235.el7.src.rpm SHA-256: d2f36030ce3a047af27e61741171d5f3ce19f0f6c1fb601f638cae1291a03d0c
x86_64
kernel-rt-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: 35f35aa2dd7821281559f1253950d2b336003709583711fb2f661f2b30796c78
kernel-rt-debug-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: de9cd1e381c44b797dbc86b0e77f307dc83cc4b1518eb91daecf3cbb532a6d10
kernel-rt-debug-debuginfo-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: a3436d4beb52e3c1ca1d5ccfd1a29fa70f68e2c9485cc86bfe8700630ca80c40
kernel-rt-debug-devel-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: 8a65965e23b3220ed70c70fcd81177ece5dc77489452f934c2e563bd907dd019
kernel-rt-debuginfo-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: 21a9b3ccc0e7fedcd3009d6cc75847db4a51211f8f0b8c36f1a01b2de944f39f
kernel-rt-debuginfo-common-x86_64-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: 053e2dff90f9b4f69f4153207393d53e9844f1913e09e538c5eb791f06d4fda9
kernel-rt-devel-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: 07744567d0909a799819e4803dc8892590ec8ec321929c2d30ac6f12168d546c
kernel-rt-doc-3.10.0-327.28.3.rt56.235.el7.noarch.rpm SHA-256: 55ee8aaf3894f4a695cd2bfb46f6ed722ec8bfccad063b71e97f517a904053b2
kernel-rt-trace-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: 4f1a89544492cb2b64f9a3223ce44e5dcc1184aa3a494fc87311634b90c20a92
kernel-rt-trace-debuginfo-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: e3bcfaacbfd557cf81818c5a7b6aaa64e2a798822fb7f670018be2ecf06a33bd
kernel-rt-trace-devel-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: 84caac1c7224e30c9a8147887b4e090406be727faa921a27172bccc77ac7fe67

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM
kernel-rt-3.10.0-327.28.3.rt56.235.el7.src.rpm SHA-256: d2f36030ce3a047af27e61741171d5f3ce19f0f6c1fb601f638cae1291a03d0c
x86_64
kernel-rt-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: 35f35aa2dd7821281559f1253950d2b336003709583711fb2f661f2b30796c78
kernel-rt-debug-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: de9cd1e381c44b797dbc86b0e77f307dc83cc4b1518eb91daecf3cbb532a6d10
kernel-rt-debug-debuginfo-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: a3436d4beb52e3c1ca1d5ccfd1a29fa70f68e2c9485cc86bfe8700630ca80c40
kernel-rt-debug-devel-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: 8a65965e23b3220ed70c70fcd81177ece5dc77489452f934c2e563bd907dd019
kernel-rt-debug-kvm-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: ce8a4c39ee21d2bbd9b73df05ff67771e253e4f8d402f76f11f82c67154c315f
kernel-rt-debug-kvm-debuginfo-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: 872ad7c107c00ddb4b31612369682994034625e48e08feb67c8baf416c20e5f5
kernel-rt-debuginfo-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: 21a9b3ccc0e7fedcd3009d6cc75847db4a51211f8f0b8c36f1a01b2de944f39f
kernel-rt-debuginfo-common-x86_64-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: 053e2dff90f9b4f69f4153207393d53e9844f1913e09e538c5eb791f06d4fda9
kernel-rt-devel-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: 07744567d0909a799819e4803dc8892590ec8ec321929c2d30ac6f12168d546c
kernel-rt-doc-3.10.0-327.28.3.rt56.235.el7.noarch.rpm SHA-256: 55ee8aaf3894f4a695cd2bfb46f6ed722ec8bfccad063b71e97f517a904053b2
kernel-rt-kvm-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: dc58e3131e425a7c255e710ba69fcaae15b6859fbad0f25b5ff57cf8b3870995
kernel-rt-kvm-debuginfo-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: eee074ae692ffff8fd527f3bee8f93a395a9413ca4110fd88b3becf811eb2db5
kernel-rt-trace-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: 4f1a89544492cb2b64f9a3223ce44e5dcc1184aa3a494fc87311634b90c20a92
kernel-rt-trace-debuginfo-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: e3bcfaacbfd557cf81818c5a7b6aaa64e2a798822fb7f670018be2ecf06a33bd
kernel-rt-trace-devel-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: 84caac1c7224e30c9a8147887b4e090406be727faa921a27172bccc77ac7fe67
kernel-rt-trace-kvm-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: a2ec765c8f1940d19ea3a3305aea6d4f934c7784031817f9a554c14ee50e3568
kernel-rt-trace-kvm-debuginfo-3.10.0-327.28.3.rt56.235.el7.x86_64.rpm SHA-256: 33b2e6882bdaade06b6cccbdecdcebdabf4ccd5f3f50883525560466ccb2c4a8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.