- Issued:
- 2017-02-22
- Updated:
- 2017-03-06
RHSA-2017:0295 - Security Advisory
Synopsis
Important: kernel-rt security update
Type/Severity
Security Advisory: Important
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074, Important)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 7 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
- Red Hat Enterprise Linux for Real Time for x86_64 - Extended Life Cycle Support 7 x86_64
Fixes
- BZ - 1423071 - CVE-2017-6074 kernel: use after free in dccp protocol
CVEs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-514.6.1.rt56.430.el7.src.rpm | SHA-256: d76fc19d6fa9d1256762e4056d7da088c15a0f49414e5fe92b4dce8f6a277f3b |
| x86_64 | |
| kernel-rt-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: f677096559d604b490608add3e3ff292cd3b574eb749f5b32768d3c153e52505 |
| kernel-rt-debug-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: d5c0cede15ea09601e99d45077d606dfb23fc1819d4e7b0aea35bfd1f6340ba3 |
| kernel-rt-debug-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: dd3cca7cb16beea7588e452d5e8f40e96fbc805c3e83be7a6958fe2d2c955b6d |
| kernel-rt-debug-devel-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: ead230ec0f9aedb13e73634c5d0288777b51083acdc5d969a7bb10d32f72fa8d |
| kernel-rt-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: 0882f15fe4afc2a6907856ac6ca90bed5a67924170698434e1faffaac6d5e4b6 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: bef82ecef8899baa7cea49f45117e62c554a8925c39aeafdc3b5258fb57dc189 |
| kernel-rt-devel-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: 27a72e2586980ce3e87bd1ca1443c114fed8b3fffdbef788371190fa2b151a8a |
| kernel-rt-doc-3.10.0-514.6.1.rt56.430.el7.noarch.rpm | SHA-256: 0aad4ad15aa8f92a15f1cdb1bf37fba6c7c0e40c654543bf519f6e9fa7521317 |
| kernel-rt-trace-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: c2fa96629a52a5c1c88724872d72e343da1044c545fd838eb57f585eda8dc3ca |
| kernel-rt-trace-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: f3d431b517fd27b24a8a54e21cd1898a31f2509fbde7038cbe70bcbff2d438d7 |
| kernel-rt-trace-devel-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: 006e8c399d4b62f3470180d785227e4b9ca05e6659cc98062d50635a669451c6 |
Red Hat Enterprise Linux for Real Time for NFV 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-514.6.1.rt56.430.el7.src.rpm | SHA-256: d76fc19d6fa9d1256762e4056d7da088c15a0f49414e5fe92b4dce8f6a277f3b |
| x86_64 | |
| kernel-rt-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: f677096559d604b490608add3e3ff292cd3b574eb749f5b32768d3c153e52505 |
| kernel-rt-debug-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: d5c0cede15ea09601e99d45077d606dfb23fc1819d4e7b0aea35bfd1f6340ba3 |
| kernel-rt-debug-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: dd3cca7cb16beea7588e452d5e8f40e96fbc805c3e83be7a6958fe2d2c955b6d |
| kernel-rt-debug-devel-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: ead230ec0f9aedb13e73634c5d0288777b51083acdc5d969a7bb10d32f72fa8d |
| kernel-rt-debug-kvm-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: a3bdab4f1b3170c413c5e9d99dfae735add9de4f3349804e97bb7a2b8e175334 |
| kernel-rt-debug-kvm-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: e16626d8cb9f1f2b3d0db190e5ecde679e95ab4084caa2994eee889ed011808d |
| kernel-rt-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: 0882f15fe4afc2a6907856ac6ca90bed5a67924170698434e1faffaac6d5e4b6 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: bef82ecef8899baa7cea49f45117e62c554a8925c39aeafdc3b5258fb57dc189 |
| kernel-rt-devel-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: 27a72e2586980ce3e87bd1ca1443c114fed8b3fffdbef788371190fa2b151a8a |
| kernel-rt-doc-3.10.0-514.6.1.rt56.430.el7.noarch.rpm | SHA-256: 0aad4ad15aa8f92a15f1cdb1bf37fba6c7c0e40c654543bf519f6e9fa7521317 |
| kernel-rt-kvm-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: 66d9f45e1acbc74500190e9e848a770f1dd71e81785ba444d15356c20e895c44 |
| kernel-rt-kvm-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: dfe76fe991583b9f09beb9ae18a076ec36f664e58ec5adac2792b00f00712a13 |
| kernel-rt-trace-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: c2fa96629a52a5c1c88724872d72e343da1044c545fd838eb57f585eda8dc3ca |
| kernel-rt-trace-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: f3d431b517fd27b24a8a54e21cd1898a31f2509fbde7038cbe70bcbff2d438d7 |
| kernel-rt-trace-devel-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: 006e8c399d4b62f3470180d785227e4b9ca05e6659cc98062d50635a669451c6 |
| kernel-rt-trace-kvm-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: bc0fe1a1d895bfb9bd518fd9c711db3577dcd233330599b7acd8a43c637dc7a6 |
| kernel-rt-trace-kvm-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: fbc3390ce890594c22d9b65bcec69111cf3758112ae69c56cb19fe0d7da56bd4 |
Red Hat Enterprise Linux for Real Time for x86_64 - Extended Life Cycle Support 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-514.6.1.rt56.430.el7.src.rpm | SHA-256: d76fc19d6fa9d1256762e4056d7da088c15a0f49414e5fe92b4dce8f6a277f3b |
| x86_64 | |
| kernel-rt-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: f677096559d604b490608add3e3ff292cd3b574eb749f5b32768d3c153e52505 |
| kernel-rt-debug-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: d5c0cede15ea09601e99d45077d606dfb23fc1819d4e7b0aea35bfd1f6340ba3 |
| kernel-rt-debug-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: dd3cca7cb16beea7588e452d5e8f40e96fbc805c3e83be7a6958fe2d2c955b6d |
| kernel-rt-debug-devel-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: ead230ec0f9aedb13e73634c5d0288777b51083acdc5d969a7bb10d32f72fa8d |
| kernel-rt-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: 0882f15fe4afc2a6907856ac6ca90bed5a67924170698434e1faffaac6d5e4b6 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: bef82ecef8899baa7cea49f45117e62c554a8925c39aeafdc3b5258fb57dc189 |
| kernel-rt-devel-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: 27a72e2586980ce3e87bd1ca1443c114fed8b3fffdbef788371190fa2b151a8a |
| kernel-rt-doc-3.10.0-514.6.1.rt56.430.el7.noarch.rpm | SHA-256: 0aad4ad15aa8f92a15f1cdb1bf37fba6c7c0e40c654543bf519f6e9fa7521317 |
| kernel-rt-trace-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: c2fa96629a52a5c1c88724872d72e343da1044c545fd838eb57f585eda8dc3ca |
| kernel-rt-trace-debuginfo-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: f3d431b517fd27b24a8a54e21cd1898a31f2509fbde7038cbe70bcbff2d438d7 |
| kernel-rt-trace-devel-3.10.0-514.6.1.rt56.430.el7.x86_64.rpm | SHA-256: 006e8c399d4b62f3470180d785227e4b9ca05e6659cc98062d50635a669451c6 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
