Red Hat Product Errata RHSA-2017:0346 - Security Advisory
Issued:
2017-02-28
Updated:
2017-02-28

RHSA-2017:0346 - Security Advisory

Synopsis

Important: kernel security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel is now available for Red Hat Enterprise Linux 5.9 Long
Life.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

Security Fix(es):

  • A use-after-free flaw was found in the way the Linux kernel's Datagram

Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer)
resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set
on the socket. A local, unprivileged user could use this flaw to alter the
kernel memory, allowing them to escalate their privileges on the system.
(CVE-2017-6074, Important)

  • It was found that the Linux kernel's Datagram Congestion Control Protocol

(DCCP) implementation used the IPv4-only inet_sk_rebuild_header() function for
both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A
remote attacker could use this flaw to crash the system. (CVE-2017-2634,
Moderate)

Important: This update disables the DCCP kernel module at load time by using the
kernel module blacklist method. The module is disabled in an attempt to reduce
further exposure to additional issues. (BZ#1426309)

Red Hat would like to thank Andrey Konovalov (Google) for reporting
CVE-2017-6074. The CVE-2017-2634 issue was discovered by Wade Mealing (Red Hat
Product Security).

Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 5.9 x86_64
  • Red Hat Enterprise Linux Server - AUS 5.9 ia64
  • Red Hat Enterprise Linux Server - AUS 5.9 i386

Fixes

  • BZ - 1423071 - CVE-2017-6074 kernel: use after free in dccp protocol
  • BZ - 1424751 - CVE-2017-2634 kernel: dccp: crash while sending ipv6 reset packet

Red Hat Enterprise Linux Server - AUS 5.9

SRPM
kernel-2.6.18-348.33.1.el5.src.rpm SHA-256: 112453ee7b99dc14d71ec354f8060b82cdef5480231bea7fc377c15b1884df5d
x86_64
kernel-2.6.18-348.33.1.el5.x86_64.rpm SHA-256: b7237844b1597d4f9bdec1d705644c0b7238c534532ebebf40dcff1c9619f544
kernel-debug-2.6.18-348.33.1.el5.x86_64.rpm SHA-256: d2057cb3062294a425079ede3130f5d0556efd2931f3d6b66c2a8a91f41d3a21
kernel-debug-debuginfo-2.6.18-348.33.1.el5.x86_64.rpm SHA-256: eb3697c409844a6d78c8611630c094930d60e957f4881de1fec11a2de46099a6
kernel-debug-devel-2.6.18-348.33.1.el5.x86_64.rpm SHA-256: 1449022d984db68ce167e28a331183720a5985c4bf4484f7a2aee26c4491846b
kernel-debuginfo-2.6.18-348.33.1.el5.x86_64.rpm SHA-256: 7df23a76a9ef0f014a6a5e294b340b2cfd07e04f109b9a3e6c010e5580e43d6a
kernel-debuginfo-common-2.6.18-348.33.1.el5.x86_64.rpm SHA-256: 024dab567e412553e59c2e5bc1d59a07af28eedb1719e60835183518c62cf206
kernel-devel-2.6.18-348.33.1.el5.x86_64.rpm SHA-256: 8dd6363c95f49989832fcc49ecd3f23cf7ec1113247cf7523e1bbcf81591215b
kernel-doc-2.6.18-348.33.1.el5.noarch.rpm SHA-256: fc166bdf5de4e3806712c6e82cd551dada200122c0cd36818519046150afbe3e
kernel-headers-2.6.18-348.33.1.el5.x86_64.rpm SHA-256: 25dc32d429978f1d109a5913546e41d366da6ef29a549c2203bc17d380d7659a
kernel-xen-2.6.18-348.33.1.el5.x86_64.rpm SHA-256: a364bf7f6c676001cfc1ed0792ef097a48691acb16bcd73068d7d6e1db1fda19
kernel-xen-debuginfo-2.6.18-348.33.1.el5.x86_64.rpm SHA-256: aae01c52eb5f26d2537e1d205b5dce5bb435771695f9bf8bff71e9b92d2bccd5
kernel-xen-devel-2.6.18-348.33.1.el5.x86_64.rpm SHA-256: a9535ec20306980df4a8612720077d550b02570932643422aef68eaff8f5f933
ia64
kernel-2.6.18-348.33.1.el5.ia64.rpm SHA-256: 42888d64341db44d19e5dba255807b5b7032a941ee3e0007fd39c53ff4760eab
kernel-debug-2.6.18-348.33.1.el5.ia64.rpm SHA-256: 1eb3c7050ed838759a45af86cee87e6b16a6e1b029736f5708cc897976166de6
kernel-debug-debuginfo-2.6.18-348.33.1.el5.ia64.rpm SHA-256: 7ac3c7b1367263cc1cd7784ac2ffd91b54dd335ea44db1f4b510542a1fb7d980
kernel-debug-devel-2.6.18-348.33.1.el5.ia64.rpm SHA-256: 1d66031a932dff53f31f63a785cf9341bde052967e74282f7bb3af1364a81f8f
kernel-debuginfo-2.6.18-348.33.1.el5.ia64.rpm SHA-256: 7bc3233fb799d200545b892137b2ab6e8a9bb99c6297f4f46f9a09a29ab32174
kernel-debuginfo-common-2.6.18-348.33.1.el5.ia64.rpm SHA-256: 0faa1eaadad3dc1d9dfc9cbb4a38a94c4419b6412a1f3ce1df89a70bc5fc5560
kernel-devel-2.6.18-348.33.1.el5.ia64.rpm SHA-256: fb5f92d19e131bc96ff27b69ca5489e500a0016e0762d97ed7e0569c829bf772
kernel-doc-2.6.18-348.33.1.el5.noarch.rpm SHA-256: fc166bdf5de4e3806712c6e82cd551dada200122c0cd36818519046150afbe3e
kernel-headers-2.6.18-348.33.1.el5.ia64.rpm SHA-256: 9ac472403266b97cb240abaa2c95c670fb9e102ef0ec2c4cc8128c7b6d09a0f4
kernel-xen-2.6.18-348.33.1.el5.ia64.rpm SHA-256: a588f774d8cd0f95a8b14712e7e85a98ae66dd4ef7a30b21cf21d197b0e08c91
kernel-xen-debuginfo-2.6.18-348.33.1.el5.ia64.rpm SHA-256: 204be5bee48612b41aa1f1960f4e66b3d4ed50db47784846b365b61196b73065
kernel-xen-devel-2.6.18-348.33.1.el5.ia64.rpm SHA-256: a46a66a323ee7ed32fc24a780e5645400e19aa9e016000f681f61b64876555d6
i386
kernel-2.6.18-348.33.1.el5.i686.rpm SHA-256: de3e20d69a1c363f6c9462138248406c3d773df72af5aac46bde8fb9b1664a00
kernel-PAE-2.6.18-348.33.1.el5.i686.rpm SHA-256: 4e055224d34526554e60fdd84e9eac478c17ba4b023f7314df6c9119dfda452c
kernel-PAE-debuginfo-2.6.18-348.33.1.el5.i686.rpm SHA-256: a1e74fbe4183f4d6900760286fac10bdb242be11830d6708f79511a264654066
kernel-PAE-devel-2.6.18-348.33.1.el5.i686.rpm SHA-256: 2f4bab87042e0de66aecbb6394e36eb05d90a3b086265f001f0eff08041ed76c
kernel-debug-2.6.18-348.33.1.el5.i686.rpm SHA-256: f649b0cf74743fbbf956410452f90aa01dacf6e172e2076d8efde6b0c70a06dc
kernel-debug-debuginfo-2.6.18-348.33.1.el5.i686.rpm SHA-256: e71e5242faae94e188393b640e4f4a71439b32a352517aa97371b54a6319a6e2
kernel-debug-devel-2.6.18-348.33.1.el5.i686.rpm SHA-256: 1d1fd3d2649df8bd33ee0a8cb4fa55c8b6aa469f31813b14f4540315e76ba047
kernel-debuginfo-2.6.18-348.33.1.el5.i686.rpm SHA-256: d49ef5d45bceae808aa1a1d3257b0b633fbd8905de96b77a35ab8bb03ca78e77
kernel-debuginfo-common-2.6.18-348.33.1.el5.i686.rpm SHA-256: e7b3c6d1e777676f49e241bbfbbb103dfe47b372e0a8d6cb14f97e9b0fb97e44
kernel-devel-2.6.18-348.33.1.el5.i686.rpm SHA-256: 3a9a9235924e2cce69a355f999a889db168d982af5b82dca6a9211e489232abc
kernel-doc-2.6.18-348.33.1.el5.noarch.rpm SHA-256: fc166bdf5de4e3806712c6e82cd551dada200122c0cd36818519046150afbe3e
kernel-headers-2.6.18-348.33.1.el5.i386.rpm SHA-256: 32979b422f4f9d072be741d2ed65cb0f5bb24bb2cb9a23d95ba2021d7a23f5b6
kernel-xen-2.6.18-348.33.1.el5.i686.rpm SHA-256: a495188c162c8f6881f3a826775d74e8b1224e55028488f0f73b5504528ff31d
kernel-xen-debuginfo-2.6.18-348.33.1.el5.i686.rpm SHA-256: b842ed8242a965186d6c1c9a0651925f0d3f808b02bab6a4bafe7e594d48f165
kernel-xen-devel-2.6.18-348.33.1.el5.i686.rpm SHA-256: 2a14d4b053751a8afbd42a6d5d374b2bd326e9782988178144818b4a82edb1d6

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.