Red Hat Product Errata RHSA-2017:0402 - Security Advisory

Issued:: 2017-03-02
Updated:: 2017-03-02

RHSA-2017:0402 - Security Advisory

Overview
Updated Packages

Synopsis

Important: kernel-rt security, bug fix, and enhancement update

Type/Severity

Security Advisory: Important

Topic

An update for kernel-rt is now available for Red Hat Enterprise MRG 2.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2016-8655, Important)

Red Hat would like to thank Philip Pettersson for reporting this issue.

Enhancement(s):

Previously, the Broadcom bnx2x driver in the MRG kernel-rt used an incorrect PTP Hardware Clock (PHC) timer divisor value, which broke Precision Time Protocol (PTP) timestamping due to an unstable clock. This update corrects the divisor value, and the PTP timestamping is now accurate, with monotonically increasing timestamp values. (BZ#1411139)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

MRG Realtime 2 x86_64

Fixes

BZ - 1400019 - CVE-2016-8655 kernel: Race condition in packet_set_ring leads to use after free
BZ - 1414055 - update the MRG 2.5.z 3.10 kernel-rt sources

CVEs

CVE-2016-8655

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

MRG Realtime 2

SRPM
kernel-rt-3.10.0-514.rt56.215.el6rt.src.rpm	SHA-256: 00699d94f2edd1782bd22f2cb37a64fcef8caaa09e37303c44e627d02965857b
x86_64
kernel-rt-3.10.0-514.rt56.215.el6rt.x86_64.rpm	SHA-256: 411b88e5447d255e0462c78e2c174ea33113c263f430ff00b007e81a854bb557
kernel-rt-debug-3.10.0-514.rt56.215.el6rt.x86_64.rpm	SHA-256: 4b5bf264a0200aa4f4fe62091d4808f60400275eb4928e68350d0d27d3eed806
kernel-rt-debug-debuginfo-3.10.0-514.rt56.215.el6rt.x86_64.rpm	SHA-256: 1b302f70ebe47487eb3f73da54ef2616c49d5c2f8b72b8daaa377823db503cba
kernel-rt-debug-devel-3.10.0-514.rt56.215.el6rt.x86_64.rpm	SHA-256: b1264515f657360fd42c7fad1bd780681445efcd51aa00ca011a8b704342264a
kernel-rt-debuginfo-3.10.0-514.rt56.215.el6rt.x86_64.rpm	SHA-256: d903e3e7e11d9132a42e404036d465836ed110929cc01e6e1dd06954b777ad2c
kernel-rt-debuginfo-common-x86_64-3.10.0-514.rt56.215.el6rt.x86_64.rpm	SHA-256: f409e361e0560b63d93c418c909b6f7062926cc0ff069400bcce50c40d8e6a2c
kernel-rt-devel-3.10.0-514.rt56.215.el6rt.x86_64.rpm	SHA-256: 6f81f0cc62099c35a438c408df71e17e6cd5271692837b56db964d180032c7f4
kernel-rt-doc-3.10.0-514.rt56.215.el6rt.noarch.rpm	SHA-256: 5de9e3187eb7d7dd49f3f06f5c0d7e4b8ee9aa32b432baae1148f12d00efbbf6
kernel-rt-firmware-3.10.0-514.rt56.215.el6rt.noarch.rpm	SHA-256: f00436d930d6b0699a9f8f4529e0f6a05e506cd6768cfe70abf0c8137ad39018
kernel-rt-trace-3.10.0-514.rt56.215.el6rt.x86_64.rpm	SHA-256: a3152964c4847470b56c587a702c7efc640444fec182712f78c75a21f43796ac
kernel-rt-trace-debuginfo-3.10.0-514.rt56.215.el6rt.x86_64.rpm	SHA-256: 836e99fbca6dd033a1815724bcdbfdb613669f9076c3fb17be09795c8f4d0db0
kernel-rt-trace-devel-3.10.0-514.rt56.215.el6rt.x86_64.rpm	SHA-256: d1f52d0d12c3a3617677e0c068fd2beb8936384c7b03c5938b53734f4be62fcc
kernel-rt-vanilla-3.10.0-514.rt56.215.el6rt.x86_64.rpm	SHA-256: 36ddecc750f48e16e9e4cc28ba986e547275f26fc185f245492a9094f47c76da
kernel-rt-vanilla-debuginfo-3.10.0-514.rt56.215.el6rt.x86_64.rpm	SHA-256: 5a78ae8a81e267cde4e90786124b0befdeed18624ca86d86e9b1a6684be5055c
kernel-rt-vanilla-devel-3.10.0-514.rt56.215.el6rt.x86_64.rpm	SHA-256: 740147215418a306e0ee43e5a796454f50880daea34a45cff1221ed0abb813b3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories