Red Hat Product Errata RHSA-2017:1297 - Security Advisory

Issued:: 2017-05-25
Updated:: 2017-05-25

RHSA-2017:1297 - Security Advisory

Overview
Updated Packages

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Topic

An update for kernel-rt is now available for Red Hat Enterprise MRG 2.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow, resulting in the crash of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2017-7308, Important)
Mounting a crafted EXT4 image read-only leads to an attacker controlled memory corruption and SLAB-Out-of-Bounds reads. (CVE-2016-10208, Moderate)
A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation. (CVE-2016-7910, Moderate)
A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set. (CVE-2016-8646, Moderate)

Red Hat would like to thank Igor Redko (Virtuozzo kernel team) for reporting CVE-2016-8646.

Bug Fix(es):

The kernel-rt packages have been upgraded to the 3.10.0-514 source tree, which provides a number of bug fixes over the previous version. (BZ#1440807)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

MRG Realtime 2 x86_64

Fixes

BZ - 1388821 - CVE-2016-8646 kernel: Oops in shash_async_export()
BZ - 1395190 - CVE-2016-10208 kernel: EXT4 memory corruption / SLAB out-of-bounds read
BZ - 1399727 - CVE-2016-7910 kernel: Use after free in seq file
BZ - 1437404 - CVE-2017-7308 kernel: net/packet: overflow in check for priv area size
BZ - 1440807 - update the MRG 2.5.z 3.10 kernel-rt sources

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

MRG Realtime 2

SRPM
kernel-rt-3.10.0-514.rt56.221.el6rt.src.rpm	SHA-256: 81c7dbb9c25bce769a6efb43e3705632f5b52bb57a729e6363590402decb9db2
x86_64
kernel-rt-3.10.0-514.rt56.221.el6rt.x86_64.rpm	SHA-256: 879bd78c126e116a330e51c23a32dc97ac1e8c6644725b77eda25442ee458fd7
kernel-rt-debug-3.10.0-514.rt56.221.el6rt.x86_64.rpm	SHA-256: 6f96c492b106d88b7b9327621d870dad756db0a93052510988d144f4ff0a2c06
kernel-rt-debug-debuginfo-3.10.0-514.rt56.221.el6rt.x86_64.rpm	SHA-256: ea9ddb71ecc0871aed574e5fd35017494bfd2b146e2127675572a82fffaf8a92
kernel-rt-debug-devel-3.10.0-514.rt56.221.el6rt.x86_64.rpm	SHA-256: b0e0ba19626fa0f2470181602fd6320b6a6fc203a045d95d5e60bc095ead1cfe
kernel-rt-debuginfo-3.10.0-514.rt56.221.el6rt.x86_64.rpm	SHA-256: 790f5dfb892d9c858a141f956ff6ca1eec3b6802f100b8ab07e357f41c44e8f3
kernel-rt-debuginfo-common-x86_64-3.10.0-514.rt56.221.el6rt.x86_64.rpm	SHA-256: aca655f03c26b6ff01f619cdef5c1290228b116cabd2262b084d735def27a18e
kernel-rt-devel-3.10.0-514.rt56.221.el6rt.x86_64.rpm	SHA-256: 1fc25ffda356e13b330d24c2bfef719b7ef71a66a46b49d306de86ec493715e7
kernel-rt-doc-3.10.0-514.rt56.221.el6rt.noarch.rpm	SHA-256: 84489e5c9f2d228a5009954f27392a5b6bcb903f2802c65e9be015c03ccf9269
kernel-rt-firmware-3.10.0-514.rt56.221.el6rt.noarch.rpm	SHA-256: 0ec07af90432835fa01c7d73b322b9221df75097414c092ab68063b77a496db3
kernel-rt-trace-3.10.0-514.rt56.221.el6rt.x86_64.rpm	SHA-256: 443186f4c61e20690351c3b862de3bd6d76a815382dfddc9af16b558eac4112f
kernel-rt-trace-debuginfo-3.10.0-514.rt56.221.el6rt.x86_64.rpm	SHA-256: b22516657b9465894c0fc057e0cc021eacb9250c2c789e59d63fb7349af4dc4b
kernel-rt-trace-devel-3.10.0-514.rt56.221.el6rt.x86_64.rpm	SHA-256: a4d0662e7bcbd0b84ce2db94fa335ee3189c8d65ac291bd690c3c7f87fbd1610
kernel-rt-vanilla-3.10.0-514.rt56.221.el6rt.x86_64.rpm	SHA-256: b430829dc6fca091a9f3334f45c81848b90f02c9c8feab638191d4e8233a0f45
kernel-rt-vanilla-debuginfo-3.10.0-514.rt56.221.el6rt.x86_64.rpm	SHA-256: 9049cbb01b541e8c3b8de0303381e6759b65cef02389923e993d6ca1b035dd57
kernel-rt-vanilla-devel-3.10.0-514.rt56.221.el6rt.x86_64.rpm	SHA-256: 3f1b8ddea6eae97e3c902e75eb5c16364c2afccf2ecb046dfe0283187e3b5455

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories