Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2017:1297 - Security Advisory
Issued:
2017-05-25
Updated:
2017-05-25

RHSA-2017:1297 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise MRG 2.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow, resulting in the crash of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2017-7308, Important)
  • Mounting a crafted EXT4 image read-only leads to an attacker controlled memory corruption and SLAB-Out-of-Bounds reads. (CVE-2016-10208, Moderate)
  • A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation. (CVE-2016-7910, Moderate)
  • A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set. (CVE-2016-8646, Moderate)

Red Hat would like to thank Igor Redko (Virtuozzo kernel team) for reporting CVE-2016-8646.

Bug Fix(es):

  • The kernel-rt packages have been upgraded to the 3.10.0-514 source tree, which provides a number of bug fixes over the previous version. (BZ#1440807)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • MRG Realtime 2 x86_64

Fixes

  • BZ - 1388821 - CVE-2016-8646 kernel: Oops in shash_async_export()
  • BZ - 1395190 - CVE-2016-10208 kernel: EXT4 memory corruption / SLAB out-of-bounds read
  • BZ - 1399727 - CVE-2016-7910 kernel: Use after free in seq file
  • BZ - 1437404 - CVE-2017-7308 kernel: net/packet: overflow in check for priv area size
  • BZ - 1440807 - update the MRG 2.5.z 3.10 kernel-rt sources

CVEs

  • CVE-2016-10208
  • CVE-2016-7910
  • CVE-2016-8646
  • CVE-2017-7308

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

MRG Realtime 2

SRPM
kernel-rt-3.10.0-514.rt56.221.el6rt.src.rpm SHA-256: 81c7dbb9c25bce769a6efb43e3705632f5b52bb57a729e6363590402decb9db2
x86_64
kernel-rt-3.10.0-514.rt56.221.el6rt.x86_64.rpm SHA-256: 879bd78c126e116a330e51c23a32dc97ac1e8c6644725b77eda25442ee458fd7
kernel-rt-debug-3.10.0-514.rt56.221.el6rt.x86_64.rpm SHA-256: 6f96c492b106d88b7b9327621d870dad756db0a93052510988d144f4ff0a2c06
kernel-rt-debug-debuginfo-3.10.0-514.rt56.221.el6rt.x86_64.rpm SHA-256: ea9ddb71ecc0871aed574e5fd35017494bfd2b146e2127675572a82fffaf8a92
kernel-rt-debug-devel-3.10.0-514.rt56.221.el6rt.x86_64.rpm SHA-256: b0e0ba19626fa0f2470181602fd6320b6a6fc203a045d95d5e60bc095ead1cfe
kernel-rt-debuginfo-3.10.0-514.rt56.221.el6rt.x86_64.rpm SHA-256: 790f5dfb892d9c858a141f956ff6ca1eec3b6802f100b8ab07e357f41c44e8f3
kernel-rt-debuginfo-common-x86_64-3.10.0-514.rt56.221.el6rt.x86_64.rpm SHA-256: aca655f03c26b6ff01f619cdef5c1290228b116cabd2262b084d735def27a18e
kernel-rt-devel-3.10.0-514.rt56.221.el6rt.x86_64.rpm SHA-256: 1fc25ffda356e13b330d24c2bfef719b7ef71a66a46b49d306de86ec493715e7
kernel-rt-doc-3.10.0-514.rt56.221.el6rt.noarch.rpm SHA-256: 84489e5c9f2d228a5009954f27392a5b6bcb903f2802c65e9be015c03ccf9269
kernel-rt-firmware-3.10.0-514.rt56.221.el6rt.noarch.rpm SHA-256: 0ec07af90432835fa01c7d73b322b9221df75097414c092ab68063b77a496db3
kernel-rt-trace-3.10.0-514.rt56.221.el6rt.x86_64.rpm SHA-256: 443186f4c61e20690351c3b862de3bd6d76a815382dfddc9af16b558eac4112f
kernel-rt-trace-debuginfo-3.10.0-514.rt56.221.el6rt.x86_64.rpm SHA-256: b22516657b9465894c0fc057e0cc021eacb9250c2c789e59d63fb7349af4dc4b
kernel-rt-trace-devel-3.10.0-514.rt56.221.el6rt.x86_64.rpm SHA-256: a4d0662e7bcbd0b84ce2db94fa335ee3189c8d65ac291bd690c3c7f87fbd1610
kernel-rt-vanilla-3.10.0-514.rt56.221.el6rt.x86_64.rpm SHA-256: b430829dc6fca091a9f3334f45c81848b90f02c9c8feab638191d4e8233a0f45
kernel-rt-vanilla-debuginfo-3.10.0-514.rt56.221.el6rt.x86_64.rpm SHA-256: 9049cbb01b541e8c3b8de0303381e6759b65cef02389923e993d6ca1b035dd57
kernel-rt-vanilla-devel-3.10.0-514.rt56.221.el6rt.x86_64.rpm SHA-256: 3f1b8ddea6eae97e3c902e75eb5c16364c2afccf2ecb046dfe0283187e3b5455

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter