Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2017:1298 - Security Advisory
Issued:
2017-05-25
Updated:
2017-05-25

RHSA-2017:1298 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow, resulting in the crash of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2017-7308, Important)
  • Mounting a crafted EXT4 image read-only leads to an attacker controlled memory corruption and SLAB-Out-of-Bounds reads. (CVE-2016-10208, Moderate)
  • A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation. (CVE-2016-7910, Moderate)
  • A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set. (CVE-2016-8646, Moderate)

Red Hat would like to thank Igor Redko (Virtuozzo kernel team) for reporting CVE-2016-8646.

Bug Fix(es):

  • The kernel-rt packages have been upgraded to the 3.10.0-514.21.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1440803)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 7 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 7 x86_64

Fixes

  • BZ - 1388821 - CVE-2016-8646 kernel: Oops in shash_async_export()
  • BZ - 1395190 - CVE-2016-10208 kernel: EXT4 memory corruption / SLAB out-of-bounds read
  • BZ - 1399727 - CVE-2016-7910 kernel: Use after free in seq file
  • BZ - 1437404 - CVE-2017-7308 kernel: net/packet: overflow in check for priv area size
  • BZ - 1440803 - kernel-rt: update to the RHEL7.3.z batch#5 source tree [rhel-7.3.z]

CVEs

  • CVE-2016-10208
  • CVE-2016-7910
  • CVE-2016-8646
  • CVE-2017-7308

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for Real Time 7

SRPM
kernel-rt-3.10.0-514.21.1.rt56.438.el7.src.rpm SHA-256: bbf19c65c50cb071a6f8bd7d2095c45b58c462c313336aa6ed79bae36043ab13
x86_64
kernel-rt-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 6bc752be56c016f700d08d8215944da9893508a5d1c2e12b28983cfabf81e109
kernel-rt-debug-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 4ea1f899773f9517087db06197103e10ecda771209794b5d5e26baf66007c1cc
kernel-rt-debug-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 24605c2bae65bef139346e287328b579f003c5514c3df276b7a71b105b0ddbe4
kernel-rt-debug-devel-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: ddc858f6031d563184a031a2c80f9cc25475a423029bbbe9636a8611cc82b15e
kernel-rt-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: ce3de1cabe55ac510b6da4d1a50383e3411d707d0e6db90b9b5397b6aea5b98e
kernel-rt-debuginfo-common-x86_64-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: eb38601053bb4332e5b53ca2afe99807e56f31f5beaab1358521c16472376166
kernel-rt-devel-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: a5aa5d7c750561640d7c6aee1357f8a62ac369eb1246245b1a8c6ae59dba526c
kernel-rt-doc-3.10.0-514.21.1.rt56.438.el7.noarch.rpm SHA-256: 5568b1c87fd388506ef2d7e7ac3aed5e3ac060a238e84ab969724cce25df9e65
kernel-rt-trace-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 79e3aff1646f3a3ee977323152a762458f6af7870540c4ea6e1406be2ff3dbfd
kernel-rt-trace-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 3627ffe2aa4f57b9c37cf1ec8b0130094a14bbefa57e5d857567657d042fc47b
kernel-rt-trace-devel-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: dfe33c4a56ea069f1afbb623a8850bdc9b6392198fff26ae706966013babf5e9

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM
kernel-rt-3.10.0-514.21.1.rt56.438.el7.src.rpm SHA-256: bbf19c65c50cb071a6f8bd7d2095c45b58c462c313336aa6ed79bae36043ab13
x86_64
kernel-rt-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 6bc752be56c016f700d08d8215944da9893508a5d1c2e12b28983cfabf81e109
kernel-rt-debug-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 4ea1f899773f9517087db06197103e10ecda771209794b5d5e26baf66007c1cc
kernel-rt-debug-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 24605c2bae65bef139346e287328b579f003c5514c3df276b7a71b105b0ddbe4
kernel-rt-debug-devel-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: ddc858f6031d563184a031a2c80f9cc25475a423029bbbe9636a8611cc82b15e
kernel-rt-debug-kvm-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 1a5923d54957c5337b9a1737148bad01ba787ea02362d1dab7166bf954c4d204
kernel-rt-debug-kvm-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 8e68d3f1ca041547293f9b62ffccad5cee16efe854941c1d70eec9d5b13c0aab
kernel-rt-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: ce3de1cabe55ac510b6da4d1a50383e3411d707d0e6db90b9b5397b6aea5b98e
kernel-rt-debuginfo-common-x86_64-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: eb38601053bb4332e5b53ca2afe99807e56f31f5beaab1358521c16472376166
kernel-rt-devel-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: a5aa5d7c750561640d7c6aee1357f8a62ac369eb1246245b1a8c6ae59dba526c
kernel-rt-doc-3.10.0-514.21.1.rt56.438.el7.noarch.rpm SHA-256: 5568b1c87fd388506ef2d7e7ac3aed5e3ac060a238e84ab969724cce25df9e65
kernel-rt-kvm-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: c897a173da8ba6699b2cc65c7743e8dff8b50e9a6365c462da3bcb8399546048
kernel-rt-kvm-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: c07009347e51dc4f88afca4376a7fd0bedab8c53e9e0dfe05f83d8902d1fcea4
kernel-rt-trace-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 79e3aff1646f3a3ee977323152a762458f6af7870540c4ea6e1406be2ff3dbfd
kernel-rt-trace-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 3627ffe2aa4f57b9c37cf1ec8b0130094a14bbefa57e5d857567657d042fc47b
kernel-rt-trace-devel-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: dfe33c4a56ea069f1afbb623a8850bdc9b6392198fff26ae706966013babf5e9
kernel-rt-trace-kvm-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: ab6d449ee5ef34826a8b16e631c2ccf8a534c9077debe58c2d3ce161da406b04
kernel-rt-trace-kvm-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: a43bab17fcf3accc34283810d2358c8086a353b7f5e1c90d6e0cb8ea403bc1cd

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Terms of Use
  • All Policies and Guidelines
We've updated our <a href='http://www.redhat.com/en/about/privacy-policy' class='privacy-policy'>Privacy Statement</a> effective September 15, 2023.
Red Hat Summit Red Hat Summit
Twitter