|
|
Subscribe / Log in / New account

Scientific Linux alert SLSA-2017:0933-1 (kernel)



From:
    	      Pat Riehecky <riehecky@fnal.gov> 


To:
    	      <scientific-linux-errata@listserv.fnal.gov> 


Subject:
    	      Security ERRATA Important: kernel on SL7.x x86_64 


Date:
    	      Wed, 12 Apr 2017 17:14:57 +0000


Message-ID:
    	      <20170412171457.27266.72507@slpackages.fnal.gov>


Synopsis:          Important: kernel security, bug fix, and enhancement update
Advisory ID:       SLSA-2017:0933-1
Issue Date:        2017-04-12
CVE Numbers:       CVE-2017-2636
                   CVE-2016-8650
                   CVE-2016-9793
                   CVE-2017-2618
--

Security Fix(es):

* A race condition flaw was found in the N_HLDC Linux kernel driver when
accessing n_hdlc.tbuf list that can lead to double free. A local,
unprivileged user able to set the HDLC line discipline on the tty device
could use this flaw to increase their privileges on the system.
(CVE-2017-2636, Important)

* A flaw was found in the Linux kernel key management subsystem in which a
local attacker could crash the kernel or corrupt the stack and additional
memory (denial of service) by supplying a specially crafted RSA key. This
flaw panics the machine during the verification of the RSA key.
(CVE-2016-8650, Moderate)

* A flaw was found in the Linux kernel's implementation of setsockopt for
the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with non-
namespace CAP_NET_ADMIN are able to trigger this call and create a
situation in which the sockets sendbuff data size could be negative. This
could adversely affect memory allocations and create situations where the
system could crash or cause memory corruption. (CVE-2016-9793, Moderate)

* A flaw was found in the Linux kernel's handling of clearing SELinux
attributes on /proc/pid/attr files. An empty (null) write to this file can
crash the system by causing the system to attempt to access unmapped
kernel memory. (CVE-2017-2618, Moderate)
--

SL7
  x86_64
    kernel-3.10.0-514.16.1.el7.x86_64.rpm
    kernel-debug-3.10.0-514.16.1.el7.x86_64.rpm
    kernel-debug-debuginfo-3.10.0-514.16.1.el7.x86_64.rpm
    kernel-debug-devel-3.10.0-514.16.1.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-514.16.1.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-514.16.1.el7.x86_64.rpm
    kernel-devel-3.10.0-514.16.1.el7.x86_64.rpm
    kernel-headers-3.10.0-514.16.1.el7.x86_64.rpm
    kernel-tools-3.10.0-514.16.1.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-514.16.1.el7.x86_64.rpm
    kernel-tools-libs-3.10.0-514.16.1.el7.x86_64.rpm
    perf-3.10.0-514.16.1.el7.x86_64.rpm
    perf-debuginfo-3.10.0-514.16.1.el7.x86_64.rpm
    python-perf-3.10.0-514.16.1.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-514.16.1.el7.x86_64.rpm
    kernel-tools-libs-devel-3.10.0-514.16.1.el7.x86_64.rpm
  noarch
    kernel-abi-whitelists-3.10.0-514.16.1.el7.noarch.rpm
    kernel-doc-3.10.0-514.16.1.el7.noarch.rpm

- Scientific Linux Development Team
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds