'[Announce] Kernel RHEL6 042stab123.1'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openvz-announce
Subject:    [Announce] Kernel RHEL6 042stab123.1
From:       Vasily Averin <vvs () openvz ! org>
Date:       2017-04-07 7:48:22
Message-ID: 2ebf4f71-d90d-7332-f37f-b423826980df () virtuozzo ! com
[Download RAW message or body]

OpenVZ project released an updated RHEL6 based kernel.
Read below for more information. Everyone is advised to update.

Changes and Download
====================
(since 042stab120.20)
* Rebase to RHEL6u9 kernel 2.6.32-696.el6 (security, bug fixes, and enhancements)
* [Moderate] A flaw was found in the Linux kernel's handling of packets with the URG \
flag. Applications using the splice() and tcp_splice_read() functionality can allow a \
remote attacker to force the kernel to enter a condition in which it can loop \
                indefinitely. (CVE-2017-6214)
* [Moderate] It was discovered that a remote attacker could leverage the generation \
of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 \
flow (in scenarios in which actual fragmentation of packets is not needed) and could \
subsequently perform any type of a fragmentation-based attack against legacy IPv6 \
                nodes that do not implement RFC6946. (CVE-2016-10142)
* [Moderate] It was found that the blk_rq_map_user_iov() function in the Linux \
kernel's block device implementation did not properly restrict the type of iterator, \
which could allow a local attacker to read or write to arbitrary kernel memory \
locations or cause a denial of service (use-after-free) by leveraging write access to \
                a /dev/sg device. (CVE-2016-10088, CVE-2016-9576)
* [Moderate] A flaw was found in the Linux kernel's implementation of the SCTP \
protocol. A remote attacker could trigger an out-of-bounds read with an offset of up \
                to 64kB potentially causing the system to crash. (CVE-2016-9555)
* [Moderate] A flaw was found in the Linux networking subsystem where a local \
attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access \
by creating a smaller-than-expected ICMP header and sending to its destination via \
                sendto(). (CVE-2016-8399)
* [Moderate] It was found that when file permissions were modified via chmod and the \
user modifying them was not in the owning group or capable of CAP_FSETID, the setgid \
bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as \
well as the new ACL, but doesn't clear the setgid bit in a similar way. This could \
allow a local user to gain group privileges via certain setgid applications. \
                (CVE-2016-7097)
* [Moderate] It was found that when the gcc stack protector was enabled, reading the \
/proc/keys file could cause a panic in the Linux kernel due to stack corruption. This \
happened because an incorrect buffer size was used to hold a 64-bit timeout value \
                rendered as weeks. (CVE-2016-7042)
* [Moderate] A race condition flaw was found in the ioctl_send_fib() function in the \
Linux kernel's aacraid implementation. A local attacker could use this flaw to cause \
a denial of service (out-of-bounds access or system crash) by changing a certain size \
                value. (CVE-2016-6480)
* [Moderate] When creating audit records for parameters to executed children \
processes, an attacker can convince the Linux kernel audit subsystem can create \
corrupt records which may allow an attacker to misrepresent or evade logging of \
                executing commands. (CVE-2016-6136)
* [Moderate] A flaw was discovered in the way the Linux kernel dealt with paging \
structures. When the kernel invalidated a paging structure that was not in use \
locally, it could, in principle, race against another CPU that is switching to a \
process that uses the paging structure in question. A local user could use a thread \
running with a stale cached virtual->physical translation to potentially escalate \
their privileges if the translation in question were writable and the physical page \
                got reused for something critical (for example, a page table). \
                (CVE-2016-2069)
* [Low] A flaw was found in the USB-MIDI Linux kernel driver: a double-free error \
could be triggered for the 'umidi' object. An attacker with physical access to the \
                system could use this flaw to escalate their privileges. \
                (CVE-2016-2384) 
* Ploop resize improvements. (PSBM-57813)
* Ploop defragmentation improvements. (PSBM-57003)

For more info and downloads, see:
https://openvz.org/Download/kernel/rhel6/042stab123.1

See also
========
https://www.redhat.com/security/data/cve/CVE-2017-6214.html
https://www.redhat.com/security/data/cve/CVE-2016-10142.html
https://www.redhat.com/security/data/cve/CVE-2016-10088.html
https://www.redhat.com/security/data/cve/CVE-2016-9576.html
https://www.redhat.com/security/data/cve/CVE-2016-9555.html
https://www.redhat.com/security/data/cve/CVE-2016-8399.html
https://www.redhat.com/security/data/cve/CVE-2016-7097.html
https://www.redhat.com/security/data/cve/CVE-2016-7042.html
https://www.redhat.com/security/data/cve/CVE-2016-6828.html
https://www.redhat.com/security/data/cve/CVE-2016-6480.html
https://www.redhat.com/security/data/cve/CVE-2016-2384.html
https://www.redhat.com/security/data/cve/CVE-2016-2069.html
https://rhn.redhat.com/errata/RHSA-2017-0817.html
https://rhn.redhat.com/errata/RHSA-2017-0307.html
https://rhn.redhat.com/errata/RHSA-2017-0293.html
https://rhn.redhat.com/errata/RHSA-2017-0036.html
https://rhn.redhat.com/errata/RHSA-2016-2766.html

Bug reporting
=============
Use http://bugs.openvz.org/ to report any bugs found.

Regards,
    OpenVZ team
_______________________________________________
Announce mailing list
Announce@openvz.org
https://lists.openvz.org/mailman/listinfo/announce

[prev in list] [next in list] [prev in thread] [next in thread] 