[prev in list] [next in list] [prev in thread] [next in thread]
List: openvz-announce
Subject: [Announce] Kernel RHEL6 042stab131.1
From: Vasily Averin <vvs () openvz ! org>
Date: 2018-06-25 14:40:55
Message-ID: 44f512eb-a8c1-21a5-ce34-f9bc29764bbc () virtuozzo ! com
[Download RAW message or body]
OpenVZ project released an updated RHEL6 based kernel.
Read below for more information. Everyone is advised to update.
Changes and Download
====================
(since 042stab130.1)
* Rebase to RHEL6u10 kernel 2.6.32-754.el6
* [Important] The do_get_mempolicy() function in 'mm/mempolicy.c' in the Linux kernel \
allows local users to hit a use-after-free bug via crafted system calls and thus \
cause a denial of service (DoS) or possibly have unspecified other impact. Due to the \
nature of the flaw, privilege escalation cannot be fully ruled out. \
(CVE-2018-10675)
* [Moderate] It was found that AIO interface didn't use the proper rw_verify_area() \
helper function with extended functionality, for example, mandatory locking on the \
file. Also rw_verify_area() makes extended checks, for example, that the size of the \
access doesn't cause overflow of the provided offset limits. This integer overflow in \
fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of \
service or possibly have unspecified other impact via a large AIO iovec. \
(CVE-2012-6701)
* [Moderate] Integer overflow in the aio_setup_single_vector function in fs/aio.c in \
the Linux kernel 4.0 allows local users to cause a denial of service or possibly have \
unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists \
because of a CVE-2012-6701 regression. (CVE-2015-8830)
* [Moderate] A flaw was found in the Linux kernel key management subsystem in which a \
local attacker could crash the kernel or corrupt the stack and additional memory \
(denial of service) by supplying a specially crafted RSA key. This flaw panics the \
machine during the verification of the RSA key. (CVE-2016-8650)
* [Moderate] A race condition leading to a NULL pointer dereference was found in the \
Linux kernel's Link Layer Control implementation. A local attacker with access to \
ping sockets could use this flaw to crash the system. (CVE-2017-2671)
* [Moderate] It was found that the original fix for CVE-2016-6786 was incomplete. \
There exist a race between two concurrent sys_perf_event_open() calls when both try \
and move the same pre-existing software group into a hardware context. \
(CVE-2017-6001)
* [Moderate] Incorrect error handling in the set_mempolicy() and mbind() compat \
syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain \
sensitive information from uninitialized stack data by triggering failure of a \
certain bitmap operation. (CVE-2017-7616)
* [Moderate] The mm subsystem in the Linux kernel through 4.10.10 does not properly \
enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to \
read or write to kernel memory locations in the first megabyte (and bypass \
slab-allocation access restrictions) via an application that opens the /dev/mem file, \
related to arch/x86/mm/init.c and drivers/char/mem.c. (CVE-2017-7889)
* [Moderate] It was found that in the Linux kernel through v4.14-rc5, \
bio_map_user_iov() and bio_unmap_user() in 'block/bio.c' do unbalanced pages \
refcounting if IO vector has small consecutive buffers belonging to the same page. \
bio_add_pc_page() merges them into one, but the page reference is never dropped, \
causing a memory leak and possible system lockup due to out-of-memory condition. \
(CVE-2017-12190)
* [Moderate] The Linux kernel, before version 4.14.3, is vulnerable to a denial of \
service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users \
leveraging a race condition with __dm_destroy() during creation and removal of DM \
devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly \
perform the ioctl operations for dm device creation and removal and this would \
typically be outside the direct control of the unprivileged attacker. \
(CVE-2017-18203)
* [Moderate] An error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) \
when handling SCTP, packet length can be exploited by a malicious local user to cause \
a kernel crash and a DoS. (CVE-2018-5803)
* [Low] Memory leak in the sas_smp_get_phy_events function in \
drivers/scsi/libsas/sas_expander.c in the Linux kernel allows local users to cause a \
denial of service (kernel memory exhaustion) via multiple read accesses to files in \
the /sys/class/sas_phy directory. (CVE-2018-7757)
* Reloading the nf_conntrack module could result in node crash. (PSBM-85938)
For more info and downloads, see:
https://openvz.org/Download/kernel/rhel6/042stab131.1
See also
========
* https://access.redhat.com/errata/RHSA-2018:1854
* https://www.redhat.com/security/data/cve/CVE-2012-6701.html
* https://www.redhat.com/security/data/cve/CVE-2015-8830.html
* https://www.redhat.com/security/data/cve/CVE-2016-8650.html
* https://www.redhat.com/security/data/cve/CVE-2017-2671.html
* https://www.redhat.com/security/data/cve/CVE-2017-6001.html
* https://www.redhat.com/security/data/cve/CVE-2017-7616.html
* https://www.redhat.com/security/data/cve/CVE-2017-7889.html
* https://www.redhat.com/security/data/cve/CVE-2017-12190.html
* https://www.redhat.com/security/data/cve/CVE-2017-18203.html
* https://www.redhat.com/security/data/cve/CVE-2018-5803.html
* https://www.redhat.com/security/data/cve/CVE-2018-7757.html
* https://www.redhat.com/security/data/cve/CVE-2018-10675.html
Bug reporting
=============
Use http://bugs.openvz.org/ to report any bugs found.
Regards,
OpenVZ team
_______________________________________________
Announce mailing list
Announce@openvz.org
https://lists.openvz.org/mailman/listinfo/announce
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic