Scientific Linux: SLSA-2016:0064-1 Critical: Kernel Security Update

Scientific Linux: SLSA-2016:0064-1 Critical: Kernel Privilege Escalation

Important: kernel security update

Date: Mon, 25 Jan 2016 22:19:42 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: kernel on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20160125221942.3053.66291@slpackages.fnal.gov>

Synopsis: Important: kernel security update
Advisory ID: SLSA-2016:0064-1
Issue Date: 2016-01-25
CVE Numbers: CVE-2016-0728
--

* A use-after-free flaw was found in the way the Linux kernel's key
management subsystem handled keyring object reference counting in certain
error path of the join_session_keyring() function. A local, unprivileged
user could use this flaw to escalate their privileges on the system.
(CVE-2016-0728, Important)

The system must be rebooted for this update to take effect.
--

SL7
 x86_64
 kernel-3.10.0-327.4.5.el7.x86_64.rpm
 kernel-debug-3.10.0-327.4.5.el7.x86_64.rpm
 kernel-debug-debuginfo-3.10.0-327.4.5.el7.x86_64.rpm
 kernel-debug-devel-3.10.0-327.4.5.el7.x86_64.rpm
 kernel-debuginfo-3.10.0-327.4.5.el7.x86_64.rpm
 kernel-debuginfo-common-x86_64-3.10.0-327.4.5.el7.x86_64.rpm
 kernel-devel-3.10.0-327.4.5.el7.x86_64.rpm
 kernel-headers-3.10.0-327.4.5.el7.x86_64.rpm
 kernel-tools-3.10.0-327.4.5.el7.x86_64.rpm
 kernel-tools-debuginfo-3.10.0-327.4.5.el7.x86_64.rpm
 kernel-tools-libs-3.10.0-327.4.5.el7.x86_64.rpm
 perf-3.10.0-327.4.5.el7.x86_64.rpm
 perf-debuginfo-3.10.0-327.4.5.el7.x86_64.rpm
 python-perf-3.10.0-327.4.5.el7.x86_64.rpm
 python-perf-debuginfo-3.10.0-327.4.5.el7.x86_64.rpm
 kernel-tools-libs-devel-3.10.0-327.4.5.el7.x86_64.rpm
 noarch
 kernel-abi-whitelists-3.10.0-327.4.5.el7.noarch.rpm
 kernel-doc-3.10.0-327.4.5.el7.noarch.rpm

- Scientific Linux Development Team