Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Scientific Linux SL6.x SLSA-2016:1406-1 Important Kernel Security Update

Calendar Jul 18, 2016 User Avatar LinuxSecurity Advisories
4 - 8 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory privilege escalation bug fix important kernel escalation Scientific Linux
Important: kernel security and bug fix update 
Date: Tue, 12 Jul 2016 17:05:08 -0500
Reply-To: "Kevin M. Hill" 
Sender: Security Errata for Scientific Linux
 
From: "Kevin M. Hill" 
Subject: FASTBUGS for SL 5x i386, x86_64 now available
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.
MIME-Version: 1.0
Message-ID: <5e10f4e5-33ac-d1ee-ce16-0f20442d6fd9@fnal.gov>

The following FASTBUGS have been uploaded to

i386:
kernel-2.6.18-411.el5.i686.rpm
kernel-2.6.18-411.el5.src.rpm
kernel-debug-2.6.18-411.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-411.el5.i686.rpm
kernel-debug-devel-2.6.18-411.el5.i686.rpm
kernel-debuginfo-2.6.18-411.el5.i686.rpm
kernel-debuginfo-common-2.6.18-411.el5.i686.rpm
kernel-devel-2.6.18-411.el5.i686.rpm
kernel-doc-2.6.18-411.el5.noarch.rpm
kernel-headers-2.6.18-411.el5.i386.rpm
kernel-module-aufs-2.6.18-411.el5-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-aufs-2.6.18-411.el5PAE-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-aufs-2.6.18-411.el5xen-0.20090202.cvs-6.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-411.el5-1.2.0-2.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-411.el5PAE-1.2.0-2.sl5.i686.rpm
kernel-module-ipw3945-2.6.18-411.el5xen-1.2.0-2.sl5.i686.rpm
kernel-module-openafs-2.6.18-411.el5-1.4.15-89.sl5.i686.rpm
kernel-module-openafs-2.6.18-411.el5-debuginfo-1.4.15-89.sl5.i686.rpm
kernel-module-openafs-2.6.18-411.el5PAE-1.4.15-89.sl5.i686.rpm
kernel-module-openafs-2.6.18-411.el5PAE-debuginfo-1.4.15-89.sl5.i686.rpm
kernel-module-openafs-2.6.18-411.el5xen-1.4.15-89.sl5.i686.rpm
kernel-module-openafs-2.6.18-411.el5xen-debuginfo-1.4.15-89.sl5.i686.rpm
kernel-module-xfs-2.6.18-411.el5-0.4-2.sl5.i686.rpm
kernel-module-xfs-2.6.18-411.el5PAE-0.4-2.sl5.i686.rpm
kernel-module-xfs-2.6.18-411.el5xen-0.4-2.sl5.i686.rpm
kernel-PAE-2.6.18-411.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-411.el5.i686.rpm
kernel-PAE-devel-2.6.18-411.el5.i686.rpm
kernel-xen-2.6.18-411.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-411.el5.i686.rpm
kernel-xen-devel-2.6.18-411.el5.i686.rpm

x86_64:
kernel-2.6.18-411.el5.src.rpm
kernel-2.6.18-411.el5.x86_64.rpm
kernel-debug-2.6.18-411.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-411.el5.x86_64.rpm
kernel-debug-devel-2.6.18-411.el5.x86_64.rpm
kernel-debuginfo-2.6.18-411.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-411.el5.x86_64.rpm
kernel-devel-2.6.18-411.el5.x86_64.rpm
kernel-doc-2.6.18-411.el5.noarch.rpm
kernel-headers-2.6.18-411.el5.x86_64.rpm
kernel-module-aufs-2.6.18-411.el5-0.20090202.cvs-6.sl5.x86_64.rpm
kernel-module-aufs-2.6.18-411.el5xen-0.20090202.cvs-6.sl5.x86_64.rpm
kernel-module-ipw3945-2.6.18-411.el5-1.2.0-2.sl5.x86_64.rpm
kernel-module-ipw3945-2.6.18-411.el5xen-1.2.0-2.sl5.x86_64.rpm
kernel-module-openafs-2.6.18-411.el5-1.4.15-89.sl5.x86_64.rpm
kernel-module-openafs-2.6.18-411.el5-debuginfo-1.4.15-89.sl5.x86_64.rpm
kernel-module-openafs-2.6.18-411.el5xen-1.4.15-89.sl5.x86_64.rpm
kernel-module-openafs-2.6.18-411.el5xen-debuginfo-1.4.15-89.sl5.x86_64.rpm
kernel-xen-2.6.18-411.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-411.el5.x86_64.rpm
kernel-xen-devel-2.6.18-411.el5.x86_64.rpm
Date: Mon, 18 Jul 2016 19:46:14 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Kevin Hill 
Subject: Security ERRATA Important: kernel on SL6.x i386/x86_64
MIME-Version: 1.0
Message-ID: <20160718194614.20584.6972@slpackages.fnal.gov>

Synopsis: Important: kernel security and bug fix update
Advisory ID: SLSA-2016:1406-1
Issue Date: 2016-07-12
CVE Numbers: CVE-2016-4565
--

Security Fix:

* A flaw was found in the way certain interfaces of the Linux kernel's
Infiniband subsystem used write() as bi-directional ioctl() replacement,
which could lead to insufficient memory security checks when being invoked
using the the splice() system call. A local unprivileged user on a system
with either Infiniband hardware present or RDMA Userspace Connection
Manager Access module explicitly loaded, could use this flaw to escalate
their privileges on the system. (CVE-2016-4565, Important)

This update also fixes the following bugs:

* When providing some services and using the Integrated Services Digital
Network (ISDN), the system could terminate unexpectedly due to the call of
the tty_ldisc_flush() function. The provided patch removes this call and
the system no longer hangs in the described scenario.

* An update to the Scientific Linux 6.8 kernel added calls of two
functions provided by the ipv6.ko kernel module, which added a dependency
on that module. On systems where ipv6.ko was prevented from being loaded,
the nfsd.ko and lockd.ko modules were unable to be loaded. Consequently,
it was not possible to run an NFS server or to mount NFS file systems as a
client. The underlying source code has been fixed by adding the
symbol_get() function, which determines if nfsd.ko and lock.ko are loaded
into memory and calls them through function pointers, not directly. As a
result, the aforementioned kernel modules are allowed to be loaded even if
ipv6.ko is not, and the NFS mount works as expected.

* After upgrading the kernel, CPU load average increased compared to the
prior kernel version due to the modification of the scheduler. The
provided patch set reverts the calculation algorithm of this load average
to the the previous version thus resulting in relatively lower values
under the same system load.

Updated dracut packages have also been included to satisfy dependencies.
--

SL6
 x86_64
 kernel-2.6.32-642.3.1.el6.x86_64.rpm
 kernel-debug-2.6.32-642.3.1.el6.x86_64.rpm
 kernel-debug-debuginfo-2.6.32-642.3.1.el6.i686.rpm
 kernel-debug-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm
 kernel-debug-devel-2.6.32-642.3.1.el6.i686.rpm
 kernel-debug-devel-2.6.32-642.3.1.el6.x86_64.rpm
 kernel-debuginfo-2.6.32-642.3.1.el6.i686.rpm
 kernel-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm
 kernel-debuginfo-common-i686-2.6.32-642.3.1.el6.i686.rpm
 kernel-debuginfo-common-x86_64-2.6.32-642.3.1.el6.x86_64.rpm
 kernel-devel-2.6.32-642.3.1.el6.x86_64.rpm
 kernel-headers-2.6.32-642.3.1.el6.x86_64.rpm
 perf-2.6.32-642.3.1.el6.x86_64.rpm
 perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm
 perf-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm
 python-perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm
 python-perf-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm
 python-perf-2.6.32-642.3.1.el6.x86_64.rpm
 i386
 kernel-2.6.32-642.3.1.el6.i686.rpm
 kernel-debug-2.6.32-642.3.1.el6.i686.rpm
 kernel-debug-debuginfo-2.6.32-642.3.1.el6.i686.rpm
 kernel-debug-devel-2.6.32-642.3.1.el6.i686.rpm
 kernel-debuginfo-2.6.32-642.3.1.el6.i686.rpm
 kernel-debuginfo-common-i686-2.6.32-642.3.1.el6.i686.rpm
 kernel-devel-2.6.32-642.3.1.el6.i686.rpm
 kernel-headers-2.6.32-642.3.1.el6.i686.rpm
 perf-2.6.32-642.3.1.el6.i686.rpm
 perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm
 python-perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm
 python-perf-2.6.32-642.3.1.el6.i686.rpm
 noarch
 kernel-abi-whitelists-2.6.32-642.3.1.el6.noarch.rpm
 kernel-doc-2.6.32-642.3.1.el6.noarch.rpm
 kernel-firmware-2.6.32-642.3.1.el6.noarch.rpm
 dracut-004-409.el6_8.2.noarch.rpm
 dracut-caps-004-409.el6_8.2.noarch.rpm
 dracut-fips-004-409.el6_8.2.noarch.rpm
 dracut-fips-aesni-004-409.el6_8.2.noarch.rpm
 dracut-generic-004-409.el6_8.2.noarch.rpm
 dracut-kernel-004-409.el6_8.2.noarch.rpm
 dracut-network-004-409.el6_8.2.noarch.rpm
 dracut-tools-004-409.el6_8.2.noarch.rpm

- Scientific Linux Development Team

Related News

Your message here