Scientific Linux: SLSA-2016:2047-1 Critical: Kernel Stack Overflow Alert

Date: Tue, 11 Oct 2016 20:56:47 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Connie Sieh 
Subject: Security ERRATA Important: kernel on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20161011205647.12033.32001@slpackages.fnal.gov>

Synopsis: Important: kernel security update
Advisory ID: SLSA-2016:2047-1
Issue Date: 2016-10-10
CVE Numbers: CVE-2016-7039
--

Security Fix(es):

* Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR
Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent
Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow
issue. It could occur while receiving large packets via GRO path as an
unlimited recursion could unfold in both VLAN and TEB modules leading to a
stack corruption in the kernel. (CVE-2016-7039, Important)
--

SL7
 x86_64
 kernel-3.10.0-327.36.2.el7.x86_64.rpm
 kernel-debug-3.10.0-327.36.2.el7.x86_64.rpm
 kernel-debug-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm
 kernel-debug-devel-3.10.0-327.36.2.el7.x86_64.rpm
 kernel-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm
 kernel-debuginfo-common-x86_64-3.10.0-327.36.2.el7.x86_64.rpm
 kernel-devel-3.10.0-327.36.2.el7.x86_64.rpm
 kernel-headers-3.10.0-327.36.2.el7.x86_64.rpm
 kernel-tools-3.10.0-327.36.2.el7.x86_64.rpm
 kernel-tools-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm
 kernel-tools-libs-3.10.0-327.36.2.el7.x86_64.rpm
 perf-3.10.0-327.36.2.el7.x86_64.rpm
 perf-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm
 python-perf-3.10.0-327.36.2.el7.x86_64.rpm
 python-perf-debuginfo-3.10.0-327.36.2.el7.x86_64.rpm
 kernel-tools-libs-devel-3.10.0-327.36.2.el7.x86_64.rpm
 noarch
 kernel-abi-whitelists-3.10.0-327.36.2.el7.noarch.rpm
 kernel-doc-3.10.0-327.36.2.el7.noarch.rpm

- Scientific Linux Development Team