SciLinux: Important: kernel on SL7.x x86_64

    Date25 May 2017
    957
    Posted ByLinuxSecurity Advisories
    It was reported that with Linux kernel, earlier than version v4.10-rc8,an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the sockettx buffer is full, a thread is waiting on it to queue more data, andmeanwhile another thread peels off the association being used by the firstthread. (CVE-2017-5986, Moderate)
    Synopsis:          Important: kernel security, bug fix, and enhancement update
    Advisory ID:       SLSA-2017:1308-1
    Issue Date:        2017-05-25
    CVE Numbers:       CVE-2016-8646
                       CVE-2016-10208
                       CVE-2016-7910
                       CVE-2017-5986
                       CVE-2017-7308
    --
    
    Security Fix(es):
    
    * It was found that the packet_set_ring() function of the Linux kernel's
    networking implementation did not properly validate certain block-size
    data. A local attacker with CAP_NET_RAW capability could use this flaw to
    trigger a buffer overflow, resulting in the crash of the system. Due to
    the nature of the flaw, privilege escalation cannot be fully ruled out.
    (CVE-2017-7308, Important)
    
    * Mounting a crafted EXT4 image read-only leads to an attacker controlled
    memory corruption and SLAB-Out-of-Bounds reads. (CVE-2016-10208, Moderate)
    
    * A flaw was found in the Linux kernel's implementation of seq_file where
    a local attacker could manipulate memory in the put() function pointer.
    This could lead to memory corruption and possible privileged escalation.
    (CVE-2016-7910, Moderate)
    
    * A vulnerability was found in the Linux kernel. An unprivileged local
    user could trigger oops in shash_async_export() by attempting to force the
    in-kernel hashing algorithms into decrypting an empty data set.
    (CVE-2016-8646, Moderate)
    
    * It was reported that with Linux kernel, earlier than version v4.10-rc8,
    an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket
    tx buffer is full, a thread is waiting on it to queue more data, and
    meanwhile another thread peels off the association being used by the first
    thread. (CVE-2017-5986, Moderate)
    --
    
    SL7
      x86_64
        kernel-3.10.0-514.21.1.el7.x86_64.rpm
        kernel-debug-3.10.0-514.21.1.el7.x86_64.rpm
        kernel-debug-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
        kernel-debug-devel-3.10.0-514.21.1.el7.x86_64.rpm
        kernel-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
        kernel-debuginfo-common-x86_64-3.10.0-514.21.1.el7.x86_64.rpm
        kernel-devel-3.10.0-514.21.1.el7.x86_64.rpm
        kernel-headers-3.10.0-514.21.1.el7.x86_64.rpm
        kernel-tools-3.10.0-514.21.1.el7.x86_64.rpm
        kernel-tools-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
        kernel-tools-libs-3.10.0-514.21.1.el7.x86_64.rpm
        perf-3.10.0-514.21.1.el7.x86_64.rpm
        perf-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
        python-perf-3.10.0-514.21.1.el7.x86_64.rpm
        python-perf-debuginfo-3.10.0-514.21.1.el7.x86_64.rpm
        kernel-tools-libs-devel-3.10.0-514.21.1.el7.x86_64.rpm
      noarch
        kernel-abi-whitelists-3.10.0-514.21.1.el7.noarch.rpm
        kernel-doc-3.10.0-514.21.1.el7.noarch.rpm
    
    - Scientific Linux Development Team
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    17
    radio
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"1","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"67","title":"HOWTOs","votes":"2","type":"x","order":"3","pct":66.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.