Stay Vigilant with Timely Linux Security Advisories

security advisoryRed Hat Enterprise Linuxheap overflow

Red Hat Enterprise Linux 7.2 RHSA-2021:1289-01: Important Kernel Fix

An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:1289-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1289 Issue date: 2021-04-20 CVE Names: CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: out-of-bounds read in libiscsi module (CVE-2021-27364) * kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365) * kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Enable CI and changelog for GitLab workflow (BZ#1930934) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory,refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1930078 - CVE-2021-27365 kernel: heap buffer overflow in the iSCSI subsystem 1930079 - CVE-2021-27363 kernel: iscsi: unrestricted access to sessions and handles 1930080 - CVE-2021-27364 kernel: out-of-bounds read in libiscsi module 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.2): Source: kernel-3.10.0-327.96.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.96.1.el7.noarch.rpm kernel-doc-3.10.0-327.96.1.el7.noarch.rpm x86_64: kernel-3.10.0-327.96.1.el7.x86_64.rpm kernel-debug-3.10.0-327.96.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.96.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.96.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.96.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.96.1.el7.x86_64.rpm kernel-devel-3.10.0-327.96.1.el7.x86_64.rpm kernel-headers-3.10.0-327.96.1.el7.x86_64.rpm kernel-tools-3.10.0-327.96.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.96.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.96.1.el7.x86_64.rpm perf-3.10.0-327.96.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.96.1.el7.x86_64.rpm python-perf-3.10.0-327.96.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.96.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.2): x86_64: kernel-debug-debuginfo-3.10.0-327.96.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.96.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.96.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.96.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.96.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.96.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.96.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2021-27363 https://access.redhat.com/security/cve/CVE-2021-27364 https://access.redhat.com/security/cve/CVE-2021-27365 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYH70etzjgjWX9erEAQj1MQ/9EQo8E5fQOYaJ4wBhCtJc0P08FBRq+5T/ 4HZQHGBBx66FucFRofP5RPxcPdHfjU2+HA9i/A8oI+mQPpkk4Z7JVDmPR4Uw9dgu i1Fe3LJ2doAjjezbH9IcoPXGFodWPAKEVVmXLsQ4fPBsu+8sbHZFpxhqvtxVTLr8 QdDlWY/Ml535jLX+cSbUzCKn7eHl/mfaB+98Fc1v8LVHzyeAcQlshZ2kYIVOV2Zs HJZ0hgH2wiA5A3dZWMnk4iTTmwEp+EFhX9LMFJkKTSNm+cW/tNzzud5tEHaCsfCn Ac4KTjxvtry4pgpnO+Lmq8ogHURfTzVbXpTTdTsqCFjqtCyO8yNxblOn4+wTuuJ1 Vq9l0n21VcMaJjSO0C11E8HIdjneYU/OXJNFEaXMfeXUfqNYnQ96U3WXl7tF2B1O YBYlWRyGaQPPo0IZSKcv9XckcJJ71gMRUuCQWJKRSZmsA9S56B/IQUb9xHor1I5k ZhXJ6et2OXnhDLe5wbYXPREKd1jUtxT4fXwSXKVlP3gD6Qgaj4kEex5830yP4SHk /oSS46smIU8b8qRCpCxLwpA7KqvHbQn2Fakg2fVthibxms5w9iIPBYKx//HITg5C iQNKmb9xEKQQr7UAPxw6SLsXhRF3UzRUWnTfMSc3BNRjxoN9YEDHSP82fYuYZsG/ ptCrR1BZ1X0=yVW8 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://listman.redhat.com/mailman/listinfo/rhsa-announce . Critical kernel enhancement available for Red Hat Enterprise Linux 7.2 to mitigate vulnerabilities and resolve defects. Update immediately!. Red Hat Kernel Update, Enterprise Linux Security, Important Kernel Fix. . Severity: Important. LinuxSecurity.com Team

Apr 20, 2021 •Important Red Hat

security advisorysecurity updatebuffer overflow

Scientific Linux SL7 SLSA-2020-5437-1 Critical Kernel Fixes

kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt (CVE-2020-14385) * kernel: The flow_dissector feature allows device tracking (CVE-2019-18282) * kernel: Buffer over-read in crypto_authenc_extractkeys() when a payload longer than 4 bytes is not aligned. (CVE-2020-10769) * kernel: buffer uses out of index in ext3/4 f [More...]. Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2020:5437-1 Issue Date: 2020-12-15 CVE Numbers: None -- Security Fix(es): * kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt (CVE-2020-14385) * kernel: The flow_dissector feature allows device tracking (CVE-2019-18282) * kernel: Buffer over-read in crypto_authenc_extractkeys() when a payload longer than 4 bytes is not aligned. (CVE-2020-10769) * kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314) * kernel: umask not applied on filesystem without ACL support (CVE-2020-24394) * kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212) * kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643) -- SL7 x86_64 bpftool-3.10.0-1160.11.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.11.1.el7.x86_64.rpm kernel-3.10.0-1160.11.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.11.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.11.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.11.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.11.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.11.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.11.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.11.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.11.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.11.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.11.1.el7.x86_64.rpm perf-3.10.0-1160.11.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.11.1.el7.x86_64.rpm python-perf-3.10.0-1160.11.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.11.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.11.1.el7.x86_64.rpm noarch kernel-abi-whitelists-3.10.0-1160.11.1.el7.noarch.rpm kernel-doc-3.10.0-1160.11.1.el7.noarch.rpm - Scientific Linux Development Team . Crucial kernel security patch for Scientific Linux SL7.x tackling several vulnerabilities with major implications for system integrity.. kernel Security,Bug Fixes,Scientific Linux,System Impact,Device Tracking. . Severity: Critical. LinuxSecurity.com Team

Dec 15, 2020 •Critical Scientific Linux

Banner 2 1028x280 1708121730 1 1771599631

security advisorydenial of serviceimportant fix

SciLinux: SLSA-2019-2473-1 Important Kernel Fixes For SL6.x

Kernel: page cache side channel attacks (CVE-2019-5489) * kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service (CVE-2017-17805) * kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972) * kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125) For more d [More...]. Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2019:2473-1 Issue Date: 2019-08-13 CVE Numbers: CVE-2017-17805 CVE-2018-17972 CVE-2019-5489 CVE-2019-1125 --Security Fix(es): * Kernel: page cache side channel attacks (CVE-2019-5489) * kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service (CVE-2017-17805) * kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972) * kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * OOPS with Null Pointer exception in v4l2_ctrl_query_menu when second arg of function is NULL (BZ#1647975) * Another RHEL 6 hang in congestion_wait() (BZ#1658254) * kernel crash after running user space script (BZ#1663262) * RHEL-6.10: Don't report the use of retpoline on Skylake as vulnerable (BZ#1666102) * Bad pagetable: 000f “*pdpt = 0000000000000000 *pde = 0000000000000000” RHEL 6 32bit (BZ#1702782) * fs/binfmt_misc.c: do not allow offset overflow [6.10.z] (BZ#1710149) * Wrong spectre backport causing linux headers to break compilation of 3rd party packages (BZ#1722185) --SL6 x86_64 kernel-2.6.32-754.18.2.el6.x86_64.rpm kernel-debug-2.6.32-754.18.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.18.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.18.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.18.2.el6.i686.rpm kernel-debug-devel-2.6.32-754.18.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.18.2.el6.i686.rpm kernel-debuginfo-2.6.32-754.18.2.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.18.2.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.18.2.el6.x86_64.rpm kernel-devel-2.6.32-754.18.2.el6.x86_64.rpm kernel-headers-2.6.32-754.18.2.el6.x86_64.rpm perf-2.6.32-754.18.2.el6.x86_64.rpm perf-debuginfo-2.6.32-754.18.2.el6.i686.rpm perf-debuginfo-2.6.32-754.18.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.18.2.el6.i686.rpm python-perf-debuginfo-2.6.32-754.18.2.el6.x86_64.rpm python-perf-2.6.32-754.18.2.el6.x86_64.rpm i386 kernel-2.6.32-754.18.2.el6.i686.rpm kernel-debug-2.6.32-754.18.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.18.2.el6.i686.rpm kernel-debug-devel-2.6.32-754.18.2.el6.i686.rpm kernel-debuginfo-2.6.32-754.18.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.18.2.el6.i686.rpm kernel-devel-2.6.32-754.18.2.el6.i686.rpm kernel-headers-2.6.32-754.18.2.el6.i686.rpm perf-2.6.32-754.18.2.el6.i686.rpm perf-debuginfo-2.6.32-754.18.2.el6.i686.rpm python-perf-debuginfo-2.6.32-754.18.2.el6.i686.rpm python-perf-2.6.32-754.18.2.el6.i686.rpm noarch kernel-abi-whitelists-2.6.32-754.18.2.el6.noarch.rpm kernel-doc-2.6.32-754.18.2.el6.noarch.rpm kernel-firmware-2.6.32-754.18.2.el6.noarch.rpm - Scientific Linux Development Team . Core system enhancement addressing severe flaws in SL6.x delivers vital security upgrades and significant patches.. Kernel Security, SL6.x Update, Denial Of Service, Spectre Attack. . Severity: Important. LinuxSecurity.com Team

Aug 13, 2019 •Important Scientific Linux

security advisorydenial of servicecritical issue

Ubuntu: 0028-1 Critical: Linux Kernel Denial of Service and Code Flaws

Several security issues were fixed in the kernel.. =========================================================================Kernel Live Patch Security Notice LSN-0028-1 August 15, 2017 linux vulnerability ========================================================================= A security issue affects these releases of Ubuntu: | Series | Base kernel | Arch | flavors | |------------------+--------------+----------+------------------| | Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency | Summary: Several security issues were fixed in the kernel. Software Description: - linux: Linux kernel Details: Andrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code. (CVE-2017-1000112) Andrey Konovalov discovered a race condition in AF_PACKET socket option handling code in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-1000111) Update instructions: The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |-----------------+----------+--------------------------| | 4.4.0-21.37 | 28.2 | generic, lowlatency | | 4.4.0-22.39 | 28.2 | generic, lowlatency | | 4.4.0-22.40 | 28.2 | generic, lowlatency | | 4.4.0-24.43 | 28.2 | generic, lowlatency | | 4.4.0-28.47 | 28.2 | generic, lowlatency | | 4.4.0-31.50 | 28.2 | generic, lowlatency | | 4.4.0-34.53 | 28.2 | generic, lowlatency | | 4.4.0-36.55 | 28.2 | generic, lowlatency | | 4.4.0-38.57 | 28.2 | generic, lowlatency | | 4.4.0-42.62 | 28.2 | generic, lowlatency | | 4.4.0-43.63 | 28.2 | generic, lowlatency | | 4.4.0-45.66 | 28.2 | generic, lowlatency | | 4.4.0-47.68 | 28.2 | generic, lowlatency | | 4.4.0-51.72 | 28.2 | generic, lowlatency | | 4.4.0-53.74 | 28.2 | generic, lowlatency | | 4.4.0-57.78 | 28.2 | generic, lowlatency | | 4.4.0-59.80 | 28.2 | generic, lowlatency | | 4.4.0-62.83 | 28.2 | generic, lowlatency | | 4.4.0-63.84 | 28.2 | generic, lowlatency | | 4.4.0-64.85 | 28.2 | generic, lowlatency | | 4.4.0-66.87 | 28.2 | generic, lowlatency | | 4.4.0-67.88 | 28.2 | generic, lowlatency | | 4.4.0-70.91 | 28.2 | generic, lowlatency | | 4.4.0-71.92 | 28.2 | generic, lowlatency | | 4.4.0-72.93 | 28.2 | generic, lowlatency | | 4.4.0-75.96 | 28.2 | generic, lowlatency | | 4.4.0-77.98 | 28.2 | generic, lowlatency | | 4.4.0-78.99 | 28.2 | generic, lowlatency | | 4.4.0-79.100 | 28.2 | generic, lowlatency | | 4.4.0-81.104 | 28.2 | generic, lowlatency | | 4.4.0-83.106 | 28.2 | generic, lowlatency | | 4.4.0-87.110 | 28.2 | generic, lowlatency | | 4.4.0-89.112 | 28.2 | generic, lowlatency | | lts-4.4.0-21.37_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-22.39_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-22.40_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-24.43_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-28.47_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-31.50_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-34.53_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-36.55_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-38.57_14.04.1-lts-xenial| 14.04.1 | generic, lowlatency | | lts-4.4.0-42.62_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-45.66_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-47.68_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-51.72_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-53.74_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-57.78_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-59.80_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-62.83_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-63.84_14.04.2-lts-xenial | 14.04.2 | generic, lowlatency | | lts-4.4.0-64.85_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-66.87_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-70.91_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-71.92_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-72.93_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-75.96_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-78.99_14.04.2-lts-xenial | 14.04.2 | generic, lowlatency | | lts-4.4.0-79.100_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-81.104_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | | lts-4.4.0-87.110_14.04.1-lts-xenial | 14.04.1 | generic, lowlatency | Additionally, you should install an updated kernel with these fixes and reboot at your convienience. References: CVE-2017-1000111, CVE-2017-1000112 -- ubuntu-security-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . Fedora package upgrade resolves critical vulnerabilities, boosting defenses against unauthorized code execution and system instabilities.. Linux Kernel Update, Ubuntu Security Notice, Denial ofService Protection. . Severity: Critical. LinuxSecurity.com Team

Aug 17, 2017 •Critical Ubuntu

security advisoryRed Hatbuffer overflow

Red Hat 6: RHSA-2016:2006-01 Important: Kernel Bugs and Fixes

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2016:2006-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:2006.html Issue date: 2016-10-04 CVE Names: CVE-2016-4470 CVE-2016-5829 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address whichcould allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important) * A heap-based buffer overflow vulnerability was found in the Linux kernel's hiddev driver. This flaw could allow a local attacker to corrupt kernel memory, possible privilege escalation or crashing the system. (CVE-2016-5829, Moderate) The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.). Bug Fix(es): * Previously, when two NFS shares with different security settings were mounted, the I/O operations to the kerberos-authenticated mount caused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the parameter was not unset when performing the I/O operations on the sec=sys mount. Consequently, writes to both NFS shares had the same parameters, regardless of their security settings. This update fixes this problem by moving the NO_CRKEY_TIMEOUT parameter to the auth-> au_flags field. As a result, NFS shares with different security settings are now handled as expected. (BZ#1366962) * In some circumstances, resetting a Fibre Channel over Ethernet (FCoE) interface could lead to a kernel panic, due to invalid information extracted from the FCoE header. This update adds santiy checking to the cpu number extracted from the FCoE header. This ensures that subsequent operations address a valid cpu, and eliminates the kernel panic. (BZ#1359036) * Prior to this update, the following problems occurred with the way GSF2 transitioned files and directories from the "unlinked" state to the "free" state: The numbers reported for the df and the du commands in some cases got out of sync, which caused blocks in the file system to appear missing. The blocks were not actually missing, but they were left in the "unlinked" state. In some circumstances, GFS2 referenced a cluster lock that was already deleted, which led to a kernel panic. If an object was deleted and its space reused as a different object, GFS2 sometimes deleted the existing one, which caused file system corruption. With this update, the transition from"unlinked" to "free" state has been fixed. As a result, none of these three problems occur anymore. (BZ#1359037) * Previously, the GFS2 file system in some cases became unresponsive due to lock dependency problems between inodes and the cluster lock. This occurred most frequently on nearly full file systems where files and directories were being deleted and recreated at the same block location at the same time. With this update, a set of patches has been applied to fix these lock dependencies. As a result, GFS2 no longer hangs in the described circumstances. (BZ#1359038) * When used with controllers that do not support DCMD- MR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite error reporting loop of error reporting messages. This could cause difficulties with finding other important log messages, or even it could cause the disk to overflow. This bug has been fixed by ignoring the DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not support it and sending the DCMD SUCCESS status to the AEN functions. As a result, the error messages no longer appear when there is a change in the status of one of the arrays. (BZ#1359039) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1341716 - CVE-2016-4470 kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path 1350509 - CVE-2016-5829 kernel: Heap buffer overflow in hiddev driver 6. Package List: Red Hat Enterprise Linux Desktop (v.6): Source: kernel-2.6.32-642.6.1.el6.src.rpm i386: kernel-2.6.32-642.6.1.el6.i686.rpm kernel-debug-2.6.32-642.6.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.6.1.el6.i686.rpm kernel-devel-2.6.32-642.6.1.el6.i686.rpm kernel-headers-2.6.32-642.6.1.el6.i686.rpm perf-2.6.32-642.6.1.el6.i686.rpm perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.6.1.el6.noarch.rpm kernel-doc-2.6.32-642.6.1.el6.noarch.rpm kernel-firmware-2.6.32-642.6.1.el6.noarch.rpm x86_64: kernel-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.6.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.1.el6.x86_64.rpm kernel-devel-2.6.32-642.6.1.el6.x86_64.rpm kernel-headers-2.6.32-642.6.1.el6.x86_64.rpm perf-2.6.32-642.6.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v.6): i386: kernel-debug-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.6.1.el6.i686.rpm perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm python-perf-2.6.32-642.6.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm python-perf-2.6.32-642.6.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-642.6.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-642.6.1.el6.noarch.rpm kernel-doc-2.6.32-642.6.1.el6.noarch.rpm kernel-firmware-2.6.32-642.6.1.el6.noarch.rpm x86_64: kernel-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.6.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.1.el6.x86_64.rpm kernel-devel-2.6.32-642.6.1.el6.x86_64.rpm kernel-headers-2.6.32-642.6.1.el6.x86_64.rpm perf-2.6.32-642.6.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm python-perf-2.6.32-642.6.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm Red Hat Enterprise Linux Server(v.6): Source: kernel-2.6.32-642.6.1.el6.src.rpm i386: kernel-2.6.32-642.6.1.el6.i686.rpm kernel-debug-2.6.32-642.6.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.6.1.el6.i686.rpm kernel-devel-2.6.32-642.6.1.el6.i686.rpm kernel-headers-2.6.32-642.6.1.el6.i686.rpm perf-2.6.32-642.6.1.el6.i686.rpm perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.6.1.el6.noarch.rpm kernel-doc-2.6.32-642.6.1.el6.noarch.rpm kernel-firmware-2.6.32-642.6.1.el6.noarch.rpm ppc64: kernel-2.6.32-642.6.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-642.6.1.el6.ppc64.rpm kernel-debug-2.6.32-642.6.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-642.6.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-642.6.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-642.6.1.el6.ppc64.rpm kernel-devel-2.6.32-642.6.1.el6.ppc64.rpm kernel-headers-2.6.32-642.6.1.el6.ppc64.rpm perf-2.6.32-642.6.1.el6.ppc64.rpm perf-debuginfo-2.6.32-642.6.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.ppc64.rpm s390x: kernel-2.6.32-642.6.1.el6.s390x.rpm kernel-debug-2.6.32-642.6.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.s390x.rpm kernel-debug-devel-2.6.32-642.6.1.el6.s390x.rpm kernel-debuginfo-2.6.32-642.6.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-642.6.1.el6.s390x.rpm kernel-devel-2.6.32-642.6.1.el6.s390x.rpm kernel-headers-2.6.32-642.6.1.el6.s390x.rpm kernel-kdump-2.6.32-642.6.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-642.6.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-642.6.1.el6.s390x.rpm perf-2.6.32-642.6.1.el6.s390x.rpm perf-debuginfo-2.6.32-642.6.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.s390x.rpm x86_64: kernel-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.6.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.1.el6.x86_64.rpm kernel-devel-2.6.32-642.6.1.el6.x86_64.rpm kernel-headers-2.6.32-642.6.1.el6.x86_64.rpm perf-2.6.32-642.6.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.6.1.el6.i686.rpm perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm python-perf-2.6.32-642.6.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-642.6.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-642.6.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-642.6.1.el6.ppc64.rpm perf-debuginfo-2.6.32-642.6.1.el6.ppc64.rpm python-perf-2.6.32-642.6.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-642.6.1.el6.s390x.rpm kernel-debuginfo-2.6.32-642.6.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-642.6.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-642.6.1.el6.s390x.rpm perf-debuginfo-2.6.32-642.6.1.el6.s390x.rpm python-perf-2.6.32-642.6.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm python-perf-2.6.32-642.6.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v.6): Source: kernel-2.6.32-642.6.1.el6.src.rpm i386: kernel-2.6.32-642.6.1.el6.i686.rpm kernel-debug-2.6.32-642.6.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.6.1.el6.i686.rpm kernel-devel-2.6.32-642.6.1.el6.i686.rpm kernel-headers-2.6.32-642.6.1.el6.i686.rpm perf-2.6.32-642.6.1.el6.i686.rpm perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.6.1.el6.noarch.rpm kernel-doc-2.6.32-642.6.1.el6.noarch.rpm kernel-firmware-2.6.32-642.6.1.el6.noarch.rpm x86_64: kernel-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.6.1.el6.i686.rpm kernel-debug-devel-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.1.el6.x86_64.rpm kernel-devel-2.6.32-642.6.1.el6.x86_64.rpm kernel-headers-2.6.32-642.6.1.el6.x86_64.rpm perf-2.6.32-642.6.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v.6): i386: kernel-debug-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-2.6.32-642.6.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.6.1.el6.i686.rpm perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm python-perf-2.6.32-642.6.1.el6.i686.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.6.1.el6.x86_64.rpm perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm python-perf-2.6.32-642.6.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.6.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-4470 https://access.redhat.com/security/cve/CVE-2016-5829 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFX9CKhXlSAg2UNWIIRAtDIAJ4jq1XKyOvhk936eIn8YqaTfkJ9PQCdEyBk pvpRQNlcn7vpNO2lmcMjswg=1otA -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Patch release for CentOS 6 rectifies critical vulnerabilities and system malfunctions. Safeguard your devices!. Red Hat Enterprise, Kernel Update, Security Fixes, Linux Kernel. . Severity: Important. LinuxSecurity.com Team

Oct 04, 2016 •Important Red Hat

security advisorymoderatedenial of service

Red Hat 6 RHSA-2016:0855-01 Moderate: Kernel Bug and Security Fix

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2016:0855-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:0855.html Issue date: 2016-05-10 CVE Names: CVE-2010-5313 CVE-2013-4312 CVE-2014-7842 CVE-2014-8134 CVE-2015-5156 CVE-2015-7509 CVE-2015-8215 CVE-2015-8324 CVE-2015-8543 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * It was found thatreporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2-> L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate) * It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. (CVE-2013-4312, Moderate) * A buffer overflow flaw was found in the way the Linux kernel's virtio-net subsystem handled certain fraglists when the GRO (Generic Receive Offload) functionality was enabled in a bridged network configuration. An attacker on the local network could potentially use this flaw to crash the system, or, although unlikely, elevate their privileges on the system. (CVE-2015-5156, Moderate) * It was found that the Linux kernel's IPv6 network stack did not properly validate the value of the MTU variable when it was set. A remote attacker could potentially use this flaw to disrupt a target system's networking (packet loss) by setting an invalid MTU value, for example, via a NetworkManager daemon that is processing router advertisement packets running on the target system. (CVE-2015-8215, Moderate) * A NULL pointer dereference flaw was found in the way the Linux kernel's network subsystem handled socket creation with an invalid protocol identifier. A local user could use this flaw to crash the system. (CVE-2015-8543, Moderate) * It was found that the espfix functionality does not work for 32-bit KVM paravirtualized guests. A local, unprivileged guest user could potentially use this flaw to leak kernel stack addresses. (CVE-2014-8134, Low) * A flaw was found in the way the Linux kernel's ext4 file systemdriver handled non-journal file systems with an orphan list. An attacker with physical access to the system could use this flaw to crash the system or, although unlikely, escalate their privileges on the system. (CVE-2015-7509, Low) * A NULL pointer dereference flaw was found in the way the Linux kernel's ext4 file system driver handled certain corrupted file system images. An attacker with physical access to the system could use this flaw to crash the system. (CVE-2015-8324, Low) Red Hat would like to thank Nadav Amit for reporting CVE-2010-5313 and CVE-2014-7842, Andy Lutomirski for reporting CVE-2014-8134, and Dmitriy Monakhov (OpenVZ) for reporting CVE-2015-8324. The CVE-2015-5156 issue was discovered by Jason Wang (Red Hat). Additional Changes: * Refer to Red Hat Enterprise Linux 6.8 Release Notes for information on new kernel features and known issues, and Red Hat Enterprise Linux Technical Notes for information on device driver updates, important changes to external kernel parameters, notable bug fixes, and technology previews. Both of these documents are linked to in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 697750 - [xfs] concurrent aio/dio got stuck 723722 - BUG: SELinux is preventing /usr/bin/nautilus (deleted) "write" access on /media/TerraVolume. 889368 - LVM RAID: I/O can hang if entire stripe (mirror group) of RAID10 LV is killed while under snapshot 1066751 - tmpfs: creates files with inode number 0, rendering parent directory unremovable 1163762 - CVE-2010-5313 CVE-2014-7842 kernel: kvm: reporting emulation failures to userspace 1172765 - CVE-2014-8134 kernel: x86: espfix not working for 32-bit KVM paravirt guests 1197875 - CIFS DFS shares fail to mount when specifying sec= option 1225359 - bonding: fail to configure master mac address byinitscripts 1242239 - md raid1 writemostly feature broken 1243852 - CVE-2015-5156 kernel: buffer overflow with fraglist larger than MAX_SKB_FRAGS + 2 in virtio-net 1248507 - kernel: [drm:cpt_set_fifo_underrun_reporting] *ERROR* uncleared pch fifo underrun on pch transcoder A 1254020 - RHEL6.6: NFS client has kernel panic after seeing 'VFS: Busy inodes after unmount ... Self-destruct in 5 seconds. Have a nice day' 1259222 - CVE-2015-7509 kernel: Mounting ext2 fs e2fsprogs/tests/f_orphan as ext4 crashes system 1259870 - Incomplete nl80211 backport broke hostapd 1267261 - CVE-2015-8324 kernel: Null pointer dereference when mounting ext4 1283253 - CVE-2015-8215 kernel: MTU value is not validated in IPv6 stack causing packet loss 1290475 - CVE-2015-8543 kernel: IPv6 connect causes DoS via NULL pointer dereference 1297813 - CVE-2013-4312 kernel: File descriptors passed over unix sockets are not properly accounted 1310661 - BUG: unable to handle kernel paging request at 65642072 followed by kernel panic 6. Package List: Red Hat Enterprise Linux Desktop (v.6): Source: kernel-2.6.32-642.el6.src.rpm i386: kernel-2.6.32-642.el6.i686.rpm kernel-debug-2.6.32-642.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.el6.i686.rpm kernel-debug-devel-2.6.32-642.el6.i686.rpm kernel-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.el6.i686.rpm kernel-devel-2.6.32-642.el6.i686.rpm kernel-headers-2.6.32-642.el6.i686.rpm perf-2.6.32-642.el6.i686.rpm perf-debuginfo-2.6.32-642.el6.i686.rpm python-perf-debuginfo-2.6.32-642.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.el6.noarch.rpm kernel-doc-2.6.32-642.el6.noarch.rpm kernel-firmware-2.6.32-642.el6.noarch.rpm x86_64: kernel-2.6.32-642.el6.x86_64.rpm kernel-debug-2.6.32-642.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.el6.i686.rpm kernel-debug-devel-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.el6.x86_64.rpm kernel-devel-2.6.32-642.el6.x86_64.rpm kernel-headers-2.6.32-642.el6.x86_64.rpm perf-2.6.32-642.el6.x86_64.rpm perf-debuginfo-2.6.32-642.el6.i686.rpm perf-debuginfo-2.6.32-642.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.el6.i686.rpm python-perf-debuginfo-2.6.32-642.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.el6.i686.rpm perf-debuginfo-2.6.32-642.el6.i686.rpm python-perf-2.6.32-642.el6.i686.rpm python-perf-debuginfo-2.6.32-642.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.el6.x86_64.rpm perf-debuginfo-2.6.32-642.el6.x86_64.rpm python-perf-2.6.32-642.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v.6): Source: kernel-2.6.32-642.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-642.el6.noarch.rpm kernel-doc-2.6.32-642.el6.noarch.rpm kernel-firmware-2.6.32-642.el6.noarch.rpm x86_64: kernel-2.6.32-642.el6.x86_64.rpm kernel-debug-2.6.32-642.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.el6.i686.rpm kernel-debug-devel-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.el6.x86_64.rpm kernel-devel-2.6.32-642.el6.x86_64.rpm kernel-headers-2.6.32-642.el6.x86_64.rpm perf-2.6.32-642.el6.x86_64.rpm perf-debuginfo-2.6.32-642.el6.i686.rpm perf-debuginfo-2.6.32-642.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.el6.i686.rpm python-perf-debuginfo-2.6.32-642.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.el6.x86_64.rpm perf-debuginfo-2.6.32-642.el6.x86_64.rpm python-perf-2.6.32-642.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.el6.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: kernel-2.6.32-642.el6.src.rpm i386: kernel-2.6.32-642.el6.i686.rpm kernel-debug-2.6.32-642.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.el6.i686.rpm kernel-debug-devel-2.6.32-642.el6.i686.rpm kernel-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.el6.i686.rpm kernel-devel-2.6.32-642.el6.i686.rpm kernel-headers-2.6.32-642.el6.i686.rpm perf-2.6.32-642.el6.i686.rpm perf-debuginfo-2.6.32-642.el6.i686.rpm python-perf-debuginfo-2.6.32-642.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.el6.noarch.rpm kernel-doc-2.6.32-642.el6.noarch.rpm kernel-firmware-2.6.32-642.el6.noarch.rpm ppc64: kernel-2.6.32-642.el6.ppc64.rpm kernel-bootwrapper-2.6.32-642.el6.ppc64.rpm kernel-debug-2.6.32-642.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-642.el6.ppc64.rpm kernel-debug-devel-2.6.32-642.el6.ppc64.rpm kernel-debuginfo-2.6.32-642.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-642.el6.ppc64.rpm kernel-devel-2.6.32-642.el6.ppc64.rpm kernel-headers-2.6.32-642.el6.ppc64.rpm perf-2.6.32-642.el6.ppc64.rpm perf-debuginfo-2.6.32-642.el6.ppc64.rpm python-perf-debuginfo-2.6.32-642.el6.ppc64.rpm s390x: kernel-2.6.32-642.el6.s390x.rpm kernel-debug-2.6.32-642.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-642.el6.s390x.rpm kernel-debug-devel-2.6.32-642.el6.s390x.rpm kernel-debuginfo-2.6.32-642.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-642.el6.s390x.rpm kernel-devel-2.6.32-642.el6.s390x.rpm kernel-headers-2.6.32-642.el6.s390x.rpm kernel-kdump-2.6.32-642.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-642.el6.s390x.rpm kernel-kdump-devel-2.6.32-642.el6.s390x.rpm perf-2.6.32-642.el6.s390x.rpm perf-debuginfo-2.6.32-642.el6.s390x.rpm python-perf-debuginfo-2.6.32-642.el6.s390x.rpm x86_64: kernel-2.6.32-642.el6.x86_64.rpm kernel-debug-2.6.32-642.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.el6.i686.rpm kernel-debug-devel-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.el6.x86_64.rpm kernel-devel-2.6.32-642.el6.x86_64.rpm kernel-headers-2.6.32-642.el6.x86_64.rpm perf-2.6.32-642.el6.x86_64.rpm perf-debuginfo-2.6.32-642.el6.i686.rpm perf-debuginfo-2.6.32-642.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.el6.i686.rpm python-perf-debuginfo-2.6.32-642.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.el6.i686.rpm perf-debuginfo-2.6.32-642.el6.i686.rpm python-perf-2.6.32-642.el6.i686.rpm python-perf-debuginfo-2.6.32-642.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-642.el6.ppc64.rpm kernel-debuginfo-2.6.32-642.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-642.el6.ppc64.rpm perf-debuginfo-2.6.32-642.el6.ppc64.rpm python-perf-2.6.32-642.el6.ppc64.rpm python-perf-debuginfo-2.6.32-642.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-642.el6.s390x.rpm kernel-debuginfo-2.6.32-642.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-642.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-642.el6.s390x.rpm perf-debuginfo-2.6.32-642.el6.s390x.rpm python-perf-2.6.32-642.el6.s390x.rpm python-perf-debuginfo-2.6.32-642.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.el6.x86_64.rpm perf-debuginfo-2.6.32-642.el6.x86_64.rpm python-perf-2.6.32-642.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v.6): Source: kernel-2.6.32-642.el6.src.rpm i386: kernel-2.6.32-642.el6.i686.rpm kernel-debug-2.6.32-642.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.el6.i686.rpm kernel-debug-devel-2.6.32-642.el6.i686.rpm kernel-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.el6.i686.rpm kernel-devel-2.6.32-642.el6.i686.rpm kernel-headers-2.6.32-642.el6.i686.rpm perf-2.6.32-642.el6.i686.rpm perf-debuginfo-2.6.32-642.el6.i686.rpm python-perf-debuginfo-2.6.32-642.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-642.el6.noarch.rpm kernel-doc-2.6.32-642.el6.noarch.rpm kernel-firmware-2.6.32-642.el6.noarch.rpm x86_64: kernel-2.6.32-642.el6.x86_64.rpm kernel-debug-2.6.32-642.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-642.el6.i686.rpm kernel-debug-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debug-devel-2.6.32-642.el6.i686.rpm kernel-debug-devel-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-642.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-642.el6.x86_64.rpm kernel-devel-2.6.32-642.el6.x86_64.rpm kernel-headers-2.6.32-642.el6.x86_64.rpm perf-2.6.32-642.el6.x86_64.rpm perf-debuginfo-2.6.32-642.el6.i686.rpm perf-debuginfo-2.6.32-642.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.el6.i686.rpm python-perf-debuginfo-2.6.32-642.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-2.6.32-642.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-642.el6.i686.rpm perf-debuginfo-2.6.32-642.el6.i686.rpm python-perf-2.6.32-642.el6.i686.rpm python-perf-debuginfo-2.6.32-642.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-2.6.32-642.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-642.el6.x86_64.rpm perf-debuginfo-2.6.32-642.el6.x86_64.rpm python-perf-2.6.32-642.el6.x86_64.rpm python-perf-debuginfo-2.6.32-642.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our keyand details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2010-5313 https://access.redhat.com/security/cve/CVE-2013-4312 https://access.redhat.com/security/cve/CVE-2014-7842 https://access.redhat.com/security/cve/CVE-2014-8134 https://access.redhat.com/security/cve/CVE-2015-5156 https://access.redhat.com/security/cve/CVE-2015-7509 https://access.redhat.com/security/cve/CVE-2015-8215 https://access.redhat.com/security/cve/CVE-2015-8324 https://access.redhat.com/security/cve/CVE-2015-8543 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.8_Release_Notes/index.html https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.8_Technical_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXMi+PXlSAg2UNWIIRAuJHAJwOjS+hg3NOjNO8opcwy+d4snReCwCfdsxx DP1c9V9WW2D6inIyb6fF50k=W0en -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical kernel security patch released for Red Hat Enterprise Linux 6, classified as moderate, tackling essential vulnerabilities and improvements.. Red Hat Security, Kernel Updates, Security Advisory, Bug Fixes, Local Exploit. . LinuxSecurity.com Team

May 10, 2016 Red Hat

security advisorybug fixkernel security

Red Hat Enterprise Linux 6: RHSA-2015:1081-01 Crucial Kernel Security Alert

Updated kernel packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2015:1081-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:1081.html Issue date: 2015-06-09 CVE Names: CVE-2014-9419 CVE-2014-9420 CVE-2014-9585 CVE-2015-1805 CVE-2015-3331 ==================================================================== 1. Summary: Updated kernel packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not takeinto account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1805, Important) * A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AES-GCM mode IPSec security association. (CVE-2015-3331, Important) * An information leak flaw was found in the way the Linux kernel changed certain segment registers and thread-local storage (TLS) during a context switch. A local, unprivileged user could use this flaw to leak the user space TLS base address of an arbitrary process. (CVE-2014-9419, Low) * It was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service. (CVE-2014-9420, Low) * An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object (vDSO) implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space. (CVE-2014-9585, Low) Red Hat would like to thank Carl Henrik Lunde for reporting CVE-2014-9420. The security impact of the CVE-2015-1805 issue was discovered by Red Hat. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backportedpatches to correct these issues and add these enhancements. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1175235 - CVE-2014-9420 Kernel: fs: isofs: infinite loop in CE record entries 1177260 - CVE-2014-9419 kernel: partial ASLR bypass through TLS base addresses leak 1181054 - CVE-2014-9585 kernel: ASLR bruteforce possible for vdso library 1202855 - CVE-2015-1805 kernel: pipe: iovec overrun leading to memory corruption 1213322 - CVE-2015-3331 Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI 6. Package List: Red Hat Enterprise Linux Desktop (v.6): Source: kernel-2.6.32-504.23.4.el6.src.rpm i386: kernel-2.6.32-504.23.4.el6.i686.rpm kernel-debug-2.6.32-504.23.4.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.23.4.el6.i686.rpm kernel-debug-devel-2.6.32-504.23.4.el6.i686.rpm kernel-debuginfo-2.6.32-504.23.4.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.23.4.el6.i686.rpm kernel-devel-2.6.32-504.23.4.el6.i686.rpm kernel-headers-2.6.32-504.23.4.el6.i686.rpm perf-2.6.32-504.23.4.el6.i686.rpm perf-debuginfo-2.6.32-504.23.4.el6.i686.rpm python-perf-debuginfo-2.6.32-504.23.4.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-504.23.4.el6.noarch.rpm kernel-doc-2.6.32-504.23.4.el6.noarch.rpm kernel-firmware-2.6.32-504.23.4.el6.noarch.rpm x86_64: kernel-2.6.32-504.23.4.el6.x86_64.rpm kernel-debug-2.6.32-504.23.4.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.23.4.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.23.4.el6.x86_64.rpm kernel-devel-2.6.32-504.23.4.el6.x86_64.rpm kernel-headers-2.6.32-504.23.4.el6.x86_64.rpm perf-2.6.32-504.23.4.el6.x86_64.rpm perf-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-504.23.4.el6.i686.rpm kernel-debuginfo-2.6.32-504.23.4.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.23.4.el6.i686.rpm perf-debuginfo-2.6.32-504.23.4.el6.i686.rpm python-perf-2.6.32-504.23.4.el6.i686.rpm python-perf-debuginfo-2.6.32-504.23.4.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.23.4.el6.x86_64.rpm perf-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm python-perf-2.6.32-504.23.4.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v.6): Source: kernel-2.6.32-504.23.4.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-504.23.4.el6.noarch.rpm kernel-doc-2.6.32-504.23.4.el6.noarch.rpm kernel-firmware-2.6.32-504.23.4.el6.noarch.rpm x86_64: kernel-2.6.32-504.23.4.el6.x86_64.rpm kernel-debug-2.6.32-504.23.4.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.23.4.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.23.4.el6.x86_64.rpm kernel-devel-2.6.32-504.23.4.el6.x86_64.rpm kernel-headers-2.6.32-504.23.4.el6.x86_64.rpm perf-2.6.32-504.23.4.el6.x86_64.rpm perf-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.23.4.el6.x86_64.rpm perf-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm python-perf-2.6.32-504.23.4.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: kernel-2.6.32-504.23.4.el6.src.rpm i386: kernel-2.6.32-504.23.4.el6.i686.rpm kernel-debug-2.6.32-504.23.4.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.23.4.el6.i686.rpm kernel-debug-devel-2.6.32-504.23.4.el6.i686.rpm kernel-debuginfo-2.6.32-504.23.4.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.23.4.el6.i686.rpm kernel-devel-2.6.32-504.23.4.el6.i686.rpm kernel-headers-2.6.32-504.23.4.el6.i686.rpm perf-2.6.32-504.23.4.el6.i686.rpm perf-debuginfo-2.6.32-504.23.4.el6.i686.rpm python-perf-debuginfo-2.6.32-504.23.4.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-504.23.4.el6.noarch.rpm kernel-doc-2.6.32-504.23.4.el6.noarch.rpm kernel-firmware-2.6.32-504.23.4.el6.noarch.rpm ppc64: kernel-2.6.32-504.23.4.el6.ppc64.rpm kernel-bootwrapper-2.6.32-504.23.4.el6.ppc64.rpm kernel-debug-2.6.32-504.23.4.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-504.23.4.el6.ppc64.rpm kernel-debug-devel-2.6.32-504.23.4.el6.ppc64.rpm kernel-debuginfo-2.6.32-504.23.4.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-504.23.4.el6.ppc64.rpm kernel-devel-2.6.32-504.23.4.el6.ppc64.rpm kernel-headers-2.6.32-504.23.4.el6.ppc64.rpm perf-2.6.32-504.23.4.el6.ppc64.rpm perf-debuginfo-2.6.32-504.23.4.el6.ppc64.rpm python-perf-debuginfo-2.6.32-504.23.4.el6.ppc64.rpm s390x: kernel-2.6.32-504.23.4.el6.s390x.rpm kernel-debug-2.6.32-504.23.4.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-504.23.4.el6.s390x.rpm kernel-debug-devel-2.6.32-504.23.4.el6.s390x.rpm kernel-debuginfo-2.6.32-504.23.4.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-504.23.4.el6.s390x.rpm kernel-devel-2.6.32-504.23.4.el6.s390x.rpm kernel-headers-2.6.32-504.23.4.el6.s390x.rpm kernel-kdump-2.6.32-504.23.4.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-504.23.4.el6.s390x.rpm kernel-kdump-devel-2.6.32-504.23.4.el6.s390x.rpm perf-2.6.32-504.23.4.el6.s390x.rpm perf-debuginfo-2.6.32-504.23.4.el6.s390x.rpm python-perf-debuginfo-2.6.32-504.23.4.el6.s390x.rpm x86_64: kernel-2.6.32-504.23.4.el6.x86_64.rpm kernel-debug-2.6.32-504.23.4.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.23.4.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.23.4.el6.x86_64.rpm kernel-devel-2.6.32-504.23.4.el6.x86_64.rpm kernel-headers-2.6.32-504.23.4.el6.x86_64.rpm perf-2.6.32-504.23.4.el6.x86_64.rpm perf-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-504.23.4.el6.i686.rpm kernel-debuginfo-2.6.32-504.23.4.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.23.4.el6.i686.rpm perf-debuginfo-2.6.32-504.23.4.el6.i686.rpm python-perf-2.6.32-504.23.4.el6.i686.rpm python-perf-debuginfo-2.6.32-504.23.4.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-504.23.4.el6.ppc64.rpm kernel-debuginfo-2.6.32-504.23.4.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-504.23.4.el6.ppc64.rpm perf-debuginfo-2.6.32-504.23.4.el6.ppc64.rpm python-perf-2.6.32-504.23.4.el6.ppc64.rpm python-perf-debuginfo-2.6.32-504.23.4.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-504.23.4.el6.s390x.rpm kernel-debuginfo-2.6.32-504.23.4.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-504.23.4.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-504.23.4.el6.s390x.rpm perf-debuginfo-2.6.32-504.23.4.el6.s390x.rpm python-perf-2.6.32-504.23.4.el6.s390x.rpm python-perf-debuginfo-2.6.32-504.23.4.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.23.4.el6.x86_64.rpm perf-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm python-perf-2.6.32-504.23.4.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v.6): Source: kernel-2.6.32-504.23.4.el6.src.rpm i386: kernel-2.6.32-504.23.4.el6.i686.rpm kernel-debug-2.6.32-504.23.4.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.23.4.el6.i686.rpm kernel-debug-devel-2.6.32-504.23.4.el6.i686.rpm kernel-debuginfo-2.6.32-504.23.4.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.23.4.el6.i686.rpm kernel-devel-2.6.32-504.23.4.el6.i686.rpm kernel-headers-2.6.32-504.23.4.el6.i686.rpm perf-2.6.32-504.23.4.el6.i686.rpm perf-debuginfo-2.6.32-504.23.4.el6.i686.rpm python-perf-debuginfo-2.6.32-504.23.4.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-504.23.4.el6.noarch.rpm kernel-doc-2.6.32-504.23.4.el6.noarch.rpm kernel-firmware-2.6.32-504.23.4.el6.noarch.rpm x86_64: kernel-2.6.32-504.23.4.el6.x86_64.rpm kernel-debug-2.6.32-504.23.4.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.23.4.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.23.4.el6.x86_64.rpm kernel-devel-2.6.32-504.23.4.el6.x86_64.rpm kernel-headers-2.6.32-504.23.4.el6.x86_64.rpm perf-2.6.32-504.23.4.el6.x86_64.rpm perf-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-504.23.4.el6.i686.rpm kernel-debuginfo-2.6.32-504.23.4.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.23.4.el6.i686.rpm perf-debuginfo-2.6.32-504.23.4.el6.i686.rpm python-perf-2.6.32-504.23.4.el6.i686.rpm python-perf-debuginfo-2.6.32-504.23.4.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.23.4.el6.x86_64.rpm perf-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm python-perf-2.6.32-504.23.4.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.23.4.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2014-9419 https://access.redhat.com/security/cve/CVE-2014-9420 https://access.redhat.com/security/cve/CVE-2014-9585 https://access.redhat.com/security/cve/CVE-2015-1805 https://access.redhat.com/security/cve/CVE-2015-3331 https://access.redhat.com/security/updates/classification#important https://docs.redhat.com/en/documentation/Red_Hat_Enterprise_Linux/6/html/6.6_Technical_Notes/kernel.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVdxjkXlSAg2UNWIIRAm7dAJ4tILGnT6wSzQR/yZNrR6G1KA8W6gCgv0y9 nCvSEiBSm5nibvkjL2PJSe4=tGx0 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Crucial Fedora kernel security patch resolves several vulnerabilities while introducing improvements to maintain overall performance.. Red Hat Kernel Update, System Enhancement, Kernel Security Fix. . Severity: Important. LinuxSecurity.com Team

Jun 09, 2015 •Important Red Hat

security advisorykernel updateRed Hat Enterprise Linux

Red Hat 7: RHSA-2015-0102-01 Important Kernel Security Fix

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2015:0102-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:0102.html Issue date: 2015-01-28 CVE Names: CVE-2014-4171 CVE-2014-5471 CVE-2014-5472 CVE-2014-7145 CVE-2014-7822 CVE-2014-7841 ==================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunkswhen performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. (CVE-2014-7841, Important) * A race condition flaw was found in the way the Linux kernel's mmap(2), madvise(2), and fallocate(2) system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service. (CVE-2014-4171, Moderate) * A NULL pointer dereference flaw was found in the way the Linux kernel's Common Internet File System (CIFS) implementation handled mounting of file system shares. A remote attacker could use this flaw to crash a client system that would mount a file system share from a malicious server. (CVE-2014-7145, Moderate) * A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system. (CVE-2014-7822, Moderate) * It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low) Red Hat would like to thank Akira Fujita of NEC for reporting the CVE-2014-7822 issue. The CVE-2014-7841 issue was discovered by Liu Wei of Red Hat. This update also fixes the following bugs: * Previously, a kernel panic could occur if a process reading from a locked NFS file was killed and the lock was not released properly before the read operations finished. Consequently, the system crashed. The code handling file locks has been fixed, and instead of halting, the system now emits a warning about the unreleased lock. (BZ#1172266) *A race condition in the command abort handling logic of the ipr device driver could cause the kernel to panic when the driver received a response to an abort command prior to receiving other responses to the aborted command due to the support for multiple interrupts. With this update, the abort handler waits for the aborted command's responses first before completing an abort operation. (BZ#1162734) * Previously, a race condition could occur when changing a Page Table Entry (PTE) or a Page Middle Directory (PMD) to "pte_numa" or "pmd_numa", respectively, causing the kernel to crash. This update removes the BUG_ON() macro from the __handle_mm_fault() function, preventing the kernel panic in the aforementioned scenario. (BZ#1170662) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1111180 - CVE-2014-4171 Kernel: mm/shmem: denial of service 1134099 - CVE-2014-5471 CVE-2014-5472 kernel: isofs: unbound recursion when processing relocated directories 1147522 - CVE-2014-7145 Kernel: cifs: NULL pointer dereference in SMB2_tcon 1163087 - CVE-2014-7841 kernel: net: sctp: NULL pointer dereference in af-> from_addr_param on malformed packet 1163792 - CVE-2014-7822 kernel: splice: lack of generic write checks 6. Package List: Red Hat Enterprise Linux Client (v.7): Source: kernel-3.10.0-123.20.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.20.1.el7.noarch.rpm x86_64: kernel-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.20.1.el7.x86_64.rpm kernel-devel-3.10.0-123.20.1.el7.x86_64.rpm kernel-headers-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.20.1.el7.x86_64.rpm perf-3.10.0-123.20.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: kernel-doc-3.10.0-123.20.1.el7.noarch.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.20.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm python-perf-3.10.0-123.20.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v.7): Source: kernel-3.10.0-123.20.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.20.1.el7.noarch.rpm x86_64: kernel-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.20.1.el7.x86_64.rpm kernel-devel-3.10.0-123.20.1.el7.x86_64.rpm kernel-headers-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.20.1.el7.x86_64.rpm perf-3.10.0-123.20.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: kernel-doc-3.10.0-123.20.1.el7.noarch.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.20.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm python-perf-3.10.0-123.20.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: kernel-3.10.0-123.20.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.20.1.el7.noarch.rpm ppc64: kernel-3.10.0-123.20.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-123.20.1.el7.ppc64.rpm kernel-debug-3.10.0-123.20.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-123.20.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-123.20.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-123.20.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-123.20.1.el7.ppc64.rpm kernel-devel-3.10.0-123.20.1.el7.ppc64.rpm kernel-headers-3.10.0-123.20.1.el7.ppc64.rpm kernel-tools-3.10.0-123.20.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-123.20.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-123.20.1.el7.ppc64.rpm perf-3.10.0-123.20.1.el7.ppc64.rpm perf-debuginfo-3.10.0-123.20.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.ppc64.rpm s390x: kernel-3.10.0-123.20.1.el7.s390x.rpm kernel-debug-3.10.0-123.20.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-123.20.1.el7.s390x.rpm kernel-debug-devel-3.10.0-123.20.1.el7.s390x.rpm kernel-debuginfo-3.10.0-123.20.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-123.20.1.el7.s390x.rpm kernel-devel-3.10.0-123.20.1.el7.s390x.rpm kernel-headers-3.10.0-123.20.1.el7.s390x.rpm kernel-kdump-3.10.0-123.20.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-123.20.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-123.20.1.el7.s390x.rpm perf-3.10.0-123.20.1.el7.s390x.rpm perf-debuginfo-3.10.0-123.20.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.s390x.rpm x86_64: kernel-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.20.1.el7.x86_64.rpm kernel-devel-3.10.0-123.20.1.el7.x86_64.rpm kernel-headers-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.20.1.el7.x86_64.rpm perf-3.10.0-123.20.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: kernel-doc-3.10.0-123.20.1.el7.noarch.rpm ppc64: kernel-debug-debuginfo-3.10.0-123.20.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-123.20.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-123.20.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-123.20.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-123.20.1.el7.ppc64.rpm perf-debuginfo-3.10.0-123.20.1.el7.ppc64.rpm python-perf-3.10.0-123.20.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.ppc64.rpm s390x: kernel-debug-debuginfo-3.10.0-123.20.1.el7.s390x.rpm kernel-debuginfo-3.10.0-123.20.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-123.20.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-123.20.1.el7.s390x.rpm perf-debuginfo-3.10.0-123.20.1.el7.s390x.rpm python-perf-3.10.0-123.20.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.s390x.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.20.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm python-perf-3.10.0-123.20.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v.7): Source: kernel-3.10.0-123.20.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-123.20.1.el7.noarch.rpm x86_64: kernel-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.20.1.el7.x86_64.rpm kernel-devel-3.10.0-123.20.1.el7.x86_64.rpm kernel-headers-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-123.20.1.el7.x86_64.rpm perf-3.10.0-123.20.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: kernel-doc-3.10.0-123.20.1.el7.noarch.rpm x86_64: kernel-debug-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-123.20.1.el7.x86_64.rpm perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm python-perf-3.10.0-123.20.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-123.20.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2014-4171 https://access.redhat.com/security/cve/CVE-2014-5471 https://access.redhat.com/security/cve/CVE-2014-5472 https://access.redhat.com/security/cve/CVE-2014-7145 https://access.redhat.com/security/cve/CVE-2014-7822 https://access.redhat.com/security/cve/CVE-2014-7841 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat,Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUyTWBXlSAg2UNWIIRAv/PAKCpyK7ufWptj5iPibx+EJ74tX49NACfeDK4 BRbjwC4o9YTwxlZJoogvChU=2MX6 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Recent updates to Red Hat kernel packages resolve critical security vulnerabilities, labeled as Important due to their significant risk to enterprise functionality and system stability. Kernel Security Update, Bug Fix, Red Hat Security Patch. . Severity: Important. LinuxSecurity.com Team

Jan 28, 2015 •Important Red Hat

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Red Hat Enterprise Linux 7.2 RHSA-2021:1289-01: Important Kernel Fix

Scientific Linux SL7 SLSA-2020-5437-1 Critical Kernel Fixes

SciLinux: SLSA-2019-2473-1 Important Kernel Fixes For SL6.x

Ubuntu: 0028-1 Critical: Linux Kernel Denial of Service and Code Flaws

Red Hat 6: RHSA-2016:2006-01 Important: Kernel Bugs and Fixes

Red Hat 6 RHSA-2016:0855-01 Moderate: Kernel Bug and Security Fix

Red Hat Enterprise Linux 6: RHSA-2015:1081-01 Crucial Kernel Security Alert

Red Hat 7: RHSA-2015-0102-01 Important Kernel Security Fix

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!