【CESA-2017:1308】最新バージョンの kernel が、Red Hat Enterprise Linux 7 からご利用いただけるようになりました

CESA-2017:1308

最新バージョンの kernel が、Red Hat Enterprise Linux 7 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

Security Fix(es):

* It was found that the packet_set_ring() function of the Linux kernel’s
networking implementation did not properly validate certain block-size data. A
local attacker with CAP_NET_RAW capability could use this flaw to trigger a
buffer overflow, resulting in the crash of the system. Due to the nature of the
flaw, privilege escalation cannot be fully ruled out. (CVE-2017-7308, Important)

* Mounting a crafted EXT4 image read-only leads to an attacker controlled memory
corruption and SLAB-Out-of-Bounds reads. (CVE-2016-10208, Moderate)

* A flaw was found in the Linux kernel’s implementation of seq_file where a
local attacker could manipulate memory in the put() function pointer. This could
lead to memory corruption and possible privileged escalation. (CVE-2016-7910,
Moderate)

* A vulnerability was found in the Linux kernel. An unprivileged local user
could trigger oops in shash_async_export() by attempting to force the in-kernel
hashing algorithms into decrypting an empty data set. (CVE-2016-8646, Moderate)

* It was reported that with Linux kernel, earlier than version v4.10-rc8, an
application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer
is full, a thread is waiting on it to queue more data, and meanwhile another
thread peels off the association being used by the first thread. (CVE-2017-5986,
Moderate)

Red Hat would like to thank Igor Redko (Virtuozzo kernel team) for reporting
CVE-2016-8646.

Additional Changes:

This update also fixes several bugs and adds various enhancements. Documentation
for these changes is available from the Technical Notes document linked to in
the References section.

Bugs Fixed

1388821 – CVE-2016-8646 kernel: Oops in shash_async_export()
1395190 – CVE-2016-10208 kernel: EXT4 memory corruption / SLAB out-of-bounds read
1399727 – CVE-2016-7910 kernel: Use after free in seq file
1420276 – CVE-2017-5986 kernel: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf
1437404 – CVE-2017-7308 kernel: net/packet: overflow in check for priv area size