 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Mon, 18 Jul 2016 19:46:14 -0000 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Important: kernel security and bug fix update
Advisory ID: SLSA-2016:1406-1
Issue Date: 2016-07-12
CVE Numbers: CVE-2016-4565
--
Security Fix:
* A flaw was found in the way certain interfaces of the Linux kernel's
Infiniband subsystem used write() as bi-directional ioctl() replacement,
which could lead to insufficient memory security checks when being invoked
using the the splice() system call. A local unprivileged user on a system
with either Infiniband hardware present or RDMA Userspace Connection
Manager Access module explicitly loaded, could use this flaw to escalate
their privileges on the system. (CVE-2016-4565, Important)
This update also fixes the following bugs:
* When providing some services and using the Integrated Services Digital
Network (ISDN), the system could terminate unexpectedly due to the call of
the tty_ldisc_flush() function. The provided patch removes this call and
the system no longer hangs in the described scenario.
* An update to the Scientific Linux 6.8 kernel added calls of two
functions provided by the ipv6.ko kernel module, which added a dependency
on that module. On systems where ipv6.ko was prevented from being loaded,
the nfsd.ko and lockd.ko modules were unable to be loaded. Consequently,
it was not possible to run an NFS server or to mount NFS file systems as a
client. The underlying source code has been fixed by adding the
symbol_get() function, which determines if nfsd.ko and lock.ko are loaded
into memory and calls them through function pointers, not directly. As a
result, the aforementioned kernel modules are allowed to be loaded even if
ipv6.ko is not, and the NFS mount works as expected.
* After upgrading the kernel, CPU load average increased compared to the
prior kernel version due to the modification of the scheduler. The
provided patch set reverts the calculation algorithm of this load average
to the the previous version thus resulting in relatively lower values
under the same system load.
Updated dracut packages have also been included to satisfy dependencies.
--
SL6
x86_64
kernel-2.6.32-642.3.1.el6.x86_64.rpm
kernel-debug-2.6.32-642.3.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-642.3.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-642.3.1.el6.i686.rpm
kernel-debug-devel-2.6.32-642.3.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-642.3.1.el6.i686.rpm
kernel-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-642.3.1.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-642.3.1.el6.x86_64.rpm
kernel-devel-2.6.32-642.3.1.el6.x86_64.rpm
kernel-headers-2.6.32-642.3.1.el6.x86_64.rpm
perf-2.6.32-642.3.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm
perf-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-642.3.1.el6.x86_64.rpm
python-perf-2.6.32-642.3.1.el6.x86_64.rpm
i386
kernel-2.6.32-642.3.1.el6.i686.rpm
kernel-debug-2.6.32-642.3.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-642.3.1.el6.i686.rpm
kernel-debug-devel-2.6.32-642.3.1.el6.i686.rpm
kernel-debuginfo-2.6.32-642.3.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-642.3.1.el6.i686.rpm
kernel-devel-2.6.32-642.3.1.el6.i686.rpm
kernel-headers-2.6.32-642.3.1.el6.i686.rpm
perf-2.6.32-642.3.1.el6.i686.rpm
perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-642.3.1.el6.i686.rpm
python-perf-2.6.32-642.3.1.el6.i686.rpm
noarch
kernel-abi-whitelists-2.6.32-642.3.1.el6.noarch.rpm
kernel-doc-2.6.32-642.3.1.el6.noarch.rpm
kernel-firmware-2.6.32-642.3.1.el6.noarch.rpm
dracut-004-409.el6_8.2.noarch.rpm
dracut-caps-004-409.el6_8.2.noarch.rpm
dracut-fips-004-409.el6_8.2.noarch.rpm
dracut-fips-aesni-004-409.el6_8.2.noarch.rpm
dracut-generic-004-409.el6_8.2.noarch.rpm
dracut-kernel-004-409.el6_8.2.noarch.rpm
dracut-network-004-409.el6_8.2.noarch.rpm
dracut-tools-004-409.el6_8.2.noarch.rpm
- Scientific Linux Development Team
|
|
|
