SCIENTIFIC-LINUX-USERS Archives

July 2018

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Security ERRATA Important: kernel on SL6.x i386/x86_64
From:
Valery Mitsyn <[log in to unmask]>
Reply To:
Valery Mitsyn <[log in to unmask]>
Date:
Tue, 3 Jul 2018 18:29:38 +0300
Content-Type:
text/plain
Parts/Attachments:
text/plain (137 lines) 
Oh! There are no kmod-openafs for this kernel.
AFS does not start after the update.

On Mon, 2 Jul 2018, Scott Reid wrote:

> Synopsis:          Important: kernel security and bug fix update
> Advisory ID:       SLSA-2018:1854-1
> Issue Date:        2018-06-19
> CVE Numbers:       CVE-2016-8650
>                   CVE-2017-7308
>                   CVE-2017-6001
>                   CVE-2017-2671
>                   CVE-2017-7616
>                   CVE-2017-7889
>                   CVE-2017-8890
>                   CVE-2017-9076
>                   CVE-2017-9075
>                   CVE-2017-9077
>                   CVE-2017-12190
>                   CVE-2017-15121
>                   CVE-2017-18203
>                   CVE-2018-3639
>                   CVE-2015-8830
>                   CVE-2012-6701
>                   CVE-2018-5803
>                   CVE-2018-1130
> --
>
> Security Fix(es):
>
> * An industry-wide issue was found in the way many modern microprocessor
> designs have implemented speculative execution of Load & Store
> instructions (a commonly used performance optimization). It relies on the
> presence of a precisely-defined instruction sequence in the privileged
> code as well as the fact that memory read from address to which a recent
> memory write has occurred may see an older value and subsequently cause an
> update into the microprocessor's data cache even for speculatively
> executed instructions that never actually commit (retire). As a result, an
> unprivileged attacker could use this flaw to read privileged memory by
> conducting targeted cache side-channel attacks. (CVE-2018-3639, PowerPC)
>
> * kernel: net/packet: overflow in check for priv area size (CVE-2017-7308)
>
> * kernel: AIO interface didn't use rw_verify_area() for checking mandatory
> locking on files and size of access (CVE-2012-6701)
>
> * kernel: AIO write triggers integer overflow in some protocols
> (CVE-2015-8830)
>
> * kernel: Null pointer dereference via keyctl (CVE-2016-8650)
>
> * kernel: ping socket / AF_LLC connect() sin_family race (CVE-2017-2671)
>
> * kernel: Race condition between multiple sys_perf_event_open() calls
> (CVE-2017-6001)
>
> * kernel: Incorrect error handling in the set_mempolicy and mbind compat
> syscalls in mm/mempolicy.c (CVE-2017-7616)
>
> * kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM
> protection mechanism (CVE-2017-7889)
>
> * kernel: Double free in the inet_csk_clone_lock function in
> net/ipv4/inet_connection_sock.c (CVE-2017-8890)
>
> * kernel: net: sctp_v6_create_accept_sk function mishandles inheritance
> (CVE-2017-9075)
>
> * kernel: net: IPv6 DCCP implementation mishandles inheritance
> (CVE-2017-9076)
>
> * kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance
> (CVE-2017-9077)
>
> * kernel: memory leak when merging buffers in SCSI IO vectors
> (CVE-2017-12190)
>
> * kernel: vfs: BUG in truncate_inode_pages_range() and fuse client
> (CVE-2017-15121)
>
> * kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows
> local users to cause a denial of service (CVE-2017-18203)
>
> * kernel: a null pointer dereference in
> net/dccp/output.c:dccp_write_xmit() leads to a system crash
> (CVE-2018-1130)
>
> * kernel: Missing length check of payload in
> net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of
> service (CVE-2018-5803)
> --
>
> SL6
>  x86_64
>    kernel-2.6.32-754.el6.x86_64.rpm
>    kernel-debug-2.6.32-754.el6.x86_64.rpm
>    kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
>    kernel-debug-debuginfo-2.6.32-754.el6.x86_64.rpm
>    kernel-debug-devel-2.6.32-754.el6.i686.rpm
>    kernel-debug-devel-2.6.32-754.el6.x86_64.rpm
>    kernel-debuginfo-2.6.32-754.el6.i686.rpm
>    kernel-debuginfo-2.6.32-754.el6.x86_64.rpm
>    kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
>    kernel-debuginfo-common-x86_64-2.6.32-754.el6.x86_64.rpm
>    kernel-devel-2.6.32-754.el6.x86_64.rpm
>    kernel-headers-2.6.32-754.el6.x86_64.rpm
>    perf-2.6.32-754.el6.x86_64.rpm
>    perf-debuginfo-2.6.32-754.el6.i686.rpm
>    perf-debuginfo-2.6.32-754.el6.x86_64.rpm
>    python-perf-debuginfo-2.6.32-754.el6.i686.rpm
>    python-perf-debuginfo-2.6.32-754.el6.x86_64.rpm
>    python-perf-2.6.32-754.el6.x86_64.rpm
>  i386
>    kernel-2.6.32-754.el6.i686.rpm
>    kernel-debug-2.6.32-754.el6.i686.rpm
>    kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
>    kernel-debug-devel-2.6.32-754.el6.i686.rpm
>    kernel-debuginfo-2.6.32-754.el6.i686.rpm
>    kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
>    kernel-devel-2.6.32-754.el6.i686.rpm
>    kernel-headers-2.6.32-754.el6.i686.rpm
>    perf-2.6.32-754.el6.i686.rpm
>    perf-debuginfo-2.6.32-754.el6.i686.rpm
>    python-perf-debuginfo-2.6.32-754.el6.i686.rpm
>    python-perf-2.6.32-754.el6.i686.rpm
>  noarch
>    kernel-abi-whitelists-2.6.32-754.el6.noarch.rpm
>    kernel-doc-2.6.32-754.el6.noarch.rpm
>    kernel-firmware-2.6.32-754.el6.noarch.rpm
>
> - Scientific Linux Development Team
>

---
Best regards,
  Valery Mitsyn

ATOM RSS1 RSS2