Subject: | |
From: | |
Reply To: | |
Date: | Tue, 3 Jul 2018 19:29:25 +0200 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Hi Valery,
> On 3. Jul 2018, at 19:21, Valery Mitsyn <[log in to unmask]> wrote:
>
> Hi Scott,
>
> thanks!
> afs started and accessible now.
> {{{
> # modinfo openafs
> filename: /lib/modules/2.6.32-754.el6.x86_64/kernel/fs/openafs/openafs.ko
> license: http://www.openafs.org/dl/license10.html
> srcversion: 44B6D0833299E389AA97BF6
> depends:
> vermagic: 2.6.32-754.el6.x86_64 SMP mod_unload modversions
> }}}
>
> But I'm still worried, now versions of kmod-openafs and other openafs
> packages are different
don't worry. The interface between the kernel module and the userland
part of the client is completely stable.
- Stephan
> {{{
> # rpm -qa \*openafs\* | sort
> kmod-openafs-1.6.22.3-1.SL610.el6.noarch
> kmod-openafs-696-1.6.20-257.sl6.696.x86_64
> kmod-openafs-754-1.6.22.3-286.sl6.754.x86_64
> openafs-1.6.20-257.sl6.x86_64
> openafs-client-1.6.20-257.sl6.x86_64
> openafs-krb5-1.6.20-257.sl6.x86_64
> openafs-module-tools-1.6.20-257.sl6.x86_64
> }}}
>
> On Tue, 3 Jul 2018, Scott Reid wrote:
>
>>
>> HI Valery,
>>
>> Thanks for the report!
>>
>> kmod-openafs has been added to the security repo. Let us know if that doesn't solve your problem.
>>
>> Thanks!
>>
>> On 7/3/18, 10:29 AM, "[log in to unmask] on behalf of Valery Mitsyn" <[log in to unmask] on behalf of [log in to unmask]> wrote:
>>
>> Oh! There are no kmod-openafs for this kernel.
>> AFS does not start after the update.
>>
>> On Mon, 2 Jul 2018, Scott Reid wrote:
>>
>> > Synopsis: Important: kernel security and bug fix update
>> > Advisory ID: SLSA-2018:1854-1
>> > Issue Date: 2018-06-19
>> > CVE Numbers: CVE-2016-8650
>> > CVE-2017-7308
>> > CVE-2017-6001
>> > CVE-2017-2671
>> > CVE-2017-7616
>> > CVE-2017-7889
>> > CVE-2017-8890
>> > CVE-2017-9076
>> > CVE-2017-9075
>> > CVE-2017-9077
>> > CVE-2017-12190
>> > CVE-2017-15121
>> > CVE-2017-18203
>> > CVE-2018-3639
>> > CVE-2015-8830
>> > CVE-2012-6701
>> > CVE-2018-5803
>> > CVE-2018-1130
>> > --
>> >
>> > Security Fix(es):
>> >
>> > * An industry-wide issue was found in the way many modern microprocessor
>> > designs have implemented speculative execution of Load & Store
>> > instructions (a commonly used performance optimization). It relies on the
>> > presence of a precisely-defined instruction sequence in the privileged
>> > code as well as the fact that memory read from address to which a recent
>> > memory write has occurred may see an older value and subsequently cause an
>> > update into the microprocessor's data cache even for speculatively
>> > executed instructions that never actually commit (retire). As a result, an
>> > unprivileged attacker could use this flaw to read privileged memory by
>> > conducting targeted cache side-channel attacks. (CVE-2018-3639, PowerPC)
>> >
>> > * kernel: net/packet: overflow in check for priv area size (CVE-2017-7308)
>> >
>> > * kernel: AIO interface didn't use rw_verify_area() for checking mandatory
>> > locking on files and size of access (CVE-2012-6701)
>> >
>> > * kernel: AIO write triggers integer overflow in some protocols
>> > (CVE-2015-8830)
>> >
>> > * kernel: Null pointer dereference via keyctl (CVE-2016-8650)
>> >
>> > * kernel: ping socket / AF_LLC connect() sin_family race (CVE-2017-2671)
>> >
>> > * kernel: Race condition between multiple sys_perf_event_open() calls
>> > (CVE-2017-6001)
>> >
>> > * kernel: Incorrect error handling in the set_mempolicy and mbind compat
>> > syscalls in mm/mempolicy.c (CVE-2017-7616)
>> >
>> > * kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM
>> > protection mechanism (CVE-2017-7889)
>> >
>> > * kernel: Double free in the inet_csk_clone_lock function in
>> > net/ipv4/inet_connection_sock.c (CVE-2017-8890)
>> >
>> > * kernel: net: sctp_v6_create_accept_sk function mishandles inheritance
>> > (CVE-2017-9075)
>> >
>> > * kernel: net: IPv6 DCCP implementation mishandles inheritance
>> > (CVE-2017-9076)
>> >
>> > * kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance
>> > (CVE-2017-9077)
>> >
>> > * kernel: memory leak when merging buffers in SCSI IO vectors
>> > (CVE-2017-12190)
>> >
>> > * kernel: vfs: BUG in truncate_inode_pages_range() and fuse client
>> > (CVE-2017-15121)
>> >
>> > * kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows
>> > local users to cause a denial of service (CVE-2017-18203)
>> >
>> > * kernel: a null pointer dereference in
>> > net/dccp/output.c:dccp_write_xmit() leads to a system crash
>> > (CVE-2018-1130)
>> >
>> > * kernel: Missing length check of payload in
>> > net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of
>> > service (CVE-2018-5803)
>> > --
>> >
>> > SL6
>> > x86_64
>> > kernel-2.6.32-754.el6.x86_64.rpm
>> > kernel-debug-2.6.32-754.el6.x86_64.rpm
>> > kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
>> > kernel-debug-debuginfo-2.6.32-754.el6.x86_64.rpm
>> > kernel-debug-devel-2.6.32-754.el6.i686.rpm
>> > kernel-debug-devel-2.6.32-754.el6.x86_64.rpm
>> > kernel-debuginfo-2.6.32-754.el6.i686.rpm
>> > kernel-debuginfo-2.6.32-754.el6.x86_64.rpm
>> > kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
>> > kernel-debuginfo-common-x86_64-2.6.32-754.el6.x86_64.rpm
>> > kernel-devel-2.6.32-754.el6.x86_64.rpm
>> > kernel-headers-2.6.32-754.el6.x86_64.rpm
>> > perf-2.6.32-754.el6.x86_64.rpm
>> > perf-debuginfo-2.6.32-754.el6.i686.rpm
>> > perf-debuginfo-2.6.32-754.el6.x86_64.rpm
>> > python-perf-debuginfo-2.6.32-754.el6.i686.rpm
>> > python-perf-debuginfo-2.6.32-754.el6.x86_64.rpm
>> > python-perf-2.6.32-754.el6.x86_64.rpm
>> > i386
>> > kernel-2.6.32-754.el6.i686.rpm
>> > kernel-debug-2.6.32-754.el6.i686.rpm
>> > kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
>> > kernel-debug-devel-2.6.32-754.el6.i686.rpm
>> > kernel-debuginfo-2.6.32-754.el6.i686.rpm
>> > kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
>> > kernel-devel-2.6.32-754.el6.i686.rpm
>> > kernel-headers-2.6.32-754.el6.i686.rpm
>> > perf-2.6.32-754.el6.i686.rpm
>> > perf-debuginfo-2.6.32-754.el6.i686.rpm
>> > python-perf-debuginfo-2.6.32-754.el6.i686.rpm
>> > python-perf-2.6.32-754.el6.i686.rpm
>> > noarch
>> > kernel-abi-whitelists-2.6.32-754.el6.noarch.rpm
>> > kernel-doc-2.6.32-754.el6.noarch.rpm
>> > kernel-firmware-2.6.32-754.el6.noarch.rpm
>> >
>> > - Scientific Linux Development Team
>> >
>>
>> ---
>> Best regards,
>> Valery Mitsyn
>>
>>
>>
>
> ---
> Best regards,
> Valery Mitsyn
--
Stephan Wiesand
DESY -DV-
Platanenallee 6
15738 Zeuthen, Germany
|
|
|