Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: SLSA-2017:0933-1 Issue Date: 2017-04-12 CVE Numbers: CVE-2017-2636 CVE-2016-8650 CVE-2016-9793 CVE-2017-2618 -- Security Fix(es): * A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. (CVE-2017-2636, Important) * A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key. (CVE-2016-8650, Moderate) * A flaw was found in the Linux kernel's implementation of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with non- namespace CAP_NET_ADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative. This could adversely affect memory allocations and create situations where the system could crash or cause memory corruption. (CVE-2016-9793, Moderate) * A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory. (CVE-2017-2618, Moderate) -- SL7 x86_64 kernel-3.10.0-514.16.1.el7.x86_64.rpm kernel-debug-3.10.0-514.16.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.16.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.16.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.16.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.16.1.el7.x86_64.rpm kernel-devel-3.10.0-514.16.1.el7.x86_64.rpm kernel-headers-3.10.0-514.16.1.el7.x86_64.rpm kernel-tools-3.10.0-514.16.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.16.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.16.1.el7.x86_64.rpm perf-3.10.0-514.16.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.16.1.el7.x86_64.rpm python-perf-3.10.0-514.16.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.16.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.16.1.el7.x86_64.rpm noarch kernel-abi-whitelists-3.10.0-514.16.1.el7.noarch.rpm kernel-doc-3.10.0-514.16.1.el7.noarch.rpm - Scientific Linux Development Team