Synopsis: Important: kernel security, bug fix, and enhancement Advisory ID: SLSA-2017:1842-1 Issue Date: 2017-08-01 CVE Numbers: CVE-2016-7097 CVE-2016-7042 CVE-2016-9576 CVE-2016-10088 CVE-2014-7970 CVE-2014-7975 CVE-2016-6213 CVE-2015-8839 CVE-2015-8970 CVE-2016-9604 CVE-2016-8645 CVE-2016-9685 CVE-2016-9806 CVE-2016-10147 CVE-2016-9588 CVE-2017-2596 CVE-2017-5970 CVE-2017-6001 CVE-2017-2647 CVE-2016-10200 CVE-2017-6951 CVE-2017-7187 CVE-2017-2671 CVE-2017-7616 CVE-2017-7889 CVE-2017-8890 CVE-2017-9074 CVE-2017-9076 CVE-2017-9075 CVE-2017-9077 CVE-2017-9242 CVE-2017-8797 -- Security Fix(es): * An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. (CVE-2016-10200, Important) * A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges. (CVE-2017-2647, Important) * It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft- lockup the system and thus cause denial of service. (CVE-2017-8797, Important) This update also fixes multiple Moderate and Low impact security issues: * CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242, CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685 -- SL7 x86_64 kernel-3.10.0-693.el7.x86_64.rpm kernel-debug-3.10.0-693.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.el7.x86_64.rpm kernel-devel-3.10.0-693.el7.x86_64.rpm kernel-headers-3.10.0-693.el7.x86_64.rpm kernel-tools-3.10.0-693.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.el7.x86_64.rpm perf-3.10.0-693.el7.x86_64.rpm perf-debuginfo-3.10.0-693.el7.x86_64.rpm python-perf-3.10.0-693.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.el7.x86_64.rpm noarch kernel-abi-whitelists-3.10.0-693.el7.noarch.rpm kernel-doc-3.10.0-693.el7.noarch.rpm - Scientific Linux Development Team