Security Advisory Important: kernel-rt security update

Advisory: RHSA-2016:0065-1
Type: Security Advisory
Severity: Important
Issued on: 2016-01-25
Last updated on: 2016-01-25
Affected Products: Red Hat Enterprise Linux for Real Time (v. 7)
CVEs (cve.mitre.org): CVE-2016-0728

Details

Updated kernel-rt packages that fix one security issue are now available
for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A use-after-free flaw was found in the way the Linux kernel's key
management subsystem handled keyring object reference counting in certain
error path of the join_session_keyring() function. A local, unprivileged
user could use this flaw to escalate their privileges on the system.
(CVE-2016-0728, Important)

Red Hat would like to thank the Perception Point research team for
reporting this issue.

All kernel-rt users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. The system must be
rebooted for this update to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Updated packages

Red Hat Enterprise Linux for Real Time (v. 7)

SRPMS:
kernel-rt-3.10.0-327.4.5.rt56.206.el7_2.src.rpm
File outdated by:  RHSA-2017:1616
    MD5: 7eeafd1c14c24187e8be7fe1c69e8473
SHA-256: ac209f45a20bfc04e49f652dd14bb6621193304194f2f1159bd53790e46ca082
 
x86_64:
kernel-rt-3.10.0-327.4.5.rt56.206.el7_2.x86_64.rpm
File outdated by:  RHSA-2017:1616
    MD5: 96628b3a57a897664fa12537a09e49bf
SHA-256: 1ea607340e75151b63c5f29bb308b7fbfdd338ce139781816d8a3e3626dbf998
kernel-rt-debug-3.10.0-327.4.5.rt56.206.el7_2.x86_64.rpm
File outdated by:  RHSA-2017:1616
    MD5: 017dd32e49f023235350e3555945980f
SHA-256: 5dce70ef79200fdad18e6bfad6ad63b1d3a79b80f6754d647ac31e0b39e67d3f
kernel-rt-debug-debuginfo-3.10.0-327.4.5.rt56.206.el7_2.x86_64.rpm
File outdated by:  RHSA-2017:1616
    MD5: ba323d9d6d3190ad1d3f79e6838ea4fa
SHA-256: 786d287c66542993d4560b93d9a1c93c598567f2bf442e2c0f3ca2f7b6b0724f
kernel-rt-debug-devel-3.10.0-327.4.5.rt56.206.el7_2.x86_64.rpm
File outdated by:  RHSA-2017:1616
    MD5: f8a299d0acb3b3cdc9a941e97d7ba702
SHA-256: 1034cbc5d8efb338fbff5dc134767a2c8f041dd08770d624508a9cded76f7535
kernel-rt-debuginfo-3.10.0-327.4.5.rt56.206.el7_2.x86_64.rpm
File outdated by:  RHSA-2017:1616
    MD5: 06b178b5fb752b449919d1a410198f9d
SHA-256: cf6c53dc930eb6b99317788be0a485b46e15a056a5cd244ace4f410e89099630
kernel-rt-debuginfo-common-x86_64-3.10.0-327.4.5.rt56.206.el7_2.x86_64.rpm
File outdated by:  RHSA-2017:1616
    MD5: fe1de105769a7369c71df9e47259f1ae
SHA-256: cfb133f0dbec0e4a92a68bd0ccdcdbfc6ce4707796d6e0682de7c6a53827b9ea
kernel-rt-devel-3.10.0-327.4.5.rt56.206.el7_2.x86_64.rpm
File outdated by:  RHSA-2017:1616
    MD5: b4b530567bf45fe523b35a23e157cafa
SHA-256: ebff6b96a2eaf1b6de7d2381f3e814ddb002cd772101ca104b28a0154b559fe2
kernel-rt-doc-3.10.0-327.4.5.rt56.206.el7_2.noarch.rpm
File outdated by:  RHSA-2017:1616
    MD5: 22d1e2b6a799bde172b2188e2854b249
SHA-256: d4e4de637b8d7b5ec1ed5b18eb9a901ef5355d26dfd495f12f1e2c1e8eb8537f
kernel-rt-trace-3.10.0-327.4.5.rt56.206.el7_2.x86_64.rpm
File outdated by:  RHSA-2017:1616
    MD5: 4322e7cf0134296fd57aa9fa807893ee
SHA-256: 61e2c15253215431d86e9b5c7ad6cc08b1685e7d0e14ea31026e95765eab6933
kernel-rt-trace-debuginfo-3.10.0-327.4.5.rt56.206.el7_2.x86_64.rpm
File outdated by:  RHSA-2017:1616
    MD5: c289a14e68db890bbc1701a7280d488c
SHA-256: aaa9cb73958393596c5b5b2b11a59e6b5bd8b73c2637629fcf026324d8ed23c6
kernel-rt-trace-devel-3.10.0-327.4.5.rt56.206.el7_2.x86_64.rpm
File outdated by:  RHSA-2017:1616
    MD5: eba40659c470e3bcea0d0809c3108eaf
SHA-256: 4d3cd668acd87f290126bdadce2b0948f6936569dd1ad8d8cccfd6c2d426daad
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1297475 - CVE-2016-0728 kernel: Possible use-after-free vulnerability in keyring facility


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/