Security Advisory Important: kernel-rt security update

Advisory: RHSA-2016:0068-1
Type: Security Advisory
Severity: Important
Issued on: 2016-01-26
Last updated on: 2016-01-26
Affected Products: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)
CVEs (cve.mitre.org): CVE-2013-7421
CVE-2014-8171
CVE-2014-9644
CVE-2015-2925
CVE-2016-0728

Details

Updated kernel-rt packages that fix one security issue are now available
for Red Hat Enterprise MRG 2.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A use-after-free flaw was found in the way the Linux kernel's key
management subsystem handled keyring object reference counting in certain
error path of the join_session_keyring() function. A local, unprivileged
user could use this flaw to escalate their privileges on the system.
(CVE-2016-0728, Important)

Red Hat would like to thank the Perception Point research team for
reporting this issue.

All kernel-rt users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. The system must be
rebooted for this update to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Updated packages

Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)

SRPMS:
kernel-rt-3.10.0-327.rt56.170.el6rt.src.rpm
File outdated by:  RHSA-2017:0402
    MD5: ed8143ef48d8a7c6edba837cb6aec579
SHA-256: 4e8dd0dfe7fb1c78747a60eefeceb27c96bec5925a6219584525d56756bc4213
 
x86_64:
kernel-rt-3.10.0-327.rt56.170.el6rt.x86_64.rpm
File outdated by:  RHSA-2017:0402
    MD5: 86dba3077ff2ce3a46328a9e5c96d156
SHA-256: d83251401478ef4f6a80ad8a6035add3660feb8c3f133722ebe404ddcdd4b986
kernel-rt-debug-3.10.0-327.rt56.170.el6rt.x86_64.rpm
File outdated by:  RHSA-2017:0402
    MD5: f3db8280e28a7f17d53a07f26ab8a50a
SHA-256: 169eb6e107b69054eb6b69626242d9b6ff75de6ef3dbd766c9954cfcc8ea951b
kernel-rt-debug-debuginfo-3.10.0-327.rt56.170.el6rt.x86_64.rpm
File outdated by:  RHSA-2017:0402
    MD5: 51a53e83f0e2b694b6619cdf6f7a0294
SHA-256: 9b9de92586b830381c0cbbe49e52e328249e0fc42bd9a896643e8b6fb8b4dbea
kernel-rt-debug-devel-3.10.0-327.rt56.170.el6rt.x86_64.rpm
File outdated by:  RHSA-2017:0402
    MD5: 5d73a5e0f9fda36a1eb99ba4b8ea4188
SHA-256: 038164eabc1b53052eddd2825fba01e83718d3c76ff288e3233acfc01ccfd767
kernel-rt-debuginfo-3.10.0-327.rt56.170.el6rt.x86_64.rpm
File outdated by:  RHSA-2017:0402
    MD5: be81fac37669709c9de034f91fdc88d2
SHA-256: 6df3f89656b452115ead64fc494f0cbda5fc959a688a334b1cd09ba67ac0f40a
kernel-rt-debuginfo-common-x86_64-3.10.0-327.rt56.170.el6rt.x86_64.rpm
File outdated by:  RHSA-2017:0402
    MD5: 73455c3760bdc8758572a352a3a55e5d
SHA-256: c1457765a70a20b2cd91c54f3d5a99f1942404a0cac35813f8419b876810cf96
kernel-rt-devel-3.10.0-327.rt56.170.el6rt.x86_64.rpm
File outdated by:  RHSA-2017:0402
    MD5: 31fd92f012eeb235c97897ab159442c3
SHA-256: 6a2830cdbf165624b44bcb0401c4c26405548950a6e96723fadc300f1e499704
kernel-rt-doc-3.10.0-327.rt56.170.el6rt.noarch.rpm
File outdated by:  RHSA-2017:0402
    MD5: c4f3deb6e443f4dc1c178e97736e007f
SHA-256: 22738dd499b81719a0ea7c088bc82eac4c7b2becfde0abef1d394a49a73a4aa3
kernel-rt-firmware-3.10.0-327.rt56.170.el6rt.noarch.rpm
File outdated by:  RHSA-2017:0402
    MD5: 2c14613aba9cf02bf6d9f953ba676090
SHA-256: 6d101b947e481de36995255e7d1e197488649d01613a74bd277acb654b6e0505
kernel-rt-trace-3.10.0-327.rt56.170.el6rt.x86_64.rpm
File outdated by:  RHSA-2017:0402
    MD5: 2820cf06c88bc1219e78e9efcfb09ae7
SHA-256: dd472e21d659d794db55ffd94f0356356b540f4813c3f237ca50159885855f7a
kernel-rt-trace-debuginfo-3.10.0-327.rt56.170.el6rt.x86_64.rpm
File outdated by:  RHSA-2017:0402
    MD5: 9fe9e79fc18a04fecd1bff6e22347b77
SHA-256: 5c1f8d2a273291a9b255fd53e574bd7f448490d3669d639a9b4779cb2b77e1b9
kernel-rt-trace-devel-3.10.0-327.rt56.170.el6rt.x86_64.rpm
File outdated by:  RHSA-2017:0402
    MD5: 4b5e07f2a0b7861c6924389691dea2a5
SHA-256: 2dab458a3e8fdfebf15235c1cbafa2fce069df2418c56b4a9a82b3e472eb9573
kernel-rt-vanilla-3.10.0-327.rt56.170.el6rt.x86_64.rpm
File outdated by:  RHSA-2017:0402
    MD5: 690101c3196ca5d599a1dbf1f831d4b5
SHA-256: 73140de3eef3f0ed5a86fa2d7ee95ccb09351f7dd0afb3dae261aa590e607bf2
kernel-rt-vanilla-debuginfo-3.10.0-327.rt56.170.el6rt.x86_64.rpm
File outdated by:  RHSA-2017:0402
    MD5: 310d6e7a37b61879e3a43069c4b6cb22
SHA-256: 65e9f82c3bff7ba3f027ebe9655325683b1c7dca0083375c23b8a74d2d4cc644
kernel-rt-vanilla-devel-3.10.0-327.rt56.170.el6rt.x86_64.rpm
File outdated by:  RHSA-2017:0402
    MD5: f2eae00640cc80b83d37fc2f1230085a
SHA-256: f2767ebac9d09bb7a40ec011af4f8e7a20c3c945da9b98ac7651e73bb4f3a33b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1297475 - CVE-2016-0728 kernel: Possible use-after-free vulnerability in keyring facility


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/