Security Advisory Important: kernel security update

Advisory: RHSA-2017:1232-1
Type: Security Advisory
Severity: Important
Issued on: 2017-05-16
Last updated on: 2017-05-16
Affected Products: Red Hat Enterprise Linux Server AUS (v. 6.5)
Red Hat Enterprise Linux Server TUS (v. 6.5)
CVEs (cve.mitre.org): CVE-2017-2636

Details

An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced
Update Support and Red Hat Enterprise Linux 6.5 Telco Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

Security Fix(es):

* A race condition flaw was found in the N_HLDC Linux kernel driver when
accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged
user able to set the HDLC line discipline on the tty device could use this flaw
to increase their privileges on the system. (CVE-2017-2636, Important)

Red Hat would like to thank Alexander Popov for reporting this issue.


Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Updated packages

Red Hat Enterprise Linux Server AUS (v. 6.5)

SRPMS:
kernel-2.6.32-431.80.1.el6.src.rpm
File outdated by:  RHBA-2017:1751
    MD5: eefe5b0f1ac860ce905ab07906cf969e
SHA-256: 6f20efb8e853e4e1f76c9b0b78dd5784b6c5a9301281e6ecd33bde00e5d85ff6
 
x86_64:
kernel-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: 39ad7e1d66df9c3aa513b102c339c8ee
SHA-256: 8688f0eb59cc18205218294ab5f3cc9c774496964cb312f4a7c677c6f0c5856e
kernel-abi-whitelists-2.6.32-431.80.1.el6.noarch.rpm
File outdated by:  RHBA-2017:1751
    MD5: 471c7aaef35541f5addb81ef9f99d635
SHA-256: bcb89a9277c9f90dca4b29bf6b711723c929b1fcb4fba42fe7f48cf5b66f4404
kernel-debug-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: b21ffb02662f31359f3b11bdbcbc7ef8
SHA-256: fb09d96b7cff4e95abf2108cdf557940abe61c708237302c4f73cd09c970d694
kernel-debug-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: 7fb7b30e92427bc81c38b77460d9a3e5
SHA-256: 91c877345ee6da135aec83f5d815c4e23101147cf55593c39d45176a2b4064df
kernel-debug-devel-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: b493e08d834e5ebd7aa227dfb6e1881d
SHA-256: 17aa9ce5d36a6a48db1f2e3038830e451c35d15ccf5eb7ee27b36cce7ab857d0
kernel-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: 73ccb25d772d48ca4a28bed60255b157
SHA-256: 31fbe349ba3b29ed74ebbef158436f9e86ba7f43992825a702d95bede7444977
kernel-debuginfo-common-x86_64-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: ef0ccc2f04b7383276b350b60b3e2df2
SHA-256: bd2206ca48c9122cd9a256bf6473c3647662a4a572a9a099888a0fa5ce11fd7b
kernel-devel-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: 82aaa70c7c47f0e2777db4098466026a
SHA-256: 384a23324ebc953902b427dc2363cf8b5d26630ba9d96abeab4141cb12d75c29
kernel-doc-2.6.32-431.80.1.el6.noarch.rpm
File outdated by:  RHBA-2017:1751
    MD5: 6a9b2c36eb6b3b77d98760699beeed7b
SHA-256: 64097d12462a6860e1788d97b1a6a35d4b48671e89d4b412ac812fdc93578a3a
kernel-firmware-2.6.32-431.80.1.el6.noarch.rpm
File outdated by:  RHBA-2017:1751
    MD5: dff74d4f90c446ab454455a8a6f1976f
SHA-256: 1b4a6b1e7df664ef6c89345aa605fe06ff30589745443c5adbd0a435813997e7
kernel-headers-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: 45c33ff90490b1d53cd78520ebc6f230
SHA-256: 774e0d89d05a933c43aeaf47e22ca5f5e0e947a967807cf635496509a18e4031
perf-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: 748c9902e96bcb1d72c818883706792e
SHA-256: b4f9e604757f353134822a65fe5776481b2bd3955c764ef79f9483924af2c928
perf-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: 22bb0b677b33d60ab7bd37c13c9db72f
SHA-256: d48439de1761400c4d15a4f4dded4564ec99854db2a58b994a62485727f83bd4
python-perf-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: 111464a11610de6d58f3a7acfd86f087
SHA-256: ea68f5372913903823023fad5e332422a3a99ed221b5c4746ca4dedfa5ed8819
python-perf-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: 4f2fc7cc3080469086d1eed2aa08b7af
SHA-256: ac72dd2b5e977ac77f35ed3d9cda4a57894e3417aced9294ed67250da138d236
 
Red Hat Enterprise Linux Server TUS (v. 6.5)

SRPMS:
kernel-2.6.32-431.80.1.el6.src.rpm
File outdated by:  RHBA-2017:1751
    MD5: eefe5b0f1ac860ce905ab07906cf969e
SHA-256: 6f20efb8e853e4e1f76c9b0b78dd5784b6c5a9301281e6ecd33bde00e5d85ff6
 
x86_64:
kernel-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: 39ad7e1d66df9c3aa513b102c339c8ee
SHA-256: 8688f0eb59cc18205218294ab5f3cc9c774496964cb312f4a7c677c6f0c5856e
kernel-abi-whitelists-2.6.32-431.80.1.el6.noarch.rpm
File outdated by:  RHBA-2017:1751
    MD5: 471c7aaef35541f5addb81ef9f99d635
SHA-256: bcb89a9277c9f90dca4b29bf6b711723c929b1fcb4fba42fe7f48cf5b66f4404
kernel-debug-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: b21ffb02662f31359f3b11bdbcbc7ef8
SHA-256: fb09d96b7cff4e95abf2108cdf557940abe61c708237302c4f73cd09c970d694
kernel-debug-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: 7fb7b30e92427bc81c38b77460d9a3e5
SHA-256: 91c877345ee6da135aec83f5d815c4e23101147cf55593c39d45176a2b4064df
kernel-debug-devel-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: b493e08d834e5ebd7aa227dfb6e1881d
SHA-256: 17aa9ce5d36a6a48db1f2e3038830e451c35d15ccf5eb7ee27b36cce7ab857d0
kernel-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: 73ccb25d772d48ca4a28bed60255b157
SHA-256: 31fbe349ba3b29ed74ebbef158436f9e86ba7f43992825a702d95bede7444977
kernel-debuginfo-common-x86_64-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: ef0ccc2f04b7383276b350b60b3e2df2
SHA-256: bd2206ca48c9122cd9a256bf6473c3647662a4a572a9a099888a0fa5ce11fd7b
kernel-devel-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: 82aaa70c7c47f0e2777db4098466026a
SHA-256: 384a23324ebc953902b427dc2363cf8b5d26630ba9d96abeab4141cb12d75c29
kernel-doc-2.6.32-431.80.1.el6.noarch.rpm
File outdated by:  RHBA-2017:1751
    MD5: 6a9b2c36eb6b3b77d98760699beeed7b
SHA-256: 64097d12462a6860e1788d97b1a6a35d4b48671e89d4b412ac812fdc93578a3a
kernel-firmware-2.6.32-431.80.1.el6.noarch.rpm
File outdated by:  RHBA-2017:1751
    MD5: dff74d4f90c446ab454455a8a6f1976f
SHA-256: 1b4a6b1e7df664ef6c89345aa605fe06ff30589745443c5adbd0a435813997e7
kernel-headers-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: 45c33ff90490b1d53cd78520ebc6f230
SHA-256: 774e0d89d05a933c43aeaf47e22ca5f5e0e947a967807cf635496509a18e4031
perf-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: 748c9902e96bcb1d72c818883706792e
SHA-256: b4f9e604757f353134822a65fe5776481b2bd3955c764ef79f9483924af2c928
perf-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: 22bb0b677b33d60ab7bd37c13c9db72f
SHA-256: d48439de1761400c4d15a4f4dded4564ec99854db2a58b994a62485727f83bd4
python-perf-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: 111464a11610de6d58f3a7acfd86f087
SHA-256: ea68f5372913903823023fad5e332422a3a99ed221b5c4746ca4dedfa5ed8819
python-perf-debuginfo-2.6.32-431.80.1.el6.x86_64.rpm
File outdated by:  RHBA-2017:1751
    MD5: 4f2fc7cc3080469086d1eed2aa08b7af
SHA-256: ac72dd2b5e977ac77f35ed3d9cda4a57894e3417aced9294ed67250da138d236
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1428319 - CVE-2017-2636 kernel: Race condition access to n_hdlc.tbuf causes double free in n_hdlc_release()


References


Keywords

reboot_suggested


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/