Security Advisory Important: kernel security update

Advisory: RHSA-2017:0345-1
Type: Security Advisory
Severity: Important
Issued on: 2017-02-28
Last updated on: 2017-02-28
Affected Products: Red Hat Enterprise Linux Server AUS (v. 6.4)
CVEs (cve.mitre.org): CVE-2017-6074

Details

An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced
Update Support.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

Security Fix(es):

* A use-after-free flaw was found in the way the Linux kernel's Datagram
Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer)
resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set
on the socket. A local, unprivileged user could use this flaw to alter the
kernel memory, allowing them to escalate their privileges on the system.
(CVE-2017-6074, Important)

Red Hat would like to thank Andrey Konovalov (Google) for reporting this issue.


Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Updated packages

Red Hat Enterprise Linux Server AUS (v. 6.4)

SRPMS:
kernel-2.6.32-358.77.1.el6.src.rpm
File outdated by:  RHSA-2017:1490
    MD5: 3787fed2a54ac54415942d5af3b1af52
SHA-256: 7d37a8677a8b9ba10b7baac5816ab3e96955b6568a25196bf2d7413bdc4321af
 
x86_64:
kernel-2.6.32-358.77.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1490
    MD5: 7e2fe87f712c6b3eedc66419bcdfa84d
SHA-256: ed005d72125e99271696591f76e4c90c3548a2a91e8f8d9170b771a08b17afb5
kernel-debug-2.6.32-358.77.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1490
    MD5: 708e9516d4a9bf1b995e7ab2025df63c
SHA-256: fd704c9db687f1bd8e66f59ad855349fbf3a6cf6590b450c03ef4afa5234f202
kernel-debug-debuginfo-2.6.32-358.77.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1490
    MD5: 2fedf038881d546d77406405c9da8d9a
SHA-256: 240ecdaab010ec5f48f5de11876d0813a06fac8b99759670a39b662614945ae1
kernel-debug-devel-2.6.32-358.77.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1490
    MD5: f573d9367cee9652ab84750a60b86d5c
SHA-256: 198d9da447da86c7e9b093b0e601903c89e0c2b27e0994e2f73264ab8da704b9
kernel-debuginfo-2.6.32-358.77.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1490
    MD5: 00b1bbdfc1b1682aecc5614629a1d8be
SHA-256: 8349ca41d7b9ac16ef07ee61dcae61f690203c55e98d2c1d25c6f06f5e514fff
kernel-debuginfo-common-x86_64-2.6.32-358.77.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1490
    MD5: c70f23137b6f0d2856bc0f62da10d380
SHA-256: d34ac333690a65c5b5d661afbf5fe026e466f70d4634b3ebcaeff474a430f235
kernel-devel-2.6.32-358.77.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1490
    MD5: 39e33ffea75a7be2313b0264344fb02d
SHA-256: ec52ee9ba4cb9e0a7dac3f1a413ce5625964add76c9ed26ec93cafb5d404a29d
kernel-doc-2.6.32-358.77.1.el6.noarch.rpm
File outdated by:  RHSA-2017:1490
    MD5: 40f155cde12cdb6d13457f22d5e1d575
SHA-256: a522fd60d2b2f538d7b3e04969077060d4bcba361e0da821a41acf4bcd6290c9
kernel-firmware-2.6.32-358.77.1.el6.noarch.rpm
File outdated by:  RHSA-2017:1490
    MD5: 158b2852fafb4f623eb720418f31695f
SHA-256: cd40fddb613591f5b6c63e620be1e89fa981f988cac1ec4ce8c5e1f7920d2ee4
kernel-headers-2.6.32-358.77.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1490
    MD5: 8cda167a44bbf7b463c3f343c2146392
SHA-256: 523a3b6972ca9ba5a0bb9918ce19eaee8343c5026fbbdec0e434a6579ed0a601
perf-2.6.32-358.77.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1490
    MD5: d163e3aea656999aaa88950861fadb54
SHA-256: f1dd1fa1994c6bc9801642cab1e07ea40123da4c221480648eeedf13d6dfd315
perf-debuginfo-2.6.32-358.77.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1490
    MD5: 2caef33a91c81b95b665d8b3038eb4d0
SHA-256: a8d9b846dea806f610dc766256b4b629951a1cf8019f2c759937086f96cf2eeb
python-perf-2.6.32-358.77.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1490
    MD5: da18e0e89f3cfcc56ea5ea7f3c43ae09
SHA-256: 64c5171ae4ac589d9cfd81874d2b470f66e63e00b4af4c2a8749ade5125789de
python-perf-debuginfo-2.6.32-358.77.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1490
    MD5: 6c58a1f5bc0eb0705d73762ac2c9b2c9
SHA-256: 734dead26ec84e5af842db1b9d9993c586c642e29ece811287cebd0805aa6710
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1423071 - CVE-2017-6074 kernel: use after free in dccp protocol


References


Keywords

reboot_suggested


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/