Security Advisory Important: kernel security and bug fix update

Advisory: RHSA-2017:0346-1
Type: Security Advisory
Severity: Important
Issued on: 2017-02-28
Last updated on: 2017-02-28
Affected Products: Red Hat Enterprise Linux Long Life (v. 5.9 server)
CVEs (cve.mitre.org): CVE-2017-2634
CVE-2017-6074

Details

An update for kernel is now available for Red Hat Enterprise Linux 5.9 Long
Life.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

Security Fix(es):

* A use-after-free flaw was found in the way the Linux kernel's Datagram
Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer)
resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set
on the socket. A local, unprivileged user could use this flaw to alter the
kernel memory, allowing them to escalate their privileges on the system.
(CVE-2017-6074, Important)

* It was found that the Linux kernel's Datagram Congestion Control Protocol
(DCCP) implementation used the IPv4-only inet_sk_rebuild_header() function for
both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A
remote attacker could use this flaw to crash the system. (CVE-2017-2634,
Moderate)

Important: This update disables the DCCP kernel module at load time by using the
kernel module blacklist method. The module is disabled in an attempt to reduce
further exposure to additional issues. (BZ#1426309)

Red Hat would like to thank Andrey Konovalov (Google) for reporting
CVE-2017-6074. The CVE-2017-2634 issue was discovered by Wade Mealing (Red Hat
Product Security).


Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Updated packages

Red Hat Enterprise Linux Long Life (v. 5.9 server)

SRPMS:
kernel-2.6.18-348.33.1.el5.src.rpm
File outdated by:  RHSA-2017:1483
    MD5: 618ccdc1d43d9bb52116bae4dc71d703
SHA-256: 112453ee7b99dc14d71ec354f8060b82cdef5480231bea7fc377c15b1884df5d
 
IA-32:
kernel-2.6.18-348.33.1.el5.i686.rpm
File outdated by:  RHSA-2017:1483
    MD5: 309f4ffc040554056e3cdf05bb92c51f
SHA-256: de3e20d69a1c363f6c9462138248406c3d773df72af5aac46bde8fb9b1664a00
kernel-PAE-2.6.18-348.33.1.el5.i686.rpm
File outdated by:  RHSA-2017:1483
    MD5: 93c7c4bc54355721c076cccf3ad358a8
SHA-256: 4e055224d34526554e60fdd84e9eac478c17ba4b023f7314df6c9119dfda452c
kernel-PAE-debuginfo-2.6.18-348.33.1.el5.i686.rpm
File outdated by:  RHSA-2017:1483
    MD5: 71fb36d8ca709ff623c4875109f53e15
SHA-256: a1e74fbe4183f4d6900760286fac10bdb242be11830d6708f79511a264654066
kernel-PAE-devel-2.6.18-348.33.1.el5.i686.rpm
File outdated by:  RHSA-2017:1483
    MD5: 4f4fd3b029c62cf990783ef60a565c11
SHA-256: 2f4bab87042e0de66aecbb6394e36eb05d90a3b086265f001f0eff08041ed76c
kernel-debug-2.6.18-348.33.1.el5.i686.rpm
File outdated by:  RHSA-2017:1483
    MD5: f68792d1d58afd7a088e800612c09207
SHA-256: f649b0cf74743fbbf956410452f90aa01dacf6e172e2076d8efde6b0c70a06dc
kernel-debug-debuginfo-2.6.18-348.33.1.el5.i686.rpm
File outdated by:  RHSA-2017:1483
    MD5: cd2952b91357159f844cb2a7d5bcc484
SHA-256: e71e5242faae94e188393b640e4f4a71439b32a352517aa97371b54a6319a6e2
kernel-debug-devel-2.6.18-348.33.1.el5.i686.rpm
File outdated by:  RHSA-2017:1483
    MD5: 16cf011678aefd144a47358aa0957c4e
SHA-256: 1d1fd3d2649df8bd33ee0a8cb4fa55c8b6aa469f31813b14f4540315e76ba047
kernel-debuginfo-2.6.18-348.33.1.el5.i686.rpm
File outdated by:  RHSA-2017:1483
    MD5: 9557c0c706ff1a84efab00848821dd7f
SHA-256: d49ef5d45bceae808aa1a1d3257b0b633fbd8905de96b77a35ab8bb03ca78e77
kernel-debuginfo-common-2.6.18-348.33.1.el5.i686.rpm
File outdated by:  RHSA-2017:1483
    MD5: aba8690d428fd08fc369c83f1da328f4
SHA-256: e7b3c6d1e777676f49e241bbfbbb103dfe47b372e0a8d6cb14f97e9b0fb97e44
kernel-devel-2.6.18-348.33.1.el5.i686.rpm
File outdated by:  RHSA-2017:1483
    MD5: 784f1d79de5e2725cf04a45e39185d3f
SHA-256: 3a9a9235924e2cce69a355f999a889db168d982af5b82dca6a9211e489232abc
kernel-doc-2.6.18-348.33.1.el5.noarch.rpm
File outdated by:  RHSA-2017:1483
    MD5: b7ba36c41fae9339c8b6290650e05304
SHA-256: fc166bdf5de4e3806712c6e82cd551dada200122c0cd36818519046150afbe3e
kernel-headers-2.6.18-348.33.1.el5.i386.rpm
File outdated by:  RHSA-2017:1483
    MD5: bc2f34af4bbdc7759e0228f72d27dc26
SHA-256: 32979b422f4f9d072be741d2ed65cb0f5bb24bb2cb9a23d95ba2021d7a23f5b6
kernel-xen-2.6.18-348.33.1.el5.i686.rpm
File outdated by:  RHSA-2017:1483
    MD5: 27cc3c8b5c88650857ddfd1f4475538e
SHA-256: a495188c162c8f6881f3a826775d74e8b1224e55028488f0f73b5504528ff31d
kernel-xen-debuginfo-2.6.18-348.33.1.el5.i686.rpm
File outdated by:  RHSA-2017:1483
    MD5: 91bab6f0fad8504ee648d99a40109887
SHA-256: b842ed8242a965186d6c1c9a0651925f0d3f808b02bab6a4bafe7e594d48f165
kernel-xen-devel-2.6.18-348.33.1.el5.i686.rpm
File outdated by:  RHSA-2017:1483
    MD5: 634628adb172be29d9f62c4210314989
SHA-256: 2a14d4b053751a8afbd42a6d5d374b2bd326e9782988178144818b4a82edb1d6
 
IA-64:
kernel-2.6.18-348.33.1.el5.ia64.rpm
File outdated by:  RHSA-2017:1483
    MD5: 067786fcc48728ccdb516599b462e5bf
SHA-256: 42888d64341db44d19e5dba255807b5b7032a941ee3e0007fd39c53ff4760eab
kernel-debug-2.6.18-348.33.1.el5.ia64.rpm
File outdated by:  RHSA-2017:1483
    MD5: 33916e8d618d6ca38360fabae4744d6b
SHA-256: 1eb3c7050ed838759a45af86cee87e6b16a6e1b029736f5708cc897976166de6
kernel-debug-debuginfo-2.6.18-348.33.1.el5.ia64.rpm
File outdated by:  RHSA-2017:1483
    MD5: 8a6ccb68e9e5880d1dcfea193c061917
SHA-256: 7ac3c7b1367263cc1cd7784ac2ffd91b54dd335ea44db1f4b510542a1fb7d980
kernel-debug-devel-2.6.18-348.33.1.el5.ia64.rpm
File outdated by:  RHSA-2017:1483
    MD5: af290f636a5fba13713b686ecf5d1a24
SHA-256: 1d66031a932dff53f31f63a785cf9341bde052967e74282f7bb3af1364a81f8f
kernel-debuginfo-2.6.18-348.33.1.el5.ia64.rpm
File outdated by:  RHSA-2017:1483
    MD5: 1a586ce5c8e291a0559e5c750ba884a2
SHA-256: 7bc3233fb799d200545b892137b2ab6e8a9bb99c6297f4f46f9a09a29ab32174
kernel-debuginfo-common-2.6.18-348.33.1.el5.ia64.rpm
File outdated by:  RHSA-2017:1483
    MD5: 372906f0bd07520a87cc4ac68205f3cb
SHA-256: 0faa1eaadad3dc1d9dfc9cbb4a38a94c4419b6412a1f3ce1df89a70bc5fc5560
kernel-devel-2.6.18-348.33.1.el5.ia64.rpm
File outdated by:  RHSA-2017:1483
    MD5: 242d9bf0f3d02c3f52d9e3ee2e380b0b
SHA-256: fb5f92d19e131bc96ff27b69ca5489e500a0016e0762d97ed7e0569c829bf772
kernel-doc-2.6.18-348.33.1.el5.noarch.rpm
File outdated by:  RHSA-2017:1483
    MD5: b7ba36c41fae9339c8b6290650e05304
SHA-256: fc166bdf5de4e3806712c6e82cd551dada200122c0cd36818519046150afbe3e
kernel-headers-2.6.18-348.33.1.el5.ia64.rpm
File outdated by:  RHSA-2017:1483
    MD5: ca7fe958e026b54e6b2ea1f438c26621
SHA-256: 9ac472403266b97cb240abaa2c95c670fb9e102ef0ec2c4cc8128c7b6d09a0f4
kernel-xen-2.6.18-348.33.1.el5.ia64.rpm
File outdated by:  RHSA-2017:1483
    MD5: f0a5a0bb529b3e137733016c42cbe670
SHA-256: a588f774d8cd0f95a8b14712e7e85a98ae66dd4ef7a30b21cf21d197b0e08c91
kernel-xen-debuginfo-2.6.18-348.33.1.el5.ia64.rpm
File outdated by:  RHSA-2017:1483
    MD5: 2801f30aaa04199bb068a510ac23282a
SHA-256: 204be5bee48612b41aa1f1960f4e66b3d4ed50db47784846b365b61196b73065
kernel-xen-devel-2.6.18-348.33.1.el5.ia64.rpm
File outdated by:  RHSA-2017:1483
    MD5: 28c4574f04bc7da39797f4e8d56e1180
SHA-256: a46a66a323ee7ed32fc24a780e5645400e19aa9e016000f681f61b64876555d6
 
x86_64:
kernel-2.6.18-348.33.1.el5.x86_64.rpm
File outdated by:  RHSA-2017:1483
    MD5: cd1bd233cf07692948095231e00cb1be
SHA-256: b7237844b1597d4f9bdec1d705644c0b7238c534532ebebf40dcff1c9619f544
kernel-debug-2.6.18-348.33.1.el5.x86_64.rpm
File outdated by:  RHSA-2017:1483
    MD5: cb0521b395a64963d1f9a79dbe578d21
SHA-256: d2057cb3062294a425079ede3130f5d0556efd2931f3d6b66c2a8a91f41d3a21
kernel-debug-debuginfo-2.6.18-348.33.1.el5.x86_64.rpm
File outdated by:  RHSA-2017:1483
    MD5: 49e821d9d3084a9273eb73c2cfe3662e
SHA-256: eb3697c409844a6d78c8611630c094930d60e957f4881de1fec11a2de46099a6
kernel-debug-devel-2.6.18-348.33.1.el5.x86_64.rpm
File outdated by:  RHSA-2017:1483
    MD5: 294d84a0a450afe814838f283193ab17
SHA-256: 1449022d984db68ce167e28a331183720a5985c4bf4484f7a2aee26c4491846b
kernel-debuginfo-2.6.18-348.33.1.el5.x86_64.rpm
File outdated by:  RHSA-2017:1483
    MD5: 9f41724d57602356b1dd5224cf35d685
SHA-256: 7df23a76a9ef0f014a6a5e294b340b2cfd07e04f109b9a3e6c010e5580e43d6a
kernel-debuginfo-common-2.6.18-348.33.1.el5.x86_64.rpm
File outdated by:  RHSA-2017:1483
    MD5: fc56fed32aef44bdbe88868073fd0aa6
SHA-256: 024dab567e412553e59c2e5bc1d59a07af28eedb1719e60835183518c62cf206
kernel-devel-2.6.18-348.33.1.el5.x86_64.rpm
File outdated by:  RHSA-2017:1483
    MD5: 0961809a0a953a5e671786fdce3bf2cc
SHA-256: 8dd6363c95f49989832fcc49ecd3f23cf7ec1113247cf7523e1bbcf81591215b
kernel-doc-2.6.18-348.33.1.el5.noarch.rpm
File outdated by:  RHSA-2017:1483
    MD5: b7ba36c41fae9339c8b6290650e05304
SHA-256: fc166bdf5de4e3806712c6e82cd551dada200122c0cd36818519046150afbe3e
kernel-headers-2.6.18-348.33.1.el5.x86_64.rpm
File outdated by:  RHSA-2017:1483
    MD5: fd49a415de223f564baa04400a9c4e5e
SHA-256: 25dc32d429978f1d109a5913546e41d366da6ef29a549c2203bc17d380d7659a
kernel-xen-2.6.18-348.33.1.el5.x86_64.rpm
File outdated by:  RHSA-2017:1483
    MD5: 5caa3ff12df4e45ab22b89b19c44f132
SHA-256: a364bf7f6c676001cfc1ed0792ef097a48691acb16bcd73068d7d6e1db1fda19
kernel-xen-debuginfo-2.6.18-348.33.1.el5.x86_64.rpm
File outdated by:  RHSA-2017:1483
    MD5: 1fdaac3ad06a493b1fea22694416dbb9
SHA-256: aae01c52eb5f26d2537e1d205b5dce5bb435771695f9bf8bff71e9b92d2bccd5
kernel-xen-devel-2.6.18-348.33.1.el5.x86_64.rpm
File outdated by:  RHSA-2017:1483
    MD5: 545c1820ec89fcdb5308010df2a0751a
SHA-256: a9535ec20306980df4a8612720077d550b02570932643422aef68eaff8f5f933
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1423071 - CVE-2017-6074 kernel: use after free in dccp protocol
1424751 - CVE-2017-2634 kernel: dccp: crash while sending ipv6 reset packet


References


Keywords

reboot_suggested


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/