Security Advisory Important: kernel security update

Advisory: RHSA-2017:0365-1
Type: Security Advisory
Severity: Important
Issued on: 2017-03-01
Last updated on: 2017-03-01
Affected Products: Red Hat Enterprise Linux Server AUS (v. 6.2)
CVEs (cve.mitre.org): CVE-2017-6074

Details

An update for kernel is now available for Red Hat Enterprise Linux 6.2 Advanced
Update Support.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

Security Fix(es):

* A use-after-free flaw was found in the way the Linux kernel's Datagram
Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer)
resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set
on the socket. A local, unprivileged user could use this flaw to alter the
kernel memory, allowing them to escalate their privileges on the system.
(CVE-2017-6074, Important)

Red Hat would like to thank Andrey Konovalov (Google) for reporting this issue.


Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Updated packages

Red Hat Enterprise Linux Server AUS (v. 6.2)

SRPMS:
kernel-2.6.32-220.70.1.el6.src.rpm
File outdated by:  RHSA-2017:1491
    MD5: b22157cf827aa3bf963d124a56b576ac
SHA-256: 2cd2fe15aecc03b06abe4a91b4b3ed8b081a5fc828f7314e5442980f336aef96
 
x86_64:
kernel-2.6.32-220.70.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1491
    MD5: 26e88c76ac0644d8e2f9f051e3cd3941
SHA-256: dbbbb7f6a455c1e331fd6bacb6c0b4d5013139f657cb7102e4c1e1ac44bb3884
kernel-debug-2.6.32-220.70.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1491
    MD5: 5fe9464fef51ce87c5d1467911f446f1
SHA-256: 2aec927293e34a31ccc33af596be2ce2ebe0fe34457bb88336fe3d5dc14c1729
kernel-debug-debuginfo-2.6.32-220.70.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1491
    MD5: 949cfef46501eb4bebb31f8450a61137
SHA-256: a980ff11a51795d28423e1d09f604c9645b413992f2af1a9f650686aa167ea52
kernel-debug-devel-2.6.32-220.70.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1491
    MD5: 009a874d7fe19c3d2ead59215da80562
SHA-256: 5a74ffbd3378d0709557cda7b9dab95f2944821f9d1830bfd13016d6bf8f7444
kernel-debuginfo-2.6.32-220.70.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1491
    MD5: 006a90259840f0622f65399b9cb095e8
SHA-256: 0cb3bdd6b19301796cb6f8bc7b965c04110ab79600860228d95bde8bf33dbf34
kernel-debuginfo-common-x86_64-2.6.32-220.70.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1491
    MD5: 703dc31f4e85d3334d5ac9d408157550
SHA-256: c1bfd66794db67445d18037345f19c3a98dcd69c81114612ffc8bf7ccf706659
kernel-devel-2.6.32-220.70.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1491
    MD5: cb4fb6a3de9810f8767c05946a29916b
SHA-256: 48e7959e69af52a81f59d80aa36e391f23254ed6ee54a28c9183384a9c6b9d82
kernel-doc-2.6.32-220.70.1.el6.noarch.rpm
File outdated by:  RHSA-2017:1491
    MD5: d02907fcf9dd38b95c54121c27699f08
SHA-256: 1af746b66e232aa26d5fd07e3a31a501aa073d467b28382c8b22893eaa6a4c68
kernel-firmware-2.6.32-220.70.1.el6.noarch.rpm
File outdated by:  RHSA-2017:1491
    MD5: 5dae538748f0f0aab2122af0624d8a49
SHA-256: b8a821df5ae0d84f547844115c0bfc7312315a32d22e5e6fa77eb7a737c3f399
kernel-headers-2.6.32-220.70.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1491
    MD5: 1a1cb46e77cd98f0faec2e65b28fe63d
SHA-256: 1908d8947a6dd0b919377fa415f5a3476535a236b4b9bc16f620a45838363ec7
perf-2.6.32-220.70.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1491
    MD5: 71f54f6bdf303762cbde45848b19d4ae
SHA-256: 0055bc02b75658fe415513a0f8d5e06dc0ceb0d831b87d45709c27e21a0c6648
perf-debuginfo-2.6.32-220.70.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1491
    MD5: daa3b2248c349b3a059518b27115df0f
SHA-256: 470cf9087914af9284cf3739b19415fca895f02612276a625cfc2b879c978144
python-perf-2.6.32-220.70.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1491
    MD5: 8d1dcac11be9e4babcaa8818f2251486
SHA-256: ec83b285b4e71685d2286eb5a17f10c13c33cdcc3a1343dca39f7d383391dcc0
python-perf-debuginfo-2.6.32-220.70.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1491
    MD5: 0e8515850e4e6e1b89b84657745b1c4d
SHA-256: dd7d42132f4fd1d4a2469967f867b96bd9937f9fb4ac0db72c8369aff9851239
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1423071 - CVE-2017-6074 kernel: use after free in dccp protocol


References


Keywords

reboot_suggested


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/