Security Advisory Important: kernel security update

Advisory: RHSA-2017:0366-1
Type: Security Advisory
Severity: Important
Issued on: 2017-03-01
Last updated on: 2017-03-01
Affected Products: Red Hat Enterprise Linux Server AUS (v. 6.5)
Red Hat Enterprise Linux Server TUS (v. 6.5)
CVEs (cve.mitre.org): CVE-2017-6074

Details

An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced
Update Support and Red Hat Enterprise Linux 6.5 Telco Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

Security Fix(es):

* A use-after-free flaw was found in the way the Linux kernel's Datagram
Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer)
resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set
on the socket. A local, unprivileged user could use this flaw to alter the
kernel memory, allowing them to escalate their privileges on the system.
(CVE-2017-6074, Important)

Red Hat would like to thank Andrey Konovalov (Google) for reporting this issue.


Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Updated packages

Red Hat Enterprise Linux Server AUS (v. 6.5)

SRPMS:
kernel-2.6.32-431.78.1.el6.src.rpm
File outdated by:  RHSA-2017:1489
    MD5: 1be84e784c4fec011f60c771889904e9
SHA-256: f7f8c054b10246f8005c13a4afe8298cbecfe708d25d922d5b4a7738650bd040
 
x86_64:
kernel-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: 4c1d429e70901fd6e1a21e58e7e35dc1
SHA-256: 5f7a1e88967a169d48bbdb8c8fdad53830156054137aefd3c9a2bb0ed4e603bc
kernel-abi-whitelists-2.6.32-431.78.1.el6.noarch.rpm
File outdated by:  RHSA-2017:1489
    MD5: bf60bcd7b5d587ad5d72f37cec3a34b3
SHA-256: 96d13a17ea89c19f1fa2faeeca53e3178fc1a07dfab82e9074042681a2ede162
kernel-debug-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: d80cec32f42f5701f89768ccde547a92
SHA-256: 5b6f720b25b041558f46fa36abe529834a44c0071968f05a1708b3959c60a03f
kernel-debug-debuginfo-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: 95b3c7b6e82c12d390ddc6e8cb7c4e86
SHA-256: 623b55bebd60afa318ff0b7f1c063b1c21b0f50276eeec0b2d8b3b285a41fafc
kernel-debug-devel-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: 2e176b2cc15335051d756ead583351b8
SHA-256: f388a535d587c869b6699086cdaa19cdf151575f94899b411db967a3654b95a3
kernel-debuginfo-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: 9a6e3e6ec7e78349746680a1629505f4
SHA-256: 423eaf67a0c812f8515d52277bf688e089d3bbfbd5d0693cd8fbd35240aef22f
kernel-debuginfo-common-x86_64-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: 0f3b6eafc230cdb716cf94ac1ca2bae6
SHA-256: a4c077e5d277bc3324afca9d491dcca51a9bcf45d9ca9a9a7a6b0a4c12a64295
kernel-devel-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: e4b353d08d9b1ac82dc481868cb419fc
SHA-256: 16798a95c9b976cf63a4eb78ded03389c1dddb56bc6915d3d49f12dec47f3d47
kernel-doc-2.6.32-431.78.1.el6.noarch.rpm
File outdated by:  RHSA-2017:1489
    MD5: 106289f8a1f47b85d5f8be6d8a5a708e
SHA-256: 95466b2cd2001821f3375cfda46baa97fb475d01b6672f4cd39b45221fffe956
kernel-firmware-2.6.32-431.78.1.el6.noarch.rpm
File outdated by:  RHSA-2017:1489
    MD5: 03ed9351369da52f67ccf4880e10242c
SHA-256: 4aad14c87ec245bcc2eff44a5d20bab9764aee611f0664fac9cfa6f3d18e7245
kernel-headers-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: a1a2d81cb703025fa3cb15c0eac8606b
SHA-256: 2b20915b7821dc9adf7341e8272eccaa2f711be502d14a6170dfe6916c2b7200
perf-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: 181159e0b2330a83f674ee4cd0f20309
SHA-256: 86a152614d36f0487b0d7ab4eb27d669f7cd111a99c343920ccaddc3d687594a
perf-debuginfo-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: e6ae4d3d4128f99c05251f41c2012a8a
SHA-256: 55db0c03305c490d2ad483f2db691fc65eed1fd985bbb0a0550636c8cd7f8960
python-perf-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: fbd1d9bb59313c3cb67cfe1f582c249e
SHA-256: bc942f3264e4270c43a3a44da531c3df1ccb0f3a6f7317b04b35d1622b9d93b7
python-perf-debuginfo-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: bcc30f7f7252d22512774eb9e9aaf990
SHA-256: eecd6d114c1ec4046d378d3b87d653594953860ec4ea2f64abdb316fb11f3e94
 
Red Hat Enterprise Linux Server TUS (v. 6.5)

SRPMS:
kernel-2.6.32-431.78.1.el6.src.rpm
File outdated by:  RHSA-2017:1489
    MD5: 1be84e784c4fec011f60c771889904e9
SHA-256: f7f8c054b10246f8005c13a4afe8298cbecfe708d25d922d5b4a7738650bd040
 
x86_64:
kernel-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: 4c1d429e70901fd6e1a21e58e7e35dc1
SHA-256: 5f7a1e88967a169d48bbdb8c8fdad53830156054137aefd3c9a2bb0ed4e603bc
kernel-abi-whitelists-2.6.32-431.78.1.el6.noarch.rpm
File outdated by:  RHSA-2017:1489
    MD5: bf60bcd7b5d587ad5d72f37cec3a34b3
SHA-256: 96d13a17ea89c19f1fa2faeeca53e3178fc1a07dfab82e9074042681a2ede162
kernel-debug-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: d80cec32f42f5701f89768ccde547a92
SHA-256: 5b6f720b25b041558f46fa36abe529834a44c0071968f05a1708b3959c60a03f
kernel-debug-debuginfo-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: 95b3c7b6e82c12d390ddc6e8cb7c4e86
SHA-256: 623b55bebd60afa318ff0b7f1c063b1c21b0f50276eeec0b2d8b3b285a41fafc
kernel-debug-devel-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: 2e176b2cc15335051d756ead583351b8
SHA-256: f388a535d587c869b6699086cdaa19cdf151575f94899b411db967a3654b95a3
kernel-debuginfo-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: 9a6e3e6ec7e78349746680a1629505f4
SHA-256: 423eaf67a0c812f8515d52277bf688e089d3bbfbd5d0693cd8fbd35240aef22f
kernel-debuginfo-common-x86_64-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: 0f3b6eafc230cdb716cf94ac1ca2bae6
SHA-256: a4c077e5d277bc3324afca9d491dcca51a9bcf45d9ca9a9a7a6b0a4c12a64295
kernel-devel-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: e4b353d08d9b1ac82dc481868cb419fc
SHA-256: 16798a95c9b976cf63a4eb78ded03389c1dddb56bc6915d3d49f12dec47f3d47
kernel-doc-2.6.32-431.78.1.el6.noarch.rpm
File outdated by:  RHSA-2017:1489
    MD5: 106289f8a1f47b85d5f8be6d8a5a708e
SHA-256: 95466b2cd2001821f3375cfda46baa97fb475d01b6672f4cd39b45221fffe956
kernel-firmware-2.6.32-431.78.1.el6.noarch.rpm
File outdated by:  RHSA-2017:1489
    MD5: 03ed9351369da52f67ccf4880e10242c
SHA-256: 4aad14c87ec245bcc2eff44a5d20bab9764aee611f0664fac9cfa6f3d18e7245
kernel-headers-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: a1a2d81cb703025fa3cb15c0eac8606b
SHA-256: 2b20915b7821dc9adf7341e8272eccaa2f711be502d14a6170dfe6916c2b7200
perf-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: 181159e0b2330a83f674ee4cd0f20309
SHA-256: 86a152614d36f0487b0d7ab4eb27d669f7cd111a99c343920ccaddc3d687594a
perf-debuginfo-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: e6ae4d3d4128f99c05251f41c2012a8a
SHA-256: 55db0c03305c490d2ad483f2db691fc65eed1fd985bbb0a0550636c8cd7f8960
python-perf-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: fbd1d9bb59313c3cb67cfe1f582c249e
SHA-256: bc942f3264e4270c43a3a44da531c3df1ccb0f3a6f7317b04b35d1622b9d93b7
python-perf-debuginfo-2.6.32-431.78.1.el6.x86_64.rpm
File outdated by:  RHSA-2017:1489
    MD5: bcc30f7f7252d22512774eb9e9aaf990
SHA-256: eecd6d114c1ec4046d378d3b87d653594953860ec4ea2f64abdb316fb11f3e94
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1423071 - CVE-2017-6074 kernel: use after free in dccp protocol


References


Keywords

reboot_suggested


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/