Operating System:

[RedHat]

Published:

03 August 2016

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ESB-2016.1871 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.1871
             Important: kernel-rt security and bug fix update
                               3 August 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kernel
                   kernel-rt
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 6
                   Red Hat Enterprise Linux Server 7
                   Red Hat Enterprise Linux WS/Desktop 7
Impact/Access:     Modify Arbitrary Files -- Existing Account
                   Denial of Service      -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-4470 CVE-2016-2143 CVE-2015-8660

Reference:         ESB-2016.1697
                   ESB-2016.1639
                   ESB-2016.1616
                   ESB-2016.1608
                   ESB-2016.1599
                   ESB-2016.1078

Original Bulletin: 
   https://rhn.redhat.com/errata/RHSA-2016-1532.html
   https://rhn.redhat.com/errata/RHSA-2016-1539.html
   https://rhn.redhat.com/errata/RHSA-2016-1541.html

Comment: This bulletin contains three (3) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update
Advisory ID:       RHSA-2016:1532-02
Product:           Red Hat Enterprise MRG for RHEL-6
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2016-1532.html
Issue date:        2016-08-02
CVE Names:         CVE-2015-8660 CVE-2016-4470 
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise MRG 2.5.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

* A flaw was found in the Linux kernel's keyring handling code, where in
key_reject_and_link() an uninitialised variable would eventually lead to
arbitrary free address which could allow attacker to use a use-after-free
style attack. (CVE-2016-4470, Important)

* The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel
through 4.3.3 attempts to merge distinct setattr operations, which allows
local users to bypass intended access restrictions and modify the
attributes of arbitrary overlay files via a crafted application.
(CVE-2015-8660, Moderate)

Red Hat would like to thank Nathan Williams for reporting CVE-2015-8660.
The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).

The kernel-rt packages have been upgraded to upstream version
3.10.0-327.rt56.194.el6rt, which provides a number of bug fixes over the
previous version. (BZ#1343658)

This update also fixes the following bugs:

* Previously, use of the get/put_cpu_var() function in function
refill_stock() from the memcontrol cgroup code lead to a "scheduling while
atomic" warning. With this update, refill_stock() uses the
get/put_cpu_light() function instead, and the warnings no longer appear.
(BZ#1348710)

* Prior to this update, if a real time task pinned to a given CPU was
taking 100% of the CPU time, then calls to the lru_add_drain_all() function
on other CPUs blocked for an undetermined amount of time. This caused
latencies and undesired side effects. With this update, lru_add_drain_all()
has been changed to drain the LRU pagevecs of remote CPUs. (BZ#1348711)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1291329 - CVE-2015-8660 kernel: Permission bypass on overlayfs during copy_up
1341716 - CVE-2016-4470 kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path
1343658 - update the MRG 2.5.z 3.10 kernel-rt sources

6. Package List:

MRG Realtime for RHEL 6 Server v.2:

Source:
kernel-rt-3.10.0-327.rt56.194.el6rt.src.rpm

noarch:
kernel-rt-doc-3.10.0-327.rt56.194.el6rt.noarch.rpm
kernel-rt-firmware-3.10.0-327.rt56.194.el6rt.noarch.rpm

x86_64:
kernel-rt-3.10.0-327.rt56.194.el6rt.x86_64.rpm
kernel-rt-debug-3.10.0-327.rt56.194.el6rt.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-327.rt56.194.el6rt.x86_64.rpm
kernel-rt-debug-devel-3.10.0-327.rt56.194.el6rt.x86_64.rpm
kernel-rt-debuginfo-3.10.0-327.rt56.194.el6rt.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-327.rt56.194.el6rt.x86_64.rpm
kernel-rt-devel-3.10.0-327.rt56.194.el6rt.x86_64.rpm
kernel-rt-trace-3.10.0-327.rt56.194.el6rt.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-327.rt56.194.el6rt.x86_64.rpm
kernel-rt-trace-devel-3.10.0-327.rt56.194.el6rt.x86_64.rpm
kernel-rt-vanilla-3.10.0-327.rt56.194.el6rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-3.10.0-327.rt56.194.el6rt.x86_64.rpm
kernel-rt-vanilla-devel-3.10.0-327.rt56.194.el6rt.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-8660
https://access.redhat.com/security/cve/CVE-2016-4470
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFXoRx6XlSAg2UNWIIRAtcZAKCRDzqcIQ0jzuW15qMqskr2lSRILACguGCA
Bhidqzg0j1hkf1NZjhlERSY=
=hfmH
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2016:1539-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2016-1539.html
Issue date:        2016-08-02
CVE Names:         CVE-2015-8660 CVE-2016-2143 CVE-2016-4470 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

These updated kernel packages include several security issues and numerous
bug fixes, some of which you can see below. Space precludes documenting
all of these bug fixes in this advisory. To see the complete list of bug
fixes, users are directed to the related Knowledge Article:
https://access.redhat.com/articles/2460971.

Security Fix(es):

* A flaw was found in the Linux kernel's keyring handling code, where in
key_reject_and_link() an uninitialised variable would eventually lead to
arbitrary free address which could allow attacker to use a use-after-free
style attack. (CVE-2016-4470, Important)

* The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel
through 4.3.3 attempts to merge distinct setattr operations, which allows
local users to bypass intended access restrictions and modify the
attributes of arbitrary overlay files via a crafted application.
(CVE-2015-8660, Moderate)

* It was reported that on s390x, the fork of a process with four page table
levels will cause memory corruption with a variety of symptoms. All
processes are created with three level page table and a limit of 4TB for
the address space. If the parent process has four page table levels with a
limit of 8PB, the function that duplicates the address space will try to
copy memory areas outside of the address space limit for the child process.
(CVE-2016-2143, Moderate)

Red Hat would like to thank Nathan Williams for reporting CVE-2015-8660.
The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).

Bug Fix(es):

* The glibc headers and the Linux headers share certain definitions of
key structures that are required to be defined in kernel and in userspace.
In some instances both userspace and sanitized kernel headers have to be
included in order to get the structure definitions required by the user
program. Unfortunately because the glibc and Linux headers don't
coordinate this can result in compilation errors. The glibc headers have
therefore been fixed to coordinate with Linux UAPI-based headers. With
the header coordination compilation errors no longer occur. (BZ#1331285)

* When running the TCP/IPv6 traffic over the mlx4_en networking interface
on the big endian architectures, call traces reporting about a "hw csum
failure" could occur. With this update, the mlx4_en driver has been fixed
by correction of the checksum calculation for the big endian
architectures. As a result, the call trace error no longer appears
in the log messages. (BZ#1337431)

* Under significant load, some applications such as logshifter could
generate bursts of log messages too large for the system logger to spool.
Due to a race condition, log messages from that application could then be
lost even after the log volume dropped to manageable levels. This update
fixes the kernel mechanism used to notify the transmitter end of the
socket used by the system logger that more space is available on the
receiver side, removing a race condition which previously caused the
sender to stop transmitting new messages and allowing all log messages
to be processed correctly. (BZ#1337513)

* Previously, after heavy open or close of the Accelerator Function Unit
(AFU) contexts, the interrupt packet went out and the AFU context did not
see any interrupts. Consequently, a kernel panic could occur. The provided
patch set fixes handling of the interrupt requests, and kernel panic no
longer occurs in the described situation. (BZ#1338886)

* net: recvfrom would fail on short buffer. (BZ#1339115)
* Backport rhashtable changes from upstream. (BZ#1343639)
* Server Crashing after starting Glusterd & creating volumes. (BZ#1344234)
* RAID5 reshape deadlock fix. (BZ#1344313)
* BDX perf uncore support fix. (BZ#1347374)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1291329 - CVE-2015-8660 kernel: Permission bypass on overlayfs during copy_up
1308908 - CVE-2016-2143 kernel: Fork of large process causes memory corruption
1341716 - CVE-2016-4470 kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
kernel-3.10.0-327.28.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-327.28.2.el7.noarch.rpm
kernel-doc-3.10.0-327.28.2.el7.noarch.rpm

x86_64:
kernel-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debug-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.28.2.el7.x86_64.rpm
kernel-devel-3.10.0-327.28.2.el7.x86_64.rpm
kernel-headers-3.10.0-327.28.2.el7.x86_64.rpm
kernel-tools-3.10.0-327.28.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-327.28.2.el7.x86_64.rpm
perf-3.10.0-327.28.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
python-perf-3.10.0-327.28.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.28.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-327.28.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
kernel-3.10.0-327.28.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-327.28.2.el7.noarch.rpm
kernel-doc-3.10.0-327.28.2.el7.noarch.rpm

x86_64:
kernel-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debug-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.28.2.el7.x86_64.rpm
kernel-devel-3.10.0-327.28.2.el7.x86_64.rpm
kernel-headers-3.10.0-327.28.2.el7.x86_64.rpm
kernel-tools-3.10.0-327.28.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-327.28.2.el7.x86_64.rpm
perf-3.10.0-327.28.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
python-perf-3.10.0-327.28.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.28.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-327.28.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
kernel-3.10.0-327.28.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-327.28.2.el7.noarch.rpm
kernel-doc-3.10.0-327.28.2.el7.noarch.rpm

ppc64:
kernel-3.10.0-327.28.2.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-327.28.2.el7.ppc64.rpm
kernel-debug-3.10.0-327.28.2.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-327.28.2.el7.ppc64.rpm
kernel-debug-devel-3.10.0-327.28.2.el7.ppc64.rpm
kernel-debuginfo-3.10.0-327.28.2.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-327.28.2.el7.ppc64.rpm
kernel-devel-3.10.0-327.28.2.el7.ppc64.rpm
kernel-headers-3.10.0-327.28.2.el7.ppc64.rpm
kernel-tools-3.10.0-327.28.2.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-327.28.2.el7.ppc64.rpm
kernel-tools-libs-3.10.0-327.28.2.el7.ppc64.rpm
perf-3.10.0-327.28.2.el7.ppc64.rpm
perf-debuginfo-3.10.0-327.28.2.el7.ppc64.rpm
python-perf-3.10.0-327.28.2.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-327.28.2.el7.ppc64.rpm

ppc64le:
kernel-3.10.0-327.28.2.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-327.28.2.el7.ppc64le.rpm
kernel-debug-3.10.0-327.28.2.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-327.28.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-327.28.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-327.28.2.el7.ppc64le.rpm
kernel-devel-3.10.0-327.28.2.el7.ppc64le.rpm
kernel-headers-3.10.0-327.28.2.el7.ppc64le.rpm
kernel-tools-3.10.0-327.28.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-327.28.2.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-327.28.2.el7.ppc64le.rpm
perf-3.10.0-327.28.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-327.28.2.el7.ppc64le.rpm
python-perf-3.10.0-327.28.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-327.28.2.el7.ppc64le.rpm

s390x:
kernel-3.10.0-327.28.2.el7.s390x.rpm
kernel-debug-3.10.0-327.28.2.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-327.28.2.el7.s390x.rpm
kernel-debug-devel-3.10.0-327.28.2.el7.s390x.rpm
kernel-debuginfo-3.10.0-327.28.2.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-327.28.2.el7.s390x.rpm
kernel-devel-3.10.0-327.28.2.el7.s390x.rpm
kernel-headers-3.10.0-327.28.2.el7.s390x.rpm
kernel-kdump-3.10.0-327.28.2.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-327.28.2.el7.s390x.rpm
kernel-kdump-devel-3.10.0-327.28.2.el7.s390x.rpm
perf-3.10.0-327.28.2.el7.s390x.rpm
perf-debuginfo-3.10.0-327.28.2.el7.s390x.rpm
python-perf-3.10.0-327.28.2.el7.s390x.rpm
python-perf-debuginfo-3.10.0-327.28.2.el7.s390x.rpm

x86_64:
kernel-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debug-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.28.2.el7.x86_64.rpm
kernel-devel-3.10.0-327.28.2.el7.x86_64.rpm
kernel-headers-3.10.0-327.28.2.el7.x86_64.rpm
kernel-tools-3.10.0-327.28.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-327.28.2.el7.x86_64.rpm
perf-3.10.0-327.28.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
python-perf-3.10.0-327.28.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
kernel-debug-debuginfo-3.10.0-327.28.2.el7.ppc64.rpm
kernel-debuginfo-3.10.0-327.28.2.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-327.28.2.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-327.28.2.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-327.28.2.el7.ppc64.rpm
perf-debuginfo-3.10.0-327.28.2.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-327.28.2.el7.ppc64.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-327.28.2.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-327.28.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-327.28.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-327.28.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-327.28.2.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-327.28.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-327.28.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-327.28.2.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.28.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-327.28.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
kernel-3.10.0-327.28.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-327.28.2.el7.noarch.rpm
kernel-doc-3.10.0-327.28.2.el7.noarch.rpm

x86_64:
kernel-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debug-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.28.2.el7.x86_64.rpm
kernel-devel-3.10.0-327.28.2.el7.x86_64.rpm
kernel-headers-3.10.0-327.28.2.el7.x86_64.rpm
kernel-tools-3.10.0-327.28.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-327.28.2.el7.x86_64.rpm
perf-3.10.0-327.28.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
python-perf-3.10.0-327.28.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.28.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-327.28.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.28.2.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-8660
https://access.redhat.com/security/cve/CVE-2016-2143
https://access.redhat.com/security/cve/CVE-2016-4470
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/articles/2460971

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFXoR0TXlSAg2UNWIIRAvjnAJsHgdzb+uIGBU2qFbo1WViyZ3Q+mgCeMSct
rYt7kZ6fTSk+GeFuP7S+jrM=
=A2Lp
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update
Advisory ID:       RHSA-2016:1541-03
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2016-1541.html
Issue date:        2016-08-02
CVE Names:         CVE-2015-8660 CVE-2016-4470 
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Realtime (v. 7) - noarch, x86_64
Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

* A flaw was found in the Linux kernel's keyring handling code, where in
key_reject_and_link() an uninitialised variable would eventually lead to
arbitrary free address which could allow attacker to use a use-after-free
style attack. (CVE-2016-4470, Important)

* The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel
through 4.3.3 attempts to merge distinct setattr operations, which allows
local users to bypass intended access restrictions and modify the
attributes of arbitrary overlay files via a crafted application.
(CVE-2015-8660, Moderate)

Red Hat would like to thank Nathan Williams for reporting CVE-2015-8660.
The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).

The kernel-rt packages have been upgraded to the kernel-3.10.0-327.28.2.el7
source tree, which provides a number of bug fixes over the previous
version. (BZ#1350307)

This update also fixes the following bugs:

* Previously, use of the get/put_cpu_var() function in function
refill_stock() from the memcontrol cgroup code lead to a "scheduling while
atomic" warning. With this update, refill_stock() uses the
get/put_cpu_light() function instead, and the warnings no longer appear.
(BZ#1347171)

* Prior to this update, if a real time task pinned to a given CPU was
taking 100% of the CPU time, then calls to the lru_add_drain_all() function
on other CPUs blocked for an undetermined amount of time. This caused
latencies and undesired side effects. With this update, lru_add_drain_all()
has been changed to drain the LRU pagevecs of remote CPUs. (BZ#1348523)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1291329 - CVE-2015-8660 kernel: Permission bypass on overlayfs during copy_up
1341716 - CVE-2016-4470 kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path
1350307 - kernel-rt: update to the RHEL7.2.z batch#6 source tree

6. Package List:

Red Hat Enterprise Linux for Real Time for NFV (v. 7):

Source:
kernel-rt-3.10.0-327.28.2.rt56.234.el7_2.src.rpm

noarch:
kernel-rt-doc-3.10.0-327.28.2.rt56.234.el7_2.noarch.rpm

x86_64:
kernel-rt-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-debug-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-debug-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-debug-kvm-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-kvm-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-kvm-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-trace-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-trace-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-trace-kvm-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-trace-kvm-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm

Red Hat Enterprise Linux Realtime (v. 7):

Source:
kernel-rt-3.10.0-327.28.2.rt56.234.el7_2.src.rpm

noarch:
kernel-rt-doc-3.10.0-327.28.2.rt56.234.el7_2.noarch.rpm

x86_64:
kernel-rt-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-debug-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-debug-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-trace-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm
kernel-rt-trace-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-8660
https://access.redhat.com/security/cve/CVE-2016-4470
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFXoR1NXlSAg2UNWIIRAv2rAJ99Z36Rv+mlJM1WHCh3JqGj+CVlGQCfdSWu
+/cXUfSAuXQH5IYYM68A7K8=
=L9Ma
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBV6E5R4x+lLeg9Ub1AQjI7Q/+MWGQbVPukRCRKhsbP9IdL7YwRPzpJkNU
SkciQuii7HTNIpf/H/wbgt8mqF6yz7HeJIvB7h3yZbmdOqRT0aNicbpJikyG8wwB
rOCjeNREJzmEcyPZgqzwtnPSR6ahlagk8IiJQkqcna8oyvr9fLc9QkQMpDRvHFUn
tEftw2s6uxBEM4UfkhB1THgejapj4Km23mVgSFwKvHzsvs+ftxdY/LgaZdyPYize
eH36kSdJIp//YIHiz7cOJFe132sH9X5vU8aW4qbxO7Pgncel414bVjVUIHrkMsBk
O4NFLX4kYBUrwaWARqdojHm+wAqoMoYAn0xcFfIuiGuM+KICuPDrHdYIM0PJeEsB
iXvrMPUGA9FloK5fL4GAzBLTHCUJOUMGrLugf6l4RrADyb/t8W8/dpUKsmSwMqzs
vwPxVI8209mSQLQU4QhhWCBosOX7jJOOzGMu/Ei8RHlbMnCbfoAfskEqmLN6fmsx
mBRvJ5jgHGW+MVyFrancXyzXwOccmISG1ZqriNW87qlG1LB5FuVt++OQhMHRx6Rt
TqKKZT22pNYWBmc2WwqyeSlfFSWdvnHax8O0tcjf/Rf1Mh2gsYDpnOLDZ/u5eFYz
P4AMFHJ9n2NB1x9lFygsjhai1j2LAKP8vW6QfHHe65eeEqakuEyZLc8q5at7F/AB
I93RHN2ns8w=
=xWxS
-----END PGP SIGNATURE-----