RHSA-2015:2587: Important: kernel security, bug fix, and enhancement update

First published: Wed Dec 09 2015(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br><li> A flaw was found in the way the Linux kernel's file system implementation</li> handled rename operations in which the source was inside and the<br>destination was outside of a bind mount. A privileged user inside a<br>container could use this flaw to escape the bind mount and, potentially,<br>escalate their privileges on the system. (CVE-2015-2925, Important)<br><li> It was found that the x86 ISA (Instruction Set Architecture) is prone to</li> a denial of service attack inside a virtualized environment in the form of<br>an infinite loop in the microcode due to the way (sequential) delivering of<br>benign exceptions such as #AC (alignment check exception) is handled.<br>A privileged user inside a guest could use this flaw to create denial of<br>service conditions on the host kernel. (CVE-2015-5307, Important)<br><li> A race condition flaw was found in the way the Linux kernel's IPC</li> subsystem initialized certain fields in an IPC object structure that were<br>later used for permission checking before inserting the object into a<br>globally visible list. A local, unprivileged user could potentially use<br>this flaw to elevate their privileges on the system. (CVE-2015-7613,<br>Important)<br>Red Hat would like to thank Ben Serebrin of Google Inc. for reporting the<br>CVE-2015-5307 issue.<br>This update also fixes the following bugs and adds one enhancement:<br><li> When setting up an ESP IPsec connection, the aes_ctr algorithm did not</li> work for ESP on a Power little endian VM host. As a consequence, a kernel<br>error was previously returned and the connection failed to be established.<br>A set of patches has been provided to fix this bug, and aes_ctr works for<br>ESP in the described situation as expected. (BZ#1247127)<br><li> The redistribute3() function distributed entries across 3 nodes. However,</li> some entries were moved an incorrect way, breaking the ordering. As a<br>result, BUG() in the dm-btree-remove.c:shift() function occurred when<br>entries were removed from the btree. A patch has been provided to fix this<br>bug, and redistribute3() now works as expected. (BZ#1263945)<br><li> When booting an mpt2sas adapter in a huge DDW enabled slot on Power, the</li> kernel previously generated a warning followed by a call trace.<br>The provided patch set enhances the Power kernel to be able to support<br>IOMMU as a fallback for the cases where the coherent mask of the device is<br>not suitable for direct DMA. As a result, neither the warning nor the call<br>trace occur in this scenario. (BZ#1267133)<br><li> If the client mounted /exports and tried to execute the "chown -R"</li> command across the entire mountpoint, a warning about a circular directory<br>structure was previously returned because mount points all had the same<br>inode number. A set of patches has been provided to fix this bug, and mount<br>points are now assigned with unique inode numbers as expected. (BZ#1273239)<br><li> Due to a validation error of in-kernel MMIO tracing, a VM became</li> previously unresponsive when connected to Red Hat Enterprise Virtualization<br>Hypervisor. The provided patch fixes this bug by dropping the check in MMIO<br>handler, and a VM continues running as expected. (BZ#1275149)<br><li> The NFS client could previously fail to send a CLOSE operation if the</li> file was opened with O_WRONLY and the server restarted after the OPEN.<br>Consequently, the server appeared in a state that could block other NFS<br>operations from completing. The client's state flags have been modified to<br>catch this condition and correctly CLOSE the file. (BZ#1275298)<br><li> This update sets multicast filters for multicast packets when the</li> interface is not in promiscuous mode. This change has an impact on the RAR<br>usage such that SR-IOV has some RARs reserved for its own usage as well.<br>(BZ#1265091)<br>All kernel users are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues and add this<br>enhancement. The system must be rebooted for this update to take effect.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2015:2587
• agent/title
• agent/weakness
• agent/severity
• agent/references
• agent/description
• agent/type
• agent/event
• agent/remedy
• agent/last-modified-date
• agent/softwarecombine
• agent/first-publish-date
• agent/tags
• package-manager/redhat