RHSA-2016:1225: Important: kernel security and bug fix update
First published: Tue Jun 14 2016(Updated: )
The kernel packages contain the Linux kernel, the core of any Linux operating system.<br>Security Fix(es):<br><li> Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important)</li> Bug Fix(es):<br><li> At a process or thread exit, when the Linux kernel undoes any SysV semaphore operations done previously (ones done using semop with the SEM_UNDO flag), there was a possible race condition with another process or thread removing the same semaphore set where the operations occurred, leading to a possible use of in-kernel-freed memory and then to possible unpredictable behavior. This bug could be noticed with software which uses IPC SysV semaphores, such as IBM DB2, which could in certain cases have some of its processes or utilities get incorrectly stalled in an IPC semaphore operation or system call after the race condition happened. A patch has been provided to fix this bug, and the kernel now behaves as expected in the aforementioned scenario. (BZ#1326343)</li>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <2.6.32-431.72.1.el6 | 2.6.32-431.72.1.el6 |
| redhat/kernel | <2.6.32-431.72.1.el6 | 2.6.32-431.72.1.el6 |
| redhat/kernel-abi-whitelists | <2.6.32-431.72.1.el6 | 2.6.32-431.72.1.el6 |
| redhat/kernel-debug | <2.6.32-431.72.1.el6 | 2.6.32-431.72.1.el6 |
| redhat/kernel-debug-debuginfo | <2.6.32-431.72.1.el6 | 2.6.32-431.72.1.el6 |
| redhat/kernel-debug-devel | <2.6.32-431.72.1.el6 | 2.6.32-431.72.1.el6 |
| redhat/kernel-debuginfo | <2.6.32-431.72.1.el6 | 2.6.32-431.72.1.el6 |
| redhat/kernel-devel | <2.6.32-431.72.1.el6 | 2.6.32-431.72.1.el6 |
| redhat/kernel-doc | <2.6.32-431.72.1.el6 | 2.6.32-431.72.1.el6 |
| redhat/kernel-firmware | <2.6.32-431.72.1.el6 | 2.6.32-431.72.1.el6 |
| redhat/kernel-headers | <2.6.32-431.72.1.el6 | 2.6.32-431.72.1.el6 |
| redhat/perf | <2.6.32-431.72.1.el6 | 2.6.32-431.72.1.el6 |
| redhat/perf-debuginfo | <2.6.32-431.72.1.el6 | 2.6.32-431.72.1.el6 |
| redhat/python-perf | <2.6.32-431.72.1.el6 | 2.6.32-431.72.1.el6 |
| redhat/python-perf-debuginfo | <2.6.32-431.72.1.el6 | 2.6.32-431.72.1.el6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of RHSA-2016:1225?
The severity of RHSA-2016:1225 is considered high due to potential remote exploitation of the vulnerabilities.
How do I fix RHSA-2016:1225?
To fix RHSA-2016:1225, you should update the kernel packages to version 2.6.32-431.72.1.el6 or later.
What are the vulnerabilities addressed in RHSA-2016:1225?
RHSA-2016:1225 addresses flaws in the Linux kernel's networking implementation that handle UDP packets with incorrect checksum values.
What affected software is listed in RHSA-2016:1225?
Affected software in RHSA-2016:1225 includes various Red Hat kernel packages like kernel, kernel-debug, and kernel-devel among others.
Is there a workaround for RHSA-2016:1225?
There is no specific workaround mentioned for RHSA-2016:1225, and applying the recommended updates is the best approach.
- agent/severity
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/title
- agent/weakness
- agent/remedy
- agent/references
- agent/tags
- agent/description
- agent/event
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2016:1225
- agent/software-canonical-lookup
- package-manager/redhat