What is the severity of RHSA-2017:0293?

The severity of RHSA-2017:0293 is classified as important due to a use-after-free vulnerability in the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation.

How do I fix RHSA-2017:0293?

To fix RHSA-2017:0293, update your Linux kernel to version 2.6.32-642.13.2.el6 or later.

What packages are affected by RHSA-2017:0293?

Affected packages include kernel, kernel-debug, kernel-devel, and several kernel-debugging related packages in the specified versions.

What is a use-after-free vulnerability in RHSA-2017:0293?

A use-after-free vulnerability occurs when a program continues to use a memory resource after it has been freed, which can lead to unpredictable behavior or exploitation.

Is RHSA-2017:0293 applicable to all Linux distributions?

No, RHSA-2017:0293 specifically applies to Red Hat Enterprise Linux systems running the affected kernel versions.

Vulnerability/
RHSA-2017:0293

CWE

416

22/2/2017

RHSA-2017:0293: Important: kernel security update

First published: Wed Feb 22 2017(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux operating system.<br>Security Fix(es):<br><li> A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074, Important)</li>

Affected Software	Affected Version	How to fix
redhat/kernel	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/kernel	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/kernel-abi-whitelists	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/kernel-debug	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/kernel-debug-debuginfo	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/kernel-debug-debuginfo	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/kernel-debug-devel	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/kernel-debug-devel	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/kernel-debuginfo	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/kernel-debuginfo	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/kernel-debuginfo-common-i686	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/kernel-devel	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/kernel-doc	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/kernel-firmware	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/kernel-headers	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/perf	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/perf-debuginfo	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/perf-debuginfo	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/python-perf	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/python-perf-debuginfo	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/python-perf-debuginfo	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/kernel-debug	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/kernel-devel	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/kernel-headers	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/perf	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/python-perf	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/kernel-debuginfo-common-s390x	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/kernel-kdump	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/kernel-kdump-debuginfo	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/kernel-kdump-devel	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/kernel-bootwrapper	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6
redhat/kernel-debuginfo-common-ppc64	<2.6.32-642.13.2.el6	2.6.32-642.13.2.el6

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2017:0293?
The severity of RHSA-2017:0293 is classified as important due to a use-after-free vulnerability in the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation.
How do I fix RHSA-2017:0293?
To fix RHSA-2017:0293, update your Linux kernel to version 2.6.32-642.13.2.el6 or later.
What packages are affected by RHSA-2017:0293?
Affected packages include kernel, kernel-debug, kernel-devel, and several kernel-debugging related packages in the specified versions.
What is a use-after-free vulnerability in RHSA-2017:0293?
A use-after-free vulnerability occurs when a program continues to use a memory resource after it has been freed, which can lead to unpredictable behavior or exploitation.
Is RHSA-2017:0293 applicable to all Linux distributions?
No, RHSA-2017:0293 specifically applies to Red Hat Enterprise Linux systems running the affected kernel versions.

collector/redhat-errata
anchor-id/RHSA-2017:0293
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
agent/weakness
package-manager/redhat