First published: Wed Mar 01 2017(Updated: )
The kernel packages contain the Linux kernel, the core of any Linux operating system.<br>Security Fix(es):<br><li> A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074, Important)</li> Red Hat would like to thank Andrey Konovalov (Google) for reporting this issue.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel | <2.6.32-220.70.1.el6 | 2.6.32-220.70.1.el6 |
redhat/kernel | <2.6.32-220.70.1.el6 | 2.6.32-220.70.1.el6 |
redhat/kernel-debug | <2.6.32-220.70.1.el6 | 2.6.32-220.70.1.el6 |
redhat/kernel-debug-debuginfo | <2.6.32-220.70.1.el6 | 2.6.32-220.70.1.el6 |
redhat/kernel-debug-devel | <2.6.32-220.70.1.el6 | 2.6.32-220.70.1.el6 |
redhat/kernel-debuginfo | <2.6.32-220.70.1.el6 | 2.6.32-220.70.1.el6 |
redhat/kernel-devel | <2.6.32-220.70.1.el6 | 2.6.32-220.70.1.el6 |
redhat/kernel-doc | <2.6.32-220.70.1.el6 | 2.6.32-220.70.1.el6 |
redhat/kernel-firmware | <2.6.32-220.70.1.el6 | 2.6.32-220.70.1.el6 |
redhat/kernel-headers | <2.6.32-220.70.1.el6 | 2.6.32-220.70.1.el6 |
redhat/perf | <2.6.32-220.70.1.el6 | 2.6.32-220.70.1.el6 |
redhat/perf-debuginfo | <2.6.32-220.70.1.el6 | 2.6.32-220.70.1.el6 |
redhat/python-perf | <2.6.32-220.70.1.el6 | 2.6.32-220.70.1.el6 |
redhat/python-perf-debuginfo | <2.6.32-220.70.1.el6 | 2.6.32-220.70.1.el6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.