First published: Tue Aug 01 2017(Updated: )
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.<br>Security Fix(es):<br><li> An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. (CVE-2016-10200, Important)</li> <li> A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges. (CVE-2017-2647, Important)</li> <li> It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service. (CVE-2017-8797, Important)</li> This update also fixes multiple Moderate and Low impact security issues:<br><li> CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242, CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685</li> Documentation for these issues is available from the Release Notes document linked from the References section.<br>Red Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin (Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi for reporting CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for reporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-6213 and CVE-2016-9685 issues were discovered by Qian Cai (Red Hat); and the CVE-2016-9604 issue was discovered by David Howells (Red Hat).<br>Additional Changes:<br>For detailed information on other changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <3.10.0-693.rt56.617.el7 | 3.10.0-693.rt56.617.el7 |
redhat/kernel-rt | <3.10.0-693.rt56.617.el7 | 3.10.0-693.rt56.617.el7 |
redhat/kernel-rt-debug | <3.10.0-693.rt56.617.el7 | 3.10.0-693.rt56.617.el7 |
redhat/kernel-rt-debug-debuginfo | <3.10.0-693.rt56.617.el7 | 3.10.0-693.rt56.617.el7 |
redhat/kernel-rt-debug-devel | <3.10.0-693.rt56.617.el7 | 3.10.0-693.rt56.617.el7 |
redhat/kernel-rt-debuginfo | <3.10.0-693.rt56.617.el7 | 3.10.0-693.rt56.617.el7 |
redhat/kernel-rt-devel | <3.10.0-693.rt56.617.el7 | 3.10.0-693.rt56.617.el7 |
redhat/kernel-rt-doc | <3.10.0-693.rt56.617.el7 | 3.10.0-693.rt56.617.el7 |
redhat/kernel-rt-trace | <3.10.0-693.rt56.617.el7 | 3.10.0-693.rt56.617.el7 |
redhat/kernel-rt-trace-debuginfo | <3.10.0-693.rt56.617.el7 | 3.10.0-693.rt56.617.el7 |
redhat/kernel-rt-trace-devel | <3.10.0-693.rt56.617.el7 | 3.10.0-693.rt56.617.el7 |
redhat/kernel-rt-debug-kvm | <3.10.0-693.rt56.617.el7 | 3.10.0-693.rt56.617.el7 |
redhat/kernel-rt-debug-kvm-debuginfo | <3.10.0-693.rt56.617.el7 | 3.10.0-693.rt56.617.el7 |
redhat/kernel-rt-kvm | <3.10.0-693.rt56.617.el7 | 3.10.0-693.rt56.617.el7 |
redhat/kernel-rt-kvm-debuginfo | <3.10.0-693.rt56.617.el7 | 3.10.0-693.rt56.617.el7 |
redhat/kernel-rt-trace-kvm | <3.10.0-693.rt56.617.el7 | 3.10.0-693.rt56.617.el7 |
redhat/kernel-rt-trace-kvm-debuginfo | <3.10.0-693.rt56.617.el7 | 3.10.0-693.rt56.617.el7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.