Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[RHSA-2016:1033-01] Important: kernel security and bug fix update

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

=====================================================================

Red Hat Security Advisory

 

Synopsis: Important: kernel security and bug fix update

Advisory ID: RHSA-2016:1033-01

Product: Red Hat Enterprise Linux

Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1033.html

Issue date: 2016-05-12

CVE Names: CVE-2016-0758

=====================================================================

 

1. Summary:

 

An update for kernel is now available for Red Hat Enterprise Linux 7.

 

Red Hat Product Security has rated this update as having a security impact

of Important. A Common Vulnerability Scoring System (CVSS) base score,

which gives a detailed severity rating, is available for each vulnerability

from the CVE link(s) in the References section.

 

2. Relevant releases/architectures:

 

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64

Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64

Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64

Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64

Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

 

3. Description:

 

The kernel packages contain the Linux kernel, the core of any Linux

operating system.

 

Security Fix(es):

 

* A flaw was found in the way the Linux kernel's ASN.1 DER decoder

processed certain certificate files with tags of indefinite length. A

local, unprivileged user could use a specially crafted X.509 certificate

DER file to crash the system or, potentially, escalate their privileges on

the system. (CVE-2016-0758, Important)

 

Red Hat would like to thank Philip Pettersson of Samsung for reporting this

issue.

 

Bug Fix(es):

 

* Under certain conditions, the migration threads could race with the CPU

hotplug, which could cause a deadlock. A set of patches has been provided

to fix this bug, and the deadlock no longer occurs in the system.

(BZ#1299338)

 

* A bug in the code that cleans up revoked delegations could previously

cause a soft lockup in the NFS server. This patch fixes the underlying

source code, so the lockup no longer occurs. (BZ#1311582)

 

* The second attempt to reload Common Application Programming Interface

(CAPI) devices on the little-endian variant of IBM Power Systems previously

failed. The provided set of patches fixes this bug, and reloading works as

intended. (BZ#1312396)

 

* Due to inconsistencies in page size of IOMMU, the NVMe device, and the

kernel, the BUG_ON signal previously occurred in the nvme_setup_prps()

function, leading to the system crash while setting up the DMA transfer.

The provided patch sets the default NVMe page size to 4k, thus preventing

the system crash. (BZ#1312399)

 

* Previously, on a system using the Infiniband mlx5 driver used for the SRP

stack, a hard lockup previously occurred after the kernel exceeded time

with lock held with interrupts blocked. As a consequence, the system

panicked. This update fixes this bug, and the system no longer panics in

this situation. (BZ#1313814)

 

* On the little-endian variant of IBM Power Systems, the kernel previously

crashed in the bitmap_weight() function while running the memory affinity

script. The provided patch fortifies the topology setup and prevents

sd->child from being set to NULL when it is already NULL. As a result, the

memory affinity script runs successfully. (BZ#1316158)

 

* When a KVM guest wrote random values to the special-purpose registers

(SPR) Instruction Authority Mask Register (IAMR), the guest and the

corresponding QEMU process previously hung. This update adds the code which

sets SPRs to a suitable neutral value on guest exit, thus fixing this bug.

(BZ#1316636)

 

* Under heavy iSCSI traffic load, the system previously panicked due to a

race in the locking code leading to a list corruption. This update fixes

this bug, and the system no longer panics in this situation. (BZ#1316812)

 

* During SCSI exception handling (triggered by some irregularities), the

driver could previously use an already retired SCSI command. As a

consequence, a kernel panic or data corruption occurred. The provided

patches fix this bug, and exception handling now proceeds successfully.

(BZ#1316820)

 

* When the previously opened /dev/tty, which pointed to a pseudo terminal

(pty) pair, was the last file closed, a kernel crash could previously

occur. The underlying source code has been fixed, preventing this bug.

(BZ#1320297)

 

* Previously, when using VPLEX and FCoE via the bnx2fc driver, different

degrees of data corruption occurred. The provided patch fixes the FCP

Response (RSP) residual parsing in bnx2fc, which prevents the

aforementioned corruption. (BZ#1322279)

 

4. Solution:

 

For details on how to apply this update, which includes the changes

described in this advisory, refer to:

 

https://access.redhat.com/articles/11258

 

The system must be rebooted for this update to take effect.

 

5. Bugs fixed (https://bugzilla.redhat.com/):

 

1300257 - CVE-2016-0758 kernel: tags with indefinite length can corrupt pointers in asn1_find_indefinite_length()

 

6. Package List:

 

Red Hat Enterprise Linux Client (v. 7):

 

Source:

kernel-3.10.0-327.18.2.el7.src.rpm

 

noarch:

kernel-abi-whitelists-3.10.0-327.18.2.el7.noarch.rpm

kernel-doc-3.10.0-327.18.2.el7.noarch.rpm

 

x86_64:

kernel-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debug-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debug-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debug-devel-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debuginfo-common-x86_64-3.10.0-327.18.2.el7.x86_64.rpm

kernel-devel-3.10.0-327.18.2.el7.x86_64.rpm

kernel-headers-3.10.0-327.18.2.el7.x86_64.rpm

kernel-tools-3.10.0-327.18.2.el7.x86_64.rpm

kernel-tools-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-tools-libs-3.10.0-327.18.2.el7.x86_64.rpm

perf-3.10.0-327.18.2.el7.x86_64.rpm

perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

python-perf-3.10.0-327.18.2.el7.x86_64.rpm

python-perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

 

Red Hat Enterprise Linux Client Optional (v. 7):

 

x86_64:

kernel-debug-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debuginfo-common-x86_64-3.10.0-327.18.2.el7.x86_64.rpm

kernel-tools-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-tools-libs-devel-3.10.0-327.18.2.el7.x86_64.rpm

perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

python-perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

 

Red Hat Enterprise Linux ComputeNode (v. 7):

 

Source:

kernel-3.10.0-327.18.2.el7.src.rpm

 

noarch:

kernel-abi-whitelists-3.10.0-327.18.2.el7.noarch.rpm

kernel-doc-3.10.0-327.18.2.el7.noarch.rpm

 

x86_64:

kernel-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debug-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debug-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debug-devel-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debuginfo-common-x86_64-3.10.0-327.18.2.el7.x86_64.rpm

kernel-devel-3.10.0-327.18.2.el7.x86_64.rpm

kernel-headers-3.10.0-327.18.2.el7.x86_64.rpm

kernel-tools-3.10.0-327.18.2.el7.x86_64.rpm

kernel-tools-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-tools-libs-3.10.0-327.18.2.el7.x86_64.rpm

perf-3.10.0-327.18.2.el7.x86_64.rpm

perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

python-perf-3.10.0-327.18.2.el7.x86_64.rpm

python-perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

 

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

 

x86_64:

kernel-debug-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debuginfo-common-x86_64-3.10.0-327.18.2.el7.x86_64.rpm

kernel-tools-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-tools-libs-devel-3.10.0-327.18.2.el7.x86_64.rpm

perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

python-perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

 

Red Hat Enterprise Linux Server (v. 7):

 

Source:

kernel-3.10.0-327.18.2.el7.src.rpm

 

noarch:

kernel-abi-whitelists-3.10.0-327.18.2.el7.noarch.rpm

kernel-doc-3.10.0-327.18.2.el7.noarch.rpm

 

ppc64:

kernel-3.10.0-327.18.2.el7.ppc64.rpm

kernel-bootwrapper-3.10.0-327.18.2.el7.ppc64.rpm

kernel-debug-3.10.0-327.18.2.el7.ppc64.rpm

kernel-debug-debuginfo-3.10.0-327.18.2.el7.ppc64.rpm

kernel-debug-devel-3.10.0-327.18.2.el7.ppc64.rpm

kernel-debuginfo-3.10.0-327.18.2.el7.ppc64.rpm

kernel-debuginfo-common-ppc64-3.10.0-327.18.2.el7.ppc64.rpm

kernel-devel-3.10.0-327.18.2.el7.ppc64.rpm

kernel-headers-3.10.0-327.18.2.el7.ppc64.rpm

kernel-tools-3.10.0-327.18.2.el7.ppc64.rpm

kernel-tools-debuginfo-3.10.0-327.18.2.el7.ppc64.rpm

kernel-tools-libs-3.10.0-327.18.2.el7.ppc64.rpm

perf-3.10.0-327.18.2.el7.ppc64.rpm

perf-debuginfo-3.10.0-327.18.2.el7.ppc64.rpm

python-perf-3.10.0-327.18.2.el7.ppc64.rpm

python-perf-debuginfo-3.10.0-327.18.2.el7.ppc64.rpm

 

ppc64le:

kernel-3.10.0-327.18.2.el7.ppc64le.rpm

kernel-bootwrapper-3.10.0-327.18.2.el7.ppc64le.rpm

kernel-debug-3.10.0-327.18.2.el7.ppc64le.rpm

kernel-debug-debuginfo-3.10.0-327.18.2.el7.ppc64le.rpm

kernel-debuginfo-3.10.0-327.18.2.el7.ppc64le.rpm

kernel-debuginfo-common-ppc64le-3.10.0-327.18.2.el7.ppc64le.rpm

kernel-devel-3.10.0-327.18.2.el7.ppc64le.rpm

kernel-headers-3.10.0-327.18.2.el7.ppc64le.rpm

kernel-tools-3.10.0-327.18.2.el7.ppc64le.rpm

kernel-tools-debuginfo-3.10.0-327.18.2.el7.ppc64le.rpm

kernel-tools-libs-3.10.0-327.18.2.el7.ppc64le.rpm

perf-3.10.0-327.18.2.el7.ppc64le.rpm

perf-debuginfo-3.10.0-327.18.2.el7.ppc64le.rpm

python-perf-3.10.0-327.18.2.el7.ppc64le.rpm

python-perf-debuginfo-3.10.0-327.18.2.el7.ppc64le.rpm

 

s390x:

kernel-3.10.0-327.18.2.el7.s390x.rpm

kernel-debug-3.10.0-327.18.2.el7.s390x.rpm

kernel-debug-debuginfo-3.10.0-327.18.2.el7.s390x.rpm

kernel-debug-devel-3.10.0-327.18.2.el7.s390x.rpm

kernel-debuginfo-3.10.0-327.18.2.el7.s390x.rpm

kernel-debuginfo-common-s390x-3.10.0-327.18.2.el7.s390x.rpm

kernel-devel-3.10.0-327.18.2.el7.s390x.rpm

kernel-headers-3.10.0-327.18.2.el7.s390x.rpm

kernel-kdump-3.10.0-327.18.2.el7.s390x.rpm

kernel-kdump-debuginfo-3.10.0-327.18.2.el7.s390x.rpm

kernel-kdump-devel-3.10.0-327.18.2.el7.s390x.rpm

perf-3.10.0-327.18.2.el7.s390x.rpm

perf-debuginfo-3.10.0-327.18.2.el7.s390x.rpm

python-perf-3.10.0-327.18.2.el7.s390x.rpm

python-perf-debuginfo-3.10.0-327.18.2.el7.s390x.rpm

 

x86_64:

kernel-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debug-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debug-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debug-devel-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debuginfo-common-x86_64-3.10.0-327.18.2.el7.x86_64.rpm

kernel-devel-3.10.0-327.18.2.el7.x86_64.rpm

kernel-headers-3.10.0-327.18.2.el7.x86_64.rpm

kernel-tools-3.10.0-327.18.2.el7.x86_64.rpm

kernel-tools-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-tools-libs-3.10.0-327.18.2.el7.x86_64.rpm

perf-3.10.0-327.18.2.el7.x86_64.rpm

perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

python-perf-3.10.0-327.18.2.el7.x86_64.rpm

python-perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

 

Red Hat Enterprise Linux Server Optional (v. 7):

 

ppc64:

kernel-debug-debuginfo-3.10.0-327.18.2.el7.ppc64.rpm

kernel-debuginfo-3.10.0-327.18.2.el7.ppc64.rpm

kernel-debuginfo-common-ppc64-3.10.0-327.18.2.el7.ppc64.rpm

kernel-tools-debuginfo-3.10.0-327.18.2.el7.ppc64.rpm

kernel-tools-libs-devel-3.10.0-327.18.2.el7.ppc64.rpm

perf-debuginfo-3.10.0-327.18.2.el7.ppc64.rpm

python-perf-debuginfo-3.10.0-327.18.2.el7.ppc64.rpm

 

ppc64le:

kernel-debug-debuginfo-3.10.0-327.18.2.el7.ppc64le.rpm

kernel-debug-devel-3.10.0-327.18.2.el7.ppc64le.rpm

kernel-debuginfo-3.10.0-327.18.2.el7.ppc64le.rpm

kernel-debuginfo-common-ppc64le-3.10.0-327.18.2.el7.ppc64le.rpm

kernel-tools-debuginfo-3.10.0-327.18.2.el7.ppc64le.rpm

kernel-tools-libs-devel-3.10.0-327.18.2.el7.ppc64le.rpm

perf-debuginfo-3.10.0-327.18.2.el7.ppc64le.rpm

python-perf-debuginfo-3.10.0-327.18.2.el7.ppc64le.rpm

 

x86_64:

kernel-debug-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debuginfo-common-x86_64-3.10.0-327.18.2.el7.x86_64.rpm

kernel-tools-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-tools-libs-devel-3.10.0-327.18.2.el7.x86_64.rpm

perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

python-perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

 

Red Hat Enterprise Linux Workstation (v. 7):

 

Source:

kernel-3.10.0-327.18.2.el7.src.rpm

 

noarch:

kernel-abi-whitelists-3.10.0-327.18.2.el7.noarch.rpm

kernel-doc-3.10.0-327.18.2.el7.noarch.rpm

 

x86_64:

kernel-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debug-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debug-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debug-devel-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debuginfo-common-x86_64-3.10.0-327.18.2.el7.x86_64.rpm

kernel-devel-3.10.0-327.18.2.el7.x86_64.rpm

kernel-headers-3.10.0-327.18.2.el7.x86_64.rpm

kernel-tools-3.10.0-327.18.2.el7.x86_64.rpm

kernel-tools-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-tools-libs-3.10.0-327.18.2.el7.x86_64.rpm

perf-3.10.0-327.18.2.el7.x86_64.rpm

perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

python-perf-3.10.0-327.18.2.el7.x86_64.rpm

python-perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

 

Red Hat Enterprise Linux Workstation Optional (v. 7):

 

x86_64:

kernel-debug-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-debuginfo-common-x86_64-3.10.0-327.18.2.el7.x86_64.rpm

kernel-tools-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

kernel-tools-libs-devel-3.10.0-327.18.2.el7.x86_64.rpm

perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

python-perf-debuginfo-3.10.0-327.18.2.el7.x86_64.rpm

 

These packages are GPG signed by Red Hat for security. Our key and

details on how to verify the signature are available from

https://access.redhat.com/security/team/key/

 

7. References:

 

https://access.redhat.com/security/cve/CVE-2016-0758

https://access.redhat.com/security/updates/classification/#important

 

8. Contact:

 

The Red Hat security contact is . More contact

details at https://access.redhat.com/security/team/contact/

 

Copyright 2016 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1

 

iD8DBQFXNFcgXlSAg2UNWIIRAvt9AJ0fBllps1r1hDISfd2cZNny3Ks8MACfYYKN

x3KiAlc6BOBfnnwkrsnheNY=

=2l9y

-----END PGP SIGNATURE-----

 

 

--

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×