Lucene search

K
centosCentOS ProjectCESA-2016:1633
HistoryAug 20, 2016 - 2:00 a.m.

kernel, perf, python security update

2016-08-2002:00:21
CentOS Project
lists.centos.org
68

0.004 Low

EPSS

Percentile

74.9%

CentOS Errata and Security Advisory CESA-2016:1633

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

It was found that the RFC 5961 challenge ACK rate limiting as implemented
in the Linux kernel’s networking subsystem allowed an off-path attacker to
leak certain information about a given connection by creating congestion on
the global challenge ACK rate limit counter and then measuring the changes
by probing packets. An off-path attacker could use this flaw to either
terminate TCP connection and/or inject payload into non-secured TCP
connection between two endpoints on the network. (CVE-2016-5696, Important)

Red Hat would like to thank Yue Cao from Cyber Security Group in the CS department of University of California, Riverside, for reporting this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2016-August/084202.html

Affected packages:
kernel
kernel-abi-whitelists
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-headers
kernel-tools
kernel-tools-libs
kernel-tools-libs-devel
perf
python-perf

Upstream details at:
https://access.redhat.com/errata/RHSA-2016:1633