The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
A flaw was found in the way certain interfaces of the Linux kernel’s Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system. (CVE-2016-4565, Important)
It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel’s networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network. (CVE-2016-5696, Important)
Red Hat would like to thank Jann Horn for reporting CVE-2016-4565 and Yue Cao (Cyber Security Group of the CS department of University of California in Riverside) for reporting CVE-2016-5696.
Bug Fix(es):
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | x86_64 | kernel-devel | < 2.6.32-431.73.2.el6 | kernel-devel-2.6.32-431.73.2.el6.x86_64.rpm |
RedHat | 6 | x86_64 | python-perf | < 2.6.32-431.73.2.el6 | python-perf-2.6.32-431.73.2.el6.x86_64.rpm |
RedHat | 6 | noarch | kernel-firmware | < 2.6.32-431.73.2.el6 | kernel-firmware-2.6.32-431.73.2.el6.noarch.rpm |
RedHat | 6 | x86_64 | perf | < 2.6.32-431.73.2.el6 | perf-2.6.32-431.73.2.el6.x86_64.rpm |
RedHat | 6 | x86_64 | kernel | < 2.6.32-431.73.2.el6 | kernel-2.6.32-431.73.2.el6.x86_64.rpm |
RedHat | 6 | noarch | kernel-abi-whitelists | < 2.6.32-431.73.2.el6 | kernel-abi-whitelists-2.6.32-431.73.2.el6.noarch.rpm |
RedHat | 6 | x86_64 | kernel-debuginfo-common-x86_64 | < 2.6.32-431.73.2.el6 | kernel-debuginfo-common-x86_64-2.6.32-431.73.2.el6.x86_64.rpm |
RedHat | 6 | x86_64 | perf-debuginfo | < 2.6.32-431.73.2.el6 | perf-debuginfo-2.6.32-431.73.2.el6.x86_64.rpm |
RedHat | 6 | x86_64 | kernel-debug-devel | < 2.6.32-431.73.2.el6 | kernel-debug-devel-2.6.32-431.73.2.el6.x86_64.rpm |
RedHat | 6 | x86_64 | python-perf-debuginfo | < 2.6.32-431.73.2.el6 | python-perf-debuginfo-2.6.32-431.73.2.el6.x86_64.rpm |