Updated kernel packages that fix one security issue and three bugs are nowavailable for Red Hat Enterprise Linux 6.4 Advanced Update Support.Red Hat Product Security has rated this update as having Important securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.

The kernel packages contain the Linux kernel, the core of any Linuxoperating system.* A use-after-free flaw was found in the way the Linux kernel’s SCTPimplementation handled authentication key reference counting during INITcollisions. A remote attacker could use this flaw to crash the system or,potentially, escalate their privileges on the system. (CVE-2015-1421,Important)This issue was discovered by Sun Baoliang of Red Hat.This update also fixes the following bugs:* When ARP is disabled on an interface with an ARP entry for a neighborhost present in the ARP cache, letting the cached entry expire andattempting to communicate with that neighbor host could cause the host MACaddress to not be resolved correctly after ARP is enabled again on theinterface. With the following workaround, the entry is not expired and thedescribed scenario works correctly:1) Add the maximum number of ARP entries you expect for your configurationto the proc/sys/net/ipv4/neigh/default/gc_thresh file.2) Ensure that relevant IP addresses are put in the ARP cache when thesystem boots, for example by executing the following two commands:ping [IP address] -c 1ifconfig ethX -arp(BZ#1207350)* Previously, the open() system call in some cases failed with an EBUSYerror if the opened file was also being renamed at the same time. With thisupdate, the kernel automatically retries open() when this failure occurs,and if the retry is not successful either, open() now fails with an ESTALEerror. (BZ#1207813)* Previously, a race condition occurred in the build_id_cache__add_s()function, which could truncate system files. A patch has been provided tofix this bug, and system files are no longer truncated in theaforementioned scenario. (BZ#1210591)All kernel users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. The system must berebooted for this update to take effect.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Enterprise Linux Server AUS (v. 6.4)

    MD5: 14465b150608c88910eb6d9049c27801SHA-256: 7948fc5a9aaba411be8405bb07776e4143602ebf819347713d66292c28482042
    MD5: 21206979926c2f7a073f693cc8208612SHA-256: 322ba78ea50359346211b4a9df238096fb6dcf0f2933fdc5d3aeae551bc3286e
    MD5: 3ee491698fcf5e3706e7757344f3f170SHA-256: 89edf8b69ff916ff2d8c8def694d84da0d11560c3f15b886a8582602bb5306b7
    MD5: d285475e05e2a87f496def195153c7d4SHA-256: 21e751ec4150330574780cd1f3be4acfce2ba494f97a1af585f5756a7ad1b5eb
    MD5: 3ab86bc8a3497f4c55ea44d2c5bef182SHA-256: f445db26fc69d721da42838a12822260b2169b6fdcc99db11d5dcccdd0fd23a4
    MD5: 4abdff6f8d21a3c1324a3fa0189f3663SHA-256: ef8239402d011dbe0622f56ceadb37bddc96f9bb0517998ed781b84591f6eb97
    MD5: 5757699397495d7b72b0541a5b5a0281SHA-256: 41c91b2056974ce58d7d9ec8b37180d0835ac2c71b19ca336607939c4b3cb39a
    MD5: a725f53c9c979acd03fa20d302136891SHA-256: c4357105aa1d8818e561002b077a5073fca09940fca9206a0bc20897d49a869d
    MD5: 3ffbd80e7941984e05dbc5b1550d5dfeSHA-256: a9795db7e7308caac65b2943a04d4f5d11d0a5a715dde28163636a35225a0144
    MD5: 600d9c7d7264d3fec3c2e01a3fff35dcSHA-256: cd3679019bd5e097bcb3ceb6bdfe3a8099dd10f3fcfa733852ded1744e7c39a5
    MD5: 51cc9f496b9b67371715520c8e0dc352SHA-256: d463f1a9b5bf1e30b9479c82f241ada4848224b811b97a1c0f05d6665ad33eb1
    MD5: 194831bde96e476cfe4ba90e5ef5551dSHA-256: 23de97827bbb265b943e505aab0324173f44e660a194a0b7e84fc26eb8ab1f5a
    MD5: 2a41e6e8181ac60807eeac84b0ce92c9SHA-256: 396a8c157ff0c8ddc360e158388cbbd2b36c8eba233f472220da6dc750628e39
    MD5: 12d778c9ef1dd4a394776d0f0f2522a8SHA-256: d6f1609086fa973c0df73b7cf07b46d1c3abdc49858598286d96f1c7ff42a7ad
    MD5: bea24c51b837006ece5d66cecb390dc1SHA-256: 9f876b9a5529e3e6c5b53b7886be46e79ba23a4c7aed72817a3dbac0fc8bc99f
(The unlinked packages above are only available from the Red Hat Network)
1196581 – CVE-2015-1421 kernel: net: slab corruption from use after free on INIT collisions

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply