An update for kernel is now available for Red Hat Enterprise Linux 6.5 AdvancedUpdate Support.Red Hat Product Security has rated this update as having a security impact ofImportant.

A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
The kernel packages contain the Linux kernel, the core of any Linux operatingsystem.Security Fix(es):* A flaw was found in the Linux kernel’s keyring handling code, where inkey_reject_and_link() an uninitialized variable would eventually lead toarbitrary free address which could allow attacker to use a use-after-free styleattack. (CVE-2016-4470, Important)This issue was discovered by David Howells (Red Hat Inc.).Bug Fix(es):* Previously, the BUG_ON() signal appeared in the fs_clear_inode() functionwhere the nfs_have_writebacks() function reported a positive value fornfs_inode->npages.

As a consequence, a kernel panic occurred.

This updateperforms a serialization by holding the inode i_lock over the check ofPagePrivate and locking the request, which fixes this bug. (BZ#1365161)
For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258The system must be rebooted for this update to take effect.Red Hat Enterprise Linux Server AUS (v. 6.5)

SRPMS:
kernel-2.6.32-431.74.1.el6.src.rpm
    MD5: 3d1789887f9cb4e65ddc15487dabf833SHA-256: d0697306bea089bf0bbab8087fcdfa27fe10905bfae8640a34be384c5a66be12
 
x86_64:
kernel-2.6.32-431.74.1.el6.x86_64.rpm
    MD5: 53f9a73f1b184806426a3a0439d35b0bSHA-256: bda73477be99bf3b9451afd81235394b322e972a1a305e43eba1558a4f1c1469
kernel-abi-whitelists-2.6.32-431.74.1.el6.noarch.rpm
    MD5: 5808cc4980765eb0934e31bb5aa5a53cSHA-256: 07c31a427ccfc3d4d1a8218d5fafa2eea40ba86579fd70a77002e324382ff00f
kernel-debug-2.6.32-431.74.1.el6.x86_64.rpm
    MD5: d722f3e627fe8e019f6cf75646160a49SHA-256: 5ef92756ef092f2173bebe97d2ca9a34fc2357952cddeb9cfd20d511504b898d
kernel-debug-debuginfo-2.6.32-431.74.1.el6.x86_64.rpm
    MD5: 64b68807104cea6f959377a7e3456844SHA-256: 24b80d58f96925e086995501c578dcdbe779737e814cdfb2a4d96913280d0189
kernel-debug-devel-2.6.32-431.74.1.el6.x86_64.rpm
    MD5: c1d7f63b6cab91203cfe0ee9ce8fcea5SHA-256: 142934b237f838133d1feb971a7bed32d8a84af4a67a23f8f12b95caa224626c
kernel-debuginfo-2.6.32-431.74.1.el6.x86_64.rpm
    MD5: 21b329ea7202a9e1a111f4f89f405808SHA-256: 61c2e19e3c17b9c21958e84ceabd2dd2d83290ff5c802882ae03afd2bf400b2a
kernel-debuginfo-common-x86_64-2.6.32-431.74.1.el6.x86_64.rpm
    MD5: 764c5b454eb1d9863d0d476e2e67658aSHA-256: 33d641aa15c43c6196ad718a4cc2d13e04a7a2d34c0802daba78c7f63d199879
kernel-devel-2.6.32-431.74.1.el6.x86_64.rpm
    MD5: 3686bc4d5bee9c6a4c77d36fb24f00ffSHA-256: 457fc839c57ff88bf75ac365a7b3970d6cff1a4a01aef3f47250831d9f056596
kernel-doc-2.6.32-431.74.1.el6.noarch.rpm
    MD5: 69a04b12babfd902c7ce5f128252c5faSHA-256: 62c654c64d9517fb085d06eb162a774c0f3c2bc43399ed4768720454a4f28701
kernel-firmware-2.6.32-431.74.1.el6.noarch.rpm
    MD5: 9c498647e149c6906d2134e980ab1963SHA-256: 771bb039861d803693a2d731b7f532f0c393acfc53c0c4905c724ec97f8830f5
kernel-headers-2.6.32-431.74.1.el6.x86_64.rpm
    MD5: 016c4091aaf7cc13d6820787ac76eea5SHA-256: 26362373058add634980073dc90723524cfc56031ba50119cb3149ba5e8c26b6
perf-2.6.32-431.74.1.el6.x86_64.rpm
    MD5: c6b658fc26af5014fb2e343570562e28SHA-256: 62909db6cf526d7130f6253731572ed412b5c845af2768c72397a4e00101d81b
perf-debuginfo-2.6.32-431.74.1.el6.x86_64.rpm
    MD5: b207a9a450cdcba03ec4c9501fe74b8fSHA-256: 995c8b9782503f7891f34779fb2bcb3af01f7d877544c071787899eb8c123266
python-perf-2.6.32-431.74.1.el6.x86_64.rpm
    MD5: 0541c87a5f8b03b2251d8fbbafa66631SHA-256: 389366d071d68655f6b0c1f6508476df58a39ef35c8a505c01a0cf3ac05fcc6b
python-perf-debuginfo-2.6.32-431.74.1.el6.x86_64.rpm
    MD5: d7df2c4ca83d67adb112489f86d1144cSHA-256: 29c2c755ef0089e9f4b979ea39acc2aa37b097e4fd174ccb98c540dc475c5f06
 
(The unlinked packages above are only available from the Red Hat Network)

1341716 – CVE-2016-4470 kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Leave a Reply