RHEL 6 : MRG (RHSA-2017:2444)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

An update for kernel-rt is now available for Red Hat Enterprise MRG 2.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The kernel-rt packages provide the Real Time Linux Kernel, which
enables fine-tuning for systems with extremely high determinism
requirements.

Security Fix(es) :

* A use-after-free flaw was found in the Linux kernel which enables a
race condition in the L2TPv3 IP Encapsulation feature. A local user
could use this flaw to escalate their privileges or crash the system.
(CVE-2016-10200, Important)

* A flaw was found that can be triggered in keyring_search_iterator in
keyring.c if type->match is NULL. A local user could use this flaw to
crash the system or, potentially, escalate their privileges.
(CVE-2017-2647, Important)

* The lrw_crypt() function in 'crypto/lrw.c' in the Linux kernel
before 4.5 allows local users to cause a system crash and a denial of
service by the NULL pointer dereference via accept(2) system call for
AF_ALG socket without calling setkey() first to set a cipher key.
(CVE-2015-8970, Moderate)

Red Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin
(Virtuozzo) for reporting CVE-2017-2647 and Igor Redko (Virtuozzo) and
Vasily Averin (Virtuozzo) for reporting CVE-2015-8970.

Bug Fix(es) :

* Writing model-specific register (MSR) registers during intel_idle
initialization could previously cause exceptions. Consequently, a
kernel panic occurred during this initialization. The function call to
write to the MSR with exception handling was modified to use
wrmsrl_safe() instead of wrmsrl(). In this scenario, the kernel no
longer panics. (BZ#1447438)

* The ixgbe driver was using incorrect bitwise operations on received
PTP flags. Consequently, systems that were using the ixgbe driver
could not synchronize time using PTP. The provided patch corrected the
bitwise operations on received PTP flags allowing these system to
correctly synchronize time using PTP. (BZ#1469795) (BZ#1451821)

The kernel-rt packages have been upgraded to version
3.10.0-514.rt56.230, which provides a number of security and bug fixes
over the previous version. (BZ#1463427)

See also :

http://rhn.redhat.com/errata/RHSA-2017-2444.html
https://www.redhat.com/security/data/cve/CVE-2015-8970.html
https://www.redhat.com/security/data/cve/CVE-2016-10200.html
https://www.redhat.com/security/data/cve/CVE-2017-2647.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 102350 ()

Bugtraq ID:

CVE ID: CVE-2015-8970
CVE-2016-10200
CVE-2017-2647

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now