RHEL 7 : kernel (RHSA-2016:1847)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es) :

* A security flaw was found in the Linux kernel in the
mark_source_chains() function in 'net/ipv4/netfilter/ip_tables.c'. It
is possible for a user-supplied 'ipt_entry' structure to have a large
'next_offset' field. This field is not bounds checked prior to writing
to a counter value at the supplied offset. (CVE-2016-3134, Important)

* A flaw was discovered in processing setsockopt for 32 bit processes
on 64 bit systems. This flaw will allow attackers to alter arbitrary
kernel memory when unloading a kernel module. This action is usually
restricted to root-privileged users but can also be leveraged if the
kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user
is granted elevated privileges. (CVE-2016-4997, Important)

* An out-of-bounds heap memory access leading to a Denial of Service,
heap disclosure, or further impact was found in setsockopt(). The
function call is normally restricted to root, however some processes
with cap_sys_admin may also be able to trigger this flaw in privileged
container environments. (CVE-2016-4998, Moderate)

Bug Fix(es) :

* In some cases, running the ipmitool command caused a kernel panic
due to a race condition in the ipmi message handler. This update fixes
the race condition, and the kernel panic no longer occurs in the
described scenario. (BZ#1353947)

* Previously, running I/O-intensive operations in some cases caused
the system to terminate unexpectedly after a NULL pointer dereference
in the kernel. With this update, a set of patches has been applied to
the 3w-9xxx and 3w-sas drivers that fix this bug. As a result, the
system no longer crashes in the described scenario. (BZ#1362040)

* Previously, the Stream Control Transmission Protocol (SCTP) sockets
did not inherit the SELinux labels properly. As a consequence, the
sockets were labeled with the unlabeled_t SELinux type which caused
SCTP connections to fail. The underlying source code has been
modified, and SCTP connections now works as expected. (BZ#1354302)

* Previously, the bnx2x driver waited for transmission completions
when recovering from a parity event, which substantially increased the
recovery time. With this update, bnx2x does not wait for transmission
completion in the described circumstances. As a result, the recovery
of bnx2x after a parity event now takes less time. (BZ#1351972)

Enhancement(s) :

* With this update, the audit subsystem enables filtering of processes
by name besides filtering by PID. Users can now audit by executable
name (with the '-F exe=<path-to-executable>' option), which allows
expression of many new audit rules. This functionality can be used to
create events when specific applications perform a syscall.
(BZ#1345774)

* With this update, the Nonvolatile Memory Express (NVMe) and the
multi-queue block layer (blk_mq) have been upgraded to the Linux 4.5
upstream version. Previously, a race condition between timeout and
freeing request in blk_mq occurred, which could affect the
blk_mq_tag_to_rq() function and consequently a kernel oops could
occur. The provided patch fixes this race condition by updating the
tags with the active request. The patch simplifies blk_mq_tag_to_rq()
and ensures that the two requests are not active at the same time.
(BZ#1350352)

* The Hyper-V storage driver (storvsc) has been upgraded from
upstream. This update provides moderate performance improvement of I/O
operations when using storvscr for certain workloads. (BZ#1360161)

Additional Changes :

Space precludes documenting all of the bug fixes and enhancements
included in this advisory. To see the complete list of bug fixes and
enhancements, refer to the following KnowledgeBase article:
https://access.redhat.com/articles/2592321

See also :

https://www.redhat.com/security/data/cve/CVE-2016-3134.html
https://www.redhat.com/security/data/cve/CVE-2016-4997.html
https://www.redhat.com/security/data/cve/CVE-2016-4998.html
https://access.redhat.com/articles/2592321
http://rhn.redhat.com/errata/RHSA-2016-1847.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.5
(CVSS2#E:POC/RL:U/RC:ND)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 93555 ()

Bugtraq ID:

CVE ID: CVE-2016-3134
CVE-2016-4997
CVE-2016-4998

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now