RHEL 6 : MRG (RHSA-2016:1532)

medium Nessus Plugin ID 92692
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

An update for kernel-rt is now available for Red Hat Enterprise MRG 2.5.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

* A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important)

* The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.
(CVE-2015-8660, Moderate)

Red Hat would like to thank Nathan Williams for reporting CVE-2015-8660. The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).

The kernel-rt packages have been upgraded to upstream version 3.10.0-327.rt56.194.el6, which provides a number of bug fixes over the previous version. (BZ#1343658)

This update also fixes the following bugs :

* Previously, use of the get/put_cpu_var() function in function refill_stock () from the memcontrol cgroup code lead to a 'scheduling while atomic' warning. With this update, refill_stock() uses the get/put_cpu_light() function instead, and the warnings no longer appear. (BZ#1348710)

* Prior to this update, if a real time task pinned to a given CPU was taking 100% of the CPU time, then calls to the lru_add_drain_all() function on other CPUs blocked for an undetermined amount of time.
This caused latencies and undesired side effects. With this update, lru_add_drain_all() has been changed to drain the LRU pagevecs of remote CPUs. (BZ#1348711)

Solution

Update the affected packages.

See Also

https://access.redhat.com/errata/RHSA-2016:1532

https://access.redhat.com/security/cve/cve-2015-8660

https://access.redhat.com/security/cve/cve-2016-4470

Plugin Details

Severity: Medium

ID: 92692

File Name: redhat-RHSA-2016-1532.nasl

Version: 2.13

Type: local

Agent: unix

Published: 8/3/2016

Updated: 10/24/2019

Dependencies: ssh_get_info.nasl, linux_alt_patch_detect.nasl

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS v3

Risk Factor: Medium

Base Score: 6.7

Temporal Score: 6.4

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kernel-rt, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc, p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware, p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace, p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo, p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla, p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo, p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel, cpe:/o:redhat:enterprise_linux:6

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/2/2016

Vulnerability Publication Date: 12/28/2015

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Overlayfs Privilege Escalation)

Reference Information

CVE: CVE-2015-8660, CVE-2016-4470

RHSA: 2016:1532