HI Valery, Thanks for the report!
kmod-openafs has been added to the security repo. Let us know if that doesn't solve your problem. Thanks! On 7/3/18, 10:29 AM, "owner-scientific-linux-us...@listserv.fnal.gov on behalf of Valery Mitsyn" <owner-scientific-linux-us...@listserv.fnal.gov on behalf of v...@mammoth.jinr.ru> wrote: Oh! There are no kmod-openafs for this kernel. AFS does not start after the update. On Mon, 2 Jul 2018, Scott Reid wrote: > Synopsis: Important: kernel security and bug fix update > Advisory ID: SLSA-2018:1854-1 > Issue Date: 2018-06-19 > CVE Numbers: CVE-2016-8650 > CVE-2017-7308 > CVE-2017-6001 > CVE-2017-2671 > CVE-2017-7616 > CVE-2017-7889 > CVE-2017-8890 > CVE-2017-9076 > CVE-2017-9075 > CVE-2017-9077 > CVE-2017-12190 > CVE-2017-15121 > CVE-2017-18203 > CVE-2018-3639 > CVE-2015-8830 > CVE-2012-6701 > CVE-2018-5803 > CVE-2018-1130 > -- > > Security Fix(es): > > * An industry-wide issue was found in the way many modern microprocessor > designs have implemented speculative execution of Load & Store > instructions (a commonly used performance optimization). It relies on the > presence of a precisely-defined instruction sequence in the privileged > code as well as the fact that memory read from address to which a recent > memory write has occurred may see an older value and subsequently cause an > update into the microprocessor's data cache even for speculatively > executed instructions that never actually commit (retire). As a result, an > unprivileged attacker could use this flaw to read privileged memory by > conducting targeted cache side-channel attacks. (CVE-2018-3639, PowerPC) > > * kernel: net/packet: overflow in check for priv area size (CVE-2017-7308) > > * kernel: AIO interface didn't use rw_verify_area() for checking mandatory > locking on files and size of access (CVE-2012-6701) > > * kernel: AIO write triggers integer overflow in some protocols > (CVE-2015-8830) > > * kernel: Null pointer dereference via keyctl (CVE-2016-8650) > > * kernel: ping socket / AF_LLC connect() sin_family race (CVE-2017-2671) > > * kernel: Race condition between multiple sys_perf_event_open() calls > (CVE-2017-6001) > > * kernel: Incorrect error handling in the set_mempolicy and mbind compat > syscalls in mm/mempolicy.c (CVE-2017-7616) > > * kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM > protection mechanism (CVE-2017-7889) > > * kernel: Double free in the inet_csk_clone_lock function in > net/ipv4/inet_connection_sock.c (CVE-2017-8890) > > * kernel: net: sctp_v6_create_accept_sk function mishandles inheritance > (CVE-2017-9075) > > * kernel: net: IPv6 DCCP implementation mishandles inheritance > (CVE-2017-9076) > > * kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance > (CVE-2017-9077) > > * kernel: memory leak when merging buffers in SCSI IO vectors > (CVE-2017-12190) > > * kernel: vfs: BUG in truncate_inode_pages_range() and fuse client > (CVE-2017-15121) > > * kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows > local users to cause a denial of service (CVE-2017-18203) > > * kernel: a null pointer dereference in > net/dccp/output.c:dccp_write_xmit() leads to a system crash > (CVE-2018-1130) > > * kernel: Missing length check of payload in > net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of > service (CVE-2018-5803) > -- > > SL6 > x86_64 > kernel-2.6.32-754.el6.x86_64.rpm > kernel-debug-2.6.32-754.el6.x86_64.rpm > kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm > kernel-debug-debuginfo-2.6.32-754.el6.x86_64.rpm > kernel-debug-devel-2.6.32-754.el6.i686.rpm > kernel-debug-devel-2.6.32-754.el6.x86_64.rpm > kernel-debuginfo-2.6.32-754.el6.i686.rpm > kernel-debuginfo-2.6.32-754.el6.x86_64.rpm > kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm > kernel-debuginfo-common-x86_64-2.6.32-754.el6.x86_64.rpm > kernel-devel-2.6.32-754.el6.x86_64.rpm > kernel-headers-2.6.32-754.el6.x86_64.rpm > perf-2.6.32-754.el6.x86_64.rpm > perf-debuginfo-2.6.32-754.el6.i686.rpm > perf-debuginfo-2.6.32-754.el6.x86_64.rpm > python-perf-debuginfo-2.6.32-754.el6.i686.rpm > python-perf-debuginfo-2.6.32-754.el6.x86_64.rpm > python-perf-2.6.32-754.el6.x86_64.rpm > i386 > kernel-2.6.32-754.el6.i686.rpm > kernel-debug-2.6.32-754.el6.i686.rpm > kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm > kernel-debug-devel-2.6.32-754.el6.i686.rpm > kernel-debuginfo-2.6.32-754.el6.i686.rpm > kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm > kernel-devel-2.6.32-754.el6.i686.rpm > kernel-headers-2.6.32-754.el6.i686.rpm > perf-2.6.32-754.el6.i686.rpm > perf-debuginfo-2.6.32-754.el6.i686.rpm > python-perf-debuginfo-2.6.32-754.el6.i686.rpm > python-perf-2.6.32-754.el6.i686.rpm > noarch > kernel-abi-whitelists-2.6.32-754.el6.noarch.rpm > kernel-doc-2.6.32-754.el6.noarch.rpm > kernel-firmware-2.6.32-754.el6.noarch.rpm > > - Scientific Linux Development Team > --- Best regards, Valery Mitsyn