Re: Security ERRATA Important: kernel on SL6.x i386/x86_64

Tue, 03 Jul 2018 09:58:57 -0700 

HI Valery,

Thanks for the report!

kmod-openafs has been added to the security repo. Let us know if that doesn't 
solve your problem.

Thanks!

On 7/3/18, 10:29 AM, "owner-scientific-linux-us...@listserv.fnal.gov on behalf 
of Valery Mitsyn" <owner-scientific-linux-us...@listserv.fnal.gov on behalf of 
v...@mammoth.jinr.ru> wrote:

    Oh! There are no kmod-openafs for this kernel.
    AFS does not start after the update.
    
    On Mon, 2 Jul 2018, Scott Reid wrote:
    
    > Synopsis:          Important: kernel security and bug fix update
    > Advisory ID:       SLSA-2018:1854-1
    > Issue Date:        2018-06-19
    > CVE Numbers:       CVE-2016-8650
    >                   CVE-2017-7308
    >                   CVE-2017-6001
    >                   CVE-2017-2671
    >                   CVE-2017-7616
    >                   CVE-2017-7889
    >                   CVE-2017-8890
    >                   CVE-2017-9076
    >                   CVE-2017-9075
    >                   CVE-2017-9077
    >                   CVE-2017-12190
    >                   CVE-2017-15121
    >                   CVE-2017-18203
    >                   CVE-2018-3639
    >                   CVE-2015-8830
    >                   CVE-2012-6701
    >                   CVE-2018-5803
    >                   CVE-2018-1130
    > --
    >
    > Security Fix(es):
    >
    > * An industry-wide issue was found in the way many modern microprocessor
    > designs have implemented speculative execution of Load & Store
    > instructions (a commonly used performance optimization). It relies on the
    > presence of a precisely-defined instruction sequence in the privileged
    > code as well as the fact that memory read from address to which a recent
    > memory write has occurred may see an older value and subsequently cause an
    > update into the microprocessor's data cache even for speculatively
    > executed instructions that never actually commit (retire). As a result, an
    > unprivileged attacker could use this flaw to read privileged memory by
    > conducting targeted cache side-channel attacks. (CVE-2018-3639, PowerPC)
    >
    > * kernel: net/packet: overflow in check for priv area size (CVE-2017-7308)
    >
    > * kernel: AIO interface didn't use rw_verify_area() for checking mandatory
    > locking on files and size of access (CVE-2012-6701)
    >
    > * kernel: AIO write triggers integer overflow in some protocols
    > (CVE-2015-8830)
    >
    > * kernel: Null pointer dereference via keyctl (CVE-2016-8650)
    >
    > * kernel: ping socket / AF_LLC connect() sin_family race (CVE-2017-2671)
    >
    > * kernel: Race condition between multiple sys_perf_event_open() calls
    > (CVE-2017-6001)
    >
    > * kernel: Incorrect error handling in the set_mempolicy and mbind compat
    > syscalls in mm/mempolicy.c (CVE-2017-7616)
    >
    > * kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM
    > protection mechanism (CVE-2017-7889)
    >
    > * kernel: Double free in the inet_csk_clone_lock function in
    > net/ipv4/inet_connection_sock.c (CVE-2017-8890)
    >
    > * kernel: net: sctp_v6_create_accept_sk function mishandles inheritance
    > (CVE-2017-9075)
    >
    > * kernel: net: IPv6 DCCP implementation mishandles inheritance
    > (CVE-2017-9076)
    >
    > * kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance
    > (CVE-2017-9077)
    >
    > * kernel: memory leak when merging buffers in SCSI IO vectors
    > (CVE-2017-12190)
    >
    > * kernel: vfs: BUG in truncate_inode_pages_range() and fuse client
    > (CVE-2017-15121)
    >
    > * kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows
    > local users to cause a denial of service (CVE-2017-18203)
    >
    > * kernel: a null pointer dereference in
    > net/dccp/output.c:dccp_write_xmit() leads to a system crash
    > (CVE-2018-1130)
    >
    > * kernel: Missing length check of payload in
    > net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of
    > service (CVE-2018-5803)
    > --
    >
    > SL6
    >  x86_64
    >    kernel-2.6.32-754.el6.x86_64.rpm
    >    kernel-debug-2.6.32-754.el6.x86_64.rpm
    >    kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
    >    kernel-debug-debuginfo-2.6.32-754.el6.x86_64.rpm
    >    kernel-debug-devel-2.6.32-754.el6.i686.rpm
    >    kernel-debug-devel-2.6.32-754.el6.x86_64.rpm
    >    kernel-debuginfo-2.6.32-754.el6.i686.rpm
    >    kernel-debuginfo-2.6.32-754.el6.x86_64.rpm
    >    kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
    >    kernel-debuginfo-common-x86_64-2.6.32-754.el6.x86_64.rpm
    >    kernel-devel-2.6.32-754.el6.x86_64.rpm
    >    kernel-headers-2.6.32-754.el6.x86_64.rpm
    >    perf-2.6.32-754.el6.x86_64.rpm
    >    perf-debuginfo-2.6.32-754.el6.i686.rpm
    >    perf-debuginfo-2.6.32-754.el6.x86_64.rpm
    >    python-perf-debuginfo-2.6.32-754.el6.i686.rpm
    >    python-perf-debuginfo-2.6.32-754.el6.x86_64.rpm
    >    python-perf-2.6.32-754.el6.x86_64.rpm
    >  i386
    >    kernel-2.6.32-754.el6.i686.rpm
    >    kernel-debug-2.6.32-754.el6.i686.rpm
    >    kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
    >    kernel-debug-devel-2.6.32-754.el6.i686.rpm
    >    kernel-debuginfo-2.6.32-754.el6.i686.rpm
    >    kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
    >    kernel-devel-2.6.32-754.el6.i686.rpm
    >    kernel-headers-2.6.32-754.el6.i686.rpm
    >    perf-2.6.32-754.el6.i686.rpm
    >    perf-debuginfo-2.6.32-754.el6.i686.rpm
    >    python-perf-debuginfo-2.6.32-754.el6.i686.rpm
    >    python-perf-2.6.32-754.el6.i686.rpm
    >  noarch
    >    kernel-abi-whitelists-2.6.32-754.el6.noarch.rpm
    >    kernel-doc-2.6.32-754.el6.noarch.rpm
    >    kernel-firmware-2.6.32-754.el6.noarch.rpm
    >
    > - Scientific Linux Development Team
    >
    
    ---
    Best regards,
      Valery Mitsyn

Reply via email to