Red Hat Security Advisory: kernel security, bug fix, and enhancement update
🔗 CVE IDs covered (38)
📋 Description
CVE-2014-7970 — Kernel: fs: VFS denial of service CVE-2014-7975 — Kernel: fs: umount denial of service CVE-2015-8839 — kernel: ext4 filesystem page fault race condition with fallocate call. CVE-2015-8970 — kernel: crypto: GPF in lrw_crypt caused by null-deref CVE-2016-6213 — kernel: Overflowing kernel mount table using shared bind mount CVE-2016-7042 — kernel: Stack corruption while reading /proc/keys when gcc stack protector is enabled CVE-2016-7097 — kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit CVE-2016-8645 — kernel: a BUG() statement can be hit in net/ipv4/tcp_input.c CVE-2016-9576 — kernel: Use after free in SCSI generic device interface CVE-2016-9588 — Kernel: kvm: nVMX: uncaught software exceptions in L1 guest leads to DoS CVE-2016-9604 — kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user CVE-2016-9685 — kernel: Memory leaks in xfs_attr_list.c error paths CVE-2016-9806 — kernel: netlink: double-free in netlink_dump CVE-2016-10088 — kernel: Use after free in SCSI generic device interface (CVE-2016-9576 regression) CVE-2016-10147 — kernel: Kernel crash by spawning mcrypt(alg) with incompatible algorithm CVE-2016-10200 — kernel: l2tp: Race condition in the L2TPv3 IP encapsulation feature CVE-2016-10741 — kernel: race condition between direct and memory-mapped I/O in fs/xfs/xfs_aops.c CVE-2017-2584 — Kernel: kvm: use after free in complete_emulated_mmio CVE-2017-2596 — Kernel: kvm: page reference leakage in handle_vmon CVE-2017-2647 — kernel: Null pointer dereference in search_keyring CVE-2017-2671 — kernel: ping socket / AF_LLC connect() sin_family race CVE-2017-5551 — kernel: S_ISGD is not cleared when setting posix ACLs in tmpfs (CVE-2016-7097 incomplete fix) CVE-2017-5970 — kernel: ipv4: Invalid IP options could cause skb->dst drop CVE-2017-6001 — kernel: Race condition between multiple sys_perf_event_open() calls CVE-2017-6951 — kernel: NULL pointer dereference in keyring_search_aux function CVE-2017-7187 — kernel: scsi: Stack-based buffer overflow in sg_ioctl function CVE-2017-7495 — kernel: ext4: power failure during write(2) causes on-disk information leak CVE-2017-7616 — kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c CVE-2017-7889 — kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism CVE-2017-8797 — kernel: NFSv4 server does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET operand CVE-2017-8890 — kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c CVE-2017-9074 — kernel: net: IPv6 fragmentation implementation of nexthdr field may be associated with an invalid option CVE-2017-9075 — kernel: net: sctp_v6_create_accept_sk function mishandles inheritance CVE-2017-9076 — kernel: net: IPv6 DCCP implementation mishandles inheritance CVE-2017-9077 — kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance CVE-2017-9242 — kernel: Incorrect overwrite check in _ip6_append_data() CVE-2017-1000253 — kernel: load_elf binary() does not take account of the need to allocate sufficient space for the entire binary CVE-2017-1000379 — kernel: Incorrectly mapped contents of PIE executable
🔗 References (71)
- selfhttps://access.redhat.com/errata/RHSA-2017:1842
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1151095
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1151108
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1178491
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1283257
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1297929
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1322495
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1323577
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1330000
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1349647
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1352741
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1356471
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1368577
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1368938
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1371693
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1371714
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1373966
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1378320
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1378656
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1383739
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1386286
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1389433
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1391299
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1393904
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1394089
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1395104
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1396578
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1396941
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1399830
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1401433
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1401436
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1401502
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1403145
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1404200
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1404924
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1406885
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1412210
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1412234
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1415780
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1416532
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1417812
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1418962
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1421638
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1422825
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1424076
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1428353
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1428684
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1428973
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1430225
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1430347
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1433252
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1433831
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1434327
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1436649
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1441088
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1443999
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1444493
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1445054
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1448312
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1450203
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1450972
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1452679
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1452688
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1452691
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1452744
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1456388
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1463241
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1466329
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1842.json