-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2016:1395-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1395 Issue date: 2016-07-12 CVE Names: CVE-2015-4170 ===================================================================== 1. Summary: Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7 Extended Update Support. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fix: * A flaw was discovered in the way the Linux kernel's TTY subsystem handled the tty shutdown phase. A local, unprivileged user could use this flaw to cause denial of service on the system by holding a reference to the ldisc lock during tty shutdown, causing a deadlock. (CVE-2015-4170, Moderate) This update also fixes the following bugs: * When Small Computer System Interface (SCSI) devices were removed or deleted, a system crash could occur due to a race condition between listing all SCSI devices and SCSI device removal. The provided patch ensures that the starting node for the klist_iter_init_node() function is actually a member of the list before using it. As a result, a system crash no longer occurs in the described scenario. (BZ#1333402) * When creating Virtual Functions (VF) on the ixgbe driver, the Media Access Control (MAC) address for each VF could be random if not explicitly set. When generating a random MAC address, it was possible to set the address to zero. As a consequence, transmitted packets were discarded without being sent, and the user was not able to access the network. The provided patchset ensures that the VFs always end up with valid MAC addresses. As a result, packets are now transmitted as expected, and the user is able to access the network. (BZ#1335405) * Under significant load, some applications such as logshifter could generate bursts of log messages too large for the system logger to spool. Due to a race condition, log messages from that application could then be lost even after the log volume dropped to manageable levels. This update fixes the kernel mechanism used to notify the transmitter end of the socket used by the system logger that more space is available on the receiver side, removing a race condition which previously caused the sender to stop transmitting new messages and allowing all log messages to be processed correctly. (BZ#1337602) * When a USB serial driver was trying to acquire a line-discipline reference, a lockdep warning could occur due to the tty ldisc semaphore that was not fully initialized. With this update, a set of patches has been backported from upstream that fix this bug and no warnings occur in the aforementioned scenario. (BZ#1343554) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1218879 - CVE-2015-4170 kernel: pty layer race condition on tty ldisc shutdown. 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1): Source: kernel-3.10.0-229.38.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.38.1.el7.noarch.rpm kernel-doc-3.10.0-229.38.1.el7.noarch.rpm x86_64: kernel-3.10.0-229.38.1.el7.x86_64.rpm kernel-debug-3.10.0-229.38.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.38.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.38.1.el7.x86_64.rpm kernel-devel-3.10.0-229.38.1.el7.x86_64.rpm kernel-headers-3.10.0-229.38.1.el7.x86_64.rpm kernel-tools-3.10.0-229.38.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.38.1.el7.x86_64.rpm perf-3.10.0-229.38.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1): x86_64: kernel-debug-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.38.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.38.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm python-perf-3.10.0-229.38.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: kernel-3.10.0-229.38.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.38.1.el7.noarch.rpm kernel-doc-3.10.0-229.38.1.el7.noarch.rpm ppc64: kernel-3.10.0-229.38.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-229.38.1.el7.ppc64.rpm kernel-debug-3.10.0-229.38.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-229.38.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-229.38.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.38.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.38.1.el7.ppc64.rpm kernel-devel-3.10.0-229.38.1.el7.ppc64.rpm kernel-headers-3.10.0-229.38.1.el7.ppc64.rpm kernel-tools-3.10.0-229.38.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.38.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-229.38.1.el7.ppc64.rpm perf-3.10.0-229.38.1.el7.ppc64.rpm perf-debuginfo-3.10.0-229.38.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.38.1.el7.ppc64.rpm s390x: kernel-3.10.0-229.38.1.el7.s390x.rpm kernel-debug-3.10.0-229.38.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-229.38.1.el7.s390x.rpm kernel-debug-devel-3.10.0-229.38.1.el7.s390x.rpm kernel-debuginfo-3.10.0-229.38.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.38.1.el7.s390x.rpm kernel-devel-3.10.0-229.38.1.el7.s390x.rpm kernel-headers-3.10.0-229.38.1.el7.s390x.rpm kernel-kdump-3.10.0-229.38.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.38.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-229.38.1.el7.s390x.rpm perf-3.10.0-229.38.1.el7.s390x.rpm perf-debuginfo-3.10.0-229.38.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.38.1.el7.s390x.rpm x86_64: kernel-3.10.0-229.38.1.el7.x86_64.rpm kernel-debug-3.10.0-229.38.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.38.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.38.1.el7.x86_64.rpm kernel-devel-3.10.0-229.38.1.el7.x86_64.rpm kernel-headers-3.10.0-229.38.1.el7.x86_64.rpm kernel-tools-3.10.0-229.38.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.38.1.el7.x86_64.rpm perf-3.10.0-229.38.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: kernel-3.10.0-229.38.1.ael7b.src.rpm noarch: kernel-abi-whitelists-3.10.0-229.38.1.ael7b.noarch.rpm kernel-doc-3.10.0-229.38.1.ael7b.noarch.rpm ppc64le: kernel-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-bootwrapper-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-debug-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-debug-debuginfo-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-devel-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-headers-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-tools-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-tools-libs-3.10.0-229.38.1.ael7b.ppc64le.rpm perf-3.10.0-229.38.1.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.38.1.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.38.1.ael7b.ppc64le.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64: kernel-debug-debuginfo-3.10.0-229.38.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-229.38.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-229.38.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-229.38.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-229.38.1.el7.ppc64.rpm perf-debuginfo-3.10.0-229.38.1.el7.ppc64.rpm python-perf-3.10.0-229.38.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-229.38.1.el7.ppc64.rpm s390x: kernel-debug-debuginfo-3.10.0-229.38.1.el7.s390x.rpm kernel-debuginfo-3.10.0-229.38.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-229.38.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-229.38.1.el7.s390x.rpm perf-debuginfo-3.10.0-229.38.1.el7.s390x.rpm python-perf-3.10.0-229.38.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-229.38.1.el7.s390x.rpm x86_64: kernel-debug-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.38.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.38.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm python-perf-3.10.0-229.38.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.38.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64le: kernel-debug-debuginfo-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-debug-devel-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-debuginfo-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-tools-debuginfo-3.10.0-229.38.1.ael7b.ppc64le.rpm kernel-tools-libs-devel-3.10.0-229.38.1.ael7b.ppc64le.rpm perf-debuginfo-3.10.0-229.38.1.ael7b.ppc64le.rpm python-perf-3.10.0-229.38.1.ael7b.ppc64le.rpm python-perf-debuginfo-3.10.0-229.38.1.ael7b.ppc64le.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-4170 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXhQdrXlSAg2UNWIIRApwBAKC5cW5uujSNLL9BDkSxEG1tZQiKmACeLrSa vc9k7W/+KCt6NnpA6bhYLkY= =Q676 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce