kernel-2.6.32-754.el6
エラータID: AXSA:2018-3236:06
Release date:
Tuesday, July 3, 2018 - 17:39
Subject:
kernel-2.6.32-754.el6
Affected Channels:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load
Solution:
Update packages.
CVEs:
CVE-2012-6701
Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.
Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.
CVE-2015-8830
Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression.
Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression.
CVE-2016-8650
The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.
The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.
CVE-2017-12190
The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition.
The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition.
CVE-2017-15121
A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.
A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.
CVE-2017-18203
The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.
The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.
CVE-2017-2671
The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.
The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.
CVE-2017-6001
Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786.
Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786.
CVE-2017-7308
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.
CVE-2017-7616
Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.
Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.
CVE-2017-7889
The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.
The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
CVE-2018-1130
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.
CVE-2018-3639
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
CVE-2018-5803
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.
Additional Info:
N/A
Download:
SRPMS
- kernel-2.6.32-754.el6.src.rpm
MD5: c440e57c756aa57303c903f850cb8b98
SHA-256: 6bb12a13730643a6b52a229f6918f523a14b70a6d9f6b8e0f25d04f18f5ccdf0
Size: 127.41 MB
Asianux Server 4 for x86
- kernel-2.6.32-754.el6.i686.rpm
MD5: 7ade531116e0fcebc9ab1fcde7a2cf32
SHA-256: 6e93eb7c7e873bf610d85e3844b995c8da51696b5fa649948367d2286c6f73f9
Size: 30.01 MB - kernel-abi-whitelists-2.6.32-754.el6.noarch.rpm
MD5: 2e5a8103e50ec7d2966b7f9440831e4d
SHA-256: b3daefcafc03dd3a2a0c661cbbd964f8899e6cabdf7a6aaaa6cb38c07852653d
Size: 3.80 MB - kernel-debug-2.6.32-754.el6.i686.rpm
MD5: abaa36dec17cccb9cf74ddba8d54c488
SHA-256: 9729d723177001fe2f1caebf9b586a9d515f14ca7151e798c5f35f0404cf033f
Size: 30.81 MB - kernel-debug-devel-2.6.32-754.el6.i686.rpm
MD5: e8ec6226ec89d48ef6dbe4b402a0ce7b
SHA-256: 057f2ebe71f1701d5193939bc4b1bea894ec0fb704c65556ba5e24d2970c9967
Size: 10.76 MB - kernel-devel-2.6.32-754.el6.i686.rpm
MD5: 4bfbb35c189e1ec694c8d9d132211c78
SHA-256: 36eb509d6e7b0104ff4363da2371e6b3989493270ebc6c3a80b6e51faa3ae7ea
Size: 10.72 MB - kernel-doc-2.6.32-754.el6.noarch.rpm
MD5: c467ea9ccc52b2a2c1b1366d0cfd441c
SHA-256: e6e9528e685e985fe3a4998ff48c1499b449377f57d133de0ddb6613292f40cd
Size: 12.37 MB - kernel-firmware-2.6.32-754.el6.noarch.rpm
MD5: 291283089d79af0d73c6752a16815b5a
SHA-256: 122012997ae7a982a668a32fda12cdfa131f230e87a9034c3e7031445d71896a
Size: 28.86 MB - kernel-headers-2.6.32-754.el6.i686.rpm
MD5: 7fed9e1483fb899c914313dfc47f1cf9
SHA-256: 33bd580f7d4c0fd8d2572658f4c1099e644f0a8885f9e8ac55b4e80700874c20
Size: 4.52 MB - perf-2.6.32-754.el6.i686.rpm
MD5: d861bf5a6459ee4949125d579502019d
SHA-256: 8e160b1f0e573d1e620d819a23fbb935fd8084351fd72566ae3c771e7d3fd460
Size: 4.75 MB
Asianux Server 4 for x86_64
- kernel-2.6.32-754.el6.x86_64.rpm
MD5: 0ce04e0f3ce8913967cee494d7ba25a1
SHA-256: 59acf4ff77862221d2f7a8b2c0da28deb5ead815cf19469a827d35e8d38be624
Size: 32.32 MB - kernel-abi-whitelists-2.6.32-754.el6.noarch.rpm
MD5: 93655ede4bdb4a36b74290913b271e8e
SHA-256: 32deb029662eb206b7382cf6853d9323f5d4001e35d563cce04f055b0f75fc52
Size: 3.80 MB - kernel-debug-2.6.32-754.el6.x86_64.rpm
MD5: 1a25e306b858ce250577d4a3472416b1
SHA-256: ec8b85b6aa34e3f5ab6854ba88009fe538375745c06052014d46e7d4e9d578c8
Size: 33.20 MB - kernel-debug-devel-2.6.32-754.el6.x86_64.rpm
MD5: 34be6fdbdf31a55fbf875bb0efd95ba2
SHA-256: a40db3a2c2a209a88a3e55e1a63361a65702318a1abb44da9966e89a2de9c0c6
Size: 10.81 MB - kernel-devel-2.6.32-754.el6.x86_64.rpm
MD5: cb7455fa344150f908927cc96875bdfa
SHA-256: 42498d1b0206ca18e210cfce244bed703fad238fb9a3ab5267c1e9c174885da4
Size: 10.77 MB - kernel-doc-2.6.32-754.el6.noarch.rpm
MD5: 2c067b3c543d400f8e85a8e61bc330e0
SHA-256: 435a7d918bd3c4b93e3a7a304bd9e9c20634b5e44ab67f8b312b4e6b1348d897
Size: 12.37 MB - kernel-firmware-2.6.32-754.el6.noarch.rpm
MD5: 1f25e4cd8df9cfa4b658acd81c0ba544
SHA-256: 44a9c6589688b6d753700fc15be215f55c8c0b824171a1c8454271b90f9ab1e0
Size: 28.86 MB - kernel-headers-2.6.32-754.el6.x86_64.rpm
MD5: 37dc0409fd623ea3c2f5c399da650297
SHA-256: c222ea87086b6a581ae0ff37f66f7b97dbebc7ec7226a8f485fe47bf8f4bb8c9
Size: 4.52 MB - perf-2.6.32-754.el6.x86_64.rpm
MD5: e4ce2e21549b041c33413bcd84168821
SHA-256: a015b699eacc6f3b27b2fdec7ce16910144d789e2564b18bab24f39c16282044
Size: 4.72 MB