kernel-3.10.0-957.1.3.el7

エラータID: AXSA:2019-3433:01

Release date: 
Wednesday, February 13, 2019 - 04:05
Subject: 
kernel-3.10.0-957.1.3.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: stack-based buffer overflow in chap_server_compute_md5() in iscsi target (CVE-2018-14633)

* kernel: NULL pointer dereference in af_netlink.c:__netlink_ns_capable() allows for denial of service (CVE-2018-14646)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Asianux would like to thank Vincent Pelletier for reporting CVE-2018-14633 and Christian Brauner for reporting CVE-2018-14646.

Bug Fix(es):

These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3714371

CVE-2018-14633
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.
CVE-2018-14646
The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.

Solution: 

Update packages.

CVEs: 
CVE-2018-14633
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.
CVE-2018-14646
The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.
Additional Info: 

N/A

Download: 

SRPMS
  1. kernel-3.10.0-957.1.3.el7.src.rpm
    MD5: 1b6c914551f9e86d812786c42512320a
    SHA-256: 9d3b906f10a27a1b9ce3df21fae35819ca080c92d6069bfdd4570a34ad122817
    Size: 96.35 MB

Asianux Server 7 for x86_64
  1. kernel-3.10.0-957.1.3.el7.x86_64.rpm
    MD5: 7ce262df9fb3efc46714f9923e4297f7
    SHA-256: 3ae4cd2fbc9aec5519e81558d9ae6efdd5a5756b59849d471c6b48ba643fb1bf
    Size: 48.20 MB
  2. kernel-abi-whitelists-3.10.0-957.1.3.el7.noarch.rpm
    MD5: 89932acbd4397c798850ef34416ae8d3
    SHA-256: fccd53708b3b63d97370bfadfb68425a9b9fcef504727fdbab27f3a0c0df1c8c
    Size: 7.00 MB
  3. kernel-debug-3.10.0-957.1.3.el7.x86_64.rpm
    MD5: a8c149104dd2e73b4439571ba883a9e4
    SHA-256: b1a6dc564f12dca0758d5e424acdd8522bc15d36c197e0907476763748a324d4
    Size: 50.27 MB
  4. kernel-debug-devel-3.10.0-957.1.3.el7.x86_64.rpm
    MD5: 74fa074bfcc76a902467cd5763b9a6ab
    SHA-256: 7d716f1b8c92a1c200e48ae4075f50cecfb444cc13eb9298eea8877b6324171f
    Size: 16.78 MB
  5. kernel-devel-3.10.0-957.1.3.el7.x86_64.rpm
    MD5: 6cb31bad3add4b242e8629f64bcf0e48
    SHA-256: bd38cd6a8c667746502ad6aa1f69a151b9c866d48af99f46fc6a2f4407c143e9
    Size: 16.72 MB
  6. kernel-doc-3.10.0-957.1.3.el7.noarch.rpm
    MD5: 99e2fa96003a7dffe34a99843146f75e
    SHA-256: 6ec893d51bc75d01a389029ef41eeda1f00cfccbccebbaef8b0fc10b6bbe05b5
    Size: 18.35 MB
  7. kernel-headers-3.10.0-957.1.3.el7.x86_64.rpm
    MD5: 3a9d85722ad8293ed3dfe3451af56764
    SHA-256: 62fd3019b59f18e3a11195c7e2f5ea15d885e247f369c1be27b17c3855c21c46
    Size: 7.97 MB
  8. kernel-tools-3.10.0-957.1.3.el7.x86_64.rpm
    MD5: d591b5acc896a12d5fc201c3960eaec1
    SHA-256: a234ea8bcc31cc9ab2e587ae05ca5f85c0c8f63046d19e94ecceb25a9bc3d0e2
    Size: 7.09 MB
  9. kernel-tools-libs-3.10.0-957.1.3.el7.x86_64.rpm
    MD5: 9bc1ba89bc865a93194000d96e7319c5
    SHA-256: 1ffda7f9e377fb0489eb013df04505a1156428c808e5f65fc56a79807df409d7
    Size: 7.00 MB
  10. perf-3.10.0-957.1.3.el7.x86_64.rpm
    MD5: 46c5eb440ff2f39c6594576f864c25fa
    SHA-256: d0f40384860ff1d800175c638e63055e27f3b4b958c9343508c6b40cfbab0086
    Size: 8.50 MB
  11. python-perf-3.10.0-957.1.3.el7.x86_64.rpm
    MD5: b15e002b1b0c54aee3690b063eeb982f
    SHA-256: d0f172c11ba87bfa083c6637f0e8b135434400fd2fa3b9cb1aef7a5316f1f2df
    Size: 7.09 MB