kernel-3.10.0-327.el7

エラータID: AXSA:2015-948:05

リリース日: 
2015/12/16 Wednesday - 20:11
題名: 
kernel-3.10.0-327.el7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.

Security issues fixed with this release:

CVE-2010-5313
Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38
allows L2 guest OS users to cause a denial of service (L1 guest OS
crash) via a crafted instruction that triggers an L2 emulation failure
report, a similar issue to CVE-2014-7842.
CVE-2013-7421
The Crypto API in the Linux kernel before 3.18.5 allows local users to
load arbitrary kernel modules via a bind system call for an AF_ALG
socket with a module name in the salg_name field, a different
vulnerability than CVE-2014-9644.
CVE-2014-3647
arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel
through 3.17.2 does not properly perform RIP changes, which allows
guest OS users to cause a denial of service (guest OS crash) via a
crafted application.
CVE-2014-7842
Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4
allows guest OS users to cause a denial of service (guest OS crash)
via a crafted application that performs an MMIO transaction or a PIO
transaction to trigger a guest userspace emulation error report, a
similar issue to CVE-2010-5313.
CVE-2014-8171
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2014-9419
The __switch_to function in arch/x86/kernel/process_64.c in the Linux
kernel through 3.18.1 does not ensure that Thread Local Storage (TLS)
descriptors are loaded before proceeding with other steps, which makes
it easier for local users to bypass the ASLR protection mechanism via
a crafted application that reads a TLS base address.
CVE-2014-9644
The Crypto API in the Linux kernel before 3.18.5 allows local users to
load arbitrary kernel modules via a bind system call for an AF_ALG
socket with a parenthesized module template expression in the
salg_name field, as demonstrated by the vfat(aes) expression, a
different vulnerability than CVE-2013-7421.
CVE-2015-0239
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel
before 3.18.5, when the guest OS lacks SYSENTER MSR initialization,
allows guest OS users to gain guest OS privileges or cause a denial of
service (guest OS crash) by triggering use of a 16-bit code segment
for emulation of a SYSENTER instruction.
CVE-2015-2925
The prepend_path function in fs/dcache.c in the Linux kernel before
4.2.4 does not properly handle rename actions inside a bind mount,
which allows local users to bypass an intended container protection
mechanism by renaming a directory, related to a "double-chroot
attack."
CVE-2015-3339
Race condition in the prepare_binprm function in fs/exec.c in the
Linux kernel before 3.19.6 allows local users to gain privileges by
executing a setuid program at a time instant when a chown to root is
in progress, and the ownership is changed but the setuid bit is not
yet stripped.
CVE-2015-4170
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-5283
The sctp_init function in net/sctp/protocol.c in the Linux kernel
before 4.2.3 has an incorrect sequence of protocol-initialization
steps, which allows local users to cause a denial of service (panic or
memory corruption) by creating SCTP sockets before all of the steps
have finished.
CVE-2015-6526
The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c
in the Linux kernel before 4.0.2 on ppc64 platforms allows local users
to cause a denial of service (infinite loop) via a deep 64-bit
userspace backtrace.
CVE-2015-7613
Race condition in the IPC object implementation in the Linux kernel
through 4.2.3 allows local users to gain privileges by triggering an
ipc_addid call that leads to uid and gid comparisons against
uninitialized data, related to msg.c, shm.c, and util.c.
CVE-2015-7837
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

解決策: 

Update packages.

CVE: 
CVE-2010-5313
Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842.
CVE-2013-7421
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.
CVE-2014-3647
arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
CVE-2014-7842
Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313.
CVE-2014-8171
The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.
CVE-2014-9419
The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.
CVE-2014-9644
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421.
CVE-2015-0239
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction.
CVE-2015-2925
The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."
CVE-2015-3339
Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped.
CVE-2015-4170
Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread.
CVE-2015-5283
The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished.
CVE-2015-6526
The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace.
CVE-2015-7613
Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.
CVE-2015-7837
The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. kernel-3.10.0-327.el7.src.rpm
    MD5: 78648c6316e207b7e68ccf82bebb78b8
    SHA-256: 61a1cb7bec4784722c4d5158006b63c903bcac5e387e8fffdaf2b9f2747e1a9a
    Size: 79.94 MB

Asianux Server 7 for x86_64
  1. kernel-3.10.0-327.el7.x86_64.rpm
    MD5: 32ae2331e92bcdf553b063468e51a621
    SHA-256: 3d7d3065237d6d45b181b8afddc1c6049b949a54b6dd8c0fb7af77632caaf63f
    Size: 33.01 MB
  2. kernel-abi-whitelists-3.10.0-327.el7.noarch.rpm
    MD5: 48ac2bfcb22c8d4ace9c40c05f59dbb3
    SHA-256: 60f531fb0674558477547d5f796d99fce66473d5c4134f3509ec722d0e3dc8da
    Size: 2.31 MB
  3. kernel-debug-3.10.0-327.el7.x86_64.rpm
    MD5: b63c3c9a3c84171c21ad41ecd256be47
    SHA-256: a724b2c96644dc24edfd2826f77a714a959da4a12bd281b9bb0cb6d059c9f04d
    Size: 34.64 MB
  4. kernel-debug-devel-3.10.0-327.el7.x86_64.rpm
    MD5: 4e736fca0491940d04d289641c5e9221
    SHA-256: e0ee6f01de8104f977925ece0cf310de1282591c62b4686f7640a7eaabb74572
    Size: 11.00 MB
  5. kernel-devel-3.10.0-327.el7.x86_64.rpm
    MD5: 0fa74ea733a15f14a15607e7ec3db3d2
    SHA-256: d59012397810ac0cde615ef2f98ad9cf1081a776dc8f9eacbff3eb47084a4057
    Size: 10.94 MB
  6. kernel-doc-3.10.0-327.el7.noarch.rpm
    MD5: 3355ee98815aa73b1b534c58da691440
    SHA-256: 3cd77ae4b43f37fc8cd3c7e53b4cb4d01f5b86a6d9b17989dc687f8a74fa6f7b
    Size: 13.40 MB
  7. kernel-headers-3.10.0-327.el7.x86_64.rpm
    MD5: 871667926aee2dc934728ca52296fdcc
    SHA-256: 4bc91a31ae11a2585a75f8e1b4a6f20860d718c6647d5d658ffecc52bed18873
    Size: 3.17 MB
  8. kernel-tools-3.10.0-327.el7.x86_64.rpm
    MD5: 3879f81e6dbbc42a7b38c5f81f37effe
    SHA-256: fbd1ce36cdfc5b81e0e407046850efc95c8466720a3d85debd914c9ccfb82158
    Size: 2.38 MB
  9. kernel-tools-libs-3.10.0-327.el7.x86_64.rpm
    MD5: f5180dd721ea2e1332759bee5795083b
    SHA-256: 331b88e84cd20a2aa248ebb11ae50be05487ed86232e2ebeec3c9c0538a2a821
    Size: 2.30 MB
  10. perf-3.10.0-327.el7.x86_64.rpm
    MD5: 570417c319d2cda2fa59783059491c4d
    SHA-256: 4fb9f7d0e005a6d930c2bcfe3d1610b7929f5b724fb8515663ef04556330a482
    Size: 3.30 MB
  11. python-perf-3.10.0-327.el7.x86_64.rpm
    MD5: d0659d65bdd874d5536478a2f4fb50f2
    SHA-256: c8d18cc8448e46dd8660c68c49e41fdda4e4ab9f48f34f7d6547249b0c33e57a
    Size: 2.38 MB