kernel-2.6.32-696.16.1.el6

エラータID: AXSA:2017-2479:08

リリース日:

2017/12/14 Thursday - 16:22

題名:

影響のあるチャネル:

Asianux Server 4 for x86_64

Asianux Server 4 for x86

Severity:

High

Description:

以下項目について対処しました。

[Security Fix]
- ネットワーキングサブシステムの raw ソケットの実装には、競合状態のた
めに use-after-free を引き起こされるおそれがあり、CAP_NET_RAW 権限を持っ
た悪意のあるローカルユーザにより、raw ソケットの socket(2) を介して、
権限を昇格される脆弱性が存在します。(CVE-2017-1000111)

- net/ipv4/ip_output.c の ip_ufo_append_data 関数には、競合状態による
メモリ破壊のため、悪意のあるローカルユーザにより、MSG_MORE オプション
のついた UFO パケットを介して、権限を昇格される脆弱性が存在します。
IPv6 コードにも同様の脆弱性が存在します。(CVE-2017-1000112)

- net/ipv4/tcp.c の tcp_disconnect 関数には、ローカルユーザにより、
tcp_recvmsg 関数の特定のコードパス内におけるコネクション切断処理をきっ
かけに、サービス運用妨害 (__tcp_select_window 関数内でのゼロ除算エラー
とシステムクラッシュ) 状態にされる脆弱性が存在します。(CVE-2017-14106)

一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/

解決策:

パッケージをアップデートしてください。

CVE:

CVE-2017-1000111
Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.

CVE-2017-1000112
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005.

CVE-2017-14106
The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path.

追加情報:

N/A

ダウンロード:

SRPMS

kernel-2.6.32-696.16.1.el6.src.rpm
MD5: dbfb5c5825bd6b42f076e2e519a72e4c
SHA-256: dbf87b2bd5b03f0a1ef6be40823ff67f3423b66b6180771e3ef7115ea9d56cbc
Size: 128.64 MB

Asianux Server 4 for x86

kernel-2.6.32-696.16.1.el6.i686.rpm
MD5: 6fbfb6d26eef24b45eed522b20a0fdff
SHA-256: 1910af69409aa93c854a4b03e6fd6b03c9408141b2e37d8d50a334494d56a22a
Size: 29.72 MB
kernel-abi-whitelists-2.6.32-696.16.1.el6.noarch.rpm
MD5: 29b1cf932f8c93ae658f55f89af3d7b7
SHA-256: f4273022f0e1a08996ea686f2bd913a64a0627407e6cce79a22b7fee8831fc8f
Size: 3.74 MB
kernel-debug-2.6.32-696.16.1.el6.i686.rpm
MD5: 6008dbece1e9cc853b0dba044e121bf9
SHA-256: 23a418a275f4afec8480c59b7e3884652a3824d3db64f60679ddd50bb0880185
Size: 30.51 MB
kernel-debug-devel-2.6.32-696.16.1.el6.i686.rpm
MD5: c048614280dab3bc97c744ceb325fffc
SHA-256: e5dddc396937132c481df90f211b12eb03f9d2055efb7146a6bccc79562ffa3e
Size: 10.70 MB
kernel-devel-2.6.32-696.16.1.el6.i686.rpm
MD5: 13dd07252c85267522f1112aa33f5062
SHA-256: 20ea8c20df37b722634c2170e085dfacc9a31c8f8321f23be73d2dbe07d78063
Size: 10.66 MB
kernel-doc-2.6.32-696.16.1.el6.noarch.rpm
MD5: 5b632fc5ab4bea3af0fd8abe8649065e
SHA-256: 4facebd6c1219bc62795a143c33f3f893228f5764e9f36b1b2f9447f6592d656
Size: 12.31 MB
kernel-firmware-2.6.32-696.16.1.el6.noarch.rpm
MD5: d091abba98a621761b5cd873576868e1
SHA-256: dc488d12674bf133765c43808c6d8be334b94d137b1f02e39debc14ecb97853c
Size: 28.81 MB
kernel-headers-2.6.32-696.16.1.el6.i686.rpm
MD5: dfb5c6cb092306a60d4e4acba44efb57
SHA-256: cb595b134a5bd1a6518ddee124cc955fae25e89af7525cb80b341649eb164854
Size: 4.46 MB
perf-2.6.32-696.16.1.el6.i686.rpm
MD5: 854859156af067b03c448b9ad8ce1a20
SHA-256: 1a48702b8fae8a7bc81e055178965307930668985b2e2ecec20fb53226b7271e
Size: 4.69 MB

Asianux Server 4 for x86_64

kernel-2.6.32-696.16.1.el6.x86_64.rpm
MD5: bc09619a4d7b6ebe40ff8cb8da27b509
SHA-256: 40882ee1742514c95e0bce649599274fb2dead939129d835b4d10d538c799ecc
Size: 32.02 MB
kernel-abi-whitelists-2.6.32-696.16.1.el6.noarch.rpm
MD5: 4433a7e85e84ca0f730a72f049b436b0
SHA-256: 47d4ab71af9e56803ead080f4902f8e71651441eab54098164974558f06e9f00
Size: 3.74 MB
kernel-debug-2.6.32-696.16.1.el6.x86_64.rpm
MD5: c7f92b8b8b5b704715427d4a14270467
SHA-256: 2a6d24ddfb717208d5189aeb5dd70e864407b430fbd6cb707f56e260b69d8c82
Size: 32.90 MB
kernel-debug-devel-2.6.32-696.16.1.el6.x86_64.rpm
MD5: 498bc37ee558a0bcc57810cda5ae1886
SHA-256: d89479faa0ecee9be0dba420f53f6f3cf2db8402bc56e2013cdae3110c584951
Size: 10.75 MB
kernel-devel-2.6.32-696.16.1.el6.x86_64.rpm
MD5: a94ea1dbf53a08a17185f0226248d4d5
SHA-256: 4b68ba754c2e4ff4d50b9631ec5f4f60133d597e5ef8727b85a668848e42a4d0
Size: 10.71 MB
kernel-doc-2.6.32-696.16.1.el6.noarch.rpm
MD5: b92ea092e2dca0a23e0aec7e3092855f
SHA-256: 7ab5e3aa62a55597a5c64c71b9a266c6e84e1b40cef6a49a8af4fac17a100de6
Size: 12.31 MB
kernel-firmware-2.6.32-696.16.1.el6.noarch.rpm
MD5: 089dbe82819a0ce7acaeeb8ac3d720a4
SHA-256: 3bbd8cf290905273227177cf555a502e32eeef85e04b35d4c049aa4442e6f329
Size: 28.81 MB
kernel-headers-2.6.32-696.16.1.el6.x86_64.rpm
MD5: 03e570e343a9b3affa557cba19cf4436
SHA-256: 6d6a0e03f49cba0d6871b261239149ba0d9b9719b60480cca1ed277ef9439971
Size: 4.46 MB
perf-2.6.32-696.16.1.el6.x86_64.rpm
MD5: 2939132cebf848adf3b53a35180be5a5
SHA-256: 4e1eb7d5edc8e928ee31aebc998e00ff2a87604d7db5c2ba845643ab93efc60f
Size: 4.66 MB

English

Main menu

You are here

kernel-2.6.32-696.16.1.el6