[Announce] Kernel RHEL5 028stab122.1
Vasily Averin
vvs at openvz.org
Tue Mar 21 04:16:07 PDT 2017
OpenVZ project released an updated RHEL5 based kernel.
Read below for more information. Everyone is advised to update.
Changes and Download
====================
(since 028stab121.1)
* Rebase to RHEL5 kernel 2.6.32-419.el5
* A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074, Important)
* It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system. (CVE-2017-2634, Moderate)
For more info and downloads, see:
https://openvz.org/Download/kernel/rhel5/028stab122.1
See also
========
https://rhn.redhat.com/errata/RHBA-2017-0274.html
https://rhn.redhat.com/errata/RHSA-2017-0323.html
https://www.redhat.com/security/data/cve/CVE-2017-6074.html
https://www.redhat.com/security/data/cve/CVE-2017-2634.html
Bug reporting
=============
Use http://bugs.openvz.org/ to report any bugs found.
Regards,
OpenVZ team
More information about the Announce
mailing list