Difference between revisions of "Download/kernel/rhel6/042stab131.1"

Warning: this is an old version of RHEL6 kernel. For the latest version, see Download/kernel/rhel6/042stab145.3.

Changes[edit]

Since 042stab130.1:

• Rebase to RHEL6u10 kernel 2.6.32-754.el6
• [Important] The do_get_mempolicy() function in 'mm/mempolicy.c' in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-10675)
• [Moderate] It was found that AIO interface didn't use the proper rw_verify_area() helper function with extended functionality, for example, mandatory locking on the file. Also rw_verify_area() makes extended checks, for example, that the size of the access doesn't cause overflow of the provided offset limits. This integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. (CVE-2012-6701)
• [Moderate] Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression. (CVE-2015-8830)
• [Moderate] A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key. (CVE-2016-8650)
• [Moderate] A race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system. (CVE-2017-2671)
• [Moderate] It was found that the original fix for CVE-2016-6786 was incomplete. There exist a race between two concurrent sys_perf_event_open() calls when both try and move the same pre-existing software group into a hardware context. (CVE-2017-6001)
• [Moderate] Incorrect error handling in the set_mempolicy() and mbind() compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. (CVE-2017-7616)
• [Moderate] The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. (CVE-2017-7889)
• [Moderate] It was found that in the Linux kernel through v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in 'block/bio.c' do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page. bio_add_pc_page() merges them into one, but the page reference is never dropped, causing a memory leak and possible system lockup due to out-of-memory condition. (CVE-2017-12190)
• [Moderate] The Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker. (CVE-2017-18203)
• [Moderate] An error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS. (CVE-2018-5803)
• [Low] Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel allows local users to cause a denial of service (kernel memory exhaustion) via multiple read accesses to files in the /sys/class/sas_phy directory. (CVE-2018-7757)
• Reloading the nf_conntrack module could result in node crash. (PSBM-85938)

See also[edit]

• RHSA-2018-1854
• CVE-2012-6701
• CVE-2015-8830
• CVE-2016-8650
• CVE-2017-2671
• CVE-2017-6001
• CVE-2017-7616
• CVE-2017-7889
• CVE-2017-12190
• CVE-2017-18203
• CVE-2018-5803
• CVE-2018-7757
• CVE-2018-10675

RPMs[edit]

x86 (i686, IA32)[edit]

x86_64 (AMD64, EM64T)[edit]

source[edit]

DEBs[edit]

AMD64 (x86_64, EM64T)[edit]

x86 (i686, IA32)[edit]

Kernel patch[edit]

This patch is applicable to vanilla Linux 2.6.32 kernel (not to 2.6.32.y), available from kernel.org.

Configs[edit]

Official configs of this OpenVZ kernel used to build binaries.

Archives[edit]

For other rhel6 kernel releases, see download/kernel/rhel6/Archives.

For other kernel branches, see download/kernel.