SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Linux)  >   Linux Kernel Vendors:   kernel.org
(CentOS Issues Fix) Linux Kernel Out-of-Bounds Memory Access Error in SCTP Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1037644
SecurityTracker URL:  http://securitytracker.com/id/1037644
CVE Reference:   CVE-2016-9555   (Links to External Site)
Date:  Jan 19 2017
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7
Description:   A vulnerability was reported in the Linux kernel. A remote user can cause denial of service conditions on the target system. A remote user can obtain potentially sensitive information on the target system.

A remote user can send specially crafted data to trigger an out-of-bounds memory access error in sctp_sf_ootb() and obtain potentially sensitive information or cause denial of service conditions.

Andrey Konovalov reported this vulnerability.

Impact:   A remote user can cause denial of service conditions.

A remote user can obtain potentially sensitive information on the target system.

Solution:   CentOS has issued a fix.

x86_64:
a301e9bd95957c5af03b85f8612aaf2053de837e1805e6e649312da8f49f952d kernel-3.10.0-514.6.1.el7.x86_64.rpm
dad8a63d9c77bb941a0424b49ff21b6cc67f56e667258fbb3ae8fe9bf61a2812 kernel-abi-whitelists-3.10.0-514.6.1.el7.noarch.rpm
c0f9f36cfe07a52320ac47449654f70400bf73707760037106be9563a1428d56 kernel-debug-3.10.0-514.6.1.el7.x86_64.rpm
09bdd98395b85932b2c73151ff6d025608e4fe874eb8b2a70190a5171bddeda3 kernel-debug-devel-3.10.0-514.6.1.el7.x86_64.rpm
628011a5e1958516519b9c65de9cbe9c17e37cd1d1ec26b123f5ddcfa52ef28c kernel-devel-3.10.0-514.6.1.el7.x86_64.rpm
cfccc9265a4450544ef7fe783259517b9b0926e0982cccaa292781a82e6a9aa2 kernel-doc-3.10.0-514.6.1.el7.noarch.rpm
50decaf498dccec72c9925ef0c009158fd6cb298fcd5ed9e8dc688e0aeaf3b3e kernel-headers-3.10.0-514.6.1.el7.x86_64.rpm
389bc2f1b0999c01dbc57278a8a5fb45d353899c2fbc404f73e15ae7cecbb907 kernel-tools-3.10.0-514.6.1.el7.x86_64.rpm
b2b363e82c863c73dafa895601bdd1fa9aea72bbd3325e1a63e8fbdec6290b35 kernel-tools-libs-3.10.0-514.6.1.el7.x86_64.rpm
5c32cfb66d0b0fc4c6aa6530b70c0d2a65dd6d2631ee68364c1843196ddcf35d kernel-tools-libs-devel-3.10.0-514.6.1.el7.x86_64.rpm
0e49420a74763b655ebf9b0dfbd3d8d9cb8fca551e7f4cd052667b253630b921 perf-3.10.0-514.6.1.el7.x86_64.rpm
ea6b2f457ed461d2e1b1b451b834510dc8869be78d7aa3d59fc730c819f6edc0 python-perf-3.10.0-514.6.1.el7.x86_64.rpm

Source:
cb4cf328e79357f0d0884ee1c84ff4a014554b6e0c9094b6d616cab540c43289 kernel-3.10.0-514.6.1.el7.src.rpm

Cause:   Access control error, Boundary error

Message History:   This archive entry is a follow-up to the message listed below.
Nov 24 2016 Linux Kernel Out-of-Bounds Memory Access Error in SCTP Lets Remote Users Deny Service or Obtain Potentially Sensitive Information



 Source Message Contents

Subject:  [CentOS-announce] CESA-2017:0086 Important CentOS 7 kernel Security Update


CentOS Errata and Security Advisory 2017:0086 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-0086.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
a301e9bd95957c5af03b85f8612aaf2053de837e1805e6e649312da8f49f952d  kernel-3.10.0-514.6.1.el7.x86_64.rpm
dad8a63d9c77bb941a0424b49ff21b6cc67f56e667258fbb3ae8fe9bf61a2812  kernel-abi-whitelists-3.10.0-514.6.1.el7.noarch.rpm
c0f9f36cfe07a52320ac47449654f70400bf73707760037106be9563a1428d56  kernel-debug-3.10.0-514.6.1.el7.x86_64.rpm
09bdd98395b85932b2c73151ff6d025608e4fe874eb8b2a70190a5171bddeda3  kernel-debug-devel-3.10.0-514.6.1.el7.x86_64.rpm
628011a5e1958516519b9c65de9cbe9c17e37cd1d1ec26b123f5ddcfa52ef28c  kernel-devel-3.10.0-514.6.1.el7.x86_64.rpm
cfccc9265a4450544ef7fe783259517b9b0926e0982cccaa292781a82e6a9aa2  kernel-doc-3.10.0-514.6.1.el7.noarch.rpm
50decaf498dccec72c9925ef0c009158fd6cb298fcd5ed9e8dc688e0aeaf3b3e  kernel-headers-3.10.0-514.6.1.el7.x86_64.rpm
389bc2f1b0999c01dbc57278a8a5fb45d353899c2fbc404f73e15ae7cecbb907  kernel-tools-3.10.0-514.6.1.el7.x86_64.rpm
b2b363e82c863c73dafa895601bdd1fa9aea72bbd3325e1a63e8fbdec6290b35  kernel-tools-libs-3.10.0-514.6.1.el7.x86_64.rpm
5c32cfb66d0b0fc4c6aa6530b70c0d2a65dd6d2631ee68364c1843196ddcf35d  kernel-tools-libs-devel-3.10.0-514.6.1.el7.x86_64.rpm
0e49420a74763b655ebf9b0dfbd3d8d9cb8fca551e7f4cd052667b253630b921  perf-3.10.0-514.6.1.el7.x86_64.rpm
ea6b2f457ed461d2e1b1b451b834510dc8869be78d7aa3d59fc730c819f6edc0  python-perf-3.10.0-514.6.1.el7.x86_64.rpm

Source:
cb4cf328e79357f0d0884ee1c84ff4a014554b6e0c9094b6d616cab540c43289  kernel-3.10.0-514.6.1.el7.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC