[LU-9144] kernel update [RHEL6.8 2.6.32-642.13.2.el6] Created: 22/Feb/17  Updated: 11/Sep/18  Resolved: 11/Sep/18

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Minor
Reporter: Bob Glossman (Inactive) Assignee: Bob Glossman (Inactive)
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Related
is related to LU-9148 kernel update [RHEL6.8 2.6.32-642.15.... Resolved
Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   

Security Fix(es):

  • A use-after-free flaw was found in the way the Linux kernel's Datagram
    Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer)
    resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set
    on the socket. A local, unprivileged user could use this flaw to alter the
    kernel memory, allowing them to escalate their privileges on the system.
    (CVE-2017-6074, Important)

Bugs fixed (https://bugzilla.redhat.com/):

1423071 - CVE-2017-6074 kernel: use after free in dccp protocol

 Comments   
Comment by Gerrit Updater [ 23/Feb/17 ]

Bob Glossman (bob.glossman@intel.com) uploaded a new patch: https://review.whamcloud.com/25597
Subject: LU-9144 kernel: kernel update RHEL6.8 [2.6.32-642.13.2.el6]
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 501d49f6023cdfd5a54ad39f154d9b37a0173384

Comment by Bob Glossman (Inactive) [ 23/Feb/17 ]

This ticket is now obsolete. There is already a later kernel version update for el6; LU-9148.

Comment by Oleg Drokin [ 03/Mar/17 ]

This change only affects clients that should be running a patchless client anyway. though I guess we don't have weak updates in EE3 yet?

Generated at Sat Feb 10 02:23:37 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.