Important CentOS kernel Security Update
|kernel-3.10.0-327.28.3.el7.src.rpm, kernel-3.10.0-327.28.3.el7.x86_64.rpm, kernel-abi-whitelists-3.10.0-327.28.3.el7.noarch.rpm, kernel-debug-3.10.0-327.28.3.el7.x86_64.rpm, kernel-debug-devel-3.10.0-327.28.3.el7.x86_64.rpm, kernel-devel-3.10.0-327.28.3.el7.x86_64.rpm, kernel-doc-3.10.0-327.28.3.el7.noarch.rpm, kernel-headers-3.10.0-327.28.3.el7.x86_64.rpm, kernel-tools-3.10.0-327.28.3.el7.x86_64.rpm, kernel-tools-libs-3.10.0-327.28.3.el7.x86_64.rpm, kernel-tools-libs-devel-3.10.0-327.28.3.el7.x86_64.rpm, perf-3.10.0-327.28.3.el7.x86_64.rpm, python-perf-3.10.0-327.28.3.el7.x86_64.rpm|
An update for kernel is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
The kernel packages contain the Linux kernel, the core of any Linux
It was found that the RFC 5961 challenge ACK rate limiting as implemented
in the Linux kernel's networking subsystem allowed an off-path attacker to
leak certain information about a given connection by creating congestion on
the global challenge ACK rate limit counter and then measuring the changes
by probing packets. An off-path attacker could use this flaw to either
terminate TCP connection and/or inject payload into non-secured TCP
connection between two endpoints on the network. (CVE-2016-5696, Important)
Red Hat would like to thank Yue Cao from Cyber Security Group in the CS department of University of California, Riverside, for reporting this issue.
Please see https://www.redhat.com/footer/terms-of-use.html
Am I vulnerable?
The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.
Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.Sign up for monitoring
Affected package information