Important CentOS kernel Security Update

Metadata

medium
5.8
kernel-3.10.0-327.28.3.el7.src.rpm, kernel-3.10.0-327.28.3.el7.x86_64.rpm, kernel-abi-whitelists-3.10.0-327.28.3.el7.noarch.rpm, kernel-debug-3.10.0-327.28.3.el7.x86_64.rpm, kernel-debug-devel-3.10.0-327.28.3.el7.x86_64.rpm, kernel-devel-3.10.0-327.28.3.el7.x86_64.rpm, kernel-doc-3.10.0-327.28.3.el7.noarch.rpm, kernel-headers-3.10.0-327.28.3.el7.x86_64.rpm, kernel-tools-3.10.0-327.28.3.el7.x86_64.rpm, kernel-tools-libs-3.10.0-327.28.3.el7.x86_64.rpm, kernel-tools-libs-devel-3.10.0-327.28.3.el7.x86_64.rpm, perf-3.10.0-327.28.3.el7.x86_64.rpm, python-perf-3.10.0-327.28.3.el7.x86_64.rpm
CVE-2016-5696
rhn.redhat.com, lists.centos.org
2016-08-20
2017-07-27 19:11
ALAS-2016-726
Important CentOS kernel Security Update
CVE-2016-5696 linux
CVE-2016-5696
2017-04-01 19:10
2017-01-05 20:14

Description


An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

It was found that the RFC 5961 challenge ACK rate limiting as implemented
in the Linux kernel's networking subsystem allowed an off-path attacker to
leak certain information about a given connection by creating congestion on
the global challenge ACK rate limit counter and then measuring the changes
by probing packets. An off-path attacker could use this flaw to either
terminate TCP connection and/or inject payload into non-secured TCP
connection between two endpoints on the network. (CVE-2016-5696, Important)

Red Hat would like to thank Yue Cao from Cyber Security Group in the CS department of University of California, Riverside, for reporting this issue.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
7 kernel kernel-3.10.0-327.28.3.el7.src.rpm
kernel kernel-3.10.0-327.28.3.el7.x86_64.rpm
kernel-abi-whitelists kernel-abi-whitelists-3.10.0-327.28.3.el7.noarch.rpm
kernel-debug kernel-debug-3.10.0-327.28.3.el7.x86_64.rpm
kernel-debug-devel kernel-debug-devel-3.10.0-327.28.3.el7.x86_64.rpm
kernel-devel kernel-devel-3.10.0-327.28.3.el7.x86_64.rpm
kernel-doc kernel-doc-3.10.0-327.28.3.el7.noarch.rpm
kernel-headers kernel-headers-3.10.0-327.28.3.el7.x86_64.rpm
kernel-tools kernel-tools-3.10.0-327.28.3.el7.x86_64.rpm
kernel-tools-libs kernel-tools-libs-3.10.0-327.28.3.el7.x86_64.rpm
kernel-tools-libs-devel kernel-tools-libs-devel-3.10.0-327.28.3.el7.x86_64.rpm
perf perf-3.10.0-327.28.3.el7.x86_64.rpm
python-perf python-perf-3.10.0-327.28.3.el7.x86_64.rpm