Security updates for the following kernels

[Irina Semenova]

We've released security updates for the following kernels:

- CloudLinux6 Hybrid

- CloudLinux 7

- Oracle Linux 7

- Proxmox VE 3.10

- RHEL7

Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.

You can manually update the serv

er by running:

# /usr/bin/kcarectl --update

Fixed CVE:

CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message.

CHANGELOG:

cl6h:
  CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when
    CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id
    is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service
    (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE
    xfrm Netlink message.
  cvelist: [CVE-2017-11600]
  latest-version: kernel-3.10.0-714.10.2.lve1.5.17.1.el6h
cl7:
  CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when
    CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id
    is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service
    (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE
    xfrm Netlink message.
  cvelist: [CVE-2017-11600]
  latest-version: kernel-3.10.0-714.10.2.lve1.5.17.1.el7
oel7:
  CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when
    CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id
    is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service
    (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE
    xfrm Netlink message.
  cvelist: [CVE-2017-11600]
  latest-version: kernel-3.10.0-862.2.3.el7
pve-3.10:
  CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when
    CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id
    is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service
    (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE
    xfrm Netlink message.
  cvelist: [CVE-2017-11600]
  latest-version: pve-kernel-3.10.0-22-pve_3.10.0-52
rhel7:
  CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when
    CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id
    is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service
    (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE
    xfrm Netlink message.
  cvelist: [CVE-2017-11600]
  latest-version: 3.10.0-862.6.3.el7

--

-- 

Regards, 

Irina Semenova | Project Coordinator of KernelCare 

Skype: iras535

CloudLinux.com  |  KernelCare.com  |  Imunify360 

helpdesk.cloudlinux.com: 24/7 Free, exceptionally good support
Follow twitter.com/CloudLinuxOS for technical updates