Meltdown CPU Vulnerability CVE-2017-5754

【CESA-2017:1440】最新バージョンの firefox が、Red Hat Enterprise Linux 7 からご利用いただけるようになりました

CESA-2017:1440

最新バージョンの firefox が、Red Hat Enterprise Linux 7 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 52.2.0 ESR.

Security Fix(es):

* Multiple flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or, potentially,
execute arbitrary code with the privileges of the user running Firefox.
(CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7751, CVE-2017-7756,
CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775,
CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7750, CVE-2017-7752,
CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Nils, Nicolas Trippar of Zimperium zLabs, Mats Palmgren,
Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, André
Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous,
Ronald Crane, Samuel Erb, Holger Fuhrmannek, Tyson Smith, Abhishek Arya, and F.
Alonso (revskills) as the original reporters.

Bugs Fixed

1461252 – CVE-2017-5472 Mozilla: Use-after-free using destroyed node when regenerating trees (MFSA 2017-16)
1461253 – CVE-2017-7749 Mozilla: Use-after-free during docshell reloading (MFSA 2017-16)
1461254 – CVE-2017-7750 Mozilla: Use-after-free with track elements (MFSA 2017-16)
1461255 – CVE-2017-7751 Mozilla: Use-after-free with content viewer listeners (MFSA 2017-16)
1461256 – CVE-2017-7752 Mozilla: Use-after-free with IME input (MFSA 2017-16)
1461257 – CVE-2017-7754 Mozilla: Out-of-bounds read in WebGL with ImageInfo object (MFSA 2017-16)
1461258 – CVE-2017-7756 Mozilla: Use-after-free and use-after-scope logging XHR header errors (MFSA 2017-16)
1461259 – CVE-2017-7757 Mozilla: Use-after-free in IndexedDB (MFSA 2017-16)
1461260 – CVE-2017-7778 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 Mozilla: Vulnerabilities in the Graphite 2 library (MFSA 2017-16)
1461261 – CVE-2017-7758 Mozilla: Out-of-bounds read in Opus encoder (MFSA 2017-16)
1461262 – CVE-2017-7764 Mozilla: Domain spoofing with combination of Canadian Syllabics and other unicode blocks (MFSA 2017-16)
1461264 – CVE-2017-5470 Mozilla: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 (MFSA 2017-16)

【CESA-2017:1430】最新バージョンの qemu-kvm が、Red Hat Enterprise Linux 7 からご利用いただけるようになりました

CESA-2017:1430

最新バージョンの qemu-kvm が、Red Hat Enterprise Linux 7 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux
on a variety of architectures. The qemu-kvm package provides the user-space
component for running virtual machines that use KVM.

Security Fix(es):

* An out-of-bounds r/w access issue was found in QEMU’s Cirrus CLGD 54xx VGA
Emulator support. The vulnerability could occur while copying VGA data via
various bitblt functions. A privileged user inside a guest could use this flaw
to crash the QEMU process or, potentially, execute arbitrary code on the host
with privileges of the QEMU process. (CVE-2017-7980)

* An out-of-bounds access issue was found in QEMU’s Cirrus CLGD 54xx VGA
Emulator support. The vulnerability could occur while copying VGA data using
bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user
inside a guest could use this flaw to crash the QEMU process, resulting in
denial of service. (CVE-2017-7718)

Red Hat would like to thank Jiangxin (PSIRT Huawei Inc) and Li Qiang (Qihoo 360
Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT Huawei Inc) for
reporting CVE-2017-7718.

Bug Fix(es):

* Previously, guest virtual machines in some cases became unresponsive when the
“pty” back end of a serial device performed an irregular I/O communication. This
update improves the handling of serial I/O on guests, which prevents the
described problem from occurring. (BZ#1452332)

Bugs Fixed

1443441 – CVE-2017-7718 Qemu: display: cirrus: OOB read access issue
1444371 – CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines
1452332 – RHEL 7.2 based VM (Virtual Machine) hung for several hours apparently waiting for lock held by main_loop

【CESA-2017:1365】最新バージョンの nss が、Red Hat Enterprise Linux 6 からご利用いただけるようになりました

CESA-2017:1365

最新バージョンの nss が、Red Hat Enterprise Linux 6 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

Network Security Services (NSS) is a set of libraries designed to support the
cross-platform development of security-enabled client and server applications.

Security Fix(es):

* A null pointer dereference flaw was found in the way NSS handled empty SSLv2
messages. An attacker could use this flaw to crash a server application compiled
against the NSS library. (CVE-2017-7502)

Bug Fix(es):

* The Network Security Services (NSS) code and Certificate Authority (CA) list
have been updated to meet the recommendations as published with the latest
Mozilla Firefox Extended Support Release (ESR). The updated CA list improves
compatibility with the certificates that are used in the Internet Public Key
Infrastructure (PKI). To avoid certificate validation refusals, Red Hat
recommends installing the updated CA list on June 12, 2017. (BZ#1451421)

【CESA-2017:1364】最新バージョンの sudo が、Red Hat Enterprise Linux 6 からご利用いただけるようになりました

CESA-2017:1364

最新バージョンの sudo が、Red Hat Enterprise Linux 6 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

 

The sudo packages contain the sudo utility which allows system administrators to
provide certain users with the permission to execute privileged commands, which
are used for system management purposes, without having to log in as root.

Security Fix(es):

* A flaw was found in the way sudo parsed tty information from the process
status file in the proc filesystem. A local user with privileges to execute
commands via sudo could use this flaw to escalate their privileges to root.
(CVE-2017-1000367)

Red Hat would like to thank Qualys Security for reporting this issue.

 

【CESA-2017:1372】最新バージョンの kernel が、Red Hat Enterprise Linux 6 からご利用いただけるようになりました

CESA-2017:1372

最新バージョンの kernel が、Red Hat Enterprise Linux 6 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

Security Fix(es):

* A flaw was found in the Linux kernel’s handling of packets with the URG flag.
Applications using the splice() and tcp_splice_read() functionality can allow a
remote attacker to force the kernel to enter a condition in which it can loop
indefinitely. (CVE-2017-6214, Moderate)

Bug Fix(es):

* When executing certain Hadoop jobs, a kernel panic occasionally occurred on
multiple nodes of a cluster. This update fixes the kernel scheduler, and the
kernel panic no longer occurs under the described circumstances. (BZ#1436241)

* Previously, memory leak of the struct cred data structure and related data
structures occasionally occurred. Consequently, system performance was
suboptimal with the symptoms of high I/O operations wait and small amount of
free memory. This update fixes the reference counter of the struct slab cache to
no longer cause imbalance between the calls to the get_cred() function and the
put_cred() function. As a result, the memory leak no longer occurs under the
described circumstances. (BZ#1443234)

* Previously, the be2net driver could not detect the link status properly on IBM
Power Systems. Consequently, the link status was always reported as
disconnected. With this update, be2net has been fixed, and the Network Interface
Cards (NICs) now report the link status correctly. (BZ#1442979)

* Previously, the RFF_ID and RFT_ID commands in the lpfc driver were issued in
an incorrect order. Consequently, users were not able to access Logical Unit
Numbers (LUNs). With this update, lpfc has been fixed to issue RFT_ID before
RFF_ID, which is the correct order. As a result, users can now access LUNs as
expected. (BZ#1439636)

* Previously, the kdump mechanism was trying to get the lock by the
vmalloc_sync_all() function during a kernel panic. Consequently, a deadlock
occurred, and the crashkernel did not boot. This update fixes the
vmalloc_sync_all() function to avoid synchronizing the vmalloc area on the
crashing CPU. As a result, the crashkernel parameter now boots as expected, and
the kernel dump is collected successfully under the described circumstances.
(BZ#1443499)

Bugs Fixed

1426542 – CVE-2017-6214 kernel: ipv4/tcp: Infinite loop in tcp_splice_read()

【CESA-2017:1382】最新バージョンの sudo が、Red Hat Enterprise Linux 6/7 からご利用いただけるようになりました

CESA-2017:1382

最新バージョンの sudo が、Red Hat Enterprise Linux 6/7 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

The sudo packages contain the sudo utility which allows system administrators to
provide certain users with the permission to execute privileged commands, which
are used for system management purposes, without having to log in as root.

Security Fix(es):

* A flaw was found in the way sudo parsed tty information from the process
status file in the proc filesystem. A local user with privileges to execute
commands via sudo could use this flaw to escalate their privileges to root.
(CVE-2017-1000367)

Red Hat would like to thank Qualys Security for reporting this issue.

Bugs Fixed

1453074 – CVE-2017-1000367 sudo: Privilege escalation in via improper get_process_ttyname() parsing

【CESA-2017:1364】最新バージョンの nss が、Red Hat Enterprise Linux 6からご利用いただけるようになりました

CESA-2017:1364

最新バージョンの nss が、Red Hat Enterprise Linux 6からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

Network Security Services (NSS) is a set of libraries designed to support the
cross-platform development of security-enabled client and server applications.

Security Fix(es):

* A null pointer dereference flaw was found in the way NSS handled empty SSLv2
messages. An attacker could use this flaw to crash a server application compiled
against the NSS library. (CVE-2017-7502)

Bug Fix(es):

* The Network Security Services (NSS) code and Certificate Authority (CA) list
have been updated to meet the recommendations as published with the latest
Mozilla Firefox Extended Support Release (ESR). The updated CA list improves
compatibility with the certificates that are used in the Internet Public Key
Infrastructure (PKI). To avoid certificate validation refusals, Red Hat
recommends installing the updated CA list on June 12, 2017. (BZ#1448488)

【CESA-2017:1308】最新バージョンの kernel が、Red Hat Enterprise Linux 7 からご利用いただけるようになりました

CESA-2017:1308

最新バージョンの kernel が、Red Hat Enterprise Linux 7 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

Security Fix(es):

* It was found that the packet_set_ring() function of the Linux kernel’s
networking implementation did not properly validate certain block-size data. A
local attacker with CAP_NET_RAW capability could use this flaw to trigger a
buffer overflow, resulting in the crash of the system. Due to the nature of the
flaw, privilege escalation cannot be fully ruled out. (CVE-2017-7308, Important)

* Mounting a crafted EXT4 image read-only leads to an attacker controlled memory
corruption and SLAB-Out-of-Bounds reads. (CVE-2016-10208, Moderate)

* A flaw was found in the Linux kernel’s implementation of seq_file where a
local attacker could manipulate memory in the put() function pointer. This could
lead to memory corruption and possible privileged escalation. (CVE-2016-7910,
Moderate)

* A vulnerability was found in the Linux kernel. An unprivileged local user
could trigger oops in shash_async_export() by attempting to force the in-kernel
hashing algorithms into decrypting an empty data set. (CVE-2016-8646, Moderate)

* It was reported that with Linux kernel, earlier than version v4.10-rc8, an
application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer
is full, a thread is waiting on it to queue more data, and meanwhile another
thread peels off the association being used by the first thread. (CVE-2017-5986,
Moderate)

Red Hat would like to thank Igor Redko (Virtuozzo kernel team) for reporting
CVE-2016-8646.

Additional Changes:

This update also fixes several bugs and adds various enhancements. Documentation
for these changes is available from the Technical Notes document linked to in
the References section.

Bugs Fixed

1388821 – CVE-2016-8646 kernel: Oops in shash_async_export()
1395190 – CVE-2016-10208 kernel: EXT4 memory corruption / SLAB out-of-bounds read
1399727 – CVE-2016-7910 kernel: Use after free in seq file
1420276 – CVE-2017-5986 kernel: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf
1437404 – CVE-2017-7308 kernel: net/packet: overflow in check for priv area size

【CESA-2017:1270】最新バージョンの samba が、Red Hat Enterprise Linux 6/7 からご利用いただけるようになりました

CESA-2017:1270

最新バージョンの samba が、Red Hat Enterprise Linux 6/7 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

Samba is an open-source implementation of the Server Message Block (SMB)
protocol and the related Common Internet File System (CIFS) protocol, which
allow PC-compatible machines to share files, printers, and various information.

Security Fix(es):

* A remote code execution flaw was found in Samba. A malicious authenticated
samba client, having write access to the samba share, could use this flaw to
execute arbitrary code as root. (CVE-2017-7494)

Red Hat would like to thank the Samba project for reporting this issue. Upstream
acknowledges steelo as the original reporter.

Bugs Fixed

1450347 – CVE-2017-7494 samba: Loading shared modules from any path in the system leading to RCE