IBM Support

ZZ00665: FIXPACK 6 FOR "KVM FOR ZSERIES" 1.1.2

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • TBD
This APAR addresses the below listed Common Vulnerabilities
and Exposures.
.
CVE-2017-7502 nss: Null pointer dereference when handling
  empty SSLv2 messages
CVE-2017-1000366 glibc: heap/stack gap jumping via unbounded
  stack allocations
CVE-2017-1000368 sudo: Privilege escalation via improper
  get_process_ttyname() parsing (insufficient fix for
CVE-2017-1000367)
CVE-2017-3142 bind: An error in TSIG authentication can permit
  unauthorized zone transfers
CVE-2017-3143 bind: An error in TSIG authentication can permit
  unauthorized dynamic updates
CVE-2017-7771 graphite2: out of bounds read in
  "graphite2::Pass::readPass"
CVE-2017-7772 graphite2: heap-buffer-overflow write
  "lz4::decompress" (CVE-2017-7772)
CVE-2017-7773 graphite2: heap-buffer-overflow write
  "lz4::decompress" (src/Decompressor)
CVE-2017-7774 graphite2: out of bounds read
  "graphite2::Silf::readGraphite"
CVE-2017-7775 graphite2: assertion error "size() > n"
CVE-2017-7776 graphite2: heap-buffer-overflow read
  "graphite2::Silf::getClassGlyph"
CVE-2017-7777 graphite2: use of uninitialized memory
  "graphite2::GlyphCache::Loader::read_glyph"
CVE-2017-7778 graphite2: Mozilla: Vulnerabilities in the
  Graphite 2 library (MFSA 2017-16)
CVE-2017-5972 kernel: SYN cookie protection mechanism not
  properly implemented
CVE-2016-8405 kernel: Copying color maps to userspace
  vulnerable to heap-buffer overflow
CVE-2017-8309 Qemu: audio: host memory leakage via capture
  buffer
CVE-2016-7917 The nfnetlink_rcv_batch function in
  net/netfilter/nfnetlink.c in the Linux kernel before 4.5
  does not check whether a batch message's length field is
  large enough, which allows local users to obtain sensitive
  information from kernel memory or cause a denial of service
  (infinite loop or out-of-bounds read) by leveraging the
  CAP_NET_ADMIN capability.
CVE-2016-8632 kernel: TIPC subsystem: tipc_msg_build()
  doesn't validate MTU, may cause memory corruption.
CVE-2016-9604 kernel: security: The built-in keyrings for
  security tokens can be joined as a session and then modified
  by the root user
CVE-2017-0605 kernel: Stack corruption due to string copy
CVE-2017-2671 kernel: ping socket / AF_LLC connect()
  sin_family race
CVE-2017-6001 kernel: Race condition between multiple
  sys_perf_event_open() calls
CVE-2017-7472 kernel: keyctl_set_reqkey_keyring() leaks
  thread keyrings
CVE-2017-7618 kernel: Infinite recursion in ahash.c by
  triggering EBUSY on a full queue
CVE-2017-7645 kernel: nfsd: Incorrect handling of long
  RPC replies
CVE-2016-7913 kernel: media: use-after-free in Ýtuner-xc2028¨
  media driver
CVE-2016-9083 kernel: State machine confusion bug in vfio
  driver leading to memory corruption
CVE-2017-7187 kernel: scsi: Stack-based buffer overflow in
  sg_ioctl function
CVE-2017-1000363 kernel: Out-of-bounds write in lp_setup
  in drivers/char/lp.c
CVE-2017-1000364 kernel: heap/stack gap jumping via unbounded
  stack allocations
CVE-2017-7487 kernel: Reference counter leak in ipxitf_ioctl
  resulting into use after free
CVE-2017-8890 kernel: Double free in the inet_csk_clone_lock
  function in net/ipv4/inet_connection_sock.c
CVE-2017-9074 kernel: net: IPv6 fragmentation implementation
  of nexthdr field may be associated with an invalid option
CVE-2017-9075 kernel: net: sctp_v6_create_accept_sk function
  mishandles inheritance
CVE-2017-9076 kernel: net: IPv6 DCCP implementation mishandles
  inheritance
CVE-2017-9077 kernel: net: tcp_v6_syn_recv_sock function
  mishandles inheritance
CVE-2017-9242 kernel: Incorrect overwrite check in
  __ip6_append_data()
CVE-2017-9461 samba: fd_open_atomic infinite loop due to
  wrong handling of dangling symlinks
CVE-2017-10110 OpenJDK: insufficient access control checks
  in ImageWatched (AWT, 8174098)
CVE-2017-10107 OpenJDK: insufficient access control checks
  in ActivationID (RMI, 8173697)
CVE-2017-10101 OpenJDK: unrestricted access to
  com.sun.org.apache.xml.internal.resolver (JAXP, 8173286)
CVE-2017-10096 OpenJDK: insufficient access control checks
  in XML transformations (JAXP, 8172469)
CVE-2017-10090 OpenJDK: insufficient access control checks
  in AsynchronousChannelGroupImpl (8172465, Libraries)
CVE-2017-10089 OpenJDK: insufficient access control checks
  in ServiceRegistry (ImageIO, 8172461)
CVE-2017-10087 OpenJDK: insufficient access control checks
  in ThreadPoolExecutor (Libraries, 8172204)
CVE-2017-10102 OpenJDK: incorrect handling of references in
  DGC (RMI, 8163958)
CVE-2017-10116 OpenJDK: LDAPCertStore following referrals to
  non-LDAP URLs (Security, 8176067)
CVE-2017-10078 OpenJDK: Nashorn incompletely blocking access
  to Java APIs (Scripting, 8171539)
CVE-2017-10115 OpenJDK: DSA implementation timing attack
  (JCE, 8175106)
CVE-2017-10067 OpenJDK: JAR verifier incorrect handling of
  missing digest (Security, 8169392)
CVE-2017-10125 Oracle JDK: unspecified vulnerability fixed
  in 7u151 and 8u141 (Deployment)
CVE-2017-10243 OpenJDK: insecure XML parsing in wsdlimport
  (JAX-WS, 8182054)
CVE-2017-10109 OpenJDK: unbounded memory allocation in
  CodeSource deserialization (Serialization, 8174113)
CVE-2017-10108 OpenJDK: unbounded memory allocation in
  BasicAttribute deserialization (Serialization, 8174105)
CVE-2017-10053 OpenJDK: reading of unprocessed image data in
  JPEGImageReader (2D, 8169209)
CVE-2017-10105 Oracle JDK: unspecified vulnerability fixed
  in 6u161, 7u151, and 8u141 (Deployment)
In addition the package contains fixes for the following
issues.
NetworkManager error with bonding interface.
lnxhc crypto checks failed.
kernel:unregister_netdevice: waiting for lo to become
  free. Usage count ...
missing of shared libraries: libica.so.3

Local fix

  • 



Problem summary


    

  • CVE-2017-7502 nss: Null pointer dereference vulnerability in NSS
since 3.24.0 was found when server receives empty SSLv2 messages
resulting into denial of service by remote attacker.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502
.
Null pointer dereference vulnerability in NSS since 3.24.0
was found when server receives empty SSLv2 messages
resulting into denial of service by remote attacker.
.
CVE-2017-1000366 glibc: glibc contains a vulnerability
that allows specially crafted LD_LIBRARY_PATH values
to manipulate the heap/stack, causing them to alias,
potentially resulting in arbitrary code execution. Please
note that additional hardening changes have been made to
glibc to prevent manipulation of stack and heap memory but
these issues are not directly exploitable, as such they have
not been given a CVE. This affects glibc 2.25 and earlier.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000366
.
glibc contains a vulnerability that allows specially
crafted LD_LIBRARY_PATH values to manipulate the heap/stack,
causing them to alias, potentially resulting in arbitrary
code execution. Please note that additional hardening changes
have been made to glibc to prevent manipulation of stack and
heap memory but these issues are not directly exploitable,
as such they have not been given a CVE. This affects glibc
2.25 and earlier.
.
CVE-2017-1000368 sudo: Todd Miller's sudo version
1.8.20p1 and earlier is vulnerable to an input validation
(embedded newlines) in the get_process_ttyname() function
resulting in information disclosure and command execution.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000368
.
Todd Miller's sudo version 1.8.20p1 and earlier is
vulnerable to an input validation (embedded newlines) in
the get_process_ttyname() function resulting in information
disclosure and command execution.
.
CVE-2017-3142 bind: An error in TSIG authentication can permit
unauthorized zone transfers
.
CVE-2017-3143 bind: An error in TSIG authentication can permit
unauthorized dynamic updates
.
CVE-2017-7771 graphite2: out of bounds read in
"graphite2::Pass::readPass"
.
CVE-2017-7772 graphite2: heap-buffer-overflow write
"lz4::decompress" (CVE-2017-7772)
.
CVE-2017-7773 graphite2: heap-buffer-overflow write
"lz4::decompress" (src/Decompressor)
.
CVE-2017-7774 graphite2: out of bounds read
"graphite2::Silf::readGraphite"
.
CVE-2017-7775 graphite2: assertion error "size() > n"
.
CVE-2017-7776 graphite2: heap-buffer-overflow read
"graphite2::Silf::getClassGlyph"
.
CVE-2017-7777 graphite2: use of uninitialized memory
"graphite2::GlyphCache::Loader::read_glyph"
.
CVE-2017-7778 graphite2: Mozilla: Vulnerabilities in the
Graphite 2 library (MFSA 2017-16)
.
CVE-2017-5972 The TCP stack in the Linux kernel 3.x
does not properly implement a SYN cookie protection
mechanism for the case of a fast network connection, which
allows remote attackers to cause a denial of service
(CPU consumption) by sending many TCP SYN packets,
as demonstrated by an attack against the kernel-3.10.0
package in CentOS Linux 7. NOTE: third parties have been
unable to discern any relationship between the GitHub
Engineering finding and the Trigemini.c attack code.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5972
.
The TCP stack in the Linux kernel 3.x does not properly
implement a SYN cookie protection mechanism for the case of
a fast network connection, which allows remote attackers to
cause a denial of service (CPU consumption) by sending many
TCP SYN packets, as demonstrated by an attack against the
kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties
have been unable to discern any relationship between the
GitHub Engineering finding and the Trigemini.c attack code.
.
CVE-2016-8405 kernel: An information disclosure
vulnerability in kernel components including the ION
subsystem, Binder, USB driver and networking subsystem
could enable a local malicious application to access
data outside of its permission levels. This issue is
rated as Moderate because it first requires compromising
a privileged process.  Product: Android. Versions:
Kernel-3.10, Kernel-3.18.  Android ID: A-31651010.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8405
.
An information disclosure vulnerability in kernel components
including the ION subsystem, Binder, USB driver and networking
subsystem could enable a local malicious application to
access data outside of its permission levels.  This issue is
rated as Moderate because it first requires compromising a
privileged process. Product: Android.  Versions: Kernel-3.10,
Kernel-3.18. Android ID: A-31651010.
.
CVE-2017-8309 Memory leak in the audio/audio.c in
QEMU (aka Quick Emulator) allows remote attackers
to cause a denial of service (memory consumption)
by repeatedly starting and stopping audio capture.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8309
.
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator)
allows remote attackers to cause a denial of service (memory
consumption) by repeatedly starting and stopping audio capture.
.
CVE-2016-7917 COMMUNITY: The nfnetlink_rcv_batch function
in net/netfilter/nfnetlink.c in the Linux kernel before
4.5 does not check whether a batch message's length
field is large enough, which allows local users to
obtain sensitive information from kernel memory or cause
a denial of service (infinite loop or out-of-bounds
read) by leveraging the CAP_NET_ADMIN capability.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7917
.
The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c
in the Linux kernel before 4.5 does not check whether a batch
message's length field is large enough, which allows local
users to obtain sensitive information from kernel memory or
cause a denial of service (infinite loop or out-of-bounds read)
by leveraging the CAP_NET_ADMIN capability.
.
CVE-2016-8632 COMMUNITY: The tipc_msg_build function in
net/tipc/msg.c in the Linux kernel through 4.8.11 does
not validate the relationship between the minimum fragment
length and the maximum packet size, which allows local users
to gain privileges or cause a denial of service (heap-based
buffer overflow) by leveraging the CAP_NET_ADMIN capability.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8632
.
The tipc_msg_build function in net/tipc/msg.c in the Linux
kernel through 4.8.11 does not validate the relationship
between the minimum fragment length and the maximum packet
size, which allows local users to gain privileges or cause a
denial of service (heap-based buffer overflow) by leveraging
the CAP_NET_ADMIN capability.
.
CVE-2016-9604 kernel: security: The built-in keyrings for
security tokens can be joined as a session and then modified
by the root user
.
CVE-2017-0605 COMMUNITY: An elevation of privilege
vulnerability in the kernel trace subsystem could enable
a local malicious application to execute arbitrary code
within the context of the kernel. This issue is rated as
Critical due to the possibility of a local permanent device
compromise, which may require reflashing the operating system
to repair the device. Product: Android. Versions: Kernel-3.10,
Kernel-3.18. Android ID: A-35399704. References: QC-CR#1048480.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0605
.
An elevation of privilege vulnerability in the kernel trace
subsystem could enable a local malicious application to execute
arbitrary code within the context of the kernel.  This issue is
rated as Critical due to the possibility of a local permanent
device compromise, which may require reflashing the operating
system to repair the device.  Product: Android. Versions:
Kernel-3.10, Kernel-3.18.  Android ID: A-35399704. References:
QC-CR#1048480.
.
CVE-2017-2671 COMMUNITY: The ping_unhash function in
net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late
in obtaining a certain lock and consequently cannot ensure that
disconnect function calls are safe, which allows local users
to cause a denial of service (panic) by leveraging access to
the protocol value of IPPROTO_ICMP in a socket system call.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2671
.
The ping_unhash function in net/ipv4/ping.c in the Linux
kernel through 4.10.8 is too late in obtaining a certain
lock and consequently cannot ensure that disconnect function
calls are safe, which allows local users to cause a denial
of service (panic) by leveraging access to the protocol value
of IPPROTO_ICMP in a socket system call.
.
CVE-2017-6001 COMMUNITY: Race condition in kernel/events/core.c
in the Linux kernel before 4.9.7 allows local users
to gain privileges via a crafted application that makes
concurrent perf_event_open system calls for moving a software
group into a hardware context.  NOTE: this vulnerability
exists because of an incomplete fix for CVE-2016-6786.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6001
.
Race condition in kernel/events/core.c in the Linux kernel
before 4.9.7 allows local users to gain privileges via a
crafted application that makes concurrent perf_event_open
system calls for moving a software group into a hardware
context.  NOTE: this vulnerability exists because of an
incomplete fix for CVE-2016-6786.
.
CVE-2017-7472 COMMUNITY: The KEYS subsystem in the
Linux kernel before 4.10.13 allows local users to cause
a denial of service (memory consumption) via a series of
KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7472
.
The KEYS subsystem in the Linux kernel before 4.10.13
allows local users to cause a denial of service (memory
consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING
keyctl_set_reqkey_keyring calls.
.
CVE-2017-7618 COMMUNITY: crypto/ahash.c in the Linux
kernel through 4.10.9 allows attackers to cause a denial
of service (API operation calling its own callback, and
infinite recursion) by triggering EBUSY on a full queue.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7618
.
crypto/ahash.c in the Linux kernel through 4.10.9 allows
attackers to cause a denial of service (API operation calling
its own callback, and infinite recursion) by triggering EBUSY
on a full queue.
.
CVE-2017-7645 COMMUNITY: The NFSv2/NFSv3 server
in the nfsd subsystem in the Linux kernel through
4.10.11 allows remote attackers to cause a denial of
service (system crash) via a long RPC reply, related to
net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7645
.
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux
kernel through 4.10.11 allows remote attackers to cause a
denial of service (system crash) via a long RPC reply, related
to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
.
CVE-2016-7913 COMMUNITY: The xc2028_set_config function
in drivers/media/tuners/tuner-xc2028.c in the Linux kernel
before 4.6 allows local users to gain privileges or cause
a denial of service (use-after-free) via vectors involving
omission of the firmware name from a certain data structure.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7913
.
The xc2028_set_config function in
drivers/media/tuners/tuner-xc2028.c in the Linux kernel before
4.6 allows local users to gain privileges or cause a denial
of service (use-after-free) via vectors involving omission
of the firmware name from a certain data structure.
.
CVE-2016-9083 COMMUNITY: drivers/vfio/pci/vfio_pci.c in
the Linux kernel through 4.8.11 allows local users to bypass
integer overflow checks, and cause a denial of service (memory
corruption) or have unspecified other impact, by leveraging
access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS
ioctl call, aka a "state machine confusion bug."
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9083
.
drivers/vfio/pci/vfio_pci.c in the Linux kernel through
4.8.11 allows local users to bypass integer overflow checks,
and cause a denial of service (memory corruption) or have
unspecified other impact, by leveraging access to a vfio
PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a
"state machine confusion bug."
.
CVE-2017-7187 COMMUNITY: The sg_ioctl function in
drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows
local users to cause a denial of service (stack-based buffer
overflow) or possibly have unspecified other impact via a
large command size in an SG_NEXT_CMD_LEN ioctl call, leading
to out-of-bounds write access in the sg_write function.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7187
.
The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel
through 4.10.4 allows local users to cause a denial of service
(stack-based buffer overflow) or possibly have unspecified
other impact via a large command size in an SG_NEXT_CMD_LEN
ioctl call, leading to out-of-bounds write access in the
sg_write function.
.
CVE-2017-1000363 COMMUNITY: Linux drivers/char/lp.c
Out-of-Bounds Write. Due to a missing bounds check, and
the fact that parport_ptr integer is static, a 'secure
boot' kernel command line adversary (can happen due to
bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277,
where due to a vulnerability the adversary has partial
control over the command line) can overflow the
parport_nr array in the following code, by appending
many (>LP_NO) 'lp=none' arguments to the command line.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000363
.
Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing
bounds check, and the fact that parport_ptr integer is static,
a 'secure boot' kernel command line adversary (can happen due
to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277,
where due to a vulnerability the adversary has partial
control over the command line) can overflow the parport_nr
array in the following code, by appending many (>LP_NO)
'lp=none' arguments to the command line.
.
CVE-2017-1000364 COMMUNITY: An issue was discovered in
the size of the stack guard page on Linux, specifically
a 4k stack guard page is not sufficiently large and can
be "jumped" over (the stack guard page is bypassed),
this affects Linux Kernel versions 4.11.5 and earlier
(the stackguard page was introduced in 2010).
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364
.
An issue was discovered in the size of the stack guard
page on Linux, specifically a 4k stack guard page is not
sufficiently large and can be "jumped" over (the stack guard
page is bypassed), this affects Linux Kernel versions 4.11.5
and earlier (the stackguard page was introduced in 2010).
.
CVE-2017-7487 COMMUNITY: The ipxitf_ioctl function in
net/ipx/af_ipx.c in the Linux kernel through 4.11.1
mishandles reference counts, which allows local
users to cause a denial of service (use-after-free)
or possibly have unspecified other impact via a
failed SIOCGIFADDR ioctl call for an IPX interface.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7487
.
The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux
kernel through 4.11.1 mishandles reference counts, which allows
local users to cause a denial of service (use-after-free)
or possibly have unspecified other impact via a failed
SIOCGIFADDR ioctl call for an IPX interface.
.
CVE-2017-8890 COMMUNITY:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
.
CVE-2017-9074 COMMUNITY: The IPv6 fragmentation implementation
in the Linux kernel through 4.11.1 does not consider that
the nexthdr field may be associated with an invalid option,
which allows local users to cause a denial of service
(out-of-bounds read and BUG) or possibly have unspecified
other impact via crafted socket and send system calls.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
.
The IPv6 fragmentation implementation in the Linux kernel
through 4.11.1 does not consider that the nexthdr field may be
associated with an invalid option, which allows local users
to cause a denial of service (out-of-bounds read and BUG)
or possibly have unspecified other impact via crafted socket
and send system calls.
.
CVE-2017-9075 COMMUNITY: The sctp_v6_create_accept_sk
function in net/sctp/ipv6.c in the Linux kernel through 4.11.1
mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact
via crafted system calls, a related issue to CVE-2017-8890.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
.
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c
in the Linux kernel through 4.11.1 mishandles inheritance,
which allows local users to cause a denial of service or
possibly have unspecified other impact via crafted system
calls, a related issue to CVE-2017-8890.
.
CVE-2017-9076 COMMUNITY: The dccp_v6_request_recv_sock
function in net/dccp/ipv6.c in the Linux kernel through 4.11.1
mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact
via crafted system calls, a related issue to CVE-2017-8890.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
.
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c
in the Linux kernel through 4.11.1 mishandles inheritance,
which allows local users to cause a denial of service or
possibly have unspecified other impact via crafted system
calls, a related issue to CVE-2017-8890.
.
CVE-2017-9077 COMMUNITY: The tcp_v6_syn_recv_sock function
in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1
mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact
via crafted system calls, a related issue to CVE-2017-8890.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
.
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c
in the Linux kernel through 4.11.1 mishandles inheritance,
which allows local users to cause a denial of service or
possibly have unspecified other impact via crafted system
calls, a related issue to CVE-2017-8890.
.
CVE-2017-9242 COMMUNITY: The __ip6_append_data function in
net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is
too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a
denial of service (system crash) via crafted system calls.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
.
The __ip6_append_data function in net/ipv6/ip6_output.c
in the Linux kernel through 4.11.3 is too late in checking
whether an overwrite of an skb data structure may occur, which
allows local users to cause a denial of service (system crash)
via crafted system calls.
.
CVE-2017-9461 samba: smbd in Samba before 4.4.10 and
4.5.x before 4.5.6 has a denial of service vulnerability
(fd_open_atomic infinite loop with high CPU usage and memory
consumption) due to wrongly handling dangling symlinks.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9461
.
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a
denial of service vulnerability (fd_open_atomic infinite loop
with high CPU usage and memory consumption) due to wrongly
handling dangling symlinks.
.
CVE-2017-10110 OpenJDK: insufficient access control checks
in ImageWatched (AWT, 8174098)
.
CVE-2017-10107 OpenJDK: insufficient access control checks
in ActivationID (RMI, 8173697)
.
CVE-2017-10101 OpenJDK: unrestricted access to
com.sun.org.apache.xml.internal.resolver (JAXP, 8173286)
.
CVE-2017-10096 OpenJDK: insufficient access control checks
in XML transformations (JAXP, 8172469)
.
CVE-2017-10090 OpenJDK: insufficient access control checks
in AsynchronousChannelGroupImpl (8172465, Libraries)
.
CVE-2017-10089 OpenJDK: insufficient access control checks
in ServiceRegistry (ImageIO, 8172461)
.
CVE-2017-10087 OpenJDK: insufficient access control checks
in ThreadPoolExecutor (Libraries, 8172204)
.
CVE-2017-10102 OpenJDK: incorrect handling of references in
DGC (RMI, 8163958)
.
CVE-2017-10116 OpenJDK: LDAPCertStore following referrals to
non-LDAP URLs (Security, 8176067)
.
CVE-2017-10078 OpenJDK: Nashorn incompletely blocking access
to Java APIs (Scripting, 8171539)
.
CVE-2017-10115 OpenJDK: DSA implementation timing attack
(JCE, 8175106)
.
CVE-2017-10067 OpenJDK: JAR verifier incorrect handling of
missing digest (Security, 8169392)
.
CVE-2017-10125 Oracle JDK: unspecified vulnerability fixed
in 7u151 and 8u141 (Deployment)
.
CVE-2017-10243 OpenJDK: insecure XML parsing in wsdlimport
(JAX-WS, 8182054)
.
CVE-2017-10109 OpenJDK: unbounded memory allocation in
CodeSource deserialization (Serialization, 8174113)
.
CVE-2017-10108 OpenJDK: unbounded memory allocation in
BasicAttribute deserialization (Serialization, 8174105)
.
CVE-2017-10053 OpenJDK: reading of unprocessed image data in
JPEGImageReader (2D, 8169209)
.
CVE-2017-10105 Oracle JDK: unspecified vulnerability fixed
in 6u161, 7u151, and 8u141 (Deployment)

    



Problem conclusion


    

  • These issues were identified for KVM for Systems z 1.1.2.6
level.

Apply the mentioned temporary fixes to solve the described
deficiencies.

All kernel users are advised to upgrade to these updated
packages, which contain backported patches to correct these
issues. The system must be rebooted for this update to
take effect.

    



Temporary fix


    

  • bind-libs-9.9.4-50.el7_2.1.kvmibm1_1_3.1.s390x.rpm
bind-libs-lite-9.9.4-50.el7_2.1.kvmibm1_1_3.1.s390x.rpm
bind-license-9.9.4-50.el7_2.1.kvmibm1_1_3.1.noarch.rpm
bind-utils-9.9.4-50.el7_2.1.kvmibm1_1_3.1.s390x.rpm
ginger-2.3.0-24.el7_2.kvmibm1_1_3.3.s390x.rpm
glibc-2.17-157.el7_2.4.kvmibm1_1_3.1.s390x.rpm
glibc-common-2.17-157.el7_2.4.kvmibm1_1_3.1.s390x.rpm
glibc-devel-2.17-157.el7_2.4.kvmibm1_1_3.1.s390x.rpm
glibc-headers-2.17-157.el7_2.4.kvmibm1_1_3.1.s390x.rpm
glibc-multilib-2.17-157.el7_2.4.kvmibm1_1_3.1.s390x.rpm
glibc-utils-2.17-157.el7_2.4.kvmibm1_1_3.1.s390x.rpm
graphite2-1.3.10-1.el7_2.kvmibm1_1_3.1.s390x.rpm
ibm-java-s390x-jre-8.0-4.10.s390x.rpm
kernel-4.4.0-59.80.el7_2.kvmibm1_1_3.5.s390x.rpm
kernel-debuginfo-4.4.0-59.80.el7_2.kvmibm1_1_3.5.s390x.rpm
kernel-debuginfo-common-s390x-4.4.0-59.80.el7_2.kvmibm1_1_3.5.s
kernel-headers-4.4.0-59.80.el7_2.kvmibm1_1_3.5.s390x.rpm
kernel-kdump-4.4.0-59.80.el7_2.kvmibm1_1_3.5.s390x.rpm
kernel-kdump-debuginfo-4.4.0-59.80.el7_2.kvmibm1_1_3.5.s390x.rp
libica-3.0.2-1.el7_2.kvmibm1_1_3.3.s390x.rpm
libldb-1.1.29-1.el7_2.kvmibm1_1_3.1.s390x.rpm
libsmbclient-4.6.2-8.el7_2.kvmibm1_1_3.1.s390x.rpm
libtalloc-2.1.9-1.el7_2.kvmibm1_1_3.1.s390x.rpm
libtdb-1.3.12-2.el7_2.kvmibm1_1_3.1.s390x.rpm
libtevent-0.9.31-1.el7_2.kvmibm1_1_3.1.s390x.rpm
libwbclient-4.6.2-8.el7_2.kvmibm1_1_3.1.s390x.rpm
lnxhc-1.3-3.g19e25ec.el7_2.kvmibm1_1_3.2.noarch.rpm
NetworkManager-1.4.0-13.el7_2.kvmibm1_1_3.3.s390x.rpm
NetworkManager-config-server-1.4.0-13.el7_2.kvmibm1_1_3.3.s390x
NetworkManager-glib-1.4.0-13.el7_2.kvmibm1_1_3.3.s390x.rpm
NetworkManager-libnm-1.4.0-13.el7_2.kvmibm1_1_3.3.s390x.rpm
NetworkManager-tui-1.4.0-13.el7_2.kvmibm1_1_3.3.s390x.rpm
nscd-2.17-157.el7_2.4.kvmibm1_1_3.1.s390x.rpm
nss-3.28.4-1.2.el7_2.kvmibm1_1_3.1.s390x.rpm
nss-sysinit-3.28.4-1.2.el7_2.kvmibm1_1_3.1.s390x.rpm
nss-tools-3.28.4-1.2.el7_2.kvmibm1_1_3.1.s390x.rpm
perf-4.4.0-59.80.el7_2.kvmibm1_1_3.5.s390x.rpm
pytalloc-2.1.9-1.el7_2.kvmibm1_1_3.1.s390x.rpm
python-tevent-0.9.31-1.el7_2.kvmibm1_1_3.1.s390x.rpm
qemu-2.8.0-1.el7_2.1.kvmibm1_1_3.5.s390x.rpm
qemu-common-2.8.0-1.el7_2.1.kvmibm1_1_3.5.s390x.rpm
qemu-img-2.8.0-1.el7_2.1.kvmibm1_1_3.5.s390x.rpm
qemu-kvm-2.8.0-1.el7_2.1.kvmibm1_1_3.5.s390x.rpm
qemu-kvm-tools-2.8.0-1.el7_2.1.kvmibm1_1_3.5.s390x.rpm
qemu-system-s390x-2.8.0-1.el7_2.1.kvmibm1_1_3.5.s390x.rpm
qemu-user-2.8.0-1.el7_2.1.kvmibm1_1_3.5.s390x.rpm
samba-client-4.6.2-8.el7_2.kvmibm1_1_3.1.s390x.rpm
samba-client-libs-4.6.2-8.el7_2.kvmibm1_1_3.1.s390x.rpm
samba-common-4.6.2-8.el7_2.kvmibm1_1_3.1.noarch.rpm
samba-common-libs-4.6.2-8.el7_2.kvmibm1_1_3.1.s390x.rpm
samba-common-tools-4.6.2-8.el7_2.kvmibm1_1_3.1.s390x.rpm
samba-libs-4.6.2-8.el7_2.kvmibm1_1_3.1.s390x.rpm
samba-winbind-4.6.2-8.el7_2.kvmibm1_1_3.1.s390x.rpm
samba-winbind-modules-4.6.2-8.el7_2.kvmibm1_1_3.1.s390x.rpm
sudo-1.8.6p7-23.el7_2.kvmibm1_1_3.1.s390x.rpm

    



Comments


    

  • 



APAR Information




    

  • APAR number
    ZZ00665
    • 

  • Reported component name
    KVM FOR Z SYSTE
    • 

  • Reported component ID
    5648KVSKR
    • 

  • Reported release
    112
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2017-08-07
    • 

  • Closed date
    2017-10-04
    • 

  • Last modified date
    2017-10-04
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    KVM FOR Z SYSTE
    • 

  • Fixed component ID
    5648KVSKR
    • 



Applicable component levels


    

  • R112  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SG38T","label":"s390"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"112","Edition":"","Line of Business":{"code":"","label":""}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            04 October 2017
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback