現在位置: ホーム / OSSブログ / Red Hat Enterprise Linux 7.3 リリース

Red Hat Enterprise Linux 7.3 リリース

2016年11月3日に公開されたRed Hat Enterprise Linux 7.3 (RHEL7.3) の情報を記載します。

2016年11月3日にRed Hat Enterprise Linux 7.3 (RHEL7.3) が公開されました。

事前にはKernelを含む脆弱性情報の公開も相次いでいたので、そろそろリリースが行われるのではないかと予測を立てて居た方も居たのではないでしょうか。

今回のリリースでは、Kernelは3.10.0-514を採用しており、セキュリティ対応、バグフィックス、機能拡張が行われています。詳細は以下のエラータ情報の中で公開されています。

Red Hat がリリースするエラータ:Red Hat Enterprise Linux 7.3
https://rhn.redhat.com/errata/RHSA-2016-2574.html

エラータ情報抜粋

Details

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

Security Fix(es):

* It was found that the Linux kernel's IPv6 implementation mishandled socket
options. A local attacker could abuse concurrent access to the socket options to
escalate their privileges, or cause a denial of service (use-after-free and
system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)

* Several Moderate and Low impact security issues were found in the Linux
kernel. Space precludes documenting each of these issues in this advisory. Refer
to the CVE links in the References section for a description of each of these
vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812,
CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847,
CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828,
CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480,
CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070,
CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)

Red Hat would like to thank Philip Pettersson (Samsung) for reporting
CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel
team and Solar Designer (Openwall) for reporting CVE-2016-3156; Justin Yackoski
(Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting
CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red
Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by
Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered
by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI
Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red
Hat).

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise
Linux 7.3 Release Notes linked from the References section.

以下のページにてリリース日と収録カーネルの一覧が公開されています。

Red Hat Enterprise Linux のリリース日と収録カーネルの一覧
https://access.redhat.com/ja/node/16476

本、情報は順次更新を行う予定です。

サイオスOSSよろず相談室

サイオスOSSよろず相談室(1)

問い合わせボタン