Synopsis

Important: kernel security and bug fix update

Type/Severity

Security Advisory: Important

Topic

Updated kernel packages that fix two security issues and two bugs are now
available for Red Hat Enterprise Linux 6.5 Advanced Update Support.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

• It was found that the x86 ISA (Instruction Set Architecture) is prone to
  a denial of service attack inside a virtualized environment in the form of
  an infinite loop in the microcode due to the way (sequential) delivering of
  benign exceptions such as #AC (alignment check exception) and #DB (debug
  exception) is handled. A privileged user inside a guest could use these
  flaws to create denial of service conditions on the host kernel.
  (CVE-2015-5307, CVE-2015-8104, Important)
  

Red Hat would like to thank Ben Serebrin of Google Inc. for reporting the
CVE-2015-5307 issue.

This update also fixes the following bugs:

• With an IPv6 address on a bond and a slave failover, Unsolicited Neighbor
  Advertisement (UNA) was previously sent using the link global IPv6 address
  as source address. The underlying source code has been patched, and, after
  the failover in bonding, UNA is sent using both the corresponding link IPv6
  address and global IPv6 address of bond0 and bond0.vlan. (BZ#1258479)
  
• Previously, Human Interface Device (HID) would run a report on an
  unaligned buffer, which could cause a page fault interrupt and an oops when
  the end of the report was read. This update fixes this bug by padding the
  end of the report with extra bytes, so the reading of the report never
  crosses a page boundary. As a result, a page fault and subsequent oops no
  longer occur. (BZ#1268201)
  

All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux Server - AUS 6.5 x86_64
• Red Hat Enterprise Linux Server - TUS 6.5 x86_64

Fixes

• BZ - 1277172 - CVE-2015-5307 virt: guest to host DoS by triggering an infinite loop in microcode via #AC exception
• BZ - 1278496 - CVE-2015-8104 virt: guest to host DoS by triggering an infinite loop in microcode via #DB exception

CVEs

• CVE-2015-5307
• CVE-2015-8104

References

• https://access.redhat.com/security/updates/classification/#important

Red Hat Enterprise Linux Server - AUS 6.5

SRPM
kernel-2.6.32-431.68.1.el6.src.rpm	SHA-256: 1543f10d9a0ce2a148ecdda4ed9a9f2000005254a7e4df034c824048fb19dbed
x86_64
kernel-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: 2d6a874cb73a303be254beff237391de9ffd42bf06354f8d27448b65f95ef648
kernel-abi-whitelists-2.6.32-431.68.1.el6.noarch.rpm	SHA-256: 55ec7b5a8c343f1d29f116761dfaad1b8a268141a17b713ccff3781334668023
kernel-debug-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: 671a90936a6b4582ee2cea6ae5e1b44d60d5d7b696b4c535cd2638c074218e1b
kernel-debug-debuginfo-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: be96e039cce1cc853184b27fc84f2e142d7d8ef0e9bb5fbde06c09884d415354
kernel-debug-debuginfo-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: be96e039cce1cc853184b27fc84f2e142d7d8ef0e9bb5fbde06c09884d415354
kernel-debug-devel-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: c458d1ee3b84bc6e88c2545c31dcb941bea704e32fb0d30b657cb98f6b9f4c4d
kernel-debuginfo-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: 8953a1544bea6a08dfce68bf69a85e78a4dcf0929e15359f773f8322d188e276
kernel-debuginfo-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: 8953a1544bea6a08dfce68bf69a85e78a4dcf0929e15359f773f8322d188e276
kernel-debuginfo-common-x86_64-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: 9e78f1830ca9728bd87eb6e3d73b710c84522bbd24c998f43ba28c0b36bec615
kernel-debuginfo-common-x86_64-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: 9e78f1830ca9728bd87eb6e3d73b710c84522bbd24c998f43ba28c0b36bec615
kernel-devel-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: 2e07b0daa1e603c7bdfebe732fc5e38a8ff93932412a4edd01e701a23bbb7dd2
kernel-doc-2.6.32-431.68.1.el6.noarch.rpm	SHA-256: f30adb7bda58ed506e087d1c74802a0aa73d4ebc14d196d7080f0d9f3bcf798a
kernel-firmware-2.6.32-431.68.1.el6.noarch.rpm	SHA-256: 8e3e55ae1a610b1755b4f513ca9da629577a37348a89d8f980c39493e7e1f6ce
kernel-headers-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: fed8b3cfcfab0b18e83040fd261d805ac5d3e650f26f730e0ed467322953e410
perf-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: 75d6484c44a5f6c09267ab5cd2c785613e819af6a2216f477806d484412e708b
perf-debuginfo-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: 14597da32c3b71c1ba33bc979742a1c2d3bfc0b5ac3db98a0864a4af5f6aa4ab
perf-debuginfo-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: 14597da32c3b71c1ba33bc979742a1c2d3bfc0b5ac3db98a0864a4af5f6aa4ab
python-perf-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: 8564a28cc457b9383f34ed838d68d6af29361245d293a761cf6e4b034268cb64
python-perf-debuginfo-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: b10f1feda4663103558d93fa9e436dab7cdee04cd1cb7ad0af92f5060db9773c
python-perf-debuginfo-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: b10f1feda4663103558d93fa9e436dab7cdee04cd1cb7ad0af92f5060db9773c

Red Hat Enterprise Linux Server - TUS 6.5

SRPM
kernel-2.6.32-431.68.1.el6.src.rpm	SHA-256: 1543f10d9a0ce2a148ecdda4ed9a9f2000005254a7e4df034c824048fb19dbed
x86_64
kernel-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: 2d6a874cb73a303be254beff237391de9ffd42bf06354f8d27448b65f95ef648
kernel-abi-whitelists-2.6.32-431.68.1.el6.noarch.rpm	SHA-256: 55ec7b5a8c343f1d29f116761dfaad1b8a268141a17b713ccff3781334668023
kernel-debug-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: 671a90936a6b4582ee2cea6ae5e1b44d60d5d7b696b4c535cd2638c074218e1b
kernel-debug-debuginfo-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: be96e039cce1cc853184b27fc84f2e142d7d8ef0e9bb5fbde06c09884d415354
kernel-debug-debuginfo-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: be96e039cce1cc853184b27fc84f2e142d7d8ef0e9bb5fbde06c09884d415354
kernel-debug-devel-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: c458d1ee3b84bc6e88c2545c31dcb941bea704e32fb0d30b657cb98f6b9f4c4d
kernel-debuginfo-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: 8953a1544bea6a08dfce68bf69a85e78a4dcf0929e15359f773f8322d188e276
kernel-debuginfo-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: 8953a1544bea6a08dfce68bf69a85e78a4dcf0929e15359f773f8322d188e276
kernel-debuginfo-common-x86_64-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: 9e78f1830ca9728bd87eb6e3d73b710c84522bbd24c998f43ba28c0b36bec615
kernel-debuginfo-common-x86_64-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: 9e78f1830ca9728bd87eb6e3d73b710c84522bbd24c998f43ba28c0b36bec615
kernel-devel-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: 2e07b0daa1e603c7bdfebe732fc5e38a8ff93932412a4edd01e701a23bbb7dd2
kernel-doc-2.6.32-431.68.1.el6.noarch.rpm	SHA-256: f30adb7bda58ed506e087d1c74802a0aa73d4ebc14d196d7080f0d9f3bcf798a
kernel-firmware-2.6.32-431.68.1.el6.noarch.rpm	SHA-256: 8e3e55ae1a610b1755b4f513ca9da629577a37348a89d8f980c39493e7e1f6ce
kernel-headers-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: fed8b3cfcfab0b18e83040fd261d805ac5d3e650f26f730e0ed467322953e410
perf-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: 75d6484c44a5f6c09267ab5cd2c785613e819af6a2216f477806d484412e708b
perf-debuginfo-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: 14597da32c3b71c1ba33bc979742a1c2d3bfc0b5ac3db98a0864a4af5f6aa4ab
perf-debuginfo-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: 14597da32c3b71c1ba33bc979742a1c2d3bfc0b5ac3db98a0864a4af5f6aa4ab
python-perf-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: 8564a28cc457b9383f34ed838d68d6af29361245d293a761cf6e4b034268cb64
python-perf-debuginfo-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: b10f1feda4663103558d93fa9e436dab7cdee04cd1cb7ad0af92f5060db9773c
python-perf-debuginfo-2.6.32-431.68.1.el6.x86_64.rpm	SHA-256: b10f1feda4663103558d93fa9e436dab7cdee04cd1cb7ad0af92f5060db9773c