- Issued:
- 2018-03-06
- Updated:
- 2018-03-06
RHSA-2018:0412 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- Kernel: KVM: MMU potential stack buffer overrun during page walks (CVE-2017-12188, Important)
- Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518, Moderate)
Bug Fix(es):
- The kernel-rt packages have been upgraded to the 3.10.0-693.21.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1537671)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 7 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
Fixes
- BZ - 1464473 - CVE-2017-7518 Kernel: KVM: debug exception via syscall emulation
- BZ - 1500380 - CVE-2017-12188 Kernel: KVM: MMU potential stack buffer overrun during page walks
- BZ - 1537671 - kernel-rt: update to the RHEL7.4.z batch#5 source tree
CVEs
References
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-693.21.1.rt56.639.el7.src.rpm | SHA-256: 4f0f4d0a16baaa8394a074a7ef975f42d1035c25d3b678da3cf242050e90174a |
| x86_64 | |
| kernel-rt-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: 1b3fdfdaa8666fb03dcf6b3ea8542f4ecbf288334c9bcde6eb0fba9d0cd2c0c9 |
| kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: c3c3f033105692ef85b69d54185a9dc619186547f504a4e1013e35360d541ab5 |
| kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: ec104a8ef9362ce4f377a464e85d302b130be9057a5a9f1e556112ace25f921f |
| kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: b4055dc811fd901fb79ef18437953b61a713e5f49359610e527bd2efda5dfaac |
| kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: 169021464467e5afe4d082f8456203ff63089e0afb8cdee1842bf741e12703d9 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: 091d78338a821876c1cf98c3c667c9652ba8c42e36028e91c51abce3343d91a4 |
| kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: 86269aee33437c60ee99bda1ee393ecb88953c22186ce6b5add7b5c94030e7a2 |
| kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.noarch.rpm | SHA-256: 4aa997841b2092ba948b614577bc7a4f1b6796a71d876fb3d759a6a9d52ffa37 |
| kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: 9e1d8c0f17479defa545ffb3fb9090447b479b3458ad26e173af13342961d67d |
| kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: f3e04ba5116c66b6d752cf12509c6fa8254e98a9bec1ec6d5d1477983e142c32 |
| kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: 1d1bc04f21655f319a72a86df539a6101fa9755bb73bc18fdbad467afe807ba3 |
Red Hat Enterprise Linux for Real Time for NFV 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-693.21.1.rt56.639.el7.src.rpm | SHA-256: 4f0f4d0a16baaa8394a074a7ef975f42d1035c25d3b678da3cf242050e90174a |
| x86_64 | |
| kernel-rt-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: 1b3fdfdaa8666fb03dcf6b3ea8542f4ecbf288334c9bcde6eb0fba9d0cd2c0c9 |
| kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: c3c3f033105692ef85b69d54185a9dc619186547f504a4e1013e35360d541ab5 |
| kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: ec104a8ef9362ce4f377a464e85d302b130be9057a5a9f1e556112ace25f921f |
| kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: b4055dc811fd901fb79ef18437953b61a713e5f49359610e527bd2efda5dfaac |
| kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: 0d24ad895e60521c9908519f0e8f1608427a1fdd0a75667041a3d8a0a2ff2c05 |
| kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: d9ae31d33f61bdae22624f617d666e098d61f0732af51215c631c6e5f1a835ce |
| kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: 169021464467e5afe4d082f8456203ff63089e0afb8cdee1842bf741e12703d9 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: 091d78338a821876c1cf98c3c667c9652ba8c42e36028e91c51abce3343d91a4 |
| kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: 86269aee33437c60ee99bda1ee393ecb88953c22186ce6b5add7b5c94030e7a2 |
| kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.noarch.rpm | SHA-256: 4aa997841b2092ba948b614577bc7a4f1b6796a71d876fb3d759a6a9d52ffa37 |
| kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: 1422e805a69d7c26cce9fad50a21dec6a07aa7f2cb39369b5487edaae8991be5 |
| kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: 8ea525ad32a1e7c3f22cbc86f7d277e19fdab4607ba2e0a740a9aaf7bb0e820c |
| kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: 9e1d8c0f17479defa545ffb3fb9090447b479b3458ad26e173af13342961d67d |
| kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: f3e04ba5116c66b6d752cf12509c6fa8254e98a9bec1ec6d5d1477983e142c32 |
| kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: 1d1bc04f21655f319a72a86df539a6101fa9755bb73bc18fdbad467afe807ba3 |
| kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: 38d31f1bdbd0b9069b2a3491bbea6e1b74a405d6928642827119aaf0e9b9723d |
| kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.x86_64.rpm | SHA-256: dc9b5a161af243c24fcd1c3e201874383a133b733fcaeaaf2f6217efe6349f9b |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.