Issued:: 2018-03-12
Updated:: 2018-03-12

RHSA-2018:0470 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: Red Hat Enterprise MRG Realtime 2.5 security and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated Red Hat Enterprise Messaging, Realtime, and Grid (MRG) Realtime packages that fix multiple security issues and add one enhancement are now available for Red Hat Enterprise MRG 2.5.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Description

Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers.

Security Fix(es):

kernel: rds_message_alloc_sgs() function doesn't validate value used during DMA page allocation causes heap out-of-bounds write (CVE-2018-5332, Moderate)
kernel: Null pointer dereference in rds_atomic_free_op() allows denial-of-service (CVE-2018-5333, Moderate)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Enhancement(s):

The kernel-rt packages have been upgraded to version 3.10.0-693.21.1, which provides a number of security and bug fixes over the previous version. (BZ#1537669)

All Red Hat Enterprise MRG Realtime users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, the system must be restarted for the changes to take effect.

Affected Products

MRG Realtime 2 x86_64

Fixes

BZ - 1533890 - CVE-2018-5332 kernel: rds_message_alloc_sgs() function doesn't validate value used during DMA page allocation causes heap out-of-bounds write
BZ - 1533891 - CVE-2018-5333 kernel: Null pointer dereference in rds_atomic_free_op() allowing denial-of-service
BZ - 1537669 - update the MRG 2.5.z 3.10 kernel-rt sources

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

MRG Realtime 2

SRPM
kernel-rt-3.10.0-693.21.1.rt56.607.el6rt.src.rpm	SHA-256: 5e151dacda4bbbbb979b7e592cc9508f002aec059df5420d1da215b24a6c89df
x86_64
kernel-rt-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm	SHA-256: 3b5d9b36063761e6fa66366dfbc64cc53ff9df508f3729243f26188ea8d25211
kernel-rt-debug-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm	SHA-256: ad1cbfae4d32806df82e1e91a8041366cd937223f75b63c068d2712481b7167e
kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm	SHA-256: 1e6011a48c17773272a02d1b1cb12c352266ccbd03259049c36301a57e132786
kernel-rt-debug-devel-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm	SHA-256: 120ee13769a66bc96d4508047d9f126483aa5b9c7fe301c6598c66e6def462b7
kernel-rt-debuginfo-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm	SHA-256: 9da1771d02d830f2f1880ca95fe46b072fdf4c7c803274b2439abbd3fac556ce
kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm	SHA-256: c5d8697e5c47303468b57da9b98634d86b1a1e5241a2c27998f020f6217f5b14
kernel-rt-devel-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm	SHA-256: 93a03557b5fd5dc7f470ea1cee11ae60b8fda9bde27f1cb02a30a5732748c0f2
kernel-rt-doc-3.10.0-693.21.1.rt56.607.el6rt.noarch.rpm	SHA-256: 8b1165c1a9e8f52f1368a6596cfa7ac25897593a207cab1fe3f8479fb8b65984
kernel-rt-firmware-3.10.0-693.21.1.rt56.607.el6rt.noarch.rpm	SHA-256: 5218fa384ea6681366ebd24d163cdbb227c1c62847ee79d94ba695aff0dbcd0b
kernel-rt-trace-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm	SHA-256: a9704fd78b10c7f1bbc3590b617c6c50ecfc8fdcb34d0e46dfcb0081ce07182a
kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm	SHA-256: 4779a31882607f5e5433511206392ab8b8c0a908b3a693ab5418f3ac5d6ae08b
kernel-rt-trace-devel-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm	SHA-256: 3118ab1d4c99b8cc38a020164a3e5f716a8c9fabafc3c3df04d2b9923bb5ad2f
kernel-rt-vanilla-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm	SHA-256: 05632ba201432eeeae6b0b263c2034705c496af7eb676e6944e6052ece64d504
kernel-rt-vanilla-debuginfo-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm	SHA-256: d0d921cd4d52269b3754d268d2d5a802dc476dbc51fbe208ec3756b8c4be0e82
kernel-rt-vanilla-devel-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm	SHA-256: f83d37701a2945626da2c9e18f89f4c651345de8e710e38732dc2dad35c57ea3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation