Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2018:0470 - Security Advisory
Issued:
2018-03-12
Updated:
2018-03-12

RHSA-2018:0470 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: Red Hat Enterprise MRG Realtime 2.5 security and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated Red Hat Enterprise Messaging, Realtime, and Grid (MRG) Realtime packages that fix multiple security issues and add one enhancement are now available for Red Hat Enterprise MRG 2.5.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Description

Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers.

Security Fix(es):

  • kernel: rds_message_alloc_sgs() function doesn't validate value used during DMA page allocation causes heap out-of-bounds write (CVE-2018-5332, Moderate)
  • kernel: Null pointer dereference in rds_atomic_free_op() allows denial-of-service (CVE-2018-5333, Moderate)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Enhancement(s):

  • The kernel-rt packages have been upgraded to version 3.10.0-693.21.1, which provides a number of security and bug fixes over the previous version. (BZ#1537669)

All Red Hat Enterprise MRG Realtime users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, the system must be restarted for the changes to take effect.

Affected Products

  • MRG Realtime 2 x86_64

Fixes

  • BZ - 1533890 - CVE-2018-5332 kernel: rds_message_alloc_sgs() function doesn't validate value used during DMA page allocation causes heap out-of-bounds write
  • BZ - 1533891 - CVE-2018-5333 kernel: Null pointer dereference in rds_atomic_free_op() allowing denial-of-service
  • BZ - 1537669 - update the MRG 2.5.z 3.10 kernel-rt sources

CVEs

  • CVE-2018-5332
  • CVE-2018-5333

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

MRG Realtime 2

SRPM
kernel-rt-3.10.0-693.21.1.rt56.607.el6rt.src.rpm SHA-256: 5e151dacda4bbbbb979b7e592cc9508f002aec059df5420d1da215b24a6c89df
x86_64
kernel-rt-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm SHA-256: 3b5d9b36063761e6fa66366dfbc64cc53ff9df508f3729243f26188ea8d25211
kernel-rt-debug-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm SHA-256: ad1cbfae4d32806df82e1e91a8041366cd937223f75b63c068d2712481b7167e
kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm SHA-256: 1e6011a48c17773272a02d1b1cb12c352266ccbd03259049c36301a57e132786
kernel-rt-debug-devel-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm SHA-256: 120ee13769a66bc96d4508047d9f126483aa5b9c7fe301c6598c66e6def462b7
kernel-rt-debuginfo-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm SHA-256: 9da1771d02d830f2f1880ca95fe46b072fdf4c7c803274b2439abbd3fac556ce
kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm SHA-256: c5d8697e5c47303468b57da9b98634d86b1a1e5241a2c27998f020f6217f5b14
kernel-rt-devel-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm SHA-256: 93a03557b5fd5dc7f470ea1cee11ae60b8fda9bde27f1cb02a30a5732748c0f2
kernel-rt-doc-3.10.0-693.21.1.rt56.607.el6rt.noarch.rpm SHA-256: 8b1165c1a9e8f52f1368a6596cfa7ac25897593a207cab1fe3f8479fb8b65984
kernel-rt-firmware-3.10.0-693.21.1.rt56.607.el6rt.noarch.rpm SHA-256: 5218fa384ea6681366ebd24d163cdbb227c1c62847ee79d94ba695aff0dbcd0b
kernel-rt-trace-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm SHA-256: a9704fd78b10c7f1bbc3590b617c6c50ecfc8fdcb34d0e46dfcb0081ce07182a
kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm SHA-256: 4779a31882607f5e5433511206392ab8b8c0a908b3a693ab5418f3ac5d6ae08b
kernel-rt-trace-devel-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm SHA-256: 3118ab1d4c99b8cc38a020164a3e5f716a8c9fabafc3c3df04d2b9923bb5ad2f
kernel-rt-vanilla-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm SHA-256: 05632ba201432eeeae6b0b263c2034705c496af7eb676e6944e6052ece64d504
kernel-rt-vanilla-debuginfo-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm SHA-256: d0d921cd4d52269b3754d268d2d5a802dc476dbc51fbe208ec3756b8c4be0e82
kernel-rt-vanilla-devel-3.10.0-693.21.1.rt56.607.el6rt.x86_64.rpm SHA-256: f83d37701a2945626da2c9e18f89f4c651345de8e710e38732dc2dad35c57ea3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter