Synopsis

Important: kernel security and bug fix update

Type/Severity

Security Advisory: Important

Topic

An update for kernel is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

[Updated 4th September 2019]
The Problem Description text has been updated to fix a list of architectures addressed by the CVE-2017-5715 mitigation. No changes have been made to the packages.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important, x86 and x86-64)
  

Red Hat would like to thank Google Project Zero for reporting this issue.

Bug Fix(es):

• The Return Trampolines (Retpolines) mechanism is a software construct that leverages specific knowledge of the underlying hardware to mitigate the branch target injection, also known as Spectre variant 2 vulnerability described in CVE-2017-5715. With this update, the support for Retpolines has been implemented into the Red Hat Enterprise Linux kernel. (BZ#1535650)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

• Red Hat Enterprise Linux Server - Extended Life Cycle Support 5 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 5 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 5 s390x

Fixes

• BZ - 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection

CVEs

(none)

References

• https://access.redhat.com/security/updates/classification/#important
• https://access.redhat.com/security/vulnerabilities/speculativeexecution
• https://access.redhat.com/security/cve/CVE-2017-5715

Red Hat Enterprise Linux Server - Extended Life Cycle Support 5

SRPM
kernel-2.6.18-430.el5.src.rpm	SHA-256: dd31e787ccdc6795ff22a346ce0c8bd02b8b43ec02d52475eddb8a8ccf142913
x86_64
kernel-2.6.18-430.el5.x86_64.rpm	SHA-256: 676cfebbf95cdd94a8888e1fd06ee49b6ef2bd59fc4d2242c23135a33dd18c85
kernel-debug-2.6.18-430.el5.x86_64.rpm	SHA-256: 70633cf9a9b0b32fe443a71bfa9a0337b66c50b2303c3ecb0195f51743a9c89f
kernel-debug-debuginfo-2.6.18-430.el5.x86_64.rpm	SHA-256: 16265735e0e6a643780f02073c6d0f2a225bf5fd9ead229df2783b30f4c214ce
kernel-debug-devel-2.6.18-430.el5.x86_64.rpm	SHA-256: 87de55be82f6641f8352b6aaaba1fe886705719eb2ec668634f099b299eba237
kernel-debuginfo-2.6.18-430.el5.x86_64.rpm	SHA-256: 1bab9c08f32cd328cfc076cd90da58f2ba9b7e1c17e47bbe9cf4d438a6560b88
kernel-debuginfo-common-2.6.18-430.el5.x86_64.rpm	SHA-256: 4f02942537eb160bc4c2c7d74b636f8873ff1afaa289926cd8e6b6b09990b00a
kernel-devel-2.6.18-430.el5.x86_64.rpm	SHA-256: f117cbb285744e48e8433d2c0ce7a6083633786448375190e24a96aab7ec2d65
kernel-doc-2.6.18-430.el5.noarch.rpm	SHA-256: e7159cfdcf8d869a3db0e410411205ba245f9bf849bef9613ad4427f416a2104
kernel-headers-2.6.18-430.el5.x86_64.rpm	SHA-256: c56385b467987c6098d8d939c5e80b232dba4fa94049edbc7557c14d39c50510
kernel-xen-2.6.18-430.el5.x86_64.rpm	SHA-256: aff4792d967f00b1cfe56a1a8d5edd5dd928662eaee0537ac5ee44c27f5f42c6
kernel-xen-debuginfo-2.6.18-430.el5.x86_64.rpm	SHA-256: ee9b01d6887d25f174351eba615f917801cba7a883deea060610e330895b651f
kernel-xen-devel-2.6.18-430.el5.x86_64.rpm	SHA-256: 84192e71c2350f2e7bd660bcddf68a81a8268f1f2805b430214202cff7adee26
i386
kernel-2.6.18-430.el5.i686.rpm	SHA-256: d123dd46fd67e1639e918f34c560031682bde580041b99e8398c09a49f089510
kernel-PAE-2.6.18-430.el5.i686.rpm	SHA-256: 58d4494d2fe9621ca9e270babdb653ce1e3216e7d325124f5ca27d8f5ddac679
kernel-PAE-debuginfo-2.6.18-430.el5.i686.rpm	SHA-256: f7deb1294c1822141c5d81cf77319e0d52f5053a3c86be4e23192ce10005fd4c
kernel-PAE-devel-2.6.18-430.el5.i686.rpm	SHA-256: 70be51411d4f871683a0b0790aac3be09fbefa484538f30dffe6e663e87727f1
kernel-debug-2.6.18-430.el5.i686.rpm	SHA-256: fbbd7dc3d426f0324b1108f1211664900975ff62bcae12421d662d05905c05db
kernel-debug-debuginfo-2.6.18-430.el5.i686.rpm	SHA-256: 9a651d9c81628338c8a1bd04613d7a218a2d3abebea614ef263cd5c03a352ea8
kernel-debug-devel-2.6.18-430.el5.i686.rpm	SHA-256: 2d7c519b38a178a7c2d507c50536eb5495d2030700b087f9012adec7c53f1f05
kernel-debuginfo-2.6.18-430.el5.i686.rpm	SHA-256: 2c737fe14635b670776a1bcac56fb05c53cc86675ebab559be03a56e3c8260e0
kernel-debuginfo-common-2.6.18-430.el5.i686.rpm	SHA-256: 189475169637fcd1ea81cb5633e8d8f657de3bef75e689575932c30aec6a008c
kernel-devel-2.6.18-430.el5.i686.rpm	SHA-256: bedd00301e990890f16795943f00db7b3830565c757fcb4d60704c20018e5320
kernel-doc-2.6.18-430.el5.noarch.rpm	SHA-256: e7159cfdcf8d869a3db0e410411205ba245f9bf849bef9613ad4427f416a2104
kernel-headers-2.6.18-430.el5.i386.rpm	SHA-256: 933af42e928f70d05dd02d7650c48230ea5617ba22dda26a7657488005f44d9e
kernel-xen-2.6.18-430.el5.i686.rpm	SHA-256: 78831689ea014caf9e9d6de1c96f8bb3f33f1c9a2629b1b36bc60e4db5372600
kernel-xen-debuginfo-2.6.18-430.el5.i686.rpm	SHA-256: d906b3101f27434586c30da2dedb3bb1a05034c4b9c1a93c824d9cd286583ee0
kernel-xen-devel-2.6.18-430.el5.i686.rpm	SHA-256: b4507fa78b28d39dcfee7b7b15630bfcf3416f706a08175e1e36cb424cf21070

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 5

SRPM
kernel-2.6.18-430.el5.src.rpm	SHA-256: dd31e787ccdc6795ff22a346ce0c8bd02b8b43ec02d52475eddb8a8ccf142913
s390x
kernel-2.6.18-430.el5.s390x.rpm	SHA-256: ded159fadce24d81acd43d2740fd8bbef9136051619571ff6953c6a0547dde5b
kernel-debug-2.6.18-430.el5.s390x.rpm	SHA-256: c89ddf640d9dd00710246d2b175e233167168fd2598f2f750fa5d56a642ecba5
kernel-debug-debuginfo-2.6.18-430.el5.s390x.rpm	SHA-256: bc9202be6fd6fdf8a22c14a5bdda9e42cf28f50184c02241ea93ce4ab2753fd4
kernel-debug-devel-2.6.18-430.el5.s390x.rpm	SHA-256: 71080b698cb25d478c0b011e94dd0b1e51f018ca82fbda64e06eebe3181f1cfa
kernel-debuginfo-2.6.18-430.el5.s390x.rpm	SHA-256: e320fcb1a1b57d4f0329bb3b12226663f1333e99ee17b26cbe1cf51507be1f51
kernel-debuginfo-common-2.6.18-430.el5.s390x.rpm	SHA-256: 5a1a08b0157cd7e11277d9f16e79f70b76eed5b2e672d26161c6fa5524c95da1
kernel-devel-2.6.18-430.el5.s390x.rpm	SHA-256: 7f88cf1c64cc0be0e489b59b7b7fe4892acfcca78807061c7476ee9e2d42e8f9
kernel-doc-2.6.18-430.el5.noarch.rpm	SHA-256: e7159cfdcf8d869a3db0e410411205ba245f9bf849bef9613ad4427f416a2104
kernel-headers-2.6.18-430.el5.s390x.rpm	SHA-256: 40a8bf1de321a21f20b7ec5a3c044b897c871c76903ebfcfd0ec1bfa78dfc333
kernel-kdump-2.6.18-430.el5.s390x.rpm	SHA-256: 0ae6f257d2888bce7c6d0764e4698c03f76d5c8b8fb049eb5da73cf959761bef
kernel-kdump-debuginfo-2.6.18-430.el5.s390x.rpm	SHA-256: 70c0894bf75de7c2939613611f31c6304e7a53d929c56e950f6ef1a2a9617c2e
kernel-kdump-devel-2.6.18-430.el5.s390x.rpm	SHA-256: 967fff0edbe98563d344ae8949aeef7f04502f654ab8438b4f00ace53efeffc1