Issued:
2018-04-25
Updated:
2018-04-25

RHSA-2018:1252 - Security Advisory

Synopsis

Important: kernel security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel is now available for Red Hat Enterprise Linux 5.9 Long Life.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important, x86-64)
  • kernel: exec/ptrace: get_dumpable() incorrect tests (CVE-2013-2929, Low)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Google Project Zero for reporting CVE-2017-5715.

Bug Fix(es):

  • The Return Trampolines (Retpolines) mechanism is a software construct that leverages specific knowledge of the underlying hardware to mitigate the branch target injection, also known as Spectre variant 2 vulnerability described in CVE-2017-5715. With this update, the support for Retpolines has been implemented into the Red Hat Enterprise Linux kernel. (BZ#1539655)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 5.9 x86_64
  • Red Hat Enterprise Linux Server - AUS 5.9 ia64
  • Red Hat Enterprise Linux Server - AUS 5.9 i386

Fixes

  • BZ - 1028148 - CVE-2013-2929 kernel: exec/ptrace: get_dumpable() incorrect tests
  • BZ - 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection

Red Hat Enterprise Linux Server - AUS 5.9

SRPM
kernel-2.6.18-348.39.1.el5.src.rpm SHA-256: 94639d3ad020354dee0e5c8f1a82436a0742054fc17f9294f67f7d8c8e011af4
x86_64
kernel-2.6.18-348.39.1.el5.x86_64.rpm SHA-256: db9efed40f62e3ebfe3387f76f56a643e4d3e848e5eac8c1f1640fec518462df
kernel-debug-2.6.18-348.39.1.el5.x86_64.rpm SHA-256: bfb4f15e6e04ea4cee21fd8cb6367b3081fd4cea6375d70649a2add2d0dcb7a0
kernel-debug-debuginfo-2.6.18-348.39.1.el5.x86_64.rpm SHA-256: c8b8b9572e3fc467944579ef2ba4a7bb7a9e92b49e730eee20cde504d4a9ec9c
kernel-debug-devel-2.6.18-348.39.1.el5.x86_64.rpm SHA-256: 9f6f7e78b177a2f8bbe4acf1c4e5d2b00ec803c415699ce3af4efe6d89e8ed48
kernel-debuginfo-2.6.18-348.39.1.el5.x86_64.rpm SHA-256: f0ee822fc9aca843b8a66b6b49362b469ee9e03076d4edf52d990da6e2baf273
kernel-debuginfo-common-2.6.18-348.39.1.el5.x86_64.rpm SHA-256: 1250b1f848629fcf7de18cabf2aeb50e052d0b0932ecd7cd56547696d66964cd
kernel-devel-2.6.18-348.39.1.el5.x86_64.rpm SHA-256: fd5d4d3d41a3e8ca64f6b14dda326f1dafe61a6764d41ffd799f97f4350b6e84
kernel-doc-2.6.18-348.39.1.el5.noarch.rpm SHA-256: f722352fe887ed6964153e38a6736093e43ecfc336b5c342af365c8bce45800f
kernel-headers-2.6.18-348.39.1.el5.x86_64.rpm SHA-256: 227fc478e68694a014ed622a324a75f433b162895181062cdb2170eaeee02dee
kernel-xen-2.6.18-348.39.1.el5.x86_64.rpm SHA-256: 035c3d8b1bb4e97c30a8b5600acdebc91a8519aa4dc5e95586c8915915269941
kernel-xen-debuginfo-2.6.18-348.39.1.el5.x86_64.rpm SHA-256: da2cbdca78bace7dc6ac0f11f4def737fd364cbe54497e1c4cb17bf0df6fdacb
kernel-xen-devel-2.6.18-348.39.1.el5.x86_64.rpm SHA-256: 1095af58c7bd23f0434f18c55e46b84c024b8616fcd265c3b34066304e32394e
ia64
kernel-2.6.18-348.39.1.el5.ia64.rpm SHA-256: 5096396b926e4c546a370a297000cc34de5f855226f04f21a7476b01d6ac4bd1
kernel-debug-2.6.18-348.39.1.el5.ia64.rpm SHA-256: 586eda807f5e46c763f458543e5f39d465159c093555ae3b28f04b682da87a88
kernel-debug-debuginfo-2.6.18-348.39.1.el5.ia64.rpm SHA-256: a9aec1b60efc396d4bb810de6fe4d07e22381153e820f0218f1a206d77a74578
kernel-debug-devel-2.6.18-348.39.1.el5.ia64.rpm SHA-256: 60733a2cea22f75e4a2d864169ab9cedf267ee01c5c62bf3931c86a9fb4e15bf
kernel-debuginfo-2.6.18-348.39.1.el5.ia64.rpm SHA-256: bb79d1a702792869ea10d23e2c2b985f8fccb9a2b449f576b674b93c1d484214
kernel-debuginfo-common-2.6.18-348.39.1.el5.ia64.rpm SHA-256: 440e93e3fb76dadd1c3203e7368edd147fea17bb9e998c8c25a6496cdfc6bd46
kernel-devel-2.6.18-348.39.1.el5.ia64.rpm SHA-256: e67d7485f5ff100cbc3ae9ffe5198ef39ed1bdbd0c2ba749f8e53c477aa73833
kernel-doc-2.6.18-348.39.1.el5.noarch.rpm SHA-256: f722352fe887ed6964153e38a6736093e43ecfc336b5c342af365c8bce45800f
kernel-headers-2.6.18-348.39.1.el5.ia64.rpm SHA-256: 14e494b17625fd2a804cb78dbcdf9b89710d6a6f7b4db0d916015a1dfd895f5d
kernel-xen-2.6.18-348.39.1.el5.ia64.rpm SHA-256: 6eb8179758e2ac93d2e62551fbb9a9f128d993f165ca0c3e026b746a68ed74dc
kernel-xen-debuginfo-2.6.18-348.39.1.el5.ia64.rpm SHA-256: 623f3dc6319483b5f2fa712da5003f66c108759de5beb68c7b3a8a7ed266a9d4
kernel-xen-devel-2.6.18-348.39.1.el5.ia64.rpm SHA-256: 83f863049a4c520d9601a8e3b1b39d678091cfebdf68dd67b453853dfae7ac30
i386
kernel-2.6.18-348.39.1.el5.i686.rpm SHA-256: 1fc55f976d8ab6634282f6e46004580ef79ae23f24de9ee23ec6927c51f20e73
kernel-PAE-2.6.18-348.39.1.el5.i686.rpm SHA-256: 024adc49cbd6854d2ef44546c7fa2cf93b9393ae871a06e88697811f574b6979
kernel-PAE-debuginfo-2.6.18-348.39.1.el5.i686.rpm SHA-256: f09a071c01a9a505362225438ee06500862dc9cbeba3bb8459684a1f13f9b331
kernel-PAE-devel-2.6.18-348.39.1.el5.i686.rpm SHA-256: 16082b1fbcd29c63aa81e5e68dd78813e3848731a2de641fdcce05e5cdef592b
kernel-debug-2.6.18-348.39.1.el5.i686.rpm SHA-256: 506b8a00776d1b42bf5078251947ad1142c3110c8978603cdd5fb5bdf2f9a0a0
kernel-debug-debuginfo-2.6.18-348.39.1.el5.i686.rpm SHA-256: d41555024798bd60b9b7ea71a86485308a900f6bf2c86583766c7c4a69e166b3
kernel-debug-devel-2.6.18-348.39.1.el5.i686.rpm SHA-256: ba7402ff32b6c130548d09013138cb221b0bb9a595a37ce1a2f7b16ed364cd16
kernel-debuginfo-2.6.18-348.39.1.el5.i686.rpm SHA-256: 62d75637aa54e9ba1b3740d79f2e47e8a847a78d0dd2d0bf7483e2b8f64a945f
kernel-debuginfo-common-2.6.18-348.39.1.el5.i686.rpm SHA-256: d842ec48ddd1a60951c78fe0ea64cd427383ec237436212bd40c437447535469
kernel-devel-2.6.18-348.39.1.el5.i686.rpm SHA-256: d639fab6086d7b047483dbd0e8b50b9864ad0e28b28ffb16d2c369496a52bb90
kernel-doc-2.6.18-348.39.1.el5.noarch.rpm SHA-256: f722352fe887ed6964153e38a6736093e43ecfc336b5c342af365c8bce45800f
kernel-headers-2.6.18-348.39.1.el5.i386.rpm SHA-256: 32514f16083642b71012aae888b5a2c2964697b8d6d9d2dba365b720406394d3
kernel-xen-2.6.18-348.39.1.el5.i686.rpm SHA-256: dbdc18236edfb2e13a3e1e8326a5a2332b6f383473a6ed9ce6410c758ca63286
kernel-xen-debuginfo-2.6.18-348.39.1.el5.i686.rpm SHA-256: 79e0b5fa0a0256134c746475da3346a9834d7927c241f32da43ba68789a09cc8
kernel-xen-devel-2.6.18-348.39.1.el5.i686.rpm SHA-256: a0a6cd25b6b1ae46763c122b7dfe26196e5745080efe317f83e043094623dd14

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.