Issued:
2018-05-14
Updated:
2018-05-14

RHSA-2018:1374 - Security Advisory

Synopsis

Important: kernel-alt security and bug fix update

Type/Severity

Security Advisory: Important

Topic

An update for kernel-alt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-alt packages provide the Linux kernel version 4.x.

Security Fix(es):

  • kernel: ptrace() incorrect error handling leads to corruption and DoS (CVE-2018-1000199)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Andy Lutomirski for reporting this issue.

Bug Fix(es):

  • Previously, the nfs_commit_inode() function did not respect the FLUSH_SYNC argument and exited even if there were already the in-flight COMMIT requests. As a consequence, the mmap() system call occasionally returned the EBUSY error on NFS, and CPU soft lockups occurred during a writeback on NFS. This update fixes nfs_commit_inode() to respect FLUSH_SYNC. As a result, mmap() does not return EBUSY, and the CPU soft lockups no longer occur during NFS writebacks. (BZ#1559869)
  • Recent IBM z Systems hardware contains an extension to the time-of-day clock that ensures it will be operational after the year 2042 by avoiding an overflow that would happen without it. However, the KVM hypervisor was previously unable to handle the extension correctly, which lead to guests freezing if their kernel supported the time-of-day clock extension. This update adds support for the extension to the KVM hypervisor, and KVM guests which support it no longer freeze. (BZ#1559871)
  • This update provides the ability to disable the "RFI Flush" mitigation mechanism for the Meltdown vulnerability (CVE-2017-5754) in the kernel. The patches that mitigate the effect of Meltdown may have negative impact on performance when the mechanism they provide is enabled, and at the same time your systems may not need this mitigation if they are secured by other means. The vulnerability mitigation remains enabled by default and must be disabled manually; this restores system performance to original levels, but the system then also remains vulnerable to Meltdown. Instructions describing how to disable RFI Flush, as well as additional information, is provided in the following Red Hat Knowledgebase article: https://access.redhat.com/articles/3311301 (BZ#1561463)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for ARM 64 7 aarch64
  • Red Hat Enterprise Linux for Power 9 7 ppc64le
  • Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x

Fixes

  • BZ - 1568477 - CVE-2018-1000199 kernel: ptrace() incorrect error handling leads to corruption and DoS

CVEs

References

Red Hat Enterprise Linux for ARM 64 7

SRPM
kernel-alt-4.14.0-49.2.2.el7a.src.rpm SHA-256: fb97963ae983cc4b67c5976fed844ad656b791dee2d565a6d59c46eb520312e5
aarch64
kernel-4.14.0-49.2.2.el7a.aarch64.rpm SHA-256: 24e0f69c38fd2bd21b4c8c4d7157fff421e7c5087d221c6fdfefb39f1259fda4
kernel-abi-whitelists-4.14.0-49.2.2.el7a.noarch.rpm SHA-256: fdfc2706674eae6df95a78385b90ad20f5bbef08304b132284af3d6a875e5699
kernel-debug-4.14.0-49.2.2.el7a.aarch64.rpm SHA-256: b9eb500491b24451a471e5bcf1eecfb66f0fec9e210d272cb51cc74057eb6ff2
kernel-debug-debuginfo-4.14.0-49.2.2.el7a.aarch64.rpm SHA-256: aa3d089e32cf678df79b062e45dc63bee2294edc7bc60725cdcb15b0f4529a9a
kernel-debug-debuginfo-4.14.0-49.2.2.el7a.aarch64.rpm SHA-256: aa3d089e32cf678df79b062e45dc63bee2294edc7bc60725cdcb15b0f4529a9a
kernel-debug-devel-4.14.0-49.2.2.el7a.aarch64.rpm SHA-256: 1e6b73ec974549197708c459d0d1d741aee2b0bcd1545e1598839812f9f8fa27
kernel-debuginfo-4.14.0-49.2.2.el7a.aarch64.rpm SHA-256: 145ae13ca8fc9e164bbf8c007df16cc917cb0b17196238f06886986b24c97c98
kernel-debuginfo-4.14.0-49.2.2.el7a.aarch64.rpm SHA-256: 145ae13ca8fc9e164bbf8c007df16cc917cb0b17196238f06886986b24c97c98
kernel-debuginfo-common-aarch64-4.14.0-49.2.2.el7a.aarch64.rpm SHA-256: ca8d0c40c4884f20d084c9f29a9bee0ff15b83891ddbf49794389de41531f05a
kernel-debuginfo-common-aarch64-4.14.0-49.2.2.el7a.aarch64.rpm SHA-256: ca8d0c40c4884f20d084c9f29a9bee0ff15b83891ddbf49794389de41531f05a
kernel-devel-4.14.0-49.2.2.el7a.aarch64.rpm SHA-256: 2200c22517e0976c402db97220783b16368f149c07d774eea75a14e0fca15400
kernel-doc-4.14.0-49.2.2.el7a.noarch.rpm SHA-256: 050db63c583a2a72e27704d4075a75a161bc3e3ce6290c2705ed69875b1f5747
kernel-headers-4.14.0-49.2.2.el7a.aarch64.rpm SHA-256: 539ded098fe929b2e0e9f4d58365347fcf2a4e04d0ecdcaacb2f012e7cbddf36
kernel-tools-4.14.0-49.2.2.el7a.aarch64.rpm SHA-256: 4c2c9913f36f290d5048da26be80033fa86cd8414d4f23b0e7e57965f7336392
kernel-tools-debuginfo-4.14.0-49.2.2.el7a.aarch64.rpm SHA-256: 7fc1a8b516036a2cd0fdfcd20553e52838e39fdc2d22fa8c6739914b931a4a16
kernel-tools-debuginfo-4.14.0-49.2.2.el7a.aarch64.rpm SHA-256: 7fc1a8b516036a2cd0fdfcd20553e52838e39fdc2d22fa8c6739914b931a4a16
kernel-tools-libs-4.14.0-49.2.2.el7a.aarch64.rpm SHA-256: e7e46ce4884a24ea740d10ae7b8da5313b3073ea7e9bb9f5e59442132f7d25ba
kernel-tools-libs-devel-4.14.0-49.2.2.el7a.aarch64.rpm SHA-256: b3ebefa3865c774446bc15d561f4e8678b96628507e52f11042e7302b3b1ab53
perf-4.14.0-49.2.2.el7a.aarch64.rpm SHA-256: 8ae8f79cba4a229607b3f66a374b069e6c91aed4545c705522abfa5fd98cef16
perf-debuginfo-4.14.0-49.2.2.el7a.aarch64.rpm SHA-256: 78da6e2f59f471a0d89bdd6ddaaa912311afd71c0d9032bb9eb28045161a77eb
perf-debuginfo-4.14.0-49.2.2.el7a.aarch64.rpm SHA-256: 78da6e2f59f471a0d89bdd6ddaaa912311afd71c0d9032bb9eb28045161a77eb
python-perf-4.14.0-49.2.2.el7a.aarch64.rpm SHA-256: 96cae50b93d4a5b6674d9924961072477ac71274b742af110c6206d62867d362
python-perf-debuginfo-4.14.0-49.2.2.el7a.aarch64.rpm SHA-256: 5aacb8e90c86d58ae91624b4988e1411a3db6ec0cf924bb619a0ff7b70fe556e
python-perf-debuginfo-4.14.0-49.2.2.el7a.aarch64.rpm SHA-256: 5aacb8e90c86d58ae91624b4988e1411a3db6ec0cf924bb619a0ff7b70fe556e

Red Hat Enterprise Linux for Power 9 7

SRPM
kernel-alt-4.14.0-49.2.2.el7a.src.rpm SHA-256: fb97963ae983cc4b67c5976fed844ad656b791dee2d565a6d59c46eb520312e5
ppc64le
kernel-4.14.0-49.2.2.el7a.ppc64le.rpm SHA-256: b167ee97234d397eaf7afe3663ab43e9ba94049436b4a0569b61877e7e935fb0
kernel-abi-whitelists-4.14.0-49.2.2.el7a.noarch.rpm SHA-256: fdfc2706674eae6df95a78385b90ad20f5bbef08304b132284af3d6a875e5699
kernel-bootwrapper-4.14.0-49.2.2.el7a.ppc64le.rpm SHA-256: 78d2ee3b4829c19363aed4c6020d5af1bc355eb30abede62749533182efa90a6
kernel-debug-4.14.0-49.2.2.el7a.ppc64le.rpm SHA-256: 935422aef1b7b595d1803005dffd8022f87f8e337eaffbed5e0fc5d29a02e025
kernel-debug-debuginfo-4.14.0-49.2.2.el7a.ppc64le.rpm SHA-256: c1a6e87ba64cde6c179e527313194c4b8a9fb2b7b1b48168baeeba8dfbf02665
kernel-debug-debuginfo-4.14.0-49.2.2.el7a.ppc64le.rpm SHA-256: c1a6e87ba64cde6c179e527313194c4b8a9fb2b7b1b48168baeeba8dfbf02665
kernel-debug-devel-4.14.0-49.2.2.el7a.ppc64le.rpm SHA-256: 61cd656cf572a7e4ef6078db2883b1ea0456e472ba3a901aa36c90944f43e397
kernel-debuginfo-4.14.0-49.2.2.el7a.ppc64le.rpm SHA-256: 83a7d95f38b2cf47126f1888090c8dc853e6b34de861d2f1f3ea0ad15775524e
kernel-debuginfo-4.14.0-49.2.2.el7a.ppc64le.rpm SHA-256: 83a7d95f38b2cf47126f1888090c8dc853e6b34de861d2f1f3ea0ad15775524e
kernel-debuginfo-common-ppc64le-4.14.0-49.2.2.el7a.ppc64le.rpm SHA-256: ac8f324043fb275bce5d9891432c5c8d93f1cb22cb69476e8e0da0de56430ba8
kernel-debuginfo-common-ppc64le-4.14.0-49.2.2.el7a.ppc64le.rpm SHA-256: ac8f324043fb275bce5d9891432c5c8d93f1cb22cb69476e8e0da0de56430ba8
kernel-devel-4.14.0-49.2.2.el7a.ppc64le.rpm SHA-256: e75a17414f892f662e128450128a54bea55ff8466949f048577689d7f9d337ea
kernel-doc-4.14.0-49.2.2.el7a.noarch.rpm SHA-256: 050db63c583a2a72e27704d4075a75a161bc3e3ce6290c2705ed69875b1f5747
kernel-headers-4.14.0-49.2.2.el7a.ppc64le.rpm SHA-256: 6cafdaf979403ccd8c66d9275e81cc140af6e7c852983ce05eff6dc552c4f135
kernel-tools-4.14.0-49.2.2.el7a.ppc64le.rpm SHA-256: 550a18c4e6d8b27b1191cbb106d678315ccdce070e7a314c6bee4cefbbcb7995
kernel-tools-debuginfo-4.14.0-49.2.2.el7a.ppc64le.rpm SHA-256: 77e3cb38e50ffdee85aeaac10dd3046d4c50437443dd2944789a217e0692ddac
kernel-tools-debuginfo-4.14.0-49.2.2.el7a.ppc64le.rpm SHA-256: 77e3cb38e50ffdee85aeaac10dd3046d4c50437443dd2944789a217e0692ddac
kernel-tools-libs-4.14.0-49.2.2.el7a.ppc64le.rpm SHA-256: fe627b52ffede75d505ba9272f0bd286a07e840755b9263e583de489964c8526
kernel-tools-libs-devel-4.14.0-49.2.2.el7a.ppc64le.rpm SHA-256: 31328400253ff1b3f877c767796f6d96c58abe925b9a4c1e8392f7080d748f8f
perf-4.14.0-49.2.2.el7a.ppc64le.rpm SHA-256: c8dfa686058e5934843622385b1f1fc18e6068f26f66438eb0e3a85e3c2930ed
perf-debuginfo-4.14.0-49.2.2.el7a.ppc64le.rpm SHA-256: 87a7d939437f13e05e07347fb2135b413b40b453c83b5d3bf0c6ff05ce06b884
perf-debuginfo-4.14.0-49.2.2.el7a.ppc64le.rpm SHA-256: 87a7d939437f13e05e07347fb2135b413b40b453c83b5d3bf0c6ff05ce06b884
python-perf-4.14.0-49.2.2.el7a.ppc64le.rpm SHA-256: 28ad5e784041a3a369fdb82f18a2d99bd17ee0564d9834181c33e4219c6d8326
python-perf-debuginfo-4.14.0-49.2.2.el7a.ppc64le.rpm SHA-256: b77766f8f155ade43d4357c00e78a880bea0b9217bb1a6292b638566c8ab7158
python-perf-debuginfo-4.14.0-49.2.2.el7a.ppc64le.rpm SHA-256: b77766f8f155ade43d4357c00e78a880bea0b9217bb1a6292b638566c8ab7158

Red Hat Enterprise Linux for IBM System z (Structure A) 7

SRPM
kernel-alt-4.14.0-49.2.2.el7a.src.rpm SHA-256: fb97963ae983cc4b67c5976fed844ad656b791dee2d565a6d59c46eb520312e5
s390x
kernel-4.14.0-49.2.2.el7a.s390x.rpm SHA-256: 85b8db6e997554991b7b6d768b6a09ac440802dfa4efb62406041681cae27d6d
kernel-abi-whitelists-4.14.0-49.2.2.el7a.noarch.rpm SHA-256: fdfc2706674eae6df95a78385b90ad20f5bbef08304b132284af3d6a875e5699
kernel-debug-4.14.0-49.2.2.el7a.s390x.rpm SHA-256: 3e6bdf6712d1ce292f52ad9d4a5412500cdab78a621f2b74711dc4bfe82c5454
kernel-debug-debuginfo-4.14.0-49.2.2.el7a.s390x.rpm SHA-256: fe45eafd929cb804f90bffb0a9e803292497ce564296fb2c3a6d0468f4bb9f25
kernel-debug-devel-4.14.0-49.2.2.el7a.s390x.rpm SHA-256: 4dfb64f3f794ea7a21c231491107483bb96bedebe8d1938df2b766d9b3352984
kernel-debuginfo-4.14.0-49.2.2.el7a.s390x.rpm SHA-256: e24039afe4a4e9cdb6a421c5b56d2df628bb6f6cfc35f5a6edf75424a696b89a
kernel-debuginfo-common-s390x-4.14.0-49.2.2.el7a.s390x.rpm SHA-256: df818a23153822765d2eb18e17b1f72465bff920309b002fa345d68d484df8c6
kernel-devel-4.14.0-49.2.2.el7a.s390x.rpm SHA-256: ac059b61bfbde7f97b29b292ac1dacc5759b35d13665b1672a53f60431fd9210
kernel-doc-4.14.0-49.2.2.el7a.noarch.rpm SHA-256: 050db63c583a2a72e27704d4075a75a161bc3e3ce6290c2705ed69875b1f5747
kernel-headers-4.14.0-49.2.2.el7a.s390x.rpm SHA-256: f883a77f99cd512236636dce7acba8ec4e82c7bac3b108626d25902ec050f3ec
kernel-kdump-4.14.0-49.2.2.el7a.s390x.rpm SHA-256: 6956f645dbb92d4b321b4db7496587c83ace65a091c8e0ee3e425efb33827de3
kernel-kdump-debuginfo-4.14.0-49.2.2.el7a.s390x.rpm SHA-256: 24596c7323c7882e76333da549b1d87478a5bf6446988188dc6897dcc17ddd17
kernel-kdump-devel-4.14.0-49.2.2.el7a.s390x.rpm SHA-256: f366f29d3f71ec5efa5126855f54b7183e2c6005c29a4f811312409a4a0fe50b
perf-4.14.0-49.2.2.el7a.s390x.rpm SHA-256: 230aa4da898d12103f9d8081731b5959164d91ae5e6862a277411d000f41f8ab
perf-debuginfo-4.14.0-49.2.2.el7a.s390x.rpm SHA-256: 30ae321975b9fd06663470441462c19c4ad9c65306dfb06673bf8184a8b3f53d
python-perf-4.14.0-49.2.2.el7a.s390x.rpm SHA-256: 5eeb968e84bf48854ff3d6fdb8942915515c6c0dcf78c5e8e639fffadf9785cf
python-perf-debuginfo-4.14.0-49.2.2.el7a.s390x.rpm SHA-256: d1f9134805828e708a019e8fa3d6051922a70f4341cf42742767e263871743e1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.