Issued:
2018-05-29
Updated:
2018-05-29

RHSA-2018:1639 - Security Advisory

Synopsis

Important: kernel security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)

Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software side of the mitigation for this hardware issue. To be fully functional, up-to-date CPU microcode applied on the system is required. Please refer to References section for further information about this issue, CPU microcode requirements and the potential performance impact.

Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 6.6 x86_64
  • Red Hat Enterprise Linux Server - TUS 6.6 x86_64

Fixes

  • BZ - 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

Red Hat Enterprise Linux Server - AUS 6.6

SRPM
kernel-2.6.32-504.69.3.el6.src.rpm SHA-256: a0627e1109acaf2e550d022a5a7a1307d7539f5db712d80e0885735bc50fde2e
x86_64
kernel-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: b59915e476894852e9495232f8dc5122686d6098c785f9417d5c31631b00af1f
kernel-abi-whitelists-2.6.32-504.69.3.el6.noarch.rpm SHA-256: e1ebcbc66e511ff8c1626d482d27213643239cddf613e13a544c8d0db86207dc
kernel-debug-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: 015ad339d5201fc4f018ea0c7f74f64976144d225400659b09ff55e2b25a9339
kernel-debug-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: 0cfc7c8661af70472c8095fa10d47be92356d74ccc4ce364cda1ceb6cbf6cdc8
kernel-debug-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: 0cfc7c8661af70472c8095fa10d47be92356d74ccc4ce364cda1ceb6cbf6cdc8
kernel-debug-devel-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: a79bfb14173e33191049b74a181f2b7b19e629ca5f689c80ca304ca1e4d8da4f
kernel-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: fcc888cb950a13b8a8b7152699eb9a6a284aae37805aca9b25fa198fb303169e
kernel-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: fcc888cb950a13b8a8b7152699eb9a6a284aae37805aca9b25fa198fb303169e
kernel-debuginfo-common-x86_64-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: 728f2dc658b04d1aec7917811d12fabe66e40e3f24b655c219028ba54f7c3f4f
kernel-debuginfo-common-x86_64-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: 728f2dc658b04d1aec7917811d12fabe66e40e3f24b655c219028ba54f7c3f4f
kernel-devel-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: 70d7c5bc9701c3ed87bfa55e6ce5a6c4660236fb096374fe8fd85108a36c7b67
kernel-doc-2.6.32-504.69.3.el6.noarch.rpm SHA-256: 73eb21cd62e80d5e408b8dbfcccb4d58b127b786147651c6addbc57d533e11fa
kernel-firmware-2.6.32-504.69.3.el6.noarch.rpm SHA-256: 7803f304570cef8a871c6b71c5a0780b68ce0ececf40e035c54b5aea76b07a49
kernel-headers-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: 180908179bd008602c4ef2aaed4d85766e7e97b2be2111e619d54a92aed0a64d
perf-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: 09f1ae641b024e3cd72ac79ec1b4b950e4e10e61d0e2b3da3a400f8fc7e1c3ca
perf-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: 5bdf547177d6d35ef6aee3a442dc191c0fdfbf998050087b642c592b878b2ca5
perf-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: 5bdf547177d6d35ef6aee3a442dc191c0fdfbf998050087b642c592b878b2ca5
python-perf-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: 5b9f1d8500ed131e41b96b3d0840b82621574e1058e034e673b1b1333655077a
python-perf-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: b96c5d559f6fe6c717651165a7423d78f77b42100484514798a63c2ed4b175c9
python-perf-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: b96c5d559f6fe6c717651165a7423d78f77b42100484514798a63c2ed4b175c9

Red Hat Enterprise Linux Server - TUS 6.6

SRPM
kernel-2.6.32-504.69.3.el6.src.rpm SHA-256: a0627e1109acaf2e550d022a5a7a1307d7539f5db712d80e0885735bc50fde2e
x86_64
kernel-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: b59915e476894852e9495232f8dc5122686d6098c785f9417d5c31631b00af1f
kernel-abi-whitelists-2.6.32-504.69.3.el6.noarch.rpm SHA-256: e1ebcbc66e511ff8c1626d482d27213643239cddf613e13a544c8d0db86207dc
kernel-debug-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: 015ad339d5201fc4f018ea0c7f74f64976144d225400659b09ff55e2b25a9339
kernel-debug-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: 0cfc7c8661af70472c8095fa10d47be92356d74ccc4ce364cda1ceb6cbf6cdc8
kernel-debug-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: 0cfc7c8661af70472c8095fa10d47be92356d74ccc4ce364cda1ceb6cbf6cdc8
kernel-debug-devel-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: a79bfb14173e33191049b74a181f2b7b19e629ca5f689c80ca304ca1e4d8da4f
kernel-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: fcc888cb950a13b8a8b7152699eb9a6a284aae37805aca9b25fa198fb303169e
kernel-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: fcc888cb950a13b8a8b7152699eb9a6a284aae37805aca9b25fa198fb303169e
kernel-debuginfo-common-x86_64-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: 728f2dc658b04d1aec7917811d12fabe66e40e3f24b655c219028ba54f7c3f4f
kernel-debuginfo-common-x86_64-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: 728f2dc658b04d1aec7917811d12fabe66e40e3f24b655c219028ba54f7c3f4f
kernel-devel-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: 70d7c5bc9701c3ed87bfa55e6ce5a6c4660236fb096374fe8fd85108a36c7b67
kernel-doc-2.6.32-504.69.3.el6.noarch.rpm SHA-256: 73eb21cd62e80d5e408b8dbfcccb4d58b127b786147651c6addbc57d533e11fa
kernel-firmware-2.6.32-504.69.3.el6.noarch.rpm SHA-256: 7803f304570cef8a871c6b71c5a0780b68ce0ececf40e035c54b5aea76b07a49
kernel-headers-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: 180908179bd008602c4ef2aaed4d85766e7e97b2be2111e619d54a92aed0a64d
perf-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: 09f1ae641b024e3cd72ac79ec1b4b950e4e10e61d0e2b3da3a400f8fc7e1c3ca
perf-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: 5bdf547177d6d35ef6aee3a442dc191c0fdfbf998050087b642c592b878b2ca5
perf-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: 5bdf547177d6d35ef6aee3a442dc191c0fdfbf998050087b642c592b878b2ca5
python-perf-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: 5b9f1d8500ed131e41b96b3d0840b82621574e1058e034e673b1b1333655077a
python-perf-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: b96c5d559f6fe6c717651165a7423d78f77b42100484514798a63c2ed4b175c9
python-perf-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm SHA-256: b96c5d559f6fe6c717651165a7423d78f77b42100484514798a63c2ed4b175c9

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.