- Issued:
- 2019-01-29
- Updated:
- 2019-01-29
RHSA-2019:0188 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- The kernel-rt packages have been upgraded to the 3.10.0-957.5.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1653822)
- Under certain circumstances, the following warning message, which indicated a SCHED_DEADLINE bandwidth tracking mechanism error, occurred:
WARNING: CPU: 8 PID: 19536 at kernel/sched/deadline.c:64 dequeue_task_dl+0x121/0x140
This update fixes the sched_setscheduler() core kernel function, and backports multiple upstream patches to the SCHED_DEADLINE scheduler. As a result, the SCHED_DEADLINE bandwidth tracking mechanism is prevented from error conditions, and the warning message no longer occurs. (BZ#1655439)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 7 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
Fixes
- BZ - 1641878 - CVE-2018-18559 kernel: Use-after-free due to race condition in AF_PACKET implementation
CVEs
Red Hat Enterprise Linux for Real Time 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-957.5.1.rt56.916.el7.src.rpm | SHA-256: 4cda57ba9fffeaeba5cd153c71bbd29ec304fb9a5c672fe4e5c144396ef59113 |
| x86_64 | |
| kernel-rt-3.10.0-957.5.1.rt56.916.el7.x86_64.rpm | SHA-256: a4a7dfa5bc20f9c4fff97bd6e8e5330728907ee20bd87b0801178802f79982ba |
| kernel-rt-debug-3.10.0-957.5.1.rt56.916.el7.x86_64.rpm | SHA-256: 33708eb362af6b5a53edcd3d60b876a9f03371aa0cff256178dd27df7600da93 |
| kernel-rt-debug-devel-3.10.0-957.5.1.rt56.916.el7.x86_64.rpm | SHA-256: 80e614a28f85a666f4fc355046e65c7030896e28ab900767418f3c8e5f4f6fb3 |
| kernel-rt-devel-3.10.0-957.5.1.rt56.916.el7.x86_64.rpm | SHA-256: 4a21efc924670c315cc7566aa104b2314abdccb260f4f8561dd25780fd233c5b |
| kernel-rt-doc-3.10.0-957.5.1.rt56.916.el7.noarch.rpm | SHA-256: 390e97211753e9f7d670c063df52c5f99fb0c7e3d87e25f712f6529c453097cb |
| kernel-rt-trace-3.10.0-957.5.1.rt56.916.el7.x86_64.rpm | SHA-256: 5b597f2957c43dcab2fca0befbd595fa05d96eb8880ec4b7e153fcfd29abddbe |
| kernel-rt-trace-devel-3.10.0-957.5.1.rt56.916.el7.x86_64.rpm | SHA-256: d4f7235dcc68884d7063558c2dab451bae90325bb7fd248568ba205ebc128bb8 |
Red Hat Enterprise Linux for Real Time for NFV 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-957.5.1.rt56.916.el7.src.rpm | SHA-256: 4cda57ba9fffeaeba5cd153c71bbd29ec304fb9a5c672fe4e5c144396ef59113 |
| x86_64 | |
| kernel-rt-3.10.0-957.5.1.rt56.916.el7.x86_64.rpm | SHA-256: a4a7dfa5bc20f9c4fff97bd6e8e5330728907ee20bd87b0801178802f79982ba |
| kernel-rt-debug-3.10.0-957.5.1.rt56.916.el7.x86_64.rpm | SHA-256: 33708eb362af6b5a53edcd3d60b876a9f03371aa0cff256178dd27df7600da93 |
| kernel-rt-debug-debuginfo-3.10.0-957.5.1.rt56.916.el7.x86_64.rpm | SHA-256: 8ea030306b247464d3a46bf55bb50071e6f7ee5aa32f18a22eb9ca44048ffa63 |
| kernel-rt-debug-devel-3.10.0-957.5.1.rt56.916.el7.x86_64.rpm | SHA-256: 80e614a28f85a666f4fc355046e65c7030896e28ab900767418f3c8e5f4f6fb3 |
| kernel-rt-debug-kvm-3.10.0-957.5.1.rt56.916.el7.x86_64.rpm | SHA-256: e5ca98244ae09c5f4e3dbb7a0970d04b0443a8a335e6c8bcf663b68fabf533fc |
| kernel-rt-debug-kvm-debuginfo-3.10.0-957.5.1.rt56.916.el7.x86_64.rpm | SHA-256: 9a759133e6d2e669e6f2bd0777819025a2b6677925a478a3046d814993db775c |
| kernel-rt-debuginfo-3.10.0-957.5.1.rt56.916.el7.x86_64.rpm | SHA-256: a2a39649bd78a52863a8af462829d0fd68de8319f67d57ef822b599ec8372f29 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-957.5.1.rt56.916.el7.x86_64.rpm | SHA-256: 2d4a4ad5933c3e5b57b45bba7c7bf050439c118b75424812b96385f22a118961 |
| kernel-rt-devel-3.10.0-957.5.1.rt56.916.el7.x86_64.rpm | SHA-256: 4a21efc924670c315cc7566aa104b2314abdccb260f4f8561dd25780fd233c5b |
| kernel-rt-doc-3.10.0-957.5.1.rt56.916.el7.noarch.rpm | SHA-256: 390e97211753e9f7d670c063df52c5f99fb0c7e3d87e25f712f6529c453097cb |
| kernel-rt-kvm-3.10.0-957.5.1.rt56.916.el7.x86_64.rpm | SHA-256: b9e40f671231dfa5d9d735c3a08b25e71f56dd89e4b598e4759a2b5d833e4cce |
| kernel-rt-kvm-debuginfo-3.10.0-957.5.1.rt56.916.el7.x86_64.rpm | SHA-256: 8a73d6f96e9996b596af3692ff996e1efc65cde402e3b71860305261d67f7c14 |
| kernel-rt-trace-3.10.0-957.5.1.rt56.916.el7.x86_64.rpm | SHA-256: 5b597f2957c43dcab2fca0befbd595fa05d96eb8880ec4b7e153fcfd29abddbe |
| kernel-rt-trace-debuginfo-3.10.0-957.5.1.rt56.916.el7.x86_64.rpm | SHA-256: 7bc1a2df9843d13c39d72052876a665e5107bab6c994fc3b023087f259f1e1f9 |
| kernel-rt-trace-devel-3.10.0-957.5.1.rt56.916.el7.x86_64.rpm | SHA-256: d4f7235dcc68884d7063558c2dab451bae90325bb7fd248568ba205ebc128bb8 |
| kernel-rt-trace-kvm-3.10.0-957.5.1.rt56.916.el7.x86_64.rpm | SHA-256: 38579ee8063a2df0596319cee9800a2a902f168bd7d92dbdc0ffcfdb4c4c0e91 |
| kernel-rt-trace-kvm-debuginfo-3.10.0-957.5.1.rt56.916.el7.x86_64.rpm | SHA-256: 9ca45b2e5647285508bfc4e92d27d6838473029ed44d52acffb9c50183c0f696 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.