ID

VAR-201801-1708

CVE

CVE-2017-18017

TITLE

Linux Kernel Uses freed memory vulnerability

DESCRIPTION

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. Linux Kernel Contains a vulnerability in the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Linux Kernel is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Linux kernel versions prior to 4.11, and 4.9.x prior to 4.9.36 are vulnerable. 6) - i386, x86_64 3. Red Hat would like to thank Google Project Zero for reporting CVE-2017-5754; Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897; Mohamed Ghannam for reporting CVE-2017-8824; and Armis Labs for reporting CVE-2017-1000410. Bug Fix(es): These updated kernel packages include also numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. See the bug fix descriptions in the related Knowledge Article: https://access.redhat.com/articles/3431591 4. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This issue is present in hardware and cannot be fully fixed via software update. To be fully functional, up-to-date CPU microcode applied on the system might be required. Bugs fixed (https://bugzilla.redhat.com/): 1531135 - CVE-2017-18017 kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass 6. 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4187-1 security@debian.org https://www.debian.org/security/ Ben Hutchings May 01, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753 CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017 CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241 CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332 CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927 CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757 CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004 CVE-2018-1000199 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-9016 Ming Lei reported a race condition in the multiqueue block layer (blk-mq). On a system with a driver using blk-mq (mtip32xx, null_blk, or virtio_blk), a local user might be able to use this for denial of service or possibly for privilege escalation. CVE-2017-0861 Robb Glasser reported a potential use-after-free in the ALSA (sound) PCM core. We believe this was not possible in practice. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 2 (branch target injection) and is mitigated for the x86 architecture (amd64 and i386) by using the "retpoline" compiler feature which allows indirect branches to be isolated from speculative execution. CVE-2017-5753 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 1 (bounds-check bypass) and is mitigated by identifying vulnerable code sections (array bounds checking followed by array access) and replacing the array access with the speculation-safe array_index_nospec() function. More use sites will be added over time. CVE-2017-13166 A bug in the 32-bit compatibility layer of the v4l2 ioctl handling code has been found. Memory protections ensuring user-provided buffers always point to userland memory were disabled, allowing destination addresses to be in kernel space. On a 64-bit kernel a local user with access to a suitable video device can exploit this to overwrite kernel memory, leading to privilege escalation. CVE-2017-13220 Al Viro reported that the Bluetooth HIDP implementation could dereference a pointer before performing the necessary type check. A local user could use this to cause a denial of service. CVE-2017-16526 Andrey Konovalov reported that the UWB subsystem may dereference an invalid pointer in an error case. A local user might be able to use this for denial of service. CVE-2017-16911 Secunia Research reported that the USB/IP vhci_hcd driver exposed kernel heap addresses to local users. This information could aid the exploitation of other vulnerabilities. CVE-2017-16912 Secunia Research reported that the USB/IP stub driver failed to perform a range check on a received packet header field, leading to an out-of-bounds read. A remote user able to connect to the USB/IP server could use this for denial of service. CVE-2017-16913 Secunia Research reported that the USB/IP stub driver failed to perform a range check on a received packet header field, leading to excessive memory allocation. A remote user able to connect to the USB/IP server could use this for denial of service. CVE-2017-16914 Secunia Research reported that the USB/IP stub driver failed to check for an invalid combination of fields in a received packet, leading to a null pointer dereference. A remote user able to connect to the USB/IP server could use this for denial of service. CVE-2017-18017 Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module failed to validate TCP header lengths, potentially leading to a use-after-free. If this module is loaded, it could be used by a remote attacker for denial of service or possibly for code execution. CVE-2017-18203 Hou Tao reported that there was a race condition in creation and deletion of device-mapper (DM) devices. A local user could potentially use this for denial of service. CVE-2017-18216 Alex Chen reported that the OCFS2 filesystem failed to hold a necessary lock during nodemanager sysfs file operations, potentially leading to a null pointer dereference. A local user could use this for denial of service. CVE-2017-18232 Jason Yan reported a race condition in the SAS (Serial-Attached SCSI) subsystem, between probing and destroying a port. This could lead to a deadlock. CVE-2017-18241 Yunlei He reported that the f2fs implementation does not properly initialise its state if the "noflush_merge" mount option is used. A local user with access to a filesystem mounted with this option could use this to cause a denial of service. CVE-2018-1066 Dan Aloni reported to Red Hat that the CIFS client implementation would dereference a null pointer if the server sent an invalid response during NTLMSSP setup negotiation. This could be used by a malicious server for denial of service. CVE-2018-1068 The syzkaller tool found that the 32-bit compatibility layer of ebtables did not sufficiently validate offset values. On a 64-bit kernel, a local user with the CAP_NET_ADMIN capability (in any user namespace) could use this to overwrite kernel memory, possibly leading to privilege escalation. Debian disables unprivileged user namespaces by default. CVE-2018-1092 Wen Xu reported that a crafted ext4 filesystem image would trigger a null dereference when mounted. A local user able to mount arbitrary filesystems could use this for denial of service. CVE-2018-5332 Mohamed Ghannam reported that the RDS protocol did not sufficiently validate RDMA requests, leading to an out-of-bounds write. A local attacker on a system with the rds module loaded could use this for denial of service or possibly for privilege escalation. CVE-2018-5333 Mohamed Ghannam reported that the RDS protocol did not properly handle an error case, leading to a null pointer dereference. A local attacker on a system with the rds module loaded could possibly use this for denial of service. CVE-2018-5750 Wang Qize reported that the ACPI sbshc driver logged a kernel heap address. This information could aid the exploitation of other vulnerabilities. CVE-2018-5803 Alexey Kodanev reported that the SCTP protocol did not range-check the length of chunks to be created. A local or remote user could use this to cause a denial of service. CVE-2018-6927 Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did not check for negative parameter values, which might lead to a denial of service or other security impact. CVE-2018-7492 The syzkaller tool found that the RDS protocol was lacking a null pointer check. A local attacker on a system with the rds module loaded could use this for denial of service. CVE-2018-7566 Fan LongFei reported a race condition in the ALSA (sound) sequencer core, between write and ioctl operations. This could lead to an out-of-bounds access or use-after-free. A local user with access to a sequencer device could use this for denial of service or possibly for privilege escalation. CVE-2018-7740 Nic Losby reported that the hugetlbfs filesystem's mmap operation did not properly range-check the file offset. A local user with access to files on a hugetlbfs filesystem could use this to cause a denial of service. CVE-2018-7757 Jason Yan reported a memory leak in the SAS (Serial-Attached SCSI) subsystem. A local user on a system with SAS devices could use this to cause a denial of service. CVE-2018-7995 Seunghun Han reported a race condition in the x86 MCE (Machine Check Exception) driver. This is unlikely to have any security impact. CVE-2018-8781 Eyal Itkin reported that the udl (DisplayLink) driver's mmap operation did not properly range-check the file offset. A local user with access to a udl framebuffer device could exploit this to overwrite kernel memory, leading to privilege escalation. CVE-2018-8822 Dr Silvio Cesare of InfoSect reported that the ncpfs client implementation did not validate reply lengths from the server. An ncpfs server could use this to cause a denial of service or remote code execution in the client. CVE-2018-1000004 Luo Quan reported a race condition in the ALSA (sound) sequencer core, between multiple ioctl operations. This could lead to a deadlock or use-after-free. A local user with access to a sequencer device could use this for denial of service or possibly for privilege escalation. CVE-2018-1000199 Andy Lutomirski discovered that the ptrace subsystem did not sufficiently validate hardware breakpoint settings. Local users can use this to cause a denial of service, or possibly for privilege escalation, on x86 (amd64 and i386) and possibly other architectures. For the oldstable distribution (jessie), these problems have been fixed in version 3.16.56-1. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlron61fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Rtqw//Xf/L4bP65wU9M59Ef6xBt+Eph+yxeMsioGhu80ODdMemlmHzASMtfZjY AXxyt9l8lbHn8MmwDA4aLhhwHYXwvKATdpHSy1SILrRfb4s9P9uV1vsHaIeZ649E hDyNon9hP2tPso6BwqiYHZZy9Xxtd+T8vTBeBZwUKOLBkBRvV/gyNSUdJWp6L8WH aF4D1hHl9ZotDkyIvkubbx77aqbJ88I4R0n69x7L9udFbuXa+U7hV6dJdnpzyl/7 OukJfEtnkaUgWu0MdOfFss6iH5OQISn/y/ricRi29oKQiEp3YwnT5J9pFwSQeJJS H8ABVt251UoS0J+of3QWw0muOT/6UAF8SNpPKMJXC7Euq8pTmYVPSIeUYf4eqn65 UHZSCKXaszItq+uzVNYdkj504BJ4cG1lFxZtlrFWwKE8p7QOETN0GKvTRdu/SvDd Hl2nb4HouLpBYS518Th2/MGgzhXXAuO12MH3smenptZbqxKn9Z0XSTJYzFupgJk/ kKF2xkDFBE4toTLVE+6XdUKwYk4vkeDZyOGOwRYThSkKAzrUh5zThgal4HnknD2A 5ye4XLhjgSIT47/nmor6lhxd7WGXGkV33GF0azYlHr/sclfzxcU2Ev3NUBWQ8M3s CxfIO0FNCzO0WIUf40md7MlIAnDBIRGyYgNIIe7AnSRKKPykEx8= =wNQS -----END PGP SIGNATURE----- . Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Security Fix(es): * hw: cpu: speculative execution permission faults handling (CVE-2017-5754, Important, KVM for Power) * kernel: Buffer overflow in firewire driver via crafted incoming packets (CVE-2016-8633, Important) * kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824, Important) * Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register (CVE-2017-12154, Important) * kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166, Important) * kernel: media: use-after-free in [tuner-xc2028] media driver (CVE-2016-7913, Moderate) * kernel: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() (CVE-2017-7294, Moderate) * kernel: Incorrect type conversion for size during dma allocation (CVE-2017-9725, Moderate) * kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190, Moderate) * kernel: vfs: BUG in truncate_inode_pages_range() and fuse client (CVE-2017-15121, Moderate) * kernel: Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c (CVE-2017-15126, Moderate) * kernel: net: double-free and memory corruption in get_net_ns_by_id() (CVE-2017-15129, Moderate) * kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265, Moderate) * kernel: Missing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure (CVE-2017-17448, Moderate) * kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity (CVE-2017-17449, Moderate) * kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow (CVE-2017-17558, Moderate) * kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017, Moderate) * kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service (CVE-2017-18203, Moderate) * kernel: kvm: Reachable BUG() on out-of-bounds guest IRQ (CVE-2017-1000252, Moderate) * Kernel: KVM: DoS via write flood to I/O port 0x80 (CVE-2017-1000407, Moderate) * kernel: Stack information leak in the EFS element (CVE-2017-1000410, Moderate) * kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass (CVE-2018-5750, Moderate) * kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004, Moderate) * kernel: multiple Low security impact security issues (CVE-2016-3672, CVE-2017-14140, CVE-2017-15116, CVE-2017-15127, CVE-2018-6927, Low) Red Hat would like to thank Eyal Itkin for reporting CVE-2016-8633; Google Project Zero for reporting CVE-2017-5754; Mohamed Ghannam for reporting CVE-2017-8824; Jim Mattson (Google.com) for reporting CVE-2017-12154; Vitaly Mayatskih for reporting CVE-2017-12190; Andrea Arcangeli (Engineering) for reporting CVE-2017-15126; Kirill Tkhai for reporting CVE-2017-15129; Jan H. SchAPnherr (Amazon) for reporting CVE-2017-1000252; and Armis Labs for reporting CVE-2017-1000410. The CVE-2017-15121 issue was discovered by Miklos Szeredi (Red Hat) and the CVE-2017-15116 issue was discovered by ChunYu Wang (Red Hat). For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1132610 - nfsd does not release free space of a file created with dd oflag=direct where there was no space left on device even after manual deletion 1324749 - CVE-2016-3672 kernel: unlimiting the stack disables ASLR 1334439 - Unable to disable IPv6 DAD or Optimistic DAD for all interfaces 1372079 - ixgbe nic is falsely advertising MII support 1391490 - CVE-2016-8633 kernel: Buffer overflow in firewire driver via crafted incoming packets 1402885 - CVE-2016-7913 kernel: media: use-after-free in [tuner-xc2028] media driver 1436798 - CVE-2017-7294 kernel: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() 1450205 - Gratuitous ARP updates received in span of 2-3 seconds time frame are all ignored 1458032 - [Intel 7.5 Bug] KVMGT: Bogus PCI BAR emulation 1460213 - cls_matchall: kernel panic when used with classful qdiscs 1461282 - kernel: ICMP rate limiting is too aggressive on loopback 1471875 - soft lockups during unmount when dentry cache is very large 1488329 - CVE-2017-14140 kernel: Missing permission check in move_pages system call 1489088 - CVE-2017-9725 kernel: Incorrect type conversion for size during dma allocation 1489542 - Behavior change in autofs expiry timer when a path walk is done following commit from BZ 1413523 1490673 - Kernel Panic always happen immediately whenever make "debug.panic_on_rcu_stall=1" set on RHEL7.4 1490781 - CVE-2017-1000252 kernel: kvm: Reachable BUG() on out-of-bounds guest IRQ 1491224 - CVE-2017-12154 Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register 1493125 - [RFE] Kernel address space layout randomization [KASLR] qemu support (kernel) 1495089 - CVE-2017-12190 kernel: memory leak when merging buffers in SCSI IO vectors 1496836 - [RH 7.5 bug] Request for upstream commit 3664847d95e6 to be merged into RHEL 7.5/7.4 1501878 - CVE-2017-15265 kernel: Use-after-free in snd_seq_ioctl_create_port() 1502601 - [Hyper-V][RHEL7.4] hang when thaw on microsoft hyper-v 1506382 - deadlock in nfs v4 client init 1507025 - [ESXi][RHEL7.5]x86/vmware: Skip timer_irq_works() check on VMware 1507026 - [ESXi][RHEL7.5]x86/vmware: Skip lapic calibration on VMware. 1514609 - CVE-2017-15116 kernel: Null pointer dereference in rngapi_reset function 1519160 - CVE-2017-1000410 kernel: Stack information leak in the EFS element 1519591 - CVE-2017-8824 kernel: Use-after-free vulnerability in DCCP socket 1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling 1520328 - CVE-2017-1000407 Kernel: KVM: DoS via write flood to I/O port 0x80 1520893 - CVE-2017-15121 kernel: vfs: BUG in truncate_inode_pages_range() and fuse client 1523481 - CVE-2017-15126 kernel: Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c 1525218 - CVE-2017-15127 kernel: Improper error handling of VM_SHARED hugetlbfs mapping in mm/hugetlb.c 1525474 - CVE-2017-17558 kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow 1525762 - CVE-2017-17449 kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity 1525768 - CVE-2017-17448 kernel: Missing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure 1531135 - CVE-2017-18017 kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c 1531174 - CVE-2017-15129 kernel: net: double-free and memory corruption in get_net_ns_by_id() 1534272 - md: raid0 device creation prints blank line to journalctl 1535315 - CVE-2018-1000004 kernel: Race condition in sound system can lead to denial of service 1539706 - CVE-2018-5750 kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass 1542013 - RHEL-7.5: Cannot set port mirroring onto two interface 1544612 - CVE-2018-6927 kernel: Integer overflow in futex.c:futux_requeue can lead to denial of service or unspecified impact 1548412 - CVE-2017-13166 kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation 1550811 - CVE-2017-18203 kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-862.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.el7.noarch.rpm kernel-doc-3.10.0-862.el7.noarch.rpm x86_64: kernel-3.10.0-862.el7.x86_64.rpm kernel-debug-3.10.0-862.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.el7.x86_64.rpm kernel-devel-3.10.0-862.el7.x86_64.rpm kernel-headers-3.10.0-862.el7.x86_64.rpm kernel-tools-3.10.0-862.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.el7.x86_64.rpm perf-3.10.0-862.el7.x86_64.rpm perf-debuginfo-3.10.0-862.el7.x86_64.rpm python-perf-3.10.0-862.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.el7.x86_64.rpm perf-debuginfo-3.10.0-862.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-862.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.el7.noarch.rpm kernel-doc-3.10.0-862.el7.noarch.rpm x86_64: kernel-3.10.0-862.el7.x86_64.rpm kernel-debug-3.10.0-862.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.el7.x86_64.rpm kernel-devel-3.10.0-862.el7.x86_64.rpm kernel-headers-3.10.0-862.el7.x86_64.rpm kernel-tools-3.10.0-862.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.el7.x86_64.rpm perf-3.10.0-862.el7.x86_64.rpm perf-debuginfo-3.10.0-862.el7.x86_64.rpm python-perf-3.10.0-862.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.el7.x86_64.rpm perf-debuginfo-3.10.0-862.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-862.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.el7.noarch.rpm kernel-doc-3.10.0-862.el7.noarch.rpm ppc64: kernel-3.10.0-862.el7.ppc64.rpm kernel-bootwrapper-3.10.0-862.el7.ppc64.rpm kernel-debug-3.10.0-862.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-862.el7.ppc64.rpm kernel-debug-devel-3.10.0-862.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.el7.ppc64.rpm kernel-devel-3.10.0-862.el7.ppc64.rpm kernel-headers-3.10.0-862.el7.ppc64.rpm kernel-tools-3.10.0-862.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.el7.ppc64.rpm kernel-tools-libs-3.10.0-862.el7.ppc64.rpm perf-3.10.0-862.el7.ppc64.rpm perf-debuginfo-3.10.0-862.el7.ppc64.rpm python-perf-3.10.0-862.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.el7.ppc64.rpm ppc64le: kernel-3.10.0-862.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.el7.ppc64le.rpm kernel-debug-3.10.0-862.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.el7.ppc64le.rpm kernel-devel-3.10.0-862.el7.ppc64le.rpm kernel-headers-3.10.0-862.el7.ppc64le.rpm kernel-tools-3.10.0-862.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.el7.ppc64le.rpm perf-3.10.0-862.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.el7.ppc64le.rpm python-perf-3.10.0-862.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.el7.ppc64le.rpm s390x: kernel-3.10.0-862.el7.s390x.rpm kernel-debug-3.10.0-862.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.el7.s390x.rpm kernel-debug-devel-3.10.0-862.el7.s390x.rpm kernel-debuginfo-3.10.0-862.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.el7.s390x.rpm kernel-devel-3.10.0-862.el7.s390x.rpm kernel-headers-3.10.0-862.el7.s390x.rpm kernel-kdump-3.10.0-862.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.el7.s390x.rpm perf-3.10.0-862.el7.s390x.rpm perf-debuginfo-3.10.0-862.el7.s390x.rpm python-perf-3.10.0-862.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.el7.s390x.rpm x86_64: kernel-3.10.0-862.el7.x86_64.rpm kernel-debug-3.10.0-862.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.el7.x86_64.rpm kernel-devel-3.10.0-862.el7.x86_64.rpm kernel-headers-3.10.0-862.el7.x86_64.rpm kernel-tools-3.10.0-862.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.el7.x86_64.rpm perf-3.10.0-862.el7.x86_64.rpm perf-debuginfo-3.10.0-862.el7.x86_64.rpm python-perf-3.10.0-862.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-862.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-862.el7.ppc64.rpm perf-debuginfo-3.10.0-862.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-862.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.el7.x86_64.rpm perf-debuginfo-3.10.0-862.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-862.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.el7.noarch.rpm kernel-doc-3.10.0-862.el7.noarch.rpm x86_64: kernel-3.10.0-862.el7.x86_64.rpm kernel-debug-3.10.0-862.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.el7.x86_64.rpm kernel-devel-3.10.0-862.el7.x86_64.rpm kernel-headers-3.10.0-862.el7.x86_64.rpm kernel-tools-3.10.0-862.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.el7.x86_64.rpm perf-3.10.0-862.el7.x86_64.rpm perf-debuginfo-3.10.0-862.el7.x86_64.rpm python-perf-3.10.0-862.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.el7.x86_64.rpm perf-debuginfo-3.10.0-862.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFazIO0XlSAg2UNWIIRAsrvAKC6oeVVzqbL2khLh037fNiseMvX+QCfS3iv EDnvsFcBpZQPFqATi/MtziA= =lsfK -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-3583-1 February 23, 2018 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Several security issues were fixed in the Linux kernel. (CVE-2017-0750) It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. (CVE-2017-0861) It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. (CVE-2017-1000407) Bo Zhang discovered that the netlink wireless configuration interface in the Linux kernel did not properly validate attributes when handling certain requests. (CVE-2017-12153) Vitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel did not properly track reference counts when merging buffers. (CVE-2017-12190) It was discovered that the key management subsystem in the Linux kernel did not properly restrict key reads on negatively instantiated keys. (CVE-2017-12192) It was discovered that an integer overflow existed in the sysfs interface for the QLogic 24xx+ series SCSI driver in the Linux kernel. (CVE-2017-14051) Otto Ebeling discovered that the memory manager in the Linux kernel did not properly check the effective UID in some situations. (CVE-2017-14140) It was discovered that the ATI Radeon framebuffer driver in the Linux kernel did not properly initialize a data structure returned to user space. (CVE-2017-14156) ChunYu Wang discovered that the iSCSI transport implementation in the Linux kernel did not properly validate data structures. (CVE-2017-14489) James Patrick-Evans discovered a race condition in the LEGO USB Infrared Tower driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code, (CVE-2017-15115) It was discovered that the key management subsystem in the Linux kernel did not properly handle NULL payloads with non-zero length values. (CVE-2017-15274) It was discovered that the Bluebooth Network Encapsulation Protocol (BNEP) implementation in the Linux kernel did not validate the type of socket passed in the BNEPCONNADD ioctl(). (CVE-2017-16525) It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the systemwide OS fingerprint list. (CVE-2017-17450) It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. (CVE-2017-18017) Gareth Evans discovered that the shm IPC subsystem in the Linux kernel did not properly restrict mapping page zero. (CVE-2017-5669) It was discovered that an integer overflow vulnerability existing in the IPv6 implementation in the Linux kernel. (CVE-2017-7542) Tommi Rantala and Brad Spengler discovered that the memory manager in the Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism. (CVE-2018-5333) ee3/4ePS discovered that a race condition existed in loop block device implementation in the Linux kernel. (CVE-2018-5344) USN-3524-1 mitigated CVE-2017-5754 (Meltdown) for the amd64 architecture in Ubuntu 14.04 LTS. This update provides the corresponding mitigations for the ppc64el architecture. Original advisory details: Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. (CVE-2017-5754) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: linux-image-3.13.0-142-generic 3.13.0-142.191 linux-image-3.13.0-142-generic-lpae 3.13.0-142.191 linux-image-3.13.0-142-lowlatency 3.13.0-142.191 linux-image-3.13.0-142-powerpc-e500 3.13.0-142.191 linux-image-3.13.0-142-powerpc-e500mc 3.13.0-142.191 linux-image-3.13.0-142-powerpc-smp 3.13.0-142.191 linux-image-3.13.0-142-powerpc64-emb 3.13.0-142.191 linux-image-3.13.0-142-powerpc64-smp 3.13.0-142.191 linux-image-generic 3.13.0.142.152 linux-image-generic-lpae 3.13.0.142.152 linux-image-lowlatency 3.13.0.142.152 linux-image-powerpc-e500 3.13.0.142.152 linux-image-powerpc-e500mc 3.13.0.142.152 linux-image-powerpc-smp 3.13.0.142.152 linux-image-powerpc64-emb 3.13.0.142.152 linux-image-powerpc64-smp 3.13.0.142.152 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/usn/usn-3583-1 CVE-2017-0750, CVE-2017-0861, CVE-2017-1000407, CVE-2017-12153, CVE-2017-12190, CVE-2017-12192, CVE-2017-14051, CVE-2017-14140, CVE-2017-14156, CVE-2017-14489, CVE-2017-15102, CVE-2017-15115, CVE-2017-15274, CVE-2017-15868, CVE-2017-16525, CVE-2017-17450, CVE-2017-17806, CVE-2017-18017, CVE-2017-5669, CVE-2017-5754, CVE-2017-7542, CVE-2017-7889, CVE-2017-8824, CVE-2018-5333, CVE-2018-5344 Package Information: https://launchpad.net/ubuntu/+source/linux/3.13.0-142.191

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

resource management error

CONFIGURATIONS

PATCH

EXTERNAL IDS