LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

March 2018

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS March 2018

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Security ERRATA Important: kernel on SL7.x x86_64
From:	Gilles Detillieux <[log in to unmask]>
Reply To:	Gilles Detillieux <[log in to unmask]>
Date:	Thu, 8 Mar 2018 11:46:54 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (69 lines)

I realize this problem was likely introduced by upsteam updates, but I 
thought I'd point it out here anyway so you're aware of it. An 
unintended consequence of this latest kernel update is that it breaks 
recompilation of third-party kernel modules. The new kernel was built 
with CONFIG_RETPOLINE enabled, so presumably with a compiler that 
supports it, but that updated compiler hasn't been released through a 
corresponding security ERRATA update. (Not yet, anyway.) When I try to 
build a third-party device driver, I get the following error:

make[1]: Entering directory `/usr/src/kernels/3.10.0-693.21.1.el7.x86_64'
arch/x86/Makefile:166: *** CONFIG_RETPOLINE=y, but not supported by the 
compiler. Toolchain update recommended..  Stop.
make[1]: Leaving directory `/usr/src/kernels/3.10.0-693.21.1.el7.x86_64'
make: *** [default] Error 2

Is an update of the compiler toolchain for RHEL7/SL7 through the usual 
update repos forthcoming? Until then, I don't think I can use this 
kernel update on systems that rely on that 3rd party driver.

Thanks,
Gilles

On 2018-03-07 16:16, Pat Riehecky wrote:
> Synopsis:          Important: kernel security and bug fix update
> Advisory ID:       SLSA-2018:0395-1
> Issue Date:        2018-03-06
> CVE Numbers:       CVE-2017-7518
>                     CVE-2017-12188
> --
>
> Security Fix(es):
>
> * Kernel: KVM: MMU potential stack buffer overrun during page walks
> (CVE-2017-12188, Important)
>
> * Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518,
> Moderate)
> --
>
> SL7
>    x86_64
>      kernel-3.10.0-693.21.1.el7.x86_64.rpm
>      kernel-debug-3.10.0-693.21.1.el7.x86_64.rpm
>      kernel-debug-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm
>      kernel-debug-devel-3.10.0-693.21.1.el7.x86_64.rpm
>      kernel-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm
>      kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.x86_64.rpm
>      kernel-devel-3.10.0-693.21.1.el7.x86_64.rpm
>      kernel-headers-3.10.0-693.21.1.el7.x86_64.rpm
>      kernel-tools-3.10.0-693.21.1.el7.x86_64.rpm
>      kernel-tools-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm
>      kernel-tools-libs-3.10.0-693.21.1.el7.x86_64.rpm
>      perf-3.10.0-693.21.1.el7.x86_64.rpm
>      perf-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm
>      python-perf-3.10.0-693.21.1.el7.x86_64.rpm
>      python-perf-debuginfo-3.10.0-693.21.1.el7.x86_64.rpm
>      kernel-tools-libs-devel-3.10.0-693.21.1.el7.x86_64.rpm
>    noarch
>      kernel-abi-whitelists-3.10.0-693.21.1.el7.noarch.rpm
>      kernel-doc-3.10.0-693.21.1.el7.noarch.rpm
>
> - Scientific Linux Development Team

-- 
Gilles R. Detillieux              E-mail: <[log in to unmask]>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/
Dept. of Physiology and Pathophysiology, Faculty of Health Sciences,
Univ. of Manitoba  Winnipeg, MB  R3E 0J9  (Canada)

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV