LISTSERV 16.5 - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       SLSA-2018:2390-1
Issue Date:        2018-08-14
CVE Numbers:       CVE-2018-1000004
                   CVE-2017-15265
                   CVE-2018-7566
                   CVE-2017-0861
                   CVE-2018-3693
                   CVE-2018-3646
                   CVE-2018-10901
--

Security Fix(es):

* Modern operating systems implement virtualization of physical memory to
efficiently use available system resources and provide inter-domain
protection through access control and isolation. The L1TF issue was found
in the way the x86 microprocessor designs have implemented speculative
execution of instructions (a commonly used performance optimisation) in
combination with handling of page-faults caused by terminated virtual to
physical address resolving process. As a result, an unprivileged attacker
could use this flaw to read privileged memory of the kernel or other
processes and/or cross guest/host boundaries to read host memory by
conducting targeted cache side-channel attacks. (CVE-2018-3620,
CVE-2018-3646)

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of instructions past bounds
check. The flaw relies on the presence of a precisely-defined instruction
sequence in the privileged code and the fact that memory writes occur to
an address which depends on the untrusted value. Such writes cause an
update into the microprocessor's data cache even for speculatively
executed instructions that never actually commit (retire). As a result, an
unprivileged attacker could use this flaw to influence speculative
execution and/or read privileged memory by conducting targeted cache side-
channel attacks. (CVE-2018-3693)

* kernel: kvm: vmx: host GDT limit corruption (CVE-2018-10901)

* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem
potentially leads to privilege escalation (CVE-2017-0861)

* kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265)

* kernel: race condition in snd_seq_write() may lead to UAF or OOB-access
(CVE-2018-7566)

* kernel: Race condition in sound system can lead to denial of service
(CVE-2018-1000004)

Bug Fix(es):

* The Least recently used (LRU) operations are batched by caching pages in
per-cpu page vectors to prevent contention of the heavily used lru_lock
spinlock. The page vectors can hold even the compound pages. Previously,
the page vectors were cleared only if they were full. Subsequently, the
amount of memory held in page vectors, which is not reclaimable, was
sometimes too high. Consequently the page reclamation started the Out of
Memory (OOM) killing processes. With this update, the underlying source
code has been fixed to clear LRU page vectors each time when a compound
page is added to them. As a result, OOM killing processes due to high
amounts of memory held in page vectors no longer occur.
--

SL6
  x86_64
    kernel-2.6.32-754.3.5.el6.x86_64.rpm
    kernel-debug-2.6.32-754.3.5.el6.x86_64.rpm
    kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm
    kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm
    kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm
    kernel-debug-devel-2.6.32-754.3.5.el6.x86_64.rpm
    kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm
    kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm
    kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm
    kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm
    kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm
    kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm
    perf-2.6.32-754.3.5.el6.x86_64.rpm
    perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm
    perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm
    python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm
    python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm
    python-perf-2.6.32-754.3.5.el6.x86_64.rpm
  i386
    kernel-2.6.32-754.3.5.el6.i686.rpm
    kernel-debug-2.6.32-754.3.5.el6.i686.rpm
    kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm
    kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm
    kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm
    kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm
    kernel-devel-2.6.32-754.3.5.el6.i686.rpm
    kernel-headers-2.6.32-754.3.5.el6.i686.rpm
    perf-2.6.32-754.3.5.el6.i686.rpm
    perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm
    python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm
    python-perf-2.6.32-754.3.5.el6.i686.rpm
  noarch
    kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm
    kernel-doc-2.6.32-754.3.5.el6.noarch.rpm
    kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm

- Scientific Linux Development Team