Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Red Hat Enterprise Linux 5.9 RHSA-2018-2603-01 Critical: L1TF Exploit Risk

red hat
Calendar Grey August 29, 2018
Scroller Redhat
Debian has published an essential software patch addressing critical vulnerabilities. Implement it promptly to protect your infrastructure.
An update for kernel is now available for Red Hat Enterprise Linux 5.9 Long Life

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Summary

The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646)
Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting these issues.

References

https://access.redhat.com/security/cve/CVE-2018-3620 https://access.redhat.com/security/cve/CVE-2018-3646 https://access.redhat.com/security/updates/classification#important

Package List

Red Hat Enterprise Linux Long Life (v. 5.9 server):
Source: kernel-2.6.18-348.41.1.el5.src.rpm
i386: kernel-2.6.18-348.41.1.el5.i686.rpm kernel-PAE-2.6.18-348.41.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-348.41.1.el5.i686.rpm kernel-PAE-devel-2.6.18-348.41.1.el5.i686.rpm kernel-debug-2.6.18-348.41.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-348.41.1.el5.i686.rpm kernel-debug-devel-2.6.18-348.41.1.el5.i686.rpm kernel-debuginfo-2.6.18-348.41.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-348.41.1.el5.i686.rpm kernel-devel-2.6.18-348.41.1.el5.i686.rpm kernel-headers-2.6.18-348.41.1.el5.i386.rpm kernel-xen-2.6.18-348.41.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-348.41.1.el5.i686.rpm kernel-xen-devel-2.6.18-348.41.1.el5.i686.rpm
noarch: kernel-doc-2.6.18-348.41.1.el5.noarch.rpm
x86_64: kernel-2.6.18-348.41.1.el5.x86_64.rpm kernel-debug-2.6.18-348.41.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-348.41.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-348.41.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-348.41.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-348.41.1.el5.x86_64.rpm kernel-devel-2.6.18-348.41.1.el5.x86_64.rpm kernel-headers-2.6.18-348.41.1.el5.x86_64.rpm kernel-xen-2.6.18-348.41.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-348.41.1.el5.x86_64.rpm

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2018:2603-01
Product: Red Hat Enterprise Linux
Issue date: 2018-08-29

Topic

An update for kernel is now available for Red Hat Enterprise Linux 5.9 LongLife.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat Enterprise Linux Long Life (v. 5.9 server) - i386, noarch, x86_64

Bugs Fixed

1585005 - CVE-2018-3620 CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF)

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.