Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 579
Alerts This Week
Warning Icon 1 579

Red Hat: RHSA-2018:3083 Important Kernel Security Issues

red hat
Calendar Grey October 30, 2018
Dist Redhat Esm H88
A vital system patch for CentOS 7 addresses multiple vulnerabilities and resolves critical issues for improved security and performance
An update for kernel is now available for Red Hat Enterprise Linux 7

Solution

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Summary

The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)
* kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)
* kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)
* kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)
* kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)
* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)
* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)
* kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)
* kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805)
* kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208)
* kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)
* kernel: a null pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130)
* kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344)
* kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803)
* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)
* kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)
* kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)
* kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)
* kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)
* kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)
* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)
* kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)
* kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)
* kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)
* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)
* kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)
* kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)
* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)
* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)
Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120; Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.

References

https://access.redhat.com/security/cve/CVE-2015-8830 https://access.redhat.com/security/cve/CVE-2016-4913 https://access.redhat.com/security/cve/CVE-2017-0861 https://access.redhat.com/security/cve/CVE-2017-10661 https://access.redhat.com/security/cve/CVE-2017-17805 https://access.redhat.com/security/cve/CVE-2017-18208 https://access.redhat.com/security/cve/CVE-2017-18232 https://access.redhat.com/security/cve/CVE-2017-18344 https://access.redhat.com/security/cve/CVE-2018-1092 https://access.redhat.com/security/cve/CVE-2018-1094 https://access.redhat.com/security/cve/CVE-2018-1118 https://access.redhat.com/security/cve/CVE-2018-1120 https://access.redhat.com/security/cve/CVE-2018-1130 https://access.redhat.com/security/cve/CVE-2018-5344 https://access.redhat.com/security/cve/CVE-2018-5391 https://access.redhat.com/security/cve/CVE-2018-5803 https://access.redhat.com/security/cve/CVE-2018-5848 https://access.redhat.com/security/cve/CVE-2018-7740 https://access.redhat.com/security/cve/CVE-2018-7757 https://access.redhat.com/security/cve/CVE-2018-8781 https://access.redhat.com/security/cve/CVE-2018-10322 https://access.redhat.com/security/cve/CVE-2018-10878 https://access.redhat.com/security/cve/CVE-2018-10879 https://access.redhat.com/security/cve/CVE-2018-10881 Read the Full Advisory

Package List

Red Hat Enterprise Linux Client (v. 7):
Source: kernel-3.10.0-957.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-957.el7.noarch.rpm kernel-doc-3.10.0-957.el7.noarch.rpm
x86_64: bpftool-3.10.0-957.el7.x86_64.rpm kernel-3.10.0-957.el7.x86_64.rpm kernel-debug-3.10.0-957.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.el7.x86_64.rpm kernel-devel-3.10.0-957.el7.x86_64.rpm kernel-headers-3.10.0-957.el7.x86_64.rpm kernel-tools-3.10.0-957.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.el7.x86_64.rpm perf-3.10.0-957.el7.x86_64.rpm perf-debuginfo-3.10.0-957.el7.x86_64.rpm python-perf-3.10.0-957.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: kernel-debug-debuginfo-3.10.0-957.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.el7.x86_64.rpm perf-debuginfo-3.10.0-957.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2018:3083-01
Product: Red Hat Enterprise Linux
Issue date: 2018-10-30

Topic

An update for kernel is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64

Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64

Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64

Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64

Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch, ppc64le, s390x

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - ppc64le

Bugs Fixed

1314275 - CVE-2015-8830 kernel: AIO write triggers integer overflow in some protocols

1322930 - [RFE] Allow xfs to modify labels on mounted filesystem

1337528 - CVE-2016-4913 kernel: Information leak when handling NM entries containing NUL

1481136 - CVE-2017-10661 kernel: Handling of might_cancel queueing is not properly pretected against race

1488484 - GRE: IFLA_MTU ignored on NEWLINK

1504058 - kernel panic with nfsd while removing locks on file close

1507027 - [ESXi][RHEL7.6]x86/vmware: Add paravirt sched clock

1528312 - CVE-2017-17805 kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service

1533909 - CVE-2018-5344 kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service

1541846 - CVE-2018-1000026 kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet

1542494 - VMs with NVMe devices passed through sometimes fail to be launched

1551051 - CVE-2018-5803 kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service

1551565 - CVE-2017-18208 kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service

1552867 - CVE-2018-7740 kernel: Denial of service in resv_map_release function in mm/hugetlb.c

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.