ESB-2018.3377 - [RedHat] kernel: Multiple vulnerabilities 2018-10-31

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.3377
        Important: kernel security, bug fix, and enhancement update
                              31 October 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kernel
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 7
                   Red Hat Enterprise Linux WS/Desktop 7
Impact/Access:     Root Compromise          -- Existing Account      
                   Denial of Service        -- Remote/Unauthenticated
                   Access Confidential Data -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-1000026 CVE-2018-13405 CVE-2018-10940
                   CVE-2018-10902 CVE-2018-10883 CVE-2018-10881
                   CVE-2018-10879 CVE-2018-10878 CVE-2018-10322
                   CVE-2018-8781 CVE-2018-7757 CVE-2018-7740
                   CVE-2018-5848 CVE-2018-5803 CVE-2018-5391
                   CVE-2018-5344 CVE-2018-1130 CVE-2018-1120
                   CVE-2018-1118 CVE-2018-1094 CVE-2018-1092
                   CVE-2017-18344 CVE-2017-18232 CVE-2017-18208
                   CVE-2017-17805 CVE-2017-10661 CVE-2017-0861
                   CVE-2016-4913 CVE-2015-8830 

Reference:         ASB-2018.0190
                   ESB-2018.3269
                   ESB-2018.3166
                   ESB-2018.3140
                   ESB-2018.3130
                   ESB-2018.3060
                   ASB-2018.0222.2

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2018:3083

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security, bug fix, and enhancement update
Advisory ID:       RHSA-2018:3083-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:3083
Issue date:        2018-10-30
CVE Names:         CVE-2015-8830 CVE-2016-4913 CVE-2017-0861 
                   CVE-2017-10661 CVE-2017-17805 CVE-2017-18208 
                   CVE-2017-18232 CVE-2017-18344 CVE-2018-1092 
                   CVE-2018-1094 CVE-2018-1118 CVE-2018-1120 
                   CVE-2018-1130 CVE-2018-5344 CVE-2018-5391 
                   CVE-2018-5803 CVE-2018-5848 CVE-2018-7740 
                   CVE-2018-7757 CVE-2018-8781 CVE-2018-10322 
                   CVE-2018-10878 CVE-2018-10879 CVE-2018-10881 
                   CVE-2018-10883 CVE-2018-10902 CVE-2018-10940 
                   CVE-2018-13405 CVE-2018-1000026 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch, ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - ppc64le

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* A flaw named FragmentSmack was found in the way the Linux kernel handled
reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use
this flaw to trigger time and calculation expensive fragment reassembly
algorithm by sending specially crafted packets which could lead to a CPU
saturation and hence a denial of service on the system. (CVE-2018-5391)

* kernel: out-of-bounds access in the show_timer function in
kernel/time/posix-timers.c (CVE-2017-18344)

* kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute
code in kernel space (CVE-2018-8781)

* kernel: MIDI driver race condition leads to a double-free
(CVE-2018-10902)

* kernel: Missing check in inode_init_owner() does not clear SGID bit on
non-directories for non-members (CVE-2018-13405)

* kernel: AIO write triggers integer overflow in some protocols
(CVE-2015-8830)

* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem
potentially leads to privilege escalation (CVE-2017-0861)

* kernel: Handling of might_cancel queueing is not properly pretected
against race (CVE-2017-10661)

* kernel: Salsa20 encryption algorithm does not correctly handle
zero-length inputs allowing local attackers to cause denial of service
(CVE-2017-17805)

* kernel: Inifinite loop vulnerability in madvise_willneed() function
allows local denial of service (CVE-2017-18208)

* kernel: fuse-backed file mmap-ed onto process cmdline arguments causes
denial of service (CVE-2018-1120)

* kernel: a null pointer dereference in dccp_write_xmit() leads to a system
crash (CVE-2018-1130)

* kernel: drivers/block/loop.c mishandles lo_release serialization allowing
denial of service (CVE-2018-5344)

* kernel: Missing length check of payload in _sctp_make_chunk() function
allows denial of service (CVE-2018-5803)

* kernel: buffer overflow in
drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory
corruption (CVE-2018-5848)

* kernel: out-of-bound write in ext4_init_block_bitmap function with a
crafted ext4 image (CVE-2018-10878)

* kernel: Improper validation in bnx2x network card driver can allow for
denial of service attacks via crafted packet (CVE-2018-1000026)

* kernel: Information leak when handling NM entries containing NUL
(CVE-2016-4913)

* kernel: Mishandling mutex within libsas allowing local Denial of Service
(CVE-2017-18232)

* kernel: NULL pointer dereference in ext4_process_freed_data() when
mounting crafted ext4 image (CVE-2018-1092)

* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash
with crafted ext4 image (CVE-2018-1094)

* kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg()
(CVE-2018-1118)

* kernel: Denial of service in resv_map_release function in mm/hugetlb.c
(CVE-2018-7740)

* kernel: Memory leak in the sas_smp_get_phy_events function in
drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)

* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when
mounting crafted xfs image allowing denial of service (CVE-2018-10322)

* kernel: use-after-free detected in ext4_xattr_set_entry with a crafted
file (CVE-2018-10879)

* kernel: out-of-bound access in ext4_get_group_info() when mounting and
operating a crafted ext4 image (CVE-2018-10881)

* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function
(CVE-2018-10883)

* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c
(CVE-2018-10940)

Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department
of Communications and Networking and Nokia Bell Labs) for reporting
CVE-2018-5391; Trend Micro Zero Day Initiative for reporting
CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120; Evgenii
Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for
reporting CVE-2018-1092 and CVE-2018-1094.

4. Solution:

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.6 Release Notes linked from the References section.

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1314275 - CVE-2015-8830 kernel: AIO write triggers integer overflow in some protocols
1322930 - [RFE] Allow xfs to modify labels on mounted filesystem
1337528 - CVE-2016-4913 kernel: Information leak when handling NM entries containing NUL
1481136 - CVE-2017-10661 kernel: Handling of might_cancel queueing is not properly pretected against race
1488484 - GRE: IFLA_MTU ignored on NEWLINK
1504058 - kernel panic with nfsd while removing locks on file close
1507027 - [ESXi][RHEL7.6]x86/vmware: Add paravirt sched clock
1528312 - CVE-2017-17805 kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service
1533909 - CVE-2018-5344 kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service
1541846 - CVE-2018-1000026 kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet
1542494 - VMs with  NVMe devices passed through sometimes fail to be launched
1551051 - CVE-2018-5803 kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service
1551565 - CVE-2017-18208 kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service
1552867 - CVE-2018-7740 kernel: Denial of service in resv_map_release function in mm/hugetlb.c
1553361 - CVE-2018-7757 kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c
1557434 - bio too big device md0 (1024 > 256)
1557599 - [RFE] Rebase ipset (kernel) to latest upstream
1558066 - CVE-2017-18232 kernel: Mishandling mutex within libsas allowing local Denial of Service
1558328 - Kernel data path test with OVS 2.9 + DPDK 17.11 fails with low throughput
1560777 - CVE-2018-1092 kernel: NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 image
1560788 - CVE-2018-1094 kernel: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image
1561162 - [RHEL7.5] Extreme performance impact caused by raid resync
1563697 - Triming on full pool can trigger 'dm_pool_alloc_data_block' failed: error = -28
1563994 - CVE-2017-0861 kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation
1564186 - XFS may block endlessly in  xlog_wait() on IO error
1568167 - crypto aesni-intel aes(gcm) is broken for IPsec
1571062 - CVE-2018-8781 kernel: Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow attackers to execute code in kernel space
1571623 - CVE-2018-10322 kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service
1572983 - conntrack doesn't track packets in specific network namespace if those packets were processed by CT --notrack target in other network namespace
1573699 - CVE-2018-1118 kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg()
1575472 - CVE-2018-1120 kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service
1576419 - CVE-2018-1130 kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash
1577408 - CVE-2018-10940 kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c
1584775 - VMs hung after migration
1590720 - CVE-2018-10902 kernel: MIDI driver race condition leads to a double-free
1590799 - CVE-2018-5848 kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption
1592654 - [NVMe Device Assignment] Guest reboot failed from the NVMe assigned which os installed on
1596802 - CVE-2018-10878 kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image
1596806 - CVE-2018-10879 kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file
1596828 - CVE-2018-10881 kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image
1596846 - CVE-2018-10883 kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function
1599161 - CVE-2018-13405 kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members
1609664 - CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack)
1609717 - [unwinder] CPU spins indefinitely in __save_stack_trace() call chain
1610958 - CVE-2017-18344 kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
kernel-3.10.0-957.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-957.el7.noarch.rpm
kernel-doc-3.10.0-957.el7.noarch.rpm

x86_64:
bpftool-3.10.0-957.el7.x86_64.rpm
kernel-3.10.0-957.el7.x86_64.rpm
kernel-debug-3.10.0-957.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-debug-devel-3.10.0-957.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.el7.x86_64.rpm
kernel-devel-3.10.0-957.el7.x86_64.rpm
kernel-headers-3.10.0-957.el7.x86_64.rpm
kernel-tools-3.10.0-957.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-tools-libs-3.10.0-957.el7.x86_64.rpm
perf-3.10.0-957.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.el7.x86_64.rpm
python-perf-3.10.0-957.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-957.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
kernel-3.10.0-957.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-957.el7.noarch.rpm
kernel-doc-3.10.0-957.el7.noarch.rpm

x86_64:
bpftool-3.10.0-957.el7.x86_64.rpm
kernel-3.10.0-957.el7.x86_64.rpm
kernel-debug-3.10.0-957.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-debug-devel-3.10.0-957.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.el7.x86_64.rpm
kernel-devel-3.10.0-957.el7.x86_64.rpm
kernel-headers-3.10.0-957.el7.x86_64.rpm
kernel-tools-3.10.0-957.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-tools-libs-3.10.0-957.el7.x86_64.rpm
perf-3.10.0-957.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.el7.x86_64.rpm
python-perf-3.10.0-957.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-957.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
kernel-3.10.0-957.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-957.el7.noarch.rpm
kernel-doc-3.10.0-957.el7.noarch.rpm

ppc64:
kernel-3.10.0-957.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-957.el7.ppc64.rpm
kernel-debug-3.10.0-957.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-957.el7.ppc64.rpm
kernel-debug-devel-3.10.0-957.el7.ppc64.rpm
kernel-debuginfo-3.10.0-957.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-957.el7.ppc64.rpm
kernel-devel-3.10.0-957.el7.ppc64.rpm
kernel-headers-3.10.0-957.el7.ppc64.rpm
kernel-tools-3.10.0-957.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-957.el7.ppc64.rpm
kernel-tools-libs-3.10.0-957.el7.ppc64.rpm
perf-3.10.0-957.el7.ppc64.rpm
perf-debuginfo-3.10.0-957.el7.ppc64.rpm
python-perf-3.10.0-957.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-957.el7.ppc64.rpm

ppc64le:
kernel-3.10.0-957.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-957.el7.ppc64le.rpm
kernel-debug-3.10.0-957.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-957.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-957.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-957.el7.ppc64le.rpm
kernel-devel-3.10.0-957.el7.ppc64le.rpm
kernel-headers-3.10.0-957.el7.ppc64le.rpm
kernel-tools-3.10.0-957.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-957.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-957.el7.ppc64le.rpm
perf-3.10.0-957.el7.ppc64le.rpm
perf-debuginfo-3.10.0-957.el7.ppc64le.rpm
python-perf-3.10.0-957.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-957.el7.ppc64le.rpm

s390x:
kernel-3.10.0-957.el7.s390x.rpm
kernel-debug-3.10.0-957.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-957.el7.s390x.rpm
kernel-debug-devel-3.10.0-957.el7.s390x.rpm
kernel-debuginfo-3.10.0-957.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-957.el7.s390x.rpm
kernel-devel-3.10.0-957.el7.s390x.rpm
kernel-headers-3.10.0-957.el7.s390x.rpm
kernel-kdump-3.10.0-957.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-957.el7.s390x.rpm
kernel-kdump-devel-3.10.0-957.el7.s390x.rpm
perf-3.10.0-957.el7.s390x.rpm
perf-debuginfo-3.10.0-957.el7.s390x.rpm
python-perf-3.10.0-957.el7.s390x.rpm
python-perf-debuginfo-3.10.0-957.el7.s390x.rpm

x86_64:
bpftool-3.10.0-957.el7.x86_64.rpm
kernel-3.10.0-957.el7.x86_64.rpm
kernel-debug-3.10.0-957.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-debug-devel-3.10.0-957.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.el7.x86_64.rpm
kernel-devel-3.10.0-957.el7.x86_64.rpm
kernel-headers-3.10.0-957.el7.x86_64.rpm
kernel-tools-3.10.0-957.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-tools-libs-3.10.0-957.el7.x86_64.rpm
perf-3.10.0-957.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.el7.x86_64.rpm
python-perf-3.10.0-957.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.el7.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

noarch:
kernel-abi-whitelists-3.10.0-957.el7.noarch.rpm
kernel-doc-3.10.0-957.el7.noarch.rpm

ppc64le:
kernel-3.10.0-957.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-957.el7.ppc64le.rpm
kernel-debug-3.10.0-957.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-957.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-957.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-957.el7.ppc64le.rpm
kernel-devel-3.10.0-957.el7.ppc64le.rpm
kernel-headers-3.10.0-957.el7.ppc64le.rpm
kernel-tools-3.10.0-957.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-957.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-957.el7.ppc64le.rpm
perf-3.10.0-957.el7.ppc64le.rpm
perf-debuginfo-3.10.0-957.el7.ppc64le.rpm
python-perf-3.10.0-957.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-957.el7.ppc64le.rpm

s390x:
kernel-3.10.0-957.el7.s390x.rpm
kernel-debug-3.10.0-957.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-957.el7.s390x.rpm
kernel-debug-devel-3.10.0-957.el7.s390x.rpm
kernel-debuginfo-3.10.0-957.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-957.el7.s390x.rpm
kernel-devel-3.10.0-957.el7.s390x.rpm
kernel-headers-3.10.0-957.el7.s390x.rpm
kernel-kdump-3.10.0-957.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-957.el7.s390x.rpm
kernel-kdump-devel-3.10.0-957.el7.s390x.rpm
perf-3.10.0-957.el7.s390x.rpm
perf-debuginfo-3.10.0-957.el7.s390x.rpm
python-perf-3.10.0-957.el7.s390x.rpm
python-perf-debuginfo-3.10.0-957.el7.s390x.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

ppc64le:
kernel-debug-debuginfo-3.10.0-957.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-957.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-957.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-957.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-957.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-957.el7.ppc64le.rpm
perf-debuginfo-3.10.0-957.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-957.el7.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
kernel-debug-debuginfo-3.10.0-957.el7.ppc64.rpm
kernel-debuginfo-3.10.0-957.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-957.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-957.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-957.el7.ppc64.rpm
perf-debuginfo-3.10.0-957.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-957.el7.ppc64.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-957.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-957.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-957.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-957.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-957.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-957.el7.ppc64le.rpm
perf-debuginfo-3.10.0-957.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-957.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-957.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
kernel-3.10.0-957.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-957.el7.noarch.rpm
kernel-doc-3.10.0-957.el7.noarch.rpm

x86_64:
bpftool-3.10.0-957.el7.x86_64.rpm
kernel-3.10.0-957.el7.x86_64.rpm
kernel-debug-3.10.0-957.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-debug-devel-3.10.0-957.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.el7.x86_64.rpm
kernel-devel-3.10.0-957.el7.x86_64.rpm
kernel-headers-3.10.0-957.el7.x86_64.rpm
kernel-tools-3.10.0-957.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-tools-libs-3.10.0-957.el7.x86_64.rpm
perf-3.10.0-957.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.el7.x86_64.rpm
python-perf-3.10.0-957.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-957.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-8830
https://access.redhat.com/security/cve/CVE-2016-4913
https://access.redhat.com/security/cve/CVE-2017-0861
https://access.redhat.com/security/cve/CVE-2017-10661
https://access.redhat.com/security/cve/CVE-2017-17805
https://access.redhat.com/security/cve/CVE-2017-18208
https://access.redhat.com/security/cve/CVE-2017-18232
https://access.redhat.com/security/cve/CVE-2017-18344
https://access.redhat.com/security/cve/CVE-2018-1092
https://access.redhat.com/security/cve/CVE-2018-1094
https://access.redhat.com/security/cve/CVE-2018-1118
https://access.redhat.com/security/cve/CVE-2018-1120
https://access.redhat.com/security/cve/CVE-2018-1130
https://access.redhat.com/security/cve/CVE-2018-5344
https://access.redhat.com/security/cve/CVE-2018-5391
https://access.redhat.com/security/cve/CVE-2018-5803
https://access.redhat.com/security/cve/CVE-2018-5848
https://access.redhat.com/security/cve/CVE-2018-7740
https://access.redhat.com/security/cve/CVE-2018-7757
https://access.redhat.com/security/cve/CVE-2018-8781
https://access.redhat.com/security/cve/CVE-2018-10322
https://access.redhat.com/security/cve/CVE-2018-10878
https://access.redhat.com/security/cve/CVE-2018-10879
https://access.redhat.com/security/cve/CVE-2018-10881
https://access.redhat.com/security/cve/CVE-2018-10883
https://access.redhat.com/security/cve/CVE-2018-10902
https://access.redhat.com/security/cve/CVE-2018-10940
https://access.redhat.com/security/cve/CVE-2018-13405
https://access.redhat.com/security/cve/CVE-2018-1000026
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/articles/3553061
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW9gSCNzjgjWX9erEAQgpqw/8DyLe13g3SkrL6Mem7I/zcrJkZ3n8FB++
q4ewa71pzsPl5pZHDVPF0696m9WsMlaRDtnJGtKBxBmpUbjKTnMqxNp/xYyPqMBC
BSHEF/njMwEEa0XPWv2UikNGFR9bM4NlVdxWktgeC6UVuX3iqnkIm/CvPEiKq13D
GycbTIdnazhugeu/Rh6qVUgxVWd4ljc+HGBUrnWn6Rhw8DhKWm/S8xgpDpw86qEl
8CxnEjP00QMLo9nHmSVkm8ZobJV3MNhX8iO/UnRkvYGAZ3kl8/VnVmgs5sXHGqM2
aLzkDrgRf0zIVbcoaae1O26Rs4OwRL2DXDBxJ/3I6KASFzCYBcmtpjTsNyL8GX+D
76gKiCzhezunu4b8ErADGDcxLCU4W9LGs9repXNDEjdqY4qJ0kFTpmM4wm3Zpn0Z
lyb17zxoXHATGPCgDFVyuL+g8TmOgUdhemNTLAQJXrVRsMxA06l446G3i66UwvQL
qmSiknOs7Dzpt+8DdkGqPMJOA6t1ismtk9CO9BstYzxU1ebS6zUusHo0Iavw2v2D
gPxsHl2GehMf9M2JHUygJTevcoyBB6OEZtmRdTmIRU9m8d8+90Cig8YwIk1kzZlq
XrbwWjP8Mk+g21YGMMi+ksN0LFWf5rVYTRnvKMq7QLrSpjiravS7+gF6ZOH49XRs
0B91wOl3vSo=
=yaM6
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW9kmPGaOgq3Tt24GAQik2w//ZqYkXAWJ8pkMzVhpo5HWH/e4uDmB/DXo
uvZKvFPGBaGXReBKoF5AU1AZIO0QlL238Rgmt049T0sc0QXE8ev4ACTmokAJ453u
8SHsroI6p8NUHnYu3Ck8H4txEDUe8lMiNSbpUswVvVFBn6N5MIj4UrRBPShX9Ffd
fsXwnqrr7bW8Rzuek1r1U3WWideSP2nOohsFf3Y5kZ6dB9WKH2v7Jdb0tfBNQ22U
+QWxtwlsaImKb5LAlWZG2phLXLjbI7oYyrHkr2NjfRPc0R4nj7T0GsVaXwVFpraB
2Ft51SsJc1HfFUEzyHYrBsPGDiAOWMMYmq/itT4nG0CFmydU192VqbnT38fjrpaG
3vVh1u/F3Ob7RgK7V1XtGjN4NgIIvfhNk0gYnoIfQ5T2upIsU+OxCqzaH1tQcS3E
p8o1eUD297O5WBD7G1ILZmZWQp/g86L1/Q7TbddzbEpD0vIS1l6h9upCUKbz3z4V
ytiT/GXUmpgebXH44hI2LdoH2dGZoAM9zoqbN2eAsJb04tss7cY6XZERQmyBmoQ3
bqfkgQU1kK/y1TTPgpWk++S5H9pesbwnbRTV7aT4bnlEmXwHgKtVTdaBbTk+P4Qd
eibmtkQ8OsM9355wCVuqXkMm+5rwt89ZUOIOvHR/U4qpKKfDrHTA/r9aEbCHfL66
TZxjdKdZh6Q=
=e+IE
-----END PGP SIGNATURE-----

« Back to bulletins