exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2018-0180-01

Red Hat Security Advisory 2018-0180-01
Posted Jan 25, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0180-01 - The kernel-alt packages provide the Linux kernel version 4.x. Security Fix: A flaw was found in the patches used to fix the 'dirtycow' vulnerability. An attacker, able to run local code, can exploit a race condition in transparent huge pages to modify usually read-only huge pages.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2017-1000405
SHA-256 | 233810c06b93bbf7b503f9a1b89faa8ba799aa55bc7d57943caa0557836575e2

Red Hat Security Advisory 2018-0180-01

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel-alt security and bug fix update
Advisory ID: RHSA-2018:0180-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2018:0180
Issue date: 2018-01-25
CVE Names: CVE-2017-1000405
=====================================================================

1. Summary:

An update for kernel-alt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le

3. Description:

The kernel-alt packages provide the Linux kernel version 4.x.

Security Fix(es):

* A flaw was found in the patches used to fix the 'dirtycow' vulnerability
(CVE-2016-5195). An attacker, able to run local code, can exploit a race
condition in transparent huge pages to modify usually read-only huge pages.
(CVE-2017-1000405)

Red Hat would like to thank Eylon Ben Yaakov and Daniel Shapiro for
reporting this issue.

Bug Fix(es):

* Previously, Red Hat Enterprise Linux 7.4 with the kernel version provided
by the kernel-alt package, did not support turning off transactional memory
(TM) on the POWER9 systems. With this update it is now possible to turn off
TM on the POWER9 systems. (BZ#1509974)

* Due to a bug in the ixgbe and i40e drivers, the socket buffer list (skb
list) in some cases got corrupted when running Red Hat Enterprise Linux 7.4
with the kernel version provided by the kernel-alt package on the POWER9
systems. Consequently, a kernel panic occurred. This update fixes ixgbe and
i40e, and the kernel no longer panics due to this behavior. (BZ#1518412)

* Users can lower the max_sectors_kb setting in the sysfs file system to
accommodate certain workloads. Previously, users needed to set the maximum
I/O size to either the block layer default or the optional preferred I/O
size reported by the device. This update fixes the scsi driver to keep the
current heuristic function for the initial setting of max_sectors_kb. As a
result, for subsequent invocations, the driver now only updates the current
queue limit if it exceeds the capabilities of the hardware. (BZ#1518432)

* When performing full-bootme tests on Boston ESS systems running Red Hat
Enterprise Linux 7.4 with the kernel version provided in the kernel-alt
package, a kernel panic occurred and the operating system dropped into the
XMON software. This update fixes the Multi-Queue Block IO Queueing
Mechanism (blk-mq), and the kernel no longer panics in these circumstances.
(BZ#1518433)

* When running the stress test on the file system with the gssstress
command, and pulling one disk from one recovery group, "kernel I/O error"
was reported, and gssstress became unresponsive. Gssstress now works as
expected under the described circumstances. (BZ#1522645)

* When using the fwupdate_xl710 utility to apply updates for NVM Intel
Ethernet Converged Network Adapter XL710 on machines running Red Hat
Enterpise Linux 7.4 with the kernel version provided in the kernel-alt
package, a deadlock sometimes occurred when the i40e driver was acquiring
access to the Non-Volatile Memory (NVM) of the device. Consequently, NVM
acquire timeouts occurred, the firmware update failed with the following
error message: "Failed Acquiring NVM resource for read err=-53 status=0xa",
and left the device's memory in a corrupted state. This update fixes the
i40e driver, and the firmware updates no longer fail due to this behavior.
(BZ#1522843)

* Previously, on POWER9 systems with more than 100 Pstates, the cpufreq
driver did not handle the cases when the NxN matrix denominated transition
table (trans_table) overflowed beyond the PAGE_SIZE boundary correctly.
Consequently, reading trans_table for any of the CPUs failed with the
following error:

"fill_read_buffer: show+0x0/0xa0 returned bad count"

With this update reading trans_table for any of the CPUs now proceeds as
expected under the described circumstances. (BZ#1522844)

* Previously, the /sys/firmware/opal/exports directory did not contain an
export node. Consequently, a range of memory in the Open Power Abstraction
Layer (OPAL) that the operating system attempted to export to user space
for debugging purposes was not available. With this update the sysfs file
under /sys/firmware/opal/exports is now available for each property found
there, and this file can be used for debugging purposes. (BZ#1522845)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1516514 - CVE-2017-1000405 kernel: pmd can become dirty without going through a COW cycle

6. Package List:

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source:
kernel-alt-4.11.0-44.4.1.el7a.src.rpm

aarch64:
kernel-debug-4.11.0-44.4.1.el7a.aarch64.rpm
kernel-debug-debuginfo-4.11.0-44.4.1.el7a.aarch64.rpm
kernel-debug-devel-4.11.0-44.4.1.el7a.aarch64.rpm
kernel-debuginfo-4.11.0-44.4.1.el7a.aarch64.rpm
kernel-debuginfo-common-aarch64-4.11.0-44.4.1.el7a.aarch64.rpm
kernel-devel-4.11.0-44.4.1.el7a.aarch64.rpm
kernel-headers-4.11.0-44.4.1.el7a.aarch64.rpm
kernel-tools-4.11.0-44.4.1.el7a.aarch64.rpm
kernel-tools-debuginfo-4.11.0-44.4.1.el7a.aarch64.rpm
kernel-tools-libs-4.11.0-44.4.1.el7a.aarch64.rpm
perf-4.11.0-44.4.1.el7a.aarch64.rpm
perf-debuginfo-4.11.0-44.4.1.el7a.aarch64.rpm
python-perf-4.11.0-44.4.1.el7a.aarch64.rpm
python-perf-debuginfo-4.11.0-44.4.1.el7a.aarch64.rpm

noarch:
kernel-abi-whitelists-4.11.0-44.4.1.el7a.noarch.rpm
kernel-doc-4.11.0-44.4.1.el7a.noarch.rpm

ppc64le:
kernel-bootwrapper-4.11.0-44.4.1.el7a.ppc64le.rpm
kernel-debug-4.11.0-44.4.1.el7a.ppc64le.rpm
kernel-debug-debuginfo-4.11.0-44.4.1.el7a.ppc64le.rpm
kernel-debug-devel-4.11.0-44.4.1.el7a.ppc64le.rpm
kernel-debuginfo-4.11.0-44.4.1.el7a.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.11.0-44.4.1.el7a.ppc64le.rpm
kernel-devel-4.11.0-44.4.1.el7a.ppc64le.rpm
kernel-headers-4.11.0-44.4.1.el7a.ppc64le.rpm
kernel-tools-4.11.0-44.4.1.el7a.ppc64le.rpm
kernel-tools-debuginfo-4.11.0-44.4.1.el7a.ppc64le.rpm
kernel-tools-libs-4.11.0-44.4.1.el7a.ppc64le.rpm
perf-4.11.0-44.4.1.el7a.ppc64le.rpm
perf-debuginfo-4.11.0-44.4.1.el7a.ppc64le.rpm
python-perf-4.11.0-44.4.1.el7a.ppc64le.rpm
python-perf-debuginfo-4.11.0-44.4.1.el7a.ppc64le.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

aarch64:
kernel-4.11.0-44.4.1.el7a.aarch64.rpm
kernel-debug-debuginfo-4.11.0-44.4.1.el7a.aarch64.rpm
kernel-debuginfo-4.11.0-44.4.1.el7a.aarch64.rpm
kernel-debuginfo-common-aarch64-4.11.0-44.4.1.el7a.aarch64.rpm
kernel-tools-debuginfo-4.11.0-44.4.1.el7a.aarch64.rpm
kernel-tools-libs-devel-4.11.0-44.4.1.el7a.aarch64.rpm
perf-debuginfo-4.11.0-44.4.1.el7a.aarch64.rpm
python-perf-debuginfo-4.11.0-44.4.1.el7a.aarch64.rpm

noarch:
kernel-abi-whitelists-4.11.0-44.4.1.el7a.noarch.rpm
kernel-doc-4.11.0-44.4.1.el7a.noarch.rpm

ppc64le:
kernel-4.11.0-44.4.1.el7a.ppc64le.rpm
kernel-debug-debuginfo-4.11.0-44.4.1.el7a.ppc64le.rpm
kernel-debuginfo-4.11.0-44.4.1.el7a.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.11.0-44.4.1.el7a.ppc64le.rpm
kernel-tools-debuginfo-4.11.0-44.4.1.el7a.ppc64le.rpm
kernel-tools-libs-devel-4.11.0-44.4.1.el7a.ppc64le.rpm
perf-debuginfo-4.11.0-44.4.1.el7a.ppc64le.rpm
python-perf-debuginfo-4.11.0-44.4.1.el7a.ppc64le.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-1000405
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFaabkOXlSAg2UNWIIRArAGAJ9fUzct/j40OFP7ZR+PK14Uobw58gCgt6es
W55J3Gj30QEoRadSMvBj+eE=
=zkL/
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close