-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.2887
               Important: kernel security and bug fix update
                             26 September 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kernel
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Root Compromise   -- Existing Account      
                   Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-14634 CVE-2018-10675 CVE-2018-5391
                   CVE-2018-5390  

Reference:         ASB-2018.0222
                   ASB-2018.0221
                   ESB-2018.2287.2
                   ESB-2018.2278
                   ESB-2018.2275
                   ESB-2018.2271

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2018:2791
   https://access.redhat.com/errata/RHSA-2018:2790
   https://access.redhat.com/errata/RHSA-2018:2785
   https://access.redhat.com/errata/RHSA-2018:2776
   https://access.redhat.com/errata/RHSA-2018:2748

Comment: This bulletin contains five (5) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2018:2791-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2791
Issue date:        2018-09-25
CVE Names:         CVE-2018-5390 CVE-2018-5391 CVE-2018-10675 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 6.4
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.4) - noarch, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* A flaw named SegmentSmack was found in the way the Linux kernel handled
specially crafted TCP packets. A remote attacker could use this flaw to
trigger time and calculation expensive calls to tcp_collapse_ofo_queue()
and tcp_prune_ofo_queue() functions by sending specially modified packets
within ongoing TCP sessions which could lead to a CPU saturation and hence
a denial of service on the system. Maintaining the denial of service
condition requires continuous two-way TCP sessions to a reachable open
port, thus the attacks cannot be performed using spoofed IP addresses.
(CVE-2018-5390)

* A flaw named FragmentSmack was found in the way the Linux kernel handled
reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use
this flaw to trigger time and calculation expensive fragment reassembly
algorithm by sending specially crafted packets which could lead to a CPU
saturation and hence a denial of service on the system. (CVE-2018-5391)

* kernel: mm: use-after-free in do_get_mempolicy function allows local DoS
or other unspecified impact (CVE-2018-10675)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department
of Communications and Networking and Nokia Bell Labs) for reporting
CVE-2018-5390 and CVE-2018-5391.

Bug Fix(es):

* After updating the system to prevent the L1 Terminal Fault (L1TF)
vulnerability, only one thread was detected on systems that offer
processing of two threads on a single processor core. With this update, the
"__max_smt_threads()" function has been fixed. As a result, both threads
are now detected correctly in the described situation. (BZ#1625330)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1575065 - CVE-2018-10675 kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact
1601704 - CVE-2018-5390 kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack)
1609664 - CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack)

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.4):

Source:
kernel-2.6.32-358.93.1.el6.src.rpm

noarch:
kernel-doc-2.6.32-358.93.1.el6.noarch.rpm
kernel-firmware-2.6.32-358.93.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-358.93.1.el6.x86_64.rpm
kernel-debug-2.6.32-358.93.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-358.93.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-358.93.1.el6.x86_64.rpm
kernel-devel-2.6.32-358.93.1.el6.x86_64.rpm
kernel-headers-2.6.32-358.93.1.el6.x86_64.rpm
perf-2.6.32-358.93.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 6.4):

Source:
kernel-2.6.32-358.93.1.el6.src.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-358.93.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm
python-perf-2.6.32-358.93.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-5390
https://access.redhat.com/security/cve/CVE-2018-5391
https://access.redhat.com/security/cve/CVE-2018-10675
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW6qZaNzjgjWX9erEAQibRhAAi5R09yTV+fksTsSRN9whi9D5E66aqn/b
MqKLbAKwTwPsleIKaUWpq/V3mLMbBeqpIAb67/HLpcG6vDB44AID4Nlr6xTgXFH8
G3LZkofjJuOj8Az4HTZATuogynhL+Wo4ajlqsMFucbfuBDs2wHIyhnpMo5aYiKor
IaI1WFgC13Gj9pAYRasu87q5RLpX/FzC/mZt1C+Qq/PKlRxU3loL+P9y8cfzxmtg
s/56cGpN7J4s12ztvHB7cdgiSWYQj0JrvL2htundCfAWrx1M3zUtyFjVBfakFF5N
L7gv7ms+sTT2hsrFR2Z/2OF1cqhYaqwyc+aMxQT5Tz8JU642kyxhg8L1CMFkUBM0
qP1wF/HnSgwIrzT40grvagg+Ot9Gl4J/IJ/KUmi8ce24u30V/6WuA1FL60yly309
lzPS1vptFFvaKWMOMRWLGsU836wOy6XUIa2dlDMaOnWmgdCxNVhDYdrgkPAbZAJ0
IUFdb8G6d2919vIywpNcZR2N0xuM3mVl3FdsPmu1pt60YadtyGmPyYeyH4LjVul1
K0FpwlyGeFD0ZhR8MNhcWJgnycxrOlkft4X989PrDVEXqDdgOl4lGW9HJVGToLoJ
dS8RWoZpvR+RNP1jhpZLj/kNUZ6qwBlz58LKjVBBdFGaLQrQ+sWHa9dbAF1C3oYj
RzRcAsoet+k=
=3P7M
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2018:2790-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2790
Issue date:        2018-09-25
CVE Names:         CVE-2018-5390 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.2
Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update
Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP
Solutions.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64
Red Hat Enterprise Linux Server E4S (v. 7.2) - noarch, ppc64le, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64
Red Hat Enterprise Linux Server Optional E4S (v. 7.2) - ppc64le, x86_64
Red Hat Enterprise Linux Server Optional TUS (v. 7.2) - x86_64
Red Hat Enterprise Linux Server TUS (v. 7.2) - noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* A flaw named SegmentSmack was found in the way the Linux kernel handled
specially crafted TCP packets. A remote attacker could use this flaw to
trigger time and calculation expensive calls to tcp_collapse_ofo_queue()
and tcp_prune_ofo_queue() functions by sending specially modified packets
within ongoing TCP sessions which could lead to a CPU saturation and hence
a denial of service on the system. Maintaining the denial of service
condition requires continuous two-way TCP sessions to a reachable open
port, thus the attacks cannot be performed using spoofed IP addresses.
(CVE-2018-5390)

Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department
of Communications and Networking and Nokia Bell Labs) for reporting this
issue.

Bug Fix(es):

* Previously, the early microcode updater in the kernel was trying to
perform a microcode update on virtualized guests. As a consequence, the
virtualized guests sometimes mishandled the request to perform the
microcode update and became unresponsive in the early boot stage. This
update applies an upstream patch to avoid the early microcode update when
running under a hypervisor. As a result, no kernel freezes appear in the
described scenario. (BZ#1618386)

4. Solution:

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1601704 - CVE-2018-5390 kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack)

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.2):

Source:
kernel-3.10.0-327.73.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-327.73.1.el7.noarch.rpm
kernel-doc-3.10.0-327.73.1.el7.noarch.rpm

x86_64:
kernel-3.10.0-327.73.1.el7.x86_64.rpm
kernel-debug-3.10.0-327.73.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-327.73.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.73.1.el7.x86_64.rpm
kernel-devel-3.10.0-327.73.1.el7.x86_64.rpm
kernel-headers-3.10.0-327.73.1.el7.x86_64.rpm
kernel-tools-3.10.0-327.73.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-327.73.1.el7.x86_64.rpm
perf-3.10.0-327.73.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
python-perf-3.10.0-327.73.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.2):

Source:
kernel-3.10.0-327.73.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-327.73.1.el7.noarch.rpm
kernel-doc-3.10.0-327.73.1.el7.noarch.rpm

ppc64le:
kernel-3.10.0-327.73.1.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-327.73.1.el7.ppc64le.rpm
kernel-debug-3.10.0-327.73.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-327.73.1.el7.ppc64le.rpm
kernel-devel-3.10.0-327.73.1.el7.ppc64le.rpm
kernel-headers-3.10.0-327.73.1.el7.ppc64le.rpm
kernel-tools-3.10.0-327.73.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-327.73.1.el7.ppc64le.rpm
perf-3.10.0-327.73.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm
python-perf-3.10.0-327.73.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm

x86_64:
kernel-3.10.0-327.73.1.el7.x86_64.rpm
kernel-debug-3.10.0-327.73.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-327.73.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.73.1.el7.x86_64.rpm
kernel-devel-3.10.0-327.73.1.el7.x86_64.rpm
kernel-headers-3.10.0-327.73.1.el7.x86_64.rpm
kernel-tools-3.10.0-327.73.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-327.73.1.el7.x86_64.rpm
perf-3.10.0-327.73.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
python-perf-3.10.0-327.73.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.2):

Source:
kernel-3.10.0-327.73.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-327.73.1.el7.noarch.rpm
kernel-doc-3.10.0-327.73.1.el7.noarch.rpm

x86_64:
kernel-3.10.0-327.73.1.el7.x86_64.rpm
kernel-debug-3.10.0-327.73.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-327.73.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.73.1.el7.x86_64.rpm
kernel-devel-3.10.0-327.73.1.el7.x86_64.rpm
kernel-headers-3.10.0-327.73.1.el7.x86_64.rpm
kernel-tools-3.10.0-327.73.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-327.73.1.el7.x86_64.rpm
perf-3.10.0-327.73.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
python-perf-3.10.0-327.73.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.2):

x86_64:
kernel-debug-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.73.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-327.73.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.2):

ppc64le:
kernel-debug-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-327.73.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-327.73.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-327.73.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.73.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-327.73.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 7.2):

x86_64:
kernel-debug-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.73.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-327.73.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-5390
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW6qcvtzjgjWX9erEAQiDsQ/7BETzPMxQja4EK5igMV57JOLK5GJ/MghC
LSvARQ/99iCM8RzhcINPjvujtZ60ZtyRpAsgMJ5RQgFMVP5ZIWc3v5bK7aTE/W/R
rJVuKYUenPZELmHBhWf9LHFVOOU2m/2gBVj0Cb2+0I3Q9AYCoCEpnZEHlY1rCLFD
UBuGRd9eL+tUPvVOd+xkEe1Tl5iuiKoJuyAQR26OPGWshXSKBS5a/eaGZMlmUYGz
g06soOA6Rc9tDfirES9KSvg8qIIYkBkmgMQdGp/KRin7UqGPZIK7A8RMxP6oRZvh
tirsJG1iaDiBbiNHjb79umaLR4Z/zKhEJDlUQ36f3NxM3DE8tsdxY8vkOVi6kxVI
4UefoRbTtTO8Opd1NoRvvtqyqtWOyJjCPc+B7E8HUoEXjT0j5gIY5JaQp8EAS2DR
LoYOOjg8gODwMlHZ9vDsF83SffHjHSicjJXdAOTgHq1i6OwjYT8uRfJYoUlVIM2b
7dcCp9aVYbcJiVcJM+ym7vpVQ/X/ehL11iXk8fM498Z6oAk2Cj2wz4twkQHpa63q
4pui+OgyLpha09NHgFqRYYubgrKKiXc3STQ1lv+55Y02IXiXkZVWWwcMy59onsgB
4DgxlZb+/M5cj61CVfGXmERU0f/jTIy8CCrIP2uyp5oFvfOmw6dM7LTu/i611Kkj
brmSW7yutKI=
=MH0b
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2018:2785-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2785
Issue date:        2018-09-25
CVE Names:         CVE-2018-5390 CVE-2018-5391 CVE-2018-10675 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.3
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.3) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.3) - ppc64, ppc64le, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* A flaw named SegmentSmack was found in the way the Linux kernel handled
specially crafted TCP packets. A remote attacker could use this flaw to
trigger time and calculation expensive calls to tcp_collapse_ofo_queue()
and tcp_prune_ofo_queue() functions by sending specially modified packets
within ongoing TCP sessions which could lead to a CPU saturation and hence
a denial of service on the system. Maintaining the denial of service
condition requires continuous two-way TCP sessions to a reachable open
port, thus the attacks cannot be performed using spoofed IP addresses.
(CVE-2018-5390)

* A flaw named FragmentSmack was found in the way the Linux kernel handled
reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use
this flaw to trigger time and calculation expensive fragment reassembly
algorithm by sending specially crafted packets which could lead to a CPU
saturation and hence a denial of service on the system. (CVE-2018-5391)

* kernel: mm: use-after-free in do_get_mempolicy function allows local DoS
or other unspecified impact (CVE-2018-10675)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department
of Communications and Networking and Nokia Bell Labs) for reporting
CVE-2018-5390 and CVE-2018-5391.

Bug Fix(es):

* On systems running Red Hat Enterprise Linux 7 with Red Hat OpenShift
Container Platform 3.5, a node sometimes got into "NodeNotReady" state
after a CPU softlockup. Consequently, the node was not available. This
update fixes an irq latency source in memory compaction. As a result, nodes
no longer get into "NodeNotReady" state under the described circumstances.
(BZ#1596281)

* Previously, the kernel source code was missing support to report the
Speculative Store Bypass Disable (SSBD) vulnerability status on IBM Power
Systems and the little-endian variants of IBM Power Systems. As a
consequence, the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass
file incorrectly reported "Not affected" on both CPU architectures. This
fix updates the kernel source code to properly report the SSBD status
either as "Vulnerable" or "Mitigation: Kernel entry/exit barrier (TYPE)"
where TYPE is one of "eieio", "hwsync", "fallback", or "unknown".
(BZ#1612351)

* The hypervisors of Red Hat Enterprise Linux 7 virtual machines (VMs) in
certain circumstances mishandled the microcode update in the kernel. As a
consequence, the VMs sometimes became unresponsive when booting. This
update applies an upstream patch to avoid early microcode update when
running under a hypervisor. As a result, kernel hangs no longer occur in
the described scenario. (BZ#1618388)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1575065 - CVE-2018-10675 kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact
1601704 - CVE-2018-5390 kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack)
1609664 - CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack)

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.3):

Source:
kernel-3.10.0-514.58.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-514.58.1.el7.noarch.rpm
kernel-doc-3.10.0-514.58.1.el7.noarch.rpm

x86_64:
kernel-3.10.0-514.58.1.el7.x86_64.rpm
kernel-debug-3.10.0-514.58.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.58.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.58.1.el7.x86_64.rpm
kernel-devel-3.10.0-514.58.1.el7.x86_64.rpm
kernel-headers-3.10.0-514.58.1.el7.x86_64.rpm
kernel-tools-3.10.0-514.58.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.58.1.el7.x86_64.rpm
perf-3.10.0-514.58.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm
python-perf-3.10.0-514.58.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3):

x86_64:
kernel-debug-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.58.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.58.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.3):

Source:
kernel-3.10.0-514.58.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-514.58.1.el7.noarch.rpm
kernel-doc-3.10.0-514.58.1.el7.noarch.rpm

ppc64:
kernel-3.10.0-514.58.1.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-514.58.1.el7.ppc64.rpm
kernel-debug-3.10.0-514.58.1.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm
kernel-debug-devel-3.10.0-514.58.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-514.58.1.el7.ppc64.rpm
kernel-devel-3.10.0-514.58.1.el7.ppc64.rpm
kernel-headers-3.10.0-514.58.1.el7.ppc64.rpm
kernel-tools-3.10.0-514.58.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm
kernel-tools-libs-3.10.0-514.58.1.el7.ppc64.rpm
perf-3.10.0-514.58.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm
python-perf-3.10.0-514.58.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm

ppc64le:
kernel-3.10.0-514.58.1.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-514.58.1.el7.ppc64le.rpm
kernel-debug-3.10.0-514.58.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-514.58.1.el7.ppc64le.rpm
kernel-devel-3.10.0-514.58.1.el7.ppc64le.rpm
kernel-headers-3.10.0-514.58.1.el7.ppc64le.rpm
kernel-tools-3.10.0-514.58.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-514.58.1.el7.ppc64le.rpm
perf-3.10.0-514.58.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm
python-perf-3.10.0-514.58.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm

s390x:
kernel-3.10.0-514.58.1.el7.s390x.rpm
kernel-debug-3.10.0-514.58.1.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-514.58.1.el7.s390x.rpm
kernel-debug-devel-3.10.0-514.58.1.el7.s390x.rpm
kernel-debuginfo-3.10.0-514.58.1.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-514.58.1.el7.s390x.rpm
kernel-devel-3.10.0-514.58.1.el7.s390x.rpm
kernel-headers-3.10.0-514.58.1.el7.s390x.rpm
kernel-kdump-3.10.0-514.58.1.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-514.58.1.el7.s390x.rpm
kernel-kdump-devel-3.10.0-514.58.1.el7.s390x.rpm
perf-3.10.0-514.58.1.el7.s390x.rpm
perf-debuginfo-3.10.0-514.58.1.el7.s390x.rpm
python-perf-3.10.0-514.58.1.el7.s390x.rpm
python-perf-debuginfo-3.10.0-514.58.1.el7.s390x.rpm

x86_64:
kernel-3.10.0-514.58.1.el7.x86_64.rpm
kernel-debug-3.10.0-514.58.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.58.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.58.1.el7.x86_64.rpm
kernel-devel-3.10.0-514.58.1.el7.x86_64.rpm
kernel-headers-3.10.0-514.58.1.el7.x86_64.rpm
kernel-tools-3.10.0-514.58.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.58.1.el7.x86_64.rpm
perf-3.10.0-514.58.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm
python-perf-3.10.0-514.58.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.3):

ppc64:
kernel-debug-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-514.58.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-514.58.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-514.58.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-514.58.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-514.58.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.58.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.58.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-5390
https://access.redhat.com/security/cve/CVE-2018-5391
https://access.redhat.com/security/cve/CVE-2018-10675
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW6qe7NzjgjWX9erEAQjNbQ/+IKrFgUV0KKr007GhsyzJeLCUqTrNBcio
bsIWQDFE/sV/deohMIBHybvxBeiZkUe8D+d/IcNS/0a1+jSNWytdahR8AO5PdjF1
QxXXnteY7glupPg7oBJzNVtrfWmvo6M7jH2U+EQ0w5agSIBQ+WFChXH5hMwXxx8f
nW7hs3ToSWJyrAo6VRQ9IX3goBskn6qIcbTsp4lMNhGa1gQPOFvoT0DyK7V32TWT
KmNAK13XYd8nP402PUUyN72HksPwW5fJNG5bQIYUp07WGOgiKt0X8vAgzaSX9srd
LBxMG+TP8IJjrNe3RUC/kD3BJ+n7BYp0hnYr1y2k09qHDrDP7K0qP63fRBPQ+xPs
3gQmmz9AICgF+xA95onoREUJp6rqydFb92OsebwRb2aZ4ho084M7GTsKe7cZn4zL
oUXFafA7Tjir+K0oyOLsAF/ieIvzHt35IJKFECXZuAuomgsTTh92DLnMurszyNmi
IzIZbenNNhPV6qGLD1gANzvaaRKZNhJVh1DAZgWaMqOf/xZYE2n1mO8XAj5/m97T
Sz4RCOUVFMTgcFAQFWv29uLtV0c8gd6X9QNiYeDGqoADskwGpSdBKuNlnHFaOv86
gWhCLv9cY+N8IbrjtSSugY6zzBStigEQ+2BSrqh7YvVjkRhpIqHql0yJzCknPtIh
un3AsdlsrV4=
=O9gE
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2018:2776-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2776
Issue date:        2018-09-25
CVE Names:         CVE-2018-5390 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.4
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.4) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.4) - ppc64, ppc64le, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* A flaw named SegmentSmack was found in the way the Linux kernel handled
specially crafted TCP packets. A remote attacker could use this flaw to
trigger time and calculation expensive calls to tcp_collapse_ofo_queue()
and tcp_prune_ofo_queue() functions by sending specially modified packets
within ongoing TCP sessions which could lead to a CPU saturation and hence
a denial of service on the system. Maintaining the denial of service
condition requires continuous two-way TCP sessions to a reachable open
port, thus the attacks cannot be performed using spoofed IP addresses.
(CVE-2018-5390)

Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department
of Communications and Networking and Nokia Bell Labs) for reporting this
issue.

Bug Fix(es):

* Previously, making the total buffer size bigger than the memory size for
early allocation through the trace_buf_size boot option, made the system
become unresponsive at the boot stage. This update introduces a change in
the early memory allocation. As a result, the system no longer hangs in the
above described scenario. (BZ#1588365)

* When inserting objects with the same keys, made the rhlist implementation
corrupt the chain pointers. As a consequence, elements were missing on
removal and traversal. This patch updates the chain pointers correctly. As
a result, there are no missing elements on removal and traversal in the
above-described scenario. (BZ#1601008)

* Previously, the kernel source code was missing support to report the
Speculative Store Bypass Disable (SSBD) vulnerability status on IBM Power
Systems and the little-endian variants of IBM Power Systems. As a
consequence, the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass
file incorrectly reported "Not affected" on both CPU architectures. This
fix updates the kernel source code to properly report the SSBD status
either as "Vulnerable" or "Mitigation: Kernel entry/exit barrier (TYPE)"
where TYPE is one of "eieio", "hwsync", "fallback", or "unknown".
(BZ#1612352)

* Previously, the early microcode updater in the kernel was trying to
perform a microcode update on virtualized guests. As a consequence, the
virtualized guests sometimes mishandled the request to perform the
microcode update and became unresponsive in the early boot stage. This
update applies an upstream patch to avoid the early microcode update when
running under a hypervisor. As a result, no kernel freezes appear in the
described scenario. (BZ#1618389)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1601704 - CVE-2018-5390 kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack)

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.4):

Source:
kernel-3.10.0-693.39.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-693.39.1.el7.noarch.rpm
kernel-doc-3.10.0-693.39.1.el7.noarch.rpm

x86_64:
kernel-3.10.0-693.39.1.el7.x86_64.rpm
kernel-debug-3.10.0-693.39.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.39.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.39.1.el7.x86_64.rpm
kernel-devel-3.10.0-693.39.1.el7.x86_64.rpm
kernel-headers-3.10.0-693.39.1.el7.x86_64.rpm
kernel-tools-3.10.0-693.39.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.39.1.el7.x86_64.rpm
perf-3.10.0-693.39.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm
python-perf-3.10.0-693.39.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4):

x86_64:
kernel-debug-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.39.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.39.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.4):

Source:
kernel-3.10.0-693.39.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-693.39.1.el7.noarch.rpm
kernel-doc-3.10.0-693.39.1.el7.noarch.rpm

ppc64:
kernel-3.10.0-693.39.1.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-693.39.1.el7.ppc64.rpm
kernel-debug-3.10.0-693.39.1.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm
kernel-debug-devel-3.10.0-693.39.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-693.39.1.el7.ppc64.rpm
kernel-devel-3.10.0-693.39.1.el7.ppc64.rpm
kernel-headers-3.10.0-693.39.1.el7.ppc64.rpm
kernel-tools-3.10.0-693.39.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm
kernel-tools-libs-3.10.0-693.39.1.el7.ppc64.rpm
perf-3.10.0-693.39.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm
python-perf-3.10.0-693.39.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm

ppc64le:
kernel-3.10.0-693.39.1.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-693.39.1.el7.ppc64le.rpm
kernel-debug-3.10.0-693.39.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-693.39.1.el7.ppc64le.rpm
kernel-devel-3.10.0-693.39.1.el7.ppc64le.rpm
kernel-headers-3.10.0-693.39.1.el7.ppc64le.rpm
kernel-tools-3.10.0-693.39.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-693.39.1.el7.ppc64le.rpm
perf-3.10.0-693.39.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm
python-perf-3.10.0-693.39.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm

s390x:
kernel-3.10.0-693.39.1.el7.s390x.rpm
kernel-debug-3.10.0-693.39.1.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-693.39.1.el7.s390x.rpm
kernel-debug-devel-3.10.0-693.39.1.el7.s390x.rpm
kernel-debuginfo-3.10.0-693.39.1.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-693.39.1.el7.s390x.rpm
kernel-devel-3.10.0-693.39.1.el7.s390x.rpm
kernel-headers-3.10.0-693.39.1.el7.s390x.rpm
kernel-kdump-3.10.0-693.39.1.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-693.39.1.el7.s390x.rpm
kernel-kdump-devel-3.10.0-693.39.1.el7.s390x.rpm
perf-3.10.0-693.39.1.el7.s390x.rpm
perf-debuginfo-3.10.0-693.39.1.el7.s390x.rpm
python-perf-3.10.0-693.39.1.el7.s390x.rpm
python-perf-debuginfo-3.10.0-693.39.1.el7.s390x.rpm

x86_64:
kernel-3.10.0-693.39.1.el7.x86_64.rpm
kernel-debug-3.10.0-693.39.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.39.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.39.1.el7.x86_64.rpm
kernel-devel-3.10.0-693.39.1.el7.x86_64.rpm
kernel-headers-3.10.0-693.39.1.el7.x86_64.rpm
kernel-tools-3.10.0-693.39.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.39.1.el7.x86_64.rpm
perf-3.10.0-693.39.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm
python-perf-3.10.0-693.39.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.4):

ppc64:
kernel-debug-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-693.39.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-693.39.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-693.39.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-693.39.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-693.39.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.39.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.39.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-5390
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW6qe0NzjgjWX9erEAQifnQ//Yjt7BtzIu5kCLW7RctFFx62Ny8fJUuZ0
sLah6bMbzFmLPMvHLyrOY7W532MtFMuObhzumKzSlprP0eGYNmlz9XAxTrYD63bQ
RRBHqyT0cjFYxRrtJx4S7oriE3x2jRmrcRFlmlN8Bl18XO+fieihrOH547AmXlrl
eb/n0g//94pEfXiIbh9UWOqCw5jWTpk0R46Tl/i+ky4SrysGDDd1SzWP8+hnE+ps
BSDZD6ubYM2T7qunnYZ0Ci7LbfMxFNtLedZvG9dO8Ywlqfif5RNNFXfXp7WvYRzb
RBzcrSX+FdtY/XCn7ov3WkH32kadtx2Q7vvrA/eLdwYt+6BaGKMmU7yc+zOIsZpA
2uJUO7AYm3p9J4SW4hpxmuw3er4g+bSHGuXg8Nz6kWVyWrMzILAXQYDUDwI66rTy
EZXbRaOJCFY3+vYSHKAcZRHnroSOsIq/EotegjqFN4fcSVMSNNlOeoRop7pr3kQq
eWlpbaDcWiE7CA5camN4aO0doj25vIdIyT4E8B+QBP7AC5FcF94CpQkyb2htut5o
0usFXhzZSze2MxeECwIf74/1QrF+kcgcLbwBJw/k0COoJ0qLTnEOsAjMJNNR4+0N
JrZ2SQAwYs/QbIGVJTGvyfVhNYnnr+EW5/nrBiZU6DokA3q6rEI/Tg4Q8OIx0wwX
j4HjKybGYpU=
=3Awj
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2018:2748-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2748
Issue date:        2018-09-25
CVE Names:         CVE-2018-14634 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch, ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - noarch, ppc64le

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* kernel: Integer overflow in Linux's create_elf_tables function
(CVE-2018-14634)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Qualys Research Labs for reporting this issue.

Bug Fix(es):

These updated kernel packages include also numerous bug fixes. Space
precludes documenting all of the bug fixes in this advisory. See the
descriptions in the related Knowledge Article:

https://access.redhat.com/articles/3588731

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1624498 - CVE-2018-14634 kernel: Integer overflow in Linux's create_elf_tables function

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
kernel-3.10.0-862.14.4.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-862.14.4.el7.noarch.rpm
kernel-doc-3.10.0-862.14.4.el7.noarch.rpm

x86_64:
kernel-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debug-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.14.4.el7.x86_64.rpm
kernel-devel-3.10.0-862.14.4.el7.x86_64.rpm
kernel-headers-3.10.0-862.14.4.el7.x86_64.rpm
kernel-tools-3.10.0-862.14.4.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.14.4.el7.x86_64.rpm
perf-3.10.0-862.14.4.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
python-perf-3.10.0-862.14.4.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.14.4.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.14.4.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
kernel-3.10.0-862.14.4.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-862.14.4.el7.noarch.rpm
kernel-doc-3.10.0-862.14.4.el7.noarch.rpm

x86_64:
kernel-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debug-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.14.4.el7.x86_64.rpm
kernel-devel-3.10.0-862.14.4.el7.x86_64.rpm
kernel-headers-3.10.0-862.14.4.el7.x86_64.rpm
kernel-tools-3.10.0-862.14.4.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.14.4.el7.x86_64.rpm
perf-3.10.0-862.14.4.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
python-perf-3.10.0-862.14.4.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.14.4.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.14.4.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
kernel-3.10.0-862.14.4.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-862.14.4.el7.noarch.rpm
kernel-doc-3.10.0-862.14.4.el7.noarch.rpm

ppc64:
kernel-3.10.0-862.14.4.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-862.14.4.el7.ppc64.rpm
kernel-debug-3.10.0-862.14.4.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-862.14.4.el7.ppc64.rpm
kernel-debug-devel-3.10.0-862.14.4.el7.ppc64.rpm
kernel-debuginfo-3.10.0-862.14.4.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-862.14.4.el7.ppc64.rpm
kernel-devel-3.10.0-862.14.4.el7.ppc64.rpm
kernel-headers-3.10.0-862.14.4.el7.ppc64.rpm
kernel-tools-3.10.0-862.14.4.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-862.14.4.el7.ppc64.rpm
kernel-tools-libs-3.10.0-862.14.4.el7.ppc64.rpm
perf-3.10.0-862.14.4.el7.ppc64.rpm
perf-debuginfo-3.10.0-862.14.4.el7.ppc64.rpm
python-perf-3.10.0-862.14.4.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-862.14.4.el7.ppc64.rpm

ppc64le:
kernel-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-debug-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-devel-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-headers-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-tools-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-862.14.4.el7.ppc64le.rpm
perf-3.10.0-862.14.4.el7.ppc64le.rpm
perf-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm
python-perf-3.10.0-862.14.4.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm

s390x:
kernel-3.10.0-862.14.4.el7.s390x.rpm
kernel-debug-3.10.0-862.14.4.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-862.14.4.el7.s390x.rpm
kernel-debug-devel-3.10.0-862.14.4.el7.s390x.rpm
kernel-debuginfo-3.10.0-862.14.4.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-862.14.4.el7.s390x.rpm
kernel-devel-3.10.0-862.14.4.el7.s390x.rpm
kernel-headers-3.10.0-862.14.4.el7.s390x.rpm
kernel-kdump-3.10.0-862.14.4.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-862.14.4.el7.s390x.rpm
kernel-kdump-devel-3.10.0-862.14.4.el7.s390x.rpm
perf-3.10.0-862.14.4.el7.s390x.rpm
perf-debuginfo-3.10.0-862.14.4.el7.s390x.rpm
python-perf-3.10.0-862.14.4.el7.s390x.rpm
python-perf-debuginfo-3.10.0-862.14.4.el7.s390x.rpm

x86_64:
kernel-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debug-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.14.4.el7.x86_64.rpm
kernel-devel-3.10.0-862.14.4.el7.x86_64.rpm
kernel-headers-3.10.0-862.14.4.el7.x86_64.rpm
kernel-tools-3.10.0-862.14.4.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.14.4.el7.x86_64.rpm
perf-3.10.0-862.14.4.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
python-perf-3.10.0-862.14.4.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

noarch:
kernel-abi-whitelists-3.10.0-862.14.4.el7.noarch.rpm
kernel-doc-3.10.0-862.14.4.el7.noarch.rpm

ppc64le:
kernel-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-debug-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-devel-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-headers-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-tools-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-862.14.4.el7.ppc64le.rpm
perf-3.10.0-862.14.4.el7.ppc64le.rpm
perf-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm
python-perf-3.10.0-862.14.4.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm

s390x:
kernel-3.10.0-862.14.4.el7.s390x.rpm
kernel-debug-3.10.0-862.14.4.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-862.14.4.el7.s390x.rpm
kernel-debug-devel-3.10.0-862.14.4.el7.s390x.rpm
kernel-debuginfo-3.10.0-862.14.4.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-862.14.4.el7.s390x.rpm
kernel-devel-3.10.0-862.14.4.el7.s390x.rpm
kernel-headers-3.10.0-862.14.4.el7.s390x.rpm
kernel-kdump-3.10.0-862.14.4.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-862.14.4.el7.s390x.rpm
kernel-kdump-devel-3.10.0-862.14.4.el7.s390x.rpm
perf-3.10.0-862.14.4.el7.s390x.rpm
perf-debuginfo-3.10.0-862.14.4.el7.s390x.rpm
python-perf-3.10.0-862.14.4.el7.s390x.rpm
python-perf-debuginfo-3.10.0-862.14.4.el7.s390x.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
kernel-debug-debuginfo-3.10.0-862.14.4.el7.ppc64.rpm
kernel-debuginfo-3.10.0-862.14.4.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-862.14.4.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-862.14.4.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-862.14.4.el7.ppc64.rpm
perf-debuginfo-3.10.0-862.14.4.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-862.14.4.el7.ppc64.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-862.14.4.el7.ppc64le.rpm
perf-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.14.4.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.14.4.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

noarch:
kernel-doc-3.10.0-862.14.4.el7.noarch.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-862.14.4.el7.ppc64le.rpm
perf-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
kernel-3.10.0-862.14.4.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-862.14.4.el7.noarch.rpm
kernel-doc-3.10.0-862.14.4.el7.noarch.rpm

x86_64:
kernel-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debug-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.14.4.el7.x86_64.rpm
kernel-devel-3.10.0-862.14.4.el7.x86_64.rpm
kernel-headers-3.10.0-862.14.4.el7.x86_64.rpm
kernel-tools-3.10.0-862.14.4.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.14.4.el7.x86_64.rpm
perf-3.10.0-862.14.4.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
python-perf-3.10.0-862.14.4.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.14.4.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.14.4.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-14634
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/articles/3588731

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW6qIXtzjgjWX9erEAQgbaA/9GdDyLHgZWXBKyB7vepaVkwjNGl3misCc
yNfyldFBi5Kqh4p5udl6gdEcaqsnV1rXnAyBKu/fyNZFwIyJaoO7zcYz577C5p8u
eN/2HWXaIQDLwqwDB65Hm4UraHsr3QkazfbAwhb2de796dbw/qP+dP/UHAyV4Gfl
wFEF1Ip0atvE8Ya/MmGhNPkr8ha9aOeGQwI6UgCxDlytM95KEJm+Bw9kCIa27mQm
tcBgOUxUOrQ+0pQpRMSV7/vogmf8T+m1S7Bx8AEIYT/e73sdgIoNTeNlwC8h+wqu
loxQOmDPVtQlYseWYqnzuxPI93kL/Rd0EbTbLUrWwAlTmOgTOdfJBxcSUu012PbV
D8ZwivWtKVL5afIf405RuVLY/7G1GBus7hI5TCPl8q+lOYp75ic1gkh5ZBrGRW6E
n9+7LZkUO3/G+6VR3GnUt6SNIlqGol1gl20XpNEMR8FPliOCZvEBP4lPp0eRGlhl
t6cAf6Www/9SbecSkr2XmaJT7J/XcRWwKCm4YvKak26gU8rXy9PXqbl/Ql4c3uJi
9672uf7W3uRMitdbmxO24ykfZgMjgl1CmtCi5xbzWWW1UqbEBLyUDH4gl1pR4dP6
JCpWH8VcQ6k1Bc8NTYgOXEvUEBjrUtSAC4CoLTVAaAuHPZsZyDZoQXKlkqlsv2ke
RfK83591mPM=
=QKmj
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW6rjfmaOgq3Tt24GAQgi0BAAgyVYJLHCcOM/RsFH70bnpvgS/5su/2RM
fizownOXswJZy7Pd+I+VDA0/A1RkWONpiWPV5fyODDW184NxZGUFJ8my6u12+4I8
JCKbJWU9AI8Zou9yT+SB8MYCNQ/annzorbjyS6LF6mdLxqgEvr1aLVy3sscFllht
9hkBW5VcniIE5jrPlXqtQY7lyF5umQCTwmXFaAVEad84Hfin00NffOMukUZXekI/
MxvhBiSpwgjaIDN4HhJKWggNCojopamAXXZYM9jKf88YU4DXavoHt8t0T6B8P4cS
qOxvPtFt+ssa7fattx9AyA8eiiXq5Tj/KZ6AehL8elb6pegZgZbD6u6UtO3xnkUS
sZxjOiYwpjNdx4WeXNOFNAFbYx2ifjDbfz4T7YdY85OTkYuzH7PimvYZGLjnIQ1t
s265iUxRTsRE5MgFIEReF5/FZC/Ed4KdqaC4yAPtSwpj7KBOOD3WsflcbMjlQ2fV
zR5V41vfZ+UXv2pDWxcsihFJ5hDFWmIhSkm8wQlOrtDghJLy0YSgOs091V0W5Lfb
ryVVJx9vAIUx+cF22mwxglaXq4V2H1PqzmY5D/nfis1x3fWfFeCKO9zlFuHY4AP7
FbfpfYOBIPzzndrWSSWu/IcaqSmoLUKIjbsYAKt6ftjvOLqF7nhVcGGt7OkbOYuG
sdPhKRdRiiw=
=uPj+
-----END PGP SIGNATURE-----