Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2887 Important: kernel security and bug fix update 26 September 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel Publisher: Red Hat Operating System: Red Hat Impact/Access: Root Compromise -- Existing Account Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-14634 CVE-2018-10675 CVE-2018-5391 CVE-2018-5390 Reference: ASB-2018.0222 ASB-2018.0221 ESB-2018.2287.2 ESB-2018.2278 ESB-2018.2275 ESB-2018.2271 Original Bulletin: https://access.redhat.com/errata/RHSA-2018:2791 https://access.redhat.com/errata/RHSA-2018:2790 https://access.redhat.com/errata/RHSA-2018:2785 https://access.redhat.com/errata/RHSA-2018:2776 https://access.redhat.com/errata/RHSA-2018:2748 Comment: This bulletin contains five (5) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:2791-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2791 Issue date: 2018-09-25 CVE Names: CVE-2018-5390 CVE-2018-5391 CVE-2018-10675 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.4) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390 and CVE-2018-5391. Bug Fix(es): * After updating the system to prevent the L1 Terminal Fault (L1TF) vulnerability, only one thread was detected on systems that offer processing of two threads on a single processor core. With this update, the "__max_smt_threads()" function has been fixed. As a result, both threads are now detected correctly in the described situation. (BZ#1625330) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1575065 - CVE-2018-10675 kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact 1601704 - CVE-2018-5390 kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack) 1609664 - CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.4): Source: kernel-2.6.32-358.93.1.el6.src.rpm noarch: kernel-doc-2.6.32-358.93.1.el6.noarch.rpm kernel-firmware-2.6.32-358.93.1.el6.noarch.rpm x86_64: kernel-2.6.32-358.93.1.el6.x86_64.rpm kernel-debug-2.6.32-358.93.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.93.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.93.1.el6.x86_64.rpm kernel-devel-2.6.32-358.93.1.el6.x86_64.rpm kernel-headers-2.6.32-358.93.1.el6.x86_64.rpm perf-2.6.32-358.93.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: kernel-2.6.32-358.93.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.93.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm python-perf-2.6.32-358.93.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.93.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-5390 https://access.redhat.com/security/cve/CVE-2018-5391 https://access.redhat.com/security/cve/CVE-2018-10675 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW6qZaNzjgjWX9erEAQibRhAAi5R09yTV+fksTsSRN9whi9D5E66aqn/b MqKLbAKwTwPsleIKaUWpq/V3mLMbBeqpIAb67/HLpcG6vDB44AID4Nlr6xTgXFH8 G3LZkofjJuOj8Az4HTZATuogynhL+Wo4ajlqsMFucbfuBDs2wHIyhnpMo5aYiKor IaI1WFgC13Gj9pAYRasu87q5RLpX/FzC/mZt1C+Qq/PKlRxU3loL+P9y8cfzxmtg s/56cGpN7J4s12ztvHB7cdgiSWYQj0JrvL2htundCfAWrx1M3zUtyFjVBfakFF5N L7gv7ms+sTT2hsrFR2Z/2OF1cqhYaqwyc+aMxQT5Tz8JU642kyxhg8L1CMFkUBM0 qP1wF/HnSgwIrzT40grvagg+Ot9Gl4J/IJ/KUmi8ce24u30V/6WuA1FL60yly309 lzPS1vptFFvaKWMOMRWLGsU836wOy6XUIa2dlDMaOnWmgdCxNVhDYdrgkPAbZAJ0 IUFdb8G6d2919vIywpNcZR2N0xuM3mVl3FdsPmu1pt60YadtyGmPyYeyH4LjVul1 K0FpwlyGeFD0ZhR8MNhcWJgnycxrOlkft4X989PrDVEXqDdgOl4lGW9HJVGToLoJ dS8RWoZpvR+RNP1jhpZLj/kNUZ6qwBlz58LKjVBBdFGaLQrQ+sWHa9dbAF1C3oYj RzRcAsoet+k= =3P7M - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:2790-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2790 Issue date: 2018-09-25 CVE Names: CVE-2018-5390 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.2) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.2) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.2) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting this issue. Bug Fix(es): * Previously, the early microcode updater in the kernel was trying to perform a microcode update on virtualized guests. As a consequence, the virtualized guests sometimes mishandled the request to perform the microcode update and became unresponsive in the early boot stage. This update applies an upstream patch to avoid the early microcode update when running under a hypervisor. As a result, no kernel freezes appear in the described scenario. (BZ#1618386) 4. Solution: For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1601704 - CVE-2018-5390 kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack) 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.2): Source: kernel-3.10.0-327.73.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.73.1.el7.noarch.rpm kernel-doc-3.10.0-327.73.1.el7.noarch.rpm x86_64: kernel-3.10.0-327.73.1.el7.x86_64.rpm kernel-debug-3.10.0-327.73.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.73.1.el7.x86_64.rpm kernel-devel-3.10.0-327.73.1.el7.x86_64.rpm kernel-headers-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.73.1.el7.x86_64.rpm perf-3.10.0-327.73.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm python-perf-3.10.0-327.73.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.2): Source: kernel-3.10.0-327.73.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.73.1.el7.noarch.rpm kernel-doc-3.10.0-327.73.1.el7.noarch.rpm ppc64le: kernel-3.10.0-327.73.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-327.73.1.el7.ppc64le.rpm kernel-debug-3.10.0-327.73.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.73.1.el7.ppc64le.rpm kernel-devel-3.10.0-327.73.1.el7.ppc64le.rpm kernel-headers-3.10.0-327.73.1.el7.ppc64le.rpm kernel-tools-3.10.0-327.73.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-327.73.1.el7.ppc64le.rpm perf-3.10.0-327.73.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm python-perf-3.10.0-327.73.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm x86_64: kernel-3.10.0-327.73.1.el7.x86_64.rpm kernel-debug-3.10.0-327.73.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.73.1.el7.x86_64.rpm kernel-devel-3.10.0-327.73.1.el7.x86_64.rpm kernel-headers-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.73.1.el7.x86_64.rpm perf-3.10.0-327.73.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm python-perf-3.10.0-327.73.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.2): Source: kernel-3.10.0-327.73.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.73.1.el7.noarch.rpm kernel-doc-3.10.0-327.73.1.el7.noarch.rpm x86_64: kernel-3.10.0-327.73.1.el7.x86_64.rpm kernel-debug-3.10.0-327.73.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.73.1.el7.x86_64.rpm kernel-devel-3.10.0-327.73.1.el7.x86_64.rpm kernel-headers-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.73.1.el7.x86_64.rpm perf-3.10.0-327.73.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm python-perf-3.10.0-327.73.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.2): x86_64: kernel-debug-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.73.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.2): ppc64le: kernel-debug-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-327.73.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-327.73.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-327.73.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-327.73.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.73.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.2): x86_64: kernel-debug-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.73.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.73.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-5390 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW6qcvtzjgjWX9erEAQiDsQ/7BETzPMxQja4EK5igMV57JOLK5GJ/MghC LSvARQ/99iCM8RzhcINPjvujtZ60ZtyRpAsgMJ5RQgFMVP5ZIWc3v5bK7aTE/W/R rJVuKYUenPZELmHBhWf9LHFVOOU2m/2gBVj0Cb2+0I3Q9AYCoCEpnZEHlY1rCLFD UBuGRd9eL+tUPvVOd+xkEe1Tl5iuiKoJuyAQR26OPGWshXSKBS5a/eaGZMlmUYGz g06soOA6Rc9tDfirES9KSvg8qIIYkBkmgMQdGp/KRin7UqGPZIK7A8RMxP6oRZvh tirsJG1iaDiBbiNHjb79umaLR4Z/zKhEJDlUQ36f3NxM3DE8tsdxY8vkOVi6kxVI 4UefoRbTtTO8Opd1NoRvvtqyqtWOyJjCPc+B7E8HUoEXjT0j5gIY5JaQp8EAS2DR LoYOOjg8gODwMlHZ9vDsF83SffHjHSicjJXdAOTgHq1i6OwjYT8uRfJYoUlVIM2b 7dcCp9aVYbcJiVcJM+ym7vpVQ/X/ehL11iXk8fM498Z6oAk2Cj2wz4twkQHpa63q 4pui+OgyLpha09NHgFqRYYubgrKKiXc3STQ1lv+55Y02IXiXkZVWWwcMy59onsgB 4DgxlZb+/M5cj61CVfGXmERU0f/jTIy8CCrIP2uyp5oFvfOmw6dM7LTu/i611Kkj brmSW7yutKI= =MH0b - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:2785-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2785 Issue date: 2018-09-25 CVE Names: CVE-2018-5390 CVE-2018-5391 CVE-2018-10675 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.3) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.3) - ppc64, ppc64le, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390 and CVE-2018-5391. Bug Fix(es): * On systems running Red Hat Enterprise Linux 7 with Red Hat OpenShift Container Platform 3.5, a node sometimes got into "NodeNotReady" state after a CPU softlockup. Consequently, the node was not available. This update fixes an irq latency source in memory compaction. As a result, nodes no longer get into "NodeNotReady" state under the described circumstances. (BZ#1596281) * Previously, the kernel source code was missing support to report the Speculative Store Bypass Disable (SSBD) vulnerability status on IBM Power Systems and the little-endian variants of IBM Power Systems. As a consequence, the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file incorrectly reported "Not affected" on both CPU architectures. This fix updates the kernel source code to properly report the SSBD status either as "Vulnerable" or "Mitigation: Kernel entry/exit barrier (TYPE)" where TYPE is one of "eieio", "hwsync", "fallback", or "unknown". (BZ#1612351) * The hypervisors of Red Hat Enterprise Linux 7 virtual machines (VMs) in certain circumstances mishandled the microcode update in the kernel. As a consequence, the VMs sometimes became unresponsive when booting. This update applies an upstream patch to avoid early microcode update when running under a hypervisor. As a result, kernel hangs no longer occur in the described scenario. (BZ#1618388) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1575065 - CVE-2018-10675 kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact 1601704 - CVE-2018-5390 kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack) 1609664 - CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.3): Source: kernel-3.10.0-514.58.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.58.1.el7.noarch.rpm kernel-doc-3.10.0-514.58.1.el7.noarch.rpm x86_64: kernel-3.10.0-514.58.1.el7.x86_64.rpm kernel-debug-3.10.0-514.58.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.58.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.58.1.el7.x86_64.rpm kernel-devel-3.10.0-514.58.1.el7.x86_64.rpm kernel-headers-3.10.0-514.58.1.el7.x86_64.rpm kernel-tools-3.10.0-514.58.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.58.1.el7.x86_64.rpm perf-3.10.0-514.58.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm python-perf-3.10.0-514.58.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3): x86_64: kernel-debug-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.58.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.58.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.3): Source: kernel-3.10.0-514.58.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.58.1.el7.noarch.rpm kernel-doc-3.10.0-514.58.1.el7.noarch.rpm ppc64: kernel-3.10.0-514.58.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-514.58.1.el7.ppc64.rpm kernel-debug-3.10.0-514.58.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-514.58.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-514.58.1.el7.ppc64.rpm kernel-devel-3.10.0-514.58.1.el7.ppc64.rpm kernel-headers-3.10.0-514.58.1.el7.ppc64.rpm kernel-tools-3.10.0-514.58.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-514.58.1.el7.ppc64.rpm perf-3.10.0-514.58.1.el7.ppc64.rpm perf-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm python-perf-3.10.0-514.58.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm ppc64le: kernel-3.10.0-514.58.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-514.58.1.el7.ppc64le.rpm kernel-debug-3.10.0-514.58.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-514.58.1.el7.ppc64le.rpm kernel-devel-3.10.0-514.58.1.el7.ppc64le.rpm kernel-headers-3.10.0-514.58.1.el7.ppc64le.rpm kernel-tools-3.10.0-514.58.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-514.58.1.el7.ppc64le.rpm perf-3.10.0-514.58.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm python-perf-3.10.0-514.58.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm s390x: kernel-3.10.0-514.58.1.el7.s390x.rpm kernel-debug-3.10.0-514.58.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-514.58.1.el7.s390x.rpm kernel-debug-devel-3.10.0-514.58.1.el7.s390x.rpm kernel-debuginfo-3.10.0-514.58.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-514.58.1.el7.s390x.rpm kernel-devel-3.10.0-514.58.1.el7.s390x.rpm kernel-headers-3.10.0-514.58.1.el7.s390x.rpm kernel-kdump-3.10.0-514.58.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-514.58.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-514.58.1.el7.s390x.rpm perf-3.10.0-514.58.1.el7.s390x.rpm perf-debuginfo-3.10.0-514.58.1.el7.s390x.rpm python-perf-3.10.0-514.58.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-514.58.1.el7.s390x.rpm x86_64: kernel-3.10.0-514.58.1.el7.x86_64.rpm kernel-debug-3.10.0-514.58.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.58.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.58.1.el7.x86_64.rpm kernel-devel-3.10.0-514.58.1.el7.x86_64.rpm kernel-headers-3.10.0-514.58.1.el7.x86_64.rpm kernel-tools-3.10.0-514.58.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.58.1.el7.x86_64.rpm perf-3.10.0-514.58.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm python-perf-3.10.0-514.58.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.3): ppc64: kernel-debug-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-514.58.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-514.58.1.el7.ppc64.rpm perf-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-514.58.1.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-514.58.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-514.58.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-514.58.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-514.58.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.58.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.58.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.58.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-5390 https://access.redhat.com/security/cve/CVE-2018-5391 https://access.redhat.com/security/cve/CVE-2018-10675 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW6qe7NzjgjWX9erEAQjNbQ/+IKrFgUV0KKr007GhsyzJeLCUqTrNBcio bsIWQDFE/sV/deohMIBHybvxBeiZkUe8D+d/IcNS/0a1+jSNWytdahR8AO5PdjF1 QxXXnteY7glupPg7oBJzNVtrfWmvo6M7jH2U+EQ0w5agSIBQ+WFChXH5hMwXxx8f nW7hs3ToSWJyrAo6VRQ9IX3goBskn6qIcbTsp4lMNhGa1gQPOFvoT0DyK7V32TWT KmNAK13XYd8nP402PUUyN72HksPwW5fJNG5bQIYUp07WGOgiKt0X8vAgzaSX9srd LBxMG+TP8IJjrNe3RUC/kD3BJ+n7BYp0hnYr1y2k09qHDrDP7K0qP63fRBPQ+xPs 3gQmmz9AICgF+xA95onoREUJp6rqydFb92OsebwRb2aZ4ho084M7GTsKe7cZn4zL oUXFafA7Tjir+K0oyOLsAF/ieIvzHt35IJKFECXZuAuomgsTTh92DLnMurszyNmi IzIZbenNNhPV6qGLD1gANzvaaRKZNhJVh1DAZgWaMqOf/xZYE2n1mO8XAj5/m97T Sz4RCOUVFMTgcFAQFWv29uLtV0c8gd6X9QNiYeDGqoADskwGpSdBKuNlnHFaOv86 gWhCLv9cY+N8IbrjtSSugY6zzBStigEQ+2BSrqh7YvVjkRhpIqHql0yJzCknPtIh un3AsdlsrV4= =O9gE - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:2776-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2776 Issue date: 2018-09-25 CVE Names: CVE-2018-5390 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.4) - ppc64, ppc64le, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting this issue. Bug Fix(es): * Previously, making the total buffer size bigger than the memory size for early allocation through the trace_buf_size boot option, made the system become unresponsive at the boot stage. This update introduces a change in the early memory allocation. As a result, the system no longer hangs in the above described scenario. (BZ#1588365) * When inserting objects with the same keys, made the rhlist implementation corrupt the chain pointers. As a consequence, elements were missing on removal and traversal. This patch updates the chain pointers correctly. As a result, there are no missing elements on removal and traversal in the above-described scenario. (BZ#1601008) * Previously, the kernel source code was missing support to report the Speculative Store Bypass Disable (SSBD) vulnerability status on IBM Power Systems and the little-endian variants of IBM Power Systems. As a consequence, the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file incorrectly reported "Not affected" on both CPU architectures. This fix updates the kernel source code to properly report the SSBD status either as "Vulnerable" or "Mitigation: Kernel entry/exit barrier (TYPE)" where TYPE is one of "eieio", "hwsync", "fallback", or "unknown". (BZ#1612352) * Previously, the early microcode updater in the kernel was trying to perform a microcode update on virtualized guests. As a consequence, the virtualized guests sometimes mishandled the request to perform the microcode update and became unresponsive in the early boot stage. This update applies an upstream patch to avoid the early microcode update when running under a hypervisor. As a result, no kernel freezes appear in the described scenario. (BZ#1618389) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1601704 - CVE-2018-5390 kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack) 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.4): Source: kernel-3.10.0-693.39.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.39.1.el7.noarch.rpm kernel-doc-3.10.0-693.39.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.39.1.el7.x86_64.rpm kernel-debug-3.10.0-693.39.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.39.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.39.1.el7.x86_64.rpm kernel-devel-3.10.0-693.39.1.el7.x86_64.rpm kernel-headers-3.10.0-693.39.1.el7.x86_64.rpm kernel-tools-3.10.0-693.39.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.39.1.el7.x86_64.rpm perf-3.10.0-693.39.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm python-perf-3.10.0-693.39.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.39.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.39.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.4): Source: kernel-3.10.0-693.39.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.39.1.el7.noarch.rpm kernel-doc-3.10.0-693.39.1.el7.noarch.rpm ppc64: kernel-3.10.0-693.39.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-693.39.1.el7.ppc64.rpm kernel-debug-3.10.0-693.39.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-693.39.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-693.39.1.el7.ppc64.rpm kernel-devel-3.10.0-693.39.1.el7.ppc64.rpm kernel-headers-3.10.0-693.39.1.el7.ppc64.rpm kernel-tools-3.10.0-693.39.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-693.39.1.el7.ppc64.rpm perf-3.10.0-693.39.1.el7.ppc64.rpm perf-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm python-perf-3.10.0-693.39.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm ppc64le: kernel-3.10.0-693.39.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-693.39.1.el7.ppc64le.rpm kernel-debug-3.10.0-693.39.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.39.1.el7.ppc64le.rpm kernel-devel-3.10.0-693.39.1.el7.ppc64le.rpm kernel-headers-3.10.0-693.39.1.el7.ppc64le.rpm kernel-tools-3.10.0-693.39.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-693.39.1.el7.ppc64le.rpm perf-3.10.0-693.39.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm python-perf-3.10.0-693.39.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm s390x: kernel-3.10.0-693.39.1.el7.s390x.rpm kernel-debug-3.10.0-693.39.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-693.39.1.el7.s390x.rpm kernel-debug-devel-3.10.0-693.39.1.el7.s390x.rpm kernel-debuginfo-3.10.0-693.39.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-693.39.1.el7.s390x.rpm kernel-devel-3.10.0-693.39.1.el7.s390x.rpm kernel-headers-3.10.0-693.39.1.el7.s390x.rpm kernel-kdump-3.10.0-693.39.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-693.39.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-693.39.1.el7.s390x.rpm perf-3.10.0-693.39.1.el7.s390x.rpm perf-debuginfo-3.10.0-693.39.1.el7.s390x.rpm python-perf-3.10.0-693.39.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-693.39.1.el7.s390x.rpm x86_64: kernel-3.10.0-693.39.1.el7.x86_64.rpm kernel-debug-3.10.0-693.39.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.39.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.39.1.el7.x86_64.rpm kernel-devel-3.10.0-693.39.1.el7.x86_64.rpm kernel-headers-3.10.0-693.39.1.el7.x86_64.rpm kernel-tools-3.10.0-693.39.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.39.1.el7.x86_64.rpm perf-3.10.0-693.39.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm python-perf-3.10.0-693.39.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.4): ppc64: kernel-debug-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-693.39.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-693.39.1.el7.ppc64.rpm perf-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-693.39.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.39.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-693.39.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.39.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.39.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-5390 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW6qe0NzjgjWX9erEAQifnQ//Yjt7BtzIu5kCLW7RctFFx62Ny8fJUuZ0 sLah6bMbzFmLPMvHLyrOY7W532MtFMuObhzumKzSlprP0eGYNmlz9XAxTrYD63bQ RRBHqyT0cjFYxRrtJx4S7oriE3x2jRmrcRFlmlN8Bl18XO+fieihrOH547AmXlrl eb/n0g//94pEfXiIbh9UWOqCw5jWTpk0R46Tl/i+ky4SrysGDDd1SzWP8+hnE+ps BSDZD6ubYM2T7qunnYZ0Ci7LbfMxFNtLedZvG9dO8Ywlqfif5RNNFXfXp7WvYRzb RBzcrSX+FdtY/XCn7ov3WkH32kadtx2Q7vvrA/eLdwYt+6BaGKMmU7yc+zOIsZpA 2uJUO7AYm3p9J4SW4hpxmuw3er4g+bSHGuXg8Nz6kWVyWrMzILAXQYDUDwI66rTy EZXbRaOJCFY3+vYSHKAcZRHnroSOsIq/EotegjqFN4fcSVMSNNlOeoRop7pr3kQq eWlpbaDcWiE7CA5camN4aO0doj25vIdIyT4E8B+QBP7AC5FcF94CpQkyb2htut5o 0usFXhzZSze2MxeECwIf74/1QrF+kcgcLbwBJw/k0COoJ0qLTnEOsAjMJNNR4+0N JrZ2SQAwYs/QbIGVJTGvyfVhNYnnr+EW5/nrBiZU6DokA3q6rEI/Tg4Q8OIx0wwX j4HjKybGYpU= =3Awj - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:2748-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2748 Issue date: 2018-09-25 CVE Names: CVE-2018-14634 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - noarch, ppc64le 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Integer overflow in Linux's create_elf_tables function (CVE-2018-14634) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Qualys Research Labs for reporting this issue. Bug Fix(es): These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3588731 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1624498 - CVE-2018-14634 kernel: Integer overflow in Linux's create_elf_tables function 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-862.14.4.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.14.4.el7.noarch.rpm kernel-doc-3.10.0-862.14.4.el7.noarch.rpm x86_64: kernel-3.10.0-862.14.4.el7.x86_64.rpm kernel-debug-3.10.0-862.14.4.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.14.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.14.4.el7.x86_64.rpm kernel-devel-3.10.0-862.14.4.el7.x86_64.rpm kernel-headers-3.10.0-862.14.4.el7.x86_64.rpm kernel-tools-3.10.0-862.14.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.14.4.el7.x86_64.rpm perf-3.10.0-862.14.4.el7.x86_64.rpm perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm python-perf-3.10.0-862.14.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.14.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.14.4.el7.x86_64.rpm perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-862.14.4.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.14.4.el7.noarch.rpm kernel-doc-3.10.0-862.14.4.el7.noarch.rpm x86_64: kernel-3.10.0-862.14.4.el7.x86_64.rpm kernel-debug-3.10.0-862.14.4.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.14.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.14.4.el7.x86_64.rpm kernel-devel-3.10.0-862.14.4.el7.x86_64.rpm kernel-headers-3.10.0-862.14.4.el7.x86_64.rpm kernel-tools-3.10.0-862.14.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.14.4.el7.x86_64.rpm perf-3.10.0-862.14.4.el7.x86_64.rpm perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm python-perf-3.10.0-862.14.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.14.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.14.4.el7.x86_64.rpm perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-862.14.4.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.14.4.el7.noarch.rpm kernel-doc-3.10.0-862.14.4.el7.noarch.rpm ppc64: kernel-3.10.0-862.14.4.el7.ppc64.rpm kernel-bootwrapper-3.10.0-862.14.4.el7.ppc64.rpm kernel-debug-3.10.0-862.14.4.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-862.14.4.el7.ppc64.rpm kernel-debug-devel-3.10.0-862.14.4.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.14.4.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.14.4.el7.ppc64.rpm kernel-devel-3.10.0-862.14.4.el7.ppc64.rpm kernel-headers-3.10.0-862.14.4.el7.ppc64.rpm kernel-tools-3.10.0-862.14.4.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.14.4.el7.ppc64.rpm kernel-tools-libs-3.10.0-862.14.4.el7.ppc64.rpm perf-3.10.0-862.14.4.el7.ppc64.rpm perf-debuginfo-3.10.0-862.14.4.el7.ppc64.rpm python-perf-3.10.0-862.14.4.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.14.4.el7.ppc64.rpm ppc64le: kernel-3.10.0-862.14.4.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.14.4.el7.ppc64le.rpm kernel-debug-3.10.0-862.14.4.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.14.4.el7.ppc64le.rpm kernel-devel-3.10.0-862.14.4.el7.ppc64le.rpm kernel-headers-3.10.0-862.14.4.el7.ppc64le.rpm kernel-tools-3.10.0-862.14.4.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.14.4.el7.ppc64le.rpm perf-3.10.0-862.14.4.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm python-perf-3.10.0-862.14.4.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm s390x: kernel-3.10.0-862.14.4.el7.s390x.rpm kernel-debug-3.10.0-862.14.4.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.14.4.el7.s390x.rpm kernel-debug-devel-3.10.0-862.14.4.el7.s390x.rpm kernel-debuginfo-3.10.0-862.14.4.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.14.4.el7.s390x.rpm kernel-devel-3.10.0-862.14.4.el7.s390x.rpm kernel-headers-3.10.0-862.14.4.el7.s390x.rpm kernel-kdump-3.10.0-862.14.4.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.14.4.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.14.4.el7.s390x.rpm perf-3.10.0-862.14.4.el7.s390x.rpm perf-debuginfo-3.10.0-862.14.4.el7.s390x.rpm python-perf-3.10.0-862.14.4.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.14.4.el7.s390x.rpm x86_64: kernel-3.10.0-862.14.4.el7.x86_64.rpm kernel-debug-3.10.0-862.14.4.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.14.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.14.4.el7.x86_64.rpm kernel-devel-3.10.0-862.14.4.el7.x86_64.rpm kernel-headers-3.10.0-862.14.4.el7.x86_64.rpm kernel-tools-3.10.0-862.14.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.14.4.el7.x86_64.rpm perf-3.10.0-862.14.4.el7.x86_64.rpm perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm python-perf-3.10.0-862.14.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): noarch: kernel-abi-whitelists-3.10.0-862.14.4.el7.noarch.rpm kernel-doc-3.10.0-862.14.4.el7.noarch.rpm ppc64le: kernel-3.10.0-862.14.4.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.14.4.el7.ppc64le.rpm kernel-debug-3.10.0-862.14.4.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.14.4.el7.ppc64le.rpm kernel-devel-3.10.0-862.14.4.el7.ppc64le.rpm kernel-headers-3.10.0-862.14.4.el7.ppc64le.rpm kernel-tools-3.10.0-862.14.4.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.14.4.el7.ppc64le.rpm perf-3.10.0-862.14.4.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm python-perf-3.10.0-862.14.4.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm s390x: kernel-3.10.0-862.14.4.el7.s390x.rpm kernel-debug-3.10.0-862.14.4.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.14.4.el7.s390x.rpm kernel-debug-devel-3.10.0-862.14.4.el7.s390x.rpm kernel-debuginfo-3.10.0-862.14.4.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.14.4.el7.s390x.rpm kernel-devel-3.10.0-862.14.4.el7.s390x.rpm kernel-headers-3.10.0-862.14.4.el7.s390x.rpm kernel-kdump-3.10.0-862.14.4.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.14.4.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.14.4.el7.s390x.rpm perf-3.10.0-862.14.4.el7.s390x.rpm perf-debuginfo-3.10.0-862.14.4.el7.s390x.rpm python-perf-3.10.0-862.14.4.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.14.4.el7.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-862.14.4.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.14.4.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.14.4.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.14.4.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-862.14.4.el7.ppc64.rpm perf-debuginfo-3.10.0-862.14.4.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.14.4.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.14.4.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.14.4.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.14.4.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.14.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.14.4.el7.x86_64.rpm perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): noarch: kernel-doc-3.10.0-862.14.4.el7.noarch.rpm ppc64le: kernel-debug-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.14.4.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.14.4.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.14.4.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.14.4.el7.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-862.14.4.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.14.4.el7.noarch.rpm kernel-doc-3.10.0-862.14.4.el7.noarch.rpm x86_64: kernel-3.10.0-862.14.4.el7.x86_64.rpm kernel-debug-3.10.0-862.14.4.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.14.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.14.4.el7.x86_64.rpm kernel-devel-3.10.0-862.14.4.el7.x86_64.rpm kernel-headers-3.10.0-862.14.4.el7.x86_64.rpm kernel-tools-3.10.0-862.14.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.14.4.el7.x86_64.rpm perf-3.10.0-862.14.4.el7.x86_64.rpm perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm python-perf-3.10.0-862.14.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.14.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.14.4.el7.x86_64.rpm perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.14.4.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-14634 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/3588731 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW6qIXtzjgjWX9erEAQgbaA/9GdDyLHgZWXBKyB7vepaVkwjNGl3misCc yNfyldFBi5Kqh4p5udl6gdEcaqsnV1rXnAyBKu/fyNZFwIyJaoO7zcYz577C5p8u eN/2HWXaIQDLwqwDB65Hm4UraHsr3QkazfbAwhb2de796dbw/qP+dP/UHAyV4Gfl wFEF1Ip0atvE8Ya/MmGhNPkr8ha9aOeGQwI6UgCxDlytM95KEJm+Bw9kCIa27mQm tcBgOUxUOrQ+0pQpRMSV7/vogmf8T+m1S7Bx8AEIYT/e73sdgIoNTeNlwC8h+wqu loxQOmDPVtQlYseWYqnzuxPI93kL/Rd0EbTbLUrWwAlTmOgTOdfJBxcSUu012PbV D8ZwivWtKVL5afIf405RuVLY/7G1GBus7hI5TCPl8q+lOYp75ic1gkh5ZBrGRW6E n9+7LZkUO3/G+6VR3GnUt6SNIlqGol1gl20XpNEMR8FPliOCZvEBP4lPp0eRGlhl t6cAf6Www/9SbecSkr2XmaJT7J/XcRWwKCm4YvKak26gU8rXy9PXqbl/Ql4c3uJi 9672uf7W3uRMitdbmxO24ykfZgMjgl1CmtCi5xbzWWW1UqbEBLyUDH4gl1pR4dP6 JCpWH8VcQ6k1Bc8NTYgOXEvUEBjrUtSAC4CoLTVAaAuHPZsZyDZoQXKlkqlsv2ke RfK83591mPM= =QKmj - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW6rjfmaOgq3Tt24GAQgi0BAAgyVYJLHCcOM/RsFH70bnpvgS/5su/2RM fizownOXswJZy7Pd+I+VDA0/A1RkWONpiWPV5fyODDW184NxZGUFJ8my6u12+4I8 JCKbJWU9AI8Zou9yT+SB8MYCNQ/annzorbjyS6LF6mdLxqgEvr1aLVy3sscFllht 9hkBW5VcniIE5jrPlXqtQY7lyF5umQCTwmXFaAVEad84Hfin00NffOMukUZXekI/ MxvhBiSpwgjaIDN4HhJKWggNCojopamAXXZYM9jKf88YU4DXavoHt8t0T6B8P4cS qOxvPtFt+ssa7fattx9AyA8eiiXq5Tj/KZ6AehL8elb6pegZgZbD6u6UtO3xnkUS sZxjOiYwpjNdx4WeXNOFNAFbYx2ifjDbfz4T7YdY85OTkYuzH7PimvYZGLjnIQ1t s265iUxRTsRE5MgFIEReF5/FZC/Ed4KdqaC4yAPtSwpj7KBOOD3WsflcbMjlQ2fV zR5V41vfZ+UXv2pDWxcsihFJ5hDFWmIhSkm8wQlOrtDghJLy0YSgOs091V0W5Lfb ryVVJx9vAIUx+cF22mwxglaXq4V2H1PqzmY5D/nfis1x3fWfFeCKO9zlFuHY4AP7 FbfpfYOBIPzzndrWSSWu/IcaqSmoLUKIjbsYAKt6ftjvOLqF7nhVcGGt7OkbOYuG sdPhKRdRiiw= =uPj+ -----END PGP SIGNATURE-----