CVE-2018-3639
CVSS4.9
发布时间 :2018-05-22 08:29:00
修订时间 :2018-07-12 21:29:02
NMPS    

[原文]Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS分值: 4.9 [中等(MEDIUM)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-200 [信息暴露]

- CPE (受影响的平台与产品)

cpe:/h:arm:cortex-a:15
cpe:/h:arm:cortex-a:57
cpe:/h:arm:cortex-a:72
cpe:/h:intel:atom_c:c2308
cpe:/h:intel:atom_c:c3308
cpe:/h:intel:atom_c:c3338
cpe:/h:intel:atom_c:c3508
cpe:/h:intel:atom_c:c3538
cpe:/h:intel:atom_c:c3558
cpe:/h:intel:atom_c:c3708
cpe:/h:intel:atom_c:c3750
cpe:/h:intel:atom_c:c3758
cpe:/h:intel:atom_c:c3808
cpe:/h:intel:atom_c:c3830
cpe:/h:intel:atom_c:c3850
cpe:/h:intel:atom_c:c3858
cpe:/h:intel:atom_c:c3950
cpe:/h:intel:atom_c:c3955
cpe:/h:intel:atom_c:c3958
cpe:/h:intel:atom_e:e3805
cpe:/h:intel:atom_e:e3815
cpe:/h:intel:atom_e:e3825
cpe:/h:intel:atom_e:e3826
cpe:/h:intel:atom_e:e3827
cpe:/h:intel:atom_e:e3845
cpe:/h:intel:atom_z:z2420
cpe:/h:intel:atom_z:z2460
cpe:/h:intel:atom_z:z2480
cpe:/h:intel:atom_z:z2520
cpe:/h:intel:atom_z:z2560
cpe:/h:intel:atom_z:z2580
cpe:/h:intel:atom_z:z2760
cpe:/h:intel:atom_z:z3460
cpe:/h:intel:atom_z:z3480
cpe:/h:intel:atom_z:z3530
cpe:/h:intel:atom_z:z3560
cpe:/h:intel:atom_z:z3570
cpe:/h:intel:atom_z:z3580
cpe:/h:intel:atom_z:z3590
cpe:/h:intel:atom_z:z3735d
cpe:/h:intel:atom_z:z3735e
cpe:/h:intel:atom_z:z3735f
cpe:/h:intel:atom_z:z3735g
cpe:/h:intel:atom_z:z3736f
cpe:/h:intel:atom_z:z3736g
cpe:/h:intel:atom_z:z3740
cpe:/h:intel:atom_z:z3740d
cpe:/h:intel:atom_z:z3745
cpe:/h:intel:atom_z:z3745d
cpe:/h:intel:atom_z:z3770
cpe:/h:intel:atom_z:z3770d
cpe:/h:intel:atom_z:z3775
cpe:/h:intel:atom_z:z3775d
cpe:/h:intel:atom_z:z3785
cpe:/h:intel:atom_z:z3795
cpe:/h:intel:celeron_j:j3455
cpe:/h:intel:celeron_j:j4005
cpe:/h:intel:celeron_j:j4105
cpe:/h:intel:celeron_n:n3450
cpe:/h:intel:core_i3:32nm
cpe:/h:intel:core_i3:45nm
cpe:/h:intel:core_i5:32nm
cpe:/h:intel:core_i5:45nm
cpe:/h:intel:core_i7:32nm
cpe:/h:intel:core_i7:45nm
cpe:/h:intel:core_m:32nm
cpe:/h:intel:core_m:45nm
cpe:/h:intel:pentium:n4000
cpe:/h:intel:pentium:n4100
cpe:/h:intel:pentium:n4200
cpe:/h:intel:pentium_j:j4205
cpe:/h:intel:pentium_silver:j5005
cpe:/h:intel:pentium_silver:n5000
cpe:/h:intel:xeon_e3:125c_
cpe:/h:intel:xeon_e3:1105c
cpe:/h:intel:xeon_e3:1105c_v2
cpe:/h:intel:xeon_e3:1125c_v2
cpe:/h:intel:xeon_e3:1220_
cpe:/h:intel:xeon_e3:1220_v2
cpe:/h:intel:xeon_e3:1220_v3
cpe:/h:intel:xeon_e3:1220_v5
cpe:/h:intel:xeon_e3:1220_v6
cpe:/h:intel:xeon_e3:1220l
cpe:/h:intel:xeon_e3:1220l_v2
cpe:/h:intel:xeon_e3:1220l_v3
cpe:/h:intel:xeon_e3:1225
cpe:/h:intel:xeon_e3:1225_v2
cpe:/h:intel:xeon_e3:1225_v3
cpe:/h:intel:xeon_e3:1225_v5
cpe:/h:intel:xeon_e3:1225_v6
cpe:/h:intel:xeon_e3:1226_v3
cpe:/h:intel:xeon_e3:1230
cpe:/h:intel:xeon_e3:1230_v2
cpe:/h:intel:xeon_e3:1230_v3
cpe:/h:intel:xeon_e3:1230_v5
cpe:/h:intel:xeon_e3:1230_v6
cpe:/h:intel:xeon_e3:1230l_v3
cpe:/h:intel:xeon_e3:1231_v3
cpe:/h:intel:xeon_e3:1235
cpe:/h:intel:xeon_e3:1235l_v5
cpe:/h:intel:xeon_e3:1240
cpe:/h:intel:xeon_e3:1240_v2
cpe:/h:intel:xeon_e3:1240_v3
cpe:/h:intel:xeon_e3:1240_v5
cpe:/h:intel:xeon_e3:1240_v6
cpe:/h:intel:xeon_e3:1240l_v3
cpe:/h:intel:xeon_e3:1240l_v5
cpe:/h:intel:xeon_e3:1241_v3
cpe:/h:intel:xeon_e3:1245
cpe:/h:intel:xeon_e3:1245_v2
cpe:/h:intel:xeon_e3:1245_v3
cpe:/h:intel:xeon_e3:1245_v5
cpe:/h:intel:xeon_e3:1245_v6
cpe:/h:intel:xeon_e3:1246_v3
cpe:/h:intel:xeon_e3:1258l_v4
cpe:/h:intel:xeon_e3:1260l
cpe:/h:intel:xeon_e3:1260l_v5
cpe:/h:intel:xeon_e3:1265l_v2
cpe:/h:intel:xeon_e3:1265l_v3
cpe:/h:intel:xeon_e3:1265l_v4
cpe:/h:intel:xeon_e3:1268l_v3
cpe:/h:intel:xeon_e3:1268l_v5
cpe:/h:intel:xeon_e3:1270
cpe:/h:intel:xeon_e3:1270_v2
cpe:/h:intel:xeon_e3:1270_v3
cpe:/h:intel:xeon_e3:1270_v5
cpe:/h:intel:xeon_e3:1270_v6
cpe:/h:intel:xeon_e3:1271_v3
cpe:/h:intel:xeon_e3:1275_
cpe:/h:intel:xeon_e3:1275_v2
cpe:/h:intel:xeon_e3:1275_v3
cpe:/h:intel:xeon_e3:1275_v5
cpe:/h:intel:xeon_e3:1275_v6
cpe:/h:intel:xeon_e3:1275l_v3
cpe:/h:intel:xeon_e3:1276_v3
cpe:/h:intel:xeon_e3:1278l_v4
cpe:/h:intel:xeon_e3:1280
cpe:/h:intel:xeon_e3:1280_v2
cpe:/h:intel:xeon_e3:1280_v3
cpe:/h:intel:xeon_e3:1280_v5
cpe:/h:intel:xeon_e3:1280_v6
cpe:/h:intel:xeon_e3:1281_v3
cpe:/h:intel:xeon_e3:1285_v3
cpe:/h:intel:xeon_e3:1285_v4
cpe:/h:intel:xeon_e3:1285_v6
cpe:/h:intel:xeon_e3:1285l_v3
cpe:/h:intel:xeon_e3:1285l_v4
cpe:/h:intel:xeon_e3:1286_v3
cpe:/h:intel:xeon_e3:1286l_v3
cpe:/h:intel:xeon_e3:1290
cpe:/h:intel:xeon_e3:1290_v2
cpe:/h:intel:xeon_e3:1501l_v6
cpe:/h:intel:xeon_e3:1501m_v6
cpe:/h:intel:xeon_e3:1505l_v5
cpe:/h:intel:xeon_e3:1505l_v6
cpe:/h:intel:xeon_e3:1505m_v5
cpe:/h:intel:xeon_e3:1505m_v6
cpe:/h:intel:xeon_e3:1515m_v5
cpe:/h:intel:xeon_e3:1535m_v5
cpe:/h:intel:xeon_e3:1535m_v6
cpe:/h:intel:xeon_e3:1545m_v5
cpe:/h:intel:xeon_e3:1558l_v5
cpe:/h:intel:xeon_e3:1565l_v5
cpe:/h:intel:xeon_e3:1575m_v5
cpe:/h:intel:xeon_e3:1578l_v5
cpe:/h:intel:xeon_e3:1585_v5
cpe:/h:intel:xeon_e3:1585l_v5
cpe:/h:intel:xeon_e3:3600
cpe:/h:intel:xeon_e3:5600
cpe:/h:intel:xeon_e3:7500
cpe:/h:intel:xeon_e3:e5502
cpe:/h:intel:xeon_e3:e5503
cpe:/h:intel:xeon_e3:e5504
cpe:/h:intel:xeon_e3:e5506
cpe:/h:intel:xeon_e3:e5507
cpe:/h:intel:xeon_e3:e5520
cpe:/h:intel:xeon_e3:e5530
cpe:/h:intel:xeon_e3:e5540
cpe:/h:intel:xeon_e3:e6510
cpe:/h:intel:xeon_e3:e6540
cpe:/h:intel:xeon_e3:e6550
cpe:/h:intel:xeon_e3:l3403
cpe:/h:intel:xeon_e3:l3406
cpe:/h:intel:xeon_e3:l3426
cpe:/h:intel:xeon_e3:l5506
cpe:/h:intel:xeon_e3:l5508_
cpe:/h:intel:xeon_e3:l5518_
cpe:/h:intel:xeon_e3:l5520
cpe:/h:intel:xeon_e3:l5530
cpe:/h:intel:xeon_e3:w5580
cpe:/h:intel:xeon_e3:w5590
cpe:/h:intel:xeon_e3:x3430
cpe:/h:intel:xeon_e3:x3440
cpe:/h:intel:xeon_e3:x3450
cpe:/h:intel:xeon_e3:x3460
cpe:/h:intel:xeon_e3:x3470
cpe:/h:intel:xeon_e3:x3480
cpe:/h:intel:xeon_e3:x5550
cpe:/h:intel:xeon_e3:x5560
cpe:/h:intel:xeon_e3:x5570
cpe:/h:intel:xeon_e5:1428l
cpe:/h:intel:xeon_e5:1428l_v2
cpe:/h:intel:xeon_e5:1428l_v3
cpe:/h:intel:xeon_e5:1620
cpe:/h:intel:xeon_e5:1620_v2
cpe:/h:intel:xeon_e5:1620_v3
cpe:/h:intel:xeon_e5:1620_v4
cpe:/h:intel:xeon_e5:1630_v3
cpe:/h:intel:xeon_e5:1630_v4
cpe:/h:intel:xeon_e5:1650
cpe:/h:intel:xeon_e5:1650_v2
cpe:/h:intel:xeon_e5:1650_v3
cpe:/h:intel:xeon_e5:1650_v4
cpe:/h:intel:xeon_e5:1660
cpe:/h:intel:xeon_e5:1660_v2
cpe:/h:intel:xeon_e5:1660_v3
cpe:/h:intel:xeon_e5:1660_v4
cpe:/h:intel:xeon_e5:1680_v3
cpe:/h:intel:xeon_e5:1680_v4
cpe:/h:intel:xeon_e5:2403
cpe:/h:intel:xeon_e5:2403_v2
cpe:/h:intel:xeon_e5:2407
cpe:/h:intel:xeon_e5:2407_v2
cpe:/h:intel:xeon_e5:2408l_v3
cpe:/h:intel:xeon_e5:2418l
cpe:/h:intel:xeon_e5:2418l_v2
cpe:/h:intel:xeon_e5:2418l_v3
cpe:/h:intel:xeon_e5:2420
cpe:/h:intel:xeon_e5:2420_v2
cpe:/h:intel:xeon_e5:2428l
cpe:/h:intel:xeon_e5:2428l_v2
cpe:/h:intel:xeon_e5:2428l_v3
cpe:/h:intel:xeon_e5:2430
cpe:/h:intel:xeon_e5:2430_v2
cpe:/h:intel:xeon_e5:2430l
cpe:/h:intel:xeon_e5:2430l_v2
cpe:/h:intel:xeon_e5:2438l_v3
cpe:/h:intel:xeon_e5:2440
cpe:/h:intel:xeon_e5:2440_v2
cpe:/h:intel:xeon_e5:2448l
cpe:/h:intel:xeon_e5:2448l_v2
cpe:/h:intel:xeon_e5:2450
cpe:/h:intel:xeon_e5:2450_v2
cpe:/h:intel:xeon_e5:2450l
cpe:/h:intel:xeon_e5:2450l_v2
cpe:/h:intel:xeon_e5:2470
cpe:/h:intel:xeon_e5:2470_v2
cpe:/h:intel:xeon_e5:2603
cpe:/h:intel:xeon_e5:2603_v2
cpe:/h:intel:xeon_e5:2603_v3
cpe:/h:intel:xeon_e5:2603_v4
cpe:/h:intel:xeon_e5:2608l_v3
cpe:/h:intel:xeon_e5:2608l_v4
cpe:/h:intel:xeon_e5:2609
cpe:/h:intel:xeon_e5:2609_v2
cpe:/h:intel:xeon_e5:2609_v3
cpe:/h:intel:xeon_e5:2609_v4
cpe:/h:intel:xeon_e5:2618l_v2
cpe:/h:intel:xeon_e5:2618l_v3
cpe:/h:intel:xeon_e5:2618l_v4
cpe:/h:intel:xeon_e5:2620
cpe:/h:intel:xeon_e5:2620_v2
cpe:/h:intel:xeon_e5:2620_v3
cpe:/h:intel:xeon_e5:2620_v4
cpe:/h:intel:xeon_e5:2623_v3
cpe:/h:intel:xeon_e5:2623_v4
cpe:/h:intel:xeon_e5:2628l_v2
cpe:/h:intel:xeon_e5:2628l_v3
cpe:/h:intel:xeon_e5:2628l_v4
cpe:/h:intel:xeon_e5:2630
cpe:/h:intel:xeon_e5:2630_v2
cpe:/h:intel:xeon_e5:2630_v3
cpe:/h:intel:xeon_e5:2630_v4
cpe:/h:intel:xeon_e5:2630l
cpe:/h:intel:xeon_e5:2630l_v2
cpe:/h:intel:xeon_e5:2630l_v3
cpe:/h:intel:xeon_e5:2630l_v4
cpe:/h:intel:xeon_e5:2637
cpe:/h:intel:xeon_e5:2637_v2
cpe:/h:intel:xeon_e5:2637_v3
cpe:/h:intel:xeon_e5:2637_v4
cpe:/h:intel:xeon_e5:2640
cpe:/h:intel:xeon_e5:2640_v2
cpe:/h:intel:xeon_e5:2640_v3
cpe:/h:intel:xeon_e5:2640_v4
cpe:/h:intel:xeon_e5:2643
cpe:/h:intel:xeon_e5:2643_v2
cpe:/h:intel:xeon_e5:2643_v3
cpe:/h:intel:xeon_e5:2643_v4
cpe:/h:intel:xeon_e5:2648l
cpe:/h:intel:xeon_e5:2648l_v2
cpe:/h:intel:xeon_e5:2648l_v3
cpe:/h:intel:xeon_e5:2648l_v4
cpe:/h:intel:xeon_e5:2650
cpe:/h:intel:xeon_e5:2650_v2
cpe:/h:intel:xeon_e5:2650_v3
cpe:/h:intel:xeon_e5:2650_v4
cpe:/h:intel:xeon_e5:2650l
cpe:/h:intel:xeon_e5:2650l_v2
cpe:/h:intel:xeon_e5:2650l_v3
cpe:/h:intel:xeon_e5:2650l_v4
cpe:/h:intel:xeon_e5:2658
cpe:/h:intel:xeon_e5:2658_v2
cpe:/h:intel:xeon_e5:2658_v3
cpe:/h:intel:xeon_e5:2658_v4
cpe:/h:intel:xeon_e5:2658a_v3
cpe:/h:intel:xeon_e5:2660
cpe:/h:intel:xeon_e5:2660_v2
cpe:/h:intel:xeon_e5:2660_v3
cpe:/h:intel:xeon_e5:2660_v4
cpe:/h:intel:xeon_e5:2665
cpe:/h:intel:xeon_e5:2667
cpe:/h:intel:xeon_e5:2667_v2
cpe:/h:intel:xeon_e5:2667_v3
cpe:/h:intel:xeon_e5:2667_v4
cpe:/h:intel:xeon_e5:2670
cpe:/h:intel:xeon_e5:2670_v2
cpe:/h:intel:xeon_e5:2670_v3
cpe:/h:intel:xeon_e5:2680
cpe:/h:intel:xeon_e5:2680_v2
cpe:/h:intel:xeon_e5:2680_v3
cpe:/h:intel:xeon_e5:2680_v4
cpe:/h:intel:xeon_e5:2683_v3
cpe:/h:intel:xeon_e5:2683_v4
cpe:/h:intel:xeon_e5:2687w
cpe:/h:intel:xeon_e5:2687w_v2
cpe:/h:intel:xeon_e5:2687w_v3
cpe:/h:intel:xeon_e5:2687w_v4
cpe:/h:intel:xeon_e5:2690
cpe:/h:intel:xeon_e5:2690_v2
cpe:/h:intel:xeon_e5:2690_v3
cpe:/h:intel:xeon_e5:2690_v4
cpe:/h:intel:xeon_e5:2695_v2
cpe:/h:intel:xeon_e5:2695_v3
cpe:/h:intel:xeon_e5:2695_v4
cpe:/h:intel:xeon_e5:2697_v2
cpe:/h:intel:xeon_e5:2697_v3
cpe:/h:intel:xeon_e5:2697_v4
cpe:/h:intel:xeon_e5:2697a_v4
cpe:/h:intel:xeon_e5:2698_v3
cpe:/h:intel:xeon_e5:2698_v4
cpe:/h:intel:xeon_e5:2699_v3
cpe:/h:intel:xeon_e5:2699_v4
cpe:/h:intel:xeon_e5:2699a_v4
cpe:/h:intel:xeon_e5:2699r_v4
cpe:/h:intel:xeon_e5:4603
cpe:/h:intel:xeon_e5:4603_v2
cpe:/h:intel:xeon_e5:4607
cpe:/h:intel:xeon_e5:4607_v2
cpe:/h:intel:xeon_e5:4610
cpe:/h:intel:xeon_e5:4610_v2
cpe:/h:intel:xeon_e5:4610_v3
cpe:/h:intel:xeon_e5:4610_v4
cpe:/h:intel:xeon_e5:4617
cpe:/h:intel:xeon_e5:4620
cpe:/h:intel:xeon_e5:4620_v2
cpe:/h:intel:xeon_e5:4620_v3
cpe:/h:intel:xeon_e5:4620_v4
cpe:/h:intel:xeon_e5:4624l_v2
cpe:/h:intel:xeon_e5:4627_v2
cpe:/h:intel:xeon_e5:4627_v3
cpe:/h:intel:xeon_e5:4627_v4
cpe:/h:intel:xeon_e5:4628l_v4
cpe:/h:intel:xeon_e5:4640
cpe:/h:intel:xeon_e5:4640_v2
cpe:/h:intel:xeon_e5:4640_v3
cpe:/h:intel:xeon_e5:4640_v4
cpe:/h:intel:xeon_e5:4648_v3
cpe:/h:intel:xeon_e5:4650
cpe:/h:intel:xeon_e5:4650_v2
cpe:/h:intel:xeon_e5:4650_v3
cpe:/h:intel:xeon_e5:4650_v4
cpe:/h:intel:xeon_e5:4650l
cpe:/h:intel:xeon_e5:4655_v3
cpe:/h:intel:xeon_e5:4655_v4
cpe:/h:intel:xeon_e5:4657l_v2
cpe:/h:intel:xeon_e5:4660_v3
cpe:/h:intel:xeon_e5:4660_v4
cpe:/h:intel:xeon_e5:4667_v3
cpe:/h:intel:xeon_e5:4667_v4
cpe:/h:intel:xeon_e5:4669_v3
cpe:/h:intel:xeon_e5:4669_v4
cpe:/h:intel:xeon_e7:2803
cpe:/h:intel:xeon_e7:2820
cpe:/h:intel:xeon_e7:2830
cpe:/h:intel:xeon_e7:2850
cpe:/h:intel:xeon_e7:2850_v2
cpe:/h:intel:xeon_e7:2860
cpe:/h:intel:xeon_e7:2870
cpe:/h:intel:xeon_e7:2870_v2
cpe:/h:intel:xeon_e7:2880_v2
cpe:/h:intel:xeon_e7:2890_v2
cpe:/h:intel:xeon_e7:4807
cpe:/h:intel:xeon_e7:4809_v2
cpe:/h:intel:xeon_e7:4809_v3
cpe:/h:intel:xeon_e7:4809_v4
cpe:/h:intel:xeon_e7:4820
cpe:/h:intel:xeon_e7:4820_v2
cpe:/h:intel:xeon_e7:4820_v3
cpe:/h:intel:xeon_e7:4820_v4
cpe:/h:intel:xeon_e7:4830
cpe:/h:intel:xeon_e7:4830_v2
cpe:/h:intel:xeon_e7:4830_v3
cpe:/h:intel:xeon_e7:4830_v4
cpe:/h:intel:xeon_e7:4850
cpe:/h:intel:xeon_e7:4850_v2
cpe:/h:intel:xeon_e7:4850_v3
cpe:/h:intel:xeon_e7:4850_v4
cpe:/h:intel:xeon_e7:4860
cpe:/h:intel:xeon_e7:4860_v2
cpe:/h:intel:xeon_e7:4870
cpe:/h:intel:xeon_e7:4870_v2
cpe:/h:intel:xeon_e7:4880_v2
cpe:/h:intel:xeon_e7:4890_v2
cpe:/h:intel:xeon_e7:8830
cpe:/h:intel:xeon_e7:8837
cpe:/h:intel:xeon_e7:8850
cpe:/h:intel:xeon_e7:8850_v2
cpe:/h:intel:xeon_e7:8857_v2
cpe:/h:intel:xeon_e7:8860
cpe:/h:intel:xeon_e7:8860_v3
cpe:/h:intel:xeon_e7:8860_v4
cpe:/h:intel:xeon_e7:8867_v3
cpe:/h:intel:xeon_e7:8867_v4
cpe:/h:intel:xeon_e7:8867l
cpe:/h:intel:xeon_e7:8870
cpe:/h:intel:xeon_e7:8870_v2
cpe:/h:intel:xeon_e7:8870_v3
cpe:/h:intel:xeon_e7:8870_v4
cpe:/h:intel:xeon_e7:8880_v2
cpe:/h:intel:xeon_e7:8880_v3
cpe:/h:intel:xeon_e7:8880_v4
cpe:/h:intel:xeon_e7:8880l_v2
cpe:/h:intel:xeon_e7:8880l_v3
cpe:/h:intel:xeon_e7:8890_v2
cpe:/h:intel:xeon_e7:8890_v3
cpe:/h:intel:xeon_e7:8890_v4
cpe:/h:intel:xeon_e7:8891_v2
cpe:/h:intel:xeon_e7:8891_v3
cpe:/h:intel:xeon_e7:8891_v4
cpe:/h:intel:xeon_e7:8893_v2
cpe:/h:intel:xeon_e7:8893_v3
cpe:/h:intel:xeon_e7:8893_v4
cpe:/h:intel:xeon_e7:8894_v4
cpe:/h:intel:xeon_gold:5115
cpe:/h:intel:xeon_gold:85115
cpe:/h:intel:xeon_gold:85118
cpe:/h:intel:xeon_gold:85119t
cpe:/h:intel:xeon_gold:85120
cpe:/h:intel:xeon_gold:85120t
cpe:/h:intel:xeon_gold:85122
cpe:/h:intel:xeon_gold:86126
cpe:/h:intel:xeon_gold:86126f
cpe:/h:intel:xeon_gold:86126t
cpe:/h:intel:xeon_gold:86128
cpe:/h:intel:xeon_gold:86130
cpe:/h:intel:xeon_gold:86130f
cpe:/h:intel:xeon_gold:86130t
cpe:/h:intel:xeon_gold:86132
cpe:/h:intel:xeon_gold:86134
cpe:/h:intel:xeon_gold:86134m
cpe:/h:intel:xeon_gold:86136
cpe:/h:intel:xeon_gold:86138
cpe:/h:intel:xeon_gold:86138f
cpe:/h:intel:xeon_gold:86138t
cpe:/h:intel:xeon_gold:86140
cpe:/h:intel:xeon_gold:86140m
cpe:/h:intel:xeon_gold:86142
cpe:/h:intel:xeon_gold:86142f
cpe:/h:intel:xeon_gold:86142m
cpe:/h:intel:xeon_gold:86144
cpe:/h:intel:xeon_gold:86146
cpe:/h:intel:xeon_gold:86148
cpe:/h:intel:xeon_gold:86148f
cpe:/h:intel:xeon_gold:86150
cpe:/h:intel:xeon_gold:86152
cpe:/h:intel:xeon_gold:86154
cpe:/h:intel:xeon_platinum:8153
cpe:/h:intel:xeon_platinum:8156
cpe:/h:intel:xeon_platinum:8158
cpe:/h:intel:xeon_platinum:8160
cpe:/h:intel:xeon_platinum:8160f
cpe:/h:intel:xeon_platinum:8160m
cpe:/h:intel:xeon_platinum:8160t
cpe:/h:intel:xeon_platinum:8164
cpe:/h:intel:xeon_platinum:8168
cpe:/h:intel:xeon_platinum:8170
cpe:/h:intel:xeon_platinum:8170m
cpe:/h:intel:xeon_platinum:8176
cpe:/h:intel:xeon_platinum:8176f
cpe:/h:intel:xeon_platinum:8176m
cpe:/h:intel:xeon_platinum:8180
cpe:/h:intel:xeon_silver:4108
cpe:/h:intel:xeon_silver:4109t
cpe:/h:intel:xeon_silver:4110
cpe:/h:intel:xeon_silver:4112
cpe:/h:intel:xeon_silver:4114
cpe:/h:intel:xeon_silver:4114t
cpe:/h:intel:xeon_silver:4116
cpe:/h:intel:xeon_silver:4116t

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3639
(官方数据源) NVD

- 其它链接及资源

http://support.lenovo.com/us/en/solutions/LEN-22133
(VENDOR_ADVISORY)  CONFIRM  http://support.lenovo.com/us/en/solutions/LEN-22133
http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html
(VENDOR_ADVISORY)  CONFIRM  http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html
http://www.securityfocus.com/bid/104232
(VENDOR_ADVISORY)  BID  104232
http://www.securitytracker.com/id/1040949
(VENDOR_ADVISORY)  SECTRACK  1040949
http://xenbits.xen.org/xsa/advisory-263.html
(VENDOR_ADVISORY)  CONFIRM  http://xenbits.xen.org/xsa/advisory-263.html
https://access.redhat.com/errata/RHSA-2018:1629
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1629
https://access.redhat.com/errata/RHSA-2018:1630
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1630
https://access.redhat.com/errata/RHSA-2018:1632
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1632
https://access.redhat.com/errata/RHSA-2018:1633
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1633
https://access.redhat.com/errata/RHSA-2018:1635
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1635
https://access.redhat.com/errata/RHSA-2018:1636
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1636
https://access.redhat.com/errata/RHSA-2018:1637
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1637
https://access.redhat.com/errata/RHSA-2018:1638
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1638
https://access.redhat.com/errata/RHSA-2018:1639
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1639
https://access.redhat.com/errata/RHSA-2018:1640
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1640
https://access.redhat.com/errata/RHSA-2018:1641
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1641
https://access.redhat.com/errata/RHSA-2018:1642
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1642
https://access.redhat.com/errata/RHSA-2018:1643
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1643
https://access.redhat.com/errata/RHSA-2018:1644
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1644
https://access.redhat.com/errata/RHSA-2018:1645
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1645
https://access.redhat.com/errata/RHSA-2018:1646
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1646
https://access.redhat.com/errata/RHSA-2018:1647
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1647
https://access.redhat.com/errata/RHSA-2018:1648
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1648
https://access.redhat.com/errata/RHSA-2018:1649
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1649
https://access.redhat.com/errata/RHSA-2018:1650
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1650
https://access.redhat.com/errata/RHSA-2018:1651
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1651
https://access.redhat.com/errata/RHSA-2018:1652
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1652
https://access.redhat.com/errata/RHSA-2018:1653
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1653
https://access.redhat.com/errata/RHSA-2018:1654
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1654
https://access.redhat.com/errata/RHSA-2018:1655
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1655
https://access.redhat.com/errata/RHSA-2018:1656
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1656
https://access.redhat.com/errata/RHSA-2018:1657
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1657
https://access.redhat.com/errata/RHSA-2018:1658
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1658
https://access.redhat.com/errata/RHSA-2018:1659
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1659
https://access.redhat.com/errata/RHSA-2018:1660
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1660
https://access.redhat.com/errata/RHSA-2018:1661
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1661
https://access.redhat.com/errata/RHSA-2018:1662
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1662
https://access.redhat.com/errata/RHSA-2018:1663
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1663
https://access.redhat.com/errata/RHSA-2018:1664
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1664
https://access.redhat.com/errata/RHSA-2018:1665
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1665
https://access.redhat.com/errata/RHSA-2018:1666
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1666
https://access.redhat.com/errata/RHSA-2018:1667
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1667
https://access.redhat.com/errata/RHSA-2018:1668
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1668
https://access.redhat.com/errata/RHSA-2018:1669
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1669
https://access.redhat.com/errata/RHSA-2018:1674
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1674
https://access.redhat.com/errata/RHSA-2018:1675
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1675
https://access.redhat.com/errata/RHSA-2018:1676
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1676
https://access.redhat.com/errata/RHSA-2018:1686
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1686
https://access.redhat.com/errata/RHSA-2018:1688
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1688
https://access.redhat.com/errata/RHSA-2018:1689
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1689
https://access.redhat.com/errata/RHSA-2018:1690
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1690
https://access.redhat.com/errata/RHSA-2018:1696
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1696
https://access.redhat.com/errata/RHSA-2018:1710
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1710
https://access.redhat.com/errata/RHSA-2018:1711
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1711
https://access.redhat.com/errata/RHSA-2018:1737
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1737
https://access.redhat.com/errata/RHSA-2018:1738
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1738
https://access.redhat.com/errata/RHSA-2018:1826
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1826
https://access.redhat.com/errata/RHSA-2018:1854
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1854
https://access.redhat.com/errata/RHSA-2018:1965
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1965
https://access.redhat.com/errata/RHSA-2018:1967
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1967
https://access.redhat.com/errata/RHSA-2018:1997
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:1997
https://access.redhat.com/errata/RHSA-2018:2001
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:2001
https://access.redhat.com/errata/RHSA-2018:2003
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:2003
https://access.redhat.com/errata/RHSA-2018:2006
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:2006
https://access.redhat.com/errata/RHSA-2018:2060
(VENDOR_ADVISORY)  REDHAT  RHSA-2018:2060
https://access.redhat.com/errata/RHSA-2018:2161
(UNKNOWN)  REDHAT  RHSA-2018:2161
https://access.redhat.com/errata/RHSA-2018:2162
(UNKNOWN)  REDHAT  RHSA-2018:2162
https://access.redhat.com/errata/RHSA-2018:2164
(UNKNOWN)  REDHAT  RHSA-2018:2164
https://access.redhat.com/errata/RHSA-2018:2171
(UNKNOWN)  REDHAT  RHSA-2018:2171
https://access.redhat.com/errata/RHSA-2018:2172
(UNKNOWN)  REDHAT  RHSA-2018:2172
https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
(VENDOR_ADVISORY)  MISC  https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
(VENDOR_ADVISORY)  CONFIRM  https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
(VENDOR_ADVISORY)  CONFIRM  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
https://security.netapp.com/advisory/ntap-20180521-0001/
(VENDOR_ADVISORY)  CONFIRM  https://security.netapp.com/advisory/ntap-20180521-0001/
https://support.citrix.com/article/CTX235225
(VENDOR_ADVISORY)  CONFIRM  https://support.citrix.com/article/CTX235225
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us
(VENDOR_ADVISORY)  CONFIRM  https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel
(VENDOR_ADVISORY)  CISCO  20180522 CPU Side-Channel Information Disclosure Vulnerabilities: May 2018
https://usn.ubuntu.com/3651-1/
(VENDOR_ADVISORY)  UBUNTU  USN-3651-1
https://usn.ubuntu.com/3652-1/
(VENDOR_ADVISORY)  UBUNTU  USN-3652-1
https://usn.ubuntu.com/3653-1/
(VENDOR_ADVISORY)  UBUNTU  USN-3653-1
https://usn.ubuntu.com/3653-2/
(VENDOR_ADVISORY)  UBUNTU  USN-3653-2
https://usn.ubuntu.com/3654-1/
(VENDOR_ADVISORY)  UBUNTU  USN-3654-1
https://usn.ubuntu.com/3654-2/
(VENDOR_ADVISORY)  UBUNTU  USN-3654-2
https://usn.ubuntu.com/3655-1/
(VENDOR_ADVISORY)  UBUNTU  USN-3655-1
https://usn.ubuntu.com/3655-2/
(VENDOR_ADVISORY)  UBUNTU  USN-3655-2
https://usn.ubuntu.com/3679-1/
(VENDOR_ADVISORY)  UBUNTU  USN-3679-1
https://usn.ubuntu.com/3680-1/
(VENDOR_ADVISORY)  UBUNTU  USN-3680-1
https://www.debian.org/security/2018/dsa-4210
(VENDOR_ADVISORY)  DEBIAN  DSA-4210
https://www.exploit-db.com/exploits/44695/
(VENDOR_ADVISORY)  EXPLOIT-DB  44695
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
(VENDOR_ADVISORY)  CONFIRM  https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
https://www.kb.cert.org/vuls/id/180049
(VENDOR_ADVISORY)  CERT-VN  VU#180049
https://www.synology.com/support/security/Synology_SA_18_23
(VENDOR_ADVISORY)  CONFIRM  https://www.synology.com/support/security/Synology_SA_18_23
https://www.us-cert.gov/ncas/alerts/TA18-141A
(VENDOR_ADVISORY)  CERT  TA18-141A

- 漏洞信息 (F147719)

Red Hat Security Advisory 2018-1630-01 (PacketStormID:F147719)
2018-05-22 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1630-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security update
Advisory ID:       RHSA-2018:1630-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1630
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Realtime (v. 7) - noarch, x86_64
Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This issue is present in hardware and cannot be fully fixed via
software update. The updated kernel packages provide software side of the
mitigation for this hardware issue. To be fully functional, up-to-date CPU
microcode applied on the system is required. Please refer to References
section for further information about this issue, CPU microcode
requirements and the potential performance impact.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux for Real Time for NFV (v. 7):

Source:
kernel-rt-3.10.0-862.3.2.rt56.808.el7.src.rpm

noarch:
kernel-rt-doc-3.10.0-862.3.2.rt56.808.el7.noarch.rpm

x86_64:
kernel-rt-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm
kernel-rt-debug-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm
kernel-rt-debug-kvm-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm
kernel-rt-devel-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm
kernel-rt-kvm-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm
kernel-rt-kvm-debuginfo-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm
kernel-rt-trace-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm
kernel-rt-trace-kvm-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm
kernel-rt-trace-kvm-debuginfo-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm

Red Hat Enterprise Linux Realtime (v. 7):

Source:
kernel-rt-3.10.0-862.3.2.rt56.808.el7.src.rpm

noarch:
kernel-rt-doc-3.10.0-862.3.2.rt56.808.el7.noarch.rpm

x86_64:
kernel-rt-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm
kernel-rt-debug-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm
kernel-rt-devel-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm
kernel-rt-trace-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-862.3.2.rt56.808.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwNQpdzjgjWX9erEAQh8wg//ZtM5ecoQndYd07zTPqohhoq294LBZFmO
xwfUy88PCNOzsx8b4HEXzYHoHuS8q0dV/mWHH4lzqncbWRB2e0nhrUVl076Rj8Ek
xp4kJtoef44dn+I7yJRShqrFqcUsXgDn5ttBxgo2/Wi44BuEQYSU8kAkMVt+R+HL
e1a9Wo2BspKgLGnDT0JtcByBAhTUJviyLoDQresi6mzxQiLy2vCKd0RsVVeek+8c
yqOO4thJ3y2gt4MiR8j4RlwK85+g6WlzexqPxXrGxPSKIGIxQI0BkzCPXuVDrBpe
dohrRyurGnMk6OgmEyhYIz7GA+kc73IVzJrNTvj11eaKj4I/n4YcZ08+JFQk9Ykm
RiNFOSSOkAP5EXfUfmCvekSPHSI/StTQUhmBir5ZuGqwJuDdtRM2hbTsyZ9f08LV
Tm2UQKDm1whFI4MK+n/dSWlbiebP2ftcKZriai15xKu5HuYJlNpriEZqZ5Tf6K7+
mgfYB/FVrenJAVRZWzdmgmpxVj5r323m/w9WseUOvwr+UVAFuw+UKNuR3MVU4GRc
quhGOTDSVFxq/Jfg25oVr5CvIDRMSC4JdS8InjTZQv4+5Z0WRBlEtHnxBUXq9vC5
xqu8hyVBs2yprdTlgXkbdFUR891QS94xHAw0kd78b50v4wEYaHR/sZpDt/WfbWO8
h+7XHLir6wI=
=Dtnd
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147722)

Ubuntu Security Notice USN-3653-1 (PacketStormID:F147722)
2018-05-21 00:00:00
Ubuntu  security.ubuntu.com
advisory,kernel,local
linux,ubuntu
CVE-2017-17449,CVE-2017-17975,CVE-2017-18203,CVE-2017-18208,CVE-2018-3639,CVE-2018-8822
[点击下载]

Ubuntu Security Notice 3653-1 - Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3653-1
May 22, 2018

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10

Summary:

Several security issues were addressed in the Linux kernel.

Software Description:
- linux: Linux kernel

Details:

Jann Horn and Ken Johnson discovered that microprocessors utilizing
speculative execution of a memory read may allow unauthorized memory
reads via a sidechannel attack. This flaw is known as Spectre
Variant 4. A local attacker could use this to expose sensitive
information, including kernel memory. (CVE-2018-3639)

It was discovered that the netlink subsystem in the Linux kernel did not
properly restrict observations of netlink messages to the appropriate net
namespace. A local attacker could use this to expose sensitive information
(kernel netlink traffic). (CVE-2017-17449)

Tuba Yavuz discovered that a double-free error existed in the USBTV007
driver of the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-17975)

It was discovered that a race condition existed in the Device Mapper
component of the Linux kernel. A local attacker could use this to cause a
denial of service (system crash). (CVE-2017-18203)

It was discovered that an infinite loop could occur in the madvise(2)
implementation in the Linux kernel in certain circumstances. A local
attacker could use this to cause a denial of service (system hang).
(CVE-2017-18208)

Silvio Cesare discovered a buffer overwrite existed in the NCPFS
implementation in the Linux kernel. A remote attacker controlling a
malicious NCPFS server could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2018-8822)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
  linux-image-4.13.0-43-generic   4.13.0-43.48
  linux-image-4.13.0-43-generic-lpae  4.13.0-43.48
  linux-image-4.13.0-43-lowlatency  4.13.0-43.48
  linux-image-generic             4.13.0.43.46
  linux-image-generic-lpae        4.13.0.43.46
  linux-image-lowlatency          4.13.0.43.46

Please note that fully mitigating CVE-2018-3639 (Spectre Variant 4)
may require corresponding processor microcode/firmware updates or,
in virtual environments, hypervisor updates. On i386 and amd64
architectures, the SSBD feature is required to enable the kernel
mitigations. BIOS vendors will be making updates available for Intel
processors that implement SSBD and Ubuntu is working with Intel to
provide future microcode updates. Ubuntu users with a processor from
a different vendor should contact the vendor to identify necessary
firmware updates. Ubuntu provided corresponding QEMU updates for users
of self-hosted virtual environments in USN 3651-1. Ubuntu users in
cloud environments should contact the cloud provider to confirm that
the hypervisor has been updated to expose the new CPU features to
virtual machines.

References:
  https://usn.ubuntu.com/usn/usn-3653-1
  CVE-2017-17449, CVE-2017-17975, CVE-2017-18203, CVE-2017-18208,
  CVE-2018-3639, CVE-2018-8822,
  https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4

Package Information:
  https://launchpad.net/ubuntu/+source/linux/4.13.0-43.48

    

- 漏洞信息 (F147721)

Ubuntu Security Notice USN-3652-1 (PacketStormID:F147721)
2018-05-21 00:00:00
Ubuntu  security.ubuntu.com
advisory,kernel,local
linux,ubuntu
CVE-2018-3639
[点击下载]

Ubuntu Security Notice 3652-1 - Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory.

==========================================================================
Ubuntu Security Notice USN-3652-1
May 22, 2018

linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

The system could be made to expose sensitive information.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oem: Linux kernel for OEM processors

Details:

Jann Horn and Ken Johnson discovered that microprocessors utilizing
speculative execution of a memory read may allow unauthorized memory
reads via a sidechannel attack. This flaw is known as Spectre
Variant 4. A local attacker could use this to expose sensitive
information, including kernel memory.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  linux-image-4.15.0-1008-gcp     4.15.0-1008.8
  linux-image-4.15.0-1009-aws     4.15.0-1009.9
  linux-image-4.15.0-1010-kvm     4.15.0-1010.10
  linux-image-4.15.0-22-generic   4.15.0-22.24
  linux-image-4.15.0-22-generic-lpae  4.15.0-22.24
  linux-image-4.15.0-22-lowlatency  4.15.0-22.24
  linux-image-aws                 4.15.0.1009.9
  linux-image-azure               4.15.0.1012.12
  linux-image-azure-edge          4.15.0.1012.12
  linux-image-gcp                 4.15.0.1008.10
  linux-image-generic             4.15.0.22.23
  linux-image-generic-lpae        4.15.0.22.23
  linux-image-gke                 4.15.0.1008.10
  linux-image-kvm                 4.15.0.1010.10
  linux-image-lowlatency          4.15.0.22.23
  linux-image-oem                 4.15.0.1006.8

Please note that fully mitigating CVE-2018-3639 (Spectre Variant 4)
may require corresponding processor microcode/firmware updates or,
in virtual environments, hypervisor updates. On i386 and amd64
architectures, the SSBD feature is required to enable the kernel
mitigations. BIOS vendors will be making updates available for Intel
processors that implement SSBD and Ubuntu is working with Intel to
provide future microcode updates. Ubuntu users with a processor from
a different vendor should contact the vendor to identify necessary
firmware updates. Ubuntu provided corresponding QEMU updates for users
of self-hosted virtual environments in USN 3651-1. Ubuntu users in
cloud environments should contact the cloud provider to confirm that
the hypervisor has been updated to expose the new CPU features to
virtual machines.

References:
  https://usn.ubuntu.com/usn/usn-3652-1
  CVE-2018-3639, https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4

Package Information:
  https://launchpad.net/ubuntu/+source/linux/4.15.0-22.24
  https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1009.9
  https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1012.12
  https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1008.8
  https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1010.10
  https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1006.9

    

- 漏洞信息 (F147720)

Ubuntu Security Notice USN-3651-1 (PacketStormID:F147720)
2018-05-21 00:00:00
Ubuntu  security.ubuntu.com
advisory,kernel
linux,ubuntu
CVE-2018-3639
[点击下载]

Ubuntu Security Notice 3651-1 - Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows QEMU to expose new CPU features added by microcode updates to guests on amd64 and i386.

==========================================================================
Ubuntu Security Notice USN-3651-1
May 21, 2018

qemu update
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Side channel execution mitigations were added to QEMU.

Software Description:
- qemu: Machine emulator and virtualizer

Details:

Ken Johnson and Jann Horn independently discovered that microprocessors utilizing
speculative execution of a memory read may allow unauthorized memory reads via
sidechannel attacks. An attacker in the guest could use this to expose sensitive
guest information, including kernel memory. This update allows QEMU to expose new
CPU features added by microcode updates to guests on amd64 and i386.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  qemu                            1:2.11+dfsg-1ubuntu7.2
  qemu-system                     1:2.11+dfsg-1ubuntu7.2
  qemu-system-x86                 1:2.11+dfsg-1ubuntu7.2

Ubuntu 17.10:
  qemu                            1:2.10+dfsg-0ubuntu3.7
  qemu-system                     1:2.10+dfsg-0ubuntu3.7
  qemu-system-x86                 1:2.10+dfsg-0ubuntu3.7

Ubuntu 16.04 LTS:
  qemu                            1:2.5+dfsg-5ubuntu10.29
  qemu-system                     1:2.5+dfsg-5ubuntu10.29
  qemu-system-x86                 1:2.5+dfsg-5ubuntu10.29

Ubuntu 14.04 LTS:
  qemu                            2.0.0+dfsg-2ubuntu1.42
  qemu-system                     2.0.0+dfsg-2ubuntu1.42
  qemu-system-x86                 2.0.0+dfsg-2ubuntu1.42

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References:
  https://usn.ubuntu.com/usn/usn-3651-1
  CVE-2018-3639, https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4

Package Information:
  https://launchpad.net/ubuntu/+source/qemu/1:2.11+dfsg-1ubuntu7.2
  https://launchpad.net/ubuntu/+source/qemu/1:2.10+dfsg-0ubuntu3.7
  https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.29
  https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.42
    

- 漏洞信息 (F147796)

VMware Security Advisory 2018-0012 (PacketStormID:F147796)
2018-05-23 00:00:00
VMware  vmware.com
advisory
CVE-2018-3639,CVE-2018-3640
[点击下载]

VMware Security Advisory 2018-0012 - VMware vSphere, Workstation and Fusion updates enable Hypervisor- Assisted Guest Mitigations for Speculative Store Bypass issue. The mitigations in this advisory are categorized as Hypervisor Assisted Guest Mitigations described by VMware Knowledge Base article 54951. KB54951 also covers CVE-2018-3640 mitigations which do not require VMware product updates.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
                        VMware Security Advisory

Advisory ID: VMSA-2018-0012
Severity:    Moderate
Synopsis:    VMware vSphere, Workstation and Fusion updates enable
             Hypervisor-Assisted Guest Mitigations for Speculative Store
             Bypass issue.
Issue date:  2018-05-21
Updated on:  2018-05-21 (Initial Advisory)
CVE number:  CVE-2018-3639

1. Summary

   VMware vSphere, Workstation and Fusion updates enable Hypervisor-
   Assisted Guest Mitigations for Speculative Store Bypass issue.

   The mitigations in this advisory are categorized as Hypervisor
   Assisted Guest Mitigations described by VMware Knowledge Base article
   54951. KB54951 also covers CVE-2018-3640 mitigations which do not
   require VMware product updates.

2. Relevant Products

   VMware vCenter Server (VC)
   VMware vSphere ESXi (ESXi)
   VMware Workstation Pro / Player (Workstation)
   VMware Fusion Pro / Fusion (Fusion)

3. Problem Description

   vCenter Server, ESXi, Workstation, and Fusion update speculative
   execution control mechanism for Virtual Machines (VMs). As a result,
   a patched Guest Operating System (GOS) can remediate the Speculative
   Store bypass issue (CVE-2018-3639) using the Speculative-Store-
   Bypass-Disable (SSBD) control bit. This issue may allow for
   information disclosure in applications and/or execution runtimes
   which rely on managed code security mechanisms. Based on current
   evaluations, we do not believe that CVE-2018-3639 could allow for VM
   to VM or Hypervisor to VM Information disclosure.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the identifier CVE-2018-3639 to this issue.

   Column 5 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is
   available.

   VMware      Product   Running           Replace with/     Mitigation/
   Product     Version   on      Severity  Apply Patch       Workaround
   =========== ========= ======= ========= ================= ==========
   VC          6.7       Any     Moderate  Patch Pending*    None
   VC          6.5       Any     Moderate  Patch Pending*    None
   VC          6.0       Any     Moderate  Patch Pending*    None
   VC          5.5       Any     Moderate  Patch Pending*    None

   ESXi        6.7       Any     Moderate  Patch Pending*    None
   ESXi        6.5       Any     Moderate  Patch Pending*    None
   ESXi        6.0       Any     Moderate  Patch Pending*    None
   ESXi        5.5       Any     Moderate  Patch Pending*    None

   Workstation 14.x      Any     Moderate  14.1.2**          None

   Fusion      10.x      Any     Moderate  10.1.2**          None

   *These updates are on hold until Intel has released updated microcode
   which has been tested by VMware.

   **There are additional VMware and 3rd party requirements for
   CVE-2018-3639 mitigation beyond applying these updates. Please see
   VMware Knowledge Base Article 55111 for details.

4. Solution

   VMware Workstation Pro, Player 14.1.2
   Downloads and Documentation:
   https://www.vmware.com/go/downloadworkstation
   https://www.vmware.com/go/downloadplayer

   VMware Fusion Pro / Fusion 10.1.2
   Downloads and Documentation:  
   https://www.vmware.com/go/downloadfusion

5. References

   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
   https://kb.vmware.com/kb/54951
   https://kb.vmware.com/kb/55111

- ------------------------------------------------------------------------

6. Change log

   2018-05-21: Initial security advisory in conjunction with the release
   of Workstation 14.1.2 and Fusion 10.1.2 on 2018-05-21.

- ------------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

    security-announce@lists.vmware.com
    bugtraq@securityfocus.com
    fulldisclosure@seclists.org

   E-mail: security at vmware.com
   PGP key at: https://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html
 
   VMware Security & Compliance Blog   
   https://blogs.vmware.com/security

   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2018 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQSmJMaUX5+xuU/DnNwMRybxVuL2QwUCWwLcKAAKCRAMRybxVuL2
Q/WnAKD66NtwlYXMUBkrev+wQoCEu4smLACgmyVURkBIjsbq0i/vrb0CFDLt6EY=
=kpHA
-----END PGP SIGNATURE-----

_______________________________________________
Security-announce mailing list
Security-announce@lists.vmware.com
https://lists.vmware.com/mailman/listinfo/security-announce
    

- 漏洞信息 (F147785)

Ubuntu Security Notice USN-3655-2 (PacketStormID:F147785)
2018-05-23 00:00:00
Ubuntu  security.ubuntu.com
advisory,kernel,local,vulnerability
linux,ubuntu
CVE-2017-12134,CVE-2017-13220,CVE-2017-13305,CVE-2017-17449,CVE-2017-18079,CVE-2017-18203,CVE-2017-18204,CVE-2017-18208,CVE-2017-18221,CVE-2018-3639,CVE-2018-8822
[点击下载]

Ubuntu Security Notice 3655-2 - USN-3655-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3655-2
May 22, 2018

linux-lts-trusty vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Several security issues were addressed in the Linux kernel.

Software Description:
- linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise ESM

Details:

USN-3655-1 fixed vulnerabilities and added mitigations in the Linux
kernel for Ubuntu 14.04 LTS. This update provides the corresponding
updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu
14.04 LTS for Ubuntu 12.04 ESM.

Jann Horn and Ken Johnson discovered that microprocessors utilizing
speculative execution of a memory read may allow unauthorized memory
reads via a sidechannel attack. This flaw is known as Spectre
Variant 4. A local attacker could use this to expose sensitive
information, including kernel memory. (CVE-2018-3639)

Jan H. Schonherr discovered that the Xen subsystem did not properly handle
block IO merges correctly in some situations. An attacker in a guest vm
could use this to cause a denial of service (host crash) or possibly gain
administrative privileges in the host. (CVE-2017-12134)

It was discovered that the Bluetooth HIP Protocol implementation in the
Linux kernel did not properly validate HID connection setup information. An
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-13220)

It was discovered that a buffer overread vulnerability existed in the
keyring subsystem of the Linux kernel. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2017-13305)

It was discovered that the netlink subsystem in the Linux kernel did not
properly restrict observations of netlink messages to the appropriate net
namespace. A local attacker could use this to expose sensitive information
(kernel netlink traffic). (CVE-2017-17449)

It was discovered that a race condition existed in the i8042 serial device
driver implementation in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2017-18079)

It was discovered that a race condition existed in the Device Mapper
component of the Linux kernel. A local attacker could use this to cause a
denial of service (system crash). (CVE-2017-18203)

It was discovered that a race condition existed in the OCFS2 file system
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (kernel deadlock). (CVE-2017-18204)

It was discovered that an infinite loop could occur in the madvise(2)
implementation in the Linux kernel in certain circumstances. A local
attacker could use this to cause a denial of service (system hang).
(CVE-2017-18208)

Kefeng Wang discovered that a race condition existed in the memory locking
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service. (CVE-2017-18221)

Silvio Cesare discovered a buffer overwrite existed in the NCPFS
implementation in the Linux kernel. A remote attacker controlling a
malicious NCPFS server could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2018-8822)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  linux-image-3.13.0-149-generic  3.13.0-149.199~precise1
  linux-image-3.13.0-149-generic-lpae  3.13.0-149.199~precise1
  linux-image-generic-lpae-lts-trusty  3.13.0.149.140
  linux-image-generic-lts-trusty  3.13.0.149.140

Please note that fully mitigating CVE-2018-3639 (Spectre Variant 4)
may require corresponding processor microcode/firmware updates or,
in virtual environments, hypervisor updates. On i386 and amd64
architectures, the SSBD feature is required to enable the kernel
mitigations. BIOS vendors will be making updates available for Intel
processors that implement SSBD. Ubuntu users with a processor from
a different vendor should contact the vendor to identify necessary
firmware updates. Ubuntu users in cloud environments should contact
the cloud provider to confirm that the hypervisor has been updated
to expose the new CPU features to virtual machines.

References:
  https://usn.ubuntu.com/usn/usn-3655-2
  https://usn.ubuntu.com/usn/usn-3655-1
  CVE-2017-12134, CVE-2017-13220, CVE-2017-13305, CVE-2017-17449,
  CVE-2017-18079, CVE-2017-18203, CVE-2017-18204, CVE-2017-18208,
  CVE-2017-18221, CVE-2018-3639, CVE-2018-8822, https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4

    

- 漏洞信息 (F147784)

Ubuntu Security Notice USN-3655-1 (PacketStormID:F147784)
2018-05-23 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,kernel,local
linux,ubuntu
CVE-2017-12134,CVE-2017-13220,CVE-2017-13305,CVE-2017-17449,CVE-2017-18079,CVE-2017-18203,CVE-2017-18204,CVE-2017-18208,CVE-2017-18221,CVE-2018-3639,CVE-2018-8822
[点击下载]

Ubuntu Security Notice 3655-1 - Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Jan H. Schonherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service or possibly gain administrative privileges in the host. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3655-1
May 22, 2018

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were addressed in the Linux kernel.

Software Description:
- linux: Linux kernel

Details:

Jann Horn and Ken Johnson discovered that microprocessors utilizing
speculative execution of a memory read may allow unauthorized memory
reads via a sidechannel attack. This flaw is known as Spectre
Variant 4. A local attacker could use this to expose sensitive
information, including kernel memory. (CVE-2018-3639)

Jan H. Schonherr discovered that the Xen subsystem did not properly handle
block IO merges correctly in some situations. An attacker in a guest vm
could use this to cause a denial of service (host crash) or possibly gain
administrative privileges in the host. (CVE-2017-12134)

It was discovered that the Bluetooth HIP Protocol implementation in the
Linux kernel did not properly validate HID connection setup information. An
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-13220)

It was discovered that a buffer overread vulnerability existed in the
keyring subsystem of the Linux kernel. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2017-13305)

It was discovered that the netlink subsystem in the Linux kernel did not
properly restrict observations of netlink messages to the appropriate net
namespace. A local attacker could use this to expose sensitive information
(kernel netlink traffic). (CVE-2017-17449)

It was discovered that a race condition existed in the i8042 serial device
driver implementation in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2017-18079)

It was discovered that a race condition existed in the Device Mapper
component of the Linux kernel. A local attacker could use this to cause a
denial of service (system crash). (CVE-2017-18203)

It was discovered that a race condition existed in the OCFS2 file system
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (kernel deadlock). (CVE-2017-18204)

It was discovered that an infinite loop could occur in the madvise(2)
implementation in the Linux kernel in certain circumstances. A local
attacker could use this to cause a denial of service (system hang).
(CVE-2017-18208)

Kefeng Wang discovered that a race condition existed in the memory locking
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service. (CVE-2017-18221)

Silvio Cesare discovered a buffer overwrite existed in the NCPFS
implementation in the Linux kernel. A remote attacker controlling a
malicious NCPFS server could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2018-8822)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  linux-image-3.13.0-149-generic  3.13.0-149.199
  linux-image-3.13.0-149-generic-lpae  3.13.0-149.199
  linux-image-3.13.0-149-lowlatency  3.13.0-149.199
  linux-image-3.13.0-149-powerpc-e500  3.13.0-149.199
  linux-image-3.13.0-149-powerpc-e500mc  3.13.0-149.199
  linux-image-3.13.0-149-powerpc-smp  3.13.0-149.199
  linux-image-3.13.0-149-powerpc64-emb  3.13.0-149.199
  linux-image-3.13.0-149-powerpc64-smp  3.13.0-149.199
  linux-image-generic             3.13.0.149.159
  linux-image-generic-lpae        3.13.0.149.159
  linux-image-lowlatency          3.13.0.149.159
  linux-image-powerpc-e500        3.13.0.149.159
  linux-image-powerpc-e500mc      3.13.0.149.159
  linux-image-powerpc-smp         3.13.0.149.159
  linux-image-powerpc64-emb       3.13.0.149.159
  linux-image-powerpc64-smp       3.13.0.149.159

Please note that fully mitigating CVE-2018-3639 (Spectre Variant 4)
may require corresponding processor microcode/firmware updates or,
in virtual environments, hypervisor updates. On i386 and amd64
architectures, the SSBD feature is required to enable the kernel
mitigations. BIOS vendors will be making updates available for Intel
processors that implement SSBD and Ubuntu is working with Intel to
provide future microcode updates. Ubuntu users with a processor from
a different vendor should contact the vendor to identify necessary
firmware updates. Ubuntu provided corresponding QEMU updates for users
of self-hosted virtual environments in USN 3651-1. Ubuntu users in
cloud environments should contact the cloud provider to confirm that
the hypervisor has been updated to expose the new CPU features to
virtual machines.

References:
  https://usn.ubuntu.com/usn/usn-3655-1
  CVE-2017-12134, CVE-2017-13220, CVE-2017-13305, CVE-2017-17449,
  CVE-2017-18079, CVE-2017-18203, CVE-2017-18204, CVE-2017-18208,
  CVE-2017-18221, CVE-2018-3639, CVE-2018-8822,
  https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4

Package Information:
  https://launchpad.net/ubuntu/+source/linux/3.13.0-149.199

    

- 漏洞信息 (F147783)

Ubuntu Security Notice USN-3654-2 (PacketStormID:F147783)
2018-05-23 00:00:00
Ubuntu  security.ubuntu.com
advisory,kernel,local,vulnerability
linux,ubuntu
CVE-2017-17975,CVE-2017-18193,CVE-2017-18222,CVE-2018-1065,CVE-2018-1068,CVE-2018-1130,CVE-2018-3639,CVE-2018-5803,CVE-2018-7480,CVE-2018-7757,CVE-2018-7995,CVE-2018-8781,CVE-2018-8822
[点击下载]

Ubuntu Security Notice 3654-2 - USN-3654-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3654-2
May 22, 2018

linux-lts-xenial, linux-aws vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were addressed in the Linux kernel.

Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

USN-3654-1 fixed vulnerabilities and added mitigations in the Linux
kernel for Ubuntu 16.04 LTS. This update provides the corresponding
updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu
16.04 LTS for Ubuntu 14.04 LTS.

Jann Horn and Ken Johnson discovered that microprocessors utilizing
speculative execution of a memory read may allow unauthorized memory
reads via a sidechannel attack. This flaw is known as Spectre
Variant 4. A local attacker could use this to expose sensitive
information, including kernel memory. (CVE-2018-3639)

Tuba Yavuz discovered that a double-free error existed in the USBTV007
driver of the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-17975)

It was discovered that a race condition existed in the F2FS implementation
in the Linux kernel. A local attacker could use this to cause a denial of
service (system crash). (CVE-2017-18193)

It was discovered that a buffer overflow existed in the Hisilicon HNS
Ethernet Device driver in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-18222)

It was discovered that the netfilter subsystem in the Linux kernel did not
validate that rules containing jumps contained user-defined chains. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2018-1065)

It was discovered that the netfilter subsystem of the Linux kernel did not
properly validate ebtables offsets. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-1068)

It was discovered that a null pointer dereference vulnerability existed in
the DCCP protocol implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash). (CVE-2018-1130)

It was discovered that the SCTP Protocol implementation in the Linux kernel
did not properly validate userspace provided payload lengths in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2018-5803)

It was discovered that a double free error existed in the block layer
subsystem of the Linux kernel when setting up a request queue. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2018-7480)

It was discovered that a memory leak existed in the SAS driver subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2018-7757)

It was discovered that a race condition existed in the x86 machine check
handler in the Linux kernel. A local privileged attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-7995)

Eyal Itkin discovered that the USB displaylink video adapter driver in the
Linux kernel did not properly validate mmap offsets sent from userspace. A
local attacker could use this to expose sensitive information (kernel
memory) or possibly execute arbitrary code. (CVE-2018-8781)

Silvio Cesare discovered a buffer overwrite existed in the NCPFS
implementation in the Linux kernel. A remote attacker controlling a
malicious NCPFS server could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2018-8822)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  linux-image-4.4.0-1022-aws      4.4.0-1022.22
  linux-image-4.4.0-127-generic   4.4.0-127.153~14.04.1
  linux-image-4.4.0-127-generic-lpae  4.4.0-127.153~14.04.1
  linux-image-4.4.0-127-lowlatency  4.4.0-127.153~14.04.1
  linux-image-4.4.0-127-powerpc-e500mc  4.4.0-127.153~14.04.1
  linux-image-4.4.0-127-powerpc-smp  4.4.0-127.153~14.04.1
  linux-image-4.4.0-127-powerpc64-emb  4.4.0-127.153~14.04.1
  linux-image-4.4.0-127-powerpc64-smp  4.4.0-127.153~14.04.1
  linux-image-aws                 4.4.0.1022.22
  linux-image-generic-lpae-lts-xenial  4.4.0.127.107
  linux-image-generic-lts-xenial  4.4.0.127.107
  linux-image-lowlatency-lts-xenial  4.4.0.127.107
  linux-image-powerpc-e500mc-lts-xenial  4.4.0.127.107
  linux-image-powerpc-smp-lts-xenial  4.4.0.127.107
  linux-image-powerpc64-emb-lts-xenial  4.4.0.127.107
  linux-image-powerpc64-smp-lts-xenial  4.4.0.127.107

Please note that fully mitigating CVE-2018-3639 (Spectre Variant 4)
may require corresponding processor microcode/firmware updates or,
in virtual environments, hypervisor updates. On i386 and amd64
architectures, the SSBD feature is required to enable the kernel
mitigations. BIOS vendors will be making updates available for Intel
processors that implement SSBD and Ubuntu is working with Intel to
provide future microcode updates. Ubuntu users with a processor from
a different vendor should contact the vendor to identify necessary
firmware updates. Ubuntu provided corresponding QEMU updates for users
of self-hosted virtual environments in USN 3651-1. Ubuntu users in
cloud environments should contact the cloud provider to confirm that
the hypervisor has been updated to expose the new CPU features to
virtual machines.

References:
  https://usn.ubuntu.com/usn/usn-3654-2
  https://usn.ubuntu.com/usn/usn-3654-1
  CVE-2017-17975, CVE-2017-18193, CVE-2017-18222, CVE-2018-1065,
  CVE-2018-1068, CVE-2018-1130, CVE-2018-3639, CVE-2018-5803,
  CVE-2018-7480, CVE-2018-7757, CVE-2018-7995, CVE-2018-8781,
  CVE-2018-8822,
  https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4

Package Information:
  https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1022.22
  https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-127.153~14.04.1

    

- 漏洞信息 (F147782)

Ubuntu Security Notice USN-3654-1 (PacketStormID:F147782)
2018-05-23 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,arbitrary,kernel,local
linux,ubuntu
CVE-2017-17975,CVE-2017-18193,CVE-2017-18222,CVE-2018-1065,CVE-2018-1068,CVE-2018-1130,CVE-2018-3639,CVE-2018-5803,CVE-2018-7480,CVE-2018-7757,CVE-2018-7995,CVE-2018-8781,CVE-2018-8822
[点击下载]

Ubuntu Security Notice 3654-1 - Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Tuba Yavuz discovered that a double-free error existed in the USBTV007 driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3654-1
May 22, 2018

linux, linux-aws, linux-kvm, vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were addressed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments

Details:

Jann Horn and Ken Johnson discovered that microprocessors utilizing
speculative execution of a memory read may allow unauthorized memory
reads via a sidechannel attack. This flaw is known as Spectre
Variant 4. A local attacker could use this to expose sensitive
information, including kernel memory. (CVE-2018-3639)

Tuba Yavuz discovered that a double-free error existed in the USBTV007
driver of the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-17975)

It was discovered that a race condition existed in the F2FS implementation
in the Linux kernel. A local attacker could use this to cause a denial of
service (system crash). (CVE-2017-18193)

It was discovered that a buffer overflow existed in the Hisilicon HNS
Ethernet Device driver in the Linux kernel. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2017-18222)

It was discovered that the netfilter subsystem in the Linux kernel did not
validate that rules containing jumps contained user-defined chains. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2018-1065)

It was discovered that the netfilter subsystem of the Linux kernel did not
properly validate ebtables offsets. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-1068)

It was discovered that a null pointer dereference vulnerability existed in
the DCCP protocol implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash). (CVE-2018-1130)

It was discovered that the SCTP Protocol implementation in the Linux kernel
did not properly validate userspace provided payload lengths in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2018-5803)

It was discovered that a double free error existed in the block layer
subsystem of the Linux kernel when setting up a request queue. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2018-7480)

It was discovered that a memory leak existed in the SAS driver subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2018-7757)

It was discovered that a race condition existed in the x86 machine check
handler in the Linux kernel. A local privileged attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-7995)

Eyal Itkin discovered that the USB displaylink video adapter driver in the
Linux kernel did not properly validate mmap offsets sent from userspace. A
local attacker could use this to expose sensitive information (kernel
memory) or possibly execute arbitrary code. (CVE-2018-8781)

Silvio Cesare discovered a buffer overwrite existed in the NCPFS
implementation in the Linux kernel. A remote attacker controlling a
malicious NCPFS server could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2018-8822)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  linux-image-4.4.0-1026-kvm      4.4.0-1026.31
  linux-image-4.4.0-1060-aws      4.4.0-1060.69
  linux-image-4.4.0-127-generic   4.4.0-127.153
  linux-image-4.4.0-127-generic-lpae  4.4.0-127.153
  linux-image-4.4.0-127-lowlatency  4.4.0-127.153
  linux-image-4.4.0-127-powerpc-e500mc  4.4.0-127.153
  linux-image-4.4.0-127-powerpc-smp  4.4.0-127.153
  linux-image-4.4.0-127-powerpc64-emb  4.4.0-127.153
  linux-image-4.4.0-127-powerpc64-smp  4.4.0-127.153
  linux-image-aws                 4.4.0.1060.62
  linux-image-generic             4.4.0.127.133
  linux-image-generic-lpae        4.4.0.127.133
  linux-image-kvm                 4.4.0.1026.25
  linux-image-lowlatency          4.4.0.127.133
  linux-image-powerpc-e500mc      4.4.0.127.133
  linux-image-powerpc-smp         4.4.0.127.133
  linux-image-powerpc64-emb       4.4.0.127.133
  linux-image-powerpc64-smp       4.4.0.127.133

Please note that fully mitigating CVE-2018-3639 (Spectre Variant 4)
may require corresponding processor microcode/firmware updates or,
in virtual environments, hypervisor updates. On i386 and amd64
architectures, the SSBD feature is required to enable the kernel
mitigations. BIOS vendors will be making updates available for Intel
processors that implement SSBD and Ubuntu is working with Intel to
provide future microcode updates. Ubuntu users with a processor from
a different vendor should contact the vendor to identify necessary
firmware updates. Ubuntu provided corresponding QEMU updates for users
of self-hosted virtual environments in USN 3651-1. Ubuntu users in
cloud environments should contact the cloud provider to confirm that
the hypervisor has been updated to expose the new CPU features to
virtual machines.

References:
  https://usn.ubuntu.com/usn/usn-3654-1
  CVE-2017-17975, CVE-2017-18193, CVE-2017-18222, CVE-2018-1065,
  CVE-2018-1068, CVE-2018-1130, CVE-2018-3639, CVE-2018-5803,
  CVE-2018-7480, CVE-2018-7757, CVE-2018-7995, CVE-2018-8781,
  CVE-2018-8822,
  https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4

Package Information:
  https://launchpad.net/ubuntu/+source/linux/4.4.0-127.153
  https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1060.69
  https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1026.31

    

- 漏洞信息 (F147781)

Ubuntu Security Notice USN-3653-2 (PacketStormID:F147781)
2018-05-23 00:00:00
Ubuntu  security.ubuntu.com
advisory,kernel,local,vulnerability
linux,ubuntu
CVE-2017-17449,CVE-2017-17975,CVE-2017-18203,CVE-2017-18208,CVE-2018-3639,CVE-2018-8822
[点击下载]

Ubuntu Security Notice 3653-2 - USN-3653-1 fixed vulnerabilities and added mitigations in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3653-2
May 22, 2018

linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were addressed in the Linux kernel.

Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
- linux-oem: Linux kernel for OEM processors

Details:

USN-3653-1 fixed vulnerabilities and added mitigations in the Linux
kernel for Ubuntu 17.10. This update provides the corresponding
updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu
17.10 for Ubuntu 16.04 LTS.

Jann Horn and Ken Johnson discovered that microprocessors utilizing
speculative execution of a memory read may allow unauthorized memory
reads via a sidechannel attack. This flaw is known as Spectre
Variant 4. A local attacker could use this to expose sensitive
information, including kernel memory. (CVE-2018-3639)

It was discovered that the netlink subsystem in the Linux kernel did not
properly restrict observations of netlink messages to the appropriate net
namespace. A local attacker could use this to expose sensitive information
(kernel netlink traffic). (CVE-2017-17449)

Tuba Yavuz discovered that a double-free error existed in the USBTV007
driver of the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-17975)

It was discovered that a race condition existed in the Device Mapper
component of the Linux kernel. A local attacker could use this to cause a
denial of service (system crash). (CVE-2017-18203)

It was discovered that an infinite loop could occur in the madvise(2)
implementation in the Linux kernel in certain circumstances. A local
attacker could use this to cause a denial of service (system hang).
(CVE-2017-18208)

Silvio Cesare discovered a buffer overwrite existed in the NCPFS
implementation in the Linux kernel. A remote attacker controlling a
malicious NCPFS server could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2018-8822)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  linux-image-4.13.0-1017-gcp     4.13.0-1017.21
  linux-image-4.13.0-1018-azure   4.13.0-1018.21
  linux-image-4.13.0-1028-oem     4.13.0-1028.31
  linux-image-4.13.0-43-generic   4.13.0-43.48~16.04.1
  linux-image-4.13.0-43-generic-lpae  4.13.0-43.48~16.04.1
  linux-image-4.13.0-43-lowlatency  4.13.0-43.48~16.04.1
  linux-image-azure               4.13.0.1018.19
  linux-image-gcp                 4.13.0.1017.19
  linux-image-generic-hwe-16.04   4.13.0.43.62
  linux-image-generic-lpae-hwe-16.04  4.13.0.43.62
  linux-image-gke                 4.13.0.1017.19
  linux-image-lowlatency-hwe-16.04  4.13.0.43.62
  linux-image-oem                 4.13.0.1028.33

Please note that fully mitigating CVE-2018-3639 (Spectre Variant 4)
may require corresponding processor microcode/firmware updates or,
in virtual environments, hypervisor updates. On i386 and amd64
architectures, the SSBD feature is required to enable the kernel
mitigations. BIOS vendors will be making updates available for Intel
processors that implement SSBD and Ubuntu is working with Intel to
provide future microcode updates. Ubuntu users with a processor from
a different vendor should contact the vendor to identify necessary
firmware updates. Ubuntu provided corresponding QEMU updates for users
of self-hosted virtual environments in USN 3651-1. Ubuntu users in
cloud environments should contact the cloud provider to confirm that
the hypervisor has been updated to expose the new CPU features to
virtual machines.

References:
  https://usn.ubuntu.com/usn/usn-3653-2
  https://usn.ubuntu.com/usn/usn-3653-1
  CVE-2017-17449, CVE-2017-17975, CVE-2017-18203, CVE-2017-18208,
  CVE-2018-3639, CVE-2018-8822,
  https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4

Package Information:
  https://launchpad.net/ubuntu/+source/linux-azure/4.13.0-1018.21
  https://launchpad.net/ubuntu/+source/linux-gcp/4.13.0-1017.21
  https://launchpad.net/ubuntu/+source/linux-hwe/4.13.0-43.48~16.04.1
  https://launchpad.net/ubuntu/+source/linux-oem/4.13.0-1028.31

    

- 漏洞信息 (F147780)

Red Hat Security Advisory 2018-1660-01 (PacketStormID:F147780)
2018-05-23 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1660-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm security update
Advisory ID:       RHSA-2018:1660-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1660
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
qemu-kvm-0.12.1.2-2.503.el6_9.6.src.rpm

i386:
qemu-guest-agent-0.12.1.2-2.503.el6_9.6.i686.rpm
qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.6.i686.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.503.el6_9.6.x86_64.rpm
qemu-img-0.12.1.2-2.503.el6_9.6.x86_64.rpm
qemu-kvm-0.12.1.2-2.503.el6_9.6.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.6.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.503.el6_9.6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
qemu-kvm-0.12.1.2-2.503.el6_9.6.src.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.503.el6_9.6.x86_64.rpm
qemu-img-0.12.1.2-2.503.el6_9.6.x86_64.rpm
qemu-kvm-0.12.1.2-2.503.el6_9.6.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.6.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.503.el6_9.6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
qemu-kvm-0.12.1.2-2.503.el6_9.6.src.rpm

i386:
qemu-guest-agent-0.12.1.2-2.503.el6_9.6.i686.rpm
qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.6.i686.rpm

ppc64:
qemu-guest-agent-0.12.1.2-2.503.el6_9.6.ppc64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.6.ppc64.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.503.el6_9.6.x86_64.rpm
qemu-img-0.12.1.2-2.503.el6_9.6.x86_64.rpm
qemu-kvm-0.12.1.2-2.503.el6_9.6.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.6.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.503.el6_9.6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
qemu-kvm-0.12.1.2-2.503.el6_9.6.src.rpm

i386:
qemu-guest-agent-0.12.1.2-2.503.el6_9.6.i686.rpm
qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.6.i686.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.503.el6_9.6.x86_64.rpm
qemu-img-0.12.1.2-2.503.el6_9.6.x86_64.rpm
qemu-kvm-0.12.1.2-2.503.el6_9.6.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.503.el6_9.6.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.503.el6_9.6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwNSlNzjgjWX9erEAQjErA//RtyIIc3nO5wa7asPZn0LmqWcT2V5+1zM
BUvmxq0GweXvrXTXEKd+ml0bWbak5//XbtZi/tSSf72yOsIWiPx5Z5pZXWt3CP2e
+8qOBOMkWs9+pgeD8bGBhqABUTFlmQPV2rvOQS+mLscDT8w/HrmZVTw5DySLxL01
YKruEqNpDBNvd/HLC7psv2pljEO0GFOmI97WBbRyFbILRt30b+m0ZqVcK4IW8Pdf
5HXUahoU+s8eaPwhHl2t8PW1Kb6D2BZncyKERWg+MbY2Z3lHlgSTE4DYaHuIwf/k
xSVj+/cieW0I9HcsB9NzkzdSl19NudA2ZkCbG3Xv8yMU6HPxxFz9vs98HcWwBf36
T2Gwf8bUQ2ameGVPdaWvrmN+RxKtqGm7/spyH44K+Isiw5dNwAn1v690FqzDbPFe
a+ArBrRu6roIIKs/i5H1EtJaPQyXdUCUmmS+dJn7ylzJYfSU+odYM73/JwQncV5V
RvG8dBGm/mIFqrfzu67ylEz+OnMFBScY/AEqxXbwmoRtQE3yMjo9iXPuIDbNdEMC
oxGoDoYuVHEx7mLnQZBfRyMBxVO0O1Qo4W66gd9xD4HXCAmHJY5bOpXG+xBnXkNa
s/OmiYgTeYf7o1muJiXoCaC2AqLolQ4GiC1VDuL2PbLnP/u30q78EDiRvRC0JAA8
4eSsYpriN0Y=
=4FRp
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147779)

Red Hat Security Advisory 2018-1647-01 (PacketStormID:F147779)
2018-05-23 00:00:00
Red Hat  
advisory,java,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1647-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: java-1.7.0-openjdk security update
Advisory ID:       RHSA-2018:1647-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1647
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise
Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64

3. Description:

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the OpenJDK side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.src.rpm

i386:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.i686.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el6_9.i686.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el6_9.i686.rpm
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el6_9.i686.rpm

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.8.el6_9.noarch.rpm

x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.src.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.8.el6_9.noarch.rpm

x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.src.rpm

i386:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.i686.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el6_9.i686.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el6_9.i686.rpm
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el6_9.i686.rpm

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.8.el6_9.noarch.rpm

x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.src.rpm

i386:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.i686.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el6_9.i686.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el6_9.i686.rpm
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el6_9.i686.rpm

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.8.el6_9.noarch.rpm

x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el6_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwNShtzjgjWX9erEAQgfdQ//QDZfuCtyoh3XoLz18905RtqfRCGkPUY9
R0iAS7peVn1oEBKWrktYff1Mg6QbSLklrcskJEcQWOOFdboGoUVx2gvgZ0gy4pzz
jAAmvnbNHqkU5mJ4HSX82wTTeTbSPMOAcS4vIx0RvorW87uIvNlKhDZqZdGn+bJz
UnqErvGjfpV5aD2DxfWRNouOPsNL1DR5En4oRDBOlG1e1Qysv36qr7SuctD22w08
m8yHC7klJwXC0iQfaC61cp7Gskp1hDH4IazW1GP7DjfR/qhnPtiJS22z1hRs51UD
GjQ5LrWrW5pHmXR6vdI6e5+c3Ao5ScKG/QZS7xTBLvZFSa8dVLT6fjeu0/0P7q9P
PF0mK9TfpvSA15JxiGdDZZPhDuSw+V4Ub8hSyrWEdM4A+r/uqvIa/r3i4UEGX1bE
lfbMAbnFyVpQXUNhkSAasUSwAmh1eyEQkQq9JfgY7TxRhvMQCrc+sZ0IIbNvgUsR
d0qS5+bll+1GOwyJFNLlgZ2YZDNJh1gVdM6MD/XqgyZUcZmBSZ2FsQL2hTpD4Gbq
nr5Nkp1LA7Qf5QAZlTFJmwP+9CjTCaICIZqeOALfGPe6eWNlWzJjB9uvZfAFsoB3
7QzLYZN8o+vJbWDJrIavxBfen+pmHZBJqcaVZy42vlXpemBYj4kgJ1nUJ4ZhEW3Y
+tCEhGx3xqY=
=AnbX
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147778)

Red Hat Security Advisory 2018-1655-01 (PacketStormID:F147778)
2018-05-23 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1655-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm-rhev security update
Advisory ID:       RHSA-2018:1655-01
Product:           Red Hat Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1655
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4
for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - ppc64le, x86_64

3. Description:

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm-rhev packages provide the
user-space component for running virtual machines that use KVM in
environments managed by Red Hat products.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm-rhev side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:

Source:
qemu-kvm-rhev-2.10.0-21.el7_5.3.src.rpm

ppc64le:
qemu-img-rhev-2.10.0-21.el7_5.3.ppc64le.rpm
qemu-kvm-common-rhev-2.10.0-21.el7_5.3.ppc64le.rpm
qemu-kvm-rhev-2.10.0-21.el7_5.3.ppc64le.rpm
qemu-kvm-rhev-debuginfo-2.10.0-21.el7_5.3.ppc64le.rpm
qemu-kvm-tools-rhev-2.10.0-21.el7_5.3.ppc64le.rpm

x86_64:
qemu-img-rhev-2.10.0-21.el7_5.3.x86_64.rpm
qemu-kvm-common-rhev-2.10.0-21.el7_5.3.x86_64.rpm
qemu-kvm-rhev-2.10.0-21.el7_5.3.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.10.0-21.el7_5.3.x86_64.rpm
qemu-kvm-tools-rhev-2.10.0-21.el7_5.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwM8uNzjgjWX9erEAQhGkA/+OJLTYzYG2rmfCECkXA/8a2zabcjD28Ob
+s+NMnQf3x1yXpTJWOfnrtNXu1eDDwGtam9sywtlkfd+UA7KfGSh1kb5m8BOB/Iw
beJdSKftmfjdMQynAEmdV59ZWPxyu7xaRsKN3jmiNlocK+DFIlkE77+veeVlLV5E
lfg1HmBU+LiUbHZrf/zXGMjWqtspgv+H6EzV8Vsf8y+ageTaxkCRrs1EAwskeFh7
P/WFFF/EbCGp3krdCDFbs8jcsYye69X9Nw0Prmwaijw4XcbrLACnadm0CXgM67xP
js73wioAA/VG19gkwk6z1siqiqh9lHa0BCmSrLmpLcPpcp5iv/xAC9khKmRJfC8R
pat79bAp2chSSA5dlZsQloSNjGdhNhOO4qNjabKp7kN3xfUBPel8BWdCkYEaQK/5
Jr5mcgOXVNPRRr6C17ymiIZIWk8xHfhZhJbUuzRh8q7nufM8aK9+QeK9/78Iz2Wx
5qgEbKqjDxUEga17KxdGKpRS2AlEQh8QJuflnoi2yRdKdhNxQC8wk0i4omOG3RVW
+rPK9qMH5GqwOPkueVjTeKkmGT4P5Tia5MKoOTftJeFI64zxMpwexSUbrn5hJKPv
nvi45K1PjlSX8KISSxQHLQ6lEuYXg+kdNEJFWrUf2SjtoFVLqV/YjPdjG+diekyY
4Bgef3q3cMA=
=f9c/
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147770)

Red Hat Security Advisory 2018-1635-01 (PacketStormID:F147770)
2018-05-23 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1635-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update
Advisory ID:       RHSA-2018:1635-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1635
Issue date:        2018-05-22
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.4
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.4) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.4) - noarch, ppc64, ppc64le, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This issue is present in hardware and cannot be fully fixed via
software update. The updated kernel packages provide software side of the
mitigation for this hardware issue. To be fully functional, up-to-date CPU
microcode applied on the system is required. Please refer to References
section for further information about this issue, CPU microcode
requirements and the potential performance impact.

In this update mitigations for x86-64 architecture are provided.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.4):

Source:
kernel-3.10.0-693.25.7.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-693.25.7.el7.noarch.rpm
kernel-doc-3.10.0-693.25.7.el7.noarch.rpm

x86_64:
kernel-3.10.0-693.25.7.el7.x86_64.rpm
kernel-debug-3.10.0-693.25.7.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.25.7.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.25.7.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.25.7.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.25.7.el7.x86_64.rpm
kernel-devel-3.10.0-693.25.7.el7.x86_64.rpm
kernel-headers-3.10.0-693.25.7.el7.x86_64.rpm
kernel-tools-3.10.0-693.25.7.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.25.7.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.25.7.el7.x86_64.rpm
perf-3.10.0-693.25.7.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.25.7.el7.x86_64.rpm
python-perf-3.10.0-693.25.7.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.25.7.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4):

x86_64:
kernel-debug-debuginfo-3.10.0-693.25.7.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.25.7.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.25.7.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.25.7.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.25.7.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.25.7.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.25.7.el7.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.4):

Source:
kernel-3.10.0-693.25.7.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-693.25.7.el7.noarch.rpm
kernel-doc-3.10.0-693.25.7.el7.noarch.rpm

ppc64:
kernel-3.10.0-693.25.7.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-693.25.7.el7.ppc64.rpm
kernel-debug-3.10.0-693.25.7.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-693.25.7.el7.ppc64.rpm
kernel-debug-devel-3.10.0-693.25.7.el7.ppc64.rpm
kernel-debuginfo-3.10.0-693.25.7.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-693.25.7.el7.ppc64.rpm
kernel-devel-3.10.0-693.25.7.el7.ppc64.rpm
kernel-headers-3.10.0-693.25.7.el7.ppc64.rpm
kernel-tools-3.10.0-693.25.7.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-693.25.7.el7.ppc64.rpm
kernel-tools-libs-3.10.0-693.25.7.el7.ppc64.rpm
perf-3.10.0-693.25.7.el7.ppc64.rpm
perf-debuginfo-3.10.0-693.25.7.el7.ppc64.rpm
python-perf-3.10.0-693.25.7.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-693.25.7.el7.ppc64.rpm

ppc64le:
kernel-3.10.0-693.25.7.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-693.25.7.el7.ppc64le.rpm
kernel-debug-3.10.0-693.25.7.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-693.25.7.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-693.25.7.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-693.25.7.el7.ppc64le.rpm
kernel-devel-3.10.0-693.25.7.el7.ppc64le.rpm
kernel-headers-3.10.0-693.25.7.el7.ppc64le.rpm
kernel-tools-3.10.0-693.25.7.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-693.25.7.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-693.25.7.el7.ppc64le.rpm
perf-3.10.0-693.25.7.el7.ppc64le.rpm
perf-debuginfo-3.10.0-693.25.7.el7.ppc64le.rpm
python-perf-3.10.0-693.25.7.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-693.25.7.el7.ppc64le.rpm

s390x:
kernel-3.10.0-693.25.7.el7.s390x.rpm
kernel-debug-3.10.0-693.25.7.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-693.25.7.el7.s390x.rpm
kernel-debug-devel-3.10.0-693.25.7.el7.s390x.rpm
kernel-debuginfo-3.10.0-693.25.7.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-693.25.7.el7.s390x.rpm
kernel-devel-3.10.0-693.25.7.el7.s390x.rpm
kernel-headers-3.10.0-693.25.7.el7.s390x.rpm
kernel-kdump-3.10.0-693.25.7.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-693.25.7.el7.s390x.rpm
kernel-kdump-devel-3.10.0-693.25.7.el7.s390x.rpm
perf-3.10.0-693.25.7.el7.s390x.rpm
perf-debuginfo-3.10.0-693.25.7.el7.s390x.rpm
python-perf-3.10.0-693.25.7.el7.s390x.rpm
python-perf-debuginfo-3.10.0-693.25.7.el7.s390x.rpm

x86_64:
kernel-3.10.0-693.25.7.el7.x86_64.rpm
kernel-debug-3.10.0-693.25.7.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.25.7.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.25.7.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.25.7.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.25.7.el7.x86_64.rpm
kernel-devel-3.10.0-693.25.7.el7.x86_64.rpm
kernel-headers-3.10.0-693.25.7.el7.x86_64.rpm
kernel-tools-3.10.0-693.25.7.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.25.7.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.25.7.el7.x86_64.rpm
perf-3.10.0-693.25.7.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.25.7.el7.x86_64.rpm
python-perf-3.10.0-693.25.7.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.25.7.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.4):

noarch:
kernel-doc-3.10.0-693.25.7.el7.noarch.rpm

ppc64:
kernel-debug-debuginfo-3.10.0-693.25.7.el7.ppc64.rpm
kernel-debuginfo-3.10.0-693.25.7.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-693.25.7.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-693.25.7.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-693.25.7.el7.ppc64.rpm
perf-debuginfo-3.10.0-693.25.7.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-693.25.7.el7.ppc64.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-693.25.7.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-693.25.7.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-693.25.7.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-693.25.7.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-693.25.7.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-693.25.7.el7.ppc64le.rpm
perf-debuginfo-3.10.0-693.25.7.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-693.25.7.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-693.25.7.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.25.7.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.25.7.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.25.7.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.25.7.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.25.7.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.25.7.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwRM1tzjgjWX9erEAQjFtRAAkMSWP6YRdDLy+As7JVkZmb/hBbbgNndj
+45nJFa+lTikQ5Y09z7Iwcf0qpSVnNbaYtvUuDGzvArwojDuXnBqw8MDE6mhvr6K
IrOopPKrT72+ir/mfS01+U0mmOmqZx/TN5X0eIhvZCVBO5fz08KbFObpdZTqYbKu
TzvWrTL+lZtZUpr3T9//m6bdAdeqr0dIQxv2tVVPFqRcyUb0ZPs1DRSX5vjHdc+y
TY8AN4cuC7WNMyMALPOtiH4UHRcnGqeewPqatzgyKEUV9Eig4zv+GTSfg2kjWNMm
CTUZcdw/enVJK6UVak6QH07omdA9OPWeMemZffzvUnllKtJYRJQdiz9yk2qGzL0d
L3ssqE7qwBG4DhUQKIvodhJa2AT12FJTETzCJPY3DDR7aHxPsaGqSIyM93M2EIyO
ncHYKcqFDxJPiDxTEXytLxMV7+qLVFT+YBvYSthYTVt+CsAfgHpdbeKiJN1hpfYu
Hb37me5byo8Xbh8VIHDLEnhSQFVm9pmcU0ho/VG/8vvwru4JSuiETZ+cA4uD/fWn
jqffhmkg9fzudArekFSwWj/rnaIM8Lk9Ie48edzjAA+Rcn7ngKM2j63eXNuuyf1l
GcdyIWvlIUMAIgOPo8mrmzJjogYTtzznFmyEz0DoFX4UeHdee+DWwsvmmdOoUnbm
V24zaqNhIAE=
=ZVEs
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147769)

Red Hat Security Advisory 2018-1636-01 (PacketStormID:F147769)
2018-05-23 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1636-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update
Advisory ID:       RHSA-2018:1636-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1636
Issue date:        2018-05-22
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.3
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.3) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.3) - ppc64, ppc64le, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This issue is present in hardware and cannot be fully fixed via
software update. The updated kernel packages provide software side of the
mitigation for this hardware issue. To be fully functional, up-to-date CPU
microcode applied on the system is required. Please refer to References
section for further information about this issue, CPU microcode
requirements and the potential performance impact.

In this update mitigations for x86-64 architecture are provided.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.3):

Source:
kernel-3.10.0-514.48.5.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-514.48.5.el7.noarch.rpm
kernel-doc-3.10.0-514.48.5.el7.noarch.rpm

x86_64:
kernel-3.10.0-514.48.5.el7.x86_64.rpm
kernel-debug-3.10.0-514.48.5.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.48.5.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.48.5.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.48.5.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.48.5.el7.x86_64.rpm
kernel-devel-3.10.0-514.48.5.el7.x86_64.rpm
kernel-headers-3.10.0-514.48.5.el7.x86_64.rpm
kernel-tools-3.10.0-514.48.5.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.48.5.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.48.5.el7.x86_64.rpm
perf-3.10.0-514.48.5.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.48.5.el7.x86_64.rpm
python-perf-3.10.0-514.48.5.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.48.5.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3):

x86_64:
kernel-debug-debuginfo-3.10.0-514.48.5.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.48.5.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.48.5.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.48.5.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.48.5.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.48.5.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.48.5.el7.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.3):

Source:
kernel-3.10.0-514.48.5.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-514.48.5.el7.noarch.rpm
kernel-doc-3.10.0-514.48.5.el7.noarch.rpm

ppc64:
kernel-3.10.0-514.48.5.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-514.48.5.el7.ppc64.rpm
kernel-debug-3.10.0-514.48.5.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-514.48.5.el7.ppc64.rpm
kernel-debug-devel-3.10.0-514.48.5.el7.ppc64.rpm
kernel-debuginfo-3.10.0-514.48.5.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-514.48.5.el7.ppc64.rpm
kernel-devel-3.10.0-514.48.5.el7.ppc64.rpm
kernel-headers-3.10.0-514.48.5.el7.ppc64.rpm
kernel-tools-3.10.0-514.48.5.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-514.48.5.el7.ppc64.rpm
kernel-tools-libs-3.10.0-514.48.5.el7.ppc64.rpm
perf-3.10.0-514.48.5.el7.ppc64.rpm
perf-debuginfo-3.10.0-514.48.5.el7.ppc64.rpm
python-perf-3.10.0-514.48.5.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-514.48.5.el7.ppc64.rpm

ppc64le:
kernel-3.10.0-514.48.5.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-514.48.5.el7.ppc64le.rpm
kernel-debug-3.10.0-514.48.5.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-514.48.5.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-514.48.5.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-514.48.5.el7.ppc64le.rpm
kernel-devel-3.10.0-514.48.5.el7.ppc64le.rpm
kernel-headers-3.10.0-514.48.5.el7.ppc64le.rpm
kernel-tools-3.10.0-514.48.5.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-514.48.5.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-514.48.5.el7.ppc64le.rpm
perf-3.10.0-514.48.5.el7.ppc64le.rpm
perf-debuginfo-3.10.0-514.48.5.el7.ppc64le.rpm
python-perf-3.10.0-514.48.5.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-514.48.5.el7.ppc64le.rpm

s390x:
kernel-3.10.0-514.48.5.el7.s390x.rpm
kernel-debug-3.10.0-514.48.5.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-514.48.5.el7.s390x.rpm
kernel-debug-devel-3.10.0-514.48.5.el7.s390x.rpm
kernel-debuginfo-3.10.0-514.48.5.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-514.48.5.el7.s390x.rpm
kernel-devel-3.10.0-514.48.5.el7.s390x.rpm
kernel-headers-3.10.0-514.48.5.el7.s390x.rpm
kernel-kdump-3.10.0-514.48.5.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-514.48.5.el7.s390x.rpm
kernel-kdump-devel-3.10.0-514.48.5.el7.s390x.rpm
perf-3.10.0-514.48.5.el7.s390x.rpm
perf-debuginfo-3.10.0-514.48.5.el7.s390x.rpm
python-perf-3.10.0-514.48.5.el7.s390x.rpm
python-perf-debuginfo-3.10.0-514.48.5.el7.s390x.rpm

x86_64:
kernel-3.10.0-514.48.5.el7.x86_64.rpm
kernel-debug-3.10.0-514.48.5.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.48.5.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.48.5.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.48.5.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.48.5.el7.x86_64.rpm
kernel-devel-3.10.0-514.48.5.el7.x86_64.rpm
kernel-headers-3.10.0-514.48.5.el7.x86_64.rpm
kernel-tools-3.10.0-514.48.5.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.48.5.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.48.5.el7.x86_64.rpm
perf-3.10.0-514.48.5.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.48.5.el7.x86_64.rpm
python-perf-3.10.0-514.48.5.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.48.5.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.3):

ppc64:
kernel-debug-debuginfo-3.10.0-514.48.5.el7.ppc64.rpm
kernel-debuginfo-3.10.0-514.48.5.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-514.48.5.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-514.48.5.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-514.48.5.el7.ppc64.rpm
perf-debuginfo-3.10.0-514.48.5.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-514.48.5.el7.ppc64.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-514.48.5.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-514.48.5.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-514.48.5.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-514.48.5.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-514.48.5.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-514.48.5.el7.ppc64le.rpm
perf-debuginfo-3.10.0-514.48.5.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-514.48.5.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-514.48.5.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.48.5.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.48.5.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.48.5.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.48.5.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.48.5.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.48.5.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwRMmdzjgjWX9erEAQiTuw//Xvt6LdD/07qYBRfnuIYGqqikxj5xmrPH
378/xB4R0yTzT03cn/YriDr+/e9O7zqAa9zQr7CqxKCl8P3Blh2bqCX/5+Yk/bhr
582N3ReQ836uTyQ8M++jJnp4S3AjhGt4N5LPNB4tTakuKDuc8SW354jwHP+cUeEu
pvO/kXRTsuGaf/jgvIzXfJQJXwXea9mEfV0o7D/IzKSDB8aV9U+hb23GCqvPQLTl
rzqpusyZl3iPTfcHPgY8/jbVixvBBzahqhaKps8TClj6gH2Ah553rBuTIjNHLBQg
YTz+m9/7hDd3bkzLwxd92C3zKZBRcSoME9kcXgHKr4Obl1oqImS1p5Jap2/eNiR6
0ODVFKwL23mq8LllLZXsh06z/mXH/2Fi276ECkbl3ho6Gja12D7iq9cIyXMR5+a7
kmtwvCs3hmZ0BwPK892HRRfcA72aowCnt3+oichswA9TW1km77QlNOhkJg0e80vE
sWarqf7qOG2jGlG14iqM+WCLPrHQqX8lzaiHT0jMH7/rx02zJ9wLmE/ePGVArf0k
FDL5RyhkV8pG041HMKUJcTu36IWpbrTxnVFWhfj65eVY8GoqlV8yvAJEx0SpBqoF
pbrTCxF2jKcLqGArx+/3HzZP62+GO30Uwa44UWIRw6WcM1tpgQOXrcVMJz8z8x82
vTgAOPbNMf4=
=aJjb
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147767)

Red Hat Security Advisory 2018-1645-01 (PacketStormID:F147767)
2018-05-23 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1645-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm-rhev security update
Advisory ID:       RHSA-2018:1645-01
Product:           Red Hat Enterprise Linux OpenStack Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1645
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform
9.0 (Mitaka).

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 9.0 - x86_64

3. Description:

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm-rhev packages provide the
user-space component for running virtual machines that use KVM in
environments managed by Red Hat products.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm-rhev side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat OpenStack Platform 9.0:

Source:
qemu-kvm-rhev-2.10.0-21.el7_5.3.src.rpm

x86_64:
qemu-img-rhev-2.10.0-21.el7_5.3.x86_64.rpm
qemu-kvm-common-rhev-2.10.0-21.el7_5.3.x86_64.rpm
qemu-kvm-rhev-2.10.0-21.el7_5.3.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.10.0-21.el7_5.3.x86_64.rpm
qemu-kvm-tools-rhev-2.10.0-21.el7_5.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQxWtzjgjWX9erEAQiuCA//TpG18nTgoSBqHFiK59ChgwouOx8wqrlc
Vb0fTeWF+qZvIU7JJppHWOHr32vgAC60WCPDjQjh+9icKsNfkwAmjS3i2ll5yZI5
RYemFUCOA3IgLCvXcL3zXpvCNcPR8Z5c3yojHVLnr7J/5k6Mcjb7QB2rlPTIJdmk
8TAvkGIQixnYks9jZVqx4ZyD3iZ0Q+Vudta1Ef4trnfrAkgEwuUjL2sDaxEwR2BP
cUp7MGeSKQ6sY43WwNidDsOkash9L2QqYIJpxjIvDJZCrtIjQcKn6JxSLlUP4h1t
Cp3rFvxDv4oFh0wU/YPCxpb2GNijaq5vIuc+Xa4ol95D+FXT2YI2pTZ/z9oBHG8e
AMwmJuJPyCM7IyxlsShGaFnVvIBqeihRTnCFcj65da6lHtUBIhcCfAd9JKY9vDtI
SUUg2sTQ9NiYDUntllV3LG0OtCleWFaf4NDARhV2HxLv30WCTz0j/kgIT3U8y+ws
jYWdB9ZhGVJ3J8iT+R7d7dnEY4ZHSuBRaOM+O+WajaXtKvmDC1nerjrOscDLm8rL
aaKKfyRuVmDgv7hKpcs9UmoYAcELbvdVBY2uCIXtnJ/JLArA1tWuke0IUCYz+LLT
RcyYcNSDnK9wpOi1gxStvaSjHPJ7TM16dU/O4GoD0ool6q8+/Cx+ol2Q0NkboHr9
vRi2BHH9sX4=
=L92X
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147766)

Red Hat Security Advisory 2018-1654-01 (PacketStormID:F147766)
2018-05-23 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1654-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm-rhev security update
Advisory ID:       RHSA-2018:1654-01
Product:           Red Hat Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1654
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm-rhev is now available for RHEV 3.X Hypervisor and
Agents for Red Hat Enterprise Linux 7 Extended Life Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

RHEV-H and VDSM for 7 Hosts ELS - x86_64

3. Description:

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm-rhev packages provide the
user-space component for running virtual machines that use KVM in
environments managed by Red Hat products.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm-rhev side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

RHEV-H and VDSM for 7 Hosts ELS:

Source:
qemu-kvm-rhev-2.6.0-28.el7_3.17.src.rpm

x86_64:
qemu-img-rhev-2.6.0-28.el7_3.17.x86_64.rpm
qemu-kvm-common-rhev-2.6.0-28.el7_3.17.x86_64.rpm
qemu-kvm-rhev-2.6.0-28.el7_3.17.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.6.0-28.el7_3.17.x86_64.rpm
qemu-kvm-tools-rhev-2.6.0-28.el7_3.17.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQxS9zjgjWX9erEAQgTZg//YT5dhcDPwo38rirti8c40ydJzaXgI82G
eQElzfNx+NfW0/y/pn16h/yDr6WouCDM4Ea/+Lz3EOJ20RAT2MPSEifAyhOcOHJF
7n1YI8uo/H2e0zftKQLCuZk8VAlnsRoiVPIQsGZHoit/Ffcsu6ZWaL3sXciCDI9o
I1JIpXtHqEtC+7ncyQlXA+XeUbg0xYy3bC4aNH9KB8tr7W9Lxc5pBP/kII8N7+wl
xEdsvMlr+2NLJrRWyiE8Os+o1XMPE5WZPu3saiX9nG7bh8h2XzJ55lfB1wH365Bm
LDdeTJTpxqSUASccXklutzp4mjXUmMGh/kPM3zh0qumcZ8kdknUtNpU9w/iHImvk
oRP5160CU/WrSJHE1LS8ZClQQgIb2QFHbq8sVu2TgIQgFLt5Z3BMacjdbTW061+6
RdrPcasIGi0gDUab9JMe02DSrAmMITbmCyO9hY/+r8ZIRVuxICtqaIuwx0Ne/Jtj
CBGZTD6mrw8Uiw4/8mnlAUCzZAPAjsXISgTLOM7AFunfO+owjKWytaUb1o3UfYM5
gTVVbRXKO0wej75BGmldFat5IcEyffs0pr+Vj7P6xyhDoBZMVERU1G/j5ztpC4cU
NVZxbGMjVUHtCtHKcAVu2zrn2c60dYpSJbS8+ljaxgOgps6U0OS3uhS2IvQXqlUn
r2/VV8kxG7k=
=Ct+f
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147765)

Red Hat Security Advisory 2018-1664-01 (PacketStormID:F147765)
2018-05-23 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1664-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: libvirt security update
Advisory ID:       RHSA-2018:1664-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1664
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for libvirt is now available for Red Hat Enterprise Linux 6.4
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64

3. Description:

The libvirt library contains a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the libvirt side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, libvirtd will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.4):

Source:
libvirt-0.10.2-18.el6_4.17.src.rpm

x86_64:
libvirt-0.10.2-18.el6_4.17.x86_64.rpm
libvirt-client-0.10.2-18.el6_4.17.i686.rpm
libvirt-client-0.10.2-18.el6_4.17.x86_64.rpm
libvirt-debuginfo-0.10.2-18.el6_4.17.i686.rpm
libvirt-debuginfo-0.10.2-18.el6_4.17.x86_64.rpm
libvirt-devel-0.10.2-18.el6_4.17.i686.rpm
libvirt-devel-0.10.2-18.el6_4.17.x86_64.rpm
libvirt-python-0.10.2-18.el6_4.17.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 6.4):

Source:
libvirt-0.10.2-18.el6_4.17.src.rpm

x86_64:
libvirt-debuginfo-0.10.2-18.el6_4.17.x86_64.rpm
libvirt-lock-sanlock-0.10.2-18.el6_4.17.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQxMtzjgjWX9erEAQgKMxAAlLMiUKryKwit5W+DX1eaGUFUmV6DAJNo
MZzzVJ4rd5UFRety1ikDRUeWc7e9ngB0e+568j7+/qxd4LKYb1h4RBDYTXvaSW+C
Pk7ujUT8rL7FoXoRq5hfQNRcNMb8zguO6paMq2lLNTpSd6XUpqKcgNzmfcRSnihU
PAPTaV3Fm4uLUEgMdWjb+AHsN1rgSDjKy42ceiMLk2sqBL3gt3+Co7flvmBPpyWr
Ua/9M3nWENSiPL+qullUSz/7cxHQd0IG12CcGX2X/AL37XznhmS87hxKAk2/2kze
xA32SxgC/jFCh21X0VuUxweHJzs8zlD104kwKYAUan+UujTWvXofhK8GrdjMkf5t
uR2InEAIQknzwhcIv1iFilfYIGciHeMGKUQMUimj59sV9amMQbfLEkdAGHmHQGrO
4TnllOkHdwCSfWZIlts3iphikdpl/n10ylQucgyFrfShZvYDRG8z/QDyDA60pTWU
WS/rXaAml4CXq45Bx4N/PJG6nV09hQeRczjtbJ8lRmS6LxbcpFlc6R5wB4S/Zg1i
TJkBgq2uj4Z82XVdkWIbRPswLhezuPMQ1Xf1AsTO+zCAUDju+IqqipiEphwbi6OL
vLdB6GIdDPQsOzMsG1aas/qTvPeGmJ9iPkaap2bQwU8+4dLGuDAFz3Vq46x7GCw5
6kvZxr5C6Ak=
=35zq
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147764)

Red Hat Security Advisory 2018-1667-01 (PacketStormID:F147764)
2018-05-23 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1667-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: libvirt security update
Advisory ID:       RHSA-2018:1667-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1667
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for libvirt is now available for Red Hat Enterprise Linux 6.7
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64
Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64
Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - x86_64

3. Description:

The libvirt library contains a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the libvirt side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, libvirtd will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux HPC Node EUS (v. 6.7):

Source:
libvirt-0.10.2-54.el6_7.8.src.rpm

x86_64:
libvirt-0.10.2-54.el6_7.8.x86_64.rpm
libvirt-client-0.10.2-54.el6_7.8.i686.rpm
libvirt-client-0.10.2-54.el6_7.8.x86_64.rpm
libvirt-debuginfo-0.10.2-54.el6_7.8.i686.rpm
libvirt-debuginfo-0.10.2-54.el6_7.8.x86_64.rpm
libvirt-python-0.10.2-54.el6_7.8.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7):

x86_64:
libvirt-debuginfo-0.10.2-54.el6_7.8.i686.rpm
libvirt-debuginfo-0.10.2-54.el6_7.8.x86_64.rpm
libvirt-devel-0.10.2-54.el6_7.8.i686.rpm
libvirt-devel-0.10.2-54.el6_7.8.x86_64.rpm
libvirt-lock-sanlock-0.10.2-54.el6_7.8.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 6.7):

Source:
libvirt-0.10.2-54.el6_7.8.src.rpm

i386:
libvirt-0.10.2-54.el6_7.8.i686.rpm
libvirt-client-0.10.2-54.el6_7.8.i686.rpm
libvirt-debuginfo-0.10.2-54.el6_7.8.i686.rpm
libvirt-devel-0.10.2-54.el6_7.8.i686.rpm
libvirt-python-0.10.2-54.el6_7.8.i686.rpm

ppc64:
libvirt-0.10.2-54.el6_7.8.ppc64.rpm
libvirt-client-0.10.2-54.el6_7.8.ppc.rpm
libvirt-client-0.10.2-54.el6_7.8.ppc64.rpm
libvirt-debuginfo-0.10.2-54.el6_7.8.ppc.rpm
libvirt-debuginfo-0.10.2-54.el6_7.8.ppc64.rpm
libvirt-devel-0.10.2-54.el6_7.8.ppc.rpm
libvirt-devel-0.10.2-54.el6_7.8.ppc64.rpm
libvirt-python-0.10.2-54.el6_7.8.ppc64.rpm

s390x:
libvirt-0.10.2-54.el6_7.8.s390x.rpm
libvirt-client-0.10.2-54.el6_7.8.s390.rpm
libvirt-client-0.10.2-54.el6_7.8.s390x.rpm
libvirt-debuginfo-0.10.2-54.el6_7.8.s390.rpm
libvirt-debuginfo-0.10.2-54.el6_7.8.s390x.rpm
libvirt-devel-0.10.2-54.el6_7.8.s390.rpm
libvirt-devel-0.10.2-54.el6_7.8.s390x.rpm
libvirt-python-0.10.2-54.el6_7.8.s390x.rpm

x86_64:
libvirt-0.10.2-54.el6_7.8.x86_64.rpm
libvirt-client-0.10.2-54.el6_7.8.i686.rpm
libvirt-client-0.10.2-54.el6_7.8.x86_64.rpm
libvirt-debuginfo-0.10.2-54.el6_7.8.i686.rpm
libvirt-debuginfo-0.10.2-54.el6_7.8.x86_64.rpm
libvirt-devel-0.10.2-54.el6_7.8.i686.rpm
libvirt-devel-0.10.2-54.el6_7.8.x86_64.rpm
libvirt-python-0.10.2-54.el6_7.8.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 6.7):

x86_64:
libvirt-debuginfo-0.10.2-54.el6_7.8.x86_64.rpm
libvirt-lock-sanlock-0.10.2-54.el6_7.8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQxFNzjgjWX9erEAQj5/Q//QNeFyOFeMN0A4P83ao/7aLxDfU3Hc3+D
bBO7iWJS/1jre4QvcA9a1YBH/9HmfCbm+ewlIW8EF3A0bT0DRjwtTQ3P2vn9QqqA
Vzpc3qtk4hp/+hE2gJDSlt8QTxXhB6n+sQjYg9OLMU9HECy85QS1yIhgU7fLM+58
GY7nSdMNaTWHJrl5bpuNwXAeF5Yh49dZL62V0fKVHpWdrCy/RNJaqXecpiH12Y9i
wO6/pVdD0KfLYrB2pO9s8LVd71ND/V7P5RZbxFABCzm1E3mY+XSCmrBVdGsGw9B0
HwPjtYHxQI7kFgK+vxm0W/r7bD/eZh6r8z5v2mFG4ZuUWvLMpSlhnULlIG9LfPQs
Q2TMGPaObWAslLSM3dQAqKjCuqU66FKS5bAldhKzCDfLneSYzOvNcFrQ8PtAoSe6
o8vhheMMufnnftvsPFrv5YU2+vejvp7FkawjlE8p0m6b3oLaf50C24cp2DE8zcPy
p2d9DjpggVD+zVhFz9v1FSQGqWhr2drWVT1HlGc/gHUFBnf645sHqcOeDLihUpIc
uTW7XpTIKH/bCGsycmvOVcytHidTo80GX8ts6gJ4xjfiC04eaxpakHaL7OE7tZPg
WZVjXixpCTXMRFnQdjiDCDT3PmE7Orh6TqfDWfkgtkTWYZI5E6558opfL2DVjoDY
eoJMvAohlRE=
=J4xN
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147763)

Red Hat Security Advisory 2018-1690-01 (PacketStormID:F147763)
2018-05-23 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1690-01 - The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: vdsm security update
Advisory ID:       RHSA-2018:1690-01
Product:           Red Hat Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1690
Issue date:        2018-05-22
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for vdsm is now available for RHEV 3.X Hypervisor and Agents
Extended Lifecycle Support for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

RHEV-H and VDSM for 7 Hosts ELS - noarch

3. Description:

The VDSM service is required by a Virtualization Manager to manage the
Linux hosts. VDSM manages and monitors the host's storage, memory and
networks as well as virtual machine creation, other host administration
tasks, statistics gathering, and log collection.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the VDSM side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

RHEV-H and VDSM for 7 Hosts ELS:

Source:
vdsm-4.17.45-1.el7ev.src.rpm

noarch:
vdsm-4.17.45-1.el7ev.noarch.rpm
vdsm-cli-4.17.45-1.el7ev.noarch.rpm
vdsm-debug-plugin-4.17.45-1.el7ev.noarch.rpm
vdsm-hook-ethtool-options-4.17.45-1.el7ev.noarch.rpm
vdsm-hook-fcoe-4.17.45-1.el7ev.noarch.rpm
vdsm-hook-macspoof-4.17.45-1.el7ev.noarch.rpm
vdsm-hook-openstacknet-4.17.45-1.el7ev.noarch.rpm
vdsm-hook-vhostmd-4.17.45-1.el7ev.noarch.rpm
vdsm-hook-vmfex-dev-4.17.45-1.el7ev.noarch.rpm
vdsm-infra-4.17.45-1.el7ev.noarch.rpm
vdsm-jsonrpc-4.17.45-1.el7ev.noarch.rpm
vdsm-python-4.17.45-1.el7ev.noarch.rpm
vdsm-xmlrpc-4.17.45-1.el7ev.noarch.rpm
vdsm-yajsonrpc-4.17.45-1.el7ev.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQxA9zjgjWX9erEAQgmtw/7B9fO2MAzvMje7zOQWcyC5InjTwRcVE2M
MIHMz5jI+hP+YVNORQh8A1DAf3/W9WBV80FU6lGmy8oDmbPVEcICue9kjimaobJA
k3QRFucn7FjCPx6nOXtwB4Zvwx47F88Vg0A3z8sTwNFirSY9eO1iD8pdZSi80Oyj
HqTv+5G9zAJzaOmqib+eqPt60mrRzy7Rsku7isqXptEBBxp9Ss62mRP3xez/TYLv
YHnzrNjg6fWhEU1RRPHVoxrQYLjB1VnDN409gT4j30MDLP7mbhJTtuMROwFrF3mz
gVVHL7BAayhiHlebXXNH2+D8T/lkyeZ5MAoXi3inkkAQMayKUwwCltbbl2WNWBZg
KO8uoRrzegQt0EZ55WHF26PFHg4g0SCFHi6mh7c2uo/+8sZ+scn9PxaWdrJkFXJI
4Fib/Fh/F1sceWU0vBAEztzIhR+kM8WkG9OzUsjOx61ZgPTq7aYG+HWNcEmANd5G
iqXGXn2dAn+Vpcy4PvPXFhp5ouMSk4d3LZzEFugDUM/O/pQv+Yz10SJBX5ljjvib
TbaopLs53g8Z7Q/swXS5RNA58B4B/qW5LAveY+5eET+KjmwdJOk5YWJt8eTzEZQB
O8yqFTdGRpjOj+V9BIAovJi+ZoaQ2XBjjRPakZlgfJ4BLPzlBWpT2HfvVXs5yKlu
dhRs4/gWVSw=
=Wih8
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147762)

Red Hat Security Advisory 2018-1656-01 (PacketStormID:F147762)
2018-05-23 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1656-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm security update
Advisory ID:       RHSA-2018:1656-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1656
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.4
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.4):

Source:
qemu-kvm-0.12.1.2-2.355.el6_4.11.src.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.355.el6_4.11.x86_64.rpm
qemu-img-0.12.1.2-2.355.el6_4.11.x86_64.rpm
qemu-kvm-0.12.1.2-2.355.el6_4.11.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.11.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.355.el6_4.11.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 6.4):

x86_64:
qemu-guest-agent-win32-0.12.1.2-2.355.el6_4.11.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.355.el6_4.11.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQw/NzjgjWX9erEAQibHhAAnQB3w7HZPsbJL4CZmQ6RiV2jFetYREs4
3uKesj4cIVIg5J1LtGU7sr8HW6dObPGoaqUcTtufUJRGYeQ0K70HJBdnQp7uzG7E
8xR4IjPcYYlPXQKTkFSVRhSi70UMljLMrNKkSK0bx5SSTr6n9EDbgJ2NqqIUa/Se
ltBHixPaMZsGF039djGCmTaeqzApL54KxbRS7ypC5FI2nM6CmGNpSTzL7g30lgVu
ryb4IrmG6OeujXA6WYMRjR7/ELfZ/APQFBnZwY4SnBlO544mu6WT7dh2fqnOqZy4
7vfXvhw/S7BqhBW+YTh9dp+KKXaeU/GhIrdTtJ7G5eF2QC0wZp1NxHhq7CMN/ROE
sj12U4EEZwn0/J+/DZu8eoXsDu8vA1u4JYr0fhDKlnGL1grkfHyzS83isTrelPkr
Rug5Efss9YNrUlPJIjcvPRmGOBEwHev73PYGRbEq/T0BeLKK9w3aXJX35hfoSaCU
yNCkR06oH4q8mvK1kIvwOdkZOiPhezYDz91PsCZ9W7TO0meOyb1OVSL3z5KfsnhT
95g3HETNqfAkzO4kh/CG63mlkdWpwU1r4+SnzV88iZcqZIR8d47Iy/2SwZhISIzu
0b3T1Jh1Tp3TlhX86gJa0GpzlpAz3Hs0vuULuSnQz02K7B6V56R/rRe+1IsqZR3H
QDFk7cwzswg=
=J81W
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147761)

Red Hat Security Advisory 2018-1662-01 (PacketStormID:F147761)
2018-05-23 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1662-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm security update
Advisory ID:       RHSA-2018:1662-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1662
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.3
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.3) - ppc64, ppc64le, x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3):

Source:
qemu-kvm-1.5.3-126.el7_3.14.src.rpm

x86_64:
qemu-img-1.5.3-126.el7_3.14.x86_64.rpm
qemu-kvm-1.5.3-126.el7_3.14.x86_64.rpm
qemu-kvm-common-1.5.3-126.el7_3.14.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-126.el7_3.14.x86_64.rpm
qemu-kvm-tools-1.5.3-126.el7_3.14.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.3):

Source:
qemu-kvm-1.5.3-126.el7_3.14.src.rpm

ppc64:
qemu-img-1.5.3-126.el7_3.14.ppc64.rpm
qemu-kvm-debuginfo-1.5.3-126.el7_3.14.ppc64.rpm

ppc64le:
qemu-img-1.5.3-126.el7_3.14.ppc64le.rpm
qemu-kvm-debuginfo-1.5.3-126.el7_3.14.ppc64le.rpm

x86_64:
qemu-img-1.5.3-126.el7_3.14.x86_64.rpm
qemu-kvm-1.5.3-126.el7_3.14.x86_64.rpm
qemu-kvm-common-1.5.3-126.el7_3.14.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-126.el7_3.14.x86_64.rpm
qemu-kvm-tools-1.5.3-126.el7_3.14.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQw89zjgjWX9erEAQgKbQ//aYH1eeiZ58ROUldya0L537oBupzAYFje
KuMIGVqTss4nh9B3jYyeYY6v1m1zB5BK9QpXImIVmx8DZ1Fkviv1Z9LvxsCle78g
x5aOlXN4LJMBQ0seIQOuWMze5/4L2ZPSwedKa4jIiX623+aG9TUunuNhta2Me4cz
2rwozZpW1UKR2FNC94uKMB3sERo92w2b52fDjLuQpWvuiWN+aJWQzSGDYGFOWBLi
Jgb69BYp0rSgOwxKsns/+wWwbHbow7/H/WYHnwgx4jn3b6i7zBOJUbQDMlnr3FfP
4/SyvXimQrTdrWMgUouNLg4BxOIJyStypNmAb5cxIw6lcjz2n7IxrktNO7VR5Ko8
nIB6pw6aKzpPHClw8G90Edmsdnpct7eAUTui+OC3Y8CQrpnKZghtw8G1FmdSirwO
HILjx5BavJ02AQE84guYKCrFEjLjAaOC7/vNAA2JqYfDwxB+jU5iGfaXCPO2g/Hm
+1QZbUiXtA7WGYvkvrlu352tNCYb0TCmzNnq0fzOa83uUVi594Dl/L9n4sE1l6YN
wRThtXN9atxhoNH4TbvMKgJ0M6IP6imZyPiC13batjvuucJJgJ6KBGmtGyaD25Zl
keyM09qBVVGGd1mcc4VYvNt2Jsg+p/RizSNLNs4YFL7w/UnY04UqcdFTrzFzWCKg
UvRRtwiY0Uo=
=6bI2
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147760)

Red Hat Security Advisory 2018-1669-01 (PacketStormID:F147760)
2018-05-23 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1669-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: libvirt security update
Advisory ID:       RHSA-2018:1669-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1669
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for libvirt is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64

3. Description:

The libvirt library contains a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the libvirt side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, libvirtd will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
libvirt-0.10.2-62.el6_9.2.src.rpm

i386:
libvirt-0.10.2-62.el6_9.2.i686.rpm
libvirt-client-0.10.2-62.el6_9.2.i686.rpm
libvirt-debuginfo-0.10.2-62.el6_9.2.i686.rpm
libvirt-python-0.10.2-62.el6_9.2.i686.rpm

x86_64:
libvirt-0.10.2-62.el6_9.2.x86_64.rpm
libvirt-client-0.10.2-62.el6_9.2.i686.rpm
libvirt-client-0.10.2-62.el6_9.2.x86_64.rpm
libvirt-debuginfo-0.10.2-62.el6_9.2.i686.rpm
libvirt-debuginfo-0.10.2-62.el6_9.2.x86_64.rpm
libvirt-python-0.10.2-62.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
libvirt-debuginfo-0.10.2-62.el6_9.2.i686.rpm
libvirt-devel-0.10.2-62.el6_9.2.i686.rpm

x86_64:
libvirt-debuginfo-0.10.2-62.el6_9.2.i686.rpm
libvirt-debuginfo-0.10.2-62.el6_9.2.x86_64.rpm
libvirt-devel-0.10.2-62.el6_9.2.i686.rpm
libvirt-devel-0.10.2-62.el6_9.2.x86_64.rpm
libvirt-lock-sanlock-0.10.2-62.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
libvirt-0.10.2-62.el6_9.2.src.rpm

x86_64:
libvirt-0.10.2-62.el6_9.2.x86_64.rpm
libvirt-client-0.10.2-62.el6_9.2.i686.rpm
libvirt-client-0.10.2-62.el6_9.2.x86_64.rpm
libvirt-debuginfo-0.10.2-62.el6_9.2.i686.rpm
libvirt-debuginfo-0.10.2-62.el6_9.2.x86_64.rpm
libvirt-python-0.10.2-62.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
libvirt-debuginfo-0.10.2-62.el6_9.2.i686.rpm
libvirt-debuginfo-0.10.2-62.el6_9.2.x86_64.rpm
libvirt-devel-0.10.2-62.el6_9.2.i686.rpm
libvirt-devel-0.10.2-62.el6_9.2.x86_64.rpm
libvirt-lock-sanlock-0.10.2-62.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
libvirt-0.10.2-62.el6_9.2.src.rpm

i386:
libvirt-0.10.2-62.el6_9.2.i686.rpm
libvirt-client-0.10.2-62.el6_9.2.i686.rpm
libvirt-debuginfo-0.10.2-62.el6_9.2.i686.rpm
libvirt-devel-0.10.2-62.el6_9.2.i686.rpm
libvirt-python-0.10.2-62.el6_9.2.i686.rpm

ppc64:
libvirt-0.10.2-62.el6_9.2.ppc64.rpm
libvirt-client-0.10.2-62.el6_9.2.ppc.rpm
libvirt-client-0.10.2-62.el6_9.2.ppc64.rpm
libvirt-debuginfo-0.10.2-62.el6_9.2.ppc.rpm
libvirt-debuginfo-0.10.2-62.el6_9.2.ppc64.rpm
libvirt-devel-0.10.2-62.el6_9.2.ppc.rpm
libvirt-devel-0.10.2-62.el6_9.2.ppc64.rpm
libvirt-python-0.10.2-62.el6_9.2.ppc64.rpm

s390x:
libvirt-0.10.2-62.el6_9.2.s390x.rpm
libvirt-client-0.10.2-62.el6_9.2.s390.rpm
libvirt-client-0.10.2-62.el6_9.2.s390x.rpm
libvirt-debuginfo-0.10.2-62.el6_9.2.s390.rpm
libvirt-debuginfo-0.10.2-62.el6_9.2.s390x.rpm
libvirt-devel-0.10.2-62.el6_9.2.s390.rpm
libvirt-devel-0.10.2-62.el6_9.2.s390x.rpm
libvirt-python-0.10.2-62.el6_9.2.s390x.rpm

x86_64:
libvirt-0.10.2-62.el6_9.2.x86_64.rpm
libvirt-client-0.10.2-62.el6_9.2.i686.rpm
libvirt-client-0.10.2-62.el6_9.2.x86_64.rpm
libvirt-debuginfo-0.10.2-62.el6_9.2.i686.rpm
libvirt-debuginfo-0.10.2-62.el6_9.2.x86_64.rpm
libvirt-devel-0.10.2-62.el6_9.2.i686.rpm
libvirt-devel-0.10.2-62.el6_9.2.x86_64.rpm
libvirt-python-0.10.2-62.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

x86_64:
libvirt-debuginfo-0.10.2-62.el6_9.2.x86_64.rpm
libvirt-lock-sanlock-0.10.2-62.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
libvirt-0.10.2-62.el6_9.2.src.rpm

i386:
libvirt-0.10.2-62.el6_9.2.i686.rpm
libvirt-client-0.10.2-62.el6_9.2.i686.rpm
libvirt-debuginfo-0.10.2-62.el6_9.2.i686.rpm
libvirt-devel-0.10.2-62.el6_9.2.i686.rpm
libvirt-python-0.10.2-62.el6_9.2.i686.rpm

x86_64:
libvirt-0.10.2-62.el6_9.2.x86_64.rpm
libvirt-client-0.10.2-62.el6_9.2.i686.rpm
libvirt-client-0.10.2-62.el6_9.2.x86_64.rpm
libvirt-debuginfo-0.10.2-62.el6_9.2.i686.rpm
libvirt-debuginfo-0.10.2-62.el6_9.2.x86_64.rpm
libvirt-devel-0.10.2-62.el6_9.2.i686.rpm
libvirt-devel-0.10.2-62.el6_9.2.x86_64.rpm
libvirt-python-0.10.2-62.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

x86_64:
libvirt-debuginfo-0.10.2-62.el6_9.2.x86_64.rpm
libvirt-lock-sanlock-0.10.2-62.el6_9.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQw7NzjgjWX9erEAQhW6Q//X3vgcTXRi0xYP3Eot/Ko6Ho/zftZVrhL
jih9zdj/hNF7QDaPBBPurmCUTdurUPfsSyrGJlp5vb/3YhEQjmUF3vLquoAHR7UV
h5zVU11w1PPvrASwmRb1vdy9LA131YsNDeOEgYVX5GtMk8gjuu1YT6m1WD1U9/a1
B24mY0IIyC/ZGY3B7UxyePaJyPbyqIrHyZClDvg1pczaQ+tOEA6P96/gpItkLbAU
FeNHnLNWp4XAbEjs5XOwBL0N7QCzpuYsKKOIITML9ZRlfSojFDtOKTiAjaE8lHgH
3KW+0zvclsNT/bcRbiGaIHl+3RF1wZ/sfi+RV0tDIQIU7m/qvx133U1rf4pvG00h
XOXDl46Ezbey0tjKlJcRJEKSgRyqUyGalwW/Ul+snv6xM9MDqWMa+utLGBuf5aVD
uWbTozM7qEHfx7n2XKNzJvRHVSOALYXT+XogtmOr/xAt6gxkI/hpYJKrwcQtDpVh
WclQ1DjygI+yi1tG6t2MKuYPvkJ9hkTxsabV7t9yFoFsRT+FjMoD/VceNdpUVPeK
P/ngU93e1TYOSF9yho92I8lsaJXc0Hk5+B0vm1kuFVX/jf604QjD6lkcQK32EH05
sP3Sj5akazGlLx3E6A5enntdkIE6aKJOQL8VCNeg+/hqP0BZCnJJWVWIoa6+Q2oO
dwPZvwyusgo=
=I0hs
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147759)

Red Hat Security Advisory 2018-1633-01 (PacketStormID:F147759)
2018-05-23 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1633-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm security update
Advisory ID:       RHSA-2018:1633-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1633
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
qemu-kvm-1.5.3-156.el7_5.2.src.rpm

x86_64:
qemu-img-1.5.3-156.el7_5.2.x86_64.rpm
qemu-kvm-1.5.3-156.el7_5.2.x86_64.rpm
qemu-kvm-common-1.5.3-156.el7_5.2.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-156.el7_5.2.x86_64.rpm
qemu-kvm-tools-1.5.3-156.el7_5.2.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:
qemu-kvm-1.5.3-156.el7_5.2.src.rpm

x86_64:
qemu-img-1.5.3-156.el7_5.2.x86_64.rpm
qemu-kvm-1.5.3-156.el7_5.2.x86_64.rpm
qemu-kvm-common-1.5.3-156.el7_5.2.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-156.el7_5.2.x86_64.rpm
qemu-kvm-tools-1.5.3-156.el7_5.2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
qemu-kvm-1.5.3-156.el7_5.2.src.rpm

x86_64:
qemu-img-1.5.3-156.el7_5.2.x86_64.rpm
qemu-kvm-1.5.3-156.el7_5.2.x86_64.rpm
qemu-kvm-common-1.5.3-156.el7_5.2.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-156.el7_5.2.x86_64.rpm
qemu-kvm-tools-1.5.3-156.el7_5.2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
qemu-kvm-1.5.3-156.el7_5.2.src.rpm

x86_64:
qemu-img-1.5.3-156.el7_5.2.x86_64.rpm
qemu-kvm-1.5.3-156.el7_5.2.x86_64.rpm
qemu-kvm-common-1.5.3-156.el7_5.2.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-156.el7_5.2.x86_64.rpm
qemu-kvm-tools-1.5.3-156.el7_5.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQw3dzjgjWX9erEAQjRHhAAg7JsNEjDOPS+6ovojJMDRo70/ltYoPAI
YXoYfBO2fex8oFPzbqPEBg6E4pzlxar1bWTFfU4Zlw3WcD4pnDyxjPEfteke3eGy
9H2h3Lu2MerwilxrtLftWXQoaPDkCFO1HjtOpg+G4HRt28LsWfpuf7bfXbcZu+q9
Medx6+brduTPB1vWC4Uu01e96zdUc1cBp7PiBVShkyLEVkBlR7pqPT19AgluXwAj
5JC1ccEmy9H47VAGktdzt9BXh3K+r7k73yFYFwBfAeCV4ee4GmJUYDSpNpUMX8nI
6Md1HswlPP2fC1K8qq9Fv539NnSlsstBix3SClu6HeZe5tDW7ARgzUMLA6vfVMez
Qc1SzvT4yOUcYLQozWMPTFd/UlJikrg47TkGc/Qq3Wj75YXGa5/gUlQOAFLvy+27
wjCFk2JSC6uNzE1/tXx6eKPpyPrFEthvNrA/O1RR2xiUIaFCFBpSASFzF0jYmiqH
CHCN/Cg9GxqTqniyWhBMZ1bf5o/2bTrKHXn8KCyNTy96fFSkL9ZpQuWAsmv0eP+F
NV6UBQNlxmsGvU1GjpQbnRTrbq6nZy+g33GaYIJkLzD95RAw1luPopd9PSHJuE/b
ionCKP27nMJVV5MyQBaSpTZNF2D4YpL51uS9cmUJ46FGWKVqeOmdOnydcCkxBofR
i+rws00JXQM=
=fAb+
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147758)

Red Hat Security Advisory 2018-1689-01 (PacketStormID:F147758)
2018-05-23 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1689-01 - The rhevm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. The following packages have been upgraded to a later upstream version: rhevm-setup-plugins. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: rhevm-setup-plugins security update
Advisory ID:       RHSA-2018:1689-01
Product:           Red Hat Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1689
Issue date:        2018-05-22
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for rhevm-setup-plugins is now available for RHEV Manager version
3.6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

RHEV-M 3.6 ELS - noarch

3. Description:

The rhevm-setup-plugins package adds functionality exclusive only to Red
Hat Virtualization Manager, and is not available for the upstream
ovirt-engine. It includes the configuration of the Red Hat Support plugin,
copying downstream-only artifacts to the ISO domain, and links to the
knowledgebase and other support material.

The following packages have been upgraded to a later upstream version:
rhevm-setup-plugins (3.6.7). (BZ#1579010)

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the rhevm-setup-plugins side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

RHEV-M 3.6 ELS:

Source:
rhevm-setup-plugins-3.6.7-1.el6ev.src.rpm

noarch:
rhevm-setup-plugins-3.6.7-1.el6ev.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQw0dzjgjWX9erEAQjmSQ/+IcLTw6PSZi/3QDmxTGd7wBHfR5QKHZqh
nrb3NtkeNQ5sKsIx1h6V9siu6nuiX6hMK+P6IWPf5xCbIQG7pFsCr/FlpeDPxvZd
Jj/010M8RzU/90gzVmfKqxOu2UwcRKidBmLL5nsrrAjTR/O1JZqj78szAe0hfKbI
klyZzNXvoQw9DVXvsuiZ6FjWvumUIgg5L8u0yHf1OyDS7Zj1Rv5i5OyY2J3GwOlU
Yg5C92icsW7Pt2+0kn6N2rf8c+zd3XcmCaurUEd9oHwuNh1E9kpQ0eoVBHXyRO45
1fYzzv9nCJb4dShFXweVD5Ht6VOUtUcG1RXj2Ka2XyBGbwctqNcA59N/TseXDxph
f/LcmkgGuEBuzNAr/7QvQGT1o6PcS/Kgh22wcJ0RcEDYaZZFoIpJoor51lPFMyZU
MOM7UMskrtldcf3wT62QbyGbZFHec1uazjKFlvISWRcuLi4yuaxJ70u/M63GTw6v
2nAtDICE3+o51c+QUieLTzA+Gl8hsbNynn99+CzJQs5dyXRP8gznluoeUoQg7tns
lJSe0QecqbifitFOklJBe93KFNqHEiXSfNnJ9ROXLdC3/BZp0hECXflbeiKrDi0G
7C9+FHy7KQ8qlJ+3wp7wNwHRP7DnFyTINBPIQbq4iNyjMSiYwe6hL6n/V2i6acYU
FSHJ7WwnRmo=
=yb7v
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147757)

Red Hat Security Advisory 2018-1674-01 (PacketStormID:F147757)
2018-05-23 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1674-01 - The rhvm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. The following packages have been upgraded to a later upstream version: rhvm-setup-plugins. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: rhvm-setup-plugins security update
Advisory ID:       RHSA-2018:1674-01
Product:           Red Hat Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1674
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for rhvm-setup-plugins is now available for Red Hat
Virtualization Engine 4.2.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

RHV-M 4.2 - noarch

3. Description:

The rhvm-setup-plugins package adds functionality exclusive only to Red Hat
Virtualization Manager, and is not available for the upstream ovirt-engine.
It includes the configuration of the Red Hat Support plugin, copying
downstream-only artifacts to the ISO domain, and links to the knowledgebase
and other support material.

The following packages have been upgraded to a later upstream version:
rhvm-setup-plugins (4.2.9). (BZ#1579326)

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

RHV-M 4.2:

Source:
rhvm-setup-plugins-4.2.9-1.el7ev.src.rpm

noarch:
rhvm-setup-plugins-4.2.9-1.el7ev.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQwytzjgjWX9erEAQiYrRAAmhyczzTx0uPHsAS9agqFj/RKgj2bIU4v
sfahioE1iY+M/6T6ARyFeXcxUbslW7n9Rzvd0FxWSV86cWAEKb8av6A61X5rCFYX
xnoNcl4hdlIruc+hFtYmxZnkbP7gqym40e8+RwDRrXd2pZuGUcVpzQ23033Jc1CG
9Jnn0UkUztBriwX//wpHeq649Kgi4sI/GbpNLt3HzT4pTQAgO2LnfnMv5eu6wTsw
v/Wv42QU97g5VNuXet3Tjm8TrY7h009zy4cq9GDQ+2dA5BTyQGaIAn4MEcmald0Y
8RPAidGuTeAwF188eESXA8goiIbCgoXfyh5y+Uj1QjKOTJTuv+b82GcIx1JicJwU
I32vAAoQEn6THztRENLg/CDcdf3tJ/TsslKz02mqI09nK388nWwDpTp+2UofMpfv
djPRJVT/XIIH7EoFQAAhSHO6uePF1kNlues66c6u6MHmgRuF1ZW2YvilTn6S9itV
g6ApxUtU0VcOtSxsZngYb/rWHd5j+ru8hh4UXY49qZL2CtpUVtBuWNXQB/aDRwfc
dMv5+mmVvmxbuvy3f3+lkYMZeJ8mOrdYBGyyZwo5OfU3NbJYmP94jJhp1i88WF3R
NT8tkwAmaMsF2CTTYcPIGtkPDt3S7htSXAilSKsOpD4Rs2sSWeRTVTiNAcgnDBVV
xMnrAuIHsL4=
=CJr6
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147756)

Red Hat Security Advisory 2018-1665-01 (PacketStormID:F147756)
2018-05-23 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1665-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: libvirt security update
Advisory ID:       RHSA-2018:1665-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1665
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for libvirt is now available for Red Hat Enterprise Linux 6.5
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64

3. Description:

The libvirt library contains a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the libvirt side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, libvirtd will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.5):

Source:
libvirt-0.10.2-29.el6_5.16.src.rpm

x86_64:
libvirt-0.10.2-29.el6_5.16.x86_64.rpm
libvirt-client-0.10.2-29.el6_5.16.i686.rpm
libvirt-client-0.10.2-29.el6_5.16.x86_64.rpm
libvirt-debuginfo-0.10.2-29.el6_5.16.i686.rpm
libvirt-debuginfo-0.10.2-29.el6_5.16.x86_64.rpm
libvirt-devel-0.10.2-29.el6_5.16.i686.rpm
libvirt-devel-0.10.2-29.el6_5.16.x86_64.rpm
libvirt-python-0.10.2-29.el6_5.16.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 6.5):

Source:
libvirt-0.10.2-29.el6_5.16.src.rpm

x86_64:
libvirt-debuginfo-0.10.2-29.el6_5.16.x86_64.rpm
libvirt-lock-sanlock-0.10.2-29.el6_5.16.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQwq9zjgjWX9erEAQjHyRAAkqbnY9lGEwcPGhgZSYmcflWLajFkfbyM
bLk5JEFi9uGZCBBZq34cXonZQvLZtSWuCTEzUoa/iMztca5MF6WwnFtR7eNRp35V
9RTJvpOjqpQsiIasC/Wo0hq37Pix4iHn0ktOsOiyMr4PiABUspUxTXFh6ZEZOKJ1
NAalQiJGwe01v6nLNjvDpft3uuVltxjg4lG5MnhTQNxqLeSMckK5Z1HhVR1BEOZM
kD9Y2Mx6O8kaAMJPSfYMaRmK96xktLzZ2dbYNZTEgJZA7hbwkbxzgKFy6TwClZZO
BhGe/9l/eaAoOKw/Ude6qmTlVOyR0yHORkNWSuLHw55MepfZD+2M1It37gSZ77E/
97Wy+4PFw42UiMH2t1IlMpGDs8TPlssLKSNAhe2hz9vMiYc8VsbnbRAPqqttbIlP
/qN3enbX4lp+o7TLlCPL0q2QC34qsUQrlHihauRZTLdkMBzUOCt9P0gh/oUTwVmn
Si5C+vPDoRaFQKbUtkmvptX8wiUfhss2Y6oYPZoypOAB6Ms1YLcW18Bx8fzxrYq0
9vcSybFw4YinHMfRUrFrMTy6NGF0DfB/tXXK5tOfxIxKJ1oUmWT5o0NEJ9pl/Vgi
4PGm65w8q+8KsQK4+uVi+xPuPIfhC6XyG59rPHXGSV60HPOx6ffggd22l3ozXIVi
UTqmFxILHH4=
=6kJx
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147755)

Red Hat Security Advisory 2018-1659-01 (PacketStormID:F147755)
2018-05-23 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1659-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm security update
Advisory ID:       RHSA-2018:1659-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1659
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.7
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64
Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux HPC Node EUS (v. 6.7):

Source:
qemu-kvm-0.12.1.2-2.479.el6_7.7.src.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.479.el6_7.7.x86_64.rpm
qemu-img-0.12.1.2-2.479.el6_7.7.x86_64.rpm
qemu-kvm-0.12.1.2-2.479.el6_7.7.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.7.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.479.el6_7.7.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 6.7):

Source:
qemu-kvm-0.12.1.2-2.479.el6_7.7.src.rpm

i386:
qemu-guest-agent-0.12.1.2-2.479.el6_7.7.i686.rpm
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.7.i686.rpm

ppc64:
qemu-guest-agent-0.12.1.2-2.479.el6_7.7.ppc64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.7.ppc64.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.479.el6_7.7.x86_64.rpm
qemu-img-0.12.1.2-2.479.el6_7.7.x86_64.rpm
qemu-kvm-0.12.1.2-2.479.el6_7.7.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.479.el6_7.7.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.479.el6_7.7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQwntzjgjWX9erEAQgqIg//S3l80PbK4YoZsYy3KOepOQvOVuwxVpI3
AYA9hZ7e28id38cA5tI36m+rx+lkQdVD5AyoIY/stqhRdFiLvydOeHTztiiDr1ab
pCo7nRhFCP9LmvDJil65K74GkxBREGB1rXt7/TWmZrXuM0fPX4MgAYEFEkoE0wbW
ak3RNwk39oLtEjESd1/xzChQ2t7JYGRtftzp2HowJ/ohpU9pCVzBzWC72TgIQnHO
pPjUMFiuvFlzduIc6ZMhmT7oivNwGmXc/4jswwAAPDoqxodjzJ6nQCC1snEOHNCO
ffg96lMOVXGchcnZVWLl7lLx5npL3lzVEDMvWePafqZ1zGuiOSXk52Ml2BDz9Xbn
BoPHs+kA5pH/ggy2w9alq1FKOyTU8hGho8cXq087d+UsUdquQLKgq9pmkBHxY0Dk
f/58DHOt3oCB1FZ3CMJuat9y21JNWiA1DpSMlExhexYOF2X8ARz/r39ikD+y383y
hX3A15uY9vkvYGV5PHJYyHrrz7czsWgdqi55liUSojrjJ+TBTkb8f2dne3MkOA8l
83nrWYMZQp2qJBxH0uMfBRjcyzdxCnNSd79E8yCAzmain4vD/D62JbobY9/0cxzi
YGLhJcTdU9NIfphNMaWNdfqq61We7zHQn9KN4UExTO3ikTkguhX7BLYqfUqeSk76
27jVYeNH7v8=
=jS9o
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147754)

Red Hat Security Advisory 2018-1643-01 (PacketStormID:F147754)
2018-05-23 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1643-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm-rhev security update
Advisory ID:       RHSA-2018:1643-01
Product:           Red Hat Enterprise Linux OpenStack Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1643
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform
12.0 (Pike).

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 12.0 - ppc64le, x86_64

3. Description:

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm-rhev packages provide the
user-space component for running virtual machines that use KVM in
environments managed by Red Hat products.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm-rhev side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat OpenStack Platform 12.0:

Source:
qemu-kvm-rhev-2.10.0-21.el7_5.3.src.rpm

ppc64le:
qemu-img-rhev-2.10.0-21.el7_5.3.ppc64le.rpm
qemu-kvm-common-rhev-2.10.0-21.el7_5.3.ppc64le.rpm
qemu-kvm-rhev-2.10.0-21.el7_5.3.ppc64le.rpm
qemu-kvm-rhev-debuginfo-2.10.0-21.el7_5.3.ppc64le.rpm
qemu-kvm-tools-rhev-2.10.0-21.el7_5.3.ppc64le.rpm

x86_64:
qemu-img-rhev-2.10.0-21.el7_5.3.x86_64.rpm
qemu-kvm-common-rhev-2.10.0-21.el7_5.3.x86_64.rpm
qemu-kvm-rhev-2.10.0-21.el7_5.3.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.10.0-21.el7_5.3.x86_64.rpm
qemu-kvm-tools-rhev-2.10.0-21.el7_5.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQwk9zjgjWX9erEAQglCA/7Bjn5OZvdp0TOl/4uHhhJQQgPX9PwReEN
E+OxdLj2fqatjeo4hN+bdQMHBIjM8jp4uU/TY5Ax5h801afq1sVF2cnkhO0izDB/
lSanfWXPcdKMMwjGFAybfrqh352Ztms0+KhUAMKccQhrJOwAvBsuRCuBhKs/ISVK
l0+uXnwQpcDB9QoTHOV3GzVdWiHs047P9/PBhk77iDYuSdu5bLR3kSeUb6eUpkjs
EIMP66hCnyZFlwOGAPuMVpz9MaMlkDZtf+ceqS/QDMEYzSazelJWDPX79o7Ge4nh
kRPNHD7oWQ/8r5ZBsbpPaow1OikQne8iwhiX57Ok6ruFnJ3M9jv6YsnTCYwESM00
0rYlC/2AseAG3S62GHXc5jw753bBhxhYKLm8sktdjpp7flYwy5rdhIkEE7B1rCuk
fjWSRHw+OaZXZzlq1fzDPG3wCmK1EejcBnbMseePPDHiPGsMRnc/sd139MfxtLkO
ysYO+WYiUHlX86/vZhKsM6afbUo6gEHbTWWv5hwC3AgJyndyU/2q0snpWuFUUiyU
WH0dJph+l7A2MywhAGBXwrCRJY7cktxyW17+/Ywo+r45RFhYRi9MIg1J5sg6OB6d
Z+hU7FsgNfMXBGeJsoP8QdEkTbs6F7iLOhOHA5tqNOME7izk3drQ+jWLlgMQni+f
FeN11ZJYdyU=
=Xuyz
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147753)

Red Hat Security Advisory 2018-1652-01 (PacketStormID:F147753)
2018-05-23 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1652-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: libvirt security update
Advisory ID:       RHSA-2018:1652-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1652
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for libvirt is now available for Red Hat Enterprise Linux 7.4
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.4) - x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.4) - ppc64, ppc64le, s390x, x86_64

3. Description:

The libvirt library contains a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the libvirt side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, libvirtd will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.4):

Source:
libvirt-3.2.0-14.el7_4.10.src.rpm

x86_64:
libvirt-client-3.2.0-14.el7_4.10.i686.rpm
libvirt-client-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-debuginfo-3.2.0-14.el7_4.10.i686.rpm
libvirt-debuginfo-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-libs-3.2.0-14.el7_4.10.i686.rpm
libvirt-libs-3.2.0-14.el7_4.10.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4):

x86_64:
libvirt-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-admin-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-config-network-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-config-nwfilter-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-interface-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-lxc-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-network-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-nodedev-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-nwfilter-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-qemu-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-secret-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-storage-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-storage-core-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-storage-disk-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-storage-gluster-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-storage-logical-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-storage-mpath-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-storage-rbd-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-storage-scsi-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-kvm-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-lxc-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-debuginfo-3.2.0-14.el7_4.10.i686.rpm
libvirt-debuginfo-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-devel-3.2.0-14.el7_4.10.i686.rpm
libvirt-devel-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-docs-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-lock-sanlock-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-login-shell-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-nss-3.2.0-14.el7_4.10.i686.rpm
libvirt-nss-3.2.0-14.el7_4.10.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.4):

Source:
libvirt-3.2.0-14.el7_4.10.src.rpm

ppc64:
libvirt-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-client-3.2.0-14.el7_4.10.ppc.rpm
libvirt-client-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-daemon-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-daemon-config-network-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-daemon-config-nwfilter-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-daemon-driver-interface-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-daemon-driver-lxc-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-daemon-driver-network-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-daemon-driver-nodedev-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-daemon-driver-nwfilter-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-daemon-driver-qemu-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-daemon-driver-secret-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-daemon-driver-storage-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-daemon-driver-storage-core-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-daemon-driver-storage-disk-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-daemon-driver-storage-iscsi-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-daemon-driver-storage-logical-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-daemon-driver-storage-mpath-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-daemon-driver-storage-scsi-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-debuginfo-3.2.0-14.el7_4.10.ppc.rpm
libvirt-debuginfo-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-devel-3.2.0-14.el7_4.10.ppc.rpm
libvirt-devel-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-docs-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-libs-3.2.0-14.el7_4.10.ppc.rpm
libvirt-libs-3.2.0-14.el7_4.10.ppc64.rpm

ppc64le:
libvirt-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-client-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-daemon-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-daemon-config-network-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-daemon-config-nwfilter-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-daemon-driver-interface-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-daemon-driver-lxc-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-daemon-driver-network-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-daemon-driver-nodedev-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-daemon-driver-nwfilter-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-daemon-driver-qemu-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-daemon-driver-secret-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-daemon-driver-storage-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-daemon-driver-storage-core-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-daemon-driver-storage-disk-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-daemon-driver-storage-iscsi-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-daemon-driver-storage-logical-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-daemon-driver-storage-mpath-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-daemon-driver-storage-scsi-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-daemon-kvm-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-debuginfo-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-devel-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-docs-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-libs-3.2.0-14.el7_4.10.ppc64le.rpm

s390x:
libvirt-3.2.0-14.el7_4.10.s390x.rpm
libvirt-client-3.2.0-14.el7_4.10.s390.rpm
libvirt-client-3.2.0-14.el7_4.10.s390x.rpm
libvirt-daemon-3.2.0-14.el7_4.10.s390x.rpm
libvirt-daemon-config-network-3.2.0-14.el7_4.10.s390x.rpm
libvirt-daemon-config-nwfilter-3.2.0-14.el7_4.10.s390x.rpm
libvirt-daemon-driver-interface-3.2.0-14.el7_4.10.s390x.rpm
libvirt-daemon-driver-lxc-3.2.0-14.el7_4.10.s390x.rpm
libvirt-daemon-driver-network-3.2.0-14.el7_4.10.s390x.rpm
libvirt-daemon-driver-nodedev-3.2.0-14.el7_4.10.s390x.rpm
libvirt-daemon-driver-nwfilter-3.2.0-14.el7_4.10.s390x.rpm
libvirt-daemon-driver-secret-3.2.0-14.el7_4.10.s390x.rpm
libvirt-daemon-driver-storage-3.2.0-14.el7_4.10.s390x.rpm
libvirt-daemon-driver-storage-core-3.2.0-14.el7_4.10.s390x.rpm
libvirt-daemon-driver-storage-disk-3.2.0-14.el7_4.10.s390x.rpm
libvirt-daemon-driver-storage-iscsi-3.2.0-14.el7_4.10.s390x.rpm
libvirt-daemon-driver-storage-logical-3.2.0-14.el7_4.10.s390x.rpm
libvirt-daemon-driver-storage-mpath-3.2.0-14.el7_4.10.s390x.rpm
libvirt-daemon-driver-storage-scsi-3.2.0-14.el7_4.10.s390x.rpm
libvirt-debuginfo-3.2.0-14.el7_4.10.s390.rpm
libvirt-debuginfo-3.2.0-14.el7_4.10.s390x.rpm
libvirt-devel-3.2.0-14.el7_4.10.s390.rpm
libvirt-devel-3.2.0-14.el7_4.10.s390x.rpm
libvirt-docs-3.2.0-14.el7_4.10.s390x.rpm
libvirt-libs-3.2.0-14.el7_4.10.s390.rpm
libvirt-libs-3.2.0-14.el7_4.10.s390x.rpm

x86_64:
libvirt-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-client-3.2.0-14.el7_4.10.i686.rpm
libvirt-client-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-config-network-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-config-nwfilter-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-interface-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-lxc-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-network-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-nodedev-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-nwfilter-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-qemu-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-secret-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-storage-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-storage-core-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-storage-disk-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-storage-gluster-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-storage-logical-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-storage-mpath-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-storage-rbd-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-driver-storage-scsi-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-kvm-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-debuginfo-3.2.0-14.el7_4.10.i686.rpm
libvirt-debuginfo-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-devel-3.2.0-14.el7_4.10.i686.rpm
libvirt-devel-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-docs-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-libs-3.2.0-14.el7_4.10.i686.rpm
libvirt-libs-3.2.0-14.el7_4.10.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.4):

ppc64:
libvirt-admin-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-daemon-lxc-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-debuginfo-3.2.0-14.el7_4.10.ppc.rpm
libvirt-debuginfo-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-lock-sanlock-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-login-shell-3.2.0-14.el7_4.10.ppc64.rpm
libvirt-nss-3.2.0-14.el7_4.10.ppc.rpm
libvirt-nss-3.2.0-14.el7_4.10.ppc64.rpm

ppc64le:
libvirt-admin-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-daemon-lxc-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-debuginfo-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-lock-sanlock-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-login-shell-3.2.0-14.el7_4.10.ppc64le.rpm
libvirt-nss-3.2.0-14.el7_4.10.ppc64le.rpm

s390x:
libvirt-admin-3.2.0-14.el7_4.10.s390x.rpm
libvirt-daemon-lxc-3.2.0-14.el7_4.10.s390x.rpm
libvirt-debuginfo-3.2.0-14.el7_4.10.s390.rpm
libvirt-debuginfo-3.2.0-14.el7_4.10.s390x.rpm
libvirt-login-shell-3.2.0-14.el7_4.10.s390x.rpm
libvirt-nss-3.2.0-14.el7_4.10.s390.rpm
libvirt-nss-3.2.0-14.el7_4.10.s390x.rpm

x86_64:
libvirt-admin-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-daemon-lxc-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-debuginfo-3.2.0-14.el7_4.10.i686.rpm
libvirt-debuginfo-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-lock-sanlock-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-login-shell-3.2.0-14.el7_4.10.x86_64.rpm
libvirt-nss-3.2.0-14.el7_4.10.i686.rpm
libvirt-nss-3.2.0-14.el7_4.10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQwidzjgjWX9erEAQiB/hAAlX4ybN0Y9DDd6k5Cj/fgP7gSXq+Vdyln
ubPofL3EZkwloUqlrmk6ZxXPILzAJ9FENNapYeMqd67den+kYa6k+YusSwtuhM24
9ALNstHT8mETTleEuRtZbP1WTXF4nSC1CS+6LLjf0ZPVBF2Lm/fVl0vdUd4mt+T5
HG7L+yCIMy2jiJBYNKw9PWFgi/yo2G6LCeQIP1r2oH5KIXH+osu7v+yBBp2zNNKq
jnuRgLmIvGEmFmR1F1bgqGXygSJ8SrF/XU7GNCyBgl8VihsWR52DBt2ZSmxorGoi
KpCTqJifvQCuOFfIIoXd4e9/QhrjJNi7y/6qY3jUq2Xn8syyQJ5uf2RRlYGS26vL
LeJYR1fQxfQO1Z7PqdfX5djmhBRYUJgkzUplXaBBD0up4t7jQG3pk1ZovM4Mt4dh
mIp0ApEMw4k/YkS1AqPhfTGwGahdIvbZ8hA7acnQexoih2ABUKDOTM5RmLPUwvYe
29Wwk4FpQe9Qe8MZzt7ONfv2/g2BwfG6neoOPosiRg/GHUvFM4trngX0rofysTM0
UEEMrWRATHXlFRgIRiJDmlPhujG0cNdzxXo/e520dPkpZuqrnTNX1mYytyndVO9N
4xVw7ATESHalKrjHn8r5RgaKrqkcxpOiXntBzgGiSkXiCL5PHD+/bte6BemYnMOg
FWAJ41Q2HrQ=
=xqOm
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147752)

Red Hat Security Advisory 2018-1675-01 (PacketStormID:F147752)
2018-05-23 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1675-01 - The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: vdsm security update
Advisory ID:       RHSA-2018:1675-01
Product:           Red Hat Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1675
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for vdsm is now available for Red Hat Virtualization 4 for Red
Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch, ppc64le, x86_64

3. Description:

The VDSM service is required by a Virtualization Manager to manage the
Linux hosts. VDSM manages and monitors the host's storage, memory and
networks as well as virtual machine creation, other host administration
tasks, statistics gathering, and log collection.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the VDSM side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:

Source:
vdsm-4.20.27.2-1.el7ev.src.rpm

noarch:
vdsm-api-4.20.27.2-1.el7ev.noarch.rpm
vdsm-client-4.20.27.2-1.el7ev.noarch.rpm
vdsm-common-4.20.27.2-1.el7ev.noarch.rpm
vdsm-hook-cpuflags-4.20.27.2-1.el7ev.noarch.rpm
vdsm-hook-ethtool-options-4.20.27.2-1.el7ev.noarch.rpm
vdsm-hook-fcoe-4.20.27.2-1.el7ev.noarch.rpm
vdsm-hook-localdisk-4.20.27.2-1.el7ev.noarch.rpm
vdsm-hook-macspoof-4.20.27.2-1.el7ev.noarch.rpm
vdsm-hook-nestedvt-4.20.27.2-1.el7ev.noarch.rpm
vdsm-hook-openstacknet-4.20.27.2-1.el7ev.noarch.rpm
vdsm-hook-vfio-mdev-4.20.27.2-1.el7ev.noarch.rpm
vdsm-hook-vhostmd-4.20.27.2-1.el7ev.noarch.rpm
vdsm-hook-vmfex-dev-4.20.27.2-1.el7ev.noarch.rpm
vdsm-http-4.20.27.2-1.el7ev.noarch.rpm
vdsm-jsonrpc-4.20.27.2-1.el7ev.noarch.rpm
vdsm-python-4.20.27.2-1.el7ev.noarch.rpm
vdsm-yajsonrpc-4.20.27.2-1.el7ev.noarch.rpm

ppc64le:
vdsm-4.20.27.2-1.el7ev.ppc64le.rpm
vdsm-hook-checkips-4.20.27.2-1.el7ev.ppc64le.rpm
vdsm-hook-extra-ipv4-addrs-4.20.27.2-1.el7ev.ppc64le.rpm
vdsm-network-4.20.27.2-1.el7ev.ppc64le.rpm

x86_64:
vdsm-4.20.27.2-1.el7ev.x86_64.rpm
vdsm-hook-checkips-4.20.27.2-1.el7ev.x86_64.rpm
vdsm-hook-extra-ipv4-addrs-4.20.27.2-1.el7ev.x86_64.rpm
vdsm-network-4.20.27.2-1.el7ev.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQwfNzjgjWX9erEAQhE6Q/+PHgCwjvbje8dlckIiIRnK69URy9XRxXs
US6qWQXPXJjpKKTxWdyiC7QI4Di48ltJInns0H/6VQThxBgsESE9owWfyoXqS1di
VgmmJgD3VSZcuVosITIJKCwx0VGvvC5IkLrml3r9s8Ma4WWzx+A5MpurvewQZIhl
ACugZ8PR2TTMVjj4Biviq/8JYvtv5dakz+4+JJRFNY/WEoCQ6M/Wn7sPj6K2bCSQ
kupM9/XpTOifqZ4b2zSY44hG32TGSJalfD42CZaBtlahqPOrGa5+orObBoSl9yiM
ej+IEyWKNUDcss/CL/E08/ucSqMCK8nhik0Y3YCdv2cSeKzgKjCW/GbwrVi9oDh9
NEtnPHfk9bCIeXq4/0MZgJvCTSc8Dadkh3XEiBs8YCH2ccOzB9MpF9WDEGpdNADu
su9KRom3BR6RJesXVUpg3PgN9JbK7HmdkmstVSUwSZBHS04Pb/oS55vh7z4eUbxO
da3yc7Z1FLju7lH2qQ3KJzmCQNW5VdbgxBtwHFHJemurqcrSCyxWNIAaeNS5FwKl
xyKwVKqlYmhhrdnZ5y3HrZ26w439Ls7lyA6XmOHmhdqQIBrcPL6KQVOmtC4z+4Cz
pqB7OpE9gV34h835Q1Dvt8NnfEHM2QNcipAkyV8WOLLZ6QqMy3BA7s72O5eDCpzQ
UgcWpkNV0c8=
=wrqh
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147751)

Red Hat Security Advisory 2018-1648-01 (PacketStormID:F147751)
2018-05-23 00:00:00
Red Hat  
advisory,java,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1648-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: java-1.7.0-openjdk security update
Advisory ID:       RHSA-2018:1648-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1648
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise
Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le, s390x

3. Description:

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the OpenJDK side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el7_5.src.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-headless-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.8.el7_5.noarch.rpm

x86_64:
java-1.7.0-openjdk-accessibility-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el7_5.src.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-headless-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.8.el7_5.noarch.rpm

x86_64:
java-1.7.0-openjdk-accessibility-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el7_5.src.rpm

ppc64:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el7_5.ppc64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el7_5.ppc64.rpm
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el7_5.ppc64.rpm
java-1.7.0-openjdk-headless-1.7.0.181-2.6.14.8.el7_5.ppc64.rpm

ppc64le:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el7_5.ppc64le.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el7_5.ppc64le.rpm
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el7_5.ppc64le.rpm
java-1.7.0-openjdk-headless-1.7.0.181-2.6.14.8.el7_5.ppc64le.rpm

s390x:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el7_5.s390x.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el7_5.s390x.rpm
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el7_5.s390x.rpm
java-1.7.0-openjdk-headless-1.7.0.181-2.6.14.8.el7_5.s390x.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-headless-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el7_5.src.rpm

aarch64:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el7_5.aarch64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el7_5.aarch64.rpm
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el7_5.aarch64.rpm
java-1.7.0-openjdk-headless-1.7.0.181-2.6.14.8.el7_5.aarch64.rpm

ppc64le:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el7_5.ppc64le.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el7_5.ppc64le.rpm
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el7_5.ppc64le.rpm
java-1.7.0-openjdk-headless-1.7.0.181-2.6.14.8.el7_5.ppc64le.rpm

s390x:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el7_5.s390x.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el7_5.s390x.rpm
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el7_5.s390x.rpm
java-1.7.0-openjdk-headless-1.7.0.181-2.6.14.8.el7_5.s390x.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.8.el7_5.noarch.rpm

ppc64:
java-1.7.0-openjdk-accessibility-1.7.0.181-2.6.14.8.el7_5.ppc64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el7_5.ppc64.rpm
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el7_5.ppc64.rpm
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el7_5.ppc64.rpm

ppc64le:
java-1.7.0-openjdk-accessibility-1.7.0.181-2.6.14.8.el7_5.ppc64le.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el7_5.ppc64le.rpm
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el7_5.ppc64le.rpm
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el7_5.ppc64le.rpm

s390x:
java-1.7.0-openjdk-accessibility-1.7.0.181-2.6.14.8.el7_5.s390x.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el7_5.s390x.rpm
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el7_5.s390x.rpm
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el7_5.s390x.rpm

x86_64:
java-1.7.0-openjdk-accessibility-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

aarch64:
java-1.7.0-openjdk-accessibility-1.7.0.181-2.6.14.8.el7_5.aarch64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el7_5.aarch64.rpm
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el7_5.aarch64.rpm
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el7_5.aarch64.rpm

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.8.el7_5.noarch.rpm

ppc64le:
java-1.7.0-openjdk-accessibility-1.7.0.181-2.6.14.8.el7_5.ppc64le.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el7_5.ppc64le.rpm
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el7_5.ppc64le.rpm
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el7_5.ppc64le.rpm

s390x:
java-1.7.0-openjdk-accessibility-1.7.0.181-2.6.14.8.el7_5.s390x.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el7_5.s390x.rpm
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el7_5.s390x.rpm
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el7_5.s390x.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el7_5.src.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-headless-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.8.el7_5.noarch.rpm

x86_64:
java-1.7.0-openjdk-accessibility-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.8.el7_5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQwZ9zjgjWX9erEAQj+Rw/+NUmOpVtpd8fkEFq+YRzzL7HKzKz8bLV+
YalyT+LAtadVM1ploMGkuq1gxE38S8/lrG6EpdMU4/M2MQHbUyin7b4IkyVK9rwp
Dd0J0J8B7DPWtU2Fsgkk4ocIHchrD3f9sxLRhmf+j7mDb8iCCO0nbFsaUyIMhkQy
Dx+tmSw6beBRu9HZ2VO17mrmcQ8AZs7HMr3QdfpGiJgeIEdVdbM4/Oo7y/ZUrVhA
FLgXRLp+OL0bKdpLrlJY1kSJqqQbjlyVGqEtzstpZOavJZN0VL7UiYxhZHR2ZRYi
xgBtg9xVKAbJV11n2m+Z5CAlJloVbb6xD0OEYfuojGBAAJ/mWsd1rc2N6qyBzvpF
BYfgJ5tLZ8wrCw4krU2i9Ydme5/tVeyQJvnAmVNt8Ln5215hvotaSxia0pVP0uee
dh4VFqsnwV4qCI1taGnUizJnHbRARdVfkiq0eR1rH4xZSUrXf3N+cx0RSPk9F6kY
R9zrNiNwTzKj3ymXJThWQCsFOeDLHaoIVm0wF3MwIbWKOHBfpb3Q6JYBma8c3jjw
mmv0M4uVU5r1kyY8O487YrzetD3zKigVMlHUvlNe4OTVQ+xFsMNfBhVZPrhxfwoI
wcpLSF5+igBlQhfp8if0TXOg/qG5/16c5lRmvkjtaObjfFZ+YvtSWAxYSX0oshi2
yGe5JaUL79k=
=2Qyd
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147750)

Red Hat Security Advisory 2018-1686-01 (PacketStormID:F147750)
2018-05-23 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1686-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm-rhev security update
Advisory ID:       RHSA-2018:1686-01
Product:           Red Hat Enterprise Linux OpenStack Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1686
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux
OpenStack Platform 7.0 (Kilo) for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 - x86_64

3. Description:

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm-rhev packages provide the
user-space component for running virtual machines that use KVM in
environments managed by Red Hat products.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7:

Source:
qemu-kvm-rhev-2.9.0-16.el7_4.17.src.rpm

x86_64:
qemu-img-rhev-2.9.0-16.el7_4.17.x86_64.rpm
qemu-kvm-common-rhev-2.9.0-16.el7_4.17.x86_64.rpm
qemu-kvm-rhev-2.9.0-16.el7_4.17.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.9.0-16.el7_4.17.x86_64.rpm
qemu-kvm-tools-rhev-2.9.0-16.el7_4.17.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQwWtzjgjWX9erEAQhbzA//apHiQlcFqNmk3M1MMX1sugpfD/+92bhH
PGXxWvu+mV7De2BGkoTGEqX2cAo7ZOAJAdMW4zZg/IRSHXtCE9YxlyixxOna/OEt
lPqW+fht68dcoXZoBnEsoY6XuNtIwWzHDjRS2s0sexNLRT3t/YQnp0HnIFAd6F/E
GoEv4buQ+xfdGZYNpCd6Vg9jrT/w+9/hWy5PShKjScktHmBR/tvcqluS1SaluVFy
rwTgwrZVmifregn37T9GRIH/Vb628V4LGrwGN4VDGLKOSlNri1Dm2UlxYDBD3EaD
Q6JIGCV3XtB0+r1X9v+16AU3MokdA+d9JNY6DcYQtscINJ4Q0/krPZnU5+7tI7pq
LFjaTCPqPdNZmiyaxoKBk9a66v2eYSGVeFrx9S+Ej9DlYCwF/gksJlvYyKCasyRc
f6ytfF0Xpl5f2xLIRPBhoi25UCkh6k5khSJpri3rJ5gJTo+yQ6ZP+Y3upB9tmswr
wooA78mXLB1EsUToNgUgJxvQVRW/OUodrCxLiirGnJF6aZgYp5N+Q3FHH25khPBe
VjOOs20QiGNBqJoj1nlnilDI2qeGyM8b5G8cbhe3qDCCXC+1nqaaKYKDDPfyFK3H
W4rqM5j+0RuhpzG770I94a96IhC/gcstWVn/gsbif1tlwbNTeUMTFLaYmG4AxdVH
l/RkK5Q8/3Q=
=Gde/
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147749)

Red Hat Security Advisory 2018-1658-01 (PacketStormID:F147749)
2018-05-23 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1658-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm security update
Advisory ID:       RHSA-2018:1658-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1658
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.6
Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended
Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.6) - x86_64
Red Hat Enterprise Linux Server TUS (v. 6.6) - x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.6):

Source:
qemu-kvm-0.12.1.2-2.448.el6_6.6.src.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.448.el6_6.6.x86_64.rpm
qemu-img-0.12.1.2-2.448.el6_6.6.x86_64.rpm
qemu-kvm-0.12.1.2-2.448.el6_6.6.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.6.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.448.el6_6.6.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 6.6):

Source:
qemu-kvm-0.12.1.2-2.448.el6_6.6.src.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.448.el6_6.6.x86_64.rpm
qemu-img-0.12.1.2-2.448.el6_6.6.x86_64.rpm
qemu-kvm-0.12.1.2-2.448.el6_6.6.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.6.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.448.el6_6.6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQwS9zjgjWX9erEAQgB6RAAoAoZvcJTo5OQMCqptpRU4a+ZPmlB3C9C
2Z3vFhGS+sgF1FUkqMfy8JcFpVaDjFKK+TUAVFKTEz0Hhawd+0xYRuUKNku7DXHI
r5PK/2ex3AoJezXxkyuGwODKYjX0siG3nuIdGw+qD3VnIF1jaAVNpK+fnqzTVKrs
AdOMGv18xJw4joxDNZNUCi3jDfgAVLwAdLGyWzhYnmIT14BfOnuSo3YDmxoeV45X
Kmnj7rF4DQQPzPIejHf5stJu55iJM0cOWO51bmBakybIizFKdDKiCiGuVTsHkFXg
gHHxA7VwdrrSC2MofyBEP0jsd9LhFskZdi4+ZdmQT7tPbf59k6Nms+RoBgUGaNJv
zLAX9b2OusjR3deoe1KIdNF7KYG6B9YWuV7vnykT4Wofg/GUesFYr3SZpXxVtud8
fbCUh2OiYXROtXXIHj+D7E3TbR5HSMtbrVrPF4vyE3GQ5VyNBL82lFYl0vhh+IzW
HefX9XJEVYXT4dBZUEA1ombB2zn8lvYyXiQHThOF1BswlZmELEX72gxbrPWsGUr5
VXuufoLcUd9VLcrsloHDS6IqyWodKYczZSQL5rEnGxGL5osjSWcXq9WvS2MUzTTM
wVgjskHPLaozCO7/GitjRGNwKGiFAWbkb9IxeQV+e8hrAq2JD0X2RvW8fZtPd5o2
9eWpfBsNk3w=
=1FPw
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147748)

Red Hat Security Advisory 2018-1653-01 (PacketStormID:F147748)
2018-05-23 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1653-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: libvirt security update
Advisory ID:       RHSA-2018:1653-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1653
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for libvirt is now available for Red Hat Enterprise Linux 7.3
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.3) - x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.3) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.3) - ppc64, ppc64le, s390x, x86_64

3. Description:

The libvirt library contains a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the libvirt side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, libvirtd will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.3):

Source:
libvirt-2.0.0-10.el7_3.12.src.rpm

x86_64:
libvirt-client-2.0.0-10.el7_3.12.i686.rpm
libvirt-client-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-debuginfo-2.0.0-10.el7_3.12.i686.rpm
libvirt-debuginfo-2.0.0-10.el7_3.12.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3):

x86_64:
libvirt-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-config-network-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-config-nwfilter-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-driver-interface-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-driver-lxc-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-driver-network-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-driver-nodedev-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-driver-nwfilter-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-driver-qemu-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-driver-secret-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-driver-storage-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-kvm-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-lxc-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-debuginfo-2.0.0-10.el7_3.12.i686.rpm
libvirt-debuginfo-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-devel-2.0.0-10.el7_3.12.i686.rpm
libvirt-devel-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-docs-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-lock-sanlock-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-login-shell-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-nss-2.0.0-10.el7_3.12.i686.rpm
libvirt-nss-2.0.0-10.el7_3.12.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.3):

Source:
libvirt-2.0.0-10.el7_3.12.src.rpm

ppc64:
libvirt-2.0.0-10.el7_3.12.ppc64.rpm
libvirt-client-2.0.0-10.el7_3.12.ppc.rpm
libvirt-client-2.0.0-10.el7_3.12.ppc64.rpm
libvirt-daemon-2.0.0-10.el7_3.12.ppc64.rpm
libvirt-daemon-config-network-2.0.0-10.el7_3.12.ppc64.rpm
libvirt-daemon-config-nwfilter-2.0.0-10.el7_3.12.ppc64.rpm
libvirt-daemon-driver-interface-2.0.0-10.el7_3.12.ppc64.rpm
libvirt-daemon-driver-lxc-2.0.0-10.el7_3.12.ppc64.rpm
libvirt-daemon-driver-network-2.0.0-10.el7_3.12.ppc64.rpm
libvirt-daemon-driver-nodedev-2.0.0-10.el7_3.12.ppc64.rpm
libvirt-daemon-driver-nwfilter-2.0.0-10.el7_3.12.ppc64.rpm
libvirt-daemon-driver-qemu-2.0.0-10.el7_3.12.ppc64.rpm
libvirt-daemon-driver-secret-2.0.0-10.el7_3.12.ppc64.rpm
libvirt-daemon-driver-storage-2.0.0-10.el7_3.12.ppc64.rpm
libvirt-debuginfo-2.0.0-10.el7_3.12.ppc.rpm
libvirt-debuginfo-2.0.0-10.el7_3.12.ppc64.rpm
libvirt-devel-2.0.0-10.el7_3.12.ppc.rpm
libvirt-devel-2.0.0-10.el7_3.12.ppc64.rpm
libvirt-docs-2.0.0-10.el7_3.12.ppc64.rpm

ppc64le:
libvirt-2.0.0-10.el7_3.12.ppc64le.rpm
libvirt-client-2.0.0-10.el7_3.12.ppc64le.rpm
libvirt-daemon-2.0.0-10.el7_3.12.ppc64le.rpm
libvirt-daemon-config-network-2.0.0-10.el7_3.12.ppc64le.rpm
libvirt-daemon-config-nwfilter-2.0.0-10.el7_3.12.ppc64le.rpm
libvirt-daemon-driver-interface-2.0.0-10.el7_3.12.ppc64le.rpm
libvirt-daemon-driver-lxc-2.0.0-10.el7_3.12.ppc64le.rpm
libvirt-daemon-driver-network-2.0.0-10.el7_3.12.ppc64le.rpm
libvirt-daemon-driver-nodedev-2.0.0-10.el7_3.12.ppc64le.rpm
libvirt-daemon-driver-nwfilter-2.0.0-10.el7_3.12.ppc64le.rpm
libvirt-daemon-driver-qemu-2.0.0-10.el7_3.12.ppc64le.rpm
libvirt-daemon-driver-secret-2.0.0-10.el7_3.12.ppc64le.rpm
libvirt-daemon-driver-storage-2.0.0-10.el7_3.12.ppc64le.rpm
libvirt-debuginfo-2.0.0-10.el7_3.12.ppc64le.rpm
libvirt-devel-2.0.0-10.el7_3.12.ppc64le.rpm
libvirt-docs-2.0.0-10.el7_3.12.ppc64le.rpm

s390x:
libvirt-2.0.0-10.el7_3.12.s390x.rpm
libvirt-client-2.0.0-10.el7_3.12.s390.rpm
libvirt-client-2.0.0-10.el7_3.12.s390x.rpm
libvirt-daemon-2.0.0-10.el7_3.12.s390x.rpm
libvirt-daemon-config-network-2.0.0-10.el7_3.12.s390x.rpm
libvirt-daemon-config-nwfilter-2.0.0-10.el7_3.12.s390x.rpm
libvirt-daemon-driver-interface-2.0.0-10.el7_3.12.s390x.rpm
libvirt-daemon-driver-lxc-2.0.0-10.el7_3.12.s390x.rpm
libvirt-daemon-driver-network-2.0.0-10.el7_3.12.s390x.rpm
libvirt-daemon-driver-nodedev-2.0.0-10.el7_3.12.s390x.rpm
libvirt-daemon-driver-nwfilter-2.0.0-10.el7_3.12.s390x.rpm
libvirt-daemon-driver-secret-2.0.0-10.el7_3.12.s390x.rpm
libvirt-daemon-driver-storage-2.0.0-10.el7_3.12.s390x.rpm
libvirt-debuginfo-2.0.0-10.el7_3.12.s390.rpm
libvirt-debuginfo-2.0.0-10.el7_3.12.s390x.rpm
libvirt-devel-2.0.0-10.el7_3.12.s390.rpm
libvirt-devel-2.0.0-10.el7_3.12.s390x.rpm
libvirt-docs-2.0.0-10.el7_3.12.s390x.rpm

x86_64:
libvirt-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-client-2.0.0-10.el7_3.12.i686.rpm
libvirt-client-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-config-network-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-config-nwfilter-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-driver-interface-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-driver-lxc-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-driver-network-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-driver-nodedev-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-driver-nwfilter-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-driver-qemu-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-driver-secret-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-driver-storage-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-daemon-kvm-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-debuginfo-2.0.0-10.el7_3.12.i686.rpm
libvirt-debuginfo-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-devel-2.0.0-10.el7_3.12.i686.rpm
libvirt-devel-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-docs-2.0.0-10.el7_3.12.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.3):

ppc64:
libvirt-daemon-lxc-2.0.0-10.el7_3.12.ppc64.rpm
libvirt-debuginfo-2.0.0-10.el7_3.12.ppc.rpm
libvirt-debuginfo-2.0.0-10.el7_3.12.ppc64.rpm
libvirt-lock-sanlock-2.0.0-10.el7_3.12.ppc64.rpm
libvirt-login-shell-2.0.0-10.el7_3.12.ppc64.rpm
libvirt-nss-2.0.0-10.el7_3.12.ppc.rpm
libvirt-nss-2.0.0-10.el7_3.12.ppc64.rpm

ppc64le:
libvirt-daemon-kvm-2.0.0-10.el7_3.12.ppc64le.rpm
libvirt-daemon-lxc-2.0.0-10.el7_3.12.ppc64le.rpm
libvirt-debuginfo-2.0.0-10.el7_3.12.ppc64le.rpm
libvirt-lock-sanlock-2.0.0-10.el7_3.12.ppc64le.rpm
libvirt-login-shell-2.0.0-10.el7_3.12.ppc64le.rpm
libvirt-nss-2.0.0-10.el7_3.12.ppc64le.rpm

s390x:
libvirt-daemon-lxc-2.0.0-10.el7_3.12.s390x.rpm
libvirt-debuginfo-2.0.0-10.el7_3.12.s390.rpm
libvirt-debuginfo-2.0.0-10.el7_3.12.s390x.rpm
libvirt-login-shell-2.0.0-10.el7_3.12.s390x.rpm
libvirt-nss-2.0.0-10.el7_3.12.s390.rpm
libvirt-nss-2.0.0-10.el7_3.12.s390x.rpm

x86_64:
libvirt-daemon-lxc-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-debuginfo-2.0.0-10.el7_3.12.i686.rpm
libvirt-debuginfo-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-lock-sanlock-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-login-shell-2.0.0-10.el7_3.12.x86_64.rpm
libvirt-nss-2.0.0-10.el7_3.12.i686.rpm
libvirt-nss-2.0.0-10.el7_3.12.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQwQtzjgjWX9erEAQitFQ//flSrrXFUfqDkFyh8fIRR4Gx7hWjXyIeF
Svkc8dLPjy0OCVD9mfbbJZYXbcjfyFxQWyLbd1OCsKnCjgz5HhtR4FlsYyAf1Zff
UDQNTVgdi7lMM3aMmSZ7sUvEuKYCEr8gs/E6dBq+odPGQQRND9Bow06UiyuAbuS4
eI/2ldkXeibfj7JnSZV6AKjV3A1N2qkgKW18sNp96miuzheF3NUi+WrfEesnuhtq
PuR9ay238VixqOdl4QfRehCi4TlxkoOE8LK3HYnfixh6+BQUyoU0c6EX80jomPF3
1zVYTnQbkAYsFohxvM7pyjrrXQbOfhq/KLvh9DeFRBCqlYqKp8PBn+ZVir0FELPy
6yVly3WzlNPDDhhJ8cDKAl3PT3wqP5jZ/IEpFkA6NBTKzFO2Q1BCkxXw3gWNMgul
XNvk6jjOZMwpFZCRnelx4MdtiPJYmK3NRCcyI+kheLeXyHgjtqI73+2HN7QQu5+f
M+4x/1lV/2lrHGbLo4i7iWFtOCRVSU/qR6+G3l+4GzP3vcU2AUCeOn28Ir4waWfI
YEbNu1cQONHHd5wXxFov5eeFMxZ4rTPB1qvuxgVUoF1z/PNs7m4Y5T3hdLH/YakX
ki1eNu3IZm7D0BbyBX+0sNaHRYAri2+vkwxA6jc3bNXEsDZplwAnqxqJmshS3wNc
ygBFWz3h86c=
=ANgC
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147747)

Red Hat Security Advisory 2018-1668-01 (PacketStormID:F147747)
2018-05-23 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1668-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: libvirt security update
Advisory ID:       RHSA-2018:1668-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1668
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for libvirt is now available for Red Hat Enterprise Linux 7.2
Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update
Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP
Solutions.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.2) - x86_64
Red Hat Enterprise Linux Server E4S (v. 7.2) - ppc64le, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64
Red Hat Enterprise Linux Server Optional E4S (v. 7.2) - ppc64le, x86_64
Red Hat Enterprise Linux Server Optional TUS (v. 7.2) - x86_64
Red Hat Enterprise Linux Server TUS (v. 7.2) - x86_64

3. Description:

The libvirt library contains a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the libvirt side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, libvirtd will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.2):

Source:
libvirt-1.2.17-13.el7_2.8.src.rpm

x86_64:
libvirt-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-client-1.2.17-13.el7_2.8.i686.rpm
libvirt-client-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-config-network-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-config-nwfilter-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-interface-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-lxc-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-network-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-nodedev-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-nwfilter-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-qemu-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-secret-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-storage-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-kvm-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-debuginfo-1.2.17-13.el7_2.8.i686.rpm
libvirt-debuginfo-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-devel-1.2.17-13.el7_2.8.i686.rpm
libvirt-devel-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-docs-1.2.17-13.el7_2.8.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.2):

Source:
libvirt-1.2.17-13.el7_2.8.src.rpm

ppc64le:
libvirt-1.2.17-13.el7_2.8.ppc64le.rpm
libvirt-client-1.2.17-13.el7_2.8.ppc64le.rpm
libvirt-daemon-1.2.17-13.el7_2.8.ppc64le.rpm
libvirt-daemon-config-network-1.2.17-13.el7_2.8.ppc64le.rpm
libvirt-daemon-config-nwfilter-1.2.17-13.el7_2.8.ppc64le.rpm
libvirt-daemon-driver-interface-1.2.17-13.el7_2.8.ppc64le.rpm
libvirt-daemon-driver-lxc-1.2.17-13.el7_2.8.ppc64le.rpm
libvirt-daemon-driver-network-1.2.17-13.el7_2.8.ppc64le.rpm
libvirt-daemon-driver-nodedev-1.2.17-13.el7_2.8.ppc64le.rpm
libvirt-daemon-driver-nwfilter-1.2.17-13.el7_2.8.ppc64le.rpm
libvirt-daemon-driver-qemu-1.2.17-13.el7_2.8.ppc64le.rpm
libvirt-daemon-driver-secret-1.2.17-13.el7_2.8.ppc64le.rpm
libvirt-daemon-driver-storage-1.2.17-13.el7_2.8.ppc64le.rpm
libvirt-debuginfo-1.2.17-13.el7_2.8.ppc64le.rpm
libvirt-devel-1.2.17-13.el7_2.8.ppc64le.rpm
libvirt-docs-1.2.17-13.el7_2.8.ppc64le.rpm

x86_64:
libvirt-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-client-1.2.17-13.el7_2.8.i686.rpm
libvirt-client-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-config-network-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-config-nwfilter-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-interface-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-lxc-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-network-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-nodedev-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-nwfilter-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-qemu-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-secret-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-storage-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-kvm-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-debuginfo-1.2.17-13.el7_2.8.i686.rpm
libvirt-debuginfo-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-devel-1.2.17-13.el7_2.8.i686.rpm
libvirt-devel-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-docs-1.2.17-13.el7_2.8.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.2):

Source:
libvirt-1.2.17-13.el7_2.8.src.rpm

x86_64:
libvirt-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-client-1.2.17-13.el7_2.8.i686.rpm
libvirt-client-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-config-network-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-config-nwfilter-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-interface-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-lxc-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-network-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-nodedev-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-nwfilter-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-qemu-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-secret-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-driver-storage-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-daemon-kvm-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-debuginfo-1.2.17-13.el7_2.8.i686.rpm
libvirt-debuginfo-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-devel-1.2.17-13.el7_2.8.i686.rpm
libvirt-devel-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-docs-1.2.17-13.el7_2.8.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.2):

x86_64:
libvirt-daemon-lxc-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-debuginfo-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-lock-sanlock-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-login-shell-1.2.17-13.el7_2.8.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.2):

ppc64le:
libvirt-daemon-kvm-1.2.17-13.el7_2.8.ppc64le.rpm
libvirt-daemon-lxc-1.2.17-13.el7_2.8.ppc64le.rpm
libvirt-debuginfo-1.2.17-13.el7_2.8.ppc64le.rpm
libvirt-lock-sanlock-1.2.17-13.el7_2.8.ppc64le.rpm
libvirt-login-shell-1.2.17-13.el7_2.8.ppc64le.rpm

x86_64:
libvirt-daemon-lxc-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-debuginfo-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-lock-sanlock-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-login-shell-1.2.17-13.el7_2.8.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 7.2):

x86_64:
libvirt-daemon-lxc-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-debuginfo-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-lock-sanlock-1.2.17-13.el7_2.8.x86_64.rpm
libvirt-login-shell-1.2.17-13.el7_2.8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQwL9zjgjWX9erEAQi6wxAAiAaqx6gkbf882Ka0wLYzLLQpbUHiJwBG
0GPQBOLp/Hhik15f/K1UcA11p3CKB0dIz1VTnW8ds0YS42E8IIg8a7JNqJQ0lDXK
BNcTvQlHH6xVQX4d2zWqdCJ5J/mBJ+foSXEVe1wDy0OM3dCkd/5uhCS5pV0LgfvA
Knk/m2YK+82XKVLt9A/66MsfKTfpVgQfGA/IDlmc2CNWie1/RYJhVsaj6JcedrFZ
YQjblJAu00F1nrr2xjg5LP2aJsxmzqhdlGP1+3gKWn5cwcIKn/oLtXxJiFrlgCpS
sjS6yJla9s4fAV02vY2l4p2AbrgpomgPRMDKpFJmhY9VwC/JNzvmAV6iEjpZkxmY
CFHEDinK4x2St0mRO68lzkjyOHETFd6Gb6sy/Ka4Dge9iX/hZPtAVNr+tBXU396M
SBJm6Aa5JY1+TBcftHzh7BS6tJMHLu9XEFyp3GG5iievMVexzG9XtIfq9kuv6QlF
/VnPI/93L43uRUPxboUBfIS75zZjkw+/gauuJ8xO8mrEWkuinHYpemHMh6bootF8
9vLAkVXIG/xJMLizCw3YqedBzxyZyeFLdMSo6qNhIkfcSfDA0czPnJKLp7kBMgkm
XHkACHcr7GNVDvoE8BGxrwk2Q421LfY3CnZzBDm/2kE8wvNHfowwHy3rfndnvl8Y
RQQnVKzF14g=
=tIGD
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147746)

Red Hat Security Advisory 2018-1629-01 (PacketStormID:F147746)
2018-05-23 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1629-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update
Advisory ID:       RHSA-2018:1629-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1629
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch, ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - noarch, ppc64le

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This issue is present in hardware and cannot be fully fixed via
software update. The updated kernel packages provide software side of the
mitigation for this hardware issue. To be fully functional, up-to-date CPU
microcode applied on the system is required. Please refer to References
section for further information about this issue, CPU microcode
requirements and the potential performance impact.

In this update mitigations for x86-64 architecture are provided.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
kernel-3.10.0-862.3.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-862.3.2.el7.noarch.rpm
kernel-doc-3.10.0-862.3.2.el7.noarch.rpm

x86_64:
kernel-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debug-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.3.2.el7.x86_64.rpm
kernel-devel-3.10.0-862.3.2.el7.x86_64.rpm
kernel-headers-3.10.0-862.3.2.el7.x86_64.rpm
kernel-tools-3.10.0-862.3.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.3.2.el7.x86_64.rpm
perf-3.10.0-862.3.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
python-perf-3.10.0-862.3.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.3.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.3.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
kernel-3.10.0-862.3.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-862.3.2.el7.noarch.rpm
kernel-doc-3.10.0-862.3.2.el7.noarch.rpm

x86_64:
kernel-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debug-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.3.2.el7.x86_64.rpm
kernel-devel-3.10.0-862.3.2.el7.x86_64.rpm
kernel-headers-3.10.0-862.3.2.el7.x86_64.rpm
kernel-tools-3.10.0-862.3.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.3.2.el7.x86_64.rpm
perf-3.10.0-862.3.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
python-perf-3.10.0-862.3.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.3.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.3.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
kernel-3.10.0-862.3.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-862.3.2.el7.noarch.rpm
kernel-doc-3.10.0-862.3.2.el7.noarch.rpm

ppc64:
kernel-3.10.0-862.3.2.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-862.3.2.el7.ppc64.rpm
kernel-debug-3.10.0-862.3.2.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-862.3.2.el7.ppc64.rpm
kernel-debug-devel-3.10.0-862.3.2.el7.ppc64.rpm
kernel-debuginfo-3.10.0-862.3.2.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-862.3.2.el7.ppc64.rpm
kernel-devel-3.10.0-862.3.2.el7.ppc64.rpm
kernel-headers-3.10.0-862.3.2.el7.ppc64.rpm
kernel-tools-3.10.0-862.3.2.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-862.3.2.el7.ppc64.rpm
kernel-tools-libs-3.10.0-862.3.2.el7.ppc64.rpm
perf-3.10.0-862.3.2.el7.ppc64.rpm
perf-debuginfo-3.10.0-862.3.2.el7.ppc64.rpm
python-perf-3.10.0-862.3.2.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-862.3.2.el7.ppc64.rpm

ppc64le:
kernel-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-debug-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-devel-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-headers-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-tools-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-862.3.2.el7.ppc64le.rpm
perf-3.10.0-862.3.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-862.3.2.el7.ppc64le.rpm
python-perf-3.10.0-862.3.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-862.3.2.el7.ppc64le.rpm

s390x:
kernel-3.10.0-862.3.2.el7.s390x.rpm
kernel-debug-3.10.0-862.3.2.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-862.3.2.el7.s390x.rpm
kernel-debug-devel-3.10.0-862.3.2.el7.s390x.rpm
kernel-debuginfo-3.10.0-862.3.2.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-862.3.2.el7.s390x.rpm
kernel-devel-3.10.0-862.3.2.el7.s390x.rpm
kernel-headers-3.10.0-862.3.2.el7.s390x.rpm
kernel-kdump-3.10.0-862.3.2.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-862.3.2.el7.s390x.rpm
kernel-kdump-devel-3.10.0-862.3.2.el7.s390x.rpm
perf-3.10.0-862.3.2.el7.s390x.rpm
perf-debuginfo-3.10.0-862.3.2.el7.s390x.rpm
python-perf-3.10.0-862.3.2.el7.s390x.rpm
python-perf-debuginfo-3.10.0-862.3.2.el7.s390x.rpm

x86_64:
kernel-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debug-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.3.2.el7.x86_64.rpm
kernel-devel-3.10.0-862.3.2.el7.x86_64.rpm
kernel-headers-3.10.0-862.3.2.el7.x86_64.rpm
kernel-tools-3.10.0-862.3.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.3.2.el7.x86_64.rpm
perf-3.10.0-862.3.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
python-perf-3.10.0-862.3.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

noarch:
kernel-abi-whitelists-3.10.0-862.3.2.el7.noarch.rpm
kernel-doc-3.10.0-862.3.2.el7.noarch.rpm

ppc64le:
kernel-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-debug-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-devel-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-headers-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-tools-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-862.3.2.el7.ppc64le.rpm
perf-3.10.0-862.3.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-862.3.2.el7.ppc64le.rpm
python-perf-3.10.0-862.3.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-862.3.2.el7.ppc64le.rpm

s390x:
kernel-3.10.0-862.3.2.el7.s390x.rpm
kernel-debug-3.10.0-862.3.2.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-862.3.2.el7.s390x.rpm
kernel-debug-devel-3.10.0-862.3.2.el7.s390x.rpm
kernel-debuginfo-3.10.0-862.3.2.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-862.3.2.el7.s390x.rpm
kernel-devel-3.10.0-862.3.2.el7.s390x.rpm
kernel-headers-3.10.0-862.3.2.el7.s390x.rpm
kernel-kdump-3.10.0-862.3.2.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-862.3.2.el7.s390x.rpm
kernel-kdump-devel-3.10.0-862.3.2.el7.s390x.rpm
perf-3.10.0-862.3.2.el7.s390x.rpm
perf-debuginfo-3.10.0-862.3.2.el7.s390x.rpm
python-perf-3.10.0-862.3.2.el7.s390x.rpm
python-perf-debuginfo-3.10.0-862.3.2.el7.s390x.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
kernel-debug-debuginfo-3.10.0-862.3.2.el7.ppc64.rpm
kernel-debuginfo-3.10.0-862.3.2.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-862.3.2.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-862.3.2.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-862.3.2.el7.ppc64.rpm
perf-debuginfo-3.10.0-862.3.2.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-862.3.2.el7.ppc64.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-862.3.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-862.3.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-862.3.2.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.3.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.3.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

noarch:
kernel-doc-3.10.0-862.3.2.el7.noarch.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-862.3.2.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-862.3.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-862.3.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-862.3.2.el7.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
kernel-3.10.0-862.3.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-862.3.2.el7.noarch.rpm
kernel-doc-3.10.0-862.3.2.el7.noarch.rpm

x86_64:
kernel-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debug-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.3.2.el7.x86_64.rpm
kernel-devel-3.10.0-862.3.2.el7.x86_64.rpm
kernel-headers-3.10.0-862.3.2.el7.x86_64.rpm
kernel-tools-3.10.0-862.3.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.3.2.el7.x86_64.rpm
perf-3.10.0-862.3.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
python-perf-3.10.0-862.3.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.3.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.3.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.3.2.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQwJ9zjgjWX9erEAQjdlRAAnQOZuo+CoE6OSnS78PFeELe6CxOn4IeC
aOuX294mGfx6k/C8ttrjHa1sthc9Wzup3+Cg+sWDZoewLti1t/FKEohX8XEGnv93
MGVs0t0K3RyQjWO74a9WmS6u6B8vzSrowfvifBp/B88hAc6wn8QlZSy5+n2SeDKO
UZWjrQFYTl+QW38TrEHuKj2+Vgh4Yt5+L7V30OJmSsOCddX4cwqoSAFSBpooNKZG
OvxxPa8WL/93FOvKxTZiBbY1jjvO9pZ8TS4zzZT/xvWGyz1tiIuoPlZdKIbKYtR4
/eNE2ywbMnS6SB0eLLanDmFvbQSAQ/jjqi3VAYcY/+4ouZBZGxd/Q44gYmqpnRjq
vWajY+ZTq9/v31rmkNsFHL3GPI3r61Lvft03g5zeVfGZoaLUmQVNNT3iKABxLU+9
BUOt3IZcUEl38hrESNYbRiVYJ+WEm2kP1RdAYo7J5t3hc9c+0Qn4Ip1IkeYZb5xU
tOkh8TJ1Y1nPKAeJjslCQp45o6LsbCmB71yWLH1OpTHkRlwMUOTxwZ3SFMrGUxuW
nRZfQdvIfxHhE3jbyTE5CMRYAlxwhJ4Ycfmz1pwWE8gGzTZL+GjYTmWy6T+4rqB9
gs3/N964DO2wfe3mY1tE8dpxQsM9hHAlZTLMnz/58DcpvpIoZ6vQqy6RW3DTJVLN
Pn8ApLQeYNw=
=yJKD
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147745)

Red Hat Security Advisory 2018-1642-01 (PacketStormID:F147745)
2018-05-23 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1642-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security update
Advisory ID:       RHSA-2018:1642-01
Product:           Red Hat Enterprise MRG for RHEL-6
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1642
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise MRG 2.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This issue is present in hardware and cannot be fully fixed via
software update. The updated kernel packages provide software side of the
mitigation for this hardware issue. To be fully functional, up-to-date CPU
microcode applied on the system is required. Please refer to References
section for further information about this issue, CPU microcode
requirements and the potential performance impact.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat MRG Realtime for RHEL 6 Server v.2:

Source:
kernel-rt-3.10.0-693.25.7.rt56.615.el6rt.src.rpm

noarch:
kernel-rt-doc-3.10.0-693.25.7.rt56.615.el6rt.noarch.rpm
kernel-rt-firmware-3.10.0-693.25.7.rt56.615.el6rt.noarch.rpm

x86_64:
kernel-rt-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm
kernel-rt-debug-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm
kernel-rt-debug-devel-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm
kernel-rt-debuginfo-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm
kernel-rt-devel-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm
kernel-rt-trace-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm
kernel-rt-trace-devel-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm
kernel-rt-vanilla-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm
kernel-rt-vanilla-devel-3.10.0-693.25.7.rt56.615.el6rt.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQwB9zjgjWX9erEAQjtcQ/9EB/88mKc2JdWHfsVAvJhWDjjh6Ne3hwN
yZ//5GLS2EJvD0EmzcIr1Azd0yw5h6XrkPFVG8Tb0eRcaho9q7sj6a2/5I/uZ8gF
WTMs9HGO7JEOG42SOmlxs7OykApBykOM3xOXtCphcg4aKKc14UcPA3YC4tsvm+hF
GDfE6Q9tx/WZdgD2Uk6yGrTelMdOBR+ztKwjJAY8sgJK5J9C+ps6JMLkGzHAl5w6
JW7arLvWlqrfSVEiy9jv7WqRyzh1hWFgMEpVwuL61ji4d2pX5a2TYzMpx3mNFRi2
hvjiBN1EQu1hi1/L8LN6fhF8R+kOhDgj09VEmtzB6ybiV2kkguxaN5bOY4KeBOKw
2AdbhB7LZ9GcEvx0PeeW77E26aQfHmbZhJdjZP7n9PjNxDA9UyloBIsfABuNS/Ly
/ASMz09+CyRjMHYJjVSyK8RmQ4Md8MZ4MF8tPrGCWQqbh2rC4F0ZELxzskO7IF3X
I+HlynxRW/1Fmiqc/fLdXimbpNeie4qSCjVnIUuWQd7MfcjnV8I9DXbrtfFKz36Y
jiCo0Cgo+YHdse2zy52cx9ULEYcCYvBjxpLxDpcoYtnBjFkj/h/b/HEvfvej8TLO
aFtkjXMOjf36INQWBu9hm7xsiPaN40kFEUbTZLB9q1vfeqRt146p3xda19GMol7V
0/ntie0NXUE=
=SuIh
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147744)

Red Hat Security Advisory 2018-1661-01 (PacketStormID:F147744)
2018-05-23 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1661-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm security update
Advisory ID:       RHSA-2018:1661-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1661
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.2
Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update
Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP
Solutions.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.2) - x86_64
Red Hat Enterprise Linux Server E4S (v. 7.2) - ppc64le, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64
Red Hat Enterprise Linux Server Optional E4S (v. 7.2) - ppc64le, x86_64
Red Hat Enterprise Linux Server Optional TUS (v. 7.2) - x86_64
Red Hat Enterprise Linux Server TUS (v. 7.2) - x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.2):

Source:
qemu-kvm-1.5.3-105.el7_2.17.src.rpm

x86_64:
libcacard-1.5.3-105.el7_2.17.i686.rpm
libcacard-1.5.3-105.el7_2.17.x86_64.rpm
qemu-img-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-common-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.i686.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-tools-1.5.3-105.el7_2.17.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.2):

Source:
qemu-kvm-1.5.3-105.el7_2.17.src.rpm

ppc64le:
qemu-img-1.5.3-105.el7_2.17.ppc64le.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.ppc64le.rpm

x86_64:
libcacard-1.5.3-105.el7_2.17.i686.rpm
libcacard-1.5.3-105.el7_2.17.x86_64.rpm
qemu-img-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-common-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.i686.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-tools-1.5.3-105.el7_2.17.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.2):

Source:
qemu-kvm-1.5.3-105.el7_2.17.src.rpm

x86_64:
libcacard-1.5.3-105.el7_2.17.i686.rpm
libcacard-1.5.3-105.el7_2.17.x86_64.rpm
qemu-img-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-common-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.i686.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-tools-1.5.3-105.el7_2.17.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.2):

x86_64:
libcacard-devel-1.5.3-105.el7_2.17.i686.rpm
libcacard-devel-1.5.3-105.el7_2.17.x86_64.rpm
libcacard-tools-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.i686.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.2):

ppc64le:
libcacard-1.5.3-105.el7_2.17.ppc64le.rpm
libcacard-devel-1.5.3-105.el7_2.17.ppc64le.rpm
libcacard-tools-1.5.3-105.el7_2.17.ppc64le.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.ppc64le.rpm

x86_64:
libcacard-devel-1.5.3-105.el7_2.17.i686.rpm
libcacard-devel-1.5.3-105.el7_2.17.x86_64.rpm
libcacard-tools-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.i686.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 7.2):

x86_64:
libcacard-devel-1.5.3-105.el7_2.17.i686.rpm
libcacard-devel-1.5.3-105.el7_2.17.x86_64.rpm
libcacard-tools-1.5.3-105.el7_2.17.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.i686.rpm
qemu-kvm-debuginfo-1.5.3-105.el7_2.17.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQqMtzjgjWX9erEAQhz4g/+P5UH4oBk7Oxv6k6Yxa+lf5ZMrSvFe+9U
W4bch6nEWTAV6fMTfybfRgVDGF8WWyqaCNC3gjqA+xAveTo81IRHtyOT2I2+Zr45
+t/niCIORdASGV1thP1/DefctpyWN1oTYpxGPeNWfhfA4hCl/v6GGFOo9tst5hJ6
bB2aXDQmRHYhea4y2y4XHGoYI38CpnuC/eDUyDf4f5JwNCNcuZhdiXRWvvZlsVvT
gqq6fVKOIfg4sA2qxKEG11svg8bk9SmIi53D5fIH+2AWY4sFazItdKDCap6PzUmP
1MwqfgaD2TgBP56PFAtQemimgmvARTHbkwR3qAg6xfYbyoWYBJhI88SmMUL7qGO/
dQ5wYA/9GwyCMB/OhIO9qMyKGzSFfEF/v7+4H0QPjv2JRE21qvq+tpBLh5KVAcmO
OglxEmUSSjuUOBakyvMTpVmGOUofCbu7xYmmA19ZDzqu+HhXvxQ6j5Q62kShD4Sb
DlRborQvocRHdKf1ru7cKolmJ8VCQjdTbVeTIAvZzQ3rMwBRhQ483zAw/MSMDHI8
pAJOM34fMtqub7jxNe1NDIRxuXEmbaJFBY7PYnIYhcRK+J7vdkYSyo9H4DXuWFik
875z/O5MpLXZ9PO6vOnweiUmJ+bhJGZ4hcRuhPwWag18a8yGjM7XNsNt1Pn8qW0O
NvFUoTSfELw=
=E6y6
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147743)

Red Hat Security Advisory 2018-1644-01 (PacketStormID:F147743)
2018-05-23 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1644-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm-rhev security update
Advisory ID:       RHSA-2018:1644-01
Product:           Red Hat Enterprise Linux OpenStack Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1644
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform
10.0 (Newton).

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 10.0 - x86_64

3. Description:

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm-rhev packages provide the
user-space component for running virtual machines that use KVM in
environments managed by Red Hat products.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm-rhev side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat OpenStack Platform 10.0:

Source:
qemu-kvm-rhev-2.10.0-21.el7_5.3.src.rpm

x86_64:
qemu-img-rhev-2.10.0-21.el7_5.3.x86_64.rpm
qemu-kvm-common-rhev-2.10.0-21.el7_5.3.x86_64.rpm
qemu-kvm-rhev-2.10.0-21.el7_5.3.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.10.0-21.el7_5.3.x86_64.rpm
qemu-kvm-tools-rhev-2.10.0-21.el7_5.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQqKdzjgjWX9erEAQhJqQ/9GcSmF+rGkARprUAQ2dadNz1lqbhOomlS
25PvF7/IeCjuzQwrOm84lFo76sqFD5Ta1+4Negecpp2X4jDtmf9IisAWMfvsXBnq
672GJ0adzeTVAcpDc27Vuv3Boq9rwvC3AHWPyQ7ZciDe0taBvPano/Toe6z3c2cE
+yUGjMaC1qleBCm5FY1I7a8OKagHT7gKl+DWIIQzM4lg2C44wYZzJQMq/pxTAnUn
HzTW3y++jKa1KiPfZf45XTil81SMjHt1tBBNeNGH44K6lekPCNaqZUqjlBZFcQZi
Eh1PfATLs5qiK9XGE0r8UJLtkFFaDCuDdwWL6ivtaEJlhZPq6g2x9AdtoFpvkRC/
RDRXIRhIuZk45fe7hV+GQmLh74ZdpOGS8wbij5Mjq2EeQtgjH4Va3lJJcYEbuhZ1
JxSYqSCjpV9J1AVeQSwYrQIOsgdY3tqkvH3UarSisUKSqA99nxz1jhnRnMRYQ1wI
TZQ7xSD/klOiJMtXN14SkWncr6Yy7uEGf9Su0ESYQtPz026qio9snEc4hpkaQf4u
t9CB0dPXjw3UHYvB7O69Pl3OCY0k+DtJ6STTAyCsHON+3drSMfL+LAlo2JCSxnAo
L7C272zH6KAn5ov2Bv6kZVPwVoMggxVBvRfw+EMqJB0aaZL1RL//8NR70SXLSLDs
ZFoQJPCuzYU=
=B/Vi
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147742)

Red Hat Security Advisory 2018-1688-01 (PacketStormID:F147742)
2018-05-23 00:00:00
Red Hat  
advisory,root,vulnerability
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1688-01 - The org.ovirt.engine-root is a core component of oVirt. Issues addressed include backup related and bypass vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: org.ovirt.engine-root security update
Advisory ID:       RHSA-2018:1688-01
Product:           Red Hat Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1688
Issue date:        2018-05-22
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for org.ovirt.engine-root is now available for RHEV Manager
version 3.6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

RHEV-M 3.6 ELS - noarch

3. Description:

The org.ovirt.engine-root is a core component of oVirt.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the org.ovirt.engine-root side of the CVE-2018-3639
mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

RHEV-M 3.6 ELS:

Source:
rhevm-3.6.13.2-0.1.el6.src.rpm

noarch:
rhevm-3.6.13.2-0.1.el6.noarch.rpm
rhevm-backend-3.6.13.2-0.1.el6.noarch.rpm
rhevm-dbscripts-3.6.13.2-0.1.el6.noarch.rpm
rhevm-extensions-api-impl-3.6.13.2-0.1.el6.noarch.rpm
rhevm-extensions-api-impl-javadoc-3.6.13.2-0.1.el6.noarch.rpm
rhevm-lib-3.6.13.2-0.1.el6.noarch.rpm
rhevm-restapi-3.6.13.2-0.1.el6.noarch.rpm
rhevm-setup-3.6.13.2-0.1.el6.noarch.rpm
rhevm-setup-base-3.6.13.2-0.1.el6.noarch.rpm
rhevm-setup-plugin-ovirt-engine-3.6.13.2-0.1.el6.noarch.rpm
rhevm-setup-plugin-ovirt-engine-common-3.6.13.2-0.1.el6.noarch.rpm
rhevm-setup-plugin-vmconsole-proxy-helper-3.6.13.2-0.1.el6.noarch.rpm
rhevm-setup-plugin-websocket-proxy-3.6.13.2-0.1.el6.noarch.rpm
rhevm-tools-3.6.13.2-0.1.el6.noarch.rpm
rhevm-tools-backup-3.6.13.2-0.1.el6.noarch.rpm
rhevm-userportal-3.6.13.2-0.1.el6.noarch.rpm
rhevm-userportal-debuginfo-3.6.13.2-0.1.el6.noarch.rpm
rhevm-vmconsole-proxy-helper-3.6.13.2-0.1.el6.noarch.rpm
rhevm-webadmin-portal-3.6.13.2-0.1.el6.noarch.rpm
rhevm-webadmin-portal-debuginfo-3.6.13.2-0.1.el6.noarch.rpm
rhevm-websocket-proxy-3.6.13.2-0.1.el6.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQp+9zjgjWX9erEAQjRbA/9FOUSwXrlbDl+1p5bGeW5T9jMY7uX+FSC
jmOsIWoCASsdpBcwVnlcTnPhpma5gQtzQ2aIliu2/rI+Vid3BYCHkyRBX+TNlndo
AtCULiEaCq0hTuUdmZdMGXMkeI/wstq/jGFksn4uL4vw8zlqgxrKNN0D7/Mk0HLU
EFRikLDCTMbk5uPSmOW5i1TLMZ7pe+gNhJX3fkJWj2AxkpAm7aQ7+PTv3Ja9FMMM
X13vQ7P7J1oJtGlBVPSh9JSlReqzEOBm4Yo56FfYSUU6jJVubCMDfpjtq6uOig71
UlAfEQM6u/+Sp7ni/xOb4mFULAjhAvrn7lIxABF3wQ51YB99TIx5BXI2Ih23GMWk
9TTxQhmg327hm/ymIAJnsIp1zEwmd6fyNiI00cR7wGKwuiXPIWYPzCOV5KacMn28
5kgm5hbHY9wIpru22nc4psCQ/jsw+Ulmk6LmUrN1jpMAFBTCIO2hw0xOQWm1h4hh
TgbIFOGqqPB3d3oFLnK+5rp8oIeSvB9L0Y3Qamzv0yrLZx1DVNiKEvfQuKslLp5w
MrgMKNY5S+ngTwTVt5Jm2ECUAd59CMf8F08SIk++X7B+OPoQ43yEpyVNd2HtGH16
zmA56Iz7q11iVUnRX+DDAt74l8F9r69DF+Mt31WcGpw53d7RRik1KxI4lx7AZqtp
2jnhkhnaemo=
=4Zoc
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147741)

Red Hat Security Advisory 2018-1632-01 (PacketStormID:F147741)
2018-05-23 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1632-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: libvirt security update
Advisory ID:       RHSA-2018:1632-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1632
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for libvirt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x

3. Description:

The libvirt library contains a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the libvirt side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, libvirtd will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
libvirt-3.9.0-14.el7_5.5.src.rpm

x86_64:
libvirt-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-client-3.9.0-14.el7_5.5.i686.rpm
libvirt-client-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-config-network-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-interface-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-lxc-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-network-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-qemu-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-secret-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-kvm-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.i686.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-libs-3.9.0-14.el7_5.5.i686.rpm
libvirt-libs-3.9.0-14.el7_5.5.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
libvirt-admin-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-lxc-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.i686.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-devel-3.9.0-14.el7_5.5.i686.rpm
libvirt-devel-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-docs-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-lock-sanlock-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-login-shell-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-nss-3.9.0-14.el7_5.5.i686.rpm
libvirt-nss-3.9.0-14.el7_5.5.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
libvirt-3.9.0-14.el7_5.5.src.rpm

x86_64:
libvirt-client-3.9.0-14.el7_5.5.i686.rpm
libvirt-client-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.i686.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-libs-3.9.0-14.el7_5.5.i686.rpm
libvirt-libs-3.9.0-14.el7_5.5.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
libvirt-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-admin-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-config-network-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-interface-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-lxc-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-network-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-qemu-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-secret-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-kvm-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-lxc-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.i686.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-devel-3.9.0-14.el7_5.5.i686.rpm
libvirt-devel-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-docs-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-lock-sanlock-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-login-shell-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-nss-3.9.0-14.el7_5.5.i686.rpm
libvirt-nss-3.9.0-14.el7_5.5.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
libvirt-3.9.0-14.el7_5.5.src.rpm

ppc64:
libvirt-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-client-3.9.0-14.el7_5.5.ppc.rpm
libvirt-client-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-daemon-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-daemon-config-network-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-daemon-driver-interface-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-daemon-driver-lxc-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-daemon-driver-network-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-daemon-driver-qemu-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-daemon-driver-secret-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-daemon-driver-storage-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.ppc.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-devel-3.9.0-14.el7_5.5.ppc.rpm
libvirt-devel-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-docs-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-libs-3.9.0-14.el7_5.5.ppc.rpm
libvirt-libs-3.9.0-14.el7_5.5.ppc64.rpm

ppc64le:
libvirt-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-client-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-config-network-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-interface-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-lxc-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-network-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-qemu-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-secret-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-storage-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-kvm-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-devel-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-docs-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-libs-3.9.0-14.el7_5.5.ppc64le.rpm

s390x:
libvirt-3.9.0-14.el7_5.5.s390x.rpm
libvirt-client-3.9.0-14.el7_5.5.s390.rpm
libvirt-client-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-config-network-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-interface-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-lxc-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-network-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-qemu-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-secret-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-storage-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-kvm-3.9.0-14.el7_5.5.s390x.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.s390.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.s390x.rpm
libvirt-devel-3.9.0-14.el7_5.5.s390.rpm
libvirt-devel-3.9.0-14.el7_5.5.s390x.rpm
libvirt-docs-3.9.0-14.el7_5.5.s390x.rpm
libvirt-libs-3.9.0-14.el7_5.5.s390.rpm
libvirt-libs-3.9.0-14.el7_5.5.s390x.rpm

x86_64:
libvirt-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-client-3.9.0-14.el7_5.5.i686.rpm
libvirt-client-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-config-network-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-interface-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-lxc-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-network-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-qemu-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-secret-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-kvm-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.i686.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-devel-3.9.0-14.el7_5.5.i686.rpm
libvirt-devel-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-docs-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-libs-3.9.0-14.el7_5.5.i686.rpm
libvirt-libs-3.9.0-14.el7_5.5.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source:
libvirt-3.9.0-14.el7_5.5.src.rpm

ppc64le:
libvirt-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-client-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-config-network-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-interface-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-lxc-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-network-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-qemu-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-secret-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-storage-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-kvm-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-devel-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-docs-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-libs-3.9.0-14.el7_5.5.ppc64le.rpm

s390x:
libvirt-3.9.0-14.el7_5.5.s390x.rpm
libvirt-client-3.9.0-14.el7_5.5.s390.rpm
libvirt-client-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-config-network-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-interface-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-lxc-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-network-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-qemu-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-secret-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-storage-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-kvm-3.9.0-14.el7_5.5.s390x.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.s390.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.s390x.rpm
libvirt-devel-3.9.0-14.el7_5.5.s390.rpm
libvirt-devel-3.9.0-14.el7_5.5.s390x.rpm
libvirt-docs-3.9.0-14.el7_5.5.s390x.rpm
libvirt-libs-3.9.0-14.el7_5.5.s390.rpm
libvirt-libs-3.9.0-14.el7_5.5.s390x.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
libvirt-admin-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-daemon-lxc-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.ppc.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-lock-sanlock-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-login-shell-3.9.0-14.el7_5.5.ppc64.rpm
libvirt-nss-3.9.0-14.el7_5.5.ppc.rpm
libvirt-nss-3.9.0-14.el7_5.5.ppc64.rpm

ppc64le:
libvirt-admin-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-lxc-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-lock-sanlock-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-login-shell-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-nss-3.9.0-14.el7_5.5.ppc64le.rpm

s390x:
libvirt-admin-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-lxc-3.9.0-14.el7_5.5.s390x.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.s390.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.s390x.rpm
libvirt-lock-sanlock-3.9.0-14.el7_5.5.s390x.rpm
libvirt-login-shell-3.9.0-14.el7_5.5.s390x.rpm
libvirt-nss-3.9.0-14.el7_5.5.s390.rpm
libvirt-nss-3.9.0-14.el7_5.5.s390x.rpm

x86_64:
libvirt-admin-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-lxc-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.i686.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-lock-sanlock-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-login-shell-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-nss-3.9.0-14.el7_5.5.i686.rpm
libvirt-nss-3.9.0-14.el7_5.5.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

Source:
libvirt-3.9.0-14.el7_5.5.src.rpm

aarch64:
libvirt-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-admin-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-client-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-daemon-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-daemon-config-network-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-daemon-driver-interface-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-daemon-driver-lxc-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-daemon-driver-network-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-daemon-driver-qemu-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-daemon-driver-secret-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-daemon-driver-storage-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-daemon-kvm-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-daemon-lxc-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-devel-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-docs-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-libs-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-lock-sanlock-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-login-shell-3.9.0-14.el7_5.5.aarch64.rpm
libvirt-nss-3.9.0-14.el7_5.5.aarch64.rpm

ppc64le:
libvirt-admin-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-daemon-lxc-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-lock-sanlock-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-login-shell-3.9.0-14.el7_5.5.ppc64le.rpm
libvirt-nss-3.9.0-14.el7_5.5.ppc64le.rpm

s390x:
libvirt-admin-3.9.0-14.el7_5.5.s390x.rpm
libvirt-daemon-lxc-3.9.0-14.el7_5.5.s390x.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.s390.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.s390x.rpm
libvirt-lock-sanlock-3.9.0-14.el7_5.5.s390x.rpm
libvirt-login-shell-3.9.0-14.el7_5.5.s390x.rpm
libvirt-nss-3.9.0-14.el7_5.5.s390.rpm
libvirt-nss-3.9.0-14.el7_5.5.s390x.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
libvirt-3.9.0-14.el7_5.5.src.rpm

x86_64:
libvirt-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-client-3.9.0-14.el7_5.5.i686.rpm
libvirt-client-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-config-network-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-interface-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-lxc-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-network-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-qemu-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-secret-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-kvm-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.i686.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-devel-3.9.0-14.el7_5.5.i686.rpm
libvirt-devel-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-docs-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-libs-3.9.0-14.el7_5.5.i686.rpm
libvirt-libs-3.9.0-14.el7_5.5.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
libvirt-admin-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-daemon-lxc-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.i686.rpm
libvirt-debuginfo-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-lock-sanlock-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-login-shell-3.9.0-14.el7_5.5.x86_64.rpm
libvirt-nss-3.9.0-14.el7_5.5.i686.rpm
libvirt-nss-3.9.0-14.el7_5.5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQp8NzjgjWX9erEAQgjIQ/9FPWlz6V6bfpte6N1MYXngwb3QURLtaya
fu7q7WCq4GBE2+hqATKLzvpzqYD0wVWuiy2ayQ1TBmLd3Hh2m3fqKq9P/CH3A5Kl
HrEvKmhOuCCbRYcGwdV2CibzCNleBONgfsd+jA0vcWuRYUWz8lY0HIHAW/jNZdwm
tVGFGmlMPN6tH4cGGIGkG3fq3n2F1V/D4u7vzfOvZi6M4+F2guVDikEF6Vuf3EVf
IqKLhrNAPclyE84BnMa6Ql+Jvlj9OUhMHcuft4GfipyJPKcFZD+RicJTBdZQbznr
eL+gxRZ4yYOPwjOet0XjuHA+s9jAfi2f4W/+D8UPfOtjFa94D06mClB8IMaVq7sM
3gmyediv6zgEDLFDNGngvh+ords+SLHJZwpmryHjZ6kSGJcSABIL9vTx/oi2IOQf
0Gci5qHP0l//qASkC4Z/ttYdWpgC6AkjZyafS19CAJmCkzmsgNavAouf/ssfzJdI
/FI8driEQVDu8Q2hiPOwPisJLW4rkT3F+gSsk5yoEroX21SQODUuKkZ9su+GliiZ
ETZG53/W43SxO6VAfn1vW0toI/QuCu4pWjcDXx/fjuxlhWhOIzGwCCt2Z3DitOfc
X5aLkw/Or4Jd78yemhOam5b9Gq6n9IFTh7sbuQ2ldd9zxRH0bwSG+nwmS/7/7jxq
wQPA6w3E8hM=
=GAQw
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147740)

Red Hat Security Advisory 2018-1666-01 (PacketStormID:F147740)
2018-05-23 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1666-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: libvirt security update
Advisory ID:       RHSA-2018:1666-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1666
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for libvirt is now available for Red Hat Enterprise Linux 6.6
Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended
Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.6) - x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64
Red Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64
Red Hat Enterprise Linux Server TUS (v. 6.6) - x86_64

3. Description:

The libvirt library contains a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the libvirt side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, libvirtd will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.6):

Source:
libvirt-0.10.2-46.el6_6.8.src.rpm

x86_64:
libvirt-0.10.2-46.el6_6.8.x86_64.rpm
libvirt-client-0.10.2-46.el6_6.8.i686.rpm
libvirt-client-0.10.2-46.el6_6.8.x86_64.rpm
libvirt-debuginfo-0.10.2-46.el6_6.8.i686.rpm
libvirt-debuginfo-0.10.2-46.el6_6.8.x86_64.rpm
libvirt-devel-0.10.2-46.el6_6.8.i686.rpm
libvirt-devel-0.10.2-46.el6_6.8.x86_64.rpm
libvirt-python-0.10.2-46.el6_6.8.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 6.6):

Source:
libvirt-0.10.2-46.el6_6.8.src.rpm

x86_64:
libvirt-0.10.2-46.el6_6.8.x86_64.rpm
libvirt-client-0.10.2-46.el6_6.8.i686.rpm
libvirt-client-0.10.2-46.el6_6.8.x86_64.rpm
libvirt-debuginfo-0.10.2-46.el6_6.8.i686.rpm
libvirt-debuginfo-0.10.2-46.el6_6.8.x86_64.rpm
libvirt-devel-0.10.2-46.el6_6.8.i686.rpm
libvirt-devel-0.10.2-46.el6_6.8.x86_64.rpm
libvirt-python-0.10.2-46.el6_6.8.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 6.6):

x86_64:
libvirt-debuginfo-0.10.2-46.el6_6.8.x86_64.rpm
libvirt-lock-sanlock-0.10.2-46.el6_6.8.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 6.6):

x86_64:
libvirt-debuginfo-0.10.2-46.el6_6.8.x86_64.rpm
libvirt-lock-sanlock-0.10.2-46.el6_6.8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQp29zjgjWX9erEAQgtqBAAlaEA7Ikhy0YbLOAgX7CaL8N/aObq41kf
36whrTlCY6YmGQWdCPJA9xAFubLErE06hbsRw625ka0AKyWg4ntmmHZx7WiI3Joy
xB9Agex7PRPjCqbK5uQd/EVszk9u5UNwCi/6wvpI5KDfcOHt5VSSZdz+/IdMexeO
bZMKdTJjO77AJOjP729TxNDjcD3/BvQlZ7Tcd7ltjGcg3z+YXxl1snBeFiP6LPM3
5jk/gnIxMIVW4p+v5X8fdra5E57snIF+Z7bWpcL0xP5grjTbJfNya9nfAa2nvfOC
escVa2Zc6otxsvEQZH4BPU1uyB0ROQut+rINRGW8aCWKtHSg9L1nkNtFzyIxuW6g
Ef6bi6Zr+kdcTKrQH7ef6VH49ut1n/ioKwBM058EONkA5KDvnAMJdEzxKYeD9XQS
acXePZCt5WZBznQt6ZqRykQXVpyhItnyBGWrdEa/KYGYTlmrbrnfs/D+u+mGxL8C
yMX8ude56nRKiQkPcXa52bcciyBi/oac3aeziffxbHbIMW7Xbb0WbFXFs5b2EBJu
guFma13UH4v3b/uEYaNivEiMCBl/Nl3b85Le+JJMN5KygBBAMMgYk8EBpUmrGb+y
YlmakKMzll2maLerTmjYjS/alfTqnWrYdfrTbUuVW+8rNETt6wA383uQxJxAM8Xf
ZBI1kpCow1s=
=nKU9
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147739)

Red Hat Security Advisory 2018-1676-01 (PacketStormID:F147739)
2018-05-23 00:00:00
Red Hat  
advisory,root,vulnerability
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1676-01 - The org.ovirt.engine-root is a core component of oVirt. Issues addressed include backup related and bypass vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: org.ovirt.engine-root security update
Advisory ID:       RHSA-2018:1676-01
Product:           Red Hat Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1676
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for org.ovirt.engine-root is now available for Red Hat
Virtualization Engine 4.2.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

RHV-M 4.2 - noarch

3. Description:

The org.ovirt.engine-root is a core component of oVirt.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the org.ovirt.engine-root side of the CVE-2018-3639
mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

RHV-M 4.2:

Source:
ovirt-engine-4.2.3.6-0.1.el7.src.rpm

noarch:
ovirt-engine-4.2.3.6-0.1.el7.noarch.rpm
ovirt-engine-backend-4.2.3.6-0.1.el7.noarch.rpm
ovirt-engine-dbscripts-4.2.3.6-0.1.el7.noarch.rpm
ovirt-engine-extensions-api-impl-4.2.3.6-0.1.el7.noarch.rpm
ovirt-engine-extensions-api-impl-javadoc-4.2.3.6-0.1.el7.noarch.rpm
ovirt-engine-health-check-bundler-4.2.3.6-0.1.el7.noarch.rpm
ovirt-engine-lib-4.2.3.6-0.1.el7.noarch.rpm
ovirt-engine-restapi-4.2.3.6-0.1.el7.noarch.rpm
ovirt-engine-setup-4.2.3.6-0.1.el7.noarch.rpm
ovirt-engine-setup-base-4.2.3.6-0.1.el7.noarch.rpm
ovirt-engine-setup-plugin-ovirt-engine-4.2.3.6-0.1.el7.noarch.rpm
ovirt-engine-setup-plugin-ovirt-engine-common-4.2.3.6-0.1.el7.noarch.rpm
ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.2.3.6-0.1.el7.noarch.rpm
ovirt-engine-setup-plugin-websocket-proxy-4.2.3.6-0.1.el7.noarch.rpm
ovirt-engine-tools-4.2.3.6-0.1.el7.noarch.rpm
ovirt-engine-tools-backup-4.2.3.6-0.1.el7.noarch.rpm
ovirt-engine-vmconsole-proxy-helper-4.2.3.6-0.1.el7.noarch.rpm
ovirt-engine-webadmin-portal-4.2.3.6-0.1.el7.noarch.rpm
ovirt-engine-websocket-proxy-4.2.3.6-0.1.el7.noarch.rpm
rhvm-4.2.3.6-0.1.el7.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQp09zjgjWX9erEAQi6Zg//fD2O5k/IPd+elj2l3z6KXEUeXNB9S5+6
CUSXUPSze8xO7PZ/OZymgjyWPa9mfCCOQfCYctu+mzs+qrq0WQb2rmVpGvbygDPh
dAvXXQ9wc0lTlzS3Bra8A6tPZ8XDtWF2m7W/8n/Mh11McbDTOhof6h/64JprH0Oq
ZLzHJUDXNun6Hug6Ii3QcJakDlBeQ/VQ7yR1NOEuqn5vxJzn019lL6nXwoNgkB0k
W9SJ22b51w9N22YvplKVnLS5PaOvL/ZHCVDq03YAGo57QRQKByEGbRhExiakvKJU
kpkupEbGXGX6UZ6bn+f1GRQH18qw+DslT+uJRFlPpKbO4k8Nr7AaCIhiu+jf2pBm
SAnPZKEurIZh9BmTzs9umDLWScFqBKPS9BiwE7fo/q3o1P9aptwyAPfgwzdkrDsd
8Q2whnyo8uOEOY+kgl2F5kF8T7Iehkj/I0nEiZe1+xwYMPdN7zt1yFjNem7X2QKr
btO+5aw4XeQzIsEF8P49ws9BeeEdU11+dizG26hBMmIsu8X01Mya3Ikj0+Ct7VfE
LVy5Dxnc5KFAHLuO+6VXY1GM5XZEqg4xrWXq77v+0qjqfY81uEo4lihxYt4g2/0C
BDDAqPAK61mX/2OIaNgjGqOVJz/M41o6iUelZbO6rs5NE3cwdwy1ORs2fYMCwvw2
pt3zckp3TYk=
=8GKI
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147738)

Red Hat Security Advisory 2018-1649-01 (PacketStormID:F147738)
2018-05-23 00:00:00
Red Hat  
advisory,java,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1649-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: java-1.8.0-openjdk security update
Advisory ID:       RHSA-2018:1649-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1649
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise
Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le, s390x

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the OpenJDK side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
java-1.8.0-openjdk-1.8.0.171-8.b10.el7_5.src.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el7_5.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.171-8.b10.el7_5.noarch.rpm
java-1.8.0-openjdk-javadoc-debug-1.8.0.171-8.b10.el7_5.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.171-8.b10.el7_5.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.171-8.b10.el7_5.noarch.rpm

x86_64:
java-1.8.0-openjdk-accessibility-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-accessibility-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-accessibility-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-accessibility-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-demo-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-demo-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-devel-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-devel-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-headless-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-headless-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-src-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-src-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-src-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
java-1.8.0-openjdk-1.8.0.171-8.b10.el7_5.src.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el7_5.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.171-8.b10.el7_5.noarch.rpm
java-1.8.0-openjdk-javadoc-debug-1.8.0.171-8.b10.el7_5.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.171-8.b10.el7_5.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.171-8.b10.el7_5.noarch.rpm

x86_64:
java-1.8.0-openjdk-accessibility-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-accessibility-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-accessibility-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-accessibility-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-demo-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-demo-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-devel-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-devel-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-headless-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-headless-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-src-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-src-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-src-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
java-1.8.0-openjdk-1.8.0.171-8.b10.el7_5.src.rpm

ppc64:
java-1.8.0-openjdk-1.8.0.171-8.b10.el7_5.ppc64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.ppc64.rpm
java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el7_5.ppc64.rpm
java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el7_5.ppc64.rpm

ppc64le:
java-1.8.0-openjdk-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el7_5.ppc64le.rpm

s390x:
java-1.8.0-openjdk-1.8.0.171-8.b10.el7_5.s390x.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.s390x.rpm
java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el7_5.s390x.rpm
java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el7_5.s390x.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el7_5.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source:
java-1.8.0-openjdk-1.8.0.171-8.b10.el7_5.src.rpm

aarch64:
java-1.8.0-openjdk-1.8.0.171-8.b10.el7_5.aarch64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.aarch64.rpm
java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el7_5.aarch64.rpm
java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el7_5.aarch64.rpm

ppc64le:
java-1.8.0-openjdk-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el7_5.ppc64le.rpm

s390x:
java-1.8.0-openjdk-1.8.0.171-8.b10.el7_5.s390x.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.s390x.rpm
java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el7_5.s390x.rpm
java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el7_5.s390x.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.171-8.b10.el7_5.noarch.rpm
java-1.8.0-openjdk-javadoc-debug-1.8.0.171-8.b10.el7_5.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.171-8.b10.el7_5.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.171-8.b10.el7_5.noarch.rpm

ppc64:
java-1.8.0-openjdk-accessibility-1.8.0.171-8.b10.el7_5.ppc64.rpm
java-1.8.0-openjdk-accessibility-debug-1.8.0.171-8.b10.el7_5.ppc64.rpm
java-1.8.0-openjdk-debug-1.8.0.171-8.b10.el7_5.ppc64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.ppc64.rpm
java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el7_5.ppc64.rpm
java-1.8.0-openjdk-demo-debug-1.8.0.171-8.b10.el7_5.ppc64.rpm
java-1.8.0-openjdk-devel-debug-1.8.0.171-8.b10.el7_5.ppc64.rpm
java-1.8.0-openjdk-headless-debug-1.8.0.171-8.b10.el7_5.ppc64.rpm
java-1.8.0-openjdk-src-1.8.0.171-8.b10.el7_5.ppc64.rpm
java-1.8.0-openjdk-src-debug-1.8.0.171-8.b10.el7_5.ppc64.rpm

ppc64le:
java-1.8.0-openjdk-accessibility-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-accessibility-debug-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-debug-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-demo-debug-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-devel-debug-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-headless-debug-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-src-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-src-debug-1.8.0.171-8.b10.el7_5.ppc64le.rpm

s390x:
java-1.8.0-openjdk-accessibility-1.8.0.171-8.b10.el7_5.s390x.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.s390x.rpm
java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el7_5.s390x.rpm
java-1.8.0-openjdk-src-1.8.0.171-8.b10.el7_5.s390x.rpm

x86_64:
java-1.8.0-openjdk-accessibility-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-accessibility-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-accessibility-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-accessibility-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-demo-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-demo-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-devel-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-devel-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-headless-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-headless-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-src-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-src-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-src-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

aarch64:
java-1.8.0-openjdk-accessibility-1.8.0.171-8.b10.el7_5.aarch64.rpm
java-1.8.0-openjdk-accessibility-debug-1.8.0.171-8.b10.el7_5.aarch64.rpm
java-1.8.0-openjdk-debug-1.8.0.171-8.b10.el7_5.aarch64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.aarch64.rpm
java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el7_5.aarch64.rpm
java-1.8.0-openjdk-demo-debug-1.8.0.171-8.b10.el7_5.aarch64.rpm
java-1.8.0-openjdk-devel-debug-1.8.0.171-8.b10.el7_5.aarch64.rpm
java-1.8.0-openjdk-headless-debug-1.8.0.171-8.b10.el7_5.aarch64.rpm
java-1.8.0-openjdk-src-1.8.0.171-8.b10.el7_5.aarch64.rpm
java-1.8.0-openjdk-src-debug-1.8.0.171-8.b10.el7_5.aarch64.rpm

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.171-8.b10.el7_5.noarch.rpm
java-1.8.0-openjdk-javadoc-debug-1.8.0.171-8.b10.el7_5.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.171-8.b10.el7_5.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.171-8.b10.el7_5.noarch.rpm

ppc64le:
java-1.8.0-openjdk-accessibility-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-accessibility-debug-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-debug-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-demo-debug-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-devel-debug-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-headless-debug-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-src-1.8.0.171-8.b10.el7_5.ppc64le.rpm
java-1.8.0-openjdk-src-debug-1.8.0.171-8.b10.el7_5.ppc64le.rpm

s390x:
java-1.8.0-openjdk-accessibility-1.8.0.171-8.b10.el7_5.s390x.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.s390x.rpm
java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el7_5.s390x.rpm
java-1.8.0-openjdk-src-1.8.0.171-8.b10.el7_5.s390x.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
java-1.8.0-openjdk-1.8.0.171-8.b10.el7_5.src.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el7_5.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.171-8.b10.el7_5.noarch.rpm
java-1.8.0-openjdk-javadoc-debug-1.8.0.171-8.b10.el7_5.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.171-8.b10.el7_5.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.171-8.b10.el7_5.noarch.rpm

x86_64:
java-1.8.0-openjdk-accessibility-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-accessibility-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-accessibility-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-accessibility-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-demo-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-demo-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-devel-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-devel-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-headless-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-headless-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-src-1.8.0.171-8.b10.el7_5.x86_64.rpm
java-1.8.0-openjdk-src-debug-1.8.0.171-8.b10.el7_5.i686.rpm
java-1.8.0-openjdk-src-debug-1.8.0.171-8.b10.el7_5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQpydzjgjWX9erEAQjCpw/7BjG2fDI4uAviP9q6sEkV6geojmnkdOBQ
b2I2P0FIjX1C11mwgUXgHo0Il1q3K3c/QmuAvQg0eaZx2kLNSbqTBjQZH3cVzdPv
9JfMvnm0oBYTXjvslx0Z94T7QNKn8b1/MsRvAvVAUSJSc5kH3XJmiBLBPLfqNeeg
D60BFuW3kNh9AK+ELVa8jmQUuMOaYojqsrjGKAa7+Tk5gBYMVm2EU7AEV+U9lAPr
RGfsvqezi1uZmSduy2aY87oJINOjgrhjjVWJ1pk/dcrqqefSSX8noNlfJeE3Prag
+SDexwy4keZz+8p2D6b/YmcDwUyCz1yWV183GeJGmAFhcuey7byLKyuB3fb6ExzT
CFL6u8oZYGoCQmBzbP4Wo554yniuPASRdxuDpcCC1Z7pnkBHKEIiMNh9CEJ9qmcm
igwU9bxm6+I3ckAZiaYWAORJ7y5SY80Y1civZmd3EAy86AyVurGz6VqKS7a4pcAV
nXNGwYwCxqBz9nzNU2wZiLzGQaOIA4ZjTDbGoVArX0fz5j7IxAcQiN1H2LeuDBLf
J0Md6FxBzwAD1ki0Mp79RO4LEjx3PGQO6OnP/U0IKtlsmL8HdgqDSVq05pxBs5aA
m3oDgiLVFjF0cX8q/G6xXosT4sKT6sW5MdFZ1lchdXLql4GQko4cktPkP7WOPhag
9gjj4Oq1A5o=
=w8sN
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147737)

Red Hat Security Advisory 2018-1646-01 (PacketStormID:F147737)
2018-05-23 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1646-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm-rhev security update
Advisory ID:       RHSA-2018:1646-01
Product:           Red Hat Enterprise Linux OpenStack Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1646
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform
8.0 (Liberty).

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 8.0 (Liberty) - x86_64

3. Description:

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm-rhev packages provide the
user-space component for running virtual machines that use KVM in
environments managed by Red Hat products.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm-rhev side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat OpenStack Platform 8.0 (Liberty):

Source:
qemu-kvm-rhev-2.10.0-21.el7_5.3.src.rpm

x86_64:
qemu-img-rhev-2.10.0-21.el7_5.3.x86_64.rpm
qemu-kvm-common-rhev-2.10.0-21.el7_5.3.x86_64.rpm
qemu-kvm-rhev-2.10.0-21.el7_5.3.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.10.0-21.el7_5.3.x86_64.rpm
qemu-kvm-tools-rhev-2.10.0-21.el7_5.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQpvtzjgjWX9erEAQh14g/8DRtASjPAOqFTDXHjINrSO/X7ou00tYED
SuEg9KBc9E29wy9Ishe6Syicdd8J/TNrybdVzwvMycslPdO7bpPLKZLavl5c8vkG
vcobEF+lgqGrBMJ39wIKZ0SyWOEO5HYZliMZkMsjz35oIHyZF+l+QhwBHaqA7+Rv
8ToQQ+s0BC6MZacr4ClI9a1EHtJrv9x1Uc1B1uruWhyL/QJNNN92egU3kUxbLihZ
gtxw98NqnNf6yFIzanmF92kTuzVzGJGGLbstoZtugc4miSWQoKkIwaU5wXUzf7oc
r/dPeyiyL0z/iGlkSbylxp75Br6mivhdQfiuQcoFYFrSoaRof8dSvEs7djKe1aTn
OpGWWCCQvCnd4wyPqw8kJSV9qZt7fhoKF48saILmHY6xCOcFf1z8l40n+S5ahDJd
Qzf+wuw6eaKPfEU7SWq0vlTh9hS1voOIY3+nbWw6nxkMWBDr3nGT7o/IYtxEbc8z
0kWWg8SklxBRe/t7b+M652OUhn/vUrj26fWPh0ZzEVHtqE8oQzlJkktkwNT2luaC
0LxFLKyjXF3MzbCJUc8tVz1v3GruzN3y1L8Y7jeNS/fLVyXsXrwJEAZlzwdsQEsM
XqlBSGXcF3FYw2lKcUGsdIa0oAaC68y1P6MbyDGWciPlgWRvh+aRRAa3spxBK0Ta
aZcw4Q7W3Dw=
=IVqz
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147736)

Red Hat Security Advisory 2018-1657-01 (PacketStormID:F147736)
2018-05-23 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1657-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm security update
Advisory ID:       RHSA-2018:1657-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1657
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.5
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.5):

Source:
qemu-kvm-0.12.1.2-2.415.el6_5.18.src.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.415.el6_5.18.x86_64.rpm
qemu-img-0.12.1.2-2.415.el6_5.18.x86_64.rpm
qemu-kvm-0.12.1.2-2.415.el6_5.18.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.18.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.415.el6_5.18.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQptNzjgjWX9erEAQg7Fg//d90hzc3/kpDZi3LfAg9EkN5aImN4Yizb
al6n73dSfw4qShRsaE8lculzn7YNZAffzM1JN5XRlDiFTjUv3k+QYfY3YJDHsNTO
6WfVBnTR25aJXGrMF4MgBnwcputmIe60kYuyaLZzVoubMeBlkWBDuf5l+Ct641zR
7upVb3LitSUBqvmesRbswpFEVqecsnCpAOC9ah7cvHYIqeXu/6/jT/lTAY/xtcLD
qkkuB6My7JT1nSGKgeN/11xQawh/BmskOZXktbpN+7yvGV96IpUOJ85sqJYV6Ux+
LB734yHnfsDxdc1gu92UQCy+FOefLbOpbVRriiZvJlhQHuPf1mOTWVN7Wer0cYFs
lXgwrw5jHFLc2UZQzqYVzguAcJYjAXZhiQoI9Rx2J/K1+lQsCGqqraJrJIlRPPxk
cYjibTjhptpj7syt426+WPIFMI6RyFaHDg3u34VMFVmwm6hLRTk9a2aHPgSOT7ZB
niOSM1xGhkXKdWaboOxt0EtaUa1K4Upv01WU3n9B9pbiB7RkFS9C1IKhyFnpH7jg
aEqXfwvSpmsnEM+f2drDjHj39M2ue+nAbjlz06CD7sPIquyWRpmJq3uGSs7nEE4l
6H+oTkBhC5UrucTEy9CJWAiEIsBWFVwAczOegjhaeu5iJ+mkyB3FSE4Q79iGdkMf
5dx/R0XzmDM=
=pzi7
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147735)

Red Hat Security Advisory 2018-1663-01 (PacketStormID:F147735)
2018-05-23 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1663-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm security update
Advisory ID:       RHSA-2018:1663-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1663
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.4
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64, ppc64le, x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4):

Source:
qemu-kvm-1.5.3-141.el7_4.7.src.rpm

x86_64:
qemu-img-1.5.3-141.el7_4.7.x86_64.rpm
qemu-kvm-1.5.3-141.el7_4.7.x86_64.rpm
qemu-kvm-common-1.5.3-141.el7_4.7.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-141.el7_4.7.x86_64.rpm
qemu-kvm-tools-1.5.3-141.el7_4.7.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.4):

Source:
qemu-kvm-1.5.3-141.el7_4.7.src.rpm

ppc64:
qemu-img-1.5.3-141.el7_4.7.ppc64.rpm
qemu-kvm-debuginfo-1.5.3-141.el7_4.7.ppc64.rpm

ppc64le:
qemu-img-1.5.3-141.el7_4.7.ppc64le.rpm
qemu-kvm-debuginfo-1.5.3-141.el7_4.7.ppc64le.rpm

x86_64:
qemu-img-1.5.3-141.el7_4.7.x86_64.rpm
qemu-kvm-1.5.3-141.el7_4.7.x86_64.rpm
qemu-kvm-common-1.5.3-141.el7_4.7.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-141.el7_4.7.x86_64.rpm
qemu-kvm-tools-1.5.3-141.el7_4.7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQprdzjgjWX9erEAQiU8Q//dacyGt5QBy4nm0fU1yuk6qUXgreMOQyG
5xgQo/WTaDPntW+4exa+YU3AfX8SWW9G1ZbGPGh0MkqXqnJJTxfc/wFmZiHV9MKD
Ky4i/VInHwQfatwD5Rd4q7u0/vpaWe2QLyISy+7QiiJ6hgCm4folMlEvcd+Ok45B
vfEz03JHsZi83+Dz5sUu8hOKIvOBIse/4gXLdejILs2kfyodpUtm6G9yB4f3SiOe
pKS/VeGh224u6s7dY9kv2Jb01792POXpP5AX5HpA2V6jOB4qoAXjCpclDLmz03hV
sAggXx6fK+hEsjOdu6FE4ejyNM77zhyZidvbCj5C2wZY3uSPLsj3md+u3Q8pKC/T
UvE0JrGePZC2iCJ3PZ6fDMgZOYV+LIv7nJiuWAzWvDyBy70/Gimzg6GFNHGEH65Y
ZjQoPkyXqeljIj4jeBDiyJYRoKGWRYLKroX+1qDzT1OMs+4cw/JzcWXmXe8WTiO0
HNQd237j95+T9A+RH527MwDlO8PEzF7u7jEnaA3dQQFA6kceYWgGM8HmjcLkSs11
cDgskR9OeqoyJIq34VDs6s5v5UZFopn6xbDqfVHaxaC481PZF31wydi5GoWHdDKq
AIvb8pZKHuvWB4HE5R3/72BR0y3gK97QB9JfKNz3cLHbz60UVDjFy23GdOnivhqe
SyWXPrW6Pxk=
=knS2
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147734)

Red Hat Security Advisory 2018-1650-01 (PacketStormID:F147734)
2018-05-23 00:00:00
Red Hat  
advisory,java,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1650-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: java-1.8.0-openjdk security update
Advisory ID:       RHSA-2018:1650-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1650
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise
Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the OpenJDK side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
java-1.8.0-openjdk-1.8.0.171-8.b10.el6_9.src.rpm

i386:
java-1.8.0-openjdk-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el6_9.i686.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el6_9.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
java-1.8.0-openjdk-debug-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-demo-debug-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-devel-debug-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-headless-debug-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-src-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-src-debug-1.8.0.171-8.b10.el6_9.i686.rpm

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.171-8.b10.el6_9.noarch.rpm
java-1.8.0-openjdk-javadoc-debug-1.8.0.171-8.b10.el6_9.noarch.rpm

x86_64:
java-1.8.0-openjdk-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-demo-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-devel-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-headless-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-src-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
java-1.8.0-openjdk-1.8.0.171-8.b10.el6_9.src.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el6_9.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.171-8.b10.el6_9.noarch.rpm
java-1.8.0-openjdk-javadoc-debug-1.8.0.171-8.b10.el6_9.noarch.rpm

x86_64:
java-1.8.0-openjdk-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-demo-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-devel-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-headless-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-src-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
java-1.8.0-openjdk-1.8.0.171-8.b10.el6_9.src.rpm

i386:
java-1.8.0-openjdk-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el6_9.i686.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el6_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
java-1.8.0-openjdk-debug-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-demo-debug-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-devel-debug-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-headless-debug-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-src-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-src-debug-1.8.0.171-8.b10.el6_9.i686.rpm

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.171-8.b10.el6_9.noarch.rpm
java-1.8.0-openjdk-javadoc-debug-1.8.0.171-8.b10.el6_9.noarch.rpm

x86_64:
java-1.8.0-openjdk-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-demo-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-devel-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-headless-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-src-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
java-1.8.0-openjdk-1.8.0.171-8.b10.el6_9.src.rpm

i386:
java-1.8.0-openjdk-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el6_9.i686.rpm

x86_64:
java-1.8.0-openjdk-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.171-8.b10.el6_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
java-1.8.0-openjdk-debug-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-demo-debug-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-devel-debug-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-headless-debug-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-src-1.8.0.171-8.b10.el6_9.i686.rpm
java-1.8.0-openjdk-src-debug-1.8.0.171-8.b10.el6_9.i686.rpm

noarch:
java-1.8.0-openjdk-javadoc-1.8.0.171-8.b10.el6_9.noarch.rpm
java-1.8.0-openjdk-javadoc-debug-1.8.0.171-8.b10.el6_9.noarch.rpm

x86_64:
java-1.8.0-openjdk-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-debuginfo-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-demo-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-devel-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-headless-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.171-8.b10.el6_9.x86_64.rpm
java-1.8.0-openjdk-src-debug-1.8.0.171-8.b10.el6_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQpdtzjgjWX9erEAQjy9Q//Sd7wOyCnWVOQ8FhYGp27hjz+NijualJ8
dh8RKZsOBTOSWkDIzMVoDEAV6Z9ndabm7z89PHDJPNFcrcGjUBORhAGGBw2MCBgT
Ju2N0lhFrSd4ea5Eff4FlrOJfercrEvFW+diBHoyRadw3OLgcwAN9YJcHcXakfWP
hXTw13jvAlI+T/eMm3xQM33RsuOpsl6z3ZWCcBWwf7J1mVwG4wVbCtQuauWcQBIg
aUyn6nJEhbV5VOIj1l47tWZJZqlkaV17+v10OHpcpoAGQZUaUTtseR86rffaLtcD
AFXoqU6vyasFl3q/KvRXa0OWIzKmW+fPLc6QBPWX2GIw6TXdv4IIzQD2iwtVekTd
BtGVymjhyYmuC/YF+yDcArynhzdlUWn9GSfdCEJuF/0DyRzlRUWKh7K+k7nicogT
it4cV5th/zSvPgNHytKESWQ9kBYyEk1/QFVFFn24Tke88wFUv3SVXWLI4n2BOjfG
KN9HZUjO61RJOXA6eJjwuKXruwTf6nJdvp4eszgDaFWG11C3GW+d90J+nBhUgNnP
HVB9as6P11sc2W3dJTQSv2+R0/VCyVoU1utTPTdsfhLdkHWd7J6IFbIrUESodS26
SuEG3MHXGS416FkH3gsmZ5i0vRSwq5Ww9ZnY1iqy54WMk8H4ZNeGrf2rcyKarGZ+
mH//hEN9EnI=
=HH8L
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147733)

Red Hat Security Advisory 2018-1651-01 (PacketStormID:F147733)
2018-05-23 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1651-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2018:1651-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1651
Issue date:        2018-05-21
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This issue is present in hardware and cannot be fully fixed via
software update. The updated kernel packages provide software side of the
mitigation for this hardware issue. To be fully functional, up-to-date CPU
microcode applied on the system is required. Please refer to References
section for further information about this issue, CPU microcode
requirements and the potential performance impact.

In this update mitigations for x86 (both 32 and 64 bit) architecture are
provided.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

Bug Fix(es):

* Previously, an erroneous code in the x86 kexec system call path caused a
memory corruption. As a consequence, the system became unresponsive with
the following kernel stack trace:

'WARNING: CPU: 13 PID: 36409 at lib/list_debug.c:59
__list_del_entry+0xa1/0xd0 list_del corruption. prev->next should be
ffffdd03fddeeca0, but was (null)'

This update ensures that the code does not corrupt memory. As a result, the
operating system no longer hangs. (BZ#1573176)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
kernel-2.6.32-696.30.1.el6.src.rpm

i386:
kernel-2.6.32-696.30.1.el6.i686.rpm
kernel-debug-2.6.32-696.30.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-696.30.1.el6.i686.rpm
kernel-debug-devel-2.6.32-696.30.1.el6.i686.rpm
kernel-debuginfo-2.6.32-696.30.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-696.30.1.el6.i686.rpm
kernel-devel-2.6.32-696.30.1.el6.i686.rpm
kernel-headers-2.6.32-696.30.1.el6.i686.rpm
perf-2.6.32-696.30.1.el6.i686.rpm
perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-696.30.1.el6.noarch.rpm
kernel-doc-2.6.32-696.30.1.el6.noarch.rpm
kernel-firmware-2.6.32-696.30.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debug-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-696.30.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-696.30.1.el6.i686.rpm
kernel-debug-devel-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-696.30.1.el6.i686.rpm
kernel-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-696.30.1.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-696.30.1.el6.x86_64.rpm
kernel-devel-2.6.32-696.30.1.el6.x86_64.rpm
kernel-headers-2.6.32-696.30.1.el6.x86_64.rpm
perf-2.6.32-696.30.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm
perf-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-696.30.1.el6.i686.rpm
kernel-debuginfo-2.6.32-696.30.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-696.30.1.el6.i686.rpm
perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm
python-perf-2.6.32-696.30.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-696.30.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
python-perf-2.6.32-696.30.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
kernel-2.6.32-696.30.1.el6.src.rpm

noarch:
kernel-abi-whitelists-2.6.32-696.30.1.el6.noarch.rpm
kernel-doc-2.6.32-696.30.1.el6.noarch.rpm
kernel-firmware-2.6.32-696.30.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debug-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-696.30.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-696.30.1.el6.i686.rpm
kernel-debug-devel-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-696.30.1.el6.i686.rpm
kernel-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-696.30.1.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-696.30.1.el6.x86_64.rpm
kernel-devel-2.6.32-696.30.1.el6.x86_64.rpm
kernel-headers-2.6.32-696.30.1.el6.x86_64.rpm
perf-2.6.32-696.30.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm
perf-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
kernel-debug-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-696.30.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
python-perf-2.6.32-696.30.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
kernel-2.6.32-696.30.1.el6.src.rpm

i386:
kernel-2.6.32-696.30.1.el6.i686.rpm
kernel-debug-2.6.32-696.30.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-696.30.1.el6.i686.rpm
kernel-debug-devel-2.6.32-696.30.1.el6.i686.rpm
kernel-debuginfo-2.6.32-696.30.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-696.30.1.el6.i686.rpm
kernel-devel-2.6.32-696.30.1.el6.i686.rpm
kernel-headers-2.6.32-696.30.1.el6.i686.rpm
perf-2.6.32-696.30.1.el6.i686.rpm
perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-696.30.1.el6.noarch.rpm
kernel-doc-2.6.32-696.30.1.el6.noarch.rpm
kernel-firmware-2.6.32-696.30.1.el6.noarch.rpm

ppc64:
kernel-2.6.32-696.30.1.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-696.30.1.el6.ppc64.rpm
kernel-debug-2.6.32-696.30.1.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-696.30.1.el6.ppc64.rpm
kernel-debug-devel-2.6.32-696.30.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-696.30.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-696.30.1.el6.ppc64.rpm
kernel-devel-2.6.32-696.30.1.el6.ppc64.rpm
kernel-headers-2.6.32-696.30.1.el6.ppc64.rpm
perf-2.6.32-696.30.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-696.30.1.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-696.30.1.el6.ppc64.rpm

s390x:
kernel-2.6.32-696.30.1.el6.s390x.rpm
kernel-debug-2.6.32-696.30.1.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-696.30.1.el6.s390x.rpm
kernel-debug-devel-2.6.32-696.30.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-696.30.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-696.30.1.el6.s390x.rpm
kernel-devel-2.6.32-696.30.1.el6.s390x.rpm
kernel-headers-2.6.32-696.30.1.el6.s390x.rpm
kernel-kdump-2.6.32-696.30.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-696.30.1.el6.s390x.rpm
kernel-kdump-devel-2.6.32-696.30.1.el6.s390x.rpm
perf-2.6.32-696.30.1.el6.s390x.rpm
perf-debuginfo-2.6.32-696.30.1.el6.s390x.rpm
python-perf-debuginfo-2.6.32-696.30.1.el6.s390x.rpm

x86_64:
kernel-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debug-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-696.30.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-696.30.1.el6.i686.rpm
kernel-debug-devel-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-696.30.1.el6.i686.rpm
kernel-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-696.30.1.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-696.30.1.el6.x86_64.rpm
kernel-devel-2.6.32-696.30.1.el6.x86_64.rpm
kernel-headers-2.6.32-696.30.1.el6.x86_64.rpm
perf-2.6.32-696.30.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm
perf-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-696.30.1.el6.i686.rpm
kernel-debuginfo-2.6.32-696.30.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-696.30.1.el6.i686.rpm
perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm
python-perf-2.6.32-696.30.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm

ppc64:
kernel-debug-debuginfo-2.6.32-696.30.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-696.30.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-696.30.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-696.30.1.el6.ppc64.rpm
python-perf-2.6.32-696.30.1.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-696.30.1.el6.ppc64.rpm

s390x:
kernel-debug-debuginfo-2.6.32-696.30.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-696.30.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-696.30.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-696.30.1.el6.s390x.rpm
perf-debuginfo-2.6.32-696.30.1.el6.s390x.rpm
python-perf-2.6.32-696.30.1.el6.s390x.rpm
python-perf-debuginfo-2.6.32-696.30.1.el6.s390x.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-696.30.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
python-perf-2.6.32-696.30.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
kernel-2.6.32-696.30.1.el6.src.rpm

i386:
kernel-2.6.32-696.30.1.el6.i686.rpm
kernel-debug-2.6.32-696.30.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-696.30.1.el6.i686.rpm
kernel-debug-devel-2.6.32-696.30.1.el6.i686.rpm
kernel-debuginfo-2.6.32-696.30.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-696.30.1.el6.i686.rpm
kernel-devel-2.6.32-696.30.1.el6.i686.rpm
kernel-headers-2.6.32-696.30.1.el6.i686.rpm
perf-2.6.32-696.30.1.el6.i686.rpm
perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-696.30.1.el6.noarch.rpm
kernel-doc-2.6.32-696.30.1.el6.noarch.rpm
kernel-firmware-2.6.32-696.30.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debug-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-696.30.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-696.30.1.el6.i686.rpm
kernel-debug-devel-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-696.30.1.el6.i686.rpm
kernel-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-696.30.1.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-696.30.1.el6.x86_64.rpm
kernel-devel-2.6.32-696.30.1.el6.x86_64.rpm
kernel-headers-2.6.32-696.30.1.el6.x86_64.rpm
perf-2.6.32-696.30.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm
perf-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-696.30.1.el6.i686.rpm
kernel-debuginfo-2.6.32-696.30.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-696.30.1.el6.i686.rpm
perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm
python-perf-2.6.32-696.30.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-696.30.1.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-696.30.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm
python-perf-2.6.32-696.30.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-696.30.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwQpYNzjgjWX9erEAQiwQw/9HSTTORv6JOr7kVAuzuRjn3AMVdTab57O
4wCDG9CwZQ+y+8sSZzGOZUsKwiBhLRA6FTkm/iI3rbTX9LmG2zNt7PjFMpKM7hr9
+H8O30KbTTpLr5H/rxrYGxbfw04Cv17FrW4c6hEgUhmF92qLZP5OiWJmg87GVd2s
ioXnVbvODvHBE61c244bpbIDeJiqrrrkxClFGT+6b2rDmS2cJL7MpIpGwFbVVI3v
MCi52/3s2tNwmzeOSbxvoGwe7Y4IILMeR/cx6MmI741YYu0l0u/TO0J6wJWnDWMt
3IKflBW2f57VSW/0iLuFQF6nMPqO3N23mq8u7nlMfXWJmVtwejRc7P2IMj+TjcZN
DuEVIn2iKEIiXKWr/griqa8OuBWzk2JkL9SUNXIQY2ri/xKZ+7x+aZGZVKqE5reo
FVeMohkZvpmjwSt7/EklrbQUDGRAEigLHbf9pRsrAsfl2SWtDD+wMfAXqaJhw9Pj
XC+8yS5dXxjkN7S9yoiObF/agku7c9QEgbhVwNZ+1bnhVuZdRsC62Q1JCTS3l+Hb
ZYbwbks64QdWfH4HF4wG3WE2D4tBX1BezOCPLS6j8cQvfeCzg1VaEKVE20D8sZw1
8+plqvIKA+u2rqF1dKYlZLC/kBOA4rEouZNhJ5h4prlFa/wGrHgNLnc+N/mNH5xo
WcrypVXeB0k=
=LQGQ
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147873)

Red Hat Security Advisory 2018-1711-01 (PacketStormID:F147873)
2018-05-24 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1711-01 - The rhev-hypervisor7 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: rhev-hypervisor7 security update
Advisory ID:       RHSA-2018:1711-01
Product:           Red Hat Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1711
Issue date:        2018-05-23
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for rhev-hypervisor7 is now available for RHEV 3.X Hypervisor and
Agents Extended Lifecycle Support for Red Hat Enterprise Linux 6 and RHEV
3.X Hypervisor and Agents Extended Lifecycle Support for Red Hat Enterprise
Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

RHEL 7-based RHEV-H ELS - noarch
RHEV Hypervisor for RHEL-6 ELS - noarch

3. Description:

The rhev-hypervisor7 package provides a Red Hat Enterprise Virtualization
Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor
is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes
everything necessary to run and manage virtual machines: A subset of the
Red Hat Enterprise Linux operating environment and the Red Hat Enterprise
Virtualization Agent.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the rhev-hypervisor7 side of the CVE-2018-3639 mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

RHEV Hypervisor for RHEL-6 ELS:

Source:
rhev-hypervisor7-7.3-20180521.1.el6ev.src.rpm

noarch:
rhev-hypervisor7-7.3-20180521.1.el6ev.noarch.rpm

RHEL 7-based RHEV-H ELS:

Source:
rhev-hypervisor7-7.3-20180521.1.el7ev.src.rpm

noarch:
rhev-hypervisor7-7.3-20180521.1.el7ev.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwWQRNzjgjWX9erEAQgyCw//RQO+3f/zELvTgVoTMXZLyR25n49AMBHN
Bh4/nBeTjNf5uYvRfSl173M4OBqe5zZWe7vcQ38xEUYedbIAupNVJZlbbwWMDc5n
cvamxfPagKvk668iJg+WLSSi2nSSDWkzGpKpgeCnYrG3CXS+L7ml5jnsk5C68Mou
yt8/UKzCpgvEDPJvx0t5lU05OPjvkYr4RHS3gB7/1LrTpcWDuu3sJiKar42mBC5v
g58rCmlp3df5pOO5EgePDVHH33pUYhWxvKEAjRSYpJ6JtnHIxVW6rTBpT23C44H3
R5OyWqP1RyjwffrOorYXywlV87AqQVLcOuXllIb4JIXXOZGIBDeNaif3nXJac3I4
WntRDYa0khoQMDKwNE4xOhfh/rxCshaHIdMZnY4Jlvt/Ror9+qG1iNUDSBmIPwNo
IibUc/aNKCVAGQ+RVZ5NA+PIhdOednaRIgO6MZahFa9YGCdghcDexhjZW+Jfa13C
5c4jOxhpzfG1YJwOfOdo63jKlgv8ITB9I/qXfaPEf17k4NLF694U+FIJd/GklguW
hEr/d3mYh/UpBAfuQmzlWmkxo8aLBlkuMwBC+bsShiVWoBk5ue5Dl8TaNhZJH5Df
ZUfLr0o2kCYRKQU9GxqPGrtQzJe0pX9ZRORTn2ILA6vl5RsmCM+JjwnpNovEAf1H
NFPXOQCPShs=
=0rvd
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147866)

Red Hat Security Advisory 2018-1710-01 (PacketStormID:F147866)
2018-05-24 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1710-01 - The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: redhat-virtualization-host security update
Advisory ID:       RHSA-2018:1710-01
Product:           Red Hat Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1710
Issue date:        2018-05-23
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for redhat-virtualization-host is now available for RHEV 3.X
Hypervisor and Agents Extended Lifecycle Support for Red Hat Enterprise
Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

RHEL 7-based RHEV-H ELS - noarch

3. Description:

The ovirt-node-ng packages provide the Red Hat Virtualization Host. These
packages include redhat-release-virtualization-host, ovirt-node, and
rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a
special build of Red Hat Enterprise Linux with only the packages required
to host virtual machines. RHVH features a Cockpit user interface for
monitoring the host's resources and performing administrative tasks.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the redhat-virtualization-host side of the CVE-2018-3639
mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass
1580328 - Include wrong kernel package in RHVH-3.6-20180518.1-RHVH-x86_64-dvd1.iso

6. Package List:

RHEL 7-based RHEV-H ELS:

Source:
redhat-virtualization-host-3.6-20180521.0.el7_3.src.rpm

noarch:
redhat-virtualization-host-image-update-3.6-20180521.0.el7_3.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwWPYNzjgjWX9erEAQhyJw/+KSCYubvokoEsPVkqQhpTBXzE6HHW1jxC
1/r2tdomlyJ5w9TNiB/+i8Z2shmMTyYDi1aj4piTOPxrDdXUYURwkDWmtO+rxbAQ
gHkyCCb0DWLJcbsMACXip+wfjcEY6SC89DvPeig7SlpVSeoew+JqYI7AutOCDMgH
Nb5nSjVmESLa1q/sg8hR97D39fFb62fzPbVoQG7PD8kCE4BVV2nzA0Waeb7geb37
pjGBuw6lsrqVbDPRRts4Sxzg+vqkDAy3cuAZ4bSu1gHa8p1Z68l/GiiPxN5w2N3c
OBRn3ij6X7kKuACnlWXQSJE+nIfUsm9A7u8gnY6RfvvBU2icY3TLL2H65WJDk68x
kOZOkr5G6pdst2RHDV5zK+v8ZH3ff3QUYQ8ckftrl8Nau6Q6ywQq/LFOo+/jktzk
rLXe71U49nEG3ZwEOSqX2zuyAZWEc+p0hb9YlZosIgCA8KJzCztf6NzmQGTcp9+V
8Wl2hVneeEUQZtM96wWP/tPJ7mUJgK2zdApGeKibRFB0zyZbVz1QbmvHsy1y0gtq
bSRIblNDA9CEp0PcoxFYIkUhOzkqCAYxaKYu3zdJWfGUhMy/5lhBYN6rO49LRPMi
ZBnPbZTrtEmxal+KSuKriLiNNHJCq4PfCajtuxLMYp5AEFGQ1yYCwiKjhYtjKePJ
Oa3Yj7eO2JI=
=DSkx
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147851)

Red Hat Security Advisory 2018-1696-01 (PacketStormID:F147851)
2018-05-24 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1696-01 - The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: redhat-virtualization-host security update
Advisory ID:       RHSA-2018:1696-01
Product:           Red Hat Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1696
Issue date:        2018-05-23
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for redhat-virtualization-host is now available for Red Hat
Virtualization 4 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Virtualization 4 Hypervisor for RHEL 7 - noarch

3. Description:

The ovirt-node-ng packages provide the Red Hat Virtualization Host. These
packages include redhat-release-virtualization-host, ovirt-node, and
rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a
special build of Red Hat Enterprise Linux with only the packages required
to host virtual machines. RHVH features a Cockpit user interface for
monitoring the host's resources and performing administrative tasks.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the redhat-virtualization-host side of the CVE-2018-3639
mitigation.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Virtualization 4 Hypervisor for RHEL 7:

Source:
redhat-virtualization-host-4.2-20180518.2.el7_5.src.rpm

noarch:
redhat-virtualization-host-image-update-4.2-20180518.2.el7_5.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWwUmUtzjgjWX9erEAQicww/+PUCJm1G3fyuAcAccmQc3yv7C4bAxxBcP
StV2fMjulejeP5MH4xuGRfEBVQR1Ac+DQYBQ9QFNjZkjOsA4iKqg1RKKVh749e5m
i6BQjC6p3JbapK7TFJDPvtt8UyHPrKa6yZcGWrjmJlLjWZy3CCJv/AOGr5rjN3S8
SpbIIwO6GV5GF2LZPlox4qXjCIOOxAboRFQs2XjRG7m4U9i2v3cWRsz40trnTxCn
u2doxHLfQ8naHlRYcndxKmtKEfhPAsqMFdopG1v7pbhJ9OeiM21K7de52iRx0dZh
1AcpnctBR7SxjVnL6ZVEn4n/mGKdsuKe9h8MPUlMtdAkWWfT1kHXwEypKQiuFiOL
NrhATDSjp2al93cWLASiuGkNusL375zVE2chTMIu2eHzs/pFTIqqQDv+4QkTiF0K
Z/w7/Lma6oe+Yq75rF6wBkd6eKCkGUK+tm4QJ2lqqFFG8HbOGA9+7GRW40mK3QLx
3Gjc9pODbKYFjO0YKbL4O0xjNosduIrfbS13iXGF2O3yvxVDxSLmm7uPn6ZV6+nh
ML60pwRadCQDeNwwg/PFd/Uq2zkyihSOKj1kpQ+inpc36o8qoRPGhk62FYUvsGSW
Tsfbk2BcFO6E0QZnZZQAwcgKUc1xhTKK2qN56CTBr7cJNwkuy74QByV8ESsTtFwc
JNORoodUn3Y=
=ojj6
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147839)

Speculative Execution Variant 4 (PacketStormID:F147839)
2018-05-24 00:00:00
Jann Horn,Google Security Research  
exploit
CVE-2018-3639
[点击下载]

Variant 4 of the speculative execution vulnerability that focuses on a speculative store bypass.

- 漏洞信息 (F147904)

Debian Security Advisory 4210-1 (PacketStormID:F147904)
2018-05-25 00:00:00
Debian  debian.org
advisory,x86
linux,debian
CVE-2018-3639
[点击下载]

Debian Linux Security Advisory 4210-1 - This update provides mitigations for the Spectre v4 variant in x86-based micro processors. On Intel CPUs this requires updated microcode which is currently not released publicly (but your hardware vendor may have issued an update).

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4210-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 25, 2018                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xen
CVE ID         : CVE-2018-3639

This update provides mitigations for the Spectre v4 variant in x86-based
micro processors. On Intel CPUs this requires updated microcode which
is currently not released publicly (but your hardware vendor may have
issued an update). For servers with AMD CPUs no microcode update is
needed, please refer to https://xenbits.xen.org/xsa/advisory-263.html
for further information.

For the stable distribution (stretch), this problem has been fixed in
version 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7.

We recommend that you upgrade your xen packages.

For the detailed security status of xen please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xen

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlsHl18ACgkQEMKTtsN8
Tja61RAAl6F2wDQ3w4RU8LAO/kfjVera+SqgJPNLTXU4d9rcxRcZy/uKDIl29Zi3
XQZtY6ZjNdF6BpIK7o2eB5pVJKCPEJpLIW7nx3fUrTRnAlPNl68GcJ0Pcw8RIm/Q
OD4YpiGqgIlLi2Taf9Pq8a0DL5+KOk9IIdkZ8KJ+9jmovvehtrqwp4bEEJq0VOOb
YOBqONZ8ODfMyyvSVIChJB+ctYxbFpU9+X2WJUocsSXJmCB2lu7kReQI5afc6wGb
yNePS3NimubchiThUPCnv7VsGsAQcyEuM0OXEbPptbgnxlB/fNAD2wDuDuSoSn7N
4IlMOaFZBrQEuLuPdyrfImOTZqcDB6b3UYKkgM09j2t5hFgrn5tw2kY3Kjw/+qi7
ANkhQAg88yrROxq9MWzxnsWQWPEQFziUg3/PZtlsypvujth1KqN8GPupeZd1PmFI
MgxPnI8MKZqWyKLPdmJUpjn0iUIvO+MEkveF7dhGV9vyL13e8EDMMoIoXN3d1/Qu
IIcaISG9TvkEgz1wgfxJUtd8kQE1z+Vl1rQT9Y4UA2x+HFuhh4BFr2h/toCGCXOq
8zLeHQT2Gru1mL2jBQMLUABdCtgd9iemLz7W82YPcAUyo8u1SGig8ZbY/ACijX8k
hCISdMx8Jb2cgFuns/vvBESPHghhUM9C6iX2Xz1d5PyEwyyBHTo=
=fWvA
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F147938)

Red Hat Security Advisory 2018-1738-01 (PacketStormID:F147938)
2018-05-30 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1738-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security, bug fix, and enhancement update
Advisory ID:       RHSA-2018:1738-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1738
Issue date:        2018-05-29
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.4
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.4) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.4) - noarch, ppc64, ppc64le, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This issue is present in hardware and cannot be fully fixed via
software update. The updated kernel packages provide software side of the
mitigation for this hardware issue. To be fully functional, up-to-date CPU
microcode applied on the system might be required. Please refer to
References section for further information about this issue, CPU microcode
requirements and the potential performance impact.

In this update, mitigation for PowerPC architecture is provided.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

Bug Fix(es):

These updated kernel packages include also numerous bug fixes. Space
precludes documenting all of these bug fixes in this advisory. See the bug
fix descriptions in the related Knowledge Article:
https://access.redhat.com/articles/3449601

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.4):

Source:
kernel-3.10.0-693.33.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-693.33.1.el7.noarch.rpm
kernel-doc-3.10.0-693.33.1.el7.noarch.rpm

x86_64:
kernel-3.10.0-693.33.1.el7.x86_64.rpm
kernel-debug-3.10.0-693.33.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.33.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.33.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.33.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.33.1.el7.x86_64.rpm
kernel-devel-3.10.0-693.33.1.el7.x86_64.rpm
kernel-headers-3.10.0-693.33.1.el7.x86_64.rpm
kernel-tools-3.10.0-693.33.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.33.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.33.1.el7.x86_64.rpm
perf-3.10.0-693.33.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.33.1.el7.x86_64.rpm
python-perf-3.10.0-693.33.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.33.1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4):

x86_64:
kernel-debug-debuginfo-3.10.0-693.33.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.33.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.33.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.33.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.33.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.33.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.33.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.4):

Source:
kernel-3.10.0-693.33.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-693.33.1.el7.noarch.rpm
kernel-doc-3.10.0-693.33.1.el7.noarch.rpm

ppc64:
kernel-3.10.0-693.33.1.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-693.33.1.el7.ppc64.rpm
kernel-debug-3.10.0-693.33.1.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-693.33.1.el7.ppc64.rpm
kernel-debug-devel-3.10.0-693.33.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-693.33.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-693.33.1.el7.ppc64.rpm
kernel-devel-3.10.0-693.33.1.el7.ppc64.rpm
kernel-headers-3.10.0-693.33.1.el7.ppc64.rpm
kernel-tools-3.10.0-693.33.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-693.33.1.el7.ppc64.rpm
kernel-tools-libs-3.10.0-693.33.1.el7.ppc64.rpm
perf-3.10.0-693.33.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-693.33.1.el7.ppc64.rpm
python-perf-3.10.0-693.33.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-693.33.1.el7.ppc64.rpm

ppc64le:
kernel-3.10.0-693.33.1.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-693.33.1.el7.ppc64le.rpm
kernel-debug-3.10.0-693.33.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-693.33.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-693.33.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-693.33.1.el7.ppc64le.rpm
kernel-devel-3.10.0-693.33.1.el7.ppc64le.rpm
kernel-headers-3.10.0-693.33.1.el7.ppc64le.rpm
kernel-tools-3.10.0-693.33.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-693.33.1.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-693.33.1.el7.ppc64le.rpm
perf-3.10.0-693.33.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-693.33.1.el7.ppc64le.rpm
python-perf-3.10.0-693.33.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-693.33.1.el7.ppc64le.rpm

s390x:
kernel-3.10.0-693.33.1.el7.s390x.rpm
kernel-debug-3.10.0-693.33.1.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-693.33.1.el7.s390x.rpm
kernel-debug-devel-3.10.0-693.33.1.el7.s390x.rpm
kernel-debuginfo-3.10.0-693.33.1.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-693.33.1.el7.s390x.rpm
kernel-devel-3.10.0-693.33.1.el7.s390x.rpm
kernel-headers-3.10.0-693.33.1.el7.s390x.rpm
kernel-kdump-3.10.0-693.33.1.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-693.33.1.el7.s390x.rpm
kernel-kdump-devel-3.10.0-693.33.1.el7.s390x.rpm
perf-3.10.0-693.33.1.el7.s390x.rpm
perf-debuginfo-3.10.0-693.33.1.el7.s390x.rpm
python-perf-3.10.0-693.33.1.el7.s390x.rpm
python-perf-debuginfo-3.10.0-693.33.1.el7.s390x.rpm

x86_64:
kernel-3.10.0-693.33.1.el7.x86_64.rpm
kernel-debug-3.10.0-693.33.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.33.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.33.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.33.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.33.1.el7.x86_64.rpm
kernel-devel-3.10.0-693.33.1.el7.x86_64.rpm
kernel-headers-3.10.0-693.33.1.el7.x86_64.rpm
kernel-tools-3.10.0-693.33.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.33.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.33.1.el7.x86_64.rpm
perf-3.10.0-693.33.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.33.1.el7.x86_64.rpm
python-perf-3.10.0-693.33.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.33.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.4):

noarch:
kernel-doc-3.10.0-693.33.1.el7.noarch.rpm

ppc64:
kernel-debug-debuginfo-3.10.0-693.33.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-693.33.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-693.33.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-693.33.1.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-693.33.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-693.33.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-693.33.1.el7.ppc64.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-693.33.1.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-693.33.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-693.33.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-693.33.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-693.33.1.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-693.33.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-693.33.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-693.33.1.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-693.33.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.33.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.33.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.33.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.33.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.33.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.33.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd
https://access.redhat.com/articles/3449601

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWw3HGNzjgjWX9erEAQjcMw//T7hQVhd3RKhpMDZO6/e9tFSApQ4kEwGI
lcdjw5L2ZReI41F+J6VKDuQlB/bhuvJpuzF2D5gXHtVPpNbgp1m1Kga1upFDEwAY
kHGvHrwS0SJ/atqFQUAOGBPMbTcVIzo7yK7rD8SyyqlE3aZ4vixVS8I05IDD/MG/
qL2M4eymRl08EB7ylVQpjuCTrInuj8tSjxYatrFHXWPj0pd+cQbmc4dGfFsf8xwL
VmUWPFmAyx5VYGw613iAP53aGv0ODFjlS+EyNx5lskNfIXBeZJMhycDOXc3k/YNA
wnt/cQ30V4c60iGwRzeZO6+O6GW9CsIG/z/P08z4Eq7T92kszb7iqvZzViVo11+r
JzPpfuRbXL/a5umCV7DimS0/wHE9dDJaV9LItYdM9tIRS24KMECU4D3FPzNXTjVI
6Ycc3u4kkd0DIlMGGQBgQkaxjysHkmix0Cg2lj709FjbeiCqXYrRrF//MwAxOyWD
O8A8OtlCJYWgYIvT7h/fTT8uqaUSsBl4MBEWYbVjSVqbrpNxDthLGBr7YUBnCo6U
JKAmaBSZZrVJ0f6Ri8PnMXR0iyocGQja3w3Cu+fhF2ihRNHiBxVb3hNvkSzXCvRb
OwtANbgZBVXb7gPLxcnbec1ZhpwSflyq4fxqtpyBO/vXgodDU9TecHF+YyElZ2c7
RT4U8Zxe5Jc=
=VULp
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147936)

Red Hat Security Advisory 2018-1737-01 (PacketStormID:F147936)
2018-05-30 00:00:00
Red Hat  
advisory,kernel,vulnerability
linux,redhat
CVE-2017-18017,CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1737-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2018:1737-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1737
Issue date:        2018-05-29
CVE Names:         CVE-2017-18017 CVE-2018-3639 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.3
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.3) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.3) - ppc64, ppc64le, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This issue is present in hardware and cannot be fully fixed via
software update. The updated kernel packages provide software side of the
mitigation for this hardware issue. To be fully functional, up-to-date CPU
microcode applied on the system might be required. Please refer to
References section for further information about this issue, CPU microcode
requirements and the potential performance impact.

In this update, mitigation for PowerPC architecture is provided.

* kernel: netfilter: use-after-free in tcpmss_mangle_packet function in
net/netfilter/xt_TCPMSS.c (CVE-2017-18017)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639.

Bug Fix(es):

These updated kernel packages include also numerous bug fixes. Space
precludes documenting all of these bug fixes in this advisory. See the bug
fix descriptions in the related Knowledge Article:
https://access.redhat.com/articles/3461451

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1531135 - CVE-2017-18017 kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c
1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.3):

Source:
kernel-3.10.0-514.51.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-514.51.1.el7.noarch.rpm
kernel-doc-3.10.0-514.51.1.el7.noarch.rpm

x86_64:
kernel-3.10.0-514.51.1.el7.x86_64.rpm
kernel-debug-3.10.0-514.51.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.51.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.51.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.51.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.51.1.el7.x86_64.rpm
kernel-devel-3.10.0-514.51.1.el7.x86_64.rpm
kernel-headers-3.10.0-514.51.1.el7.x86_64.rpm
kernel-tools-3.10.0-514.51.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.51.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.51.1.el7.x86_64.rpm
perf-3.10.0-514.51.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.51.1.el7.x86_64.rpm
python-perf-3.10.0-514.51.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.51.1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3):

x86_64:
kernel-debug-debuginfo-3.10.0-514.51.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.51.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.51.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.51.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.51.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.51.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.51.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.3):

Source:
kernel-3.10.0-514.51.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-514.51.1.el7.noarch.rpm
kernel-doc-3.10.0-514.51.1.el7.noarch.rpm

ppc64:
kernel-3.10.0-514.51.1.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-514.51.1.el7.ppc64.rpm
kernel-debug-3.10.0-514.51.1.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-514.51.1.el7.ppc64.rpm
kernel-debug-devel-3.10.0-514.51.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-514.51.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-514.51.1.el7.ppc64.rpm
kernel-devel-3.10.0-514.51.1.el7.ppc64.rpm
kernel-headers-3.10.0-514.51.1.el7.ppc64.rpm
kernel-tools-3.10.0-514.51.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-514.51.1.el7.ppc64.rpm
kernel-tools-libs-3.10.0-514.51.1.el7.ppc64.rpm
perf-3.10.0-514.51.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-514.51.1.el7.ppc64.rpm
python-perf-3.10.0-514.51.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-514.51.1.el7.ppc64.rpm

ppc64le:
kernel-3.10.0-514.51.1.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-514.51.1.el7.ppc64le.rpm
kernel-debug-3.10.0-514.51.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-514.51.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-514.51.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-514.51.1.el7.ppc64le.rpm
kernel-devel-3.10.0-514.51.1.el7.ppc64le.rpm
kernel-headers-3.10.0-514.51.1.el7.ppc64le.rpm
kernel-tools-3.10.0-514.51.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-514.51.1.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-514.51.1.el7.ppc64le.rpm
perf-3.10.0-514.51.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-514.51.1.el7.ppc64le.rpm
python-perf-3.10.0-514.51.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-514.51.1.el7.ppc64le.rpm

s390x:
kernel-3.10.0-514.51.1.el7.s390x.rpm
kernel-debug-3.10.0-514.51.1.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-514.51.1.el7.s390x.rpm
kernel-debug-devel-3.10.0-514.51.1.el7.s390x.rpm
kernel-debuginfo-3.10.0-514.51.1.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-514.51.1.el7.s390x.rpm
kernel-devel-3.10.0-514.51.1.el7.s390x.rpm
kernel-headers-3.10.0-514.51.1.el7.s390x.rpm
kernel-kdump-3.10.0-514.51.1.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-514.51.1.el7.s390x.rpm
kernel-kdump-devel-3.10.0-514.51.1.el7.s390x.rpm
perf-3.10.0-514.51.1.el7.s390x.rpm
perf-debuginfo-3.10.0-514.51.1.el7.s390x.rpm
python-perf-3.10.0-514.51.1.el7.s390x.rpm
python-perf-debuginfo-3.10.0-514.51.1.el7.s390x.rpm

x86_64:
kernel-3.10.0-514.51.1.el7.x86_64.rpm
kernel-debug-3.10.0-514.51.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.51.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.51.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.51.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.51.1.el7.x86_64.rpm
kernel-devel-3.10.0-514.51.1.el7.x86_64.rpm
kernel-headers-3.10.0-514.51.1.el7.x86_64.rpm
kernel-tools-3.10.0-514.51.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.51.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.51.1.el7.x86_64.rpm
perf-3.10.0-514.51.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.51.1.el7.x86_64.rpm
python-perf-3.10.0-514.51.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.51.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.3):

ppc64:
kernel-debug-debuginfo-3.10.0-514.51.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-514.51.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-514.51.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-514.51.1.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-514.51.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-514.51.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-514.51.1.el7.ppc64.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-514.51.1.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-514.51.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-514.51.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-514.51.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-514.51.1.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-514.51.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-514.51.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-514.51.1.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-514.51.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.51.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.51.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.51.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.51.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.51.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.51.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-18017
https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd
https://access.redhat.com/articles/3461451

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWw2hHdzjgjWX9erEAQgMIg/9F2rR4PhOYLGlkZOlaWFqKijsIAEsoJfy
O+oEhU3jycYwSMgckJbjHuTLhH+rLWXetWRP/BosoNPxvxiqaDRI1mVAxqZddAmp
LeEHQeXnkRKHA/QjsaZiDxi83VkvdxZMcz7P8qN/gsotiFDdbu+Ku0twv+Sf3618
TyE2CJYmEv7x2h5ZLj3+PiGLtFQnSA9lvWNXId2X3lJZrDbsrrPRI1AjrCj4+XOk
sLpbVLRjay5vQ9vXtKmzWtCEVXs7HWcqY+Lk4qncTgQy3I14fToqCI79nan3pdDr
1rQ0EiavFcZcJxMlQaq4L7q0U8rPRmtpqhPjhXYpQn9iK2JLsrr3S4XTESWtiFCY
kN2XlNmb4AHsCxyc8DX00mBo6GTlTvmIa7/7vmI8vNg+TqUt1kJfFYXUbVW36F3o
t0RySEUUJsN43bBRCEHCIjhuBUCsTSOg6sjwaGflbdDiEZbvOZg8khf70aokOmtk
mIPiLoQwxzpRIIpHRwDvlepawTIHpV306K57V1itbXMA20BVZiHmrbP408RDIBsG
NWh89KIFkK99lxaep4MJdknGmwylbsFBsZbuCBspRF3Iu4G4EfU9HGMROM5bRIiT
moajwUeIuycqxA93edPQaz1ybjt/I1Zm5rduh6luTifF29OPux36cFi54GflwBxp
kwBsFb0zdr8=
=1vU1
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147934)

Red Hat Security Advisory 2018-1637-01 (PacketStormID:F147934)
2018-05-30 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1637-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update
Advisory ID:       RHSA-2018:1637-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1637
Issue date:        2018-05-29
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.2
Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update
Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP
Solutions.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64
Red Hat Enterprise Linux Server E4S (v. 7.2) - noarch, ppc64le, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64
Red Hat Enterprise Linux Server Optional E4S (v. 7.2) - ppc64le, x86_64
Red Hat Enterprise Linux Server Optional TUS (v. 7.2) - x86_64
Red Hat Enterprise Linux Server TUS (v. 7.2) - noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This issue is present in hardware and cannot be fully fixed via
software update. The updated kernel packages provide software side of the
mitigation for this hardware issue. To be fully functional, up-to-date CPU
microcode applied on the system is required. Please refer to References
section for further information about this issue, CPU microcode
requirements and the potential performance impact.

In this update mitigations for x86-64 architecture are provided.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.2):

Source:
kernel-3.10.0-327.66.5.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-327.66.5.el7.noarch.rpm
kernel-doc-3.10.0-327.66.5.el7.noarch.rpm

x86_64:
kernel-3.10.0-327.66.5.el7.x86_64.rpm
kernel-debug-3.10.0-327.66.5.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
kernel-debug-devel-3.10.0-327.66.5.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.66.5.el7.x86_64.rpm
kernel-devel-3.10.0-327.66.5.el7.x86_64.rpm
kernel-headers-3.10.0-327.66.5.el7.x86_64.rpm
kernel-tools-3.10.0-327.66.5.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
kernel-tools-libs-3.10.0-327.66.5.el7.x86_64.rpm
perf-3.10.0-327.66.5.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
python-perf-3.10.0-327.66.5.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.2):

Source:
kernel-3.10.0-327.66.5.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-327.66.5.el7.noarch.rpm
kernel-doc-3.10.0-327.66.5.el7.noarch.rpm

ppc64le:
kernel-3.10.0-327.66.5.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-327.66.5.el7.ppc64le.rpm
kernel-debug-3.10.0-327.66.5.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-327.66.5.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-327.66.5.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-327.66.5.el7.ppc64le.rpm
kernel-devel-3.10.0-327.66.5.el7.ppc64le.rpm
kernel-headers-3.10.0-327.66.5.el7.ppc64le.rpm
kernel-tools-3.10.0-327.66.5.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-327.66.5.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-327.66.5.el7.ppc64le.rpm
perf-3.10.0-327.66.5.el7.ppc64le.rpm
perf-debuginfo-3.10.0-327.66.5.el7.ppc64le.rpm
python-perf-3.10.0-327.66.5.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-327.66.5.el7.ppc64le.rpm

x86_64:
kernel-3.10.0-327.66.5.el7.x86_64.rpm
kernel-debug-3.10.0-327.66.5.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
kernel-debug-devel-3.10.0-327.66.5.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.66.5.el7.x86_64.rpm
kernel-devel-3.10.0-327.66.5.el7.x86_64.rpm
kernel-headers-3.10.0-327.66.5.el7.x86_64.rpm
kernel-tools-3.10.0-327.66.5.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
kernel-tools-libs-3.10.0-327.66.5.el7.x86_64.rpm
perf-3.10.0-327.66.5.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
python-perf-3.10.0-327.66.5.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.2):

Source:
kernel-3.10.0-327.66.5.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-327.66.5.el7.noarch.rpm
kernel-doc-3.10.0-327.66.5.el7.noarch.rpm

x86_64:
kernel-3.10.0-327.66.5.el7.x86_64.rpm
kernel-debug-3.10.0-327.66.5.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
kernel-debug-devel-3.10.0-327.66.5.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.66.5.el7.x86_64.rpm
kernel-devel-3.10.0-327.66.5.el7.x86_64.rpm
kernel-headers-3.10.0-327.66.5.el7.x86_64.rpm
kernel-tools-3.10.0-327.66.5.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
kernel-tools-libs-3.10.0-327.66.5.el7.x86_64.rpm
perf-3.10.0-327.66.5.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
python-perf-3.10.0-327.66.5.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.2):

x86_64:
kernel-debug-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.66.5.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-327.66.5.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.2):

ppc64le:
kernel-debug-debuginfo-3.10.0-327.66.5.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-327.66.5.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-327.66.5.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-327.66.5.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-327.66.5.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-327.66.5.el7.ppc64le.rpm
perf-debuginfo-3.10.0-327.66.5.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-327.66.5.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.66.5.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-327.66.5.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 7.2):

x86_64:
kernel-debug-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.66.5.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-327.66.5.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.66.5.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWw2BANzjgjWX9erEAQhF0w//fF6L71SjAmFvVMGdxUVNxWSXTDvAYGQd
HSNMuvjQ3smc3SJaPZZQR1bBMvpibi5+xNq+lXLAnlmbSdHAiCaFozEOdW/NI+VM
uVTqg7JUDO/sPa2CcfMOY4HNwEOw23BkNLgbrSVSapiDBKQPdQzcDBHn0iqQ8zwo
Sx6q+RI288WBzDi8RtK26y1j+ggCNlqFuI4T35efkxsY2YD1o2GWdLAT0vTOovJS
bSRxk6UowD4z+UQGx6QhPYQZnAfeqq264EBxH5EhkbEPXaxrMtHVslcT5pzknbjZ
61NFikhNl2T2rA7j9VnHwNXbhvUur6hrNvdgO8f+TJKOWQU5cd2NKMI1Tk7mLg+q
ppUrHz6U6LfW/XzOf6vbjUgwovEGks2Dge4v9KA2NaCQyMQqbvUScjCBnFgE7MlR
tUwj2Y8i98BSplwnrPsVO7ur8ngNUKJ/E0Zv+JCaeOEANJTDymAdVu3cUZjSy+rE
GSxktqIiskzf4lEeq43SkhzUY3z/W9ePRG9hQx61GWf1EKHYj7gxo1+ZVoCig5sO
KNT0mcsBzzxdN4FuaXv/Ckptd0pWJ3HOt3DPSEK7iYpNzqTPlrSPqBMMRdy98+us
4hPqJGKU4rEbM8Gr/KEqKqmUc46Au6uGJDUuDOyy/AeKrhMG+irhKlZKOK2OkzrO
kcpTK3t5OFU=
=Pgol
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147933)

Red Hat Security Advisory 2018-1640-01 (PacketStormID:F147933)
2018-05-30 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1640-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update
Advisory ID:       RHSA-2018:1640-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1640
Issue date:        2018-05-29
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 6.5
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.5) - noarch, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This issue is present in hardware and cannot be fully fixed via
software update. The updated kernel packages provide software side of the
mitigation for this hardware issue. To be fully functional, up-to-date CPU
microcode applied on the system is required. Please refer to References
section for further information about this issue, CPU microcode
requirements and the potential performance impact.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.5):

Source:
kernel-2.6.32-431.89.4.el6.src.rpm

noarch:
kernel-abi-whitelists-2.6.32-431.89.4.el6.noarch.rpm
kernel-doc-2.6.32-431.89.4.el6.noarch.rpm
kernel-firmware-2.6.32-431.89.4.el6.noarch.rpm

x86_64:
kernel-2.6.32-431.89.4.el6.x86_64.rpm
kernel-debug-2.6.32-431.89.4.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-431.89.4.el6.x86_64.rpm
kernel-debug-devel-2.6.32-431.89.4.el6.x86_64.rpm
kernel-debuginfo-2.6.32-431.89.4.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-431.89.4.el6.x86_64.rpm
kernel-devel-2.6.32-431.89.4.el6.x86_64.rpm
kernel-headers-2.6.32-431.89.4.el6.x86_64.rpm
perf-2.6.32-431.89.4.el6.x86_64.rpm
perf-debuginfo-2.6.32-431.89.4.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-431.89.4.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 6.5):

Source:
kernel-2.6.32-431.89.4.el6.src.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-431.89.4.el6.x86_64.rpm
kernel-debuginfo-2.6.32-431.89.4.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-431.89.4.el6.x86_64.rpm
perf-debuginfo-2.6.32-431.89.4.el6.x86_64.rpm
python-perf-2.6.32-431.89.4.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-431.89.4.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWw2Aj9zjgjWX9erEAQg3gQ/+JcZ+XZ8/oZ4PW7kMHnTQGr5FDEhFnsJ5
HHkZ0HOoCmsWhEz9r65ZvwBcb/5Ht7lFdIINiZeeBalkO4VbiO5jnskzVzYM9F1J
DtUl22uFsxeWFgQrc+M13/RfRUlOcmR0OIoj6/CYG+216TkVH2RCXfJ/rsm/Tgr4
Wy/Qo8Hz0TXK6wf4BbL0QlEA2a5D0NCsss5WoK+7c+waKtcrz2ZF3ZNnuaUDYAmb
DlWCtIuTMvSiVrFSD3gJ/IJuzM6Vq54wWZ5oOrHgvY3+4WruttgJ1DIB26nV5zRt
80r7a4G14ET6AdoUpqd7VurIHgUaPlyOru5f+Rya1GLKffwNXg9bEiyCNqdc4I8x
/mAfjGbdZI0t3Ea7YMbspIkHR/S4hWO4YMFW+qRQE0IPirulFpCyS38JS6HNb0F2
ab+AR1y8a9SklQ6Q0WpXWm1tsm7wcntqV3sLaVm1bqNR7TOJUxL9Vf4HLLsBXt/v
WasR5tTd5Pizg47VXqg4lLdQdVVpeE8JYnT9TsnNjdnL7F49iKj4ygjM6CCwJBr/
ryRqEr8Pz1dYgdcPUgllODXhvlCuKhiGtR3TUWBCJfbohXEWMwoeWIq33BejBGyY
/w7HVmWdkebX8/7qBPPI2gUpj/QiKm72vNtPj4RhObsc1GQEg/fgBZBM+JR1cSJy
2vKONi3BnGg=
=wBPU
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147932)

Red Hat Security Advisory 2018-1639-01 (PacketStormID:F147932)
2018-05-30 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1639-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update
Advisory ID:       RHSA-2018:1639-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1639
Issue date:        2018-05-29
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 6.6
Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended
Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.6) - noarch, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64
Red Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64
Red Hat Enterprise Linux Server TUS (v. 6.6) - noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This issue is present in hardware and cannot be fully fixed via
software update. The updated kernel packages provide software side of the
mitigation for this hardware issue. To be fully functional, up-to-date CPU
microcode applied on the system is required. Please refer to References
section for further information about this issue, CPU microcode
requirements and the potential performance impact.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.6):

Source:
kernel-2.6.32-504.69.3.el6.src.rpm

noarch:
kernel-abi-whitelists-2.6.32-504.69.3.el6.noarch.rpm
kernel-doc-2.6.32-504.69.3.el6.noarch.rpm
kernel-firmware-2.6.32-504.69.3.el6.noarch.rpm

x86_64:
kernel-2.6.32-504.69.3.el6.x86_64.rpm
kernel-debug-2.6.32-504.69.3.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm
kernel-debug-devel-2.6.32-504.69.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-504.69.3.el6.x86_64.rpm
kernel-devel-2.6.32-504.69.3.el6.x86_64.rpm
kernel-headers-2.6.32-504.69.3.el6.x86_64.rpm
perf-2.6.32-504.69.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 6.6):

Source:
kernel-2.6.32-504.69.3.el6.src.rpm

noarch:
kernel-abi-whitelists-2.6.32-504.69.3.el6.noarch.rpm
kernel-doc-2.6.32-504.69.3.el6.noarch.rpm
kernel-firmware-2.6.32-504.69.3.el6.noarch.rpm

x86_64:
kernel-2.6.32-504.69.3.el6.x86_64.rpm
kernel-debug-2.6.32-504.69.3.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm
kernel-debug-devel-2.6.32-504.69.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-504.69.3.el6.x86_64.rpm
kernel-devel-2.6.32-504.69.3.el6.x86_64.rpm
kernel-headers-2.6.32-504.69.3.el6.x86_64.rpm
perf-2.6.32-504.69.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 6.6):

x86_64:
kernel-debug-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-504.69.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm
python-perf-2.6.32-504.69.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 6.6):

x86_64:
kernel-debug-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-504.69.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm
python-perf-2.6.32-504.69.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-504.69.3.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWw2Ah9zjgjWX9erEAQgYwg//e0Q3cPJIigLdHOmwG+T3FpwdO4aqn6ks
jW6F8hAjOu9PxXWcb3MfqqZMNM6/l5bKTWM4Bm8/o4X29KmesrnIq1sAe2+MAE3Q
gtBjEoXYSvpHxbqUweBZZRzimnYCtzmbrs/WMSlDWumM2qT666W0YgjemDNRk8Iu
KADLvYFaqLSW28eOY4Q5y3ljgjTthW72ZYSudgsUB3CcqPBZ7EqXx/VWbbpAiumO
MBsf83l/OvyhNlZ7zJTQiet0v3rTMf0zcnyrUp/7+VPZBZLxXHPC7Y4/7743M0cb
fYrak+VsK7mQqCuj9mWagOyLbSuY4Yd1SVfxOH2gPh0cCKlZfdBcsiuHNG9Lkqd1
tZ6XSlbpO8g8AedNrhf+0x44UQJzB8c6E5tFzOEhqaridxvWx02rrjJ3Uk9sMvdl
v1wEOZYyk+C0W8aByljPLv0js2p63zsBQyzoL1NnJbcM2sAIF99O75/XLRSY104s
D2Krg+ZjHozbZTt0XiMiC6Pydg2cU1dne+C/GVB1SvKxqhV7KsSgB8/H+4KVN0SR
VN8PAcb4MmkPwFp4z1ZpZF9oo+OR4yrZaAJyjcX8wi5XHqe4U+39HLMyIM1yQYoL
VLmq/Ynr5zFDscFNAiv+wV29hrWbU+rtaudFf+SFwvNipS8+RmFV3nTFzQZMZDfT
b0f25qNqSPM=
=5cRp
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147931)

Red Hat Security Advisory 2018-1641-01 (PacketStormID:F147931)
2018-05-30 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1641-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update
Advisory ID:       RHSA-2018:1641-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1641
Issue date:        2018-05-29
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 6.4
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.4) - noarch, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This issue is present in hardware and cannot be fully fixed via
software update. The updated kernel packages provide software side of the
mitigation for this hardware issue. To be fully functional, up-to-date CPU
microcode applied on the system is required. Please refer to References
section for further information about this issue, CPU microcode
requirements and the potential performance impact.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.4):

Source:
kernel-2.6.32-358.88.4.el6.src.rpm

noarch:
kernel-doc-2.6.32-358.88.4.el6.noarch.rpm
kernel-firmware-2.6.32-358.88.4.el6.noarch.rpm

x86_64:
kernel-2.6.32-358.88.4.el6.x86_64.rpm
kernel-debug-2.6.32-358.88.4.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-358.88.4.el6.x86_64.rpm
kernel-debug-devel-2.6.32-358.88.4.el6.x86_64.rpm
kernel-debuginfo-2.6.32-358.88.4.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-358.88.4.el6.x86_64.rpm
kernel-devel-2.6.32-358.88.4.el6.x86_64.rpm
kernel-headers-2.6.32-358.88.4.el6.x86_64.rpm
perf-2.6.32-358.88.4.el6.x86_64.rpm
perf-debuginfo-2.6.32-358.88.4.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-358.88.4.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 6.4):

Source:
kernel-2.6.32-358.88.4.el6.src.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-358.88.4.el6.x86_64.rpm
kernel-debuginfo-2.6.32-358.88.4.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-358.88.4.el6.x86_64.rpm
perf-debuginfo-2.6.32-358.88.4.el6.x86_64.rpm
python-perf-2.6.32-358.88.4.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-358.88.4.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWw2AStzjgjWX9erEAQhyYQ//QidD8wWjAMQSePDf+qpJdzMi0s5mVcyF
cT5Xd3+1sgSq3mJYjsmlLrAqJVF8HHbhfd4mc5oCdkoGOEORX7EphgkerJGNA9WE
xmxnD3OLtbTnXZ1hrQOMMHtj75kXI8TSnDfn7z6tw7fjEyplkQrjxmFgeGqMkK4i
V1MKx8MNE/hQO/TbDvUsjt4qqJCFEHtESkaCi8r2HHO69jQRI6lGX8LcGVEtrxue
7yq0tMm3Mw5R9W/raf/t0hUepxSiVqYU5YBT3R1WJc6R4+U2l3fCwWj+5NNK93fG
8wGsZQJPdzelOPUkPLSrsyhRIaj16aGDhsNc5xJ4VW+Vd6qIbO4DD/76QM6yQJuB
lb+ivhtnUgcJ8dXhg6olVNFxt1UCyUqZoywIdAmNXBvR7eprAUjc/iv6jjTHmhHz
N2H0cq2w4WC6+HsgjAiejXjjgLkEMyrlgaIaSiLeMJ4rz0/DHe8+DVQLJk4+8d8c
CuCIrCEOauM1Tdfpmd07KoM7SAZ1cILfcejNb8W03kYI4aj5Tfgq+aZ6LcLUaGZ2
JFayxT1LnbPKDL8g0pFBh+mbv49y8e2DLhrzynBUy0rxV3KskX6U95aXc0Eu+eAA
WQeBwwdfzGTFwUFnWtRqsb122fCUm+Jv4qkOq0QWbxlZKnkPvMeDzNnUzW1OM8JH
3wvDgUudzbA=
=jtB0
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F147930)

Red Hat Security Advisory 2018-1638-01 (PacketStormID:F147930)
2018-05-30 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1638-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update
Advisory ID:       RHSA-2018:1638-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1638
Issue date:        2018-05-29
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 6.7
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64
Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This issue is present in hardware and cannot be fully fixed via
software update. The updated kernel packages provide software side of the
mitigation for this hardware issue. To be fully functional, up-to-date CPU
microcode applied on the system is required. Please refer to References
section for further information about this issue, CPU microcode
requirements and the potential performance impact.

In this update mitigations for x86 (both 32 and 64 bit) architecture are
provided.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux HPC Node EUS (v. 6.7):

Source:
kernel-2.6.32-573.55.4.el6.src.rpm

noarch:
kernel-abi-whitelists-2.6.32-573.55.4.el6.noarch.rpm
kernel-doc-2.6.32-573.55.4.el6.noarch.rpm
kernel-firmware-2.6.32-573.55.4.el6.noarch.rpm

x86_64:
kernel-2.6.32-573.55.4.el6.x86_64.rpm
kernel-debug-2.6.32-573.55.4.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-573.55.4.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm
kernel-debug-devel-2.6.32-573.55.4.el6.i686.rpm
kernel-debug-devel-2.6.32-573.55.4.el6.x86_64.rpm
kernel-debuginfo-2.6.32-573.55.4.el6.i686.rpm
kernel-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-573.55.4.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-573.55.4.el6.x86_64.rpm
kernel-devel-2.6.32-573.55.4.el6.x86_64.rpm
kernel-headers-2.6.32-573.55.4.el6.x86_64.rpm
perf-2.6.32-573.55.4.el6.x86_64.rpm
perf-debuginfo-2.6.32-573.55.4.el6.i686.rpm
perf-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-573.55.4.el6.i686.rpm
python-perf-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7):

x86_64:
kernel-debug-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm
kernel-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-573.55.4.el6.x86_64.rpm
perf-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm
python-perf-2.6.32-573.55.4.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 6.7):

Source:
kernel-2.6.32-573.55.4.el6.src.rpm

i386:
kernel-2.6.32-573.55.4.el6.i686.rpm
kernel-debug-2.6.32-573.55.4.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-573.55.4.el6.i686.rpm
kernel-debug-devel-2.6.32-573.55.4.el6.i686.rpm
kernel-debuginfo-2.6.32-573.55.4.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-573.55.4.el6.i686.rpm
kernel-devel-2.6.32-573.55.4.el6.i686.rpm
kernel-headers-2.6.32-573.55.4.el6.i686.rpm
perf-2.6.32-573.55.4.el6.i686.rpm
perf-debuginfo-2.6.32-573.55.4.el6.i686.rpm
python-perf-debuginfo-2.6.32-573.55.4.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-573.55.4.el6.noarch.rpm
kernel-doc-2.6.32-573.55.4.el6.noarch.rpm
kernel-firmware-2.6.32-573.55.4.el6.noarch.rpm

ppc64:
kernel-2.6.32-573.55.4.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-573.55.4.el6.ppc64.rpm
kernel-debug-2.6.32-573.55.4.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-573.55.4.el6.ppc64.rpm
kernel-debug-devel-2.6.32-573.55.4.el6.ppc64.rpm
kernel-debuginfo-2.6.32-573.55.4.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-573.55.4.el6.ppc64.rpm
kernel-devel-2.6.32-573.55.4.el6.ppc64.rpm
kernel-headers-2.6.32-573.55.4.el6.ppc64.rpm
perf-2.6.32-573.55.4.el6.ppc64.rpm
perf-debuginfo-2.6.32-573.55.4.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-573.55.4.el6.ppc64.rpm

s390x:
kernel-2.6.32-573.55.4.el6.s390x.rpm
kernel-debug-2.6.32-573.55.4.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-573.55.4.el6.s390x.rpm
kernel-debug-devel-2.6.32-573.55.4.el6.s390x.rpm
kernel-debuginfo-2.6.32-573.55.4.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-573.55.4.el6.s390x.rpm
kernel-devel-2.6.32-573.55.4.el6.s390x.rpm
kernel-headers-2.6.32-573.55.4.el6.s390x.rpm
kernel-kdump-2.6.32-573.55.4.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-573.55.4.el6.s390x.rpm
kernel-kdump-devel-2.6.32-573.55.4.el6.s390x.rpm
perf-2.6.32-573.55.4.el6.s390x.rpm
perf-debuginfo-2.6.32-573.55.4.el6.s390x.rpm
python-perf-debuginfo-2.6.32-573.55.4.el6.s390x.rpm

x86_64:
kernel-2.6.32-573.55.4.el6.x86_64.rpm
kernel-debug-2.6.32-573.55.4.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-573.55.4.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm
kernel-debug-devel-2.6.32-573.55.4.el6.i686.rpm
kernel-debug-devel-2.6.32-573.55.4.el6.x86_64.rpm
kernel-debuginfo-2.6.32-573.55.4.el6.i686.rpm
kernel-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-573.55.4.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-573.55.4.el6.x86_64.rpm
kernel-devel-2.6.32-573.55.4.el6.x86_64.rpm
kernel-headers-2.6.32-573.55.4.el6.x86_64.rpm
perf-2.6.32-573.55.4.el6.x86_64.rpm
perf-debuginfo-2.6.32-573.55.4.el6.i686.rpm
perf-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-573.55.4.el6.i686.rpm
python-perf-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 6.7):

i386:
kernel-debug-debuginfo-2.6.32-573.55.4.el6.i686.rpm
kernel-debuginfo-2.6.32-573.55.4.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-573.55.4.el6.i686.rpm
perf-debuginfo-2.6.32-573.55.4.el6.i686.rpm
python-perf-2.6.32-573.55.4.el6.i686.rpm
python-perf-debuginfo-2.6.32-573.55.4.el6.i686.rpm

ppc64:
kernel-debug-debuginfo-2.6.32-573.55.4.el6.ppc64.rpm
kernel-debuginfo-2.6.32-573.55.4.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-573.55.4.el6.ppc64.rpm
perf-debuginfo-2.6.32-573.55.4.el6.ppc64.rpm
python-perf-2.6.32-573.55.4.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-573.55.4.el6.ppc64.rpm

s390x:
kernel-debug-debuginfo-2.6.32-573.55.4.el6.s390x.rpm
kernel-debuginfo-2.6.32-573.55.4.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-573.55.4.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-573.55.4.el6.s390x.rpm
perf-debuginfo-2.6.32-573.55.4.el6.s390x.rpm
python-perf-2.6.32-573.55.4.el6.s390x.rpm
python-perf-debuginfo-2.6.32-573.55.4.el6.s390x.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm
kernel-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-573.55.4.el6.x86_64.rpm
perf-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm
python-perf-2.6.32-573.55.4.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-573.55.4.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWw1k4dzjgjWX9erEAQj0mQ/+Mn55yJvy7CVpgvtnBOyB28Irg/6qD74E
jpVqCH7g163gY1r62H9sPak7oLz84U34xg+OKKbUgmef2kjhpx/zV4+8C5CpKvb1
GXNgUJ82Db6zXbauAwtpmFvLEZdMlxN52dR3sFS8MzDoSzYjIWmAi+9huIQv495s
BFkIkaLVIyif15aWQHmXmNXxiiQLglMc6kcPez+PzuDw1p3/oIwKfLYmRLDv2lYr
2wEr6r8jBAdU9TZdOMjnSq0iuW8qbqb70OFiJjnx+dbgJUSTnz2v8STKl5XRU031
DrGWCzWWfGd4+kF1Wp3FX2+KH7qnpajnRW7M8/9JAGylFnFlN6VYk06ITYM+SrDj
NufVSSif03/XEw4+ZylQCxmJxteFwJaYdDw3nLwXJIiM5mAzt+Dfbvuyl+/oBs0X
I6HQzKdKXhtB26j6pA7s+kid+nAjsXr9udolPgrnqE/kX9NYgfCxxa6QEKLWBzRp
1UkVhl5qY3SmXUNxtTwf6h1V1716IK6uSG8oHK2JRYkSEKB9J8gmFIPL/l87qrdE
MXXUDDgHEyyi7LP3uR7mliPFw4gYNlnvCuItZN5TvdtH1cozhO/hlrG/KiiLT3RR
0U8iXQCEUrB/kbfWgPje9yutX8qIOEIwdwJZI/hmjTwaYUu6KRn460VQ3u4brOoz
qhDqm3JNYpw=
=YWWQ
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F148153)

Ubuntu Security Notice USN-3680-1 (PacketStormID:F148153)
2018-06-12 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,kernel
linux,ubuntu
CVE-2018-1064,CVE-2018-3639
[点击下载]

Ubuntu Security Notice 3680-1 - Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows libvirt to expose new CPU features added by microcode updates to guests. Daniel P. Berrange discovered that libvirt incorrectly handled the QEMU guest agent. An attacker could possibly use this issue to consume resources, leading to a denial of service. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3680-1
June 12, 2018

libvirt vulnerability and update
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Side channel execution mitigations were added to libvirt.

Software Description:
- libvirt: Libvirt virtualization toolkit

Details:

Ken Johnson and Jann Horn independently discovered that microprocessors
utilizing speculative execution of a memory read may allow unauthorized
memory reads via sidechannel attacks. An attacker in the guest could use
this to expose sensitive guest information, including kernel memory. This
update allows libvirt to expose new CPU features added by microcode updates
to guests. (CVE-2018-3639)

Daniel P. Berrange discovered that libvirt incorrectly handled the QEMU
guest agent. An attacker could possibly use this issue to consume
resources, leading to a denial of service. (CVE-2018-1064)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  libvirt-bin                     4.0.0-1ubuntu8.2
  libvirt0                        4.0.0-1ubuntu8.2

Ubuntu 17.10:
  libvirt-bin                     3.6.0-1ubuntu6.8
  libvirt0                        3.6.0-1ubuntu6.8

Ubuntu 16.04 LTS:
  libvirt-bin                     1.3.1-1ubuntu10.24
  libvirt0                        1.3.1-1ubuntu10.24

Ubuntu 14.04 LTS:
  libvirt-bin                     1.2.2-0ubuntu13.1.27
  libvirt0                        1.2.2-0ubuntu13.1.27

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  https://usn.ubuntu.com/usn/usn-3680-1
  CVE-2018-1064, CVE-2018-3639

Package Information:
  https://launchpad.net/ubuntu/+source/libvirt/4.0.0-1ubuntu8.2
  https://launchpad.net/ubuntu/+source/libvirt/3.6.0-1ubuntu6.8
  https://launchpad.net/ubuntu/+source/libvirt/1.3.1-1ubuntu10.24
  https://launchpad.net/ubuntu/+source/libvirt/1.2.2-0ubuntu13.1.27

    

- 漏洞信息 (F148151)

Red Hat Security Advisory 2018-1826-01 (PacketStormID:F148151)
2018-06-12 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1826-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security, bug fix, and enhancement update
Advisory ID:       RHSA-2018:1826-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1826
Issue date:        2018-06-12
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 6.7
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64
Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639, PowerPC)

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

Bug Fix(es) and Enhancement(s):

These updated kernel packages include also numerous bug fixes and
enhancements. Space precludes documenting all of the bug fixes and
enhancements in this advisory. See the descriptions in the related
Knowledge Article:
https://access.redhat.com/articles/3483021

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux HPC Node EUS (v. 6.7):

Source:
kernel-2.6.32-573.59.1.el6.src.rpm

noarch:
kernel-abi-whitelists-2.6.32-573.59.1.el6.noarch.rpm
kernel-doc-2.6.32-573.59.1.el6.noarch.rpm
kernel-firmware-2.6.32-573.59.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-573.59.1.el6.x86_64.rpm
kernel-debug-2.6.32-573.59.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-573.59.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-573.59.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-573.59.1.el6.i686.rpm
kernel-debug-devel-2.6.32-573.59.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-573.59.1.el6.i686.rpm
kernel-debuginfo-2.6.32-573.59.1.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-573.59.1.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-573.59.1.el6.x86_64.rpm
kernel-devel-2.6.32-573.59.1.el6.x86_64.rpm
kernel-headers-2.6.32-573.59.1.el6.x86_64.rpm
perf-2.6.32-573.59.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-573.59.1.el6.i686.rpm
perf-debuginfo-2.6.32-573.59.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-573.59.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-573.59.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7):

x86_64:
kernel-debug-debuginfo-2.6.32-573.59.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-573.59.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-573.59.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-573.59.1.el6.x86_64.rpm
python-perf-2.6.32-573.59.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-573.59.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 6.7):

Source:
kernel-2.6.32-573.59.1.el6.src.rpm

i386:
kernel-2.6.32-573.59.1.el6.i686.rpm
kernel-debug-2.6.32-573.59.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-573.59.1.el6.i686.rpm
kernel-debug-devel-2.6.32-573.59.1.el6.i686.rpm
kernel-debuginfo-2.6.32-573.59.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-573.59.1.el6.i686.rpm
kernel-devel-2.6.32-573.59.1.el6.i686.rpm
kernel-headers-2.6.32-573.59.1.el6.i686.rpm
perf-2.6.32-573.59.1.el6.i686.rpm
perf-debuginfo-2.6.32-573.59.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-573.59.1.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-573.59.1.el6.noarch.rpm
kernel-doc-2.6.32-573.59.1.el6.noarch.rpm
kernel-firmware-2.6.32-573.59.1.el6.noarch.rpm

ppc64:
kernel-2.6.32-573.59.1.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-573.59.1.el6.ppc64.rpm
kernel-debug-2.6.32-573.59.1.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-573.59.1.el6.ppc64.rpm
kernel-debug-devel-2.6.32-573.59.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-573.59.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-573.59.1.el6.ppc64.rpm
kernel-devel-2.6.32-573.59.1.el6.ppc64.rpm
kernel-headers-2.6.32-573.59.1.el6.ppc64.rpm
perf-2.6.32-573.59.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-573.59.1.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-573.59.1.el6.ppc64.rpm

s390x:
kernel-2.6.32-573.59.1.el6.s390x.rpm
kernel-debug-2.6.32-573.59.1.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-573.59.1.el6.s390x.rpm
kernel-debug-devel-2.6.32-573.59.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-573.59.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-573.59.1.el6.s390x.rpm
kernel-devel-2.6.32-573.59.1.el6.s390x.rpm
kernel-headers-2.6.32-573.59.1.el6.s390x.rpm
kernel-kdump-2.6.32-573.59.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-573.59.1.el6.s390x.rpm
kernel-kdump-devel-2.6.32-573.59.1.el6.s390x.rpm
perf-2.6.32-573.59.1.el6.s390x.rpm
perf-debuginfo-2.6.32-573.59.1.el6.s390x.rpm
python-perf-debuginfo-2.6.32-573.59.1.el6.s390x.rpm

x86_64:
kernel-2.6.32-573.59.1.el6.x86_64.rpm
kernel-debug-2.6.32-573.59.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-573.59.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-573.59.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-573.59.1.el6.i686.rpm
kernel-debug-devel-2.6.32-573.59.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-573.59.1.el6.i686.rpm
kernel-debuginfo-2.6.32-573.59.1.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-573.59.1.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-573.59.1.el6.x86_64.rpm
kernel-devel-2.6.32-573.59.1.el6.x86_64.rpm
kernel-headers-2.6.32-573.59.1.el6.x86_64.rpm
perf-2.6.32-573.59.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-573.59.1.el6.i686.rpm
perf-debuginfo-2.6.32-573.59.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-573.59.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-573.59.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 6.7):

i386:
kernel-debug-debuginfo-2.6.32-573.59.1.el6.i686.rpm
kernel-debuginfo-2.6.32-573.59.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-573.59.1.el6.i686.rpm
perf-debuginfo-2.6.32-573.59.1.el6.i686.rpm
python-perf-2.6.32-573.59.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-573.59.1.el6.i686.rpm

ppc64:
kernel-debug-debuginfo-2.6.32-573.59.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-573.59.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-573.59.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-573.59.1.el6.ppc64.rpm
python-perf-2.6.32-573.59.1.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-573.59.1.el6.ppc64.rpm

s390x:
kernel-debug-debuginfo-2.6.32-573.59.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-573.59.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-573.59.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-573.59.1.el6.s390x.rpm
perf-debuginfo-2.6.32-573.59.1.el6.s390x.rpm
python-perf-2.6.32-573.59.1.el6.s390x.rpm
python-perf-debuginfo-2.6.32-573.59.1.el6.s390x.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-573.59.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-573.59.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-573.59.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-573.59.1.el6.x86_64.rpm
python-perf-2.6.32-573.59.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-573.59.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd
https://access.redhat.com/articles/3483021

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWx/QBtzjgjWX9erEAQhmwQ//dQMUP1jXr6ARjEFpemgLeegYDzDihb1J
jut1onV9aI62/GNCB9mSaANCPjxZqhuO8j0mqnmj1Yl86hSDtPuJrCW+1FOwjnMW
CRGtoLpsFKpWbs8tjFj30Xw98logjOkFOkvp5fHq7deKyzB4lUoMglQrk4fH2eoC
bqWQDupC8BiFTJjQfHajwZ3AmSghdUDnZlx5DsZfODnloSe7FYDquMESYsqTbHQs
Wr8Ci+kYhPTkMgNsTsptNJJVASRbWR+z+A3le1PXq6K2Si2YEvzEUY/Wq7TMie4O
hXMCCXL9AfRZpqUrlgqRa3CZG14N6FsBPraXDPdh56osTpZeuFqDEk8jEEJk/pE9
vuSoDo98ve28uxTKcLCGieXT2NT0N7h0drzubODgj6kUh4saSXLLXEJaixawN9Lx
p2WXfx3jWfp8QScIHGX4Zma8B7JDnxx44sjFukRY8SGZcdM0MQemMWcU/iZLvWbF
f8TuledEa5Nt/js/aLKhyLpTnvsE4E5qkb48YmSwlFFYdiplJk1GHrciUGlSAQpu
kmx06QpvsgvwMzqZHYm/Ow/lIF1JQOQMfI40hOP/dbcOfJORGiOQr9SAESyrAmtQ
LTQEJ4Liy7bYRI2ILmIQgVYOqxEnrwxgF6zEhBG1Yj5fRTKBA+hDRt+nkbI/ZnAX
xNFnZk5SX/o=
=tcIy
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F148244)

Red Hat Security Advisory 2018-1854-01 (PacketStormID:F148244)
2018-06-19 00:00:00
Red Hat  
advisory,denial of service,kernel,vulnerability
linux,redhat
CVE-2012-6701,CVE-2015-8830,CVE-2016-8650,CVE-2017-12190,CVE-2017-15121,CVE-2017-18203,CVE-2017-2671,CVE-2017-6001,CVE-2017-7308,CVE-2017-7616,CVE-2017-7889,CVE-2017-8890,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2018-1130,CVE-2018-3639,CVE-2018-5803
[点击下载]

Red Hat Security Advisory 2018-1854-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, denial of service, and null pointer vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2018:1854-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1854
Issue date:        2018-06-19
CVE Names:         CVE-2012-6701 CVE-2015-8830 CVE-2016-8650 
                   CVE-2017-2671 CVE-2017-6001 CVE-2017-7308 
                   CVE-2017-7616 CVE-2017-7889 CVE-2017-8890 
                   CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 
                   CVE-2017-12190 CVE-2017-15121 CVE-2017-18203 
                   CVE-2018-1130 CVE-2018-3639 CVE-2018-5803 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639, PowerPC)

* kernel: net/packet: overflow in check for priv area size (CVE-2017-7308)

* kernel: AIO interface didn't use rw_verify_area() for checking mandatory
locking on files and size of access (CVE-2012-6701)

* kernel: AIO write triggers integer overflow in some protocols
(CVE-2015-8830)

* kernel: Null pointer dereference via keyctl (CVE-2016-8650)

* kernel: ping socket / AF_LLC connect() sin_family race (CVE-2017-2671)

* kernel: Race condition between multiple sys_perf_event_open() calls
(CVE-2017-6001)

* kernel: Incorrect error handling in the set_mempolicy and mbind compat
syscalls in mm/mempolicy.c (CVE-2017-7616)

* kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM
protection mechanism (CVE-2017-7889)

* kernel: Double free in the inet_csk_clone_lock function in
net/ipv4/inet_connection_sock.c (CVE-2017-8890)

* kernel: net: sctp_v6_create_accept_sk function mishandles inheritance
(CVE-2017-9075)

* kernel: net: IPv6 DCCP implementation mishandles inheritance
(CVE-2017-9076)

* kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance
(CVE-2017-9077)

* kernel: memory leak when merging buffers in SCSI IO vectors
(CVE-2017-12190)

* kernel: vfs: BUG in truncate_inode_pages_range() and fuse client
(CVE-2017-15121)

* kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows
local users to cause a denial of service (CVE-2017-18203)

* kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit()
leads to a system crash (CVE-2018-1130)

* kernel: Missing length check of payload in
net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of
service (CVE-2018-5803)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639;
Vitaly Mayatskih for reporting CVE-2017-12190; and Evgenii Shatokhin
(Virtuozzo Team) for reporting CVE-2018-1130. The CVE-2017-15121 issue was
discovered by Miklos Szeredi (Red Hat).

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10
Technical Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

869942 - Kernel crashes on reading an ACL containing 190 ACEs over NFSv4
1314275 - CVE-2015-8830 kernel: AIO write triggers integer overflow in some protocols
1314288 - CVE-2012-6701 kernel: AIO interface didn't use rw_verify_area() for checking mandatory locking on files and size of access
1395187 - CVE-2016-8650 kernel: Null pointer dereference via keyctl
1422825 - CVE-2017-6001 kernel: Race condition between multiple sys_perf_event_open() calls
1436649 - CVE-2017-2671 kernel: ping socket / AF_LLC connect() sin_family race
1437404 - CVE-2017-7308 kernel: net/packet: overflow in check for priv area size
1441088 - CVE-2017-7616 kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c
1444493 - CVE-2017-7889 kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism
1448170 - RHEL6.9: sunrpc reconnect logic now may trigger a SYN storm when a TCP connection drops and a burst of RPC commands hit the transport
1450972 - CVE-2017-8890 kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c
1452688 - CVE-2017-9076 kernel: net: IPv6 DCCP implementation mishandles inheritance
1452691 - CVE-2017-9075 kernel: net: sctp_v6_create_accept_sk function mishandles inheritance
1452744 - CVE-2017-9077 kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance
1495089 - CVE-2017-12190 kernel: memory leak when merging buffers in SCSI IO vectors
1497152 - systool causes panic on 2.6.32-696.6.3.el6.x86_64 using be2iscsi
1520893 - CVE-2017-15121 kernel: vfs: BUG in truncate_inode_pages_range() and fuse client
1550811 - CVE-2017-18203 kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service
1551051 - CVE-2018-5803 kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service
1560494 - i686: Using invpcid_flush_all_nonglobals() can cause user-space panic on .i686
1566890 - CVE-2018-3639 hw: cpu: speculative store bypass
1576419 - CVE-2018-1130 kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
kernel-2.6.32-754.el6.src.rpm

i386:
kernel-2.6.32-754.el6.i686.rpm
kernel-debug-2.6.32-754.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debug-devel-2.6.32-754.el6.i686.rpm
kernel-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
kernel-devel-2.6.32-754.el6.i686.rpm
kernel-headers-2.6.32-754.el6.i686.rpm
perf-2.6.32-754.el6.i686.rpm
perf-debuginfo-2.6.32-754.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-754.el6.noarch.rpm
kernel-doc-2.6.32-754.el6.noarch.rpm
kernel-firmware-2.6.32-754.el6.noarch.rpm

x86_64:
kernel-2.6.32-754.el6.x86_64.rpm
kernel-debug-2.6.32-754.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.el6.i686.rpm
kernel-debug-devel-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.el6.x86_64.rpm
kernel-devel-2.6.32-754.el6.x86_64.rpm
kernel-headers-2.6.32-754.el6.x86_64.rpm
perf-2.6.32-754.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.el6.i686.rpm
perf-debuginfo-2.6.32-754.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
perf-debuginfo-2.6.32-754.el6.i686.rpm
python-perf-2.6.32-754.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.el6.x86_64.rpm
python-perf-2.6.32-754.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
kernel-2.6.32-754.el6.src.rpm

noarch:
kernel-abi-whitelists-2.6.32-754.el6.noarch.rpm
kernel-doc-2.6.32-754.el6.noarch.rpm
kernel-firmware-2.6.32-754.el6.noarch.rpm

x86_64:
kernel-2.6.32-754.el6.x86_64.rpm
kernel-debug-2.6.32-754.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.el6.i686.rpm
kernel-debug-devel-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.el6.x86_64.rpm
kernel-devel-2.6.32-754.el6.x86_64.rpm
kernel-headers-2.6.32-754.el6.x86_64.rpm
perf-2.6.32-754.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.el6.i686.rpm
perf-debuginfo-2.6.32-754.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
kernel-debug-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.el6.x86_64.rpm
python-perf-2.6.32-754.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
kernel-2.6.32-754.el6.src.rpm

i386:
kernel-2.6.32-754.el6.i686.rpm
kernel-debug-2.6.32-754.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debug-devel-2.6.32-754.el6.i686.rpm
kernel-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
kernel-devel-2.6.32-754.el6.i686.rpm
kernel-headers-2.6.32-754.el6.i686.rpm
perf-2.6.32-754.el6.i686.rpm
perf-debuginfo-2.6.32-754.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-754.el6.noarch.rpm
kernel-doc-2.6.32-754.el6.noarch.rpm
kernel-firmware-2.6.32-754.el6.noarch.rpm

ppc64:
kernel-2.6.32-754.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-754.el6.ppc64.rpm
kernel-debug-2.6.32-754.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-754.el6.ppc64.rpm
kernel-debug-devel-2.6.32-754.el6.ppc64.rpm
kernel-debuginfo-2.6.32-754.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-754.el6.ppc64.rpm
kernel-devel-2.6.32-754.el6.ppc64.rpm
kernel-headers-2.6.32-754.el6.ppc64.rpm
perf-2.6.32-754.el6.ppc64.rpm
perf-debuginfo-2.6.32-754.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-754.el6.ppc64.rpm

s390x:
kernel-2.6.32-754.el6.s390x.rpm
kernel-debug-2.6.32-754.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-754.el6.s390x.rpm
kernel-debug-devel-2.6.32-754.el6.s390x.rpm
kernel-debuginfo-2.6.32-754.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-754.el6.s390x.rpm
kernel-devel-2.6.32-754.el6.s390x.rpm
kernel-headers-2.6.32-754.el6.s390x.rpm
kernel-kdump-2.6.32-754.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-754.el6.s390x.rpm
kernel-kdump-devel-2.6.32-754.el6.s390x.rpm
perf-2.6.32-754.el6.s390x.rpm
perf-debuginfo-2.6.32-754.el6.s390x.rpm
python-perf-debuginfo-2.6.32-754.el6.s390x.rpm

x86_64:
kernel-2.6.32-754.el6.x86_64.rpm
kernel-debug-2.6.32-754.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.el6.i686.rpm
kernel-debug-devel-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.el6.x86_64.rpm
kernel-devel-2.6.32-754.el6.x86_64.rpm
kernel-headers-2.6.32-754.el6.x86_64.rpm
perf-2.6.32-754.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.el6.i686.rpm
perf-debuginfo-2.6.32-754.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
perf-debuginfo-2.6.32-754.el6.i686.rpm
python-perf-2.6.32-754.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.el6.i686.rpm

ppc64:
kernel-debug-debuginfo-2.6.32-754.el6.ppc64.rpm
kernel-debuginfo-2.6.32-754.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-754.el6.ppc64.rpm
perf-debuginfo-2.6.32-754.el6.ppc64.rpm
python-perf-2.6.32-754.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-754.el6.ppc64.rpm

s390x:
kernel-debug-debuginfo-2.6.32-754.el6.s390x.rpm
kernel-debuginfo-2.6.32-754.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-754.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-754.el6.s390x.rpm
perf-debuginfo-2.6.32-754.el6.s390x.rpm
python-perf-2.6.32-754.el6.s390x.rpm
python-perf-debuginfo-2.6.32-754.el6.s390x.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.el6.x86_64.rpm
python-perf-2.6.32-754.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
kernel-2.6.32-754.el6.src.rpm

i386:
kernel-2.6.32-754.el6.i686.rpm
kernel-debug-2.6.32-754.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debug-devel-2.6.32-754.el6.i686.rpm
kernel-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
kernel-devel-2.6.32-754.el6.i686.rpm
kernel-headers-2.6.32-754.el6.i686.rpm
perf-2.6.32-754.el6.i686.rpm
perf-debuginfo-2.6.32-754.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-754.el6.noarch.rpm
kernel-doc-2.6.32-754.el6.noarch.rpm
kernel-firmware-2.6.32-754.el6.noarch.rpm

x86_64:
kernel-2.6.32-754.el6.x86_64.rpm
kernel-debug-2.6.32-754.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.el6.i686.rpm
kernel-debug-devel-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.el6.x86_64.rpm
kernel-devel-2.6.32-754.el6.x86_64.rpm
kernel-headers-2.6.32-754.el6.x86_64.rpm
perf-2.6.32-754.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.el6.i686.rpm
perf-debuginfo-2.6.32-754.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-2.6.32-754.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.el6.i686.rpm
perf-debuginfo-2.6.32-754.el6.i686.rpm
python-perf-2.6.32-754.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.el6.x86_64.rpm
python-perf-2.6.32-754.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2012-6701
https://access.redhat.com/security/cve/CVE-2015-8830
https://access.redhat.com/security/cve/CVE-2016-8650
https://access.redhat.com/security/cve/CVE-2017-2671
https://access.redhat.com/security/cve/CVE-2017-6001
https://access.redhat.com/security/cve/CVE-2017-7308
https://access.redhat.com/security/cve/CVE-2017-7616
https://access.redhat.com/security/cve/CVE-2017-7889
https://access.redhat.com/security/cve/CVE-2017-8890
https://access.redhat.com/security/cve/CVE-2017-9075
https://access.redhat.com/security/cve/CVE-2017-9076
https://access.redhat.com/security/cve/CVE-2017-9077
https://access.redhat.com/security/cve/CVE-2017-12190
https://access.redhat.com/security/cve/CVE-2017-15121
https://access.redhat.com/security/cve/CVE-2017-18203
https://access.redhat.com/security/cve/CVE-2018-1130
https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/cve/CVE-2018-5803
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd
https://access.redhat.com/documentation/en-US/red_hat_enterprise_linux/6/html/6.10_release_notes/index.html
https://access.redhat.com/documentation/en-US/red_hat_enterprise_linux/6/html/6.10_technical_notes/index.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWyiNN9zjgjWX9erEAQgn7g/8DeDvxkh3SCpVN2ma5SLYXBnG5pss2Qp7
P5a5zLae8g0OjnZMg2LoCC+Qk0Fe4mpXKB3Wu4yZmRNs7Y5WRWa4imP7ZYvLiSKa
KMXLcJhZBMN16ICFw2YX9rN3+wnRC94XY9cW5x0x2uJXoBOMb0MvccLE9z5DIZ7s
KI03p2JEHLMt60oZVK6Vdcs+RbfoKLgh3Z2C2ryybjl3LGO+YcqCLvDgsvXnOJl8
TBZRBBd/X6V3xld3x0N3qgPOc4uRXQuqH/QmELZAhcc0MdyhTDQV6JZsYBMV2w5n
T0lo71xuPJxLZvMt8UXkQwsCWIuFMQk8uyV6mV+peXxUS0y2LUY2uwWs1AXWOUxx
FfYm0jAsZW8kTLZfag9w2zWREib8bs0sx44Etz0HBs+dMHLZc7j6PvTk3zyFijSC
qqk+AFGnvM76cQmP8m/SxzEr0YV5FH1wp0eJ/mdn4tl42OBu7Zu7joTI04n6DFsg
1tP5a+46eb8bFLI3FjvoN/Z3Qyaln27tVhFpTY88f3lonDDlFo8BkWNG038JxGRk
R6Wjln6724pFfBT9vj+/RQFpSptFKXL3h4Fd/x+XNTFbx1dqpnVaVsstRDxOaqPO
ugnRxLgzybXC1UQO0ExMu85jUM3QYLKFSv/G1dHhSsbfbOfnfbPaazpoAvClfWw5
FIbNr61v/A8=
=BnkQ
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F148330)

Red Hat Security Advisory 2018-2060-01 (PacketStormID:F148330)
2018-06-27 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-2060-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm-rhev security and bug fix update
Advisory ID:       RHSA-2018:2060-01
Product:           Red Hat Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2060
Issue date:        2018-06-27
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4
for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - ppc64le, x86_64

3. Description:

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm-rhev packages provide the
user-space component for running virtual machines that use KVM in
environments managed by Red Hat products.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

Note: This is the qemu-kvm-rhev side of the CVE-2018-3639 mitigation that
includes support for guests running on hosts with AMD processors.

Bug Fix(es):

* Previously, using device passthrough for a SCSI-2 device failed and
returned an "Illegal Request" error. With this update, the QEMU emulator
checks the SCSI version of the device when performing passthrough. As a
result, the described problem no longer occurs. (BZ#1571370)
 
* Under certain circumstances, resuming a paused guest generated redundant
"VIR_DOMAIN_PAUSED_UNKNOWN" error messages in the libvirt log. This update
corrects the event sending order when resuming guests, which prevents the
errors being logged. (BZ#1582122)

Enhancement(s):

* With this update, Ceph storage is supported by KVM virtualization on all
CPU architectures supported by Red Hat. (BZ#1588001)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass
1582122 - IOERROR pause code lost after resuming a VM while I/O error is still present [rhel-7.5.z]
1588001 - Enable Native Ceph support on non x86_64 CPUs [rhel-7.5.z]

6. Package List:

Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:

Source:
qemu-kvm-rhev-2.10.0-21.el7_5.4.src.rpm

ppc64le:
qemu-img-rhev-2.10.0-21.el7_5.4.ppc64le.rpm
qemu-kvm-common-rhev-2.10.0-21.el7_5.4.ppc64le.rpm
qemu-kvm-rhev-2.10.0-21.el7_5.4.ppc64le.rpm
qemu-kvm-rhev-debuginfo-2.10.0-21.el7_5.4.ppc64le.rpm
qemu-kvm-tools-rhev-2.10.0-21.el7_5.4.ppc64le.rpm

x86_64:
qemu-img-rhev-2.10.0-21.el7_5.4.x86_64.rpm
qemu-kvm-common-rhev-2.10.0-21.el7_5.4.x86_64.rpm
qemu-kvm-rhev-2.10.0-21.el7_5.4.x86_64.rpm
qemu-kvm-rhev-debuginfo-2.10.0-21.el7_5.4.x86_64.rpm
qemu-kvm-tools-rhev-2.10.0-21.el7_5.4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWzNJ5NzjgjWX9erEAQjrDxAAgl9TDLczqj3gNufo9hUa9Q2joO0trbYu
CqODofeadYq5zSzdi5dKpDfrQKXTdmZHGTk1pkL+BtkCA/cT6ehL2FabAUjUj3kX
OcLgaDakYdKJ9kmBy2tZcDj5Jy71l5pCCSoGlHxJmOET3i8+oRMvVjl/22M8kjcV
ImdirdJJGUr4M08JgzfafCf/46Lzns1SZZUoPS3CSTqOyQ4r6xDM6Q4yIHmnKZ1C
X2JDXYgUun858XjzRyWhQdqjm/N4d3a2v29rbA1DjVUcWyAfuMwjYpDhBa4lnK3T
977Bj7AyDLAv3MzWe6fSMqovpwOIEgYHCLPNRPqaxd5q8jtS70h0rTnBZkKH18iO
qJGfuIb9Jn6bG7mNj3c8DjiGdUknFlkrzNRLgv4nwffgxxRksWnIptKtj9flahlr
g5fgKk342a/5yj+LFmiUQzhg8Xcg73SBFY06TIaGxvmzfdFXHmmQIfFNLxasUvtG
QDEQ1mYqSrlqSN4dbkdsG7sZtpPtZDfhauQ4lot4+cEVZFjy+kcT8BGwB+REyivl
dor+BVUcjqs9EnumWX5Q1UQtJO3r29MLmgflLalOaTsYe/apCu2DP/cKmXdPbsQV
6CRg9xsYRqqXhZ7/LhIeHVhrdQpSjekrb2+sjVhGC7Sy7jtQtuHcS0kG0Xb+eOWl
/YDdPzlYngY=
=PDKP
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F148324)

Red Hat Security Advisory 2018-2001-01 (PacketStormID:F148324)
2018-06-26 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-2001-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: qemu-kvm security update
Advisory ID:       RHSA-2018:2001-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2001
Issue date:        2018-06-26
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation that
includes support for guests running on hosts with AMD processors.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
qemu-kvm-1.5.3-156.el7_5.3.src.rpm

x86_64:
qemu-img-1.5.3-156.el7_5.3.x86_64.rpm
qemu-kvm-1.5.3-156.el7_5.3.x86_64.rpm
qemu-kvm-common-1.5.3-156.el7_5.3.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-156.el7_5.3.x86_64.rpm
qemu-kvm-tools-1.5.3-156.el7_5.3.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:
qemu-kvm-1.5.3-156.el7_5.3.src.rpm

x86_64:
qemu-img-1.5.3-156.el7_5.3.x86_64.rpm
qemu-kvm-1.5.3-156.el7_5.3.x86_64.rpm
qemu-kvm-common-1.5.3-156.el7_5.3.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-156.el7_5.3.x86_64.rpm
qemu-kvm-tools-1.5.3-156.el7_5.3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
qemu-kvm-1.5.3-156.el7_5.3.src.rpm

x86_64:
qemu-img-1.5.3-156.el7_5.3.x86_64.rpm
qemu-kvm-1.5.3-156.el7_5.3.x86_64.rpm
qemu-kvm-common-1.5.3-156.el7_5.3.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-156.el7_5.3.x86_64.rpm
qemu-kvm-tools-1.5.3-156.el7_5.3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
qemu-kvm-1.5.3-156.el7_5.3.src.rpm

x86_64:
qemu-img-1.5.3-156.el7_5.3.x86_64.rpm
qemu-kvm-1.5.3-156.el7_5.3.x86_64.rpm
qemu-kvm-common-1.5.3-156.el7_5.3.x86_64.rpm
qemu-kvm-debuginfo-1.5.3-156.el7_5.3.x86_64.rpm
qemu-kvm-tools-1.5.3-156.el7_5.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWzJvV9zjgjWX9erEAQguxA/8CLvO8TNCYe6rUjfEKSA6mWcdNpPS0WtB
P7UpHOP2Al9iBrTtAlJsfwSUL9kwd9e4+EgJQHxVB5b0z+WmfzdKr967qe7slIk5
vBhqodHygs/xtzOxxfVbvbYWLeszFkqbiCVEF4xHG4sQXA3xqBs3+8Hq1ME7ywt1
Bk/a4s9apn/iFtL539PkirUZBcpZe6zkoK7RbRSwLfStNk5Ol95wOPYALHez4k2N
ZEykbuMIAIjHz79/R4G9rMjSudQ8y04zKwbX3/9GeyvnMZrs82AHEHGz7UUWV0Xz
jKvf7hotzFYFfE+YSU+ruS/cXtUh1+KKkRRQTaNb3Vg0Eo+LAxOyVLGo7RWhJr8k
BgKs5iMWDQa6qSo+TMRjhCUawlUYvH6HeHLWhU/rFwbe181yg0NsY+sUHCvjSATP
7ZxG+7oMCh0sfmKv+hwoAb7YKhqpZ3qoXEocMDLhu1+kouymMbPaFGPsmoaZylLk
OtVfNQHBj5HqBilCmfb72Ht9fA4wXyG+U8aLFA8xbo5tRXKy2W9b5G/hwV8p1N9a
BP8VNiUGfW9yqe7KL5C6hN3DxtZ1l2+53ubznngzI8ZiWtM+tJ0jdIatKqGQWgeI
w1baJ13s6ZCAO81N/Zlz5t7gu1wgwlAwiMUw5O8GyIPKcFNt0w8vGs2Ak4gu9zeS
6dT6imDkvro=
=Fqij
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F148323)

Red Hat Security Advisory 2018-1997-01 (PacketStormID:F148323)
2018-06-26 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1997-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: libvirt security and bug fix update
Advisory ID:       RHSA-2018:1997-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1997
Issue date:        2018-06-26
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for libvirt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x

3. Description:

The libvirt library contains a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the libvirt side of the CVE-2018-3639 mitigation that
includes support for guests running on hosts with AMD processors.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

Bug Fix(es):

* Previously, the virtlogd service logged redundant AVC denial errors when
a guest virtual machine was started. With this update, the virtlogd service
no longer attempts to send shutdown inhibition calls to systemd, which
prevents the described errors from occurring. (BZ#1573268)

* Prior to this update, guest virtual machine actions that use a python
library in some cases failed and "Hash operation not allowed during
iteration" error messages were logged. Several redundant thread access
checks have been removed, and the problem no longer occurs. (BZ#1581364)

* The "virsh capabilities" command previously displayed an inaccurate
number of 4 KiB memory pages on systems with very large amounts of memory.
This update optimizes the memory diagnostic mechanism to ensure memory page
numbers are displayed correctly on such systems. (BZ#1582418)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, libvirtd will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass
1573268 - Got lots OVS daemon ERRs while starting a OVS-dpdk guest [rhel-7.5.z]
1581364 - Hash operation not allowed during iteration [rhel-7.5.z]
1582418 - virsh capabilities reports invalid values for 4K pages [rhel-7.5.z]

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
libvirt-3.9.0-14.el7_5.6.src.rpm

x86_64:
libvirt-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-client-3.9.0-14.el7_5.6.i686.rpm
libvirt-client-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-config-network-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-interface-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-network-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-secret-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-kvm-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.i686.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-libs-3.9.0-14.el7_5.6.i686.rpm
libvirt-libs-3.9.0-14.el7_5.6.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
libvirt-admin-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-lxc-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.i686.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-devel-3.9.0-14.el7_5.6.i686.rpm
libvirt-devel-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-docs-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-lock-sanlock-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-login-shell-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-nss-3.9.0-14.el7_5.6.i686.rpm
libvirt-nss-3.9.0-14.el7_5.6.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
libvirt-3.9.0-14.el7_5.6.src.rpm

x86_64:
libvirt-client-3.9.0-14.el7_5.6.i686.rpm
libvirt-client-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.i686.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-libs-3.9.0-14.el7_5.6.i686.rpm
libvirt-libs-3.9.0-14.el7_5.6.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
libvirt-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-admin-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-config-network-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-interface-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-network-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-secret-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-kvm-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-lxc-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.i686.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-devel-3.9.0-14.el7_5.6.i686.rpm
libvirt-devel-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-docs-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-lock-sanlock-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-login-shell-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-nss-3.9.0-14.el7_5.6.i686.rpm
libvirt-nss-3.9.0-14.el7_5.6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
libvirt-3.9.0-14.el7_5.6.src.rpm

ppc64:
libvirt-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-client-3.9.0-14.el7_5.6.ppc.rpm
libvirt-client-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-daemon-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-daemon-config-network-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-daemon-driver-interface-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-daemon-driver-network-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-daemon-driver-secret-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-daemon-driver-storage-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.ppc.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-devel-3.9.0-14.el7_5.6.ppc.rpm
libvirt-devel-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-docs-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-libs-3.9.0-14.el7_5.6.ppc.rpm
libvirt-libs-3.9.0-14.el7_5.6.ppc64.rpm

ppc64le:
libvirt-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-client-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-config-network-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-interface-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-network-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-secret-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-storage-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-kvm-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-devel-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-docs-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-libs-3.9.0-14.el7_5.6.ppc64le.rpm

s390x:
libvirt-3.9.0-14.el7_5.6.s390x.rpm
libvirt-client-3.9.0-14.el7_5.6.s390.rpm
libvirt-client-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-config-network-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-interface-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-network-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-secret-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-storage-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-kvm-3.9.0-14.el7_5.6.s390x.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.s390.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.s390x.rpm
libvirt-devel-3.9.0-14.el7_5.6.s390.rpm
libvirt-devel-3.9.0-14.el7_5.6.s390x.rpm
libvirt-docs-3.9.0-14.el7_5.6.s390x.rpm
libvirt-libs-3.9.0-14.el7_5.6.s390.rpm
libvirt-libs-3.9.0-14.el7_5.6.s390x.rpm

x86_64:
libvirt-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-client-3.9.0-14.el7_5.6.i686.rpm
libvirt-client-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-config-network-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-interface-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-network-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-secret-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-kvm-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.i686.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-devel-3.9.0-14.el7_5.6.i686.rpm
libvirt-devel-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-docs-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-libs-3.9.0-14.el7_5.6.i686.rpm
libvirt-libs-3.9.0-14.el7_5.6.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source:
libvirt-3.9.0-14.el7_5.6.src.rpm

ppc64le:
libvirt-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-client-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-config-network-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-interface-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-network-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-secret-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-storage-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-kvm-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-devel-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-docs-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-libs-3.9.0-14.el7_5.6.ppc64le.rpm

s390x:
libvirt-3.9.0-14.el7_5.6.s390x.rpm
libvirt-client-3.9.0-14.el7_5.6.s390.rpm
libvirt-client-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-config-network-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-interface-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-network-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-secret-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-storage-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-kvm-3.9.0-14.el7_5.6.s390x.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.s390.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.s390x.rpm
libvirt-devel-3.9.0-14.el7_5.6.s390.rpm
libvirt-devel-3.9.0-14.el7_5.6.s390x.rpm
libvirt-docs-3.9.0-14.el7_5.6.s390x.rpm
libvirt-libs-3.9.0-14.el7_5.6.s390.rpm
libvirt-libs-3.9.0-14.el7_5.6.s390x.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
libvirt-admin-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-daemon-lxc-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.ppc.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-lock-sanlock-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-login-shell-3.9.0-14.el7_5.6.ppc64.rpm
libvirt-nss-3.9.0-14.el7_5.6.ppc.rpm
libvirt-nss-3.9.0-14.el7_5.6.ppc64.rpm

ppc64le:
libvirt-admin-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-lxc-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-lock-sanlock-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-login-shell-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-nss-3.9.0-14.el7_5.6.ppc64le.rpm

s390x:
libvirt-admin-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-lxc-3.9.0-14.el7_5.6.s390x.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.s390.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.s390x.rpm
libvirt-lock-sanlock-3.9.0-14.el7_5.6.s390x.rpm
libvirt-login-shell-3.9.0-14.el7_5.6.s390x.rpm
libvirt-nss-3.9.0-14.el7_5.6.s390.rpm
libvirt-nss-3.9.0-14.el7_5.6.s390x.rpm

x86_64:
libvirt-admin-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-lxc-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.i686.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-lock-sanlock-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-login-shell-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-nss-3.9.0-14.el7_5.6.i686.rpm
libvirt-nss-3.9.0-14.el7_5.6.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

Source:
libvirt-3.9.0-14.el7_5.6.src.rpm

aarch64:
libvirt-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-admin-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-client-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-daemon-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-daemon-config-network-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-daemon-driver-interface-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-daemon-driver-network-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-daemon-driver-secret-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-daemon-driver-storage-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-daemon-kvm-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-daemon-lxc-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-devel-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-docs-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-libs-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-lock-sanlock-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-login-shell-3.9.0-14.el7_5.6.aarch64.rpm
libvirt-nss-3.9.0-14.el7_5.6.aarch64.rpm

ppc64le:
libvirt-admin-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-daemon-lxc-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-lock-sanlock-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-login-shell-3.9.0-14.el7_5.6.ppc64le.rpm
libvirt-nss-3.9.0-14.el7_5.6.ppc64le.rpm

s390x:
libvirt-admin-3.9.0-14.el7_5.6.s390x.rpm
libvirt-daemon-lxc-3.9.0-14.el7_5.6.s390x.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.s390.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.s390x.rpm
libvirt-lock-sanlock-3.9.0-14.el7_5.6.s390x.rpm
libvirt-login-shell-3.9.0-14.el7_5.6.s390x.rpm
libvirt-nss-3.9.0-14.el7_5.6.s390.rpm
libvirt-nss-3.9.0-14.el7_5.6.s390x.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
libvirt-3.9.0-14.el7_5.6.src.rpm

x86_64:
libvirt-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-client-3.9.0-14.el7_5.6.i686.rpm
libvirt-client-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-config-network-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-interface-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-network-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-secret-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-kvm-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.i686.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-devel-3.9.0-14.el7_5.6.i686.rpm
libvirt-devel-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-docs-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-libs-3.9.0-14.el7_5.6.i686.rpm
libvirt-libs-3.9.0-14.el7_5.6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
libvirt-admin-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-daemon-lxc-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.i686.rpm
libvirt-debuginfo-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-lock-sanlock-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-login-shell-3.9.0-14.el7_5.6.x86_64.rpm
libvirt-nss-3.9.0-14.el7_5.6.i686.rpm
libvirt-nss-3.9.0-14.el7_5.6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWzJvUNzjgjWX9erEAQhM7Q//dJJlEn74Ogpv7vEy8qRfpLL5GaV2zei9
bJqJG8snN3JXlW8a1oZAl2XEclyXu4w0b8zfDrpVjimhwgQU5cSbWcd9g24S65mq
fLFfmZQH5og5ooTxXWzaAaDhF0fLwFUHCX2H38PfaLuDPjRsqLZpKcsRNyKT391o
p2OCI/JR3A+1oVVU+L16B3jSb7x7BnhqfOUD6gXusIfe5ofSB4xevZ5LEwC0+c1c
Zb8ntSJBGB7XJ03I+5+7F40J6K6bEYJ1TiI8tEFU/iZ9tq/y7AgoWT5+1daMZ06s
cMKsBJ8hHgGU5tKJBtegZGsYgAQUBoA9pV1WxUkth+/STFfdp84EiOanisp3DROE
Rz52wQ8UON44mgMmR5v4UpN3ZYunIkOQzU2CIIXRgmYeZgJ9uo7CKs7QkebPE4MP
zrYrVy/k+2+bC9sL2PiCD+LAHZY3ZJQaBBHuDpqM8w+Vxwy7I1jgcLvM8rMaqDfi
qnbMP314OiTC7YQAX//WkyHbnrPNoxAwRDZ85vNCUDX9WyAVIYHOn9LHNJNcskif
Xy9Zu83+yVqTsMZwddAQynCdIpmaYIJNnEKCDm5sRU0pmfcfMzcP28tITPDEBl/p
e+XFQrJzDiSSF4nCL9BKULZjODQOs+t0/ING1sJ1zX2lZ+2sQh77dfWFYB5+cG3v
RpvefCAYCMU=
=b59R
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F148322)

Red Hat Security Advisory 2018-1965-01 (PacketStormID:F148322)
2018-06-26 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2017-11600,CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1965-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2018:1965-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1965
Issue date:        2018-06-26
CVE Names:         CVE-2017-11600 CVE-2018-3639 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch, ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - noarch, ppc64le

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639, PowerPC, x86 AMD)

* kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message
(CVE-2017-11600)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639.

Bug Fix(es):

These updated kernel packages include also numerous bug fixes. Space
precludes documenting all of the bug fixes in this advisory. See the
descriptions in the related Knowledge Article:
https://access.redhat.com/articles/3485871

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1474928 - CVE-2017-11600 kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message
1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
kernel-3.10.0-862.6.3.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-862.6.3.el7.noarch.rpm
kernel-doc-3.10.0-862.6.3.el7.noarch.rpm

x86_64:
kernel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm
kernel-devel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-headers-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.6.3.el7.x86_64.rpm
perf-3.10.0-862.6.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.6.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
kernel-3.10.0-862.6.3.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-862.6.3.el7.noarch.rpm
kernel-doc-3.10.0-862.6.3.el7.noarch.rpm

x86_64:
kernel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm
kernel-devel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-headers-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.6.3.el7.x86_64.rpm
perf-3.10.0-862.6.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.6.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
kernel-3.10.0-862.6.3.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-862.6.3.el7.noarch.rpm
kernel-doc-3.10.0-862.6.3.el7.noarch.rpm

ppc64:
kernel-3.10.0-862.6.3.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-862.6.3.el7.ppc64.rpm
kernel-debug-3.10.0-862.6.3.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm
kernel-debug-devel-3.10.0-862.6.3.el7.ppc64.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-862.6.3.el7.ppc64.rpm
kernel-devel-3.10.0-862.6.3.el7.ppc64.rpm
kernel-headers-3.10.0-862.6.3.el7.ppc64.rpm
kernel-tools-3.10.0-862.6.3.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm
kernel-tools-libs-3.10.0-862.6.3.el7.ppc64.rpm
perf-3.10.0-862.6.3.el7.ppc64.rpm
perf-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm
python-perf-3.10.0-862.6.3.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm

ppc64le:
kernel-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debug-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-devel-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-headers-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-tools-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-862.6.3.el7.ppc64le.rpm
perf-3.10.0-862.6.3.el7.ppc64le.rpm
perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
python-perf-3.10.0-862.6.3.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm

s390x:
kernel-3.10.0-862.6.3.el7.s390x.rpm
kernel-debug-3.10.0-862.6.3.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-862.6.3.el7.s390x.rpm
kernel-debug-devel-3.10.0-862.6.3.el7.s390x.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-862.6.3.el7.s390x.rpm
kernel-devel-3.10.0-862.6.3.el7.s390x.rpm
kernel-headers-3.10.0-862.6.3.el7.s390x.rpm
kernel-kdump-3.10.0-862.6.3.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-862.6.3.el7.s390x.rpm
kernel-kdump-devel-3.10.0-862.6.3.el7.s390x.rpm
perf-3.10.0-862.6.3.el7.s390x.rpm
perf-debuginfo-3.10.0-862.6.3.el7.s390x.rpm
python-perf-3.10.0-862.6.3.el7.s390x.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.s390x.rpm

x86_64:
kernel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm
kernel-devel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-headers-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.6.3.el7.x86_64.rpm
perf-3.10.0-862.6.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

noarch:
kernel-abi-whitelists-3.10.0-862.6.3.el7.noarch.rpm
kernel-doc-3.10.0-862.6.3.el7.noarch.rpm

ppc64le:
kernel-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debug-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-devel-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-headers-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-tools-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-862.6.3.el7.ppc64le.rpm
perf-3.10.0-862.6.3.el7.ppc64le.rpm
perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
python-perf-3.10.0-862.6.3.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm

s390x:
kernel-3.10.0-862.6.3.el7.s390x.rpm
kernel-debug-3.10.0-862.6.3.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-862.6.3.el7.s390x.rpm
kernel-debug-devel-3.10.0-862.6.3.el7.s390x.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-862.6.3.el7.s390x.rpm
kernel-devel-3.10.0-862.6.3.el7.s390x.rpm
kernel-headers-3.10.0-862.6.3.el7.s390x.rpm
kernel-kdump-3.10.0-862.6.3.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-862.6.3.el7.s390x.rpm
kernel-kdump-devel-3.10.0-862.6.3.el7.s390x.rpm
perf-3.10.0-862.6.3.el7.s390x.rpm
perf-debuginfo-3.10.0-862.6.3.el7.s390x.rpm
python-perf-3.10.0-862.6.3.el7.s390x.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.s390x.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
kernel-debug-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-862.6.3.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-862.6.3.el7.ppc64.rpm
perf-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.ppc64.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-862.6.3.el7.ppc64le.rpm
perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.6.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

noarch:
kernel-doc-3.10.0-862.6.3.el7.noarch.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-862.6.3.el7.ppc64le.rpm
perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
kernel-3.10.0-862.6.3.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-862.6.3.el7.noarch.rpm
kernel-doc-3.10.0-862.6.3.el7.noarch.rpm

x86_64:
kernel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm
kernel-devel-3.10.0-862.6.3.el7.x86_64.rpm
kernel-headers-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.6.3.el7.x86_64.rpm
perf-3.10.0-862.6.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.6.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.6.3.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-11600
https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/articles/3485871

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWzJvQtzjgjWX9erEAQhA1BAAnHot2ERbRC9tVbWzn8egMTLwNGaPfu8b
RhzRg0qgwySJM7JXfEC2fKJYoCaL71ykhGUC98wNc5SJVqkfzMt66pyxrMrK8Ff2
+LJW3BFAbFfzzt/NMRwXM+s2TSNj6BhqWpohgmB83jz3uPzH51QBp2SbumMDwdrj
VN9/rZlA/2rofE/7Lyz2B/Rks5oEvRbW4pf4hDpARDLqD8iU4UhW8QGb4HZfH//X
lvVTnKaMvCN1Jecc0fyp6lE4no2FBMPBlIQvnHcHw4gtjBajN4Ics/nMEXs7Zp2/
+sCtyWuH06G6hiawMHmCaw6QPqIvhJ2zcgzZl+18ITDk3OOlIPhpFJHQ1hjKZR3v
5PqvGyVXuKqzwtRIdTvDNIrI42R31xUiLXSk24scMO8p5IiCrONn2Med4LsOH6k8
9hMyYG+oYo3SKjes8N9Q3Gzf98MR/Kkx/5nRRmLpQEHehhNIgBebhscWdL535Ufk
NJ1a4SHRxCoj3WSpx6XDZ+ZjHHWJVYZ8TnvHY2qrD1r1BCZNXkeBYZ4Fthelu5BS
iGLax+RbZbS0n83AmEV7rq85o1i95fJPYTuZ1xzcx8DxZcgwoc6X8h9doz2Rz9Mq
08nScZYH4g6ruhcvWFYnsxx/hYpWvnnaUlmDGKhoUpd5+hCPP3hTx+GvFKi/IjiD
rcTDRBuyPRI=
=PPUN
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F148321)

Red Hat Security Advisory 2018-2003-01 (PacketStormID:F148321)
2018-06-26 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2017-11600,CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-2003-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update
Advisory ID:       RHSA-2018:2003-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2003
Issue date:        2018-06-26
CVE Names:         CVE-2017-11600 CVE-2018-3639 
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Realtime (v. 7) - noarch, x86_64
Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639, x86 AMD)

* kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message
(CVE-2017-11600)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639.

Bug Fix(es):

* The kernel-rt packages have been upgraded to the 3.10.0-862.6.1 source
tree, which provides a number of bug fixes over the previous version.
(BZ#1576058)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1474928 - CVE-2017-11600 kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message
1566890 - CVE-2018-3639 hw: cpu: speculative store bypass
1576058 - kernel-rt: update to the RHEL7.5.z batch#2 source tree

6. Package List:

Red Hat Enterprise Linux for Real Time for NFV (v. 7):

Source:
kernel-rt-3.10.0-862.6.3.rt56.811.el7.src.rpm

noarch:
kernel-rt-doc-3.10.0-862.6.3.rt56.811.el7.noarch.rpm

x86_64:
kernel-rt-3.10.0-862.6.3.rt56.811.el7.x86_64.rpm
kernel-rt-debug-3.10.0-862.6.3.rt56.811.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-862.6.3.rt56.811.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-862.6.3.rt56.811.el7.x86_64.rpm
kernel-rt-debug-kvm-3.10.0-862.6.3.rt56.811.el7.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-3.10.0-862.6.3.rt56.811.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-862.6.3.rt56.811.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-862.6.3.rt56.811.el7.x86_64.rpm
kernel-rt-devel-3.10.0-862.6.3.rt56.811.el7.x86_64.rpm
kernel-rt-kvm-3.10.0-862.6.3.rt56.811.el7.x86_64.rpm
kernel-rt-kvm-debuginfo-3.10.0-862.6.3.rt56.811.el7.x86_64.rpm
kernel-rt-trace-3.10.0-862.6.3.rt56.811.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-862.6.3.rt56.811.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-862.6.3.rt56.811.el7.x86_64.rpm
kernel-rt-trace-kvm-3.10.0-862.6.3.rt56.811.el7.x86_64.rpm
kernel-rt-trace-kvm-debuginfo-3.10.0-862.6.3.rt56.811.el7.x86_64.rpm

Red Hat Enterprise Linux Realtime (v. 7):

Source:
kernel-rt-3.10.0-862.6.3.rt56.811.el7.src.rpm

noarch:
kernel-rt-doc-3.10.0-862.6.3.rt56.811.el7.noarch.rpm

x86_64:
kernel-rt-3.10.0-862.6.3.rt56.811.el7.x86_64.rpm
kernel-rt-debug-3.10.0-862.6.3.rt56.811.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-862.6.3.rt56.811.el7.x86_64.rpm
kernel-rt-devel-3.10.0-862.6.3.rt56.811.el7.x86_64.rpm
kernel-rt-trace-3.10.0-862.6.3.rt56.811.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-862.6.3.rt56.811.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-11600
https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWzJvN9zjgjWX9erEAQj1zg/+NBTcfiBMzkEhi9u6M8rFZ21j/q+3YlR6
iXBfuaB7Xk8vtxul2WseZ0xGJ2GVfGNK+lq6jGXaqQ/EvrPnlwphCk2A31WtPFV+
0q/R8E7/QeZi4nPgpovyR25xm/Dd+k9dBmL/F2oi3ZAMX1xZcRTCJIX58/heCx0H
VZTSXaKrFX/gFsWd/mn+nLCXFQ950QM3laaz/upRSmJ4IKeokXkDZQnjSjOhm0xS
6RygtBMzP18u313MU0M3y79EE8uB/zLOlhFn7TrfF6h/HK9HVTlL98od43Ykps5y
71tEBmTlwX1ILcA44YV2DuW33DjV6gl0dI2F92Oe6MDNO9TijY8jRnnWYBD9/wxj
+0FL3pbFgESAyJqEL/V6cWIoZu+mpU6ZUU5jAtbSLSL0FTLWkIGm2U2uAlpWZylg
B7EVI99Eyu/lEujqFMLmQJudQnkdUEa7qj9kdckFAgQmh69ceVBY6RagHTulba04
G00ofTkSfYfQ/2D0fYZ1o6m77te+OP7rcnhc36BZTqOKfvzi2cEZ0+n6QJuSmKOq
c3ivCI3IbBIqmERZ6ZX1PLme2WSSxEbn2WoOYm9pM1pO+DgoNwQWM64FLS4lHs0P
o4ETFZPH9REKTi86xM7wS8Cu4mSgsr/2BgDs63Pa0Anv6Fe9uABTuZvHLqYSrDs+
pvmp55X6X8s=
=XsPQ
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F148318)

Red Hat Security Advisory 2018-2006-01 (PacketStormID:F148318)
2018-06-26 00:00:00
Red Hat  
advisory,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-2006-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: libvirt security and bug fix update
Advisory ID:       RHSA-2018:2006-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2006
Issue date:        2018-06-26
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for libvirt is now available for Red Hat Enterprise Linux 7.4
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.4) - x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.4) - ppc64, ppc64le, s390x, x86_64

3. Description:

The libvirt library contains a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the libvirt side of the CVE-2018-3639 mitigation that
includes support for guests running on hosts with AMD CPUs.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

Bug Fix(es):

* The "virsh capabilities" command previously displayed an inaccurate
number of 4 KiB memory pages on systems with very large amounts of memory.
This update optimizes the memory diagnostic mechanism to ensure memory page
numbers are displayed correctly on such systems. (BZ#1582416)

* After starting a large amount of guest virtual machines in a single
session, the libvirtd service in some cases became unable to start any
other guests until it was restarted. This update ensures that libvirtd
properly frees memory used for D-Bus replies, which prevents the described
problem from occurring. (BZ#1588390)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, libvirtd will be restarted
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass
1582416 - virsh capabilities reports invalid values for 4K pages [rhel-7.4.z]

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.4):

Source:
libvirt-3.2.0-14.el7_4.11.src.rpm

x86_64:
libvirt-client-3.2.0-14.el7_4.11.i686.rpm
libvirt-client-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-debuginfo-3.2.0-14.el7_4.11.i686.rpm
libvirt-debuginfo-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-libs-3.2.0-14.el7_4.11.i686.rpm
libvirt-libs-3.2.0-14.el7_4.11.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4):

x86_64:
libvirt-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-admin-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-config-network-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-config-nwfilter-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-interface-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-lxc-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-network-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-nodedev-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-nwfilter-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-qemu-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-secret-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-storage-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-storage-core-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-storage-disk-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-storage-gluster-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-storage-logical-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-storage-mpath-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-storage-rbd-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-storage-scsi-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-kvm-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-lxc-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-debuginfo-3.2.0-14.el7_4.11.i686.rpm
libvirt-debuginfo-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-devel-3.2.0-14.el7_4.11.i686.rpm
libvirt-devel-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-docs-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-lock-sanlock-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-login-shell-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-nss-3.2.0-14.el7_4.11.i686.rpm
libvirt-nss-3.2.0-14.el7_4.11.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.4):

Source:
libvirt-3.2.0-14.el7_4.11.src.rpm

ppc64:
libvirt-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-client-3.2.0-14.el7_4.11.ppc.rpm
libvirt-client-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-daemon-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-daemon-config-network-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-daemon-config-nwfilter-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-daemon-driver-interface-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-daemon-driver-lxc-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-daemon-driver-network-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-daemon-driver-nodedev-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-daemon-driver-nwfilter-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-daemon-driver-qemu-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-daemon-driver-secret-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-daemon-driver-storage-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-daemon-driver-storage-core-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-daemon-driver-storage-disk-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-daemon-driver-storage-iscsi-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-daemon-driver-storage-logical-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-daemon-driver-storage-mpath-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-daemon-driver-storage-scsi-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-debuginfo-3.2.0-14.el7_4.11.ppc.rpm
libvirt-debuginfo-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-devel-3.2.0-14.el7_4.11.ppc.rpm
libvirt-devel-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-docs-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-libs-3.2.0-14.el7_4.11.ppc.rpm
libvirt-libs-3.2.0-14.el7_4.11.ppc64.rpm

ppc64le:
libvirt-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-client-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-daemon-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-daemon-config-network-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-daemon-config-nwfilter-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-daemon-driver-interface-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-daemon-driver-lxc-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-daemon-driver-network-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-daemon-driver-nodedev-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-daemon-driver-nwfilter-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-daemon-driver-qemu-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-daemon-driver-secret-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-daemon-driver-storage-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-daemon-driver-storage-core-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-daemon-driver-storage-disk-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-daemon-driver-storage-iscsi-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-daemon-driver-storage-logical-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-daemon-driver-storage-mpath-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-daemon-driver-storage-scsi-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-daemon-kvm-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-debuginfo-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-devel-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-docs-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-libs-3.2.0-14.el7_4.11.ppc64le.rpm

s390x:
libvirt-3.2.0-14.el7_4.11.s390x.rpm
libvirt-client-3.2.0-14.el7_4.11.s390.rpm
libvirt-client-3.2.0-14.el7_4.11.s390x.rpm
libvirt-daemon-3.2.0-14.el7_4.11.s390x.rpm
libvirt-daemon-config-network-3.2.0-14.el7_4.11.s390x.rpm
libvirt-daemon-config-nwfilter-3.2.0-14.el7_4.11.s390x.rpm
libvirt-daemon-driver-interface-3.2.0-14.el7_4.11.s390x.rpm
libvirt-daemon-driver-lxc-3.2.0-14.el7_4.11.s390x.rpm
libvirt-daemon-driver-network-3.2.0-14.el7_4.11.s390x.rpm
libvirt-daemon-driver-nodedev-3.2.0-14.el7_4.11.s390x.rpm
libvirt-daemon-driver-nwfilter-3.2.0-14.el7_4.11.s390x.rpm
libvirt-daemon-driver-secret-3.2.0-14.el7_4.11.s390x.rpm
libvirt-daemon-driver-storage-3.2.0-14.el7_4.11.s390x.rpm
libvirt-daemon-driver-storage-core-3.2.0-14.el7_4.11.s390x.rpm
libvirt-daemon-driver-storage-disk-3.2.0-14.el7_4.11.s390x.rpm
libvirt-daemon-driver-storage-iscsi-3.2.0-14.el7_4.11.s390x.rpm
libvirt-daemon-driver-storage-logical-3.2.0-14.el7_4.11.s390x.rpm
libvirt-daemon-driver-storage-mpath-3.2.0-14.el7_4.11.s390x.rpm
libvirt-daemon-driver-storage-scsi-3.2.0-14.el7_4.11.s390x.rpm
libvirt-debuginfo-3.2.0-14.el7_4.11.s390.rpm
libvirt-debuginfo-3.2.0-14.el7_4.11.s390x.rpm
libvirt-devel-3.2.0-14.el7_4.11.s390.rpm
libvirt-devel-3.2.0-14.el7_4.11.s390x.rpm
libvirt-docs-3.2.0-14.el7_4.11.s390x.rpm
libvirt-libs-3.2.0-14.el7_4.11.s390.rpm
libvirt-libs-3.2.0-14.el7_4.11.s390x.rpm

x86_64:
libvirt-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-client-3.2.0-14.el7_4.11.i686.rpm
libvirt-client-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-config-network-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-config-nwfilter-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-interface-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-lxc-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-network-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-nodedev-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-nwfilter-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-qemu-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-secret-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-storage-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-storage-core-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-storage-disk-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-storage-gluster-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-storage-iscsi-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-storage-logical-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-storage-mpath-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-storage-rbd-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-driver-storage-scsi-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-kvm-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-debuginfo-3.2.0-14.el7_4.11.i686.rpm
libvirt-debuginfo-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-devel-3.2.0-14.el7_4.11.i686.rpm
libvirt-devel-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-docs-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-libs-3.2.0-14.el7_4.11.i686.rpm
libvirt-libs-3.2.0-14.el7_4.11.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.4):

ppc64:
libvirt-admin-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-daemon-lxc-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-debuginfo-3.2.0-14.el7_4.11.ppc.rpm
libvirt-debuginfo-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-lock-sanlock-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-login-shell-3.2.0-14.el7_4.11.ppc64.rpm
libvirt-nss-3.2.0-14.el7_4.11.ppc.rpm
libvirt-nss-3.2.0-14.el7_4.11.ppc64.rpm

ppc64le:
libvirt-admin-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-daemon-lxc-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-debuginfo-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-lock-sanlock-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-login-shell-3.2.0-14.el7_4.11.ppc64le.rpm
libvirt-nss-3.2.0-14.el7_4.11.ppc64le.rpm

s390x:
libvirt-admin-3.2.0-14.el7_4.11.s390x.rpm
libvirt-daemon-lxc-3.2.0-14.el7_4.11.s390x.rpm
libvirt-debuginfo-3.2.0-14.el7_4.11.s390.rpm
libvirt-debuginfo-3.2.0-14.el7_4.11.s390x.rpm
libvirt-login-shell-3.2.0-14.el7_4.11.s390x.rpm
libvirt-nss-3.2.0-14.el7_4.11.s390.rpm
libvirt-nss-3.2.0-14.el7_4.11.s390x.rpm

x86_64:
libvirt-admin-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-daemon-lxc-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-debuginfo-3.2.0-14.el7_4.11.i686.rpm
libvirt-debuginfo-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-lock-sanlock-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-login-shell-3.2.0-14.el7_4.11.x86_64.rpm
libvirt-nss-3.2.0-14.el7_4.11.i686.rpm
libvirt-nss-3.2.0-14.el7_4.11.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWzJob9zjgjWX9erEAQipmxAAm6SvkbLr9TciYodrqAy9XsrDiiTAS/ja
XfprQKoSBZhQBYHugmeDWpDp93cFRuYbBOkZkofvyJ1OspQnZBIokYihFUnf0Kjl
EQYQZaaEBklybH3JmV8e6Vx3i3rOgppFcbOHWXAfvhVLrWa1h0MaOj2v1EJhUR8e
8n3As+3BgoSlDYW9hM1Q5i9/j/VD7IsE/WwEN4TvPspYNonTowkGijJaoWQIy8Fj
PMcJipaPZFnyxMXh4Gw8XbCqBupPRALhGVQ//yIyow2GlWlEHfT56BykItb1v9SE
ptzsMqup5/Ncn6NOGtfIAd55PTabHuuaPk4IiX5PP2AS7jTQy843EzGYmuoQim41
9vGn1O0zijh5FV3N/ZBQRqjpNsdEDouRN1L2ET26/PrXVUsnkihsB6gWkA4yasl2
2MSGPJleUzN2hty2EHW1Sm1JyWOLdosPjWyiOTFW3+cA64miIqGtI0Jhy69b18sM
KjOYMO0+vAngMa8V6ZEgUiYQVdxdZQRNQIulD4wSTLqLKsZIsSe4TP9tW7XZdL0r
aczI1IaI5ZFCSnVfO/2qxrJfvPK9PQIdHhPM6tRpqBN1Qi6mcSoYyIOYXwmL7jWH
dJ1TOjzmowubW1HTjDYIkE74jh+fYWgE8G+Ubl8BKNuWR4P1I4baZZG+BEElUZwi
SCla88BgBqQ=
=V6S0
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F148317)

Red Hat Security Advisory 2018-1967-01 (PacketStormID:F148317)
2018-06-26 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-1967-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel-alt security and bug fix update
Advisory ID:       RHSA-2018:1967-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1967
Issue date:        2018-06-26
CVE Names:         CVE-2018-3639 
=====================================================================

1. Summary:

An update for kernel-alt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le

3. Description:

The kernel-alt packages provide the Linux kernel version 4.x.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639, PowerPC)

* This release also includes next iteration of the CVE-2017-5715 mitigation
that includes the SMCCC (Secure Monitor Call Calling Convention) 1.1
support. (CVE-2017-5715, ARM)

Red Hat would like to thank Google Project Zero for reporting CVE-2017-5715
and Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google
Project Zero) for reporting CVE-2018-3639.

Bug Fix(es):

These updated kernel-alt packages include numerous bug fixes. Space
precludes documenting all of the bug fixes in this advisory. See the
descriptions in the related Knowledge Article:
https://access.redhat.com/articles/3485851

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection
1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source:
kernel-alt-4.14.0-49.8.1.el7a.src.rpm

aarch64:
kernel-4.14.0-49.8.1.el7a.aarch64.rpm
kernel-debug-4.14.0-49.8.1.el7a.aarch64.rpm
kernel-debug-debuginfo-4.14.0-49.8.1.el7a.aarch64.rpm
kernel-debug-devel-4.14.0-49.8.1.el7a.aarch64.rpm
kernel-debuginfo-4.14.0-49.8.1.el7a.aarch64.rpm
kernel-debuginfo-common-aarch64-4.14.0-49.8.1.el7a.aarch64.rpm
kernel-devel-4.14.0-49.8.1.el7a.aarch64.rpm
kernel-headers-4.14.0-49.8.1.el7a.aarch64.rpm
kernel-tools-4.14.0-49.8.1.el7a.aarch64.rpm
kernel-tools-debuginfo-4.14.0-49.8.1.el7a.aarch64.rpm
kernel-tools-libs-4.14.0-49.8.1.el7a.aarch64.rpm
perf-4.14.0-49.8.1.el7a.aarch64.rpm
perf-debuginfo-4.14.0-49.8.1.el7a.aarch64.rpm
python-perf-4.14.0-49.8.1.el7a.aarch64.rpm
python-perf-debuginfo-4.14.0-49.8.1.el7a.aarch64.rpm

noarch:
kernel-abi-whitelists-4.14.0-49.8.1.el7a.noarch.rpm
kernel-doc-4.14.0-49.8.1.el7a.noarch.rpm

ppc64le:
kernel-4.14.0-49.8.1.el7a.ppc64le.rpm
kernel-bootwrapper-4.14.0-49.8.1.el7a.ppc64le.rpm
kernel-debug-4.14.0-49.8.1.el7a.ppc64le.rpm
kernel-debug-debuginfo-4.14.0-49.8.1.el7a.ppc64le.rpm
kernel-debuginfo-4.14.0-49.8.1.el7a.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.14.0-49.8.1.el7a.ppc64le.rpm
kernel-devel-4.14.0-49.8.1.el7a.ppc64le.rpm
kernel-headers-4.14.0-49.8.1.el7a.ppc64le.rpm
kernel-tools-4.14.0-49.8.1.el7a.ppc64le.rpm
kernel-tools-debuginfo-4.14.0-49.8.1.el7a.ppc64le.rpm
kernel-tools-libs-4.14.0-49.8.1.el7a.ppc64le.rpm
perf-4.14.0-49.8.1.el7a.ppc64le.rpm
perf-debuginfo-4.14.0-49.8.1.el7a.ppc64le.rpm
python-perf-4.14.0-49.8.1.el7a.ppc64le.rpm
python-perf-debuginfo-4.14.0-49.8.1.el7a.ppc64le.rpm

s390x:
kernel-4.14.0-49.8.1.el7a.s390x.rpm
kernel-debug-4.14.0-49.8.1.el7a.s390x.rpm
kernel-debug-debuginfo-4.14.0-49.8.1.el7a.s390x.rpm
kernel-debug-devel-4.14.0-49.8.1.el7a.s390x.rpm
kernel-debuginfo-4.14.0-49.8.1.el7a.s390x.rpm
kernel-debuginfo-common-s390x-4.14.0-49.8.1.el7a.s390x.rpm
kernel-devel-4.14.0-49.8.1.el7a.s390x.rpm
kernel-headers-4.14.0-49.8.1.el7a.s390x.rpm
kernel-kdump-4.14.0-49.8.1.el7a.s390x.rpm
kernel-kdump-debuginfo-4.14.0-49.8.1.el7a.s390x.rpm
kernel-kdump-devel-4.14.0-49.8.1.el7a.s390x.rpm
perf-4.14.0-49.8.1.el7a.s390x.rpm
perf-debuginfo-4.14.0-49.8.1.el7a.s390x.rpm
python-perf-4.14.0-49.8.1.el7a.s390x.rpm
python-perf-debuginfo-4.14.0-49.8.1.el7a.s390x.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

aarch64:
kernel-debug-debuginfo-4.14.0-49.8.1.el7a.aarch64.rpm
kernel-debuginfo-4.14.0-49.8.1.el7a.aarch64.rpm
kernel-debuginfo-common-aarch64-4.14.0-49.8.1.el7a.aarch64.rpm
kernel-tools-debuginfo-4.14.0-49.8.1.el7a.aarch64.rpm
kernel-tools-libs-devel-4.14.0-49.8.1.el7a.aarch64.rpm
perf-debuginfo-4.14.0-49.8.1.el7a.aarch64.rpm
python-perf-debuginfo-4.14.0-49.8.1.el7a.aarch64.rpm

noarch:
kernel-doc-4.14.0-49.8.1.el7a.noarch.rpm

ppc64le:
kernel-debug-debuginfo-4.14.0-49.8.1.el7a.ppc64le.rpm
kernel-debug-devel-4.14.0-49.8.1.el7a.ppc64le.rpm
kernel-debuginfo-4.14.0-49.8.1.el7a.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.14.0-49.8.1.el7a.ppc64le.rpm
kernel-tools-debuginfo-4.14.0-49.8.1.el7a.ppc64le.rpm
kernel-tools-libs-devel-4.14.0-49.8.1.el7a.ppc64le.rpm
perf-debuginfo-4.14.0-49.8.1.el7a.ppc64le.rpm
python-perf-debuginfo-4.14.0-49.8.1.el7a.ppc64le.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/cve/CVE-2017-5715
https://access.redhat.com/articles/3485851

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWzJe0NzjgjWX9erEAQiDKw/+NmWG8WorZI87SR3m6JiA9OjdK9IgHmky
TlgcTDPtER5YvxwPqSDgNDaOi/XbwlL5tS+9Z7xT/cgvBii8avbMoh/a2M0A7nPx
07iN0npULVM8PY0XePjJJKJLjrKPrWCwK2Gso74JVVw5U30cY5JxWHY5j7n0ARE5
6LrymhMU91dbnHxcFX1CRPMDVWOQWOlQMsOu7TNFxcqtA4B+tISJsAsNqHpQX0iB
askQE8dKysCJmZa8gFCF5cCHeEnEqsqdMWbmCvrZnTkGFLwgoHHi/GhjLBBOhe56
XCjoXXMatloVovl71fFTuWlqYCZWQmOwes4FRjSm6/rN2sFSrN2ynbqTHGnmtSkE
P9eym1FlS8E3ceQF++y55T2kT8Dm1O4QDYt+yefqHj/9CT2u6MSoLpqXSuNgMDLd
kuj8V3/OQrtagdIGv72OXThsNeiXHXFfHdcsduNGmDqAjfWZgkazMreH76mBgySV
C7OjEF7DOqAk3Pu3RmUDTbUCyQOlB9BFl0P1BaGhREZzz1rYZ7hWRLqtIzA4DFFA
YykionpceMEiFnHwGujj9menw1GtaxMVQvziS0tcncDuPbvp21ERUCitdWNejQbV
XMwAOGCCLz83l8j/9XYOadYU4z2TkVUkKLIrrDupvyDs80IydXb10TTdqW9YSRHh
+GUGNpyTIT8=
=VQbz
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F148370)

VMware Security Advisory 2018-0012.1 (PacketStormID:F148370)
2018-06-29 00:00:00
VMware  vmware.com
advisory
CVE-2018-3639,CVE-2018-3640
[点击下载]

VMware Security Advisory 2018-0012.1 - VMware vSphere, Workstation and Fusion updates enable Hypervisor- Assisted Guest Mitigations for Speculative Store Bypass issue. The mitigations in this advisory are categorized as Hypervisor- Assisted Guest Mitigations described by VMware Knowledge Base article 54951. KB54951 also covers CVE-2018-3640 mitigations which do not require VMware product updates.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
                        VMware Security Advisory

Advisory ID: VMSA-2018-0012.1
Severity:    Moderate
Synopsis:    VMware vSphere, Workstation and Fusion updates enable
             Hypervisor-Assisted Guest Mitigations for Speculative Store
             Bypass issue
Issue date:  2018-05-21
Updated on:  2018-06-28
CVE number:  CVE-2018-3639

1. Summary

   VMware vSphere, Workstation and Fusion updates enable Hypervisor-
   Assisted Guest Mitigations for Speculative Store Bypass issue.

   The mitigations in this advisory are categorized as Hypervisor-
   Assisted Guest Mitigations described by VMware Knowledge Base article
   54951. KB54951 also covers CVE-2018-3640 mitigations which do not
   require VMware product updates.

2. Relevant Products

   VMware vCenter Server (VC)
   VMware vSphere ESXi (ESXi)
   VMware Workstation Pro / Player (Workstation)
   VMware Fusion Pro / Fusion (Fusion)

3. Problem Description

   vCenter Server, ESXi, Workstation, and Fusion update speculative
   execution control mechanism for Virtual Machines (VMs). As a result,
   a patched Guest Operating System (GOS) can remediate the Speculative
   Store bypass issue (CVE-2018-3639) using the Speculative-Store-
   Bypass-Disable (SSBD) control bit. This issue may allow for
   information disclosure in applications and/or execution runtimes
   which rely on managed code security mechanisms. Based on current
   evaluations, we do not believe that CVE-2018-3639 could allow for VM
   to VM or Hypervisor to VM Information disclosure.

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the identifier CVE-2018-3639 to this issue.

   Column 5 of the following table lists the action required to
   remediate the vulnerability in each release, if a solution is
   available.

   VMware      Product Running          Replace with/        Mitigation/
   Product     Version on      Severity Apply Patch          Workaround
   =========== ======= ======= ======== ==================== ==========
   VC          6.7     Any     Moderate 6.7.0b *                None
   VC          6.5     Any     Moderate 6.5 U2b *               None
   VC          6.0     Any     Moderate 6.0 U3f *               None
   VC          5.5     Any     Moderate 5.5 U3i *               None

   ESXi        6.7     Any     Moderate ESXi670-201806401-BG *  None
                                        ESXi670-201806402-BG **
   ESXi        6.5     Any     Moderate ESXi650-201806401-BG *  None
                                        ESXi650-201806402-BG **
   ESXi        6.0     Any     Moderate ESXi600-201806401-BG *  None
                                        ESXi600-201806402-BG **
   ESXi        5.5     Any     Moderate ESXi550-201806401-BG *  None
                                        ESXi550-201806402-BG **

   Workstation 14.x    Any     Moderate 14.1.2 *                None
   Fusion      10.x    OSX     Moderate 10.1.2 *                None

   * There are additional VMware and 3rd party requirements for
   CVE-2018-3639 mitigation beyond applying these updates. Please
   see VMware Knowledge Base article 55111 for details.

   ** If available, these ESXi patches apply the required microcode
   updates. The included microcode updates are documented in the
   VMware Knowledge Base articles listed in the Solution section.

4. Solution

   Please review the patch/release notes for your product and
   version and verify the checksum of your downloaded file.

   vCenter Server 6.7.0b
   Downloads:

https://my.vmware.com/web/vmware/details?downloadGroup=VC670B&productId=742
&rPId=24511
   Documentation:

https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-670
b-release-notes.html

   vCenter Server 6.5 U2b
   Downloads:

https://my.vmware.com/web/vmware/details?downloadGroup=VC65U2B&productId=61
4&rPId=24437
   Documentation:

https://docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u
2b-release-notes.html

   vCenter Server 6.0 U3f
   Downloads:

https://my.vmware.com/web/vmware/details?downloadGroup=VC60U3F&productId=49
1&rPId=24398
   Documentation:

https://docs.vmware.com/en/VMware-vSphere/6.0/rn/vsphere-vcenter-server-60u
3f-release-notes.html

   vCenter Server 5.5 U3i
   Downloads:

https://my.vmware.com/web/vmware/details?downloadGroup=VC55U3I&productId=35
3&rPId=24327
   Documentation:

https://docs.vmware.com/en/VMware-vSphere/5.5/rn/vsphere-vcenter-server-55u
3i-release-notes.html

   VMware ESXi 6.7
   Downloads:
   https://my.vmware.com/group/vmware/patch
   Documentation:
   https://kb.vmware.com/kb/55920
   https://kb.vmware.com/kb/55921 (microcode)

   VMware ESXi 6.5
   Downloads:
   https://my.vmware.com/group/vmware/patch
   Documentation:
   https://kb.vmware.com/kb/55915
   https://kb.vmware.com/kb/55916 (microcode)

   VMware ESXi 6.0
   Downloads:
   https://my.vmware.com/group/vmware/patch
   Documentation:
   https://kb.vmware.com/kb/55910
   https://kb.vmware.com/kb/55911 (microcode)

   VMware ESXi 5.5
   Downloads:
   https://my.vmware.com/group/vmware/patch
   Documentation:
   https://kb.vmware.com/kb/55905
   https://kb.vmware.com/kb/55906 (microcode)

   VMware Workstation Pro, Player 14.1.2
   Downloads and Documentation:
   https://www.vmware.com/go/downloadworkstation
   https://www.vmware.com/go/downloadplayer

   VMware Fusion Pro / Fusion 10.1.2
   Downloads and Documentation:
   https://www.vmware.com/go/downloadfusion

5. References

   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
   https://kb.vmware.com/kb/54951
   https://kb.vmware.com/kb/55111

- ------------------------------------------------------------------------

6. Change log

   2018-05-21: VMSA-2018-0012
   Initial security advisory in conjunction with the release
   of Workstation 14.1.2 and Fusion 10.1.2 on 2018-05-21.

   2018-06-28: VMSA-2018-0012.1
   Updated security advisory in conjunction with the release of vCenter
   Server 5.5 U3i, 6.0 U3f, 6.5 U2b, 6.7.0b and ESXi 5.5 - 6.7 patches
   on 2018-06-28.

- ------------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

    security-announce at lists.vmware.com
    bugtraq at securityfocus.com
    fulldisclosure at seclists.org

   E-mail: security at vmware.com
   PGP key at: https://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html

   VMware Security & Compliance Blog
   https://blogs.vmware.com/security

   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2018 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wj8DBQFbNaFeDEcm8Vbi9kMRAn4NAJ42HgDjfXkcTVfDupwE4KPdPVsf7wCcDaLy
aN23XiAmhvFSxcQ5GnJR0ls=
=frKv
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F148486)

Red Hat Security Advisory 2018-2164-01 (PacketStormID:F148486)
2018-07-11 00:00:00
Red Hat  
advisory,denial of service,kernel,vulnerability
linux,redhat
CVE-2018-10675,CVE-2018-10872,CVE-2018-3639,CVE-2018-3665
[点击下载]

Red Hat Security Advisory 2018-2164-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, denial of service, information leakage, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2018:2164-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2164
Issue date:        2018-07-10
CVE Names:         CVE-2018-3639 CVE-2018-3665 CVE-2018-10675
                   CVE-2018-10872
====================================================================
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639, x86 AMD)

* kernel: Use-after-free vulnerability in mm/mempolicy.c:do_get_mempolicy
function allows local denial of service or other unspecified impact
(CVE-2018-10675)

* Kernel: FPU state information leakage via lazy FPU restore
(CVE-2018-3665)

* kernel: error in exception handling leads to DoS (CVE-2018-8897
regression) (CVE-2018-10872)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639 and
Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), and
Zdenek Sojka (sysgo.com) for reporting CVE-2018-3665.

Bug Fix(es):

* Previously, microcode updates on 32 and 64-bit AMD and Intel
architectures were not synchronized. As a consequence, it was not possible
to apply the microcode updates. This fix adds the synchronization to the
microcode updates so that processors of the stated architectures receive
updates at the same time. As a result, microcode updates are now
synchronized. (BZ#1574592)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass
1575065 - CVE-2018-10675 kernel: Use-after-free vulnerability in mm/mempolicy.c:do_get_mempolicy function allows local denial-of-service or other unspecified impact
1585011 - CVE-2018-3665 Kernel: FPU state information leakage via lazy FPU restore
1596094 - CVE-2018-10872 kernel: error in exception handling leads to DoS (CVE-2018-8897 regression)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
kernel-2.6.32-754.2.1.el6.src.rpm

i386:
kernel-2.6.32-754.2.1.el6.i686.rpm
kernel-debug-2.6.32-754.2.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.2.1.el6.i686.rpm
kernel-debug-devel-2.6.32-754.2.1.el6.i686.rpm
kernel-debuginfo-2.6.32-754.2.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.2.1.el6.i686.rpm
kernel-devel-2.6.32-754.2.1.el6.i686.rpm
kernel-headers-2.6.32-754.2.1.el6.i686.rpm
perf-2.6.32-754.2.1.el6.i686.rpm
perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-754.2.1.el6.noarch.rpm
kernel-doc-2.6.32-754.2.1.el6.noarch.rpm
kernel-firmware-2.6.32-754.2.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debug-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.2.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.2.1.el6.i686.rpm
kernel-debug-devel-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.2.1.el6.i686.rpm
kernel-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.2.1.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.2.1.el6.x86_64.rpm
kernel-devel-2.6.32-754.2.1.el6.x86_64.rpm
kernel-headers-2.6.32-754.2.1.el6.x86_64.rpm
perf-2.6.32-754.2.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm
perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-754.2.1.el6.i686.rpm
kernel-debuginfo-2.6.32-754.2.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.2.1.el6.i686.rpm
perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm
python-perf-2.6.32-754.2.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.2.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
python-perf-2.6.32-754.2.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
kernel-2.6.32-754.2.1.el6.src.rpm

noarch:
kernel-abi-whitelists-2.6.32-754.2.1.el6.noarch.rpm
kernel-doc-2.6.32-754.2.1.el6.noarch.rpm
kernel-firmware-2.6.32-754.2.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debug-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.2.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.2.1.el6.i686.rpm
kernel-debug-devel-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.2.1.el6.i686.rpm
kernel-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.2.1.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.2.1.el6.x86_64.rpm
kernel-devel-2.6.32-754.2.1.el6.x86_64.rpm
kernel-headers-2.6.32-754.2.1.el6.x86_64.rpm
perf-2.6.32-754.2.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm
perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
kernel-debug-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.2.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
python-perf-2.6.32-754.2.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
kernel-2.6.32-754.2.1.el6.src.rpm

i386:
kernel-2.6.32-754.2.1.el6.i686.rpm
kernel-debug-2.6.32-754.2.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.2.1.el6.i686.rpm
kernel-debug-devel-2.6.32-754.2.1.el6.i686.rpm
kernel-debuginfo-2.6.32-754.2.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.2.1.el6.i686.rpm
kernel-devel-2.6.32-754.2.1.el6.i686.rpm
kernel-headers-2.6.32-754.2.1.el6.i686.rpm
perf-2.6.32-754.2.1.el6.i686.rpm
perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-754.2.1.el6.noarch.rpm
kernel-doc-2.6.32-754.2.1.el6.noarch.rpm
kernel-firmware-2.6.32-754.2.1.el6.noarch.rpm

ppc64:
kernel-2.6.32-754.2.1.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-754.2.1.el6.ppc64.rpm
kernel-debug-2.6.32-754.2.1.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-754.2.1.el6.ppc64.rpm
kernel-debug-devel-2.6.32-754.2.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-754.2.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-754.2.1.el6.ppc64.rpm
kernel-devel-2.6.32-754.2.1.el6.ppc64.rpm
kernel-headers-2.6.32-754.2.1.el6.ppc64.rpm
perf-2.6.32-754.2.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-754.2.1.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-754.2.1.el6.ppc64.rpm

s390x:
kernel-2.6.32-754.2.1.el6.s390x.rpm
kernel-debug-2.6.32-754.2.1.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-754.2.1.el6.s390x.rpm
kernel-debug-devel-2.6.32-754.2.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-754.2.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-754.2.1.el6.s390x.rpm
kernel-devel-2.6.32-754.2.1.el6.s390x.rpm
kernel-headers-2.6.32-754.2.1.el6.s390x.rpm
kernel-kdump-2.6.32-754.2.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-754.2.1.el6.s390x.rpm
kernel-kdump-devel-2.6.32-754.2.1.el6.s390x.rpm
perf-2.6.32-754.2.1.el6.s390x.rpm
perf-debuginfo-2.6.32-754.2.1.el6.s390x.rpm
python-perf-debuginfo-2.6.32-754.2.1.el6.s390x.rpm

x86_64:
kernel-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debug-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.2.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.2.1.el6.i686.rpm
kernel-debug-devel-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.2.1.el6.i686.rpm
kernel-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.2.1.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.2.1.el6.x86_64.rpm
kernel-devel-2.6.32-754.2.1.el6.x86_64.rpm
kernel-headers-2.6.32-754.2.1.el6.x86_64.rpm
perf-2.6.32-754.2.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm
perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-754.2.1.el6.i686.rpm
kernel-debuginfo-2.6.32-754.2.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.2.1.el6.i686.rpm
perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm
python-perf-2.6.32-754.2.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm

ppc64:
kernel-debug-debuginfo-2.6.32-754.2.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-754.2.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-754.2.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-754.2.1.el6.ppc64.rpm
python-perf-2.6.32-754.2.1.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-754.2.1.el6.ppc64.rpm

s390x:
kernel-debug-debuginfo-2.6.32-754.2.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-754.2.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-754.2.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-754.2.1.el6.s390x.rpm
perf-debuginfo-2.6.32-754.2.1.el6.s390x.rpm
python-perf-2.6.32-754.2.1.el6.s390x.rpm
python-perf-debuginfo-2.6.32-754.2.1.el6.s390x.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.2.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
python-perf-2.6.32-754.2.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
kernel-2.6.32-754.2.1.el6.src.rpm

i386:
kernel-2.6.32-754.2.1.el6.i686.rpm
kernel-debug-2.6.32-754.2.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.2.1.el6.i686.rpm
kernel-debug-devel-2.6.32-754.2.1.el6.i686.rpm
kernel-debuginfo-2.6.32-754.2.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.2.1.el6.i686.rpm
kernel-devel-2.6.32-754.2.1.el6.i686.rpm
kernel-headers-2.6.32-754.2.1.el6.i686.rpm
perf-2.6.32-754.2.1.el6.i686.rpm
perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-754.2.1.el6.noarch.rpm
kernel-doc-2.6.32-754.2.1.el6.noarch.rpm
kernel-firmware-2.6.32-754.2.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debug-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.2.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.2.1.el6.i686.rpm
kernel-debug-devel-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.2.1.el6.i686.rpm
kernel-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.2.1.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.2.1.el6.x86_64.rpm
kernel-devel-2.6.32-754.2.1.el6.x86_64.rpm
kernel-headers-2.6.32-754.2.1.el6.x86_64.rpm
perf-2.6.32-754.2.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm
perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-754.2.1.el6.i686.rpm
kernel-debuginfo-2.6.32-754.2.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.2.1.el6.i686.rpm
perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm
python-perf-2.6.32-754.2.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.2.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm
python-perf-2.6.32-754.2.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/cve/CVE-2018-3665
https://access.redhat.com/security/cve/CVE-2018-10675
https://access.redhat.com/security/cve/CVE-2018-10872
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW0TykdzjgjWX9erEAQj7nQ/8DBiN11jNNGxND1Io2xuiZ+/RqzFz4IXv
VMTrhukotRz5vbQWziRcHl0DVUttBBbwzdoNUu4RH4rxHv0J0GTLYusgyWlyDJP8
D229CT7o6lK4RjPryXFsu/4YsIzu8Vz35KB8SpW6gUkXibANrCWDEHEqc9+6mQ6g
VFe0wAu1Tw3PKre0zK+XL/uxkvjk8ZeDINe8WVUDloBOnxFMnZZjEcZsIO9JfjBr
krlU1QTQcPeKsrv6gofNXBOeQn0JZS1BVDy0JiNoOihJqPPBLA5RkyZzWouy6FDt
xVTN7BEuILTUszfcygXA17OdNUzJm/L6a4rFXno4+eN5u5Ucx46/abXhWhRzcwvV
+7IuGNs83aTZufXNbWDtiGFkIyKE5NyX7U7SOoxz42AxesSxJ6SKJFD4iBu/0YrU
h9BvuHkkVNu+NsYT6rajqwz5ytkEbCJAX7xvNnu7Wi18tWKEWklqAFYSqVnpopO2
8xSW2+OTSkAQ9uiGAz9aTLLca2Zi/I8kjAcNyv4tASUcvodNzUE/OuERC5hvOZ6X
6j/POh7W7xA3cAg216EEj4X12BIwArqt8hjZ6hO5cd7ZfnWof7BVEjLnqtyJjhzi
Xap6Pf/NG4/iSO1kEFLo3Uw9sQVoPRU4Hg1KXJJy+XboBQ3/K9ctCU5qvTRApmmM
OjBeir/Q654=I9wq
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F148485)

Red Hat Security Advisory 2018-2162-01 (PacketStormID:F148485)
2018-07-11 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2017-13672,CVE-2018-3639,CVE-2018-5683,CVE-2018-7858
[点击下载]

Red Hat Security Advisory 2018-2162-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Important: qemu-kvm security update
Advisory ID:       RHSA-2018:2162-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2162
Issue date:        2018-07-10
CVE Names:         CVE-2017-13672 CVE-2018-3639 CVE-2018-5683
                   CVE-2018-7858
====================================================================
1. Summary:

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

Kernel-based Virtual Machine (KVM) is a full virtualization solution for
Linux on a variety of architectures. The qemu-kvm packages provide the
user-space component for running virtual machines that use KVM.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation.

* QEMU: cirrus: OOB access when updating VGA display (CVE-2018-7858)

* QEMU: vga: OOB read access during display update (CVE-2017-13672)

* Qemu: Out-of-bounds read in vga_draw_text routine (CVE-2018-5683)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639;
Ross Lagerwall (Citrix.com) for reporting CVE-2018-7858; David Buchanan for
reporting CVE-2017-13672; and Jiang Xin and Lin ZheCheng for reporting
CVE-2018-5683.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once
all virtual machines have shut down, start them again for this update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1486560 - CVE-2017-13672 QEMU: vga: OOB read access during display update
1530356 - CVE-2018-5683 Qemu: Out-of-bounds read in vga_draw_text routine
1553402 - CVE-2018-7858 QEMU: cirrus: OOB access when updating VGA display
1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
qemu-kvm-0.12.1.2-2.506.el6_10.1.src.rpm

i386:
qemu-guest-agent-0.12.1.2-2.506.el6_10.1.i686.rpm
qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.1.i686.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.506.el6_10.1.x86_64.rpm
qemu-img-0.12.1.2-2.506.el6_10.1.x86_64.rpm
qemu-kvm-0.12.1.2-2.506.el6_10.1.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.1.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.506.el6_10.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
qemu-kvm-0.12.1.2-2.506.el6_10.1.src.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.506.el6_10.1.x86_64.rpm
qemu-img-0.12.1.2-2.506.el6_10.1.x86_64.rpm
qemu-kvm-0.12.1.2-2.506.el6_10.1.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.1.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.506.el6_10.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
qemu-kvm-0.12.1.2-2.506.el6_10.1.src.rpm

i386:
qemu-guest-agent-0.12.1.2-2.506.el6_10.1.i686.rpm
qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.1.i686.rpm

ppc64:
qemu-guest-agent-0.12.1.2-2.506.el6_10.1.ppc64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.1.ppc64.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.506.el6_10.1.x86_64.rpm
qemu-img-0.12.1.2-2.506.el6_10.1.x86_64.rpm
qemu-kvm-0.12.1.2-2.506.el6_10.1.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.1.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.506.el6_10.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
qemu-kvm-0.12.1.2-2.506.el6_10.1.src.rpm

i386:
qemu-guest-agent-0.12.1.2-2.506.el6_10.1.i686.rpm
qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.1.i686.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.506.el6_10.1.x86_64.rpm
qemu-img-0.12.1.2-2.506.el6_10.1.x86_64.rpm
qemu-kvm-0.12.1.2-2.506.el6_10.1.x86_64.rpm
qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.1.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.506.el6_10.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-13672
https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/cve/CVE-2018-5683
https://access.redhat.com/security/cve/CVE-2018-7858
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW0TyhdzjgjWX9erEAQiGSg/+J9N8XQ6MW6sQRapotRjk8yyYLtatWC31
AvPZ2brDzQYmAfDFKFsITO5J/tW+VZITdotkNFImtYW/hj8x9WtuHi5UGuh8K1Eu
Rx0tgk0kqUH3H7vtlTo5/0rOtuBzyundXZgAktG5EZuA3Nb9kxOmNLXsHzuRikEV
KPC9Rwx+0Hh9U/0kJYEbOgvuBmah9lVnu0WCLgk+Yo4ksySB1DScfPVK2ihmPZlY
FCt6P7qXgVYbqrlgX1Zh2xgLIh041k3nxGuWxWm1iQytXiK5jhQqj492Bz7tHTRo
5B5t+r8fRfE7iJjXbheCLrRGAyJA8VCTgiqiGaAkgqP0uW6MSf8qE0fDkB+Nfizp
dG0PLXT11gw8JsrE56k7tfUYqGgHEenlTO4/YdllXHObyMRJXsKSqQSZ1essxOjt
ehw/waHIaRzbqxt4aBIpnxxp9SrmpZkeTHdbvRYjr41b4xKGxy3dPrAdgxfNjocr
+lkXNxjJE/mti84G2IClddtopehHmej8LIII9PjrTbsMaEk1YVlE3B0E/XsYDh9q
teylYBwCopv7eifTzIrKs9Eimr6F6nvC92iChtoThHXZfRv0yzFucXTudsJczF6z
L2P8OQfK1m+gS9OgOtkInnOllNxr35k3rNKwwMoSxeuG2eY7Mmw/PE+VPGEF6Ruu
ntCRT5igD/A=r8ae
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F148484)

Red Hat Security Advisory 2018-2161-01 (PacketStormID:F148484)
2018-07-11 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-2161-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2018:2161-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2161
Issue date:        2018-07-10
CVE Names:         CVE-2018-3639
====================================================================
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.3
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.3) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.3) - ppc64, ppc64le, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639, x86 AMD)

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

Bug Fix(es):

* When a Nonvolatile Memory Express (NVMe) namespace was created, changed,
or deleted, an occasional deadlock occurred. With this update, namespace
scanning and removal does not hold a mutual exclusion (mutex) program
object. As a result, a deadlock no longer occurs in the described scenario.
(BZ#1566886)

* Previously, a live migration of a virtual machine from one host with
updated firmware to another host without updated firmware resulted in
incorrect kernel settings for Meltdown mitigations, which could leave the
kernel vulnerable to Meltdown. With this fix, the firmware on the new
physical host is re-scanned for updates after a live migration. As a
result, the kernel uses the correct mitigation in the described scenario.
(BZ#1570507)

* Previously, microcode updates on 32 and 64-bit AMD and Intel
architectures were not synchronized. As a consequence, it was not possible
to apply the microcode updates. This fix adds the synchronization to the
microcode updates so that processors of the stated architectures receive
updates at the same time. As a result, microcode updates are now
synchronized. (BZ#1578044)

* When switching from the indirect branch speculation (IBRS) feature to the
retpolines feature, the IBRS state of some CPUs was sometimes not handled
correctly. Consequently, some CPUs were left with the IBRS Model-Specific
Register (MSR) bit set to 1, which could lead to performance issues. With
this update, the underlying source code has been fixed to clear the IBRS
MSR bits correctly, thus fixing the bug. (BZ#1586146)

Users of kernel are advised to upgrade to these updated packages, which fix
these bugs.

The system must be rebooted for this update to take effect.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.3):

Source:
kernel-3.10.0-514.53.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-514.53.1.el7.noarch.rpm
kernel-doc-3.10.0-514.53.1.el7.noarch.rpm

x86_64:
kernel-3.10.0-514.53.1.el7.x86_64.rpm
kernel-debug-3.10.0-514.53.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.53.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.53.1.el7.x86_64.rpm
kernel-devel-3.10.0-514.53.1.el7.x86_64.rpm
kernel-headers-3.10.0-514.53.1.el7.x86_64.rpm
kernel-tools-3.10.0-514.53.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.53.1.el7.x86_64.rpm
perf-3.10.0-514.53.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm
python-perf-3.10.0-514.53.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.3):

x86_64:
kernel-debug-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.53.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.53.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.3):

Source:
kernel-3.10.0-514.53.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-514.53.1.el7.noarch.rpm
kernel-doc-3.10.0-514.53.1.el7.noarch.rpm

ppc64:
kernel-3.10.0-514.53.1.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-514.53.1.el7.ppc64.rpm
kernel-debug-3.10.0-514.53.1.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm
kernel-debug-devel-3.10.0-514.53.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-514.53.1.el7.ppc64.rpm
kernel-devel-3.10.0-514.53.1.el7.ppc64.rpm
kernel-headers-3.10.0-514.53.1.el7.ppc64.rpm
kernel-tools-3.10.0-514.53.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm
kernel-tools-libs-3.10.0-514.53.1.el7.ppc64.rpm
perf-3.10.0-514.53.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm
python-perf-3.10.0-514.53.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm

ppc64le:
kernel-3.10.0-514.53.1.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-514.53.1.el7.ppc64le.rpm
kernel-debug-3.10.0-514.53.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-514.53.1.el7.ppc64le.rpm
kernel-devel-3.10.0-514.53.1.el7.ppc64le.rpm
kernel-headers-3.10.0-514.53.1.el7.ppc64le.rpm
kernel-tools-3.10.0-514.53.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-514.53.1.el7.ppc64le.rpm
perf-3.10.0-514.53.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm
python-perf-3.10.0-514.53.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm

s390x:
kernel-3.10.0-514.53.1.el7.s390x.rpm
kernel-debug-3.10.0-514.53.1.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-514.53.1.el7.s390x.rpm
kernel-debug-devel-3.10.0-514.53.1.el7.s390x.rpm
kernel-debuginfo-3.10.0-514.53.1.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-514.53.1.el7.s390x.rpm
kernel-devel-3.10.0-514.53.1.el7.s390x.rpm
kernel-headers-3.10.0-514.53.1.el7.s390x.rpm
kernel-kdump-3.10.0-514.53.1.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-514.53.1.el7.s390x.rpm
kernel-kdump-devel-3.10.0-514.53.1.el7.s390x.rpm
perf-3.10.0-514.53.1.el7.s390x.rpm
perf-debuginfo-3.10.0-514.53.1.el7.s390x.rpm
python-perf-3.10.0-514.53.1.el7.s390x.rpm
python-perf-debuginfo-3.10.0-514.53.1.el7.s390x.rpm

x86_64:
kernel-3.10.0-514.53.1.el7.x86_64.rpm
kernel-debug-3.10.0-514.53.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.53.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.53.1.el7.x86_64.rpm
kernel-devel-3.10.0-514.53.1.el7.x86_64.rpm
kernel-headers-3.10.0-514.53.1.el7.x86_64.rpm
kernel-tools-3.10.0-514.53.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.53.1.el7.x86_64.rpm
perf-3.10.0-514.53.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm
python-perf-3.10.0-514.53.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.3):

ppc64:
kernel-debug-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-514.53.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-514.53.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-514.53.1.el7.ppc64.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-514.53.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-514.53.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-514.53.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-514.53.1.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.53.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.53.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.53.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW0Tt1NzjgjWX9erEAQjWjRAAqEnkLg83IXcDh/QVNDhAoM5gAh+OkfHJ
LiuDz6CIHgDiv9K3BiG/dLNgL5caK11pxryqk/9kmtgoy6ClyqcrA2FNRIJMwugr
PXTjAXNxekyn6gTX0I+8hSOulCZtkCRXmlUu79apvVT/eqQM6PfqjK02OjEL9uc8
59jO7ZoWcv7GVJhu+06QoHaWAqGHBOYL9ufCVAXZH6dY3aS2dPM4UUcZpVxsP8X/
HqXR/ciyXNPSQoGcR/waf/iZgx1pDIV6JXmdl/qlJXthohwa1ZwxD2qqEV3cM9uO
XzXXVu9SD2D8cU4jClzIZ+XfM9J9dNl8j2YbZHaUs5IADNwqAIjPTb5leNhe6jqv
omnbgOwkJ0mEOLeWBSpQhGxoq4rk4eUJLai1kcpw8MRa6RzOzTs+GHOxTpDfL681
S7F8GjN6J4l0gbW+fOkley3gdMi/74cZcWA6jX/GcjJrtzhlFhRsUDZqd8Eb+F/g
quqdBLQ9Vc81FRlMoCATOhuqHM1/eJUcySbY3r1A6bU9oUQShN+prvIV4z5/ag6o
WIPN2ImSDaSBACJoCSEby8e2jXs689JLHgPPS0QVvuMQK7wdYGu8/7W++L7+5/It
IkS2XQFetG9urfkgM/OMVzeybOiGVsai+JAJOTxFnTWPeyIFF5MJ2E31Q11Amdlp
YF80GD/Rvjo=ltf/
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F148507)

Red Hat Security Advisory 2018-2171-01 (PacketStormID:F148507)
2018-07-11 00:00:00
Red Hat  
advisory,kernel,bypass
linux,redhat
CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-2171-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Important: kernel security update
Advisory ID:       RHSA-2018:2171-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2171
Issue date:        2018-07-11
CVE Names:         CVE-2018-3639
====================================================================
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 5.9 Long
Life.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Long Life (v. 5.9 server) - i386, ia64, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Long Life (v. 5.9 server):

Source:
kernel-2.6.18-348.40.1.el5.src.rpm

i386:
kernel-2.6.18-348.40.1.el5.i686.rpm
kernel-PAE-2.6.18-348.40.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-348.40.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-348.40.1.el5.i686.rpm
kernel-debug-2.6.18-348.40.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-348.40.1.el5.i686.rpm
kernel-debug-devel-2.6.18-348.40.1.el5.i686.rpm
kernel-debuginfo-2.6.18-348.40.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-348.40.1.el5.i686.rpm
kernel-devel-2.6.18-348.40.1.el5.i686.rpm
kernel-headers-2.6.18-348.40.1.el5.i386.rpm
kernel-xen-2.6.18-348.40.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-348.40.1.el5.i686.rpm
kernel-xen-devel-2.6.18-348.40.1.el5.i686.rpm

ia64:
kernel-2.6.18-348.40.1.el5.ia64.rpm
kernel-debug-2.6.18-348.40.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-348.40.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-348.40.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-348.40.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-348.40.1.el5.ia64.rpm
kernel-devel-2.6.18-348.40.1.el5.ia64.rpm
kernel-headers-2.6.18-348.40.1.el5.ia64.rpm
kernel-xen-2.6.18-348.40.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-348.40.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-348.40.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-348.40.1.el5.noarch.rpm

x86_64:
kernel-2.6.18-348.40.1.el5.x86_64.rpm
kernel-debug-2.6.18-348.40.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-348.40.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-348.40.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-348.40.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-348.40.1.el5.x86_64.rpm
kernel-devel-2.6.18-348.40.1.el5.x86_64.rpm
kernel-headers-2.6.18-348.40.1.el5.x86_64.rpm
kernel-xen-2.6.18-348.40.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-348.40.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-348.40.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW0Yk39zjgjWX9erEAQjRYA/+MBsMtTamzbvm0LwtNeGVxXffJUtnP1/E
e4Mbp4DfkP7fru3TVgyQpd1TUC8NmBXvUrpAcJSJZGmx6erzG09lCye8XETFTmmH
xdclCtZ3y7U/1vpMS4cg0Nywj3seRByABiCMcMrAETuguyZOeom1Cqp0QWM8i1wi
OMK+xCXu/c+OzvhT5cvVwhXdJdQbK3XIom0jfCnt5wUflDsCoC9cDHyD7xiXybIC
ItF3gGtVhP0mgEbun5QIu8cHve+2ZjQxwCC+KISX7VfVsYqLfGn4c5VNw48iY1yM
Rg9HWn7OB90X/4BXyv0LAte+52DlG+xbg9hD+VXRCPfTytI9jB/u1S2INMDGS98O
YhtrjAWwL1QwMUuX1evRQinLwua1FJgr5uWJyy7vPb230f08OzMmYT5dxhFhbZBL
z9Ng5MPAmkT9eNoeaIFf2xpW4gBW5lBLrA+Eh93LT5wKX3pUtChuM2uayfXCIOLU
vZr7uL2Y1cl9Fp1Z4njNTe+IhUaDUG+VQ6eGR9KZnRiNQJ0aM4N0Gp1QXNOh3f97
VesV9LaFJomgJ7wjzXLSaI0kK98PEbmerF0lAn6sxG2sAUHSjzcuh/orGYbDYymz
0dpU7+AiY8Xi3sBHfYkq2WUnyo5FMLgEidUWs4giZh563RaHj5wiQC/QILouxv7R
YplwxvnlwN8=RQlx
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F148506)

Red Hat Security Advisory 2018-2172-01 (PacketStormID:F148506)
2018-07-11 00:00:00
Red Hat  
advisory,denial of service,kernel,vulnerability
linux,redhat
CVE-2017-14106,CVE-2018-3639
[点击下载]

Red Hat Security Advisory 2018-2172-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass and denial of service vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Important: kernel security update
Advisory ID:       RHSA-2018:2172-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2172
Issue date:        2018-07-11
CVE Names:         CVE-2017-14106 CVE-2018-3639
====================================================================
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 5
Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 5 ELS) - i386, noarch, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

* kernel: A divide-by-zero vulnerability was found in the
__tcp_select_window function in the Linux kernel. This can result in a
kernel panic causing a local denial of service. (CVE-2017-14106)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Red Hat would like to thank Ken Johnson (Microsoft Security Response
Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1487295 - CVE-2017-14106 kernel: Divide-by-zero in __tcp_select_window
1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

6. Package List:

Red Hat Enterprise Linux Server (v. 5 ELS):

Source:
kernel-2.6.18-433.el5.src.rpm

i386:
kernel-2.6.18-433.el5.i686.rpm
kernel-PAE-2.6.18-433.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-433.el5.i686.rpm
kernel-PAE-devel-2.6.18-433.el5.i686.rpm
kernel-debug-2.6.18-433.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-433.el5.i686.rpm
kernel-debug-devel-2.6.18-433.el5.i686.rpm
kernel-debuginfo-2.6.18-433.el5.i686.rpm
kernel-debuginfo-common-2.6.18-433.el5.i686.rpm
kernel-devel-2.6.18-433.el5.i686.rpm
kernel-headers-2.6.18-433.el5.i386.rpm
kernel-xen-2.6.18-433.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-433.el5.i686.rpm
kernel-xen-devel-2.6.18-433.el5.i686.rpm

noarch:
kernel-doc-2.6.18-433.el5.noarch.rpm

s390x:
kernel-2.6.18-433.el5.s390x.rpm
kernel-debug-2.6.18-433.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-433.el5.s390x.rpm
kernel-debug-devel-2.6.18-433.el5.s390x.rpm
kernel-debuginfo-2.6.18-433.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-433.el5.s390x.rpm
kernel-devel-2.6.18-433.el5.s390x.rpm
kernel-headers-2.6.18-433.el5.s390x.rpm
kernel-kdump-2.6.18-433.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-433.el5.s390x.rpm
kernel-kdump-devel-2.6.18-433.el5.s390x.rpm

x86_64:
kernel-2.6.18-433.el5.x86_64.rpm
kernel-debug-2.6.18-433.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-433.el5.x86_64.rpm
kernel-debug-devel-2.6.18-433.el5.x86_64.rpm
kernel-debuginfo-2.6.18-433.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-433.el5.x86_64.rpm
kernel-devel-2.6.18-433.el5.x86_64.rpm
kernel-headers-2.6.18-433.el5.x86_64.rpm
kernel-xen-2.6.18-433.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-433.el5.x86_64.rpm
kernel-xen-devel-2.6.18-433.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-14106
https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/ssbd

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW0Yk2NzjgjWX9erEAQhhYA//TD/ttx+njGVY+62U6ecXuKFmjqrh20zQ
JCrNvDb96u/cXNAcwQXAgTWpgDicRjT4ZPKG/a2y4QY17kce7DWRDVpmnkbSt3AA
9LkGsHUQ+h0w1mjEcX1XiI9xOURSV4i7QeScz0ay7QhrlOW6vIYq/w9pMgv/hk3K
Z9xRZ0f2OwF+EGN2DiGtbYdYt394Nqo3L9UZZoH+ZZGwqt237vNojWr3BQx/LnrU
yfEthT/hmPxlirj6cCBe+T3gzhs7aapQFH+OedwBT86gPqfPcH5hjz2cJoNhAPeI
efVyENShjgSAHIjftwuRDVF6Vw8bOkWHW6GZFO0sb4TdeYn6x0dydQEWfE7TBINX
mAFUjNsWnCSvl77ZjlANSUREiQOBKWAed225CY+5L3XAX75g2F1u+2zm66OL6DoS
OLLapjTluygw97v3691TZVsTgEIHpKv1xUr0mYw8evAr1H8uzGW/hlqzGxhj4/fO
YftB1D2LD0hB8jF9aEi9Lm5IvHD3OvCaqpzKBpDaZyp9NwolBMyRyHGw+IrNG4th
kLoQnESgSrzpNGdCBItPTV/e++yttvx6Ynky0NaP1HOwtCNuHrnxQBRWQVJjwWUr
U686nAZMuoTwzXMd2ug633X32crMCGGn7fh7Nxxw67JyhDc+t4Rz6GnC9DWJPGGB
dBIDt4/06hM=RwOj
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
Design Error 104232
No Yes
2018-05-21 12:00:00 2018-05-21 12:00:00
Ken Johnson of Microsoft Corporation and Jann Horn of Google Project Zero

- 受影响的程序版本

Redhat Virtualization Manager 4.2
Redhat Virtualization Host 4
Redhat Virtualization for IBM Power LE 4
Redhat Virtualization - ELS 3
Redhat Virtualization 4
Redhat OpenStack for IBM Power 12.0
Redhat OpenStack 9.0
Redhat OpenStack 8.0
Redhat OpenStack 7.0
Redhat OpenStack 12.0
Redhat OpenStack 10.0
Redhat MRG Realtime 2
Redhat Gluster Storage Server for On-premise 3 for RHEL 7 0
Redhat Enterprise Linux Workstation 7
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server AUS 6.5
Redhat Enterprise Linux Server AUS 6.4
Redhat Enterprise Linux Server - Update Services for SAP Solutions 7.4
Redhat Enterprise Linux Server - Update Services for SAP Solutions 7.3
Redhat Enterprise Linux Server - Update Services for SAP Solutions 7.2
Redhat Enterprise Linux Server - TUS 7.4
Redhat Enterprise Linux Server - TUS 7.3
Redhat Enterprise Linux Server - TUS 7.2
Redhat Enterprise Linux Server - TUS 6.6
Redhat Enterprise Linux Server - Extended Update Support 7.5
Redhat Enterprise Linux Server - Extended Update Support 7.4
Redhat Enterprise Linux Server - Extended Update Support 7.3
Redhat Enterprise Linux Server - Extended Update Support 6.7
Redhat Enterprise Linux Server - AUS 7.4
Redhat Enterprise Linux Server - AUS 7.3
Redhat Enterprise Linux Server - AUS 7.2
Redhat Enterprise Linux Server - AUS 6.6
Redhat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.
Redhat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.
Redhat Enterprise Linux Server 7
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux for Scientific Computing 7
Redhat Enterprise Linux for Scientific Computing 6
Redhat Enterprise Linux for Real Time 7
Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.5
Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.4
Redhat Enterprise Linux for Power, little endian - Extended Update Supp 7.3
Redhat Enterprise Linux for Power, little endian 7
Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.5
Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.4
Redhat Enterprise Linux for Power, big endian - Extended Update Support 7.3
Redhat Enterprise Linux for Power, big endian - Extended Update Support 6.7
Redhat Enterprise Linux for Power, big endian 7
Redhat Enterprise Linux for Power, big endian 6
Redhat Enterprise Linux for Power 9 7
Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.5
Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.4
Redhat Enterprise Linux for IBM z Systems - Extended Update Support 7.3
Redhat Enterprise Linux for IBM z Systems - Extended Update Support 6.7
Redhat Enterprise Linux for IBM z Systems 7
Redhat Enterprise Linux for IBM System z (Structure A) 7
Redhat Enterprise Linux for ARM 64 7
Redhat Enterprise Linux EUS Compute Node 7.5
Redhat Enterprise Linux EUS Compute Node 7.4
Redhat Enterprise Linux EUS Compute Node 7.3
Redhat Enterprise Linux EUS Compute Node 6.7
Redhat Enterprise Linux Desktop 7
Redhat Enterprise Linux Desktop 6
Intel Xeon Processor E7 v4 Family 0
Intel Xeon Processor E7 v3 Family 0
Intel Xeon Processor E7 v2 Family 0
Intel Xeon Processor E7 Family 0
Intel Xeon Processor E5 v4 Family 0
Intel Xeon Processor E5 v3 Family 0
Intel Xeon Processor E5 v2 Family 0
Intel Xeon Processor E5 Family 0
Intel Xeon Processor E3 v6 Family 0
Intel Xeon Processor E3 v5 Family 0
Intel Xeon Processor E3 v4 Family 0
Intel Xeon Processor E3 v3 Family 0
Intel Xeon Processor E3 v2 Family 0
Intel Xeon Processor E3 Family 0
Intel Xeon processor 7500 series 0
Intel Xeon processor 6500 series 0
Intel Xeon processor 5600 series 0
Intel Xeon processor 5500 series 0
Intel Xeon processor 3600 series 0
Intel Xeon processor 3400 series 0
Intel Pentium Processor Silver Series 0
Intel Pentium Processor N Series 0
Intel Pentium Processor J Series 0
Intel Core X-series Processor Family for Intel X99 platforms 0
Intel Core X-series Processor Family for Intel X299 platforms 0
Intel Core M processor family 0
Intel Celeron Processor N Series 0
Intel Celeron Processor J Series 0
Intel Atom Processor Z Series 0
Intel Atom Processor X Series 0
Intel Atom Processor T Series 0
Intel Atom Processor E Series 0
Intel Atom Processor C Series 0
Intel Atom Processor A Series 0
Intel 8th generation Core processors 0
Intel 7th generation Core processors 0
Intel 6th generation Core processors 0
Intel 5th generation Core processors 0
Intel 4th generation Core processors 0
Intel 3rd generation Core processors 0
Intel 2nd generation Core processors 0
ARM Cortex A72 0
ARM Cortex A57 0

- 漏洞讨论

Multiple CPU Hardware are prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.

- 漏洞利用

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站