RHEL 6 : MRG (RHSA-2018:2165)
Medium Nessus Plugin ID 111029
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionUpdated kernel-rt packages that fix two security issues and add one
enhancement are now available for Red Hat Enterprise MRG 2.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The kernel-rt packages provide the Real Time Linux Kernel, which
enables fine-tuning for systems with extremely high determinism
Security Fix(es) :
* kernel: Buffer over-read in keyring subsystem allows exposing
potentially sensitive information to local attacker (CVE-2017-13305)
* Kernel: FPU state information leakage via lazy FPU restore
For more details about the security issue(s), including the impact, a
CVSS score, and other related information, refer to the CVE page(s)
listed in the References section.
Red Hat would like to thank Julian Stecklina (Amazon.de), Thomas
Prescher (cyberus-technology.de), and Zdenek Sojka (sysgo.com) for
* The kernel-rt packages have been upgraded to version
3.10.0-693.35.1.rt56.623, which provides a number of bug fixes over
the previous version. (BZ#1579972)
Users of kernel-rt are advised to upgrade to these updated packages,
which add this enhancement.
The system must be rebooted for this update to take effect.
SolutionUpdate the affected packages.