RHEL 7 : kernel-alt (RHSA-2018:2772)

Medium Nessus Plugin ID 117779

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

An update for kernel-alt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The kernel-alt packages provide the Linux kernel version 4.x.

Security Fix(es) :

* kernel: Infoleak/use-after-free in __oom_reap_task_mm function in mm/ oom_kill.c (CVE-2017-18202)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es) :

* Previously, on certain little-endian variants of IBM Power Systems, there was no 'sysfs spec_store_bypass' file. As a consequence, there was no way to indicate the Speculative Store Bypass Disable (SSBD) mitigation status. This update adds infrastructure code into the kernel to create the /sys/ devices/system/cpu/vulnerabilities/* files. As a result, sysfs spec_store_bypass shows whether the SSBD mitigation is disabled or enabled. (BZ#1602340)

* Previously, the kernel architectures for IBM z Systems were missing support to display the status of the Spectre v2 mitigations. As a consequence, the /sys/devices/system/cpu/vulnerabilities/spectre_v2 file did not exist. With this update, the kernel now shows the status in the above mentioned file and as a result, the file now reports either 'Vulnerable' or 'Mitigation: execute trampolines' message.
(BZ#1619667)

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/cve/CVE-2017-18202

http://rhn.redhat.com/errata/RHSA-2018-2772.html

https://www.redhat.com/security/data/cve/CVE-2017-18202.html

Plugin Details

Severity: Medium

ID: 117779

File Name: redhat-RHSA-2018-2772.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2018/09/27

Modified: 2018/09/27

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSSv3

Base Score: 7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo, p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-doc, p-cpe:/a:redhat:enterprise_linux:kernel-headers, p-cpe:/a:redhat:enterprise_linux:kernel-kdump, p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo, p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel, p-cpe:/a:redhat:enterprise_linux:perf, p-cpe:/a:redhat:enterprise_linux:perf-debuginfo, p-cpe:/a:redhat:enterprise_linux:python-perf, p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo, cpe:/o:redhat:enterprise_linux:7

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 2018/09/25

Reference Information

CVE: CVE-2017-18202

RHSA: 2018:2772