RHSA-2018:1355: Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.<br>Security Fix(es):<br><li> Kernel: KVM: error in exception handling leads to wrong debug stack value (CVE-2018-1087)</li> <li> Kernel: error in exception handling leads to DoS (CVE-2018-8897)</li> <li> Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation (CVE-2017-16939)</li> <li> kernel: Out-of-bounds write via userland offsets in ebtentry struct in netfilter/ebtables.c (CVE-2018-1068)</li> <li> kernel: ptrace() incorrect error handling leads to corruption and DoS (CVE-2018-1000199)</li> For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.<br>Red Hat would like to thank Andy Lutomirski for reporting CVE-2018-1087 and CVE-2018-1000199 and Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897.<br>Bug Fix(es):<br><li> The kernel-rt packages have been upgraded to the 3.10.0-862.2.3 source tree, which provides a number of bug fixes over the previous version. (BZ#1549768)</li>
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2018:1355?
The severity of RHSA-2018:1355 is classified as important.
How do I fix RHSA-2018:1355?
To fix RHSA-2018:1355, update the kernel-rt and related packages to version 3.10.0-862.2.3.rt56.806.el7.
What vulnerabilities are addressed in RHSA-2018:1355?
RHSA-2018:1355 addresses the CVE-2018-1087 vulnerability related to incorrect exception handling in KVM.
What packages are affected by RHSA-2018:1355?
Affected packages include kernel-rt, kernel-rt-debug, and several debug and development packages.
Is RHSA-2018:1355 applicable to all systems?
RHSA-2018:1355 is specifically applicable to systems using the Real Time Linux Kernel that fall under the specified versions.