CloudLinux 6, CloudLinux 6 Hybrid kernels patched
5 views
Skip to first unread message
Irina Semenova
May 29, 2018, 3:50:11 AM5/29/18
to kernelcar...@googlegroups.com
Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.
You can manually update the serv
er by running:
# /usr/bin/kcarectl --update
CHANGELOG:
cl6h:
CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel before 4.10.15
allows local users to gain privileges or cause a denial of service (list corruption
or use-after-free) via simultaneous file-descriptor operations that leverage improper
might_cancel queueing.
CVE-2017-14489: The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c
in the Linux kernel through 4.13.2 allows local users to cause a denial of service
(panic) by leveraging incorrect length validation.
CVE-2018-1068: A flaw was found in the Linux 4.x kernel's implementation of 32-bit
syscall interface for bridging. This allowed a privileged user to arbitrarily
write to a limited range of kernel memory.
CVE-2018-1087: kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1,
kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux
kernel's KVM hypervisor handled exceptions delivered after a stack switch operation
via Mov SS or Pop SS instructions. During the stack switch operation, the processor
did not deliver interrupts and exceptions, rather they are delivered once the
first instruction after the stack switch is executed. An unprivileged KVM guest
user could use this flaw to crash the guest or, potentially, escalate their privileges
in the guest.
CVE-2018-8897: 'A statement in the System Programming Guide of the Intel 64 and
IA-32 Architectures Software Developer''s Manual (SDM) was mishandled in the development
of some or all operating-system kernels, resulting in unexpected behavior for
#DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for
example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD,
or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts
(including NMIs), data breakpoints, and single step trap exceptions until the
instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3).
(The inhibited data breakpoints are those on memory accessed by the MOV to SS
or POP to SS instruction itself.) Note that debug exceptions are not inhibited
by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If
the instruction following the MOV to SS or POP to SS instruction is an instruction
like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system
at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is
complete. OS kernels may not expect this order of events and may therefore experience
unexpected behavior when it occurs.'
cvelist: [CVE-2018-1068, CVE-2018-1087, CVE-2018-8897, CVE-2017-10661, CVE-2017-14489]
latest-version: 3.10.0-714.10.2.lve1.5.17.el7
==== deploy-prep ====
kernels='cl7 cl6h'
lkernel['cl7']=3.10.0-714.10.2.lve1.5.17.el7
lkernel['cl6h']=3.10.0-714.10.2.lve1.5.17.el6h
==== end of deploy-prep ====
CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel before 4.10.15
allows local users to gain privileges or cause a denial of service (list corruption
or use-after-free) via simultaneous file-descriptor operations that leverage improper
might_cancel queueing.
CVE-2017-14489: The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c
in the Linux kernel through 4.13.2 allows local users to cause a denial of service
(panic) by leveraging incorrect length validation.
CVE-2018-1068: A flaw was found in the Linux 4.x kernel's implementation of 32-bit
syscall interface for bridging. This allowed a privileged user to arbitrarily
write to a limited range of kernel memory.
CVE-2018-1087: kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1,
kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux
kernel's KVM hypervisor handled exceptions delivered after a stack switch operation
via Mov SS or Pop SS instructions. During the stack switch operation, the processor
did not deliver interrupts and exceptions, rather they are delivered once the
first instruction after the stack switch is executed. An unprivileged KVM guest
user could use this flaw to crash the guest or, potentially, escalate their privileges
in the guest.
CVE-2018-8897: 'A statement in the System Programming Guide of the Intel 64 and
IA-32 Architectures Software Developer''s Manual (SDM) was mishandled in the development
of some or all operating-system kernels, resulting in unexpected behavior for
#DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for
example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD,
or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts
(including NMIs), data breakpoints, and single step trap exceptions until the
instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3).
(The inhibited data breakpoints are those on memory accessed by the MOV to SS
or POP to SS instruction itself.) Note that debug exceptions are not inhibited
by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If
the instruction following the MOV to SS or POP to SS instruction is an instruction
like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system
at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is
complete. OS kernels may not expect this order of events and may therefore experience
unexpected behavior when it occurs.'
cvelist: [CVE-2018-1068, CVE-2018-1087, CVE-2018-8897, CVE-2017-10661, CVE-2017-14489]
latest-version: 3.10.0-714.10.2.lve1.5.17.el7
==== deploy-prep ====
kernels='cl7 cl6h'
lkernel['cl7']=3.10.0-714.10.2.lve1.5.17.el7
lkernel['cl6h']=3.10.0-714.10.2.lve1.5.17.el6h
==== end of deploy-prep ====
--
Regards,
Irina Semenova | Project Coordinator of KernelCare
Skype: iras535
CloudLinux.com | KernelCare.com | Imunify360
helpdesk.cloudlinux.com: 24/7 Free, exceptionally good support
Follow twitter.com/CloudLinuxOS for technical updates
helpdesk.cloudlinux.com: 24/7 Free, exceptionally good support
Follow twitter.com/CloudLinuxOS for technical updates
Reply all
Reply to author
Forward
0 new messages