Red Hat Customer Portal

Skip to main content

Security Advisory Important: kernel security update

Advisory: RHSA-2016:0004-1
Type: Security Advisory
Severity: Important
Issued on: 2016-01-07
Last updated on: 2016-01-07
Affected Products: Red Hat Enterprise Linux Server AUS (v. 6.4)
CVEs (cve.mitre.org): CVE-2015-5307
CVE-2015-8104

Details

Updated kernel packages that fix two security issues are now available for
Red Hat Enterprise Linux 6.4 Advanced Update Support.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* It was found that the x86 ISA (Instruction Set Architecture) is prone to
a denial of service attack inside a virtualized environment in the form of
an infinite loop in the microcode due to the way (sequential) delivering of
benign exceptions such as #AC (alignment check exception) and #DB (debug
exception) is handled. A privileged user inside a guest could use these
flaws to create denial of service conditions on the host kernel.
(CVE-2015-5307, CVE-2015-8104, Important)

Red Hat would like to thank Ben Serebrin of Google Inc. for reporting the
CVE-2015-5307 issue.

All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Updated packages

Red Hat Enterprise Linux Server AUS (v. 6.4)

SRPMS:
kernel-2.6.32-358.69.1.el6.src.rpm
File outdated by:  RHSA-2016:1581
    MD5: 10c49e8b7539ee511f775b433948df28
SHA-256: 70d2014064bb538452b96d300351a2d84f5830d493691f9df23d2179cbe42551
 
x86_64:
kernel-2.6.32-358.69.1.el6.x86_64.rpm
File outdated by:  RHSA-2016:1581
    MD5: ba70d6f96c37c5123af9a18e5cdad7b0
SHA-256: d80a0490dff58c5d00bad83a36b353ae2c7efbee29edd18ba2bfd34abb92d95e
kernel-debug-2.6.32-358.69.1.el6.x86_64.rpm
File outdated by:  RHSA-2016:1581
    MD5: 19a0801b42859808d3f685e9c30e3311
SHA-256: 0be5e459e9613efa466bd68aa3fe0d329d969da3e24b74b4beca67c617178ff0
kernel-debug-debuginfo-2.6.32-358.69.1.el6.x86_64.rpm
File outdated by:  RHSA-2016:1581
    MD5: 937a8e7587cd375efb769fc764f60e86
SHA-256: fc008f71cd8cdf20dd71a9a43d7c1b099bc9d223d7282089dd963fbd9494b27c
kernel-debug-devel-2.6.32-358.69.1.el6.x86_64.rpm
File outdated by:  RHSA-2016:1581
    MD5: 19304c10bf592b7ebc4758c8346716c4
SHA-256: e7acc7409ae621737e7ab46aacdc418f802317151d081ff56cf07405f0a0b051
kernel-debuginfo-2.6.32-358.69.1.el6.x86_64.rpm
File outdated by:  RHSA-2016:1581
    MD5: c884ddd8017f9b9c7736dbe7e45a8999
SHA-256: c3b3ae9732b6192e1f71bd03f7290dad6d4078bb10ca631b41370390efde0b05
kernel-debuginfo-common-x86_64-2.6.32-358.69.1.el6.x86_64.rpm
File outdated by:  RHSA-2016:1581
    MD5: 33d00e7b83657a38b3dc432634ff942f
SHA-256: 1f2624016947ce0a5b9877b6b10291b4685283eea6662d214feaa7ecd4fe6ef3
kernel-devel-2.6.32-358.69.1.el6.x86_64.rpm
File outdated by:  RHSA-2016:1581
    MD5: 344010478bc7cce66c5692655beee6ed
SHA-256: cff7ab394608714d8cabaf6c0b9c23299ca5f48bc411f54898bf76c75d585e5f
kernel-doc-2.6.32-358.69.1.el6.noarch.rpm
File outdated by:  RHSA-2016:1581
    MD5: dae60b23e4e6b97d3af4942504229460
SHA-256: b6bf3a8256657d6a3f921a2cffc92799743588b1658864ce0a16b17518ead14c
kernel-firmware-2.6.32-358.69.1.el6.noarch.rpm
File outdated by:  RHSA-2016:1581
    MD5: 63856aa149333241b19dd01ea6f6cb07
SHA-256: b27e591b86c53b0b8ae8e902e7a5719907cf5e8fbad1db185b718e288b5d4290
kernel-headers-2.6.32-358.69.1.el6.x86_64.rpm
File outdated by:  RHSA-2016:1581
    MD5: 9c6d60d718bd351516d0b07de3615171
SHA-256: a90a8a26e855f06a8b39da36028fae6ad67a56c0f662b804ec3a6458d6bb6267
perf-2.6.32-358.69.1.el6.x86_64.rpm
File outdated by:  RHSA-2016:1581
    MD5: dad2155aaa6c70739022f2292f2ba610
SHA-256: 7d60fe0c5fe21d111a0e7c41d737e80442c38bbebaa9fcc915354347be5ac496
perf-debuginfo-2.6.32-358.69.1.el6.x86_64.rpm
File outdated by:  RHSA-2016:1581
    MD5: ad79b28055a30d03e98bab23eea32b28
SHA-256: aacde5b1706fcd8614edf575b217dc4077997e76077cdd674cf7fbce9cc1372a
python-perf-2.6.32-358.69.1.el6.x86_64.rpm
File outdated by:  RHSA-2016:1581
    MD5: 4b1f3e93695091e1a145b7f87a98c69f
SHA-256: 0385a8e5d8fc907843da72304092e424c889c41097d4f85aa0e677c6213bcd53
python-perf-debuginfo-2.6.32-358.69.1.el6.x86_64.rpm
File outdated by:  RHSA-2016:1581
    MD5: 56997ad8006d99636d55e5852a28937f
SHA-256: 7158d5bfabbe3a4bc48aa3a99655b3eaf090445e74f5e812e0f2c772d0cbe62d
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1277172 - CVE-2015-5307 virt: guest to host DoS by triggering an infinite loop in microcode via #AC exception
1278496 - CVE-2015-8104 virt: guest to host DoS by triggering an infinite loop in microcode via #DB exception


References


Keywords

reboot_suggested


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/