[Announce] Kernel RHEL6 042stab140.1
Vasily Averin
vvs at openvz.org
Tue Aug 20 09:41:36 MSK 2019
OpenVZ project released an updated RHEL6 based kernel.
Read below for more information. Everyone is advised to update.
Changes and Download
====================
(since 042stab139.1)
* [Important] A new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel. (CVE-2019-5489)
* [Moderate] The Salsa20 encryption algorithm in the Linux kernel, before 4.14.8, does not correctly handle zero-length inputs. This allows a local attacker the ability to use the AF_ALG-based skcipher interface to cause a denial of service (uninitialized-memory free and kernel crash) or have an unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 are vulnerable. (CVE-2017-17805)
* [Moderate] An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task. (CVE-2018-17972)
* [Moderate] A Spectre gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel. (CVE-2019-1125)
* [Moderate] A flaw was found in the Linux kernel, prior to version 5.0.7, in drivers/scsi/megaraid/megaraid_sas_base.c, where a NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds(). An attacker can crash the system if they were able to load the megaraid_sas kernel module and groom memory beforehand, leading to a denial of service (DoS), related to a use-after-free. (CVE-2019-11810, PSBM-94467)
* Under certain conditions, host can crash in posix_cpu_timer_del(). Kernels from 2.6.32-042stab109.5 are affected. (PSBM-96868)
=== See also ===
https://access.redhat.com/errata/RHSA-2019:2473
https://access.redhat.com/errata/RHBA-2019:1651
https://www.redhat.com/security/data/cve/CVE-2017-17805.html
https://www.redhat.com/security/data/cve/CVE-2018-17972.html
https://www.redhat.com/security/data/cve/CVE-2019-1125.html
https://www.redhat.com/security/data/cve/CVE-2019-5489.html
https://www.redhat.com/security/data/cve/CVE-2019-11810.html
For more info and downloads, see:
https://openvz.org/Download/kernel/rhel6/042stab140.1
Bug reporting
=============
Use http://bugs.openvz.org/ to report any bugs found.
Regards,
OpenVZ team
More information about the Announce
mailing list