Discover Centmin Mod today
Register Now

Security Kernel Security Update 'Lazy FPU Restore' CVE-2018-3665

Discussion in 'CentOS, Redhat & Oracle Linux News' started by eva2000, Jun 19, 2018.

  1. eva2000

    eva2000 Administrator Staff Member

    54,523
    12,211
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,780
    Local Time:
    9:55 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Redhat & CentOS have a Linux Kernel Security Update for 'Lazy FPU Restore' CVE-2018-3665 of which both Redhat/CentOS 6 and 7 are affected. Redhat/CentOS 7 already has a Linux Kernel fix out = kernel-3.10.0-862.3.3.el7. While Redhat/CentOS 6 have yet to. Doing a yum update and server reboot will be required.

    For Redhat/CentOS 7 Red Hat Customer Portal


    CVE-2018-3665: Floating Point Lazy State Save/Restore vulnerability affects Intel chips

    Looks like only Linux Kernel versions below 4.9 are affected. So Linode VPS users won't have issues as their default Linux Kernel is 4.15+
     
  2. eva2000

    eva2000 Administrator Staff Member

    54,523
    12,211
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,780
    Local Time:
    9:55 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    List available updates
    Code (Text):
    yum list updates
    Loaded plugins: fastestmirror, priorities, versionlock
    Loading mirror speeds from cached hostfile
     * base: mirror.sfo12.us.leaseweb.net
     * epel: mirrors.kernel.org
     * extras: mirrors.oit.uci.edu
     * rpmforge: mirror.hmc.edu
     * updates: centos.sonn.com
    281 packages excluded due to repository priority protections
    Updated Packages
    htop.x86_64                                                                                                           2.2.0-1.el7                                                                                                               epel  
    iwl100-firmware.noarch                                                                                                39.31.5.1-62.2.el7_5                                                                                                      updates
    iwl1000-firmware.noarch                                                                                               1:39.31.5.1-62.2.el7_5                                                                                                    updates
    iwl105-firmware.noarch                                                                                                18.168.6.1-62.2.el7_5                                                                                                     updates
    iwl135-firmware.noarch                                                                                                18.168.6.1-62.2.el7_5                                                                                                     updates
    iwl2000-firmware.noarch                                                                                               18.168.6.1-62.2.el7_5                                                                                                     updates
    iwl2030-firmware.noarch                                                                                               18.168.6.1-62.2.el7_5                                                                                                     updates
    iwl3160-firmware.noarch                                                                                               22.0.7.0-62.2.el7_5                                                                                                       updates
    iwl3945-firmware.noarch                                                                                               15.32.2.9-62.2.el7_5                                                                                                      updates
    iwl4965-firmware.noarch                                                                                               228.61.2.24-62.2.el7_5                                                                                                    updates
    iwl5000-firmware.noarch                                                                                               8.83.5.1_1-62.2.el7_5                                                                                                     updates
    iwl5150-firmware.noarch                                                                                               8.24.2.2-62.2.el7_5                                                                                                       updates
    iwl6000-firmware.noarch                                                                                               9.221.4.1-62.2.el7_5                                                                                                      updates
    iwl6000g2a-firmware.noarch                                                                                            17.168.5.3-62.2.el7_5                                                                                                     updates
    iwl6000g2b-firmware.noarch                                                                                            17.168.5.2-62.2.el7_5                                                                                                     updates
    iwl6050-firmware.noarch                                                                                               41.28.5.1-62.2.el7_5                                                                                                      updates
    iwl7260-firmware.noarch                                                                                               22.0.7.0-62.2.el7_5                                                                                                       updates
    kernel.x86_64                                                                                                         3.10.0-862.3.3.el7                                                                                                        updates
    kernel-devel.x86_64                                                                                                   3.10.0-862.3.3.el7                                                                                                        updates
    kernel-headers.x86_64                                                                                                 3.10.0-862.3.3.el7                                                                                                        updates
    kernel-tools.x86_64                                                                                                   3.10.0-862.3.3.el7                                                                                                        updates
    kernel-tools-libs.x86_64                                                                                              3.10.0-862.3.3.el7                                                                                                        updates
    kernelcare.x86_64                                                                                                     2.14-11                                                                                                                   kernelcare
    linux-firmware.noarch                                                                                                 20180220-62.2.git6d51311.el7_5                                                                                            updates
    python-perf.x86_64                                                                                                    3.10.0-862.3.3.el7                                                                                                        updates
    

    Code (Text):
    yum -q list updates | tr -s ' ' | column -t
    Updated                     Packages
    htop.x86_64                 2.2.0-1.el7                     epel
    iwl100-firmware.noarch      39.31.5.1-62.2.el7_5            updates
    iwl1000-firmware.noarch     1:39.31.5.1-62.2.el7_5          updates
    iwl105-firmware.noarch      18.168.6.1-62.2.el7_5           updates
    iwl135-firmware.noarch      18.168.6.1-62.2.el7_5           updates
    iwl2000-firmware.noarch     18.168.6.1-62.2.el7_5           updates
    iwl2030-firmware.noarch     18.168.6.1-62.2.el7_5           updates
    iwl3160-firmware.noarch     22.0.7.0-62.2.el7_5             updates
    iwl3945-firmware.noarch     15.32.2.9-62.2.el7_5            updates
    iwl4965-firmware.noarch     228.61.2.24-62.2.el7_5          updates
    iwl5000-firmware.noarch     8.83.5.1_1-62.2.el7_5           updates
    iwl5150-firmware.noarch     8.24.2.2-62.2.el7_5             updates
    iwl6000-firmware.noarch     9.221.4.1-62.2.el7_5            updates
    iwl6000g2a-firmware.noarch  17.168.5.3-62.2.el7_5           updates
    iwl6000g2b-firmware.noarch  17.168.5.2-62.2.el7_5           updates
    iwl6050-firmware.noarch     41.28.5.1-62.2.el7_5            updates
    iwl7260-firmware.noarch     22.0.7.0-62.2.el7_5             updates
    kernel.x86_64               3.10.0-862.3.3.el7              updates
    kernel-devel.x86_64         3.10.0-862.3.3.el7              updates
    kernel-headers.x86_64       3.10.0-862.3.3.el7              updates
    kernel-tools.x86_64         3.10.0-862.3.3.el7              updates
    kernel-tools-libs.x86_64    3.10.0-862.3.3.el7              updates
    kernelcare.x86_64           2.14-11                         kernelcare
    linux-firmware.noarch       20180220-62.2.git6d51311.el7_5  updates
    python-perf.x86_64          3.10.0-862.3.3.el7              updates
    

    Updating and reboot - i'd flush mysql tables and wait a bit before rebooting
    Code (Text):
    mysqladmin flush-tables
    yum -y update
    sleep 120
    reboot
    

    After rebooted, verify updated kernel version
    Code (Text):
    uname -r
    3.10.0-862.3.3.el7.x86_64