Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.3572.3 Red Hat updates kernel for CVE-2019-14835 25 September 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel kpatch-patch kernel-rt Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux WS/Desktop 6 Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux WS/Desktop 7 Red Hat Enterprise Linux Server 8 Impact/Access: Increased Privileges -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-14835 Reference: ESB-2019.3570 ESB-2019.3536 Original Bulletin: https://access.redhat.com/errata/RHSA-2019:2830 https://access.redhat.com/errata/RHSA-2019:2854 https://access.redhat.com/errata/RHSA-2019:2828 https://access.redhat.com/errata/RHSA-2019:2829 https://access.redhat.com/errata/RHSA-2019:2862 https://access.redhat.com/errata/RHSA-2019:2863 https://access.redhat.com/errata/RHSA-2019:2864 https://access.redhat.com/errata/RHSA-2019:2865 https://access.redhat.com/errata/RHSA-2019:2866 https://access.redhat.com/errata/RHSA-2019:2867 https://access.redhat.com/errata/RHSA-2019:2869 https://access.redhat.com/errata/RHSA-2019:2889 Comment: This bulletin contains twelve (12) Red Hat security advisories. Revision History: September 25 2019: Red Hat have published more advisories including additional RHEL releases/architectures. September 24 2019: Red Hat have published more advisories including for RHEL 6 variants September 23 2019: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security update Advisory ID: RHSA-2019:2830-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2830 Issue date: 2019-09-20 CVE Names: CVE-2019-14835 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Realtime (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration 6. Package List: Red Hat Enterprise Linux for Real Time for NFV (v. 7): Source: kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.src.rpm noarch: kernel-rt-doc-3.10.0-1062.1.2.rt56.1025.el7.noarch.rpm x86_64: kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-debug-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-debug-kvm-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-debug-kvm-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-kvm-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-kvm-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-trace-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-trace-kvm-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-trace-kvm-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm Red Hat Enterprise Linux Realtime (v. 7): Source: kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.src.rpm noarch: kernel-rt-doc-3.10.0-1062.1.2.rt56.1025.el7.noarch.rpm x86_64: kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-debug-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-trace-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14835 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kernel-vhost 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXYR169zjgjWX9erEAQgfFw//U0JbYb/mtTvt+MKZogWtEphI99amgo4h eK8GT192ZHcZVnXR39ayp0OSBpTdd1k5lqgF80AGQ0IA/3wJS/7WWGx78HmBXgEB 20M1zxZRVzEYHwkaYPJdbO9BEMTLdNeV7cXccggj3lBi2l8bFiI5npH8xRSmOwoP rUMHQRnTJMWTOII10itAw8ju8DdQkDkS8kF+7FI+elt79M6v6GReMXqC67fy1HFv cef/hwg7lD00lti4JrWmHlNSrb0sRE08GCHmuM5EGx5Qe8Dmq/vp5sVmlaOE279s /bDSQIPwCIXQ6auKa+kMqoXJiBTRsV+LWcruaZyT/c9TTUZRKxAq7DDjUDKFm4bD tU/CDnk97zqTf/SrPZhageMuQ5CSXVPkXw2nlYt8OVGAr83KcjFURcJtvio7F9TR D8mseLwHafne3irRRLvA+MSv1uZ3v2lgApM7HUAZWcIqfC321UO7jDa1z6EeZ1Rt Ec27kZjZIrsM1Bh4ibAlsauiV1a86YCj3NmuK9EUjrFEHyeCfKTz2ytaV8jrzYkB CUnPqh78z5d+aehDgxrfV5jm8yq4Q2yceiMwMbPeRZyS5wuzR+a67IFoTlrA1kqp 2+EDU4cR6UZlCWE3jYfZg5fwDwUrRa9RjvlbRstJgk7F9tzn8vjuvjPPYt2P5895 kcVKSV/8S/s= =Vysh - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2019:2827-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2827 Issue date: 2019-09-20 CVE Names: CVE-2019-14835 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: kernel-4.18.0-80.11.2.el8_0.src.rpm aarch64: bpftool-4.18.0-80.11.2.el8_0.aarch64.rpm bpftool-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm kernel-4.18.0-80.11.2.el8_0.aarch64.rpm kernel-core-4.18.0-80.11.2.el8_0.aarch64.rpm kernel-cross-headers-4.18.0-80.11.2.el8_0.aarch64.rpm kernel-debug-4.18.0-80.11.2.el8_0.aarch64.rpm kernel-debug-core-4.18.0-80.11.2.el8_0.aarch64.rpm kernel-debug-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm kernel-debug-devel-4.18.0-80.11.2.el8_0.aarch64.rpm kernel-debug-modules-4.18.0-80.11.2.el8_0.aarch64.rpm kernel-debug-modules-extra-4.18.0-80.11.2.el8_0.aarch64.rpm kernel-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-80.11.2.el8_0.aarch64.rpm kernel-devel-4.18.0-80.11.2.el8_0.aarch64.rpm kernel-headers-4.18.0-80.11.2.el8_0.aarch64.rpm kernel-modules-4.18.0-80.11.2.el8_0.aarch64.rpm kernel-modules-extra-4.18.0-80.11.2.el8_0.aarch64.rpm kernel-tools-4.18.0-80.11.2.el8_0.aarch64.rpm kernel-tools-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm kernel-tools-libs-4.18.0-80.11.2.el8_0.aarch64.rpm perf-4.18.0-80.11.2.el8_0.aarch64.rpm perf-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm python3-perf-4.18.0-80.11.2.el8_0.aarch64.rpm python3-perf-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm noarch: kernel-abi-whitelists-4.18.0-80.11.2.el8_0.noarch.rpm kernel-doc-4.18.0-80.11.2.el8_0.noarch.rpm ppc64le: bpftool-4.18.0-80.11.2.el8_0.ppc64le.rpm bpftool-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm kernel-4.18.0-80.11.2.el8_0.ppc64le.rpm kernel-core-4.18.0-80.11.2.el8_0.ppc64le.rpm kernel-cross-headers-4.18.0-80.11.2.el8_0.ppc64le.rpm kernel-debug-4.18.0-80.11.2.el8_0.ppc64le.rpm kernel-debug-core-4.18.0-80.11.2.el8_0.ppc64le.rpm kernel-debug-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm kernel-debug-devel-4.18.0-80.11.2.el8_0.ppc64le.rpm kernel-debug-modules-4.18.0-80.11.2.el8_0.ppc64le.rpm kernel-debug-modules-extra-4.18.0-80.11.2.el8_0.ppc64le.rpm kernel-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-80.11.2.el8_0.ppc64le.rpm kernel-devel-4.18.0-80.11.2.el8_0.ppc64le.rpm kernel-headers-4.18.0-80.11.2.el8_0.ppc64le.rpm kernel-modules-4.18.0-80.11.2.el8_0.ppc64le.rpm kernel-modules-extra-4.18.0-80.11.2.el8_0.ppc64le.rpm kernel-tools-4.18.0-80.11.2.el8_0.ppc64le.rpm kernel-tools-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm kernel-tools-libs-4.18.0-80.11.2.el8_0.ppc64le.rpm perf-4.18.0-80.11.2.el8_0.ppc64le.rpm perf-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm python3-perf-4.18.0-80.11.2.el8_0.ppc64le.rpm python3-perf-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm s390x: bpftool-4.18.0-80.11.2.el8_0.s390x.rpm bpftool-debuginfo-4.18.0-80.11.2.el8_0.s390x.rpm kernel-4.18.0-80.11.2.el8_0.s390x.rpm kernel-core-4.18.0-80.11.2.el8_0.s390x.rpm kernel-cross-headers-4.18.0-80.11.2.el8_0.s390x.rpm kernel-debug-4.18.0-80.11.2.el8_0.s390x.rpm kernel-debug-core-4.18.0-80.11.2.el8_0.s390x.rpm kernel-debug-debuginfo-4.18.0-80.11.2.el8_0.s390x.rpm kernel-debug-devel-4.18.0-80.11.2.el8_0.s390x.rpm kernel-debug-modules-4.18.0-80.11.2.el8_0.s390x.rpm kernel-debug-modules-extra-4.18.0-80.11.2.el8_0.s390x.rpm kernel-debuginfo-4.18.0-80.11.2.el8_0.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-80.11.2.el8_0.s390x.rpm kernel-devel-4.18.0-80.11.2.el8_0.s390x.rpm kernel-headers-4.18.0-80.11.2.el8_0.s390x.rpm kernel-modules-4.18.0-80.11.2.el8_0.s390x.rpm kernel-modules-extra-4.18.0-80.11.2.el8_0.s390x.rpm kernel-tools-4.18.0-80.11.2.el8_0.s390x.rpm kernel-tools-debuginfo-4.18.0-80.11.2.el8_0.s390x.rpm kernel-zfcpdump-4.18.0-80.11.2.el8_0.s390x.rpm kernel-zfcpdump-core-4.18.0-80.11.2.el8_0.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-80.11.2.el8_0.s390x.rpm kernel-zfcpdump-devel-4.18.0-80.11.2.el8_0.s390x.rpm kernel-zfcpdump-modules-4.18.0-80.11.2.el8_0.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-80.11.2.el8_0.s390x.rpm perf-4.18.0-80.11.2.el8_0.s390x.rpm perf-debuginfo-4.18.0-80.11.2.el8_0.s390x.rpm python3-perf-4.18.0-80.11.2.el8_0.s390x.rpm python3-perf-debuginfo-4.18.0-80.11.2.el8_0.s390x.rpm x86_64: bpftool-4.18.0-80.11.2.el8_0.x86_64.rpm bpftool-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm kernel-4.18.0-80.11.2.el8_0.x86_64.rpm kernel-core-4.18.0-80.11.2.el8_0.x86_64.rpm kernel-cross-headers-4.18.0-80.11.2.el8_0.x86_64.rpm kernel-debug-4.18.0-80.11.2.el8_0.x86_64.rpm kernel-debug-core-4.18.0-80.11.2.el8_0.x86_64.rpm kernel-debug-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm kernel-debug-devel-4.18.0-80.11.2.el8_0.x86_64.rpm kernel-debug-modules-4.18.0-80.11.2.el8_0.x86_64.rpm kernel-debug-modules-extra-4.18.0-80.11.2.el8_0.x86_64.rpm kernel-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-80.11.2.el8_0.x86_64.rpm kernel-devel-4.18.0-80.11.2.el8_0.x86_64.rpm kernel-headers-4.18.0-80.11.2.el8_0.x86_64.rpm kernel-modules-4.18.0-80.11.2.el8_0.x86_64.rpm kernel-modules-extra-4.18.0-80.11.2.el8_0.x86_64.rpm kernel-tools-4.18.0-80.11.2.el8_0.x86_64.rpm kernel-tools-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm kernel-tools-libs-4.18.0-80.11.2.el8_0.x86_64.rpm perf-4.18.0-80.11.2.el8_0.x86_64.rpm perf-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm python3-perf-4.18.0-80.11.2.el8_0.x86_64.rpm python3-perf-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: bpftool-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm kernel-debug-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm kernel-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-80.11.2.el8_0.aarch64.rpm kernel-tools-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm kernel-tools-libs-devel-4.18.0-80.11.2.el8_0.aarch64.rpm perf-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm python3-perf-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm kernel-debug-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm kernel-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-80.11.2.el8_0.ppc64le.rpm kernel-tools-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm kernel-tools-libs-devel-4.18.0-80.11.2.el8_0.ppc64le.rpm perf-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm python3-perf-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm kernel-debug-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm kernel-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-80.11.2.el8_0.x86_64.rpm kernel-tools-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm kernel-tools-libs-devel-4.18.0-80.11.2.el8_0.x86_64.rpm perf-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm python3-perf-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14835 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kernel-vhost 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXYRyKtzjgjWX9erEAQhWKA/+O7d0A+wKr2L02A769aZ4hhvThGV4FiAb qJkdICzjo0zfO+icMwh/Lg4UjMAbGvVhdEL6/WfU+xACdg4SOVgWhxTGVfmwEuF5 Rs6MGTtFLYKnZbkqNSUw2EoEzi4wLdjiwyGxcA+9rdRIwhl/Lb2HAfUyVIdGZhIh Oh280wV8DlnX7rvyz6TSuE0u2K6IBvThN+j6CWvpCisRL5MuVRfCiOFVVxiFa1j+ uPDYDhxnPFSEtHDnr7C0Fr59FMa1NMT0fDPBMRIPCDJ/MnJeo02FA8DkachQbzUA qvbwzk8dyaq0v2mSDNaH3sN8dKQ5vMKCelOMa3c5FOIUoJhxkWLkEYD3RtGr6kxX VoiP6NG63I3CwnxYjddZGn7G0adseSuwedlZ/B4V1chTLbPdopoM+pxrJQHpY7ga 2aJYXDrFwTbU8HliG+LkgKvLCtI3ptf6qHCb070U5hw+XOlf/nSpki8Pa7BM3lp/ muWJ3TSyojpHYaJV1T2SqM1r2lFnFMVURNmFD49aFZE02ALN87g66TLMwtWitNX9 oc/vPhaJ9gMLHuJrwYZ48oK9pGAByD700yAbKgYaDKkr0O7AO+V9s2iVqW35yhGb KFi2pdKuPzdo8fNxZgJNyg+TzevVzIeTe5Q2lMi5Org3xHPSFJ6mRDzCEtTYLHXw Fqv6jGsNmLA= =HURW - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security update Advisory ID: RHSA-2019:2828-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2828 Issue date: 2019-09-20 CVE Names: CVE-2019-14835 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Real Time (v. 8) - x86_64 Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration 6. Package List: Red Hat Enterprise Linux Real Time for NFV (v. 8): Source: kernel-rt-4.18.0-80.11.2.rt9.157.el8_0.src.rpm x86_64: kernel-rt-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-core-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-debug-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-debug-core-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-debug-devel-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-debug-kvm-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-debug-kvm-debuginfo-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-debug-modules-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-debuginfo-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-devel-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-kvm-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-kvm-debuginfo-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-modules-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-modules-extra-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm Red Hat Enterprise Linux Real Time (v. 8): Source: kernel-rt-4.18.0-80.11.2.rt9.157.el8_0.src.rpm x86_64: kernel-rt-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-core-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-debug-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-debug-core-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-debug-devel-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-debug-kvm-debuginfo-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-debug-modules-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-debuginfo-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-devel-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-kvm-debuginfo-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-modules-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm kernel-rt-modules-extra-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14835 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kernel-vhost 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXYRxO9zjgjWX9erEAQg5rw//aJFVakn5Vwe+PMobtD3fNT2F/Mrgy4xr aj5k9TYOo8d/41ydZcwixxyQIW5dasacKRVH31OQiV+dAHcEQNOqJob+7azcvVUU b1H0+AOQHwkBFgchLTzcaT1f0TGsuEZoY6dqoZ0CwFwO17f0tRvmu4Sl4MEj8vJK /ZcveC0QT/yLj4ai23UVs+Sg0lBh9n9HU6CaT8u6694KaxZWT2RTt4qiaGIcdqtK NvC+tY+i7v0upkv48956CXbYpyk9KZl0wpsn60GmVGuBOsPApbnE1dBnkuzzkhUY 06/nLyyZKpNNT/XuHBARSEX3AUE2QQ2p/mBzUADSjTGdc7Q1AF0B2qxPfJtpkGAx ObNW/SDmPRhOtlBuDDClPIGsVRWRrafhn6MtwFgeyufvQK6ANBIPQMHZJ3xbnfJU DsW6ODHjg/ZPWypFMFeoG0pWuCEWz6NbvL/GDJNx6flXF/+fi2RvOlaMY+W97MWW ckbeKugKttFX9peiLkRRFltGDOw+6UCBSLffmBzot9GXdRs3TPCf6e9W49Sagae5 7YziV8K7eM+krDRyq0dfoiGzwAy0mOdNH2Kn5xTokPFTNgeCGpHIix3G93HHFO+y MMLvqr5vtpIb23ft9gS7VLE60yIWc4he5TOMNTK+SXNTHGsY0wgqu03AJwhB4Qz1 8uZZrorxTQc= =C609 - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2019:2829-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2829 Issue date: 2019-09-20 CVE Names: CVE-2019-14835 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-1062.1.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.1.2.el7.noarch.rpm kernel-doc-3.10.0-1062.1.2.el7.noarch.rpm x86_64: bpftool-3.10.0-1062.1.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-headers-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.1.2.el7.x86_64.rpm perf-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-1062.1.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.1.2.el7.noarch.rpm kernel-doc-3.10.0-1062.1.2.el7.noarch.rpm x86_64: bpftool-3.10.0-1062.1.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-headers-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.1.2.el7.x86_64.rpm perf-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-1062.1.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.1.2.el7.noarch.rpm kernel-doc-3.10.0-1062.1.2.el7.noarch.rpm ppc64: bpftool-3.10.0-1062.1.2.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-3.10.0-1062.1.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debug-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1062.1.2.el7.ppc64.rpm kernel-devel-3.10.0-1062.1.2.el7.ppc64.rpm kernel-headers-3.10.0-1062.1.2.el7.ppc64.rpm kernel-tools-3.10.0-1062.1.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-1062.1.2.el7.ppc64.rpm perf-3.10.0-1062.1.2.el7.ppc64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm python-perf-3.10.0-1062.1.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm ppc64le: bpftool-3.10.0-1062.1.2.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debug-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-devel-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-headers-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-tools-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1062.1.2.el7.ppc64le.rpm perf-3.10.0-1062.1.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm python-perf-3.10.0-1062.1.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm s390x: bpftool-3.10.0-1062.1.2.el7.s390x.rpm bpftool-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm kernel-3.10.0-1062.1.2.el7.s390x.rpm kernel-debug-3.10.0-1062.1.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm kernel-debug-devel-3.10.0-1062.1.2.el7.s390x.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1062.1.2.el7.s390x.rpm kernel-devel-3.10.0-1062.1.2.el7.s390x.rpm kernel-headers-3.10.0-1062.1.2.el7.s390x.rpm kernel-kdump-3.10.0-1062.1.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-1062.1.2.el7.s390x.rpm perf-3.10.0-1062.1.2.el7.s390x.rpm perf-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm python-perf-3.10.0-1062.1.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm x86_64: bpftool-3.10.0-1062.1.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-headers-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.1.2.el7.x86_64.rpm perf-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bpftool-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1062.1.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1062.1.2.el7.ppc64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm ppc64le: bpftool-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1062.1.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm x86_64: bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-1062.1.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.1.2.el7.noarch.rpm kernel-doc-3.10.0-1062.1.2.el7.noarch.rpm x86_64: bpftool-3.10.0-1062.1.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-headers-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.1.2.el7.x86_64.rpm perf-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14835 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kernel-vhost 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXYSDiNzjgjWX9erEAQiVUQ/9EzNEE3VBb1tjfASE0BrtTQXPGV5OD0jF xgNeuTZt7X15behgUtLM3tDg3eiPYZnEErojpJr52sh7Jz1J2GuVajbVpUtaW2Wm P+iI+zmtzhdUPns6zbuV4Qkyk0Q2WNxt1RLMcZeXtDMKiYN7Tj34wmF2aKhvAB6i Du+8LiPcsU84XcyT5z4lnG/iRCw1CqHvuVj7oJNQCWGC3X3Am6hkmuZ3Y1I5+cI8 mqJIb+aEbvVnAzDLdyl9JoTOPy+e5X0wHLiTEwKgp6k6IaWdVoPoxcrx4M8TPPbN 7A8Q7KrLAqeDNkft8YKmYgO3alE7915/FaRcpzAoPlBlot/OvCeiwP0qPjQ9ki0C JrOk98DYgRD0OxLfXoe4mMfYyh+yb+Q3APxjv6r75RJuxXIQGHMgo8EWVRNkA7Je 2CMFtk2J1x/eiQnRN/UbEri6oDc9LIC6o4eANEm1hNPNoYi66xPDeTMiwua79q0n SnPLqXjjm0jDft7XOvv/5H9AuaRjurZLzMf6a08OouxCkzM8t1iRCnBrVTAW+AqW j/0eZz+ElMoM4xTtzM1aZit+0dy0wVbTdeCpbVJQre89Z2iA1exdgptnO+8/oLa3 XnWaluoWVObovE4ev0czx8ML9oJ13gVglU2Zme3Uzian48/2+/bgJHrjr3J+GLYG 6PiQ0CEHbCQ= =V1EB - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-alt security update Advisory ID: RHSA-2019:2862-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2862 Issue date: 2019-09-23 CVE Names: CVE-2019-14835 ===================================================================== 1. Summary: An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le 3. Description: The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration 6. Package List: Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: kernel-alt-4.14.0-115.13.1.el7a.src.rpm aarch64: kernel-4.14.0-115.13.1.el7a.aarch64.rpm kernel-debug-4.14.0-115.13.1.el7a.aarch64.rpm kernel-debug-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm kernel-debug-devel-4.14.0-115.13.1.el7a.aarch64.rpm kernel-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm kernel-debuginfo-common-aarch64-4.14.0-115.13.1.el7a.aarch64.rpm kernel-devel-4.14.0-115.13.1.el7a.aarch64.rpm kernel-headers-4.14.0-115.13.1.el7a.aarch64.rpm kernel-tools-4.14.0-115.13.1.el7a.aarch64.rpm kernel-tools-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm kernel-tools-libs-4.14.0-115.13.1.el7a.aarch64.rpm perf-4.14.0-115.13.1.el7a.aarch64.rpm perf-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm python-perf-4.14.0-115.13.1.el7a.aarch64.rpm python-perf-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm noarch: kernel-abi-whitelists-4.14.0-115.13.1.el7a.noarch.rpm kernel-doc-4.14.0-115.13.1.el7a.noarch.rpm ppc64le: kernel-4.14.0-115.13.1.el7a.ppc64le.rpm kernel-bootwrapper-4.14.0-115.13.1.el7a.ppc64le.rpm kernel-debug-4.14.0-115.13.1.el7a.ppc64le.rpm kernel-debug-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm kernel-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.14.0-115.13.1.el7a.ppc64le.rpm kernel-devel-4.14.0-115.13.1.el7a.ppc64le.rpm kernel-headers-4.14.0-115.13.1.el7a.ppc64le.rpm kernel-tools-4.14.0-115.13.1.el7a.ppc64le.rpm kernel-tools-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm kernel-tools-libs-4.14.0-115.13.1.el7a.ppc64le.rpm perf-4.14.0-115.13.1.el7a.ppc64le.rpm perf-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm python-perf-4.14.0-115.13.1.el7a.ppc64le.rpm python-perf-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm s390x: kernel-4.14.0-115.13.1.el7a.s390x.rpm kernel-debug-4.14.0-115.13.1.el7a.s390x.rpm kernel-debug-debuginfo-4.14.0-115.13.1.el7a.s390x.rpm kernel-debug-devel-4.14.0-115.13.1.el7a.s390x.rpm kernel-debuginfo-4.14.0-115.13.1.el7a.s390x.rpm kernel-debuginfo-common-s390x-4.14.0-115.13.1.el7a.s390x.rpm kernel-devel-4.14.0-115.13.1.el7a.s390x.rpm kernel-headers-4.14.0-115.13.1.el7a.s390x.rpm kernel-kdump-4.14.0-115.13.1.el7a.s390x.rpm kernel-kdump-debuginfo-4.14.0-115.13.1.el7a.s390x.rpm kernel-kdump-devel-4.14.0-115.13.1.el7a.s390x.rpm perf-4.14.0-115.13.1.el7a.s390x.rpm perf-debuginfo-4.14.0-115.13.1.el7a.s390x.rpm python-perf-4.14.0-115.13.1.el7a.s390x.rpm python-perf-debuginfo-4.14.0-115.13.1.el7a.s390x.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: kernel-debug-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm kernel-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm kernel-debuginfo-common-aarch64-4.14.0-115.13.1.el7a.aarch64.rpm kernel-tools-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm kernel-tools-libs-devel-4.14.0-115.13.1.el7a.aarch64.rpm perf-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm python-perf-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm noarch: kernel-doc-4.14.0-115.13.1.el7a.noarch.rpm ppc64le: kernel-debug-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm kernel-debug-devel-4.14.0-115.13.1.el7a.ppc64le.rpm kernel-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.14.0-115.13.1.el7a.ppc64le.rpm kernel-tools-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm kernel-tools-libs-devel-4.14.0-115.13.1.el7a.ppc64le.rpm perf-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm python-perf-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14835 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kernel-vhost 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXYiNHdzjgjWX9erEAQiw5A//WQ7wrXYMMJrlQf/DRD+LVyG10ADgio+i BXJQvAFnQGk4hoAI5jF1b6BRyCcp3WB+WM523Ak/xQF1MN3Eo4kjKoOrOTcLiFtB 0LDZNC8i+OqfYYXo5TJCdlBkDerksx+tmLl4+XPk7PnZk5jY8BJQH1iZ+UGM3ZBU 1fvxotfg0yZtKYVX1j6dWVQ0BNVS1ep3mZ1OHIh+VZFqU81gM3jiK+LXyZvJ469J ZaTmu230i9LWS9ns1hOKlB/veV85m+R53MzAHUTUHofyMt8lPixoyiJ45yQw+vS4 U/38tXwoPxV7A+PWTGvn7gGrzPnK+2if6HNoSHs1E+fb8GCf7HbWZz2VTRSjroVT IsvwNbQrsccVkhV7vqZW7hUvYcVWxwJW8h+X3rKJl3qcmMQlhJYuBOGcxAhIhuIN q/E9MVOAKlItOPc9WfVBoI3U6KcSI5si5wdDpcXG8BKrLPaEzxXEU1dg2eebWaVV 04d/E7WjEUSw0fILu//YsudAzkML6QwdpMIzzccdWH9ogvwRha2lgUelD5HFh/uy +xFWbV7gtjtFChQrvHf7BnyAEArBBJkGbjO8wDSrH6BzqUQ0oz8ILDEaDWqISdoA d7kx/DbhNvyzRzE7PyB+1EP2PgayTXzIog87xQPf7h1YW7FPo6qYPbVaNmaEDpnP OjUlwO1Zksk= =LI/7 - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2019:2863-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2863 Issue date: 2019-09-23 CVE Names: CVE-2019-14835 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-754.23.1.el6.src.rpm i386: kernel-2.6.32-754.23.1.el6.i686.rpm kernel-debug-2.6.32-754.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm kernel-devel-2.6.32-754.23.1.el6.i686.rpm kernel-headers-2.6.32-754.23.1.el6.i686.rpm perf-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.23.1.el6.noarch.rpm kernel-doc-2.6.32-754.23.1.el6.noarch.rpm kernel-firmware-2.6.32-754.23.1.el6.noarch.rpm x86_64: kernel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm kernel-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-headers-2.6.32-754.23.1.el6.x86_64.rpm perf-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-754.23.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-754.23.1.el6.noarch.rpm kernel-doc-2.6.32-754.23.1.el6.noarch.rpm kernel-firmware-2.6.32-754.23.1.el6.noarch.rpm x86_64: kernel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm kernel-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-headers-2.6.32-754.23.1.el6.x86_64.rpm perf-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-754.23.1.el6.src.rpm i386: kernel-2.6.32-754.23.1.el6.i686.rpm kernel-debug-2.6.32-754.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm kernel-devel-2.6.32-754.23.1.el6.i686.rpm kernel-headers-2.6.32-754.23.1.el6.i686.rpm perf-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.23.1.el6.noarch.rpm kernel-doc-2.6.32-754.23.1.el6.noarch.rpm kernel-firmware-2.6.32-754.23.1.el6.noarch.rpm ppc64: kernel-2.6.32-754.23.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-754.23.1.el6.ppc64.rpm kernel-debug-2.6.32-754.23.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-754.23.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.23.1.el6.ppc64.rpm kernel-devel-2.6.32-754.23.1.el6.ppc64.rpm kernel-headers-2.6.32-754.23.1.el6.ppc64.rpm perf-2.6.32-754.23.1.el6.ppc64.rpm perf-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm s390x: kernel-2.6.32-754.23.1.el6.s390x.rpm kernel-debug-2.6.32-754.23.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.s390x.rpm kernel-debug-devel-2.6.32-754.23.1.el6.s390x.rpm kernel-debuginfo-2.6.32-754.23.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.23.1.el6.s390x.rpm kernel-devel-2.6.32-754.23.1.el6.s390x.rpm kernel-headers-2.6.32-754.23.1.el6.s390x.rpm kernel-kdump-2.6.32-754.23.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.23.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-754.23.1.el6.s390x.rpm perf-2.6.32-754.23.1.el6.s390x.rpm perf-debuginfo-2.6.32-754.23.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.s390x.rpm x86_64: kernel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm kernel-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-headers-2.6.32-754.23.1.el6.x86_64.rpm perf-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.23.1.el6.ppc64.rpm perf-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm python-perf-2.6.32-754.23.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-754.23.1.el6.s390x.rpm kernel-debuginfo-2.6.32-754.23.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.23.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.23.1.el6.s390x.rpm perf-debuginfo-2.6.32-754.23.1.el6.s390x.rpm python-perf-2.6.32-754.23.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-754.23.1.el6.src.rpm i386: kernel-2.6.32-754.23.1.el6.i686.rpm kernel-debug-2.6.32-754.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm kernel-devel-2.6.32-754.23.1.el6.i686.rpm kernel-headers-2.6.32-754.23.1.el6.i686.rpm perf-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.23.1.el6.noarch.rpm kernel-doc-2.6.32-754.23.1.el6.noarch.rpm kernel-firmware-2.6.32-754.23.1.el6.noarch.rpm x86_64: kernel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm kernel-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-headers-2.6.32-754.23.1.el6.x86_64.rpm perf-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14835 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kernel-vhost 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXYiPr9zjgjWX9erEAQjN1A/+IHOdg8Beicp8yr78sUumJ7+hE87hxu0f TCubCbjezezlvYlEfTcCz0nCF6HvcETrxNA6yj70lVLL6zc/ink1/EV7IaIis4f7 pQ5eO6pc8d0jm0x4k5y5Kjif0bxROUJeSvuI6p3nfhDZkXH5rswlfZC3/GlzVrpY CJWDWWYdcOlK6KYCai/AZTPVGL2qOvtIma7tbYfhXyyexk48S/mYIgwVKyH2MYG/ sYVoZQRuq9cT9Obl0y/O9LcG3RJ6+JAhC5+FvU3zcbndT+32SEeKKlmbSSEYuFmE SFRRWDiZX1uhElW/K7nYrRTN87bJZ0wgIOvXauQmWMwS1NAuelQIqOQ3NAXG8oYz A/wOPkILOHI352z8/Dm+p/Po6Ql/PUPZBT+GYmLv+Mju0pckg/7OLLqHqFUGwEey J0rSl9OaePNyOmUdPYOAOKPrwRnLHArG3kSKzLDnW2T1MQX0/51tDgasxptS1ekQ S8mvrKJoqc7Vlghx3jZ854/Uegx6J7eUlQmuSWvZGAM6sR9826TzpQHag2am1sUt JtAjh9Zv4f+C292ltjLRtp2zuKmYQNcDCl8NoustAi7SXvYcAYr5uSXDMc+BajIa MY2jtvyVIyGHpf4jkoDBtTLtmhIyhU+fs1MEF9SI0nvbveqMMzJFXXs6ExOy0OBI 1XpQhVd4g6E= =hfEj - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2019:2864-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2864 Issue date: 2019-09-23 CVE Names: CVE-2019-14835 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6): Source: kernel-3.10.0-957.35.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.35.2.el7.noarch.rpm kernel-doc-3.10.0-957.35.2.el7.noarch.rpm x86_64: bpftool-3.10.0-957.35.2.el7.x86_64.rpm kernel-3.10.0-957.35.2.el7.x86_64.rpm kernel-debug-3.10.0-957.35.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.35.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.35.2.el7.x86_64.rpm kernel-devel-3.10.0-957.35.2.el7.x86_64.rpm kernel-headers-3.10.0-957.35.2.el7.x86_64.rpm kernel-tools-3.10.0-957.35.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.35.2.el7.x86_64.rpm perf-3.10.0-957.35.2.el7.x86_64.rpm perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm python-perf-3.10.0-957.35.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6): x86_64: kernel-debug-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.35.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.35.2.el7.x86_64.rpm perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.6): Source: kernel-3.10.0-957.35.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.35.2.el7.noarch.rpm kernel-doc-3.10.0-957.35.2.el7.noarch.rpm ppc64: kernel-3.10.0-957.35.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-957.35.2.el7.ppc64.rpm kernel-debug-3.10.0-957.35.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-957.35.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-957.35.2.el7.ppc64.rpm kernel-devel-3.10.0-957.35.2.el7.ppc64.rpm kernel-headers-3.10.0-957.35.2.el7.ppc64.rpm kernel-tools-3.10.0-957.35.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-957.35.2.el7.ppc64.rpm perf-3.10.0-957.35.2.el7.ppc64.rpm perf-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm python-perf-3.10.0-957.35.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm ppc64le: kernel-3.10.0-957.35.2.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-957.35.2.el7.ppc64le.rpm kernel-debug-3.10.0-957.35.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-957.35.2.el7.ppc64le.rpm kernel-devel-3.10.0-957.35.2.el7.ppc64le.rpm kernel-headers-3.10.0-957.35.2.el7.ppc64le.rpm kernel-tools-3.10.0-957.35.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm kernel-tools-libs-3.10.0-957.35.2.el7.ppc64le.rpm perf-3.10.0-957.35.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm python-perf-3.10.0-957.35.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm s390x: kernel-3.10.0-957.35.2.el7.s390x.rpm kernel-debug-3.10.0-957.35.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-957.35.2.el7.s390x.rpm kernel-debug-devel-3.10.0-957.35.2.el7.s390x.rpm kernel-debuginfo-3.10.0-957.35.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-957.35.2.el7.s390x.rpm kernel-devel-3.10.0-957.35.2.el7.s390x.rpm kernel-headers-3.10.0-957.35.2.el7.s390x.rpm kernel-kdump-3.10.0-957.35.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-957.35.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-957.35.2.el7.s390x.rpm perf-3.10.0-957.35.2.el7.s390x.rpm perf-debuginfo-3.10.0-957.35.2.el7.s390x.rpm python-perf-3.10.0-957.35.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-957.35.2.el7.s390x.rpm x86_64: bpftool-3.10.0-957.35.2.el7.x86_64.rpm kernel-3.10.0-957.35.2.el7.x86_64.rpm kernel-debug-3.10.0-957.35.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.35.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.35.2.el7.x86_64.rpm kernel-devel-3.10.0-957.35.2.el7.x86_64.rpm kernel-headers-3.10.0-957.35.2.el7.x86_64.rpm kernel-tools-3.10.0-957.35.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.35.2.el7.x86_64.rpm perf-3.10.0-957.35.2.el7.x86_64.rpm perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm python-perf-3.10.0-957.35.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.6): ppc64: kernel-debug-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-957.35.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-957.35.2.el7.ppc64.rpm perf-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm kernel-debug-devel-3.10.0-957.35.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-957.35.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-957.35.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.35.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.35.2.el7.x86_64.rpm perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14835 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kernel-vhost 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXYivj9zjgjWX9erEAQg9iw/6AiSBlimEJBilI4YaU4OMnj6QLpkgPcZv pcXpXjUNS1ckzq5N0ndvDSB1VofK+gCrQscTdOr3Ab+O5fLL+NGgKSC3PDdfnMjM wCQSZkT8j5ZdA0Yl9h0/iqX4i23vbVtjsiTfOdYl591XccoA1MUXDnEHJ+7w5sd3 Ui1tMcfqqGHIHN3S17wfMsnT6gKX1pRvva3E6dB6aGwGWM+ahkQAM27RUzXjM3Yp ZC8Jy+T6jsEFGwQbb/33GHAgWJ9w8eu1DywxyuSmHTCnLv8pX6rRSWDGxwXEcskv eENBocsedY78oEUsF+9IiFrdq3R8Af7A4xVIqbqkRPTQqB4y8peIhbJJUkXQBjNV XNplz+RGFYrVJH7tZZHEzGKebYbFUomXbq3N7wc2V7WDz9kW8CStgd+KjRUa730s TY38a+ff3N1DP+wRRL9Bu4Dv89qLL+dHUvdv6WNBSULM6uuADe4BLjr25F8CL57w qzWCyYwo5VbJwDW0RFAWj828bqrQics1ICuY5SAmaX9AIQpYzwiUnCK+tZvBnJBJ NaeD12H5imuvUZSA7D7olVVojakCuxnM5v+kypaL0jYenYne0Gm9ZecxtSFzo+JW 8LxtVJaTv9urSqfD0ongfJ7YCWchddpk2ldsvd1CnJotHLGsR2J0p3j4JwRSbHWP FkbnNxvOHHI= =YEYB - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kpatch-patch security update Advisory ID: RHSA-2019:2865-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2865 Issue date: 2019-09-23 CVE Names: CVE-2019-14835 ===================================================================== 1. Summary: An update for kpatch-patch is now available for RHEL-7.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, x86_64 3. Description: This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration 6. Package List: Red Hat Enterprise Linux Server EUS (v. 7.6): Source: kpatch-patch-3_10_0-957_35_1-1-1.el7.src.rpm ppc64le: kpatch-patch-3_10_0-957_35_1-1-1.el7.ppc64le.rpm kpatch-patch-3_10_0-957_35_1-debuginfo-1-1.el7.ppc64le.rpm x86_64: kpatch-patch-3_10_0-957_35_1-1-1.el7.x86_64.rpm kpatch-patch-3_10_0-957_35_1-debuginfo-1-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14835 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kernel-vhost 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXYioTdzjgjWX9erEAQhLtA//ZUVoOexzr8OtvC/Qs5x/qtHVD+f6BFP9 xl5LeZcD9pZ/c56kpmAAVi8VfflAxOyZfwdoR2n4HwxprvOELWdYBuzgdlf5jKNe HQnvn2jFpeQR6nElurif8RpWn6ChXFcjRvQo+xcVGwKlRa3KGY6k298xhVQUfK3T 9cpWlkVNudmPeuqjc2W1ROJr41WkM7MrIRucxAEfXe1Sewihpso4+X7Kc2c9u0Vg 9/4Yy+fgkOzepKElzpge2ToJA9+/M1x6Brg3XStuNtnefNdnq33Iz68iL7wMMeLs 0BrkhvlSwWXHHqgaNmIcAfxMupXFl9/1MZvJ3TDKhE3pSj1TQfM6AMCVmI5qXgLp VqhzJGq+xLmuagqI1Vn1fZHmC2rP0fucYof/vBwgHRAGS8Ydqn53wcgXkVCd4JEN ttWFHu4NVlBcvH/AZmJ4js8qrX485u6NGWIuJiejN6euaq18iVD8tnVkSR2IIu3o D4RniHUD9Hzwu5wIi3jqBabaTLtDXkowMNEfZFuPo2bk0TyqxORm+4dX6lGwpvna Vv9UxQmw7ius3KuXfU3K+AcwbLxkWTmp0XKunlN80Uv/imLuoBMwwAwPlDTIvmx9 XT9hubTdtJV3NmQM+fJWHAR0ujtE4l0+kk74lisP5wgOVJP8+ah/0U8AQDa6OnNr WzYRCxVdxwQ= =3GED - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2019:2866-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2866 Issue date: 2019-09-23 CVE Names: CVE-2019-14835 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.5) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.5) - ppc64, ppc64le, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.5): Source: kernel-3.10.0-862.41.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.41.2.el7.noarch.rpm kernel-doc-3.10.0-862.41.2.el7.noarch.rpm x86_64: kernel-3.10.0-862.41.2.el7.x86_64.rpm kernel-debug-3.10.0-862.41.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.41.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.41.2.el7.x86_64.rpm kernel-devel-3.10.0-862.41.2.el7.x86_64.rpm kernel-headers-3.10.0-862.41.2.el7.x86_64.rpm kernel-tools-3.10.0-862.41.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.41.2.el7.x86_64.rpm perf-3.10.0-862.41.2.el7.x86_64.rpm perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm python-perf-3.10.0-862.41.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5): x86_64: kernel-debug-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.41.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.41.2.el7.x86_64.rpm perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.5): Source: kernel-3.10.0-862.41.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.41.2.el7.noarch.rpm kernel-doc-3.10.0-862.41.2.el7.noarch.rpm ppc64: kernel-3.10.0-862.41.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-862.41.2.el7.ppc64.rpm kernel-debug-3.10.0-862.41.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-862.41.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.41.2.el7.ppc64.rpm kernel-devel-3.10.0-862.41.2.el7.ppc64.rpm kernel-headers-3.10.0-862.41.2.el7.ppc64.rpm kernel-tools-3.10.0-862.41.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-862.41.2.el7.ppc64.rpm perf-3.10.0-862.41.2.el7.ppc64.rpm perf-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm python-perf-3.10.0-862.41.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm ppc64le: kernel-3.10.0-862.41.2.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.41.2.el7.ppc64le.rpm kernel-debug-3.10.0-862.41.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.41.2.el7.ppc64le.rpm kernel-devel-3.10.0-862.41.2.el7.ppc64le.rpm kernel-headers-3.10.0-862.41.2.el7.ppc64le.rpm kernel-tools-3.10.0-862.41.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.41.2.el7.ppc64le.rpm perf-3.10.0-862.41.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm python-perf-3.10.0-862.41.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm s390x: kernel-3.10.0-862.41.2.el7.s390x.rpm kernel-debug-3.10.0-862.41.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.41.2.el7.s390x.rpm kernel-debug-devel-3.10.0-862.41.2.el7.s390x.rpm kernel-debuginfo-3.10.0-862.41.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.41.2.el7.s390x.rpm kernel-devel-3.10.0-862.41.2.el7.s390x.rpm kernel-headers-3.10.0-862.41.2.el7.s390x.rpm kernel-kdump-3.10.0-862.41.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.41.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.41.2.el7.s390x.rpm perf-3.10.0-862.41.2.el7.s390x.rpm perf-debuginfo-3.10.0-862.41.2.el7.s390x.rpm python-perf-3.10.0-862.41.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.41.2.el7.s390x.rpm x86_64: kernel-3.10.0-862.41.2.el7.x86_64.rpm kernel-debug-3.10.0-862.41.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.41.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.41.2.el7.x86_64.rpm kernel-devel-3.10.0-862.41.2.el7.x86_64.rpm kernel-headers-3.10.0-862.41.2.el7.x86_64.rpm kernel-tools-3.10.0-862.41.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.41.2.el7.x86_64.rpm perf-3.10.0-862.41.2.el7.x86_64.rpm perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm python-perf-3.10.0-862.41.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.5): ppc64: kernel-debug-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.41.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-862.41.2.el7.ppc64.rpm perf-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.41.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.41.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.41.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.41.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.41.2.el7.x86_64.rpm perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14835 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kernel-vhost 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXYiswNzjgjWX9erEAQhd1g//WDRHc/Prfvv6JNbmMdvxJvpXZx3Wc535 /AQUarXoBalyktM8ucRBOg28X4Eq7Y8WF9jbdoyp8iIrirZQdA7+4yEI6O6GnY2m M3sx6Kw9jbNFxP72zUxOK6hMuR8pimz0RWIdc8vQgfA3UuTyjjfvHjjr361FCRHF bjRgMl4sOuMbwrxs/h6NgeKVLUw5EoHTrJ6Hc8Vv5wIjyir1bSMH0aikAirkoZ0Y WtR3Z7lvODMcY4wKXecyVc/xslg1ioZhS9gGsG+TJ2fUMw7sZr5ERccc+1UWGFUa 2knyaFEQUSEYweDEsYm3zR3G75rNljzX8VZaEN/ShQwIA46k8J/Z7Wdy7DC6e66/ FUOKdD8MEjOieoDLfXZpOlBJ1UWBCC8/HYuP7ujFpiCvN7zFBd/HYAIUnhC+y5wg XHTc05QJbalfHAntTQRzlwS8Uc746PjBlykrWETVFwyVu3u1cfxbSYsP4TA/6yvE AUK1uea0hbg6RgaceZfyIV8YIaaJB5fmS4Ula4p4ppBf5HuF+L0eRl5zYzhA0Ryl NSNr5YeIrmCVr6UjEBNZlClSOwi4RN2pQ1VmAcbrsACYuOcKVD1PtoCH087ISIjP Lej+FZxY423yc9s1/2RxoVIgYwInTzttvauDR8ws4bDmxbPzWrlpT7ciee5kdSQr jZmQ2x5ylP4= =z5bF - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2019:2867-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2867 Issue date: 2019-09-23 CVE Names: CVE-2019-14835 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: kernel-3.10.0-693.59.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.59.1.el7.noarch.rpm kernel-doc-3.10.0-693.59.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.59.1.el7.x86_64.rpm kernel-debug-3.10.0-693.59.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm kernel-devel-3.10.0-693.59.1.el7.x86_64.rpm kernel-headers-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.59.1.el7.x86_64.rpm perf-3.10.0-693.59.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm python-perf-3.10.0-693.59.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: kernel-3.10.0-693.59.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.59.1.el7.noarch.rpm kernel-doc-3.10.0-693.59.1.el7.noarch.rpm ppc64le: kernel-3.10.0-693.59.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-693.59.1.el7.ppc64le.rpm kernel-debug-3.10.0-693.59.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.59.1.el7.ppc64le.rpm kernel-devel-3.10.0-693.59.1.el7.ppc64le.rpm kernel-headers-3.10.0-693.59.1.el7.ppc64le.rpm kernel-tools-3.10.0-693.59.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-693.59.1.el7.ppc64le.rpm perf-3.10.0-693.59.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm python-perf-3.10.0-693.59.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm x86_64: kernel-3.10.0-693.59.1.el7.x86_64.rpm kernel-debug-3.10.0-693.59.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm kernel-devel-3.10.0-693.59.1.el7.x86_64.rpm kernel-headers-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.59.1.el7.x86_64.rpm perf-3.10.0-693.59.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm python-perf-3.10.0-693.59.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: kernel-3.10.0-693.59.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.59.1.el7.noarch.rpm kernel-doc-3.10.0-693.59.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.59.1.el7.x86_64.rpm kernel-debug-3.10.0-693.59.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm kernel-devel-3.10.0-693.59.1.el7.x86_64.rpm kernel-headers-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.59.1.el7.x86_64.rpm perf-3.10.0-693.59.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm python-perf-3.10.0-693.59.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.59.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.4): ppc64le: kernel-debug-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-693.59.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.59.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-693.59.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.59.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.59.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14835 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kernel-vhost 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXYi86tzjgjWX9erEAQi1YA//SFbLNTK8xgMJM4UXWUDM7d1LMS/f79kZ C+qG3/+OUqyltICprPUpLQOslAaLgY1C1slkqkxXXgNtfB4rBnE2gkDtSnqe0a7K 60JapVVCpXuJnGozoFusUPgSvy7DM3RJ+xcz4SS6fNIuRGq1bDjOd4E3tcQwk1rh hqqPwPmY1uJK2y6UWiyF9Q2Dvug5mO2ZKqxgwuZPQyRXg14BVxDfXIY6+8SuuL3j YLVmCNqpErcoqeIaUAXUbGyATrUwni8J1RY4Q5lNDMq8u31Xlu/CSaEqU5OxtkeB RvfAuFebnJkUo+YkzouWWKF+eTEhpqxXnPZq2KM8zStGmRpVmreg16THa6CSpi81 HDcsTNKFHsA3QWHosxramg1Z/RYSD+goD0lvnfEVvO4jaUW2f59q2PEu4riM897f L21luddDijVBYmzAngkrhKR0kiADLmU+p67nZ9EyNrR95XYaaJ6GRb5vSXBEgiXt vJJn8GuJAI5h13MzO5rAua82xTHxiQc28s5KCbCJFcp3DZo72mDIVE6MfGb1By5e T1IN17xPN7yVoy/c8WZ89unoNZNXMsTBhcWNNlXsXknALVaYi5i4AtWx3mOLP2gk c1Z7F9XG8niCTGSLvBs5gSAfjSFNB6YiU6NzX9Zlxb4/hr3HE20S+w3AGnvD2f05 hz6LDDCc4xc= =hk2d - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2019:2869-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2869 Issue date: 2019-09-23 CVE Names: CVE-2019-14835 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 6.6) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) Bug Fix(es): * fragmented packets timing out (BZ#1741131) * Backport TCP follow-up for small buffers (BZ#1741143) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration 6. Package List: Red Hat Enterprise Linux Server AUS (v. 6.6): Source: kernel-2.6.32-504.81.2.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-504.81.2.el6.noarch.rpm kernel-doc-2.6.32-504.81.2.el6.noarch.rpm kernel-firmware-2.6.32-504.81.2.el6.noarch.rpm x86_64: kernel-2.6.32-504.81.2.el6.x86_64.rpm kernel-debug-2.6.32-504.81.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.81.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.81.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.81.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.81.2.el6.x86_64.rpm kernel-devel-2.6.32-504.81.2.el6.x86_64.rpm kernel-headers-2.6.32-504.81.2.el6.x86_64.rpm perf-2.6.32-504.81.2.el6.x86_64.rpm perf-debuginfo-2.6.32-504.81.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.81.2.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.6): x86_64: kernel-debug-debuginfo-2.6.32-504.81.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.81.2.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.81.2.el6.x86_64.rpm perf-debuginfo-2.6.32-504.81.2.el6.x86_64.rpm python-perf-2.6.32-504.81.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.81.2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14835 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kernel-vhost 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXYi7gtzjgjWX9erEAQjm+RAAhIAqBvh5J7lx925a0PKvqU5gaQ9smh8c n2dWD851PIM9YUDxfrVm73Zh2/a87OH5E7DqJzwZ0T+X/UyUtabpr7YGIGJ6NxZP BwOOpjcFkCGuGGcW+abBrUcOPkznK4XwfjqfcEZSmah9bzG6pbA2jBtVe5OiDWoG 3UdYeCqb37aJ9JJ6/Js0jFT/FiD6hK0Gbhkz7SfSCbOHGmTk9JC3xOb2rAZ0q48i bjFv9d1ScTCVQlRUQ1+nGYXth0bdaANBAono8XA/HrvJD1ndi9AjwWjIQHaI2m8Z Q0uUVmFBNq3FV6GUSlsZAWtRMGySbRww0gLkmOQEHE5kIOVq7NSX4yUd3h+h2NLy xq2V8nuzqd8S17x/Dm79p3X0V3HsXowH1jnE4GzlMhuoj1MqVc0b5hlo6iwGFnPC BclJVJeD9BFbaxHtMfH4lg/SUBv611NpAsVgYXCvYbocgDouFDttaamzGPt/gsH6 YApQB/dbtL0JI4lZsTUZuqi87VcjhxqZ1AQbd3LtaC2U8yrvrcVyX8Dj+O3ggbKt tIUwkXC72+9VG0weXGLQdJXObpPQCUvlC1kaR+QCRbb/jxesYfADf5AxLSpt0XVx AkCvy3TuexOuBbGy84ohnGxvreFuA4qilnkYcmihgtj3rZ6hmBIcZAU7jOPrRmL8 JgtOGWbHo70= =1Hnq - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: redhat-virtualization-host security update Advisory ID: RHSA-2019:2889-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2019:2889 Issue date: 2019-09-24 CVE Names: CVE-2019-14835 ===================================================================== 1. Summary: An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL 7-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 7 - noarch 3. Description: The redhat-virtualization-host packages provide the Red Hat Virtualization Host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.3.5), redhat-virtualization-host (4.3.5). (BZ#1751436, BZ#1754063) Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration 1754063 - Rebase RHV-H 4.3.5 on RHEL 7.7 6. Package List: Red Hat Virtualization 4 Hypervisor for RHEL 7: Source: redhat-virtualization-host-4.3.5-20190920.0.el7_7.src.rpm noarch: redhat-virtualization-host-image-update-4.3.5-20190920.0.el7_7.noarch.rpm RHEL 7-based RHEV-H for RHEV 4 (build requirements): Source: redhat-release-virtualization-host-4.3.5-4.el7ev.src.rpm redhat-virtualization-host-4.3.5-20190920.0.el7_7.src.rpm noarch: redhat-virtualization-host-image-update-4.3.5-20190920.0.el7_7.noarch.rpm redhat-virtualization-host-image-update-placeholder-4.3.5-4.el7ev.noarch.rpm x86_64: redhat-release-virtualization-host-4.3.5-4.el7ev.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14835 https://access.redhat.com/security/vulnerabilities/kernel-vhost https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXYoQD9zjgjWX9erEAQgDhxAAooWN34CM7iqVR1iQ+5mB/nXDFrIxIU5H N2fQz1khPbFbg6MJhXCQCM8ANmIcniUa8Mb/2t8RhQuCA5qL5XBh9ZmurQmN2X1A 6M6MBwuPiWaCoYrOWs5JPo5lQxXBiIuQPzFR8v7udYbDgjVDYziD9CkIfis0iscn RLT5etX1pL1gfYByB4cyzImB9/ZwDs4hpXrZwVT41C5eSFvW0tteyZ/MVvg99xNX yy0ovkdDt6Vs3O0tQbdzG9UjJB6Gtxcr6Z2XBRDlDMp15WvssOW621wohmkRMDsQ kA3oPJPuKu14mK8DXOgXatPs6CdN5EZajXV0ei5TWm/6eA3ksApc3iew/NZqRcl8 GOyeNg9zGNHt1wNvi4g+buyZ3hS9yH99EVarWUJQpMGENyNB5RQPOddQm244YFpH D9/CXOonc42ymdt7kzy0TgkKNVjbHQQ7PhFUzHbldSALxwmERW9h+A8MnLUJOg6e Q6VJ2UmJqwzWr9vZ9yMDu9Pdz7mB2CiynyJi8FQTqrxe/s+Q9yq9FiOdHeJRk5VN 1D9aQt0vsdL47YId90gSGAVfaYQ2t+2i43g1YPy2e+jkKz14sFlpVbFnoahuIwqS 7zOv/mcUCiRobxm0kzTEjREY1RJQHXRGrliKPaBXdNi/zb4Xvig77ebU2K7vTudZ BBunakpQeWI= =qVhz - -----END PGP SIGNATURE----- - -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXYq4BGaOgq3Tt24GAQhGkw/+P7+9BdFS5XQ/7wUepx5NQC4lb32G8jhh bJNKLc1s89ZzEill99Q4uPrNrv1WVEushsxzHn8xR2x5PQb5FrmQAj2Kp/kdpx5S s77xPDlYEqQDLAf+wpcZ4S0n/P+C9iWJLNWeW1FzjK46d6FPuQQ0Lj0ku/puwK0p ww5NoUr7TxtfmOvCBmMkQ14HwFwkuma0rm5sO+YdEIeDqcwy0cBLHxfRhVCmUkYV PwoKLGLCFemCOvfFQ77/Dajo4ABjcHYyn65hmIzN4JAbWezpE730a0zEzCKAIDlu TaHU5G6EghG8PEaIQpq5jT2FiAAptWzgUV2iikfJ2OND5yDniNnQe9AWVf9Po/vP ywmu9GsuEsj0nIWZYxCpA4FT9SNH0eMjzHORBmk5WeojvOe+0h7G0pka/aaExV+T ITL5koaqvEVtEH65SyjkiEHGu8hUMRI+rjJuKoyPraDc/RgPicMBJ5tP/krecFUg XpL7k5q6NMfZNnP/g4XdB/mcRaioEBQonuF5V3sWfyd/M3N0+r6KNvJWxN+O+QiR yAn0r80I+cDS6JZVHj/joYsCLFYOFIeD7kZTAzSiezuFwVTzj7Oq4bUWAgEtA+jw yl3UJ9qVSQgqfOq8RKQIlML6TLNXSNPGoXk481IiM6ZsSd1Uo9DeNE9KlbiXGjEl Gc5wFJGHrPw= =0S/c -----END PGP SIGNATURE-----