Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.3572.3
Red Hat updates kernel for CVE-2019-14835
25 September 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: kernel
kpatch-patch
kernel-rt
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux WS/Desktop 6
Red Hat Enterprise Linux Server 7
Red Hat Enterprise Linux WS/Desktop 7
Red Hat Enterprise Linux Server 8
Impact/Access: Increased Privileges -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-14835
Reference: ESB-2019.3570
ESB-2019.3536
Original Bulletin:
https://access.redhat.com/errata/RHSA-2019:2830
https://access.redhat.com/errata/RHSA-2019:2854
https://access.redhat.com/errata/RHSA-2019:2828
https://access.redhat.com/errata/RHSA-2019:2829
https://access.redhat.com/errata/RHSA-2019:2862
https://access.redhat.com/errata/RHSA-2019:2863
https://access.redhat.com/errata/RHSA-2019:2864
https://access.redhat.com/errata/RHSA-2019:2865
https://access.redhat.com/errata/RHSA-2019:2866
https://access.redhat.com/errata/RHSA-2019:2867
https://access.redhat.com/errata/RHSA-2019:2869
https://access.redhat.com/errata/RHSA-2019:2889
Comment: This bulletin contains twelve (12) Red Hat security advisories.
Revision History: September 25 2019: Red Hat have published more advisories including additional RHEL releases/architectures.
September 24 2019: Red Hat have published more advisories including for RHEL 6 variants
September 23 2019: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel-rt security update
Advisory ID: RHSA-2019:2830-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2830
Issue date: 2019-09-20
CVE Names: CVE-2019-14835
=====================================================================
1. Summary:
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Realtime (v. 7) - noarch, x86_64
Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64
3. Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* A buffer overflow flaw was found in the way Linux kernel's vhost
functionality that translates virtqueue buffers to IOVs, logged the buffer
descriptors during migration. A privileged guest user able to pass
descriptors with invalid length to the host when migration is underway,
could use this flaw to increase their privileges on the host.
(CVE-2019-14835)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration
6. Package List:
Red Hat Enterprise Linux for Real Time for NFV (v. 7):
Source:
kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.src.rpm
noarch:
kernel-rt-doc-3.10.0-1062.1.2.rt56.1025.el7.noarch.rpm
x86_64:
kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-debug-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-debug-kvm-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-kvm-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-kvm-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-trace-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-trace-kvm-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-trace-kvm-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
Red Hat Enterprise Linux Realtime (v. 7):
Source:
kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.src.rpm
noarch:
kernel-rt-doc-3.10.0-1062.1.2.rt56.1025.el7.noarch.rpm
x86_64:
kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-debug-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-trace-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-14835
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/kernel-vhost
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXYR169zjgjWX9erEAQgfFw//U0JbYb/mtTvt+MKZogWtEphI99amgo4h
eK8GT192ZHcZVnXR39ayp0OSBpTdd1k5lqgF80AGQ0IA/3wJS/7WWGx78HmBXgEB
20M1zxZRVzEYHwkaYPJdbO9BEMTLdNeV7cXccggj3lBi2l8bFiI5npH8xRSmOwoP
rUMHQRnTJMWTOII10itAw8ju8DdQkDkS8kF+7FI+elt79M6v6GReMXqC67fy1HFv
cef/hwg7lD00lti4JrWmHlNSrb0sRE08GCHmuM5EGx5Qe8Dmq/vp5sVmlaOE279s
/bDSQIPwCIXQ6auKa+kMqoXJiBTRsV+LWcruaZyT/c9TTUZRKxAq7DDjUDKFm4bD
tU/CDnk97zqTf/SrPZhageMuQ5CSXVPkXw2nlYt8OVGAr83KcjFURcJtvio7F9TR
D8mseLwHafne3irRRLvA+MSv1uZ3v2lgApM7HUAZWcIqfC321UO7jDa1z6EeZ1Rt
Ec27kZjZIrsM1Bh4ibAlsauiV1a86YCj3NmuK9EUjrFEHyeCfKTz2ytaV8jrzYkB
CUnPqh78z5d+aehDgxrfV5jm8yq4Q2yceiMwMbPeRZyS5wuzR+a67IFoTlrA1kqp
2+EDU4cR6UZlCWE3jYfZg5fwDwUrRa9RjvlbRstJgk7F9tzn8vjuvjPPYt2P5895
kcVKSV/8S/s=
=Vysh
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security update
Advisory ID: RHSA-2019:2827-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2827
Issue date: 2019-09-20
CVE Names: CVE-2019-14835
=====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* A buffer overflow flaw was found in the way Linux kernel's vhost
functionality that translates virtqueue buffers to IOVs, logged the buffer
descriptors during migration. A privileged guest user able to pass
descriptors with invalid length to the host when migration is underway,
could use this flaw to increase their privileges on the host.
(CVE-2019-14835)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration
6. Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
kernel-4.18.0-80.11.2.el8_0.src.rpm
aarch64:
bpftool-4.18.0-80.11.2.el8_0.aarch64.rpm
bpftool-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm
kernel-4.18.0-80.11.2.el8_0.aarch64.rpm
kernel-core-4.18.0-80.11.2.el8_0.aarch64.rpm
kernel-cross-headers-4.18.0-80.11.2.el8_0.aarch64.rpm
kernel-debug-4.18.0-80.11.2.el8_0.aarch64.rpm
kernel-debug-core-4.18.0-80.11.2.el8_0.aarch64.rpm
kernel-debug-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm
kernel-debug-devel-4.18.0-80.11.2.el8_0.aarch64.rpm
kernel-debug-modules-4.18.0-80.11.2.el8_0.aarch64.rpm
kernel-debug-modules-extra-4.18.0-80.11.2.el8_0.aarch64.rpm
kernel-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-80.11.2.el8_0.aarch64.rpm
kernel-devel-4.18.0-80.11.2.el8_0.aarch64.rpm
kernel-headers-4.18.0-80.11.2.el8_0.aarch64.rpm
kernel-modules-4.18.0-80.11.2.el8_0.aarch64.rpm
kernel-modules-extra-4.18.0-80.11.2.el8_0.aarch64.rpm
kernel-tools-4.18.0-80.11.2.el8_0.aarch64.rpm
kernel-tools-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm
kernel-tools-libs-4.18.0-80.11.2.el8_0.aarch64.rpm
perf-4.18.0-80.11.2.el8_0.aarch64.rpm
perf-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm
python3-perf-4.18.0-80.11.2.el8_0.aarch64.rpm
python3-perf-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm
noarch:
kernel-abi-whitelists-4.18.0-80.11.2.el8_0.noarch.rpm
kernel-doc-4.18.0-80.11.2.el8_0.noarch.rpm
ppc64le:
bpftool-4.18.0-80.11.2.el8_0.ppc64le.rpm
bpftool-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm
kernel-4.18.0-80.11.2.el8_0.ppc64le.rpm
kernel-core-4.18.0-80.11.2.el8_0.ppc64le.rpm
kernel-cross-headers-4.18.0-80.11.2.el8_0.ppc64le.rpm
kernel-debug-4.18.0-80.11.2.el8_0.ppc64le.rpm
kernel-debug-core-4.18.0-80.11.2.el8_0.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm
kernel-debug-devel-4.18.0-80.11.2.el8_0.ppc64le.rpm
kernel-debug-modules-4.18.0-80.11.2.el8_0.ppc64le.rpm
kernel-debug-modules-extra-4.18.0-80.11.2.el8_0.ppc64le.rpm
kernel-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-80.11.2.el8_0.ppc64le.rpm
kernel-devel-4.18.0-80.11.2.el8_0.ppc64le.rpm
kernel-headers-4.18.0-80.11.2.el8_0.ppc64le.rpm
kernel-modules-4.18.0-80.11.2.el8_0.ppc64le.rpm
kernel-modules-extra-4.18.0-80.11.2.el8_0.ppc64le.rpm
kernel-tools-4.18.0-80.11.2.el8_0.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm
kernel-tools-libs-4.18.0-80.11.2.el8_0.ppc64le.rpm
perf-4.18.0-80.11.2.el8_0.ppc64le.rpm
perf-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm
python3-perf-4.18.0-80.11.2.el8_0.ppc64le.rpm
python3-perf-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm
s390x:
bpftool-4.18.0-80.11.2.el8_0.s390x.rpm
bpftool-debuginfo-4.18.0-80.11.2.el8_0.s390x.rpm
kernel-4.18.0-80.11.2.el8_0.s390x.rpm
kernel-core-4.18.0-80.11.2.el8_0.s390x.rpm
kernel-cross-headers-4.18.0-80.11.2.el8_0.s390x.rpm
kernel-debug-4.18.0-80.11.2.el8_0.s390x.rpm
kernel-debug-core-4.18.0-80.11.2.el8_0.s390x.rpm
kernel-debug-debuginfo-4.18.0-80.11.2.el8_0.s390x.rpm
kernel-debug-devel-4.18.0-80.11.2.el8_0.s390x.rpm
kernel-debug-modules-4.18.0-80.11.2.el8_0.s390x.rpm
kernel-debug-modules-extra-4.18.0-80.11.2.el8_0.s390x.rpm
kernel-debuginfo-4.18.0-80.11.2.el8_0.s390x.rpm
kernel-debuginfo-common-s390x-4.18.0-80.11.2.el8_0.s390x.rpm
kernel-devel-4.18.0-80.11.2.el8_0.s390x.rpm
kernel-headers-4.18.0-80.11.2.el8_0.s390x.rpm
kernel-modules-4.18.0-80.11.2.el8_0.s390x.rpm
kernel-modules-extra-4.18.0-80.11.2.el8_0.s390x.rpm
kernel-tools-4.18.0-80.11.2.el8_0.s390x.rpm
kernel-tools-debuginfo-4.18.0-80.11.2.el8_0.s390x.rpm
kernel-zfcpdump-4.18.0-80.11.2.el8_0.s390x.rpm
kernel-zfcpdump-core-4.18.0-80.11.2.el8_0.s390x.rpm
kernel-zfcpdump-debuginfo-4.18.0-80.11.2.el8_0.s390x.rpm
kernel-zfcpdump-devel-4.18.0-80.11.2.el8_0.s390x.rpm
kernel-zfcpdump-modules-4.18.0-80.11.2.el8_0.s390x.rpm
kernel-zfcpdump-modules-extra-4.18.0-80.11.2.el8_0.s390x.rpm
perf-4.18.0-80.11.2.el8_0.s390x.rpm
perf-debuginfo-4.18.0-80.11.2.el8_0.s390x.rpm
python3-perf-4.18.0-80.11.2.el8_0.s390x.rpm
python3-perf-debuginfo-4.18.0-80.11.2.el8_0.s390x.rpm
x86_64:
bpftool-4.18.0-80.11.2.el8_0.x86_64.rpm
bpftool-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm
kernel-4.18.0-80.11.2.el8_0.x86_64.rpm
kernel-core-4.18.0-80.11.2.el8_0.x86_64.rpm
kernel-cross-headers-4.18.0-80.11.2.el8_0.x86_64.rpm
kernel-debug-4.18.0-80.11.2.el8_0.x86_64.rpm
kernel-debug-core-4.18.0-80.11.2.el8_0.x86_64.rpm
kernel-debug-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm
kernel-debug-devel-4.18.0-80.11.2.el8_0.x86_64.rpm
kernel-debug-modules-4.18.0-80.11.2.el8_0.x86_64.rpm
kernel-debug-modules-extra-4.18.0-80.11.2.el8_0.x86_64.rpm
kernel-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-80.11.2.el8_0.x86_64.rpm
kernel-devel-4.18.0-80.11.2.el8_0.x86_64.rpm
kernel-headers-4.18.0-80.11.2.el8_0.x86_64.rpm
kernel-modules-4.18.0-80.11.2.el8_0.x86_64.rpm
kernel-modules-extra-4.18.0-80.11.2.el8_0.x86_64.rpm
kernel-tools-4.18.0-80.11.2.el8_0.x86_64.rpm
kernel-tools-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm
kernel-tools-libs-4.18.0-80.11.2.el8_0.x86_64.rpm
perf-4.18.0-80.11.2.el8_0.x86_64.rpm
perf-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm
python3-perf-4.18.0-80.11.2.el8_0.x86_64.rpm
python3-perf-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
aarch64:
bpftool-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm
kernel-debug-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm
kernel-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-80.11.2.el8_0.aarch64.rpm
kernel-tools-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm
kernel-tools-libs-devel-4.18.0-80.11.2.el8_0.aarch64.rpm
perf-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm
python3-perf-debuginfo-4.18.0-80.11.2.el8_0.aarch64.rpm
ppc64le:
bpftool-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm
kernel-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-80.11.2.el8_0.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm
kernel-tools-libs-devel-4.18.0-80.11.2.el8_0.ppc64le.rpm
perf-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm
python3-perf-debuginfo-4.18.0-80.11.2.el8_0.ppc64le.rpm
x86_64:
bpftool-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm
kernel-debug-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm
kernel-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-80.11.2.el8_0.x86_64.rpm
kernel-tools-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm
kernel-tools-libs-devel-4.18.0-80.11.2.el8_0.x86_64.rpm
perf-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm
python3-perf-debuginfo-4.18.0-80.11.2.el8_0.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-14835
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/kernel-vhost
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXYRyKtzjgjWX9erEAQhWKA/+O7d0A+wKr2L02A769aZ4hhvThGV4FiAb
qJkdICzjo0zfO+icMwh/Lg4UjMAbGvVhdEL6/WfU+xACdg4SOVgWhxTGVfmwEuF5
Rs6MGTtFLYKnZbkqNSUw2EoEzi4wLdjiwyGxcA+9rdRIwhl/Lb2HAfUyVIdGZhIh
Oh280wV8DlnX7rvyz6TSuE0u2K6IBvThN+j6CWvpCisRL5MuVRfCiOFVVxiFa1j+
uPDYDhxnPFSEtHDnr7C0Fr59FMa1NMT0fDPBMRIPCDJ/MnJeo02FA8DkachQbzUA
qvbwzk8dyaq0v2mSDNaH3sN8dKQ5vMKCelOMa3c5FOIUoJhxkWLkEYD3RtGr6kxX
VoiP6NG63I3CwnxYjddZGn7G0adseSuwedlZ/B4V1chTLbPdopoM+pxrJQHpY7ga
2aJYXDrFwTbU8HliG+LkgKvLCtI3ptf6qHCb070U5hw+XOlf/nSpki8Pa7BM3lp/
muWJ3TSyojpHYaJV1T2SqM1r2lFnFMVURNmFD49aFZE02ALN87g66TLMwtWitNX9
oc/vPhaJ9gMLHuJrwYZ48oK9pGAByD700yAbKgYaDKkr0O7AO+V9s2iVqW35yhGb
KFi2pdKuPzdo8fNxZgJNyg+TzevVzIeTe5Q2lMi5Org3xHPSFJ6mRDzCEtTYLHXw
Fqv6jGsNmLA=
=HURW
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel-rt security update
Advisory ID: RHSA-2019:2828-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2828
Issue date: 2019-09-20
CVE Names: CVE-2019-14835
=====================================================================
1. Summary:
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Real Time (v. 8) - x86_64
Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64
3. Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* A buffer overflow flaw was found in the way Linux kernel's vhost
functionality that translates virtqueue buffers to IOVs, logged the buffer
descriptors during migration. A privileged guest user able to pass
descriptors with invalid length to the host when migration is underway,
could use this flaw to increase their privileges on the host.
(CVE-2019-14835)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration
6. Package List:
Red Hat Enterprise Linux Real Time for NFV (v. 8):
Source:
kernel-rt-4.18.0-80.11.2.rt9.157.el8_0.src.rpm
x86_64:
kernel-rt-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-core-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-debug-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-debug-core-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-debug-devel-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-debug-kvm-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-debug-modules-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-debuginfo-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-devel-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-kvm-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-kvm-debuginfo-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-modules-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-modules-extra-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
Red Hat Enterprise Linux Real Time (v. 8):
Source:
kernel-rt-4.18.0-80.11.2.rt9.157.el8_0.src.rpm
x86_64:
kernel-rt-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-core-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-debug-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-debug-core-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-debug-devel-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-debug-modules-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-debuginfo-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-devel-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-kvm-debuginfo-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-modules-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
kernel-rt-modules-extra-4.18.0-80.11.2.rt9.157.el8_0.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-14835
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/kernel-vhost
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXYRxO9zjgjWX9erEAQg5rw//aJFVakn5Vwe+PMobtD3fNT2F/Mrgy4xr
aj5k9TYOo8d/41ydZcwixxyQIW5dasacKRVH31OQiV+dAHcEQNOqJob+7azcvVUU
b1H0+AOQHwkBFgchLTzcaT1f0TGsuEZoY6dqoZ0CwFwO17f0tRvmu4Sl4MEj8vJK
/ZcveC0QT/yLj4ai23UVs+Sg0lBh9n9HU6CaT8u6694KaxZWT2RTt4qiaGIcdqtK
NvC+tY+i7v0upkv48956CXbYpyk9KZl0wpsn60GmVGuBOsPApbnE1dBnkuzzkhUY
06/nLyyZKpNNT/XuHBARSEX3AUE2QQ2p/mBzUADSjTGdc7Q1AF0B2qxPfJtpkGAx
ObNW/SDmPRhOtlBuDDClPIGsVRWRrafhn6MtwFgeyufvQK6ANBIPQMHZJ3xbnfJU
DsW6ODHjg/ZPWypFMFeoG0pWuCEWz6NbvL/GDJNx6flXF/+fi2RvOlaMY+W97MWW
ckbeKugKttFX9peiLkRRFltGDOw+6UCBSLffmBzot9GXdRs3TPCf6e9W49Sagae5
7YziV8K7eM+krDRyq0dfoiGzwAy0mOdNH2Kn5xTokPFTNgeCGpHIix3G93HHFO+y
MMLvqr5vtpIb23ft9gS7VLE60yIWc4he5TOMNTK+SXNTHGsY0wgqu03AJwhB4Qz1
8uZZrorxTQc=
=C609
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security update
Advisory ID: RHSA-2019:2829-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2829
Issue date: 2019-09-20
CVE Names: CVE-2019-14835
=====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* A buffer overflow flaw was found in the way Linux kernel's vhost
functionality that translates virtqueue buffers to IOVs, logged the buffer
descriptors during migration. A privileged guest user able to pass
descriptors with invalid length to the host when migration is underway,
could use this flaw to increase their privileges on the host.
(CVE-2019-14835)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
kernel-3.10.0-1062.1.2.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1062.1.2.el7.noarch.rpm
kernel-doc-3.10.0-1062.1.2.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1062.1.2.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debug-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-devel-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-headers-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-tools-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.1.2.el7.x86_64.rpm
perf-3.10.0-1062.1.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
python-perf-3.10.0-1062.1.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.1.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
kernel-3.10.0-1062.1.2.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1062.1.2.el7.noarch.rpm
kernel-doc-3.10.0-1062.1.2.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1062.1.2.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debug-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-devel-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-headers-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-tools-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.1.2.el7.x86_64.rpm
perf-3.10.0-1062.1.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
python-perf-3.10.0-1062.1.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.1.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
kernel-3.10.0-1062.1.2.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1062.1.2.el7.noarch.rpm
kernel-doc-3.10.0-1062.1.2.el7.noarch.rpm
ppc64:
bpftool-3.10.0-1062.1.2.el7.ppc64.rpm
bpftool-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
kernel-3.10.0-1062.1.2.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-1062.1.2.el7.ppc64.rpm
kernel-debug-3.10.0-1062.1.2.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
kernel-debug-devel-3.10.0-1062.1.2.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1062.1.2.el7.ppc64.rpm
kernel-devel-3.10.0-1062.1.2.el7.ppc64.rpm
kernel-headers-3.10.0-1062.1.2.el7.ppc64.rpm
kernel-tools-3.10.0-1062.1.2.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
kernel-tools-libs-3.10.0-1062.1.2.el7.ppc64.rpm
perf-3.10.0-1062.1.2.el7.ppc64.rpm
perf-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
python-perf-3.10.0-1062.1.2.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
ppc64le:
bpftool-3.10.0-1062.1.2.el7.ppc64le.rpm
bpftool-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
kernel-3.10.0-1062.1.2.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-1062.1.2.el7.ppc64le.rpm
kernel-debug-3.10.0-1062.1.2.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1062.1.2.el7.ppc64le.rpm
kernel-devel-3.10.0-1062.1.2.el7.ppc64le.rpm
kernel-headers-3.10.0-1062.1.2.el7.ppc64le.rpm
kernel-tools-3.10.0-1062.1.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-1062.1.2.el7.ppc64le.rpm
perf-3.10.0-1062.1.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
python-perf-3.10.0-1062.1.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
s390x:
bpftool-3.10.0-1062.1.2.el7.s390x.rpm
bpftool-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm
kernel-3.10.0-1062.1.2.el7.s390x.rpm
kernel-debug-3.10.0-1062.1.2.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm
kernel-debug-devel-3.10.0-1062.1.2.el7.s390x.rpm
kernel-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-1062.1.2.el7.s390x.rpm
kernel-devel-3.10.0-1062.1.2.el7.s390x.rpm
kernel-headers-3.10.0-1062.1.2.el7.s390x.rpm
kernel-kdump-3.10.0-1062.1.2.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm
kernel-kdump-devel-3.10.0-1062.1.2.el7.s390x.rpm
perf-3.10.0-1062.1.2.el7.s390x.rpm
perf-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm
python-perf-3.10.0-1062.1.2.el7.s390x.rpm
python-perf-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm
x86_64:
bpftool-3.10.0-1062.1.2.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debug-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-devel-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-headers-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-tools-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.1.2.el7.x86_64.rpm
perf-3.10.0-1062.1.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
python-perf-3.10.0-1062.1.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
bpftool-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1062.1.2.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-1062.1.2.el7.ppc64.rpm
perf-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
ppc64le:
bpftool-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-1062.1.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1062.1.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-1062.1.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
x86_64:
bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.1.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
kernel-3.10.0-1062.1.2.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1062.1.2.el7.noarch.rpm
kernel-doc-3.10.0-1062.1.2.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1062.1.2.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debug-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-devel-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-headers-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-tools-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.1.2.el7.x86_64.rpm
perf-3.10.0-1062.1.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
python-perf-3.10.0-1062.1.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.1.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-14835
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/kernel-vhost
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXYSDiNzjgjWX9erEAQiVUQ/9EzNEE3VBb1tjfASE0BrtTQXPGV5OD0jF
xgNeuTZt7X15behgUtLM3tDg3eiPYZnEErojpJr52sh7Jz1J2GuVajbVpUtaW2Wm
P+iI+zmtzhdUPns6zbuV4Qkyk0Q2WNxt1RLMcZeXtDMKiYN7Tj34wmF2aKhvAB6i
Du+8LiPcsU84XcyT5z4lnG/iRCw1CqHvuVj7oJNQCWGC3X3Am6hkmuZ3Y1I5+cI8
mqJIb+aEbvVnAzDLdyl9JoTOPy+e5X0wHLiTEwKgp6k6IaWdVoPoxcrx4M8TPPbN
7A8Q7KrLAqeDNkft8YKmYgO3alE7915/FaRcpzAoPlBlot/OvCeiwP0qPjQ9ki0C
JrOk98DYgRD0OxLfXoe4mMfYyh+yb+Q3APxjv6r75RJuxXIQGHMgo8EWVRNkA7Je
2CMFtk2J1x/eiQnRN/UbEri6oDc9LIC6o4eANEm1hNPNoYi66xPDeTMiwua79q0n
SnPLqXjjm0jDft7XOvv/5H9AuaRjurZLzMf6a08OouxCkzM8t1iRCnBrVTAW+AqW
j/0eZz+ElMoM4xTtzM1aZit+0dy0wVbTdeCpbVJQre89Z2iA1exdgptnO+8/oLa3
XnWaluoWVObovE4ev0czx8ML9oJ13gVglU2Zme3Uzian48/2+/bgJHrjr3J+GLYG
6PiQ0CEHbCQ=
=V1EB
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel-alt security update
Advisory ID: RHSA-2019:2862-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2862
Issue date: 2019-09-23
CVE Names: CVE-2019-14835
=====================================================================
1. Summary:
An update for kernel-alt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le
3. Description:
The kernel-alt packages provide the Linux kernel version 4.x.
Security Fix(es):
* A buffer overflow flaw was found in the way Linux kernel's vhost
functionality that translates virtqueue buffers to IOVs, logged the buffer
descriptors during migration. A privileged guest user able to pass
descriptors with invalid length to the host when migration is underway,
could use this flaw to increase their privileges on the host.
(CVE-2019-14835)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration
6. Package List:
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source:
kernel-alt-4.14.0-115.13.1.el7a.src.rpm
aarch64:
kernel-4.14.0-115.13.1.el7a.aarch64.rpm
kernel-debug-4.14.0-115.13.1.el7a.aarch64.rpm
kernel-debug-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm
kernel-debug-devel-4.14.0-115.13.1.el7a.aarch64.rpm
kernel-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm
kernel-debuginfo-common-aarch64-4.14.0-115.13.1.el7a.aarch64.rpm
kernel-devel-4.14.0-115.13.1.el7a.aarch64.rpm
kernel-headers-4.14.0-115.13.1.el7a.aarch64.rpm
kernel-tools-4.14.0-115.13.1.el7a.aarch64.rpm
kernel-tools-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm
kernel-tools-libs-4.14.0-115.13.1.el7a.aarch64.rpm
perf-4.14.0-115.13.1.el7a.aarch64.rpm
perf-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm
python-perf-4.14.0-115.13.1.el7a.aarch64.rpm
python-perf-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm
noarch:
kernel-abi-whitelists-4.14.0-115.13.1.el7a.noarch.rpm
kernel-doc-4.14.0-115.13.1.el7a.noarch.rpm
ppc64le:
kernel-4.14.0-115.13.1.el7a.ppc64le.rpm
kernel-bootwrapper-4.14.0-115.13.1.el7a.ppc64le.rpm
kernel-debug-4.14.0-115.13.1.el7a.ppc64le.rpm
kernel-debug-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm
kernel-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.14.0-115.13.1.el7a.ppc64le.rpm
kernel-devel-4.14.0-115.13.1.el7a.ppc64le.rpm
kernel-headers-4.14.0-115.13.1.el7a.ppc64le.rpm
kernel-tools-4.14.0-115.13.1.el7a.ppc64le.rpm
kernel-tools-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm
kernel-tools-libs-4.14.0-115.13.1.el7a.ppc64le.rpm
perf-4.14.0-115.13.1.el7a.ppc64le.rpm
perf-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm
python-perf-4.14.0-115.13.1.el7a.ppc64le.rpm
python-perf-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm
s390x:
kernel-4.14.0-115.13.1.el7a.s390x.rpm
kernel-debug-4.14.0-115.13.1.el7a.s390x.rpm
kernel-debug-debuginfo-4.14.0-115.13.1.el7a.s390x.rpm
kernel-debug-devel-4.14.0-115.13.1.el7a.s390x.rpm
kernel-debuginfo-4.14.0-115.13.1.el7a.s390x.rpm
kernel-debuginfo-common-s390x-4.14.0-115.13.1.el7a.s390x.rpm
kernel-devel-4.14.0-115.13.1.el7a.s390x.rpm
kernel-headers-4.14.0-115.13.1.el7a.s390x.rpm
kernel-kdump-4.14.0-115.13.1.el7a.s390x.rpm
kernel-kdump-debuginfo-4.14.0-115.13.1.el7a.s390x.rpm
kernel-kdump-devel-4.14.0-115.13.1.el7a.s390x.rpm
perf-4.14.0-115.13.1.el7a.s390x.rpm
perf-debuginfo-4.14.0-115.13.1.el7a.s390x.rpm
python-perf-4.14.0-115.13.1.el7a.s390x.rpm
python-perf-debuginfo-4.14.0-115.13.1.el7a.s390x.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64:
kernel-debug-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm
kernel-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm
kernel-debuginfo-common-aarch64-4.14.0-115.13.1.el7a.aarch64.rpm
kernel-tools-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm
kernel-tools-libs-devel-4.14.0-115.13.1.el7a.aarch64.rpm
perf-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm
python-perf-debuginfo-4.14.0-115.13.1.el7a.aarch64.rpm
noarch:
kernel-doc-4.14.0-115.13.1.el7a.noarch.rpm
ppc64le:
kernel-debug-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm
kernel-debug-devel-4.14.0-115.13.1.el7a.ppc64le.rpm
kernel-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.14.0-115.13.1.el7a.ppc64le.rpm
kernel-tools-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm
kernel-tools-libs-devel-4.14.0-115.13.1.el7a.ppc64le.rpm
perf-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm
python-perf-debuginfo-4.14.0-115.13.1.el7a.ppc64le.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-14835
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/kernel-vhost
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXYiNHdzjgjWX9erEAQiw5A//WQ7wrXYMMJrlQf/DRD+LVyG10ADgio+i
BXJQvAFnQGk4hoAI5jF1b6BRyCcp3WB+WM523Ak/xQF1MN3Eo4kjKoOrOTcLiFtB
0LDZNC8i+OqfYYXo5TJCdlBkDerksx+tmLl4+XPk7PnZk5jY8BJQH1iZ+UGM3ZBU
1fvxotfg0yZtKYVX1j6dWVQ0BNVS1ep3mZ1OHIh+VZFqU81gM3jiK+LXyZvJ469J
ZaTmu230i9LWS9ns1hOKlB/veV85m+R53MzAHUTUHofyMt8lPixoyiJ45yQw+vS4
U/38tXwoPxV7A+PWTGvn7gGrzPnK+2if6HNoSHs1E+fb8GCf7HbWZz2VTRSjroVT
IsvwNbQrsccVkhV7vqZW7hUvYcVWxwJW8h+X3rKJl3qcmMQlhJYuBOGcxAhIhuIN
q/E9MVOAKlItOPc9WfVBoI3U6KcSI5si5wdDpcXG8BKrLPaEzxXEU1dg2eebWaVV
04d/E7WjEUSw0fILu//YsudAzkML6QwdpMIzzccdWH9ogvwRha2lgUelD5HFh/uy
+xFWbV7gtjtFChQrvHf7BnyAEArBBJkGbjO8wDSrH6BzqUQ0oz8ILDEaDWqISdoA
d7kx/DbhNvyzRzE7PyB+1EP2PgayTXzIog87xQPf7h1YW7FPo6qYPbVaNmaEDpnP
OjUlwO1Zksk=
=LI/7
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security update
Advisory ID: RHSA-2019:2863-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2863
Issue date: 2019-09-23
CVE Names: CVE-2019-14835
=====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* A buffer overflow flaw was found in the way Linux kernel's vhost
functionality that translates virtqueue buffers to IOVs, logged the buffer
descriptors during migration. A privileged guest user able to pass
descriptors with invalid length to the host when migration is underway,
could use this flaw to increase their privileges on the host.
(CVE-2019-14835)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
kernel-2.6.32-754.23.1.el6.src.rpm
i386:
kernel-2.6.32-754.23.1.el6.i686.rpm
kernel-debug-2.6.32-754.23.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm
kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm
kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm
kernel-devel-2.6.32-754.23.1.el6.i686.rpm
kernel-headers-2.6.32-754.23.1.el6.i686.rpm
perf-2.6.32-754.23.1.el6.i686.rpm
perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
noarch:
kernel-abi-whitelists-2.6.32-754.23.1.el6.noarch.rpm
kernel-doc-2.6.32-754.23.1.el6.noarch.rpm
kernel-firmware-2.6.32-754.23.1.el6.noarch.rpm
x86_64:
kernel-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debug-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm
kernel-debug-devel-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm
kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm
kernel-devel-2.6.32-754.23.1.el6.x86_64.rpm
kernel-headers-2.6.32-754.23.1.el6.x86_64.rpm
perf-2.6.32-754.23.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386:
kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm
kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm
perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
python-perf-2.6.32-754.23.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
x86_64:
kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
python-perf-2.6.32-754.23.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
kernel-2.6.32-754.23.1.el6.src.rpm
noarch:
kernel-abi-whitelists-2.6.32-754.23.1.el6.noarch.rpm
kernel-doc-2.6.32-754.23.1.el6.noarch.rpm
kernel-firmware-2.6.32-754.23.1.el6.noarch.rpm
x86_64:
kernel-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debug-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm
kernel-debug-devel-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm
kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm
kernel-devel-2.6.32-754.23.1.el6.x86_64.rpm
kernel-headers-2.6.32-754.23.1.el6.x86_64.rpm
perf-2.6.32-754.23.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
python-perf-2.6.32-754.23.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
kernel-2.6.32-754.23.1.el6.src.rpm
i386:
kernel-2.6.32-754.23.1.el6.i686.rpm
kernel-debug-2.6.32-754.23.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm
kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm
kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm
kernel-devel-2.6.32-754.23.1.el6.i686.rpm
kernel-headers-2.6.32-754.23.1.el6.i686.rpm
perf-2.6.32-754.23.1.el6.i686.rpm
perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
noarch:
kernel-abi-whitelists-2.6.32-754.23.1.el6.noarch.rpm
kernel-doc-2.6.32-754.23.1.el6.noarch.rpm
kernel-firmware-2.6.32-754.23.1.el6.noarch.rpm
ppc64:
kernel-2.6.32-754.23.1.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-754.23.1.el6.ppc64.rpm
kernel-debug-2.6.32-754.23.1.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm
kernel-debug-devel-2.6.32-754.23.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-754.23.1.el6.ppc64.rpm
kernel-devel-2.6.32-754.23.1.el6.ppc64.rpm
kernel-headers-2.6.32-754.23.1.el6.ppc64.rpm
perf-2.6.32-754.23.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm
s390x:
kernel-2.6.32-754.23.1.el6.s390x.rpm
kernel-debug-2.6.32-754.23.1.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-754.23.1.el6.s390x.rpm
kernel-debug-devel-2.6.32-754.23.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-754.23.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-754.23.1.el6.s390x.rpm
kernel-devel-2.6.32-754.23.1.el6.s390x.rpm
kernel-headers-2.6.32-754.23.1.el6.s390x.rpm
kernel-kdump-2.6.32-754.23.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-754.23.1.el6.s390x.rpm
kernel-kdump-devel-2.6.32-754.23.1.el6.s390x.rpm
perf-2.6.32-754.23.1.el6.s390x.rpm
perf-debuginfo-2.6.32-754.23.1.el6.s390x.rpm
python-perf-debuginfo-2.6.32-754.23.1.el6.s390x.rpm
x86_64:
kernel-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debug-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm
kernel-debug-devel-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm
kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm
kernel-devel-2.6.32-754.23.1.el6.x86_64.rpm
kernel-headers-2.6.32-754.23.1.el6.x86_64.rpm
perf-2.6.32-754.23.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386:
kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm
kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm
perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
python-perf-2.6.32-754.23.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
ppc64:
kernel-debug-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-754.23.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm
python-perf-2.6.32-754.23.1.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm
s390x:
kernel-debug-debuginfo-2.6.32-754.23.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-754.23.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-754.23.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-754.23.1.el6.s390x.rpm
perf-debuginfo-2.6.32-754.23.1.el6.s390x.rpm
python-perf-2.6.32-754.23.1.el6.s390x.rpm
python-perf-debuginfo-2.6.32-754.23.1.el6.s390x.rpm
x86_64:
kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
python-perf-2.6.32-754.23.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
kernel-2.6.32-754.23.1.el6.src.rpm
i386:
kernel-2.6.32-754.23.1.el6.i686.rpm
kernel-debug-2.6.32-754.23.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm
kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm
kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm
kernel-devel-2.6.32-754.23.1.el6.i686.rpm
kernel-headers-2.6.32-754.23.1.el6.i686.rpm
perf-2.6.32-754.23.1.el6.i686.rpm
perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
noarch:
kernel-abi-whitelists-2.6.32-754.23.1.el6.noarch.rpm
kernel-doc-2.6.32-754.23.1.el6.noarch.rpm
kernel-firmware-2.6.32-754.23.1.el6.noarch.rpm
x86_64:
kernel-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debug-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm
kernel-debug-devel-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm
kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm
kernel-devel-2.6.32-754.23.1.el6.x86_64.rpm
kernel-headers-2.6.32-754.23.1.el6.x86_64.rpm
perf-2.6.32-754.23.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386:
kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm
kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm
perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
python-perf-2.6.32-754.23.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
x86_64:
kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
python-perf-2.6.32-754.23.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-14835
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/kernel-vhost
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXYiPr9zjgjWX9erEAQjN1A/+IHOdg8Beicp8yr78sUumJ7+hE87hxu0f
TCubCbjezezlvYlEfTcCz0nCF6HvcETrxNA6yj70lVLL6zc/ink1/EV7IaIis4f7
pQ5eO6pc8d0jm0x4k5y5Kjif0bxROUJeSvuI6p3nfhDZkXH5rswlfZC3/GlzVrpY
CJWDWWYdcOlK6KYCai/AZTPVGL2qOvtIma7tbYfhXyyexk48S/mYIgwVKyH2MYG/
sYVoZQRuq9cT9Obl0y/O9LcG3RJ6+JAhC5+FvU3zcbndT+32SEeKKlmbSSEYuFmE
SFRRWDiZX1uhElW/K7nYrRTN87bJZ0wgIOvXauQmWMwS1NAuelQIqOQ3NAXG8oYz
A/wOPkILOHI352z8/Dm+p/Po6Ql/PUPZBT+GYmLv+Mju0pckg/7OLLqHqFUGwEey
J0rSl9OaePNyOmUdPYOAOKPrwRnLHArG3kSKzLDnW2T1MQX0/51tDgasxptS1ekQ
S8mvrKJoqc7Vlghx3jZ854/Uegx6J7eUlQmuSWvZGAM6sR9826TzpQHag2am1sUt
JtAjh9Zv4f+C292ltjLRtp2zuKmYQNcDCl8NoustAi7SXvYcAYr5uSXDMc+BajIa
MY2jtvyVIyGHpf4jkoDBtTLtmhIyhU+fs1MEF9SI0nvbveqMMzJFXXs6ExOy0OBI
1XpQhVd4g6E=
=hfEj
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security update
Advisory ID: RHSA-2019:2864-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2864
Issue date: 2019-09-23
CVE Names: CVE-2019-14835
=====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.6
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* A buffer overflow flaw was found in the way Linux kernel's vhost
functionality that translates virtqueue buffers to IOVs, logged the buffer
descriptors during migration. A privileged guest user able to pass
descriptors with invalid length to the host when migration is underway,
could use this flaw to increase their privileges on the host.
(CVE-2019-14835)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration
6. Package List:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.6):
Source:
kernel-3.10.0-957.35.2.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-957.35.2.el7.noarch.rpm
kernel-doc-3.10.0-957.35.2.el7.noarch.rpm
x86_64:
bpftool-3.10.0-957.35.2.el7.x86_64.rpm
kernel-3.10.0-957.35.2.el7.x86_64.rpm
kernel-debug-3.10.0-957.35.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-957.35.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.35.2.el7.x86_64.rpm
kernel-devel-3.10.0-957.35.2.el7.x86_64.rpm
kernel-headers-3.10.0-957.35.2.el7.x86_64.rpm
kernel-tools-3.10.0-957.35.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-957.35.2.el7.x86_64.rpm
perf-3.10.0-957.35.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm
python-perf-3.10.0-957.35.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):
x86_64:
kernel-debug-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.35.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-957.35.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.6):
Source:
kernel-3.10.0-957.35.2.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-957.35.2.el7.noarch.rpm
kernel-doc-3.10.0-957.35.2.el7.noarch.rpm
ppc64:
kernel-3.10.0-957.35.2.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-957.35.2.el7.ppc64.rpm
kernel-debug-3.10.0-957.35.2.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm
kernel-debug-devel-3.10.0-957.35.2.el7.ppc64.rpm
kernel-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-957.35.2.el7.ppc64.rpm
kernel-devel-3.10.0-957.35.2.el7.ppc64.rpm
kernel-headers-3.10.0-957.35.2.el7.ppc64.rpm
kernel-tools-3.10.0-957.35.2.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm
kernel-tools-libs-3.10.0-957.35.2.el7.ppc64.rpm
perf-3.10.0-957.35.2.el7.ppc64.rpm
perf-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm
python-perf-3.10.0-957.35.2.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm
ppc64le:
kernel-3.10.0-957.35.2.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-957.35.2.el7.ppc64le.rpm
kernel-debug-3.10.0-957.35.2.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-957.35.2.el7.ppc64le.rpm
kernel-devel-3.10.0-957.35.2.el7.ppc64le.rpm
kernel-headers-3.10.0-957.35.2.el7.ppc64le.rpm
kernel-tools-3.10.0-957.35.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-957.35.2.el7.ppc64le.rpm
perf-3.10.0-957.35.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm
python-perf-3.10.0-957.35.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm
s390x:
kernel-3.10.0-957.35.2.el7.s390x.rpm
kernel-debug-3.10.0-957.35.2.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-957.35.2.el7.s390x.rpm
kernel-debug-devel-3.10.0-957.35.2.el7.s390x.rpm
kernel-debuginfo-3.10.0-957.35.2.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-957.35.2.el7.s390x.rpm
kernel-devel-3.10.0-957.35.2.el7.s390x.rpm
kernel-headers-3.10.0-957.35.2.el7.s390x.rpm
kernel-kdump-3.10.0-957.35.2.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-957.35.2.el7.s390x.rpm
kernel-kdump-devel-3.10.0-957.35.2.el7.s390x.rpm
perf-3.10.0-957.35.2.el7.s390x.rpm
perf-debuginfo-3.10.0-957.35.2.el7.s390x.rpm
python-perf-3.10.0-957.35.2.el7.s390x.rpm
python-perf-debuginfo-3.10.0-957.35.2.el7.s390x.rpm
x86_64:
bpftool-3.10.0-957.35.2.el7.x86_64.rpm
kernel-3.10.0-957.35.2.el7.x86_64.rpm
kernel-debug-3.10.0-957.35.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-957.35.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.35.2.el7.x86_64.rpm
kernel-devel-3.10.0-957.35.2.el7.x86_64.rpm
kernel-headers-3.10.0-957.35.2.el7.x86_64.rpm
kernel-tools-3.10.0-957.35.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-957.35.2.el7.x86_64.rpm
perf-3.10.0-957.35.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm
python-perf-3.10.0-957.35.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.6):
ppc64:
kernel-debug-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm
kernel-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-957.35.2.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-957.35.2.el7.ppc64.rpm
perf-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-957.35.2.el7.ppc64.rpm
ppc64le:
kernel-debug-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-957.35.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-957.35.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-957.35.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-957.35.2.el7.ppc64le.rpm
x86_64:
kernel-debug-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.35.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-957.35.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.35.2.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-14835
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/kernel-vhost
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXYivj9zjgjWX9erEAQg9iw/6AiSBlimEJBilI4YaU4OMnj6QLpkgPcZv
pcXpXjUNS1ckzq5N0ndvDSB1VofK+gCrQscTdOr3Ab+O5fLL+NGgKSC3PDdfnMjM
wCQSZkT8j5ZdA0Yl9h0/iqX4i23vbVtjsiTfOdYl591XccoA1MUXDnEHJ+7w5sd3
Ui1tMcfqqGHIHN3S17wfMsnT6gKX1pRvva3E6dB6aGwGWM+ahkQAM27RUzXjM3Yp
ZC8Jy+T6jsEFGwQbb/33GHAgWJ9w8eu1DywxyuSmHTCnLv8pX6rRSWDGxwXEcskv
eENBocsedY78oEUsF+9IiFrdq3R8Af7A4xVIqbqkRPTQqB4y8peIhbJJUkXQBjNV
XNplz+RGFYrVJH7tZZHEzGKebYbFUomXbq3N7wc2V7WDz9kW8CStgd+KjRUa730s
TY38a+ff3N1DP+wRRL9Bu4Dv89qLL+dHUvdv6WNBSULM6uuADe4BLjr25F8CL57w
qzWCyYwo5VbJwDW0RFAWj828bqrQics1ICuY5SAmaX9AIQpYzwiUnCK+tZvBnJBJ
NaeD12H5imuvUZSA7D7olVVojakCuxnM5v+kypaL0jYenYne0Gm9ZecxtSFzo+JW
8LxtVJaTv9urSqfD0ongfJ7YCWchddpk2ldsvd1CnJotHLGsR2J0p3j4JwRSbHWP
FkbnNxvOHHI=
=YEYB
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kpatch-patch security update
Advisory ID: RHSA-2019:2865-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2865
Issue date: 2019-09-23
CVE Names: CVE-2019-14835
=====================================================================
1. Summary:
An update for kpatch-patch is now available for RHEL-7.6.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, x86_64
3. Description:
This is a kernel live patch module which can be loaded by the kpatch
command line utility to modify the code of a running kernel.
Security Fix(es):
* A buffer overflow flaw was found in the way Linux kernel's vhost
functionality that translates virtqueue buffers to IOVs, logged the buffer
descriptors during migration. A privileged guest user able to pass
descriptors with invalid length to the host when migration is underway,
could use this flaw to increase their privileges on the host.
(CVE-2019-14835)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration
6. Package List:
Red Hat Enterprise Linux Server EUS (v. 7.6):
Source:
kpatch-patch-3_10_0-957_35_1-1-1.el7.src.rpm
ppc64le:
kpatch-patch-3_10_0-957_35_1-1-1.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_35_1-debuginfo-1-1.el7.ppc64le.rpm
x86_64:
kpatch-patch-3_10_0-957_35_1-1-1.el7.x86_64.rpm
kpatch-patch-3_10_0-957_35_1-debuginfo-1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-14835
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/kernel-vhost
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXYioTdzjgjWX9erEAQhLtA//ZUVoOexzr8OtvC/Qs5x/qtHVD+f6BFP9
xl5LeZcD9pZ/c56kpmAAVi8VfflAxOyZfwdoR2n4HwxprvOELWdYBuzgdlf5jKNe
HQnvn2jFpeQR6nElurif8RpWn6ChXFcjRvQo+xcVGwKlRa3KGY6k298xhVQUfK3T
9cpWlkVNudmPeuqjc2W1ROJr41WkM7MrIRucxAEfXe1Sewihpso4+X7Kc2c9u0Vg
9/4Yy+fgkOzepKElzpge2ToJA9+/M1x6Brg3XStuNtnefNdnq33Iz68iL7wMMeLs
0BrkhvlSwWXHHqgaNmIcAfxMupXFl9/1MZvJ3TDKhE3pSj1TQfM6AMCVmI5qXgLp
VqhzJGq+xLmuagqI1Vn1fZHmC2rP0fucYof/vBwgHRAGS8Ydqn53wcgXkVCd4JEN
ttWFHu4NVlBcvH/AZmJ4js8qrX485u6NGWIuJiejN6euaq18iVD8tnVkSR2IIu3o
D4RniHUD9Hzwu5wIi3jqBabaTLtDXkowMNEfZFuPo2bk0TyqxORm+4dX6lGwpvna
Vv9UxQmw7ius3KuXfU3K+AcwbLxkWTmp0XKunlN80Uv/imLuoBMwwAwPlDTIvmx9
XT9hubTdtJV3NmQM+fJWHAR0ujtE4l0+kk74lisP5wgOVJP8+ah/0U8AQDa6OnNr
WzYRCxVdxwQ=
=3GED
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security update
Advisory ID: RHSA-2019:2866-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2866
Issue date: 2019-09-23
CVE Names: CVE-2019-14835
=====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.5
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.5) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.5) - ppc64, ppc64le, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* A buffer overflow flaw was found in the way Linux kernel's vhost
functionality that translates virtqueue buffers to IOVs, logged the buffer
descriptors during migration. A privileged guest user able to pass
descriptors with invalid length to the host when migration is underway,
could use this flaw to increase their privileges on the host.
(CVE-2019-14835)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration
6. Package List:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.5):
Source:
kernel-3.10.0-862.41.2.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-862.41.2.el7.noarch.rpm
kernel-doc-3.10.0-862.41.2.el7.noarch.rpm
x86_64:
kernel-3.10.0-862.41.2.el7.x86_64.rpm
kernel-debug-3.10.0-862.41.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.41.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.41.2.el7.x86_64.rpm
kernel-devel-3.10.0-862.41.2.el7.x86_64.rpm
kernel-headers-3.10.0-862.41.2.el7.x86_64.rpm
kernel-tools-3.10.0-862.41.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.41.2.el7.x86_64.rpm
perf-3.10.0-862.41.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm
python-perf-3.10.0-862.41.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5):
x86_64:
kernel-debug-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.41.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.41.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.5):
Source:
kernel-3.10.0-862.41.2.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-862.41.2.el7.noarch.rpm
kernel-doc-3.10.0-862.41.2.el7.noarch.rpm
ppc64:
kernel-3.10.0-862.41.2.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-862.41.2.el7.ppc64.rpm
kernel-debug-3.10.0-862.41.2.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm
kernel-debug-devel-3.10.0-862.41.2.el7.ppc64.rpm
kernel-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-862.41.2.el7.ppc64.rpm
kernel-devel-3.10.0-862.41.2.el7.ppc64.rpm
kernel-headers-3.10.0-862.41.2.el7.ppc64.rpm
kernel-tools-3.10.0-862.41.2.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm
kernel-tools-libs-3.10.0-862.41.2.el7.ppc64.rpm
perf-3.10.0-862.41.2.el7.ppc64.rpm
perf-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm
python-perf-3.10.0-862.41.2.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm
ppc64le:
kernel-3.10.0-862.41.2.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-862.41.2.el7.ppc64le.rpm
kernel-debug-3.10.0-862.41.2.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-862.41.2.el7.ppc64le.rpm
kernel-devel-3.10.0-862.41.2.el7.ppc64le.rpm
kernel-headers-3.10.0-862.41.2.el7.ppc64le.rpm
kernel-tools-3.10.0-862.41.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-862.41.2.el7.ppc64le.rpm
perf-3.10.0-862.41.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm
python-perf-3.10.0-862.41.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm
s390x:
kernel-3.10.0-862.41.2.el7.s390x.rpm
kernel-debug-3.10.0-862.41.2.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-862.41.2.el7.s390x.rpm
kernel-debug-devel-3.10.0-862.41.2.el7.s390x.rpm
kernel-debuginfo-3.10.0-862.41.2.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-862.41.2.el7.s390x.rpm
kernel-devel-3.10.0-862.41.2.el7.s390x.rpm
kernel-headers-3.10.0-862.41.2.el7.s390x.rpm
kernel-kdump-3.10.0-862.41.2.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-862.41.2.el7.s390x.rpm
kernel-kdump-devel-3.10.0-862.41.2.el7.s390x.rpm
perf-3.10.0-862.41.2.el7.s390x.rpm
perf-debuginfo-3.10.0-862.41.2.el7.s390x.rpm
python-perf-3.10.0-862.41.2.el7.s390x.rpm
python-perf-debuginfo-3.10.0-862.41.2.el7.s390x.rpm
x86_64:
kernel-3.10.0-862.41.2.el7.x86_64.rpm
kernel-debug-3.10.0-862.41.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.41.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.41.2.el7.x86_64.rpm
kernel-devel-3.10.0-862.41.2.el7.x86_64.rpm
kernel-headers-3.10.0-862.41.2.el7.x86_64.rpm
kernel-tools-3.10.0-862.41.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.41.2.el7.x86_64.rpm
perf-3.10.0-862.41.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm
python-perf-3.10.0-862.41.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.5):
ppc64:
kernel-debug-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm
kernel-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-862.41.2.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-862.41.2.el7.ppc64.rpm
perf-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-862.41.2.el7.ppc64.rpm
ppc64le:
kernel-debug-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-862.41.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-862.41.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-862.41.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-862.41.2.el7.ppc64le.rpm
x86_64:
kernel-debug-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.41.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.41.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.41.2.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-14835
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/kernel-vhost
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXYiswNzjgjWX9erEAQhd1g//WDRHc/Prfvv6JNbmMdvxJvpXZx3Wc535
/AQUarXoBalyktM8ucRBOg28X4Eq7Y8WF9jbdoyp8iIrirZQdA7+4yEI6O6GnY2m
M3sx6Kw9jbNFxP72zUxOK6hMuR8pimz0RWIdc8vQgfA3UuTyjjfvHjjr361FCRHF
bjRgMl4sOuMbwrxs/h6NgeKVLUw5EoHTrJ6Hc8Vv5wIjyir1bSMH0aikAirkoZ0Y
WtR3Z7lvODMcY4wKXecyVc/xslg1ioZhS9gGsG+TJ2fUMw7sZr5ERccc+1UWGFUa
2knyaFEQUSEYweDEsYm3zR3G75rNljzX8VZaEN/ShQwIA46k8J/Z7Wdy7DC6e66/
FUOKdD8MEjOieoDLfXZpOlBJ1UWBCC8/HYuP7ujFpiCvN7zFBd/HYAIUnhC+y5wg
XHTc05QJbalfHAntTQRzlwS8Uc746PjBlykrWETVFwyVu3u1cfxbSYsP4TA/6yvE
AUK1uea0hbg6RgaceZfyIV8YIaaJB5fmS4Ula4p4ppBf5HuF+L0eRl5zYzhA0Ryl
NSNr5YeIrmCVr6UjEBNZlClSOwi4RN2pQ1VmAcbrsACYuOcKVD1PtoCH087ISIjP
Lej+FZxY423yc9s1/2RxoVIgYwInTzttvauDR8ws4bDmxbPzWrlpT7ciee5kdSQr
jZmQ2x5ylP4=
=z5bF
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security update
Advisory ID: RHSA-2019:2867-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2867
Issue date: 2019-09-23
CVE Names: CVE-2019-14835
=====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.4
Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update
Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP
Solutions.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64
Red Hat Enterprise Linux Server E4S (v. 7.4) - noarch, ppc64le, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64
Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64
Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64
Red Hat Enterprise Linux Server TUS (v. 7.4) - noarch, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* A buffer overflow flaw was found in the way Linux kernel's vhost
functionality that translates virtqueue buffers to IOVs, logged the buffer
descriptors during migration. A privileged guest user able to pass
descriptors with invalid length to the host when migration is underway,
could use this flaw to increase their privileges on the host.
(CVE-2019-14835)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration
6. Package List:
Red Hat Enterprise Linux Server AUS (v. 7.4):
Source:
kernel-3.10.0-693.59.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-693.59.1.el7.noarch.rpm
kernel-doc-3.10.0-693.59.1.el7.noarch.rpm
x86_64:
kernel-3.10.0-693.59.1.el7.x86_64.rpm
kernel-debug-3.10.0-693.59.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.59.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm
kernel-devel-3.10.0-693.59.1.el7.x86_64.rpm
kernel-headers-3.10.0-693.59.1.el7.x86_64.rpm
kernel-tools-3.10.0-693.59.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.59.1.el7.x86_64.rpm
perf-3.10.0-693.59.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
python-perf-3.10.0-693.59.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.4):
Source:
kernel-3.10.0-693.59.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-693.59.1.el7.noarch.rpm
kernel-doc-3.10.0-693.59.1.el7.noarch.rpm
ppc64le:
kernel-3.10.0-693.59.1.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-693.59.1.el7.ppc64le.rpm
kernel-debug-3.10.0-693.59.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-693.59.1.el7.ppc64le.rpm
kernel-devel-3.10.0-693.59.1.el7.ppc64le.rpm
kernel-headers-3.10.0-693.59.1.el7.ppc64le.rpm
kernel-tools-3.10.0-693.59.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-693.59.1.el7.ppc64le.rpm
perf-3.10.0-693.59.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm
python-perf-3.10.0-693.59.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm
x86_64:
kernel-3.10.0-693.59.1.el7.x86_64.rpm
kernel-debug-3.10.0-693.59.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.59.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm
kernel-devel-3.10.0-693.59.1.el7.x86_64.rpm
kernel-headers-3.10.0-693.59.1.el7.x86_64.rpm
kernel-tools-3.10.0-693.59.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.59.1.el7.x86_64.rpm
perf-3.10.0-693.59.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
python-perf-3.10.0-693.59.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.4):
Source:
kernel-3.10.0-693.59.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-693.59.1.el7.noarch.rpm
kernel-doc-3.10.0-693.59.1.el7.noarch.rpm
x86_64:
kernel-3.10.0-693.59.1.el7.x86_64.rpm
kernel-debug-3.10.0-693.59.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.59.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm
kernel-devel-3.10.0-693.59.1.el7.x86_64.rpm
kernel-headers-3.10.0-693.59.1.el7.x86_64.rpm
kernel-tools-3.10.0-693.59.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.59.1.el7.x86_64.rpm
perf-3.10.0-693.59.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
python-perf-3.10.0-693.59.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.4):
x86_64:
kernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.59.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional E4S (v. 7.4):
ppc64le:
kernel-debug-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-693.59.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-693.59.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-693.59.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm
x86_64:
kernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.59.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 7.4):
x86_64:
kernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.59.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-14835
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/kernel-vhost
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXYi86tzjgjWX9erEAQi1YA//SFbLNTK8xgMJM4UXWUDM7d1LMS/f79kZ
C+qG3/+OUqyltICprPUpLQOslAaLgY1C1slkqkxXXgNtfB4rBnE2gkDtSnqe0a7K
60JapVVCpXuJnGozoFusUPgSvy7DM3RJ+xcz4SS6fNIuRGq1bDjOd4E3tcQwk1rh
hqqPwPmY1uJK2y6UWiyF9Q2Dvug5mO2ZKqxgwuZPQyRXg14BVxDfXIY6+8SuuL3j
YLVmCNqpErcoqeIaUAXUbGyATrUwni8J1RY4Q5lNDMq8u31Xlu/CSaEqU5OxtkeB
RvfAuFebnJkUo+YkzouWWKF+eTEhpqxXnPZq2KM8zStGmRpVmreg16THa6CSpi81
HDcsTNKFHsA3QWHosxramg1Z/RYSD+goD0lvnfEVvO4jaUW2f59q2PEu4riM897f
L21luddDijVBYmzAngkrhKR0kiADLmU+p67nZ9EyNrR95XYaaJ6GRb5vSXBEgiXt
vJJn8GuJAI5h13MzO5rAua82xTHxiQc28s5KCbCJFcp3DZo72mDIVE6MfGb1By5e
T1IN17xPN7yVoy/c8WZ89unoNZNXMsTBhcWNNlXsXknALVaYi5i4AtWx3mOLP2gk
c1Z7F9XG8niCTGSLvBs5gSAfjSFNB6YiU6NzX9Zlxb4/hr3HE20S+w3AGnvD2f05
hz6LDDCc4xc=
=hk2d
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2019:2869-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2869
Issue date: 2019-09-23
CVE Names: CVE-2019-14835
=====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 6.6
Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 6.6) - noarch, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* A buffer overflow flaw was found in the way Linux kernel's vhost
functionality that translates virtqueue buffers to IOVs, logged the buffer
descriptors during migration. A privileged guest user able to pass
descriptors with invalid length to the host when migration is underway,
could use this flaw to increase their privileges on the host.
(CVE-2019-14835)
Bug Fix(es):
* fragmented packets timing out (BZ#1741131)
* Backport TCP follow-up for small buffers (BZ#1741143)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration
6. Package List:
Red Hat Enterprise Linux Server AUS (v. 6.6):
Source:
kernel-2.6.32-504.81.2.el6.src.rpm
noarch:
kernel-abi-whitelists-2.6.32-504.81.2.el6.noarch.rpm
kernel-doc-2.6.32-504.81.2.el6.noarch.rpm
kernel-firmware-2.6.32-504.81.2.el6.noarch.rpm
x86_64:
kernel-2.6.32-504.81.2.el6.x86_64.rpm
kernel-debug-2.6.32-504.81.2.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-504.81.2.el6.x86_64.rpm
kernel-debug-devel-2.6.32-504.81.2.el6.x86_64.rpm
kernel-debuginfo-2.6.32-504.81.2.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-504.81.2.el6.x86_64.rpm
kernel-devel-2.6.32-504.81.2.el6.x86_64.rpm
kernel-headers-2.6.32-504.81.2.el6.x86_64.rpm
perf-2.6.32-504.81.2.el6.x86_64.rpm
perf-debuginfo-2.6.32-504.81.2.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-504.81.2.el6.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 6.6):
x86_64:
kernel-debug-debuginfo-2.6.32-504.81.2.el6.x86_64.rpm
kernel-debuginfo-2.6.32-504.81.2.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-504.81.2.el6.x86_64.rpm
perf-debuginfo-2.6.32-504.81.2.el6.x86_64.rpm
python-perf-2.6.32-504.81.2.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-504.81.2.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-14835
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/kernel-vhost
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXYi7gtzjgjWX9erEAQjm+RAAhIAqBvh5J7lx925a0PKvqU5gaQ9smh8c
n2dWD851PIM9YUDxfrVm73Zh2/a87OH5E7DqJzwZ0T+X/UyUtabpr7YGIGJ6NxZP
BwOOpjcFkCGuGGcW+abBrUcOPkznK4XwfjqfcEZSmah9bzG6pbA2jBtVe5OiDWoG
3UdYeCqb37aJ9JJ6/Js0jFT/FiD6hK0Gbhkz7SfSCbOHGmTk9JC3xOb2rAZ0q48i
bjFv9d1ScTCVQlRUQ1+nGYXth0bdaANBAono8XA/HrvJD1ndi9AjwWjIQHaI2m8Z
Q0uUVmFBNq3FV6GUSlsZAWtRMGySbRww0gLkmOQEHE5kIOVq7NSX4yUd3h+h2NLy
xq2V8nuzqd8S17x/Dm79p3X0V3HsXowH1jnE4GzlMhuoj1MqVc0b5hlo6iwGFnPC
BclJVJeD9BFbaxHtMfH4lg/SUBv611NpAsVgYXCvYbocgDouFDttaamzGPt/gsH6
YApQB/dbtL0JI4lZsTUZuqi87VcjhxqZ1AQbd3LtaC2U8yrvrcVyX8Dj+O3ggbKt
tIUwkXC72+9VG0weXGLQdJXObpPQCUvlC1kaR+QCRbb/jxesYfADf5AxLSpt0XVx
AkCvy3TuexOuBbGy84ohnGxvreFuA4qilnkYcmihgtj3rZ6hmBIcZAU7jOPrRmL8
JgtOGWbHo70=
=1Hnq
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: redhat-virtualization-host security update
Advisory ID: RHSA-2019:2889-01
Product: Red Hat Virtualization
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2889
Issue date: 2019-09-24
CVE Names: CVE-2019-14835
=====================================================================
1. Summary:
An update for redhat-release-virtualization-host and
redhat-virtualization-host is now available for Red Hat Virtualization 4
for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
RHEL 7-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64
Red Hat Virtualization 4 Hypervisor for RHEL 7 - noarch
3. Description:
The redhat-virtualization-host packages provide the Red Hat Virtualization
Host. Red Hat Virtualization Hosts (RHVH) are installed using a special
build of Red Hat Enterprise Linux with only the packages required to host
virtual machines. RHVH features a Cockpit user interface for monitoring the
host's resources and performing administrative tasks.
The following packages have been upgraded to a later upstream version:
redhat-release-virtualization-host (4.3.5), redhat-virtualization-host
(4.3.5). (BZ#1751436, BZ#1754063)
Security Fix(es):
* A buffer overflow flaw was found in the way Linux kernel's vhost
functionality that translates virtqueue buffers to IOVs, logged the buffer
descriptors during migration. A privileged guest user able to pass
descriptors with invalid length to the host when migration is underway,
could use this flaw to increase their privileges on the host.
(CVE-2019-14835)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/2974891
5. Bugs fixed (https://bugzilla.redhat.com/):
1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration
1754063 - Rebase RHV-H 4.3.5 on RHEL 7.7
6. Package List:
Red Hat Virtualization 4 Hypervisor for RHEL 7:
Source:
redhat-virtualization-host-4.3.5-20190920.0.el7_7.src.rpm
noarch:
redhat-virtualization-host-image-update-4.3.5-20190920.0.el7_7.noarch.rpm
RHEL 7-based RHEV-H for RHEV 4 (build requirements):
Source:
redhat-release-virtualization-host-4.3.5-4.el7ev.src.rpm
redhat-virtualization-host-4.3.5-20190920.0.el7_7.src.rpm
noarch:
redhat-virtualization-host-image-update-4.3.5-20190920.0.el7_7.noarch.rpm
redhat-virtualization-host-image-update-placeholder-4.3.5-4.el7ev.noarch.rpm
x86_64:
redhat-release-virtualization-host-4.3.5-4.el7ev.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-14835
https://access.redhat.com/security/vulnerabilities/kernel-vhost
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXYoQD9zjgjWX9erEAQgDhxAAooWN34CM7iqVR1iQ+5mB/nXDFrIxIU5H
N2fQz1khPbFbg6MJhXCQCM8ANmIcniUa8Mb/2t8RhQuCA5qL5XBh9ZmurQmN2X1A
6M6MBwuPiWaCoYrOWs5JPo5lQxXBiIuQPzFR8v7udYbDgjVDYziD9CkIfis0iscn
RLT5etX1pL1gfYByB4cyzImB9/ZwDs4hpXrZwVT41C5eSFvW0tteyZ/MVvg99xNX
yy0ovkdDt6Vs3O0tQbdzG9UjJB6Gtxcr6Z2XBRDlDMp15WvssOW621wohmkRMDsQ
kA3oPJPuKu14mK8DXOgXatPs6CdN5EZajXV0ei5TWm/6eA3ksApc3iew/NZqRcl8
GOyeNg9zGNHt1wNvi4g+buyZ3hS9yH99EVarWUJQpMGENyNB5RQPOddQm244YFpH
D9/CXOonc42ymdt7kzy0TgkKNVjbHQQ7PhFUzHbldSALxwmERW9h+A8MnLUJOg6e
Q6VJ2UmJqwzWr9vZ9yMDu9Pdz7mB2CiynyJi8FQTqrxe/s+Q9yq9FiOdHeJRk5VN
1D9aQt0vsdL47YId90gSGAVfaYQ2t+2i43g1YPy2e+jkKz14sFlpVbFnoahuIwqS
7zOv/mcUCiRobxm0kzTEjREY1RJQHXRGrliKPaBXdNi/zb4Xvig77ebU2K7vTudZ
BBunakpQeWI=
=qVhz
- -----END PGP SIGNATURE-----
- --
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXYq4BGaOgq3Tt24GAQhGkw/+P7+9BdFS5XQ/7wUepx5NQC4lb32G8jhh
bJNKLc1s89ZzEill99Q4uPrNrv1WVEushsxzHn8xR2x5PQb5FrmQAj2Kp/kdpx5S
s77xPDlYEqQDLAf+wpcZ4S0n/P+C9iWJLNWeW1FzjK46d6FPuQQ0Lj0ku/puwK0p
ww5NoUr7TxtfmOvCBmMkQ14HwFwkuma0rm5sO+YdEIeDqcwy0cBLHxfRhVCmUkYV
PwoKLGLCFemCOvfFQ77/Dajo4ABjcHYyn65hmIzN4JAbWezpE730a0zEzCKAIDlu
TaHU5G6EghG8PEaIQpq5jT2FiAAptWzgUV2iikfJ2OND5yDniNnQe9AWVf9Po/vP
ywmu9GsuEsj0nIWZYxCpA4FT9SNH0eMjzHORBmk5WeojvOe+0h7G0pka/aaExV+T
ITL5koaqvEVtEH65SyjkiEHGu8hUMRI+rjJuKoyPraDc/RgPicMBJ5tP/krecFUg
XpL7k5q6NMfZNnP/g4XdB/mcRaioEBQonuF5V3sWfyd/M3N0+r6KNvJWxN+O+QiR
yAn0r80I+cDS6JZVHj/joYsCLFYOFIeD7kZTAzSiezuFwVTzj7Oq4bUWAgEtA+jw
yl3UJ9qVSQgqfOq8RKQIlML6TLNXSNPGoXk481IiM6ZsSd1Uo9DeNE9KlbiXGjEl
Gc5wFJGHrPw=
=0S/c
-----END PGP SIGNATURE-----