Operating System:

[RedHat]

Published:

08 January 2020

Protect yourself against future threats.

//Service

Member Security Incident Notifications

Be proactive with your security and receive our daily Member Security Incident Notifications (MSINs) custom to your network.

Read more
Resources > Security Bulletins > ESB-2020.0068 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.0068
                    kernel security and bug fix update
                              8 January 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kernel
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 7.5
Impact/Access:     Execute Arbitrary Code/Commands -- Unknown/Unspecified
                   Increased Privileges            -- Existing Account   
                   Denial of Service               -- Existing Account   
                   Reduced Security                -- Unknown/Unspecified
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-11811 CVE-2019-11810 CVE-2018-18281
                   CVE-2018-10853 CVE-2017-10661 CVE-2017-0861

Reference:         ESB-2019.4547

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:0036

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: kernel security and bug fix update
Advisory ID:       RHSA-2020:0036-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0036
Issue date:        2020-01-07
CVE Names:         CVE-2017-0861 CVE-2017-10661 CVE-2018-10853 
                   CVE-2018-18281 CVE-2019-11810 CVE-2019-11811 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.5
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.5) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.5) - ppc64, ppc64le, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem
potentially leads to privilege escalation (CVE-2017-0861)

* kernel: Handling of might_cancel queueing is not properly pretected
against race (CVE-2017-10661)

* kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)

* kernel: TLB flush happens too late on mremap (CVE-2018-18281)

* kernel: a NULL pointer dereference in
drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810)

* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c,
ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* Hard lockup in free_one_page()->_raw_spin_lock() because sosreport
command is reading from /proc/pagetypeinfo (BZ#1770730)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1481136 - CVE-2017-10661 kernel: Handling of might_cancel queueing is not properly pretected against race
1563994 - CVE-2017-0861 kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation
1589890 - CVE-2018-10853 kernel: kvm: guest userspace to guest kernel write
1645121 - CVE-2018-18281 kernel: TLB flush happens too late on mremap
1709164 - CVE-2019-11810 kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS
1709180 - CVE-2019-11811 kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.5):

Source:
kernel-3.10.0-862.46.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-862.46.1.el7.noarch.rpm
kernel-doc-3.10.0-862.46.1.el7.noarch.rpm

x86_64:
kernel-3.10.0-862.46.1.el7.x86_64.rpm
kernel-debug-3.10.0-862.46.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-862.46.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.46.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.46.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.46.1.el7.x86_64.rpm
kernel-devel-3.10.0-862.46.1.el7.x86_64.rpm
kernel-headers-3.10.0-862.46.1.el7.x86_64.rpm
kernel-tools-3.10.0-862.46.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.46.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.46.1.el7.x86_64.rpm
perf-3.10.0-862.46.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.46.1.el7.x86_64.rpm
python-perf-3.10.0-862.46.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.46.1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5):

x86_64:
kernel-debug-debuginfo-3.10.0-862.46.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.46.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.46.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.46.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.46.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.46.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.46.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.5):

Source:
kernel-3.10.0-862.46.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-862.46.1.el7.noarch.rpm
kernel-doc-3.10.0-862.46.1.el7.noarch.rpm

ppc64:
kernel-3.10.0-862.46.1.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-862.46.1.el7.ppc64.rpm
kernel-debug-3.10.0-862.46.1.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-862.46.1.el7.ppc64.rpm
kernel-debug-devel-3.10.0-862.46.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-862.46.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-862.46.1.el7.ppc64.rpm
kernel-devel-3.10.0-862.46.1.el7.ppc64.rpm
kernel-headers-3.10.0-862.46.1.el7.ppc64.rpm
kernel-tools-3.10.0-862.46.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-862.46.1.el7.ppc64.rpm
kernel-tools-libs-3.10.0-862.46.1.el7.ppc64.rpm
perf-3.10.0-862.46.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-862.46.1.el7.ppc64.rpm
python-perf-3.10.0-862.46.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-862.46.1.el7.ppc64.rpm

ppc64le:
kernel-3.10.0-862.46.1.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-862.46.1.el7.ppc64le.rpm
kernel-debug-3.10.0-862.46.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-862.46.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-862.46.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-862.46.1.el7.ppc64le.rpm
kernel-devel-3.10.0-862.46.1.el7.ppc64le.rpm
kernel-headers-3.10.0-862.46.1.el7.ppc64le.rpm
kernel-tools-3.10.0-862.46.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-862.46.1.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-862.46.1.el7.ppc64le.rpm
perf-3.10.0-862.46.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-862.46.1.el7.ppc64le.rpm
python-perf-3.10.0-862.46.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-862.46.1.el7.ppc64le.rpm

s390x:
kernel-3.10.0-862.46.1.el7.s390x.rpm
kernel-debug-3.10.0-862.46.1.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-862.46.1.el7.s390x.rpm
kernel-debug-devel-3.10.0-862.46.1.el7.s390x.rpm
kernel-debuginfo-3.10.0-862.46.1.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-862.46.1.el7.s390x.rpm
kernel-devel-3.10.0-862.46.1.el7.s390x.rpm
kernel-headers-3.10.0-862.46.1.el7.s390x.rpm
kernel-kdump-3.10.0-862.46.1.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-862.46.1.el7.s390x.rpm
kernel-kdump-devel-3.10.0-862.46.1.el7.s390x.rpm
perf-3.10.0-862.46.1.el7.s390x.rpm
perf-debuginfo-3.10.0-862.46.1.el7.s390x.rpm
python-perf-3.10.0-862.46.1.el7.s390x.rpm
python-perf-debuginfo-3.10.0-862.46.1.el7.s390x.rpm

x86_64:
kernel-3.10.0-862.46.1.el7.x86_64.rpm
kernel-debug-3.10.0-862.46.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-862.46.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.46.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.46.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.46.1.el7.x86_64.rpm
kernel-devel-3.10.0-862.46.1.el7.x86_64.rpm
kernel-headers-3.10.0-862.46.1.el7.x86_64.rpm
kernel-tools-3.10.0-862.46.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.46.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.46.1.el7.x86_64.rpm
perf-3.10.0-862.46.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.46.1.el7.x86_64.rpm
python-perf-3.10.0-862.46.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.46.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.5):

ppc64:
kernel-debug-debuginfo-3.10.0-862.46.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-862.46.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-862.46.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-862.46.1.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-862.46.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-862.46.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-862.46.1.el7.ppc64.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-862.46.1.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-862.46.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-862.46.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-862.46.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-862.46.1.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-862.46.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-862.46.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-862.46.1.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-862.46.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.46.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.46.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.46.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.46.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.46.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.46.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-0861
https://access.redhat.com/security/cve/CVE-2017-10661
https://access.redhat.com/security/cve/CVE-2018-10853
https://access.redhat.com/security/cve/CVE-2018-18281
https://access.redhat.com/security/cve/CVE-2019-11810
https://access.redhat.com/security/cve/CVE-2019-11811
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXhR5G9zjgjWX9erEAQiv9A/8COGR9UumlJp9I/Z9BEroJqnYXELC/b4q
gSFt321bTrMbPeSdDXqMiEFc1fnpfFJogPgS1/9e5H0t9mVQf9Glfd94129MsWfv
AQSlPr+pdwyiBYFPr/5zJJ31zf4qjTJKA/tIT++kqtBnYeawSlfE0kUBBiyNb560
5Hk5caWDX84Y2g5QFQ9Beu9XBJoMylKkxvjfWyQY5u7JCIar0oxIkiG74yhwfcrB
D8nch58bb9Nq+SjGzFgtqlfjcFJKPyQRmZO8O6FKRFU02z0mRg6SdiJ1NkR1RVEL
Skr13aQ0hYpTL/PjXCMW34OgHhRr37Dq2pB0EX5TI2SUFD/daOpFPUkm4zNxKTo6
M4XnSsd0YFr/8s+0NVtMnbP/qlwVRefzS4KPfVqKz0qZJDSLnIHt5IXdASmkSByw
EKo3hnLTjvVg0g1qDcRHk/lBKyualrsHRhEYNFSLgdddrLVMxTmse2xov+YlP5SU
E0TziI5/VRxKiylTtV4CL7TOaUm6bm6Yxjb7MXEVCNgRCP+AMTHrC6b9U5Png/dP
ThaJtn+sRyscsUN1BsrqN6y3BIHPAa7IG1YH1Zd/JGhL+80jneDyV+851/ZkId+V
/liSDuZ6lonCNUGvf7gVhykAcD3ue6rUyaefb9oAjNgGqTYZ3LH1rjUsTa4EpgFR
X+Rd9aVJ/Cc=
=KNZc
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXhVuUmaOgq3Tt24GAQg0Aw//RWXalehPBrtZV1dytSP0IMQpzjPV2LkC
C8JktCkILhzmmQf04IxRZWvyxSE0ec1GQ4ED5XwWYgxbUOTbYxmqveEpdiVaxAGp
m+JndLHFgWZiY6BLPmwxsx/l/a8rdz12LxJRLItECqT6TQy3vEDf930i0JsDtNx/
F1XCGkSNuDkcsiTtRdgM5cdbnBR6osL7nXxmYeLP28vQLPV4pK0lEqQnSE0IhAL7
qQ5QomJvVOOXryzf5mqFHw0llAkjL/dTI/+GzLFs2otGs3hw96paduVh6iLavNKw
gCXFScvhXlHMihqqsxG7ESjDXH2UuJX4pUB8LpJZctrtzrj5W0Etr7qAUiPQ7YrJ
D1gNjCgb54oOHG5dOmsM7Dh9xjhgqjHpNSjRFiinn3oakSADv+p+Nc3gk6OG7077
uZPXlDvcL0K2p9aPj0MEMlTzMT4qRd2YUvCZEBAZn1CY1LBOcmI9DcUmLFKJPrPl
rDSG4NEbfWxvTITP3Xl76Zb6bz2Su6lB9ZH9ikbSylYsd0lLH7+6xbCYV0o162Bd
zfemmBweJLDdx8z5lROuXjgOxNPx3IQ95eZAvXGFZI82uukhekW8TGFhTlZRZlB9
YraKB8GwBmLdyCFeFCCUUWTALsrQvAexznuSXQWH4ljAC7GaTX8zb3g2KqwBumuT
I7TGTxl+/0c=
=fbso
-----END PGP SIGNATURE-----