Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0849 kernel-alt security and bug fix update 10 March 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel-alt Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 7 Impact/Access: Access Privileged Data -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-18805 CVE-2019-17666 CVE-2019-15916 CVE-2019-15030 CVE-2019-11884 CVE-2019-3460 CVE-2019-3459 CVE-2018-16871 Reference: ASB-2020.0002 ESB-2020.0788 ESB-2020.0415 ESB-2020.0411 Original Bulletin: https://access.redhat.com/errata/RHSA-2020:0740 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-alt security and bug fix update Advisory ID: RHSA-2020:0740-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0740 Issue date: 2020-03-09 CVE Names: CVE-2018-16871 CVE-2019-3459 CVE-2019-3460 CVE-2019-11884 CVE-2019-15030 CVE-2019-15916 CVE-2019-17666 CVE-2019-18805 ===================================================================== 1. Summary: An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le 3. Description: The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es): * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871) * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459) * kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460) * kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) * kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception (CVE-2019-15030) * kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) * kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * lpfc: NVMe/FC target test machine rhel-storage-62 crashes on boot when connected to FC switch (BZ#1623205) * kernel BUG at fs/nfs_common/grace.c:107! (BZ#1637543) * RHEL-Alt-7.6 - Need a fix for kernel bug cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias() (BZ#1711934) * Backport "fs/dcache.c: add cond_resched() in shrink_dentry_list()" (32785c0539b7) [rhel-alt-7.6.z] (BZ#1758861) * [RHEL-ALT-7.6.z][arm64] iommu/iova: Fix tracking of recently failed iova address (BZ#1780500) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1655162 - CVE-2018-16871 kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence 1663176 - CVE-2019-3459 kernel: Heap address information leak while using L2CAP_GET_CONF_OPT 1663179 - CVE-2019-3460 kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP 1709837 - CVE-2019-11884 kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command 1750813 - CVE-2019-15916 kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service 1759313 - CVE-2019-15030 kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception 1763690 - CVE-2019-17666 kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow 1771496 - CVE-2019-18805 kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c 6. Package List: Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: kernel-alt-4.14.0-115.18.1.el7a.src.rpm aarch64: kernel-4.14.0-115.18.1.el7a.aarch64.rpm kernel-debug-4.14.0-115.18.1.el7a.aarch64.rpm kernel-debug-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm kernel-debug-devel-4.14.0-115.18.1.el7a.aarch64.rpm kernel-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm kernel-debuginfo-common-aarch64-4.14.0-115.18.1.el7a.aarch64.rpm kernel-devel-4.14.0-115.18.1.el7a.aarch64.rpm kernel-headers-4.14.0-115.18.1.el7a.aarch64.rpm kernel-tools-4.14.0-115.18.1.el7a.aarch64.rpm kernel-tools-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm kernel-tools-libs-4.14.0-115.18.1.el7a.aarch64.rpm perf-4.14.0-115.18.1.el7a.aarch64.rpm perf-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm python-perf-4.14.0-115.18.1.el7a.aarch64.rpm python-perf-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm noarch: kernel-abi-whitelists-4.14.0-115.18.1.el7a.noarch.rpm kernel-doc-4.14.0-115.18.1.el7a.noarch.rpm ppc64le: kernel-4.14.0-115.18.1.el7a.ppc64le.rpm kernel-bootwrapper-4.14.0-115.18.1.el7a.ppc64le.rpm kernel-debug-4.14.0-115.18.1.el7a.ppc64le.rpm kernel-debug-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm kernel-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.14.0-115.18.1.el7a.ppc64le.rpm kernel-devel-4.14.0-115.18.1.el7a.ppc64le.rpm kernel-headers-4.14.0-115.18.1.el7a.ppc64le.rpm kernel-tools-4.14.0-115.18.1.el7a.ppc64le.rpm kernel-tools-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm kernel-tools-libs-4.14.0-115.18.1.el7a.ppc64le.rpm perf-4.14.0-115.18.1.el7a.ppc64le.rpm perf-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm python-perf-4.14.0-115.18.1.el7a.ppc64le.rpm python-perf-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm s390x: kernel-4.14.0-115.18.1.el7a.s390x.rpm kernel-debug-4.14.0-115.18.1.el7a.s390x.rpm kernel-debug-debuginfo-4.14.0-115.18.1.el7a.s390x.rpm kernel-debug-devel-4.14.0-115.18.1.el7a.s390x.rpm kernel-debuginfo-4.14.0-115.18.1.el7a.s390x.rpm kernel-debuginfo-common-s390x-4.14.0-115.18.1.el7a.s390x.rpm kernel-devel-4.14.0-115.18.1.el7a.s390x.rpm kernel-headers-4.14.0-115.18.1.el7a.s390x.rpm kernel-kdump-4.14.0-115.18.1.el7a.s390x.rpm kernel-kdump-debuginfo-4.14.0-115.18.1.el7a.s390x.rpm kernel-kdump-devel-4.14.0-115.18.1.el7a.s390x.rpm perf-4.14.0-115.18.1.el7a.s390x.rpm perf-debuginfo-4.14.0-115.18.1.el7a.s390x.rpm python-perf-4.14.0-115.18.1.el7a.s390x.rpm python-perf-debuginfo-4.14.0-115.18.1.el7a.s390x.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: kernel-debug-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm kernel-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm kernel-debuginfo-common-aarch64-4.14.0-115.18.1.el7a.aarch64.rpm kernel-tools-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm kernel-tools-libs-devel-4.14.0-115.18.1.el7a.aarch64.rpm perf-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm python-perf-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm noarch: kernel-doc-4.14.0-115.18.1.el7a.noarch.rpm ppc64le: kernel-debug-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm kernel-debug-devel-4.14.0-115.18.1.el7a.ppc64le.rpm kernel-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.14.0-115.18.1.el7a.ppc64le.rpm kernel-tools-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm kernel-tools-libs-devel-4.14.0-115.18.1.el7a.ppc64le.rpm perf-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm python-perf-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-16871 https://access.redhat.com/security/cve/CVE-2019-3459 https://access.redhat.com/security/cve/CVE-2019-3460 https://access.redhat.com/security/cve/CVE-2019-11884 https://access.redhat.com/security/cve/CVE-2019-15030 https://access.redhat.com/security/cve/CVE-2019-15916 https://access.redhat.com/security/cve/CVE-2019-17666 https://access.redhat.com/security/cve/CVE-2019-18805 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXmZTZ9zjgjWX9erEAQimWg//Zc9mLHi7shOqwqI4c4/r4fO7fDki9y3D cacCjjMIwOStipgK/iBkQICVw3htP/SnFUTX2QU2OmDSwXWNVo8X0p/QAF9ds1Un rlRDV0FM/E2D9+EvLAW/QI9L07flpSYZBkzWTye91zqrW0FH5PC7IngUu5Hmx/a4 xL+yHhCTQyD9M9+Aju6B7VNn8R8/Gd0I8GK3zpX/4MUlidcEXBn/SVhchh9w3P4m BeLCqqxzRTGOuEl7lgYBXpCV6whVEa9Ge1Y/i1Hf7rJ71Iw9sqP44RlNdSgUzoWo wuyDt159SQCYjLAa9G4UnPzZ8AQLfKUd8udLQP9dsLUevzUPQ8o+mZ9DvLA8rO9e pGYCDoyY7GzvojuxCRLF20nvJ8YmR4EpZR+q+Rmtox6Ntc/CmY7OUs/gy9dPoZOi D+ogp2IWd2P7eN4LJ/9TGv33xdA/ytO+3z911YKv87RIurpuIt0H0nRHwlX08MwN 7PqPjVlEERhFSswz7KWvzqH5gkmn3k9zxus3ujo6fV4DkXylDz35KIKwhwBrWQYl PAavvmjggK+VENUXVx2uF9E+uD8WnenW6oNE5COOyDkkqJYIAd78NhbA90MiRLF7 gFzpxdvNZGg8gDFnrqTMclV6Uqe2THJ0r+p9P2F56a8MFlAF6Uvx8NaugQYW0GfB Qqq844SSE9I= =B95R - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXmb9CGaOgq3Tt24GAQhtoQ/6A3Oi0JZsG3hrxYUzw5/NJIVmA1WgPco4 P4Jz7arU7+NWEmwX2+IAFh3qhLck8+lomF3GAUstl1rwM1a68OMzqcihl9aWhPvk Ick4zVT4dxxsNB7r8yPpx8F6z3iKd6Zn3XmhBD91ea4jBc9+ytdY0EWX/zfCYazi VQp/9u/YjpZ1M3IIV5fxSvW02YyeprS/sVhguymCFa9upGl/YENUD2I8NzAS49bc BA60wNUYaAbpeTEv4N/OM6Hq7CDWwuzQbPTMleU+op+tq7KI/8DPy6ai4rPagAjq oMGG/lH9BZYifLqDENWVFaFbPZ7I8lIVMmUKXM3GpxEcqB8Aw73mkTy2cxAyH/b6 CKpd77ZvRGunJAeaEWCwJ1wNithC3rL71G45zXo6UYnwy65qGvTzVKldAJT/Y+La LjUZAa2+7Yrszb5Ij1MBEQpvs2axradI9qhpzSO1dKbFB+9Id6Pk7AQFAETouzj+ KpoOYvUaa9Sa3L0H2wPl2kKA8qpuEY9rtCRPL4dZjYaA+pmzT+RlrhuOuEWKr49J MiJ30Q/71d+qh9CP8vJqu97BqoD5gBjGcSSRkHGMEi8W3Bhwwr6DZJcXgfc9eeme mGOp+6aXxsv/hWRjJHGwCejygU1dH1OLDaPTTfP72UaHS+8csEw1NM9yBYhmNNCh cSsT7Ng1TR4= =18Bx -----END PGP SIGNATURE-----