Operating System:

[RedHat]

Published:

10 March 2020

Protect yourself against future threats.

//Service

Malicious URL Feed

Add this Australian-based feed to your firewall blacklist and SIEM to prevent compromises to your network.

Read more
Resources > Security Bulletins > ESB-2020.0849 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.0849
                  kernel-alt security and bug fix update
                               10 March 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kernel-alt
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 7
Impact/Access:     Access Privileged Data -- Remote/Unauthenticated
                   Denial of Service      -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-18805 CVE-2019-17666 CVE-2019-15916
                   CVE-2019-15030 CVE-2019-11884 CVE-2019-3460
                   CVE-2019-3459 CVE-2018-16871 

Reference:         ASB-2020.0002
                   ESB-2020.0788
                   ESB-2020.0415
                   ESB-2020.0411

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:0740

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel-alt security and bug fix update
Advisory ID:       RHSA-2020:0740-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0740
Issue date:        2020-03-09
CVE Names:         CVE-2018-16871 CVE-2019-3459 CVE-2019-3460 
                   CVE-2019-11884 CVE-2019-15030 CVE-2019-15916 
                   CVE-2019-17666 CVE-2019-18805 
=====================================================================

1. Summary:

An update for kernel-alt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le

3. Description:

The kernel-alt packages provide the Linux kernel version 4.x.

Security Fix(es):

* kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in
the Linux kernel lacks a certain upper-bound check, leading to a buffer
overflow (CVE-2019-17666)

* kernel: nfs: NULL pointer dereference due to an anomalized NFS message
sequence (CVE-2018-16871)

* kernel: Heap address information leak while using L2CAP_GET_CONF_OPT
(CVE-2019-3459)

* kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP
(CVE-2019-3460)

* kernel: sensitive information disclosure from kernel stack memory via
HIDPCONNADD command (CVE-2019-11884)

* kernel: powerpc: local user can read vector registers of other users'
processes via a Facility Unavailable exception (CVE-2019-15030)

* kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c
leads to denial of service (CVE-2019-15916)

* kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c
(CVE-2019-18805)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* lpfc: NVMe/FC target test machine rhel-storage-62 crashes on boot when
connected to FC switch (BZ#1623205)

* kernel BUG at fs/nfs_common/grace.c:107! (BZ#1637543)

* RHEL-Alt-7.6 - Need a fix for kernel bug cap_inode_getsecurity: use
d_find_any_alias() instead of d_find_alias() (BZ#1711934)

* Backport "fs/dcache.c: add cond_resched() in shrink_dentry_list()"
(32785c0539b7) [rhel-alt-7.6.z] (BZ#1758861)

* [RHEL-ALT-7.6.z][arm64] iommu/iova: Fix tracking of recently failed iova
address (BZ#1780500)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1655162 - CVE-2018-16871 kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence
1663176 - CVE-2019-3459 kernel: Heap address information leak while using L2CAP_GET_CONF_OPT
1663179 - CVE-2019-3460 kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP
1709837 - CVE-2019-11884 kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command
1750813 - CVE-2019-15916 kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service
1759313 - CVE-2019-15030 kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception
1763690 - CVE-2019-17666 kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow
1771496 - CVE-2019-18805 kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c

6. Package List:

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source:
kernel-alt-4.14.0-115.18.1.el7a.src.rpm

aarch64:
kernel-4.14.0-115.18.1.el7a.aarch64.rpm
kernel-debug-4.14.0-115.18.1.el7a.aarch64.rpm
kernel-debug-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm
kernel-debug-devel-4.14.0-115.18.1.el7a.aarch64.rpm
kernel-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm
kernel-debuginfo-common-aarch64-4.14.0-115.18.1.el7a.aarch64.rpm
kernel-devel-4.14.0-115.18.1.el7a.aarch64.rpm
kernel-headers-4.14.0-115.18.1.el7a.aarch64.rpm
kernel-tools-4.14.0-115.18.1.el7a.aarch64.rpm
kernel-tools-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm
kernel-tools-libs-4.14.0-115.18.1.el7a.aarch64.rpm
perf-4.14.0-115.18.1.el7a.aarch64.rpm
perf-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm
python-perf-4.14.0-115.18.1.el7a.aarch64.rpm
python-perf-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm

noarch:
kernel-abi-whitelists-4.14.0-115.18.1.el7a.noarch.rpm
kernel-doc-4.14.0-115.18.1.el7a.noarch.rpm

ppc64le:
kernel-4.14.0-115.18.1.el7a.ppc64le.rpm
kernel-bootwrapper-4.14.0-115.18.1.el7a.ppc64le.rpm
kernel-debug-4.14.0-115.18.1.el7a.ppc64le.rpm
kernel-debug-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm
kernel-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.14.0-115.18.1.el7a.ppc64le.rpm
kernel-devel-4.14.0-115.18.1.el7a.ppc64le.rpm
kernel-headers-4.14.0-115.18.1.el7a.ppc64le.rpm
kernel-tools-4.14.0-115.18.1.el7a.ppc64le.rpm
kernel-tools-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm
kernel-tools-libs-4.14.0-115.18.1.el7a.ppc64le.rpm
perf-4.14.0-115.18.1.el7a.ppc64le.rpm
perf-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm
python-perf-4.14.0-115.18.1.el7a.ppc64le.rpm
python-perf-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm

s390x:
kernel-4.14.0-115.18.1.el7a.s390x.rpm
kernel-debug-4.14.0-115.18.1.el7a.s390x.rpm
kernel-debug-debuginfo-4.14.0-115.18.1.el7a.s390x.rpm
kernel-debug-devel-4.14.0-115.18.1.el7a.s390x.rpm
kernel-debuginfo-4.14.0-115.18.1.el7a.s390x.rpm
kernel-debuginfo-common-s390x-4.14.0-115.18.1.el7a.s390x.rpm
kernel-devel-4.14.0-115.18.1.el7a.s390x.rpm
kernel-headers-4.14.0-115.18.1.el7a.s390x.rpm
kernel-kdump-4.14.0-115.18.1.el7a.s390x.rpm
kernel-kdump-debuginfo-4.14.0-115.18.1.el7a.s390x.rpm
kernel-kdump-devel-4.14.0-115.18.1.el7a.s390x.rpm
perf-4.14.0-115.18.1.el7a.s390x.rpm
perf-debuginfo-4.14.0-115.18.1.el7a.s390x.rpm
python-perf-4.14.0-115.18.1.el7a.s390x.rpm
python-perf-debuginfo-4.14.0-115.18.1.el7a.s390x.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

aarch64:
kernel-debug-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm
kernel-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm
kernel-debuginfo-common-aarch64-4.14.0-115.18.1.el7a.aarch64.rpm
kernel-tools-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm
kernel-tools-libs-devel-4.14.0-115.18.1.el7a.aarch64.rpm
perf-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm
python-perf-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm

noarch:
kernel-doc-4.14.0-115.18.1.el7a.noarch.rpm

ppc64le:
kernel-debug-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm
kernel-debug-devel-4.14.0-115.18.1.el7a.ppc64le.rpm
kernel-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.14.0-115.18.1.el7a.ppc64le.rpm
kernel-tools-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm
kernel-tools-libs-devel-4.14.0-115.18.1.el7a.ppc64le.rpm
perf-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm
python-perf-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-16871
https://access.redhat.com/security/cve/CVE-2019-3459
https://access.redhat.com/security/cve/CVE-2019-3460
https://access.redhat.com/security/cve/CVE-2019-11884
https://access.redhat.com/security/cve/CVE-2019-15030
https://access.redhat.com/security/cve/CVE-2019-15916
https://access.redhat.com/security/cve/CVE-2019-17666
https://access.redhat.com/security/cve/CVE-2019-18805
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXmZTZ9zjgjWX9erEAQimWg//Zc9mLHi7shOqwqI4c4/r4fO7fDki9y3D
cacCjjMIwOStipgK/iBkQICVw3htP/SnFUTX2QU2OmDSwXWNVo8X0p/QAF9ds1Un
rlRDV0FM/E2D9+EvLAW/QI9L07flpSYZBkzWTye91zqrW0FH5PC7IngUu5Hmx/a4
xL+yHhCTQyD9M9+Aju6B7VNn8R8/Gd0I8GK3zpX/4MUlidcEXBn/SVhchh9w3P4m
BeLCqqxzRTGOuEl7lgYBXpCV6whVEa9Ge1Y/i1Hf7rJ71Iw9sqP44RlNdSgUzoWo
wuyDt159SQCYjLAa9G4UnPzZ8AQLfKUd8udLQP9dsLUevzUPQ8o+mZ9DvLA8rO9e
pGYCDoyY7GzvojuxCRLF20nvJ8YmR4EpZR+q+Rmtox6Ntc/CmY7OUs/gy9dPoZOi
D+ogp2IWd2P7eN4LJ/9TGv33xdA/ytO+3z911YKv87RIurpuIt0H0nRHwlX08MwN
7PqPjVlEERhFSswz7KWvzqH5gkmn3k9zxus3ujo6fV4DkXylDz35KIKwhwBrWQYl
PAavvmjggK+VENUXVx2uF9E+uD8WnenW6oNE5COOyDkkqJYIAd78NhbA90MiRLF7
gFzpxdvNZGg8gDFnrqTMclV6Uqe2THJ0r+p9P2F56a8MFlAF6Uvx8NaugQYW0GfB
Qqq844SSE9I=
=B95R
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXmb9CGaOgq3Tt24GAQhtoQ/6A3Oi0JZsG3hrxYUzw5/NJIVmA1WgPco4
P4Jz7arU7+NWEmwX2+IAFh3qhLck8+lomF3GAUstl1rwM1a68OMzqcihl9aWhPvk
Ick4zVT4dxxsNB7r8yPpx8F6z3iKd6Zn3XmhBD91ea4jBc9+ytdY0EWX/zfCYazi
VQp/9u/YjpZ1M3IIV5fxSvW02YyeprS/sVhguymCFa9upGl/YENUD2I8NzAS49bc
BA60wNUYaAbpeTEv4N/OM6Hq7CDWwuzQbPTMleU+op+tq7KI/8DPy6ai4rPagAjq
oMGG/lH9BZYifLqDENWVFaFbPZ7I8lIVMmUKXM3GpxEcqB8Aw73mkTy2cxAyH/b6
CKpd77ZvRGunJAeaEWCwJ1wNithC3rL71G45zXo6UYnwy65qGvTzVKldAJT/Y+La
LjUZAa2+7Yrszb5Ij1MBEQpvs2axradI9qhpzSO1dKbFB+9Id6Pk7AQFAETouzj+
KpoOYvUaa9Sa3L0H2wPl2kKA8qpuEY9rtCRPL4dZjYaA+pmzT+RlrhuOuEWKr49J
MiJ30Q/71d+qh9CP8vJqu97BqoD5gBjGcSSRkHGMEi8W3Bhwwr6DZJcXgfc9eeme
mGOp+6aXxsv/hWRjJHGwCejygU1dH1OLDaPTTfP72UaHS+8csEw1NM9yBYhmNNCh
cSsT7Ng1TR4=
=18Bx
-----END PGP SIGNATURE-----