Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2322
kernel-alt security and bug fix update
8 July 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: kernel-alt
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 7
Red Hat Enterprise Linux WS/Desktop 7
Impact/Access: Root Compromise -- Existing Account
Increased Privileges -- Existing Account
Access Privileged Data -- Existing Account
Denial of Service -- Existing Account
Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-12888 CVE-2020-11565 CVE-2020-10720
CVE-2020-8834 CVE-2019-20636 CVE-2019-19767
CVE-2019-19062 CVE-2019-18808 CVE-2019-15917
CVE-2019-11811 CVE-2019-9458 CVE-2018-16884
Reference: ESB-2020.2180
ESB-2020.1830.2
ESB-2020.1779.3
ESB-2020.1768.2
Original Bulletin:
https://access.redhat.com/errata/RHSA-2020:2854
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel-alt security and bug fix update
Advisory ID: RHSA-2020:2854-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:2854
Issue date: 2020-07-07
CVE Names: CVE-2018-16884 CVE-2019-9458 CVE-2019-11811
CVE-2019-15917 CVE-2019-18808 CVE-2019-19062
CVE-2019-19767 CVE-2019-20636 CVE-2020-8834
CVE-2020-10720 CVE-2020-11565 CVE-2020-12888
=====================================================================
1. Summary:
An update for kernel-alt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le
3. Description:
The kernel-alt packages provide the Linux kernel version 4.x.
Security Fix(es):
* kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)
* Kernel: ppc: kvm: conflicting use of HSTATE_HOST_R1 to store r1 state
leads to host stack corruption (CVE-2020-8834)
* Kernel: vfio: access to disabled MMIO space of some devices may lead to
DoS scenario (CVE-2020-12888)
* kernel: use after free due to race condition in the video driver leads to
local privilege escalation (CVE-2019-9458)
* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c,
ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)
* kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917)
* kernel: memory leak in ccp_run_sha_cmd() function in
drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808)
* kernel: use-after-free in __ext4_expand_extra_isize and
ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c
(CVE-2019-19767)
* kernel: an out-of-bounds write via crafted keycode table (CVE-2019-20636)
* kernel: use-after-free read in napi_gro_frags() in the Linux kernel
(CVE-2020-10720)
* kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c
(CVE-2020-11565)
* kernel: A memory leak in the crypto_report() function in
crypto/crypto_user_base.c allows for a DoS (CVE-2019-19062)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* XFS: Metadata corruption detected at xfs_attr3_leaf_read_verify
[rhel-alt-7.6.z] (BZ#1830836)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1660375 - CVE-2018-16884 kernel: nfs: use-after-free in svc_process_common()
1709180 - CVE-2019-11811 kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c
1760100 - CVE-2019-15917 kernel: use-after-free in drivers/bluetooth/hci_ldisc.c
1775021 - CVE-2019-19062 kernel: A memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for a DoS
1777418 - CVE-2019-18808 kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c
1781204 - CVE-2020-10720 kernel: use-after-free read in napi_gro_frags() in the Linux kernel
1786160 - CVE-2019-19767 kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c
1819377 - CVE-2019-9458 kernel: use after free due to race condition in the video driver leads to local privilege escalation
1819615 - CVE-2020-8834 Kernel: ppc: kvm: conflicting use of HSTATE_HOST_R1 to store r1 state leads to host stack corruption
1824059 - CVE-2019-20636 kernel: an out-of-bounds write via crafted keycode table
1824918 - CVE-2020-11565 kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c
1836244 - CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario
6. Package List:
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source:
kernel-alt-4.14.0-115.26.1.el7a.src.rpm
aarch64:
kernel-4.14.0-115.26.1.el7a.aarch64.rpm
kernel-debug-4.14.0-115.26.1.el7a.aarch64.rpm
kernel-debug-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm
kernel-debug-devel-4.14.0-115.26.1.el7a.aarch64.rpm
kernel-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm
kernel-debuginfo-common-aarch64-4.14.0-115.26.1.el7a.aarch64.rpm
kernel-devel-4.14.0-115.26.1.el7a.aarch64.rpm
kernel-headers-4.14.0-115.26.1.el7a.aarch64.rpm
kernel-tools-4.14.0-115.26.1.el7a.aarch64.rpm
kernel-tools-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm
kernel-tools-libs-4.14.0-115.26.1.el7a.aarch64.rpm
perf-4.14.0-115.26.1.el7a.aarch64.rpm
perf-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm
python-perf-4.14.0-115.26.1.el7a.aarch64.rpm
python-perf-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm
noarch:
kernel-abi-whitelists-4.14.0-115.26.1.el7a.noarch.rpm
kernel-doc-4.14.0-115.26.1.el7a.noarch.rpm
ppc64le:
kernel-4.14.0-115.26.1.el7a.ppc64le.rpm
kernel-bootwrapper-4.14.0-115.26.1.el7a.ppc64le.rpm
kernel-debug-4.14.0-115.26.1.el7a.ppc64le.rpm
kernel-debug-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm
kernel-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.14.0-115.26.1.el7a.ppc64le.rpm
kernel-devel-4.14.0-115.26.1.el7a.ppc64le.rpm
kernel-headers-4.14.0-115.26.1.el7a.ppc64le.rpm
kernel-tools-4.14.0-115.26.1.el7a.ppc64le.rpm
kernel-tools-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm
kernel-tools-libs-4.14.0-115.26.1.el7a.ppc64le.rpm
perf-4.14.0-115.26.1.el7a.ppc64le.rpm
perf-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm
python-perf-4.14.0-115.26.1.el7a.ppc64le.rpm
python-perf-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm
s390x:
kernel-4.14.0-115.26.1.el7a.s390x.rpm
kernel-debug-4.14.0-115.26.1.el7a.s390x.rpm
kernel-debug-debuginfo-4.14.0-115.26.1.el7a.s390x.rpm
kernel-debug-devel-4.14.0-115.26.1.el7a.s390x.rpm
kernel-debuginfo-4.14.0-115.26.1.el7a.s390x.rpm
kernel-debuginfo-common-s390x-4.14.0-115.26.1.el7a.s390x.rpm
kernel-devel-4.14.0-115.26.1.el7a.s390x.rpm
kernel-headers-4.14.0-115.26.1.el7a.s390x.rpm
kernel-kdump-4.14.0-115.26.1.el7a.s390x.rpm
kernel-kdump-debuginfo-4.14.0-115.26.1.el7a.s390x.rpm
kernel-kdump-devel-4.14.0-115.26.1.el7a.s390x.rpm
perf-4.14.0-115.26.1.el7a.s390x.rpm
perf-debuginfo-4.14.0-115.26.1.el7a.s390x.rpm
python-perf-4.14.0-115.26.1.el7a.s390x.rpm
python-perf-debuginfo-4.14.0-115.26.1.el7a.s390x.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64:
kernel-debug-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm
kernel-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm
kernel-debuginfo-common-aarch64-4.14.0-115.26.1.el7a.aarch64.rpm
kernel-tools-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm
kernel-tools-libs-devel-4.14.0-115.26.1.el7a.aarch64.rpm
perf-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm
python-perf-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm
noarch:
kernel-doc-4.14.0-115.26.1.el7a.noarch.rpm
ppc64le:
kernel-debug-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm
kernel-debug-devel-4.14.0-115.26.1.el7a.ppc64le.rpm
kernel-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.14.0-115.26.1.el7a.ppc64le.rpm
kernel-tools-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm
kernel-tools-libs-devel-4.14.0-115.26.1.el7a.ppc64le.rpm
perf-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm
python-perf-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2018-16884
https://access.redhat.com/security/cve/CVE-2019-9458
https://access.redhat.com/security/cve/CVE-2019-11811
https://access.redhat.com/security/cve/CVE-2019-15917
https://access.redhat.com/security/cve/CVE-2019-18808
https://access.redhat.com/security/cve/CVE-2019-19062
https://access.redhat.com/security/cve/CVE-2019-19767
https://access.redhat.com/security/cve/CVE-2019-20636
https://access.redhat.com/security/cve/CVE-2020-8834
https://access.redhat.com/security/cve/CVE-2020-10720
https://access.redhat.com/security/cve/CVE-2020-11565
https://access.redhat.com/security/cve/CVE-2020-12888
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXwR2VtzjgjWX9erEAQioXRAAgGE4sBiAIHtKC+PW9SPzn5Casw7FUvkC
uIfknM5Hk5I3ohpa9uH3hy9Br6rLpPrk4fgWCXSpUV3H8TFvUlzF4mR2wxIsS43o
vn0GMsYUeSPWjISTalWtqemwq5TYxVfBMp6lQ27HUHOIhbffiokP6sQhH/qbu4Mm
rsgU1GvDG+KeEKKuUd1btEBsKVIoZ8/sxKzU9r/hUaGFf2+dd3TBoImCsN6aiu9l
5V9NFYt4Joc8AGgO1VUZP1YLh4gX9nwtM6iG4eCpx7snlAJlPio5LhadHeNZKOky
8CyTVSLEwIVRMWWTBSLlVpzWpRo8LYLcP/GS7ssj5zFeFD0xFynttcdCyqJ1y5D2
kb3f9T2ENWtcdNf90nQpUFzhXOABYvxJI0N3sgVzC0IuAIkEEbjVeqQadNfXdIgQ
vul5m9v/Dh2nShyKwTSL1GbNdCDSVEGnDxMGbim9Dn+qzjYtexsWqZaPbnTLq8Ff
wRtW7ulY8w0ky+nKpdaSMvbfaP0hKIzXXRm80WaU0/HRCRdohfbABjj7hF7M7h6t
1Fuc6AvrcjrPzT69Crde3kT27p8EQOe/i6AyzwDv8Ccd6V3HYWB12bU0fMpa1ekL
v7oDPyLXBVXyEIEGzkPpOyaoQ4qVxDkEXHHx/7UkuQBoN6zULWQC98YldCoM8l4B
0di6aVxR9aQ=
=jdjK
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXwVSoeNLKJtyKPYoAQgnRRAAjSJ4vwlvNtfYXaXSsK2Y5iFstcXCeBct
tffpiyiLVc+45RkVawBW6Besmgp4evPnxI0QuiffZDV/mgj2zLZI6bWa3aKhPWzT
906S5+Xb+kiWfhetSt1ucuZr4iZ+X+FJDyIA4+lEKLZlYNsRwC1ZGmYUulFmdseP
c8llJpZiVk1oWOgam831PAF85yr1w/2scJzhI8l8aHk+jAUIqQ4KjsgGM/SQVZiS
gWJO1Oh5cDPXyWtbLNPRbAtkjmudGlqSjYmPl9UoACWfPCFPNeT3CPm/4zgn/gBz
XlsMwLSwcCEsqc34zsxWSItWRykV5tB0VmI50ma6RSSg0NuhS27dDPKejWzb+aIL
ZSNdrwMdbM2ZZzEb1N4ZEim5Om6tIqlh8PbLTq4WVLPx5LDC/9EoCdNnXXMnLGLv
x/+tuXdJdSH9sblM+xgom484IkakVfCpUmI+YcFK1+j819bp6ZvD1FvLB2E5W2MY
r+9FG1LqEC5TLEraIR/r2DHZsjGCBkz4D22xNYwdy9+6ieJ+Oy5tWIAxz4n3Faw3
cnaLtBvHBQUj2GHAYUNDzVq0f3R8bUSAUg6l5N9KqpZbUUlbdCoXhiejHKFeOibD
3uopLOfZln4lYZMhk9B/A5KLG8X8Gotc/YtXIlLzP/5qrU5Koa1TnYvr8kctlP3i
RVwbYH0Ftzw=
=n1P3
-----END PGP SIGNATURE-----