Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.2322 kernel-alt security and bug fix update 8 July 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel-alt Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux WS/Desktop 7 Impact/Access: Root Compromise -- Existing Account Increased Privileges -- Existing Account Access Privileged Data -- Existing Account Denial of Service -- Existing Account Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-12888 CVE-2020-11565 CVE-2020-10720 CVE-2020-8834 CVE-2019-20636 CVE-2019-19767 CVE-2019-19062 CVE-2019-18808 CVE-2019-15917 CVE-2019-11811 CVE-2019-9458 CVE-2018-16884 Reference: ESB-2020.2180 ESB-2020.1830.2 ESB-2020.1779.3 ESB-2020.1768.2 Original Bulletin: https://access.redhat.com/errata/RHSA-2020:2854 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-alt security and bug fix update Advisory ID: RHSA-2020:2854-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2854 Issue date: 2020-07-07 CVE Names: CVE-2018-16884 CVE-2019-9458 CVE-2019-11811 CVE-2019-15917 CVE-2019-18808 CVE-2019-19062 CVE-2019-19767 CVE-2019-20636 CVE-2020-8834 CVE-2020-10720 CVE-2020-11565 CVE-2020-12888 ===================================================================== 1. Summary: An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le 3. Description: The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es): * kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884) * Kernel: ppc: kvm: conflicting use of HSTATE_HOST_R1 to store r1 state leads to host stack corruption (CVE-2020-8834) * Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888) * kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458) * kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811) * kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917) * kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c (CVE-2019-18808) * kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c (CVE-2019-19767) * kernel: an out-of-bounds write via crafted keycode table (CVE-2019-20636) * kernel: use-after-free read in napi_gro_frags() in the Linux kernel (CVE-2020-10720) * kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565) * kernel: A memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for a DoS (CVE-2019-19062) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * XFS: Metadata corruption detected at xfs_attr3_leaf_read_verify [rhel-alt-7.6.z] (BZ#1830836) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1660375 - CVE-2018-16884 kernel: nfs: use-after-free in svc_process_common() 1709180 - CVE-2019-11811 kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c 1760100 - CVE-2019-15917 kernel: use-after-free in drivers/bluetooth/hci_ldisc.c 1775021 - CVE-2019-19062 kernel: A memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for a DoS 1777418 - CVE-2019-18808 kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c 1781204 - CVE-2020-10720 kernel: use-after-free read in napi_gro_frags() in the Linux kernel 1786160 - CVE-2019-19767 kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c 1819377 - CVE-2019-9458 kernel: use after free due to race condition in the video driver leads to local privilege escalation 1819615 - CVE-2020-8834 Kernel: ppc: kvm: conflicting use of HSTATE_HOST_R1 to store r1 state leads to host stack corruption 1824059 - CVE-2019-20636 kernel: an out-of-bounds write via crafted keycode table 1824918 - CVE-2020-11565 kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c 1836244 - CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario 6. Package List: Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: kernel-alt-4.14.0-115.26.1.el7a.src.rpm aarch64: kernel-4.14.0-115.26.1.el7a.aarch64.rpm kernel-debug-4.14.0-115.26.1.el7a.aarch64.rpm kernel-debug-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm kernel-debug-devel-4.14.0-115.26.1.el7a.aarch64.rpm kernel-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm kernel-debuginfo-common-aarch64-4.14.0-115.26.1.el7a.aarch64.rpm kernel-devel-4.14.0-115.26.1.el7a.aarch64.rpm kernel-headers-4.14.0-115.26.1.el7a.aarch64.rpm kernel-tools-4.14.0-115.26.1.el7a.aarch64.rpm kernel-tools-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm kernel-tools-libs-4.14.0-115.26.1.el7a.aarch64.rpm perf-4.14.0-115.26.1.el7a.aarch64.rpm perf-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm python-perf-4.14.0-115.26.1.el7a.aarch64.rpm python-perf-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm noarch: kernel-abi-whitelists-4.14.0-115.26.1.el7a.noarch.rpm kernel-doc-4.14.0-115.26.1.el7a.noarch.rpm ppc64le: kernel-4.14.0-115.26.1.el7a.ppc64le.rpm kernel-bootwrapper-4.14.0-115.26.1.el7a.ppc64le.rpm kernel-debug-4.14.0-115.26.1.el7a.ppc64le.rpm kernel-debug-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm kernel-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.14.0-115.26.1.el7a.ppc64le.rpm kernel-devel-4.14.0-115.26.1.el7a.ppc64le.rpm kernel-headers-4.14.0-115.26.1.el7a.ppc64le.rpm kernel-tools-4.14.0-115.26.1.el7a.ppc64le.rpm kernel-tools-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm kernel-tools-libs-4.14.0-115.26.1.el7a.ppc64le.rpm perf-4.14.0-115.26.1.el7a.ppc64le.rpm perf-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm python-perf-4.14.0-115.26.1.el7a.ppc64le.rpm python-perf-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm s390x: kernel-4.14.0-115.26.1.el7a.s390x.rpm kernel-debug-4.14.0-115.26.1.el7a.s390x.rpm kernel-debug-debuginfo-4.14.0-115.26.1.el7a.s390x.rpm kernel-debug-devel-4.14.0-115.26.1.el7a.s390x.rpm kernel-debuginfo-4.14.0-115.26.1.el7a.s390x.rpm kernel-debuginfo-common-s390x-4.14.0-115.26.1.el7a.s390x.rpm kernel-devel-4.14.0-115.26.1.el7a.s390x.rpm kernel-headers-4.14.0-115.26.1.el7a.s390x.rpm kernel-kdump-4.14.0-115.26.1.el7a.s390x.rpm kernel-kdump-debuginfo-4.14.0-115.26.1.el7a.s390x.rpm kernel-kdump-devel-4.14.0-115.26.1.el7a.s390x.rpm perf-4.14.0-115.26.1.el7a.s390x.rpm perf-debuginfo-4.14.0-115.26.1.el7a.s390x.rpm python-perf-4.14.0-115.26.1.el7a.s390x.rpm python-perf-debuginfo-4.14.0-115.26.1.el7a.s390x.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: kernel-debug-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm kernel-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm kernel-debuginfo-common-aarch64-4.14.0-115.26.1.el7a.aarch64.rpm kernel-tools-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm kernel-tools-libs-devel-4.14.0-115.26.1.el7a.aarch64.rpm perf-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm python-perf-debuginfo-4.14.0-115.26.1.el7a.aarch64.rpm noarch: kernel-doc-4.14.0-115.26.1.el7a.noarch.rpm ppc64le: kernel-debug-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm kernel-debug-devel-4.14.0-115.26.1.el7a.ppc64le.rpm kernel-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.14.0-115.26.1.el7a.ppc64le.rpm kernel-tools-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm kernel-tools-libs-devel-4.14.0-115.26.1.el7a.ppc64le.rpm perf-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm python-perf-debuginfo-4.14.0-115.26.1.el7a.ppc64le.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-16884 https://access.redhat.com/security/cve/CVE-2019-9458 https://access.redhat.com/security/cve/CVE-2019-11811 https://access.redhat.com/security/cve/CVE-2019-15917 https://access.redhat.com/security/cve/CVE-2019-18808 https://access.redhat.com/security/cve/CVE-2019-19062 https://access.redhat.com/security/cve/CVE-2019-19767 https://access.redhat.com/security/cve/CVE-2019-20636 https://access.redhat.com/security/cve/CVE-2020-8834 https://access.redhat.com/security/cve/CVE-2020-10720 https://access.redhat.com/security/cve/CVE-2020-11565 https://access.redhat.com/security/cve/CVE-2020-12888 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXwR2VtzjgjWX9erEAQioXRAAgGE4sBiAIHtKC+PW9SPzn5Casw7FUvkC uIfknM5Hk5I3ohpa9uH3hy9Br6rLpPrk4fgWCXSpUV3H8TFvUlzF4mR2wxIsS43o vn0GMsYUeSPWjISTalWtqemwq5TYxVfBMp6lQ27HUHOIhbffiokP6sQhH/qbu4Mm rsgU1GvDG+KeEKKuUd1btEBsKVIoZ8/sxKzU9r/hUaGFf2+dd3TBoImCsN6aiu9l 5V9NFYt4Joc8AGgO1VUZP1YLh4gX9nwtM6iG4eCpx7snlAJlPio5LhadHeNZKOky 8CyTVSLEwIVRMWWTBSLlVpzWpRo8LYLcP/GS7ssj5zFeFD0xFynttcdCyqJ1y5D2 kb3f9T2ENWtcdNf90nQpUFzhXOABYvxJI0N3sgVzC0IuAIkEEbjVeqQadNfXdIgQ vul5m9v/Dh2nShyKwTSL1GbNdCDSVEGnDxMGbim9Dn+qzjYtexsWqZaPbnTLq8Ff wRtW7ulY8w0ky+nKpdaSMvbfaP0hKIzXXRm80WaU0/HRCRdohfbABjj7hF7M7h6t 1Fuc6AvrcjrPzT69Crde3kT27p8EQOe/i6AyzwDv8Ccd6V3HYWB12bU0fMpa1ekL v7oDPyLXBVXyEIEGzkPpOyaoQ4qVxDkEXHHx/7UkuQBoN6zULWQC98YldCoM8l4B 0di6aVxR9aQ= =jdjK - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXwVSoeNLKJtyKPYoAQgnRRAAjSJ4vwlvNtfYXaXSsK2Y5iFstcXCeBct tffpiyiLVc+45RkVawBW6Besmgp4evPnxI0QuiffZDV/mgj2zLZI6bWa3aKhPWzT 906S5+Xb+kiWfhetSt1ucuZr4iZ+X+FJDyIA4+lEKLZlYNsRwC1ZGmYUulFmdseP c8llJpZiVk1oWOgam831PAF85yr1w/2scJzhI8l8aHk+jAUIqQ4KjsgGM/SQVZiS gWJO1Oh5cDPXyWtbLNPRbAtkjmudGlqSjYmPl9UoACWfPCFPNeT3CPm/4zgn/gBz XlsMwLSwcCEsqc34zsxWSItWRykV5tB0VmI50ma6RSSg0NuhS27dDPKejWzb+aIL ZSNdrwMdbM2ZZzEb1N4ZEim5Om6tIqlh8PbLTq4WVLPx5LDC/9EoCdNnXXMnLGLv x/+tuXdJdSH9sblM+xgom484IkakVfCpUmI+YcFK1+j819bp6ZvD1FvLB2E5W2MY r+9FG1LqEC5TLEraIR/r2DHZsjGCBkz4D22xNYwdy9+6ieJ+Oy5tWIAxz4n3Faw3 cnaLtBvHBQUj2GHAYUNDzVq0f3R8bUSAUg6l5N9KqpZbUUlbdCoXhiejHKFeOibD 3uopLOfZln4lYZMhk9B/A5KLG8X8Gotc/YtXIlLzP/5qrU5Koa1TnYvr8kctlP3i RVwbYH0Ftzw= =n1P3 -----END PGP SIGNATURE-----