Operating System:

[RedHat]

Published:

31 July 2020

Protect yourself against future threats.

//Service

Member Security Incident Notifications

Be proactive with your security and receive our daily Member Security Incident Notifications (MSINs) custom to your network.

Read more
Resources > Security Bulletins > ESB-2020.2617 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2617
                    kernel security and bug fix update
                               31 July 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kernel
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 7
                   Red Hat Enterprise Linux WS/Desktop 7
                   Red Hat Enterprise Linux Server 8
                   Red Hat Enterprise Linux WS/Desktop 8
Impact/Access:     Increased Privileges            -- Existing Account            
                   Execute Arbitrary Code/Commands -- Console/Physical            
                   Denial of Service               -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-15780 CVE-2020-12888 CVE-2020-12654
                   CVE-2020-12653 CVE-2020-10757 CVE-2020-10713
                   CVE-2019-20908 CVE-2019-19527 CVE-2019-11487

Reference:         ASB-2020.0136
                   ASB-2020.0135
                   ESB-2020.2593
                   ESB-2020.2503
                   ESB-2020.2500
                   ESB-2020.2499

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:3220
   https://access.redhat.com/errata/RHSA-2020:3224
   https://access.redhat.com/errata/RHSA-2020:3226
   https://access.redhat.com/errata/RHSA-2020:3228
   https://access.redhat.com/errata/RHSA-2020:3230
   https://access.redhat.com/errata/RHSA-2020:3232

Comment: This bulletin contains six (6) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2020:3220-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3220
Issue date:        2020-07-29
CVE Names:         CVE-2019-19527 CVE-2020-10757 CVE-2020-12653 
                   CVE-2020-12654 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* kernel: kernel: DAX hugepages not considered during mremap
(CVE-2020-10757)

* kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in
drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)

* kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function
in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)

* kernel: use-after-free caused by a malicious USB device in the
drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* RHEL7.7 - scsi: ibmvfc: Avoid loss of all paths during SVC node reboot
(BZ#1830889)

* [DELL EMC 7.8 BUG bnxt_en] Error messages related to hwrm observed for
BCM 57504 under dmesg in RHEL 7.8 (BZ#1834190)

* kernel: provide infrastructure to support dual-signing of the kernel
(foundation to help address CVE-2020-10713) (BZ#1837429)

* RHEL7.7 - Request: retrofit kernel commit f82b4b6 to RHEL 7.7/7.8 3.10
kernels. (BZ#1838602)

* kipmi thread high CPU consumption when performing BMC firmware upgrade
(BZ#1841825)

* RHEL7.7 - virtio-blk: fix hw_queue stopped on arbitrary error (kvm)
(BZ#1842994)

* rhel 7 infinite blocked waiting on inode_dio_wait in nfs (BZ#1845520)

* http request is taking more time for endpoint running on different host
via nodeport service (BZ#1847333)

* ext4: change LRU to round-robin in extent status tree shrinker
(BZ#1847343)

* libaio is returning duplicate events (BZ#1850055)

* After upgrade to 3.9.89 pod containers with CPU limits fail to start due
to cgroup error (BZ#1850500)

* Fix dpdk regression introduced by bz1837297 (BZ#1852245)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1783498 - CVE-2019-19527 kernel: use-after-free caused by a malicious USB device 
in the drivers/hid/usbhid/hiddev.c driver
1831868 - CVE-2020-12653 kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv 
function in drivers/net/wireless/marvell/mwifiex/scan.c
1832530 - CVE-2020-12654 kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status 
function in drivers/net/wireless/marvell/mwifiex/wmm.c
1842525 - CVE-2020-10757 kernel: kernel: DAX hugepages not considered during mremap

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
kernel-3.10.0-1127.18.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-1127.18.2.el7.noarch.rpm
kernel-doc-3.10.0-1127.18.2.el7.noarch.rpm

x86_64:
bpftool-3.10.0-1127.18.2.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debug-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-devel-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-headers-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-tools-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1127.18.2.el7.x86_64.rpm
perf-3.10.0-1127.18.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
python-perf-3.10.0-1127.18.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
bpftool-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1127.18.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
kernel-3.10.0-1127.18.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-1127.18.2.el7.noarch.rpm
kernel-doc-3.10.0-1127.18.2.el7.noarch.rpm

x86_64:
bpftool-3.10.0-1127.18.2.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debug-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-devel-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-headers-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-tools-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1127.18.2.el7.x86_64.rpm
perf-3.10.0-1127.18.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
python-perf-3.10.0-1127.18.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
bpftool-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1127.18.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
kernel-3.10.0-1127.18.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-1127.18.2.el7.noarch.rpm
kernel-doc-3.10.0-1127.18.2.el7.noarch.rpm

ppc64:
bpftool-3.10.0-1127.18.2.el7.ppc64.rpm
bpftool-debuginfo-3.10.0-1127.18.2.el7.ppc64.rpm
kernel-3.10.0-1127.18.2.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-1127.18.2.el7.ppc64.rpm
kernel-debug-3.10.0-1127.18.2.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1127.18.2.el7.ppc64.rpm
kernel-debug-devel-3.10.0-1127.18.2.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1127.18.2.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1127.18.2.el7.ppc64.rpm
kernel-devel-3.10.0-1127.18.2.el7.ppc64.rpm
kernel-headers-3.10.0-1127.18.2.el7.ppc64.rpm
kernel-tools-3.10.0-1127.18.2.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1127.18.2.el7.ppc64.rpm
kernel-tools-libs-3.10.0-1127.18.2.el7.ppc64.rpm
perf-3.10.0-1127.18.2.el7.ppc64.rpm
perf-debuginfo-3.10.0-1127.18.2.el7.ppc64.rpm
python-perf-3.10.0-1127.18.2.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1127.18.2.el7.ppc64.rpm

ppc64le:
bpftool-3.10.0-1127.18.2.el7.ppc64le.rpm
bpftool-debuginfo-3.10.0-1127.18.2.el7.ppc64le.rpm
kernel-3.10.0-1127.18.2.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-1127.18.2.el7.ppc64le.rpm
kernel-debug-3.10.0-1127.18.2.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1127.18.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1127.18.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1127.18.2.el7.ppc64le.rpm
kernel-devel-3.10.0-1127.18.2.el7.ppc64le.rpm
kernel-headers-3.10.0-1127.18.2.el7.ppc64le.rpm
kernel-tools-3.10.0-1127.18.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1127.18.2.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-1127.18.2.el7.ppc64le.rpm
perf-3.10.0-1127.18.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1127.18.2.el7.ppc64le.rpm
python-perf-3.10.0-1127.18.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1127.18.2.el7.ppc64le.rpm

s390x:
bpftool-3.10.0-1127.18.2.el7.s390x.rpm
bpftool-debuginfo-3.10.0-1127.18.2.el7.s390x.rpm
kernel-3.10.0-1127.18.2.el7.s390x.rpm
kernel-debug-3.10.0-1127.18.2.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-1127.18.2.el7.s390x.rpm
kernel-debug-devel-3.10.0-1127.18.2.el7.s390x.rpm
kernel-debuginfo-3.10.0-1127.18.2.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-1127.18.2.el7.s390x.rpm
kernel-devel-3.10.0-1127.18.2.el7.s390x.rpm
kernel-headers-3.10.0-1127.18.2.el7.s390x.rpm
kernel-kdump-3.10.0-1127.18.2.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-1127.18.2.el7.s390x.rpm
kernel-kdump-devel-3.10.0-1127.18.2.el7.s390x.rpm
perf-3.10.0-1127.18.2.el7.s390x.rpm
perf-debuginfo-3.10.0-1127.18.2.el7.s390x.rpm
python-perf-3.10.0-1127.18.2.el7.s390x.rpm
python-perf-debuginfo-3.10.0-1127.18.2.el7.s390x.rpm

x86_64:
bpftool-3.10.0-1127.18.2.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debug-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-devel-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-headers-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-tools-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1127.18.2.el7.x86_64.rpm
perf-3.10.0-1127.18.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
python-perf-3.10.0-1127.18.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
bpftool-debuginfo-3.10.0-1127.18.2.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1127.18.2.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1127.18.2.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1127.18.2.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1127.18.2.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-1127.18.2.el7.ppc64.rpm
perf-debuginfo-3.10.0-1127.18.2.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1127.18.2.el7.ppc64.rpm

ppc64le:
bpftool-debuginfo-3.10.0-1127.18.2.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1127.18.2.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-1127.18.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1127.18.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1127.18.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1127.18.2.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-1127.18.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1127.18.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1127.18.2.el7.ppc64le.rpm

x86_64:
bpftool-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1127.18.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
kernel-3.10.0-1127.18.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-1127.18.2.el7.noarch.rpm
kernel-doc-3.10.0-1127.18.2.el7.noarch.rpm

x86_64:
bpftool-3.10.0-1127.18.2.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debug-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-devel-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-headers-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-tools-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1127.18.2.el7.x86_64.rpm
perf-3.10.0-1127.18.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
python-perf-3.10.0-1127.18.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
bpftool-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1127.18.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1127.18.2.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-19527
https://access.redhat.com/security/cve/CVE-2020-10757
https://access.redhat.com/security/cve/CVE-2020-12653
https://access.redhat.com/security/cve/CVE-2020-12654
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/grub2bootloader

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXyG94tzjgjWX9erEAQiijw//eB+2T6RAHbxbGEG2QBtdpY5+czM/J4hb
wY0J1j8hA6bytTytjK9rQqTdA4E2N3ppi7XL2/MkHTHNmKnZuhnhsuqSkF+5M58w
UjyUV0gg9uQ0yuZuqPx8CO50o4u7NK4OVBKbjV3FzC9ic6zvfvtkZex3Mp8qkWj5
HeM8LAxAwugs/h05ZyOiNKWikyAvl3bbQz9K2rm1PIaSz9c+XXS44NafHVwxEcXc
Tf7WgAf8DzFLeChA4GUFBEw3377b37LWa2hFlw0qN1Bx03In7u2OH//KZLrNoEj+
cmHmpknk2NWnIC28/qCyBjP4784obpsjY7wZtZhqDJrTRVwgXHFtecR1DzK9SykK
6cBaVAuKo1KKFJdBg+pteIujyY2hQOR6B1QNX5dj8QXS22ByynVUL4ffAxZvoySP
UXRg0Oye5CsppMxC3otEUxB+CFnbvXftYLAvonAUK2YzXh6wae/t5wnqQNgpXns2
n847GOXr791eg0GBG/v2xs9NLuly1bRrEzBdvrY4I5pvl0QclvtAWg39/UuVINil
fk1qfZZBKtxE7/OW4u7Kctw/GFkxDVFe45mdGeySfK7jF9YeZ1n56fosNyvwV9N3
W/2B9u1b/28GzxGV2hmpxmH3mK8676HlmxOJOtsuG7V6D/fBEXyYliw5Pw9p7nLx
quc/TjMUh4Y=
=Uxvu
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2020:3224-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3224
Issue date:        2020-07-29
CVE Names:         CVE-2020-12653 CVE-2020-12654 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.7
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.7) - ppc64, ppc64le, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in
drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)

* kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function
in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* kernel: provide infrastructure to support dual-signing of the kernel
(foundation to help address CVE-2020-10713) (BZ#1837428)

* RHEL7.7 - Request: retrofit kernel commit f82b4b6 to RHEL 7.7/7.8 3.10
kernels. (BZ#1838601)

* Possible race condition updating the cfg structure in
__assign_irq_vector. (BZ#1854553)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1831868 - CVE-2020-12653 kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv 
function in drivers/net/wireless/marvell/mwifiex/scan.c
1832530 - CVE-2020-12654 kernel: heap-based buffer overflow in 
mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.7):

Source:
kernel-3.10.0-1062.31.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-1062.31.2.el7.noarch.rpm
kernel-doc-3.10.0-1062.31.2.el7.noarch.rpm

x86_64:
bpftool-3.10.0-1062.31.2.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-debug-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-devel-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-headers-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-tools-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.31.2.el7.x86_64.rpm
perf-3.10.0-1062.31.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm
python-perf-3.10.0-1062.31.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7):

x86_64:
bpftool-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.31.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.7):

Source:
kernel-3.10.0-1062.31.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-1062.31.2.el7.noarch.rpm
kernel-doc-3.10.0-1062.31.2.el7.noarch.rpm

ppc64:
bpftool-3.10.0-1062.31.2.el7.ppc64.rpm
bpftool-debuginfo-3.10.0-1062.31.2.el7.ppc64.rpm
kernel-3.10.0-1062.31.2.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-1062.31.2.el7.ppc64.rpm
kernel-debug-3.10.0-1062.31.2.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1062.31.2.el7.ppc64.rpm
kernel-debug-devel-3.10.0-1062.31.2.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1062.31.2.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1062.31.2.el7.ppc64.rpm
kernel-devel-3.10.0-1062.31.2.el7.ppc64.rpm
kernel-headers-3.10.0-1062.31.2.el7.ppc64.rpm
kernel-tools-3.10.0-1062.31.2.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1062.31.2.el7.ppc64.rpm
kernel-tools-libs-3.10.0-1062.31.2.el7.ppc64.rpm
perf-3.10.0-1062.31.2.el7.ppc64.rpm
perf-debuginfo-3.10.0-1062.31.2.el7.ppc64.rpm
python-perf-3.10.0-1062.31.2.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1062.31.2.el7.ppc64.rpm

ppc64le:
bpftool-3.10.0-1062.31.2.el7.ppc64le.rpm
bpftool-debuginfo-3.10.0-1062.31.2.el7.ppc64le.rpm
kernel-3.10.0-1062.31.2.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-1062.31.2.el7.ppc64le.rpm
kernel-debug-3.10.0-1062.31.2.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1062.31.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1062.31.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1062.31.2.el7.ppc64le.rpm
kernel-devel-3.10.0-1062.31.2.el7.ppc64le.rpm
kernel-headers-3.10.0-1062.31.2.el7.ppc64le.rpm
kernel-tools-3.10.0-1062.31.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1062.31.2.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-1062.31.2.el7.ppc64le.rpm
perf-3.10.0-1062.31.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1062.31.2.el7.ppc64le.rpm
python-perf-3.10.0-1062.31.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1062.31.2.el7.ppc64le.rpm

s390x:
bpftool-3.10.0-1062.31.2.el7.s390x.rpm
bpftool-debuginfo-3.10.0-1062.31.2.el7.s390x.rpm
kernel-3.10.0-1062.31.2.el7.s390x.rpm
kernel-debug-3.10.0-1062.31.2.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-1062.31.2.el7.s390x.rpm
kernel-debug-devel-3.10.0-1062.31.2.el7.s390x.rpm
kernel-debuginfo-3.10.0-1062.31.2.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-1062.31.2.el7.s390x.rpm
kernel-devel-3.10.0-1062.31.2.el7.s390x.rpm
kernel-headers-3.10.0-1062.31.2.el7.s390x.rpm
kernel-kdump-3.10.0-1062.31.2.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-1062.31.2.el7.s390x.rpm
kernel-kdump-devel-3.10.0-1062.31.2.el7.s390x.rpm
perf-3.10.0-1062.31.2.el7.s390x.rpm
perf-debuginfo-3.10.0-1062.31.2.el7.s390x.rpm
python-perf-3.10.0-1062.31.2.el7.s390x.rpm
python-perf-debuginfo-3.10.0-1062.31.2.el7.s390x.rpm

x86_64:
bpftool-3.10.0-1062.31.2.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-debug-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-devel-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-headers-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-tools-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.31.2.el7.x86_64.rpm
perf-3.10.0-1062.31.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm
python-perf-3.10.0-1062.31.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.7):

ppc64:
bpftool-debuginfo-3.10.0-1062.31.2.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1062.31.2.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1062.31.2.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1062.31.2.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1062.31.2.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-1062.31.2.el7.ppc64.rpm
perf-debuginfo-3.10.0-1062.31.2.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1062.31.2.el7.ppc64.rpm

ppc64le:
bpftool-debuginfo-3.10.0-1062.31.2.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1062.31.2.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-1062.31.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1062.31.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1062.31.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1062.31.2.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-1062.31.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1062.31.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1062.31.2.el7.ppc64le.rpm

x86_64:
bpftool-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.31.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.31.2.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-12653
https://access.redhat.com/security/cve/CVE-2020-12654
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/grub2bootloader

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXyHbptzjgjWX9erEAQha+Q/+OnY5fCK/88GVPKAAZXPk1+UHu9QdvAqN
YhoMrdV6/vNTBsq+6fOz8GaX4mnUnVRS5gb/WkzXVM7h1XkC5sa+FJobFYHZ7L+g
mcnlCO1+4/KT2seNR8A/jOVEMxDwbccvKprPUE6LLpqTRzcwJce5+8e31UBLiSR9
nH0alA6UxqSVzuDcFq+pNe7densCvbrmWBm/WGlsqv/ttAPUOrwQIxTiCJXBV/V2
WOZtpWMXknplUnZllKtYCPqVmoM4U/WMiAJDWf3ckHN7YHBrm/dnsfkb2C1y2BsO
+KHnQEx4cPLBS6X+EHb8bO4KKbmeo3qPUVJls2XeVbpt5X/5ta7oyaxKfbY9mEa0
WZDuL48/0umtsotw762FXPqDUgI0k5jNzj8ISn+U5on5VH5sNQmlqTo0sujYCgSw
Ro2VCq1vmAWByHu2nz80f7JRnnk1RWmoOE097llukn4U5Mue3jRu1uZxixBbmoVz
Cxfjc3C6vRpFHKFHTsJyTysU+Up1Z/7kiH4HGzJvXJPydaKknsmNsKsTl61gF8T5
jDbrS2MWOW+P2IslVkt/aNHgBFGA3UEEg7NkQo91artJ155k1JxfOaPrAup/mfs1
zFa9yd4NjXbQntZmNQu6t0sXlprACCW5X/5aO6KDeamu0/LrJaemNdZA0+RrfgIQ
MGtCaod82GI=
=HDwM
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2020:3226-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3226
Issue date:        2020-07-29
CVE Names:         CVE-2020-10757 CVE-2020-12653 CVE-2020-12654 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.6
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* kernel: kernel: DAX hugepages not considered during mremap
(CVE-2020-10757)

* kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in
drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)

* kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function
in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* kernel: provide infrastructure to support dual-signing of the kernel
(foundation to help address CVE-2020-10713) (BZ#1837427)

* Fix dpdk regression introduced by bz1837297 (BZ#1852775)

* Possible race condition updating the cfg structure in
__assign_irq_vector. (BZ#1854552)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1831868 - CVE-2020-12653 kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv 
function in drivers/net/wireless/marvell/mwifiex/scan.c
1832530 - CVE-2020-12654 kernel: heap-based buffer overflow in
 mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c
1842525 - CVE-2020-10757 kernel: kernel: DAX hugepages not considered during mremap

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.6):

Source:
kernel-3.10.0-957.58.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-957.58.2.el7.noarch.rpm
kernel-doc-3.10.0-957.58.2.el7.noarch.rpm

x86_64:
bpftool-3.10.0-957.58.2.el7.x86_64.rpm
kernel-3.10.0-957.58.2.el7.x86_64.rpm
kernel-debug-3.10.0-957.58.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-957.58.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-957.58.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.58.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.58.2.el7.x86_64.rpm
kernel-devel-3.10.0-957.58.2.el7.x86_64.rpm
kernel-headers-3.10.0-957.58.2.el7.x86_64.rpm
kernel-tools-3.10.0-957.58.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.58.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-957.58.2.el7.x86_64.rpm
perf-3.10.0-957.58.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.58.2.el7.x86_64.rpm
python-perf-3.10.0-957.58.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.58.2.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):

x86_64:
kernel-debug-debuginfo-3.10.0-957.58.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.58.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.58.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.58.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-957.58.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.58.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.58.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.6):

Source:
kernel-3.10.0-957.58.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-957.58.2.el7.noarch.rpm
kernel-doc-3.10.0-957.58.2.el7.noarch.rpm

ppc64:
kernel-3.10.0-957.58.2.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-957.58.2.el7.ppc64.rpm
kernel-debug-3.10.0-957.58.2.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-957.58.2.el7.ppc64.rpm
kernel-debug-devel-3.10.0-957.58.2.el7.ppc64.rpm
kernel-debuginfo-3.10.0-957.58.2.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-957.58.2.el7.ppc64.rpm
kernel-devel-3.10.0-957.58.2.el7.ppc64.rpm
kernel-headers-3.10.0-957.58.2.el7.ppc64.rpm
kernel-tools-3.10.0-957.58.2.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-957.58.2.el7.ppc64.rpm
kernel-tools-libs-3.10.0-957.58.2.el7.ppc64.rpm
perf-3.10.0-957.58.2.el7.ppc64.rpm
perf-debuginfo-3.10.0-957.58.2.el7.ppc64.rpm
python-perf-3.10.0-957.58.2.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-957.58.2.el7.ppc64.rpm

ppc64le:
kernel-3.10.0-957.58.2.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-957.58.2.el7.ppc64le.rpm
kernel-debug-3.10.0-957.58.2.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-957.58.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-957.58.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-957.58.2.el7.ppc64le.rpm
kernel-devel-3.10.0-957.58.2.el7.ppc64le.rpm
kernel-headers-3.10.0-957.58.2.el7.ppc64le.rpm
kernel-tools-3.10.0-957.58.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-957.58.2.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-957.58.2.el7.ppc64le.rpm
perf-3.10.0-957.58.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-957.58.2.el7.ppc64le.rpm
python-perf-3.10.0-957.58.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-957.58.2.el7.ppc64le.rpm

s390x:
kernel-3.10.0-957.58.2.el7.s390x.rpm
kernel-debug-3.10.0-957.58.2.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-957.58.2.el7.s390x.rpm
kernel-debug-devel-3.10.0-957.58.2.el7.s390x.rpm
kernel-debuginfo-3.10.0-957.58.2.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-957.58.2.el7.s390x.rpm
kernel-devel-3.10.0-957.58.2.el7.s390x.rpm
kernel-headers-3.10.0-957.58.2.el7.s390x.rpm
kernel-kdump-3.10.0-957.58.2.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-957.58.2.el7.s390x.rpm
kernel-kdump-devel-3.10.0-957.58.2.el7.s390x.rpm
perf-3.10.0-957.58.2.el7.s390x.rpm
perf-debuginfo-3.10.0-957.58.2.el7.s390x.rpm
python-perf-3.10.0-957.58.2.el7.s390x.rpm
python-perf-debuginfo-3.10.0-957.58.2.el7.s390x.rpm

x86_64:
bpftool-3.10.0-957.58.2.el7.x86_64.rpm
kernel-3.10.0-957.58.2.el7.x86_64.rpm
kernel-debug-3.10.0-957.58.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-957.58.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-957.58.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.58.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.58.2.el7.x86_64.rpm
kernel-devel-3.10.0-957.58.2.el7.x86_64.rpm
kernel-headers-3.10.0-957.58.2.el7.x86_64.rpm
kernel-tools-3.10.0-957.58.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.58.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-957.58.2.el7.x86_64.rpm
perf-3.10.0-957.58.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.58.2.el7.x86_64.rpm
python-perf-3.10.0-957.58.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.58.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.6):

ppc64:
kernel-debug-debuginfo-3.10.0-957.58.2.el7.ppc64.rpm
kernel-debuginfo-3.10.0-957.58.2.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-957.58.2.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-957.58.2.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-957.58.2.el7.ppc64.rpm
perf-debuginfo-3.10.0-957.58.2.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-957.58.2.el7.ppc64.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-957.58.2.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-957.58.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-957.58.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-957.58.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-957.58.2.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-957.58.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-957.58.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-957.58.2.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-957.58.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.58.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.58.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.58.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-957.58.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.58.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.58.2.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-10757
https://access.redhat.com/security/cve/CVE-2020-12653
https://access.redhat.com/security/cve/CVE-2020-12654
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/grub2bootloader

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXyHgktzjgjWX9erEAQigzg//QS/ziW+Ap+aZTSvrYiT2cfxQeqfd9oa/
3mnzKNlIPf5Sm1ZdW18dUmrdW+E0CLCNKdgqmpvlfhlFZBwxf5cGkYEaIssEOVSO
eW4mIZydtKcfuIG8edDGuaKTWe48ypRC1yN5eSwx7mE2V4FoPdAkxrplG6PP65jU
eO6+pR/5luvWQPkfc5WoqMJT0EGGO0NuhBuju45daCrrrYVGioB0LeyzOdIIBits
+fSkOggTOG3Kc0+dh0b5N5yMzjAwXIts+n8FV3V8GsivDRCEnuEYuKubuyiNPlz1
DEjSizP0Hbp39BNaQ19yjtW69oVHV4vHX4LrmTXiC92TZbCEWQRESCDs48xIIQDS
xq+81y7raoJUYmXLdLTdogcAnphIZFocVc/8SfeX1bKVmXAGDzaYVwSSiTcL9X4C
u3j8bfxV4zdTd9+FcLDLbxDsrqtNi8VqxRi7/3m/HRpzxoyUyEVnJAmQBxITbTww
zdDRLGF7rTNpT3COqYgGV8fXvCAnRdEn6UMzZUyqKifHyQPCZ76zi+UsZU2xMok4
2AnyaUQvyKBDpJOEBDHcISvHkFVJ2uPPbNy3ewud4+qW/HcO9F7XNnIXlRIeeQh/
saHYY6/EVqUEjFjj4OF+PNebDSfLKC9xATEZBIPln+ozai7JZqG5CSwNVkypqKJ5
UGzY4V8TK/Y=
=TSwi
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- ----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: kernel security and bug fix update
Advisory ID:       RHSA-2020:3228-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3228
Issue date:        2020-07-29
CVE Names:         CVE-2019-20908 CVE-2020-15780 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.0
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.0) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* kernel: lockdown: bypass through ACPI write via efivar_ssdt
(CVE-2019-20908)

* kernel: lockdown: bypass through ACPI write via acpi_configfs
(CVE-2020-15780)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* kernel: provide infrastructure to support dual-signing of the kernel
(foundation to help address CVE-2020-10713) (BZ#1837431)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1852942 - CVE-2019-20908 kernel: lockdown: bypass through ACPI write via efivar_ssdt
1852962 - CVE-2020-15780 kernel: lockdown: bypass through ACPI write via acpi_configfs

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.0):

Source:
kernel-4.18.0-80.27.2.el8_0.src.rpm

aarch64:
bpftool-4.18.0-80.27.2.el8_0.aarch64.rpm
bpftool-debuginfo-4.18.0-80.27.2.el8_0.aarch64.rpm
kernel-4.18.0-80.27.2.el8_0.aarch64.rpm
kernel-core-4.18.0-80.27.2.el8_0.aarch64.rpm
kernel-cross-headers-4.18.0-80.27.2.el8_0.aarch64.rpm
kernel-debug-4.18.0-80.27.2.el8_0.aarch64.rpm
kernel-debug-core-4.18.0-80.27.2.el8_0.aarch64.rpm
kernel-debug-debuginfo-4.18.0-80.27.2.el8_0.aarch64.rpm
kernel-debug-devel-4.18.0-80.27.2.el8_0.aarch64.rpm
kernel-debug-modules-4.18.0-80.27.2.el8_0.aarch64.rpm
kernel-debug-modules-extra-4.18.0-80.27.2.el8_0.aarch64.rpm
kernel-debuginfo-4.18.0-80.27.2.el8_0.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-80.27.2.el8_0.aarch64.rpm
kernel-devel-4.18.0-80.27.2.el8_0.aarch64.rpm
kernel-headers-4.18.0-80.27.2.el8_0.aarch64.rpm
kernel-modules-4.18.0-80.27.2.el8_0.aarch64.rpm
kernel-modules-extra-4.18.0-80.27.2.el8_0.aarch64.rpm
kernel-tools-4.18.0-80.27.2.el8_0.aarch64.rpm
kernel-tools-debuginfo-4.18.0-80.27.2.el8_0.aarch64.rpm
kernel-tools-libs-4.18.0-80.27.2.el8_0.aarch64.rpm
perf-4.18.0-80.27.2.el8_0.aarch64.rpm
perf-debuginfo-4.18.0-80.27.2.el8_0.aarch64.rpm
python3-perf-4.18.0-80.27.2.el8_0.aarch64.rpm
python3-perf-debuginfo-4.18.0-80.27.2.el8_0.aarch64.rpm

noarch:
kernel-abi-whitelists-4.18.0-80.27.2.el8_0.noarch.rpm
kernel-doc-4.18.0-80.27.2.el8_0.noarch.rpm

ppc64le:
bpftool-4.18.0-80.27.2.el8_0.ppc64le.rpm
bpftool-debuginfo-4.18.0-80.27.2.el8_0.ppc64le.rpm
kernel-4.18.0-80.27.2.el8_0.ppc64le.rpm
kernel-core-4.18.0-80.27.2.el8_0.ppc64le.rpm
kernel-cross-headers-4.18.0-80.27.2.el8_0.ppc64le.rpm
kernel-debug-4.18.0-80.27.2.el8_0.ppc64le.rpm
kernel-debug-core-4.18.0-80.27.2.el8_0.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-80.27.2.el8_0.ppc64le.rpm
kernel-debug-devel-4.18.0-80.27.2.el8_0.ppc64le.rpm
kernel-debug-modules-4.18.0-80.27.2.el8_0.ppc64le.rpm
kernel-debug-modules-extra-4.18.0-80.27.2.el8_0.ppc64le.rpm
kernel-debuginfo-4.18.0-80.27.2.el8_0.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-80.27.2.el8_0.ppc64le.rpm
kernel-devel-4.18.0-80.27.2.el8_0.ppc64le.rpm
kernel-headers-4.18.0-80.27.2.el8_0.ppc64le.rpm
kernel-modules-4.18.0-80.27.2.el8_0.ppc64le.rpm
kernel-modules-extra-4.18.0-80.27.2.el8_0.ppc64le.rpm
kernel-tools-4.18.0-80.27.2.el8_0.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-80.27.2.el8_0.ppc64le.rpm
kernel-tools-libs-4.18.0-80.27.2.el8_0.ppc64le.rpm
perf-4.18.0-80.27.2.el8_0.ppc64le.rpm
perf-debuginfo-4.18.0-80.27.2.el8_0.ppc64le.rpm
python3-perf-4.18.0-80.27.2.el8_0.ppc64le.rpm
python3-perf-debuginfo-4.18.0-80.27.2.el8_0.ppc64le.rpm

s390x:
bpftool-4.18.0-80.27.2.el8_0.s390x.rpm
bpftool-debuginfo-4.18.0-80.27.2.el8_0.s390x.rpm
kernel-4.18.0-80.27.2.el8_0.s390x.rpm
kernel-core-4.18.0-80.27.2.el8_0.s390x.rpm
kernel-cross-headers-4.18.0-80.27.2.el8_0.s390x.rpm
kernel-debug-4.18.0-80.27.2.el8_0.s390x.rpm
kernel-debug-core-4.18.0-80.27.2.el8_0.s390x.rpm
kernel-debug-debuginfo-4.18.0-80.27.2.el8_0.s390x.rpm
kernel-debug-devel-4.18.0-80.27.2.el8_0.s390x.rpm
kernel-debug-modules-4.18.0-80.27.2.el8_0.s390x.rpm
kernel-debug-modules-extra-4.18.0-80.27.2.el8_0.s390x.rpm
kernel-debuginfo-4.18.0-80.27.2.el8_0.s390x.rpm
kernel-debuginfo-common-s390x-4.18.0-80.27.2.el8_0.s390x.rpm
kernel-devel-4.18.0-80.27.2.el8_0.s390x.rpm
kernel-headers-4.18.0-80.27.2.el8_0.s390x.rpm
kernel-modules-4.18.0-80.27.2.el8_0.s390x.rpm
kernel-modules-extra-4.18.0-80.27.2.el8_0.s390x.rpm
kernel-tools-4.18.0-80.27.2.el8_0.s390x.rpm
kernel-tools-debuginfo-4.18.0-80.27.2.el8_0.s390x.rpm
kernel-zfcpdump-4.18.0-80.27.2.el8_0.s390x.rpm
kernel-zfcpdump-core-4.18.0-80.27.2.el8_0.s390x.rpm
kernel-zfcpdump-debuginfo-4.18.0-80.27.2.el8_0.s390x.rpm
kernel-zfcpdump-devel-4.18.0-80.27.2.el8_0.s390x.rpm
kernel-zfcpdump-modules-4.18.0-80.27.2.el8_0.s390x.rpm
kernel-zfcpdump-modules-extra-4.18.0-80.27.2.el8_0.s390x.rpm
perf-4.18.0-80.27.2.el8_0.s390x.rpm
perf-debuginfo-4.18.0-80.27.2.el8_0.s390x.rpm
python3-perf-4.18.0-80.27.2.el8_0.s390x.rpm
python3-perf-debuginfo-4.18.0-80.27.2.el8_0.s390x.rpm

x86_64:
bpftool-4.18.0-80.27.2.el8_0.x86_64.rpm
bpftool-debuginfo-4.18.0-80.27.2.el8_0.x86_64.rpm
kernel-4.18.0-80.27.2.el8_0.x86_64.rpm
kernel-core-4.18.0-80.27.2.el8_0.x86_64.rpm
kernel-cross-headers-4.18.0-80.27.2.el8_0.x86_64.rpm
kernel-debug-4.18.0-80.27.2.el8_0.x86_64.rpm
kernel-debug-core-4.18.0-80.27.2.el8_0.x86_64.rpm
kernel-debug-debuginfo-4.18.0-80.27.2.el8_0.x86_64.rpm
kernel-debug-devel-4.18.0-80.27.2.el8_0.x86_64.rpm
kernel-debug-modules-4.18.0-80.27.2.el8_0.x86_64.rpm
kernel-debug-modules-extra-4.18.0-80.27.2.el8_0.x86_64.rpm
kernel-debuginfo-4.18.0-80.27.2.el8_0.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-80.27.2.el8_0.x86_64.rpm
kernel-devel-4.18.0-80.27.2.el8_0.x86_64.rpm
kernel-headers-4.18.0-80.27.2.el8_0.x86_64.rpm
kernel-modules-4.18.0-80.27.2.el8_0.x86_64.rpm
kernel-modules-extra-4.18.0-80.27.2.el8_0.x86_64.rpm
kernel-tools-4.18.0-80.27.2.el8_0.x86_64.rpm
kernel-tools-debuginfo-4.18.0-80.27.2.el8_0.x86_64.rpm
kernel-tools-libs-4.18.0-80.27.2.el8_0.x86_64.rpm
perf-4.18.0-80.27.2.el8_0.x86_64.rpm
perf-debuginfo-4.18.0-80.27.2.el8_0.x86_64.rpm
python3-perf-4.18.0-80.27.2.el8_0.x86_64.rpm
python3-perf-debuginfo-4.18.0-80.27.2.el8_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-20908
https://access.redhat.com/security/cve/CVE-2020-15780
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/vulnerabilities/grub2bootloader

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXyHZitzjgjWX9erEAQjaQQ//QNVwsYkZBClZ8b+nKILTnGTpX8HVNaYN
HqnkWVoDMesggS9PrJr/jyrZCkmZA80mkxNRs0QxpM5El3pUW08YfVJ49itSYZxU
s4qWCtfrJYDUCL8hpVy5RlhJ1tdyOpz4lp/tgTI9DWqITsVNJSK4jog8KFa/MiDP
LsVqHjqqWRRMLsfXeJAWgfLAuWE5inz9RtnR/+X3uUxWBpdM74b/qvj3aLOiqZ6C
MG/440RgOLoqN3To2P4f6AbtO84FFVDEIqQnRfReX1mFUExRauEpS/QHvAPkUYG6
2wQd5r3LHaOHXVeRIL+SBsa7m81ddJobMRrzmhOBKvVMUVBPrV3UdFFEArvgiuM/
5k7+MJwQbB2kOUJHtTl0/X7RyNvL8iY3AcT51n7+drVykTwCRYk9fwgdD8rZrb7g
jizsPNukN7Ie8qYxGkIHzUd6bnM88lZVTmMvHVGylgR3vLQizPBjO/zQkijfAu46
L73FDmtunl61DWvxTLklnCzSp7L9V6CqADOM+jg2uIfR8dkyuSjaJN4bOligrlRt
y1KFkIBkL06KUBeKTmAr+LA5PujyfYzhjspje28eFLo1HH5GyLaischhyNiRwsxJ
WFSor8HwTaKsObmzZ1l2Vt72fWI0dz4Qg9211Z8W8JkQ04grJzeVC7046gQ5H9kS
zwRw+QGhukQ=
=kiaY
- -----END PGP SIGNATURE-----


- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2020:3230-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3230
Issue date:        2020-07-29
CVE Names:         CVE-2019-11487 CVE-2020-12888 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.4
Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update
Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP
Solutions.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64
Red Hat Enterprise Linux Server E4S (v. 7.4) - noarch, ppc64le, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64
Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64
Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64
Red Hat Enterprise Linux Server TUS (v. 7.4) - noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* kernel: Count overflow in FUSE request leading to use-after-free issues.
(CVE-2019-11487)

* Kernel: vfio: access to disabled MMIO space of some devices may lead to
DoS scenario (CVE-2020-12888)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* kernel: provide infrastructure to support dual-signing of the kernel
(foundation to help address CVE-2020-10713) (BZ#1837426)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1703063 - CVE-2019-11487 kernel: Count overflow in FUSE request leading to use-after-free
 issues.
1836244 - CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices
 may lead to DoS scenario

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.4):

Source:
kernel-3.10.0-693.71.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-693.71.2.el7.noarch.rpm
kernel-doc-3.10.0-693.71.2.el7.noarch.rpm

x86_64:
kernel-3.10.0-693.71.2.el7.x86_64.rpm
kernel-debug-3.10.0-693.71.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.71.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.71.2.el7.x86_64.rpm
kernel-devel-3.10.0-693.71.2.el7.x86_64.rpm
kernel-headers-3.10.0-693.71.2.el7.x86_64.rpm
kernel-tools-3.10.0-693.71.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.71.2.el7.x86_64.rpm
perf-3.10.0-693.71.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
python-perf-3.10.0-693.71.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.4):

Source:
kernel-3.10.0-693.71.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-693.71.2.el7.noarch.rpm
kernel-doc-3.10.0-693.71.2.el7.noarch.rpm

ppc64le:
kernel-3.10.0-693.71.2.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-693.71.2.el7.ppc64le.rpm
kernel-debug-3.10.0-693.71.2.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-693.71.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-693.71.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-693.71.2.el7.ppc64le.rpm
kernel-devel-3.10.0-693.71.2.el7.ppc64le.rpm
kernel-headers-3.10.0-693.71.2.el7.ppc64le.rpm
kernel-tools-3.10.0-693.71.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-693.71.2.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-693.71.2.el7.ppc64le.rpm
perf-3.10.0-693.71.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-693.71.2.el7.ppc64le.rpm
python-perf-3.10.0-693.71.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-693.71.2.el7.ppc64le.rpm

x86_64:
kernel-3.10.0-693.71.2.el7.x86_64.rpm
kernel-debug-3.10.0-693.71.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.71.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.71.2.el7.x86_64.rpm
kernel-devel-3.10.0-693.71.2.el7.x86_64.rpm
kernel-headers-3.10.0-693.71.2.el7.x86_64.rpm
kernel-tools-3.10.0-693.71.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.71.2.el7.x86_64.rpm
perf-3.10.0-693.71.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
python-perf-3.10.0-693.71.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.4):

Source:
kernel-3.10.0-693.71.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-693.71.2.el7.noarch.rpm
kernel-doc-3.10.0-693.71.2.el7.noarch.rpm

x86_64:
kernel-3.10.0-693.71.2.el7.x86_64.rpm
kernel-debug-3.10.0-693.71.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.71.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.71.2.el7.x86_64.rpm
kernel-devel-3.10.0-693.71.2.el7.x86_64.rpm
kernel-headers-3.10.0-693.71.2.el7.x86_64.rpm
kernel-tools-3.10.0-693.71.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.71.2.el7.x86_64.rpm
perf-3.10.0-693.71.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
python-perf-3.10.0-693.71.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.4):

x86_64:
kernel-debug-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.71.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.71.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.4):

ppc64le:
kernel-debug-debuginfo-3.10.0-693.71.2.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-693.71.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-693.71.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-693.71.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-693.71.2.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-693.71.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-693.71.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-693.71.2.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.71.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.71.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 7.4):

x86_64:
kernel-debug-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.71.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.71.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.71.2.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-11487
https://access.redhat.com/security/cve/CVE-2020-12888
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/grub2bootloader

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXyHtO9zjgjWX9erEAQiF7g/+PQ2n8eVVNvAzmCpGa+eQP/HtYQ9biewa
KhaIWieRV8jRdYIZZxydZuZebIii473B68/1qkzT1LawDUSyCRUCoMj1N7KOY/X9
yjo8+tKK+SrKx2hzsra2pUyhy5YX6O2znmkERaS83cdPgmnIthxA4mQG6LuwUYDt
94IKfrW+ojFV3kSzyKh/7lZx44roYlv+HIOnvNqjmv4O3ITuPxSRSV86vGVIG2za
QwxQQJEApqDEUJt8y3h7PuCXCfGocjCXbe4UVXSSMnxAXntwDMifSl19+fQYenzo
VdngNuPvmog8rVQcAkYqSC/ZqxDP8uyBmSpLBAclbfiv7nYpNuMIdKTGByI12n6z
RP2cmtbz+tXjmZmlY4rPvC5xicdMj95VeYVK9Yrz3MJQPx6Er3f1VZtBvJ2zonEj
z4IN0WIFxqN2aZRtG7wIKrR+JT4T9SB4YMRFsLY5Wu/kw0h36omiQ1AqEQmFOJbs
KBtLlL3YLBf4NeppIdlAVvW1Qlz+PgApm21yhWr6vnj7pMgqRxLJBfCDPk+dzkpp
gsFa4jNM3VVlka7HnThAjyIefZrwt3WyKke6dpbwbrnkwXY3bm7JlVqLSPyJyuym
q7/bhc5TfKJOfnrREqHBrzIyJhSVVrRcsjz4VPOKSe+wfgLEN2jx6oUJx3xoXpFQ
GN0XIvti1yM=
=dZgD
- -----END PGP SIGNATURE-----


- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2020:3232-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3232
Issue date:        2020-07-29
CVE Names:         CVE-2020-12653 CVE-2020-12654 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.2
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in
drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)

* kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function
in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* kernel: provide infrastructure to support dual-signing of the kernel
(foundation to help address CVE-2020-10713) (BZ#1837424)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1831868 - CVE-2020-12653 kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function
 in drivers/net/wireless/marvell/mwifiex/scan.c
1832530 - CVE-2020-12654 kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status 
function in drivers/net/wireless/marvell/mwifiex/wmm.c

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.2):

Source:
kernel-3.10.0-327.90.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-327.90.2.el7.noarch.rpm
kernel-doc-3.10.0-327.90.2.el7.noarch.rpm

x86_64:
kernel-3.10.0-327.90.2.el7.x86_64.rpm
kernel-debug-3.10.0-327.90.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-327.90.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-327.90.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.90.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.90.2.el7.x86_64.rpm
kernel-devel-3.10.0-327.90.2.el7.x86_64.rpm
kernel-headers-3.10.0-327.90.2.el7.x86_64.rpm
kernel-tools-3.10.0-327.90.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.90.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-327.90.2.el7.x86_64.rpm
perf-3.10.0-327.90.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.90.2.el7.x86_64.rpm
python-perf-3.10.0-327.90.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.90.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.2):

x86_64:
kernel-debug-debuginfo-3.10.0-327.90.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.90.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.90.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.90.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-327.90.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.90.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.90.2.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-12653
https://access.redhat.com/security/cve/CVE-2020-12654
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/grub2bootloader

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXyHsDdzjgjWX9erEAQgN5Q/9EsrWbwAoYiPAhMe0KKEr3hz2HmRPwoyH
FKmCsTcLSRsIS8OkdIs17+/KRC+JXbAI++blDnauk8sgsvXhT2PgthpQGzSjMQHt
ADr3YQSSEphKWFrOBPMPgHaPY0G5nggKhCYp5caE60x9rNdaINVGTgWLDaUnC3v7
AeB7B8GCcUrcKjrT3SZDv3AG/RvF0bBdQV66v06bvgxgyvbIR4vSvsq3rwt8teRq
pNLcOsa6pBOXcqhI18+wciio9SYb6YVnt7XbyIXkvvbho4I1TzvgMRcTo8HC883W
PrYG9fAsVnl5zcs51EI12FO6OhcluA2YPAv8XEHTETscDAMNF4MlGFqJf91VValy
vR3JXuB1fOfKisbdTk620h3V5B8G5z6XyAyDI+NQeN8GuR7EmvPyUHgIf8vPVYll
ceSXHjiDgWQ6ZmCUN4JAlBATyFQXb4ownCHONgzJcVM5z5anNL4dJVO8VQuGQmpf
inM42aIBLfe2J3slpFWu7rsdZmS7V4AkBfpqEhrGOsnVo6gf6r1LhlcGYrPWlEJU
8EnZy+iCAk5yc3Xubc9mPNu+HprIfJmrpfrQPuuRgD8Z15Ad9J0My0Qabu96OraA
MF0xBbDrMAR9diIH6qsY/Nbzik5IN3sqFDAkJW2ZCh4c7MUx8Bg5APfWw8LeJzeP
ba9nbL8mdhI=
=PnY4
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXyOc2+NLKJtyKPYoAQgkkRAAqb8QlUYW6ZxCqgW+B4IcUE1Ezxzi6Qpl
DwMH/IPd2E+SK1+4gciudzczctRl0UaRp+6NhBlWM3w4fTlJkoBTEEiNMYhyYqS9
voAiTFLFADKXEMgWepA0DpayzCp7x6GBHDVsNtYl+kswP+t7NA0tlhoBa1LWRhEW
ZPC8ulJhJREWUyFFS2jXpnwLZVqsqGGxHQO/3p9oy1Tj+fpTPckxbcvkf/PY+fi5
y+EgN+CxhJVsmr+pgFOM3sM/yjWuI3oaHhpbrvdrAVu9H3cnKZT6kLo9+pqM3lLQ
keE65Z6dKip5v2dbsxyIzOTI/Eh4J/GQOqOZnHMnGzjDjMhM2mysPRRuGyMjL9nE
U3/iI7khHtB986vr9ydKMJRlkP+VcTktcWhut0yNOQDHwwfAcAjv6SgVHBE5L3nZ
KHkcUU/GSFMn+D+BEfuE+DKrRGAap1wDulENPN7SfuZiFgdxVO1quNRlhbkovFT3
wOzRFhWW4KYdRwwQdh67E/pgIH8nT5Ul5WUwIt/o1TQieSuYqfQbvn+CI+0oLXDM
H3dvFNE8grHuyhQZV5YfmnmE6lG+nb0fn5puJHuNZ5+KCRYI8YZ4ybI8OCfpyonO
2gKhT3+yFpm+OwEO39njmQVaYHe0PA61y0MuaDPsmmo47h4mQAXFxX81lVSCtikX
i1EfaScaIVg=
=vzL2
-----END PGP SIGNATURE-----