-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.4019
             kernel and kernel-rt security and bug fix update
                             12 November 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kernel
                   kernel-rt
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Increased Privileges -- Existing Account
                   Denial of Service    -- Existing Account
                   Reduced Security     -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-14331 CVE-2019-20811 

Reference:         ESB-2020.3775
                   ESB-2020.3596
                   ESB-2020.3341
                   ESB-2020.3126

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:5023
   https://access.redhat.com/errata/RHSA-2020:5026

Comment: This bulletin contains two (2) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: kernel security and bug fix update
Advisory ID:       RHSA-2020:5023-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:5023
Issue date:        2020-11-10
CVE Names:         CVE-2019-20811 CVE-2020-14331 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* kernel: buffer over write in vgacon_scroll (CVE-2020-14331)

* kernel: net-sysfs: *_queue_add_kobject refcount issue (CVE-2019-20811)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* [OSP13,mlx5] SRIOV VF still sending traffic when PF is down (BZ#1733181)

* gpf panic in virtio_check_driver_offered_fxature+6 when running sg_inq on
a dm map for a lost virtio_blk (BZ#1811893)

* GPF panic in qlt_free_session_done+626 (BZ#1826127)

* [ Brazos ] "Core(s) per socket" and "Socket" values are interchanged in
lscpu output. (kernel) (BZ#1826306)

* megaraid Aero: call trace observed during reboots (BZ#1828312)

* Crash in mptscsih_io_done() due to buffer overrun in sense_buf_pool
(BZ#1829803)

* The qedf driver fails to re-establish the online F/C port state when the
downstream F/C port is toggled unless a LIP is forced (BZ#1836443)

* tcp_fragment() limit causes packet drop under normal TCP load
(BZ#1847765)

* ip link command shows state as UNKNOWN for MACVLAN interface (BZ#1848950)

* Lenovo TS 7Z60 Cooper Lake: PCI BAR firmware bug (BZ#1849223)

* [RHEL-7/mlx4]  ipoib_flush ipoib_ib_dev_flush_light [ib_ipoib]
(BZ#1858707)

* Uprobes crashes processes under GDB - SIGTRAP and SIGSEGV (BZ#1861396)

* kernel-3.10.0-1127.19.1.el7.x86_64 crashes after an SSH connection
attempt when running as a Xen PV guest on AMD Epyc Rome (BZ#1882468)

* Null ptr deref after nf_reinject->nf_queue_entry_release_refs hits
Attempt to release error doing inet_sock_destruct() (BZ#1885682)

Users of kernel are advised to upgrade to these updated packages, which fix
these bugs.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1846439 - CVE-2019-20811 kernel: net-sysfs: *_queue_add_kobject refcount issue
1858679 - CVE-2020-14331 kernel: kernel: buffer over write in vgacon_scroll

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
kernel-3.10.0-1160.6.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-1160.6.1.el7.noarch.rpm
kernel-doc-3.10.0-1160.6.1.el7.noarch.rpm

x86_64:
bpftool-3.10.0-1160.6.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debug-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-devel-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-headers-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-tools-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.6.1.el7.x86_64.rpm
perf-3.10.0-1160.6.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
python-perf-3.10.0-1160.6.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
bpftool-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.6.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
kernel-3.10.0-1160.6.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-1160.6.1.el7.noarch.rpm
kernel-doc-3.10.0-1160.6.1.el7.noarch.rpm

x86_64:
bpftool-3.10.0-1160.6.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debug-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-devel-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-headers-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-tools-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.6.1.el7.x86_64.rpm
perf-3.10.0-1160.6.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
python-perf-3.10.0-1160.6.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
bpftool-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.6.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
kernel-3.10.0-1160.6.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-1160.6.1.el7.noarch.rpm
kernel-doc-3.10.0-1160.6.1.el7.noarch.rpm

ppc64:
bpftool-3.10.0-1160.6.1.el7.ppc64.rpm
bpftool-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm
kernel-3.10.0-1160.6.1.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-1160.6.1.el7.ppc64.rpm
kernel-debug-3.10.0-1160.6.1.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm
kernel-debug-devel-3.10.0-1160.6.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1160.6.1.el7.ppc64.rpm
kernel-devel-3.10.0-1160.6.1.el7.ppc64.rpm
kernel-headers-3.10.0-1160.6.1.el7.ppc64.rpm
kernel-tools-3.10.0-1160.6.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm
kernel-tools-libs-3.10.0-1160.6.1.el7.ppc64.rpm
perf-3.10.0-1160.6.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm
python-perf-3.10.0-1160.6.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm

ppc64le:
bpftool-3.10.0-1160.6.1.el7.ppc64le.rpm
bpftool-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm
kernel-3.10.0-1160.6.1.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-1160.6.1.el7.ppc64le.rpm
kernel-debug-3.10.0-1160.6.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1160.6.1.el7.ppc64le.rpm
kernel-devel-3.10.0-1160.6.1.el7.ppc64le.rpm
kernel-headers-3.10.0-1160.6.1.el7.ppc64le.rpm
kernel-tools-3.10.0-1160.6.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-1160.6.1.el7.ppc64le.rpm
perf-3.10.0-1160.6.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm
python-perf-3.10.0-1160.6.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm

s390x:
bpftool-3.10.0-1160.6.1.el7.s390x.rpm
bpftool-debuginfo-3.10.0-1160.6.1.el7.s390x.rpm
kernel-3.10.0-1160.6.1.el7.s390x.rpm
kernel-debug-3.10.0-1160.6.1.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-1160.6.1.el7.s390x.rpm
kernel-debug-devel-3.10.0-1160.6.1.el7.s390x.rpm
kernel-debuginfo-3.10.0-1160.6.1.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-1160.6.1.el7.s390x.rpm
kernel-devel-3.10.0-1160.6.1.el7.s390x.rpm
kernel-headers-3.10.0-1160.6.1.el7.s390x.rpm
kernel-kdump-3.10.0-1160.6.1.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-1160.6.1.el7.s390x.rpm
kernel-kdump-devel-3.10.0-1160.6.1.el7.s390x.rpm
perf-3.10.0-1160.6.1.el7.s390x.rpm
perf-debuginfo-3.10.0-1160.6.1.el7.s390x.rpm
python-perf-3.10.0-1160.6.1.el7.s390x.rpm
python-perf-debuginfo-3.10.0-1160.6.1.el7.s390x.rpm

x86_64:
bpftool-3.10.0-1160.6.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debug-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-devel-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-headers-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-tools-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.6.1.el7.x86_64.rpm
perf-3.10.0-1160.6.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
python-perf-3.10.0-1160.6.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
bpftool-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1160.6.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-1160.6.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm

ppc64le:
bpftool-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-1160.6.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1160.6.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-1160.6.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm

x86_64:
bpftool-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.6.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
kernel-3.10.0-1160.6.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-1160.6.1.el7.noarch.rpm
kernel-doc-3.10.0-1160.6.1.el7.noarch.rpm

x86_64:
bpftool-3.10.0-1160.6.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debug-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-devel-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-headers-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-tools-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.6.1.el7.x86_64.rpm
perf-3.10.0-1160.6.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
python-perf-3.10.0-1160.6.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
bpftool-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.6.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-20811
https://access.redhat.com/security/cve/CVE-2020-14331
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX6qTytzjgjWX9erEAQgpsQ//d5SO0sNqzdnCPNr6dyXWteKogId1Fr5s
2/MXzsJNgYuyf7J5uULw1tMOj0Hini/x2uzXuTQQhk1h59uDlETMqvXmu6iBV+7V
rWbrEruOLBTAszF99/uAs5LEC3OLymTewctGOllnIyR4cOaYkljw7Vp0sEt+UcI/
Izt9k+2ExgBCpq5nYwLSAlR1apa6H3mo0xxbc5Y+T72nueh9g0DrPiiMRBwhQZ23
ZLQI0/0h9RkXXFPPj8DkpqCCC8HzN5AsvQ8Uu56dkxq8dlQQMaMO9yRhJj8kaPCF
3S/NW0jRoW4WasCpAq5MnqxHlBNWtEGMFREIOwsA5H4I1rJPOKV2qaSRYyHTsbBA
RHzsmtCrZx2zd97EAG/igzp6zToufJ45Qbeh/tSASwvH2CFhIUbkjhKRftjXT+9U
VPZPqe6rMQPoDHo0WrRdoE5bExI1ySYBtkMHVR12IpyK3PCFmJtWafoRqcnfwmVr
oHSE6w2mDzjhCHlE/49yDMKsrVEIr4/7b12LPg1dKWeTT5C4cFUfy5glWPW9MZxZ
1Ip4dR6Ay8AzUngqhtebD3lAc0SCfRbO+KvANPRDQet1hUbr22my1xVDvQmxcUMP
SW/rNd/5N25lRH+NuTu1oDh7GqJrT+f4OafavOoexKjdRczTGxZns8T/YYNT8nbd
xvAVkDIV6pg=
=SH1a
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: kernel-rt security and bug fix update
Advisory ID:       RHSA-2020:5026-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:5026
Issue date:        2020-11-10
CVE Names:         CVE-2019-20811 CVE-2020-14331 
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux for Real Time (v. 7) - noarch, x86_64
Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: kernel: buffer over write in vgacon_scroll (CVE-2020-14331)

* kernel: net-sysfs: *_queue_add_kobject refcount issue (CVE-2019-20811)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* [RHEL-7.9] net/ipv6/ip6_flowlabel.c:85 suspicious rcu_dereference_check()
usage! (kernel-rt-debug) (BZ#1836846)

* md/raid: sleeping function called from invalid context triggered by CKI
storage/swraid/trim test (BZ#1857872)

* Infinite looping when trying to acquire eventpoll->mtx during
eventpoll_release_file, 2nd try (BZ#1877695)

* kernel-rt: update to the latest RHEL7.9.z1 source tree (BZ#1883995)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1846439 - CVE-2019-20811 kernel: net-sysfs: *_queue_add_kobject refcount issue
1858679 - CVE-2020-14331 kernel: kernel: buffer over write in vgacon_scroll

6. Package List:

Red Hat Enterprise Linux for Real Time for NFV (v. 7):

Source:
kernel-rt-3.10.0-1160.6.1.rt56.1139.el7.src.rpm

noarch:
kernel-rt-doc-3.10.0-1160.6.1.rt56.1139.el7.noarch.rpm

x86_64:
kernel-rt-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-debug-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-debug-kvm-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-devel-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-kvm-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-kvm-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-trace-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-trace-kvm-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-trace-kvm-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm

Red Hat Enterprise Linux for Real Time (v. 7):

Source:
kernel-rt-3.10.0-1160.6.1.rt56.1139.el7.src.rpm

noarch:
kernel-rt-doc-3.10.0-1160.6.1.rt56.1139.el7.noarch.rpm

x86_64:
kernel-rt-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-debug-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-devel-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-trace-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-20811
https://access.redhat.com/security/cve/CVE-2020-14331
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX6qUqNzjgjWX9erEAQjVwxAAhvuQFP/g+AHkUNK+jylSYEhA+WwzcxZQ
zio6DWfz4AaR3BhKjNGX3GFL4PNOaZWoH+2KcD3d8ZGcHwwDGsnV8ZAQXpo78Jwv
GrzspLyjA28zoVhKdszIMq4Q5RUk8kzCfbnXpYYwGDroAdGq+Qvk+bh7T/54N0Zw
yl88G0dF4pugGuwSNBX6+teXy0Ynjw+OfwA2fcYCfMHxsU4JCr+INwEBTjazg9P/
BV0sq4OlbNN4aMVW0ph/85CR7T1ZNjMn/NgGQk0hA1xeQmgBph/aqvDKuyHqpfAP
8hrrCZJhuXMmJLnvSYRBQw9JOGYCiUVxlmJBXQviNo9km/5PIbxneTy/5+F2l7lS
oQNI09pVBTqoYN6y9JmS8H6278SQuUXoCYnVeHSiZ2cKfny/52+lul7kzGt5SE1R
IEPLWbQwXHDk5f48//esLA9z4Z08upSCg5LNWE3gClSbP37wYRI2Yoba6iz9yjna
gO6Dk2ZgRBwYUSeGepqURYGfhOgDpdWTLCwR/MN+8K5fXCDRbV57pTTGAbU5B3jd
44mZzyzh6iCZ0B9XANrMsPkaywUISSpRVHIdXkg+M79uaoCqZ8SIvYBNV/pUk626
5NLytyNATZ65LC0UvhJaYUWMlY0GAZfldCfvmu4nt2Gg/lkmQelPgCIHKC9pritO
5WFUaAcvfvE=
=qTwS
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX6ySXeNLKJtyKPYoAQiXYRAApK7zPkv1+242clgwpZaJ6gkW+Z0ncFvz
73lzgiaM1/Ydxa81Fa9FOoAuiPE+mku05637iYXqjdvglWRI7Jm2sXla2iV+Lwwv
lX9ppPZb7ADIvQXLlvmLRu1pzIG9EkAJeIwyOBK5V0vg/2fVnTTMkK9x1Jph6U3Z
F23o80z1s33OHOKzHtc6Ad7Pwij4Hdkc9RPJi1RDE7y92ytX6/2oFfYWYc6mVUID
DuLBm6fZe1A2L+4ClBgPNZJDzmf61gh83L2XusYB9p8MJjcIAr/0ltQ4qdY8kSW4
puowwxb6MxiUqbIwSICz/X+pAU8zX+BA562FhN8D0n8s1DU1JkuO92A6hqThLwi5
fFO0kN+NKJgN6J92UYauwqGCUD58I1Mf038deR0Uape636aeasdMIDWmNR236bxM
3fOoCyAyX3fXxeUMfE9wLws27DlM8mrY7DF2zni2+p+2nB+tanSn8GBb/6BQm4/7
yyQB7zIihY32c4qN8g2LTp73baYqZz5sWNrnPr5MbHC3zxTdyL1GcKOgf6LCrrAN
E1wRAEWhJZpZzTG2029bsHxQwrh45MpoRADa2NoJXhKYjon4iubeFNszvZQ+yTOa
bXTXffzUCNXgBD5prEvdtnXkosxHg3pYqwVFDelG1AVV9NAn4z4x3+lcc/rxRny0
3qdY7lF8ab4=
=rcNR
-----END PGP SIGNATURE-----