Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.4019 kernel and kernel-rt security and bug fix update 12 November 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel kernel-rt Publisher: Red Hat Operating System: Red Hat Impact/Access: Increased Privileges -- Existing Account Denial of Service -- Existing Account Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-14331 CVE-2019-20811 Reference: ESB-2020.3775 ESB-2020.3596 ESB-2020.3341 ESB-2020.3126 Original Bulletin: https://access.redhat.com/errata/RHSA-2020:5023 https://access.redhat.com/errata/RHSA-2020:5026 Comment: This bulletin contains two (2) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security and bug fix update Advisory ID: RHSA-2020:5023-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5023 Issue date: 2020-11-10 CVE Names: CVE-2019-20811 CVE-2020-14331 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: buffer over write in vgacon_scroll (CVE-2020-14331) * kernel: net-sysfs: *_queue_add_kobject refcount issue (CVE-2019-20811) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [OSP13,mlx5] SRIOV VF still sending traffic when PF is down (BZ#1733181) * gpf panic in virtio_check_driver_offered_fxature+6 when running sg_inq on a dm map for a lost virtio_blk (BZ#1811893) * GPF panic in qlt_free_session_done+626 (BZ#1826127) * [ Brazos ] "Core(s) per socket" and "Socket" values are interchanged in lscpu output. (kernel) (BZ#1826306) * megaraid Aero: call trace observed during reboots (BZ#1828312) * Crash in mptscsih_io_done() due to buffer overrun in sense_buf_pool (BZ#1829803) * The qedf driver fails to re-establish the online F/C port state when the downstream F/C port is toggled unless a LIP is forced (BZ#1836443) * tcp_fragment() limit causes packet drop under normal TCP load (BZ#1847765) * ip link command shows state as UNKNOWN for MACVLAN interface (BZ#1848950) * Lenovo TS 7Z60 Cooper Lake: PCI BAR firmware bug (BZ#1849223) * [RHEL-7/mlx4] ipoib_flush ipoib_ib_dev_flush_light [ib_ipoib] (BZ#1858707) * Uprobes crashes processes under GDB - SIGTRAP and SIGSEGV (BZ#1861396) * kernel-3.10.0-1127.19.1.el7.x86_64 crashes after an SSH connection attempt when running as a Xen PV guest on AMD Epyc Rome (BZ#1882468) * Null ptr deref after nf_reinject->nf_queue_entry_release_refs hits Attempt to release error doing inet_sock_destruct() (BZ#1885682) Users of kernel are advised to upgrade to these updated packages, which fix these bugs. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1846439 - CVE-2019-20811 kernel: net-sysfs: *_queue_add_kobject refcount issue 1858679 - CVE-2020-14331 kernel: kernel: buffer over write in vgacon_scroll 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-1160.6.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.6.1.el7.noarch.rpm kernel-doc-3.10.0-1160.6.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.6.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.6.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.6.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.6.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.6.1.el7.x86_64.rpm perf-3.10.0-1160.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm python-perf-3.10.0-1160.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-1160.6.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.6.1.el7.noarch.rpm kernel-doc-3.10.0-1160.6.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.6.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.6.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.6.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.6.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.6.1.el7.x86_64.rpm perf-3.10.0-1160.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm python-perf-3.10.0-1160.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-1160.6.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.6.1.el7.noarch.rpm kernel-doc-3.10.0-1160.6.1.el7.noarch.rpm ppc64: bpftool-3.10.0-1160.6.1.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm kernel-3.10.0-1160.6.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1160.6.1.el7.ppc64.rpm kernel-debug-3.10.0-1160.6.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-1160.6.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.6.1.el7.ppc64.rpm kernel-devel-3.10.0-1160.6.1.el7.ppc64.rpm kernel-headers-3.10.0-1160.6.1.el7.ppc64.rpm kernel-tools-3.10.0-1160.6.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-1160.6.1.el7.ppc64.rpm perf-3.10.0-1160.6.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm python-perf-3.10.0-1160.6.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm ppc64le: bpftool-3.10.0-1160.6.1.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm kernel-3.10.0-1160.6.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1160.6.1.el7.ppc64le.rpm kernel-debug-3.10.0-1160.6.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.6.1.el7.ppc64le.rpm kernel-devel-3.10.0-1160.6.1.el7.ppc64le.rpm kernel-headers-3.10.0-1160.6.1.el7.ppc64le.rpm kernel-tools-3.10.0-1160.6.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1160.6.1.el7.ppc64le.rpm perf-3.10.0-1160.6.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm python-perf-3.10.0-1160.6.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm s390x: bpftool-3.10.0-1160.6.1.el7.s390x.rpm bpftool-debuginfo-3.10.0-1160.6.1.el7.s390x.rpm kernel-3.10.0-1160.6.1.el7.s390x.rpm kernel-debug-3.10.0-1160.6.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1160.6.1.el7.s390x.rpm kernel-debug-devel-3.10.0-1160.6.1.el7.s390x.rpm kernel-debuginfo-3.10.0-1160.6.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1160.6.1.el7.s390x.rpm kernel-devel-3.10.0-1160.6.1.el7.s390x.rpm kernel-headers-3.10.0-1160.6.1.el7.s390x.rpm kernel-kdump-3.10.0-1160.6.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1160.6.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-1160.6.1.el7.s390x.rpm perf-3.10.0-1160.6.1.el7.s390x.rpm perf-debuginfo-3.10.0-1160.6.1.el7.s390x.rpm python-perf-3.10.0-1160.6.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-1160.6.1.el7.s390x.rpm x86_64: bpftool-3.10.0-1160.6.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.6.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.6.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.6.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.6.1.el7.x86_64.rpm perf-3.10.0-1160.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm python-perf-3.10.0-1160.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bpftool-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.6.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1160.6.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.6.1.el7.ppc64.rpm ppc64le: bpftool-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1160.6.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.6.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1160.6.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.6.1.el7.ppc64le.rpm x86_64: bpftool-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-1160.6.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.6.1.el7.noarch.rpm kernel-doc-3.10.0-1160.6.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.6.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.6.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.6.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.6.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.6.1.el7.x86_64.rpm perf-3.10.0-1160.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm python-perf-3.10.0-1160.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.6.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.6.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.6.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-20811 https://access.redhat.com/security/cve/CVE-2020-14331 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6qTytzjgjWX9erEAQgpsQ//d5SO0sNqzdnCPNr6dyXWteKogId1Fr5s 2/MXzsJNgYuyf7J5uULw1tMOj0Hini/x2uzXuTQQhk1h59uDlETMqvXmu6iBV+7V rWbrEruOLBTAszF99/uAs5LEC3OLymTewctGOllnIyR4cOaYkljw7Vp0sEt+UcI/ Izt9k+2ExgBCpq5nYwLSAlR1apa6H3mo0xxbc5Y+T72nueh9g0DrPiiMRBwhQZ23 ZLQI0/0h9RkXXFPPj8DkpqCCC8HzN5AsvQ8Uu56dkxq8dlQQMaMO9yRhJj8kaPCF 3S/NW0jRoW4WasCpAq5MnqxHlBNWtEGMFREIOwsA5H4I1rJPOKV2qaSRYyHTsbBA RHzsmtCrZx2zd97EAG/igzp6zToufJ45Qbeh/tSASwvH2CFhIUbkjhKRftjXT+9U VPZPqe6rMQPoDHo0WrRdoE5bExI1ySYBtkMHVR12IpyK3PCFmJtWafoRqcnfwmVr oHSE6w2mDzjhCHlE/49yDMKsrVEIr4/7b12LPg1dKWeTT5C4cFUfy5glWPW9MZxZ 1Ip4dR6Ay8AzUngqhtebD3lAc0SCfRbO+KvANPRDQet1hUbr22my1xVDvQmxcUMP SW/rNd/5N25lRH+NuTu1oDh7GqJrT+f4OafavOoexKjdRczTGxZns8T/YYNT8nbd xvAVkDIV6pg= =SH1a - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel-rt security and bug fix update Advisory ID: RHSA-2020:5026-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5026 Issue date: 2020-11-10 CVE Names: CVE-2019-20811 CVE-2020-14331 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux for Real Time (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: kernel: buffer over write in vgacon_scroll (CVE-2020-14331) * kernel: net-sysfs: *_queue_add_kobject refcount issue (CVE-2019-20811) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [RHEL-7.9] net/ipv6/ip6_flowlabel.c:85 suspicious rcu_dereference_check() usage! (kernel-rt-debug) (BZ#1836846) * md/raid: sleeping function called from invalid context triggered by CKI storage/swraid/trim test (BZ#1857872) * Infinite looping when trying to acquire eventpoll->mtx during eventpoll_release_file, 2nd try (BZ#1877695) * kernel-rt: update to the latest RHEL7.9.z1 source tree (BZ#1883995) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1846439 - CVE-2019-20811 kernel: net-sysfs: *_queue_add_kobject refcount issue 1858679 - CVE-2020-14331 kernel: kernel: buffer over write in vgacon_scroll 6. Package List: Red Hat Enterprise Linux for Real Time for NFV (v. 7): Source: kernel-rt-3.10.0-1160.6.1.rt56.1139.el7.src.rpm noarch: kernel-rt-doc-3.10.0-1160.6.1.rt56.1139.el7.noarch.rpm x86_64: kernel-rt-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-debug-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-debug-kvm-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-debug-kvm-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-devel-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-kvm-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-kvm-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-trace-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-trace-kvm-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-trace-kvm-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm Red Hat Enterprise Linux for Real Time (v. 7): Source: kernel-rt-3.10.0-1160.6.1.rt56.1139.el7.src.rpm noarch: kernel-rt-doc-3.10.0-1160.6.1.rt56.1139.el7.noarch.rpm x86_64: kernel-rt-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-debug-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-devel-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-trace-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-20811 https://access.redhat.com/security/cve/CVE-2020-14331 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6qUqNzjgjWX9erEAQjVwxAAhvuQFP/g+AHkUNK+jylSYEhA+WwzcxZQ zio6DWfz4AaR3BhKjNGX3GFL4PNOaZWoH+2KcD3d8ZGcHwwDGsnV8ZAQXpo78Jwv GrzspLyjA28zoVhKdszIMq4Q5RUk8kzCfbnXpYYwGDroAdGq+Qvk+bh7T/54N0Zw yl88G0dF4pugGuwSNBX6+teXy0Ynjw+OfwA2fcYCfMHxsU4JCr+INwEBTjazg9P/ BV0sq4OlbNN4aMVW0ph/85CR7T1ZNjMn/NgGQk0hA1xeQmgBph/aqvDKuyHqpfAP 8hrrCZJhuXMmJLnvSYRBQw9JOGYCiUVxlmJBXQviNo9km/5PIbxneTy/5+F2l7lS oQNI09pVBTqoYN6y9JmS8H6278SQuUXoCYnVeHSiZ2cKfny/52+lul7kzGt5SE1R IEPLWbQwXHDk5f48//esLA9z4Z08upSCg5LNWE3gClSbP37wYRI2Yoba6iz9yjna gO6Dk2ZgRBwYUSeGepqURYGfhOgDpdWTLCwR/MN+8K5fXCDRbV57pTTGAbU5B3jd 44mZzyzh6iCZ0B9XANrMsPkaywUISSpRVHIdXkg+M79uaoCqZ8SIvYBNV/pUk626 5NLytyNATZ65LC0UvhJaYUWMlY0GAZfldCfvmu4nt2Gg/lkmQelPgCIHKC9pritO 5WFUaAcvfvE= =qTwS - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX6ySXeNLKJtyKPYoAQiXYRAApK7zPkv1+242clgwpZaJ6gkW+Z0ncFvz 73lzgiaM1/Ydxa81Fa9FOoAuiPE+mku05637iYXqjdvglWRI7Jm2sXla2iV+Lwwv lX9ppPZb7ADIvQXLlvmLRu1pzIG9EkAJeIwyOBK5V0vg/2fVnTTMkK9x1Jph6U3Z F23o80z1s33OHOKzHtc6Ad7Pwij4Hdkc9RPJi1RDE7y92ytX6/2oFfYWYc6mVUID DuLBm6fZe1A2L+4ClBgPNZJDzmf61gh83L2XusYB9p8MJjcIAr/0ltQ4qdY8kSW4 puowwxb6MxiUqbIwSICz/X+pAU8zX+BA562FhN8D0n8s1DU1JkuO92A6hqThLwi5 fFO0kN+NKJgN6J92UYauwqGCUD58I1Mf038deR0Uape636aeasdMIDWmNR236bxM 3fOoCyAyX3fXxeUMfE9wLws27DlM8mrY7DF2zni2+p+2nB+tanSn8GBb/6BQm4/7 yyQB7zIihY32c4qN8g2LTp73baYqZz5sWNrnPr5MbHC3zxTdyL1GcKOgf6LCrrAN E1wRAEWhJZpZzTG2029bsHxQwrh45MpoRADa2NoJXhKYjon4iubeFNszvZQ+yTOa bXTXffzUCNXgBD5prEvdtnXkosxHg3pYqwVFDelG1AVV9NAn4z4x3+lcc/rxRny0 3qdY7lF8ab4= =rcNR -----END PGP SIGNATURE-----