Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2456 kpatch-patch security update 21 July 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kpatch-patch Publisher: Red Hat Operating System: Red Hat Impact/Access: Increased Privileges -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-33909 CVE-2021-33034 CVE-2021-32399 CVE-2021-3347 Reference: ESB-2021.2452 ESB-2021.2444 ESB-2021.2443 Original Bulletin: https://access.redhat.com/errata/RHSA-2021:2716 https://access.redhat.com/errata/RHSA-2021:2720 https://access.redhat.com/errata/RHSA-2021:2729 https://access.redhat.com/errata/RHSA-2021:2731 Comment: This bulletin contains four (4) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kpatch-patch security update Advisory ID: RHSA-2021:2716-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2716 Issue date: 2021-07-20 CVE Names: CVE-2021-32399 CVE-2021-33909 ===================================================================== 1. Summary: An update is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) * kernel: race condition for removal of the HCI controller (CVE-2021-32399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer 1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: kpatch-patch-4_18_0-305-1-3.el8.src.rpm kpatch-patch-4_18_0-305_3_1-1-2.el8_4.src.rpm kpatch-patch-4_18_0-305_7_1-1-1.el8_4.src.rpm ppc64le: kpatch-patch-4_18_0-305-1-3.el8.ppc64le.rpm kpatch-patch-4_18_0-305-debuginfo-1-3.el8.ppc64le.rpm kpatch-patch-4_18_0-305-debugsource-1-3.el8.ppc64le.rpm kpatch-patch-4_18_0-305_3_1-1-2.el8_4.ppc64le.rpm kpatch-patch-4_18_0-305_3_1-debuginfo-1-2.el8_4.ppc64le.rpm kpatch-patch-4_18_0-305_3_1-debugsource-1-2.el8_4.ppc64le.rpm kpatch-patch-4_18_0-305_7_1-1-1.el8_4.ppc64le.rpm kpatch-patch-4_18_0-305_7_1-debuginfo-1-1.el8_4.ppc64le.rpm kpatch-patch-4_18_0-305_7_1-debugsource-1-1.el8_4.ppc64le.rpm x86_64: kpatch-patch-4_18_0-305-1-3.el8.x86_64.rpm kpatch-patch-4_18_0-305-debuginfo-1-3.el8.x86_64.rpm kpatch-patch-4_18_0-305-debugsource-1-3.el8.x86_64.rpm kpatch-patch-4_18_0-305_3_1-1-2.el8_4.x86_64.rpm kpatch-patch-4_18_0-305_3_1-debuginfo-1-2.el8_4.x86_64.rpm kpatch-patch-4_18_0-305_3_1-debugsource-1-2.el8_4.x86_64.rpm kpatch-patch-4_18_0-305_7_1-1-1.el8_4.x86_64.rpm kpatch-patch-4_18_0-305_7_1-debuginfo-1-1.el8_4.x86_64.rpm kpatch-patch-4_18_0-305_7_1-debugsource-1-1.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-32399 https://access.redhat.com/security/cve/CVE-2021-33909 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-006 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYPdnftzjgjWX9erEAQhn1Q/9FgdDyvc7YDVkE0Ivoj1vuWOFw9P5RbmZ 8J7P2GfU1jEMD/xa/zE+FiQ7+I9lbWNz0/f56rX4xvltwokAAu8or31fnFeONwoV OrmVcV6j+Q+N0iT8MwLFZLQTk1Y78lLrzqXjOxtvGW6IkG0ZmAGUC7YwHqV2tBTE Fp6bpgyN0nisnEY6I9eP1aKsuZ4wqIBBEDrvPtey6nvepAsPmlieO9C2c+GvJxSi +t3+XMcc41Vyg8Ru2eN8oN6pflHqQ17P6gJy+2bzVR23JGyHLw5uQ41o6PW27C+J BrhI/ybx8aolR78NaUPeD3JbXk3cM7Tqi/GEw//13FO/8IKXm289tmKAd1yWUWwH sabrsf/5DNxdfo7f57r3MrKBUmX2Q7tub+ZMm6te5eN+m1vyYGHU5EmNVMfr7IDn AQKwziBXjywDlSuGuIqQWC+fYA3+rf81rRUfeLsuN1/fp52e6CsectpeK0Y2ZrGG y1yB9wmkloq0zcDWLX96VzfzrQnGtLjkSOBsVB/B7wZ0gWHhkMqI6EnplTm/DNLD CpcoGXtlanPmWts0pjfGHUS5n11at1IR9uCyu0gVSRWjIUrSuaQsJFPSO+kQbIe0 BPH8xO3KBHQ4x59hWYS65NaFGjlW8nMwxG26FsXe7696gFYLlhtPKTLh51SIyART ZIQsaRZhTLA= =yO2S - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kpatch-patch security update Advisory ID: RHSA-2021:2720-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2720 Issue date: 2021-07-20 CVE Names: CVE-2021-33034 CVE-2021-33909 ===================================================================== 1. Summary: An update is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) * kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1961305 - CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: kpatch-patch-4_18_0-193_13_2-1-10.el8_2.src.rpm kpatch-patch-4_18_0-193_14_3-1-10.el8_2.src.rpm kpatch-patch-4_18_0-193_19_1-1-10.el8_2.src.rpm kpatch-patch-4_18_0-193_28_1-1-8.el8_2.src.rpm kpatch-patch-4_18_0-193_29_1-1-8.el8_2.src.rpm kpatch-patch-4_18_0-193_37_1-1-8.el8_2.src.rpm kpatch-patch-4_18_0-193_40_1-1-8.el8_2.src.rpm kpatch-patch-4_18_0-193_41_1-1-8.el8_2.src.rpm kpatch-patch-4_18_0-193_46_1-1-5.el8_2.src.rpm kpatch-patch-4_18_0-193_47_1-1-5.el8_2.src.rpm kpatch-patch-4_18_0-193_51_1-1-2.el8_2.src.rpm kpatch-patch-4_18_0-193_56_1-1-1.el8_2.src.rpm ppc64le: kpatch-patch-4_18_0-193_13_2-1-10.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_13_2-debuginfo-1-10.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_13_2-debugsource-1-10.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_14_3-1-10.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_14_3-debuginfo-1-10.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_14_3-debugsource-1-10.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_19_1-1-10.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_19_1-debuginfo-1-10.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_19_1-debugsource-1-10.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_28_1-1-8.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_28_1-debuginfo-1-8.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_28_1-debugsource-1-8.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_29_1-1-8.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_29_1-debuginfo-1-8.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_29_1-debugsource-1-8.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_37_1-1-8.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_37_1-debuginfo-1-8.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_37_1-debugsource-1-8.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_40_1-1-8.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_40_1-debuginfo-1-8.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_40_1-debugsource-1-8.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_41_1-1-8.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_41_1-debuginfo-1-8.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_41_1-debugsource-1-8.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_46_1-1-5.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_46_1-debuginfo-1-5.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_46_1-debugsource-1-5.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_47_1-1-5.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_47_1-debuginfo-1-5.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_47_1-debugsource-1-5.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_51_1-1-2.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_51_1-debuginfo-1-2.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_51_1-debugsource-1-2.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_56_1-1-1.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_56_1-debuginfo-1-1.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_56_1-debugsource-1-1.el8_2.ppc64le.rpm x86_64: kpatch-patch-4_18_0-193_13_2-1-10.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_13_2-debuginfo-1-10.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_13_2-debugsource-1-10.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_14_3-1-10.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_14_3-debuginfo-1-10.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_14_3-debugsource-1-10.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_19_1-1-10.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_19_1-debuginfo-1-10.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_19_1-debugsource-1-10.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_28_1-1-8.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_28_1-debuginfo-1-8.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_28_1-debugsource-1-8.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_29_1-1-8.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_29_1-debuginfo-1-8.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_29_1-debugsource-1-8.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_37_1-1-8.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_37_1-debuginfo-1-8.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_37_1-debugsource-1-8.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_40_1-1-8.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_40_1-debuginfo-1-8.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_40_1-debugsource-1-8.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_41_1-1-8.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_41_1-debuginfo-1-8.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_41_1-debugsource-1-8.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_46_1-1-5.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_46_1-debuginfo-1-5.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_46_1-debugsource-1-5.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_47_1-1-5.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_47_1-debuginfo-1-5.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_47_1-debugsource-1-5.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_51_1-1-2.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_51_1-debuginfo-1-2.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_51_1-debugsource-1-2.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_56_1-1-1.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_56_1-debuginfo-1-1.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_56_1-debugsource-1-1.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-33034 https://access.redhat.com/security/cve/CVE-2021-33909 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-006 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYPdnCNzjgjWX9erEAQhUPw/+I1jm6cz7NN+8ZQEKGaS4vIa7LF64phtr rykMtRlpHakGVjWdrObjJDx079sXYhAEPrlzLruPi2y6n59O+HAh5k9R/eO9cmMa aMuM7SFiNL6RlY6vVj6hpMpLfG+slOyDnBDv5FNvxGHMG6JXrmAcbxFR3bkypUjv yJVjF4Jo82HQ90hWl77qRZHxvYJjVOZB8KhYt6Q9ydGnXY3arBuD6BH347FxzEo4 IaGcwcKfC/mQ0Jn+a7sJH+o9k196ekW5gue+FBvvOOdXKboZvLLdkIRS6+Ky/uag L9aMxD5Td06iBBoqy/Zjiv0LvHaD2mBSHNkvXAaHtBlBRg+2Rd96JYATgKddeMmL cxoNySQ3d4mX5627uHF4NMzo2gKZxvyt4IbOoUn3a9PvIVOa6ll8p0zd4D18pEtO JkU9OtooBBpJNupimLE84Nev01HBcFXY4kfc/K4O0K5U6PAV8OqiFyMzA/hJD9qt b+ViIAR9slccgi8RvIhOofTwIpQEKN5oN+4GVEabjHqn/0XS7Yh4aLK71Chfamd6 uwl3zkdc0pOHa/1YxhRJQoxr/SnFiaV6uvO8SzPRwrtVvbQUD81Y85wWYNmodTWU RsyClj6sjkDtP9Gx5Lb2tns9ugDQpXTIg6NeKoj67oBf9+rT4ubOQJVKFQxuE9sW TeW9cQSoOgQ= =FptP - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kpatch-patch security update Advisory ID: RHSA-2021:2729-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2729 Issue date: 2021-07-20 CVE Names: CVE-2021-33034 CVE-2021-33909 ===================================================================== 1. Summary: An update is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) * kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1961305 - CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer 6. Package List: Red Hat Enterprise Linux Server EUS (v. 7.7): Source: kpatch-patch-3_10_0-1062_30_1-1-4.el7.src.rpm kpatch-patch-3_10_0-1062_31_2-1-4.el7.src.rpm kpatch-patch-3_10_0-1062_31_3-1-4.el7.src.rpm kpatch-patch-3_10_0-1062_33_1-1-4.el7.src.rpm kpatch-patch-3_10_0-1062_36_1-1-4.el7.src.rpm kpatch-patch-3_10_0-1062_37_1-1-4.el7.src.rpm kpatch-patch-3_10_0-1062_40_1-1-4.el7.src.rpm kpatch-patch-3_10_0-1062_43_1-1-4.el7.src.rpm kpatch-patch-3_10_0-1062_45_1-1-4.el7.src.rpm kpatch-patch-3_10_0-1062_46_1-1-3.el7.src.rpm kpatch-patch-3_10_0-1062_49_1-1-1.el7.src.rpm kpatch-patch-3_10_0-1062_51_1-1-1.el7.src.rpm ppc64le: kpatch-patch-3_10_0-1062_30_1-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_30_1-debuginfo-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_31_2-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_31_2-debuginfo-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_31_3-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_31_3-debuginfo-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_33_1-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_33_1-debuginfo-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_36_1-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_36_1-debuginfo-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_37_1-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_37_1-debuginfo-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_40_1-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_40_1-debuginfo-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_43_1-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_43_1-debuginfo-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_45_1-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_45_1-debuginfo-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_46_1-1-3.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_46_1-debuginfo-1-3.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_49_1-1-1.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_49_1-debuginfo-1-1.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_51_1-1-1.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_51_1-debuginfo-1-1.el7.ppc64le.rpm x86_64: kpatch-patch-3_10_0-1062_30_1-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-1062_30_1-debuginfo-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-1062_31_2-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-1062_31_2-debuginfo-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-1062_31_3-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-1062_31_3-debuginfo-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-1062_33_1-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-1062_33_1-debuginfo-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-1062_36_1-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-1062_36_1-debuginfo-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-1062_37_1-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-1062_37_1-debuginfo-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-1062_40_1-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-1062_40_1-debuginfo-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-1062_43_1-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-1062_43_1-debuginfo-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-1062_45_1-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-1062_45_1-debuginfo-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-1062_46_1-1-3.el7.x86_64.rpm kpatch-patch-3_10_0-1062_46_1-debuginfo-1-3.el7.x86_64.rpm kpatch-patch-3_10_0-1062_49_1-1-1.el7.x86_64.rpm kpatch-patch-3_10_0-1062_49_1-debuginfo-1-1.el7.x86_64.rpm kpatch-patch-3_10_0-1062_51_1-1-1.el7.x86_64.rpm kpatch-patch-3_10_0-1062_51_1-debuginfo-1-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-33034 https://access.redhat.com/security/cve/CVE-2021-33909 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-006 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYPdqx9zjgjWX9erEAQh/bRAAoeLh1gzAJtcdox3z6M8/gqXYBYY4yE7A OMnFFYcJOxjD1+lmXI7RGVT/IbGn2z2mGfSEvPsOIzre+/xOVLj8/jPQrg9hdQ7c m5JHsxy8vcXq/cnVfsvgTN7sGH3+uWMK41PTwzLkqEsqrDxXIFVV8rKujUr7HtC+ naN+JoLxFSwit7c92q5Ec0xmNZvAUqQKlFh2ht7XkFyTcnvEb5PfWCrG3qwuqljw B0MtfDb+qfOL/UmPkTGVXWd6lOgZcJAsnLGCLJqn3qYUw4NQsaVgDcRS4MGllydB Eg5cfivB5+QkmdYavzefqrFOdjgBlkz3JqAjIFKKUu3RLrXlmLgZI0XT8G+BiGAL jkfQjX0DCvXsVUAQhdOJOYGTOmkERBZc9TkxmWoyX8+pBaD6v5S6DxY2FKTeld0c hr0DGH4b1d7urej4PRh77Hy4oiD4KzvoHPhMPVKejJZX8hdn0d4ZTzptlOvExJsO fwNnr/SsvOqDuO+e5sMsZM1/MH+p8/rwQarDPwPQPDxxJU6ZVs82XwBpNXKlA/nI 29b4Kwp/LcBa0YEW2ANT3XKy3XlQoAFHI2rGNzaEptX0rb28+qzIiwl6Fxe8nIPZ Sm4DhaaZF3rpSNsEKxQYsEulqQtKtUAC04+ZVm4ZabKfGA/N3h7PuaN1KznXg0XU Ky4OR8MeybA= =if7Y - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kpatch-patch security update Advisory ID: RHSA-2021:2731-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2731 Issue date: 2021-07-20 CVE Names: CVE-2021-3347 CVE-2021-33034 CVE-2021-33909 ===================================================================== 1. Summary: An update is now available for Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server E4S (v. 7.6) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) * kernel: Use after free via PI futex state (CVE-2021-3347) * kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1922249 - CVE-2021-3347 kernel: Use after free via PI futex state 1961305 - CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer 6. Package List: Red Hat Enterprise Linux Server E4S (v. 7.6): Source: kpatch-patch-3_10_0-957_58_2-1-4.el7.src.rpm kpatch-patch-3_10_0-957_61_1-1-4.el7.src.rpm kpatch-patch-3_10_0-957_61_2-1-4.el7.src.rpm kpatch-patch-3_10_0-957_62_1-1-4.el7.src.rpm kpatch-patch-3_10_0-957_65_1-1-4.el7.src.rpm kpatch-patch-3_10_0-957_66_1-1-4.el7.src.rpm kpatch-patch-3_10_0-957_70_1-1-3.el7.src.rpm kpatch-patch-3_10_0-957_72_1-1-1.el7.src.rpm kpatch-patch-3_10_0-957_76_1-1-1.el7.src.rpm ppc64le: kpatch-patch-3_10_0-957_58_2-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-957_58_2-debuginfo-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-957_61_1-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-957_61_1-debuginfo-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-957_61_2-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-957_61_2-debuginfo-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-957_62_1-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-957_62_1-debuginfo-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-957_65_1-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-957_65_1-debuginfo-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-957_66_1-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-957_66_1-debuginfo-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-957_70_1-1-3.el7.ppc64le.rpm kpatch-patch-3_10_0-957_70_1-debuginfo-1-3.el7.ppc64le.rpm kpatch-patch-3_10_0-957_72_1-1-1.el7.ppc64le.rpm kpatch-patch-3_10_0-957_72_1-debuginfo-1-1.el7.ppc64le.rpm kpatch-patch-3_10_0-957_76_1-1-1.el7.ppc64le.rpm kpatch-patch-3_10_0-957_76_1-debuginfo-1-1.el7.ppc64le.rpm x86_64: kpatch-patch-3_10_0-957_58_2-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-957_58_2-debuginfo-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-957_61_1-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-957_61_1-debuginfo-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-957_61_2-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-957_61_2-debuginfo-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-957_62_1-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-957_62_1-debuginfo-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-957_65_1-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-957_65_1-debuginfo-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-957_66_1-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-957_66_1-debuginfo-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-957_70_1-1-3.el7.x86_64.rpm kpatch-patch-3_10_0-957_70_1-debuginfo-1-3.el7.x86_64.rpm kpatch-patch-3_10_0-957_72_1-1-1.el7.x86_64.rpm kpatch-patch-3_10_0-957_72_1-debuginfo-1-1.el7.x86_64.rpm kpatch-patch-3_10_0-957_76_1-1-1.el7.x86_64.rpm kpatch-patch-3_10_0-957_76_1-debuginfo-1-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3347 https://access.redhat.com/security/cve/CVE-2021-33034 https://access.redhat.com/security/cve/CVE-2021-33909 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-006 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYPdkc9zjgjWX9erEAQiJ3w/9HAYr7UlbQ/KanbPR6QXuB78khPPhGuql Ld8Qmkw953kGt5dTwse3jIoBsvFHuVBIN2SYClUHKu3O/9kb4KJkOgVut3eGiIOX 3McPbK92FbUr4TPokIrukeqCjwGtlKCsoA+1Md5c2EEft+EsjIDYMU3EgI0rx/OP trL5Zf+/uJVybTH5eJWSrQCWkpDRQJpxKLjxOlV0hpbUy2q3RhYzdybaS0/TqRAa YtcAxSIOjm+eQU94hheskJE75hnC/NtftPIQBQ/I3taoN0S2KfVqidhTaOiPG111 Wx0u0cZN/GNxjfxS/CAFo1sub4W0fMoU8aXgnr+cp64hA8UXpeP6MO8qsW77xQfE xocNt3U26jadRLJLs2ijcdpXtCONuGV78L4fqlyFX22WOyArUV09c9ooGOyan8MI B8M/q9wUpj6YGzl59zU4GOVFnhP6UtWkvOfAwsZ/dTVQuo5zmW+I5xYpmIT2SUDj DuwuoexvJ+cpfiEOuuMn5YUYCSYn87ApIYHy5QXAsNSrjXmqaY7CRKZ4vxdDhA1m AWVJptI/Z9A/785lPrP3q4UDGsqxrOfDJgzDFgu4awWe/olJ/iuW+TnaEN8vpCoG o3JkDSTxSZV9AWVC7X4v8b7dAv/QaAxS/xSRBw4FcvFamGL9QyKyi7bGQ7pwqnpS lFIAzFpRPkU= =bHsx - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYPemiONLKJtyKPYoAQgV5Q/9FmGN+YyKw+e0npEJ6fwwOpNOOCJgl4JP /vpSD9GqUQcZHhLf1teasKMwlRucZuf845yVFo8jlxKJxXKhPCko7aZaMVzJOBjo j1PEp5FZF+ylBkg9Jq9miGneNmFgmudo0wtzQ8U1JsTmnXwfSV/U0l5FYN0oA66R /iJVUqvgtgU9nU/Q+1xrtgAQ/mPr+tC0fA8de+66oPx0Cr7L0pBKwqm3SwA0ht04 vi6DwupZypdkXs6RADwDESQn9gvJn5jQ+KeHrzimLTh6acDzVpLwcG0f09BJBy2t r9g1FfNe29qtWtRxaGGllkWuAN27ND0neH/k9yiWrpLz+msCViVUvPl5ijieA4BE +5ImFCidkDNSFwzvqYybkDnguzBiGwtp0+7HvqmKB9F0Ib8qbzv2ZEBb+DrddvAk 0Jj/tzc098XX6aGlxGP4UL8fP3Q3av6Gw4epvGTvacS8cjsDdl1Fgn9ELgJfCojR hpkkG7dF7q2h/e4Jb5VhN3CWu06dOWR5OZm15l9QBPr2wnvpxJLYnEq2NaHHva7H HPRCTWF3sCWMfbf4auFuagEfpvzD146sqqFoLVRPNuayo/ZdyQNPemtlR2ptoT2L Ss8B0aaEWoA4ToYD8+fA2JlB22vCplRImKHwwiheMKGL7hq3rVkmsW5+QjTJtqvy HWgvaFC7sN0= =YZ8d -----END PGP SIGNATURE-----