Operating System:

[RedHat]

Published:

21 July 2021

Protect yourself against future threats.

//Service

Malicious URL Feed

Add this Australian-based feed to your firewall blacklist and SIEM to prevent compromises to your network.

Read more
Resources > Security Bulletins > ESB-2021.2456 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.2456
                       kpatch-patch security update
                               21 July 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kpatch-patch
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Increased Privileges     -- Existing Account
                   Denial of Service        -- Existing Account
                   Access Confidential Data -- Existing Account
                   Reduced Security         -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-33909 CVE-2021-33034 CVE-2021-32399
                   CVE-2021-3347  

Reference:         ESB-2021.2452
                   ESB-2021.2444
                   ESB-2021.2443

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2021:2716
   https://access.redhat.com/errata/RHSA-2021:2720
   https://access.redhat.com/errata/RHSA-2021:2729
   https://access.redhat.com/errata/RHSA-2021:2731

Comment: This bulletin contains four (4) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update
Advisory ID:       RHSA-2021:2716-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:2716
Issue date:        2021-07-20
CVE Names:         CVE-2021-32399 CVE-2021-33909 
=====================================================================

1. Summary:

An update is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: size_t-to-int conversion vulnerability in the filesystem layer
(CVE-2021-33909)

* kernel: race condition for removal of the HCI controller (CVE-2021-32399)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer
1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:
kpatch-patch-4_18_0-305-1-3.el8.src.rpm
kpatch-patch-4_18_0-305_3_1-1-2.el8_4.src.rpm
kpatch-patch-4_18_0-305_7_1-1-1.el8_4.src.rpm

ppc64le:
kpatch-patch-4_18_0-305-1-3.el8.ppc64le.rpm
kpatch-patch-4_18_0-305-debuginfo-1-3.el8.ppc64le.rpm
kpatch-patch-4_18_0-305-debugsource-1-3.el8.ppc64le.rpm
kpatch-patch-4_18_0-305_3_1-1-2.el8_4.ppc64le.rpm
kpatch-patch-4_18_0-305_3_1-debuginfo-1-2.el8_4.ppc64le.rpm
kpatch-patch-4_18_0-305_3_1-debugsource-1-2.el8_4.ppc64le.rpm
kpatch-patch-4_18_0-305_7_1-1-1.el8_4.ppc64le.rpm
kpatch-patch-4_18_0-305_7_1-debuginfo-1-1.el8_4.ppc64le.rpm
kpatch-patch-4_18_0-305_7_1-debugsource-1-1.el8_4.ppc64le.rpm

x86_64:
kpatch-patch-4_18_0-305-1-3.el8.x86_64.rpm
kpatch-patch-4_18_0-305-debuginfo-1-3.el8.x86_64.rpm
kpatch-patch-4_18_0-305-debugsource-1-3.el8.x86_64.rpm
kpatch-patch-4_18_0-305_3_1-1-2.el8_4.x86_64.rpm
kpatch-patch-4_18_0-305_3_1-debuginfo-1-2.el8_4.x86_64.rpm
kpatch-patch-4_18_0-305_3_1-debugsource-1-2.el8_4.x86_64.rpm
kpatch-patch-4_18_0-305_7_1-1-1.el8_4.x86_64.rpm
kpatch-patch-4_18_0-305_7_1-debuginfo-1-1.el8_4.x86_64.rpm
kpatch-patch-4_18_0-305_7_1-debugsource-1-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-32399
https://access.redhat.com/security/cve/CVE-2021-33909
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2021-006

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYPdnftzjgjWX9erEAQhn1Q/9FgdDyvc7YDVkE0Ivoj1vuWOFw9P5RbmZ
8J7P2GfU1jEMD/xa/zE+FiQ7+I9lbWNz0/f56rX4xvltwokAAu8or31fnFeONwoV
OrmVcV6j+Q+N0iT8MwLFZLQTk1Y78lLrzqXjOxtvGW6IkG0ZmAGUC7YwHqV2tBTE
Fp6bpgyN0nisnEY6I9eP1aKsuZ4wqIBBEDrvPtey6nvepAsPmlieO9C2c+GvJxSi
+t3+XMcc41Vyg8Ru2eN8oN6pflHqQ17P6gJy+2bzVR23JGyHLw5uQ41o6PW27C+J
BrhI/ybx8aolR78NaUPeD3JbXk3cM7Tqi/GEw//13FO/8IKXm289tmKAd1yWUWwH
sabrsf/5DNxdfo7f57r3MrKBUmX2Q7tub+ZMm6te5eN+m1vyYGHU5EmNVMfr7IDn
AQKwziBXjywDlSuGuIqQWC+fYA3+rf81rRUfeLsuN1/fp52e6CsectpeK0Y2ZrGG
y1yB9wmkloq0zcDWLX96VzfzrQnGtLjkSOBsVB/B7wZ0gWHhkMqI6EnplTm/DNLD
CpcoGXtlanPmWts0pjfGHUS5n11at1IR9uCyu0gVSRWjIUrSuaQsJFPSO+kQbIe0
BPH8xO3KBHQ4x59hWYS65NaFGjlW8nMwxG26FsXe7696gFYLlhtPKTLh51SIyART
ZIQsaRZhTLA=
=yO2S
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update
Advisory ID:       RHSA-2021:2720-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:2720
Issue date:        2021-07-20
CVE Names:         CVE-2021-33034 CVE-2021-33909 
=====================================================================

1. Summary:

An update is now available for Red Hat Enterprise Linux 8.2 Extended Update
Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: size_t-to-int conversion vulnerability in the filesystem layer
(CVE-2021-33909)

* kernel: use-after-free in net/bluetooth/hci_event.c when destroying an
hci_chan (CVE-2021-33034)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1961305 - CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan
1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v. 8.2):

Source:
kpatch-patch-4_18_0-193_13_2-1-10.el8_2.src.rpm
kpatch-patch-4_18_0-193_14_3-1-10.el8_2.src.rpm
kpatch-patch-4_18_0-193_19_1-1-10.el8_2.src.rpm
kpatch-patch-4_18_0-193_28_1-1-8.el8_2.src.rpm
kpatch-patch-4_18_0-193_29_1-1-8.el8_2.src.rpm
kpatch-patch-4_18_0-193_37_1-1-8.el8_2.src.rpm
kpatch-patch-4_18_0-193_40_1-1-8.el8_2.src.rpm
kpatch-patch-4_18_0-193_41_1-1-8.el8_2.src.rpm
kpatch-patch-4_18_0-193_46_1-1-5.el8_2.src.rpm
kpatch-patch-4_18_0-193_47_1-1-5.el8_2.src.rpm
kpatch-patch-4_18_0-193_51_1-1-2.el8_2.src.rpm
kpatch-patch-4_18_0-193_56_1-1-1.el8_2.src.rpm

ppc64le:
kpatch-patch-4_18_0-193_13_2-1-10.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_13_2-debuginfo-1-10.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_13_2-debugsource-1-10.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_14_3-1-10.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_14_3-debuginfo-1-10.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_14_3-debugsource-1-10.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_19_1-1-10.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_19_1-debuginfo-1-10.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_19_1-debugsource-1-10.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_28_1-1-8.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_28_1-debuginfo-1-8.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_28_1-debugsource-1-8.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_29_1-1-8.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_29_1-debuginfo-1-8.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_29_1-debugsource-1-8.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_37_1-1-8.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_37_1-debuginfo-1-8.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_37_1-debugsource-1-8.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_40_1-1-8.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_40_1-debuginfo-1-8.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_40_1-debugsource-1-8.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_41_1-1-8.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_41_1-debuginfo-1-8.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_41_1-debugsource-1-8.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_46_1-1-5.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_46_1-debuginfo-1-5.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_46_1-debugsource-1-5.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_47_1-1-5.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_47_1-debuginfo-1-5.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_47_1-debugsource-1-5.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_51_1-1-2.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_51_1-debuginfo-1-2.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_51_1-debugsource-1-2.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_56_1-1-1.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_56_1-debuginfo-1-1.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_56_1-debugsource-1-1.el8_2.ppc64le.rpm

x86_64:
kpatch-patch-4_18_0-193_13_2-1-10.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_13_2-debuginfo-1-10.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_13_2-debugsource-1-10.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_14_3-1-10.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_14_3-debuginfo-1-10.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_14_3-debugsource-1-10.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_19_1-1-10.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_19_1-debuginfo-1-10.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_19_1-debugsource-1-10.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_28_1-1-8.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_28_1-debuginfo-1-8.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_28_1-debugsource-1-8.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_29_1-1-8.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_29_1-debuginfo-1-8.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_29_1-debugsource-1-8.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_37_1-1-8.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_37_1-debuginfo-1-8.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_37_1-debugsource-1-8.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_40_1-1-8.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_40_1-debuginfo-1-8.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_40_1-debugsource-1-8.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_41_1-1-8.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_41_1-debuginfo-1-8.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_41_1-debugsource-1-8.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_46_1-1-5.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_46_1-debuginfo-1-5.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_46_1-debugsource-1-5.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_47_1-1-5.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_47_1-debuginfo-1-5.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_47_1-debugsource-1-5.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_51_1-1-2.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_51_1-debuginfo-1-2.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_51_1-debugsource-1-2.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_56_1-1-1.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_56_1-debuginfo-1-1.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_56_1-debugsource-1-1.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-33034
https://access.redhat.com/security/cve/CVE-2021-33909
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2021-006

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYPdnCNzjgjWX9erEAQhUPw/+I1jm6cz7NN+8ZQEKGaS4vIa7LF64phtr
rykMtRlpHakGVjWdrObjJDx079sXYhAEPrlzLruPi2y6n59O+HAh5k9R/eO9cmMa
aMuM7SFiNL6RlY6vVj6hpMpLfG+slOyDnBDv5FNvxGHMG6JXrmAcbxFR3bkypUjv
yJVjF4Jo82HQ90hWl77qRZHxvYJjVOZB8KhYt6Q9ydGnXY3arBuD6BH347FxzEo4
IaGcwcKfC/mQ0Jn+a7sJH+o9k196ekW5gue+FBvvOOdXKboZvLLdkIRS6+Ky/uag
L9aMxD5Td06iBBoqy/Zjiv0LvHaD2mBSHNkvXAaHtBlBRg+2Rd96JYATgKddeMmL
cxoNySQ3d4mX5627uHF4NMzo2gKZxvyt4IbOoUn3a9PvIVOa6ll8p0zd4D18pEtO
JkU9OtooBBpJNupimLE84Nev01HBcFXY4kfc/K4O0K5U6PAV8OqiFyMzA/hJD9qt
b+ViIAR9slccgi8RvIhOofTwIpQEKN5oN+4GVEabjHqn/0XS7Yh4aLK71Chfamd6
uwl3zkdc0pOHa/1YxhRJQoxr/SnFiaV6uvO8SzPRwrtVvbQUD81Y85wWYNmodTWU
RsyClj6sjkDtP9Gx5Lb2tns9ugDQpXTIg6NeKoj67oBf9+rT4ubOQJVKFQxuE9sW
TeW9cQSoOgQ=
=FptP
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update
Advisory ID:       RHSA-2021:2729-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:2729
Issue date:        2021-07-20
CVE Names:         CVE-2021-33034 CVE-2021-33909 
=====================================================================

1. Summary:

An update is now available for Red Hat Enterprise Linux 7.7 Extended Update
Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: size_t-to-int conversion vulnerability in the filesystem layer
(CVE-2021-33909)

* kernel: use-after-free in net/bluetooth/hci_event.c when destroying an
hci_chan (CVE-2021-33034)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1961305 - CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan
1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer

6. Package List:

Red Hat Enterprise Linux Server EUS (v. 7.7):

Source:
kpatch-patch-3_10_0-1062_30_1-1-4.el7.src.rpm
kpatch-patch-3_10_0-1062_31_2-1-4.el7.src.rpm
kpatch-patch-3_10_0-1062_31_3-1-4.el7.src.rpm
kpatch-patch-3_10_0-1062_33_1-1-4.el7.src.rpm
kpatch-patch-3_10_0-1062_36_1-1-4.el7.src.rpm
kpatch-patch-3_10_0-1062_37_1-1-4.el7.src.rpm
kpatch-patch-3_10_0-1062_40_1-1-4.el7.src.rpm
kpatch-patch-3_10_0-1062_43_1-1-4.el7.src.rpm
kpatch-patch-3_10_0-1062_45_1-1-4.el7.src.rpm
kpatch-patch-3_10_0-1062_46_1-1-3.el7.src.rpm
kpatch-patch-3_10_0-1062_49_1-1-1.el7.src.rpm
kpatch-patch-3_10_0-1062_51_1-1-1.el7.src.rpm

ppc64le:
kpatch-patch-3_10_0-1062_30_1-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-1062_30_1-debuginfo-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-1062_31_2-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-1062_31_2-debuginfo-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-1062_31_3-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-1062_31_3-debuginfo-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-1062_33_1-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-1062_33_1-debuginfo-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-1062_36_1-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-1062_36_1-debuginfo-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-1062_37_1-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-1062_37_1-debuginfo-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-1062_40_1-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-1062_40_1-debuginfo-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-1062_43_1-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-1062_43_1-debuginfo-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-1062_45_1-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-1062_45_1-debuginfo-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-1062_46_1-1-3.el7.ppc64le.rpm
kpatch-patch-3_10_0-1062_46_1-debuginfo-1-3.el7.ppc64le.rpm
kpatch-patch-3_10_0-1062_49_1-1-1.el7.ppc64le.rpm
kpatch-patch-3_10_0-1062_49_1-debuginfo-1-1.el7.ppc64le.rpm
kpatch-patch-3_10_0-1062_51_1-1-1.el7.ppc64le.rpm
kpatch-patch-3_10_0-1062_51_1-debuginfo-1-1.el7.ppc64le.rpm

x86_64:
kpatch-patch-3_10_0-1062_30_1-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-1062_30_1-debuginfo-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-1062_31_2-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-1062_31_2-debuginfo-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-1062_31_3-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-1062_31_3-debuginfo-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-1062_33_1-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-1062_33_1-debuginfo-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-1062_36_1-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-1062_36_1-debuginfo-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-1062_37_1-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-1062_37_1-debuginfo-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-1062_40_1-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-1062_40_1-debuginfo-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-1062_43_1-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-1062_43_1-debuginfo-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-1062_45_1-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-1062_45_1-debuginfo-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-1062_46_1-1-3.el7.x86_64.rpm
kpatch-patch-3_10_0-1062_46_1-debuginfo-1-3.el7.x86_64.rpm
kpatch-patch-3_10_0-1062_49_1-1-1.el7.x86_64.rpm
kpatch-patch-3_10_0-1062_49_1-debuginfo-1-1.el7.x86_64.rpm
kpatch-patch-3_10_0-1062_51_1-1-1.el7.x86_64.rpm
kpatch-patch-3_10_0-1062_51_1-debuginfo-1-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-33034
https://access.redhat.com/security/cve/CVE-2021-33909
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2021-006

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYPdqx9zjgjWX9erEAQh/bRAAoeLh1gzAJtcdox3z6M8/gqXYBYY4yE7A
OMnFFYcJOxjD1+lmXI7RGVT/IbGn2z2mGfSEvPsOIzre+/xOVLj8/jPQrg9hdQ7c
m5JHsxy8vcXq/cnVfsvgTN7sGH3+uWMK41PTwzLkqEsqrDxXIFVV8rKujUr7HtC+
naN+JoLxFSwit7c92q5Ec0xmNZvAUqQKlFh2ht7XkFyTcnvEb5PfWCrG3qwuqljw
B0MtfDb+qfOL/UmPkTGVXWd6lOgZcJAsnLGCLJqn3qYUw4NQsaVgDcRS4MGllydB
Eg5cfivB5+QkmdYavzefqrFOdjgBlkz3JqAjIFKKUu3RLrXlmLgZI0XT8G+BiGAL
jkfQjX0DCvXsVUAQhdOJOYGTOmkERBZc9TkxmWoyX8+pBaD6v5S6DxY2FKTeld0c
hr0DGH4b1d7urej4PRh77Hy4oiD4KzvoHPhMPVKejJZX8hdn0d4ZTzptlOvExJsO
fwNnr/SsvOqDuO+e5sMsZM1/MH+p8/rwQarDPwPQPDxxJU6ZVs82XwBpNXKlA/nI
29b4Kwp/LcBa0YEW2ANT3XKy3XlQoAFHI2rGNzaEptX0rb28+qzIiwl6Fxe8nIPZ
Sm4DhaaZF3rpSNsEKxQYsEulqQtKtUAC04+ZVm4ZabKfGA/N3h7PuaN1KznXg0XU
Ky4OR8MeybA=
=if7Y
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update
Advisory ID:       RHSA-2021:2731-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:2731
Issue date:        2021-07-20
CVE Names:         CVE-2021-3347 CVE-2021-33034 CVE-2021-33909 
=====================================================================

1. Summary:

An update is now available for Red Hat Enterprise Linux 7.6 Update Services
for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server E4S (v. 7.6) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: size_t-to-int conversion vulnerability in the filesystem layer
(CVE-2021-33909)

* kernel: Use after free via PI futex state (CVE-2021-3347)

* kernel: use-after-free in net/bluetooth/hci_event.c when destroying an
hci_chan (CVE-2021-33034)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1922249 - CVE-2021-3347 kernel: Use after free via PI futex state
1961305 - CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan
1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer

6. Package List:

Red Hat Enterprise Linux Server E4S (v. 7.6):

Source:
kpatch-patch-3_10_0-957_58_2-1-4.el7.src.rpm
kpatch-patch-3_10_0-957_61_1-1-4.el7.src.rpm
kpatch-patch-3_10_0-957_61_2-1-4.el7.src.rpm
kpatch-patch-3_10_0-957_62_1-1-4.el7.src.rpm
kpatch-patch-3_10_0-957_65_1-1-4.el7.src.rpm
kpatch-patch-3_10_0-957_66_1-1-4.el7.src.rpm
kpatch-patch-3_10_0-957_70_1-1-3.el7.src.rpm
kpatch-patch-3_10_0-957_72_1-1-1.el7.src.rpm
kpatch-patch-3_10_0-957_76_1-1-1.el7.src.rpm

ppc64le:
kpatch-patch-3_10_0-957_58_2-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_58_2-debuginfo-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_61_1-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_61_1-debuginfo-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_61_2-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_61_2-debuginfo-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_62_1-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_62_1-debuginfo-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_65_1-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_65_1-debuginfo-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_66_1-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_66_1-debuginfo-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_70_1-1-3.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_70_1-debuginfo-1-3.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_72_1-1-1.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_72_1-debuginfo-1-1.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_76_1-1-1.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_76_1-debuginfo-1-1.el7.ppc64le.rpm

x86_64:
kpatch-patch-3_10_0-957_58_2-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-957_58_2-debuginfo-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-957_61_1-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-957_61_1-debuginfo-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-957_61_2-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-957_61_2-debuginfo-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-957_62_1-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-957_62_1-debuginfo-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-957_65_1-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-957_65_1-debuginfo-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-957_66_1-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-957_66_1-debuginfo-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-957_70_1-1-3.el7.x86_64.rpm
kpatch-patch-3_10_0-957_70_1-debuginfo-1-3.el7.x86_64.rpm
kpatch-patch-3_10_0-957_72_1-1-1.el7.x86_64.rpm
kpatch-patch-3_10_0-957_72_1-debuginfo-1-1.el7.x86_64.rpm
kpatch-patch-3_10_0-957_76_1-1-1.el7.x86_64.rpm
kpatch-patch-3_10_0-957_76_1-debuginfo-1-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-3347
https://access.redhat.com/security/cve/CVE-2021-33034
https://access.redhat.com/security/cve/CVE-2021-33909
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2021-006

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYPdkc9zjgjWX9erEAQiJ3w/9HAYr7UlbQ/KanbPR6QXuB78khPPhGuql
Ld8Qmkw953kGt5dTwse3jIoBsvFHuVBIN2SYClUHKu3O/9kb4KJkOgVut3eGiIOX
3McPbK92FbUr4TPokIrukeqCjwGtlKCsoA+1Md5c2EEft+EsjIDYMU3EgI0rx/OP
trL5Zf+/uJVybTH5eJWSrQCWkpDRQJpxKLjxOlV0hpbUy2q3RhYzdybaS0/TqRAa
YtcAxSIOjm+eQU94hheskJE75hnC/NtftPIQBQ/I3taoN0S2KfVqidhTaOiPG111
Wx0u0cZN/GNxjfxS/CAFo1sub4W0fMoU8aXgnr+cp64hA8UXpeP6MO8qsW77xQfE
xocNt3U26jadRLJLs2ijcdpXtCONuGV78L4fqlyFX22WOyArUV09c9ooGOyan8MI
B8M/q9wUpj6YGzl59zU4GOVFnhP6UtWkvOfAwsZ/dTVQuo5zmW+I5xYpmIT2SUDj
DuwuoexvJ+cpfiEOuuMn5YUYCSYn87ApIYHy5QXAsNSrjXmqaY7CRKZ4vxdDhA1m
AWVJptI/Z9A/785lPrP3q4UDGsqxrOfDJgzDFgu4awWe/olJ/iuW+TnaEN8vpCoG
o3JkDSTxSZV9AWVC7X4v8b7dAv/QaAxS/xSRBw4FcvFamGL9QyKyi7bGQ7pwqnpS
lFIAzFpRPkU=
=bHsx
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYPemiONLKJtyKPYoAQgV5Q/9FmGN+YyKw+e0npEJ6fwwOpNOOCJgl4JP
/vpSD9GqUQcZHhLf1teasKMwlRucZuf845yVFo8jlxKJxXKhPCko7aZaMVzJOBjo
j1PEp5FZF+ylBkg9Jq9miGneNmFgmudo0wtzQ8U1JsTmnXwfSV/U0l5FYN0oA66R
/iJVUqvgtgU9nU/Q+1xrtgAQ/mPr+tC0fA8de+66oPx0Cr7L0pBKwqm3SwA0ht04
vi6DwupZypdkXs6RADwDESQn9gvJn5jQ+KeHrzimLTh6acDzVpLwcG0f09BJBy2t
r9g1FfNe29qtWtRxaGGllkWuAN27ND0neH/k9yiWrpLz+msCViVUvPl5ijieA4BE
+5ImFCidkDNSFwzvqYybkDnguzBiGwtp0+7HvqmKB9F0Ib8qbzv2ZEBb+DrddvAk
0Jj/tzc098XX6aGlxGP4UL8fP3Q3av6Gw4epvGTvacS8cjsDdl1Fgn9ELgJfCojR
hpkkG7dF7q2h/e4Jb5VhN3CWu06dOWR5OZm15l9QBPr2wnvpxJLYnEq2NaHHva7H
HPRCTWF3sCWMfbf4auFuagEfpvzD146sqqFoLVRPNuayo/ZdyQNPemtlR2ptoT2L
Ss8B0aaEWoA4ToYD8+fA2JlB22vCplRImKHwwiheMKGL7hq3rVkmsW5+QjTJtqvy
HWgvaFC7sN0=
=YZ8d
-----END PGP SIGNATURE-----