—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2019:2043-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2043
Issue date: 2019-08-06
CVE Names: CVE-2018-7755 CVE-2018-8087 CVE-2018-9363
CVE-2018-9516 CVE-2018-9517 CVE-2018-10853
CVE-2018-13053 CVE-2018-13093 CVE-2018-13094
CVE-2018-13095 CVE-2018-14625 CVE-2018-14734
CVE-2018-15594 CVE-2018-16658 CVE-2018-16885
CVE-2018-18281 CVE-2019-3459 CVE-2019-3460
CVE-2019-3882 CVE-2019-3900 CVE-2019-5489
CVE-2019-7222 CVE-2019-11599 CVE-2019-11810
CVE-2019-11833
=====================================================================
1. Summary:
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux for Real Time (v. 7) – noarch, x86_64
Red Hat Enterprise Linux for Real Time for NFV (v. 7) – noarch, x86_64
3. Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* Kernel: vhost_net: infinite loop while receiving packets leads to DoS
(CVE-2019-3900)
* Kernel: page cache side channel attacks (CVE-2019-5489)
* kernel: Buffer overflow in hidp_process_report (CVE-2018-9363)
* kernel: l2tp: Race condition between pppol2tp_session_create() and
l2tp_eth_create() (CVE-2018-9517)
* kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)
* kernel: use-after-free Read in vhost_transport_send_pkt (CVE-2018-14625)
* kernel: use-after-free in ucma_leave_multicast in
drivers/infiniband/core/ucma.c (CVE-2018-14734)
* kernel: Mishandling of indirect calls weakens Spectre mitigation for
paravirtual guests (CVE-2018-15594)
* kernel: TLB flush happens too late on mremap (CVE-2018-18281)
* kernel: Heap address information leak while using L2CAP_GET_CONF_OPT
(CVE-2019-3459)
* kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP
(CVE-2019-3460)
* kernel: denial of service vector through vfio DMA mappings
(CVE-2019-3882)
* kernel: fix race condition between mmget_not_zero()/get_task_mm() and
core dumping (CVE-2019-11599)
* kernel: a NULL pointer dereference in
drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810)
* kernel: fs/ext4/extents.c leads to information disclosure
(CVE-2019-11833)
* kernel: Information exposure in fd_locked_ioctl function in
drivers/block/floppy.c (CVE-2018-7755)
* kernel: Memory leak in
drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl() can lead to
potential denial of service (CVE-2018-8087)
* kernel: HID: debug: Buffer overflow in hid_debug_events_read() in
drivers/hid/hid-debug.c (CVE-2018-9516)
* kernel: Integer overflow in the alarm_timer_nsleep function
(CVE-2018-13053)
* kernel: NULL pointer dereference in lookup_slow function (CVE-2018-13093)
* kernel: NULL pointer dereference in xfs_da_shrink_inode function
(CVE-2018-13094)
* kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c
(CVE-2018-13095)
* kernel: Information leak in cdrom_ioctl_drive_status (CVE-2018-16658)
* kernel: out-of-bound read in memcpy_fromiovecend() (CVE-2018-16885)
* Kernel: KVM: leak of uninitialized stack contents to guest
(CVE-2019-7222)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.7 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1553216 – CVE-2018-7755 kernel: Information exposure in fd_locked_ioctl function in drivers/block/floppy.c
1555145 – CVE-2018-8087 kernel: Memory leak in drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl() can lead to potential denial of service
1573916 – kernel-rt-kvm multiversion
1589890 – CVE-2018-10853 kernel: kvm: guest userspace to guest kernel write
1593361 – Update kernel-rt timer wheel code
1597747 – CVE-2018-13053 kernel: Integer overflow in the alarm_timer_nsleep function
1597766 – CVE-2018-13093 kernel: NULL pointer dereference in lookup_slow function
1597771 – CVE-2018-13094 kernel: NULL pointer dereference in xfs_da_shrink_inode function
1597775 – CVE-2018-13095 kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c
1611005 – CVE-2018-14734 kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ucma.c
1619846 – CVE-2018-14625 kernel: use-after-free Read in vhost_transport_send_pkt
1620555 – CVE-2018-15594 kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests
1623067 – CVE-2018-9363 kernel: Buffer overflow in hidp_process_report
1627731 – CVE-2018-16658 kernel: Information leak in cdrom_ioctl_drive_status
1631036 – CVE-2018-9516 kernel: HID: debug: Buffer overflow in hid_debug_events_read() in drivers/hid/hid-debug.c
1631045 – CVE-2018-9517 kernel: l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create()
1642619 – RT: update kernel-rt source tree to match RHEL 7.7 tree
1645121 – CVE-2018-18281 kernel: TLB flush happens too late on mremap
1661503 – CVE-2018-16885 kernel: out-of-bound read in memcpy_fromiovecend()
1663176 – CVE-2019-3459 kernel: Heap address information leak while using L2CAP_GET_CONF_OPT
1663179 – CVE-2019-3460 kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP
1664110 – CVE-2019-5489 Kernel: page cache side channel attacks
1664380 – BUG: scheduling while atomic: kworker/1:1/24117/0x00000002
1665278 – hrtimers: WARNING: CPU: 8 PID: 79 at kernel/hrtimer.c:1506 run_hrtimer_softirq+0x264/0x270
1671126 – NMI watchdog ineffective due to mismerge
1671930 – CVE-2019-7222 Kernel: KVM: leak of uninitialized stack contents to guest
1684745 – VM hangs on RHEL rt-kernel and OSP 13
1689426 – CVE-2019-3882 kernel: denial of service vector through vfio DMA mappings
1698757 – CVE-2019-3900 Kernel: vhost_net: infinite loop while receiving packets leads to DoS
1705937 – CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
1709164 – CVE-2019-11810 kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS
1712072 – CVE-2019-11833 kernel: fs/ext4/extents.c leads to information disclosure
1717212 – KVM tracebacks causing significant latency to VM
6. Package List:
Red Hat Enterprise Linux for Real Time for NFV (v. 7):
Source:
kernel-rt-3.10.0-1062.rt56.1022.el7.src.rpm
noarch:
kernel-rt-doc-3.10.0-1062.rt56.1022.el7.noarch.rpm
x86_64:
kernel-rt-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-debug-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-debug-kvm-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-devel-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-kvm-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-kvm-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-trace-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-trace-kvm-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-trace-kvm-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm
Red Hat Enterprise Linux for Real Time (v. 7):
Source:
kernel-rt-3.10.0-1062.rt56.1022.el7.src.rpm
noarch:
kernel-rt-doc-3.10.0-1062.rt56.1022.el7.noarch.rpm
x86_64:
kernel-rt-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-debug-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-devel-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-trace-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-1062.rt56.1022.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2018-7755
https://access.redhat.com/security/cve/CVE-2018-8087
https://access.redhat.com/security/cve/CVE-2018-9363
https://access.redhat.com/security/cve/CVE-2018-9516
https://access.redhat.com/security/cve/CVE-2018-9517
https://access.redhat.com/security/cve/CVE-2018-10853
https://access.redhat.com/security/cve/CVE-2018-13053
https://access.redhat.com/security/cve/CVE-2018-13093
https://access.redhat.com/security/cve/CVE-2018-13094
https://access.redhat.com/security/cve/CVE-2018-13095
https://access.redhat.com/security/cve/CVE-2018-14625
https://access.redhat.com/security/cve/CVE-2018-14734
https://access.redhat.com/security/cve/CVE-2018-15594
https://access.redhat.com/security/cve/CVE-2018-16658
https://access.redhat.com/security/cve/CVE-2018-16885
https://access.redhat.com/security/cve/CVE-2018-18281
https://access.redhat.com/security/cve/CVE-2019-3459
https://access.redhat.com/security/cve/CVE-2019-3460
https://access.redhat.com/security/cve/CVE-2019-3882
https://access.redhat.com/security/cve/CVE-2019-3900
https://access.redhat.com/security/cve/CVE-2019-5489
https://access.redhat.com/security/cve/CVE-2019-7222
https://access.redhat.com/security/cve/CVE-2019-11599
https://access.redhat.com/security/cve/CVE-2019-11810
https://access.redhat.com/security/cve/CVE-2019-11833
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/7.7_release_notes/index
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBXUl37NzjgjWX9erEAQgXTQ/+JndGRRwElZAx4Oc8H13K4nqpmaSH983b
+5S6LNl75FGwfi131FIfQX29HiCPNkGRPSIXzpZ+3cHPwgQvsMfFZpUDKZFPLyl2
RLGOiLBmHLlhuvkIlLbtrxXBdkOTzBdx7SeaSRJ99VMYeABcS6ApzkfmYaEr42Sr
FCyrgkZoAwZ+9VuqaEBSa/dnF38PWs7jW4mOkyx1gpnTdH2c1rzjo+6+lr7WxwP4
rIVZfqOsyjQ6yckPUPIXsJXBK9BSnd0o8sfbP8Tq1Fmck7nWn1nYqegVbWaQLSkJ
MMGHlfrY+8vuGDNRSoaEjIIAEdDj5tCZ+wQM72TAfR9MT5nALg51fkxWJ/ZPLP57
Uvokh2y7y6ZsImuJx1OjKYpUD9ZE5hJGniU1d/7LUAlGBFxgNGXFXkzWHjkf4KnS
G6IBmqCXObxfWunj91V0QvD78R2TMHPy/30/mAd5IqRNuQVPsGOltHIXS9cXLjwO
nm7wmKcCx/gTh8yDy0UUE6W8gJ3sgIN7HzTj2jjwRabbRteGHAusBo5aBRXI9r3B
Wh+2SY5LrWqDZ4ObkjhaRyATQxx2rKuUin2QDmNi/IGB8pIS2r+j4j9KfGc03kms
6EguTYwXq4gK9nFBK8Kvd4Q21yQxdmTSO3bmwv6R+x8R61cBIRKcXp2dxbmp/VdN
T54CqEnERhU=
=QJKD
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security, bug fix, and enhancement update
Advisory ID: RHSA-2019:2029-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2029
Issue date: 2019-08-06
CVE Names: CVE-2018-7755 CVE-2018-8087 CVE-2018-9363
CVE-2018-9516 CVE-2018-9517 CVE-2018-10853
CVE-2018-13053 CVE-2018-13093 CVE-2018-13094
CVE-2018-13095 CVE-2018-14625 CVE-2018-14734
CVE-2018-15594 CVE-2018-16658 CVE-2018-16885
CVE-2018-18281 CVE-2019-3459 CVE-2019-3460
CVE-2019-3882 CVE-2019-3900 CVE-2019-5489
CVE-2019-7222 CVE-2019-11599 CVE-2019-11810
CVE-2019-11833
=====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) – noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) – x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) – noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) – x86_64
Red Hat Enterprise Linux Server (v. 7) – noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) – ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) – noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) – x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* Kernel: vhost_net: infinite loop while receiving packets leads to DoS
(CVE-2019-3900)
* Kernel: page cache side channel attacks (CVE-2019-5489)
* kernel: Buffer overflow in hidp_process_report (CVE-2018-9363)
* kernel: l2tp: Race condition between pppol2tp_session_create() and
l2tp_eth_create() (CVE-2018-9517)
* kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)
* kernel: use-after-free Read in vhost_transport_send_pkt (CVE-2018-14625)
* kernel: use-after-free in ucma_leave_multicast in
drivers/infiniband/core/ucma.c (CVE-2018-14734)
* kernel: Mishandling of indirect calls weakens Spectre mitigation for
paravirtual guests (CVE-2018-15594)
* kernel: TLB flush happens too late on mremap (CVE-2018-18281)
* kernel: Heap address information leak while using L2CAP_GET_CONF_OPT
(CVE-2019-3459)
* kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP
(CVE-2019-3460)
* kernel: denial of service vector through vfio DMA mappings
(CVE-2019-3882)
* kernel: fix race condition between mmget_not_zero()/get_task_mm() and
core dumping (CVE-2019-11599)
* kernel: a NULL pointer dereference in
drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810)
* kernel: fs/ext4/extents.c leads to information disclosure
(CVE-2019-11833)
* kernel: Information exposure in fd_locked_ioctl function in
drivers/block/floppy.c (CVE-2018-7755)
* kernel: Memory leak in
drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl() can lead to
potential denial of service (CVE-2018-8087)
* kernel: HID: debug: Buffer overflow in hid_debug_events_read() in
drivers/hid/hid-debug.c (CVE-2018-9516)
* kernel: Integer overflow in the alarm_timer_nsleep function
(CVE-2018-13053)
* kernel: NULL pointer dereference in lookup_slow function (CVE-2018-13093)
* kernel: NULL pointer dereference in xfs_da_shrink_inode function
(CVE-2018-13094)
* kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c
(CVE-2018-13095)
* kernel: Information leak in cdrom_ioctl_drive_status (CVE-2018-16658)
* kernel: out-of-bound read in memcpy_fromiovecend() (CVE-2018-16885)
* Kernel: KVM: leak of uninitialized stack contents to guest
(CVE-2019-7222)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.7 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1335986 – BUG: memory allocation failure in inode_doinit_with_dentry()/context_to_sid()
1436351 – [nohz]: wrong user and system time accounting
1537033 – [RHEL7.6] BUG_ON(s->uptodate < disks – 1) condition encountered in RAID6 array with 6 disks and while one disk had failed.
1552203 – RHEL7.4 NFS4.1 client and server repeated SEQUENCE / TEST_STATEIDs with SEQUENCE Reply has SEQ4_STATUS_RECALLABLE_STATE_REVOKED set – NFS server should return NFS4ERR_DELEG_REVOKED or NFS4ERR_BAD_STATEID for revoked delegations
1553216 – CVE-2018-7755 kernel: Information exposure in fd_locked_ioctl function in drivers/block/floppy.c
1555145 – CVE-2018-8087 kernel: Memory leak in drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl() can lead to potential denial of service
1577640 – getdents on cifs with 4k buffer loses files
1589890 – CVE-2018-10853 kernel: kvm: guest userspace to guest kernel write
1590228 – kernel: openat with O_TMPFILE and mode 0 fails with EACCES (if not root)
1593417 – [mm] kernel BUG at lib/idr.c:1157, kmemcg_id is -1 when creating or destroying mem cgroups
1597747 – CVE-2018-13053 kernel: Integer overflow in the alarm_timer_nsleep function
1597766 – CVE-2018-13093 kernel: NULL pointer dereference in lookup_slow function
1597771 – CVE-2018-13094 kernel: NULL pointer dereference in xfs_da_shrink_inode function
1597775 – CVE-2018-13095 kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c
1608955 – EFI stub: ERROR: Failed to alloc highmem for initrd
1609699 – virtio-vsock – guest kernel panic with ctrl+c after hot-unplug
1611005 – CVE-2018-14734 kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ucma.c
1613056 – BUG: SELinux does not skip mmap/PROT_EXEC checks for internal files when invoking shmat(2)
1616109 – 7.6 Alpha – Lenovo P52 gnome-shell, suspend reboots machine
1616425 – 7.6 Alpha – Lenovo P52 – Screen goes blank and stays blank(dies)
1619846 – CVE-2018-14625 kernel: use-after-free Read in vhost_transport_send_pkt
1620555 – CVE-2018-15594 kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests
1622167 – Fix potential divide-by-zero in sunrpc reserved port range calculation
1623067 – CVE-2018-9363 kernel: Buffer overflow in hidp_process_report
1627563 – [RHEL 7.7] raid10 kernel NULL pointer dereference in md_do_sync during raid creation
1627731 – CVE-2018-16658 kernel: Information leak in cdrom_ioctl_drive_status
1628378 – dm-cache does not pass discard I/Os to origin storage device
1631036 – CVE-2018-9516 kernel: HID: debug: Buffer overflow in hid_debug_events_read() in drivers/hid/hid-debug.c
1631045 – CVE-2018-9517 kernel: l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create()
1645121 – CVE-2018-18281 kernel: TLB flush happens too late on mremap
1659146 – Allow drivers to set .force_blk_mq in scsi_host_template to enable per-driver SCSI-MQ usage
1661503 – CVE-2018-16885 kernel: out-of-bound read in memcpy_fromiovecend()
1663176 – CVE-2019-3459 kernel: Heap address information leak while using L2CAP_GET_CONF_OPT
1663179 – CVE-2019-3460 kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP
1664110 – CVE-2019-5489 Kernel: page cache side channel attacks
1665990 – df reports negative IUsed value for prjquota set directories.
1671930 – CVE-2019-7222 Kernel: KVM: leak of uninitialized stack contents to guest
1684780 – aio O_DIRECT writes to non-page-aligned file locations on ext4 can result in the overlapped portion of the page containing zeros
1689426 – CVE-2019-3882 kernel: denial of service vector through vfio DMA mappings
1693457 – overlayfs update to upstream 4.18
1698757 – CVE-2019-3900 Kernel: vhost_net: infinite loop while receiving packets leads to DoS
1705937 – CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
1709164 – CVE-2019-11810 kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS
1712072 – CVE-2019-11833 kernel: fs/ext4/extents.c leads to information disclosure
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
kernel-3.10.0-1062.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1062.el7.noarch.rpm
kernel-doc-3.10.0-1062.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1062.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-3.10.0-1062.el7.x86_64.rpm
kernel-debug-3.10.0-1062.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.el7.x86_64.rpm
kernel-devel-3.10.0-1062.el7.x86_64.rpm
kernel-headers-3.10.0-1062.el7.x86_64.rpm
kernel-tools-3.10.0-1062.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.el7.x86_64.rpm
perf-3.10.0-1062.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.el7.x86_64.rpm
python-perf-3.10.0-1062.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
kernel-3.10.0-1062.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1062.el7.noarch.rpm
kernel-doc-3.10.0-1062.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1062.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-3.10.0-1062.el7.x86_64.rpm
kernel-debug-3.10.0-1062.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.el7.x86_64.rpm
kernel-devel-3.10.0-1062.el7.x86_64.rpm
kernel-headers-3.10.0-1062.el7.x86_64.rpm
kernel-tools-3.10.0-1062.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.el7.x86_64.rpm
perf-3.10.0-1062.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.el7.x86_64.rpm
python-perf-3.10.0-1062.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
kernel-3.10.0-1062.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1062.el7.noarch.rpm
kernel-doc-3.10.0-1062.el7.noarch.rpm
ppc64:
bpftool-3.10.0-1062.el7.ppc64.rpm
bpftool-debuginfo-3.10.0-1062.el7.ppc64.rpm
kernel-3.10.0-1062.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-1062.el7.ppc64.rpm
kernel-debug-3.10.0-1062.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1062.el7.ppc64.rpm
kernel-debug-devel-3.10.0-1062.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1062.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1062.el7.ppc64.rpm
kernel-devel-3.10.0-1062.el7.ppc64.rpm
kernel-headers-3.10.0-1062.el7.ppc64.rpm
kernel-tools-3.10.0-1062.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1062.el7.ppc64.rpm
kernel-tools-libs-3.10.0-1062.el7.ppc64.rpm
perf-3.10.0-1062.el7.ppc64.rpm
perf-debuginfo-3.10.0-1062.el7.ppc64.rpm
python-perf-3.10.0-1062.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1062.el7.ppc64.rpm
ppc64le:
bpftool-3.10.0-1062.el7.ppc64le.rpm
bpftool-debuginfo-3.10.0-1062.el7.ppc64le.rpm
kernel-3.10.0-1062.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-1062.el7.ppc64le.rpm
kernel-debug-3.10.0-1062.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1062.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1062.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1062.el7.ppc64le.rpm
kernel-devel-3.10.0-1062.el7.ppc64le.rpm
kernel-headers-3.10.0-1062.el7.ppc64le.rpm
kernel-tools-3.10.0-1062.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1062.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-1062.el7.ppc64le.rpm
perf-3.10.0-1062.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1062.el7.ppc64le.rpm
python-perf-3.10.0-1062.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1062.el7.ppc64le.rpm
s390x:
bpftool-3.10.0-1062.el7.s390x.rpm
bpftool-debuginfo-3.10.0-1062.el7.s390x.rpm
kernel-3.10.0-1062.el7.s390x.rpm
kernel-debug-3.10.0-1062.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-1062.el7.s390x.rpm
kernel-debug-devel-3.10.0-1062.el7.s390x.rpm
kernel-debuginfo-3.10.0-1062.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-1062.el7.s390x.rpm
kernel-devel-3.10.0-1062.el7.s390x.rpm
kernel-headers-3.10.0-1062.el7.s390x.rpm
kernel-kdump-3.10.0-1062.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-1062.el7.s390x.rpm
kernel-kdump-devel-3.10.0-1062.el7.s390x.rpm
perf-3.10.0-1062.el7.s390x.rpm
perf-debuginfo-3.10.0-1062.el7.s390x.rpm
python-perf-3.10.0-1062.el7.s390x.rpm
python-perf-debuginfo-3.10.0-1062.el7.s390x.rpm
x86_64:
bpftool-3.10.0-1062.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-3.10.0-1062.el7.x86_64.rpm
kernel-debug-3.10.0-1062.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.el7.x86_64.rpm
kernel-devel-3.10.0-1062.el7.x86_64.rpm
kernel-headers-3.10.0-1062.el7.x86_64.rpm
kernel-tools-3.10.0-1062.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.el7.x86_64.rpm
perf-3.10.0-1062.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.el7.x86_64.rpm
python-perf-3.10.0-1062.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
bpftool-debuginfo-3.10.0-1062.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1062.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1062.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1062.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1062.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-1062.el7.ppc64.rpm
perf-debuginfo-3.10.0-1062.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1062.el7.ppc64.rpm
ppc64le:
bpftool-debuginfo-3.10.0-1062.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1062.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-1062.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1062.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1062.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1062.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-1062.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1062.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1062.el7.ppc64le.rpm
x86_64:
bpftool-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
kernel-3.10.0-1062.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1062.el7.noarch.rpm
kernel-doc-3.10.0-1062.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1062.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-3.10.0-1062.el7.x86_64.rpm
kernel-debug-3.10.0-1062.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.el7.x86_64.rpm
kernel-devel-3.10.0-1062.el7.x86_64.rpm
kernel-headers-3.10.0-1062.el7.x86_64.rpm
kernel-tools-3.10.0-1062.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.el7.x86_64.rpm
perf-3.10.0-1062.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.el7.x86_64.rpm
python-perf-3.10.0-1062.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2018-7755
https://access.redhat.com/security/cve/CVE-2018-8087
https://access.redhat.com/security/cve/CVE-2018-9363
https://access.redhat.com/security/cve/CVE-2018-9516
https://access.redhat.com/security/cve/CVE-2018-9517
https://access.redhat.com/security/cve/CVE-2018-10853
https://access.redhat.com/security/cve/CVE-2018-13053
https://access.redhat.com/security/cve/CVE-2018-13093
https://access.redhat.com/security/cve/CVE-2018-13094
https://access.redhat.com/security/cve/CVE-2018-13095
https://access.redhat.com/security/cve/CVE-2018-14625
https://access.redhat.com/security/cve/CVE-2018-14734
https://access.redhat.com/security/cve/CVE-2018-15594
https://access.redhat.com/security/cve/CVE-2018-16658
https://access.redhat.com/security/cve/CVE-2018-16885
https://access.redhat.com/security/cve/CVE-2018-18281
https://access.redhat.com/security/cve/CVE-2019-3459
https://access.redhat.com/security/cve/CVE-2019-3460
https://access.redhat.com/security/cve/CVE-2019-3882
https://access.redhat.com/security/cve/CVE-2019-3900
https://access.redhat.com/security/cve/CVE-2019-5489
https://access.redhat.com/security/cve/CVE-2019-7222
https://access.redhat.com/security/cve/CVE-2019-11599
https://access.redhat.com/security/cve/CVE-2019-11810
https://access.redhat.com/security/cve/CVE-2019-11833
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBXUl4S9zjgjWX9erEAQhn4g/7BtFoK2lvqk9ckZxt5va2lLpcKk/o9GMt
6D4Qo+73SKNDetO5WrF/VEdimJr2nsjNlktmehVnj5uhi/PBgoVeQNubiHW/vWxe
khXN1gTWi6zGs+Zl+Z+HGqBvrG5OyXZZJgVokpMCK35GjOfhxbz+5ZK/26VGRUqR
+DLE2CobxYPtOGrhpD2U5X8wZlmCBgfNHQ/WzrgpGF90Fu0kFaVDolHja1uze6Qa
2e/QoKVJxq1OOJqnSbPh0JsZocBRWWXO2GE5QYA8M5ysibH9NBYA0aFzDgN2rLcG
I+KVH4irfYyhBKCxq5566gWqe8znD+N+Yngs1SMbP1fHB3St4ZhfnVRtOY3KRQS4
8ynEJXRMhjhZ8tTsKpKUpdNtSNrBm5FG+djxKUce/G39QjFkXkYM2Ba0biQFQ1wH
df4FUMr6m/C0LsQ03tnZgb1MDQtctNQF8Ad/tIKXhWDCOpWk6qtO67x3fqNApm8h
ytXSOyKMkvzf7Uy3RIHbU7MQ+I8GagYigDRUOHInlp067cEvKh7s1rl9tcEQsAPM
PVmZ+AHEdd2oh0XG8P4TQEyYv+xb701RFvif463er12FpZlZe0KiMM5976bIsJFl
8hUljurzIhHoduLimTlcm6U8E1xR4PrZHU/M7CYOBkMvn1ws8zHS9GJMSmAmP8Cv
4SjC+bXGfus=
=SR8e
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce