You are here
Home > Preporuke > Sigurnosni nedostaci jezgre operacijskog sustava

Sigurnosni nedostaci jezgre operacijskog sustava

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2020:1353-01
Product: Red Hat Enterprise MRG for RHEL-6
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1353
Issue date: 2020-04-07
CVE Names: CVE-2019-14816 CVE-2019-17666
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise MRG 2.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat MRG Realtime for RHEL 6 Server v.2 – noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi
driver (CVE-2019-14816)

* kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in
the Linux kernel lacks a certain upper-bound check, leading to a buffer
overflow (CVE-2019-17666)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* update the MRG 2.5.z 3.10 realtime-kernel sources (BZ#1810602)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1744149 – CVE-2019-14816 kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver
1763690 – CVE-2019-17666 kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow
1810602 – update the MRG 2.5.z 3.10 realtime-kernel sources

6. Package List:

Red Hat MRG Realtime for RHEL 6 Server v.2:

Source:
kernel-rt-3.10.0-693.65.1.rt56.663.el6rt.src.rpm

noarch:
kernel-rt-doc-3.10.0-693.65.1.rt56.663.el6rt.noarch.rpm
kernel-rt-firmware-3.10.0-693.65.1.rt56.663.el6rt.noarch.rpm

x86_64:
kernel-rt-3.10.0-693.65.1.rt56.663.el6rt.x86_64.rpm
kernel-rt-debug-3.10.0-693.65.1.rt56.663.el6rt.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-693.65.1.rt56.663.el6rt.x86_64.rpm
kernel-rt-debug-devel-3.10.0-693.65.1.rt56.663.el6rt.x86_64.rpm
kernel-rt-debuginfo-3.10.0-693.65.1.rt56.663.el6rt.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-693.65.1.rt56.663.el6rt.x86_64.rpm
kernel-rt-devel-3.10.0-693.65.1.rt56.663.el6rt.x86_64.rpm
kernel-rt-trace-3.10.0-693.65.1.rt56.663.el6rt.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-693.65.1.rt56.663.el6rt.x86_64.rpm
kernel-rt-trace-devel-3.10.0-693.65.1.rt56.663.el6rt.x86_64.rpm
kernel-rt-vanilla-3.10.0-693.65.1.rt56.663.el6rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-3.10.0-693.65.1.rt56.663.el6rt.x86_64.rpm
kernel-rt-vanilla-devel-3.10.0-693.65.1.rt56.663.el6rt.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-14816
https://access.redhat.com/security/cve/CVE-2019-17666
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXoxFEtzjgjWX9erEAQhqeA//dLk4951VWTAC2qCj16KztOnQZTUTa1JE
1PWXCgW2gG+Rs3/cKzy1rjtqmi4vR7gXNJcSpqi7Rfk02CRRSAt0fLZKr1LjckzE
FtttBy24PfEn1ph6x4Y0HfnvKvfBwrdKpHLtA4mxBX3ABQtP5Yww7nj94Li155lW
MCKjBsLRuDaA+kQd3klEXpbodnrVrOQ6Bv9vLwXqd6zHRa4c9wSuyuhu/Y1JzQUS
5O4ONT3JhYk3Kn04dWxkiy6A35+81sHbxp526u9ISdx8ZLLEANxMKKh4UwC9/Ja0
tndcPtZiDx/lrIyNKwVC+dQQMqBFrf+owVfQsx15emamsCnhaFJ4hPSbGwjfMu6q
y7efN/mKKonqb0SFI+rtZy5yGWruI7C/amXzaBjssYH5ewLN1qFjcTxtvjdyusDI
oSRrPqYzIcO7LmV/yXtsU/Z0fzGZPtZHcpfe2p2YqbOzWxtAJm5l3RPCmfjok8Za
Xwmoh+rBc80i3tXhzzCqRZFXcPSj5kTiJf0iKBzbc7Fty7p4+M0YHi+GxxLlz0Ig
kEQwabqZnbbP15CzetYVRhS2TTZaJB7075E9Rvl8nB9fy8ZgVWSpo+Q9R2P9MonU
+q6MmCkkiydSEDzAD8lBbwlOmwIvHjHCqv8weNzxnMoYslY5v1jC+soPZzD4qoYu
h5nwaXz00Tg=
=SeMt
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2020:1347-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1347
Issue date: 2020-04-07
CVE Names: CVE-2019-14816 CVE-2019-17666
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.4
Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update
Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP
Solutions.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.4) – noarch, x86_64
Red Hat Enterprise Linux Server E4S (v. 7.4) – noarch, ppc64le, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 7.4) – x86_64
Red Hat Enterprise Linux Server Optional E4S (v. 7.4) – ppc64le, x86_64
Red Hat Enterprise Linux Server Optional TUS (v. 7.4) – x86_64
Red Hat Enterprise Linux Server TUS (v. 7.4) – noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi
driver (CVE-2019-14816)

* kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in
the Linux kernel lacks a certain upper-bound check, leading to a buffer
overflow (CVE-2019-17666)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* [xfstests]: copy_file_range cause corruption on rhel-7 (BZ#1797965)

* port show-kabi to python3 (BZ#1806926)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1744149 – CVE-2019-14816 kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver
1763690 – CVE-2019-17666 kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.4):

Source:
kernel-3.10.0-693.65.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-693.65.1.el7.noarch.rpm
kernel-doc-3.10.0-693.65.1.el7.noarch.rpm

x86_64:
kernel-3.10.0-693.65.1.el7.x86_64.rpm
kernel-debug-3.10.0-693.65.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.65.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.65.1.el7.x86_64.rpm
kernel-devel-3.10.0-693.65.1.el7.x86_64.rpm
kernel-headers-3.10.0-693.65.1.el7.x86_64.rpm
kernel-tools-3.10.0-693.65.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.65.1.el7.x86_64.rpm
perf-3.10.0-693.65.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
python-perf-3.10.0-693.65.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.4):

Source:
kernel-3.10.0-693.65.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-693.65.1.el7.noarch.rpm
kernel-doc-3.10.0-693.65.1.el7.noarch.rpm

ppc64le:
kernel-3.10.0-693.65.1.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-693.65.1.el7.ppc64le.rpm
kernel-debug-3.10.0-693.65.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-693.65.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-693.65.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-693.65.1.el7.ppc64le.rpm
kernel-devel-3.10.0-693.65.1.el7.ppc64le.rpm
kernel-headers-3.10.0-693.65.1.el7.ppc64le.rpm
kernel-tools-3.10.0-693.65.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-693.65.1.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-693.65.1.el7.ppc64le.rpm
perf-3.10.0-693.65.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-693.65.1.el7.ppc64le.rpm
python-perf-3.10.0-693.65.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-693.65.1.el7.ppc64le.rpm

x86_64:
kernel-3.10.0-693.65.1.el7.x86_64.rpm
kernel-debug-3.10.0-693.65.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.65.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.65.1.el7.x86_64.rpm
kernel-devel-3.10.0-693.65.1.el7.x86_64.rpm
kernel-headers-3.10.0-693.65.1.el7.x86_64.rpm
kernel-tools-3.10.0-693.65.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.65.1.el7.x86_64.rpm
perf-3.10.0-693.65.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
python-perf-3.10.0-693.65.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.4):

Source:
kernel-3.10.0-693.65.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-693.65.1.el7.noarch.rpm
kernel-doc-3.10.0-693.65.1.el7.noarch.rpm

x86_64:
kernel-3.10.0-693.65.1.el7.x86_64.rpm
kernel-debug-3.10.0-693.65.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.65.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.65.1.el7.x86_64.rpm
kernel-devel-3.10.0-693.65.1.el7.x86_64.rpm
kernel-headers-3.10.0-693.65.1.el7.x86_64.rpm
kernel-tools-3.10.0-693.65.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.65.1.el7.x86_64.rpm
perf-3.10.0-693.65.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
python-perf-3.10.0-693.65.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.4):

x86_64:
kernel-debug-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.65.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.65.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.4):

ppc64le:
kernel-debug-debuginfo-3.10.0-693.65.1.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-693.65.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-693.65.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-693.65.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-693.65.1.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-693.65.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-693.65.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-693.65.1.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.65.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.65.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 7.4):

x86_64:
kernel-debug-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.65.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.65.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.65.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-14816
https://access.redhat.com/security/cve/CVE-2019-17666
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXoxI1NzjgjWX9erEAQjNGA//Z+tsRqhAeBGL9vdmjLK4GVN7z65CWRQz
rNc8ZR0BJxd09O/WZ+IRsGfSv/BSacXMrKSCSufc3ejfLcA32kTQJ1z48Gft+1Zn
uwQ+P/IuEdTZEG30oObK9H7tHn90yFwVcHP1Deo3fNTNbl4E2GFEMVP9SyAtkcqa
4HV4lY8X8bQuaxV+GB9gTkJwB1Rk2kA3CQRXmR4DG9zx08SlKCZeW4XnFaXg3mf8
DQUpQdNrUOiBcgFTJ9Vp62i4LHyFGJftmhWg0dEqc58qMi/Eg385ixrAx79N3qKR
cb9pgRjMHogn6nYUglhGLG43diERps12zJCWUILCboX/h7nnrsgeJC2d5op+B/c0
NJJkbEhWSOo8SeapJ/3vOycmqsbxY4sVwbZBv+1DSgLv8oxN085oti0ndo6sfL1W
/1wnuPyxqcG/Fi7LY2og64ZLMbpUQPu7f+SxzxS3Oeq/Qun9FSsZWciTsjOEHpBD
I1eSoXQHDUoh5eIFePGtv0GWktEMTcSw4YPP9Gj0zXOkj6fxrtarZO5bftpZXZHm
qwxYte0FzoZ+4ouoKwASwqwqFKUmksh5OMrGkjaj8zXxtjXLtxtkPlUNfafhpneG
z8WvuueE6t/L3INoXvvVG13y5tpoTfvNbWLRQkYG5nu+3sAS2lgVE/4iRu4Cxx+C
xg/lH8knNDE=
=VXlG
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: kernel-rt security and bug fix update
Advisory ID: RHSA-2020:1378-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1378
Issue date: 2020-04-07
CVE Names: CVE-2019-19527
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time (v. 8) – x86_64
Red Hat Enterprise Linux Real Time for NFV (v. 8) – x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: use-after-free caused by a malicious USB device in the
drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt: update RT source tree to the RHEL-8.1.z3 source tree
(BZ#1794136)

* [kernel-rt-debug] BUG: MAX_LOCKDEP_CHAINS too low! (BZ#1794199)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1783498 – CVE-2019-19527 kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver
1794199 – [kernel-rt-debug] BUG: MAX_LOCKDEP_CHAINS too low! [rhel-8.1.0.z]

6. Package List:

Red Hat Enterprise Linux Real Time for NFV (v. 8):

Source:
kernel-rt-4.18.0-147.8.1.rt24.101.el8_1.src.rpm

x86_64:
kernel-rt-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-core-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-debug-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-debug-core-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-debug-devel-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-debug-kvm-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-debug-modules-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-debuginfo-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-devel-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-kvm-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-kvm-debuginfo-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-modules-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-modules-extra-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm

Red Hat Enterprise Linux Real Time (v. 8):

Source:
kernel-rt-4.18.0-147.8.1.rt24.101.el8_1.src.rpm

x86_64:
kernel-rt-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-core-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-debug-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-debug-core-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-debug-devel-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-debug-modules-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-debuginfo-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-devel-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-kvm-debuginfo-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-modules-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm
kernel-rt-modules-extra-4.18.0-147.8.1.rt24.101.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-19527
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXoxON9zjgjWX9erEAQiEgA//aw4SHu7x88/QrvKSsONj/S0lOd3Gv2os
fCwU1zUMhLiQoaL6bfm30+xn8AkjLSKEa1RX5lWTbZg+VjW2KC2n6LadcKaJgVz8
Bv98mWwQnFh/jLnBkTiK9j0bFB8nhaDxj4Cn4XPZdNzyWeni7ZsK0tv09JVt36xD
oU28XKH6p3ZftTBT5glgHIkSK3XyQQuqAyu/7p7RZyvgvsQOnnwwyOJDGIetwzcY
msXr5VW5ysBNRDdKcAI67ZVokSOGBERZEgO7qQLt/Oc5pDpK0XiX0J1jWx5RH13R
EvHOvqArRUpkTOAJoyOjQj9xyBdk5gi5wPSTNNZyRunLfFnHkYu7LMqtiTQe6hFs
YWtofasoV++lhKbicKnA57whR0oby6P0KAuKkJBz2bATJSDBfwCAWlt7nju1EqQR
6OrMVNzNwWkL+sVOO1Nk03JVQdV96cFg1xZl/LjEMOAZQWBfCbTGDdc+3K3/R3/i
NDO0G9zZApoAaAYxmAXDqS4tVE+mCXoRj5vOz+cr2ySoeEKOoSQOs/dF3YnYNExL
7d+UT3P/hZYN/J8IGuBJORhY4PvQnsgimnPG67pGd1g3mcX+1hD0M0EKfLP5AuBE
IPK7EgzzTKU43t/JDIciO11V+hSTfCiOzFKKQADjxKhwaHGR/cF+czroyv2WQ5kB
GhtQqtH59Ic=
=wrow
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: kernel security and bug fix update
Advisory ID: RHSA-2020:1372-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1372
Issue date: 2020-04-07
CVE Names: CVE-2019-15030 CVE-2019-15031 CVE-2019-18660
CVE-2019-19527
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) – aarch64, ppc64le, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) – aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* kernel: powerpc: local user can read vector registers of other users’
processes via a Facility Unavailable exception (CVE-2019-15030)

* kernel: powerpc: local user can read vector registers of other users’
processes via an interrupt (CVE-2019-15031)

* kernel: powerpc: incomplete Spectre-RSB mitigation leads to information
exposure (CVE-2019-18660)

* kernel: use-after-free caused by a malicious USB device in the
drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* [FJ8.1 Bug]: fs/devpts: always delete dcache dentry-s in dput()
(BZ#1783959)

* qla2xxx: call dma_free_coherent with correct size in all cases in
qla24xx_sp_unmap (BZ#1788206)

* qla2xxxx: Firmware update for Gen7 adapter could result in an unusable
adapter (BZ#1790350)

* s390/sclp: Fix bit checked for has_sipl (BZ#1791408)

* RHEL8.1 – Error output for CPU-MF auxtrace data in perf: (BZ#1792198)

* [FJ8.0 Bug]: [kernel]: using “kexec -e” to reboot A64FX system causes
system panic during the boot of the 2nd kernel (BZ#1792200)

* Fixup tlbie vs store ordering issue on POWER9 (BZ#1794058)

* RHEL8.1 – qeth: add safeguards to RX data path (BZ#1794059)

* RHEL8.1 – STC940:ZZ:Fleet:RHEL:LPM failed with no rmc connection during
6th iteration (ibmvnic) (BZ#1794060)

* RHEL8.1 – disable trace-imc feature (perf:) (BZ#1794061)

* [Broadcom RHEL8.2 FEAT]: megaraid_sas driver update request (BZ#1795335)

* RHEL8.1 pre-Beta – [ FW940 ] [ zz P9 ] kdump fails when XIVE is enabled
and dump is trigged from HMC. (BZ#1795337)

* T10 DIF: OOM observed while running I/O (BZ#1795338)

* backport fix for potential deadlock relative to snapshot COW throttling
(BZ#1796490)

* Neoverse n1 errata 1542419 “Core may fetch stale instructions from memory
and violate ordering” (BZ#1797518)

* [HPE 8.1 Bug] hpsa: bug fix for reset issue (BZ#1797519)

* [HPE 8.0 BUG] System crash when reading /sys/block/<dm>/mq/0/cpu_list
file (BZ#1797960)

* kernel: T10 CRC not using hardware-accelerated version from
crct10dif_pclmul (BZ#1797961)

* [FJ8.1 Bug]: Dirty pages remain when write() returns ENOSPC. (BZ#1797962)

* RHEL 8 – NVMe/FC Fabric Broadcom Autoconnect Script Fails to Reconnect
after Controller Reset (BZ#1798381)

* [RHEL8.2]: Chelsio crypto co-processor Driver (chcr) bugfixes
(BZ#1798527)

* [RHEL8.1][Snapshot-1]LUN discovery says unrecognized (BZ#1801216)

* 8.2 snap2 kernel incorrectly signed in brew (BZ#1807231)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1759313 – CVE-2019-15030 kernel: powerpc: local user can read vector registers of other users’ processes via a Facility Unavailable exception
1760063 – CVE-2019-15031 kernel: powerpc: local user can read vector registers of other users’ processes via an interrupt
1777825 – CVE-2019-18660 kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure
1783498 – CVE-2019-19527 kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:
kernel-4.18.0-147.8.1.el8_1.src.rpm

aarch64:
bpftool-4.18.0-147.8.1.el8_1.aarch64.rpm
bpftool-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm
kernel-4.18.0-147.8.1.el8_1.aarch64.rpm
kernel-core-4.18.0-147.8.1.el8_1.aarch64.rpm
kernel-cross-headers-4.18.0-147.8.1.el8_1.aarch64.rpm
kernel-debug-4.18.0-147.8.1.el8_1.aarch64.rpm
kernel-debug-core-4.18.0-147.8.1.el8_1.aarch64.rpm
kernel-debug-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm
kernel-debug-devel-4.18.0-147.8.1.el8_1.aarch64.rpm
kernel-debug-modules-4.18.0-147.8.1.el8_1.aarch64.rpm
kernel-debug-modules-extra-4.18.0-147.8.1.el8_1.aarch64.rpm
kernel-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-147.8.1.el8_1.aarch64.rpm
kernel-devel-4.18.0-147.8.1.el8_1.aarch64.rpm
kernel-headers-4.18.0-147.8.1.el8_1.aarch64.rpm
kernel-modules-4.18.0-147.8.1.el8_1.aarch64.rpm
kernel-modules-extra-4.18.0-147.8.1.el8_1.aarch64.rpm
kernel-tools-4.18.0-147.8.1.el8_1.aarch64.rpm
kernel-tools-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm
kernel-tools-libs-4.18.0-147.8.1.el8_1.aarch64.rpm
perf-4.18.0-147.8.1.el8_1.aarch64.rpm
perf-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm
python3-perf-4.18.0-147.8.1.el8_1.aarch64.rpm
python3-perf-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm

noarch:
kernel-abi-whitelists-4.18.0-147.8.1.el8_1.noarch.rpm
kernel-doc-4.18.0-147.8.1.el8_1.noarch.rpm

ppc64le:
bpftool-4.18.0-147.8.1.el8_1.ppc64le.rpm
bpftool-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm
kernel-4.18.0-147.8.1.el8_1.ppc64le.rpm
kernel-core-4.18.0-147.8.1.el8_1.ppc64le.rpm
kernel-cross-headers-4.18.0-147.8.1.el8_1.ppc64le.rpm
kernel-debug-4.18.0-147.8.1.el8_1.ppc64le.rpm
kernel-debug-core-4.18.0-147.8.1.el8_1.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm
kernel-debug-devel-4.18.0-147.8.1.el8_1.ppc64le.rpm
kernel-debug-modules-4.18.0-147.8.1.el8_1.ppc64le.rpm
kernel-debug-modules-extra-4.18.0-147.8.1.el8_1.ppc64le.rpm
kernel-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-147.8.1.el8_1.ppc64le.rpm
kernel-devel-4.18.0-147.8.1.el8_1.ppc64le.rpm
kernel-headers-4.18.0-147.8.1.el8_1.ppc64le.rpm
kernel-modules-4.18.0-147.8.1.el8_1.ppc64le.rpm
kernel-modules-extra-4.18.0-147.8.1.el8_1.ppc64le.rpm
kernel-tools-4.18.0-147.8.1.el8_1.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm
kernel-tools-libs-4.18.0-147.8.1.el8_1.ppc64le.rpm
perf-4.18.0-147.8.1.el8_1.ppc64le.rpm
perf-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm
python3-perf-4.18.0-147.8.1.el8_1.ppc64le.rpm
python3-perf-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm

s390x:
bpftool-4.18.0-147.8.1.el8_1.s390x.rpm
bpftool-debuginfo-4.18.0-147.8.1.el8_1.s390x.rpm
kernel-4.18.0-147.8.1.el8_1.s390x.rpm
kernel-core-4.18.0-147.8.1.el8_1.s390x.rpm
kernel-cross-headers-4.18.0-147.8.1.el8_1.s390x.rpm
kernel-debug-4.18.0-147.8.1.el8_1.s390x.rpm
kernel-debug-core-4.18.0-147.8.1.el8_1.s390x.rpm
kernel-debug-debuginfo-4.18.0-147.8.1.el8_1.s390x.rpm
kernel-debug-devel-4.18.0-147.8.1.el8_1.s390x.rpm
kernel-debug-modules-4.18.0-147.8.1.el8_1.s390x.rpm
kernel-debug-modules-extra-4.18.0-147.8.1.el8_1.s390x.rpm
kernel-debuginfo-4.18.0-147.8.1.el8_1.s390x.rpm
kernel-debuginfo-common-s390x-4.18.0-147.8.1.el8_1.s390x.rpm
kernel-devel-4.18.0-147.8.1.el8_1.s390x.rpm
kernel-headers-4.18.0-147.8.1.el8_1.s390x.rpm
kernel-modules-4.18.0-147.8.1.el8_1.s390x.rpm
kernel-modules-extra-4.18.0-147.8.1.el8_1.s390x.rpm
kernel-tools-4.18.0-147.8.1.el8_1.s390x.rpm
kernel-tools-debuginfo-4.18.0-147.8.1.el8_1.s390x.rpm
kernel-zfcpdump-4.18.0-147.8.1.el8_1.s390x.rpm
kernel-zfcpdump-core-4.18.0-147.8.1.el8_1.s390x.rpm
kernel-zfcpdump-debuginfo-4.18.0-147.8.1.el8_1.s390x.rpm
kernel-zfcpdump-devel-4.18.0-147.8.1.el8_1.s390x.rpm
kernel-zfcpdump-modules-4.18.0-147.8.1.el8_1.s390x.rpm
kernel-zfcpdump-modules-extra-4.18.0-147.8.1.el8_1.s390x.rpm
perf-4.18.0-147.8.1.el8_1.s390x.rpm
perf-debuginfo-4.18.0-147.8.1.el8_1.s390x.rpm
python3-perf-4.18.0-147.8.1.el8_1.s390x.rpm
python3-perf-debuginfo-4.18.0-147.8.1.el8_1.s390x.rpm

x86_64:
bpftool-4.18.0-147.8.1.el8_1.x86_64.rpm
bpftool-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm
kernel-4.18.0-147.8.1.el8_1.x86_64.rpm
kernel-core-4.18.0-147.8.1.el8_1.x86_64.rpm
kernel-cross-headers-4.18.0-147.8.1.el8_1.x86_64.rpm
kernel-debug-4.18.0-147.8.1.el8_1.x86_64.rpm
kernel-debug-core-4.18.0-147.8.1.el8_1.x86_64.rpm
kernel-debug-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm
kernel-debug-devel-4.18.0-147.8.1.el8_1.x86_64.rpm
kernel-debug-modules-4.18.0-147.8.1.el8_1.x86_64.rpm
kernel-debug-modules-extra-4.18.0-147.8.1.el8_1.x86_64.rpm
kernel-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-147.8.1.el8_1.x86_64.rpm
kernel-devel-4.18.0-147.8.1.el8_1.x86_64.rpm
kernel-headers-4.18.0-147.8.1.el8_1.x86_64.rpm
kernel-modules-4.18.0-147.8.1.el8_1.x86_64.rpm
kernel-modules-extra-4.18.0-147.8.1.el8_1.x86_64.rpm
kernel-tools-4.18.0-147.8.1.el8_1.x86_64.rpm
kernel-tools-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm
kernel-tools-libs-4.18.0-147.8.1.el8_1.x86_64.rpm
perf-4.18.0-147.8.1.el8_1.x86_64.rpm
perf-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm
python3-perf-4.18.0-147.8.1.el8_1.x86_64.rpm
python3-perf-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:
bpftool-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm
kernel-debug-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm
kernel-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-147.8.1.el8_1.aarch64.rpm
kernel-tools-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm
kernel-tools-libs-devel-4.18.0-147.8.1.el8_1.aarch64.rpm
perf-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm
python3-perf-debuginfo-4.18.0-147.8.1.el8_1.aarch64.rpm

ppc64le:
bpftool-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm
kernel-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-147.8.1.el8_1.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm
kernel-tools-libs-devel-4.18.0-147.8.1.el8_1.ppc64le.rpm
perf-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm
python3-perf-debuginfo-4.18.0-147.8.1.el8_1.ppc64le.rpm

x86_64:
bpftool-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm
kernel-debug-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm
kernel-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-147.8.1.el8_1.x86_64.rpm
kernel-tools-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm
kernel-tools-libs-devel-4.18.0-147.8.1.el8_1.x86_64.rpm
perf-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm
python3-perf-debuginfo-4.18.0-147.8.1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-15030
https://access.redhat.com/security/cve/CVE-2019-15031
https://access.redhat.com/security/cve/CVE-2019-18660
https://access.redhat.com/security/cve/CVE-2019-19527
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXoxxI9zjgjWX9erEAQglqg//V7jw/NFuBLWCLcvsLC1TIFcu65XEPdcr
Ap0xLBbPjhHsjUXfGRKwKykeU/BYDk/Gmq9Jphv59+YXPeBEPKMYmAr1heMweAeX
NPEy1CefuEEZMFj/8nscO4Z3+WS4GDKYwyu3ANcC0dkgpodb2MBaKA8qIiutPmoD
KouOnBUbC6XVDulTYae5RzQXxS2PSlngK02cJShsVeYXkhhIiNkHn5d7mT2rPilF
UZJtzkQeND14BqCGx1oynk6VdlIF8KiblwtBCe7ydAC9n9e94sWsgj71xd9B/UWg
odBrZ5HGqyU9OvXiv2ANpVmrbVyL/B6SHqaL4YoBgCO9kaDjqropku+fNd4m2oVV
NNyvVx2ojkmJD7PVE0OuYSUtotduKpT4Pkx7Rz/517hCTy82hbwNThd1pFuqXxWE
UAeTyhJMXHvo2lCGQLZRoXIRGE7webNOEp+qtHVAcJLuhs82jX0nfn8XK77OyMNf
K+aMLaypg0BtElEF/qeHnHyvWR+6setHLqXHQ0U3+okCVd/YJo7R3L+/nLFh2/r0
1LeTbbqnIBr0tiu7zs9Nrosp9mNyDQITDm/+CJS3VC+Xu645HEeFka+gNBFDx2/E
mjAGXW5aFrkObTs/Qy849ttQRf9wpB2cCcls19fAkpQbr+4BWZDZUnIC2XpwnrUi
QwDqhE+7upo=
=gFMk
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa nodejs:10

Otkriven je sigurnosni nedostatak u programskom paketu nodejs:10 za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim udaljenim napadačima omogućuje izazivanje DoS...

Close