You are here
Home > Preporuke > Sigurnosni nedostatak jezgre operacijskog sustava

Sigurnosni nedostatak jezgre operacijskog sustava

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2019:1487-01
Product: Red Hat Enterprise MRG for RHEL-6
Advisory URL: https://access.redhat.com/errata/RHSA-2019:1487
Issue date: 2019-06-17
CVE Names: CVE-2018-7566 CVE-2018-1000004 CVE-2019-11477
CVE-2019-11478 CVE-2019-11479
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise MRG 2.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat MRG Realtime for RHEL 6 Server v.2 – noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* An integer overflow flaw was found in the way the Linux kernel’s
networking subsystem processed TCP Selective Acknowledgment (SACK)
segments. While processing SACK segments, the Linux kernel’s socket buffer
(SKB) data structure becomes fragmented. Each fragment is about TCP maximum
segment size (MSS) bytes. To efficiently process SACK blocks, the Linux
kernel merges multiple fragmented SKBs into one, potentially overflowing
the variable holding the number of segments. A remote attacker could use
this flaw to crash the Linux kernel by sending a crafted sequence of SACK
segments on a TCP connection with small value of TCP MSS, resulting in a
denial of service (DoS). (CVE-2019-11477)

* kernel: race condition in snd_seq_write() may lead to UAF or OOB-access
(CVE-2018-7566)

* kernel: Race condition in sound system can lead to denial of service
(CVE-2018-1000004)

* Kernel: tcp: excessive resource consumption while processing SACK blocks
allows remote denial of service (CVE-2019-11478)

* Kernel: tcp: excessive resource consumption for TCP connections with low
MSS allows remote denial of service (CVE-2019-11479)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* update the MRG 2.5.z 3.10 kernel-rt sources (BZ#1711010)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1535315 – CVE-2018-1000004 kernel: Race condition in sound system can lead to denial of service
1550142 – CVE-2018-7566 kernel: race condition in snd_seq_write() may lead to UAF or OOB-access
1711010 – update the MRG 2.5.z 3.10 kernel-rt sources
1719123 – CVE-2019-11477 Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service
1719128 – CVE-2019-11478 Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service
1719129 – CVE-2019-11479 Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service

6. Package List:

Red Hat MRG Realtime for RHEL 6 Server v.2:

Source:
kernel-rt-3.10.0-693.50.3.rt56.644.el6rt.src.rpm

noarch:
kernel-rt-doc-3.10.0-693.50.3.rt56.644.el6rt.noarch.rpm
kernel-rt-firmware-3.10.0-693.50.3.rt56.644.el6rt.noarch.rpm

x86_64:
kernel-rt-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm
kernel-rt-debug-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm
kernel-rt-debug-devel-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm
kernel-rt-debuginfo-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm
kernel-rt-devel-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm
kernel-rt-trace-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm
kernel-rt-trace-devel-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm
kernel-rt-vanilla-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm
kernel-rt-vanilla-devel-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-7566
https://access.redhat.com/security/cve/CVE-2018-1000004
https://access.redhat.com/security/cve/CVE-2019-11477
https://access.redhat.com/security/cve/CVE-2019-11478
https://access.redhat.com/security/cve/CVE-2019-11479
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/tcpsack

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXQfwnNzjgjWX9erEAQjn0hAAkIUHkJhvN9p7xlAkWsCvs3OZGch54LQJ
aWiYcjJ4JzjYhXYSnmmtKmzFxDNrEEuHx9neoLpAus/vHf65i8azX61DeKBK5f0c
rUtOEiXdcdf0LKtqGeYBhi2C+oduC6kUcqymX+FvYwAkalKN6EzzsAMCn7d6y/QT
douPVqE+sH8D1iEn0ZnchiWy3t7kJbjOXlwTyGJTDpCRTqxjxMCt8Ae4I07ZrHX5
V5HMbKQOVtw+ZoIxC/nBqN2cJz0jk1oPqANG+7etcWpYxOcUgDmYvH83M0OwTEqi
MrsqJqGVnSisyb9ro3U8O+WH8oS+iSIQXRfO1pqWoQT/76sVfnHCA+BkNz4DXwHi
4a8zSYrxBXI/cg3uTUAap5s6GNZSO/E+F8DbiCFv2SwdqIIKTcu1/VkcPhPXpWy6
+otMvn1hnmm9UIck7cZC6FIL4ehDTaBPqZfom7CDq6g2ShQq2S5iHG1ZDjpcKSKF
fjNdR3JzEWSJRqLdsg3RFtizRyzL4PvjAzKKMQhL785lVM8e0bklaFQSD0uBbb7d
wLVaoBUqE4wQDX332fYe2DSto1bRcov5XVmS/wk1VNDKc7Eu23v8GuAppw6m59nG
AQ6ESv3oY1XMu0LAcpHOHsyY7iKVLgdDHluQWZ6B3T3KUFSSulr2aX4ipN9lvob1
TRi1X0+0ONQ=
=FNIF
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2019:1480-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:1480
Issue date: 2019-06-17
CVE Names: CVE-2019-9213 CVE-2019-11477 CVE-2019-11478
CVE-2019-11479
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time (v. 8) – x86_64
Red Hat Enterprise Linux Real Time for NFV (v. 8) – x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* An integer overflow flaw was found in the way the Linux kernel’s
networking subsystem processed TCP Selective Acknowledgment (SACK)
segments. While processing SACK segments, the Linux kernel’s socket buffer
(SKB) data structure becomes fragmented. Each fragment is about TCP maximum
segment size (MSS) bytes. To efficiently process SACK blocks, the Linux
kernel merges multiple fragmented SKBs into one, potentially overflowing
the variable holding the number of segments. A remote attacker could use
this flaw to crash the Linux kernel by sending a crafted sequence of SACK
segments on a TCP connection with small value of TCP MSS, resulting in a
denial of service (DoS). (CVE-2019-11477)

* kernel: lack of check for mmap minimum address in expand_downwards in
mm/mmap.c leads to NULL pointer dereferences exploit on non-SMAP platforms
(CVE-2019-9213)

* Kernel: tcp: excessive resource consumption while processing SACK blocks
allows remote denial of service (CVE-2019-11478)

* Kernel: tcp: excessive resource consumption for TCP connections with low
MSS allows remote denial of service (CVE-2019-11479)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt: update to the RHEL8.0.z batch#1 source tree (BZ#1704955)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1686136 – CVE-2019-9213 kernel: lack of check for mmap minimum address in expand_downwards in mm/mmap.c leads to NULL pointer dereferences exploit on non-SMAP platforms
1719123 – CVE-2019-11477 Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service
1719128 – CVE-2019-11478 Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service
1719129 – CVE-2019-11479 Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service

6. Package List:

Red Hat Enterprise Linux Real Time for NFV (v. 8):

Source:
kernel-rt-4.18.0-80.4.2.rt9.152.el8_0.src.rpm

x86_64:
kernel-rt-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-core-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-debug-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-debug-core-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-debug-devel-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-debug-kvm-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-debug-modules-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-debuginfo-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-devel-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-kvm-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-kvm-debuginfo-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-modules-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-modules-extra-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm

Red Hat Enterprise Linux Real Time (v. 8):

Source:
kernel-rt-4.18.0-80.4.2.rt9.152.el8_0.src.rpm

x86_64:
kernel-rt-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-core-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-debug-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-debug-core-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-debug-devel-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-debug-modules-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-debuginfo-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-devel-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-kvm-debuginfo-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-modules-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm
kernel-rt-modules-extra-4.18.0-80.4.2.rt9.152.el8_0.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-9213
https://access.redhat.com/security/cve/CVE-2019-11477
https://access.redhat.com/security/cve/CVE-2019-11478
https://access.redhat.com/security/cve/CVE-2019-11479
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/tcpsack

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXQfwlNzjgjWX9erEAQhMPBAAkWYolBh/2whNMOHTqfIAQkoxU+eCw1lt
2XuwJhFAs/LnDt/T2vyJCqOne94gqaT5Kzk0l/qcyXGVbvyiM883GpEiupmTj14C
uecsuJntUNiSZhQZbLUtwBLPDKBavHu9N0qdYgOMpYOeqmd7b1xIRN3lAVkHo+MQ
fDQ7xFbECey7DrBZiW12+wMPYEeLD2uABsh5LsRU+FdmGskBArrsQgs/vngxBQrD
uWqqk5DxZ8eGu3HB4vkDzphGVPECWv2/W+5JRzir4SgfmMoYZsEMTmwT2M1SqDgH
YioxEdefTBGk5oNMtf6zTG3FCIEs+VxlpUl0hTlcpEacA0rLVHonGz258oL8yc9d
NDe2BCDrurbjNaJAOvRpTQcN7L0Swv6kf+la+YnuYtPVRV+WEoZZHXPlDa71ZWVD
968O/7VT0QyHIJZaT0kDoVPwPcg02k/bCSKo08HhwiMKTI+gU6075U8pTB/JayMt
iRAFoPIBLwT5NWEJOxEHBmV1ka1sWhXdA6pFeg34VYDNJu9WlS61KXSsNOQerlBS
rqo/647KBPyfd8311VkKg9nPfDReHIvugcE3gnZcjQGW9qq6HrsVw0giccD0IFUQ
8VisG4s8/zsg+uGWJGikr7Hcay813Kpyw8vbP/km0diqo6xayZvbxj99cSVePEgR
dlUd6uBbIfQ=
=xWOA
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel-rt security update
Advisory ID: RHSA-2019:1486-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:1486
Issue date: 2019-06-17
CVE Names: CVE-2019-11477 CVE-2019-11478 CVE-2019-11479
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Realtime (v. 7) – noarch, x86_64
Red Hat Enterprise Linux for Real Time for NFV (v. 7) – noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* An integer overflow flaw was found in the way the Linux kernel’s
networking subsystem processed TCP Selective Acknowledgment (SACK)
segments. While processing SACK segments, the Linux kernel’s socket buffer
(SKB) data structure becomes fragmented. Each fragment is about TCP maximum
segment size (MSS) bytes. To efficiently process SACK blocks, the Linux
kernel merges multiple fragmented SKBs into one, potentially overflowing
the variable holding the number of segments. A remote attacker could use
this flaw to crash the Linux kernel by sending a crafted sequence of SACK
segments on a TCP connection with small value of TCP MSS, resulting in a
denial of service (DoS). (CVE-2019-11477)

* Kernel: tcp: excessive resource consumption while processing SACK blocks
allows remote denial of service (CVE-2019-11478)

* Kernel: tcp: excessive resource consumption for TCP connections with low
MSS allows remote denial of service (CVE-2019-11479)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1719123 – CVE-2019-11477 Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service
1719128 – CVE-2019-11478 Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service
1719129 – CVE-2019-11479 Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service

6. Package List:

Red Hat Enterprise Linux for Real Time for NFV (v. 7):

Source:
kernel-rt-3.10.0-957.21.3.rt56.935.el7.src.rpm

noarch:
kernel-rt-doc-3.10.0-957.21.3.rt56.935.el7.noarch.rpm

x86_64:
kernel-rt-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-debug-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-debug-kvm-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-devel-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-kvm-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-kvm-debuginfo-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-trace-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-trace-kvm-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-trace-kvm-debuginfo-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm

Red Hat Enterprise Linux Realtime (v. 7):

Source:
kernel-rt-3.10.0-957.21.3.rt56.935.el7.src.rpm

noarch:
kernel-rt-doc-3.10.0-957.21.3.rt56.935.el7.noarch.rpm

x86_64:
kernel-rt-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-debug-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-devel-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-trace-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-957.21.3.rt56.935.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-11477
https://access.redhat.com/security/cve/CVE-2019-11478
https://access.redhat.com/security/cve/CVE-2019-11479
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/tcpsack

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXQfxR9zjgjWX9erEAQhVbw/9EZjcbTKGqGgyVBrB3JvQ2iy/ad204ZOx
oXE3qC5FuktU1dLha5pztyp6w3piInnU5LWN+9MqjjnYM/58VouvDyGvPaDSu43q
MX4BJ/Dz7Nka5RrFGpsWsqcJJxbYtPgW7zy75WPs14t9rStlibs1RQoEwkkWH3+E
bS3Zf143CpdMOczrvN1m2n43p0h69Bh3Q97qUtPthkL2RCpuSQJZDdok8k0BsCv7
Amu0rI9IhMmD3Ft2GPPW4vbHyFSG3yZNbujcGYbxPh+XrBSffs2cv8GlFK2upLn4
1H0uDz5zCrISs68W3UpoS/uUJ3mANFTj4MpBe/lHmZZHoGwF3UiyRm4AARhtcQX6
HL/GH3nJMPBUdM5kIlo2XR5rSK8kl0Df8+UShfS5EyOuttSZZsYHP9kT5ljojuNO
a2W7Ypuw1yFyumPNmvNbcGrKpXMVlSXs2JHR0w0vYKkjHdAZfjMycSBLbEtWqih7
DPZzA3ui8e8Z/FqWpVjLI/2y3hwBJB/lXdHQGPk1Xv3u/La8HnUjyMzZPnOdMDiw
NPxYF6dM/lOA2B2tpydBWt9w4LrbjIVb1J7TwtgiMjBP3SEuLKHI5DqDblTf5tmD
tctoOasNFHvdVupJp/rXCEHPvVmMJBNhtPfDceKbHh/FgWEXmBr5lsts8Qc8Jmo2
eP/3LDZ4QgA=
=UQ0B
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2019:1484-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:1484
Issue date: 2019-06-17
CVE Names: CVE-2019-11477 CVE-2019-11478 CVE-2019-11479
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.3
Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update
Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP
Solutions.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.3) – noarch, x86_64
Red Hat Enterprise Linux Server E4S (v. 7.3) – noarch, ppc64le, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 7.3) – x86_64
Red Hat Enterprise Linux Server Optional E4S (v. 7.3) – ppc64le, x86_64
Red Hat Enterprise Linux Server Optional TUS (v. 7.3) – x86_64
Red Hat Enterprise Linux Server TUS (v. 7.3) – noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An integer overflow flaw was found in the way the Linux kernel’s
networking subsystem processed TCP Selective Acknowledgment (SACK)
segments. While processing SACK segments, the Linux kernel’s socket buffer
(SKB) data structure becomes fragmented. Each fragment is about TCP maximum
segment size (MSS) bytes. To efficiently process SACK blocks, the Linux
kernel merges multiple fragmented SKBs into one, potentially overflowing
the variable holding the number of segments. A remote attacker could use
this flaw to crash the Linux kernel by sending a crafted sequence of SACK
segments on a TCP connection with small value of TCP MSS, resulting in a
denial of service (DoS). (CVE-2019-11477)

* Kernel: tcp: excessive resource consumption while processing SACK blocks
allows remote denial of service (CVE-2019-11478)

* Kernel: tcp: excessive resource consumption for TCP connections with low
MSS allows remote denial of service (CVE-2019-11479)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* THP: Race between MADV_DONTNEED and NUMA hinting node migration code
(BZ#1698104)

* [RHEL7] md_clear flag missing from /proc/cpuinfo on late microcode update
(BZ#1712990)

* [RHEL7] MDS mitigations are not enabled after double microcode update
(BZ#1712995)

* WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:90
__static_key_slow_dec+0xa6/0xb0 (BZ#1713001)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1719123 – CVE-2019-11477 Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service
1719128 – CVE-2019-11478 Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service
1719129 – CVE-2019-11479 Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.3):

Source:
kernel-3.10.0-514.66.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-514.66.2.el7.noarch.rpm
kernel-doc-3.10.0-514.66.2.el7.noarch.rpm

x86_64:
kernel-3.10.0-514.66.2.el7.x86_64.rpm
kernel-debug-3.10.0-514.66.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.66.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.66.2.el7.x86_64.rpm
kernel-devel-3.10.0-514.66.2.el7.x86_64.rpm
kernel-headers-3.10.0-514.66.2.el7.x86_64.rpm
kernel-tools-3.10.0-514.66.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.66.2.el7.x86_64.rpm
perf-3.10.0-514.66.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
python-perf-3.10.0-514.66.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.3):

Source:
kernel-3.10.0-514.66.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-514.66.2.el7.noarch.rpm
kernel-doc-3.10.0-514.66.2.el7.noarch.rpm

ppc64le:
kernel-3.10.0-514.66.2.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-514.66.2.el7.ppc64le.rpm
kernel-debug-3.10.0-514.66.2.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-514.66.2.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-514.66.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-514.66.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-514.66.2.el7.ppc64le.rpm
kernel-devel-3.10.0-514.66.2.el7.ppc64le.rpm
kernel-headers-3.10.0-514.66.2.el7.ppc64le.rpm
kernel-tools-3.10.0-514.66.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-514.66.2.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-514.66.2.el7.ppc64le.rpm
perf-3.10.0-514.66.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-514.66.2.el7.ppc64le.rpm
python-perf-3.10.0-514.66.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-514.66.2.el7.ppc64le.rpm

x86_64:
kernel-3.10.0-514.66.2.el7.x86_64.rpm
kernel-debug-3.10.0-514.66.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.66.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.66.2.el7.x86_64.rpm
kernel-devel-3.10.0-514.66.2.el7.x86_64.rpm
kernel-headers-3.10.0-514.66.2.el7.x86_64.rpm
kernel-tools-3.10.0-514.66.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.66.2.el7.x86_64.rpm
perf-3.10.0-514.66.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
python-perf-3.10.0-514.66.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.3):

Source:
kernel-3.10.0-514.66.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-514.66.2.el7.noarch.rpm
kernel-doc-3.10.0-514.66.2.el7.noarch.rpm

x86_64:
kernel-3.10.0-514.66.2.el7.x86_64.rpm
kernel-debug-3.10.0-514.66.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.66.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.66.2.el7.x86_64.rpm
kernel-devel-3.10.0-514.66.2.el7.x86_64.rpm
kernel-headers-3.10.0-514.66.2.el7.x86_64.rpm
kernel-tools-3.10.0-514.66.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.66.2.el7.x86_64.rpm
perf-3.10.0-514.66.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
python-perf-3.10.0-514.66.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.3):

x86_64:
kernel-debug-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.66.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.66.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.3):

ppc64le:
kernel-debug-debuginfo-3.10.0-514.66.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-514.66.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-514.66.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-514.66.2.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-514.66.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-514.66.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-514.66.2.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.66.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.66.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 7.3):

x86_64:
kernel-debug-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.66.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.66.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.66.2.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-11477
https://access.redhat.com/security/cve/CVE-2019-11478
https://access.redhat.com/security/cve/CVE-2019-11479
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/tcpsack

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXQfsINzjgjWX9erEAQjaUQ/8C6tiqftF16m5kCHgGT8J4hTBwf13ddVv
nS9rspU7yqCtzQIJGyw07Dm4dnCBYKf4WH1jL7522Wrjdk23B4PWDkUm9JHvSjeJ
dgT48tgCI9uIqtg1S6pIeEo78UMjKdJbuK4Zh8+v2udHAXrrTHd39/d+vQM5Ry+/
RgYRJFuzuv4Ed5ztARI7VyHHScQl8aDwxm4JZ1gRlDl80kTSANRx4pt5ZeHDZ+Uk
izWZdpCSYo9aZEW1MZLLKdKyNatC5xvWo/j2HPoDYhpUIz+NALsa8kRtbzdcngRr
L8jAhXGjtFHiQjGPH2u08Wr1K4KF8VRi3xYV+BGELGoG9AFbDaRY44khdRU4hTtp
RrdCgeeeP+PhiYfw6jUeh77AfSndYTsEpt+HM1krZ2Zn18EnbFIkBA6jTx22WtB7
cEvHS4cZ09EexivrBNWuHiV8WlUsMRC/rMEkXfk/Z3gdntHaPoKMnubt8O6ULLzG
7848ptUHmRHN1lqi2ey+r2Itz7IVwq9xWB0+ls4thnJQxqcTUNM7YI0UQW0v3q8p
pFkUbB2LlnZYcsniIR5gMiYZc7xfMidPKzWTUAi22BaifsBWMPX6gInszsV53rRM
xTQfgYcClS0Dg7Hj2kLwKpwGm1IA8g65ljO1NooaAp5tlaUcO0TyZUDrIdWZ7M2M
Htgga2C1aeg=
=A3py
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2019:1490-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:1490
Issue date: 2019-06-17
CVE Names: CVE-2019-3896 CVE-2019-11477 CVE-2019-11478
CVE-2019-11479
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 6.5
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.5) – noarch, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 6.5) – x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An integer overflow flaw was found in the way the Linux kernel’s
networking subsystem processed TCP Selective Acknowledgment (SACK)
segments. While processing SACK segments, the Linux kernel’s socket buffer
(SKB) data structure becomes fragmented. Each fragment is about TCP maximum
segment size (MSS) bytes. To efficiently process SACK blocks, the Linux
kernel merges multiple fragmented SKBs into one, potentially overflowing
the variable holding the number of segments. A remote attacker could use
this flaw to crash the Linux kernel by sending a crafted sequence of SACK
segments on a TCP connection with small value of TCP MSS, resulting in a
denial of service (DoS). (CVE-2019-11477)

* kernel: Double free in lib/idr.c (CVE-2019-3896)

* Kernel: tcp: excessive resource consumption while processing SACK blocks
allows remote denial of service (CVE-2019-11478)

* Kernel: tcp: excessive resource consumption for TCP connections with low
MSS allows remote denial of service (CVE-2019-11479)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* MDS mitigations not enabled on Intel Skylake CPUs (BZ#1713025)

* [RHEL6] md_clear flag missing from /proc/cpuinfo (BZ#1713028)

* RHEL6 kernel does not disable SMT with mds=full,nosmt (BZ#1713043)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1694812 – CVE-2019-3896 kernel: Double free in lib/idr.c
1719123 – CVE-2019-11477 Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service
1719128 – CVE-2019-11478 Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service
1719129 – CVE-2019-11479 Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.5):

Source:
kernel-2.6.32-431.95.3.el6.src.rpm

noarch:
kernel-abi-whitelists-2.6.32-431.95.3.el6.noarch.rpm
kernel-doc-2.6.32-431.95.3.el6.noarch.rpm
kernel-firmware-2.6.32-431.95.3.el6.noarch.rpm

x86_64:
kernel-2.6.32-431.95.3.el6.x86_64.rpm
kernel-debug-2.6.32-431.95.3.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-431.95.3.el6.x86_64.rpm
kernel-debug-devel-2.6.32-431.95.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-431.95.3.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-431.95.3.el6.x86_64.rpm
kernel-devel-2.6.32-431.95.3.el6.x86_64.rpm
kernel-headers-2.6.32-431.95.3.el6.x86_64.rpm
perf-2.6.32-431.95.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-431.95.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-431.95.3.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 6.5):

Source:
kernel-2.6.32-431.95.3.el6.src.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-431.95.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-431.95.3.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-431.95.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-431.95.3.el6.x86_64.rpm
python-perf-2.6.32-431.95.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-431.95.3.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-3896
https://access.redhat.com/security/cve/CVE-2019-11477
https://access.redhat.com/security/cve/CVE-2019-11478
https://access.redhat.com/security/cve/CVE-2019-11479
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/tcpsack

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXQfqP9zjgjWX9erEAQhKdA//RUMJOIXYUmq0rrD+JI4maVZ8yMI4t4gh
76XHwMztS6yDrTZxjQcqJCG3EeEvuV74TlGqIVk9ovSOD6ESYZi6L6V8mDZqaBOo
Z/qCFRCKJ4lDwUVBeRJCw8N0sPUByu1sctEwyLrjbGEA0rwBGvhzSFNLnsMbuR2K
+r/kD2y4dS68ua4YIJgSbXg/BJqKSeoK+eyVJqNJtbKEycHadGEJx50PO4V/Kt4s
vCDbTkmtfeYgidJchYPpu2dj7EsdGR01cecten68Cm+x6RxMmhfQJm2h4lqhE/Ed
VEPogxeirHETu628+fi1Aq9Iyc3x2NEutTX/S/aUI0b0JRvutMZKVCX2g2DmM4VY
bV30YbdvlRAsKEzCvGZ2wFSua/MzEhnm1Iva8DZFv9DMcXmnfB1peQhB/m4F91pP
EwJD5XU0A+/5BBmjfslmV9MpwovytcrynYnj6imN9gCedaHuTE1WObUy0khgXhcQ
REcMyxMQBkG5otnYV3hvViCdRIRkjiblE0ga1d/hH3LaeH2pecyMqkGJKBI2FCqJ
FXrI5Mrx63kp1CCOTUZyYAgRlpQNYG+BLGe8Q8RzX3QSYJiI/fBhQFqYOptrSUsN
gLolvQZLd4b/pLh5/6XfKfpH859Ixkhe35+0kwU9s6txpvkOMYEqcuwpqzH2nPd3
lMuzl6E4uZE=
=r5VT
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2019:1485-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:1485
Issue date: 2019-06-17
CVE Names: CVE-2019-11477 CVE-2019-11478 CVE-2019-11479
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.2
Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update
Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP
Solutions.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.2) – noarch, x86_64
Red Hat Enterprise Linux Server E4S (v. 7.2) – noarch, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 7.2) – x86_64
Red Hat Enterprise Linux Server Optional E4S (v. 7.2) – x86_64
Red Hat Enterprise Linux Server Optional TUS (v. 7.2) – x86_64
Red Hat Enterprise Linux Server TUS (v. 7.2) – noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An integer overflow flaw was found in the way the Linux kernel’s
networking subsystem processed TCP Selective Acknowledgment (SACK)
segments. While processing SACK segments, the Linux kernel’s socket buffer
(SKB) data structure becomes fragmented. Each fragment is about TCP maximum
segment size (MSS) bytes. To efficiently process SACK blocks, the Linux
kernel merges multiple fragmented SKBs into one, potentially overflowing
the variable holding the number of segments. A remote attacker could use
this flaw to crash the Linux kernel by sending a crafted sequence of SACK
segments on a TCP connection with small value of TCP MSS, resulting in a
denial of service (DoS). (CVE-2019-11477)

* Kernel: tcp: excessive resource consumption while processing SACK blocks
allows remote denial of service (CVE-2019-11478)

* Kernel: tcp: excessive resource consumption for TCP connections with low
MSS allows remote denial of service (CVE-2019-11479)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* THP: Race between MADV_DONTNEED and NUMA hinting node migration code
(BZ#1698103)

* [RHEL7] md_clear flag missing from /proc/cpuinfo on late microcode update
(BZ#1712989)

* [RHEL7] MDS mitigations are not enabled after double microcode update
(BZ#1712994)

* WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:90
__static_key_slow_dec+0xa6/0xb0 (BZ#1713000)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1719123 – CVE-2019-11477 Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service
1719128 – CVE-2019-11478 Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service
1719129 – CVE-2019-11479 Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.2):

Source:
kernel-3.10.0-327.79.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-327.79.2.el7.noarch.rpm
kernel-doc-3.10.0-327.79.2.el7.noarch.rpm

x86_64:
kernel-3.10.0-327.79.2.el7.x86_64.rpm
kernel-debug-3.10.0-327.79.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-327.79.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.79.2.el7.x86_64.rpm
kernel-devel-3.10.0-327.79.2.el7.x86_64.rpm
kernel-headers-3.10.0-327.79.2.el7.x86_64.rpm
kernel-tools-3.10.0-327.79.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-327.79.2.el7.x86_64.rpm
perf-3.10.0-327.79.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
python-perf-3.10.0-327.79.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.2):

Source:
kernel-3.10.0-327.79.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-327.79.2.el7.noarch.rpm
kernel-doc-3.10.0-327.79.2.el7.noarch.rpm

x86_64:
kernel-3.10.0-327.79.2.el7.x86_64.rpm
kernel-debug-3.10.0-327.79.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-327.79.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.79.2.el7.x86_64.rpm
kernel-devel-3.10.0-327.79.2.el7.x86_64.rpm
kernel-headers-3.10.0-327.79.2.el7.x86_64.rpm
kernel-tools-3.10.0-327.79.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-327.79.2.el7.x86_64.rpm
perf-3.10.0-327.79.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
python-perf-3.10.0-327.79.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.2):

Source:
kernel-3.10.0-327.79.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-327.79.2.el7.noarch.rpm
kernel-doc-3.10.0-327.79.2.el7.noarch.rpm

x86_64:
kernel-3.10.0-327.79.2.el7.x86_64.rpm
kernel-debug-3.10.0-327.79.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-327.79.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.79.2.el7.x86_64.rpm
kernel-devel-3.10.0-327.79.2.el7.x86_64.rpm
kernel-headers-3.10.0-327.79.2.el7.x86_64.rpm
kernel-tools-3.10.0-327.79.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-327.79.2.el7.x86_64.rpm
perf-3.10.0-327.79.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
python-perf-3.10.0-327.79.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.2):

x86_64:
kernel-debug-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.79.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-327.79.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.2):

x86_64:
kernel-debug-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.79.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-327.79.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 7.2):

x86_64:
kernel-debug-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.79.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-327.79.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.79.2.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-11477
https://access.redhat.com/security/cve/CVE-2019-11478
https://access.redhat.com/security/cve/CVE-2019-11479
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/tcpsack

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXQfrL9zjgjWX9erEAQh8Yw//XDYZhLE+6/G5jELh43MDCVjixj/y8u2b
RaMA/eOCJcq1MXV9k5XDruAeZWoMUcCV3OvBi4NIdQ4GXNb0idp3HvXUbAn6yxjh
ANslnVZO8XTYFEpxdSGJf2DLVS+uwe+bnfgQQ6BTFJCDEfOAHsPv/d+jZF3qe2Hm
WdD//r+U26C23e6Mz9nu1+k3fyScj+UCYCeIWLikKzboB5TmH1KDH7DS0p71JPKE
65I6b7W1ucj0SdvTpQH7VUesww+TM7KZHHwgo0Ydqusf+RoVyYbW3jbZGb+5m5aB
tb8v/zaGsXBthKZmH6LCu02P+0Jbou8vEvqCztuwmqDocAeblm3mzeL8FerKCxCp
obEEUcjsTbP+RDkNp2qjlfR6V11msl9PzTHXzrQw+7qxZodE9Jhv8Tvm3uTPvbi6
OTD9ez1Hkw5yaWIJBEitGLMxl4HjHaSXOLwbWkoQcEsv1ENmKtvz6wz64zefxljX
VBPkLVuLGdwOzOlXHa9Oks3bWiKYUHt36R5sdz+uYL6NTCL5CLv8oUXCN5bYWRlU
lCA6f5EYCR3Em8VFChAA51f+i688hmxq4sJwNtvoMVG96FwtVgSmmikb8cFN9+C+
qLlmaaC+b8cZ9COWfw2XAMkrFCYUNt7eL4W/vlZK+GkiYUxEYFZnJAqLXOWFgVpe
nLvixkiNDOA=
=rUVR
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2019:1489-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:1489
Issue date: 2019-06-17
CVE Names: CVE-2019-3896 CVE-2019-11477 CVE-2019-11478
CVE-2019-11479
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 6.6
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 6.6) – noarch, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 6.6) – x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An integer overflow flaw was found in the way the Linux kernel’s
networking subsystem processed TCP Selective Acknowledgment (SACK)
segments. While processing SACK segments, the Linux kernel’s socket buffer
(SKB) data structure becomes fragmented. Each fragment is about TCP maximum
segment size (MSS) bytes. To efficiently process SACK blocks, the Linux
kernel merges multiple fragmented SKBs into one, potentially overflowing
the variable holding the number of segments. A remote attacker could use
this flaw to crash the Linux kernel by sending a crafted sequence of SACK
segments on a TCP connection with small value of TCP MSS, resulting in a
denial of service (DoS). (CVE-2019-11477)

* kernel: Double free in lib/idr.c (CVE-2019-3896)

* Kernel: tcp: excessive resource consumption while processing SACK blocks
allows remote denial of service (CVE-2019-11478)

* Kernel: tcp: excessive resource consumption for TCP connections with low
MSS allows remote denial of service (CVE-2019-11479)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* MDS mitigations not enabled on Intel Skylake CPUs (BZ#1713026)

* [RHEL6] md_clear flag missing from /proc/cpuinfo (BZ#1713029)

* RHEL6 kernel does not disable SMT with mds=full,nosmt (BZ#1713044)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1694812 – CVE-2019-3896 kernel: Double free in lib/idr.c
1719123 – CVE-2019-11477 Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service
1719128 – CVE-2019-11478 Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service
1719129 – CVE-2019-11479 Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 6.6):

Source:
kernel-2.6.32-504.79.3.el6.src.rpm

noarch:
kernel-abi-whitelists-2.6.32-504.79.3.el6.noarch.rpm
kernel-doc-2.6.32-504.79.3.el6.noarch.rpm
kernel-firmware-2.6.32-504.79.3.el6.noarch.rpm

x86_64:
kernel-2.6.32-504.79.3.el6.x86_64.rpm
kernel-debug-2.6.32-504.79.3.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-504.79.3.el6.x86_64.rpm
kernel-debug-devel-2.6.32-504.79.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-504.79.3.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-504.79.3.el6.x86_64.rpm
kernel-devel-2.6.32-504.79.3.el6.x86_64.rpm
kernel-headers-2.6.32-504.79.3.el6.x86_64.rpm
perf-2.6.32-504.79.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-504.79.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-504.79.3.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 6.6):

x86_64:
kernel-debug-debuginfo-2.6.32-504.79.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-504.79.3.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-504.79.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-504.79.3.el6.x86_64.rpm
python-perf-2.6.32-504.79.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-504.79.3.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-3896
https://access.redhat.com/security/cve/CVE-2019-11477
https://access.redhat.com/security/cve/CVE-2019-11478
https://access.redhat.com/security/cve/CVE-2019-11479
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/tcpsack

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXQfqA9zjgjWX9erEAQjGFw/7BKcJDZ/BdMJ5Qeo3m5T1VceySn1DzCdD
bz0itfNjGl1sBS3U2T1aJgA3kplTofQkfB8RsInDifSPfMU1p1vvFurwkPpEQuVF
JQy5Gbs0Q/lhpR48uYAi1sqdJAtHWEfi+w9mj+r7mzphlqQT4E3jI09lqAn/a0dH
aaX+L9BmctlAZTooed/SJGXa/hz0d+HoMZFza3ssuWDyQQQ0CfEP6LJX5VRU4w5i
wKFf3emBM6UclrGeZ3QiWcRsRhHs7Wm5eseEcBNqhPScgSGtWrJ7VMAHTTtgqiFD
s4MoaNkAxZPsAMZCY7UGHXq4dyHPWUKdUpgGJXNROqQiGLsg7ua8/WMbx0v0Hrnu
qBXtE30GDtPWLl059JRKrPrgf6oCN6Xz21q+NeLK6nkoroRd2BMSJ7anwULsu/Sd
rDvzYHDkbCsJ3jRLEuHofUNaxUwsbx3Itdi1y4rfea4c+DmURuPFHcWTKAPjkjj6
+CdaAgw94ffMySzlWbyO6rsLLjuIFo5lvTeS3ma214C0jHr/KjqyJq7uW90opyzS
pIRC34/c/vFkOrZW7HzIX66DYWzYFtVt+YiWfzq1KJe32n9dTATJ9gV6YSlYr7JQ
JkdME41caivBzoURJvAnjqgcmaur8anpxaztK3RbqPJmjBTbbvvEAaJ/GDg2kSJu
4C8+Jcbxj4Y=
=BDTB
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel security update
Advisory ID: RHSA-2019:1482-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:1482
Issue date: 2019-06-17
CVE Names: CVE-2019-11477 CVE-2019-11478 CVE-2019-11479
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.5
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.5) – noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5) – x86_64
Red Hat Enterprise Linux Server EUS (v. 7.5) – noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.5) – ppc64, ppc64le, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An integer overflow flaw was found in the way the Linux kernel’s
networking subsystem processed TCP Selective Acknowledgment (SACK)
segments. While processing SACK segments, the Linux kernel’s socket buffer
(SKB) data structure becomes fragmented. Each fragment is about TCP maximum
segment size (MSS) bytes. To efficiently process SACK blocks, the Linux
kernel merges multiple fragmented SKBs into one, potentially overflowing
the variable holding the number of segments. A remote attacker could use
this flaw to crash the Linux kernel by sending a crafted sequence of SACK
segments on a TCP connection with small value of TCP MSS, resulting in a
denial of service (DoS). (CVE-2019-11477)

* Kernel: tcp: excessive resource consumption while processing SACK blocks
allows remote denial of service (CVE-2019-11478)

* Kernel: tcp: excessive resource consumption for TCP connections with low
MSS allows remote denial of service (CVE-2019-11479)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1719123 – CVE-2019-11477 Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service
1719128 – CVE-2019-11478 Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service
1719129 – CVE-2019-11479 Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.5):

Source:
kernel-3.10.0-862.34.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-862.34.2.el7.noarch.rpm
kernel-doc-3.10.0-862.34.2.el7.noarch.rpm

x86_64:
kernel-3.10.0-862.34.2.el7.x86_64.rpm
kernel-debug-3.10.0-862.34.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.34.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.34.2.el7.x86_64.rpm
kernel-devel-3.10.0-862.34.2.el7.x86_64.rpm
kernel-headers-3.10.0-862.34.2.el7.x86_64.rpm
kernel-tools-3.10.0-862.34.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.34.2.el7.x86_64.rpm
perf-3.10.0-862.34.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm
python-perf-3.10.0-862.34.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5):

x86_64:
kernel-debug-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.34.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.34.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.5):

Source:
kernel-3.10.0-862.34.2.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-862.34.2.el7.noarch.rpm
kernel-doc-3.10.0-862.34.2.el7.noarch.rpm

ppc64:
kernel-3.10.0-862.34.2.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-862.34.2.el7.ppc64.rpm
kernel-debug-3.10.0-862.34.2.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-862.34.2.el7.ppc64.rpm
kernel-debug-devel-3.10.0-862.34.2.el7.ppc64.rpm
kernel-debuginfo-3.10.0-862.34.2.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-862.34.2.el7.ppc64.rpm
kernel-devel-3.10.0-862.34.2.el7.ppc64.rpm
kernel-headers-3.10.0-862.34.2.el7.ppc64.rpm
kernel-tools-3.10.0-862.34.2.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-862.34.2.el7.ppc64.rpm
kernel-tools-libs-3.10.0-862.34.2.el7.ppc64.rpm
perf-3.10.0-862.34.2.el7.ppc64.rpm
perf-debuginfo-3.10.0-862.34.2.el7.ppc64.rpm
python-perf-3.10.0-862.34.2.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-862.34.2.el7.ppc64.rpm

ppc64le:
kernel-3.10.0-862.34.2.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-862.34.2.el7.ppc64le.rpm
kernel-debug-3.10.0-862.34.2.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-862.34.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-862.34.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-862.34.2.el7.ppc64le.rpm
kernel-devel-3.10.0-862.34.2.el7.ppc64le.rpm
kernel-headers-3.10.0-862.34.2.el7.ppc64le.rpm
kernel-tools-3.10.0-862.34.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-862.34.2.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-862.34.2.el7.ppc64le.rpm
perf-3.10.0-862.34.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-862.34.2.el7.ppc64le.rpm
python-perf-3.10.0-862.34.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-862.34.2.el7.ppc64le.rpm

s390x:
kernel-3.10.0-862.34.2.el7.s390x.rpm
kernel-debug-3.10.0-862.34.2.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-862.34.2.el7.s390x.rpm
kernel-debug-devel-3.10.0-862.34.2.el7.s390x.rpm
kernel-debuginfo-3.10.0-862.34.2.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-862.34.2.el7.s390x.rpm
kernel-devel-3.10.0-862.34.2.el7.s390x.rpm
kernel-headers-3.10.0-862.34.2.el7.s390x.rpm
kernel-kdump-3.10.0-862.34.2.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-862.34.2.el7.s390x.rpm
kernel-kdump-devel-3.10.0-862.34.2.el7.s390x.rpm
perf-3.10.0-862.34.2.el7.s390x.rpm
perf-debuginfo-3.10.0-862.34.2.el7.s390x.rpm
python-perf-3.10.0-862.34.2.el7.s390x.rpm
python-perf-debuginfo-3.10.0-862.34.2.el7.s390x.rpm

x86_64:
kernel-3.10.0-862.34.2.el7.x86_64.rpm
kernel-debug-3.10.0-862.34.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.34.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.34.2.el7.x86_64.rpm
kernel-devel-3.10.0-862.34.2.el7.x86_64.rpm
kernel-headers-3.10.0-862.34.2.el7.x86_64.rpm
kernel-tools-3.10.0-862.34.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.34.2.el7.x86_64.rpm
perf-3.10.0-862.34.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm
python-perf-3.10.0-862.34.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.5):

ppc64:
kernel-debug-debuginfo-3.10.0-862.34.2.el7.ppc64.rpm
kernel-debuginfo-3.10.0-862.34.2.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-862.34.2.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-862.34.2.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-862.34.2.el7.ppc64.rpm
perf-debuginfo-3.10.0-862.34.2.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-862.34.2.el7.ppc64.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-862.34.2.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-862.34.2.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-862.34.2.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-862.34.2.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-862.34.2.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-862.34.2.el7.ppc64le.rpm
perf-debuginfo-3.10.0-862.34.2.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-862.34.2.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-862.34.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.34.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-11477
https://access.redhat.com/security/cve/CVE-2019-11478
https://access.redhat.com/security/cve/CVE-2019-11479
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/tcpsack

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXQfk3NzjgjWX9erEAQiytA/+LYuWZPA+XAzTGUtoSanvsTMhe3fdVmEs
uC08ljrlPeR/Wd6nDM6/kA31tXy0DuL23ocXTXoz+eBQNzpv7wAV3BNegLB+EbaF
lalFLRhneQHOPqVQm8NRM/+aQoUSPZGroINcBCxC+RRDCnzgd1IYYOPJeq3N3che
3/o1whqn8af/uYrE49Lg+qimRFPIDkUg/r+pTv8M/cWdskrDlv3ir8Dn3rczrg9C
/MjRxlqayPLN60RsdQO1MJPIq/5/4avHbmlqYGvzWyqdMYZckJWtJbRcCNg4MaII
P8sx7pW1h6MdC23tGdqdk1VsgPl5ap1qYDjIJdHkp2wOeih6Lk1ezBViRuOfWpx1
Wy2EpmGRy8IUA/biIHedki48cfBHE2T3Bd7dE0V1HHWP5c9iZIov5OTG6dvy5OMV
bQA5+BVrSdrOPKj6VDwrbcDWoeSR8O0eMghoj7o3aP6cPzAMmQ2xxj8G4hrZuP0P
1eVZrMPgE+N6Brd9k/o70Gw90Q7N2o8ONJFrz+gFdIGxI+m3dNGhne5hwxou1Q+k
5/O4S3Eu2afic3WNh6K3Zbk8K5rzfqFGdOFEGYw0/lZblRgr9scVQdfo4ohoxabf
ojkr1xsbNIcSxHYBm9LRM4cMXblFr+yx+mYZsCA539F2DKID42Y89msdcjGhOUEL
SkhJ47gvUQ4=
=+jJe
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel security, bug fix, and enhancement update
Advisory ID: RHSA-2019:1483-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:1483
Issue date: 2019-06-17
CVE Names: CVE-2018-7566 CVE-2018-1000004 CVE-2019-11477
CVE-2019-11478 CVE-2019-11479
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.4
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.4) – noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4) – x86_64
Red Hat Enterprise Linux Server EUS (v. 7.4) – noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.4) – ppc64, ppc64le, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An integer overflow flaw was found in the way the Linux kernel’s
networking subsystem processed TCP Selective Acknowledgment (SACK)
segments. While processing SACK segments, the Linux kernel’s socket buffer
(SKB) data structure becomes fragmented. Each fragment is about TCP maximum
segment size (MSS) bytes. To efficiently process SACK blocks, the Linux
kernel merges multiple fragmented SKBs into one, potentially overflowing
the variable holding the number of segments. A remote attacker could use
this flaw to crash the Linux kernel by sending a crafted sequence of SACK
segments on a TCP connection with small value of TCP MSS, resulting in a
denial of service (DoS). (CVE-2019-11477)

* kernel: race condition in snd_seq_write() may lead to UAF or OOB-access
(CVE-2018-7566)

* kernel: Race condition in sound system can lead to denial of service
(CVE-2018-1000004)

* Kernel: tcp: excessive resource consumption while processing SACK blocks
allows remote denial of service (CVE-2019-11478)

* Kernel: tcp: excessive resource consumption for TCP connections with low
MSS allows remote denial of service (CVE-2019-11479)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* Mistmach between ‘tty->termios->c_lflag’ and ‘ldata->icanon’ for ‘ICANON’
(BZ#1708061)

* RHEL7: rwsem reader/writer mutual exclusion guarantee may not work
(BZ#1709702)

* hardened usercopy is causing crash (BZ#1712311)

* [RHEL7] md_clear flag missing from /proc/cpuinfo on late microcode update
(BZ#1712991)

* [RHEL7] MDS mitigations are not enabled after double microcode update
(BZ#1712996)

* WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:90
__static_key_slow_dec+0xa6/0xb0 (BZ#1713002)

* [debug kernel] [x86_64]INFO: possible circular locking dependency
detected (BZ#1715326)

* RHEL-7.7: tty: termios_rwsem possible deadlock (BZ#1715329)

Enhancement(s):

* [MCHP 7.7 FEAT] Update smartpqi driver to latest upstream (BZ#1709467)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1535315 – CVE-2018-1000004 kernel: Race condition in sound system can lead to denial of service
1550142 – CVE-2018-7566 kernel: race condition in snd_seq_write() may lead to UAF or OOB-access
1719123 – CVE-2019-11477 Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service
1719128 – CVE-2019-11478 Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service
1719129 – CVE-2019-11479 Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.4):

Source:
kernel-3.10.0-693.50.3.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-693.50.3.el7.noarch.rpm
kernel-doc-3.10.0-693.50.3.el7.noarch.rpm

x86_64:
kernel-3.10.0-693.50.3.el7.x86_64.rpm
kernel-debug-3.10.0-693.50.3.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.50.3.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.50.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.50.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.50.3.el7.x86_64.rpm
kernel-devel-3.10.0-693.50.3.el7.x86_64.rpm
kernel-headers-3.10.0-693.50.3.el7.x86_64.rpm
kernel-tools-3.10.0-693.50.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.50.3.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.50.3.el7.x86_64.rpm
perf-3.10.0-693.50.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.50.3.el7.x86_64.rpm
python-perf-3.10.0-693.50.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.50.3.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4):

x86_64:
kernel-debug-debuginfo-3.10.0-693.50.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.50.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.50.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.50.3.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.50.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.50.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.50.3.el7.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.4):

Source:
kernel-3.10.0-693.50.3.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-693.50.3.el7.noarch.rpm
kernel-doc-3.10.0-693.50.3.el7.noarch.rpm

ppc64:
kernel-3.10.0-693.50.3.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-693.50.3.el7.ppc64.rpm
kernel-debug-3.10.0-693.50.3.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-693.50.3.el7.ppc64.rpm
kernel-debug-devel-3.10.0-693.50.3.el7.ppc64.rpm
kernel-debuginfo-3.10.0-693.50.3.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-693.50.3.el7.ppc64.rpm
kernel-devel-3.10.0-693.50.3.el7.ppc64.rpm
kernel-headers-3.10.0-693.50.3.el7.ppc64.rpm
kernel-tools-3.10.0-693.50.3.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-693.50.3.el7.ppc64.rpm
kernel-tools-libs-3.10.0-693.50.3.el7.ppc64.rpm
perf-3.10.0-693.50.3.el7.ppc64.rpm
perf-debuginfo-3.10.0-693.50.3.el7.ppc64.rpm
python-perf-3.10.0-693.50.3.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-693.50.3.el7.ppc64.rpm

ppc64le:
kernel-3.10.0-693.50.3.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-693.50.3.el7.ppc64le.rpm
kernel-debug-3.10.0-693.50.3.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-693.50.3.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-693.50.3.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-693.50.3.el7.ppc64le.rpm
kernel-devel-3.10.0-693.50.3.el7.ppc64le.rpm
kernel-headers-3.10.0-693.50.3.el7.ppc64le.rpm
kernel-tools-3.10.0-693.50.3.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-693.50.3.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-693.50.3.el7.ppc64le.rpm
perf-3.10.0-693.50.3.el7.ppc64le.rpm
perf-debuginfo-3.10.0-693.50.3.el7.ppc64le.rpm
python-perf-3.10.0-693.50.3.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-693.50.3.el7.ppc64le.rpm

s390x:
kernel-3.10.0-693.50.3.el7.s390x.rpm
kernel-debug-3.10.0-693.50.3.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-693.50.3.el7.s390x.rpm
kernel-debug-devel-3.10.0-693.50.3.el7.s390x.rpm
kernel-debuginfo-3.10.0-693.50.3.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-693.50.3.el7.s390x.rpm
kernel-devel-3.10.0-693.50.3.el7.s390x.rpm
kernel-headers-3.10.0-693.50.3.el7.s390x.rpm
kernel-kdump-3.10.0-693.50.3.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-693.50.3.el7.s390x.rpm
kernel-kdump-devel-3.10.0-693.50.3.el7.s390x.rpm
perf-3.10.0-693.50.3.el7.s390x.rpm
perf-debuginfo-3.10.0-693.50.3.el7.s390x.rpm
python-perf-3.10.0-693.50.3.el7.s390x.rpm
python-perf-debuginfo-3.10.0-693.50.3.el7.s390x.rpm

x86_64:
kernel-3.10.0-693.50.3.el7.x86_64.rpm
kernel-debug-3.10.0-693.50.3.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.50.3.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.50.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.50.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.50.3.el7.x86_64.rpm
kernel-devel-3.10.0-693.50.3.el7.x86_64.rpm
kernel-headers-3.10.0-693.50.3.el7.x86_64.rpm
kernel-tools-3.10.0-693.50.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.50.3.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.50.3.el7.x86_64.rpm
perf-3.10.0-693.50.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.50.3.el7.x86_64.rpm
python-perf-3.10.0-693.50.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.50.3.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.4):

ppc64:
kernel-debug-debuginfo-3.10.0-693.50.3.el7.ppc64.rpm
kernel-debuginfo-3.10.0-693.50.3.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-693.50.3.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-693.50.3.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-693.50.3.el7.ppc64.rpm
perf-debuginfo-3.10.0-693.50.3.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-693.50.3.el7.ppc64.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-693.50.3.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-693.50.3.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-693.50.3.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-693.50.3.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-693.50.3.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-693.50.3.el7.ppc64le.rpm
perf-debuginfo-3.10.0-693.50.3.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-693.50.3.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-693.50.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.50.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.50.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.50.3.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.50.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.50.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.50.3.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-7566
https://access.redhat.com/security/cve/CVE-2018-1000004
https://access.redhat.com/security/cve/CVE-2019-11477
https://access.redhat.com/security/cve/CVE-2019-11478
https://access.redhat.com/security/cve/CVE-2019-11479
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/tcpsack

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXQflkNzjgjWX9erEAQiYBQ/8CqPgl6Z1FdlIkiIKctrTNxBA3HHwyY7j
LQBGs4iRnTNxAHYafa1UyeF8nW5wB7x/KTiktC4bu4tur5xGbCuVsQAQX2/YeQHZ
cEK3uU4N4wX31sJJmOki5qmnsW28fr1AuT0hfgL8/OWkf+eec66Momg8ZGS9MZ2X
2YJ8kzrE1dBBbBtzvNZDmAC/1i+VsalIObblsI1dIr+753oYnoP0x6WuPn1c7lod
CbvPOQvfYB+0b/HNHhRxCOl4ay5NAYC/eCFx9h1JTPoQ/CzzjHwNBm2+HL+Lt+Av
A1Ufnm4XBO/lyT1f9bvDiE9xHFP3wzN9hebQvvp4maAFbVPP7upqnCRESm9Ojzew
k8n/UHgyWciTgEM79tQ+0Jx4r+k5KQT12mr023SEeRBCNd8H0odfN2SpwGwu39lz
P1AwJhN9LddTfO3IOx2RZJcnshaIOhbDBuFW1GBUYgODsGd3RgUqVblryb53IVFG
6jHcYMetblt6dIAhTVtBUTOeVaG/rUkjuWaIKYhNjijgqUdQBGDDJWxK2E/hx+nq
r5fgReLwxPz+q27cu70chK9lSa0RAUr3qgCOa+UYfqm3/LclXtPCI/z/YCESE5tc
xSZyAhsRDEIgAsNO8neeG68HMX1JZCqun+HnHvcrmh7t2vXM/HRJl7ihp9md2au+
LbgoNJu99kM=
=aVva
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel security update
Advisory ID: RHSA-2019:1481-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:1481
Issue date: 2019-06-17
CVE Names: CVE-2019-11477 CVE-2019-11478 CVE-2019-11479
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) – noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) – x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) – noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) – x86_64
Red Hat Enterprise Linux Server (v. 7) – noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) – ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) – noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) – x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An integer overflow flaw was found in the way the Linux kernel’s
networking subsystem processed TCP Selective Acknowledgment (SACK)
segments. While processing SACK segments, the Linux kernel’s socket buffer
(SKB) data structure becomes fragmented. Each fragment is about TCP maximum
segment size (MSS) bytes. To efficiently process SACK blocks, the Linux
kernel merges multiple fragmented SKBs into one, potentially overflowing
the variable holding the number of segments. A remote attacker could use
this flaw to crash the Linux kernel by sending a crafted sequence of SACK
segments on a TCP connection with small value of TCP MSS, resulting in a
denial of service (DoS). (CVE-2019-11477)

* Kernel: tcp: excessive resource consumption while processing SACK blocks
allows remote denial of service (CVE-2019-11478)

* Kernel: tcp: excessive resource consumption for TCP connections with low
MSS allows remote denial of service (CVE-2019-11479)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1719123 – CVE-2019-11477 Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service
1719128 – CVE-2019-11478 Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service
1719129 – CVE-2019-11479 Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
kernel-3.10.0-957.21.3.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-957.21.3.el7.noarch.rpm
kernel-doc-3.10.0-957.21.3.el7.noarch.rpm

x86_64:
bpftool-3.10.0-957.21.3.el7.x86_64.rpm
kernel-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debug-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debug-devel-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.21.3.el7.x86_64.rpm
kernel-devel-3.10.0-957.21.3.el7.x86_64.rpm
kernel-headers-3.10.0-957.21.3.el7.x86_64.rpm
kernel-tools-3.10.0-957.21.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-tools-libs-3.10.0-957.21.3.el7.x86_64.rpm
perf-3.10.0-957.21.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
python-perf-3.10.0-957.21.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.21.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-957.21.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
kernel-3.10.0-957.21.3.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-957.21.3.el7.noarch.rpm
kernel-doc-3.10.0-957.21.3.el7.noarch.rpm

x86_64:
bpftool-3.10.0-957.21.3.el7.x86_64.rpm
kernel-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debug-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debug-devel-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.21.3.el7.x86_64.rpm
kernel-devel-3.10.0-957.21.3.el7.x86_64.rpm
kernel-headers-3.10.0-957.21.3.el7.x86_64.rpm
kernel-tools-3.10.0-957.21.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-tools-libs-3.10.0-957.21.3.el7.x86_64.rpm
perf-3.10.0-957.21.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
python-perf-3.10.0-957.21.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.21.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-957.21.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
kernel-3.10.0-957.21.3.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-957.21.3.el7.noarch.rpm
kernel-doc-3.10.0-957.21.3.el7.noarch.rpm

ppc64:
kernel-3.10.0-957.21.3.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-957.21.3.el7.ppc64.rpm
kernel-debug-3.10.0-957.21.3.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-957.21.3.el7.ppc64.rpm
kernel-debug-devel-3.10.0-957.21.3.el7.ppc64.rpm
kernel-debuginfo-3.10.0-957.21.3.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-957.21.3.el7.ppc64.rpm
kernel-devel-3.10.0-957.21.3.el7.ppc64.rpm
kernel-headers-3.10.0-957.21.3.el7.ppc64.rpm
kernel-tools-3.10.0-957.21.3.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-957.21.3.el7.ppc64.rpm
kernel-tools-libs-3.10.0-957.21.3.el7.ppc64.rpm
perf-3.10.0-957.21.3.el7.ppc64.rpm
perf-debuginfo-3.10.0-957.21.3.el7.ppc64.rpm
python-perf-3.10.0-957.21.3.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-957.21.3.el7.ppc64.rpm

ppc64le:
kernel-3.10.0-957.21.3.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-957.21.3.el7.ppc64le.rpm
kernel-debug-3.10.0-957.21.3.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-957.21.3.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-957.21.3.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-957.21.3.el7.ppc64le.rpm
kernel-devel-3.10.0-957.21.3.el7.ppc64le.rpm
kernel-headers-3.10.0-957.21.3.el7.ppc64le.rpm
kernel-tools-3.10.0-957.21.3.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-957.21.3.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-957.21.3.el7.ppc64le.rpm
perf-3.10.0-957.21.3.el7.ppc64le.rpm
perf-debuginfo-3.10.0-957.21.3.el7.ppc64le.rpm
python-perf-3.10.0-957.21.3.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-957.21.3.el7.ppc64le.rpm

s390x:
kernel-3.10.0-957.21.3.el7.s390x.rpm
kernel-debug-3.10.0-957.21.3.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-957.21.3.el7.s390x.rpm
kernel-debug-devel-3.10.0-957.21.3.el7.s390x.rpm
kernel-debuginfo-3.10.0-957.21.3.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-957.21.3.el7.s390x.rpm
kernel-devel-3.10.0-957.21.3.el7.s390x.rpm
kernel-headers-3.10.0-957.21.3.el7.s390x.rpm
kernel-kdump-3.10.0-957.21.3.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-957.21.3.el7.s390x.rpm
kernel-kdump-devel-3.10.0-957.21.3.el7.s390x.rpm
perf-3.10.0-957.21.3.el7.s390x.rpm
perf-debuginfo-3.10.0-957.21.3.el7.s390x.rpm
python-perf-3.10.0-957.21.3.el7.s390x.rpm
python-perf-debuginfo-3.10.0-957.21.3.el7.s390x.rpm

x86_64:
bpftool-3.10.0-957.21.3.el7.x86_64.rpm
kernel-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debug-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debug-devel-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.21.3.el7.x86_64.rpm
kernel-devel-3.10.0-957.21.3.el7.x86_64.rpm
kernel-headers-3.10.0-957.21.3.el7.x86_64.rpm
kernel-tools-3.10.0-957.21.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-tools-libs-3.10.0-957.21.3.el7.x86_64.rpm
perf-3.10.0-957.21.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
python-perf-3.10.0-957.21.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
kernel-debug-debuginfo-3.10.0-957.21.3.el7.ppc64.rpm
kernel-debuginfo-3.10.0-957.21.3.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-957.21.3.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-957.21.3.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-957.21.3.el7.ppc64.rpm
perf-debuginfo-3.10.0-957.21.3.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-957.21.3.el7.ppc64.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-957.21.3.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-957.21.3.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-957.21.3.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-957.21.3.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-957.21.3.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-957.21.3.el7.ppc64le.rpm
perf-debuginfo-3.10.0-957.21.3.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-957.21.3.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.21.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-957.21.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
kernel-3.10.0-957.21.3.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-957.21.3.el7.noarch.rpm
kernel-doc-3.10.0-957.21.3.el7.noarch.rpm

x86_64:
bpftool-3.10.0-957.21.3.el7.x86_64.rpm
kernel-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debug-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debug-devel-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.21.3.el7.x86_64.rpm
kernel-devel-3.10.0-957.21.3.el7.x86_64.rpm
kernel-headers-3.10.0-957.21.3.el7.x86_64.rpm
kernel-tools-3.10.0-957.21.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-tools-libs-3.10.0-957.21.3.el7.x86_64.rpm
perf-3.10.0-957.21.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
python-perf-3.10.0-957.21.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.21.3.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-957.21.3.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.21.3.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-11477
https://access.redhat.com/security/cve/CVE-2019-11478
https://access.redhat.com/security/cve/CVE-2019-11479
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/tcpsack

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXQfc5dzjgjWX9erEAQiHvA/9H8ok5idW5wQXIYe9k2vrUnDV0EilyBeN
ybKZlww2bhuHKYwmUKD2WSbggNXvxOR0uzuLTEqM5R0od4ALa4SSxdNMTVO1ac8V
4nogSc7quxNGoYdhXyWPFqRTWIGMMV7mXRifTqGskcB1xB5JwMc2mGGvFA3xXGDu
lxvNK70J+HjlTFf4wodaRCZdmyEQxYB8rOxQ42U+yFcbPmPqlyvLJV/6ULHU2utZ
K/Ifmd5g9B0NbDR8hceVIdWFD6XIUbiyItn3Ubx0IHaBDVE9j+fo3FQ+ciPG73CD
kl7nfHU0ebOrooxZQxFmbVltPUlVwyZQ6H/d1a31ZNdWDu/LQkG94bY7YARfDFLT
xsJKMW+pQjAlFAbEVEBbesMXBwb6qdRgpugyr0o8cZbOYAEH2vkxbf1rcz1wAGgv
dMRxnvUbgNML50jSuAh80vdzCjrkmhJxO2KSZXwEoLyDiiwfs4MILf20W+jn8tdG
p6AGgFkENInQtAuAbcQHpjCmJPUNLoSKuzpQAry4RCNfklFElKhJxlHoxUPqvc42
SUN5BS7w8SF70ANWiW/V73+nYcDKJfV/3oMndJInVaCER6GF6NwpGQb7DjLM4krh
gxhcCHeA0dHKVL8udjSrrEbdi4c3OmXz53p36Ww/Yh8k3BhVid7Wzt3HPBWFF5qs
rjP0JW27B5U=
=rNYS
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2019:1488-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:1488
Issue date: 2019-06-17
CVE Names: CVE-2019-3896 CVE-2019-11477 CVE-2019-11478
CVE-2019-11479
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) – i386, noarch, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) – i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) – noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) – x86_64
Red Hat Enterprise Linux Server (v. 6) – i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) – i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) – i386, noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) – i386, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An integer overflow flaw was found in the way the Linux kernel’s
networking subsystem processed TCP Selective Acknowledgment (SACK)
segments. While processing SACK segments, the Linux kernel’s socket buffer
(SKB) data structure becomes fragmented. Each fragment is about TCP maximum
segment size (MSS) bytes. To efficiently process SACK blocks, the Linux
kernel merges multiple fragmented SKBs into one, potentially overflowing
the variable holding the number of segments. A remote attacker could use
this flaw to crash the Linux kernel by sending a crafted sequence of SACK
segments on a TCP connection with small value of TCP MSS, resulting in a
denial of service (DoS). (CVE-2019-11477)

* kernel: Double free in lib/idr.c (CVE-2019-3896)

* Kernel: tcp: excessive resource consumption while processing SACK blocks
allows remote denial of service (CVE-2019-11478)

* Kernel: tcp: excessive resource consumption for TCP connections with low
MSS allows remote denial of service (CVE-2019-11479)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* MDS mitigations not enabled on Intel Skylake CPUs (BZ#1710081)

* RHEL6 kernel does not disable SMT with mds=full,nosmt (BZ#1710121)

* [RHEL6] md_clear flag missing from /proc/cpuinfo (BZ#1710517)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1694812 – CVE-2019-3896 kernel: Double free in lib/idr.c
1719123 – CVE-2019-11477 Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service
1719128 – CVE-2019-11478 Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service
1719129 – CVE-2019-11479 Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
kernel-2.6.32-754.15.3.el6.src.rpm

i386:
kernel-2.6.32-754.15.3.el6.i686.rpm
kernel-debug-2.6.32-754.15.3.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.15.3.el6.i686.rpm
kernel-debug-devel-2.6.32-754.15.3.el6.i686.rpm
kernel-debuginfo-2.6.32-754.15.3.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.15.3.el6.i686.rpm
kernel-devel-2.6.32-754.15.3.el6.i686.rpm
kernel-headers-2.6.32-754.15.3.el6.i686.rpm
perf-2.6.32-754.15.3.el6.i686.rpm
perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-754.15.3.el6.noarch.rpm
kernel-doc-2.6.32-754.15.3.el6.noarch.rpm
kernel-firmware-2.6.32-754.15.3.el6.noarch.rpm

x86_64:
kernel-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debug-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.15.3.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.15.3.el6.i686.rpm
kernel-debug-devel-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.15.3.el6.i686.rpm
kernel-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.15.3.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.15.3.el6.x86_64.rpm
kernel-devel-2.6.32-754.15.3.el6.x86_64.rpm
kernel-headers-2.6.32-754.15.3.el6.x86_64.rpm
perf-2.6.32-754.15.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm
perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-754.15.3.el6.i686.rpm
kernel-debuginfo-2.6.32-754.15.3.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.15.3.el6.i686.rpm
perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm
python-perf-2.6.32-754.15.3.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.15.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
python-perf-2.6.32-754.15.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
kernel-2.6.32-754.15.3.el6.src.rpm

noarch:
kernel-abi-whitelists-2.6.32-754.15.3.el6.noarch.rpm
kernel-doc-2.6.32-754.15.3.el6.noarch.rpm
kernel-firmware-2.6.32-754.15.3.el6.noarch.rpm

x86_64:
kernel-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debug-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.15.3.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.15.3.el6.i686.rpm
kernel-debug-devel-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.15.3.el6.i686.rpm
kernel-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.15.3.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.15.3.el6.x86_64.rpm
kernel-devel-2.6.32-754.15.3.el6.x86_64.rpm
kernel-headers-2.6.32-754.15.3.el6.x86_64.rpm
perf-2.6.32-754.15.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm
perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
kernel-debug-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.15.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
python-perf-2.6.32-754.15.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
kernel-2.6.32-754.15.3.el6.src.rpm

i386:
kernel-2.6.32-754.15.3.el6.i686.rpm
kernel-debug-2.6.32-754.15.3.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.15.3.el6.i686.rpm
kernel-debug-devel-2.6.32-754.15.3.el6.i686.rpm
kernel-debuginfo-2.6.32-754.15.3.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.15.3.el6.i686.rpm
kernel-devel-2.6.32-754.15.3.el6.i686.rpm
kernel-headers-2.6.32-754.15.3.el6.i686.rpm
perf-2.6.32-754.15.3.el6.i686.rpm
perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-754.15.3.el6.noarch.rpm
kernel-doc-2.6.32-754.15.3.el6.noarch.rpm
kernel-firmware-2.6.32-754.15.3.el6.noarch.rpm

ppc64:
kernel-2.6.32-754.15.3.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-754.15.3.el6.ppc64.rpm
kernel-debug-2.6.32-754.15.3.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-754.15.3.el6.ppc64.rpm
kernel-debug-devel-2.6.32-754.15.3.el6.ppc64.rpm
kernel-debuginfo-2.6.32-754.15.3.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-754.15.3.el6.ppc64.rpm
kernel-devel-2.6.32-754.15.3.el6.ppc64.rpm
kernel-headers-2.6.32-754.15.3.el6.ppc64.rpm
perf-2.6.32-754.15.3.el6.ppc64.rpm
perf-debuginfo-2.6.32-754.15.3.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-754.15.3.el6.ppc64.rpm

s390x:
kernel-2.6.32-754.15.3.el6.s390x.rpm
kernel-debug-2.6.32-754.15.3.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-754.15.3.el6.s390x.rpm
kernel-debug-devel-2.6.32-754.15.3.el6.s390x.rpm
kernel-debuginfo-2.6.32-754.15.3.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-754.15.3.el6.s390x.rpm
kernel-devel-2.6.32-754.15.3.el6.s390x.rpm
kernel-headers-2.6.32-754.15.3.el6.s390x.rpm
kernel-kdump-2.6.32-754.15.3.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-754.15.3.el6.s390x.rpm
kernel-kdump-devel-2.6.32-754.15.3.el6.s390x.rpm
perf-2.6.32-754.15.3.el6.s390x.rpm
perf-debuginfo-2.6.32-754.15.3.el6.s390x.rpm
python-perf-debuginfo-2.6.32-754.15.3.el6.s390x.rpm

x86_64:
kernel-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debug-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.15.3.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.15.3.el6.i686.rpm
kernel-debug-devel-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.15.3.el6.i686.rpm
kernel-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.15.3.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.15.3.el6.x86_64.rpm
kernel-devel-2.6.32-754.15.3.el6.x86_64.rpm
kernel-headers-2.6.32-754.15.3.el6.x86_64.rpm
perf-2.6.32-754.15.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm
perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-754.15.3.el6.i686.rpm
kernel-debuginfo-2.6.32-754.15.3.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.15.3.el6.i686.rpm
perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm
python-perf-2.6.32-754.15.3.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm

ppc64:
kernel-debug-debuginfo-2.6.32-754.15.3.el6.ppc64.rpm
kernel-debuginfo-2.6.32-754.15.3.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-754.15.3.el6.ppc64.rpm
perf-debuginfo-2.6.32-754.15.3.el6.ppc64.rpm
python-perf-2.6.32-754.15.3.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-754.15.3.el6.ppc64.rpm

s390x:
kernel-debug-debuginfo-2.6.32-754.15.3.el6.s390x.rpm
kernel-debuginfo-2.6.32-754.15.3.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-754.15.3.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-754.15.3.el6.s390x.rpm
perf-debuginfo-2.6.32-754.15.3.el6.s390x.rpm
python-perf-2.6.32-754.15.3.el6.s390x.rpm
python-perf-debuginfo-2.6.32-754.15.3.el6.s390x.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.15.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
python-perf-2.6.32-754.15.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
kernel-2.6.32-754.15.3.el6.src.rpm

i386:
kernel-2.6.32-754.15.3.el6.i686.rpm
kernel-debug-2.6.32-754.15.3.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.15.3.el6.i686.rpm
kernel-debug-devel-2.6.32-754.15.3.el6.i686.rpm
kernel-debuginfo-2.6.32-754.15.3.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.15.3.el6.i686.rpm
kernel-devel-2.6.32-754.15.3.el6.i686.rpm
kernel-headers-2.6.32-754.15.3.el6.i686.rpm
perf-2.6.32-754.15.3.el6.i686.rpm
perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm

noarch:
kernel-abi-whitelists-2.6.32-754.15.3.el6.noarch.rpm
kernel-doc-2.6.32-754.15.3.el6.noarch.rpm
kernel-firmware-2.6.32-754.15.3.el6.noarch.rpm

x86_64:
kernel-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debug-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-754.15.3.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.15.3.el6.i686.rpm
kernel-debug-devel-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.15.3.el6.i686.rpm
kernel-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debuginfo-common-i686-2.6.32-754.15.3.el6.i686.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.15.3.el6.x86_64.rpm
kernel-devel-2.6.32-754.15.3.el6.x86_64.rpm
kernel-headers-2.6.32-754.15.3.el6.x86_64.rpm
perf-2.6.32-754.15.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm
perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
kernel-debug-debuginfo-2.6.32-754.15.3.el6.i686.rpm
kernel-debuginfo-2.6.32-754.15.3.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-754.15.3.el6.i686.rpm
perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm
python-perf-2.6.32-754.15.3.el6.i686.rpm
python-perf-debuginfo-2.6.32-754.15.3.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-754.15.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm
python-perf-2.6.32-754.15.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-754.15.3.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-3896
https://access.redhat.com/security/cve/CVE-2019-11477
https://access.redhat.com/security/cve/CVE-2019-11478
https://access.redhat.com/security/cve/CVE-2019-11479
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/tcpsack

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXQfbBdzjgjWX9erEAQjjiw//QtCd50n/kyijAWgyi02UAPD+QrPWRv6a
gLSESiQGCl7YvWgt96eI5DANREmFMWQ8wB0LRku4KJ4tutBdTcyouWrHgHEYhXLB
24ZBi8HB/L9EhxKoQlHlY68ekZzbOcjqZhrL5K2xUnoVTJDo/+d+vtJgOIlrV/PC
aXxRL5nez5Y8pjCiwqm37RP7OUnn6daLtqcu42DR9XovXqORrfJVo43+5HR0drLA
ZB2B0ERUU+iFKpS6p9qIgfMLR9KRlMikeI+NRU/1JBjEDT5C4uT4fqULjM4a4QcR
4Cm+wN6ku7CTK8l+1RAKSAn12KMjHUfMhWT1X0XFTFl3lFifL6o6+5D0OVSM68xL
k+E8pmoilN1nFk49Z9uLDbCJogLbPdgSOZohiuYLBfUE4IUy0OiCodmKRlQBxWTK
tYBMbUQ1stywEGngsFAXnF7BIeC346+uvMT83TlfbhV+TNIFARjwx9ySNrV7hLes
enTzE250yv7LaZ0tXGKhoPXfLif7nFFVNzupV1PM3uHDCjLYLRq5JQcd1IWCrBS0
IF5A/kp1X9zV8lO4fghj3aSXA7HwQphRBEJ4FkZSu34eqUX5rrC96X5T/8T9McOK
iOKT/z03WI1mSBJUrU/x7N2v44mXr0kropqd/Yfqf6KQDJWW3aXkJJWxNMgBqiYS
l+p3rcEBzDA=
=NzJu
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2019:1479-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:1479
Issue date: 2019-06-17
CVE Names: CVE-2019-9213 CVE-2019-11477 CVE-2019-11478
CVE-2019-11479
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) – aarch64, ppc64le, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) – aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* An integer overflow flaw was found in the way the Linux kernel’s
networking subsystem processed TCP Selective Acknowledgment (SACK)
segments. While processing SACK segments, the Linux kernel’s socket buffer
(SKB) data structure becomes fragmented. Each fragment is about TCP maximum
segment size (MSS) bytes. To efficiently process SACK blocks, the Linux
kernel merges multiple fragmented SKBs into one, potentially overflowing
the variable holding the number of segments. A remote attacker could use
this flaw to crash the Linux kernel by sending a crafted sequence of SACK
segments on a TCP connection with small value of TCP MSS, resulting in a
denial of service (DoS). (CVE-2019-11477)

* kernel: lack of check for mmap minimum address in expand_downwards in
mm/mmap.c leads to NULL pointer dereferences exploit on non-SMAP platforms
(CVE-2019-9213)

* Kernel: tcp: excessive resource consumption while processing SACK blocks
allows remote denial of service (CVE-2019-11478)

* Kernel: tcp: excessive resource consumption for TCP connections with low
MSS allows remote denial of service (CVE-2019-11479)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* [HPE 8.0 Bug] nvme drive power button does not turn off drive
(BZ#1700288)

* RHEL8.0 – hw csum failure seen in dmesg and console (using
mlx5/mlx4/Mellanox) (BZ#1700289)

* RHEL8.0 – vfio-ap: add subsystem to matrix device to avoid libudev
failures (kvm) (BZ#1700290)

* [FJ8.1 Bug]: Make Fujitsu Erratum 010001 patch work on A64FX v1r0
(BZ#1700901)

* [FJ8.0 Bug]: Fujitsu A64FX processor errata – panic by unknown fault
(BZ#1700902)

* RHEL 8.0 Snapshot 4 – nvme create-ns command hangs after creating 20
namespaces on Bolt (NVMe) (BZ#1701140)

* [Cavium/Marvell 8.0 qed] Fix qed_mcp_halt() and qed_mcp_resume()
(backporting bug) (BZ#1704184)

* [Intel 8.1 Bug] PBF: Base frequency display fix (BZ#1706739)

* [RHEL8]read/write operation not permitted to /sys/kernel/debug/gcov/reset
(BZ#1708100)

* RHEL8.0 – ISST-LTE:pVM:fleetwood:LPM:raylp85:After lpm seeing the
console logs on the the lpar at target side (BZ#1708102)

* RHEL8.0 – Backport support for software count cache flush Spectre v2
mitigation (BZ#1708112)

* [Regression] RHEL8.0 – System crashed with one stress-ng-mremap stressor
on Boston (kvm host) (BZ#1708617)

* [intel ice Rhel 8 RC1] ethtool -A ethx causes interfaces to go down
(BZ#1709433)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1686136 – CVE-2019-9213 kernel: lack of check for mmap minimum address in expand_downwards in mm/mmap.c leads to NULL pointer dereferences exploit on non-SMAP platforms
1719123 – CVE-2019-11477 Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service
1719128 – CVE-2019-11478 Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service
1719129 – CVE-2019-11479 Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:
kernel-4.18.0-80.4.2.el8_0.src.rpm

aarch64:
bpftool-4.18.0-80.4.2.el8_0.aarch64.rpm
bpftool-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm
kernel-4.18.0-80.4.2.el8_0.aarch64.rpm
kernel-core-4.18.0-80.4.2.el8_0.aarch64.rpm
kernel-cross-headers-4.18.0-80.4.2.el8_0.aarch64.rpm
kernel-debug-4.18.0-80.4.2.el8_0.aarch64.rpm
kernel-debug-core-4.18.0-80.4.2.el8_0.aarch64.rpm
kernel-debug-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm
kernel-debug-devel-4.18.0-80.4.2.el8_0.aarch64.rpm
kernel-debug-modules-4.18.0-80.4.2.el8_0.aarch64.rpm
kernel-debug-modules-extra-4.18.0-80.4.2.el8_0.aarch64.rpm
kernel-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-80.4.2.el8_0.aarch64.rpm
kernel-devel-4.18.0-80.4.2.el8_0.aarch64.rpm
kernel-headers-4.18.0-80.4.2.el8_0.aarch64.rpm
kernel-modules-4.18.0-80.4.2.el8_0.aarch64.rpm
kernel-modules-extra-4.18.0-80.4.2.el8_0.aarch64.rpm
kernel-tools-4.18.0-80.4.2.el8_0.aarch64.rpm
kernel-tools-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm
kernel-tools-libs-4.18.0-80.4.2.el8_0.aarch64.rpm
perf-4.18.0-80.4.2.el8_0.aarch64.rpm
perf-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm
python3-perf-4.18.0-80.4.2.el8_0.aarch64.rpm
python3-perf-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm

noarch:
kernel-abi-whitelists-4.18.0-80.4.2.el8_0.noarch.rpm
kernel-doc-4.18.0-80.4.2.el8_0.noarch.rpm

ppc64le:
bpftool-4.18.0-80.4.2.el8_0.ppc64le.rpm
bpftool-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm
kernel-4.18.0-80.4.2.el8_0.ppc64le.rpm
kernel-core-4.18.0-80.4.2.el8_0.ppc64le.rpm
kernel-cross-headers-4.18.0-80.4.2.el8_0.ppc64le.rpm
kernel-debug-4.18.0-80.4.2.el8_0.ppc64le.rpm
kernel-debug-core-4.18.0-80.4.2.el8_0.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm
kernel-debug-devel-4.18.0-80.4.2.el8_0.ppc64le.rpm
kernel-debug-modules-4.18.0-80.4.2.el8_0.ppc64le.rpm
kernel-debug-modules-extra-4.18.0-80.4.2.el8_0.ppc64le.rpm
kernel-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-80.4.2.el8_0.ppc64le.rpm
kernel-devel-4.18.0-80.4.2.el8_0.ppc64le.rpm
kernel-headers-4.18.0-80.4.2.el8_0.ppc64le.rpm
kernel-modules-4.18.0-80.4.2.el8_0.ppc64le.rpm
kernel-modules-extra-4.18.0-80.4.2.el8_0.ppc64le.rpm
kernel-tools-4.18.0-80.4.2.el8_0.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm
kernel-tools-libs-4.18.0-80.4.2.el8_0.ppc64le.rpm
perf-4.18.0-80.4.2.el8_0.ppc64le.rpm
perf-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm
python3-perf-4.18.0-80.4.2.el8_0.ppc64le.rpm
python3-perf-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm

s390x:
bpftool-4.18.0-80.4.2.el8_0.s390x.rpm
bpftool-debuginfo-4.18.0-80.4.2.el8_0.s390x.rpm
kernel-4.18.0-80.4.2.el8_0.s390x.rpm
kernel-core-4.18.0-80.4.2.el8_0.s390x.rpm
kernel-cross-headers-4.18.0-80.4.2.el8_0.s390x.rpm
kernel-debug-4.18.0-80.4.2.el8_0.s390x.rpm
kernel-debug-core-4.18.0-80.4.2.el8_0.s390x.rpm
kernel-debug-debuginfo-4.18.0-80.4.2.el8_0.s390x.rpm
kernel-debug-devel-4.18.0-80.4.2.el8_0.s390x.rpm
kernel-debug-modules-4.18.0-80.4.2.el8_0.s390x.rpm
kernel-debug-modules-extra-4.18.0-80.4.2.el8_0.s390x.rpm
kernel-debuginfo-4.18.0-80.4.2.el8_0.s390x.rpm
kernel-debuginfo-common-s390x-4.18.0-80.4.2.el8_0.s390x.rpm
kernel-devel-4.18.0-80.4.2.el8_0.s390x.rpm
kernel-headers-4.18.0-80.4.2.el8_0.s390x.rpm
kernel-modules-4.18.0-80.4.2.el8_0.s390x.rpm
kernel-modules-extra-4.18.0-80.4.2.el8_0.s390x.rpm
kernel-tools-4.18.0-80.4.2.el8_0.s390x.rpm
kernel-tools-debuginfo-4.18.0-80.4.2.el8_0.s390x.rpm
kernel-zfcpdump-4.18.0-80.4.2.el8_0.s390x.rpm
kernel-zfcpdump-core-4.18.0-80.4.2.el8_0.s390x.rpm
kernel-zfcpdump-debuginfo-4.18.0-80.4.2.el8_0.s390x.rpm
kernel-zfcpdump-devel-4.18.0-80.4.2.el8_0.s390x.rpm
kernel-zfcpdump-modules-4.18.0-80.4.2.el8_0.s390x.rpm
kernel-zfcpdump-modules-extra-4.18.0-80.4.2.el8_0.s390x.rpm
perf-4.18.0-80.4.2.el8_0.s390x.rpm
perf-debuginfo-4.18.0-80.4.2.el8_0.s390x.rpm
python3-perf-4.18.0-80.4.2.el8_0.s390x.rpm
python3-perf-debuginfo-4.18.0-80.4.2.el8_0.s390x.rpm

x86_64:
bpftool-4.18.0-80.4.2.el8_0.x86_64.rpm
bpftool-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm
kernel-4.18.0-80.4.2.el8_0.x86_64.rpm
kernel-core-4.18.0-80.4.2.el8_0.x86_64.rpm
kernel-cross-headers-4.18.0-80.4.2.el8_0.x86_64.rpm
kernel-debug-4.18.0-80.4.2.el8_0.x86_64.rpm
kernel-debug-core-4.18.0-80.4.2.el8_0.x86_64.rpm
kernel-debug-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm
kernel-debug-devel-4.18.0-80.4.2.el8_0.x86_64.rpm
kernel-debug-modules-4.18.0-80.4.2.el8_0.x86_64.rpm
kernel-debug-modules-extra-4.18.0-80.4.2.el8_0.x86_64.rpm
kernel-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-80.4.2.el8_0.x86_64.rpm
kernel-devel-4.18.0-80.4.2.el8_0.x86_64.rpm
kernel-headers-4.18.0-80.4.2.el8_0.x86_64.rpm
kernel-modules-4.18.0-80.4.2.el8_0.x86_64.rpm
kernel-modules-extra-4.18.0-80.4.2.el8_0.x86_64.rpm
kernel-tools-4.18.0-80.4.2.el8_0.x86_64.rpm
kernel-tools-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm
kernel-tools-libs-4.18.0-80.4.2.el8_0.x86_64.rpm
perf-4.18.0-80.4.2.el8_0.x86_64.rpm
perf-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm
python3-perf-4.18.0-80.4.2.el8_0.x86_64.rpm
python3-perf-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:
bpftool-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm
kernel-debug-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm
kernel-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-80.4.2.el8_0.aarch64.rpm
kernel-tools-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm
kernel-tools-libs-devel-4.18.0-80.4.2.el8_0.aarch64.rpm
perf-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm
python3-perf-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm

ppc64le:
bpftool-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm
kernel-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-80.4.2.el8_0.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm
kernel-tools-libs-devel-4.18.0-80.4.2.el8_0.ppc64le.rpm
perf-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm
python3-perf-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm

x86_64:
bpftool-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm
kernel-debug-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm
kernel-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-80.4.2.el8_0.x86_64.rpm
kernel-tools-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm
kernel-tools-libs-devel-4.18.0-80.4.2.el8_0.x86_64.rpm
perf-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm
python3-perf-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-9213
https://access.redhat.com/security/cve/CVE-2019-11477
https://access.redhat.com/security/cve/CVE-2019-11478
https://access.redhat.com/security/cve/CVE-2019-11479
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/tcpsack

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXQfVZNzjgjWX9erEAQgLoA/9GIfagfPFKGZbzBrrj0u6ql3dtHsfhHsn
pWGZULspXnR/k3np3STGthnvri1ptkk3/IVmc1Iz9IiAE7A7yhK/Trbg4pIapZ4t
7NUeskkhfnpP+6ocPbEGnfjaJ5zieMERVUTcrZ+CKhds1YYnJ0ih1ekj+P12UacN
l1R5Ga79XhwnGT5Alfm0ATZIx+idKuhVp4b6uLAKeMCBwsmDZwe98oCmDSvpAPQ9
kire5H61hvSd/GfsGrVeA8ohs/8b7iw2UslcdZ1uYoLxPpz1I24/i1OXeElMVp3l
4TDthnn3Djd19fp77gSuBbxxh8ismPDL+jBAhsq0TNdzG88PhJK1h/qbO6t39F9z
hBf+eALXggOLEm8UFuuyInmVJjqc/Wt1zGHiLBgr0UhlfVOa5fzhG8NfoQ6bJ56O
mXcS6cmndf0barL4bse6XsyCGQZbLB2jI7cUByeZxlg0d9akpKeuHmI5NnuZJDGx
VhJ1u/6VNBLryEIQs916RdQGJ4EOQfVGhwE0WufW4Zu8Fs0d2P4c/zOY/hZwQRYk
NyhJTR49iD3qmi0mPd+MyeMvY2bSkChmDTscnzSeq6ASGrxoPJg1Pc9Aa5o+ZT3N
bel0/RacnVWzMs5q3kiZTu7ovCt+2UfiTmRQVfcgsp1WXBgRI8uUeCWX5hd0yl+t
ZAqvPPSmBPY=
=qId3
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top
More in Preporuke
Sigurnosni nedostatak jezgre operacijskog sustava

Otkriven je sigurnosni nedostatak jezgre operacijskog sustava Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja. Savjetuje se ažuriranje izdanim...

Close