Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

RedHat: RHSA-2019-2809-01 Important: Kernel-Alt Security Bug Fix

Calendar Sep 20, 2019 User Avatar LinuxSecurity Advisories
4 - 8 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory red hat kernel update bug fix important kernel-alt side channel attack
An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: kernel-alt security, bug fix, and enhancement update
Advisory ID:       RHSA-2019:2809-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2019:2809
Issue date:        2019-09-20
CVE Names:         CVE-2019-5489 CVE-2019-6974 CVE-2019-13272 
====================================================================
1. Summary:

An update for kernel-alt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le

3. Description:

The kernel-alt packages provide the Linux kernel version 4.x.

Security Fix(es):

* Kernel: page cache side channel attacks (CVE-2019-5489)

* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()
(CVE-2019-6974)

* kernel: broken permission and object lifetime handling for PTRACE_TRACEME
(CVE-2019-13272)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* [kernel-alt]: BUG: unable to handle kernel NULL pointer IP:
crypto_remove_spawns+0x118/0x2e0 (BZ#1536967)

* [HPE Apache] update ssif max_xmit_msg_size limit for multi-part messages
(BZ#1610534)

* RHEL-Alt-7.6 - powerpc/pseries: Fix unitialized timer reset on migration
/ powerpc/pseries/mobility: Extend start/stop topology update scope (LPM)
(BZ#1673613)

* RHEL-Alt-7.6 - s390: sha3_generic module fails and triggers panic when in
FIPS mode (BZ#1673979)

* RHEL-Alt-7.6 - System crashed after oom - During ICP deployment
(BZ#1710304)

* kernel-alt: Race condition in hashtables [rhel-alt-7.6.z] (BZ#1712127)

* RHEL-Alt-7.6 - OP930:PM_Test:cpupower -r command set values for first 3
cores in quad and misses last core. (CORAL) (BZ#1717836)

* RHEL-Alt-7.6 - disable runtime NUMA remapping for PRRN/LPM/VPHN
(BZ#1717906)

* fragmented packets timing out (BZ#1729066)

* Backport TCP follow-up for small buffers (BZ#1733617)

Enhancement(s):

* RHEL-Alt-7.6 - perfevent PMDA cannot create file descriptors for reading
nest events using the perf API (pcp/kernel) (CORAL) (BZ#1723036)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1664110 - CVE-2019-5489 Kernel: page cache side channel attacks
1671913 - CVE-2019-6974 Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()
1730895 - CVE-2019-13272 kernel: broken permission and object lifetime handling for PTRACE_TRACEME

6. Package List:

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source:
kernel-alt-4.14.0-115.12.1.el7a.src.rpm

aarch64:
kernel-4.14.0-115.12.1.el7a.aarch64.rpm
kernel-debug-4.14.0-115.12.1.el7a.aarch64.rpm
kernel-debug-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm
kernel-debug-devel-4.14.0-115.12.1.el7a.aarch64.rpm
kernel-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm
kernel-debuginfo-common-aarch64-4.14.0-115.12.1.el7a.aarch64.rpm
kernel-devel-4.14.0-115.12.1.el7a.aarch64.rpm
kernel-headers-4.14.0-115.12.1.el7a.aarch64.rpm
kernel-tools-4.14.0-115.12.1.el7a.aarch64.rpm
kernel-tools-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm
kernel-tools-libs-4.14.0-115.12.1.el7a.aarch64.rpm
perf-4.14.0-115.12.1.el7a.aarch64.rpm
perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm
python-perf-4.14.0-115.12.1.el7a.aarch64.rpm
python-perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm

noarch:
kernel-abi-whitelists-4.14.0-115.12.1.el7a.noarch.rpm
kernel-doc-4.14.0-115.12.1.el7a.noarch.rpm

ppc64le:
kernel-4.14.0-115.12.1.el7a.ppc64le.rpm
kernel-bootwrapper-4.14.0-115.12.1.el7a.ppc64le.rpm
kernel-debug-4.14.0-115.12.1.el7a.ppc64le.rpm
kernel-debug-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm
kernel-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.14.0-115.12.1.el7a.ppc64le.rpm
kernel-devel-4.14.0-115.12.1.el7a.ppc64le.rpm
kernel-headers-4.14.0-115.12.1.el7a.ppc64le.rpm
kernel-tools-4.14.0-115.12.1.el7a.ppc64le.rpm
kernel-tools-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm
kernel-tools-libs-4.14.0-115.12.1.el7a.ppc64le.rpm
perf-4.14.0-115.12.1.el7a.ppc64le.rpm
perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm
python-perf-4.14.0-115.12.1.el7a.ppc64le.rpm
python-perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm

s390x:
kernel-4.14.0-115.12.1.el7a.s390x.rpm
kernel-debug-4.14.0-115.12.1.el7a.s390x.rpm
kernel-debug-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm
kernel-debug-devel-4.14.0-115.12.1.el7a.s390x.rpm
kernel-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm
kernel-debuginfo-common-s390x-4.14.0-115.12.1.el7a.s390x.rpm
kernel-devel-4.14.0-115.12.1.el7a.s390x.rpm
kernel-headers-4.14.0-115.12.1.el7a.s390x.rpm
kernel-kdump-4.14.0-115.12.1.el7a.s390x.rpm
kernel-kdump-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm
kernel-kdump-devel-4.14.0-115.12.1.el7a.s390x.rpm
perf-4.14.0-115.12.1.el7a.s390x.rpm
perf-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm
python-perf-4.14.0-115.12.1.el7a.s390x.rpm
python-perf-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

aarch64:
kernel-debug-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm
kernel-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm
kernel-debuginfo-common-aarch64-4.14.0-115.12.1.el7a.aarch64.rpm
kernel-tools-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm
kernel-tools-libs-devel-4.14.0-115.12.1.el7a.aarch64.rpm
perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm
python-perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm

noarch:
kernel-doc-4.14.0-115.12.1.el7a.noarch.rpm

ppc64le:
kernel-debug-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm
kernel-debug-devel-4.14.0-115.12.1.el7a.ppc64le.rpm
kernel-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.14.0-115.12.1.el7a.ppc64le.rpm
kernel-tools-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm
kernel-tools-libs-devel-4.14.0-115.12.1.el7a.ppc64le.rpm
perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm
python-perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-5489
https://access.redhat.com/security/cve/CVE-2019-6974
https://access.redhat.com/security/cve/CVE-2019-13272
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXYS+G9zjgjWX9erEAQgWLQ/9E1IoTs6bpakJ6GIPIMJUeYDCRpXLRrHt
CAdDGt7wQ2l5PUY2R98fiCs266c8Vaiqll6PDbFRDwHEI4gSkYnemdC3pdD/u1ct
KEch6TBhUejC52t/Zvq2hrUItEj1oz35mVTv+cHHfX9HqVTdV+1SeOR+WoETy+I4
qdBKOSPybxtisp9fdczX0F3uzAfpHqCFVZ2OSvPJmDCZU20gjF+1h+HiyvS4iWT1
qrlMFQ1EliSMbjO/pCTj6PHIcOUNPg7tkx72s5E0qRd4Ja10nZ7QNUh8VGGHNQxb
UYLfM7GojPgWx2UzjLo6EU5a9/Xuo6rwgTE5hKWGqZCm645RSv71tpTbdZJe6vnS
cyzGIV7NtIvMF625LvimVBB/BSXZK3vYpSuBtcPnvKg2wAet83fIzQ4PtwBpzP7p
NfFLvedXg2CRZIYbi5u6tzCqE2UKDpfvKWry8MyELDpt4b4iZEbHt0S4ZdfKzOvu
ajvY2VuM414x0FZpWCEHFXT7dbcilf2ZBg0g0UgazRhumm9utfBsbmQz0fS7GcML
Ef3YRj97YJPhGoeAQ8b+ox8Z+Q/J+/39smr94scd9FjhotlQgVh9zmd6c4IzisEE
iwtg6J38bOHzXi9q3x3Fw4FTe6kUQHeOw9703w/EqojumKVCVCX6VoZ0tmAt720O
ItDqWovzGmk=yv43
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.

RedHat: RHSA-2019-2809-01 Important: Kernel-Alt Security Bug Fix

red hat
Calendar Grey September 20, 2019
Dist Redhat Esm H88
Important security notice for Red Hat Enterprise Linux 7 includes kernel-alt patches and essential improvements addressing side-channel flaws.
An update for kernel-alt is now available for Red Hat Enterprise Linux 7

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Summary

The kernel-alt packages provide the Linux kernel version 4.x.
Security Fix(es):
* Kernel: page cache side channel attacks (CVE-2019-5489)
* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)
* kernel: broken permission and object lifetime handling for PTRACE_TRACEME (CVE-2019-13272)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* [kernel-alt]: BUG: unable to handle kernel NULL pointer IP: crypto_remove_spawns+0x118/0x2e0 (BZ#1536967)
* [HPE Apache] update ssif max_xmit_msg_size limit for multi-part messages (BZ#1610534)
* RHEL-Alt-7.6 - powerpc/pseries: Fix unitialized timer reset on migration / powerpc/pseries/mobility: Extend start/stop topology update scope (LPM) (BZ#1673613)
* RHEL-Alt-7.6 - s390: sha3_generic module fails and triggers panic when in FIPS mode (BZ#1673979)
* RHEL-Alt-7.6 - System crashed after oom - During ICP deployment (BZ#1710304)
* kernel-alt: Race condition in hashtables [rhel-alt-7.6.z] (BZ#1712127)
* RHEL-Alt-7.6 - OP930:PM_Test:cpupower -r command set values for first 3 cores in quad and misses last core. (CORAL) (BZ#1717836)
* RHEL-Alt-7.6 - disable runtime NUMA remapping for PRRN/LPM/VPHN (BZ#1717906)
* fragmented packets timing out (BZ#1729066)
* Backport TCP follow-up for small buffers (BZ#1733617)
Enhancement(s):
* RHEL-Alt-7.6 - perfevent PMDA cannot create file descriptors for reading nest events using the perf API (pcp/kernel) (CORAL) (BZ#1723036)

Topics%20covered

Topics Covered

security advisory red hat kernel update bug fix important kernel-alt side channel attack

References

https://access.redhat.com/security/cve/CVE-2019-5489 https://access.redhat.com/security/cve/CVE-2019-6974 https://access.redhat.com/security/cve/CVE-2019-13272 https://access.redhat.com/security/updates/classification/#important

Package List

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source: kernel-alt-4.14.0-115.12.1.el7a.src.rpm
aarch64: kernel-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debug-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debug-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debug-devel-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debuginfo-common-aarch64-4.14.0-115.12.1.el7a.aarch64.rpm kernel-devel-4.14.0-115.12.1.el7a.aarch64.rpm kernel-headers-4.14.0-115.12.1.el7a.aarch64.rpm kernel-tools-4.14.0-115.12.1.el7a.aarch64.rpm kernel-tools-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-tools-libs-4.14.0-115.12.1.el7a.aarch64.rpm perf-4.14.0-115.12.1.el7a.aarch64.rpm perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm python-perf-4.14.0-115.12.1.el7a.aarch64.rpm python-perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm
noarch: kernel-abi-whitelists-4.14.0-115.12.1.el7a.noarch.rpm kernel-doc-4.14.0-115.12.1.el7a.noarch.rpm
ppc64le: kernel-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-bootwrapper-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debug-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debug-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2019:2809-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2809
Issue date: 2019-09-20

Topic

An update for kernel-alt is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory red hat kernel update bug fix important kernel-alt side channel attack

Relevant Releases Architectures

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le

Bugs Fixed

1664110 - CVE-2019-5489 Kernel: page cache side channel attacks

1671913 - CVE-2019-6974 Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()

1730895 - CVE-2019-13272 kernel: broken permission and object lifetime handling for PTRACE_TRACEME

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here