RedHat: RHSA-2019-2829:01 Important: kernel security update

    Date19 Sep 2019
    CategoryRed Hat
    791
    Posted ByLinuxSecurity Advisories
    An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: kernel security update
    Advisory ID:       RHSA-2019:2829-01
    Product:           Red Hat Enterprise Linux
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:2829
    Issue date:        2019-09-20
    CVE Names:         CVE-2019-14835 
    =====================================================================
    
    1. Summary:
    
    An update for kernel is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
    Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
    Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
    Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
    Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
    Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64
    Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
    Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
    
    3. Description:
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es):
    
    * A buffer overflow flaw was found in the way Linux kernel's vhost
    functionality that translates virtqueue buffers to IOVs, logged the buffer
    descriptors during migration. A privileged guest user able to pass
    descriptors with invalid length to the host when migration is underway,
    could use this flaw to increase their privileges on the host.
    (CVE-2019-14835)
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    The system must be rebooted for this update to take effect.
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration
    
    6. Package List:
    
    Red Hat Enterprise Linux Client (v. 7):
    
    Source:
    kernel-3.10.0-1062.1.2.el7.src.rpm
    
    noarch:
    kernel-abi-whitelists-3.10.0-1062.1.2.el7.noarch.rpm
    kernel-doc-3.10.0-1062.1.2.el7.noarch.rpm
    
    x86_64:
    bpftool-3.10.0-1062.1.2.el7.x86_64.rpm
    bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debug-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debug-devel-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-devel-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-headers-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-tools-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-tools-libs-3.10.0-1062.1.2.el7.x86_64.rpm
    perf-3.10.0-1062.1.2.el7.x86_64.rpm
    perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    python-perf-3.10.0-1062.1.2.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    
    Red Hat Enterprise Linux Client Optional (v. 7):
    
    x86_64:
    bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-tools-libs-devel-3.10.0-1062.1.2.el7.x86_64.rpm
    perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    
    Red Hat Enterprise Linux ComputeNode (v. 7):
    
    Source:
    kernel-3.10.0-1062.1.2.el7.src.rpm
    
    noarch:
    kernel-abi-whitelists-3.10.0-1062.1.2.el7.noarch.rpm
    kernel-doc-3.10.0-1062.1.2.el7.noarch.rpm
    
    x86_64:
    bpftool-3.10.0-1062.1.2.el7.x86_64.rpm
    bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debug-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debug-devel-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-devel-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-headers-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-tools-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-tools-libs-3.10.0-1062.1.2.el7.x86_64.rpm
    perf-3.10.0-1062.1.2.el7.x86_64.rpm
    perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    python-perf-3.10.0-1062.1.2.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    
    Red Hat Enterprise Linux ComputeNode Optional (v. 7):
    
    x86_64:
    bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-tools-libs-devel-3.10.0-1062.1.2.el7.x86_64.rpm
    perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    
    Red Hat Enterprise Linux Server (v. 7):
    
    Source:
    kernel-3.10.0-1062.1.2.el7.src.rpm
    
    noarch:
    kernel-abi-whitelists-3.10.0-1062.1.2.el7.noarch.rpm
    kernel-doc-3.10.0-1062.1.2.el7.noarch.rpm
    
    ppc64:
    bpftool-3.10.0-1062.1.2.el7.ppc64.rpm
    bpftool-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
    kernel-3.10.0-1062.1.2.el7.ppc64.rpm
    kernel-bootwrapper-3.10.0-1062.1.2.el7.ppc64.rpm
    kernel-debug-3.10.0-1062.1.2.el7.ppc64.rpm
    kernel-debug-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
    kernel-debug-devel-3.10.0-1062.1.2.el7.ppc64.rpm
    kernel-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
    kernel-debuginfo-common-ppc64-3.10.0-1062.1.2.el7.ppc64.rpm
    kernel-devel-3.10.0-1062.1.2.el7.ppc64.rpm
    kernel-headers-3.10.0-1062.1.2.el7.ppc64.rpm
    kernel-tools-3.10.0-1062.1.2.el7.ppc64.rpm
    kernel-tools-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
    kernel-tools-libs-3.10.0-1062.1.2.el7.ppc64.rpm
    perf-3.10.0-1062.1.2.el7.ppc64.rpm
    perf-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
    python-perf-3.10.0-1062.1.2.el7.ppc64.rpm
    python-perf-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
    
    ppc64le:
    bpftool-3.10.0-1062.1.2.el7.ppc64le.rpm
    bpftool-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
    kernel-3.10.0-1062.1.2.el7.ppc64le.rpm
    kernel-bootwrapper-3.10.0-1062.1.2.el7.ppc64le.rpm
    kernel-debug-3.10.0-1062.1.2.el7.ppc64le.rpm
    kernel-debug-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
    kernel-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
    kernel-debuginfo-common-ppc64le-3.10.0-1062.1.2.el7.ppc64le.rpm
    kernel-devel-3.10.0-1062.1.2.el7.ppc64le.rpm
    kernel-headers-3.10.0-1062.1.2.el7.ppc64le.rpm
    kernel-tools-3.10.0-1062.1.2.el7.ppc64le.rpm
    kernel-tools-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
    kernel-tools-libs-3.10.0-1062.1.2.el7.ppc64le.rpm
    perf-3.10.0-1062.1.2.el7.ppc64le.rpm
    perf-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
    python-perf-3.10.0-1062.1.2.el7.ppc64le.rpm
    python-perf-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
    
    s390x:
    bpftool-3.10.0-1062.1.2.el7.s390x.rpm
    bpftool-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm
    kernel-3.10.0-1062.1.2.el7.s390x.rpm
    kernel-debug-3.10.0-1062.1.2.el7.s390x.rpm
    kernel-debug-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm
    kernel-debug-devel-3.10.0-1062.1.2.el7.s390x.rpm
    kernel-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm
    kernel-debuginfo-common-s390x-3.10.0-1062.1.2.el7.s390x.rpm
    kernel-devel-3.10.0-1062.1.2.el7.s390x.rpm
    kernel-headers-3.10.0-1062.1.2.el7.s390x.rpm
    kernel-kdump-3.10.0-1062.1.2.el7.s390x.rpm
    kernel-kdump-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm
    kernel-kdump-devel-3.10.0-1062.1.2.el7.s390x.rpm
    perf-3.10.0-1062.1.2.el7.s390x.rpm
    perf-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm
    python-perf-3.10.0-1062.1.2.el7.s390x.rpm
    python-perf-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm
    
    x86_64:
    bpftool-3.10.0-1062.1.2.el7.x86_64.rpm
    bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debug-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debug-devel-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-devel-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-headers-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-tools-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-tools-libs-3.10.0-1062.1.2.el7.x86_64.rpm
    perf-3.10.0-1062.1.2.el7.x86_64.rpm
    perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    python-perf-3.10.0-1062.1.2.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    
    Red Hat Enterprise Linux Server Optional (v. 7):
    
    ppc64:
    bpftool-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
    kernel-debug-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
    kernel-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
    kernel-debuginfo-common-ppc64-3.10.0-1062.1.2.el7.ppc64.rpm
    kernel-tools-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
    kernel-tools-libs-devel-3.10.0-1062.1.2.el7.ppc64.rpm
    perf-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
    python-perf-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm
    
    ppc64le:
    bpftool-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
    kernel-debug-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
    kernel-debug-devel-3.10.0-1062.1.2.el7.ppc64le.rpm
    kernel-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
    kernel-debuginfo-common-ppc64le-3.10.0-1062.1.2.el7.ppc64le.rpm
    kernel-tools-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
    kernel-tools-libs-devel-3.10.0-1062.1.2.el7.ppc64le.rpm
    perf-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
    python-perf-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm
    
    x86_64:
    bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-tools-libs-devel-3.10.0-1062.1.2.el7.x86_64.rpm
    perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    
    Red Hat Enterprise Linux Workstation (v. 7):
    
    Source:
    kernel-3.10.0-1062.1.2.el7.src.rpm
    
    noarch:
    kernel-abi-whitelists-3.10.0-1062.1.2.el7.noarch.rpm
    kernel-doc-3.10.0-1062.1.2.el7.noarch.rpm
    
    x86_64:
    bpftool-3.10.0-1062.1.2.el7.x86_64.rpm
    bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debug-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debug-devel-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-devel-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-headers-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-tools-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-tools-libs-3.10.0-1062.1.2.el7.x86_64.rpm
    perf-3.10.0-1062.1.2.el7.x86_64.rpm
    perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    python-perf-3.10.0-1062.1.2.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    
    Red Hat Enterprise Linux Workstation Optional (v. 7):
    
    x86_64:
    bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    kernel-tools-libs-devel-3.10.0-1062.1.2.el7.x86_64.rpm
    perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-14835
    https://access.redhat.com/security/updates/classification/#important
    https://access.redhat.com/security/vulnerabilities/kernel-vhost
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXYSDiNzjgjWX9erEAQiVUQ/9EzNEE3VBb1tjfASE0BrtTQXPGV5OD0jF
    xgNeuTZt7X15behgUtLM3tDg3eiPYZnEErojpJr52sh7Jz1J2GuVajbVpUtaW2Wm
    P+iI+zmtzhdUPns6zbuV4Qkyk0Q2WNxt1RLMcZeXtDMKiYN7Tj34wmF2aKhvAB6i
    Du+8LiPcsU84XcyT5z4lnG/iRCw1CqHvuVj7oJNQCWGC3X3Am6hkmuZ3Y1I5+cI8
    mqJIb+aEbvVnAzDLdyl9JoTOPy+e5X0wHLiTEwKgp6k6IaWdVoPoxcrx4M8TPPbN
    7A8Q7KrLAqeDNkft8YKmYgO3alE7915/FaRcpzAoPlBlot/OvCeiwP0qPjQ9ki0C
    JrOk98DYgRD0OxLfXoe4mMfYyh+yb+Q3APxjv6r75RJuxXIQGHMgo8EWVRNkA7Je
    2CMFtk2J1x/eiQnRN/UbEri6oDc9LIC6o4eANEm1hNPNoYi66xPDeTMiwua79q0n
    SnPLqXjjm0jDft7XOvv/5H9AuaRjurZLzMf6a08OouxCkzM8t1iRCnBrVTAW+AqW
    j/0eZz+ElMoM4xTtzM1aZit+0dy0wVbTdeCpbVJQre89Z2iA1exdgptnO+8/oLa3
    XnWaluoWVObovE4ev0czx8ML9oJ13gVglU2Zme3Uzian48/2+/bgJHrjr3J+GLYG
    6PiQ0CEHbCQ=
    =V1EB
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"22","type":"x","order":"1","pct":55,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.5,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":32.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.