RedHat: RHSA-2019-3309:01 Important: kernel-rt security and bug fix update

    Date 05 Nov 2019
    190
    Posted By LinuxSecurity Advisories
    An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: kernel-rt security and bug fix update
    Advisory ID:       RHSA-2019:3309-01
    Product:           Red Hat Enterprise Linux
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:3309
    Issue date:        2019-11-05
    CVE Names:         CVE-2018-16884 CVE-2018-19854 CVE-2018-19985 
                       CVE-2018-20169 CVE-2019-3459 CVE-2019-3460 
                       CVE-2019-3874 CVE-2019-3882 CVE-2019-3900 
                       CVE-2019-5489 CVE-2019-7222 CVE-2019-9506 
                       CVE-2019-10126 CVE-2019-10207 CVE-2019-10638 
                       CVE-2019-11599 CVE-2019-11833 CVE-2019-11884 
                       CVE-2019-13233 CVE-2019-14821 CVE-2019-15916 
    =====================================================================
    
    1. Summary:
    
    An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux Real Time (v. 8) - x86_64
    Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64
    
    3. Description:
    
    The kernel-rt packages provide the Real Time Linux Kernel, which enables
    fine-tuning for systems with extremely high determinism requirements.
    
    Security Fix(es):
    
    * kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)
    
    * Kernel: vhost_net: infinite loop while receiving packets leads to DoS
    (CVE-2019-3900)
    
    * Kernel: page cache side channel attacks (CVE-2019-5489)
    
    * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB)
    (CVE-2019-9506)
    
    * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in
    drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126)
    
    * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)
    
    * kernel: Information Disclosure in crypto_report_one in
    crypto/crypto_user.c (CVE-2018-19854)
    
    * kernel: usb: missing size check in the __usb_get_extra_descriptor()
    leading to DoS (CVE-2018-20169)
    
    * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT
    (CVE-2019-3459)
    
    * kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP
    (CVE-2019-3460)
    
    * kernel: SCTP socket buffer memory leak leading to denial of service
    (CVE-2019-3874)
    
    * kernel: denial of service vector through vfio DMA mappings
    (CVE-2019-3882)
    
    * kernel: null-pointer dereference in hci_uart_set_flow_control
    (CVE-2019-10207)
    
    * kernel: fix race condition between mmget_not_zero()/get_task_mm() and
    core dumping (CVE-2019-11599)
    
    * kernel: fs/ext4/extents.c leads to information disclosure
    (CVE-2019-11833)
    
    * kernel: sensitive information disclosure from kernel stack memory via
    HIDPCONNADD command (CVE-2019-11884)
    
    * kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)
    
    * kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c
    leads to denial of service (CVE-2019-15916)
    
    * kernel: oob memory read in hso_probe in drivers/net/usb/hso.c
    (CVE-2018-19985)
    
    * Kernel: KVM: leak of uninitialized stack contents to guest
    (CVE-2019-7222)
    
    * Kernel: net: weak IP ID generation leads to remote device tracking
    (CVE-2019-10638)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    Additional Changes:
    
    For detailed information on changes in this release, see the Red Hat
    Enterprise Linux 8.1 Release Notes linked from the References section.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    The system must be rebooted for this update to take effect.
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1656986 - CVE-2018-19854 kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c
    1660375 - CVE-2018-16884 kernel: nfs: use-after-free in svc_process_common()
    1660385 - CVE-2018-20169 kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS
    1663176 - CVE-2019-3459 kernel: Heap address information leak while using L2CAP_GET_CONF_OPT
    1663179 - CVE-2019-3460 kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP
    1664110 - CVE-2019-5489 Kernel: page cache side channel attacks
    1666106 - CVE-2018-19985 kernel: oob memory read in hso_probe in drivers/net/usb/hso.c
    1671930 - CVE-2019-7222 Kernel: KVM: leak of uninitialized stack contents to guest
    1678887 - RT: update RT source tree to the RHEL-8.1 tree
    1686373 - CVE-2019-3874 kernel: SCTP socket buffer memory leak leading to denial of service
    1689426 - CVE-2019-3882 kernel: denial of service vector through vfio DMA mappings
    1698757 - CVE-2019-3900 Kernel: vhost_net: infinite loop while receiving packets leads to DoS
    1700666 - Make kernel-rt require rt-setup
    1705937 - CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
    1709837 - CVE-2019-11884 kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command
    1712072 - CVE-2019-11833 kernel: fs/ext4/extents.c leads to information disclosure
    1716992 - CVE-2019-10126 kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c
    1724657 - BUG: scheduling while atomic in zswap
    1727756 - CVE-2019-13233 kernel: use-after-free in arch/x86/lib/insn-eval.c
    1727857 - CVE-2019-9506 hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB)
    1728765 - BUG: scheduling while atomic: rcuc/13/134/0x00000002
    1729931 - CVE-2019-10638 Kernel: net: weak IP ID generation leads to remote device tracking
    1733472 - BUG: scheduling while atomic: rcuc/1/24/0x00000002
    1733874 - CVE-2019-10207 kernel: null-pointer dereference in hci_uart_set_flow_control
    1743931 - BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
    1745646 - [RT] sched/fair: Robustify CFS-bandwidth timer locking
    1746708 - CVE-2019-14821 Kernel: KVM: OOB memory access via mmio ring buffer
    1750813 - CVE-2019-15916 kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service
    
    6. Package List:
    
    Red Hat Enterprise Linux Real Time for NFV (v. 8):
    
    Source:
    kernel-rt-4.18.0-147.rt24.93.el8.src.rpm
    
    x86_64:
    kernel-rt-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-core-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-core-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-debuginfo-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-devel-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-kvm-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-kvm-debuginfo-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-modules-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-modules-extra-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debuginfo-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debuginfo-common-x86_64-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-devel-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-kvm-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-kvm-debuginfo-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-modules-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-modules-extra-4.18.0-147.rt24.93.el8.x86_64.rpm
    
    Red Hat Enterprise Linux Real Time (v. 8):
    
    Source:
    kernel-rt-4.18.0-147.rt24.93.el8.src.rpm
    
    x86_64:
    kernel-rt-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-core-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-core-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-debuginfo-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-devel-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-kvm-debuginfo-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-modules-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debug-modules-extra-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debuginfo-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-debuginfo-common-x86_64-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-devel-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-kvm-debuginfo-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-modules-4.18.0-147.rt24.93.el8.x86_64.rpm
    kernel-rt-modules-extra-4.18.0-147.rt24.93.el8.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2018-16884
    https://access.redhat.com/security/cve/CVE-2018-19854
    https://access.redhat.com/security/cve/CVE-2018-19985
    https://access.redhat.com/security/cve/CVE-2018-20169
    https://access.redhat.com/security/cve/CVE-2019-3459
    https://access.redhat.com/security/cve/CVE-2019-3460
    https://access.redhat.com/security/cve/CVE-2019-3874
    https://access.redhat.com/security/cve/CVE-2019-3882
    https://access.redhat.com/security/cve/CVE-2019-3900
    https://access.redhat.com/security/cve/CVE-2019-5489
    https://access.redhat.com/security/cve/CVE-2019-7222
    https://access.redhat.com/security/cve/CVE-2019-9506
    https://access.redhat.com/security/cve/CVE-2019-10126
    https://access.redhat.com/security/cve/CVE-2019-10207
    https://access.redhat.com/security/cve/CVE-2019-10638
    https://access.redhat.com/security/cve/CVE-2019-11599
    https://access.redhat.com/security/cve/CVE-2019-11833
    https://access.redhat.com/security/cve/CVE-2019-11884
    https://access.redhat.com/security/cve/CVE-2019-13233
    https://access.redhat.com/security/cve/CVE-2019-14821
    https://access.redhat.com/security/cve/CVE-2019-15916
    https://access.redhat.com/security/updates/classification/#important
    https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXcHp0tzjgjWX9erEAQglbQ//TSJNycuRkc20sRHAEGD0gAf3o3Bh6ddd
    SuqZn81Lo4R5dDlGLQzfiPtHzS5YjnP8DZoy8Ezg8kzpVt2CfBH+9LBJ7J8VIIlx
    O39uM7BxCQ4nevWwXcXf4TyBkOrwx2dOMHHllVjLeKzi4WeKx18IZlnbT++qvVMw
    vbqLnNLMfKA47BfZ/Umfq7ElbJIuSkglVx/217YqpEIxGrm7I74RYCASm5KGRLmY
    rgyW83glaiHZLEleXZwac81/OB8i5Gs6joIhQ+77AxJkzJ1FGuFzOBtFSRcp2UTl
    jm+adv8YYlMiv9DYoCPEaWL22Anxl7KNkDpPGULiFRml5bL1eCFuiEjt969MBe1f
    xkeXxWMfw6dqtKUynB0rixVqNqmJ2U/bpiVr+yaSeVKRR0f9uCTdpm+rQL00CcGZ
    QzIR1otD34cP5ccP4VRwqbggYE1Ag3wsFRGVSxP0O9I+0yQIPFN52Rc4UOtrLlai
    ezM3kY89gJcg3AalKq+UTP2yMvp8ckbeu3cYfu1Xs+uaMW3uuoaFSQpWU/xeQwfD
    ShffAhDC3ruGPthIGfY9gRrOqBfb9nWDvpoi0oR3hO+R2j2N8TL5ijXjYYek8oj2
    LaFF4SWnwLK4P1GZcQdNHk/Kz2WUnWX4KDjPIR+G7CFWBGADkh9S10c7FAy1BO//
    +dTe2joyO2k=
    =Zhbj
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    

    LinuxSecurity Poll

    Do you feel that the Lawful Access to Encrypted Data Act, which aims to force encryption backdoors, is a threat to US citizens' privacy?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/30-do-you-feel-that-the-lawful-access-to-encrypted-data-act-which-aims-to-force-encryption-backdoors-is-a-threat-to-privacy?task=poll.vote&format=json
    30
    radio
    [{"id":"106","title":"Yes - I am a privacy advocate and I am strongly opposed to this bill.","votes":"18","type":"x","order":"1","pct":94.74,"resources":[]},{"id":"107","title":"I'm undecided - it has its pros and cons.","votes":"1","type":"x","order":"2","pct":5.26,"resources":[]},{"id":"108","title":"No - I support this bill and feel that it will help protect against crime and threats to our national security. ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.