RedHat: RHSA-2019-3517:01 Important: kernel security, bug fix,

    Date05 Nov 2019
    CategoryRed Hat
    90
    Posted ByLinuxSecurity Advisories
    An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: kernel security, bug fix, and enhancement update
    Advisory ID:       RHSA-2019:3517-01
    Product:           Red Hat Enterprise Linux
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:3517
    Issue date:        2019-11-05
    CVE Names:         CVE-2015-1593 CVE-2018-16884 CVE-2018-19854 
                       CVE-2018-19985 CVE-2018-20169 CVE-2019-3459 
                       CVE-2019-3460 CVE-2019-3874 CVE-2019-3882 
                       CVE-2019-3900 CVE-2019-5489 CVE-2019-7222 
                       CVE-2019-9506 CVE-2019-10126 CVE-2019-10207 
                       CVE-2019-10638 CVE-2019-11599 CVE-2019-11833 
                       CVE-2019-11884 CVE-2019-13233 CVE-2019-14821 
                       CVE-2019-15916 
    =====================================================================
    
    1. Summary:
    
    An update for kernel is now available for Red Hat Enterprise Linux 8.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64
    Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
    
    3. Description:
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es):
    
    * kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884)
    
    * Kernel: vhost_net: infinite loop while receiving packets leads to DoS
    (CVE-2019-3900)
    
    * Kernel: page cache side channel attacks (CVE-2019-5489)
    
    * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB)
    (CVE-2019-9506)
    
    * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in
    drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126)
    
    * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)
    
    * kernel: Information Disclosure in crypto_report_one in
    crypto/crypto_user.c (CVE-2018-19854)
    
    * kernel: usb: missing size check in the __usb_get_extra_descriptor()
    leading to DoS (CVE-2018-20169)
    
    * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT
    (CVE-2019-3459)
    
    * kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP
    (CVE-2019-3460)
    
    * kernel: SCTP socket buffer memory leak leading to denial of service
    (CVE-2019-3874)
    
    * kernel: denial of service vector through vfio DMA mappings
    (CVE-2019-3882)
    
    * kernel: null-pointer dereference in hci_uart_set_flow_control
    (CVE-2019-10207)
    
    * kernel: fix race condition between mmget_not_zero()/get_task_mm() and
    core dumping (CVE-2019-11599)
    
    * kernel: fs/ext4/extents.c leads to information disclosure
    (CVE-2019-11833)
    
    * kernel: sensitive information disclosure from kernel stack memory via
    HIDPCONNADD command (CVE-2019-11884)
    
    * kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)
    
    * kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c
    leads to denial of service (CVE-2019-15916)
    
    * kernel: Linux stack ASLR implementation Integer overflow (CVE-2015-1593)
    
    * kernel: oob memory read in hso_probe in drivers/net/usb/hso.c
    (CVE-2018-19985)
    
    * Kernel: KVM: leak of uninitialized stack contents to guest
    (CVE-2019-7222)
    
    * Kernel: net: weak IP ID generation leads to remote device tracking
    (CVE-2019-10638)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    Additional Changes:
    
    For detailed information on changes in this release, see the Red Hat
    Enterprise Linux 8.1 Release Notes linked from the References section.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    The system must be rebooted for this update to take effect.
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1192519 - CVE-2015-1593 kernel: Linux stack ASLR implementation Integer overflow
    1656432 - [cgroup bpf devices] BPF program is not properly freed
    1656986 - CVE-2018-19854 kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c
    1660375 - CVE-2018-16884 kernel: nfs: use-after-free in svc_process_common()
    1660385 - CVE-2018-20169 kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS
    1663176 - CVE-2019-3459 kernel: Heap address information leak while using L2CAP_GET_CONF_OPT
    1663179 - CVE-2019-3460 kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP
    1664110 - CVE-2019-5489 Kernel: page cache side channel attacks
    1666106 - CVE-2018-19985 kernel: oob memory read in hso_probe in drivers/net/usb/hso.c
    1671930 - CVE-2019-7222 Kernel: KVM: leak of uninitialized stack contents to guest
    1686373 - CVE-2019-3874 kernel: SCTP socket buffer memory leak leading to denial of service
    1689426 - CVE-2019-3882 kernel: denial of service vector through vfio DMA mappings
    1694143 - Misc updates to PCI subsystem from v4.20
    1698757 - CVE-2019-3900 Kernel: vhost_net: infinite loop while receiving packets leads to DoS
    1705937 - CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
    1709837 - CVE-2019-11884 kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command
    1712072 - CVE-2019-11833 kernel: fs/ext4/extents.c leads to information disclosure
    1712197 - crash in is_size_safe_to_change as the result of race condition in management of cifsInodeInfo->openFileList
    1716992 - CVE-2019-10126 kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c
    1719067 - BUG: EACCES on writing empty value to /proc/self/attr/keycreate
    1721034 - [RHEL8 xfs]: fix reporting supported extra file attributes for statx
    1727756 - CVE-2019-13233 kernel: use-after-free in arch/x86/lib/insn-eval.c
    1727857 - CVE-2019-9506 hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB)
    1729931 - CVE-2019-10638 Kernel: net: weak IP ID generation leads to remote device tracking
    1733874 - CVE-2019-10207 kernel: null-pointer dereference in hci_uart_set_flow_control
    1746708 - CVE-2019-14821 Kernel: KVM: OOB memory access via mmio ring buffer
    1750813 - CVE-2019-15916 kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service
    
    6. Package List:
    
    Red Hat Enterprise Linux BaseOS (v. 8):
    
    Source:
    kernel-4.18.0-147.el8.src.rpm
    
    aarch64:
    bpftool-4.18.0-147.el8.aarch64.rpm
    bpftool-debuginfo-4.18.0-147.el8.aarch64.rpm
    kernel-4.18.0-147.el8.aarch64.rpm
    kernel-core-4.18.0-147.el8.aarch64.rpm
    kernel-cross-headers-4.18.0-147.el8.aarch64.rpm
    kernel-debug-4.18.0-147.el8.aarch64.rpm
    kernel-debug-core-4.18.0-147.el8.aarch64.rpm
    kernel-debug-debuginfo-4.18.0-147.el8.aarch64.rpm
    kernel-debug-devel-4.18.0-147.el8.aarch64.rpm
    kernel-debug-modules-4.18.0-147.el8.aarch64.rpm
    kernel-debug-modules-extra-4.18.0-147.el8.aarch64.rpm
    kernel-debuginfo-4.18.0-147.el8.aarch64.rpm
    kernel-debuginfo-common-aarch64-4.18.0-147.el8.aarch64.rpm
    kernel-devel-4.18.0-147.el8.aarch64.rpm
    kernel-headers-4.18.0-147.el8.aarch64.rpm
    kernel-modules-4.18.0-147.el8.aarch64.rpm
    kernel-modules-extra-4.18.0-147.el8.aarch64.rpm
    kernel-tools-4.18.0-147.el8.aarch64.rpm
    kernel-tools-debuginfo-4.18.0-147.el8.aarch64.rpm
    kernel-tools-libs-4.18.0-147.el8.aarch64.rpm
    perf-4.18.0-147.el8.aarch64.rpm
    perf-debuginfo-4.18.0-147.el8.aarch64.rpm
    python3-perf-4.18.0-147.el8.aarch64.rpm
    python3-perf-debuginfo-4.18.0-147.el8.aarch64.rpm
    
    noarch:
    kernel-abi-whitelists-4.18.0-147.el8.noarch.rpm
    kernel-doc-4.18.0-147.el8.noarch.rpm
    
    ppc64le:
    bpftool-4.18.0-147.el8.ppc64le.rpm
    bpftool-debuginfo-4.18.0-147.el8.ppc64le.rpm
    kernel-4.18.0-147.el8.ppc64le.rpm
    kernel-core-4.18.0-147.el8.ppc64le.rpm
    kernel-cross-headers-4.18.0-147.el8.ppc64le.rpm
    kernel-debug-4.18.0-147.el8.ppc64le.rpm
    kernel-debug-core-4.18.0-147.el8.ppc64le.rpm
    kernel-debug-debuginfo-4.18.0-147.el8.ppc64le.rpm
    kernel-debug-devel-4.18.0-147.el8.ppc64le.rpm
    kernel-debug-modules-4.18.0-147.el8.ppc64le.rpm
    kernel-debug-modules-extra-4.18.0-147.el8.ppc64le.rpm
    kernel-debuginfo-4.18.0-147.el8.ppc64le.rpm
    kernel-debuginfo-common-ppc64le-4.18.0-147.el8.ppc64le.rpm
    kernel-devel-4.18.0-147.el8.ppc64le.rpm
    kernel-headers-4.18.0-147.el8.ppc64le.rpm
    kernel-modules-4.18.0-147.el8.ppc64le.rpm
    kernel-modules-extra-4.18.0-147.el8.ppc64le.rpm
    kernel-tools-4.18.0-147.el8.ppc64le.rpm
    kernel-tools-debuginfo-4.18.0-147.el8.ppc64le.rpm
    kernel-tools-libs-4.18.0-147.el8.ppc64le.rpm
    perf-4.18.0-147.el8.ppc64le.rpm
    perf-debuginfo-4.18.0-147.el8.ppc64le.rpm
    python3-perf-4.18.0-147.el8.ppc64le.rpm
    python3-perf-debuginfo-4.18.0-147.el8.ppc64le.rpm
    
    s390x:
    bpftool-4.18.0-147.el8.s390x.rpm
    bpftool-debuginfo-4.18.0-147.el8.s390x.rpm
    kernel-4.18.0-147.el8.s390x.rpm
    kernel-core-4.18.0-147.el8.s390x.rpm
    kernel-cross-headers-4.18.0-147.el8.s390x.rpm
    kernel-debug-4.18.0-147.el8.s390x.rpm
    kernel-debug-core-4.18.0-147.el8.s390x.rpm
    kernel-debug-debuginfo-4.18.0-147.el8.s390x.rpm
    kernel-debug-devel-4.18.0-147.el8.s390x.rpm
    kernel-debug-modules-4.18.0-147.el8.s390x.rpm
    kernel-debug-modules-extra-4.18.0-147.el8.s390x.rpm
    kernel-debuginfo-4.18.0-147.el8.s390x.rpm
    kernel-debuginfo-common-s390x-4.18.0-147.el8.s390x.rpm
    kernel-devel-4.18.0-147.el8.s390x.rpm
    kernel-headers-4.18.0-147.el8.s390x.rpm
    kernel-modules-4.18.0-147.el8.s390x.rpm
    kernel-modules-extra-4.18.0-147.el8.s390x.rpm
    kernel-tools-4.18.0-147.el8.s390x.rpm
    kernel-tools-debuginfo-4.18.0-147.el8.s390x.rpm
    kernel-zfcpdump-4.18.0-147.el8.s390x.rpm
    kernel-zfcpdump-core-4.18.0-147.el8.s390x.rpm
    kernel-zfcpdump-debuginfo-4.18.0-147.el8.s390x.rpm
    kernel-zfcpdump-devel-4.18.0-147.el8.s390x.rpm
    kernel-zfcpdump-modules-4.18.0-147.el8.s390x.rpm
    kernel-zfcpdump-modules-extra-4.18.0-147.el8.s390x.rpm
    perf-4.18.0-147.el8.s390x.rpm
    perf-debuginfo-4.18.0-147.el8.s390x.rpm
    python3-perf-4.18.0-147.el8.s390x.rpm
    python3-perf-debuginfo-4.18.0-147.el8.s390x.rpm
    
    x86_64:
    bpftool-4.18.0-147.el8.x86_64.rpm
    bpftool-debuginfo-4.18.0-147.el8.x86_64.rpm
    kernel-4.18.0-147.el8.x86_64.rpm
    kernel-core-4.18.0-147.el8.x86_64.rpm
    kernel-cross-headers-4.18.0-147.el8.x86_64.rpm
    kernel-debug-4.18.0-147.el8.x86_64.rpm
    kernel-debug-core-4.18.0-147.el8.x86_64.rpm
    kernel-debug-debuginfo-4.18.0-147.el8.x86_64.rpm
    kernel-debug-devel-4.18.0-147.el8.x86_64.rpm
    kernel-debug-modules-4.18.0-147.el8.x86_64.rpm
    kernel-debug-modules-extra-4.18.0-147.el8.x86_64.rpm
    kernel-debuginfo-4.18.0-147.el8.x86_64.rpm
    kernel-debuginfo-common-x86_64-4.18.0-147.el8.x86_64.rpm
    kernel-devel-4.18.0-147.el8.x86_64.rpm
    kernel-headers-4.18.0-147.el8.x86_64.rpm
    kernel-modules-4.18.0-147.el8.x86_64.rpm
    kernel-modules-extra-4.18.0-147.el8.x86_64.rpm
    kernel-tools-4.18.0-147.el8.x86_64.rpm
    kernel-tools-debuginfo-4.18.0-147.el8.x86_64.rpm
    kernel-tools-libs-4.18.0-147.el8.x86_64.rpm
    perf-4.18.0-147.el8.x86_64.rpm
    perf-debuginfo-4.18.0-147.el8.x86_64.rpm
    python3-perf-4.18.0-147.el8.x86_64.rpm
    python3-perf-debuginfo-4.18.0-147.el8.x86_64.rpm
    
    Red Hat CodeReady Linux Builder (v. 8):
    
    aarch64:
    bpftool-debuginfo-4.18.0-147.el8.aarch64.rpm
    kernel-debug-debuginfo-4.18.0-147.el8.aarch64.rpm
    kernel-debuginfo-4.18.0-147.el8.aarch64.rpm
    kernel-debuginfo-common-aarch64-4.18.0-147.el8.aarch64.rpm
    kernel-tools-debuginfo-4.18.0-147.el8.aarch64.rpm
    kernel-tools-libs-devel-4.18.0-147.el8.aarch64.rpm
    perf-debuginfo-4.18.0-147.el8.aarch64.rpm
    python3-perf-debuginfo-4.18.0-147.el8.aarch64.rpm
    
    ppc64le:
    bpftool-debuginfo-4.18.0-147.el8.ppc64le.rpm
    kernel-debug-debuginfo-4.18.0-147.el8.ppc64le.rpm
    kernel-debuginfo-4.18.0-147.el8.ppc64le.rpm
    kernel-debuginfo-common-ppc64le-4.18.0-147.el8.ppc64le.rpm
    kernel-tools-debuginfo-4.18.0-147.el8.ppc64le.rpm
    kernel-tools-libs-devel-4.18.0-147.el8.ppc64le.rpm
    perf-debuginfo-4.18.0-147.el8.ppc64le.rpm
    python3-perf-debuginfo-4.18.0-147.el8.ppc64le.rpm
    
    x86_64:
    bpftool-debuginfo-4.18.0-147.el8.x86_64.rpm
    kernel-debug-debuginfo-4.18.0-147.el8.x86_64.rpm
    kernel-debuginfo-4.18.0-147.el8.x86_64.rpm
    kernel-debuginfo-common-x86_64-4.18.0-147.el8.x86_64.rpm
    kernel-tools-debuginfo-4.18.0-147.el8.x86_64.rpm
    kernel-tools-libs-devel-4.18.0-147.el8.x86_64.rpm
    perf-debuginfo-4.18.0-147.el8.x86_64.rpm
    python3-perf-debuginfo-4.18.0-147.el8.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2015-1593
    https://access.redhat.com/security/cve/CVE-2018-16884
    https://access.redhat.com/security/cve/CVE-2018-19854
    https://access.redhat.com/security/cve/CVE-2018-19985
    https://access.redhat.com/security/cve/CVE-2018-20169
    https://access.redhat.com/security/cve/CVE-2019-3459
    https://access.redhat.com/security/cve/CVE-2019-3460
    https://access.redhat.com/security/cve/CVE-2019-3874
    https://access.redhat.com/security/cve/CVE-2019-3882
    https://access.redhat.com/security/cve/CVE-2019-3900
    https://access.redhat.com/security/cve/CVE-2019-5489
    https://access.redhat.com/security/cve/CVE-2019-7222
    https://access.redhat.com/security/cve/CVE-2019-9506
    https://access.redhat.com/security/cve/CVE-2019-10126
    https://access.redhat.com/security/cve/CVE-2019-10207
    https://access.redhat.com/security/cve/CVE-2019-10638
    https://access.redhat.com/security/cve/CVE-2019-11599
    https://access.redhat.com/security/cve/CVE-2019-11833
    https://access.redhat.com/security/cve/CVE-2019-11884
    https://access.redhat.com/security/cve/CVE-2019-13233
    https://access.redhat.com/security/cve/CVE-2019-14821
    https://access.redhat.com/security/cve/CVE-2019-15916
    https://access.redhat.com/security/updates/classification/#important
    https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXcHq2tzjgjWX9erEAQh9aQ/+ORJBPI5Gdb4vkfhQ4guxcnalY2UDPzBe
    yGC2rgMUx9h5mlAHLyeg6ogiz9DiXUyIcUvcHtEkLJL/5jx25zqLBFR9Qv8zMTtQ
    zowSyCX2PSesHsnitI5gHLEsyT7pnc223meQbpC8zPnUtqw2SWkycM/wzHd6rrKx
    nTiXDe57WLZQ8wnaEB8wGrAwd/X88FLWGy7yS3LlWWWR2WvXamhrOMW68Tjl/Gjb
    xhY6qS4qdwC77QBmxwKlTS07zY5TBeeruphxW+xRCrhPYa0FTiceCbEqjJCRyUUh
    QUBWplOJAJ8JM3oTuAZqbeInUWrY/amwavebgKZl4riBEYF4wQNEdVx8OTUiNkhp
    ym8eSiVi2CPzZ873QmoGxvcrgvFmGyxy1/TQ5P4VRV0DdF1QkqwfshO1IJqqkCuo
    onD22vOnXVjdqGS+TUrSuGix+7HyIAo7M8eYOyBdI7zK0jq3P2Tq038zZ6IHbb8O
    88cfZz6MB/k6A4sb5h2N/IipKE4MUi0Dl6PMyhQOce+PqFn/7MJyDZ77O8fxfwW0
    tbrldfyYjj7YrJX3rvw6Dy1FrHTyFQARbv/nJnhQUt97/jse20ozun4rKjkQsN72
    TtEd+BmZ8+LcqCm+GCjTtYJhOJxtPIYGY4atB/IgRP6G5EDZ2LJAWo3K6QaQe9AG
    UD94d4HYW6k=
    =/1Jo
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"66","type":"x","order":"1","pct":57.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.04,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.57,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.