Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Red Hat Enterprise Linux 7 RHSA-2020-0174-01 Important Kernel-Alt Update

red hat
Calendar Grey January 21, 2020
Dist Redhat Esm H88
Keep informed about the significance of kernel-alt updates impacting Red Hat Enterprise Linux 7. Essential bug resolutions are incorporated.
An update for kernel-alt is now available for Red Hat Enterprise Linux 7

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Summary

The kernel-alt packages provide the Linux kernel version 4.x.
Security Fix(es):
* Kernel: speculative bounds check bypass store (CVE-2018-3693)
* kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559)
* kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846)
* kernel: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr (CVE-2019-8912)
* kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126)
* kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487)
* kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)
* kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)
* kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS (CVE-2019-14814)
* kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS (CVE-2019-14815)
* kernel: (powerpc) incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Kernel panic on job cleanup, related to SyS_getdents64 (BZ#1702057)
* Kernel modules generated incorrectly when system is localized to non-English language (BZ#1705285)
* RHEL-Alt-7.6 - Fixup tlbie vs store ordering issue on POWER9 (BZ#1756270)

Topics%20covered

Topics Covered

security advisory security update Red Hat bug fix DoS important kernel-alt

References

https://access.redhat.com/security/cve/CVE-2018-3693 https://access.redhat.com/security/cve/CVE-2018-18559 https://access.redhat.com/security/cve/CVE-2019-3846 https://access.redhat.com/security/cve/CVE-2019-8912 https://access.redhat.com/security/cve/CVE-2019-10126 https://access.redhat.com/security/cve/CVE-2019-11487 https://access.redhat.com/security/cve/CVE-2019-14814 https://access.redhat.com/security/cve/CVE-2019-14815 https://access.redhat.com/security/cve/CVE-2019-14816 https://access.redhat.com/security/cve/CVE-2019-17133 https://access.redhat.com/security/cve/CVE-2019-18660 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/solutions/3523601

Package List

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source: kernel-alt-4.14.0-115.17.1.el7a.src.rpm
aarch64: kernel-4.14.0-115.17.1.el7a.aarch64.rpm kernel-debug-4.14.0-115.17.1.el7a.aarch64.rpm kernel-debug-debuginfo-4.14.0-115.17.1.el7a.aarch64.rpm kernel-debug-devel-4.14.0-115.17.1.el7a.aarch64.rpm kernel-debuginfo-4.14.0-115.17.1.el7a.aarch64.rpm kernel-debuginfo-common-aarch64-4.14.0-115.17.1.el7a.aarch64.rpm kernel-devel-4.14.0-115.17.1.el7a.aarch64.rpm kernel-headers-4.14.0-115.17.1.el7a.aarch64.rpm kernel-tools-4.14.0-115.17.1.el7a.aarch64.rpm kernel-tools-debuginfo-4.14.0-115.17.1.el7a.aarch64.rpm kernel-tools-libs-4.14.0-115.17.1.el7a.aarch64.rpm perf-4.14.0-115.17.1.el7a.aarch64.rpm perf-debuginfo-4.14.0-115.17.1.el7a.aarch64.rpm python-perf-4.14.0-115.17.1.el7a.aarch64.rpm python-perf-debuginfo-4.14.0-115.17.1.el7a.aarch64.rpm
noarch: kernel-abi-whitelists-4.14.0-115.17.1.el7a.noarch.rpm kernel-doc-4.14.0-115.17.1.el7a.noarch.rpm
ppc64le: kernel-4.14.0-115.17.1.el7a.ppc64le.rpm kernel-bootwrapper-4.14.0-115.17.1.el7a.ppc64le.rpm kernel-debug-4.14.0-115.17.1.el7a.ppc64le.rpm kernel-debug-debuginfo-4.14.0-115.17.1.el7a.ppc64le.rpm kernel-debuginfo-4.14.0-115.17.1.el7a.ppc64le.rpm

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2020:0174-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:0174
Issue date: 2020-01-21

Topic

An update for kernel-alt is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory security update Red Hat bug fix DoS important kernel-alt

Relevant Releases Architectures

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le

Bugs Fixed

1581650 - CVE-2018-3693 Kernel: speculative bounds check bypass store

1641878 - CVE-2018-18559 kernel: Use-after-free due to race condition in AF_PACKET implementation

1678685 - CVE-2019-8912 kernel: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr

1703063 - CVE-2019-11487 kernel: Count overflow in FUSE request leading to use-after-free issues.

1713059 - CVE-2019-3846 kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c

1716992 - CVE-2019-10126 kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c

1744130 - CVE-2019-14814 kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS

1744137 - CVE-2019-14815 kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS

1744149 - CVE-2019-14816 kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver

1771909 - CVE-2019-17133 kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c

1777825 - CVE-2019-18660 kernel: (powerpc) incomplete Spectre-RSB mitigation leads to information exposure

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here