Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2020-0179:01 Moderate: kernel security and bug fix update

    Date
    420
    Posted By
    An update for kernel is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: kernel security and bug fix update
    Advisory ID:       RHSA-2020:0179-01
    Product:           Red Hat Enterprise Linux
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0179
    Issue date:        2020-01-21
    CVE Names:         CVE-2018-10853 CVE-2018-18281 CVE-2019-11599 
    =====================================================================
    
    1. Summary:
    
    An update for kernel is now available for Red Hat Enterprise Linux 7.6
    Extended Update Support.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - noarch, x86_64
    Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64
    Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64, ppc64le, s390x, x86_64
    Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, x86_64
    
    3. Description:
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es):
    
    * kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)
    
    * kernel: TLB flush happens too late on mremap (CVE-2018-18281)
    
    * kernel: fix race condition between mmget_not_zero()/get_task_mm() and
    core dumping (CVE-2019-11599)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    Bug Fix(es):
    
    * RHEL 7.7 RC1 - Host crashes about 4.5 hours into switch port bounce test
    (BZ#1763623)
    
    * [Azure][7.8] Include patch "PCI: hv: Avoid use of hv_pci_dev->pci_slot
    after freeing it" (BZ#1766088)
    
    * [Hyper-V][RHEL7.8] When accelerated networking is enabled on RedHat,
    network interface(eth0) moved to new network namespace does not obtain IP
    address. (BZ#1766092)
    
    * [Azure][RHEL 7.6] hv_vmbus probe pass-through GPU card failed
    (BZ#1766096)
    
    * Since RHEL commit 5330f5d09820 high load can cause dm-multipath path
    failures (BZ#1770112)
    
    * Hard lockup in free_one_page()->_raw_spin_lock() because sosreport
    command is reading from /proc/pagetypeinfo (BZ#1770731)
    
    * [ESXi][RHEL7]use-after-free of scsi_cmnd on VMWare virtual guest with
    vmw_pvscsi and ata_piix (BZ#1770737)
    
    * fix compat statfs64() returning EOVERFLOW for when _FILE_OFFSET_BITS=64
    (BZ#1775677)
    
    * Kernel experiences panic in update_group_power() due to division error
    (BZ#1775681)
    
    * Guest crash after load cpuidle-haltpoll driver (BZ#1776288)
    
    * Issues with nova/cinder and attaching disks, /dev/disk/by-id missing some
    times (BZ#1776291)
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    The system must be rebooted for this update to take effect.
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1589890 - CVE-2018-10853 kernel: kvm: guest userspace to guest kernel write
    1645121 - CVE-2018-18281 kernel: TLB flush happens too late on mremap
    1705937 - CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
    
    6. Package List:
    
    Red Hat Enterprise Linux ComputeNode EUS (v. 7.6):
    
    Source:
    kernel-3.10.0-957.43.1.el7.src.rpm
    
    noarch:
    kernel-abi-whitelists-3.10.0-957.43.1.el7.noarch.rpm
    kernel-doc-3.10.0-957.43.1.el7.noarch.rpm
    
    x86_64:
    bpftool-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-debug-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-debug-debuginfo-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-debug-devel-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-devel-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-headers-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-tools-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-tools-libs-3.10.0-957.43.1.el7.x86_64.rpm
    perf-3.10.0-957.43.1.el7.x86_64.rpm
    perf-debuginfo-3.10.0-957.43.1.el7.x86_64.rpm
    python-perf-3.10.0-957.43.1.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-957.43.1.el7.x86_64.rpm
    
    Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):
    
    x86_64:
    kernel-debug-debuginfo-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-tools-libs-devel-3.10.0-957.43.1.el7.x86_64.rpm
    perf-debuginfo-3.10.0-957.43.1.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-957.43.1.el7.x86_64.rpm
    
    Red Hat Enterprise Linux Server EUS (v. 7.6):
    
    Source:
    kernel-3.10.0-957.43.1.el7.src.rpm
    
    noarch:
    kernel-abi-whitelists-3.10.0-957.43.1.el7.noarch.rpm
    kernel-doc-3.10.0-957.43.1.el7.noarch.rpm
    
    ppc64:
    kernel-3.10.0-957.43.1.el7.ppc64.rpm
    kernel-bootwrapper-3.10.0-957.43.1.el7.ppc64.rpm
    kernel-debug-3.10.0-957.43.1.el7.ppc64.rpm
    kernel-debug-debuginfo-3.10.0-957.43.1.el7.ppc64.rpm
    kernel-debug-devel-3.10.0-957.43.1.el7.ppc64.rpm
    kernel-debuginfo-3.10.0-957.43.1.el7.ppc64.rpm
    kernel-debuginfo-common-ppc64-3.10.0-957.43.1.el7.ppc64.rpm
    kernel-devel-3.10.0-957.43.1.el7.ppc64.rpm
    kernel-headers-3.10.0-957.43.1.el7.ppc64.rpm
    kernel-tools-3.10.0-957.43.1.el7.ppc64.rpm
    kernel-tools-debuginfo-3.10.0-957.43.1.el7.ppc64.rpm
    kernel-tools-libs-3.10.0-957.43.1.el7.ppc64.rpm
    perf-3.10.0-957.43.1.el7.ppc64.rpm
    perf-debuginfo-3.10.0-957.43.1.el7.ppc64.rpm
    python-perf-3.10.0-957.43.1.el7.ppc64.rpm
    python-perf-debuginfo-3.10.0-957.43.1.el7.ppc64.rpm
    
    ppc64le:
    kernel-3.10.0-957.43.1.el7.ppc64le.rpm
    kernel-bootwrapper-3.10.0-957.43.1.el7.ppc64le.rpm
    kernel-debug-3.10.0-957.43.1.el7.ppc64le.rpm
    kernel-debug-debuginfo-3.10.0-957.43.1.el7.ppc64le.rpm
    kernel-debuginfo-3.10.0-957.43.1.el7.ppc64le.rpm
    kernel-debuginfo-common-ppc64le-3.10.0-957.43.1.el7.ppc64le.rpm
    kernel-devel-3.10.0-957.43.1.el7.ppc64le.rpm
    kernel-headers-3.10.0-957.43.1.el7.ppc64le.rpm
    kernel-tools-3.10.0-957.43.1.el7.ppc64le.rpm
    kernel-tools-debuginfo-3.10.0-957.43.1.el7.ppc64le.rpm
    kernel-tools-libs-3.10.0-957.43.1.el7.ppc64le.rpm
    perf-3.10.0-957.43.1.el7.ppc64le.rpm
    perf-debuginfo-3.10.0-957.43.1.el7.ppc64le.rpm
    python-perf-3.10.0-957.43.1.el7.ppc64le.rpm
    python-perf-debuginfo-3.10.0-957.43.1.el7.ppc64le.rpm
    
    s390x:
    kernel-3.10.0-957.43.1.el7.s390x.rpm
    kernel-debug-3.10.0-957.43.1.el7.s390x.rpm
    kernel-debug-debuginfo-3.10.0-957.43.1.el7.s390x.rpm
    kernel-debug-devel-3.10.0-957.43.1.el7.s390x.rpm
    kernel-debuginfo-3.10.0-957.43.1.el7.s390x.rpm
    kernel-debuginfo-common-s390x-3.10.0-957.43.1.el7.s390x.rpm
    kernel-devel-3.10.0-957.43.1.el7.s390x.rpm
    kernel-headers-3.10.0-957.43.1.el7.s390x.rpm
    kernel-kdump-3.10.0-957.43.1.el7.s390x.rpm
    kernel-kdump-debuginfo-3.10.0-957.43.1.el7.s390x.rpm
    kernel-kdump-devel-3.10.0-957.43.1.el7.s390x.rpm
    perf-3.10.0-957.43.1.el7.s390x.rpm
    perf-debuginfo-3.10.0-957.43.1.el7.s390x.rpm
    python-perf-3.10.0-957.43.1.el7.s390x.rpm
    python-perf-debuginfo-3.10.0-957.43.1.el7.s390x.rpm
    
    x86_64:
    bpftool-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-debug-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-debug-debuginfo-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-debug-devel-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-devel-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-headers-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-tools-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-tools-libs-3.10.0-957.43.1.el7.x86_64.rpm
    perf-3.10.0-957.43.1.el7.x86_64.rpm
    perf-debuginfo-3.10.0-957.43.1.el7.x86_64.rpm
    python-perf-3.10.0-957.43.1.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-957.43.1.el7.x86_64.rpm
    
    Red Hat Enterprise Linux Server Optional EUS (v. 7.6):
    
    ppc64:
    kernel-debug-debuginfo-3.10.0-957.43.1.el7.ppc64.rpm
    kernel-debuginfo-3.10.0-957.43.1.el7.ppc64.rpm
    kernel-debuginfo-common-ppc64-3.10.0-957.43.1.el7.ppc64.rpm
    kernel-tools-debuginfo-3.10.0-957.43.1.el7.ppc64.rpm
    kernel-tools-libs-devel-3.10.0-957.43.1.el7.ppc64.rpm
    perf-debuginfo-3.10.0-957.43.1.el7.ppc64.rpm
    python-perf-debuginfo-3.10.0-957.43.1.el7.ppc64.rpm
    
    ppc64le:
    kernel-debug-debuginfo-3.10.0-957.43.1.el7.ppc64le.rpm
    kernel-debug-devel-3.10.0-957.43.1.el7.ppc64le.rpm
    kernel-debuginfo-3.10.0-957.43.1.el7.ppc64le.rpm
    kernel-debuginfo-common-ppc64le-3.10.0-957.43.1.el7.ppc64le.rpm
    kernel-tools-debuginfo-3.10.0-957.43.1.el7.ppc64le.rpm
    kernel-tools-libs-devel-3.10.0-957.43.1.el7.ppc64le.rpm
    perf-debuginfo-3.10.0-957.43.1.el7.ppc64le.rpm
    python-perf-debuginfo-3.10.0-957.43.1.el7.ppc64le.rpm
    
    x86_64:
    kernel-debug-debuginfo-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-957.43.1.el7.x86_64.rpm
    kernel-tools-libs-devel-3.10.0-957.43.1.el7.x86_64.rpm
    perf-debuginfo-3.10.0-957.43.1.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-957.43.1.el7.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2018-10853
    https://access.redhat.com/security/cve/CVE-2018-18281
    https://access.redhat.com/security/cve/CVE-2019-11599
    https://access.redhat.com/security/updates/classification/#moderate
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXicuy9zjgjWX9erEAQhuUg/9GuAaAJETGmooW5i/JXssSobEQuEsdMIh
    fHfXzZHrLEu4txH1KZsZG23mQEtWEVLImJcB1OQEnYEY9Av/nxMONMFr06Yj7Hdh
    8uKuNpGL1+E7k5Ep8Rj7//f3lHRM/hT28nsp24JomdyVMF/e9Bv+nBJnk/emmJBN
    2S3YtCRNehs5LFNA+aVTX4xwyvTo86DDndL4n82vQBse+ul6m7cfKv1PzNxOdzqb
    74chlejz+gSprpaQI3yuFypqxlC9OHhx2ebJBwwYNCaC76tlG+o6jzEs1V1oiM2r
    UdhAr+ET6WQVu5mC61FlCkcSh7zFzKOiO9ePa6T12xZwfWk7MpAB4s1dsj8wtTOs
    PvLzXS6IdPCnz/cmORp2tngx54DS5Uiukc/9d48O9NLLygm9dTiMyYJ51Xyqn7yr
    v3qniZZmZOMa6muJU0hWzU0sKzSDBFl25+2+1MUonFAyYnweJT3GMU3OBoqw0tna
    TOJ0PbIz5AJuavuyiBPl4xFZeNiSLeMr6967fnCNfnHZ1EySuMIinDHHNwXEx85O
    TMPaUvkBEygM1vlpKLGyCgmHGB58oPjvnB7kHVQbRnz6So66WZ9iWwpnZ08KWmjM
    1oDMnBzOXNdfBzDAe9k9XrlECWreumpIukRKZNDIZcZGhgPl7R5WYjjXbzxdOoSr
    Xvk51R1bLKY=
    =FFK/
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    Advisories

    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/37-how-are-you-contributing-to-open-source?task=poll.vote&format=json
    37
    radio
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.