Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2020-0543:01 Important: kernel security, bug fix,

    Date
    413
    Posted By
    An update for kernel is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: kernel security, bug fix, and enhancement update
    Advisory ID:       RHSA-2020:0543-01
    Product:           Red Hat Enterprise Linux
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0543
    Issue date:        2020-02-18
    CVE Names:         CVE-2018-20856 CVE-2018-20976 CVE-2019-11085 
                       CVE-2019-11599 CVE-2019-14895 CVE-2019-17133 
                       CVE-2019-17666 
    =====================================================================
    
    1. Summary:
    
    An update for kernel is now available for Red Hat Enterprise Linux 7.5
    Extended Update Support.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux ComputeNode EUS (v. 7.5) - noarch, x86_64
    Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5) - x86_64
    Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64, ppc64le, s390x, x86_64
    Red Hat Enterprise Linux Server Optional EUS (v. 7.5) - ppc64, ppc64le, x86_64
    
    3. Description:
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es):
    
    * kernel: Use-after-free in __blk_drain_queue() function in
    block/blk-core.c (CVE-2018-20856)
    
    * kernel: use-after-free in fs/xfs/xfs_super.c (CVE-2018-20976)
    
    * kernel: insufficient input validation in kernel mode driver in Intel i915
    graphics leads to privilege escalation (CVE-2019-11085)
    
    * kernel: heap-based buffer overflow in mwifiex_process_country_ie()
    function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c
    (CVE-2019-14895)
    
    * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in
    net/wireless/wext-sme.c (CVE-2019-17133)
    
    * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in
    the Linux kernel lacks a certain upper-bound check, leading to a buffer
    overflow (CVE-2019-17666)
    
    * kernel: fix race condition between mmget_not_zero()/get_task_mm() and
    core dumping (CVE-2019-11599)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    Bug Fix(es):
    
    * [Hyper-V][RHEL7.6]Hyper-V guest waiting indefinitely for RCU callback
    when removing a mem cgroup (BZ#1783175)
    
    Enhancement(s):
    
    * Selective backport: perf: Sync with upstream v4.16 (BZ#1782751)
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    The system must be rebooted for this update to take effect.
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1705937 - CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
    1710405 - CVE-2019-11085 kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation
    1738705 - CVE-2018-20856 kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c
    1743547 - CVE-2018-20976 kernel: use-after-free in fs/xfs/xfs_super.c
    1763690 - CVE-2019-17666 kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow
    1771909 - CVE-2019-17133 kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c
    1774870 - CVE-2019-14895 kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c
    
    6. Package List:
    
    Red Hat Enterprise Linux ComputeNode EUS (v. 7.5):
    
    Source:
    kernel-3.10.0-862.48.1.el7.src.rpm
    
    noarch:
    kernel-abi-whitelists-3.10.0-862.48.1.el7.noarch.rpm
    kernel-doc-3.10.0-862.48.1.el7.noarch.rpm
    
    x86_64:
    kernel-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-debug-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-debug-debuginfo-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-debug-devel-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-devel-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-headers-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-tools-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-tools-libs-3.10.0-862.48.1.el7.x86_64.rpm
    perf-3.10.0-862.48.1.el7.x86_64.rpm
    perf-debuginfo-3.10.0-862.48.1.el7.x86_64.rpm
    python-perf-3.10.0-862.48.1.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-862.48.1.el7.x86_64.rpm
    
    Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5):
    
    x86_64:
    kernel-debug-debuginfo-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-tools-libs-devel-3.10.0-862.48.1.el7.x86_64.rpm
    perf-debuginfo-3.10.0-862.48.1.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-862.48.1.el7.x86_64.rpm
    
    Red Hat Enterprise Linux Server EUS (v. 7.5):
    
    Source:
    kernel-3.10.0-862.48.1.el7.src.rpm
    
    noarch:
    kernel-abi-whitelists-3.10.0-862.48.1.el7.noarch.rpm
    kernel-doc-3.10.0-862.48.1.el7.noarch.rpm
    
    ppc64:
    kernel-3.10.0-862.48.1.el7.ppc64.rpm
    kernel-bootwrapper-3.10.0-862.48.1.el7.ppc64.rpm
    kernel-debug-3.10.0-862.48.1.el7.ppc64.rpm
    kernel-debug-debuginfo-3.10.0-862.48.1.el7.ppc64.rpm
    kernel-debug-devel-3.10.0-862.48.1.el7.ppc64.rpm
    kernel-debuginfo-3.10.0-862.48.1.el7.ppc64.rpm
    kernel-debuginfo-common-ppc64-3.10.0-862.48.1.el7.ppc64.rpm
    kernel-devel-3.10.0-862.48.1.el7.ppc64.rpm
    kernel-headers-3.10.0-862.48.1.el7.ppc64.rpm
    kernel-tools-3.10.0-862.48.1.el7.ppc64.rpm
    kernel-tools-debuginfo-3.10.0-862.48.1.el7.ppc64.rpm
    kernel-tools-libs-3.10.0-862.48.1.el7.ppc64.rpm
    perf-3.10.0-862.48.1.el7.ppc64.rpm
    perf-debuginfo-3.10.0-862.48.1.el7.ppc64.rpm
    python-perf-3.10.0-862.48.1.el7.ppc64.rpm
    python-perf-debuginfo-3.10.0-862.48.1.el7.ppc64.rpm
    
    ppc64le:
    kernel-3.10.0-862.48.1.el7.ppc64le.rpm
    kernel-bootwrapper-3.10.0-862.48.1.el7.ppc64le.rpm
    kernel-debug-3.10.0-862.48.1.el7.ppc64le.rpm
    kernel-debug-debuginfo-3.10.0-862.48.1.el7.ppc64le.rpm
    kernel-debuginfo-3.10.0-862.48.1.el7.ppc64le.rpm
    kernel-debuginfo-common-ppc64le-3.10.0-862.48.1.el7.ppc64le.rpm
    kernel-devel-3.10.0-862.48.1.el7.ppc64le.rpm
    kernel-headers-3.10.0-862.48.1.el7.ppc64le.rpm
    kernel-tools-3.10.0-862.48.1.el7.ppc64le.rpm
    kernel-tools-debuginfo-3.10.0-862.48.1.el7.ppc64le.rpm
    kernel-tools-libs-3.10.0-862.48.1.el7.ppc64le.rpm
    perf-3.10.0-862.48.1.el7.ppc64le.rpm
    perf-debuginfo-3.10.0-862.48.1.el7.ppc64le.rpm
    python-perf-3.10.0-862.48.1.el7.ppc64le.rpm
    python-perf-debuginfo-3.10.0-862.48.1.el7.ppc64le.rpm
    
    s390x:
    kernel-3.10.0-862.48.1.el7.s390x.rpm
    kernel-debug-3.10.0-862.48.1.el7.s390x.rpm
    kernel-debug-debuginfo-3.10.0-862.48.1.el7.s390x.rpm
    kernel-debug-devel-3.10.0-862.48.1.el7.s390x.rpm
    kernel-debuginfo-3.10.0-862.48.1.el7.s390x.rpm
    kernel-debuginfo-common-s390x-3.10.0-862.48.1.el7.s390x.rpm
    kernel-devel-3.10.0-862.48.1.el7.s390x.rpm
    kernel-headers-3.10.0-862.48.1.el7.s390x.rpm
    kernel-kdump-3.10.0-862.48.1.el7.s390x.rpm
    kernel-kdump-debuginfo-3.10.0-862.48.1.el7.s390x.rpm
    kernel-kdump-devel-3.10.0-862.48.1.el7.s390x.rpm
    perf-3.10.0-862.48.1.el7.s390x.rpm
    perf-debuginfo-3.10.0-862.48.1.el7.s390x.rpm
    python-perf-3.10.0-862.48.1.el7.s390x.rpm
    python-perf-debuginfo-3.10.0-862.48.1.el7.s390x.rpm
    
    x86_64:
    kernel-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-debug-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-debug-debuginfo-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-debug-devel-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-devel-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-headers-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-tools-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-tools-libs-3.10.0-862.48.1.el7.x86_64.rpm
    perf-3.10.0-862.48.1.el7.x86_64.rpm
    perf-debuginfo-3.10.0-862.48.1.el7.x86_64.rpm
    python-perf-3.10.0-862.48.1.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-862.48.1.el7.x86_64.rpm
    
    Red Hat Enterprise Linux Server Optional EUS (v. 7.5):
    
    ppc64:
    kernel-debug-debuginfo-3.10.0-862.48.1.el7.ppc64.rpm
    kernel-debuginfo-3.10.0-862.48.1.el7.ppc64.rpm
    kernel-debuginfo-common-ppc64-3.10.0-862.48.1.el7.ppc64.rpm
    kernel-tools-debuginfo-3.10.0-862.48.1.el7.ppc64.rpm
    kernel-tools-libs-devel-3.10.0-862.48.1.el7.ppc64.rpm
    perf-debuginfo-3.10.0-862.48.1.el7.ppc64.rpm
    python-perf-debuginfo-3.10.0-862.48.1.el7.ppc64.rpm
    
    ppc64le:
    kernel-debug-debuginfo-3.10.0-862.48.1.el7.ppc64le.rpm
    kernel-debug-devel-3.10.0-862.48.1.el7.ppc64le.rpm
    kernel-debuginfo-3.10.0-862.48.1.el7.ppc64le.rpm
    kernel-debuginfo-common-ppc64le-3.10.0-862.48.1.el7.ppc64le.rpm
    kernel-tools-debuginfo-3.10.0-862.48.1.el7.ppc64le.rpm
    kernel-tools-libs-devel-3.10.0-862.48.1.el7.ppc64le.rpm
    perf-debuginfo-3.10.0-862.48.1.el7.ppc64le.rpm
    python-perf-debuginfo-3.10.0-862.48.1.el7.ppc64le.rpm
    
    x86_64:
    kernel-debug-debuginfo-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-862.48.1.el7.x86_64.rpm
    kernel-tools-libs-devel-3.10.0-862.48.1.el7.x86_64.rpm
    perf-debuginfo-3.10.0-862.48.1.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-862.48.1.el7.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2018-20856
    https://access.redhat.com/security/cve/CVE-2018-20976
    https://access.redhat.com/security/cve/CVE-2019-11085
    https://access.redhat.com/security/cve/CVE-2019-11599
    https://access.redhat.com/security/cve/CVE-2019-14895
    https://access.redhat.com/security/cve/CVE-2019-17133
    https://access.redhat.com/security/cve/CVE-2019-17666
    https://access.redhat.com/security/updates/classification/#important
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXkv4StzjgjWX9erEAQgkPA//b3bkFCe4VzsDp2LmrwQazRXiNMTJHvfM
    /ZgqLmaUXiyJNmqDf5wRvxEeGs9sZa8y+A9+7vn0KmdaBC+BFIz4jypgGgA2QP0G
    1ZpgMs8YVdLAH2axRq3ftrW/OgOx0+g0NZCcYSXmn+nLOJa7mDzyGkyu2qxwWvLH
    +K6jwVYpRbRmWbudPIyI9xR7q7bGwh3i7F7qlLIzTwkR+JwXw25RLbLqnIapF0DA
    pixrmdCw7fDn3XWNpM4v+yrl3m4zuDJdB1M1W9bKkroarlgh9oDp28eWd5GGUUCm
    N4j4OyIC/zejqiKfqGdfw1zL4mgWszbeplsrhsBZxuKpQEQxjBNqd2s7SaqSUN4q
    FMoCKxyRXOUAY+RHoWeW2Y0LxrA9ZFcc7Ng9PZ/oo9jdEsgTk00FwA7aT66/2IAf
    MDO+rfR+eP7Cz3Kp6RfzMLo76VGwloIMlUAfjzvNWAW/LjAs++oFMo/EeTVOoWlL
    k62LDqXwy8BQTmf9FgOpfSB0XqSwOCPQkPxa0kMwayQKQLPgX64FXB8QjSWZ1av0
    VgY4mJvfOlpzE8ehP/vXjSCpH1pB0jmeHXR1J91HVh5sYNB1rLsDsvT7e5JmdKd3
    yNUc2e0AaRT259BIYJFJAycF3ZA0fHwR5UkpM8xyz48el9BrooeycGEnYdJfkJ6/
    /JuvDmQ2Fb8=
    =Elbv
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    Advisories

    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/37-how-are-you-contributing-to-open-source?task=poll.vote&format=json
    37
    radio
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.