Explore top 10 tips to secure your open-source projects now. Read More
×
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c
(CVE-2019-19768)
* kernel: nfs: NULL pointer dereference due to an anomalized NFS message
sequence (CVE-2018-16871)
* kernel: memory leak in the kernel_read_file function in fs/exec.c allows
to cause a denial of service (CVE-2019-8980)
* kernel: unprivileged users able to create RAW sockets in AF_IEEE802154
network protocol. (CVE-2019-17053)
* kernel: unprivileged users able to create RAW sockets in AF_ISDN network
protocol. (CVE-2019-17055)
* kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c
(CVE-2019-18805)
* kernel: information leak bug caused by a malicious USB device in the
drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534)
* kernel: some ipv6 protocols not encrypted over ipsec tunnel.
(CVE-2020-1749)
* Kernel: net: using kernel space address bits to derive IP ID may
potentially break KASLR (CVE-2019-10639)
* kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to
crash or information disclosure (CVE-2019-15090)
* kernel: a NULL pointer dereference in
drivers/net/wireless/ath/ath10k/usb.c leads to a crash (CVE-2019-15099)
* kernel: Null pointer dereference in the sound/usb/line6/pcm.c
(CVE-2019-15221)
* kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in
drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS
(CVE-2019-19057)
* kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the
Linux kernel (DOS) (CVE-2019-19073)
* kernel: a memory leak in the ath9k management function in allows local
DoS (CVE-2019-19074)
* kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial
of service against non-cpu-bound applications (CVE-2019-19922)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
This update also fixes several bugs and adds various enhancements.
Documentation for these changes is available from the Release Notes
document linked to in the References section.
https://access.redhat.com/security/cve/CVE-2018-16871 https://access.redhat.com/security/cve/CVE-2019-8980 https://access.redhat.com/security/cve/CVE-2019-10639 https://access.redhat.com/security/cve/CVE-2019-15090 https://access.redhat.com/security/cve/CVE-2019-15099 https://access.redhat.com/security/cve/CVE-2019-15221 https://access.redhat.com/security/cve/CVE-2019-17053 https://access.redhat.com/security/cve/CVE-2019-17055 https://access.redhat.com/security/cve/CVE-2019-18805 https://access.redhat.com/security/cve/CVE-2019-19057 https://access.redhat.com/security/cve/CVE-2019-19073 https://access.redhat.com/security/cve/CVE-2019-19074 https://access.redhat.com/security/cve/CVE-2019-19534 https://access.redhat.com/security/cve/CVE-2019-19768 https://access.redhat.com/security/cve/CVE-2019-19922 https://access.redhat.com/security/cve/CVE-2020-1749 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
kernel-4.18.0-193.el8.src.rpm
aarch64:
bpftool-4.18.0-193.el8.aarch64.rpm
bpftool-debuginfo-4.18.0-193.el8.aarch64.rpm
kernel-4.18.0-193.el8.aarch64.rpm
kernel-core-4.18.0-193.el8.aarch64.rpm
kernel-cross-headers-4.18.0-193.el8.aarch64.rpm
kernel-debug-4.18.0-193.el8.aarch64.rpm
kernel-debug-core-4.18.0-193.el8.aarch64.rpm
kernel-debug-debuginfo-4.18.0-193.el8.aarch64.rpm
kernel-debug-devel-4.18.0-193.el8.aarch64.rpm
kernel-debug-modules-4.18.0-193.el8.aarch64.rpm
kernel-debug-modules-extra-4.18.0-193.el8.aarch64.rpm
kernel-debuginfo-4.18.0-193.el8.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-193.el8.aarch64.rpm
kernel-devel-4.18.0-193.el8.aarch64.rpm
kernel-headers-4.18.0-193.el8.aarch64.rpm
kernel-modules-4.18.0-193.el8.aarch64.rpm
kernel-modules-extra-4.18.0-193.el8.aarch64.rpm
kernel-tools-4.18.0-193.el8.aarch64.rpm
kernel-tools-debuginfo-4.18.0-193.el8.aarch64.rpm
kernel-tools-libs-4.18.0-193.el8.aarch64.rpm
perf-4.18.0-193.el8.aarch64.rpm
perf-debuginfo-4.18.0-193.el8.aarch64.rpm
python3-perf-4.18.0-193.el8.aarch64.rpm
python3-perf-debuginfo-4.18.0-193.el8.aarch64.rpm
noarch:
kernel-abi-whitelists-4.18.0-193.el8.noarch.rpm
kernel-doc-4.18.0-193.el8.noarch.rpm
ppc64le:
bpftool-4.18.0-193.el8.ppc64le.rpm
Read the Full Advisory
An update for kernel is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
1655162 - CVE-2018-16871 kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence
1679972 - CVE-2019-8980 kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service
1729933 - CVE-2019-10639 Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR
1738741 - L2 guest hit kernel panic when do L1->L1 live migration on PML-enabled intel host
1743526 - CVE-2019-15090 kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure
1743560 - CVE-2019-15099 kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash
1749633 - kernel: brk can grow the heap into the area reserved for the stack
1749974 - CVE-2019-15221 kernel: Null pointer dereference in the sound/usb/line6/pcm.c
1752765 - conntrack tool delete entry with CIDR crash
1757902 - fix compat statfs64() returning EOVERFLOW for when _FILE_OFFSET_BITS=64
1758242 - CVE-2019-17053 kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol.
1758248 - CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol.
1765547 - Fallocate on XFS may discard concurrent AIO write
1767664 - Backport CIFS stale ESTALE handling and dentry revalidation patches
1771430 - svcrdma: Increase the default connection credit limit
Get the latest Linux and open source security news straight to your inbox.