Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 556
Alerts This Week
Warning Icon 1 556

RedHat: RHSA-2021:1272-01 Important: Kernel Security Update

red hat
Calendar Grey April 20, 2021
Dist Redhat Esm H88
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ====================================================
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Extended Update Support

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Summary

The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: Use after free via PI futex state (CVE-2021-3347)
* kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)
* kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)
* kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* System Crash / Core dump while deleting VMs (BZ#1897687)
* various patches to stabilize the OPAL error log processing and the powernv dump processing (ESS) (BZ#1907302)
* Unable to receive the signal registered using mq_notify(). (BZ#1926111)
* SCTP "Address already in use" when no active endpoints from RHEL 8.2 onwards (BZ#1927522)
* enable CONFIG_RANDOM_TRUST_CPU (BZ#1928027)
* [mm] mm, oom: remove oom_lock from oom_reaper (BZ#1929739)
* Configuring the system with non-RT kernel will hang the system (BZ#1930737)
* fNIC driver needs a patch fix that addresses crash (BZ#1932460)
* OVS mistakenly using local IP as tun_dst for VXLAN packets (?) (BZ#1944670)
Enhancement(s):
* mlx5: Hairpin Support in Switch Mode (BZ#1924690)
* Trace mode enablement in IMC to facilitate perf-kvm support (perf:) (BZ#1929696)
* ice: Enable Flow Director Support (BZ#1930780)

References

https://access.redhat.com/security/cve/CVE-2021-3347 https://access.redhat.com/security/cve/CVE-2021-27363 https://access.redhat.com/security/cve/CVE-2021-27364 https://access.redhat.com/security/cve/CVE-2021-27365 https://access.redhat.com/security/updates/classification#important

Package List

Red Hat Enterprise Linux BaseOS EUS (v. 8.2):
Source: kernel-4.18.0-193.51.1.el8_2.src.rpm
aarch64: bpftool-4.18.0-193.51.1.el8_2.aarch64.rpm bpftool-debuginfo-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-core-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-cross-headers-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-debug-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-debug-core-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-debug-debuginfo-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-debug-devel-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-debug-modules-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-debug-modules-extra-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-debuginfo-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-devel-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-headers-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-modules-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-modules-extra-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-tools-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-tools-debuginfo-4.18.0-193.51.1.el8_2.aarch64.rpm kernel-tools-libs-4.18.0-193.51.1.el8_2.aarch64.rpm perf-4.18.0-193.51.1.el8_2.aarch64.rpm perf-debuginfo-4.18.0-193.51.1.el8_2.aarch64.rpm python3-perf-4.18.0-193.51.1.el8_2.aarch64.rpm

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2021:1272-01
Product: Red Hat Enterprise Linux
Issue date: 2021-04-20

Topic

An update for kernel is now available for Red Hat Enterprise Linux 8.2Extended Update Support.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat CodeReady Linux Builder EUS (v. 8.2) - aarch64, ppc64le, x86_64

Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64

Bugs Fixed

1922249 - CVE-2021-3347 kernel: Use after free via PI futex state

1930078 - CVE-2021-27365 kernel: heap buffer overflow in the iSCSI subsystem

1930079 - CVE-2021-27363 kernel: iscsi: unrestricted access to sessions and handles

1930080 - CVE-2021-27364 kernel: out-of-bounds read in libiscsi module

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.