SciLinux: SLSA-2019-3055-1 Important: kernel on SL7.x x86_64

    Date18 Oct 2019
    725
    Posted ByLinuxSecurity Advisories
    Scientific Large
    kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856) * kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846) * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ [More...]
    Synopsis:          Important: kernel security and bug fix update
    Advisory ID:       SLSA-2019:3055-1
    Issue Date:        2019-10-16
    CVE Numbers:       None
    --
    
    Security Fix(es):
    
    * kernel: Use-after-free in __blk_drain_queue() function in
    block/blk-core.c (CVE-2018-20856)
    
    * kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in
    marvell/mwifiex/scan.c (CVE-2019-3846)
    
    * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB)
    (CVE-2019-9506)
    
    * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in
    drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    Bug Fixes:
    
    * gfs2: Fix iomap write page reclaim deadlock (BZ#1737373)
    
    * [FJ7.6 Bug]: [REG] kernel: ipc: ipc_free should use kvfree (BZ#1740178)
    
    * high update_cfs_rq_blocked_load contention (BZ#1740180)
    
    * [Hyper-V][RHEL 7] kdump fails to start on a Hyper-V guest of Windows
    Server 2019. (BZ#1740188)
    
    * kvm: backport cpuidle-haltpoll driver (BZ#1740192)
    
    * Growing unreclaimable slab memory (BZ#1741920)
    
    * [bnx2x] ping failed from pf to vf which has been attached to vm
    (BZ#1741926)
    
    * [Hyper-V]vPCI devices cannot allocate IRQs vectors in a Hyper-V VM with >
    240 vCPUs (i.e., when in x2APIC mode) (BZ#1743324)
    
    * Macsec: inbound MACSEC frame is unexpectedly dropped with InPktsNotValid
    (BZ#1744442)
    
    * RHEL 7.7 Beta - Hit error when trying to run nvme connect with IPv6
    address (BZ#1744443)
    
    * RHEL 7.6 SS4 - Paths lost when running straight I/O on NVMe/RoCE system
    (BZ#1744444)
    
    * NFSv4.0 client sending a double CLOSE (leading to EIO application
    failure) (BZ#1744946)
    
    * [Azure] CRI-RDOS | [RHEL 7.8] Live migration only takes 10 seconds, but
    the VM was unavailable for 2 hours (BZ#1748239)
    
    * NFS client autodisconnect timer may fire immediately after TCP connection
    setup and may cause DoS type reconnect problem in complex network
    environments (BZ#1749290)
    
    * [Inspur] RHEL7.6 ASPEED graphic card display issue (BZ#1749296)
    
    * Allows macvlan to operated correctly over the active-backup mode to
    support bonding events. (BZ#1751579)
    
    * [LLNL 7.5 Bug] slab leak causing a crash when using kmem control group
    (BZ#1752421)
    
    Users of kernel are advised to upgrade to these updated packages, which fix
    these bugs.
    --
    
    SL7
      x86_64
        bpftool-3.10.0-1062.4.1.el7.x86_64.rpm
        bpftool-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
        kernel-3.10.0-1062.4.1.el7.x86_64.rpm
        kernel-debug-3.10.0-1062.4.1.el7.x86_64.rpm
        kernel-debug-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
        kernel-debug-devel-3.10.0-1062.4.1.el7.x86_64.rpm
        kernel-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
        kernel-debuginfo-common-x86_64-3.10.0-1062.4.1.el7.x86_64.rpm
        kernel-devel-3.10.0-1062.4.1.el7.x86_64.rpm
        kernel-headers-3.10.0-1062.4.1.el7.x86_64.rpm
        kernel-tools-3.10.0-1062.4.1.el7.x86_64.rpm
        kernel-tools-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
        kernel-tools-libs-3.10.0-1062.4.1.el7.x86_64.rpm
        perf-3.10.0-1062.4.1.el7.x86_64.rpm
        perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
        python-perf-3.10.0-1062.4.1.el7.x86_64.rpm
        python-perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm
        kernel-tools-libs-devel-3.10.0-1062.4.1.el7.x86_64.rpm
      noarch
        kernel-abi-whitelists-3.10.0-1062.4.1.el7.noarch.rpm
        kernel-doc-3.10.0-1062.4.1.el7.noarch.rpm
    
    - Scientific Linux Development Team
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50.65,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"27","type":"x","order":"3","pct":35.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.