Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 7 articles for you...
203
security advisorycriticalkernel panicMageia 8: 2021-0529 Critical Advisory - Udisks2 Kernel Panic Risk
A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability. References: . MGASA-2021-0529 - Updated udisks2/libblockdev packages fix security vulnerability Publication date: 02 Dec 2021 URL: https://advisories.mageia.org/MGASA-2021-0529.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-3802 A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability. References: - https://bugs.mageia.org/show_bug.cgi?id=29568 - https://lists.fedoraproject.org/archives/list/
Dec 02, 2021
•Critical
Mageia
100
security advisorydenial of servicesecurity issueSUSE: 2020:2906-1 Important: Linux Kernel Critical Security Issues
An update that solves 11 vulnerabilities and has 55 fixes is now available. . SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2906-1 Rating: important References: #1055186 #1065600 #1065729 #1094244 #1112178 #1113956 #1154366 #1167527 #1169972 #1171688 #1171742 #1173115 #1174899 #1175228 #1175749 #1175882 #1176011 #1176022 #1176038 #1176235 #1176242 #1176278 #1176316 #1176317 #1176318 #1176319 #1176320 #1176321 #1176381 #1176423 #1176482 #1176507 #1176536 #1176544 #1176545 #1176546 #1176548 #1176659 #1176698 #1176699 #1176700 #1176721 #1176722 #1176725 #1176732 #1176788 #1176789 #1176869 #1176877 #1176935 #1176950 #1176962 #1176966 #1176990 #1177030 #1177041 #1177042 #1177043 #1177044 #1177121 #1177206 #1177291 #1177293 #1177294 #1177295 #1177296 Cross-References: CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432 CVE-2020-14381 CVE-2020-14390 CVE-2020-25212 CVE-2020-25284 CVE-2020-25641 CVE-2020-25643 CVE-2020-26088 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 55 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990). -CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423). - CVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381). - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482). - CVE-2020-14381: Fixed requeue paths such that filp was valid when dropping the references (bsc#1176011). - CVE-2019-25643: Fixed an improper input validation in ppp_cp_parse_cr function which could have led to memory corruption and read overflow (bsc#1177206). - CVE-2020-25641: Fixed ann issue where length bvec was causing softlockups (bsc#1177121). The following non-security bugs were fixed: - 9p: Fix memory leak in v9fs_mount (git-fixes). - ACPI: EC: Reference count query handlers under lock (git-fixes). - airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes). - airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes). - airo: Fix read overflows sending packets (git-fixes). - ALSA: asihpi: fix iounmap in error handler (git-fixes). - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes). - ALSA; firewire-tascam: exclude Tascam FE-8 from detection (git-fixes). - ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes). - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung GalaxyBook Ion NT950XCJ-X716A (git-fixes). - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes). - altera-stapl: altera_get_note: prevent write beyond end of 'key' (git-fixes). - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes). - arm64: KVM: Do not generate UNDEF when LORegion feature is present (jsc#SLE-4084). - arm64: KVM: regmap: Fix unexpected switch fall-through (jsc#SLE-4084). - asm-generic: fix -Wtype-limits compiler warnings (bsc#1112178). - ASoC: kirkwood: fix IRQ error handling (git-fixes). - ASoC: tegra: Fix reference count leaks (git-fixes). - ath10k: fix array out-of-bounds access (git-fixes). - ath10k: fix memory leak for tpc_stats_final (git-fixes). - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes). - batman-adv: Add missing include for in_interrupt() (git-fixes). - batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes). - batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes). - batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes). - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes). - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes). - bcache: Convert pr_ uses to a more typical style (git fixes (block drivers)). - bcache: fix overflow in offset_to_stripe() (git fixes (block drivers)). - bcm63xx_enet: correct clock usage (git-fixes). - bcm63xx_enet: do not write to random DMA channel on BCM6345 (git-fixes). - bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)). - blktrace: fix debugfs use after free (git fixes (block drivers)). - block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)). - block: revert back to synchronous request_queue removal (git fixes (block drivers)). - block: Use non _rcu version of list functions fortag_set_list (git-fixes). - Bluetooth: Fix refcount use-after-free issue (git-fixes). - Bluetooth: guard against controllers sending zero'd events (git-fixes). - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes). - Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes). - Bluetooth: prefetch channel before killing sock (git-fixes). - bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29). - bonding: use nla_get_u64 to extract the value for IFLA_BOND_AD_ACTOR_SYSTEM (git-fixes). - btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789). - btrfs: tree-checker: fix the error message for transid error (bsc#1176788). - ceph: do not allow setlease on cephfs (bsc#1177041). - ceph: fix potential mdsc use-after-free crash (bsc#1177042). - ceph: fix use-after-free for fsc-> mdsc (bsc#1177043). - ceph: handle zero-length feature mask in session messages (bsc#1177044). - cfg80211: regulatory: reject invalid hints (bsc#1176699). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - clk: Add (devm_)clk_get_optional() functions (git-fixes). - clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes). - clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED (git-fixes). - clk/ti/adpll: allocate room for terminating null (git-fixes). - clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes). - cpufreq: intel_pstate: Fix EPP setting via sysfs in active mode (bsc#1176966). - dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes). - dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes). - dmaengine: pl330: Fix burstlength if burst size is smaller than bus width (git-fixes). - dmaengine: tegra-apb: Prevent race conditions on channel's freeing (git-fixes). - dmaengine: zynqmp_dma: fix burst length configuration (git-fixes). - dm crypt: avoid truncating the logical block size (git fixes (block drivers)). - dm: fix redundant IO accounting for bios that need splitting (git fixes (block drivers)). - dm integrity: fix a deadlock due to offloading to an incorrect workqueue (git fixes (block drivers)). - dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)). - dm: report suspended device during destroy (git fixes (block drivers)). - dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)). - dm: use noio when sending kobject event (git fixes (block drivers)). - dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)). - dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)). - dm zoned: assign max_io_len correctly (git fixes (block drivers)). - Drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes). - Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877). - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes). - drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29). - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes). - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes). - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes). - drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes). - drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes). - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes). - drm/amdgpu: increase atombios cmd timeout(git-fixes). - drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes). - drm/amdkfd: fix a memory leak issue (git-fixes). - drm/amdkfd: Fix reference count leaks (git-fixes). - drm/amd/pm: correct Vega10 swctf limit setting (git-fixes). - drm/amd/pm: correct Vega12 swctf limit setting (git-fixes). - drm/ast: Initialize DRAM type before posting GPU (bsc#1113956) * context changes - drm/mediatek: Add exception handing in mtk_drm_probe() if component init fail (git-fixes). - drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata() (git-fixes). - drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes). - drm/msm: add shutdown support for display platform_driver (git-fixes). - drm/msm: Disable preemption on all 5xx targets (git-fixes). - drm/msm: fix leaks if initialization fails (git-fixes). - drm/msm/gpu: make ringbuffer readonly (bsc#1112178) * context changes - drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes). - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes). - drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes). - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes). - drm/nouveau: fix runtime pm imbalance on error (git-fixes). - drm/omap: fix possible object reference leak (git-fixes). - drm/radeon: fix multiple reference count leak (git-fixes). - drm/radeon: Prefer lower feedback dividers (git-fixes). - drm/radeon: revert "Prefer lower feedback dividers" (git-fixes). - drm/sun4i: Fix dsi dcs long write function (git-fixes). - drm/sun4i: sun8i-csc: Secondary CSC register correction (git-fixes). - drm/tve200: Stabilize enable/disable (git-fixes). - drm/vc4/vc4_hdmi: fill ASoCcard owner (git-fixes). - e1000: Do not perform reset in reset_task if we are already down (git-fixes). - fbcon: prevent user font height or width change from causing (bsc#1112178) * move from drivers/video/fbdev/fbcon to drivers/video/console * context changes - Fix error in kabi fix for: NFSv4: Fix OPEN / CLOSE race (bsc#1176950). - ftrace: Move RCU is watching check after recursion check (git-fixes). - ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes). - gma/gma500: fix a memory disclosure bug due to uninitialized bytes (git-fixes). - gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes). - gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable() (git-fixes). - gtp: fix Illegal context switch in RCU read-side critical section (git-fixes). - gtp: fix use-after-free in gtp_newlink() (git-fixes). - Hide e21a4f3a930c as of its duplication - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes). - hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659). - hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877). - hv_utils: return error if host timesysnc update is stale (bsc#1176877). - hwmon: (applesmc) check status earlier (git-fixes). - i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes). - i2c: cpm: Fix i2c_ram structure (git-fixes). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - ieee802154/adf7242: check status of adf7242_read_reg (git-fixes). - ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes). - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes). - iio: accel: kxsd9: Fix alignment of local buffer (git-fixes). - iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes). - iio:adc:ina2xx Fix timestamp alignment issue (git-fixes). - iio: adc: mcp3422: fix locking on error path(git-fixes). - iio: adc: mcp3422: fix locking scope (git-fixes). - iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes). - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes). - iio: improve IIO_CONCENTRATION channel type description (git-fixes). - iio:light:ltr501 Fix timestamp alignment issue (git-fixes). - iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes). - iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes). - include: add additional sizes (bsc#1094244 ltc#168122). - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177293). - iommu/amd: Fix potential @entry null deref (bsc#1177294). - iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176316). - iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177291). - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176317). - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177295). - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176318). - iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177296). - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176319). - iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176320). - kernel-syms.spec.in: Also use bz compression (boo#1175882). - KVM: arm64: Change 32-bit handling of VM system registers (jsc#SLE-4084). - KVM: arm64: Cleanup __activate_traps and __deactive_traps for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Configure c15, PMU, and debug register traps on cpu load/put for VHE (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 32-bit sysregs to vcpu load/put (jsc#SLE-4084). - KVM: arm64: Defer saving/restoring 64-bit sysregs to vcpu load/put on VHE (jsc#SLE-4084). - KVM: arm64: Directly call VHE and non-VHEFPSIMD enabled functions (jsc#SLE-4084). - KVM: arm64: Do not deactivate VM on VHE systems (jsc#SLE-4084). - KVM: arm64: Do not save the host ELR_EL2 and SPSR_EL2 on VHE systems (jsc#SLE-4084). - KVM: arm64: Factor out fault info population and gic workarounds (jsc#SLE-4084). - KVM: arm64: Fix order of vcpu_write_sys_reg() arguments (jsc#SLE-4084). - KVM: arm64: Forbid kprobing of the VHE world-switch code (jsc#SLE-4084). - KVM: arm64: Improve debug register save/restore flow (jsc#SLE-4084). - KVM: arm64: Introduce framework for accessing deferred sysregs (jsc#SLE-4084). - KVM: arm64: Introduce separate VHE/non-VHE sysreg save/restore functions (jsc#SLE-4084). - KVM: arm64: Introduce VHE-specific kvm_vcpu_run (jsc#SLE-4084). - KVM: arm64: Move common VHE/non-VHE trap config in separate functions (jsc#SLE-4084). - KVM: arm64: Move debug dirty flag calculation out of world switch (jsc#SLE-4084). - KVM: arm64: Move HCR_INT_OVERRIDE to default HCR_EL2 guest flag (jsc#SLE-4084). - KVM: arm64: Move userspace system registers into separate function (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of 32-bit registers (jsc#SLE-4084). - KVM: arm64: Prepare to handle deferred save/restore of ELR_EL1 (jsc#SLE-4084). - KVM: arm64: Remove kern_hyp_va() use in VHE switch function (jsc#SLE-4084). - KVM: arm64: Remove noop calls to timer save/restore from VHE switch (jsc#SLE-4084). - KVM: arm64: Rework hyp_panic for VHE and non-VHE (jsc#SLE-4084). - KVM: arm64: Rewrite sysreg alternatives to static keys (jsc#SLE-4084). - KVM: arm64: Rewrite system register accessors to read/write functions (jsc#SLE-4084). - KVM: arm64: Slightly improve debug save/restore functions (jsc#SLE-4084). - KVM: arm64: Unify non-VHE host/guest sysreg save and restore functions (jsc#SLE-4084). - KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE (jsc#SLE-4084). - KVM:arm/arm64: Avoid vcpu_load for other vcpu ioctls than KVM_RUN (jsc#SLE-4084). - KVM: arm/arm64: Avoid VGICv3 save/restore on VHE with no IRQs (jsc#SLE-4084). - KVM: arm/arm64: Get rid of vcpu-> arch.irq_lines (jsc#SLE-4084). - KVM: arm/arm64: Handle VGICv3 save/restore from the main VGIC code on VHE (jsc#SLE-4084). - KVM: arm/arm64: Move vcpu_load call after kvm_vcpu_first_run_init (jsc#SLE-4084). - KVM: arm/arm64: Move VGIC APR save/restore to vgic put/load (jsc#SLE-4084). - KVM: arm/arm64: Prepare to handle deferred save/restore of SPSR_EL1 (jsc#SLE-4084). - KVM: arm/arm64: Remove leftover comment from kvm_vcpu_run_vhe (jsc#SLE-4084). - KVM: introduce kvm_arch_vcpu_async_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_run (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_fpu (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_guest_debug (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_mpstate (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_regs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_sregs (jsc#SLE-4084). - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_translate (jsc#SLE-4084). - KVM: PPC: Fix compile error that occurs when CONFIG_ALTIVEC=n (jsc#SLE-4084). - KVM: Prepare for moving vcpu_load/vcpu_put into arch specific code (jsc#SLE-4084). - KVM: SVM: Add a dedicated INVD intercept routine (bsc#1112178). - KVM: SVM: Fix disablepause loop exit/pause filtering capability on SVM (bsc#1176321). - KVM: Take vcpu-> mutex outside vcpu_load (jsc#SLE-4084). - libceph: allow setting abort_on_full for rbd (bsc#1169972). - libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742). - libnvdimm: cover up struct nvdimm changes (bsc#1171742). - libnvdimm/security, acpi/nfit: unify zero-key for all security commands (bsc#1171742). - libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527). - libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742). - lib/raid6: use vdupq_n_u8 to avoid endianness warnings (git fixes (block drivers)). - mac802154: tx: fix use-after-free (git-fixes). - md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)). - media: davinci: vpif_capture: fix potential double free (git-fixes). - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes). - media: smiapp: Fix error handling at NVM reading (git-fixes). - media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes). - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes). - mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes). - mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366). - mmc: cqhci: Add cqhci_deactivate() (git-fixes). - mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes). - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes). - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes). - mm/page_alloc.c: fix a crash in free_pages_prepare() (git fixes (mm/pgalloc)). - mm/vmalloc.c: move 'area-> pages' after if statement (git fixes (mm/vmalloc)). - mtd: cfi_cmdset_0002: do not free cfi-> cfiq in error path of cfi_amdstd_setup() (git-fixes). - mtd: lpddr: Fix a doublefree in probe() (git-fixes). - mtd: phram: fix a double free issue in error path (git-fixes). - mtd: properly check all write ioctls for permissions (git-fixes). - net: dsa: b53: Fix sparse warnings in b53_mmap.c (git-fixes). - net: dsa: b53: Use strlcpy() for ethtool::get_strings (git-fixes). - net: dsa: mv88e6xxx: fix 6085 frame mode masking (git-fixes). - net: dsa: mv88e6xxx: Fix interrupt masking on removal (git-fixes). - net: dsa: mv88e6xxx: Fix name of switch 88E6141 (git-fixes). - net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge() (git-fixes). - net: dsa: mv88e6xxx: Unregister MDIO bus on error path (git-fixes). - net: dsa: qca8k: Allow overwriting CPU port setting (git-fixes). - net: dsa: qca8k: Enable RXMAC when bringing up a port (git-fixes). - net: dsa: qca8k: Force CPU port to its highest bandwidth (git-fixes). - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes). - net: fs_enet: do not call phy_stop() in interrupts (git-fixes). - net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15). - net: lan78xx: Bail out if lan78xx_get_endpoints fails (git-fixes). - net: lan78xx: replace bogus endpoint lookup (networking-stable-20_08_08). - net: lio_core: fix potential sign-extension overflow on large shift (git-fixes). - net/mlx5: Add meaningful return codes to status_to_err function (git-fixes). - net/mlx5: E-Switch, Use correct flags when configuring vlan (git-fixes). - net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded (git-fixes). - net: mvneta: fix mtu change on port without link (git-fixes). - net-next: ax88796: Do not free IRQ in ax_remove() (already freed in ax_close()) (git-fixes). - net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15). - net: qca_spi: Avoid packet drop during initial sync (git-fixes). - net: qca_spi: Make sure the QCA7000 reset is triggered (git-fixes). - net: refactorbind_bucket fastreuse into helper (networking-stable-20_08_15). - net/smc: fix dmb buffer shortage (git-fixes). - net/smc: fix restoring of fallback changes (git-fixes). - net/smc: fix sock refcounting in case of termination (git-fixes). - net/smc: improve close of terminated socket (git-fixes). - net/smc: Prevent kernel-infoleak in __smc_diag_dump() (git-fixes). - net/smc: remove freed buffer from list (git-fixes). - net/smc: reset sndbuf_desc if freed (git-fixes). - net/smc: set rx_off for SMCR explicitly (git-fixes). - net/smc: switch smcd_dev_list spinlock to mutex (git-fixes). - net/smc: tolerate future SMCD versions (git-fixes). - net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() (git-fixes). - net: stmmac: Disable ACS Feature for GMAC > = 4 (git-fixes). - net: stmmac: do not stop NAPI processing when dropping a packet (git-fixes). - net: stmmac: dwmac4: fix flow control issue (git-fixes). - net: stmmac: dwmac_lib: fix interchanged sleep/timeout values in DMA reset function (git-fixes). - net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array (git-fixes). - net: stmmac: dwmac-meson8b: fix internal RGMII clock configuration (git-fixes). - net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b (git-fixes). - net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs (git-fixes). - net: stmmac: dwmac-meson8b: only configure the clocks in RGMII mode (git-fixes). - net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_rx_desc_resources()' (git-fixes). - net: stmmac: Fix error handling path in 'alloc_dma_tx_desc_resources()' (git-fixes). - net: stmmac: rename dwmac4_tx_queue_routing() to match reality (git-fixes). - net: stmmac: set MSS for each tx DMA channel (git-fixes). - net: stmmac: Use correct values in TQS/RQSfields (git-fixes). - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29). - net: systemport: Fix software statistics for SYSTEMPORT Lite (git-fixes). - net: systemport: Fix sparse warnings in bcm_sysport_insert_tsb() (git-fixes). - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() (git-fixes). - net: ucc_geth - fix Oops when changing number of buffers in the ring (git-fixes). - NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935). - nvme-fc: set max_segments to lldd max value (bsc#1176038). - nvme-pci: override the value of the controller's numa node (bsc#1176507). - ocfs2: give applications more IO opportunities during fstrim (bsc#1175228). - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes). - PCI/ASPM: Allow re-enabling Clock PM (git-fixes). - PCI: Fix pci_create_slot() reference count leak (git-fixes). - PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes). - PCI: qcom: Add missing reset for ipq806x (git-fixes). - PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes). - PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes). - PCI: rcar: Fix incorrect programming of OB windows (git-fixes). - phy: samsung: s5pv210-usb2: Add delay after reset (git-fixes). - pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes). - powerpc/64s: Blacklist functions invoked on a trap (bsc#1094244 ltc#168122). - powerpc/64s: Fix HV NMI vs HV interrupt recoverability test (bsc#1094244 ltc#168122). - powerpc/64s: Fix unrelocated interrupt trampoline address test (bsc#1094244 ltc#168122). - powerpc/64s: Include header file to fix a warning (bsc#1094244 ltc#168122). - powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122). - powerpc/64s: sreset panic if there is no debugger or crash dump handlers (bsc#1094244 ltc#168122). - powerpc/64s: system reset interrupt preserve HSRRs (bsc#1094244 ltc#168122). - powerpc: Add cputime_to_nsecs() (bsc#1065729). - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436). - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208). - powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122). - powerpc/init: Do not advertise radix during client-architecture-support (bsc#1055186 ltc#153436 ). - powerpc/kernel: Cleanup machine check function declarations (bsc#1065729). - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588). - powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436). - powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588). - powerpc/mm: Move book3s64 specifics in subdirectory mm/book3s64 (bsc#1176022 ltc#187208). - powerpc/powernv: Remove real mode access limit for early allocations (bsc#1176022 ltc#187208). - powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436). - powerpc/pseries/le: Work around a firmware quirk (bsc#1094244 ltc#168122). - powerpc/pseries: lift RTAS limit for radix (bsc#1176022 ltc#187208). - powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122). - powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122). - powerpc/pseries: radix is not subject to RMA limit, remove it (bsc#1176022 ltc#187208). - powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122). - powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122). - powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122). - powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122). - powerpc/traps: fix recoverability of machine check handling on book3s/32 (bsc#1094244 ltc#168122). - powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122). - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729). - power: supply: max17040: Correct voltage reading (git-fixes). - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (git fixes (rcu)). - regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes). - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243). - rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732) - rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618). - rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, "--ca-check" is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package. - rpm/kernel-source.spec.in: Also use bz compression (boo#1175882). - rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The "-c" option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file. - rtc: ds1374: fix possible race condition (git-fixes). - rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes). - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08). - rxrpc: Fix sendmsg()returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29). - s390/mm: fix huge pte soft dirty copying (git-fixes). - s390/qeth: do not process empty bridge port events (git-fixes). - s390/qeth: integrate RX refill worker with NAPI (git-fixes). - s390/qeth: tolerate pre-filled RX buffer (git-fixes). - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899). - scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304). - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304). - scsi: libfc: Fix for double free() (bsc#1174899). - scsi: libfc: free response frame from GPN_ID (bsc#1174899). - scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899). - scsi: lpfc: Add dependency on CPU_FREQ (git-fixes). - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes). - scsi: qla2xxx: Fix regression on sparc64 (git-fixes). - scsi: qla2xxx: Fix the return value (bsc#1171688). - scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688). - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688). - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688). - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688). - scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688). - scsi: qla2xxx: Remove superfluous memset() (bsc#1171688). - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688). - scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes). - scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688). - sdhci: tegra: RemoveSDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes). - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes). - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes). - serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes). - serial: 8250_port: Do not service RX FIFO if throttled (git-fixes). - Set CONFIG_HAVE_KVM_VCPU_ASYNC_IOCTL=y (jsc#SLE-4084). - SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - SMB3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08). - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes). - tools/power/cpupower: Fix initializer override in hsw_ext_cstates (bsc#1112178). - USB: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes). - USB: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes). - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes). - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes). - USB: Fix out of sync data toggle if a configured device is reconfigured (git-fixes). - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes). - USB: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes). - USB: gadget: u_f: add overflow checks to VLA macros (git-fixes). - USB: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes). - USB: hso: check for return value in hso_serial_common_create() (networking-stable-20_08_08). - usblp: fix race between disconnect() and read() (git-fixes). - USB: lvtest: return proper error code in probe (git-fixes). - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set(git-fixes). - USB: qmi_wwan: add D-Link DWM-222 A2 device ID (git-fixes). - USB: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes). - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes). - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes). - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes). - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes). - USB: serial: option: support dynamic Quectel USB compositions (git-fixes). - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value (git-fixes). - USB: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes). - USB: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes). - USB: uas: Add quirk for PNY Pro Elite (git-fixes). - USB: UAS: fix disconnect by unplugging a hub (git-fixes). - USB: yurex: Fix bad gfp argument (git-fixes). - vgacon: remove software scrollback support (bsc#1176278). - video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes). - virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)). - vrf: prevent adding upper devices (git-fixes). - vxge: fix return of a free'd memblock on a failed dma mapping (git-fixes). - xen: do not reschedule in preemption off sections (bsc#1175749). - xen/events: do not use chip_data for legacy IRQs (bsc#1065600). - xen uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600). - xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes). - yam: fix possible memory leak in yam_init_driver (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaSTonline_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-2906=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): kernel-devel-azure-4.12.14-8.47.1 kernel-source-azure-4.12.14-8.47.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64): kernel-azure-4.12.14-8.47.1 kernel-azure-base-4.12.14-8.47.1 kernel-azure-base-debuginfo-4.12.14-8.47.1 kernel-azure-debuginfo-4.12.14-8.47.1 kernel-azure-devel-4.12.14-8.47.1 kernel-syms-azure-4.12.14-8.47.1 References: https://www.suse.com/security/cve/CVE-2020-0404.html https://www.suse.com/security/cve/CVE-2020-0427.html https://www.suse.com/security/cve/CVE-2020-0431.html https://www.suse.com/security/cve/CVE-2020-0432.html https://www.suse.com/security/cve/CVE-2020-14381.html https://www.suse.com/security/cve/CVE-2020-14390.html https://www.suse.com/security/cve/CVE-2020-25212.html https://www.suse.com/security/cve/CVE-2020-25284.html https://www.suse.com/security/cve/CVE-2020-25641.html https://www.suse.com/security/cve/CVE-2020-25643.html https://www.suse.com/security/cve/CVE-2020-26088.html https://bugzilla.suse.com/1055186 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1094244 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1154366 https://bugzilla.suse.com/1167527 https://bugzilla.suse.com/1169972 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1171742 https://bugzilla.suse.com/1173115 https://bugzilla.suse.com/1174899 https://bugzilla.suse.com/1175228 https://bugzilla.suse.com/1175749 https://bugzilla.suse.com/1175882 https://bugzilla.suse.com/1176011 https://bugzilla.suse.com/1176022 https://bugzilla.suse.com/1176038 https://bugzilla.suse.com/1176235 https://bugzilla.suse.com/1176242 https://bugzilla.suse.com/1176278 https://bugzilla.suse.com/1176316 https://bugzilla.suse.com/1176317 https://bugzilla.suse.com/1176318 https://bugzilla.suse.com/1176319 https://bugzilla.suse.com/1176320 https://bugzilla.suse.com/1176321 https://bugzilla.suse.com/1176381 https://bugzilla.suse.com/1176423 https://bugzilla.suse.com/1176482 https://bugzilla.suse.com/1176507 https://bugzilla.suse.com/1176536 https://bugzilla.suse.com/1176544 https://bugzilla.suse.com/1176545 https://bugzilla.suse.com/1176546 https://bugzilla.suse.com/1176548 https://bugzilla.suse.com/1176659 https://bugzilla.suse.com/1176698 https://bugzilla.suse.com/1176699 https://bugzilla.suse.com/1176700 https://bugzilla.suse.com/1176721 https://bugzilla.suse.com/1176722 https://bugzilla.suse.com/1176725 https://bugzilla.suse.com/1176732 https://bugzilla.suse.com/1176788 https://bugzilla.suse.com/1176789 https://bugzilla.suse.com/1176869 https://bugzilla.suse.com/1176877 https://bugzilla.suse.com/1176935 https://bugzilla.suse.com/1176950 https://bugzilla.suse.com/1176962 https://bugzilla.suse.com/1176966 https://bugzilla.suse.com/1176990 https://bugzilla.suse.com/1177030 https://bugzilla.suse.com/1177041 https://bugzilla.suse.com/1177042 https://bugzilla.suse.com/1177043 https://bugzilla.suse.com/1177044 https://bugzilla.suse.com/1177121 https://bugzilla.suse.com/1177206 https://bugzilla.suse.com/1177291 https://bugzilla.suse.com/1177293 https://bugzilla.suse.com/1177294 https://bugzilla.suse.com/1177295 https://bugzilla.suse.com/1177296 _______________________________________________ sle-security-updates mailing list
Oct 13, 2020
•Important
SuSE
98
security advisoryRed Hatsecurity fixRed Hat Enterprise Linux 7.7: RHSA-2020-2519-01 Important: Kernel Panic Fix
An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kpatch-patch security update Advisory ID: RHSA-2020:2519-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2519 Issue date: 2020-06-10 CVE Names: CVE-2019-19768 CVE-2020-10711 ==================================================================== 1. Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) * kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed(https://bugzilla.redhat.com/): 1786164 - CVE-2019-19768 kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c 1825116 - CVE-2020-10711 Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic 6. Package List: Red Hat Enterprise Linux Server EUS (v.7.7): Source: kpatch-patch-3_10_0-1062-1-18.el7.src.rpm kpatch-patch-3_10_0-1062_12_1-1-2.el7.src.rpm kpatch-patch-3_10_0-1062_18_1-1-2.el7.src.rpm kpatch-patch-3_10_0-1062_1_1-1-17.el7.src.rpm kpatch-patch-3_10_0-1062_1_2-1-16.el7.src.rpm kpatch-patch-3_10_0-1062_21_1-1-2.el7.src.rpm kpatch-patch-3_10_0-1062_4_1-1-13.el7.src.rpm kpatch-patch-3_10_0-1062_4_2-1-10.el7.src.rpm kpatch-patch-3_10_0-1062_4_3-1-10.el7.src.rpm kpatch-patch-3_10_0-1062_7_1-1-7.el7.src.rpm kpatch-patch-3_10_0-1062_9_1-1-7.el7.src.rpm ppc64le: kpatch-patch-3_10_0-1062-1-18.el7.ppc64le.rpm kpatch-patch-3_10_0-1062-debuginfo-1-18.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_12_1-1-2.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_18_1-1-2.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_1_1-1-17.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_1_1-debuginfo-1-17.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_1_2-1-16.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_1_2-debuginfo-1-16.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_21_1-1-2.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_21_1-debuginfo-1-2.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_4_1-1-13.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_4_1-debuginfo-1-13.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_4_2-1-10.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_4_3-1-10.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_7_1-1-7.el7.ppc64le.rpm kpatch-patch-3_10_0-1062_9_1-1-7.el7.ppc64le.rpm x86_64: kpatch-patch-3_10_0-1062-1-18.el7.x86_64.rpm kpatch-patch-3_10_0-1062-debuginfo-1-18.el7.x86_64.rpm kpatch-patch-3_10_0-1062_12_1-1-2.el7.x86_64.rpm kpatch-patch-3_10_0-1062_18_1-1-2.el7.x86_64.rpm kpatch-patch-3_10_0-1062_1_1-1-17.el7.x86_64.rpm kpatch-patch-3_10_0-1062_1_1-debuginfo-1-17.el7.x86_64.rpm kpatch-patch-3_10_0-1062_1_2-1-16.el7.x86_64.rpm kpatch-patch-3_10_0-1062_1_2-debuginfo-1-16.el7.x86_64.rpm kpatch-patch-3_10_0-1062_21_1-1-2.el7.x86_64.rpm kpatch-patch-3_10_0-1062_21_1-debuginfo-1-2.el7.x86_64.rpm kpatch-patch-3_10_0-1062_4_1-1-13.el7.x86_64.rpm kpatch-patch-3_10_0-1062_4_1-debuginfo-1-13.el7.x86_64.rpm kpatch-patch-3_10_0-1062_4_2-1-10.el7.x86_64.rpm kpatch-patch-3_10_0-1062_4_3-1-10.el7.x86_64.rpm kpatch-patch-3_10_0-1062_7_1-1-7.el7.x86_64.rpm kpatch-patch-3_10_0-1062_9_1-1-7.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-19768 https://access.redhat.com/security/cve/CVE-2020-10711 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXuGKENzjgjWX9erEAQhKfA/+MESwReUI+w2L37iaHhRq0FjBonViHaJz ag7wAxbsizNqtB6hALXCVg5J2Wp/DSvFskyKtPFpC+qulgHY6vUplpVQ0MwGFSq9 ZHXYWsGnuJEiQckfdQvFy60h6bhcKQz/bT7ckHVaxl0wr7QxJlyEUqaYpimI07m0 BUY8CCi+/9sHagT/ckyJRpewev3/SVN5GtrFF8k6NJoVJYdSo7Hkl2bGsqEK3WJc hyLTZOAKqp40zSThCq+wMIlUrfxP26RtCv1ose5r+Iyhlfz3Vp+J4uxF6H/OK4vG F8FhSlzy/75dvqKn/ePml7VEajTMOmxgbbx5SkVjUSKAaWISWpq3MsLJWEdvv7/8 v9JBurji/rvG1CkvSJ5MLZxc0KVAybOAMiljD2uverK7fKKqKe9sXX00mYfRLBvH sZB5zpW5OVxTXG+DCYLfekTQoYiwH1RhJAmEoHSRHDY8Wpo9YyuN7U57Zhod/OMd Why7JV37idjkbCVduXDweb/bhV6ZRuyx3oHbUR4Rm2LIcpv0PCm/bp92TjJOwO6F 8aUP66wwmgWFZy23omi+2JPyEPdrKgInQulY8GAB2A86wrFo4DgGgxniw6AgLJF2 q3qBbDddfHQ20GsM7Qq8wFvT4MivcPco43Vt+YHS4WbrwMa0SrbCouYW3manPbPr 5VOjkCRx/Ls=P9EM -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 10, 2020
•Important
Red Hat
98
security advisorysecurity issueRed HatRed Hat: RHSA-2020-2242-01 Important: Kernel-RT Security Update
An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2020:2242-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://access.redhat.com/errata/RHSA-2020:2242 Issue date: 2020-05-20 CVE Names: CVE-2017-18595 CVE-2019-19768 CVE-2020-10711 ==================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595) * kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) * Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * update theMRG 2.5.z 3.10 realtime-kernel sources (BZ#1823371) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1758671 - CVE-2017-18595 kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c 1786164 - CVE-2019-19768 kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c 1825116 - CVE-2020-10711 Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic 6. Package List: Red Hat MRG Realtime for RHEL 6 Server v.2: Source: kernel-rt-3.10.0-693.67.1.rt56.665.el6rt.src.rpm noarch: kernel-rt-doc-3.10.0-693.67.1.rt56.665.el6rt.noarch.rpm kernel-rt-firmware-3.10.0-693.67.1.rt56.665.el6rt.noarch.rpm x86_64: kernel-rt-3.10.0-693.67.1.rt56.665.el6rt.x86_64.rpm kernel-rt-debug-3.10.0-693.67.1.rt56.665.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-693.67.1.rt56.665.el6rt.x86_64.rpm kernel-rt-debug-devel-3.10.0-693.67.1.rt56.665.el6rt.x86_64.rpm kernel-rt-debuginfo-3.10.0-693.67.1.rt56.665.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-693.67.1.rt56.665.el6rt.x86_64.rpm kernel-rt-devel-3.10.0-693.67.1.rt56.665.el6rt.x86_64.rpm kernel-rt-trace-3.10.0-693.67.1.rt56.665.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-693.67.1.rt56.665.el6rt.x86_64.rpm kernel-rt-trace-devel-3.10.0-693.67.1.rt56.665.el6rt.x86_64.rpm kernel-rt-vanilla-3.10.0-693.67.1.rt56.665.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.10.0-693.67.1.rt56.665.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.10.0-693.67.1.rt56.665.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2017-18595 https://access.redhat.com/security/cve/CVE-2019-19768 https://access.redhat.com/security/cve/CVE-2020-10711 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXsVqgtzjgjWX9erEAQh5BA/8DN08cbace9L36AhZIM8AWC8ur15LJlMP Wnrhp5EC27PGN3y5Sx3lGPg3e/CKm7eVtGkd32aAWK7xcbzoURq+Z5GEWs32AvGD GU2x0FNFnunkac/xvfKnn0AT1PNWplsBx1fXfKW2P1fc0hQ9mP6gP9riX9e0kpml NbqaGONo9d/9+7L2L6vB6qZAJ9FaN9o2bf0FpUTK2gfHikPCk0H1VzaUqSlZ2fUE 6K/pHqRI1ekRhMzn8PynupX5k4+GkBPqV9ilIU3Gpj6P8aqm23vNwt6+OWVsfdFb dcbUdMXwLscIzfs/PpPFaeCRYA2Ac/8Z2bueYOTO/1w69+3R7f+MaJcMLIyfY1LO xeWEIEbmdx3tlwBG5ZWRSxJktiX3lYAf5nigjHK9YVsERn4tnJ72k6dVC9px9dSq 5FtMNzHVWiWWEbX8uC6hDR95JpZgzo33TwoC+R+zSkVVgWgtl6kLH45lHSrMGfiH 7XiuLnuXoahKAf75mCWo96L6+nnQdo4ecTqqEiA1Gq7xFvGAoP4L42QyAu/dpruw rFZmucBN6EOgawqrtkGb+EjmOM7SVn+DN1CBdlT3LulOUX+sagOpDFuX8DVHrEiG 4R0GsPU3eGPYfJqR3XUjaDw7lQaLicMCiIl/cTg4X4QwgGnv+jVhpij5AX32XWy9 /4i3Wz/rGhw=RFSy -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 20, 2020
•Important
Red Hat
200
security advisorycritical issuesecurity updateScientific Linux SL7: SLSA-2020-2082-1 Important Kernel Security Update
kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595) * kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) * Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) SL7 x86_64 bpftool-3.10.0-1127.8.2.el7.x86_6 [More...]. Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2020:2082-1 Issue Date: 2020-05-12 CVE Numbers: None -- Security Fix(es): * kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595) * kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) * Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) -- SL7 x86_64 bpftool-3.10.0-1127.8.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1127.8.2.el7.x86_64.rpm kernel-3.10.0-1127.8.2.el7.x86_64.rpm kernel-debug-3.10.0-1127.8.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1127.8.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1127.8.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1127.8.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1127.8.2.el7.x86_64.rpm kernel-devel-3.10.0-1127.8.2.el7.x86_64.rpm kernel-headers-3.10.0-1127.8.2.el7.x86_64.rpm kernel-tools-3.10.0-1127.8.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1127.8.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1127.8.2.el7.x86_64.rpm perf-3.10.0-1127.8.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1127.8.2.el7.x86_64.rpm python-perf-3.10.0-1127.8.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1127.8.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1127.8.2.el7.x86_64.rpm noarch kernel-abi-whitelists-3.10.0-1127.8.2.el7.noarch.rpm kernel-doc-3.10.0-1127.8.2.el7.noarch.rpm - Scientific Linux Development Team . Essential kernel securityand stability patch release for Scientific Linux SL7.x tackling severe vulnerabilities and possible system failures.. kernel update, Scientific Linux, security fix, bug race condition. . Severity: Important. LinuxSecurity.com Team
May 15, 2020
•Important
Scientific Linux
98
security advisoryRed Hatbug fixRed Hat Enterprise Linux 8: RHSA-2020-2171-01 Important: Kernel-Rt Security
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2020:2171-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2171 Issue date: 2020-05-14 CVE Names: CVE-2020-2732 CVE-2020-10711 ==================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Real Time (v. 8) - x86_64 Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) * Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources (CVE-2020-2732) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the latest RHEL-8.2.z source tree (BZ#1831781) 4.Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1805135 - CVE-2020-2732 Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources 1825116 - CVE-2020-10711 Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic 6. Package List: Red Hat Enterprise Linux Real Time for NFV (v. 8): Source: kernel-rt-4.18.0-193.1.2.rt13.53.el8_2.src.rpm x86_64: kernel-rt-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-core-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-debug-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-debug-core-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-debug-devel-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-debug-kvm-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-debug-modules-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-debuginfo-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-devel-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-kvm-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-modules-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-modules-extra-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm Red Hat Enterprise Linux Real Time (v.8): Source: kernel-rt-4.18.0-193.1.2.rt13.53.el8_2.src.rpm x86_64: kernel-rt-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-core-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-debug-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-debug-core-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-debug-devel-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-debug-modules-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-debuginfo-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-devel-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-modules-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm kernel-rt-modules-extra-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-2732 https://access.redhat.com/security/cve/CVE-2020-10711 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXr2XE9zjgjWX9erEAQjxDg//SjJycjt5w9mhRNHmQ3I7SMW2EhLd9axr IQO2b34OLRmCSZVdp54y1vVILrVHL4W3jUJyntNSvr3P77OXUqLye5mSr5JGMrSK 4h4Plw47T7rjeBG4rNIvw3mTAG2HRFtihac3Eo6+mlpgtTUqlgGsU1f7xoE2yQqs TWT9Ft9Os2RULOP3159pTu97ny8XN+Ht2GTK71gFFBM9HFVbIot2ayBofyUweGRG Oczfrr8dJO50W5t8gQckFwFECJhBQchO1KgPQ8RdHidIQnjbj7HLI6ufAm0Ie/ty zmooaz17WfdMJic21v9iMXAWSg8innQqJ54vmuUnkUO8sVD9/wcaxH8vbbkN+m6g HeM+78jC7lMzB3QgyW64AR548dVLmCvyKv/5xo/ijVLYw3B1+gvFoBCttfqlwzfD HIw/kbcfHaERPdys9iTE/e+9t2jwNXe1yuVBC5VlblvR7gOO5NXA/8U2s57b3kyO kWuc8ZoJ6bpt1b34k2dwzvBv0o0weF+XYIFDH+N6OQZCOdFP6YBbSccZ+RNGtZb+ IxzPCe6la75y9lRM1yl7K/Ox0dtuFfLweDEu5EaJYZ/nXkqELLzzUv7AAukkoP9O JyP4xbOk9JR1e0pfZVdoIee0U9SL2Q+N0mT9Y6uRE8KMw/T+Gb8M8S+wJPvXVX94 JeVd54gcRN4=v7gM -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 14, 2020
•Important
Red Hat
200
security advisorysecurity fiximportant updateScientific Linux: SLSA-2020:2103-1 Critical Kernel Panic Issue
Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) SL6 x86_64 kernel-2.6.32-754.29.2.el6.x86_64.rpm kernel-debug-2.6.32-754.29.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.29.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.29.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.29.2.el6.i686 [More...]. Synopsis: Important: kernel security update Advisory ID: SLSA-2020:2103-1 Issue Date: 2020-05-12 CVE Numbers: None -- Security Fix(es): * Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) -- SL6 x86_64 kernel-2.6.32-754.29.2.el6.x86_64.rpm kernel-debug-2.6.32-754.29.2.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.29.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.29.2.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.29.2.el6.i686.rpm kernel-debug-devel-2.6.32-754.29.2.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.29.2.el6.i686.rpm kernel-debuginfo-2.6.32-754.29.2.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.29.2.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.29.2.el6.x86_64.rpm kernel-devel-2.6.32-754.29.2.el6.x86_64.rpm kernel-headers-2.6.32-754.29.2.el6.x86_64.rpm perf-2.6.32-754.29.2.el6.x86_64.rpm perf-debuginfo-2.6.32-754.29.2.el6.i686.rpm perf-debuginfo-2.6.32-754.29.2.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.29.2.el6.i686.rpm python-perf-debuginfo-2.6.32-754.29.2.el6.x86_64.rpm python-perf-2.6.32-754.29.2.el6.x86_64.rpm i386 kernel-2.6.32-754.29.2.el6.i686.rpm kernel-debug-2.6.32-754.29.2.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.29.2.el6.i686.rpm kernel-debug-devel-2.6.32-754.29.2.el6.i686.rpm kernel-debuginfo-2.6.32-754.29.2.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.29.2.el6.i686.rpm kernel-devel-2.6.32-754.29.2.el6.i686.rpm kernel-headers-2.6.32-754.29.2.el6.i686.rpm perf-2.6.32-754.29.2.el6.i686.rpm perf-debuginfo-2.6.32-754.29.2.el6.i686.rpm python-perf-debuginfo-2.6.32-754.29.2.el6.i686.rpm python-perf-2.6.32-754.29.2.el6.i686.rpm noarch kernel-abi-whitelists-2.6.32-754.29.2.el6.noarch.rpm kernel-doc-2.6.32-754.29.2.el6.noarch.rpm kernel-firmware-2.6.32-754.29.2.el6.noarch.rpm - Scientific Linux Development Team . A vital kernel patch for Scientific Linux resolves a serious null reference bug leading to system instability. Learn more.. kernel security, Scientific Linux, null pointer issue, security update, kernel fix. . Severity: Critical. LinuxSecurity.com Team
May 13, 2020
•Critical
Scientific Linux
98
security advisoryRed Hat Enterprise LinuximportantRedHat: RHSA-2020-2125-01 Important: kpatch-patch Kernel Panic Issue
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kpatch-patch security update Advisory ID: RHSA-2020:2125-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2125 Issue date: 2020-05-13 CVE Names: CVE-2020-10711 ==================================================================== 1. Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1825116 - CVE-2020-10711 Kernel: NetLabel: null pointer dereference whilereceiving CIPSO packet with null category may cause kernel panic 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: kpatch-patch-4_18_0-193-1-2.el8.src.rpm ppc64le: kpatch-patch-4_18_0-193-1-2.el8.ppc64le.rpm kpatch-patch-4_18_0-193-debuginfo-1-2.el8.ppc64le.rpm kpatch-patch-4_18_0-193-debugsource-1-2.el8.ppc64le.rpm x86_64: kpatch-patch-4_18_0-193-1-2.el8.x86_64.rpm kpatch-patch-4_18_0-193-debuginfo-1-2.el8.x86_64.rpm kpatch-patch-4_18_0-193-debugsource-1-2.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-10711 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXrulftzjgjWX9erEAQigSQ//Qv3yEwTeHIbapr2t/5rkB3WnDN8/AfUA i9iRIGOrGxIQLcK7DSy75jiPIAvltCv8GKYQGomn2ZZ0q9V+ZkKAfPtNHCwuQxgB 4F4F+8xrEkLlitsBM/ECdxoa3t+wKcoDPIXBch2ZPuyFgoNqltrwLDUaONFjub4Z Izcm9nzV18sgz4VE3FTT7iocFhB/4/N/fyOKLjFuOwUToyw8zbFx91wx3FcVFn7g BLQaLVLFarg/ht+nIn7LJtcyTxjXFpTxxIDek/WSlmgEkVinyvaC6DnwVobxQvN9 lu7LbdLMCiv0Y2u5rEHibgedehIGxumUCfBKqVQCi4AuJSWi+oF77zZjLXeOjVQe nleFxzO6l/h0zgqd3MWhEuwdecwpVR7+C5Gn7VEAXeRxd/jIW0CB/k6hEhe8y0so lJR+ax5xzAa+R3osKhr75UFH18r5U/J+f+horVl6DXZQxWboftnyeAICcSiJcjPy FGxBpz6BQ11MpWvLNfCWSCuGKEzOvZpOYapHCtT3CanXZBhbEaFkmETFLFY0wOja +guOs6sZIfBH67QeslqQKer5r+zlDgt1H/KEdnS2WhO7NhQ4neuETrqmXAQLS+kg 3qfskLHgW+wInPj5zZgUUEn7BonqfFuzdppNuIJITCvFZGYyxPZq1QNErmI6RYhr qrgNNoO4RRs=EGln -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 13, 2020
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!