Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
202
security advisoryheap overflowmemory accessopenSUSE 15 SP5: SUSE-SU-2023:3676-1 Important Kernel Security Fixes
This update for the Linux Kernel 5.14.21-150500_13_5 fixes several issues. The following security issues were fixed:. # Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:3676-1 Rating: important References: * #1211395 * #1212849 * #1213063 Cross-References: * CVE-2023-2156 * CVE-2023-3090 * CVE-2023-35001 CVSS scores: * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_5 fixes several issues. The following security issues were fixed: * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). * CVE-2023-3090: Fixed a heapout-of-bounds write in the ipvlan network driver (bsc#1212849). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3676=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3679=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3679=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-SLE15-SP4-RT_Update_8-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_15_37-rt-2-150400.2.1 * kernel-livepatch-5_14_21-150400_15_37-rt-debuginfo-2-150400.2.1 * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_13_5-rt-2-150500.2.1 * kernel-livepatch-5_14_21-150500_13_5-rt-debuginfo-2-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_1-debugsource-2-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_5-rt-2-150500.2.1 * kernel-livepatch-5_14_21-150500_13_5-rt-debuginfo-2-150500.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_1-debugsource-2-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-3090.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://bugzilla.suse.com/show_bug.cgi?id=1211395 * https://bugzilla.suse.com/show_bug.cgi?id=1212849 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 . A patch for Linux Kernel 5.14.21-150500_13_5 has been issued to rectify severe vulnerabilities impacting openSUSE platforms.. Linux Kernel Patch, openSUSE Security, Kernel RT Update. . Severity: Important. LinuxSecurity.com Team
Sep 19, 2023
•Important
OpenSUSE
202
security advisorykernel patchimportant updateopenSUSE: 2023:3658-1 Important: CVE-2023-2156 Networking Flaw Fix
This update for the Linux Kernel 5.14.21-150500_55_12 fixes one issue. The following security issue was fixed:. # Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:3658-1 Rating: important References: * #1211395 Cross-References: * CVE-2023-2156 CVSS scores: * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_12 fixes one issue. The following security issue was fixed: * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3658=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-3658=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3660=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patchSUSE-SLE-Module-Live-Patching-15-SP5-2023-3660=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_15-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_74-default-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_74-default-debuginfo-2-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_15-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_74-default-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_74-default-debuginfo-2-150400.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_12-default-debuginfo-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_12-default-2-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_2-debugsource-2-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_12-default-debuginfo-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_12-default-2-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_2-debugsource-2-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2156.html * https://bugzilla.suse.com/show_bug.cgi?id=1211395 . A critical security patch for the Linux Kernel targeting CVE-2023-2157 impacting multiple SUSE-based systems.. Linux Kernel Security, SUSE Patching, Kernel Flaw Fix. . Severity: Important. LinuxSecurity.com Team
Sep 18, 2023
•Important
OpenSUSE
202
security advisorysecurity issueprivilege escalationopenSUSE 15 SP5: SUSE-SU-2023:3659-1 Important Kernel Patch
This update for the Linux Kernel 5.14.21-150500_55_7 fixes several issues. The following security issues were fixed:. # Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:3659-1 Rating: important References: * #1211395 * #1213063 Cross-References: * CVE-2023-2156 * CVE-2023-35001 CVSS scores: * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_7 fixes several issues. The following security issues were fixed: * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211395). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213063). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3659=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3659=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_1-debugsource-2-150500.2.1 *kernel-livepatch-5_14_21-150500_55_7-default-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_7-default-debuginfo-2-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_1-debugsource-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_7-default-2-150500.2.1 * kernel-livepatch-5_14_21-150500_55_7-default-debuginfo-2-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://bugzilla.suse.com/show_bug.cgi?id=1211395 * https://bugzilla.suse.com/show_bug.cgi?id=1213063 . Critical update for Linux Kernel resolves two security issues affecting openSUSE and SUSE Linux Enterprise systems.. Linux Kernel Update, SUSE Patching, Critical Security Flaws. . Severity: Important. LinuxSecurity.com Team
Sep 18, 2023
•Important
OpenSUSE
203
security advisoryprivilege escalationkernelMageia 8 MGASA-2023-0237 Moderate: Kernel Privilege Escalation Threat
This kernel update is based on upstream 5.15.120 and fixes atleast the following security issues: A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the . MGASA-2023-0237 - Updated kernel packages fix security vulnerabilities Publication date: 19 Jul 2023 URL: https://advisories.mageia.org/MGASA-2023-0237.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-3338, CVE-2023-3390, CVE-2023-31248, CVE-2023-35001 This kernel update is based on upstream 5.15.120 and fixes atleast the following security issues: A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system. This is fixed by removing DECnet support (CVE-2023-3338). A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue (CVE-2023-3390). Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; nft_chain_lookup_byid() failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace (CVE-2023-31248). Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace (CVE-2023-35001). NOTE!! This kernel also contains a fix for dkms builds hanging / stalling during upgrade to Mageia 9 (mga#31982) due to the new make 4.4 series utility ending up in a loop processing Makefile in kernel-devel packages. So if you use dkms packaged drivers, you need to be running this kernel (or any later released ones) before you do an online upgrade to avoid the upgrade stalling / hanging. References: -https://bugs.mageia.org/show_bug.cgi?id=32093 - https://bugs.mageia.org/show_bug.cgi?id=31982 - https://www.cve.org/CVERecord?id=CVE-2023-3338 - https://www.cve.org/CVERecord?id=CVE-2023-3390 - https://www.cve.org/CVERecord?id=CVE-2023-31248 - https://www.cve.org/CVERecord?id=CVE-2023-35001 SRPMS: - 8/core/kernel-5.15.120-2.mga8 - 8/core/kmod-virtualbox-7.0.8-1.12.mga8 - 8/core/kmod-xtables-addons-3.23-1.22.mga8 . Patch release MGASA-2023-0238 addresses various vulnerabilities in the kernel of Mandriva, enhancing overall system security and performance.. kernel update, security issues, mageia 8, privilege escalation, networking issues. . Severity: Important. LinuxSecurity.com Team
Jul 19, 2023
•Important
Mageia
98
security advisorydenial of serviceRed Hat EnterpriseRed Hat Enterprise MRG 2 RHSA-2019-1487 Important Kernel-Rt Security Update
An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2019:1487-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://access.redhat.com/errata/RHSA-2019:1487 Issue date: 2019-06-17 CVE Names: CVE-2018-7566 CVE-2018-1000004 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 ==================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flawto crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477) * kernel: race condition in snd_seq_write() may lead to UAF or OOB-access (CVE-2018-7566) * kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004) * Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478) * Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * update the MRG 2.5.z 3.10 kernel-rt sources (BZ#1711010) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1535315 - CVE-2018-1000004 kernel: Race condition in sound system can lead to denial of service 1550142 - CVE-2018-7566 kernel: race condition in snd_seq_write() may lead to UAF or OOB-access 1711010 - update the MRG 2.5.z 3.10 kernel-rt sources 1719123 - CVE-2019-11477 Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service 1719128 - CVE-2019-11478 Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service 1719129 - CVE-2019-11479 Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service 6. Package List: Red Hat MRG Realtime for RHEL 6 Serverv.2: Source: kernel-rt-3.10.0-693.50.3.rt56.644.el6rt.src.rpm noarch: kernel-rt-doc-3.10.0-693.50.3.rt56.644.el6rt.noarch.rpm kernel-rt-firmware-3.10.0-693.50.3.rt56.644.el6rt.noarch.rpm x86_64: kernel-rt-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm kernel-rt-debug-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm kernel-rt-debug-devel-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm kernel-rt-debuginfo-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm kernel-rt-devel-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm kernel-rt-trace-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm kernel-rt-trace-devel-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm kernel-rt-vanilla-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.10.0-693.50.3.rt56.644.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-7566 https://access.redhat.com/security/cve/CVE-2018-1000004 https://access.redhat.com/security/cve/CVE-2019-11477 https://access.redhat.com/security/cve/CVE-2019-11478 https://access.redhat.com/security/cve/CVE-2019-11479 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/tcpsack 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXQfwnNzjgjWX9erEAQjn0hAAkIUHkJhvN9p7xlAkWsCvs3OZGch54LQJ aWiYcjJ4JzjYhXYSnmmtKmzFxDNrEEuHx9neoLpAus/vHf65i8azX61DeKBK5f0c rUtOEiXdcdf0LKtqGeYBhi2C+oduC6kUcqymX+FvYwAkalKN6EzzsAMCn7d6y/QT douPVqE+sH8D1iEn0ZnchiWy3t7kJbjOXlwTyGJTDpCRTqxjxMCt8Ae4I07ZrHX5 V5HMbKQOVtw+ZoIxC/nBqN2cJz0jk1oPqANG+7etcWpYxOcUgDmYvH83M0OwTEqi MrsqJqGVnSisyb9ro3U8O+WH8oS+iSIQXRfO1pqWoQT/76sVfnHCA+BkNz4DXwHi 4a8zSYrxBXI/cg3uTUAap5s6GNZSO/E+F8DbiCFv2SwdqIIKTcu1/VkcPhPXpWy6 +otMvn1hnmm9UIck7cZC6FIL4ehDTaBPqZfom7CDq6g2ShQq2S5iHG1ZDjpcKSKF fjNdR3JzEWSJRqLdsg3RFtizRyzL4PvjAzKKMQhL785lVM8e0bklaFQSD0uBbb7d wLVaoBUqE4wQDX332fYe2DSto1bRcov5XVmS/wk1VNDKc7Eu23v8GuAppw6m59nG AQ6ESv3oY1XMu0LAcpHOHsyY7iKVLgdDHluQWZ6B3T3KUFSSulr2aX4ipN9lvob1 TRi1X0+0ONQ=FNIF -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 17, 2019
•Important
Red Hat
98
security advisorydenial of serviceRed Hat Enterprise LinuxRed Hat Enterprise Linux 7.5 RHSA-2019-1482-01 Important: Kernel DoS Flaw
An update for kernel is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2019:1482-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1482 Issue date: 2019-06-17 CVE Names: CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.5) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.5) - ppc64, ppc64le, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing thevariable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477) * Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478) * Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1719123 - CVE-2019-11477 Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service 1719128 - CVE-2019-11478 Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service 1719129 - CVE-2019-11479 Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v.7.5): Source: kernel-3.10.0-862.34.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.34.2.el7.noarch.rpm kernel-doc-3.10.0-862.34.2.el7.noarch.rpm x86_64: kernel-3.10.0-862.34.2.el7.x86_64.rpm kernel-debug-3.10.0-862.34.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.34.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.34.2.el7.x86_64.rpm kernel-devel-3.10.0-862.34.2.el7.x86_64.rpm kernel-headers-3.10.0-862.34.2.el7.x86_64.rpm kernel-tools-3.10.0-862.34.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.34.2.el7.x86_64.rpm perf-3.10.0-862.34.2.el7.x86_64.rpm perf-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm python-perf-3.10.0-862.34.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5): x86_64: kernel-debug-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.34.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.34.2.el7.x86_64.rpm perf-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v.7.5): Source: kernel-3.10.0-862.34.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.34.2.el7.noarch.rpm kernel-doc-3.10.0-862.34.2.el7.noarch.rpm ppc64: kernel-3.10.0-862.34.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-862.34.2.el7.ppc64.rpm kernel-debug-3.10.0-862.34.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-862.34.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-862.34.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.34.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.34.2.el7.ppc64.rpm kernel-devel-3.10.0-862.34.2.el7.ppc64.rpm kernel-headers-3.10.0-862.34.2.el7.ppc64.rpm kernel-tools-3.10.0-862.34.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.34.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-862.34.2.el7.ppc64.rpm perf-3.10.0-862.34.2.el7.ppc64.rpm perf-debuginfo-3.10.0-862.34.2.el7.ppc64.rpm python-perf-3.10.0-862.34.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.34.2.el7.ppc64.rpm ppc64le: kernel-3.10.0-862.34.2.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.34.2.el7.ppc64le.rpm kernel-debug-3.10.0-862.34.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.34.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.34.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.34.2.el7.ppc64le.rpm kernel-devel-3.10.0-862.34.2.el7.ppc64le.rpm kernel-headers-3.10.0-862.34.2.el7.ppc64le.rpm kernel-tools-3.10.0-862.34.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.34.2.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.34.2.el7.ppc64le.rpm perf-3.10.0-862.34.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.34.2.el7.ppc64le.rpm python-perf-3.10.0-862.34.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.34.2.el7.ppc64le.rpm s390x: kernel-3.10.0-862.34.2.el7.s390x.rpm kernel-debug-3.10.0-862.34.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.34.2.el7.s390x.rpm kernel-debug-devel-3.10.0-862.34.2.el7.s390x.rpm kernel-debuginfo-3.10.0-862.34.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.34.2.el7.s390x.rpm kernel-devel-3.10.0-862.34.2.el7.s390x.rpm kernel-headers-3.10.0-862.34.2.el7.s390x.rpm kernel-kdump-3.10.0-862.34.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.34.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.34.2.el7.s390x.rpm perf-3.10.0-862.34.2.el7.s390x.rpm perf-debuginfo-3.10.0-862.34.2.el7.s390x.rpm python-perf-3.10.0-862.34.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.34.2.el7.s390x.rpm x86_64: kernel-3.10.0-862.34.2.el7.x86_64.rpm kernel-debug-3.10.0-862.34.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.34.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.34.2.el7.x86_64.rpm kernel-devel-3.10.0-862.34.2.el7.x86_64.rpm kernel-headers-3.10.0-862.34.2.el7.x86_64.rpm kernel-tools-3.10.0-862.34.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.34.2.el7.x86_64.rpm perf-3.10.0-862.34.2.el7.x86_64.rpm perf-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm python-perf-3.10.0-862.34.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v.7.5): ppc64: kernel-debug-debuginfo-3.10.0-862.34.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.34.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.34.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.34.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-862.34.2.el7.ppc64.rpm perf-debuginfo-3.10.0-862.34.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.34.2.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-862.34.2.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.34.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.34.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.34.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.34.2.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.34.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.34.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.34.2.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.34.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.34.2.el7.x86_64.rpm perf-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.34.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-11477 https://access.redhat.com/security/cve/CVE-2019-11478 https://access.redhat.com/security/cve/CVE-2019-11479 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/tcpsack 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXQfk3NzjgjWX9erEAQiytA/+LYuWZPA+XAzTGUtoSanvsTMhe3fdVmEs uC08ljrlPeR/Wd6nDM6/kA31tXy0DuL23ocXTXoz+eBQNzpv7wAV3BNegLB+EbaF lalFLRhneQHOPqVQm8NRM/+aQoUSPZGroINcBCxC+RRDCnzgd1IYYOPJeq3N3che 3/o1whqn8af/uYrE49Lg+qimRFPIDkUg/r+pTv8M/cWdskrDlv3ir8Dn3rczrg9C /MjRxlqayPLN60RsdQO1MJPIq/5/4avHbmlqYGvzWyqdMYZckJWtJbRcCNg4MaII P8sx7pW1h6MdC23tGdqdk1VsgPl5ap1qYDjIJdHkp2wOeih6Lk1ezBViRuOfWpx1 Wy2EpmGRy8IUA/biIHedki48cfBHE2T3Bd7dE0V1HHWP5c9iZIov5OTG6dvy5OMV bQA5+BVrSdrOPKj6VDwrbcDWoeSR8O0eMghoj7o3aP6cPzAMmQ2xxj8G4hrZuP0P 1eVZrMPgE+N6Brd9k/o70Gw90Q7N2o8ONJFrz+gFdIGxI+m3dNGhne5hwxou1Q+k 5/O4S3Eu2afic3WNh6K3Zbk8K5rzfqFGdOFEGYw0/lZblRgr9scVQdfo4ohoxabf ojkr1xsbNIcSxHYBm9LRM4cMXblFr+yx+mYZsCA539F2DKID42Y89msdcjGhOUEL SkhJ47gvUQ4=+jJe -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 17, 2019
•Important
Red Hat
98
security advisoryRed Hatkernel updateRed Hat 8 RHSA-2019-1479-01 Important: Kernel Security Flaws
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2019:1479-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1479 Issue date: 2019-06-17 CVE Names: CVE-2019-9213 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw tocrash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477) * kernel: lack of check for mmap minimum address in expand_downwards in mm/mmap.c leads to NULL pointer dereferences exploit on non-SMAP platforms (CVE-2019-9213) * Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478) * Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [HPE 8.0 Bug] nvme drive power button does not turn off drive (BZ#1700288) * RHEL8.0 - hw csum failure seen in dmesg and console (using mlx5/mlx4/Mellanox) (BZ#1700289) * RHEL8.0 - vfio-ap: add subsystem to matrix device to avoid libudev failures (kvm) (BZ#1700290) * [FJ8.1 Bug]: Make Fujitsu Erratum 010001 patch work on A64FX v1r0 (BZ#1700901) * [FJ8.0 Bug]: Fujitsu A64FX processor errata - panic by unknown fault (BZ#1700902) * RHEL 8.0 Snapshot 4 - nvme create-ns command hangs after creating 20 namespaces on Bolt (NVMe) (BZ#1701140) * [Cavium/Marvell 8.0 qed] Fix qed_mcp_halt() and qed_mcp_resume() (backporting bug) (BZ#1704184) * [Intel 8.1 Bug] PBF: Base frequency display fix (BZ#1706739) * [RHEL8]read/write operation not permitted to /sys/kernel/debug/gcov/reset (BZ#1708100) * RHEL8.0 - ISST-LTE:pVM:fleetwood:LPM:raylp85:After lpm seeing the console logs on the the lpar at target side (BZ#1708102) * RHEL8.0 - Backport support for software count cache flush Spectre v2 mitigation (BZ#1708112) * [Regression] RHEL8.0 - System crashed with one stress-ng-mremap stressor on Boston (kvm host) (BZ#1708617) * [intel ice Rhel 8 RC1] ethtool -A ethx causes interfaces to go down (BZ#1709433) 4. Solution: For details onhow to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1686136 - CVE-2019-9213 kernel: lack of check for mmap minimum address in expand_downwards in mm/mmap.c leads to NULL pointer dereferences exploit on non-SMAP platforms 1719123 - CVE-2019-11477 Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service 1719128 - CVE-2019-11478 Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service 1719129 - CVE-2019-11479 Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service 6. Package List: Red Hat Enterprise Linux BaseOS (v.8): Source: kernel-4.18.0-80.4.2.el8_0.src.rpm aarch64: bpftool-4.18.0-80.4.2.el8_0.aarch64.rpm bpftool-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm kernel-4.18.0-80.4.2.el8_0.aarch64.rpm kernel-core-4.18.0-80.4.2.el8_0.aarch64.rpm kernel-cross-headers-4.18.0-80.4.2.el8_0.aarch64.rpm kernel-debug-4.18.0-80.4.2.el8_0.aarch64.rpm kernel-debug-core-4.18.0-80.4.2.el8_0.aarch64.rpm kernel-debug-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm kernel-debug-devel-4.18.0-80.4.2.el8_0.aarch64.rpm kernel-debug-modules-4.18.0-80.4.2.el8_0.aarch64.rpm kernel-debug-modules-extra-4.18.0-80.4.2.el8_0.aarch64.rpm kernel-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-80.4.2.el8_0.aarch64.rpm kernel-devel-4.18.0-80.4.2.el8_0.aarch64.rpm kernel-headers-4.18.0-80.4.2.el8_0.aarch64.rpm kernel-modules-4.18.0-80.4.2.el8_0.aarch64.rpm kernel-modules-extra-4.18.0-80.4.2.el8_0.aarch64.rpm kernel-tools-4.18.0-80.4.2.el8_0.aarch64.rpm kernel-tools-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm kernel-tools-libs-4.18.0-80.4.2.el8_0.aarch64.rpm perf-4.18.0-80.4.2.el8_0.aarch64.rpm perf-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm python3-perf-4.18.0-80.4.2.el8_0.aarch64.rpm python3-perf-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm noarch: kernel-abi-whitelists-4.18.0-80.4.2.el8_0.noarch.rpm kernel-doc-4.18.0-80.4.2.el8_0.noarch.rpm ppc64le: bpftool-4.18.0-80.4.2.el8_0.ppc64le.rpm bpftool-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm kernel-4.18.0-80.4.2.el8_0.ppc64le.rpm kernel-core-4.18.0-80.4.2.el8_0.ppc64le.rpm kernel-cross-headers-4.18.0-80.4.2.el8_0.ppc64le.rpm kernel-debug-4.18.0-80.4.2.el8_0.ppc64le.rpm kernel-debug-core-4.18.0-80.4.2.el8_0.ppc64le.rpm kernel-debug-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm kernel-debug-devel-4.18.0-80.4.2.el8_0.ppc64le.rpm kernel-debug-modules-4.18.0-80.4.2.el8_0.ppc64le.rpm kernel-debug-modules-extra-4.18.0-80.4.2.el8_0.ppc64le.rpm kernel-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-80.4.2.el8_0.ppc64le.rpm kernel-devel-4.18.0-80.4.2.el8_0.ppc64le.rpm kernel-headers-4.18.0-80.4.2.el8_0.ppc64le.rpm kernel-modules-4.18.0-80.4.2.el8_0.ppc64le.rpm kernel-modules-extra-4.18.0-80.4.2.el8_0.ppc64le.rpm kernel-tools-4.18.0-80.4.2.el8_0.ppc64le.rpm kernel-tools-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm kernel-tools-libs-4.18.0-80.4.2.el8_0.ppc64le.rpm perf-4.18.0-80.4.2.el8_0.ppc64le.rpm perf-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm python3-perf-4.18.0-80.4.2.el8_0.ppc64le.rpm python3-perf-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm s390x: bpftool-4.18.0-80.4.2.el8_0.s390x.rpm bpftool-debuginfo-4.18.0-80.4.2.el8_0.s390x.rpm kernel-4.18.0-80.4.2.el8_0.s390x.rpm kernel-core-4.18.0-80.4.2.el8_0.s390x.rpm kernel-cross-headers-4.18.0-80.4.2.el8_0.s390x.rpm kernel-debug-4.18.0-80.4.2.el8_0.s390x.rpm kernel-debug-core-4.18.0-80.4.2.el8_0.s390x.rpm kernel-debug-debuginfo-4.18.0-80.4.2.el8_0.s390x.rpm kernel-debug-devel-4.18.0-80.4.2.el8_0.s390x.rpm kernel-debug-modules-4.18.0-80.4.2.el8_0.s390x.rpm kernel-debug-modules-extra-4.18.0-80.4.2.el8_0.s390x.rpm kernel-debuginfo-4.18.0-80.4.2.el8_0.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-80.4.2.el8_0.s390x.rpm kernel-devel-4.18.0-80.4.2.el8_0.s390x.rpm kernel-headers-4.18.0-80.4.2.el8_0.s390x.rpm kernel-modules-4.18.0-80.4.2.el8_0.s390x.rpm kernel-modules-extra-4.18.0-80.4.2.el8_0.s390x.rpm kernel-tools-4.18.0-80.4.2.el8_0.s390x.rpm kernel-tools-debuginfo-4.18.0-80.4.2.el8_0.s390x.rpm kernel-zfcpdump-4.18.0-80.4.2.el8_0.s390x.rpm kernel-zfcpdump-core-4.18.0-80.4.2.el8_0.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-80.4.2.el8_0.s390x.rpm kernel-zfcpdump-devel-4.18.0-80.4.2.el8_0.s390x.rpm kernel-zfcpdump-modules-4.18.0-80.4.2.el8_0.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-80.4.2.el8_0.s390x.rpm perf-4.18.0-80.4.2.el8_0.s390x.rpm perf-debuginfo-4.18.0-80.4.2.el8_0.s390x.rpm python3-perf-4.18.0-80.4.2.el8_0.s390x.rpm python3-perf-debuginfo-4.18.0-80.4.2.el8_0.s390x.rpm x86_64: bpftool-4.18.0-80.4.2.el8_0.x86_64.rpm bpftool-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm kernel-4.18.0-80.4.2.el8_0.x86_64.rpm kernel-core-4.18.0-80.4.2.el8_0.x86_64.rpm kernel-cross-headers-4.18.0-80.4.2.el8_0.x86_64.rpm kernel-debug-4.18.0-80.4.2.el8_0.x86_64.rpm kernel-debug-core-4.18.0-80.4.2.el8_0.x86_64.rpm kernel-debug-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm kernel-debug-devel-4.18.0-80.4.2.el8_0.x86_64.rpm kernel-debug-modules-4.18.0-80.4.2.el8_0.x86_64.rpm kernel-debug-modules-extra-4.18.0-80.4.2.el8_0.x86_64.rpm kernel-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-80.4.2.el8_0.x86_64.rpm kernel-devel-4.18.0-80.4.2.el8_0.x86_64.rpm kernel-headers-4.18.0-80.4.2.el8_0.x86_64.rpm kernel-modules-4.18.0-80.4.2.el8_0.x86_64.rpm kernel-modules-extra-4.18.0-80.4.2.el8_0.x86_64.rpm kernel-tools-4.18.0-80.4.2.el8_0.x86_64.rpm kernel-tools-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm kernel-tools-libs-4.18.0-80.4.2.el8_0.x86_64.rpm perf-4.18.0-80.4.2.el8_0.x86_64.rpm perf-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm python3-perf-4.18.0-80.4.2.el8_0.x86_64.rpm python3-perf-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm Red Hat CodeReady Linux Builder (v.8): aarch64: bpftool-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm kernel-debug-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm kernel-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-80.4.2.el8_0.aarch64.rpm kernel-tools-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm kernel-tools-libs-devel-4.18.0-80.4.2.el8_0.aarch64.rpm perf-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm python3-perf-debuginfo-4.18.0-80.4.2.el8_0.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm kernel-debug-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm kernel-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-80.4.2.el8_0.ppc64le.rpm kernel-tools-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm kernel-tools-libs-devel-4.18.0-80.4.2.el8_0.ppc64le.rpm perf-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm python3-perf-debuginfo-4.18.0-80.4.2.el8_0.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm kernel-debug-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm kernel-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-80.4.2.el8_0.x86_64.rpm kernel-tools-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm kernel-tools-libs-devel-4.18.0-80.4.2.el8_0.x86_64.rpm perf-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm python3-perf-debuginfo-4.18.0-80.4.2.el8_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-9213 https://access.redhat.com/security/cve/CVE-2019-11477 https://access.redhat.com/security/cve/CVE-2019-11478 https://access.redhat.com/security/cve/CVE-2019-11479 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/tcpsack 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXQfVZNzjgjWX9erEAQgLoA/9GIfagfPFKGZbzBrrj0u6ql3dtHsfhHsn pWGZULspXnR/k3np3STGthnvri1ptkk3/IVmc1Iz9IiAE7A7yhK/Trbg4pIapZ4t 7NUeskkhfnpP+6ocPbEGnfjaJ5zieMERVUTcrZ+CKhds1YYnJ0ih1ekj+P12UacN l1R5Ga79XhwnGT5Alfm0ATZIx+idKuhVp4b6uLAKeMCBwsmDZwe98oCmDSvpAPQ9 kire5H61hvSd/GfsGrVeA8ohs/8b7iw2UslcdZ1uYoLxPpz1I24/i1OXeElMVp3l 4TDthnn3Djd19fp77gSuBbxxh8ismPDL+jBAhsq0TNdzG88PhJK1h/qbO6t39F9z hBf+eALXggOLEm8UFuuyInmVJjqc/Wt1zGHiLBgr0UhlfVOa5fzhG8NfoQ6bJ56O mXcS6cmndf0barL4bse6XsyCGQZbLB2jI7cUByeZxlg0d9akpKeuHmI5NnuZJDGx VhJ1u/6VNBLryEIQs916RdQGJ4EOQfVGhwE0WufW4Zu8Fs0d2P4c/zOY/hZwQRYk NyhJTR49iD3qmi0mPd+MyeMvY2bSkChmDTscnzSeq6ASGrxoPJg1Pc9Aa5o+ZT3N bel0/RacnVWzMs5q3kiZTu7ovCt+2UfiTmRQVfcgsp1WXBgRI8uUeCWX5hd0yl+t ZAqvPPSmBPY=qId3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 17, 2019
•Important
Red Hat
200
security advisorycriticalman-in-the-middleSciLinux: SLSA-2017-2998-1 Critical: OpenJDK Issues and Fixes
Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-10285, CVE-2017-10346) * It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of t [More...]. Synopsis: Critical: java-1.8.0-openjdk security update Advisory ID: SLSA-2017:2998-1 Issue Date: 2017-10-20 CVE Numbers: CVE-2017-10285 CVE-2017-10346 CVE-2017-10388 CVE-2017-10274 CVE-2017-10349 CVE-2017-10357 CVE-2017-10348 CVE-2017-10347 CVE-2017-10350 CVE-2017-10281 CVE-2017-10295 CVE-2017-10345 CVE-2017-10355 CVE-2017-10356 -- Security Fix(es): * Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-10285, CVE-2017-10346) * It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the- middle attacker could possibly use this flaw to impersonate Kerberos services to Java applications acting as Kerberos clients. (CVE-2017-10388) * It was discovered that the Security component of OpenJDK generated weak password-based encryption keys used to protect private keys stored in key stores. This made it easier to perform password guessing attacks to decrypt stored keys if an attacker could gain access to a key store. (CVE-2017-10356) * A flaw was found in the Smart Card IO component in OpenJDK. An untrusted Java application or applet could use this flaw tobypass certain Java sandbox restrictions. (CVE-2017-10274) * It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server. (CVE-2017-10355) * It was found that the HttpURLConnection and HttpsURLConnection classes in the Networking component of OpenJDK failed to check for newline characters embedded in URLs. An attacker able to make a Java application perform an HTTP request using an attacker provided URL could possibly inject additional headers into the request. (CVE-2017-10295) * It was discovered that multiple classes in the JAXP, Serialization, Libraries, and JAX-WS components of OpenJDK did not limit the amount of memory allocated when creating object instances from the serialized form. A specially-crafted input could cause a Java application to use an excessive amount of memory when deserialized. (CVE-2017-10349, CVE-2017-10357, CVE-2017-10347, CVE-2017-10281, CVE-2017-10345, CVE-2017-10348, CVE-2017-10350) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. -- SL6 x86_64 java-1.8.0-openjdk-1.8.0.151-1.b12.el6_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.151-1.b12.el6_9.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.151-1.b12.el6_9.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.151-1.b12.el6_9.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.151-1.b12.el6_9.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.151-1.b12.el6_9.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.151-1.b12.el6_9.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.151-1.b12.el6_9.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.151-1.b12.el6_9.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.151-1.b12.el6_9.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.151-1.b12.el6_9.x86_64.rpm i386 java-1.8.0-openjdk-1.8.0.151-1.b12.el6_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.151-1.b12.el6_9.i686.rpm java-1.8.0-openjdk-headless-1.8.0.151-1.b12.el6_9.i686.rpm java-1.8.0-openjdk-debug-1.8.0.151-1.b12.el6_9.i686.rpm java-1.8.0-openjdk-demo-1.8.0.151-1.b12.el6_9.i686.rpm java-1.8.0-openjdk-demo-debug-1.8.0.151-1.b12.el6_9.i686.rpm java-1.8.0-openjdk-devel-1.8.0.151-1.b12.el6_9.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.151-1.b12.el6_9.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.151-1.b12.el6_9.i686.rpm java-1.8.0-openjdk-src-1.8.0.151-1.b12.el6_9.i686.rpm java-1.8.0-openjdk-src-debug-1.8.0.151-1.b12.el6_9.i686.rpm noarch java-1.8.0-openjdk-javadoc-1.8.0.151-1.b12.el6_9.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.151-1.b12.el6_9.noarch.rpm SL7 x86_64 java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.i686.rpm java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.151-1.b12.el7_4.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.151-1.b12.el7_4.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.151-1.b12.el7_4.i686.rpm java-1.8.0-openjdk-headless-1.8.0.151-1.b12.el7_4.x86_64.rpm java-1.8.0-openjdk-accessibility-1.8.0.151-1.b12.el7_4.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.151-1.b12.el7_4.x86_64.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.151-1.b12.el7_4.i686.rpm java-1.8.0-openjdk-accessibility-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.151-1.b12.el7_4.i686.rpm java-1.8.0-openjdk-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.151-1.b12.el7_4.i686.rpm java-1.8.0-openjdk-demo-1.8.0.151-1.b12.el7_4.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.151-1.b12.el7_4.i686.rpm java-1.8.0-openjdk-demo-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.151-1.b12.el7_4.i686.rpm java-1.8.0-openjdk-devel-1.8.0.151-1.b12.el7_4.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.151-1.b12.el7_4.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.151-1.b12.el7_4.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.151-1.b12.el7_4.i686.rpm java-1.8.0-openjdk-src-1.8.0.151-1.b12.el7_4.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.151-1.b12.el7_4.i686.rpm java-1.8.0-openjdk-src-debug-1.8.0.151-1.b12.el7_4.x86_64.rpm noarch java-1.8.0-openjdk-javadoc-1.8.0.151-1.b12.el7_4.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.151-1.b12.el7_4.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.151-1.b12.el7_4.noarch.rpm java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.151-1.b12.el7_4.noarch.rpm - Scientific Linux Development Team . Important security patch for java-1.8.0-openjdk that resolves various vulnerabilities in OpenJDK elements on SL6.x and SL7.x systems.. OpenJDK Fixes, Java Security Update, Critical OpenJDK Issues, Java Applet Exploits. . Severity: Critical. LinuxSecurity.com Team
Oct 20, 2017
•Critical
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!