Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.4485 kernel security and bug fix update 27 November 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel kernel-rt Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux WS/Desktop 7 Impact/Access: Increased Privileges -- Existing Account Access Privileged Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-15239 CVE-2019-14821 Reference: ESB-2019.4121 ESB-2019.4110 Original Bulletin: https://access.redhat.com/errata/RHSA-2019:3979 https://access.redhat.com/errata/RHSA-2019:3978 Comment: This bulletin contains two (2) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2019:3979-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3979 Issue date: 2019-11-26 CVE Names: CVE-2019-14821 CVE-2019-15239 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) * kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation (CVE-2019-15239) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * On RHEL 7.7 kernel SCSI VPD information for NVMe drives is missing (breaks InfoScale) (BZ#1752423) * RHEL7 fnic spamming logs: Current vnic speed set to : 40000 (BZ#1754836) * kernel build: parallelize redhat/mod-sign.sh (BZ#1755330) * kernel build: speed up module compression step (BZ#1755339) * Nested VirtualBox VMs on Windows guest has the potential of impacting memory region allocated to other KVM guests (BZ#1755781) * NULL pointer dereference at check_preempt_wakeup+0x109 (BZ#1756265) * Regression: panic in pick_next_task_rt (BZ#1756267) * ixgbe reports "Detected Tx Unit Hang" with adapter reset on RHEL 7 (BZ#1757350) * [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM. (BZ#1757757) * nvme: dead loop in blk_mq_tagset_wait_completed_request() when it is called from timeout handler (BZ#1758051) * [mlx5] VF Representer naming is not consistent/persistent through reboots with OSPD deployment (BZ#1759003) * OS getting restarted because of driver issue with QLogic Corp. ISP2532-based 8Gb Fibre Channel to PCI Express HBA [1077:2532] (rev 02). (BZ#1759447) * mlx5: Load balancing not working over VF LAG configuration (BZ#1759449) * RHEL7.8 - ISST-LTE: vimlp1: Running LTP af_alg04.c (crypto) crash the LPAR (BZ#1763620) * RHEL7.5 - Fix security issues on crypto vmx (BZ#1763621) * RHEL 7.7 RC1 - Host crashes about 4.5 hours into switch port bounce test (BZ#1763624) * RHEL7.6 - cacheinfo code unsafe vs LPM (BZ#1763625) * xfs hangs on acquiring xfs_buf semaphore (BZ#1764245) * single CPU VM hangs during open_posix_testsuite (BZ#1766087) * rcu_sched self-detected stall on CPU while booting with nohz_full (BZ#1766098) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1746708 - CVE-2019-14821 Kernel: KVM: OOB memory access via mmio ring buffer 1747353 - CVE-2019-15239 kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-1062.7.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.7.1.el7.noarch.rpm kernel-doc-3.10.0-1062.7.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1062.7.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debug-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.7.1.el7.x86_64.rpm kernel-devel-3.10.0-1062.7.1.el7.x86_64.rpm kernel-headers-3.10.0-1062.7.1.el7.x86_64.rpm kernel-tools-3.10.0-1062.7.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.7.1.el7.x86_64.rpm perf-3.10.0-1062.7.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm python-perf-3.10.0-1062.7.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.7.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.7.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-1062.7.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.7.1.el7.noarch.rpm kernel-doc-3.10.0-1062.7.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1062.7.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debug-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.7.1.el7.x86_64.rpm kernel-devel-3.10.0-1062.7.1.el7.x86_64.rpm kernel-headers-3.10.0-1062.7.1.el7.x86_64.rpm kernel-tools-3.10.0-1062.7.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.7.1.el7.x86_64.rpm perf-3.10.0-1062.7.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm python-perf-3.10.0-1062.7.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.7.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.7.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-1062.7.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.7.1.el7.noarch.rpm kernel-doc-3.10.0-1062.7.1.el7.noarch.rpm ppc64: bpftool-3.10.0-1062.7.1.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1062.7.1.el7.ppc64.rpm kernel-3.10.0-1062.7.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1062.7.1.el7.ppc64.rpm kernel-debug-3.10.0-1062.7.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1062.7.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-1062.7.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1062.7.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1062.7.1.el7.ppc64.rpm kernel-devel-3.10.0-1062.7.1.el7.ppc64.rpm kernel-headers-3.10.0-1062.7.1.el7.ppc64.rpm kernel-tools-3.10.0-1062.7.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1062.7.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-1062.7.1.el7.ppc64.rpm perf-3.10.0-1062.7.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1062.7.1.el7.ppc64.rpm python-perf-3.10.0-1062.7.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1062.7.1.el7.ppc64.rpm ppc64le: bpftool-3.10.0-1062.7.1.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1062.7.1.el7.ppc64le.rpm kernel-3.10.0-1062.7.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1062.7.1.el7.ppc64le.rpm kernel-debug-3.10.0-1062.7.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1062.7.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1062.7.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1062.7.1.el7.ppc64le.rpm kernel-devel-3.10.0-1062.7.1.el7.ppc64le.rpm kernel-headers-3.10.0-1062.7.1.el7.ppc64le.rpm kernel-tools-3.10.0-1062.7.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1062.7.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1062.7.1.el7.ppc64le.rpm perf-3.10.0-1062.7.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1062.7.1.el7.ppc64le.rpm python-perf-3.10.0-1062.7.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1062.7.1.el7.ppc64le.rpm s390x: bpftool-3.10.0-1062.7.1.el7.s390x.rpm bpftool-debuginfo-3.10.0-1062.7.1.el7.s390x.rpm kernel-3.10.0-1062.7.1.el7.s390x.rpm kernel-debug-3.10.0-1062.7.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1062.7.1.el7.s390x.rpm kernel-debug-devel-3.10.0-1062.7.1.el7.s390x.rpm kernel-debuginfo-3.10.0-1062.7.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1062.7.1.el7.s390x.rpm kernel-devel-3.10.0-1062.7.1.el7.s390x.rpm kernel-headers-3.10.0-1062.7.1.el7.s390x.rpm kernel-kdump-3.10.0-1062.7.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1062.7.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-1062.7.1.el7.s390x.rpm perf-3.10.0-1062.7.1.el7.s390x.rpm perf-debuginfo-3.10.0-1062.7.1.el7.s390x.rpm python-perf-3.10.0-1062.7.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-1062.7.1.el7.s390x.rpm x86_64: bpftool-3.10.0-1062.7.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debug-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.7.1.el7.x86_64.rpm kernel-devel-3.10.0-1062.7.1.el7.x86_64.rpm kernel-headers-3.10.0-1062.7.1.el7.x86_64.rpm kernel-tools-3.10.0-1062.7.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.7.1.el7.x86_64.rpm perf-3.10.0-1062.7.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm python-perf-3.10.0-1062.7.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bpftool-debuginfo-3.10.0-1062.7.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1062.7.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1062.7.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1062.7.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1062.7.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1062.7.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1062.7.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1062.7.1.el7.ppc64.rpm ppc64le: bpftool-debuginfo-3.10.0-1062.7.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1062.7.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1062.7.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1062.7.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1062.7.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1062.7.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1062.7.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1062.7.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1062.7.1.el7.ppc64le.rpm x86_64: bpftool-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.7.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.7.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-1062.7.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.7.1.el7.noarch.rpm kernel-doc-3.10.0-1062.7.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1062.7.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debug-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.7.1.el7.x86_64.rpm kernel-devel-3.10.0-1062.7.1.el7.x86_64.rpm kernel-headers-3.10.0-1062.7.1.el7.x86_64.rpm kernel-tools-3.10.0-1062.7.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.7.1.el7.x86_64.rpm perf-3.10.0-1062.7.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm python-perf-3.10.0-1062.7.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.7.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.7.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.7.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14821 https://access.redhat.com/security/cve/CVE-2019-15239 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXd0fvtzjgjWX9erEAQjphhAAhfuqqBh4D3h+0WBg2bUR0MXhwYx/jWU7 y+EYzS7m9B8aqdHQBJ2AfhaaJW36SxPotPpnETO0Lub6QnZ5143dkS8PTiAsLjSg XimgY1zXfb8u3aaLQ4xPU+EtuXvj8Rzpq0YqPuTYZILuh+HJA+FAfau0JuIL8530 qQF9TDz/jjoWu4D6DBwN22hQ58G4jDRkpClKqhACX+m6i88CXSCcxJS240xwb4Rt z2xW5esOym+k3GKwdXu+JcEf9dFTouoY4wtZLB5KzrkH2mPAsWuZ8PHP81YlwEoD E9Ro6TQfdJd4KiYro4Bueb3ePpz27XvEyWHkIdP+I9dSdLr4B+Xv3WflEkf+6E2J 8NF8nO2pX9zkuFeuNdQmdFzbO8asZksexGNmPDHf03HY7lSULeYjmwxijaGeqdVt YYMHUEzBGOYzUFDx0KfhUrshYB6oamdQx/vVePDB+9Bo0Vu0dNFYtP5dUTvTkvvG 82jKbAQGwy8MaHy8YFIekKZvyS5k2rK6kUBl1jQYVe6MQ1Ar9vScRZi7TkR0IqzH t5l/S0WDcqRxYif4uzKXGeOI2dEcX5EBgJbLBhTm4Aowc95E9Cwoq3idsZnQDX5s LdU/n6PpsykVzzOMYdSeVQkp+pyM+oVLeyY1b00x1BI+nj8N1lFtPlVZfegcSKOJ 4G5SMiaEHYg= =QJ9/ - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2019:3978-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3978 Issue date: 2019-11-26 CVE Names: CVE-2019-14821 CVE-2019-15239 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Realtime (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) * kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation (CVE-2019-15239) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update to the RHEL7.7.z batch#3 source tree (BZ#1762889) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1746708 - CVE-2019-14821 Kernel: KVM: OOB memory access via mmio ring buffer 1747353 - CVE-2019-15239 kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation 1762889 - kernel-rt: update to the RHEL7.7.z batch#3 source tree 6. Package List: Red Hat Enterprise Linux for Real Time for NFV (v. 7): Source: kernel-rt-3.10.0-1062.7.1.rt56.1030.el7.src.rpm noarch: kernel-rt-doc-3.10.0-1062.7.1.rt56.1030.el7.noarch.rpm x86_64: kernel-rt-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-debug-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-debug-kvm-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-debug-kvm-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-devel-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-kvm-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-kvm-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-trace-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-trace-kvm-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-trace-kvm-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm Red Hat Enterprise Linux Realtime (v. 7): Source: kernel-rt-3.10.0-1062.7.1.rt56.1030.el7.src.rpm noarch: kernel-rt-doc-3.10.0-1062.7.1.rt56.1030.el7.noarch.rpm x86_64: kernel-rt-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-debug-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-devel-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-trace-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14821 https://access.redhat.com/security/cve/CVE-2019-15239 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXd0wANzjgjWX9erEAQj4XRAAn/EudD3SfmokW169os8VmQtKHr1VHt5d l1EIT94H0Jf2fQPROTRE+go/3mvM0HsDnw2tzfa1XqP7zghqZs414iPXXMGJXrrz df1ObWfwJFsOuLxYYgmUsY1k3y4GNLdkR1acgc6bNvDdTGAIp2R/wswL6diyGKpi qmXsQhrafhgU07YaoF3AJNYUh6RzEdcLdqd/s86bZ3mbmQB2skEqjQm2szuo86of cV+yF5cecY0CakCcJBPuFio2gRh3BfiiwbK9CgSEiLd8baXZzYYJhnnouCehy5oy J7/cYrS8qHS8/CjpCfTZpMIup8dxg2yAjGeaS99E7pfw+nWmL+4KPkWuZaX1QW6c cQsbglm11LRc6IOhW9qTcKf9JpN4eTMKKe/TrcvNbry1N0MqA0Ra+z2INzdCfp/x wqVV42iyqX1QII73HYaTUwnon4+hUSJo8ryytGBcEFcnS81iQf6RdI/x0YhFB01U wGKqMF3jk9PnCMB7Pc6d6JUUUBcHiOgjC8pV9oxLr5byiwTR1heEp1zrmsxFpzb6 k42vi0ara5HnBCMFdYgIdqMBNTf+duwpLX/T4UdGTmNPxm5xcLE7uPdfyFL0RAVc CWQXxvgVzkgebg2R1K+gPYUyzYgS24LyFz0U019muZct9VLG3V11cLx/VQ3CfCT6 UMlsLs9IsDE= =bfe8 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXd3/smaOgq3Tt24GAQgRkBAAioTklI1zRBnY1PNQPmavydMpk9oddOT6 HNcsyOso89P1dS54jiJDZnbpWFScCrbmrmWR1a0YHSuy/W0ihpzdjadwyZSSncen rigY2/g4k/P0cAU68M7fOcTKr8MwutoOwyvlD/N8Fl3hvSr0JLmvBuBfpITHCg2i xw+bUCiKF8hhebEDYhb4uypFVWJKm5N98QiEHaBRy0m2lDvFYmTDUYHc6iiBA9PY ASmwHmyo+NEzxgxekrf0YYga/H+EG4c00br+K05+OuNwFKJ3MsMsVoNlEbh5Nf9+ qccfmqNyGB+7VOkvIRoeBmWc1cLmdBQQgkOel5UPg7Ytcjv9jeoTty5bRQooZ+ec bpYoJi3O1WfR4w1s59TC6T+E2QVKb9Y5lzDB2IWGYjfUxNCDTwuRKh9PUPstiwXv FuKjwjSc9yHJaYu7FRKaeDPhQcCu3XgLILqC4t1eu2DlkaD8brxAQSv0ieJxMfRB Ov4oWlEYJ15viT35DQ05ZJzDPn9UfPgQDTK59NXNRlBzxF9MGKFQRtAHke0l+m7P CJwQGNCAuWoRG4te+nR8EC2RlGSM9a5ZtDa9sngvR3TYIV1/AfMRAZ/zT8EsBECP 2fjRQpJmSL+2rBiWeQIYj/kP0J7G0VtkaDjiJsTojCF3Br09SN1rdoeln9krSjSX 3qApY+KAYV0= =wYbv -----END PGP SIGNATURE-----