Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.0415
kernel security and bug fix update
5 February 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: kernel
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 7
Red Hat Enterprise Linux WS/Desktop 6
Red Hat Enterprise Linux Server 8
Impact/Access: Root Compromise -- Remote/Unauthenticated
Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Existing Account
Access Confidential Data -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-19338 CVE-2019-17666 CVE-2019-17133
CVE-2019-14901 CVE-2019-14898 CVE-2019-14895
CVE-2019-14816 CVE-2019-14815 CVE-2019-14814
CVE-2019-11599 CVE-2019-11135
Reference: ESB-2020.0411
ESB-2020.0262
ESB-2020.0228
ESB-2020.0226
ESB-2020.0151
ESB-2020.0006
ESB-2019.4772
Original Bulletin:
https://access.redhat.com/errata/RHSA-2020:0339
https://access.redhat.com/errata/RHSA-2020:0374
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2020:0339-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:0339
Issue date: 2020-02-04
CVE Names: CVE-2019-14814 CVE-2019-14815 CVE-2019-14816
CVE-2019-14895 CVE-2019-14898 CVE-2019-14901
CVE-2019-17666 CVE-2019-19338
=====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi
driver (CVE-2019-14816)
* kernel: heap-based buffer overflow in mwifiex_process_country_ie()
function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c
(CVE-2019-14895)
* kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)
* kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in
the Linux kernel lacks a certain upper-bound check, leading to a buffer
overflow (CVE-2019-17666)
* kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi
Driver leading to DoS (CVE-2019-14814)
* kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell
WiFi driver leading to DoS (CVE-2019-14815)
* kernel: incomplete fix for race condition between
mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599
(CVE-2019-14898)
* Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA
(CVE-2019-11135) (CVE-2019-19338)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* [Azure][8.1] Include patch "PCI: hv: Avoid use of hv_pci_dev->pci_slot
after freeing it" (BZ#1764635)
* block layer: update to v5.3 (BZ#1777766)
* backport xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due
to EDQUOT (BZ#1778692)
* Backport important bugfixes from upstream post 5.3 (BZ#1778693)
* LUN path recovery issue with Emulex LPe32002 HBA in RHEL 8.0 Server
during storage side cable pull testing (BZ#1781108)
* cifs tasks enter D state and error out with "CIFS VFS: SMB signature
verification returned error = -5" (BZ#1781110)
* Update CIFS to linux 5.3 (except RDMA and conflicts) (BZ#1781113)
* RHEL8.0 - Regression to RHEL7.6 by changing force_latency found during
RHEL8.0 validation for SAP HANA on POWER (BZ#1781114)
* blk-mq: overwirte performance drops on real MQ device (BZ#1782181)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1744130 - CVE-2019-14814 kernel: heap overflow in mwifiex_set_uap_rates() function
of Marvell Wifi Driver leading to DoS
1744137 - CVE-2019-14815 kernel: heap-overflow in mwifiex_set_wmm_params() function
of Marvell WiFi driver leading to DoS
1744149 - CVE-2019-14816 kernel: heap overflow in mwifiex_update_vs_ie() function
of Marvell WiFi driver
1763690 - CVE-2019-17666 kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/
rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a
buffer overflow
1773519 - CVE-2019-14901 kernel: heap overflow in marvell/mwifiex/tdls.c
1774671 - CVE-2019-14898 kernel: incomplete fix for race condition between
mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599
1774870 - CVE-2019-14895 kernel: heap-based buffer overflow in mwifiex_process_
country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c
1781514 - CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete
fix for TAA (CVE-2019-11135)
6. Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
kernel-4.18.0-147.5.1.el8_1.src.rpm
aarch64:
bpftool-4.18.0-147.5.1.el8_1.aarch64.rpm
bpftool-debuginfo-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-core-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-cross-headers-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-debug-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-debug-core-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-debug-debuginfo-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-debug-devel-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-debug-modules-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-debug-modules-extra-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-debuginfo-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-devel-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-headers-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-modules-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-modules-extra-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-tools-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-tools-debuginfo-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-tools-libs-4.18.0-147.5.1.el8_1.aarch64.rpm
perf-4.18.0-147.5.1.el8_1.aarch64.rpm
perf-debuginfo-4.18.0-147.5.1.el8_1.aarch64.rpm
python3-perf-4.18.0-147.5.1.el8_1.aarch64.rpm
python3-perf-debuginfo-4.18.0-147.5.1.el8_1.aarch64.rpm
noarch:
kernel-abi-whitelists-4.18.0-147.5.1.el8_1.noarch.rpm
kernel-doc-4.18.0-147.5.1.el8_1.noarch.rpm
ppc64le:
bpftool-4.18.0-147.5.1.el8_1.ppc64le.rpm
bpftool-debuginfo-4.18.0-147.5.1.el8_1.ppc64le.rpm
kernel-4.18.0-147.5.1.el8_1.ppc64le.rpm
kernel-core-4.18.0-147.5.1.el8_1.ppc64le.rpm
kernel-cross-headers-4.18.0-147.5.1.el8_1.ppc64le.rpm
kernel-debug-4.18.0-147.5.1.el8_1.ppc64le.rpm
kernel-debug-core-4.18.0-147.5.1.el8_1.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-147.5.1.el8_1.ppc64le.rpm
kernel-debug-devel-4.18.0-147.5.1.el8_1.ppc64le.rpm
kernel-debug-modules-4.18.0-147.5.1.el8_1.ppc64le.rpm
kernel-debug-modules-extra-4.18.0-147.5.1.el8_1.ppc64le.rpm
kernel-debuginfo-4.18.0-147.5.1.el8_1.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-147.5.1.el8_1.ppc64le.rpm
kernel-devel-4.18.0-147.5.1.el8_1.ppc64le.rpm
kernel-headers-4.18.0-147.5.1.el8_1.ppc64le.rpm
kernel-modules-4.18.0-147.5.1.el8_1.ppc64le.rpm
kernel-modules-extra-4.18.0-147.5.1.el8_1.ppc64le.rpm
kernel-tools-4.18.0-147.5.1.el8_1.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-147.5.1.el8_1.ppc64le.rpm
kernel-tools-libs-4.18.0-147.5.1.el8_1.ppc64le.rpm
perf-4.18.0-147.5.1.el8_1.ppc64le.rpm
perf-debuginfo-4.18.0-147.5.1.el8_1.ppc64le.rpm
python3-perf-4.18.0-147.5.1.el8_1.ppc64le.rpm
python3-perf-debuginfo-4.18.0-147.5.1.el8_1.ppc64le.rpm
s390x:
bpftool-4.18.0-147.5.1.el8_1.s390x.rpm
bpftool-debuginfo-4.18.0-147.5.1.el8_1.s390x.rpm
kernel-4.18.0-147.5.1.el8_1.s390x.rpm
kernel-core-4.18.0-147.5.1.el8_1.s390x.rpm
kernel-cross-headers-4.18.0-147.5.1.el8_1.s390x.rpm
kernel-debug-4.18.0-147.5.1.el8_1.s390x.rpm
kernel-debug-core-4.18.0-147.5.1.el8_1.s390x.rpm
kernel-debug-debuginfo-4.18.0-147.5.1.el8_1.s390x.rpm
kernel-debug-devel-4.18.0-147.5.1.el8_1.s390x.rpm
kernel-debug-modules-4.18.0-147.5.1.el8_1.s390x.rpm
kernel-debug-modules-extra-4.18.0-147.5.1.el8_1.s390x.rpm
kernel-debuginfo-4.18.0-147.5.1.el8_1.s390x.rpm
kernel-debuginfo-common-s390x-4.18.0-147.5.1.el8_1.s390x.rpm
kernel-devel-4.18.0-147.5.1.el8_1.s390x.rpm
kernel-headers-4.18.0-147.5.1.el8_1.s390x.rpm
kernel-modules-4.18.0-147.5.1.el8_1.s390x.rpm
kernel-modules-extra-4.18.0-147.5.1.el8_1.s390x.rpm
kernel-tools-4.18.0-147.5.1.el8_1.s390x.rpm
kernel-tools-debuginfo-4.18.0-147.5.1.el8_1.s390x.rpm
kernel-zfcpdump-4.18.0-147.5.1.el8_1.s390x.rpm
kernel-zfcpdump-core-4.18.0-147.5.1.el8_1.s390x.rpm
kernel-zfcpdump-debuginfo-4.18.0-147.5.1.el8_1.s390x.rpm
kernel-zfcpdump-devel-4.18.0-147.5.1.el8_1.s390x.rpm
kernel-zfcpdump-modules-4.18.0-147.5.1.el8_1.s390x.rpm
kernel-zfcpdump-modules-extra-4.18.0-147.5.1.el8_1.s390x.rpm
perf-4.18.0-147.5.1.el8_1.s390x.rpm
perf-debuginfo-4.18.0-147.5.1.el8_1.s390x.rpm
python3-perf-4.18.0-147.5.1.el8_1.s390x.rpm
python3-perf-debuginfo-4.18.0-147.5.1.el8_1.s390x.rpm
x86_64:
bpftool-4.18.0-147.5.1.el8_1.x86_64.rpm
bpftool-debuginfo-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-core-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-cross-headers-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-debug-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-debug-core-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-debug-debuginfo-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-debug-devel-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-debug-modules-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-debug-modules-extra-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-debuginfo-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-devel-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-headers-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-modules-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-modules-extra-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-tools-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-tools-debuginfo-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-tools-libs-4.18.0-147.5.1.el8_1.x86_64.rpm
perf-4.18.0-147.5.1.el8_1.x86_64.rpm
perf-debuginfo-4.18.0-147.5.1.el8_1.x86_64.rpm
python3-perf-4.18.0-147.5.1.el8_1.x86_64.rpm
python3-perf-debuginfo-4.18.0-147.5.1.el8_1.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
aarch64:
bpftool-debuginfo-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-debug-debuginfo-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-debuginfo-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-tools-debuginfo-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-tools-libs-devel-4.18.0-147.5.1.el8_1.aarch64.rpm
perf-debuginfo-4.18.0-147.5.1.el8_1.aarch64.rpm
python3-perf-debuginfo-4.18.0-147.5.1.el8_1.aarch64.rpm
ppc64le:
bpftool-debuginfo-4.18.0-147.5.1.el8_1.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-147.5.1.el8_1.ppc64le.rpm
kernel-debuginfo-4.18.0-147.5.1.el8_1.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-147.5.1.el8_1.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-147.5.1.el8_1.ppc64le.rpm
kernel-tools-libs-devel-4.18.0-147.5.1.el8_1.ppc64le.rpm
perf-debuginfo-4.18.0-147.5.1.el8_1.ppc64le.rpm
python3-perf-debuginfo-4.18.0-147.5.1.el8_1.ppc64le.rpm
x86_64:
bpftool-debuginfo-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-debug-debuginfo-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-debuginfo-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-tools-debuginfo-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-tools-libs-devel-4.18.0-147.5.1.el8_1.x86_64.rpm
perf-debuginfo-4.18.0-147.5.1.el8_1.x86_64.rpm
python3-perf-debuginfo-4.18.0-147.5.1.el8_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-14814
https://access.redhat.com/security/cve/CVE-2019-14815
https://access.redhat.com/security/cve/CVE-2019-14816
https://access.redhat.com/security/cve/CVE-2019-14895
https://access.redhat.com/security/cve/CVE-2019-14898
https://access.redhat.com/security/cve/CVE-2019-14901
https://access.redhat.com/security/cve/CVE-2019-17666
https://access.redhat.com/security/cve/CVE-2019-19338
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXjlt69zjgjWX9erEAQhLTQ//bDkbDOu6B9cM8xsJSwaDMRMVLm3uEfIx
ft4cwVlwcGeIVWSQ2Mnka8wkkCh3fHJj/TEIcbNAZe/r2xyW6X24sPfXdeDdO84P
TnMZMh4AL+zDg36Sl60sstRVUKNCp3ncpECcQENXDBtLUrKVVJvh+taoIk3rHKIy
WohpkR6of6tcdiEC7t4Mbcs3Rsbn+vTnQHBaNAuzGFAe5RTlIvDKSrnpJm7KEAPV
L5pTctYYdowGqHvIpLvB+Isi3/NeeTuK/PgId6fkV4Vq98oOqTQajb3y9DLwNKEL
xcB/MkQRfER1VjdjUp0K826dCzmGIZ0EQaGcYTxUslbUW45++QVTeaJLT/7buEb3
weFKnVqbGtZxnDRt8S/KHRITswfEZBH9tMEnOFEiiJqKf8NnJGmhsZdQHO4QHtJ/
QNyGXndRDgBYLORK3qiUoN/8Sw6Tjzgc4j7leG7LLnZX+Zr8kgsF9y8NNC2jDPIl
b/KdieOCEm3fgRnJx/fb4TPu5Cml0kRA/g+n8hFPLt0dpUZu7OX17u8W7vVzjTTx
b9tnbdC9T2yaxqqS3M3Z+Bo1Fztxs62FlHAaB7d5k8aT83i8fQ4cJSIOUs0fICdM
UbIi4ZTJCqiL/PpE4OCK5p+44T+rTVggd7YVCO8lHO9/xzeRdzK2EtR1BBdLGU7K
MCytLS/ktZ0=
=QVDw
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- ----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2020:0374-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:0374
Issue date: 2020-02-04
CVE Names: CVE-2019-14816 CVE-2019-14895 CVE-2019-14898
CVE-2019-14901 CVE-2019-17133
=====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi
driver (CVE-2019-14816)
* kernel: heap-based buffer overflow in mwifiex_process_country_ie()
function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c
(CVE-2019-14895)
* kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)
* kernel: buffer overflow in cfg80211_mgd_wext_giwessid in
net/wireless/wext-sme.c (CVE-2019-17133)
* kernel: incomplete fix for race condition between
mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599
(CVE-2019-14898)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* [Azure][7.8] Include patch "PCI: hv: Avoid use of hv_pci_dev->pci_slot
after freeing it" (BZ#1766089)
* [Hyper-V][RHEL7.8] When accelerated networking is enabled on RedHat,
network interface(eth0) moved to new network namespace does not obtain IP
address. (BZ#1766093)
* [Azure][RHEL 7.6] hv_vmbus probe pass-through GPU card failed
(BZ#1766097)
* SMB3: Do not error out on large file transfers if server responds with
STATUS_INSUFFICIENT_RESOURCES (BZ#1767621)
* Since RHEL commit 5330f5d09820 high load can cause dm-multipath path
failures (BZ#1770113)
* Hard lockup in free_one_page()->_raw_spin_lock() because sosreport
command is reading from /proc/pagetypeinfo (BZ#1770732)
* patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() (BZ#1772812)
* fix compat statfs64() returning EOVERFLOW for when _FILE_OFFSET_BITS=64
(BZ#1775678)
* Guest crash after load cpuidle-haltpoll driver (BZ#1776289)
* RHEL 7.7 long I/O stalls with bnx2fc from not masking off scope bits of
retry delay value (BZ#1776290)
* Multiple "mv" processes hung on a gfs2 filesystem (BZ#1777297)
* Moving Egress IP will result in conntrack sessions being DESTROYED
(BZ#1779564)
* core: backports from upstream (BZ#1780033)
* kernel BUG at arch/powerpc/platforms/pseries/lpar.c:482! (BZ#1780148)
* Race between tty_open() and flush_to_ldisc() using the
tty_struct->driver_data field. (BZ#1780163)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1744149 - CVE-2019-14816 kernel: heap overflow in mwifiex_update_vs_ie() function
of Marvell WiFi driver
1771909 - CVE-2019-17133 kernel: buffer overflow in cfg80211_mgd_wext_giwessid
in net/wireless/wext-sme.c
1773519 - CVE-2019-14901 kernel: heap overflow in marvell/mwifiex/tdls.c
1774671 - CVE-2019-14898 kernel: incomplete fix for race condition between
mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599
1774870 - CVE-2019-14895 kernel: heap-based buffer overflow in mwifiex_process_
country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
kernel-3.10.0-1062.12.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1062.12.1.el7.noarch.rpm
kernel-doc-3.10.0-1062.12.1.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1062.12.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debug-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-devel-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-headers-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-tools-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.12.1.el7.x86_64.rpm
perf-3.10.0-1062.12.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
python-perf-3.10.0-1062.12.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.12.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
kernel-3.10.0-1062.12.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1062.12.1.el7.noarch.rpm
kernel-doc-3.10.0-1062.12.1.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1062.12.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debug-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-devel-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-headers-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-tools-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.12.1.el7.x86_64.rpm
perf-3.10.0-1062.12.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
python-perf-3.10.0-1062.12.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.12.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
kernel-3.10.0-1062.12.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1062.12.1.el7.noarch.rpm
kernel-doc-3.10.0-1062.12.1.el7.noarch.rpm
ppc64:
bpftool-3.10.0-1062.12.1.el7.ppc64.rpm
bpftool-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm
kernel-3.10.0-1062.12.1.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-1062.12.1.el7.ppc64.rpm
kernel-debug-3.10.0-1062.12.1.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm
kernel-debug-devel-3.10.0-1062.12.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1062.12.1.el7.ppc64.rpm
kernel-devel-3.10.0-1062.12.1.el7.ppc64.rpm
kernel-headers-3.10.0-1062.12.1.el7.ppc64.rpm
kernel-tools-3.10.0-1062.12.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm
kernel-tools-libs-3.10.0-1062.12.1.el7.ppc64.rpm
perf-3.10.0-1062.12.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm
python-perf-3.10.0-1062.12.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm
ppc64le:
bpftool-3.10.0-1062.12.1.el7.ppc64le.rpm
bpftool-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm
kernel-3.10.0-1062.12.1.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-1062.12.1.el7.ppc64le.rpm
kernel-debug-3.10.0-1062.12.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1062.12.1.el7.ppc64le.rpm
kernel-devel-3.10.0-1062.12.1.el7.ppc64le.rpm
kernel-headers-3.10.0-1062.12.1.el7.ppc64le.rpm
kernel-tools-3.10.0-1062.12.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-1062.12.1.el7.ppc64le.rpm
perf-3.10.0-1062.12.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm
python-perf-3.10.0-1062.12.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm
s390x:
bpftool-3.10.0-1062.12.1.el7.s390x.rpm
bpftool-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm
kernel-3.10.0-1062.12.1.el7.s390x.rpm
kernel-debug-3.10.0-1062.12.1.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm
kernel-debug-devel-3.10.0-1062.12.1.el7.s390x.rpm
kernel-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-1062.12.1.el7.s390x.rpm
kernel-devel-3.10.0-1062.12.1.el7.s390x.rpm
kernel-headers-3.10.0-1062.12.1.el7.s390x.rpm
kernel-kdump-3.10.0-1062.12.1.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm
kernel-kdump-devel-3.10.0-1062.12.1.el7.s390x.rpm
perf-3.10.0-1062.12.1.el7.s390x.rpm
perf-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm
python-perf-3.10.0-1062.12.1.el7.s390x.rpm
python-perf-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm
x86_64:
bpftool-3.10.0-1062.12.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debug-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-devel-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-headers-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-tools-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.12.1.el7.x86_64.rpm
perf-3.10.0-1062.12.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
python-perf-3.10.0-1062.12.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
bpftool-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1062.12.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-1062.12.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm
ppc64le:
bpftool-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-1062.12.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1062.12.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-1062.12.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm
x86_64:
bpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.12.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
kernel-3.10.0-1062.12.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1062.12.1.el7.noarch.rpm
kernel-doc-3.10.0-1062.12.1.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1062.12.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debug-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-devel-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-headers-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-tools-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.12.1.el7.x86_64.rpm
perf-3.10.0-1062.12.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
python-perf-3.10.0-1062.12.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.12.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-14816
https://access.redhat.com/security/cve/CVE-2019-14895
https://access.redhat.com/security/cve/CVE-2019-14898
https://access.redhat.com/security/cve/CVE-2019-14901
https://access.redhat.com/security/cve/CVE-2019-17133
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXjnG/NzjgjWX9erEAQiZpA/+PrziwQc9nitsDyWqtq556llAnWG2YjEK
kzbq/d3Vp+7i0aaOHXNG9b6XDgR8kPSLnb/2tCUBQKmLeWEptgY6s24mXXkiAHry
plZ40Xlmca9cjPQCSET7IkQyHlYcUsc9orUT3g1PsZ0uOxPQZ1ivB1utn6nyhbSg
9Az/e/9ai7R++mv4zJ7UDrDzuGPv5SOtyIcfuUyYdbuZO9OrmFsbWCRwG+cVvXJ6
q6uXlIpcWx4H7key9SiboU/VSXXPQ0E5vv1A72biDgCXhm2kYWEJXSwlLH2jJJo7
DfujB4+NSnDVp7Qu0aF/YsEiR9JQfGOOrfuNsmOSdK3Bx3p8LkS4Fd9y3H/fCwjI
EOoXerSgeGjB5E/DtH24HKu1FB5ZniDJP69itCIONokq6BltVZsQRvZxpXQdmvpz
hTJIkYqnuvrkv2liCc8Dr7P7EK0SBPhwhmcBMcAcPHE8BbOtEkcGzF2f2/p/CQci
N0c4UhB2p+eSLq+W4qG4W/ZyyUh2oYdvPjPCrziT1qHOR4ilw9fH9b+jCxmAM7Lh
wqj3yMR9YhUrEBRUUokA/wjggmI88u6I8uQatbf6Keqj1v1CykMKF3AEC5qfxwGz
hk0YzSh0YK6DfybzNxcZK/skcp0Ga0vD+El/nXFI0WGXB8LsQiOUBgfp1JyAlXT6
IwzrfQ6EsXE=
=mofI
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXjpTomaOgq3Tt24GAQiKxRAAx6/OCvJno3kRDI3SftzkLTaEmq9S5BFb
GzO3ClCwlkAEAqxeJPdiiG/TKWjMQ8Bw1JRNNWnUcdhP2MeO8HaDbj9Df+peu9cm
nWKoTLKZZfJIMAlgQe63l6IbwYHnNhHm3ll4YO77mmdFhW7NSxArtH+Sd1Z3k0jV
RqEiY0Ge3Ir+h/m0dx1e8EzRiRCr72m20lRL83Ev7Vh9P4x5Cr1AdemuLe05+SfW
r2e15zfqHpMUNA3eYG10tMfdaqcxEuKdVjOw/5UcG5NldqB2Qa8Fv4MfOYjdhfyv
wia6tEadbctbENCUoxWLcSYE+mH9huxoPNVjNDqy3Jw9Y+WnDKkoFsfqfI5wm75S
QfVGBe+Sr48HZ0di2PRN6xdHT0mODeIUXf2uQujU/Sbl2iGNXoMZErRmPA+Y3jL6
3eYIDY18MVAQDZYhQA0PwoKGD9Ho7HU6xh7ISLBtShMOFafQNtYr9BP/e064v3OM
hfV52eFGZ1wdqTLsHne5DTRBQXP2huItTjTsBBui8fHE1s3swo6h8eSdAPdMYtlZ
SVb7HoqoQWEbliA/ibjQPYua/6S81eWeaJmnDKBS1G407qZYd2RUFOoUy0sxGD58
APfOL/eGYbHS9fRWZsYYnXszhXwseK3jd5Gt40GOpU3wsqzx3H6naEnFRv/z8mXb
51qRatEZVjk=
=5tzK
-----END PGP SIGNATURE-----