Operating System:

[RedHat]

Published:

17 April 2020

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ESB-2020.1355 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.1355
                  kernel-alt security and bug fix update
                               17 April 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           kernel-alt
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Root Compromise          -- Remote/Unauthenticated
                   Denial of Service        -- Remote/Unauthenticated
                   Access Confidential Data -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-20095 CVE-2019-20054 CVE-2019-19922
                   CVE-2019-15666 CVE-2019-15099 CVE-2019-15031
                   CVE-2019-14901 CVE-2019-14895 CVE-2019-5108

Reference:         ESB-2020.1349
                   ESB-2020.1250
                   ESB-2020.0960
                   ESB-2020.0772
                   ESB-2020.0262

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:1493

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel-alt security and bug fix update
Advisory ID:       RHSA-2020:1493-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:1493
Issue date:        2020-04-16
CVE Names:         CVE-2019-5108 CVE-2019-14895 CVE-2019-14901 
                   CVE-2019-15031 CVE-2019-15099 CVE-2019-15666 
                   CVE-2019-19922 CVE-2019-20054 CVE-2019-20095 
=====================================================================

1. Summary:

An update for kernel-alt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - 
aarch64, noarch, ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - 
aarch64, noarch, ppc64le

3. Description:

The kernel-alt packages provide the Linux kernel version 4.x.

Security Fix(es):

* kernel: heap-based buffer overflow in mwifiex_process_country_ie()
function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c
(CVE-2019-14895)

* kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)

* kernel: triggering AP to send IAPP location updates for stations before
the required authentication process has completed can lead to DoS
(CVE-2019-5108)

* kernel: powerpc: local user can read vector registers of other users'
processes via an interrupt (CVE-2019-15031)

* kernel: out-of-bounds array access in __xfrm_policy_unlink
(CVE-2019-15666)

* kernel: a NULL pointer dereference in
drivers/net/wireless/ath/ath10k/usb.c leads to a crash (CVE-2019-15099)

* kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial
of service against non-cpu-bound applications (CVE-2019-19922)

* kernel: Null pointer dereference in drop_sysctl_table() in
fs/proc/proc_sysctl.c (CVE-2019-20054)

* kernel: memory leak in mwifiex_tm_cmd in
drivers/net/wireless/marvell/mwifiex/cfg80211.c (CVE-2019-20095)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* rhel-alt-76z bsd process accounting(acct(2)) does not work (BZ#1763618)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1743560 - CVE-2019-15099 kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash
1747334 - CVE-2019-15666 kernel: out-of-bounds array access in __xfrm_policy_unlink
1760063 - CVE-2019-15031 kernel: powerpc: local user can read vector registers of other users' processes via an interrupt
1773519 - CVE-2019-14901 kernel: heap overflow in marvell/mwifiex/tdls.c
1774870 - CVE-2019-14895 kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c
1789927 - CVE-2019-5108 kernel: triggering AP to send IAPP location updates for stations before the required authentication process has completed can lead to DoS
1790063 - CVE-2019-20054 kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c
1791954 - CVE-2019-20095 kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c
1792512 - CVE-2019-19922 kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications

6. Package List:

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source:
kernel-alt-4.14.0-115.19.1.el7a.src.rpm

aarch64:
kernel-4.14.0-115.19.1.el7a.aarch64.rpm
kernel-debug-4.14.0-115.19.1.el7a.aarch64.rpm
kernel-debug-debuginfo-4.14.0-115.19.1.el7a.aarch64.rpm
kernel-debug-devel-4.14.0-115.19.1.el7a.aarch64.rpm
kernel-debuginfo-4.14.0-115.19.1.el7a.aarch64.rpm
kernel-debuginfo-common-aarch64-4.14.0-115.19.1.el7a.aarch64.rpm
kernel-devel-4.14.0-115.19.1.el7a.aarch64.rpm
kernel-headers-4.14.0-115.19.1.el7a.aarch64.rpm
kernel-tools-4.14.0-115.19.1.el7a.aarch64.rpm
kernel-tools-debuginfo-4.14.0-115.19.1.el7a.aarch64.rpm
kernel-tools-libs-4.14.0-115.19.1.el7a.aarch64.rpm
perf-4.14.0-115.19.1.el7a.aarch64.rpm
perf-debuginfo-4.14.0-115.19.1.el7a.aarch64.rpm
python-perf-4.14.0-115.19.1.el7a.aarch64.rpm
python-perf-debuginfo-4.14.0-115.19.1.el7a.aarch64.rpm

noarch:
kernel-abi-whitelists-4.14.0-115.19.1.el7a.noarch.rpm
kernel-doc-4.14.0-115.19.1.el7a.noarch.rpm

ppc64le:
kernel-4.14.0-115.19.1.el7a.ppc64le.rpm
kernel-bootwrapper-4.14.0-115.19.1.el7a.ppc64le.rpm
kernel-debug-4.14.0-115.19.1.el7a.ppc64le.rpm
kernel-debug-debuginfo-4.14.0-115.19.1.el7a.ppc64le.rpm
kernel-debuginfo-4.14.0-115.19.1.el7a.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.14.0-115.19.1.el7a.ppc64le.rpm
kernel-devel-4.14.0-115.19.1.el7a.ppc64le.rpm
kernel-headers-4.14.0-115.19.1.el7a.ppc64le.rpm
kernel-tools-4.14.0-115.19.1.el7a.ppc64le.rpm
kernel-tools-debuginfo-4.14.0-115.19.1.el7a.ppc64le.rpm
kernel-tools-libs-4.14.0-115.19.1.el7a.ppc64le.rpm
perf-4.14.0-115.19.1.el7a.ppc64le.rpm
perf-debuginfo-4.14.0-115.19.1.el7a.ppc64le.rpm
python-perf-4.14.0-115.19.1.el7a.ppc64le.rpm
python-perf-debuginfo-4.14.0-115.19.1.el7a.ppc64le.rpm

s390x:
kernel-4.14.0-115.19.1.el7a.s390x.rpm
kernel-debug-4.14.0-115.19.1.el7a.s390x.rpm
kernel-debug-debuginfo-4.14.0-115.19.1.el7a.s390x.rpm
kernel-debug-devel-4.14.0-115.19.1.el7a.s390x.rpm
kernel-debuginfo-4.14.0-115.19.1.el7a.s390x.rpm
kernel-debuginfo-common-s390x-4.14.0-115.19.1.el7a.s390x.rpm
kernel-devel-4.14.0-115.19.1.el7a.s390x.rpm
kernel-headers-4.14.0-115.19.1.el7a.s390x.rpm
kernel-kdump-4.14.0-115.19.1.el7a.s390x.rpm
kernel-kdump-debuginfo-4.14.0-115.19.1.el7a.s390x.rpm
kernel-kdump-devel-4.14.0-115.19.1.el7a.s390x.rpm
perf-4.14.0-115.19.1.el7a.s390x.rpm
perf-debuginfo-4.14.0-115.19.1.el7a.s390x.rpm
python-perf-4.14.0-115.19.1.el7a.s390x.rpm
python-perf-debuginfo-4.14.0-115.19.1.el7a.s390x.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

aarch64:
kernel-debug-debuginfo-4.14.0-115.19.1.el7a.aarch64.rpm
kernel-debuginfo-4.14.0-115.19.1.el7a.aarch64.rpm
kernel-debuginfo-common-aarch64-4.14.0-115.19.1.el7a.aarch64.rpm
kernel-tools-debuginfo-4.14.0-115.19.1.el7a.aarch64.rpm
kernel-tools-libs-devel-4.14.0-115.19.1.el7a.aarch64.rpm
perf-debuginfo-4.14.0-115.19.1.el7a.aarch64.rpm
python-perf-debuginfo-4.14.0-115.19.1.el7a.aarch64.rpm

noarch:
kernel-doc-4.14.0-115.19.1.el7a.noarch.rpm

ppc64le:
kernel-debug-debuginfo-4.14.0-115.19.1.el7a.ppc64le.rpm
kernel-debug-devel-4.14.0-115.19.1.el7a.ppc64le.rpm
kernel-debuginfo-4.14.0-115.19.1.el7a.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.14.0-115.19.1.el7a.ppc64le.rpm
kernel-tools-debuginfo-4.14.0-115.19.1.el7a.ppc64le.rpm
kernel-tools-libs-devel-4.14.0-115.19.1.el7a.ppc64le.rpm
perf-debuginfo-4.14.0-115.19.1.el7a.ppc64le.rpm
python-perf-debuginfo-4.14.0-115.19.1.el7a.ppc64le.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-5108
https://access.redhat.com/security/cve/CVE-2019-14895
https://access.redhat.com/security/cve/CVE-2019-14901
https://access.redhat.com/security/cve/CVE-2019-15031
https://access.redhat.com/security/cve/CVE-2019-15099
https://access.redhat.com/security/cve/CVE-2019-15666
https://access.redhat.com/security/cve/CVE-2019-19922
https://access.redhat.com/security/cve/CVE-2019-20054
https://access.redhat.com/security/cve/CVE-2019-20095
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXphuB9zjgjWX9erEAQhP5g//QNfpCO+hN7wYgDdbUMH8A/HKoCdG3o4L
O/Wo/FMCGrR5oufj7d2n6o0RaEoHgaHnlj04PThGIhzOWWFPE7mliFihYYPtPaKZ
fskYzYLRK1VQPQgAuVLGeImpmqhf8g4Qbyva1iXO19xd2xZKvhcvSC6X8/6CzM+k
cv6E4t/1AeZXYpz4NfWzmjLpSNsWPXZqCEN3I8xsdwTl1VnyglBkXhqQxJYYHchr
GSLRQ/OA9eppMihA38TVumiLeOLYCbHxkLs816Wz2TTcYBhWAdSDA9fkLoRZbqHM
MIqJ38EdCz98t3b99Ej2ZHPF3ad3NDbzHWrT3ND/NZbxxA2pfW6ttbmOOXOjSOGN
C6hiqVbARK0XKe3oS6DxMASm42PKRCl5RFxJy1vsNqL03cUrxb54x0CLfDxIbe1G
FdJ9Ys7qWUtxiywoEEbteckCicsQdlrDESlwHJpYs3iWe2erMTkyaO546Jz9QD7u
dZdLFGnvoJnnrS0OIfh7by76qTDEsRgT7RAuhNRJzIecZS0zQSscBEXJ3T8f6dK9
xbtnBs6Bha8Ym8RTD41/PwTdPLfVczQeZDBQegBDrbNuTmFfHj6gLHLK9RhTn8N2
lVE68TIip4vJrJC08IjiQZULGxrdWcKa+1vRifDoIp1izgp43rISoeTGD9FfWKNS
y4N6H9KkGSU=
=47l+
- -----END PGP SIGNATURE-----

- --
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXpkHm2aOgq3Tt24GAQhD4hAAmc27FMQ+Wjax8igW9wNWF0JuPDOng2rC
S3sbJQf7AtIjHkd9PSQeXV62RbHO5cYouGWgOMwFFXvk0WiXKri9DFONPQor3h0u
7AZi+k6JMRl1CpYQ14k2TMex0PRGNqw2dJxLOU842f0OT0r5+cb4ooFy5xy9JWCU
bfaP6RSwM9yPYUjmTGNgcbfFSU3XpnpIHPspcsaGf8NFaNTFUGlSBuYwot3ebLCz
Sw4TS55FZK4plufKttH32FCG6HJDhBg3dHaGfISxzLRnupEyvLTa+fSlQOUuAdiM
7Nsa2Dl8FZLeM5TN4+knNJTxiZLNDvT8I2VgIpOSIPD20kZqCL2wotIfX1rFhwja
7/LYrOBTz9xFL7gSc8M5KT5DoSPZsWKdRF2nFb7QcQNw7doCrNDlCxWRbuJHlPbo
sUWr8LDK8oriJW/F5x4pucFm/mlHfEHICmLdxMgK0mjg12NQaw8K1fCgETKI68SB
NwOVc6MccSP2rc1nk+PU6BW9MmhJMOLNU3tGxsWZAncWKG8BMZXxGAwO/fs8t2Fx
84ZyD+nU7DX4mw/auYNasphWSYcOUDhDKj6u7BfzLTPiaAIWGTH3ZtLTl00RuV0t
6VQu0TAC+mDGLMtq3QMtVQ/PBdv6Sor+ZnircmC7Z/bkIYxaEIM9nskBUA79oLeO
ccjqfh172rk=
=PeQU
-----END PGP SIGNATURE-----