Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.1520 kernel security, bug fix, and enhancement update 30 April 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 8 Red Hat Enterprise Linux WS/Desktop 8 Impact/Access: Root Compromise -- Existing Account Access Privileged Data -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-1749 CVE-2019-19922 CVE-2019-19768 CVE-2019-19534 CVE-2019-19074 CVE-2019-19073 CVE-2019-19057 CVE-2019-18805 CVE-2019-17055 CVE-2019-17053 CVE-2019-15221 CVE-2019-15099 CVE-2019-15090 CVE-2019-10639 CVE-2019-8980 CVE-2018-16871 Reference: ESB-2020.1480 ESB-2020.1476 ESB-2020.1379 ESB-2020.1355 Original Bulletin: https://access.redhat.com/errata/RHSA-2020:1769 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2020:1769-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1769 Issue date: 2020-04-28 CVE Names: CVE-2018-16871 CVE-2019-8980 CVE-2019-10639 CVE-2019-15090 CVE-2019-15099 CVE-2019-15221 CVE-2019-17053 CVE-2019-17055 CVE-2019-18805 CVE-2019-19057 CVE-2019-19073 CVE-2019-19074 CVE-2019-19534 CVE-2019-19768 CVE-2019-19922 CVE-2020-1749 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) * kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871) * kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service (CVE-2019-8980) * kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol. (CVE-2019-17053) * kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. (CVE-2019-17055) * kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805) * kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534) * kernel: some ipv6 protocols not encrypted over ipsec tunnel. (CVE-2020-1749) * Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639) * kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure (CVE-2019-15090) * kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash (CVE-2019-15099) * kernel: Null pointer dereference in the sound/usb/line6/pcm.c (CVE-2019-15221) * kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS (CVE-2019-19057) * kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS) (CVE-2019-19073) * kernel: a memory leak in the ath9k management function in allows local DoS (CVE-2019-19074) * kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications (CVE-2019-19922) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1655162 - CVE-2018-16871 kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence 1679972 - CVE-2019-8980 kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service 1729933 - CVE-2019-10639 Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR 1738741 - L2 guest hit kernel panic when do L1->L1 live migration on PML-enabled intel host 1743526 - CVE-2019-15090 kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure 1743560 - CVE-2019-15099 kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash 1749633 - kernel: brk can grow the heap into the area reserved for the stack 1749974 - CVE-2019-15221 kernel: Null pointer dereference in the sound/usb/line6/pcm.c 1752765 - conntrack tool delete entry with CIDR crash 1757902 - fix compat statfs64() returning EOVERFLOW for when _FILE_OFFSET_BITS=64 1758242 - CVE-2019-17053 kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol. 1758248 - CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. 1765547 - Fallocate on XFS may discard concurrent AIO write 1767664 - Backport CIFS stale ESTALE handling and dentry revalidation patches 1771430 - svcrdma: Increase the default connection credit limit 1771496 - CVE-2019-18805 kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c 1771691 - Process killed while opening a file can result in leaked open handle on the server 1774933 - CVE-2019-19074 kernel: a memory leak in the ath9k management function in allows local DoS 1774937 - CVE-2019-19073 kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS) 1775050 - CVE-2019-19057 kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS 1783540 - CVE-2019-19534 kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver 1786164 - CVE-2019-19768 kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c 1789594 - kernel: Wrong FE0/FE1 MSR restore in signal handlers on ppc64le 1792512 - CVE-2019-19922 kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications 1795049 - RHEL8: Latency issue on Kubernetes / k8s / OpenShift 1803162 - [NFS] Dataloss with copy_file_range on NFS-mounted files that is not 4K aligned on RHEL 8. 1809833 - CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel. 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: kernel-4.18.0-193.el8.src.rpm aarch64: bpftool-4.18.0-193.el8.aarch64.rpm bpftool-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-4.18.0-193.el8.aarch64.rpm kernel-core-4.18.0-193.el8.aarch64.rpm kernel-cross-headers-4.18.0-193.el8.aarch64.rpm kernel-debug-4.18.0-193.el8.aarch64.rpm kernel-debug-core-4.18.0-193.el8.aarch64.rpm kernel-debug-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-debug-devel-4.18.0-193.el8.aarch64.rpm kernel-debug-modules-4.18.0-193.el8.aarch64.rpm kernel-debug-modules-extra-4.18.0-193.el8.aarch64.rpm kernel-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-193.el8.aarch64.rpm kernel-devel-4.18.0-193.el8.aarch64.rpm kernel-headers-4.18.0-193.el8.aarch64.rpm kernel-modules-4.18.0-193.el8.aarch64.rpm kernel-modules-extra-4.18.0-193.el8.aarch64.rpm kernel-tools-4.18.0-193.el8.aarch64.rpm kernel-tools-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-tools-libs-4.18.0-193.el8.aarch64.rpm perf-4.18.0-193.el8.aarch64.rpm perf-debuginfo-4.18.0-193.el8.aarch64.rpm python3-perf-4.18.0-193.el8.aarch64.rpm python3-perf-debuginfo-4.18.0-193.el8.aarch64.rpm noarch: kernel-abi-whitelists-4.18.0-193.el8.noarch.rpm kernel-doc-4.18.0-193.el8.noarch.rpm ppc64le: bpftool-4.18.0-193.el8.ppc64le.rpm bpftool-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-4.18.0-193.el8.ppc64le.rpm kernel-core-4.18.0-193.el8.ppc64le.rpm kernel-cross-headers-4.18.0-193.el8.ppc64le.rpm kernel-debug-4.18.0-193.el8.ppc64le.rpm kernel-debug-core-4.18.0-193.el8.ppc64le.rpm kernel-debug-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-debug-devel-4.18.0-193.el8.ppc64le.rpm kernel-debug-modules-4.18.0-193.el8.ppc64le.rpm kernel-debug-modules-extra-4.18.0-193.el8.ppc64le.rpm kernel-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-193.el8.ppc64le.rpm kernel-devel-4.18.0-193.el8.ppc64le.rpm kernel-headers-4.18.0-193.el8.ppc64le.rpm kernel-modules-4.18.0-193.el8.ppc64le.rpm kernel-modules-extra-4.18.0-193.el8.ppc64le.rpm kernel-tools-4.18.0-193.el8.ppc64le.rpm kernel-tools-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-tools-libs-4.18.0-193.el8.ppc64le.rpm perf-4.18.0-193.el8.ppc64le.rpm perf-debuginfo-4.18.0-193.el8.ppc64le.rpm python3-perf-4.18.0-193.el8.ppc64le.rpm python3-perf-debuginfo-4.18.0-193.el8.ppc64le.rpm s390x: bpftool-4.18.0-193.el8.s390x.rpm bpftool-debuginfo-4.18.0-193.el8.s390x.rpm kernel-4.18.0-193.el8.s390x.rpm kernel-core-4.18.0-193.el8.s390x.rpm kernel-cross-headers-4.18.0-193.el8.s390x.rpm kernel-debug-4.18.0-193.el8.s390x.rpm kernel-debug-core-4.18.0-193.el8.s390x.rpm kernel-debug-debuginfo-4.18.0-193.el8.s390x.rpm kernel-debug-devel-4.18.0-193.el8.s390x.rpm kernel-debug-modules-4.18.0-193.el8.s390x.rpm kernel-debug-modules-extra-4.18.0-193.el8.s390x.rpm kernel-debuginfo-4.18.0-193.el8.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-193.el8.s390x.rpm kernel-devel-4.18.0-193.el8.s390x.rpm kernel-headers-4.18.0-193.el8.s390x.rpm kernel-modules-4.18.0-193.el8.s390x.rpm kernel-modules-extra-4.18.0-193.el8.s390x.rpm kernel-tools-4.18.0-193.el8.s390x.rpm kernel-tools-debuginfo-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-core-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-devel-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-modules-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-193.el8.s390x.rpm perf-4.18.0-193.el8.s390x.rpm perf-debuginfo-4.18.0-193.el8.s390x.rpm python3-perf-4.18.0-193.el8.s390x.rpm python3-perf-debuginfo-4.18.0-193.el8.s390x.rpm x86_64: bpftool-4.18.0-193.el8.x86_64.rpm bpftool-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-4.18.0-193.el8.x86_64.rpm kernel-core-4.18.0-193.el8.x86_64.rpm kernel-cross-headers-4.18.0-193.el8.x86_64.rpm kernel-debug-4.18.0-193.el8.x86_64.rpm kernel-debug-core-4.18.0-193.el8.x86_64.rpm kernel-debug-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-debug-devel-4.18.0-193.el8.x86_64.rpm kernel-debug-modules-4.18.0-193.el8.x86_64.rpm kernel-debug-modules-extra-4.18.0-193.el8.x86_64.rpm kernel-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-193.el8.x86_64.rpm kernel-devel-4.18.0-193.el8.x86_64.rpm kernel-headers-4.18.0-193.el8.x86_64.rpm kernel-modules-4.18.0-193.el8.x86_64.rpm kernel-modules-extra-4.18.0-193.el8.x86_64.rpm kernel-tools-4.18.0-193.el8.x86_64.rpm kernel-tools-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-tools-libs-4.18.0-193.el8.x86_64.rpm perf-4.18.0-193.el8.x86_64.rpm perf-debuginfo-4.18.0-193.el8.x86_64.rpm python3-perf-4.18.0-193.el8.x86_64.rpm python3-perf-debuginfo-4.18.0-193.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: bpftool-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-debug-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-193.el8.aarch64.rpm kernel-tools-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-tools-libs-devel-4.18.0-193.el8.aarch64.rpm perf-debuginfo-4.18.0-193.el8.aarch64.rpm python3-perf-debuginfo-4.18.0-193.el8.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-debug-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-193.el8.ppc64le.rpm kernel-tools-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-tools-libs-devel-4.18.0-193.el8.ppc64le.rpm perf-debuginfo-4.18.0-193.el8.ppc64le.rpm python3-perf-debuginfo-4.18.0-193.el8.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-debug-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-193.el8.x86_64.rpm kernel-tools-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-tools-libs-devel-4.18.0-193.el8.x86_64.rpm perf-debuginfo-4.18.0-193.el8.x86_64.rpm python3-perf-debuginfo-4.18.0-193.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-16871 https://access.redhat.com/security/cve/CVE-2019-8980 https://access.redhat.com/security/cve/CVE-2019-10639 https://access.redhat.com/security/cve/CVE-2019-15090 https://access.redhat.com/security/cve/CVE-2019-15099 https://access.redhat.com/security/cve/CVE-2019-15221 https://access.redhat.com/security/cve/CVE-2019-17053 https://access.redhat.com/security/cve/CVE-2019-17055 https://access.redhat.com/security/cve/CVE-2019-18805 https://access.redhat.com/security/cve/CVE-2019-19057 https://access.redhat.com/security/cve/CVE-2019-19073 https://access.redhat.com/security/cve/CVE-2019-19074 https://access.redhat.com/security/cve/CVE-2019-19534 https://access.redhat.com/security/cve/CVE-2019-19768 https://access.redhat.com/security/cve/CVE-2019-19922 https://access.redhat.com/security/cve/CVE-2020-1749 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXqhVdNzjgjWX9erEAQhD/w//dPnDo2yo4d8QrzWDVVkXPNxRzhSCh7Rc vCtSYPB6YMydkKglUvdHS+ZGv+N/1xs8CTpAZ59q3NTiw2FdkCPfSuJiTwdCyOwc xars8lYLd2yKv/yhHXh5HDOloRRK26cKANvpUXFJCmbOq/muSEyhRTKKG2t+Iijn lMzS6BIheasfjupsy3K2JGeZCjKlH7u1yulJVH4BaQZ/K04NxKjOWGnZ9eAoP6gp AwPGT9YYT3Eg24NTaUVHBsrWMF7ybDkWuRav8TBHT8Uukoztjmypi/5C925tbVGM Ln36s+wfwPuytgos3JcjYVFhAzPwdtay99ZlXukeJlVXBc/AZEqkE3tp1dOUz5o/ QwjX2TByLMa6XAMWtNjW8AOcx30VuG73EoYNussB/J9+1eeehj7VpdAp/AWQm7q0 dHe0U6Pzm48vWLvuBzuc1JLC87ssbIC1n4WrfyUm86ECT8WZ4TsF8FZwlrzMB8Au wPMo9RHXb4gU9WgSfdikOvZy8DnyUfSIPnlyK71iaa7rqRlPVWM/XqDq7so7KF1o 3dE9bquitvi5H8/sEsgRGiqA6tb1Lh+mjhbE5FQxAggKnXz83UpJjk9aSL3dj+yY W1XxCp5lPPLclygA8lo7sqgD6RCBjWxzyGZBK0SoLzv2qHzrhxBeM0mOmhH7xRb5 N2G5/HRp5K8= =0ugo - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXqof82aOgq3Tt24GAQiaIw//aabTDmrAwImzrfht+5ZRGhnj7ypmGQos A121v4KWsbWWavISU3ruBM6mQ4PXPZjd8pq6G0DhsB1ZhnTJ+j0l7bAc2K34/PYL VsY0F9UflU/7LmA1d1n0B1TaRpQnWcDhpuEo+mq62mJZqmwMGen6ChfRQxd4Pkxl CMD0c1JDMs3aqxGwPezB+Q0nwCyJhCMLo+xmHUFMn4ckeC5OAurbAWWhOEq50ozN W3n9RWZHHBeXacTw72HM0VzHuVJ5pfUYLUHJ15viKgQmA6RGIkouUEPvFZcNzQi3 z3RST78ItWRpT+cr/eJkZs/Ndd1NrbshSfe9iYmtbGbEWKQB+Otr1kX6IqWBfCsR zzheJrEaS8kuaNZWQd8DpuU70OXYodK2RGimpdKXovlfHv3QY7D4rPB1kpm9ucTv KTji2kjpUeraLRfCIgyrrUjPpjEjg24HDMaPs5Qx2UKNjicM3nGiYY3QdN8llHr8 dj7n4u6n1/5zLhK+vvkwgxR8xRfdEtP94jMh7jIoVBIj+qQlZqbRYypoppoF5Qh1 W2PsfNh1qyfQkw6jGnvNaUrQwZIiMIHQo1CEuJDkVXoTk48bcfSqDwitvTLcJl26 DPuJUTFufvqcrWNaqDN8S9NGp8t/JBpxr2Goaoe7s2b6wvRzejkkMUOagLN4NLHn TbxDUHXGcfA= =9ISd -----END PGP SIGNATURE-----