Issued:

2020-03-09

Updated:

2020-03-09

RHSA-2020:0740 - Important: kernel-alt security and bug fix update

Synopsis

Important: kernel-alt security and bug fix update

Type/Severity

Security Advisory Important

Topic

An update for kernel-alt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-alt packages provide the Linux kernel version 4.x.

Security Fix(es):

• kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)

• kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)

• kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)

• kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)

• kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)

• kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception (CVE-2019-15030)

• kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)

• kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• lpfc: NVMe/FC target test machine rhel-storage-62 crashes on boot when connected to FC switch (BZ#1623205)

• kernel BUG at fs/nfs_common/grace.c:107! (BZ#1637543)

• RHEL-Alt-7.6 - Need a fix for kernel bug cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias() (BZ#1711934)

• Backport "fs/dcache.c: add cond_resched() in shrink_dentry_list()" (32785c0539b7) [rhel-alt-7.6.z] (BZ#1758861)

• [RHEL-ALT-7.6.z][arm64] iommu/iova: Fix tracking of recently failed iova address (BZ#1780500)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

Updated Packages

• kernel-debug-devel-4.14.0-115.18.1.el7a.aarch64.rpm
• kernel-kdump-debuginfo-4.14.0-115.18.1.el7a.s390x.rpm
• kernel-devel-4.14.0-115.18.1.el7a.aarch64.rpm
• python-perf-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm
• kernel-debug-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm
• kernel-tools-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm
• perf-4.14.0-115.18.1.el7a.ppc64le.rpm
• python-perf-debuginfo-4.14.0-115.18.1.el7a.s390x.rpm
• kernel-debug-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm
• perf-4.14.0-115.18.1.el7a.aarch64.rpm
• perf-4.14.0-115.18.1.el7a.s390x.rpm
• perf-debuginfo-4.14.0-115.18.1.el7a.s390x.rpm
• kernel-4.14.0-115.18.1.el7a.ppc64le.rpm
• kernel-debug-devel-4.14.0-115.18.1.el7a.s390x.rpm
• kernel-4.14.0-115.18.1.el7a.aarch64.rpm
• kernel-alt-4.14.0-115.18.1.el7a.src.rpm
• kernel-headers-4.14.0-115.18.1.el7a.aarch64.rpm
• python-perf-4.14.0-115.18.1.el7a.ppc64le.rpm
• kernel-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm
• kernel-tools-libs-4.14.0-115.18.1.el7a.aarch64.rpm
• kernel-debug-4.14.0-115.18.1.el7a.ppc64le.rpm
• kernel-tools-libs-devel-4.14.0-115.18.1.el7a.ppc64le.rpm
• kernel-devel-4.14.0-115.18.1.el7a.s390x.rpm
• kernel-debug-devel-4.14.0-115.18.1.el7a.ppc64le.rpm
• kernel-4.14.0-115.18.1.el7a.s390x.rpm
• kernel-debug-4.14.0-115.18.1.el7a.aarch64.rpm
• kernel-bootwrapper-4.14.0-115.18.1.el7a.ppc64le.rpm
• kernel-tools-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm
• kernel-headers-4.14.0-115.18.1.el7a.ppc64le.rpm
• python-perf-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm
• perf-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm
• kernel-doc-4.14.0-115.18.1.el7a.noarch.rpm
• kernel-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm
• kernel-debug-debuginfo-4.14.0-115.18.1.el7a.s390x.rpm
• kernel-headers-4.14.0-115.18.1.el7a.s390x.rpm
• kernel-debug-4.14.0-115.18.1.el7a.s390x.rpm
• kernel-kdump-4.14.0-115.18.1.el7a.s390x.rpm
• kernel-abi-whitelists-4.14.0-115.18.1.el7a.noarch.rpm
• kernel-debuginfo-4.14.0-115.18.1.el7a.s390x.rpm
• kernel-debuginfo-common-s390x-4.14.0-115.18.1.el7a.s390x.rpm
• kernel-debuginfo-common-aarch64-4.14.0-115.18.1.el7a.aarch64.rpm
• kernel-devel-4.14.0-115.18.1.el7a.ppc64le.rpm
• kernel-debuginfo-common-ppc64le-4.14.0-115.18.1.el7a.ppc64le.rpm
• kernel-kdump-devel-4.14.0-115.18.1.el7a.s390x.rpm
• kernel-tools-4.14.0-115.18.1.el7a.aarch64.rpm
• kernel-tools-4.14.0-115.18.1.el7a.ppc64le.rpm
• kernel-tools-libs-4.14.0-115.18.1.el7a.ppc64le.rpm
• kernel-tools-libs-devel-4.14.0-115.18.1.el7a.aarch64.rpm
• perf-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm
• python-perf-4.14.0-115.18.1.el7a.aarch64.rpm
• python-perf-4.14.0-115.18.1.el7a.s390x.rpm

Fixes

• This content is not included.BZ - 1655162
• This content is not included.BZ - 1663176
• This content is not included.BZ - 1663179
• This content is not included.BZ - 1709837
• This content is not included.BZ - 1750813
• This content is not included.BZ - 1759313
• This content is not included.BZ - 1763690
• This content is not included.BZ - 1771496

CVEs

• CVE-2018-16871
• CVE-2019-3459
• CVE-2019-3460
• CVE-2019-11884
• CVE-2019-15030
• CVE-2019-15916
• CVE-2019-17666
• CVE-2019-18805

References

• https://access.redhat.com/security/updates/classification/#important

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.