RHBA-2019:1978 - Bug Fix Advisory

Overview
Updated Packages

Synopsis

updated container image: devtools/llvm-toolset-rhel7

Type/Severity

Bug Fix Advisory

Topic

An updated devtools/llvm-toolset-rhel7 container image is now available in the Red Hat Container Registry.

Description

The devtools/llvm-toolset-rhel7 container image provides Clang and LLVM
Toolset, a compiler toolset for building, debugging, and analyzing C and C++ applications using the Clang and LLVM compiler suite.

The devtools/llvm-toolset-rhel7 container image has been updated to provide fixes for CVE-2018-16871, CVE-2018-16884, CVE-2019-11811, and CVE-2019-11085.

To pull the devtools/llvm-toolset-rhel7 image, run the following command as root:

docker pull registry.access.redhat.com/devtools/llvm-toolset-rhel7

For details regarding Clang and LLVM Toolset and information on usage of the
image, see Using Clang and LLVM Toolset linked from the References section.

All users of the devtools/llvm-toolset-rhel7 container image are advised to pull this updated image from the Red Hat Container Registry.

Solution

The container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com using the "docker pull" command.

Affected Products

Red Hat Developer Tools (for RHEL Server) 1 x86_64
Red Hat Developer Tools (for RHEL Server for System Z) 1 s390x
Red Hat Developer Tools (for RHEL Server for IBM Power LE) 1 ppc64le

Fixes

BZ - 1655162 - CVE-2018-16871 kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence
BZ - 1660375 - CVE-2018-16884 kernel: nfs: use-after-free in svc_process_common()
BZ - 1709180 - CVE-2019-11811 kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c
BZ - 1710405 - CVE-2019-11085 kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation

CVEs

References

https://access.redhat.com/documentation/en-us/red_hat_developer_tools/2019.1/html-single/using_clang_and_llvm_toolset/index#chap-Image

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Developer Tools (for RHEL Server) 1

SRPM
x86_64

Red Hat Developer Tools (for RHEL Server for System Z) 1

SRPM
s390x

Red Hat Developer Tools (for RHEL Server for IBM Power LE) 1

SRPM
ppc64le

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation