RHBA-2020:2626 - Bug Fix Advisory

Topic

Updated Red Hat CodeReady Workspaces 2.0 container images are now available

Description

The Red Hat CodeReady Workspaces 2.0 container images have been updated to address the following security advisory: RHSA-2020:1769 (see References)

Users of Red Hat CodeReady Workspaces 2.0 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

The Red Hat CodeReady Workspaces 2.0 container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

• Red Hat Developer Tools (for RHEL Server) 1 x86_64

Fixes

• BZ - 1655162 - CVE-2018-16871 kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence
• BZ - 1679972 - CVE-2019-8980 kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service
• BZ - 1729933 - CVE-2019-10639 Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR
• BZ - 1743526 - CVE-2019-15090 kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure
• BZ - 1743560 - CVE-2019-15099 kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash
• BZ - 1749974 - CVE-2019-15221 kernel: Null pointer dereference in the sound/usb/line6/pcm.c
• BZ - 1758242 - CVE-2019-17053 kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol.
• BZ - 1758248 - CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol.
• BZ - 1771496 - CVE-2019-18805 kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c
• BZ - 1774933 - CVE-2019-19074 kernel: a memory leak in the ath9k management function in allows local DoS
• BZ - 1774937 - CVE-2019-19073 kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS)
• BZ - 1775050 - CVE-2019-19057 kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS
• BZ - 1783540 - CVE-2019-19534 kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver
• BZ - 1786164 - CVE-2019-19768 kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c
• BZ - 1792512 - CVE-2019-19922 kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications
• BZ - 1809833 - CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel.

CVEs

• CVE-2018-9251
• CVE-2018-14404
• CVE-2018-19869
• CVE-2018-19871
• CVE-2018-19872
• CVE-2018-20337
• CVE-2019-1547
• CVE-2019-1549
• CVE-2019-1563
• CVE-2019-3825
• CVE-2019-5436
• CVE-2019-5481
• CVE-2019-5482
• CVE-2019-8457
• CVE-2019-12447
• CVE-2019-12448
• CVE-2019-12449
• CVE-2019-13232
• CVE-2019-13636
• CVE-2019-13752
• CVE-2019-13753
• CVE-2019-14973
• CVE-2019-15847
• CVE-2019-17451
• CVE-2019-19923
• CVE-2019-19924
• CVE-2019-19925
• CVE-2019-19959
• CVE-2019-1010180
• CVE-2019-1010204
• CVE-2020-8552
• CVE-2020-11008
• CVE-2020-12657

References

• https://access.redhat.com/errata/RHSA-2020:1769
• https://access.redhat.com/containers