Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHBA-2020:4417 - Bug Fix Advisory
Issued:
2020-10-29
Updated:
2020-10-29

RHBA-2020:4417 - Bug Fix Advisory

  • Overview
  • Updated Packages

Synopsis

updated devtools/llvm-toolset-rhel7 container image

Type/Severity

Bug Fix Advisory

Topic

An updated devtools/llvm-toolset-rhel7 container image is now available in the Red Hat Container Registry.

Description

The devtools/llvm-toolset-rhel7 container image provides LLVM Toolset, a compiler toolset for building, debugging, and analyzing C and C++ applications using the LLVM compiler suite.

The rhel7 base image has been updated to the latest version. This update includes the devtools/llvm-toolset-rhel7 container image.

To pull the devtools/llvm-toolset-rhel7 image, run the following command as root:

podman pull registry.access.redhat.com/devtools/llvm-toolset-rhel7

For details, see Using LLVM Toolset linked from the References section.

Solution

The container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com using the "podman pull"
command.

Affected Products

  • Red Hat Developer Tools (for RHEL Server) 1 x86_64
  • Red Hat Developer Tools (for RHEL Server for System Z) 1 s390x
  • Red Hat Developer Tools (for RHEL Server for IBM Power LE) 1 ppc64le

Fixes

  • BZ - 1707796 - CVE-2018-20836 kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free
  • BZ - 1718176 - CVE-2019-12614 kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service
  • BZ - 1745528 - CVE-2019-15217 kernel: null pointer dereference in drivers/media/usb/zr364xx/zr364xx.c driver
  • BZ - 1747216 - CVE-2019-15807 kernel: Memory leak in drivers/scsi/libsas/sas_expander.c
  • BZ - 1757368 - CVE-2017-18551 kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c
  • BZ - 1758242 - CVE-2019-17053 kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol
  • BZ - 1758248 - CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol
  • BZ - 1759681 - CVE-2019-16994 kernel: Memory leak in sit_init_net() in net/ipv6/sit.c
  • BZ - 1760100 - CVE-2019-15917 kernel: use-after-free in drivers/bluetooth/hci_ldisc.c
  • BZ - 1760310 - CVE-2019-16231 kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c
  • BZ - 1760420 - CVE-2019-16233 kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c
  • BZ - 1774988 - CVE-2019-19046 kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c
  • BZ - 1775015 - CVE-2019-19063 kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS
  • BZ - 1775021 - CVE-2019-19062 kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS
  • BZ - 1775042 - CVE-2019-19059 kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS
  • BZ - 1775047 - CVE-2019-19058 kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allows for a DoS
  • BZ - 1775074 - CVE-2019-19055 kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS
  • BZ - 1777418 - CVE-2019-18808 kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c
  • BZ - 1779594 - CVE-2019-19332 Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid
  • BZ - 1781679 - CVE-2019-19447 kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c
  • BZ - 1783434 - CVE-2019-19523 kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver
  • BZ - 1783459 - CVE-2019-19524 kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free
  • BZ - 1783518 - CVE-2019-19530 kernel: use-after-free caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver
  • BZ - 1783540 - CVE-2019-19534 kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver
  • BZ - 1783561 - CVE-2019-19537 kernel: race condition caused by a malicious USB device in the USB character device driver layer
  • BZ - 1786078 - CVE-2019-19807 kernel: use-after-free in sound/core/timer.c
  • BZ - 1786160 - CVE-2019-19767 kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c
  • BZ - 1790063 - CVE-2019-20054 kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c
  • BZ - 1791954 - CVE-2019-20095 kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c
  • BZ - 1802555 - CVE-2020-8649 kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c
  • BZ - 1802563 - CVE-2020-8647 kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c
  • BZ - 1805135 - CVE-2020-2732 Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources
  • BZ - 1809833 - CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel
  • BZ - 1810685 - CVE-2020-9383 kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c
  • BZ - 1817141 - CVE-2020-10690 kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open
  • BZ - 1817718 - CVE-2020-10942 kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field
  • BZ - 1818818 - CVE-2019-9454 kernel: out of bounds write in i2c driver leads to local escalation of privilege
  • BZ - 1819377 - CVE-2019-9458 kernel: use after free due to race condition in the video driver leads to local privilege escalation
  • BZ - 1822077 - CVE-2020-12826 kernel: possible to send arbitrary signals to a privileged (suidroot) parent process
  • BZ - 1824059 - CVE-2019-20636 kernel: out-of-bounds write via crafted keycode table

CVEs

  • CVE-2017-12652
  • CVE-2017-18551
  • CVE-2018-20836
  • CVE-2018-20843
  • CVE-2019-2974
  • CVE-2019-5094
  • CVE-2019-5188
  • CVE-2019-5482
  • CVE-2019-9454
  • CVE-2019-9458
  • CVE-2019-11068
  • CVE-2019-12614
  • CVE-2019-15217
  • CVE-2019-15807
  • CVE-2019-15903
  • CVE-2019-15917
  • CVE-2019-16231
  • CVE-2019-16233
  • CVE-2019-16994
  • CVE-2019-17053
  • CVE-2019-17055
  • CVE-2019-18197
  • CVE-2019-18808
  • CVE-2019-19046
  • CVE-2019-19055
  • CVE-2019-19058
  • CVE-2019-19059
  • CVE-2019-19062
  • CVE-2019-19063
  • CVE-2019-19126
  • CVE-2019-19332
  • CVE-2019-19447
  • CVE-2019-19523
  • CVE-2019-19524
  • CVE-2019-19530
  • CVE-2019-19534
  • CVE-2019-19537
  • CVE-2019-19767
  • CVE-2019-19807
  • CVE-2019-19956
  • CVE-2019-20054
  • CVE-2019-20095
  • CVE-2019-20388
  • CVE-2019-20636
  • CVE-2020-1749
  • CVE-2020-2574
  • CVE-2020-2732
  • CVE-2020-2752
  • CVE-2020-2780
  • CVE-2020-2812
  • CVE-2020-7595
  • CVE-2020-8647
  • CVE-2020-8649
  • CVE-2020-9383
  • CVE-2020-10690
  • CVE-2020-10732
  • CVE-2020-10742
  • CVE-2020-10751
  • CVE-2020-10942
  • CVE-2020-11565
  • CVE-2020-12770
  • CVE-2020-12826
  • CVE-2020-14305

References

  • https://access.redhat.com/documentation/en-us/red_hat_developer_tools/1/html/using_llvm_9.0.1_toolset
  • https://access.redhat.com/errata/RHSA-2020:4060
  • https://access.redhat.com/containers
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Developer Tools (for RHEL Server) 1

SRPM
x86_64

Red Hat Developer Tools (for RHEL Server for System Z) 1

SRPM
s390x

Red Hat Developer Tools (for RHEL Server for IBM Power LE) 1

SRPM
ppc64le

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter