RHBA-2020:4419 - Bug Fix Advisory

Topic

Updated Red Hat Developer Toolset container images are now available in the Red Hat Container Registry.

Description

Red Hat Developer Toolset container images are based on components distributed with Red Hat Developer Toolset and on the rhel7 base image.

The rhel7 base image has been updated to the latest version.

This update includes the following images:

rhscl/devtoolset-9-toolchain-rhel7
rhscl/devtoolset-9-perftools-rhel7

To pull a container image, run the following command as root:

podman pull registry.access.redhat.com/<image_name>

For details regarding usage, see Using Red Hat Software Collections Container Images linked from the References section.

Solution

The container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com using the "podman pull" command.

Affected Products

• Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
• Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
• Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le

Fixes

• BZ - 1707796 - CVE-2018-20836 kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free
• BZ - 1718176 - CVE-2019-12614 kernel: null pointer dereference in dlpar_parse_cc_property in arch/powerrc/platforms/pseries/dlpar.c causing denial of service
• BZ - 1745528 - CVE-2019-15217 kernel: null pointer dereference in drivers/media/usb/zr364xx/zr364xx.c driver
• BZ - 1747216 - CVE-2019-15807 kernel: Memory leak in drivers/scsi/libsas/sas_expander.c
• BZ - 1757368 - CVE-2017-18551 kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c
• BZ - 1758242 - CVE-2019-17053 kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol
• BZ - 1758248 - CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol
• BZ - 1759681 - CVE-2019-16994 kernel: Memory leak in sit_init_net() in net/ipv6/sit.c
• BZ - 1760100 - CVE-2019-15917 kernel: use-after-free in drivers/bluetooth/hci_ldisc.c
• BZ - 1760310 - CVE-2019-16231 kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c
• BZ - 1760420 - CVE-2019-16233 kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c
• BZ - 1774988 - CVE-2019-19046 kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c
• BZ - 1775015 - CVE-2019-19063 kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS
• BZ - 1775021 - CVE-2019-19062 kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS
• BZ - 1775042 - CVE-2019-19059 kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS
• BZ - 1775047 - CVE-2019-19058 kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allows for a DoS
• BZ - 1775074 - CVE-2019-19055 kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS
• BZ - 1777418 - CVE-2019-18808 kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c
• BZ - 1779594 - CVE-2019-19332 Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid
• BZ - 1781679 - CVE-2019-19447 kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c
• BZ - 1783434 - CVE-2019-19523 kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver
• BZ - 1783459 - CVE-2019-19524 kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free
• BZ - 1783518 - CVE-2019-19530 kernel: use-after-free caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver
• BZ - 1783540 - CVE-2019-19534 kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver
• BZ - 1783561 - CVE-2019-19537 kernel: race condition caused by a malicious USB device in the USB character device driver layer
• BZ - 1786078 - CVE-2019-19807 kernel: use-after-free in sound/core/timer.c
• BZ - 1786160 - CVE-2019-19767 kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c
• BZ - 1790063 - CVE-2019-20054 kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c
• BZ - 1791954 - CVE-2019-20095 kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c
• BZ - 1802555 - CVE-2020-8649 kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c
• BZ - 1802563 - CVE-2020-8647 kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c
• BZ - 1805135 - CVE-2020-2732 Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources
• BZ - 1809833 - CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel
• BZ - 1810685 - CVE-2020-9383 kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c
• BZ - 1817141 - CVE-2020-10690 kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open
• BZ - 1817718 - CVE-2020-10942 kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field
• BZ - 1818818 - CVE-2019-9454 kernel: out of bounds write in i2c driver leads to local escalation of privilege
• BZ - 1819377 - CVE-2019-9458 kernel: use after free due to race condition in the video driver leads to local privilege escalation
• BZ - 1822077 - CVE-2020-12826 kernel: possible to send arbitrary signals to a privileged (suidroot) parent process
• BZ - 1824059 - CVE-2019-20636 kernel: out-of-bounds write via crafted keycode table

CVEs

• CVE-2017-18551
• CVE-2018-20836
• CVE-2019-9454
• CVE-2019-9458
• CVE-2019-12614
• CVE-2019-15217
• CVE-2019-15807
• CVE-2019-15917
• CVE-2019-16231
• CVE-2019-16233
• CVE-2019-16994
• CVE-2019-17053
• CVE-2019-17055
• CVE-2019-18808
• CVE-2019-19046
• CVE-2019-19055
• CVE-2019-19058
• CVE-2019-19059
• CVE-2019-19062
• CVE-2019-19063
• CVE-2019-19126
• CVE-2019-19332
• CVE-2019-19447
• CVE-2019-19523
• CVE-2019-19524
• CVE-2019-19530
• CVE-2019-19534
• CVE-2019-19537
• CVE-2019-19767
• CVE-2019-19807
• CVE-2019-20054
• CVE-2019-20095
• CVE-2019-20636
• CVE-2020-1749
• CVE-2020-2732
• CVE-2020-8647
• CVE-2020-8649
• CVE-2020-9383
• CVE-2020-10690
• CVE-2020-10732
• CVE-2020-10742
• CVE-2020-10751
• CVE-2020-10942
• CVE-2020-11565
• CVE-2020-12770
• CVE-2020-12826
• CVE-2020-14305

References

• https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/using_red_hat_software_collections_container_images/devtoolset-images
• https://access.redhat.com/errata/RHSA-2020:4060
• https://access.redhat.com/containers