- Issued:
- 2019-09-17
- Updated:
- 2019-09-20
RHSA-2019:2809 - Security Advisory
Synopsis
Important: kernel-alt security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-alt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-alt packages provide the Linux kernel version 4.x.
Security Fix(es):
- Kernel: page cache side channel attacks (CVE-2019-5489)
- Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)
- kernel: broken permission and object lifetime handling for PTRACE_TRACEME (CVE-2019-13272)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- [kernel-alt]: BUG: unable to handle kernel NULL pointer IP: crypto_remove_spawns+0x118/0x2e0 (BZ#1536967)
- [HPE Apache] update ssif max_xmit_msg_size limit for multi-part messages (BZ#1610534)
- RHEL-Alt-7.6 - powerpc/pseries: Fix unitialized timer reset on migration / powerpc/pseries/mobility: Extend start/stop topology update scope (LPM) (BZ#1673613)
- RHEL-Alt-7.6 - s390: sha3_generic module fails and triggers panic when in FIPS mode (BZ#1673979)
- RHEL-Alt-7.6 - System crashed after oom - During ICP deployment (BZ#1710304)
- kernel-alt: Race condition in hashtables [rhel-alt-7.6.z] (BZ#1712127)
- RHEL-Alt-7.6 - OP930:PM_Test:cpupower -r command set values for first 3 cores in quad and misses last core. (CORAL) (BZ#1717836)
- RHEL-Alt-7.6 - disable runtime NUMA remapping for PRRN/LPM/VPHN (BZ#1717906)
- fragmented packets timing out (BZ#1729066)
- Backport TCP follow-up for small buffers (BZ#1733617)
Enhancement(s):
- RHEL-Alt-7.6 - perfevent PMDA cannot create file descriptors for reading nest events using the perf API (pcp/kernel) (CORAL) (BZ#1723036)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for ARM 64 7 aarch64
- Red Hat Enterprise Linux for Power 9 7 ppc64le
- Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x
Fixes
- BZ - 1664110 - CVE-2019-5489 Kernel: page cache side channel attacks
- BZ - 1671913 - CVE-2019-6974 Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()
- BZ - 1730895 - CVE-2019-13272 kernel: broken permission and object lifetime handling for PTRACE_TRACEME
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for ARM 64 7
| SRPM | |
|---|---|
| kernel-alt-4.14.0-115.12.1.el7a.src.rpm | SHA-256: eafbd6e0d25bc4b0206f6f04c73d758a3a681007a006ec4c77ffcb68f7b4b3f3 |
| aarch64 | |
| kernel-4.14.0-115.12.1.el7a.aarch64.rpm | SHA-256: d9e6018923c12f9f2ce4f9075ca90f7b3f5ced901ff8314989d363bc2577525c |
| kernel-abi-whitelists-4.14.0-115.12.1.el7a.noarch.rpm | SHA-256: 2d4774f9d2eb6306fc8ce47217b2db9647c67a27933a19041131fce8e4e6aa17 |
| kernel-debug-4.14.0-115.12.1.el7a.aarch64.rpm | SHA-256: 651748e030607131d0f21edde6fb8625ef89e57b1b92cec649899f5659f4a0b7 |
| kernel-debug-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm | SHA-256: c535b62d561d3748f3e2773296948b54de69c92e98471dc49e00bc469eef029a |
| kernel-debug-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm | SHA-256: c535b62d561d3748f3e2773296948b54de69c92e98471dc49e00bc469eef029a |
| kernel-debug-devel-4.14.0-115.12.1.el7a.aarch64.rpm | SHA-256: 5bc06dbc89606e3f10e2ca01f5bd8a7553749e1102c004487346a3be55aa3ab4 |
| kernel-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm | SHA-256: 3ada50670a533a78ab0138709bf8c8c3f679b969e12253e9c594b8545a494ae8 |
| kernel-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm | SHA-256: 3ada50670a533a78ab0138709bf8c8c3f679b969e12253e9c594b8545a494ae8 |
| kernel-debuginfo-common-aarch64-4.14.0-115.12.1.el7a.aarch64.rpm | SHA-256: 5d2fe9505965e6f99176d9a3b10b894d1d8a6d50df792c6c76b799a689d77d6f |
| kernel-debuginfo-common-aarch64-4.14.0-115.12.1.el7a.aarch64.rpm | SHA-256: 5d2fe9505965e6f99176d9a3b10b894d1d8a6d50df792c6c76b799a689d77d6f |
| kernel-devel-4.14.0-115.12.1.el7a.aarch64.rpm | SHA-256: 77e6c9a314528a22ca63b2e81cdc037e80d8eb33d59ebd2a767b0604f1db9bb8 |
| kernel-doc-4.14.0-115.12.1.el7a.noarch.rpm | SHA-256: 65dc812bf079edd30c89ff391dbb9a213b44761ca73a2d9a9248e1867c163a6f |
| kernel-doc-4.14.0-115.12.1.el7a.noarch.rpm | SHA-256: 65dc812bf079edd30c89ff391dbb9a213b44761ca73a2d9a9248e1867c163a6f |
| kernel-headers-4.14.0-115.12.1.el7a.aarch64.rpm | SHA-256: 85ee424da0466ef8e9de39933fba6d6823c25ba7dee8135945ef3acf11599e08 |
| kernel-tools-4.14.0-115.12.1.el7a.aarch64.rpm | SHA-256: 3c8e21e8ae88c84dad34e71e6b4cf3f9d1fc0e2b3e0f3bb597bb497c120387e0 |
| kernel-tools-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm | SHA-256: cd795f79781f026ccc5104443f05456940f9cae2478ae3019348b4c9b7344e62 |
| kernel-tools-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm | SHA-256: cd795f79781f026ccc5104443f05456940f9cae2478ae3019348b4c9b7344e62 |
| kernel-tools-libs-4.14.0-115.12.1.el7a.aarch64.rpm | SHA-256: da6fcfbc6e94dddc05796635195294a451ae21899281eb43f3cd4acc94e649bf |
| kernel-tools-libs-devel-4.14.0-115.12.1.el7a.aarch64.rpm | SHA-256: ee02a335f56ad56f2947d705536de872f7bd54acf964697658c9286788bd6fe5 |
| perf-4.14.0-115.12.1.el7a.aarch64.rpm | SHA-256: 239002c366b20aa21479aeffbd1b57594421e671306a032cfd0b7e2cd064757c |
| perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm | SHA-256: df7c171ab39781dca43b6b4a655ec3a032fd4c6b99904bf97e485fe1fd6ce0f0 |
| perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm | SHA-256: df7c171ab39781dca43b6b4a655ec3a032fd4c6b99904bf97e485fe1fd6ce0f0 |
| python-perf-4.14.0-115.12.1.el7a.aarch64.rpm | SHA-256: 97b43d6f292733991451255e8897877608e26c16ab8ea94514ec5e3b79cb2fc3 |
| python-perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm | SHA-256: c9e98dc8fc7226af55ff3741422af10f2ef406884b24a464a4a7e0dc396d9444 |
| python-perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm | SHA-256: c9e98dc8fc7226af55ff3741422af10f2ef406884b24a464a4a7e0dc396d9444 |
Red Hat Enterprise Linux for Power 9 7
| SRPM | |
|---|---|
| kernel-alt-4.14.0-115.12.1.el7a.src.rpm | SHA-256: eafbd6e0d25bc4b0206f6f04c73d758a3a681007a006ec4c77ffcb68f7b4b3f3 |
| ppc64le | |
| kernel-4.14.0-115.12.1.el7a.ppc64le.rpm | SHA-256: 649b0dac259656666dd17e580b18d8e8fd8ea1372d3c862e0a4890e3bcc0b11b |
| kernel-abi-whitelists-4.14.0-115.12.1.el7a.noarch.rpm | SHA-256: 2d4774f9d2eb6306fc8ce47217b2db9647c67a27933a19041131fce8e4e6aa17 |
| kernel-bootwrapper-4.14.0-115.12.1.el7a.ppc64le.rpm | SHA-256: 99771da4e42489be30092314432e5b96285a0d8e03941c71f15fdea39827e2a6 |
| kernel-debug-4.14.0-115.12.1.el7a.ppc64le.rpm | SHA-256: bb788dce415b0b2ee0ba51ca95beb3671b93cd936fe5140b66f6e92539f0ff61 |
| kernel-debug-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm | SHA-256: 95132c7429fa5796e41c7a0eace9574d265018e3a9e807de1f8ba21de371cea2 |
| kernel-debug-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm | SHA-256: 95132c7429fa5796e41c7a0eace9574d265018e3a9e807de1f8ba21de371cea2 |
| kernel-debug-devel-4.14.0-115.12.1.el7a.ppc64le.rpm | SHA-256: 79d4e9d0ba5c9f6323b33cab2a1b8ead0f520b134212d42077b17d0774c2accc |
| kernel-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm | SHA-256: e95a7a5af9b85651d03226f72b1db88b11e69e782b3847fb5223615cd3d92e3a |
| kernel-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm | SHA-256: e95a7a5af9b85651d03226f72b1db88b11e69e782b3847fb5223615cd3d92e3a |
| kernel-debuginfo-common-ppc64le-4.14.0-115.12.1.el7a.ppc64le.rpm | SHA-256: 3cfd53e4e2874ca90f19f2248705d6a3d07e3736c59ea82a2e7a29666b2f9508 |
| kernel-debuginfo-common-ppc64le-4.14.0-115.12.1.el7a.ppc64le.rpm | SHA-256: 3cfd53e4e2874ca90f19f2248705d6a3d07e3736c59ea82a2e7a29666b2f9508 |
| kernel-devel-4.14.0-115.12.1.el7a.ppc64le.rpm | SHA-256: e9a49f2a448690315f3dd1bed36a444a8fe44915a33502a96bf5274ca5fed1b7 |
| kernel-doc-4.14.0-115.12.1.el7a.noarch.rpm | SHA-256: 65dc812bf079edd30c89ff391dbb9a213b44761ca73a2d9a9248e1867c163a6f |
| kernel-headers-4.14.0-115.12.1.el7a.ppc64le.rpm | SHA-256: baa69a48aae956d4bb23f841a0cd07e8c77125aee52081cd611d9ae2e20ac34c |
| kernel-tools-4.14.0-115.12.1.el7a.ppc64le.rpm | SHA-256: 5fed41e1d1f9dbcbc463582eae82c18b5f59bf016548974254ee30d8adfcb2b7 |
| kernel-tools-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm | SHA-256: 0303c5339cfcafc83ed9ad7c68883d5ee5db662f1889f0a3c48ea2450f71ec8e |
| kernel-tools-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm | SHA-256: 0303c5339cfcafc83ed9ad7c68883d5ee5db662f1889f0a3c48ea2450f71ec8e |
| kernel-tools-libs-4.14.0-115.12.1.el7a.ppc64le.rpm | SHA-256: 55b178f1958de2320120a123c5a4b9dfe858868127aa08a627b4cd280f36892b |
| kernel-tools-libs-devel-4.14.0-115.12.1.el7a.ppc64le.rpm | SHA-256: 059a4e9dc9ca5bd34069161d4fcbbbd7cc88d012ccccdd4cc3ce8ca825ed6119 |
| perf-4.14.0-115.12.1.el7a.ppc64le.rpm | SHA-256: 5ffa2d9d07faefd0197a50c3e5a6370aa56855aee758ed53bc87bb78f3e09f0a |
| perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm | SHA-256: b578e3552461f6062ad330f1eb03bb0830e746cd8f4fba738c5b860a344cbb7c |
| perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm | SHA-256: b578e3552461f6062ad330f1eb03bb0830e746cd8f4fba738c5b860a344cbb7c |
| python-perf-4.14.0-115.12.1.el7a.ppc64le.rpm | SHA-256: 431f91cabf40c105a1a16ba50d536bee0a96ec603b3ad7e6b3727e59ee4201a7 |
| python-perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm | SHA-256: 788f45e9fb4296ed852363c1423330bef48f999d44f874d3894b2b39e024fdff |
| python-perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm | SHA-256: 788f45e9fb4296ed852363c1423330bef48f999d44f874d3894b2b39e024fdff |
Red Hat Enterprise Linux for IBM System z (Structure A) 7
| SRPM | |
|---|---|
| kernel-alt-4.14.0-115.12.1.el7a.src.rpm | SHA-256: eafbd6e0d25bc4b0206f6f04c73d758a3a681007a006ec4c77ffcb68f7b4b3f3 |
| s390x | |
| kernel-4.14.0-115.12.1.el7a.s390x.rpm | SHA-256: b250b813df2bb27639bc4c3e6ebefe01e93b4e9126119781c16b63c80101b635 |
| kernel-abi-whitelists-4.14.0-115.12.1.el7a.noarch.rpm | SHA-256: 2d4774f9d2eb6306fc8ce47217b2db9647c67a27933a19041131fce8e4e6aa17 |
| kernel-debug-4.14.0-115.12.1.el7a.s390x.rpm | SHA-256: 31dacc48be75b54bf75f1cf110c2c240fd0ae4c7bd2fc6c6281bc201186bf684 |
| kernel-debug-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm | SHA-256: 7f95e4bb3073abc4753dc7a2ed418d334c164e13fbc2c6553a3988f87a8aad06 |
| kernel-debug-devel-4.14.0-115.12.1.el7a.s390x.rpm | SHA-256: b282aebc4b41634a9222015f3572df80c02624319303b3ba687dcf89ea433d4e |
| kernel-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm | SHA-256: 705bba530e33b4fe2d27059d8d498719e2e0bf7ce6790dcbb1d5bc38598d0fd7 |
| kernel-debuginfo-common-s390x-4.14.0-115.12.1.el7a.s390x.rpm | SHA-256: 01de804595e21e3c3d796655187eed0d1aefd7e286326b96dda8a016efa39c11 |
| kernel-devel-4.14.0-115.12.1.el7a.s390x.rpm | SHA-256: 36b77b815ea6e5c23697457c7a00be711de9935ff5d0d37293379486fcf4770a |
| kernel-doc-4.14.0-115.12.1.el7a.noarch.rpm | SHA-256: 65dc812bf079edd30c89ff391dbb9a213b44761ca73a2d9a9248e1867c163a6f |
| kernel-headers-4.14.0-115.12.1.el7a.s390x.rpm | SHA-256: adfa59b7384a6fb070d2e1b808db5f28ba87c8b1becc8960c937e9f453f571ab |
| kernel-kdump-4.14.0-115.12.1.el7a.s390x.rpm | SHA-256: bbd65f1bcf23d3959e7877abbb8b455b13cfbe34b44267132115ed1de09e5580 |
| kernel-kdump-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm | SHA-256: 491d3fd8466c2a76c4b0f30c528377388cd2ca3b038692293eeac7cd1f167049 |
| kernel-kdump-devel-4.14.0-115.12.1.el7a.s390x.rpm | SHA-256: ace83447e01dc699e60b0c68bbe7f9a4c7df6ce080905d9f9c08843f6479568d |
| perf-4.14.0-115.12.1.el7a.s390x.rpm | SHA-256: 054ec8f2fcebb99e8487c6d8c325b609d74a28d166f928c248b9c2548d3aacd1 |
| perf-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm | SHA-256: 30c7d386fcc2a172b3d8387724933484fe9f8ab523ebf650b93fc83cff48adf9 |
| python-perf-4.14.0-115.12.1.el7a.s390x.rpm | SHA-256: 12714cf5c8826432a7bf9f1bee07633dfc7bb5d1e0170dc4ebb4f6e8cd98f5fc |
| python-perf-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm | SHA-256: 72f2238f6d13026a582380ee054a1bc255a33940f94b88b9eb9e1a3d77a46506 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
