- Issued:
- 2020-01-14
- Updated:
- 2020-01-14
RHSA-2020:0100 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise MRG 2.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)
- kernel: TLB flush happens too late on mremap (CVE-2018-18281)
- kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- update the MRG 2.5.z 3.10 realtime-kernel sources (BZ#1779367)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- MRG Realtime 2 x86_64
Fixes
- BZ - 1645121 - CVE-2018-18281 kernel: TLB flush happens too late on mremap
- BZ - 1705937 - CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
- BZ - 1738705 - CVE-2018-20856 kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c
- BZ - 1779367 - update the MRG 2.5.z 3.10 realtime-kernel sources
MRG Realtime 2
SRPM | |
---|---|
kernel-rt-3.10.0-693.62.1.rt56.659.el6rt.src.rpm | SHA-256: 4fae311e554ea920bca3a8416dd3421494909785017f900da0f22151c7520013 |
x86_64 | |
kernel-rt-3.10.0-693.62.1.rt56.659.el6rt.x86_64.rpm | SHA-256: 14c176f0658be814590da854fecee38df12565925853698031af9adee59f43e4 |
kernel-rt-debug-3.10.0-693.62.1.rt56.659.el6rt.x86_64.rpm | SHA-256: 3eaf8ad0dc6aede33ef8f7199c866740f27162835ef41b663aca926202eff21b |
kernel-rt-debug-debuginfo-3.10.0-693.62.1.rt56.659.el6rt.x86_64.rpm | SHA-256: bc3211f204b4bc8898f5a01277592c3978e428bd40fd318aef579daccbb8c85c |
kernel-rt-debug-devel-3.10.0-693.62.1.rt56.659.el6rt.x86_64.rpm | SHA-256: 8a06fae381c8fb2edcd48d21a440c1c1b3181bf966ed1b8a483b0e1530dd6961 |
kernel-rt-debuginfo-3.10.0-693.62.1.rt56.659.el6rt.x86_64.rpm | SHA-256: 63e343dd6d665beb97176ab4a7be44ecc97712b397616fec2b24d0c88df6f87e |
kernel-rt-debuginfo-common-x86_64-3.10.0-693.62.1.rt56.659.el6rt.x86_64.rpm | SHA-256: 8f71b6d6636a3319ffd42033f45eae83dac5103ffa5851a55d2b4083e5ee12a9 |
kernel-rt-devel-3.10.0-693.62.1.rt56.659.el6rt.x86_64.rpm | SHA-256: 22e0f002ad0e19cf272f10c94ddead7e4f0e7a71d2f330903245ed4811916105 |
kernel-rt-doc-3.10.0-693.62.1.rt56.659.el6rt.noarch.rpm | SHA-256: e31f8e28d1843a234eb81655387d13b76759d7b71aecf3f6f4a83ce7a6ef4267 |
kernel-rt-firmware-3.10.0-693.62.1.rt56.659.el6rt.noarch.rpm | SHA-256: 1a549386bc85276d3b2b2b090b24edb32544075075e9cebe412ec50b8478d07d |
kernel-rt-trace-3.10.0-693.62.1.rt56.659.el6rt.x86_64.rpm | SHA-256: cfbf273f69500784fa6e2302e4e7ad8674c1217d404cd8007b716d0be3a010ab |
kernel-rt-trace-debuginfo-3.10.0-693.62.1.rt56.659.el6rt.x86_64.rpm | SHA-256: 9c37b38629082a576bacb11ec1ae95fd4551c5feb0e4f166615067a8c7438050 |
kernel-rt-trace-devel-3.10.0-693.62.1.rt56.659.el6rt.x86_64.rpm | SHA-256: cce52dc8b654881eaa1506f8e8501863eab48e3d8198976e9ca5680192ffe2c8 |
kernel-rt-vanilla-3.10.0-693.62.1.rt56.659.el6rt.x86_64.rpm | SHA-256: 8bd522750b9fcb494904af161efb5009c6a6d382fec37602fe5f4269dc5c0aba |
kernel-rt-vanilla-debuginfo-3.10.0-693.62.1.rt56.659.el6rt.x86_64.rpm | SHA-256: 7b5d1eea184d79a8e7ccddc0b51956b268017c42822e1c7120104e7acf3af7ad |
kernel-rt-vanilla-devel-3.10.0-693.62.1.rt56.659.el6rt.x86_64.rpm | SHA-256: a7f3153893485663ae89ed42bdcf5c13c6abce5e43506e30598e1b6d2b90a194 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.