- Issued:
- 2020-01-21
- Updated:
- 2020-01-21
RHSA-2020:0174 - Security Advisory
Synopsis
Important: kernel-alt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-alt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-alt packages provide the Linux kernel version 4.x.
Security Fix(es):
- Kernel: speculative bounds check bypass store (CVE-2018-3693)
- kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559)
- kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846)
- kernel: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr (CVE-2019-8912)
- kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126)
- kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487)
- kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)
- kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)
- kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS (CVE-2019-14814)
- kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS (CVE-2019-14815)
- kernel: (powerpc) incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Kernel panic on job cleanup, related to SyS_getdents64 (BZ#1702057)
- Kernel modules generated incorrectly when system is localized to non-English language (BZ#1705285)
- RHEL-Alt-7.6 - Fixup tlbie vs store ordering issue on POWER9 (BZ#1756270)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for ARM 64 7 aarch64
- Red Hat Enterprise Linux for Power 9 7 ppc64le
- Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x
Fixes
- BZ - 1581650 - CVE-2018-3693 Kernel: speculative bounds check bypass store
- BZ - 1641878 - CVE-2018-18559 kernel: Use-after-free due to race condition in AF_PACKET implementation
- BZ - 1678685 - CVE-2019-8912 kernel: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr
- BZ - 1703063 - CVE-2019-11487 kernel: Count overflow in FUSE request leading to use-after-free issues.
- BZ - 1713059 - CVE-2019-3846 kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c
- BZ - 1716992 - CVE-2019-10126 kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c
- BZ - 1744130 - CVE-2019-14814 kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS
- BZ - 1744137 - CVE-2019-14815 kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS
- BZ - 1744149 - CVE-2019-14816 kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver
- BZ - 1771909 - CVE-2019-17133 kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c
- BZ - 1777825 - CVE-2019-18660 kernel: (powerpc) incomplete Spectre-RSB mitigation leads to information exposure
CVEs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for ARM 64 7
| SRPM | |
|---|---|
| kernel-alt-4.14.0-115.17.1.el7a.src.rpm | SHA-256: 55411420bb73de112a02b68c53425f4bae5e94c10c1e1a7ae90d8417746f8b77 |
| aarch64 | |
| kernel-4.14.0-115.17.1.el7a.aarch64.rpm | SHA-256: fa6882e5159f99c8356d102090ecae30954a3047c723baec82279464ac626437 |
| kernel-abi-whitelists-4.14.0-115.17.1.el7a.noarch.rpm | SHA-256: b4a7cefd7a3c57facdc11f9afb909b7b0f90f96c62670ef972de840a190c9c13 |
| kernel-debug-4.14.0-115.17.1.el7a.aarch64.rpm | SHA-256: 2b88e3a49134b6396bc3f14d5a68a7812c9099f3532c6b062ca005c63a5d30e6 |
| kernel-debug-debuginfo-4.14.0-115.17.1.el7a.aarch64.rpm | SHA-256: 144452f89e3f426c5716efb1544c3928b47f6b0f42f73a626bb623b40fa2cbe6 |
| kernel-debug-debuginfo-4.14.0-115.17.1.el7a.aarch64.rpm | SHA-256: 144452f89e3f426c5716efb1544c3928b47f6b0f42f73a626bb623b40fa2cbe6 |
| kernel-debug-devel-4.14.0-115.17.1.el7a.aarch64.rpm | SHA-256: 8eb412c4e600ab69abb06d59959d2142c65a6107acd6d4cbedd97b0c35574cb2 |
| kernel-debuginfo-4.14.0-115.17.1.el7a.aarch64.rpm | SHA-256: c805ad2dac12d73a7f974b5981635b551706c0c9f591a16e86ae72b372b87b57 |
| kernel-debuginfo-4.14.0-115.17.1.el7a.aarch64.rpm | SHA-256: c805ad2dac12d73a7f974b5981635b551706c0c9f591a16e86ae72b372b87b57 |
| kernel-debuginfo-common-aarch64-4.14.0-115.17.1.el7a.aarch64.rpm | SHA-256: 0159d0b115b936ab39a588ea45d239116d0bd7ab8a5c27aaae2ec6770ecb3585 |
| kernel-debuginfo-common-aarch64-4.14.0-115.17.1.el7a.aarch64.rpm | SHA-256: 0159d0b115b936ab39a588ea45d239116d0bd7ab8a5c27aaae2ec6770ecb3585 |
| kernel-devel-4.14.0-115.17.1.el7a.aarch64.rpm | SHA-256: f0f4e1feb41a7d294e2bd9c124fcf467794abcb97ab0c0ce20fd9678ac31d2e5 |
| kernel-doc-4.14.0-115.17.1.el7a.noarch.rpm | SHA-256: 788cba07e7a3413ac9e76d40a210f99edcab176a5f99226f8f3cf4f30e0cabad |
| kernel-doc-4.14.0-115.17.1.el7a.noarch.rpm | SHA-256: 788cba07e7a3413ac9e76d40a210f99edcab176a5f99226f8f3cf4f30e0cabad |
| kernel-headers-4.14.0-115.17.1.el7a.aarch64.rpm | SHA-256: d10b0aa3187911c73b5299d8f7b74e23fdd6ab5185acc9e7ab160b3ffbe989dd |
| kernel-tools-4.14.0-115.17.1.el7a.aarch64.rpm | SHA-256: bc6c7d88fbba4347b96b6d4826fa88582c4ea07dbcb0d33242abd96f0a4ea950 |
| kernel-tools-debuginfo-4.14.0-115.17.1.el7a.aarch64.rpm | SHA-256: cecb30647770a2a440ea8bfe87a8ddf634c1fc79c2c0a866bf7a820b9e14fd21 |
| kernel-tools-debuginfo-4.14.0-115.17.1.el7a.aarch64.rpm | SHA-256: cecb30647770a2a440ea8bfe87a8ddf634c1fc79c2c0a866bf7a820b9e14fd21 |
| kernel-tools-libs-4.14.0-115.17.1.el7a.aarch64.rpm | SHA-256: e9e89fced76ea4568c2686ef332f777092f8a140582f48c52247baba01d81b8c |
| kernel-tools-libs-devel-4.14.0-115.17.1.el7a.aarch64.rpm | SHA-256: a785048547ea08ab59f9aefe595c0c9b97426e6575fddbdb9bf6ccf463658468 |
| perf-4.14.0-115.17.1.el7a.aarch64.rpm | SHA-256: 69ac8a3ca49b9d60af79b30b00791d4d156aeed298a1b6a15bda19cae48124e7 |
| perf-debuginfo-4.14.0-115.17.1.el7a.aarch64.rpm | SHA-256: 719c9805f432a1995a750406c9e215ec555f21cd7c9c8f60e39a2ef90f789428 |
| perf-debuginfo-4.14.0-115.17.1.el7a.aarch64.rpm | SHA-256: 719c9805f432a1995a750406c9e215ec555f21cd7c9c8f60e39a2ef90f789428 |
| python-perf-4.14.0-115.17.1.el7a.aarch64.rpm | SHA-256: 41265840e0bc159e85abb66007906c9db341409896d225681d35decf8914ac99 |
| python-perf-debuginfo-4.14.0-115.17.1.el7a.aarch64.rpm | SHA-256: d44dcf5fabbb4d91a968152df54deeb00629671b0020c74e874aec849bf63548 |
| python-perf-debuginfo-4.14.0-115.17.1.el7a.aarch64.rpm | SHA-256: d44dcf5fabbb4d91a968152df54deeb00629671b0020c74e874aec849bf63548 |
Red Hat Enterprise Linux for Power 9 7
| SRPM | |
|---|---|
| kernel-alt-4.14.0-115.17.1.el7a.src.rpm | SHA-256: 55411420bb73de112a02b68c53425f4bae5e94c10c1e1a7ae90d8417746f8b77 |
| ppc64le | |
| kernel-4.14.0-115.17.1.el7a.ppc64le.rpm | SHA-256: bedb6e00fba1f6112eb9d1791c04a7bcda31777b968a454ad37f106a80cf0b49 |
| kernel-abi-whitelists-4.14.0-115.17.1.el7a.noarch.rpm | SHA-256: b4a7cefd7a3c57facdc11f9afb909b7b0f90f96c62670ef972de840a190c9c13 |
| kernel-bootwrapper-4.14.0-115.17.1.el7a.ppc64le.rpm | SHA-256: c6f41f8fef396e8e7932d88ee84bb0caebacae7966a1cc4b59fae7965010ee41 |
| kernel-debug-4.14.0-115.17.1.el7a.ppc64le.rpm | SHA-256: 8e20847b7cf9f4042c07817bdae3aedce6138b3280cf55ff598a20c06dc9cb3e |
| kernel-debug-debuginfo-4.14.0-115.17.1.el7a.ppc64le.rpm | SHA-256: f4b13f4771dfa0dc8ec8b72702d24cbe3c86456a19e77517ecc593a87de2b343 |
| kernel-debug-debuginfo-4.14.0-115.17.1.el7a.ppc64le.rpm | SHA-256: f4b13f4771dfa0dc8ec8b72702d24cbe3c86456a19e77517ecc593a87de2b343 |
| kernel-debug-devel-4.14.0-115.17.1.el7a.ppc64le.rpm | SHA-256: b6c54ea72a83c1aa2ee5d87c93c16dca0aa0ccbcc259a5aa55a50e7a7aa582c1 |
| kernel-debuginfo-4.14.0-115.17.1.el7a.ppc64le.rpm | SHA-256: c004b2fb7bca84778f86c67dc336fba18dd83027addebd7bb2ec5c0d7c4fb830 |
| kernel-debuginfo-4.14.0-115.17.1.el7a.ppc64le.rpm | SHA-256: c004b2fb7bca84778f86c67dc336fba18dd83027addebd7bb2ec5c0d7c4fb830 |
| kernel-debuginfo-common-ppc64le-4.14.0-115.17.1.el7a.ppc64le.rpm | SHA-256: 1f3d694747278abedb49fc5313b9b62a9c2602fd7248af00f03a47d83bc16044 |
| kernel-debuginfo-common-ppc64le-4.14.0-115.17.1.el7a.ppc64le.rpm | SHA-256: 1f3d694747278abedb49fc5313b9b62a9c2602fd7248af00f03a47d83bc16044 |
| kernel-devel-4.14.0-115.17.1.el7a.ppc64le.rpm | SHA-256: cb71c0d7766cf285ad2e879233eb2546e98d232e948cb8211275b137b77335ad |
| kernel-doc-4.14.0-115.17.1.el7a.noarch.rpm | SHA-256: 788cba07e7a3413ac9e76d40a210f99edcab176a5f99226f8f3cf4f30e0cabad |
| kernel-headers-4.14.0-115.17.1.el7a.ppc64le.rpm | SHA-256: 4acfe7ef22363c73cf5054d80c0b9f06d007ef6b477fe7e40bbc9e49ac8ae696 |
| kernel-tools-4.14.0-115.17.1.el7a.ppc64le.rpm | SHA-256: c6b4daf3d67fc39a8f3239143723f24a89d02408584f5a1f7f70b42a1f773b39 |
| kernel-tools-debuginfo-4.14.0-115.17.1.el7a.ppc64le.rpm | SHA-256: a9915b0cef9ade73af2a2b945258feb7b810f73feb9f017422e0f8c71a4646c4 |
| kernel-tools-debuginfo-4.14.0-115.17.1.el7a.ppc64le.rpm | SHA-256: a9915b0cef9ade73af2a2b945258feb7b810f73feb9f017422e0f8c71a4646c4 |
| kernel-tools-libs-4.14.0-115.17.1.el7a.ppc64le.rpm | SHA-256: fe23f06ba23fa37473fc2fa7aa0e9e8e7db177fe163f4dd357076ff121c4cbb4 |
| kernel-tools-libs-devel-4.14.0-115.17.1.el7a.ppc64le.rpm | SHA-256: 7d56fc33bf4e9f7a04462dd08e90f65125e3c7bb90ff486524b744f19267bb24 |
| perf-4.14.0-115.17.1.el7a.ppc64le.rpm | SHA-256: 176eb0a5be115e744cb37b12847e8453d3c4dbe0e12f27220f85a10be2a073e3 |
| perf-debuginfo-4.14.0-115.17.1.el7a.ppc64le.rpm | SHA-256: bc8e5f99dc0fdd6991f72aa832c07c585f419c678fafb723ac1803d0a330e18a |
| perf-debuginfo-4.14.0-115.17.1.el7a.ppc64le.rpm | SHA-256: bc8e5f99dc0fdd6991f72aa832c07c585f419c678fafb723ac1803d0a330e18a |
| python-perf-4.14.0-115.17.1.el7a.ppc64le.rpm | SHA-256: 5a5cfb5fad718714c21579a194d5691f3e3f0fbdd3aae55e4e0df63ca61b1c69 |
| python-perf-debuginfo-4.14.0-115.17.1.el7a.ppc64le.rpm | SHA-256: a2c582c668f0290624f5c4ffe1834f63735d42f37d2b6b2c118c7f6877fa6927 |
| python-perf-debuginfo-4.14.0-115.17.1.el7a.ppc64le.rpm | SHA-256: a2c582c668f0290624f5c4ffe1834f63735d42f37d2b6b2c118c7f6877fa6927 |
Red Hat Enterprise Linux for IBM System z (Structure A) 7
| SRPM | |
|---|---|
| kernel-alt-4.14.0-115.17.1.el7a.src.rpm | SHA-256: 55411420bb73de112a02b68c53425f4bae5e94c10c1e1a7ae90d8417746f8b77 |
| s390x | |
| kernel-4.14.0-115.17.1.el7a.s390x.rpm | SHA-256: ea6297b231deddff2658c93425cd0f22e6a6ad352e89948bbd4e8c24ff1dc7b9 |
| kernel-abi-whitelists-4.14.0-115.17.1.el7a.noarch.rpm | SHA-256: b4a7cefd7a3c57facdc11f9afb909b7b0f90f96c62670ef972de840a190c9c13 |
| kernel-debug-4.14.0-115.17.1.el7a.s390x.rpm | SHA-256: efba753a262fb5bbc4856c3c4638feb02d85048bce87fbd6a885b563224a1963 |
| kernel-debug-debuginfo-4.14.0-115.17.1.el7a.s390x.rpm | SHA-256: 5f1bcde48176955931c987b75e66ad70d4fad518544c93b545646393f192679c |
| kernel-debug-devel-4.14.0-115.17.1.el7a.s390x.rpm | SHA-256: b71e9c4a0f97af8d87eb0b235d4551457925b9b0aa797f87f004518e2f09ad4c |
| kernel-debuginfo-4.14.0-115.17.1.el7a.s390x.rpm | SHA-256: 9edc56998ad6b1feed9e2e10ccb16c1508b1b8e78cc6a96ef3edd2d4cf56cd5d |
| kernel-debuginfo-common-s390x-4.14.0-115.17.1.el7a.s390x.rpm | SHA-256: 7c5ee1a4b2d0b3e9a58c352c94e0110d2f67b1234842031c69f29341233ec9fe |
| kernel-devel-4.14.0-115.17.1.el7a.s390x.rpm | SHA-256: 1e05bfd5ae6d69ca730646a4cb6b608f8f5ca6fbb43cdb8ab7f662457c1893dd |
| kernel-doc-4.14.0-115.17.1.el7a.noarch.rpm | SHA-256: 788cba07e7a3413ac9e76d40a210f99edcab176a5f99226f8f3cf4f30e0cabad |
| kernel-headers-4.14.0-115.17.1.el7a.s390x.rpm | SHA-256: dba0cf921977c4d2c5810e1d0ceb611742afedf26fb339878246a1d17b328731 |
| kernel-kdump-4.14.0-115.17.1.el7a.s390x.rpm | SHA-256: f8eafd47bb6da480319d7cba863544f205ee2e969880aece608572aa22cae562 |
| kernel-kdump-debuginfo-4.14.0-115.17.1.el7a.s390x.rpm | SHA-256: 68f4f1c007f8a0e820ba6517d4dec2efd2b13a8a5057ac54f681dbefbaabd7b8 |
| kernel-kdump-devel-4.14.0-115.17.1.el7a.s390x.rpm | SHA-256: c40ef8d54a1153c88a33a29a81d5f79c88b4cad412ff49767b1a6e0708026e8b |
| perf-4.14.0-115.17.1.el7a.s390x.rpm | SHA-256: 26ccdd0389035ea27e0c98c3b0b4e1c0fcfaaaf6710048fda3d1e362258c0fbf |
| perf-debuginfo-4.14.0-115.17.1.el7a.s390x.rpm | SHA-256: bfa6de0eb98bb2d931ff48d621daef936548175769e45563441d4f4f122d3067 |
| python-perf-4.14.0-115.17.1.el7a.s390x.rpm | SHA-256: 421f7ecd75d7421bc6ccabf26f3a9b5f4058c8db1563ef9ce82a7354c574a2c8 |
| python-perf-debuginfo-4.14.0-115.17.1.el7a.s390x.rpm | SHA-256: 32f6d49be16332a4f69fc87402cc1240abdebe7f71896b8e83d4dbf440e7d466 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.