- Issued:
- 2020-03-09
- Updated:
- 2020-03-09
RHSA-2020:0740 - Security Advisory
Synopsis
Important: kernel-alt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-alt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-alt packages provide the Linux kernel version 4.x.
Security Fix(es):
- kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)
- kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)
- kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)
- kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)
- kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)
- kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception (CVE-2019-15030)
- kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)
- kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- lpfc: NVMe/FC target test machine rhel-storage-62 crashes on boot when connected to FC switch (BZ#1623205)
- kernel BUG at fs/nfs_common/grace.c:107! (BZ#1637543)
- RHEL-Alt-7.6 - Need a fix for kernel bug cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias() (BZ#1711934)
- Backport "fs/dcache.c: add cond_resched() in shrink_dentry_list()" (32785c0539b7) [rhel-alt-7.6.z] (BZ#1758861)
- [RHEL-ALT-7.6.z][arm64] iommu/iova: Fix tracking of recently failed iova address (BZ#1780500)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for ARM 64 7 aarch64
- Red Hat Enterprise Linux for Power 9 7 ppc64le
- Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x
Fixes
- BZ - 1655162 - CVE-2018-16871 kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence
- BZ - 1663176 - CVE-2019-3459 kernel: Heap address information leak while using L2CAP_GET_CONF_OPT
- BZ - 1663179 - CVE-2019-3460 kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP
- BZ - 1709837 - CVE-2019-11884 kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command
- BZ - 1750813 - CVE-2019-15916 kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service
- BZ - 1759313 - CVE-2019-15030 kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception
- BZ - 1763690 - CVE-2019-17666 kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow
- BZ - 1771496 - CVE-2019-18805 kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c
CVEs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for ARM 64 7
| SRPM | |
|---|---|
| kernel-alt-4.14.0-115.18.1.el7a.src.rpm | SHA-256: b242f12507735a849fec76b2c373dc911f1776e20cd8906d7d434010b4bf59bd |
| aarch64 | |
| kernel-4.14.0-115.18.1.el7a.aarch64.rpm | SHA-256: c6bf4e73fbb1986b105943cfd66c4e898740fef114df9bd9932a5a6c56ab0b85 |
| kernel-abi-whitelists-4.14.0-115.18.1.el7a.noarch.rpm | SHA-256: b6c4c4ed8f356ba26de0974f85a777609fe2cdac0d76db85cafb555293e3e3d7 |
| kernel-debug-4.14.0-115.18.1.el7a.aarch64.rpm | SHA-256: 4b930863a0a96f2db9167a37be1f50226dc1c1e7f493ebe16ed004a2c8997aea |
| kernel-debug-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm | SHA-256: 017e1b20be1513b0272ace0a4e2bbaf53822d78ebd3ea3103d9115dae4c9aff0 |
| kernel-debug-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm | SHA-256: 017e1b20be1513b0272ace0a4e2bbaf53822d78ebd3ea3103d9115dae4c9aff0 |
| kernel-debug-devel-4.14.0-115.18.1.el7a.aarch64.rpm | SHA-256: ab1f2814c027b533e5f0baced31686861918035e8cfbac8c9404011dd0d46da9 |
| kernel-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm | SHA-256: 618af2a78663e6bbc2cbd25556058582b0ff1c032c1676aba55245df9a89c0cb |
| kernel-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm | SHA-256: 618af2a78663e6bbc2cbd25556058582b0ff1c032c1676aba55245df9a89c0cb |
| kernel-debuginfo-common-aarch64-4.14.0-115.18.1.el7a.aarch64.rpm | SHA-256: c8aba859c6e5d0d1b03acbad7e07507aab8d8cac02755d477aab6fe443dc12c8 |
| kernel-debuginfo-common-aarch64-4.14.0-115.18.1.el7a.aarch64.rpm | SHA-256: c8aba859c6e5d0d1b03acbad7e07507aab8d8cac02755d477aab6fe443dc12c8 |
| kernel-devel-4.14.0-115.18.1.el7a.aarch64.rpm | SHA-256: d7e7fd747316c57bac168495f60f24cd59de31a07d1dde704c6d8bbeba63072b |
| kernel-doc-4.14.0-115.18.1.el7a.noarch.rpm | SHA-256: 9a8c88a54a34e014192bccf8dacdf71ca3cc3b9c6532ee39ba9179047657f19f |
| kernel-doc-4.14.0-115.18.1.el7a.noarch.rpm | SHA-256: 9a8c88a54a34e014192bccf8dacdf71ca3cc3b9c6532ee39ba9179047657f19f |
| kernel-headers-4.14.0-115.18.1.el7a.aarch64.rpm | SHA-256: d155c164529d05cb509099597057479f1bea9252570105a1edfe1cb2f92ac733 |
| kernel-tools-4.14.0-115.18.1.el7a.aarch64.rpm | SHA-256: 44d2707b2a7275628b1cc9b82f5d568abf99157d415e55a65a88a75a26498770 |
| kernel-tools-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm | SHA-256: 7179b45660591d4b6e1092cf6b3bb8cc5ca7327861bfe35021ef2d67a68c6b8a |
| kernel-tools-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm | SHA-256: 7179b45660591d4b6e1092cf6b3bb8cc5ca7327861bfe35021ef2d67a68c6b8a |
| kernel-tools-libs-4.14.0-115.18.1.el7a.aarch64.rpm | SHA-256: 22f37f13ad147943c9a31f7b6d25c74b6b80ad09c85776c0020be3f0e21d5845 |
| kernel-tools-libs-devel-4.14.0-115.18.1.el7a.aarch64.rpm | SHA-256: 397f625a0748d2ab1bc34471ee3ef4f35c0a9426e0d051920899427e483c659d |
| perf-4.14.0-115.18.1.el7a.aarch64.rpm | SHA-256: b18e080bba3317cfba52f40f31ecf10cdfbbeee24bba687878558e446a63e694 |
| perf-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm | SHA-256: 6235e71c2f86bbc8f2d01c23c97c6a87ea3d03a54648bcdfca1be4ba89b7f865 |
| perf-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm | SHA-256: 6235e71c2f86bbc8f2d01c23c97c6a87ea3d03a54648bcdfca1be4ba89b7f865 |
| python-perf-4.14.0-115.18.1.el7a.aarch64.rpm | SHA-256: 0b3f1f21b14d0740493f4c3478d29dedbac733f62f5db0bf99ed0feaebbd43b1 |
| python-perf-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm | SHA-256: ad67a86d6ab91a25ea78cdb344074ed3085fb02277409c5c397cce17ecffa38d |
| python-perf-debuginfo-4.14.0-115.18.1.el7a.aarch64.rpm | SHA-256: ad67a86d6ab91a25ea78cdb344074ed3085fb02277409c5c397cce17ecffa38d |
Red Hat Enterprise Linux for Power 9 7
| SRPM | |
|---|---|
| kernel-alt-4.14.0-115.18.1.el7a.src.rpm | SHA-256: b242f12507735a849fec76b2c373dc911f1776e20cd8906d7d434010b4bf59bd |
| ppc64le | |
| kernel-4.14.0-115.18.1.el7a.ppc64le.rpm | SHA-256: d5dab9c633fa2064f58936460cbde70255cf585a95b18a8520749fc7cb44c1b5 |
| kernel-abi-whitelists-4.14.0-115.18.1.el7a.noarch.rpm | SHA-256: b6c4c4ed8f356ba26de0974f85a777609fe2cdac0d76db85cafb555293e3e3d7 |
| kernel-bootwrapper-4.14.0-115.18.1.el7a.ppc64le.rpm | SHA-256: cdeedadc94cb17c68d28cbb00fc677f960295365886e9d832d6705b74e135e63 |
| kernel-debug-4.14.0-115.18.1.el7a.ppc64le.rpm | SHA-256: 2cc1215eb5d494679fc5b93bfbd8415e0e0b585c5ac9dbee1300d38e24c6026c |
| kernel-debug-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm | SHA-256: cee87684e8a8b7159a43e3e9da58a88aebb3a9f9545a0f1d6b9a19d6a49be302 |
| kernel-debug-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm | SHA-256: cee87684e8a8b7159a43e3e9da58a88aebb3a9f9545a0f1d6b9a19d6a49be302 |
| kernel-debug-devel-4.14.0-115.18.1.el7a.ppc64le.rpm | SHA-256: 71a7f11eb86f9092059997fecaa18b91c3745fd2a1b92b380e1127ac363ec8fd |
| kernel-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm | SHA-256: cd8f06e73920ecb0540d60c4aa6a21495f002961a4102de89fdf775ff44cb16c |
| kernel-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm | SHA-256: cd8f06e73920ecb0540d60c4aa6a21495f002961a4102de89fdf775ff44cb16c |
| kernel-debuginfo-common-ppc64le-4.14.0-115.18.1.el7a.ppc64le.rpm | SHA-256: efb0bde849fe5f4b56c2710f98e87ce493834396bf7571fba74c586f8f9411d5 |
| kernel-debuginfo-common-ppc64le-4.14.0-115.18.1.el7a.ppc64le.rpm | SHA-256: efb0bde849fe5f4b56c2710f98e87ce493834396bf7571fba74c586f8f9411d5 |
| kernel-devel-4.14.0-115.18.1.el7a.ppc64le.rpm | SHA-256: 1f2c48800ac42f9cb48fcafa79bcd9364d3c33dfaf2c89337b546b376f2d80b9 |
| kernel-doc-4.14.0-115.18.1.el7a.noarch.rpm | SHA-256: 9a8c88a54a34e014192bccf8dacdf71ca3cc3b9c6532ee39ba9179047657f19f |
| kernel-headers-4.14.0-115.18.1.el7a.ppc64le.rpm | SHA-256: f483edaf747531db4ad9acc1c2f22daae6ec633371dce05b962079e269ef97a9 |
| kernel-tools-4.14.0-115.18.1.el7a.ppc64le.rpm | SHA-256: c2ba7c2ef07f42f5f27b59e63c4e457bd439fb8e59176c2c38f007cfdc06a721 |
| kernel-tools-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm | SHA-256: abc33a66c93332f4b899162e84b9ddec099c88bbdba43300a2c88a2d282c671c |
| kernel-tools-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm | SHA-256: abc33a66c93332f4b899162e84b9ddec099c88bbdba43300a2c88a2d282c671c |
| kernel-tools-libs-4.14.0-115.18.1.el7a.ppc64le.rpm | SHA-256: 49a55a6da9912fbddf6a3c951121ea919b23201d6efcfb56be6be954d237c42c |
| kernel-tools-libs-devel-4.14.0-115.18.1.el7a.ppc64le.rpm | SHA-256: 8559bc009cd32d381da0d487f179dce84275e64a105beef24951f012dcfc1906 |
| perf-4.14.0-115.18.1.el7a.ppc64le.rpm | SHA-256: 864f6806976de9aa9cc39055187d87322c891beb28bf9589d4c0fc4027cad601 |
| perf-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm | SHA-256: 10deb42cc265f7164ef92e56e33bb0bb69a6e59a8cf302da38232b7ec63e9740 |
| perf-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm | SHA-256: 10deb42cc265f7164ef92e56e33bb0bb69a6e59a8cf302da38232b7ec63e9740 |
| python-perf-4.14.0-115.18.1.el7a.ppc64le.rpm | SHA-256: 57cfc95b60dc00f80b52394b205fa293a0939622681c5d65c31ba7b463e1b215 |
| python-perf-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm | SHA-256: 4da35cf78ebf5d22b9e7c48ef34074184307d6707a33bc15213d2fdda0f62cee |
| python-perf-debuginfo-4.14.0-115.18.1.el7a.ppc64le.rpm | SHA-256: 4da35cf78ebf5d22b9e7c48ef34074184307d6707a33bc15213d2fdda0f62cee |
Red Hat Enterprise Linux for IBM System z (Structure A) 7
| SRPM | |
|---|---|
| kernel-alt-4.14.0-115.18.1.el7a.src.rpm | SHA-256: b242f12507735a849fec76b2c373dc911f1776e20cd8906d7d434010b4bf59bd |
| s390x | |
| kernel-4.14.0-115.18.1.el7a.s390x.rpm | SHA-256: 95cccaf25de5233b2d37d3d062193ca1d8e1907a221fcf5c7e20c4c416e303ff |
| kernel-abi-whitelists-4.14.0-115.18.1.el7a.noarch.rpm | SHA-256: b6c4c4ed8f356ba26de0974f85a777609fe2cdac0d76db85cafb555293e3e3d7 |
| kernel-debug-4.14.0-115.18.1.el7a.s390x.rpm | SHA-256: 677743612cbe3e3ff41c10cc96daa1f743bccd351f4f25eb032859efdf54cc85 |
| kernel-debug-debuginfo-4.14.0-115.18.1.el7a.s390x.rpm | SHA-256: 005192ff702802f5564cab7bdb028aae4a5abb2101d1c06253ab7f2c97ff47be |
| kernel-debug-devel-4.14.0-115.18.1.el7a.s390x.rpm | SHA-256: 54267618e70fd1f456704142e2b542eb509a675112b9da029fde37b3bdc8c76a |
| kernel-debuginfo-4.14.0-115.18.1.el7a.s390x.rpm | SHA-256: b540793e1feaff44afe70a2289530b453c9724200f3b1cd1b93311c3eb1a324e |
| kernel-debuginfo-common-s390x-4.14.0-115.18.1.el7a.s390x.rpm | SHA-256: 5dbc6f66439213dfca34300faf6f51c142af4e83e187a2938d6452d043ef3576 |
| kernel-devel-4.14.0-115.18.1.el7a.s390x.rpm | SHA-256: fa9df4ba4a8f8268124e4ae4b06c2bf3475e4bb5a37b3a491f77c161dca52e37 |
| kernel-doc-4.14.0-115.18.1.el7a.noarch.rpm | SHA-256: 9a8c88a54a34e014192bccf8dacdf71ca3cc3b9c6532ee39ba9179047657f19f |
| kernel-headers-4.14.0-115.18.1.el7a.s390x.rpm | SHA-256: 59e446aed4404d4c86e487ea44937c26e8b182ece6d6970276ed3f386e56891b |
| kernel-kdump-4.14.0-115.18.1.el7a.s390x.rpm | SHA-256: 4712e819795545eeb7b551e0814a4eb1574809589da49f0f57b4f41378ebedf6 |
| kernel-kdump-debuginfo-4.14.0-115.18.1.el7a.s390x.rpm | SHA-256: be31c3cf1c4b60b2fa220f6b6812be9506a9350ccbdd3dc2f065515df4de0f3a |
| kernel-kdump-devel-4.14.0-115.18.1.el7a.s390x.rpm | SHA-256: 72ae58a992d0c29f365756553cad2e43536549071b5e6399a8d3111a4d2df9ca |
| perf-4.14.0-115.18.1.el7a.s390x.rpm | SHA-256: aa6667b1bf5fa29fd4a924de0eb1488d1f79c00ac420a35b3b00f854dc1fdcd7 |
| perf-debuginfo-4.14.0-115.18.1.el7a.s390x.rpm | SHA-256: 4d0a780f9212175480b3c8989ead10a14b82cd7f70df9c4aa58ff2a1869ccb53 |
| python-perf-4.14.0-115.18.1.el7a.s390x.rpm | SHA-256: f9a1b5c302e5c70a32be93da125e38bbe4ddf3296cd260991f551e9f70242e7d |
| python-perf-debuginfo-4.14.0-115.18.1.el7a.s390x.rpm | SHA-256: 940ae6e53ec1a8dcad3bae7bc1b36fd2a6e78c8254a24fcb80eb8f75f7be1b2c |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.