drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in kernel-rt
Name: |
Mehrere Probleme in kernel-rt |
|
ID: |
RHSA-2019:2043-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Enterprise Linux |
|
Datum: |
Di, 6. August 2019, 21:43 |
|
Referenzen: |
https://access.redhat.com/security/cve/CVE-2018-13053
https://access.redhat.com/security/cve/CVE-2018-14734
https://access.redhat.com/security/cve/CVE-2018-16658
https://access.redhat.com/security/cve/CVE-2018-10853
https://access.redhat.com/security/cve/CVE-2018-13094
https://access.redhat.com/security/cve/CVE-2018-8087
https://access.redhat.com/security/cve/CVE-2019-3900
https://access.redhat.com/security/cve/CVE-2019-3882
https://access.redhat.com/security/cve/CVE-2019-5489
https://access.redhat.com/security/cve/CVE-2018-15594
https://access.redhat.com/security/cve/CVE-2018-9516
https://access.redhat.com/security/cve/CVE-2018-9363
https://access.redhat.com/security/cve/CVE-2019-11833
https://access.redhat.com/security/cve/CVE-2018-13095
https://access.redhat.com/security/cve/CVE-2018-9517
https://access.redhat.com/security/cve/CVE-2018-14625
https://access.redhat.com/security/cve/CVE-2019-11810
https://access.redhat.com/security/cve/CVE-2018-7755
https://access.redhat.com/security/cve/CVE-2018-16885
https://access.redhat.com/security/cve/CVE-2019-7222
https://access.redhat.com/security/cve/CVE-2018-18281
https://access.redhat.com/security/cve/CVE-2019-3460
https://access.redhat.com/security/cve/CVE-2019-11599
https://access.redhat.com/security/cve/CVE-2018-13093
https://access.redhat.com/security/cve/CVE-2019-3459 |
|
Applikationen: |
RT-Preempt-Realtime-Patch |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2019:2043-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2043 Issue date: 2019-08-06 CVE Names: CVE-2018-7755 CVE-2018-8087 CVE-2018-9363 CVE-2018-9516 CVE-2018-9517 CVE-2018-10853 CVE-2018-13053 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-14625 CVE-2018-14734 CVE-2018-15594 CVE-2018-16658 CVE-2018-16885 CVE-2018-18281 CVE-2019-3459 CVE-2019-3460 CVE-2019-3882 CVE-2019-3900 CVE-2019-5489 CVE-2019-7222 CVE-2019-11599 CVE-2019-11810 CVE-2019-11833 =====================================================================
1. Summary:
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux for Real Time (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64
3. Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900)
* Kernel: page cache side channel attacks (CVE-2019-5489)
* kernel: Buffer overflow in hidp_process_report (CVE-2018-9363)
* kernel: l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create() (CVE-2018-9517)
* kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853)
* kernel: use-after-free Read in vhost_transport_send_pkt (CVE-2018-14625)
* kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ucma.c (CVE-2018-14734)
* kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests (CVE-2018-15594)
* kernel: TLB flush happens too late on mremap (CVE-2018-18281)
* kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459)
* kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460)
* kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882)
* kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599)
* kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810)
* kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833)
* kernel: Information exposure in fd_locked_ioctl function in drivers/block/floppy.c (CVE-2018-7755)
* kernel: Memory leak in drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl() can lead to potential denial of service (CVE-2018-8087)
* kernel: HID: debug: Buffer overflow in hid_debug_events_read() in drivers/hid/hid-debug.c (CVE-2018-9516)
* kernel: Integer overflow in the alarm_timer_nsleep function (CVE-2018-13053)
* kernel: NULL pointer dereference in lookup_slow function (CVE-2018-13093)
* kernel: NULL pointer dereference in xfs_da_shrink_inode function (CVE-2018-13094)
* kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c (CVE-2018-13095)
* kernel: Information leak in cdrom_ioctl_drive_status (CVE-2018-16658)
* kernel: out-of-bound read in memcpy_fromiovecend() (CVE-2018-16885)
* Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1553216 - CVE-2018-7755 kernel: Information exposure in fd_locked_ioctl function in drivers/block/floppy.c 1555145 - CVE-2018-8087 kernel: Memory leak in drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl() can lead to potential denial of service 1573916 - kernel-rt-kvm multiversion 1589890 - CVE-2018-10853 kernel: kvm: guest userspace to guest kernel write 1593361 - Update kernel-rt timer wheel code 1597747 - CVE-2018-13053 kernel: Integer overflow in the alarm_timer_nsleep function 1597766 - CVE-2018-13093 kernel: NULL pointer dereference in lookup_slow function 1597771 - CVE-2018-13094 kernel: NULL pointer dereference in xfs_da_shrink_inode function 1597775 - CVE-2018-13095 kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c 1611005 - CVE-2018-14734 kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ucma.c 1619846 - CVE-2018-14625 kernel: use-after-free Read in vhost_transport_send_pkt 1620555 - CVE-2018-15594 kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests 1623067 - CVE-2018-9363 kernel: Buffer overflow in hidp_process_report 1627731 - CVE-2018-16658 kernel: Information leak in cdrom_ioctl_drive_status 1631036 - CVE-2018-9516 kernel: HID: debug: Buffer overflow in hid_debug_events_read() in drivers/hid/hid-debug.c 1631045 - CVE-2018-9517 kernel: l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create() 1642619 - RT: update kernel-rt source tree to match RHEL 7.7 tree 1645121 - CVE-2018-18281 kernel: TLB flush happens too late on mremap 1661503 - CVE-2018-16885 kernel: out-of-bound read in memcpy_fromiovecend() 1663176 - CVE-2019-3459 kernel: Heap address information leak while using L2CAP_GET_CONF_OPT 1663179 - CVE-2019-3460 kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP 1664110 - CVE-2019-5489 Kernel: page cache side channel attacks 1664380 - BUG: scheduling while atomic: kworker/1:1/24117/0x00000002 1665278 - hrtimers: WARNING: CPU: 8 PID: 79 at kernel/hrtimer.c:1506 run_hrtimer_softirq+0x264/0x270 1671126 - NMI watchdog ineffective due to mismerge 1671930 - CVE-2019-7222 Kernel: KVM: leak of uninitialized stack contents to guest 1684745 - VM hangs on RHEL rt-kernel and OSP 13 1689426 - CVE-2019-3882 kernel: denial of service vector through vfio DMA mappings 1698757 - CVE-2019-3900 Kernel: vhost_net: infinite loop while receiving packets leads to DoS 1705937 - CVE-2019-11599 kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping 1709164 - CVE-2019-11810 kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS 1712072 - CVE-2019-11833 kernel: fs/ext4/extents.c leads to information disclosure 1717212 - KVM tracebacks causing significant latency to VM
6. Package List:
Red Hat Enterprise Linux for Real Time for NFV (v. 7):
Source: kernel-rt-3.10.0-1062.rt56.1022.el7.src.rpm
noarch: kernel-rt-doc-3.10.0-1062.rt56.1022.el7.noarch.rpm
x86_64: kernel-rt-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-debug-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-debug-kvm-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-debug-kvm-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-devel-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-kvm-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-kvm-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-trace-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-trace-kvm-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-trace-kvm-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm
Red Hat Enterprise Linux for Real Time (v. 7):
Source: kernel-rt-3.10.0-1062.rt56.1022.el7.src.rpm
noarch: kernel-rt-doc-3.10.0-1062.rt56.1022.el7.noarch.rpm
x86_64: kernel-rt-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-debug-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-devel-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-trace-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-1062.rt56.1022.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-1062.rt56.1022.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2018-7755 https://access.redhat.com/security/cve/CVE-2018-8087 https://access.redhat.com/security/cve/CVE-2018-9363 https://access.redhat.com/security/cve/CVE-2018-9516 https://access.redhat.com/security/cve/CVE-2018-9517 https://access.redhat.com/security/cve/CVE-2018-10853 https://access.redhat.com/security/cve/CVE-2018-13053 https://access.redhat.com/security/cve/CVE-2018-13093 https://access.redhat.com/security/cve/CVE-2018-13094 https://access.redhat.com/security/cve/CVE-2018-13095 https://access.redhat.com/security/cve/CVE-2018-14625 https://access.redhat.com/security/cve/CVE-2018-14734 https://access.redhat.com/security/cve/CVE-2018-15594 https://access.redhat.com/security/cve/CVE-2018-16658 https://access.redhat.com/security/cve/CVE-2018-16885 https://access.redhat.com/security/cve/CVE-2018-18281 https://access.redhat.com/security/cve/CVE-2019-3459 https://access.redhat.com/security/cve/CVE-2019-3460 https://access.redhat.com/security/cve/CVE-2019-3882 https://access.redhat.com/security/cve/CVE-2019-3900 https://access.redhat.com/security/cve/CVE-2019-5489 https://access.redhat.com/security/cve/CVE-2019-7222 https://access.redhat.com/security/cve/CVE-2019-11599 https://access.redhat.com/security/cve/CVE-2019-11810 https://access.redhat.com/security/cve/CVE-2019-11833 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/7.7_release_notes/index
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXUl37NzjgjWX9erEAQgXTQ/+JndGRRwElZAx4Oc8H13K4nqpmaSH983b +5S6LNl75FGwfi131FIfQX29HiCPNkGRPSIXzpZ+3cHPwgQvsMfFZpUDKZFPLyl2 RLGOiLBmHLlhuvkIlLbtrxXBdkOTzBdx7SeaSRJ99VMYeABcS6ApzkfmYaEr42Sr FCyrgkZoAwZ+9VuqaEBSa/dnF38PWs7jW4mOkyx1gpnTdH2c1rzjo+6+lr7WxwP4 rIVZfqOsyjQ6yckPUPIXsJXBK9BSnd0o8sfbP8Tq1Fmck7nWn1nYqegVbWaQLSkJ MMGHlfrY+8vuGDNRSoaEjIIAEdDj5tCZ+wQM72TAfR9MT5nALg51fkxWJ/ZPLP57 Uvokh2y7y6ZsImuJx1OjKYpUD9ZE5hJGniU1d/7LUAlGBFxgNGXFXkzWHjkf4KnS G6IBmqCXObxfWunj91V0QvD78R2TMHPy/30/mAd5IqRNuQVPsGOltHIXS9cXLjwO nm7wmKcCx/gTh8yDy0UUE6W8gJ3sgIN7HzTj2jjwRabbRteGHAusBo5aBRXI9r3B Wh+2SY5LrWqDZ4ObkjhaRyATQxx2rKuUin2QDmNi/IGB8pIS2r+j4j9KfGc03kms 6EguTYwXq4gK9nFBK8Kvd4Q21yQxdmTSO3bmwv6R+x8R61cBIRKcXp2dxbmp/VdN T54CqEnERhU= =QJKD -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
|
|
|
|