ID

VAR-201909-0695

CVE

CVE-2019-14835

TITLE

Linux Kernel Vulnerable to classic buffer overflow

DESCRIPTION

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. Linux Kernel Contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4.199/*: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 4.4.191: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15118 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10906 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10905 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10638 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15117 Fixed in 4.4.193: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14835 Fixed in 4.4.194: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14816 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14814 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15505 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14821 Fixed in 4.4.195: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17053 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17052 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17056 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17055 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17054 Fixed in 4.4.196: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2215 Fixed in 4.4.197: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16746 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20976 Fixed in 4.4.198: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17075 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17133 Fixed in 4.4.199: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15098 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-generic-4.4.199-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-generic-smp-4.4.199_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-headers-4.4.199_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-huge-4.4.199-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-huge-smp-4.4.199_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-modules-4.4.199-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-modules-smp-4.4.199_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-source-4.4.199_smp-noarch-1.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-generic-4.4.199-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-headers-4.4.199-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-huge-4.4.199-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-modules-4.4.199-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-source-4.4.199-noarch-1.txz MD5 signatures: +-------------+ Slackware 14.2 packages: 0e523f42e759ecc2399f36e37672f110 kernel-generic-4.4.199-i586-1.txz ee6451f5362008b46fee2e08e3077b21 kernel-generic-smp-4.4.199_smp-i686-1.txz a8338ef88f2e3ea9c74d564c36ccd420 kernel-headers-4.4.199_smp-x86-1.txz cd9e9c241e4eec2fba1dae658a28870e kernel-huge-4.4.199-i586-1.txz 842030890a424023817d42a83a86a7f4 kernel-huge-smp-4.4.199_smp-i686-1.txz 257db024bb4501548ac9118dbd2d9ae6 kernel-modules-4.4.199-i586-1.txz 96377cbaf7bca55aaca70358c63151a7 kernel-modules-smp-4.4.199_smp-i686-1.txz 0673e86466f9e624964d95107cf6712f kernel-source-4.4.199_smp-noarch-1.txz Slackware x86_64 14.2 packages: 6d1ff428e7cad6caa8860acc402447a1 kernel-generic-4.4.199-x86_64-1.txz dadc091dc725b8227e0d1e35098d6416 kernel-headers-4.4.199-x86-1.txz f5f4c034203f44dd1513ad3504c42515 kernel-huge-4.4.199-x86_64-1.txz a5337cd8b2ca80d4d93b9e9688e42b03 kernel-modules-4.4.199-x86_64-1.txz 5dd6e46c04f37b97062dc9e52cc38add kernel-source-4.4.199-noarch-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg kernel-*.txz If you are using an initrd, you'll need to rebuild it. For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.199-smp | bash For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.199 | bash Please note that "uniprocessor" has to do with the kernel you are running, not with the CPU. Most systems should run the SMP kernel (if they can) regardless of the number of cores the CPU has. If you aren't sure which kernel you are running, run "uname -a". If you see SMP there, you are running the SMP kernel and should use the 4.4.199-smp version when running mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit systems should always use 4.4.199 as the version. If you are using lilo or elilo to boot the machine, you'll need to ensure that the machine is properly prepared before rebooting. If using LILO: By default, lilo.conf contains an image= line that references a symlink that always points to the correct kernel. No editing should be required unless your machine uses a custom lilo.conf. If that is the case, be sure that the image= line references the correct kernel file. Either way, you'll need to run "lilo" as root to reinstall the boot loader. If using elilo: Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish to use, and then run eliloconfig to update the EFI System Partition. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. CVE-2019-14821 Matt Delco reported a race condition in KVM's coalesced MMIO facility, which could lead to out-of-bounds access in the kernel. A local attacker permitted to access /dev/kvm could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2019-14835 Peter Pi of Tencent Blade Team discovered a missing bounds check in vhost_net, the network back-end driver for KVM hosts, leading to a buffer overflow when the host begins live migration of a VM. An attacker in control of a VM could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation on the host. CVE-2019-15117 Hui Peng and Mathias Payer reported a missing bounds check in the usb-audio driver's descriptor parsing code, leading to a buffer over-read. An attacker able to add USB devices could possibly use this to cause a denial of service (crash). CVE-2019-15118 Hui Peng and Mathias Payer reported unbounded recursion in the usb-audio driver's descriptor parsing code, leading to a stack overflow. An attacker able to add USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. On the amd64 architecture, and on the arm64 architecture in buster, this is mitigated by a guard page on the kernel stack, so that it is only possible to cause a crash. CVE-2019-15902 Brad Spengler reported that a backporting error reintroduced a spectre-v1 vulnerability in the ptrace subsystem in the ptrace_get_debugreg() function. For the oldstable distribution (stretch), these problems have been fixed in version 4.9.189-3+deb9u1. For the stable distribution (buster), these problems have been fixed in version 4.19.67-2+deb10u1. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl2K5xlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Sj8xAAnBGWzlmy5RyQe8VCE3kkMpwmH/00I5IFpjTbAVvyHzKVYl96YbY1YuAP ID++cBxBElWCQriwCESc5Um/BGpOMmTa3VlkXIVy6uHgwt1Hn+ZW/syFaGt0/brW eKIecVQLyZaV7OOx4Q+J9H5WN1FNKoV3BCsfUFlRqNCUtYQ46X7pN+gyytW4KbZo AEbPkEdUhv2Z6ndq8Z/OJ5cyYms+OonEt08e2qcN0Ig+qRY9l3fgSn/X3tKQiuJj jGKPkd0VYrFzfDKekcboIBZyegahReRe4k+V8I+o/acuQJGR1cV/qCGxboFFI2+s WeSUhaVixP+7HLXyRljFBdvXlAnx/IajEPG+RAVt6zZs1yK+8bVIhai5TarcwbF3 DWQZvpAeLaKgIN4x7s7xDHNJzO9Ea9fhXm/9T1AoaO3wdN2zjOYHLG3YO4TF0PpF rYY9t17uNdAuCxPeQWCciDOiNQVbEmr3+al/78m2VZcBYEI2s1E9fgQJV21rRlv+ fEavwX9OJg6GKcW9v6cyegyf4gfTvjyzIP/rcmn55hiQ9vjVNykkoNUES5Do6sTb /pSSRuUpJtEE+6LnnqbdD0E6l8SC6zgA/+Pu/7BrACxlk9bhYFmVaAwbPPEuRgrz 3d87MB8FEHu4RDGSgomb849wuAXnEVDwM034VtURUSEAXVFQ0dY=Wqdv -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2019:2863-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2863 Issue date: 2019-09-23 CVE Names: CVE-2019-14835 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. (CVE-2019-14835) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-754.23.1.el6.src.rpm i386: kernel-2.6.32-754.23.1.el6.i686.rpm kernel-debug-2.6.32-754.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm kernel-devel-2.6.32-754.23.1.el6.i686.rpm kernel-headers-2.6.32-754.23.1.el6.i686.rpm perf-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.23.1.el6.noarch.rpm kernel-doc-2.6.32-754.23.1.el6.noarch.rpm kernel-firmware-2.6.32-754.23.1.el6.noarch.rpm x86_64: kernel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm kernel-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-headers-2.6.32-754.23.1.el6.x86_64.rpm perf-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-754.23.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-754.23.1.el6.noarch.rpm kernel-doc-2.6.32-754.23.1.el6.noarch.rpm kernel-firmware-2.6.32-754.23.1.el6.noarch.rpm x86_64: kernel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm kernel-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-headers-2.6.32-754.23.1.el6.x86_64.rpm perf-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-754.23.1.el6.src.rpm i386: kernel-2.6.32-754.23.1.el6.i686.rpm kernel-debug-2.6.32-754.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm kernel-devel-2.6.32-754.23.1.el6.i686.rpm kernel-headers-2.6.32-754.23.1.el6.i686.rpm perf-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.23.1.el6.noarch.rpm kernel-doc-2.6.32-754.23.1.el6.noarch.rpm kernel-firmware-2.6.32-754.23.1.el6.noarch.rpm ppc64: kernel-2.6.32-754.23.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-754.23.1.el6.ppc64.rpm kernel-debug-2.6.32-754.23.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-754.23.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.23.1.el6.ppc64.rpm kernel-devel-2.6.32-754.23.1.el6.ppc64.rpm kernel-headers-2.6.32-754.23.1.el6.ppc64.rpm perf-2.6.32-754.23.1.el6.ppc64.rpm perf-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm s390x: kernel-2.6.32-754.23.1.el6.s390x.rpm kernel-debug-2.6.32-754.23.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.s390x.rpm kernel-debug-devel-2.6.32-754.23.1.el6.s390x.rpm kernel-debuginfo-2.6.32-754.23.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.23.1.el6.s390x.rpm kernel-devel-2.6.32-754.23.1.el6.s390x.rpm kernel-headers-2.6.32-754.23.1.el6.s390x.rpm kernel-kdump-2.6.32-754.23.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.23.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-754.23.1.el6.s390x.rpm perf-2.6.32-754.23.1.el6.s390x.rpm perf-debuginfo-2.6.32-754.23.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.s390x.rpm x86_64: kernel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm kernel-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-headers-2.6.32-754.23.1.el6.x86_64.rpm perf-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.23.1.el6.ppc64.rpm perf-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm python-perf-2.6.32-754.23.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-754.23.1.el6.s390x.rpm kernel-debuginfo-2.6.32-754.23.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.23.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.23.1.el6.s390x.rpm perf-debuginfo-2.6.32-754.23.1.el6.s390x.rpm python-perf-2.6.32-754.23.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-754.23.1.el6.src.rpm i386: kernel-2.6.32-754.23.1.el6.i686.rpm kernel-debug-2.6.32-754.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm kernel-devel-2.6.32-754.23.1.el6.i686.rpm kernel-headers-2.6.32-754.23.1.el6.i686.rpm perf-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.23.1.el6.noarch.rpm kernel-doc-2.6.32-754.23.1.el6.noarch.rpm kernel-firmware-2.6.32-754.23.1.el6.noarch.rpm x86_64: kernel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm kernel-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-headers-2.6.32-754.23.1.el6.x86_64.rpm perf-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14835 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kernel-vhost 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXYiPr9zjgjWX9erEAQjN1A/+IHOdg8Beicp8yr78sUumJ7+hE87hxu0f TCubCbjezezlvYlEfTcCz0nCF6HvcETrxNA6yj70lVLL6zc/ink1/EV7IaIis4f7 pQ5eO6pc8d0jm0x4k5y5Kjif0bxROUJeSvuI6p3nfhDZkXH5rswlfZC3/GlzVrpY CJWDWWYdcOlK6KYCai/AZTPVGL2qOvtIma7tbYfhXyyexk48S/mYIgwVKyH2MYG/ sYVoZQRuq9cT9Obl0y/O9LcG3RJ6+JAhC5+FvU3zcbndT+32SEeKKlmbSSEYuFmE SFRRWDiZX1uhElW/K7nYrRTN87bJZ0wgIOvXauQmWMwS1NAuelQIqOQ3NAXG8oYz A/wOPkILOHI352z8/Dm+p/Po6Ql/PUPZBT+GYmLv+Mju0pckg/7OLLqHqFUGwEey J0rSl9OaePNyOmUdPYOAOKPrwRnLHArG3kSKzLDnW2T1MQX0/51tDgasxptS1ekQ S8mvrKJoqc7Vlghx3jZ854/Uegx6J7eUlQmuSWvZGAM6sR9826TzpQHag2am1sUt JtAjh9Zv4f+C292ltjLRtp2zuKmYQNcDCl8NoustAi7SXvYcAYr5uSXDMc+BajIa MY2jtvyVIyGHpf4jkoDBtTLtmhIyhU+fs1MEF9SI0nvbveqMMzJFXXs6ExOy0OBI 1XpQhVd4g6E=hfEj -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.2), redhat-virtualization-host (4.2). ========================================================================= Ubuntu Security Notice USN-4135-2 September 18, 2019 linux, linux-aws, linux-azure, linux-lts-trusty, linux-lts-xenial vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: Several security issues were fixed in the Linux kernel. (CVE-2019-14835) It was discovered that the Linux kernel on PowerPC architectures did not properly handle Facility Unavailable exceptions in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-15030) It was discovered that the Linux kernel on PowerPC architectures did not properly handle exceptions on interrupts in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-15031) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: linux-image-3.13.0-173-generic 3.13.0-173.224 linux-image-3.13.0-173-generic-lpae 3.13.0-173.224 linux-image-3.13.0-173-lowlatency 3.13.0-173.224 linux-image-3.13.0-173-powerpc-e500 3.13.0-173.224 linux-image-3.13.0-173-powerpc-e500mc 3.13.0-173.224 linux-image-3.13.0-173-powerpc-smp 3.13.0-173.224 linux-image-3.13.0-173-powerpc64-emb 3.13.0-173.224 linux-image-3.13.0-173-powerpc64-smp 3.13.0-173.224 linux-image-4.15.0-1059-azure 4.15.0-1059.64~14.04.1 linux-image-4.4.0-1054-aws 4.4.0-1054.58 linux-image-4.4.0-164-generic 4.4.0-164.192~14.04.1 linux-image-4.4.0-164-generic-lpae 4.4.0-164.192~14.04.1 linux-image-4.4.0-164-lowlatency 4.4.0-164.192~14.04.1 linux-image-4.4.0-164-powerpc-e500mc 4.4.0-164.192~14.04.1 linux-image-4.4.0-164-powerpc-smp 4.4.0-164.192~14.04.1 linux-image-4.4.0-164-powerpc64-emb 4.4.0-164.192~14.04.1 linux-image-4.4.0-164-powerpc64-smp 4.4.0-164.192~14.04.1 linux-image-aws 4.4.0.1054.55 linux-image-azure 4.15.0.1059.45 linux-image-generic 3.13.0.173.184 linux-image-generic-lpae 3.13.0.173.184 linux-image-generic-lpae-lts-xenial 4.4.0.164.143 linux-image-generic-lts-xenial 4.4.0.164.143 linux-image-lowlatency 3.13.0.173.184 linux-image-lowlatency-lts-xenial 4.4.0.164.143 linux-image-powerpc-e500 3.13.0.173.184 linux-image-powerpc-e500mc 3.13.0.173.184 linux-image-powerpc-e500mc-lts-xenial 4.4.0.164.143 linux-image-powerpc-smp 3.13.0.173.184 linux-image-powerpc-smp-lts-xenial 4.4.0.164.143 linux-image-powerpc64-emb 3.13.0.173.184 linux-image-powerpc64-emb-lts-xenial 4.4.0.164.143 linux-image-powerpc64-smp 3.13.0.173.184 linux-image-powerpc64-smp-lts-xenial 4.4.0.164.143 linux-image-server 3.13.0.173.184 linux-image-virtual 3.13.0.173.184 linux-image-virtual-lts-xenial 4.4.0.164.143 Ubuntu 12.04 ESM: linux-image-3.13.0-173-generic 3.13.0-173.224~12.04.1 linux-image-3.13.0-173-generic-lpae 3.13.0-173.224~12.04.1 linux-image-3.13.0-173-lowlatency 3.13.0-173.224~12.04.1 linux-image-3.2.0-143-generic 3.2.0-143.190 linux-image-3.2.0-143-generic-pae 3.2.0-143.190 linux-image-3.2.0-143-highbank 3.2.0-143.190 linux-image-3.2.0-143-omap 3.2.0-143.190 linux-image-3.2.0-143-powerpc-smp 3.2.0-143.190 linux-image-3.2.0-143-powerpc64-smp 3.2.0-143.190 linux-image-3.2.0-143-virtual 3.2.0-143.190 linux-image-generic 3.2.0.143.158 linux-image-generic-lpae-lts-trusty 3.13.0.173.161 linux-image-generic-lts-trusty 3.13.0.173.161 linux-image-generic-pae 3.2.0.143.158 linux-image-highbank 3.2.0.143.158 linux-image-omap 3.2.0.143.158 linux-image-powerpc 3.2.0.143.158 linux-image-powerpc-smp 3.2.0.143.158 linux-image-powerpc64-smp 3.2.0.143.158 linux-image-server 3.2.0.143.158 linux-image-virtual 3.2.0.143.158 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. 7) - ppc64le, x86_64 3. Description: This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

overflow

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-02-20T20:34:05.335000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE