ID

VAR-201909-0695

CVE

CVE-2019-14835

TITLE

Red Hat Security Advisory 2019-2901-01

DESCRIPTION

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. 6.5) - x86_64 3. ========================================================================== Kernel Live Patch Security Notice 0058-1 October 22, 2019 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu: | Series | Base kernel | Arch | flavors | |------------------+--------------+----------+------------------| | Ubuntu 18.04 LTS | 4.15.0 | amd64 | aws | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | generic | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | lowlatency | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | oem | | Ubuntu 18.04 LTS | 5.0.0 | amd64 | azure | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | aws | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | azure | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | lowlatency | Summary: Several security issues were fixed in the kernel. Software Description: - linux: Linux kernel Details: It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2016-10905) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) It was discovered that the USB gadget Midi driver in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-20961) It was discovered that the XFS file system in the Linux kernel did not properly handle mount failures in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-20976) It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-21008) It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136) It was discovered that the Linux kernel on ARM processors allowed a tracing process to modify a syscall after a seccomp decision had been made on that syscall. A local attacker could possibly use this to bypass seccomp restrictions. (CVE-2019-2054) It was discovered that an integer overflow existed in the Binder implementation of the Linux kernel, leading to a buffer overflow. A local attacker could use this to escalate privileges. (CVE-2019-2181) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) Jonathan Looney discovered that an integer overflow existed in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service (system crash). (CVE-2019-11477) Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (CVE-2019-11478) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614) It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283) It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14815) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14816) Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821) Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. (CVE-2019-14835) Update instructions: The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |--------------------------+----------+--------------------------| | 4.4.0-148.174 | 58.1 | lowlatency, generic | | 4.4.0-148.174~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-150.176 | 58.1 | generic, lowlatency | | 4.4.0-150.176~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-151.178 | 58.1 | lowlatency, generic | | 4.4.0-151.178~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-154.181 | 58.1 | lowlatency, generic | | 4.4.0-154.181~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-157.185 | 58.1 | lowlatency, generic | | 4.4.0-157.185~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-159.187 | 58.1 | lowlatency, generic | | 4.4.0-159.187~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-161.189 | 58.1 | lowlatency, generic | | 4.4.0-161.189~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-164.192 | 58.1 | lowlatency, generic | | 4.4.0-164.192~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-165.193 | 58.1 | generic, lowlatency | | 4.4.0-1083.93 | 58.1 | aws | | 4.4.0-1084.94 | 58.1 | aws | | 4.4.0-1085.96 | 58.1 | aws | | 4.4.0-1087.98 | 58.1 | aws | | 4.4.0-1088.99 | 58.1 | aws | | 4.4.0-1090.101 | 58.1 | aws | | 4.4.0-1092.103 | 58.1 | aws | | 4.4.0-1094.105 | 58.1 | aws | | 4.15.0-50.54 | 58.1 | generic, lowlatency | | 4.15.0-50.54~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-51.55 | 58.1 | generic, lowlatency | | 4.15.0-51.55~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-52.56 | 58.1 | lowlatency, generic | | 4.15.0-52.56~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-54.58 | 58.1 | generic, lowlatency | | 4.15.0-54.58~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-55.60 | 58.1 | generic, lowlatency | | 4.15.0-58.64 | 58.1 | generic, lowlatency | | 4.15.0-58.64~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-60.67 | 58.1 | lowlatency, generic | | 4.15.0-60.67~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-62.69 | 58.1 | generic, lowlatency | | 4.15.0-62.69~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-64.73 | 58.1 | generic, lowlatency | | 4.15.0-64.73~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-65.74 | 58.1 | lowlatency, generic | | 4.15.0-1038.43 | 58.1 | oem | | 4.15.0-1039.41 | 58.1 | aws | | 4.15.0-1039.44 | 58.1 | oem | | 4.15.0-1040.42 | 58.1 | aws | | 4.15.0-1041.43 | 58.1 | aws | | 4.15.0-1043.45 | 58.1 | aws | | 4.15.0-1043.48 | 58.1 | oem | | 4.15.0-1044.46 | 58.1 | aws | | 4.15.0-1045.47 | 58.1 | aws | | 4.15.0-1045.50 | 58.1 | oem | | 4.15.0-1047.49 | 58.1 | aws | | 4.15.0-1047.51 | 58.1 | azure | | 4.15.0-1048.50 | 58.1 | aws | | 4.15.0-1049.54 | 58.1 | azure | | 4.15.0-1050.52 | 58.1 | aws | | 4.15.0-1050.55 | 58.1 | azure | | 4.15.0-1050.57 | 58.1 | oem | | 4.15.0-1051.53 | 58.1 | aws | | 4.15.0-1051.56 | 58.1 | azure | | 4.15.0-1052.57 | 58.1 | azure | | 4.15.0-1055.60 | 58.1 | azure | | 4.15.0-1056.61 | 58.1 | azure | | 4.15.0-1056.65 | 58.1 | oem | | 4.15.0-1057.62 | 58.1 | azure | | 4.15.0-1057.66 | 58.1 | oem | | 4.15.0-1059.64 | 58.1 | azure | | 5.0.0-1014.14~18.04.1 | 58.1 | azure | | 5.0.0-1016.17~18.04.1 | 58.1 | azure | | 5.0.0-1018.19~18.04.1 | 58.1 | azure | | 5.0.0-1020.21~18.04.1 | 58.1 | azure | Support Information: Kernels older than the levels listed below do not receive livepatch updates. Please upgrade your kernel as soon as possible. | Series | Version | Flavors | |------------------+------------------+--------------------------| | Ubuntu 18.04 LTS | 4.15.0-1039 | aws | | Ubuntu 16.04 LTS | 4.4.0-1083 | aws | | Ubuntu 18.04 LTS | 5.0.0-1000 | azure | | Ubuntu 16.04 LTS | 4.15.0-1047 | azure | | Ubuntu 18.04 LTS | 4.15.0-50 | generic lowlatency | | Ubuntu 16.04 LTS | 4.15.0-50 | generic lowlatency | | Ubuntu 14.04 LTS | 4.4.0-148 | generic lowlatency | | Ubuntu 18.04 LTS | 4.15.0-1038 | oem | | Ubuntu 16.04 LTS | 4.4.0-148 | generic lowlatency | References: CVE-2016-10905, CVE-2018-20856, CVE-2018-20961, CVE-2018-20976, CVE-2018-21008, CVE-2019-0136, CVE-2019-2054, CVE-2019-2181, CVE-2019-3846, CVE-2019-10126, CVE-2019-10207, CVE-2019-11477, CVE-2019-11478, CVE-2019-11833, CVE-2019-12614, CVE-2019-14283, CVE-2019-14284, CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, CVE-2019-14821, CVE-2019-14835 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4.199/*: Upgraded. These updates fix various bugs and security issues. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 4.4.191: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15118 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10906 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10905 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10638 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15117 Fixed in 4.4.193: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14835 Fixed in 4.4.194: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14816 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14814 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15505 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14821 Fixed in 4.4.195: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17053 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17052 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17056 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17055 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17054 Fixed in 4.4.196: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2215 Fixed in 4.4.197: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16746 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20976 Fixed in 4.4.198: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17075 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17133 Fixed in 4.4.199: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15098 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-generic-4.4.199-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-generic-smp-4.4.199_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-headers-4.4.199_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-huge-4.4.199-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-huge-smp-4.4.199_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-modules-4.4.199-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-modules-smp-4.4.199_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-source-4.4.199_smp-noarch-1.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-generic-4.4.199-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-headers-4.4.199-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-huge-4.4.199-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-modules-4.4.199-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-source-4.4.199-noarch-1.txz MD5 signatures: +-------------+ Slackware 14.2 packages: 0e523f42e759ecc2399f36e37672f110 kernel-generic-4.4.199-i586-1.txz ee6451f5362008b46fee2e08e3077b21 kernel-generic-smp-4.4.199_smp-i686-1.txz a8338ef88f2e3ea9c74d564c36ccd420 kernel-headers-4.4.199_smp-x86-1.txz cd9e9c241e4eec2fba1dae658a28870e kernel-huge-4.4.199-i586-1.txz 842030890a424023817d42a83a86a7f4 kernel-huge-smp-4.4.199_smp-i686-1.txz 257db024bb4501548ac9118dbd2d9ae6 kernel-modules-4.4.199-i586-1.txz 96377cbaf7bca55aaca70358c63151a7 kernel-modules-smp-4.4.199_smp-i686-1.txz 0673e86466f9e624964d95107cf6712f kernel-source-4.4.199_smp-noarch-1.txz Slackware x86_64 14.2 packages: 6d1ff428e7cad6caa8860acc402447a1 kernel-generic-4.4.199-x86_64-1.txz dadc091dc725b8227e0d1e35098d6416 kernel-headers-4.4.199-x86-1.txz f5f4c034203f44dd1513ad3504c42515 kernel-huge-4.4.199-x86_64-1.txz a5337cd8b2ca80d4d93b9e9688e42b03 kernel-modules-4.4.199-x86_64-1.txz 5dd6e46c04f37b97062dc9e52cc38add kernel-source-4.4.199-noarch-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg kernel-*.txz If you are using an initrd, you'll need to rebuild it. For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.199-smp | bash For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.199 | bash Please note that "uniprocessor" has to do with the kernel you are running, not with the CPU. Most systems should run the SMP kernel (if they can) regardless of the number of cores the CPU has. If you aren't sure which kernel you are running, run "uname -a". If you see SMP there, you are running the SMP kernel and should use the 4.4.199-smp version when running mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit systems should always use 4.4.199 as the version. If you are using lilo or elilo to boot the machine, you'll need to ensure that the machine is properly prepared before rebooting. If using LILO: By default, lilo.conf contains an image= line that references a symlink that always points to the correct kernel. No editing should be required unless your machine uses a custom lilo.conf. If that is the case, be sure that the image= line references the correct kernel file. Either way, you'll need to run "lilo" as root to reinstall the boot loader. If using elilo: Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish to use, and then run eliloconfig to update the EFI System Partition. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2019:2863-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2863 Issue date: 2019-09-23 CVE Names: CVE-2019-14835 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. (CVE-2019-14835) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-754.23.1.el6.src.rpm i386: kernel-2.6.32-754.23.1.el6.i686.rpm kernel-debug-2.6.32-754.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm kernel-devel-2.6.32-754.23.1.el6.i686.rpm kernel-headers-2.6.32-754.23.1.el6.i686.rpm perf-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.23.1.el6.noarch.rpm kernel-doc-2.6.32-754.23.1.el6.noarch.rpm kernel-firmware-2.6.32-754.23.1.el6.noarch.rpm x86_64: kernel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm kernel-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-headers-2.6.32-754.23.1.el6.x86_64.rpm perf-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-754.23.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-754.23.1.el6.noarch.rpm kernel-doc-2.6.32-754.23.1.el6.noarch.rpm kernel-firmware-2.6.32-754.23.1.el6.noarch.rpm x86_64: kernel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm kernel-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-headers-2.6.32-754.23.1.el6.x86_64.rpm perf-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-754.23.1.el6.src.rpm i386: kernel-2.6.32-754.23.1.el6.i686.rpm kernel-debug-2.6.32-754.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm kernel-devel-2.6.32-754.23.1.el6.i686.rpm kernel-headers-2.6.32-754.23.1.el6.i686.rpm perf-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.23.1.el6.noarch.rpm kernel-doc-2.6.32-754.23.1.el6.noarch.rpm kernel-firmware-2.6.32-754.23.1.el6.noarch.rpm ppc64: kernel-2.6.32-754.23.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-754.23.1.el6.ppc64.rpm kernel-debug-2.6.32-754.23.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-754.23.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.23.1.el6.ppc64.rpm kernel-devel-2.6.32-754.23.1.el6.ppc64.rpm kernel-headers-2.6.32-754.23.1.el6.ppc64.rpm perf-2.6.32-754.23.1.el6.ppc64.rpm perf-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm s390x: kernel-2.6.32-754.23.1.el6.s390x.rpm kernel-debug-2.6.32-754.23.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.s390x.rpm kernel-debug-devel-2.6.32-754.23.1.el6.s390x.rpm kernel-debuginfo-2.6.32-754.23.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.23.1.el6.s390x.rpm kernel-devel-2.6.32-754.23.1.el6.s390x.rpm kernel-headers-2.6.32-754.23.1.el6.s390x.rpm kernel-kdump-2.6.32-754.23.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.23.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-754.23.1.el6.s390x.rpm perf-2.6.32-754.23.1.el6.s390x.rpm perf-debuginfo-2.6.32-754.23.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.s390x.rpm x86_64: kernel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm kernel-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-headers-2.6.32-754.23.1.el6.x86_64.rpm perf-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.23.1.el6.ppc64.rpm perf-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm python-perf-2.6.32-754.23.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-754.23.1.el6.s390x.rpm kernel-debuginfo-2.6.32-754.23.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.23.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.23.1.el6.s390x.rpm perf-debuginfo-2.6.32-754.23.1.el6.s390x.rpm python-perf-2.6.32-754.23.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-754.23.1.el6.src.rpm i386: kernel-2.6.32-754.23.1.el6.i686.rpm kernel-debug-2.6.32-754.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm kernel-devel-2.6.32-754.23.1.el6.i686.rpm kernel-headers-2.6.32-754.23.1.el6.i686.rpm perf-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.23.1.el6.noarch.rpm kernel-doc-2.6.32-754.23.1.el6.noarch.rpm kernel-firmware-2.6.32-754.23.1.el6.noarch.rpm x86_64: kernel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm kernel-devel-2.6.32-754.23.1.el6.x86_64.rpm kernel-headers-2.6.32-754.23.1.el6.x86_64.rpm perf-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm python-perf-2.6.32-754.23.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm python-perf-2.6.32-754.23.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14835 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kernel-vhost 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXYiPr9zjgjWX9erEAQjN1A/+IHOdg8Beicp8yr78sUumJ7+hE87hxu0f TCubCbjezezlvYlEfTcCz0nCF6HvcETrxNA6yj70lVLL6zc/ink1/EV7IaIis4f7 pQ5eO6pc8d0jm0x4k5y5Kjif0bxROUJeSvuI6p3nfhDZkXH5rswlfZC3/GlzVrpY CJWDWWYdcOlK6KYCai/AZTPVGL2qOvtIma7tbYfhXyyexk48S/mYIgwVKyH2MYG/ sYVoZQRuq9cT9Obl0y/O9LcG3RJ6+JAhC5+FvU3zcbndT+32SEeKKlmbSSEYuFmE SFRRWDiZX1uhElW/K7nYrRTN87bJZ0wgIOvXauQmWMwS1NAuelQIqOQ3NAXG8oYz A/wOPkILOHI352z8/Dm+p/Po6Ql/PUPZBT+GYmLv+Mju0pckg/7OLLqHqFUGwEey J0rSl9OaePNyOmUdPYOAOKPrwRnLHArG3kSKzLDnW2T1MQX0/51tDgasxptS1ekQ S8mvrKJoqc7Vlghx3jZ854/Uegx6J7eUlQmuSWvZGAM6sR9826TzpQHag2am1sUt JtAjh9Zv4f+C292ltjLRtp2zuKmYQNcDCl8NoustAi7SXvYcAYr5uSXDMc+BajIa MY2jtvyVIyGHpf4jkoDBtTLtmhIyhU+fs1MEF9SI0nvbveqMMzJFXXs6ExOy0OBI 1XpQhVd4g6E=hfEj -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.2), redhat-virtualization-host (4.2). 7.2) - noarch, x86_64 3. (CVE-2019-14835) * kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * fs deadlock when a memory allocation waits on page writeback in NOFS context (BZ#1729103) * fragmented packets timing out (BZ#1729409) * kernel build: speed up debuginfo extraction (BZ#1731460) * use "make -jN" for modules_install (BZ#1735079) * shmem: consider shm_mnt as a long-term mount (BZ#1737374) * raid1d can hang in freeze_array if handling a mix of read and write errors (BZ#1737792) * Backport TCP follow-up for small buffers (BZ#1739125) 4. 7) - ppc64le, x86_64 3. Description: This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

overflow

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-09-03T20:50:39.229000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE