VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202001-0173 CVE-2019-5304 plural Huawei Classic buffer overflow vulnerability in product CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset. plural Huawei The product contains a classic buffer overflow vulnerability.Denial of service (DoS) May be in a state. Huawei CloudEngine 6800 is a 6800 series 10 Gigabit Ethernet switch for data centers in China's Huawei. There are security vulnerabilities in Huawei CloudEngine 12800 200R003C00, 200R005C00, and 200R005C10. An attacker could use this vulnerability to connect to an affected device and execute commands
VAR-201909-1541 CVE-2019-3738 RSA BSAFE Crypto-J Vulnerability in digital signature verification CVSS V2: 4.3
CVSS V3: 6.5
Severity: MEDIUM
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key. RSA BSAFE Crypto-J Contains a vulnerability in the verification of digital signatures.Information may be obtained. Dell RSA BSAFE Crypto-J is an encryption toolkit from Dell, Inc. that provides developers with the tools to add privacy and authentication features to their applications. The vulnerability stems from a network system or product not adequately verifying the origin or authenticity of data. Attackers can use forged data to attack
VAR-201909-1540 CVE-2019-3739 RSA BSAFE Crypto-J Vulnerability related to information disclosure caused by difference in response to security related processing CVSS V2: 4.3
CVSS V3: 6.5
Severity: MEDIUM
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys. RSA BSAFE Crypto-J Contains a vulnerability related to information disclosure caused by differences in response to security-related processing.Information may be obtained. Dell RSA BSAFE Crypto-J is an encryption toolkit from Dell, Inc. that provides developers with the tools to add privacy and authentication features to their applications. A security vulnerability exists in Dell RSA BSAFE Crypto-J versions prior to 6.2.5
VAR-201909-1539 CVE-2019-3740 RSA BSAFE Crypto-J Vulnerable to information disclosure CVSS V2: 4.3
CVSS V3: 6.5
Severity: MEDIUM
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys. RSA BSAFE Crypto-J Contains an information disclosure vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Dell RSA BSAFE Crypto-J is an encryption toolkit from Dell, Inc. that provides developers with the tools to add privacy and authentication features to their applications. A security vulnerability exists in Dell RSA BSAFE Crypto-J versions prior to 6.2.5
VAR-201909-0989 CVE-2019-13556 WebAccess Buffer error vulnerability CVSS V2: 6.5
CVSS V3: 9.8
Severity: CRITICAL
In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. WebAccess Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within cnvlgxtag.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a set of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. The vulnerability stems from the fact that the program does not properly verify the length of user input data
VAR-201909-1518 CVE-2019-13552 Advantech WebAccess Command injection vulnerability CVSS V2: 6.5
CVSS V3: 5.3
Severity: MEDIUM
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution. WebAccess Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwrunmie.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a set of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
VAR-201909-0049 CVE-2019-6833 Magelis HMI Panel Vulnerabilities related to exceptional state checking CVSS V2: 4.3
CVSS V3: 6.5
Severity: MEDIUM
A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel. Magelis HMI Panel Contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Magelis HMIGTO, etc. are a human-machine interface control panel of Schneider Electric in France. A code issue vulnerability exists in several Schneider Electric products. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products. The following products and versions are affected: Schneider Electric HMIGTO; HMISTO; XBTGH; HMIGTU; HMIGTUX; HMISCU; HMISTU; XBTGT; XBTGT; HMIGXO; HMIGXU
VAR-201909-0040 CVE-2019-6810 BMXNOR0200H Ethernet / Serial RTU Incorrect authentication vulnerability in module CVSS V2: 6.5
CVSS V3: 8.8
Severity: HIGH
CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause the execution of commands by unauthorized users when using IEC 60870-5-104 protocol. BMXNOR0200H Ethernet / Serial RTU The module contains an unauthorized authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric BMXNOR0200H Ethernet/Serial RTU module is an Ethernet serial RTU (remote terminal device) module of Schneider Electric (France Schneider Electric) company. Schneider Electric BMXNOR0200H Ethernet/Serial RTU module has access control error vulnerability. The vulnerability stems from network systems or products that do not properly restrict access to resources from unauthorized roles. There is currently no detailed vulnerability details provided
VAR-201909-0047 CVE-2019-6831 BMXNOR0200H Ethernet / Serial RTU Vulnerability in module checking for exceptional conditions CVSS V2: 5.0
CVSS V3: 8.6
Severity: HIGH
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP. Schneider Electric BMXNOR0200H Ethernet/Serial RTU module is an Ethernet serial RTU (remote terminal device) module of Schneider Electric (France Schneider Electric) company. Schneider Electric BMXNOR0200H Ethernet/Serial RTU module has access control error vulnerability. The vulnerability stems from network systems or products that do not properly restrict access to resources from unauthorized roles. There is currently no detailed vulnerability details provided
VAR-201909-0042 CVE-2019-6813 BMXNOR0200H Ethernet / Serial RTU module and Modicon M340 controller Vulnerabilities related to exceptional state checking CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device. BMXNOR0200H Ethernet / Serial RTU module and Modicon M340 controller Contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M340 and BMXNOR0200H Ethernet/Serial RTU module are products of Schneider Electric (France). Schneider Electric Modicon M340 is a mid-range PLC (programmable logic controller) for industrial processes and infrastructure. BMXNOR0200H Ethernet/Serial RTU module is an Ethernet serial RTU (remote terminal device) module. Schneider Electric BMXNOR0200H Ethernet/Serial RTU module and Modicon M340 controller have code issue vulnerabilities. The vulnerability stems from the problem of improper design or implementation in the code development process of network systems or products. There is currently no detailed vulnerability details provided
VAR-201909-0043 CVE-2019-6826 SoMachine HVAC Vulnerabilities related to untrusted search paths CVSS V2: 6.8
CVSS V3: 7.8
Severity: HIGH
A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVAC v2.4.1 and earlier versions, which could cause arbitrary code execution on the system running SoMachine HVAC when a malicious DLL library is loaded by the product. SoMachine HVAC Contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric SoMachine HVAC is a set of programming software dedicated to Schneider Electric logic controllers by Schneider Electric in France. Schneider Electric SoMachine HVAC v2.4.1 and previous versions have code issue vulnerabilities. The vulnerability stems from the problem of improper design or implementation in the code development process of network systems or products. There is currently no detailed vulnerability details provided
VAR-201909-0988 CVE-2019-13550 WebAccess Vulnerable to unauthorized authentication CVSS V2: 9.0
CVSS V3: 9.8
Severity: CRITICAL
In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash. WebAccess Contains an unauthorized authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a browser-based HMI/SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
VAR-201909-1388 CVE-2018-7820 Schneider Electric APC UPS Network Management Card 2 Trust Management Issue Vulnerability CVSS V2: 5.0
CVSS V3: 9.8
Severity: CRITICAL
A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remote Monitoring Credentials to be viewed in plaintext when Remote Monitoring is enabled, and then disabled. Schneider Electric APC UPS Network Management Card 2 is a network management card of French Schneider Electric (Schneider Electric) company. The vulnerability stems from the lack of effective trust management mechanisms in network systems or products. Attackers can use the default password or hard-coded passwords, hard-coded certificates, etc. to attack the affected components
VAR-201909-0990 CVE-2019-13558 Advantech WebAccess Code injection vulnerability CVSS V2: 9.0
CVSS V3: 9.8
Severity: CRITICAL
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash. WebAccess Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a set of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
VAR-201909-0592 CVE-2019-16199 eQ-3 Homematic CCU2 and CCU3 Authentication vulnerability CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remote Code Execution by unauthenticated attackers with access to the web interface via an HTTP POST request to certain URLs related to the ReGa core process. eQ-3 Homematic CCU2 and CCU3 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
VAR-201909-1516 CVE-2019-13523 Honeywell Performance IP Camera and Performance NVR Vulnerable to information disclosure CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs (Network Video Recorders), which can be accessed without authentication over the network. Affected performance IP Cameras: HBD3PR2,H4D3PRV3,HED3PR3,H4D3PRV2,HBD3PR1,H4W8PR2,HBW8PR2,H2W2PC1M,H2W4PER3,H2W2PER3,HEW2PER3,HEW4PER3B,HBW2PER1,HEW4PER2,HEW4PER2B,HEW2PER2,H4W2PER2,HBW2PER2,H4W2PER3, and HPW2P1. Affected Performance Series NVRs: HEN08104,HEN08144,HEN081124,HEN16104,HEN16144,HEN16184,HEN16204,HEN162244,HEN16284,HEN16304,HEN16384,HEN32104,HEN321124,HEN32204,HEN32284,HEN322164,HEN32304, HEN32384,HEN323164,HEN64204,HEN64304,HEN643164,HEN643324,HEN643484,HEN04103,HEN04113,HEN04123,HEN08103,HEN08113,HEN08123,HEN08143,HEN16103,HEN16123,HEN16143,HEN16163,HEN04103L,HEN08103L,HEN16103L,HEN32103L. Honeywell Performance HEN08104 is a network video recorder (NVR) device. A variety of Honeywell product information disclosure vulnerabilities that an attacker can use to view device configuration information. are all products of Honeywell (Honeywell) in the United States. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components
VAR-201909-0048 CVE-2019-6832 spaceLYnk and Wiser for KNX Authentication vulnerability CVSS V2: 6.8
CVSS V3: 8.3
Severity: HIGH
A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication. spaceLYnk and Wiser for KNX Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Schneider Electric spaceLYnk and Wiser for KNX are products of Schneider Electric in France. spaceLYnk is a programmable logic controller. The vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products. There is currently no detailed vulnerability details provided
VAR-201909-0041 CVE-2019-6811 Modicon Quantum 140 NOE771x1 Vulnerabilities related to exceptional state checking CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module receives an IP fragmented packet with a length greater than 65535 bytes. The module then requires a power cycle to recover. Modicon Quantum 140 NOE771x1 Contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Quantum 140 NOE771x1 is an Ethernet module of Schneider Electric in France. Schneider Electric Quantum 140 NOE771x1 6.9 and previous versions have code issue vulnerabilities. The vulnerability stems from the problem of improper design or implementation in the code development process of network systems or products. There is currently no detailed vulnerability details provided
VAR-201909-1387 CVE-2018-20336 ASUSWRT Vulnerable to classic buffer overflow CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak. ASUSWRT Contains a classic buffer overflow vulnerability.Information may be obtained. ASUS Asuswrt-Merlin is a firmware that runs in its router from Taiwan's ASUS Corporation (ASUS). ASUS Asuswrt-Merlin 3.0.0.4.384.20308 version of the wanduck.c file ‘parse_req_queries’ function has a buffer overflow vulnerability. The vulnerability stems from the fact that when a network system or product performs an operation on memory, the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow
VAR-201909-0695 CVE-2019-14835 Linux Kernel Vulnerable to classic buffer overflow CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. Linux Kernel Contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. ========================================================================== Kernel Live Patch Security Notice 0058-1 October 22, 2019 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu: | Series | Base kernel | Arch | flavors | |------------------+--------------+----------+------------------| | Ubuntu 18.04 LTS | 4.15.0 | amd64 | aws | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | generic | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | lowlatency | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | oem | | Ubuntu 18.04 LTS | 5.0.0 | amd64 | azure | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | aws | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | azure | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | lowlatency | Summary: Several security issues were fixed in the kernel. Software Description: - linux: Linux kernel Details: It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2016-10905) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856) It was discovered that the USB gadget Midi driver in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-20961) It was discovered that the XFS file system in the Linux kernel did not properly handle mount failures in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-20976) It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-21008) It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136) It was discovered that the Linux kernel on ARM processors allowed a tracing process to modify a syscall after a seccomp decision had been made on that syscall. A local attacker could possibly use this to bypass seccomp restrictions. (CVE-2019-2054) It was discovered that an integer overflow existed in the Binder implementation of the Linux kernel, leading to a buffer overflow. A local attacker could use this to escalate privileges. (CVE-2019-2181) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) Jonathan Looney discovered that an integer overflow existed in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service (system crash). (CVE-2019-11477) Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (CVE-2019-11478) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614) It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283) It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14815) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14816) Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821) Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. (CVE-2019-14835) Update instructions: The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |--------------------------+----------+--------------------------| | 4.4.0-148.174 | 58.1 | lowlatency, generic | | 4.4.0-148.174~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-150.176 | 58.1 | generic, lowlatency | | 4.4.0-150.176~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-151.178 | 58.1 | lowlatency, generic | | 4.4.0-151.178~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-154.181 | 58.1 | lowlatency, generic | | 4.4.0-154.181~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-157.185 | 58.1 | lowlatency, generic | | 4.4.0-157.185~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-159.187 | 58.1 | lowlatency, generic | | 4.4.0-159.187~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-161.189 | 58.1 | lowlatency, generic | | 4.4.0-161.189~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-164.192 | 58.1 | lowlatency, generic | | 4.4.0-164.192~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-165.193 | 58.1 | generic, lowlatency | | 4.4.0-1083.93 | 58.1 | aws | | 4.4.0-1084.94 | 58.1 | aws | | 4.4.0-1085.96 | 58.1 | aws | | 4.4.0-1087.98 | 58.1 | aws | | 4.4.0-1088.99 | 58.1 | aws | | 4.4.0-1090.101 | 58.1 | aws | | 4.4.0-1092.103 | 58.1 | aws | | 4.4.0-1094.105 | 58.1 | aws | | 4.15.0-50.54 | 58.1 | generic, lowlatency | | 4.15.0-50.54~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-51.55 | 58.1 | generic, lowlatency | | 4.15.0-51.55~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-52.56 | 58.1 | lowlatency, generic | | 4.15.0-52.56~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-54.58 | 58.1 | generic, lowlatency | | 4.15.0-54.58~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-55.60 | 58.1 | generic, lowlatency | | 4.15.0-58.64 | 58.1 | generic, lowlatency | | 4.15.0-58.64~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-60.67 | 58.1 | lowlatency, generic | | 4.15.0-60.67~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-62.69 | 58.1 | generic, lowlatency | | 4.15.0-62.69~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-64.73 | 58.1 | generic, lowlatency | | 4.15.0-64.73~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-65.74 | 58.1 | lowlatency, generic | | 4.15.0-1038.43 | 58.1 | oem | | 4.15.0-1039.41 | 58.1 | aws | | 4.15.0-1039.44 | 58.1 | oem | | 4.15.0-1040.42 | 58.1 | aws | | 4.15.0-1041.43 | 58.1 | aws | | 4.15.0-1043.45 | 58.1 | aws | | 4.15.0-1043.48 | 58.1 | oem | | 4.15.0-1044.46 | 58.1 | aws | | 4.15.0-1045.47 | 58.1 | aws | | 4.15.0-1045.50 | 58.1 | oem | | 4.15.0-1047.49 | 58.1 | aws | | 4.15.0-1047.51 | 58.1 | azure | | 4.15.0-1048.50 | 58.1 | aws | | 4.15.0-1049.54 | 58.1 | azure | | 4.15.0-1050.52 | 58.1 | aws | | 4.15.0-1050.55 | 58.1 | azure | | 4.15.0-1050.57 | 58.1 | oem | | 4.15.0-1051.53 | 58.1 | aws | | 4.15.0-1051.56 | 58.1 | azure | | 4.15.0-1052.57 | 58.1 | azure | | 4.15.0-1055.60 | 58.1 | azure | | 4.15.0-1056.61 | 58.1 | azure | | 4.15.0-1056.65 | 58.1 | oem | | 4.15.0-1057.62 | 58.1 | azure | | 4.15.0-1057.66 | 58.1 | oem | | 4.15.0-1059.64 | 58.1 | azure | | 5.0.0-1014.14~18.04.1 | 58.1 | azure | | 5.0.0-1016.17~18.04.1 | 58.1 | azure | | 5.0.0-1018.19~18.04.1 | 58.1 | azure | | 5.0.0-1020.21~18.04.1 | 58.1 | azure | Support Information: Kernels older than the levels listed below do not receive livepatch updates. Please upgrade your kernel as soon as possible. | Series | Version | Flavors | |------------------+------------------+--------------------------| | Ubuntu 18.04 LTS | 4.15.0-1039 | aws | | Ubuntu 16.04 LTS | 4.4.0-1083 | aws | | Ubuntu 18.04 LTS | 5.0.0-1000 | azure | | Ubuntu 16.04 LTS | 4.15.0-1047 | azure | | Ubuntu 18.04 LTS | 4.15.0-50 | generic lowlatency | | Ubuntu 16.04 LTS | 4.15.0-50 | generic lowlatency | | Ubuntu 14.04 LTS | 4.4.0-148 | generic lowlatency | | Ubuntu 18.04 LTS | 4.15.0-1038 | oem | | Ubuntu 16.04 LTS | 4.4.0-148 | generic lowlatency | References: CVE-2016-10905, CVE-2018-20856, CVE-2018-20961, CVE-2018-20976, CVE-2018-21008, CVE-2019-0136, CVE-2019-2054, CVE-2019-2181, CVE-2019-3846, CVE-2019-10126, CVE-2019-10207, CVE-2019-11477, CVE-2019-11478, CVE-2019-11833, CVE-2019-12614, CVE-2019-14283, CVE-2019-14284, CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, CVE-2019-14821, CVE-2019-14835 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . CVE-2019-14821 Matt Delco reported a race condition in KVM's coalesced MMIO facility, which could lead to out-of-bounds access in the kernel. CVE-2019-14835 Peter Pi of Tencent Blade Team discovered a missing bounds check in vhost_net, the network back-end driver for KVM hosts, leading to a buffer overflow when the host begins live migration of a VM. CVE-2019-15117 Hui Peng and Mathias Payer reported a missing bounds check in the usb-audio driver's descriptor parsing code, leading to a buffer over-read. CVE-2019-15118 Hui Peng and Mathias Payer reported unbounded recursion in the usb-audio driver's descriptor parsing code, leading to a stack overflow. On the amd64 architecture, and on the arm64 architecture in buster, this is mitigated by a guard page on the kernel stack, so that it is only possible to cause a crash. CVE-2019-15902 Brad Spengler reported that a backporting error reintroduced a spectre-v1 vulnerability in the ptrace subsystem in the ptrace_get_debugreg() function. For the oldstable distribution (stretch), these problems have been fixed in version 4.9.189-3+deb9u1. For the stable distribution (buster), these problems have been fixed in version 4.19.67-2+deb10u1. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl2K5xlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Sj8xAAnBGWzlmy5RyQe8VCE3kkMpwmH/00I5IFpjTbAVvyHzKVYl96YbY1YuAP ID++cBxBElWCQriwCESc5Um/BGpOMmTa3VlkXIVy6uHgwt1Hn+ZW/syFaGt0/brW eKIecVQLyZaV7OOx4Q+J9H5WN1FNKoV3BCsfUFlRqNCUtYQ46X7pN+gyytW4KbZo AEbPkEdUhv2Z6ndq8Z/OJ5cyYms+OonEt08e2qcN0Ig+qRY9l3fgSn/X3tKQiuJj jGKPkd0VYrFzfDKekcboIBZyegahReRe4k+V8I+o/acuQJGR1cV/qCGxboFFI2+s WeSUhaVixP+7HLXyRljFBdvXlAnx/IajEPG+RAVt6zZs1yK+8bVIhai5TarcwbF3 DWQZvpAeLaKgIN4x7s7xDHNJzO9Ea9fhXm/9T1AoaO3wdN2zjOYHLG3YO4TF0PpF rYY9t17uNdAuCxPeQWCciDOiNQVbEmr3+al/78m2VZcBYEI2s1E9fgQJV21rRlv+ fEavwX9OJg6GKcW9v6cyegyf4gfTvjyzIP/rcmn55hiQ9vjVNykkoNUES5Do6sTb /pSSRuUpJtEE+6LnnqbdD0E6l8SC6zgA/+Pu/7BrACxlk9bhYFmVaAwbPPEuRgrz 3d87MB8FEHu4RDGSgomb849wuAXnEVDwM034VtURUSEAXVFQ0dY=Wqdv -----END PGP SIGNATURE----- . 6) - i386, x86_64 3. 7.2) - noarch, x86_64 3. (CVE-2019-14835) * kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * fs deadlock when a memory allocation waits on page writeback in NOFS context (BZ#1729103) * fragmented packets timing out (BZ#1729409) * kernel build: speed up debuginfo extraction (BZ#1731460) * use "make -jN" for modules_install (BZ#1735079) * shmem: consider shm_mnt as a long-term mount (BZ#1737374) * raid1d can hang in freeze_array if handling a mix of read and write errors (BZ#1737792) * Backport TCP follow-up for small buffers (BZ#1739125) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2019:2829-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2829 Issue date: 2019-09-20 CVE Names: CVE-2019-14835 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. (CVE-2019-14835) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-1062.1.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.1.2.el7.noarch.rpm kernel-doc-3.10.0-1062.1.2.el7.noarch.rpm x86_64: bpftool-3.10.0-1062.1.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-headers-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.1.2.el7.x86_64.rpm perf-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-1062.1.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.1.2.el7.noarch.rpm kernel-doc-3.10.0-1062.1.2.el7.noarch.rpm x86_64: bpftool-3.10.0-1062.1.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-headers-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.1.2.el7.x86_64.rpm perf-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-1062.1.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.1.2.el7.noarch.rpm kernel-doc-3.10.0-1062.1.2.el7.noarch.rpm ppc64: bpftool-3.10.0-1062.1.2.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-3.10.0-1062.1.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debug-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1062.1.2.el7.ppc64.rpm kernel-devel-3.10.0-1062.1.2.el7.ppc64.rpm kernel-headers-3.10.0-1062.1.2.el7.ppc64.rpm kernel-tools-3.10.0-1062.1.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-1062.1.2.el7.ppc64.rpm perf-3.10.0-1062.1.2.el7.ppc64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm python-perf-3.10.0-1062.1.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm ppc64le: bpftool-3.10.0-1062.1.2.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debug-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-devel-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-headers-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-tools-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1062.1.2.el7.ppc64le.rpm perf-3.10.0-1062.1.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm python-perf-3.10.0-1062.1.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm s390x: bpftool-3.10.0-1062.1.2.el7.s390x.rpm bpftool-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm kernel-3.10.0-1062.1.2.el7.s390x.rpm kernel-debug-3.10.0-1062.1.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm kernel-debug-devel-3.10.0-1062.1.2.el7.s390x.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1062.1.2.el7.s390x.rpm kernel-devel-3.10.0-1062.1.2.el7.s390x.rpm kernel-headers-3.10.0-1062.1.2.el7.s390x.rpm kernel-kdump-3.10.0-1062.1.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-1062.1.2.el7.s390x.rpm perf-3.10.0-1062.1.2.el7.s390x.rpm perf-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm python-perf-3.10.0-1062.1.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.s390x.rpm x86_64: bpftool-3.10.0-1062.1.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-headers-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.1.2.el7.x86_64.rpm perf-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bpftool-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1062.1.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1062.1.2.el7.ppc64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.ppc64.rpm ppc64le: bpftool-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1062.1.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.ppc64le.rpm x86_64: bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-1062.1.2.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.1.2.el7.noarch.rpm kernel-doc-3.10.0-1062.1.2.el7.noarch.rpm x86_64: bpftool-3.10.0-1062.1.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-devel-3.10.0-1062.1.2.el7.x86_64.rpm kernel-headers-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.1.2.el7.x86_64.rpm perf-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.1.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.1.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14835 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kernel-vhost 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXYSDiNzjgjWX9erEAQiVUQ/9EzNEE3VBb1tjfASE0BrtTQXPGV5OD0jF xgNeuTZt7X15behgUtLM3tDg3eiPYZnEErojpJr52sh7Jz1J2GuVajbVpUtaW2Wm P+iI+zmtzhdUPns6zbuV4Qkyk0Q2WNxt1RLMcZeXtDMKiYN7Tj34wmF2aKhvAB6i Du+8LiPcsU84XcyT5z4lnG/iRCw1CqHvuVj7oJNQCWGC3X3Am6hkmuZ3Y1I5+cI8 mqJIb+aEbvVnAzDLdyl9JoTOPy+e5X0wHLiTEwKgp6k6IaWdVoPoxcrx4M8TPPbN 7A8Q7KrLAqeDNkft8YKmYgO3alE7915/FaRcpzAoPlBlot/OvCeiwP0qPjQ9ki0C JrOk98DYgRD0OxLfXoe4mMfYyh+yb+Q3APxjv6r75RJuxXIQGHMgo8EWVRNkA7Je 2CMFtk2J1x/eiQnRN/UbEri6oDc9LIC6o4eANEm1hNPNoYi66xPDeTMiwua79q0n SnPLqXjjm0jDft7XOvv/5H9AuaRjurZLzMf6a08OouxCkzM8t1iRCnBrVTAW+AqW j/0eZz+ElMoM4xTtzM1aZit+0dy0wVbTdeCpbVJQre89Z2iA1exdgptnO+8/oLa3 XnWaluoWVObovE4ev0czx8ML9oJ13gVglU2Zme3Uzian48/2+/bgJHrjr3J+GLYG 6PiQ0CEHbCQ=V1EB -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7) - ppc64le, x86_64 3. Description: This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3