Lucene search

K
centosCentOS ProjectCESA-2019:0415
HistoryFeb 26, 2019 - 6:11 p.m.

kernel, perf, python security update

2019-02-2618:11:53
CentOS Project
lists.centos.org
216
centos
linux
midi driver
race condition
page fault
segmentation fault
red hat

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

10.1%

CentOS Errata and Security Advisory CESA-2019:0415

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Previously backported upstream patch caused a change in the behavior of page fault handler. As a consequence, applications compiled through GNU Compiler Collection (GCC) version 4.4.7 sometimes generated stack access exceeding the 64K limit. Running such applications subsequently triggered a segmentation fault. With this update, the 64k limit check in the page fault handler has been removed. As a result, running the affected applications no longer triggers the segmentation fault in the described scenario.

Note that removing the limit check does not impact the integrity of the kernel itself. (BZ#1644401)

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2019-February/085371.html

Affected packages:
kernel
kernel-abi-whitelists
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-firmware
kernel-headers
perf
python-perf

Upstream details at:
https://access.redhat.com/errata/RHSA-2019:0415

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

10.1%