bpftool, kernel, perf, python security update

2019-10-02T16:02:22
ID CESA-2019:2829
Type centos
Reporter CentOS Project
Modified 2019-10-02T16:02:22

Description

CentOS Errata and Security Advisory CESA-2019:2829

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835)

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2019-October/023457.html

Affected packages: bpftool kernel kernel-abi-whitelists kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-tools kernel-tools-libs kernel-tools-libs-devel perf python-perf

Upstream details at: