bpftool, kernel, perf, python security update


**CentOS Errata and Security Advisory** CESA-2020:1016 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: out of bound read in DVB connexant driver. (CVE-2015-9289) * kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission (CVE-2017-17807) * kernel: denial of service via ioctl call in network tun handling (CVE-2018-7191) * kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169) * kernel: perf_event_open() and execve() race in setuid programs allows a data leak (CVE-2019-3901) * kernel: brcmfmac frame validation bypass (CVE-2019-9503) * kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207) * kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) * kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service (CVE-2019-12382) * kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233) * kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call (CVE-2019-13648) * kernel: integer overflow and OOB read in drivers/block/floppy.c (CVE-2019-14283) * kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) * kernel: buffer-overflow hardening in WiFi beacon validation code. (CVE-2019-16746) * kernel: (powerpc) incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660) * kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985) * Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638) * Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639) * kernel: ASLR bypass for setuid binaries due to late install_exec_creds() (CVE-2019-11190) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. **Merged security bulletin from advisories:** https://lists.centos.org/pipermail/centos-cr-announce/2020-April/025781.html **Affected packages:** bpftool kernel kernel-abi-whitelists kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-tools kernel-tools-libs kernel-tools-libs-devel perf python-perf **Upstream details at:** https://access.redhat.com/errata/RHSA-2020:1016

Affected Package

OS OS Version Package Name Package Version
CentOS 7 bpftool 3.10.0-1127.el7
CentOS 7 kernel 3.10.0-1127.el7
CentOS 7 kernel-abi-whitelists 3.10.0-1127.el7
CentOS 7 kernel-debug 3.10.0-1127.el7
CentOS 7 kernel-debug-devel 3.10.0-1127.el7
CentOS 7 kernel-devel 3.10.0-1127.el7
CentOS 7 kernel-doc 3.10.0-1127.el7
CentOS 7 kernel-headers 3.10.0-1127.el7
CentOS 7 kernel-tools 3.10.0-1127.el7
CentOS 7 kernel-tools-libs 3.10.0-1127.el7
CentOS 7 kernel-tools-libs-devel 3.10.0-1127.el7
CentOS 7 perf 3.10.0-1127.el7
CentOS 7 python-perf 3.10.0-1127.el7
CentOS 7 kernel 3.10.0-1127.el7