Lucene search

K
redhatRedHatRHSA-2019:0831
HistoryApr 23, 2019 - 12:37 p.m.

(RHSA-2019:0831) Important: kernel-alt security and bug fix update

2019-04-2312:37:36
access.redhat.com
139

0.003 Low

EPSS

Percentile

69.8%

The kernel-alt packages provide the Linux kernel version 4.x.

Security Fix(es):

  • kernel: lack of check for mmap minimum address in expand_downwards in mm/mmap.c leads to NULL pointer dereferences exploit on non-SMAP platforms (CVE-2019-9213)

  • kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ucma.c (CVE-2018-14734)

  • kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972)

  • kernel: TLB flush happens too late on mremap (CVE-2018-18281)

  • kernel: Type confusion in drivers/tty/n_tty.c allows for a denial of service (CVE-2018-18386)

  • kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397)

  • kernel: Integer overflow in the alarm_timer_nsleep function (CVE-2018-13053)

  • kernel: NULL pointer dereference in xfs_da_shrink_inode function (CVE-2018-13094)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Failed to boot with ftrace=function in kvm with 2vcpu (BZ#1501024)

  • [ALT-7.5][x86_64] perf test 63 - inet_pton fails on x86_64 (BZ#1518836)

  • BUG: potential out-of-bounds string access when forcing a SELinux label on a file (BZ#1595706)

  • stack out-of-bounds in smb{2,3}_create_lease_buf() on SMB2/SMB3 mounts (BZ#1598757)

  • [ALT-7.6][KVM][PANIC] ltp/lite proc01 - Unable to handle kernel paging request at virtual address ffff7fe000200018 (BZ#1623193)

  • Kernel lock up due to read/write lock (BZ#1636261)

  • [RHEL-ALT] Fix potential Spectre v1 in tty code (BZ#1639679)

  • [Huawei AArch64 7.6 Bug] HNS3: Vlan on HNS3 NIC cannot communicate (BZ#1639713)

  • [RHEL7.6-ALT][AWS] backport “nvme: update timeout module parameter type” (BZ#1654958)

  • ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm (BZ#1663565)

  • RHEL-Alt-7.6 - kernel: zcrypt: fix specification exception on z196 at ap probe (BZ#1670018)

  • [Huawei AArch64 7.6 Bug] Flock over NFSv3 failed (BZ#1670650)

  • [Huawei AArch64 7.6/7.6-z Bug] HNS3: if a single transmit packet(skb) has more than 8 frags, will cause the NIC to be unavailable (BZ#1677643)

  • krb5{,i,p} doesn’t work with older enctypes on aarch64 (BZ#1678922)

Users of kernel are advised to upgrade to these updated packages, which fix these bugs.