(RHSA-2020:1493) Important: kernel-alt security and bug fix update

The kernel-alt packages provide the Linux kernel version 4.x.

Security Fix(es):

• kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)

• kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)

• kernel: triggering AP to send IAPP location updates for stations before the required authentication process has completed can lead to DoS (CVE-2019-5108)

• kernel: powerpc: local user can read vector registers of other users’ processes via an interrupt (CVE-2019-15031)

• kernel: out-of-bounds array access in __xfrm_policy_unlink (CVE-2019-15666)

• kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash (CVE-2019-15099)

• kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications (CVE-2019-19922)

• kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054)

• kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c (CVE-2019-20095)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• rhel-alt-76z bsd process accounting(acct(2)) does not work (BZ#1763618)