SCIENTIFIC-LINUX-ERRATA Archives

October 2020

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: kernel on SL7.x x86_64
From:
Farhan Ahmed <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Tue, 20 Oct 2020 18:16:30 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (95 lines) 
Synopsis:          Important: kernel security, bug fix, and enhancement update
Advisory ID:       SLSA-2020:4060-1
Issue Date:        2020-10-01
CVE Numbers:       CVE-2017-18551
                   CVE-2019-19530
                   CVE-2019-15217
                   CVE-2020-2732
                   CVE-2020-8649
                   CVE-2020-10942
                   CVE-2019-20054
                   CVE-2019-20636
                   CVE-2020-10732
                   CVE-2019-19059
                   CVE-2019-19537
                   CVE-2019-19062
                   CVE-2019-20095
                   CVE-2019-19767
                   CVE-2019-19046
                   CVE-2019-19524
                   CVE-2020-10742
                   CVE-2019-15807
                   CVE-2019-19055
                   CVE-2020-14305
                   CVE-2019-15917
                   CVE-2020-12770
                   CVE-2020-10690
                   CVE-2020-12826
                   CVE-2019-16233
                   CVE-2020-1749
                   CVE-2019-12614
                   CVE-2019-19058
                   CVE-2019-19534
                   CVE-2019-18808
                   CVE-2019-19523
                   CVE-2019-9454
                   CVE-2019-19807
                   CVE-2020-9383
                   CVE-2018-20836
                   CVE-2019-17053
                   CVE-2019-16994
                   CVE-2019-9458
                   CVE-2019-19447
                   CVE-2019-19063
                   CVE-2020-11565
                   CVE-2019-19332
                   CVE-2020-8647
                   CVE-2020-10751
                   CVE-2019-16231
--

Security Fix(es):

* kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)

* kernel: out of bounds write in function i2c_smbus_xfer_emulated in
drivers/i2c/i2c-core-smbus.c (CVE-2017-18551)

* kernel: race condition in smp_task_timedout() and smp_task_done() in
drivers/scsi/libsas/sas_expander.c leads to use-after-free (CVE-2018-20836)

* kernel: out of bounds write in i2c driver leads to local escalation of
privilege (CVE-2019-9454)

* kernel: use after free due to race condition in the video driver leads to
local privilege escalation (CVE-2019-9458)
--

SL7
  x86_64
    python-perf-3.10.0-1160.el7.x86_64.rpm
    kernel-devel-3.10.0-1160.el7.x86_64.rpm
    kernel-tools-libs-3.10.0-1160.el7.x86_64.rpm
    kernel-headers-3.10.0-1160.el7.x86_64.rpm
    bpftool-3.10.0-1160.el7.x86_64.rpm
    perf-3.10.0-1160.el7.x86_64.rpm
    kernel-3.10.0-1160.el7.x86_64.rpm
    kernel-doc-3.10.0-1160.el7.noarch.rpm
    kernel-tools-3.10.0-1160.el7.x86_64.rpm
    kernel-debug-devel-3.10.0-1160.el7.x86_64.rpm
    kernel-debug-3.10.0-1160.el7.x86_64.rpm
    kernel-abi-whitelists-3.10.0-1160.el7.noarch.rpm
    bpftool-debuginfo-3.10.0-1160.el7.x86_64.rpm
    kernel-debug-debuginfo-3.10.0-1160.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-1160.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-1160.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-1160.el7.x86_64.rpm
    perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-1160.el7.x86_64.rpm
    kernel-tools-libs-devel-3.10.0-1160.el7.x86_64.rpm
  noarch
    kernel-abi-whitelists-3.10.0-1160.el7.noarch.rpm
    kernel-doc-3.10.0-1160.el7.noarch.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2