KernelCare update was released
14 views
Skip to first unread message
KernelCare
May 26, 2020, 7:23:09 AM5/26/20
to kernelcar...@googlegroups.com
Dear Customers,
KernelCare prepared security updates for your system.
Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.
You can manually update the server by running:
/usr/bin/kcarectl --update
Changelog:
centos7:
CVE-2017-18595: An issue was discovered in the Linux kernel before 4.14.11. A double
free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.
CVE-2019-19768: In the Linux kernel 5.4.0-rc2, there is a use-after-free (read)
in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill
out a blk_io_trace structure and place it in a per-cpu sub-buffer).
CVE-2020-10711: A NULL pointer dereference flaw was found in the Linux kernel's
SELinux subsystem in versions before 5.7. This flaw occurs while importing the
Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux
extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the
CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the
security attribute to indicate that the category bitmap is present, even if it
has not been allocated. This issue leads to a NULL pointer dereference issue while
importing the same category bitmap into SELinux. This flaw allows a remote network
user to crash the system kernel, resulting in a denial of service.
cvelist: [CVE-2020-10711, CVE-2019-19768, CVE-2017-18595]
latest-version: kernel-3.10.0-1127.8.2.el7
rhel7:
CVE-2017-18595: An issue was discovered in the Linux kernel before 4.14.11. A double
free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.
CVE-2019-19768: In the Linux kernel 5.4.0-rc2, there is a use-after-free (read)
in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill
out a blk_io_trace structure and place it in a per-cpu sub-buffer).
CVE-2020-10711: A NULL pointer dereference flaw was found in the Linux kernel's
SELinux subsystem in versions before 5.7. This flaw occurs while importing the
Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux
extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the
CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the
security attribute to indicate that the category bitmap is present, even if it
has not been allocated. This issue leads to a NULL pointer dereference issue while
importing the same category bitmap into SELinux. This flaw allows a remote network
user to crash the system kernel, resulting in a denial of service.
cvelist: [CVE-2020-10711, CVE-2019-19768, CVE-2017-18595]
latest-version: kernel-3.10.0-1127.8.2.el7
oel7:
CVE-2017-18595: An issue was discovered in the Linux kernel before 4.14.11. A double
free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.
CVE-2019-19768: In the Linux kernel 5.4.0-rc2, there is a use-after-free (read)
in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill
out a blk_io_trace structure and place it in a per-cpu sub-buffer).
CVE-2020-10711: A NULL pointer dereference flaw was found in the Linux kernel's
SELinux subsystem in versions before 5.7. This flaw occurs while importing the
Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux
extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the
CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the
security attribute to indicate that the category bitmap is present, even if it
has not been allocated. This issue leads to a NULL pointer dereference issue while
importing the same category bitmap into SELinux. This flaw allows a remote network
user to crash the system kernel, resulting in a denial of service.
cvelist: [CVE-2020-10711, CVE-2019-19768, CVE-2017-18595]
latest-version: kernel-3.10.0-1127.8.2.el7
KernelCare prepared security updates for your system.
Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.
You can manually update the server by running:
/usr/bin/kcarectl --update
Changelog:
centos7:
CVE-2017-18595: An issue was discovered in the Linux kernel before 4.14.11. A double
free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.
CVE-2019-19768: In the Linux kernel 5.4.0-rc2, there is a use-after-free (read)
in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill
out a blk_io_trace structure and place it in a per-cpu sub-buffer).
CVE-2020-10711: A NULL pointer dereference flaw was found in the Linux kernel's
SELinux subsystem in versions before 5.7. This flaw occurs while importing the
Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux
extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the
CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the
security attribute to indicate that the category bitmap is present, even if it
has not been allocated. This issue leads to a NULL pointer dereference issue while
importing the same category bitmap into SELinux. This flaw allows a remote network
user to crash the system kernel, resulting in a denial of service.
cvelist: [CVE-2020-10711, CVE-2019-19768, CVE-2017-18595]
latest-version: kernel-3.10.0-1127.8.2.el7
rhel7:
CVE-2017-18595: An issue was discovered in the Linux kernel before 4.14.11. A double
free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.
CVE-2019-19768: In the Linux kernel 5.4.0-rc2, there is a use-after-free (read)
in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill
out a blk_io_trace structure and place it in a per-cpu sub-buffer).
CVE-2020-10711: A NULL pointer dereference flaw was found in the Linux kernel's
SELinux subsystem in versions before 5.7. This flaw occurs while importing the
Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux
extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the
CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the
security attribute to indicate that the category bitmap is present, even if it
has not been allocated. This issue leads to a NULL pointer dereference issue while
importing the same category bitmap into SELinux. This flaw allows a remote network
user to crash the system kernel, resulting in a denial of service.
cvelist: [CVE-2020-10711, CVE-2019-19768, CVE-2017-18595]
latest-version: kernel-3.10.0-1127.8.2.el7
oel7:
CVE-2017-18595: An issue was discovered in the Linux kernel before 4.14.11. A double
free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.
CVE-2019-19768: In the Linux kernel 5.4.0-rc2, there is a use-after-free (read)
in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill
out a blk_io_trace structure and place it in a per-cpu sub-buffer).
CVE-2020-10711: A NULL pointer dereference flaw was found in the Linux kernel's
SELinux subsystem in versions before 5.7. This flaw occurs while importing the
Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux
extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the
CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the
security attribute to indicate that the category bitmap is present, even if it
has not been allocated. This issue leads to a NULL pointer dereference issue while
importing the same category bitmap into SELinux. This flaw allows a remote network
user to crash the system kernel, resulting in a denial of service.
cvelist: [CVE-2020-10711, CVE-2019-19768, CVE-2017-18595]
latest-version: kernel-3.10.0-1127.8.2.el7
Reply all
Reply to author
Forward
0 new messages