KernelCare update was released
3 views
Skip to first unread message
KernelCare
Apr 7, 2020, 6:24:09 AM4/7/20
to kernelcar...@googlegroups.com
Dear Customers,
KernelCare prepared security updates for your system.
Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.
You can manually update the server by running:
/usr/bin/kcarectl --update
Changelog:
centos7:
CVE-2019-14816: There is heap-based buffer overflow in kernel, all versions up to,
excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local
users to cause a denial of service(system crash) or possibly execute arbitrary
code.
CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel,
all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw
could occur when the station attempts a connection negotiation during the handling
of the remote devices country settings. This could allow the remote device to
cause a denial of service (system crash) or possibly execute arbitrary code.
CVE-2019-14901: A heap overflow flaw was found in the Linux kernel, all versions
3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability
allows a remote attacker to cause a system crash, resulting in a denial of service,
or execute arbitrary code.
CVE-2019-17133: In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in
net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.
cvelist: [CVE-2019-14816, CVE-2019-14895, CVE-2019-14901, CVE-2019-17133]
latest-version: kernel-3.10.0-1062.12.1.el7
KernelCare prepared security updates for your system.
Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.
You can manually update the server by running:
/usr/bin/kcarectl --update
Changelog:
centos7:
CVE-2019-14816: There is heap-based buffer overflow in kernel, all versions up to,
excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local
users to cause a denial of service(system crash) or possibly execute arbitrary
code.
CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel,
all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw
could occur when the station attempts a connection negotiation during the handling
of the remote devices country settings. This could allow the remote device to
cause a denial of service (system crash) or possibly execute arbitrary code.
CVE-2019-14901: A heap overflow flaw was found in the Linux kernel, all versions
3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability
allows a remote attacker to cause a system crash, resulting in a denial of service,
or execute arbitrary code.
CVE-2019-17133: In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in
net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.
cvelist: [CVE-2019-14816, CVE-2019-14895, CVE-2019-14901, CVE-2019-17133]
latest-version: kernel-3.10.0-1062.12.1.el7
KernelCare
Apr 13, 2020, 12:38:09 PM4/13/20
to kernelcar...@googlegroups.com
Dear Customers,
KernelCare prepared security updates for your system.
Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.
You can manually update the server by running:
/usr/bin/kcarectl --update
Changelog:
rhel7:
KernelCare prepared security updates for your system.
Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.
You can manually update the server by running:
/usr/bin/kcarectl --update
Changelog:
CVE-2014-3610: It was found that KVM's Write to Model Specific Register (WRMSR)
instruction emulation would write non-canonical values passed in by the guest
to certain MSRs in the host's context. A privileged guest user could use this
flaw to crash the host.
CVE-2019-11487: It was discovered that an integer overflow existed in the Linux
kernel when reference counting pages, leading to potential use-after-free issues.
A local attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code.
CVE-2019-17666: It was discovered that a buffer overflow existed in the Realtek
Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically
proximate attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.
CVE-2019-19338: A flaw was found in the fix for CVE-2019-11135, the way Intel CPUs
handle speculative execution of instructions when a TSX Asynchronous Abort (TAA)
error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0),
but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected
buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported
to the guests, the guests did not use the VERW mechanism to clear the affected
buffers. This issue affects guests running on Cascade Lake CPUs and requires that
host has 'TSX' enabled. Confidentiality of data is the highest threat associated
with this vulnerability.
cvelist: [CVE-2014-3610, CVE-2019-11487, CVE-2019-17666, CVE-2019-19338]
latest-version: kernel-3.10.0-1127.el7
oel7:
CVE-2014-3610: It was found that KVM's Write to Model Specific Register (WRMSR)
instruction emulation would write non-canonical values passed in by the guest
to certain MSRs in the host's context. A privileged guest user could use this
flaw to crash the host.
CVE-2019-11487: It was discovered that an integer overflow existed in the Linux
kernel when reference counting pages, leading to potential use-after-free issues.
A local attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code.
CVE-2019-17666: It was discovered that a buffer overflow existed in the Realtek
Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically
proximate attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.
CVE-2019-19338: A flaw was found in the fix for CVE-2019-11135, the way Intel CPUs
handle speculative execution of instructions when a TSX Asynchronous Abort (TAA)
error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0),
but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected
buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported
to the guests, the guests did not use the VERW mechanism to clear the affected
buffers. This issue affects guests running on Cascade Lake CPUs and requires that
host has 'TSX' enabled. Confidentiality of data is the highest threat associated
with this vulnerability.
cvelist: [CVE-2014-3610, CVE-2019-11487, CVE-2019-17666, CVE-2019-19338]
latest-version: kernel-3.10.0-1127.el7
KernelCare
Apr 13, 2020, 1:27:08 PM4/13/20
to kernelcar...@googlegroups.com
Dear Customers,
KernelCare prepared security updates for your system.
Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.
You can manually update the server by running:
/usr/bin/kcarectl --update
Changelog:
centos7:
KernelCare prepared security updates for your system.
Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.
You can manually update the server by running:
/usr/bin/kcarectl --update
Changelog:
CVE-2014-3610: It was found that KVM's Write to Model Specific Register (WRMSR)
instruction emulation would write non-canonical values passed in by the guest
to certain MSRs in the host's context. A privileged guest user could use this
flaw to crash the host.
CVE-2019-11487: It was discovered that an integer overflow existed in the Linux
kernel when reference counting pages, leading to potential use-after-free issues.
A local attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code.
CVE-2019-17666: It was discovered that a buffer overflow existed in the Realtek
Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically
proximate attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.
CVE-2019-19338: A flaw was found in the fix for CVE-2019-11135, the way Intel CPUs
handle speculative execution of instructions when a TSX Asynchronous Abort (TAA)
error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0),
but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected
buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported
to the guests, the guests did not use the VERW mechanism to clear the affected
buffers. This issue affects guests running on Cascade Lake CPUs and requires that
host has 'TSX' enabled. Confidentiality of data is the highest threat associated
with this vulnerability.
cvelist: [CVE-2014-3610, CVE-2019-11487, CVE-2019-17666, CVE-2019-19338]
latest-version: kernel-3.10.0-1062.18.1.el7
instruction emulation would write non-canonical values passed in by the guest
to certain MSRs in the host's context. A privileged guest user could use this
flaw to crash the host.
CVE-2019-11487: It was discovered that an integer overflow existed in the Linux
kernel when reference counting pages, leading to potential use-after-free issues.
A local attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code.
CVE-2019-17666: It was discovered that a buffer overflow existed in the Realtek
Wi-Fi driver for the Linux kernel when handling Notice of Absence frames. A physically
proximate attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.
CVE-2019-19338: A flaw was found in the fix for CVE-2019-11135, the way Intel CPUs
handle speculative execution of instructions when a TSX Asynchronous Abort (TAA)
error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0),
but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected
buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported
to the guests, the guests did not use the VERW mechanism to clear the affected
buffers. This issue affects guests running on Cascade Lake CPUs and requires that
host has 'TSX' enabled. Confidentiality of data is the highest threat associated
with this vulnerability.
cvelist: [CVE-2014-3610, CVE-2019-11487, CVE-2019-17666, CVE-2019-19338]
Reply all
Reply to author
Forward
0 new messages