-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: kernel security, bug fix, and enhancement update
Advisory ID:       RHSA-2020:1016-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:1016
Issue date:        2020-03-31
CVE Names:         CVE-2015-9289 CVE-2017-17807 CVE-2018-7191 
                   CVE-2018-19985 CVE-2018-20169 CVE-2019-3901 
                   CVE-2019-9503 CVE-2019-10207 CVE-2019-10638 
                   CVE-2019-10639 CVE-2019-11190 CVE-2019-11884 
                   CVE-2019-12382 CVE-2019-13233 CVE-2019-13648 
                   CVE-2019-14283 CVE-2019-15916 CVE-2019-16746 
                   CVE-2019-18660 
====================================================================
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* kernel: out of bound read in DVB connexant driver. (CVE-2015-9289)

* kernel: Missing permissions check for request_key() destination allows
local attackers to add keys to keyring without Write permission
(CVE-2017-17807)

* kernel: denial of service via ioctl call in network tun handling
(CVE-2018-7191)

* kernel: usb: missing size check in the __usb_get_extra_descriptor()
leading to DoS (CVE-2018-20169)

* kernel: perf_event_open() and execve() race in setuid programs allows a
data leak (CVE-2019-3901)

* kernel: brcmfmac frame validation bypass (CVE-2019-9503)

* kernel: null-pointer dereference in hci_uart_set_flow_control
(CVE-2019-10207)

* kernel: sensitive information disclosure from kernel stack memory via
HIDPCONNADD command (CVE-2019-11884)

* kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to
denial of service (CVE-2019-12382)

* kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)

* kernel: denial of service in arch/powerpc/kernel/signal_32.c and
arch/powerpc/kernel/signal_64.c via sigreturn() system call
(CVE-2019-13648)

* kernel: integer overflow and OOB read in drivers/block/floppy.c
(CVE-2019-14283)

* kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c
leads to denial of service (CVE-2019-15916)

* kernel: buffer-overflow hardening in WiFi beacon validation code.
(CVE-2019-16746)

* kernel: (powerpc) incomplete Spectre-RSB mitigation leads to information
exposure (CVE-2019-18660)

* kernel: oob memory read in hso_probe in drivers/net/usb/hso.c
(CVE-2018-19985)

* Kernel: net: weak IP ID generation leads to remote device tracking
(CVE-2019-10638)

* Kernel: net: using kernel space address bits to derive IP ID may
potentially break KASLR (CVE-2019-10639)

* kernel: ASLR bypass for setuid binaries due to late install_exec_creds()
(CVE-2019-11190)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.8 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1507149 - [LLNL 7.5 Bug] slab leak causing a crash when using kmem control group
1528335 - CVE-2017-17807 kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission
1651706 - kernel: sd 0:0:9:0: timing out command, waited XXXs - which command timed out?
1660385 - CVE-2018-20169 kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS
1666106 - CVE-2018-19985 kernel: oob memory read in hso_probe in drivers/net/usb/hso.c
1694201 - cifs repeatedly tries to open a file using smb v1 on an smb2 mount after receiving STATUS_SHARING_VIOLATION
1699856 - CVE-2019-11190 kernel: ASLR bypass for setuid binaries due to late install_exec_creds()
1701245 - CVE-2019-3901 kernel: perf_event_open() and execve() race in setuid programs allows a data leak
1701842 - CVE-2019-9503 kernel: brcmfmac frame validation bypass
1702264 - panic handing smb2_reconnect due to a use after free
1709837 - CVE-2019-11884 kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command
1711520 - IPSet List - Size in Memory Wildly Inconsistent
1715554 - CVE-2019-12382 kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service
1716328 - CVE-2018-7191 kernel: denial of service via ioctl call in network tun handling
1727756 - CVE-2019-13233 kernel: use-after-free in arch/x86/lib/insn-eval.c
1729931 - CVE-2019-10638 Kernel: net: weak IP ID generation leads to remote device tracking
1729933 - CVE-2019-10639 Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR
1733347 - NFSv4.0 client sending a double CLOSE (leading to EIO application failure)
1733874 - CVE-2019-10207 kernel: null-pointer dereference in hci_uart_set_flow_control
1734243 - CVE-2019-14283 kernel: integer overflow and OOB read in drivers/block/floppy.c
1735630 - CVE-2019-13648 kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call
1735655 - CVE-2015-9289 kernel: out of bound read in DVB connexant driver.
1749390 - VFS: Busy inodes after unmount of loop0 when encountering duplicate directory inodes
1750577 - RHEL 7.7 long I/O stalls with bnx2fc from not masking off scope bits of retry delay value
1750813 - CVE-2019-15916 kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service
1757325 - perf top -p PID does not show anything
1757872 - crash in is_size_safe_to_change in 3.10.0-1062.el7 kernel as a result of another condition / race similar to earlier bug 1580165
1758001 - fix compat statfs64() returning EOVERFLOW for when _FILE_OFFSET_BITS=64
1760294 - kernel: seccomp: wrong return value for blocked syscalls on s390x
1760306 - CVE-2019-16746 kernel: buffer-overflow hardening in WiFi beacon validation code.
1770404 - CIFS client system hung with all cpus at 100% inside smb2_reconnect spinning on TCP_Server_Info.response_q.lock spinlock
1777825 - CVE-2019-18660 kernel: (powerpc) incomplete Spectre-RSB mitigation leads to information exposure

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
kernel-3.10.0-1127.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-1127.el7.noarch.rpm
kernel-doc-3.10.0-1127.el7.noarch.rpm

x86_64:
bpftool-3.10.0-1127.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-3.10.0-1127.el7.x86_64.rpm
kernel-debug-3.10.0-1127.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1127.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1127.el7.x86_64.rpm
kernel-devel-3.10.0-1127.el7.x86_64.rpm
kernel-headers-3.10.0-1127.el7.x86_64.rpm
kernel-tools-3.10.0-1127.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1127.el7.x86_64.rpm
perf-3.10.0-1127.el7.x86_64.rpm
perf-debuginfo-3.10.0-1127.el7.x86_64.rpm
python-perf-3.10.0-1127.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1127.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
bpftool-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1127.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1127.el7.x86_64.rpm
perf-debuginfo-3.10.0-1127.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1127.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
kernel-3.10.0-1127.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-1127.el7.noarch.rpm
kernel-doc-3.10.0-1127.el7.noarch.rpm

x86_64:
bpftool-3.10.0-1127.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-3.10.0-1127.el7.x86_64.rpm
kernel-debug-3.10.0-1127.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1127.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1127.el7.x86_64.rpm
kernel-devel-3.10.0-1127.el7.x86_64.rpm
kernel-headers-3.10.0-1127.el7.x86_64.rpm
kernel-tools-3.10.0-1127.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1127.el7.x86_64.rpm
perf-3.10.0-1127.el7.x86_64.rpm
perf-debuginfo-3.10.0-1127.el7.x86_64.rpm
python-perf-3.10.0-1127.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1127.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
bpftool-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1127.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1127.el7.x86_64.rpm
perf-debuginfo-3.10.0-1127.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1127.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
kernel-3.10.0-1127.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-1127.el7.noarch.rpm
kernel-doc-3.10.0-1127.el7.noarch.rpm

ppc64:
bpftool-3.10.0-1127.el7.ppc64.rpm
bpftool-debuginfo-3.10.0-1127.el7.ppc64.rpm
kernel-3.10.0-1127.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-1127.el7.ppc64.rpm
kernel-debug-3.10.0-1127.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1127.el7.ppc64.rpm
kernel-debug-devel-3.10.0-1127.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1127.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1127.el7.ppc64.rpm
kernel-devel-3.10.0-1127.el7.ppc64.rpm
kernel-headers-3.10.0-1127.el7.ppc64.rpm
kernel-tools-3.10.0-1127.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1127.el7.ppc64.rpm
kernel-tools-libs-3.10.0-1127.el7.ppc64.rpm
perf-3.10.0-1127.el7.ppc64.rpm
perf-debuginfo-3.10.0-1127.el7.ppc64.rpm
python-perf-3.10.0-1127.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1127.el7.ppc64.rpm

ppc64le:
bpftool-3.10.0-1127.el7.ppc64le.rpm
bpftool-debuginfo-3.10.0-1127.el7.ppc64le.rpm
kernel-3.10.0-1127.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-1127.el7.ppc64le.rpm
kernel-debug-3.10.0-1127.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1127.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1127.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1127.el7.ppc64le.rpm
kernel-devel-3.10.0-1127.el7.ppc64le.rpm
kernel-headers-3.10.0-1127.el7.ppc64le.rpm
kernel-tools-3.10.0-1127.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1127.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-1127.el7.ppc64le.rpm
perf-3.10.0-1127.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1127.el7.ppc64le.rpm
python-perf-3.10.0-1127.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1127.el7.ppc64le.rpm

s390x:
bpftool-3.10.0-1127.el7.s390x.rpm
bpftool-debuginfo-3.10.0-1127.el7.s390x.rpm
kernel-3.10.0-1127.el7.s390x.rpm
kernel-debug-3.10.0-1127.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-1127.el7.s390x.rpm
kernel-debug-devel-3.10.0-1127.el7.s390x.rpm
kernel-debuginfo-3.10.0-1127.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-1127.el7.s390x.rpm
kernel-devel-3.10.0-1127.el7.s390x.rpm
kernel-headers-3.10.0-1127.el7.s390x.rpm
kernel-kdump-3.10.0-1127.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-1127.el7.s390x.rpm
kernel-kdump-devel-3.10.0-1127.el7.s390x.rpm
perf-3.10.0-1127.el7.s390x.rpm
perf-debuginfo-3.10.0-1127.el7.s390x.rpm
python-perf-3.10.0-1127.el7.s390x.rpm
python-perf-debuginfo-3.10.0-1127.el7.s390x.rpm

x86_64:
bpftool-3.10.0-1127.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-3.10.0-1127.el7.x86_64.rpm
kernel-debug-3.10.0-1127.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1127.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1127.el7.x86_64.rpm
kernel-devel-3.10.0-1127.el7.x86_64.rpm
kernel-headers-3.10.0-1127.el7.x86_64.rpm
kernel-tools-3.10.0-1127.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1127.el7.x86_64.rpm
perf-3.10.0-1127.el7.x86_64.rpm
perf-debuginfo-3.10.0-1127.el7.x86_64.rpm
python-perf-3.10.0-1127.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1127.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
bpftool-debuginfo-3.10.0-1127.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1127.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1127.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1127.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1127.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-1127.el7.ppc64.rpm
perf-debuginfo-3.10.0-1127.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1127.el7.ppc64.rpm

ppc64le:
bpftool-debuginfo-3.10.0-1127.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1127.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-1127.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1127.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1127.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1127.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-1127.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1127.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1127.el7.ppc64le.rpm

x86_64:
bpftool-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1127.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1127.el7.x86_64.rpm
perf-debuginfo-3.10.0-1127.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1127.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
kernel-3.10.0-1127.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-1127.el7.noarch.rpm
kernel-doc-3.10.0-1127.el7.noarch.rpm

x86_64:
bpftool-3.10.0-1127.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-3.10.0-1127.el7.x86_64.rpm
kernel-debug-3.10.0-1127.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1127.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1127.el7.x86_64.rpm
kernel-devel-3.10.0-1127.el7.x86_64.rpm
kernel-headers-3.10.0-1127.el7.x86_64.rpm
kernel-tools-3.10.0-1127.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1127.el7.x86_64.rpm
perf-3.10.0-1127.el7.x86_64.rpm
perf-debuginfo-3.10.0-1127.el7.x86_64.rpm
python-perf-3.10.0-1127.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1127.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
bpftool-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1127.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1127.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1127.el7.x86_64.rpm
perf-debuginfo-3.10.0-1127.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1127.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-9289
https://access.redhat.com/security/cve/CVE-2017-17807
https://access.redhat.com/security/cve/CVE-2018-7191
https://access.redhat.com/security/cve/CVE-2018-19985
https://access.redhat.com/security/cve/CVE-2018-20169
https://access.redhat.com/security/cve/CVE-2019-3901
https://access.redhat.com/security/cve/CVE-2019-9503
https://access.redhat.com/security/cve/CVE-2019-10207
https://access.redhat.com/security/cve/CVE-2019-10638
https://access.redhat.com/security/cve/CVE-2019-10639
https://access.redhat.com/security/cve/CVE-2019-11190
https://access.redhat.com/security/cve/CVE-2019-11884
https://access.redhat.com/security/cve/CVE-2019-12382
https://access.redhat.com/security/cve/CVE-2019-13233
https://access.redhat.com/security/cve/CVE-2019-13648
https://access.redhat.com/security/cve/CVE-2019-14283
https://access.redhat.com/security/cve/CVE-2019-15916
https://access.redhat.com/security/cve/CVE-2019-16746
https://access.redhat.com/security/cve/CVE-2019-18660
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXoObR9zjgjWX9erEAQi7Qw//e3Hr9+kQnJwAQMsa5uOCJP1Fpi9xNTL/
Sf9AWF7Bb5Aj3ezcMJvkJmbH4Jibmx8Gy3rNhYQVvbWMMkpG/INUBSGBJTa8jgWY
ZOmWZzQwDYpTtIs3wUzTtW1vEb6EKCIfblM1h5bAicz3C+xLsH/uxn11RgHRedL2
g48F9MGacflUhUoSLyGrZ/ou7vV4trDARMQLRFTVmahzAyhGOgTf+gdGV9z2pq3o
W+SNjJurYeIC5ykZYA7wpeIFTWmy+6Jz1D1juiFEp54w5hwICX3seOGl7WKNUJ/o
UOZaSMQqw1oVLy1U80SF4NvoiHPrISM54nUou9HenMlK010WQiUFPygn6TIKCQnr
odjGG9dB5+Odcu7pnovaHfa3H2XCoKLeaJmi8GVIS9whgzGWdyK5aDkNX54TO77+
6BfX/syiRQj231yq2U2dbEjj8o00SR7grfv9Hd4vB8NJcJK3fzAa/7pdfoyx3D+w
VmmjT4L/WvVr9yhYNJxt1x39WphRT/tZbE0qpnSYO8ucO1LMCv4HyCctCUzJGYtv
bueIMC3AFFT1TcboqXKNnBbpcJq4C7tera3bjnVbmoAbxNRP7S3DGiQu9m5hCGCa
fF/ovshBXQx8F9+tW3tstoYl9KDbkO8b+Y2FQwC2IWUWaFhOartLCztYkOvmnEQ4
DYqQyYGritc=i5rX
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2020-1016:01 Moderate: kernel security, bug fix,

An update for kernel is now available for Red Hat Enterprise Linux 7

Summary

The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: out of bound read in DVB connexant driver. (CVE-2015-9289)
* kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission (CVE-2017-17807)
* kernel: denial of service via ioctl call in network tun handling (CVE-2018-7191)
* kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169)
* kernel: perf_event_open() and execve() race in setuid programs allows a data leak (CVE-2019-3901)
* kernel: brcmfmac frame validation bypass (CVE-2019-9503)
* kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207)
* kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884)
* kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service (CVE-2019-12382)
* kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233)
* kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call (CVE-2019-13648)
* kernel: integer overflow and OOB read in drivers/block/floppy.c (CVE-2019-14283)
* kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916)
* kernel: buffer-overflow hardening in WiFi beacon validation code. (CVE-2019-16746)
* kernel: (powerpc) incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660)
* kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985)
* Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638)
* Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639)
* kernel: ASLR bypass for setuid binaries due to late install_exec_creds() (CVE-2019-11190)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.

References

https://access.redhat.com/security/cve/CVE-2015-9289 https://access.redhat.com/security/cve/CVE-2017-17807 https://access.redhat.com/security/cve/CVE-2018-7191 https://access.redhat.com/security/cve/CVE-2018-19985 https://access.redhat.com/security/cve/CVE-2018-20169 https://access.redhat.com/security/cve/CVE-2019-3901 https://access.redhat.com/security/cve/CVE-2019-9503 https://access.redhat.com/security/cve/CVE-2019-10207 https://access.redhat.com/security/cve/CVE-2019-10638 https://access.redhat.com/security/cve/CVE-2019-10639 https://access.redhat.com/security/cve/CVE-2019-11190 https://access.redhat.com/security/cve/CVE-2019-11884 https://access.redhat.com/security/cve/CVE-2019-12382 https://access.redhat.com/security/cve/CVE-2019-13233 https://access.redhat.com/security/cve/CVE-2019-13648 https://access.redhat.com/security/cve/CVE-2019-14283 https://access.redhat.com/security/cve/CVE-2019-15916 https://access.redhat.com/security/cve/CVE-2019-16746 https://access.redhat.com/security/cve/CVE-2019-18660 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index

Package List

Red Hat Enterprise Linux Client (v. 7):
Source: kernel-3.10.0-1127.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1127.el7.noarch.rpm kernel-doc-3.10.0-1127.el7.noarch.rpm
x86_64: bpftool-3.10.0-1127.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-3.10.0-1127.el7.x86_64.rpm kernel-debug-3.10.0-1127.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-debug-devel-3.10.0-1127.el7.x86_64.rpm kernel-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1127.el7.x86_64.rpm kernel-devel-3.10.0-1127.el7.x86_64.rpm kernel-headers-3.10.0-1127.el7.x86_64.rpm kernel-tools-3.10.0-1127.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-tools-libs-3.10.0-1127.el7.x86_64.rpm perf-3.10.0-1127.el7.x86_64.rpm perf-debuginfo-3.10.0-1127.el7.x86_64.rpm python-perf-3.10.0-1127.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1127.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: bpftool-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1127.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1127.el7.x86_64.rpm perf-debuginfo-3.10.0-1127.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1127.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: kernel-3.10.0-1127.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1127.el7.noarch.rpm kernel-doc-3.10.0-1127.el7.noarch.rpm
x86_64: bpftool-3.10.0-1127.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-3.10.0-1127.el7.x86_64.rpm kernel-debug-3.10.0-1127.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-debug-devel-3.10.0-1127.el7.x86_64.rpm kernel-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1127.el7.x86_64.rpm kernel-devel-3.10.0-1127.el7.x86_64.rpm kernel-headers-3.10.0-1127.el7.x86_64.rpm kernel-tools-3.10.0-1127.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-tools-libs-3.10.0-1127.el7.x86_64.rpm perf-3.10.0-1127.el7.x86_64.rpm perf-debuginfo-3.10.0-1127.el7.x86_64.rpm python-perf-3.10.0-1127.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1127.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: bpftool-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1127.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1127.el7.x86_64.rpm perf-debuginfo-3.10.0-1127.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1127.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: kernel-3.10.0-1127.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1127.el7.noarch.rpm kernel-doc-3.10.0-1127.el7.noarch.rpm
ppc64: bpftool-3.10.0-1127.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1127.el7.ppc64.rpm kernel-3.10.0-1127.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1127.el7.ppc64.rpm kernel-debug-3.10.0-1127.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1127.el7.ppc64.rpm kernel-debug-devel-3.10.0-1127.el7.ppc64.rpm kernel-debuginfo-3.10.0-1127.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1127.el7.ppc64.rpm kernel-devel-3.10.0-1127.el7.ppc64.rpm kernel-headers-3.10.0-1127.el7.ppc64.rpm kernel-tools-3.10.0-1127.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1127.el7.ppc64.rpm kernel-tools-libs-3.10.0-1127.el7.ppc64.rpm perf-3.10.0-1127.el7.ppc64.rpm perf-debuginfo-3.10.0-1127.el7.ppc64.rpm python-perf-3.10.0-1127.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1127.el7.ppc64.rpm
ppc64le: bpftool-3.10.0-1127.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1127.el7.ppc64le.rpm kernel-3.10.0-1127.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1127.el7.ppc64le.rpm kernel-debug-3.10.0-1127.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1127.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1127.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1127.el7.ppc64le.rpm kernel-devel-3.10.0-1127.el7.ppc64le.rpm kernel-headers-3.10.0-1127.el7.ppc64le.rpm kernel-tools-3.10.0-1127.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1127.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1127.el7.ppc64le.rpm perf-3.10.0-1127.el7.ppc64le.rpm perf-debuginfo-3.10.0-1127.el7.ppc64le.rpm python-perf-3.10.0-1127.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1127.el7.ppc64le.rpm
s390x: bpftool-3.10.0-1127.el7.s390x.rpm bpftool-debuginfo-3.10.0-1127.el7.s390x.rpm kernel-3.10.0-1127.el7.s390x.rpm kernel-debug-3.10.0-1127.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1127.el7.s390x.rpm kernel-debug-devel-3.10.0-1127.el7.s390x.rpm kernel-debuginfo-3.10.0-1127.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1127.el7.s390x.rpm kernel-devel-3.10.0-1127.el7.s390x.rpm kernel-headers-3.10.0-1127.el7.s390x.rpm kernel-kdump-3.10.0-1127.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1127.el7.s390x.rpm kernel-kdump-devel-3.10.0-1127.el7.s390x.rpm perf-3.10.0-1127.el7.s390x.rpm perf-debuginfo-3.10.0-1127.el7.s390x.rpm python-perf-3.10.0-1127.el7.s390x.rpm python-perf-debuginfo-3.10.0-1127.el7.s390x.rpm
x86_64: bpftool-3.10.0-1127.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-3.10.0-1127.el7.x86_64.rpm kernel-debug-3.10.0-1127.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-debug-devel-3.10.0-1127.el7.x86_64.rpm kernel-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1127.el7.x86_64.rpm kernel-devel-3.10.0-1127.el7.x86_64.rpm kernel-headers-3.10.0-1127.el7.x86_64.rpm kernel-tools-3.10.0-1127.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-tools-libs-3.10.0-1127.el7.x86_64.rpm perf-3.10.0-1127.el7.x86_64.rpm perf-debuginfo-3.10.0-1127.el7.x86_64.rpm python-perf-3.10.0-1127.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1127.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: bpftool-debuginfo-3.10.0-1127.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1127.el7.ppc64.rpm kernel-debuginfo-3.10.0-1127.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1127.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1127.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1127.el7.ppc64.rpm perf-debuginfo-3.10.0-1127.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1127.el7.ppc64.rpm
ppc64le: bpftool-debuginfo-3.10.0-1127.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1127.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1127.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1127.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1127.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1127.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1127.el7.ppc64le.rpm perf-debuginfo-3.10.0-1127.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1127.el7.ppc64le.rpm
x86_64: bpftool-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1127.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1127.el7.x86_64.rpm perf-debuginfo-3.10.0-1127.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1127.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: kernel-3.10.0-1127.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1127.el7.noarch.rpm kernel-doc-3.10.0-1127.el7.noarch.rpm
x86_64: bpftool-3.10.0-1127.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-3.10.0-1127.el7.x86_64.rpm kernel-debug-3.10.0-1127.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-debug-devel-3.10.0-1127.el7.x86_64.rpm kernel-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1127.el7.x86_64.rpm kernel-devel-3.10.0-1127.el7.x86_64.rpm kernel-headers-3.10.0-1127.el7.x86_64.rpm kernel-tools-3.10.0-1127.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-tools-libs-3.10.0-1127.el7.x86_64.rpm perf-3.10.0-1127.el7.x86_64.rpm perf-debuginfo-3.10.0-1127.el7.x86_64.rpm python-perf-3.10.0-1127.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1127.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: bpftool-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1127.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1127.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1127.el7.x86_64.rpm perf-debuginfo-3.10.0-1127.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1127.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2020:1016-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1016
Issued Date: : 2020-03-31
CVE Names: CVE-2015-9289 CVE-2017-17807 CVE-2018-7191 CVE-2018-19985 CVE-2018-20169 CVE-2019-3901 CVE-2019-9503 CVE-2019-10207 CVE-2019-10638 CVE-2019-10639 CVE-2019-11190 CVE-2019-11884 CVE-2019-12382 CVE-2019-13233 CVE-2019-13648 CVE-2019-14283 CVE-2019-15916 CVE-2019-16746 CVE-2019-18660

Topic

An update for kernel is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Client Optional (v. 7) - x86_64

Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64

Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64

Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64

Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64


Bugs Fixed

1507149 - [LLNL 7.5 Bug] slab leak causing a crash when using kmem control group

1528335 - CVE-2017-17807 kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission

1651706 - kernel: sd 0:0:9:0: timing out command, waited XXXs - which command timed out?

1660385 - CVE-2018-20169 kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS

1666106 - CVE-2018-19985 kernel: oob memory read in hso_probe in drivers/net/usb/hso.c

1694201 - cifs repeatedly tries to open a file using smb v1 on an smb2 mount after receiving STATUS_SHARING_VIOLATION

1699856 - CVE-2019-11190 kernel: ASLR bypass for setuid binaries due to late install_exec_creds()

1701245 - CVE-2019-3901 kernel: perf_event_open() and execve() race in setuid programs allows a data leak

1701842 - CVE-2019-9503 kernel: brcmfmac frame validation bypass

1702264 - panic handing smb2_reconnect due to a use after free

1709837 - CVE-2019-11884 kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command

1711520 - IPSet List - Size in Memory Wildly Inconsistent

1715554 - CVE-2019-12382 kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service

1716328 - CVE-2018-7191 kernel: denial of service via ioctl call in network tun handling

1727756 - CVE-2019-13233 kernel: use-after-free in arch/x86/lib/insn-eval.c

1729931 - CVE-2019-10638 Kernel: net: weak IP ID generation leads to remote device tracking

1729933 - CVE-2019-10639 Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR

1733347 - NFSv4.0 client sending a double CLOSE (leading to EIO application failure)

1733874 - CVE-2019-10207 kernel: null-pointer dereference in hci_uart_set_flow_control

1734243 - CVE-2019-14283 kernel: integer overflow and OOB read in drivers/block/floppy.c

1735630 - CVE-2019-13648 kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call

1735655 - CVE-2015-9289 kernel: out of bound read in DVB connexant driver.

1749390 - VFS: Busy inodes after unmount of loop0 when encountering duplicate directory inodes

1750577 - RHEL 7.7 long I/O stalls with bnx2fc from not masking off scope bits of retry delay value

1750813 - CVE-2019-15916 kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service

1757325 - perf top -p PID does not show anything

1757872 - crash in is_size_safe_to_change in 3.10.0-1062.el7 kernel as a result of another condition / race similar to earlier bug 1580165

1758001 - fix compat statfs64() returning EOVERFLOW for when _FILE_OFFSET_BITS=64

1760294 - kernel: seccomp: wrong return value for blocked syscalls on s390x

1760306 - CVE-2019-16746 kernel: buffer-overflow hardening in WiFi beacon validation code.

1770404 - CIFS client system hung with all cpus at 100% inside smb2_reconnect spinning on TCP_Server_Info.response_q.lock spinlock

1777825 - CVE-2019-18660 kernel: (powerpc) incomplete Spectre-RSB mitigation leads to information exposure


Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved