Page tree
Skip to end of metadata
Go to start of metadata

This page shows the package changes from 4.0 to 4.1 some for security reasons and the CVEs.

Deliverable

Name

netboot/isobootesi-4.1


CVEs and the new package and RPM that resolves each.

CVE

New RPM

PKG

DESCRIPTION

CVE-2019-19059

kernel-3.10.0-1160.6.1.el7.x86_64

kernel

Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa.

CVE-2019-19059

kernel-devel-3.10.0-1160.6.1.el7.x86_64

kernel-devel

Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa.

CVE-2019-19059

kernel-tools-3.10.0-1160.6.1.el7.x86_64

kernel-tools

Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa.

CVE-2019-19059

kernel-tools-libs-3.10.0-1160.6.1.el7.x86_64

kernel-tools-libs

Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa.

CVE-2019-19059

perf-3.10.0-1160.6.1.el7.x86_64

perf

Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa.

CVE-2020-10757

kernel-3.10.0-1160.6.1.el7.x86_64

kernel

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.

CVE-2020-10757

kernel-devel-3.10.0-1160.6.1.el7.x86_64

kernel-devel

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.

CVE-2020-10757

kernel-tools-3.10.0-1160.6.1.el7.x86_64

kernel-tools

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.

CVE-2020-10757

kernel-tools-libs-3.10.0-1160.6.1.el7.x86_64

kernel-tools-libs

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.

CVE-2020-10757

perf-3.10.0-1160.6.1.el7.x86_64

perf

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.

CVE-2019-17055

kernel-3.10.0-1160.6.1.el7.x86_64

kernel

base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.

CVE-2019-17055

kernel-devel-3.10.0-1160.6.1.el7.x86_64

kernel-devel

base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.

CVE-2019-17055

kernel-tools-3.10.0-1160.6.1.el7.x86_64

kernel-tools

base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.

CVE-2019-17055

kernel-tools-libs-3.10.0-1160.6.1.el7.x86_64

kernel-tools-libs

base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.

CVE-2019-17055

perf-3.10.0-1160.6.1.el7.x86_64

perf

base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.

CVE-2019-12614

kernel-3.10.0-1160.6.1.el7.x86_64

kernel

An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).

CVE-2019-12614

kernel-devel-3.10.0-1160.6.1.el7.x86_64

kernel-devel

An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).

CVE-2019-12614

kernel-tools-3.10.0-1160.6.1.el7.x86_64

kernel-tools

An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).

CVE-2019-12614

kernel-tools-libs-3.10.0-1160.6.1.el7.x86_64

kernel-tools-libs

An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).

CVE-2019-12614

perf-3.10.0-1160.6.1.el7.x86_64

perf

An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).

CVE-2019-15807

kernel-3.10.0-1160.6.1.el7.x86_64

kernel

In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.

CVE-2019-15807

kernel-devel-3.10.0-1160.6.1.el7.x86_64

kernel-devel

In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.

CVE-2019-15807

kernel-tools-3.10.0-1160.6.1.el7.x86_64

kernel-tools

In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.

CVE-2019-15807

kernel-tools-libs-3.10.0-1160.6.1.el7.x86_64

kernel-tools-libs

In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.

CVE-2019-15807

perf-3.10.0-1160.6.1.el7.x86_64

perf

In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.

CVE-2020-9383

kernel-3.10.0-1160.6.1.el7.x86_64

kernel

An issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.

CVE-2020-9383

kernel-devel-3.10.0-1160.6.1.el7.x86_64

kernel-devel

An issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.

CVE-2020-9383

kernel-tools-3.10.0-1160.6.1.el7.x86_64

kernel-tools

An issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.

CVE-2020-9383

kernel-tools-libs-3.10.0-1160.6.1.el7.x86_64

kernel-tools-libs

An issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.

CVE-2020-9383

perf-3.10.0-1160.6.1.el7.x86_64

perf

An issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.

CVE-2020-10732

kernel-3.10.0-1160.6.1.el7.x86_64

kernel

A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.

CVE-2020-10732

kernel-devel-3.10.0-1160.6.1.el7.x86_64

kernel-devel

A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.

CVE-2020-10732

kernel-tools-3.10.0-1160.6.1.el7.x86_64

kernel-tools

A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.


Packages updated for Security reasons.

Old Package

New Package for CVE

curl-7.29.0-54.el7.x86_64

curl-7.29.0-59.el7.x86_64

expat-2.1.0-11.el7.x86_64

expat-2.1.0-12.el7.x86_64

glib2-2.56.1-5.el7.x86_64

glib2-2.56.1-7.el7.x86_64

glib2-devel-2.56.1-5.el7.x86_64

glib2-devel-2.56.1-7.el7.x86_64

kernel-3.10.0-1127.13.1.el7.x86_64

kernel-3.10.0-1160.6.1.el7.x86_64

kernel-devel-3.10.0-1127.13.1.el7.x86_64

kernel-devel-3.10.0-1160.6.1.el7.x86_64

kernel-tools-3.10.0-1127.13.1.el7.x86_64

kernel-tools-3.10.0-1160.6.1.el7.x86_64

kernel-tools-libs-3.10.0-1127.13.1.el7.x86_64

kernel-tools-libs-3.10.0-1160.6.1.el7.x86_64

libcurl-7.29.0-54.el7.x86_64

libcurl-7.29.0-59.el7.x86_64

libpng-1.5.13-7.el7_2.x86_64

libpng-1.5.13-8.el7.x86_64

netflow-capture-1.3.6p1-2.x86_64

netflow-capture-1.3.6p1-33423.x86_64

nspr-4.21.0-1.el7.x86_64

nspr-4.25.0-2.el7_9.x86_64

nss-3.44.0-4.el7.x86_64

nss-3.53.1-3.el7_9.x86_64

nss-softokn-3.44.0-5.el7.x86_64

nss-softokn-3.53.1-6.el7_9.x86_64

nss-softokn-freebl-3.44.0-5.el7.x86_64

nss-softokn-freebl-3.53.1-6.el7_9.x86_64

nss-sysinit-3.44.0-4.el7.x86_64

nss-sysinit-3.53.1-3.el7_9.x86_64


Packages updated NOT for Security reasons.

Old Package

New Package NOT for CVE



esi-release-4.0.0.0-32497.4894.x86_64

esi-release-4.1.0.0-33635.5409.x86_64

logbase-ui-4.0.0.0-20200814195641.x86_64

logbase-ui-4.1.0.0-20201201063548.x86_64

lumeta-api-4.0.0.0-32464.x86_64

lumeta-api-4.1.0.0-33614.x86_64

lumeta-api-client-4.0.0.0-31980.x86_64

lumeta-api-client-4.1.0.0-31980.x86_64

lumeta-console-4.0.0.0-32291.x86_64

lumeta-console-4.1.0.0-33433.x86_64

lumeta-diagnostics-4.0.0.0-32496.x86_64

lumeta-diagnostics-4.1.0.0-33556.x86_64

lumeta-discovery-agent-4.0.0.0-32285.x86_64

lumeta-discovery-agent-4.1.0.0-33421.x86_64

lumeta-dxl-4.0.0.0-31455.x86_64

lumeta-dxl-4.1.0.0-33596.x86_64

lumeta-install-4.0.0.0-32448.x86_64

lumeta-install-4.1.0.0-33570.x86_64

lumeta-ireg-4.0.0.0-6550.x86_64

lumeta-ireg-4.1.0.0-6550.x86_64

lumeta-lib-4.0.0.0-31946.x86_64

lumeta-lib-4.1.0.0-32781.x86_64

lumeta-ui-4.0.0.0-31180.x86_64

lumeta-ui-4.1.0.0-33603.x86_64

lumeta-webapp-4.0.0.0-32257.x86_64

lumeta-webapp-4.1.0.0-33552.x86_64


New Packages

libtirpc-0.2.4-0.16.el7.x86_64

lumeta-warehouse-4.1.0.0-33634.x86_64

postgresql96-plpython-9.6.17-1PGDG.rhel7.x86_64

postgresql96-plpython3-9.6.17-1PGDG.rhel7.x86_64

pygobject2-2.28.6-11.el7.x86_64

python-jsonpath-rw-1.2.3-2.el7.noarch

python-ply-3.4-11.el7.noarch

python-six-1.9.0-2.el7.noarch

python3-3.6.8-10.el7.x86_64

python3-libs-3.6.8-10.el7.x86_64

python3-pip-9.0.3-5.el7.noarch

python3-setuptools-39.2.0-10.el7.noarch

python36-decorator-4.0.11-2.el7.noarch

python36-ply-3.9-2.el7.noarch

python36-six-1.14.0-2.el7.noarch

setroubleshoot-plugins-3.0.67-4.el7.noarch

setroubleshoot-server-3.2.30-7.el7.x86_64

systemd-sysv-219-73.el7_8.9.x86_64

Removed Packages

umeta-jaas-4.0.0.0-30740.x86_64

x15-backend-4.0.0.0-32137.x86_64

x15-clusteradmin-4.16.6-1.x86_64

x15-flume-ng-plugin-4.16.6-1.x86_64

x15-migration-scripts-4.16.6-1.x86_64

x15-server-4.16.6-1.x86_64

x15-tools-4.16.6-1.x86_64

zookeeper-3.4.5-1.noarch



  • No labels