Page tree
Skip to end of metadata
Go to start of metadata


This page shows the package changes from 3.3.4.0 to 3.3.4.1 some for security reasons and the CVEs.

Upgrade to 3.3.4 is allowed from any 3.3.2.* and 3.3.3.*.  This page shows only the changes from 3.3.4.0 to 3.3.4.2.


DeliverableName
upgradespectre_update-3.3.4.1.29013-20191217.tgz



CVEs and the new package and RPM that resolves each.

CVE

New RPM

PKG

DESCRIPTION

CVE-2018-15473

openssh-5.3p1-124.el6_10.x86_64

openssh

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

CVE-2018-15473

openssh-clients-5.3p1-124.el6_10.x86_64

openssh-clients

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

CVE-2018-15473

openssh-server-5.3p1-124.el6_10.x86_64

openssh-server

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

CVE-2019-11135

kernel-2.6.32-754.24.3.el6.x86_64

kernel

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

CVE-2019-11135

kernel-firmware-2.6.32-754.24.3.el6.noarch

kernel-firmware

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

CVE-2019-11135

kernel-headers-2.6.32-754.24.3.el6.x86_64

kernel-headers

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

CVE-2019-11135

perf-2.6.32-754.24.3.el6.x86_64

perf

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

CVE-2019-0155

kernel-2.6.32-754.24.3.el6.x86_64

kernel

Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2019-0155

kernel-firmware-2.6.32-754.24.3.el6.noarch

kernel-firmware

Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2019-0155

kernel-headers-2.6.32-754.24.3.el6.x86_64

kernel-headers

Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2019-0155

perf-2.6.32-754.24.3.el6.x86_64

perf

Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2019-0154

kernel-2.6.32-754.24.3.el6.x86_64

kernel

Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access.

CVE-2019-0154

kernel-firmware-2.6.32-754.24.3.el6.noarch

kernel-firmware

Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access.

CVE-2019-0154

kernel-headers-2.6.32-754.24.3.el6.x86_64

kernel-headers

Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access.

CVE-2019-0154

perf-2.6.32-754.24.3.el6.x86_64

perf

Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access.

CVE-2018-12207

kernel-2.6.32-754.24.3.el6.x86_64

kernel

Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.

CVE-2018-12207

kernel-firmware-2.6.32-754.24.3.el6.noarch

kernel-firmware

Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.

CVE-2018-12207

kernel-headers-2.6.32-754.24.3.el6.x86_64

kernel-headers

Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.

CVE-2018-12207

perf-2.6.32-754.24.3.el6.x86_64

perf

Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.

CVE-2019-14287

sudo-1.8.6p3-29.el6_10.2.x86_64

sudo

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u #$((0xffffffff))" command.


Packages updated for Security reasons.

Old Package

New Package for CVE

kernel-2.6.32-754.23.1.el6.x86_64

kernel-2.6.32-754.24.3.el6.x86_64

kernel-firmware-2.6.32-754.23.1.el6.noarch

kernel-firmware-2.6.32-754.24.3.el6.noarch

kernel-headers-2.6.32-754.23.1.el6.x86_64

kernel-headers-2.6.32-754.24.3.el6.x86_64

openssh-5.3p1-123.el6_9.x86_64

openssh-5.3p1-124.el6_10.x86_64

openssh-clients-5.3p1-123.el6_9.x86_64

openssh-clients-5.3p1-124.el6_10.x86_64

openssh-server-5.3p1-123.el6_9.x86_64

openssh-server-5.3p1-124.el6_10.x86_64

perf-2.6.32-754.23.1.el6.x86_64

perf-2.6.32-754.24.3.el6.x86_64

sudo-1.8.6p3-29.el6_9.x86_64

sudo-1.8.6p3-29.el6_10.2.x86_64

Packages updated NOT for Security reasons.

Old Package

New Package NOT for CVE

esi-release-3.3.4.0-28733.3850.x86_64

esi-release-3.3.4.1-29013.36.x86_64

logbase-ui-3.3.4.0-20191114200425.x86_64

logbase-ui-3.3.4.1-20191217045313.x86_64

lumeta-api-3.3.4.0-28726.x86_64

lumeta-api-3.3.4.1-29004.x86_64

lumeta-api-client-3.3.4.0-13896.x86_64

lumeta-api-client-3.3.4.1-13896.x86_64

lumeta-cisco-ise-pxgrid-3.3.3.0-12060.x86_64

lumeta-cisco-ise-pxgrid-3.3.4.1-26411.x86_64

lumeta-console-3.3.4.0-28504.x86_64

lumeta-console-3.3.4.1-28809.x86_64

lumeta-diagnostics-3.3.4.0-28671.x86_64

lumeta-diagnostics-3.3.4.1-28968.x86_64

lumeta-discovery-agent-3.3.4.0-28675.x86_64

lumeta-discovery-agent-3.3.4.1-28675.x86_64

lumeta-dxl-3.3.4.0-13229.x86_64

lumeta-dxl-3.3.4.1-13229.x86_64

lumeta-install-3.3.4.0-28732.x86_64

lumeta-install-3.3.4.1-28732.x86_64

lumeta-ips-import-3.3.3.0-6550.x86_64

lumeta-ips-import-3.3.4.1-6550.x86_64

lumeta-ireg-3.3.4.0-6550.x86_64

lumeta-ireg-3.3.4.1-6550.x86_64

lumeta-jaas-3.3.3.0-13398.x86_64

lumeta-jaas-3.3.4.1-13398.x86_64

lumeta-lib-3.3.4.0-28641.x86_64

lumeta-lib-3.3.4.1-28641.x86_64

lumeta-pam-3.3.4.0-18946.x86_64

lumeta-pam-3.3.4.1-18946.x86_64

lumeta-tfa-3.3.3.0-10659.x86_64

lumeta-tfa-3.3.4.1-10659.x86_64

lumeta-tools-3.3.3.0-10695.x86_64

lumeta-tools-3.3.4.1-10695.x86_64

lumeta-ui-3.3.4.0-28464.x86_64

lumeta-ui-3.3.4.1-28464.x86_64

lumeta-visio-3.3.3.0-12259.x86_64

lumeta-visio-3.3.4.1-12259.x86_64

lumeta-webapp-3.3.4.0-13900.x86_64

lumeta-webapp-3.3.4.1-13900.x86_64

rawio-3.3.3.0-8288.x86_64

rawio-3.3.4.1-8288.x86_64

x15-backend-3.3.4.0-13991.x86_64

x15-backend-3.3.4.1-13991.x86_64

New packages.


  • No labels