RHSA-2019:2473

Affecting perf package, versions centos:6: <0:2.6.32-754.18.2.el6

low severity
Do your applications use this vulnerable package? Test your applications

Overview

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: page cache side channel attacks (CVE-2019-5489) * kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service (CVE-2017-17805) * kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972) * kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * OOPS with Null Pointer exception in v4l2_ctrl_query_menu when second arg of function is NULL (BZ#1647975) * Another RHEL 6 hang in congestion_wait() (BZ#1658254) * kernel crash after running user space script (BZ#1663262) * RHEL-6.10: Don't report the use of retpoline on Skylake as vulnerable (BZ#1666102) * Bad pagetable: 000f “*pdpt = 0000000000000000 *pde = 0000000000000000” RHEL 6 32bit (BZ#1702782) * fs/binfmt_misc.c: do not allow offset overflow [6.10.z] (BZ#1710149) * Wrong spectre backport causing linux headers to break compilation of 3rd party packages (BZ#1722185)

References

CVE
RHSA-2019:2473
Snyk ID
SNYK-LINUX-PERF-459238
Published
13 Aug, 2019