The issue was resolved by updating the code to unpack the heap data in a different way. Red Hat would like to thank Brian Carpenter for reporting this issue. CVE-2018-12932 Red Hat would like to announce the release of Red Hat Enterprise Linux for Critical System Applications 7.5. Red Hat Enterprise Linux for Critical System Applications is designed to meet the needs of mission-critical systems where performance and reliability are key. Red Hat Enterprise Linux for Critical System Applications provides the features system administrators need to keep their systems running, secure, and up-to-date. Red Hat Enterprise Linux for Critical System Applications is available in three editions for the following system types: • Red Hat Enterprise Linux for Critical System Applications 7.5 for x86_64

Red Hat Enterprise Linux for Critical System Applications 7.5 for ARM64

Red Hat Enterprise Linux for Critical System Applications 7.5 for IBM Power Systems What’s new in Red Hat Enterprise Linux for Critical System Applications 7.5? Red Hat Enterprise Linux for Critical System Applications 7.5 provides critical bug fixes, which are summarized in the table below. These bug fixes may be included in a future update for Red Hat Enterprise Linux for Extended Lifecycle support. As Red Hat Enterprise Linux for Critical System Software runs in mission-critical environments, a number of significant vulnerabilities were addressed in Red Hat Enterprise Linux 7.5

Bug fixes in Red Hat Enterprise Linux for Critical System Applications 7.5

CVE-2018-12894 An out of bounds read in the kernel could allow a local user to obtain sensitive information from kernel memory. This is addressed in Red Hat Enterprise Linux for Extended Lifecycle Support.
CVE-2018-12899 A race condition in the dlm_fibre_service librte_mempool_create() function of librte_mempool could allow a local user to cause a denial of service (kernel crash) by repeatedly triggering the creation of too many Fibre Channel links. This is addressed in Red Hat Enterprise Linux for Extended Lifecycle Support.
CVE-2018-13054 The Xen hypervisor did not properly enforce certain access control policies when handling incoming signals, which allowed guest users to bypass intended restrictions via unspecified vectors, aka "Xen Security Advisory CVE-2018-13054". This issue was resolved by updating Xen hypervisor to version 4.11.3, resolving an issue that allows guest users to bypass intended restrictions via unspecified vectors, as reported by VMware's internal security team._

Highlights of the 7.5 Update for CS

• Red Hat Enterprise Linux for Critical System Applications 7.5 provides critical bug fixes.
• This update contains 19 bug fixes in total, including the following notable security issues:
CVE-2018-12932
CVE-2019-3435
CVE-2019-3436
CVE-2019-3437
CVE-2019-3456
CVE-2020-4048
• Security fix for CVE 2019-3445.

What is covered by this update?

This update includes all of the following:

- A fix for a denial-of-service flaw.
- A fix for a flaw in btrfs file system handling.
- A fix for a flaw that allows an attacker to bypass the ASLR security protection mechanism. NOTE: This is not covered by Red Hat Extended Lifecycle support.
- A fix for a local privilege escalation vulnerability.
- And many more security, bug, and enhancement fixes!

Notable Bug Fixes

- CVE-2018-12932 Addressing a heap corruption issue in the Linux kernel
- CVE-2018-13053 Addressing an issue that could allow privilege escalation on 32 bit x86 systems
- CVE-2018-13054 Addressing an issue where the network interface address could be changed
- CVE-2018-13055 Addressing issues with IPv6 forwarding code

A problem was identified with the update to the 6.2.9 version of OpenLDAP software, which may result in data loss or corruption, and potentially cause unexpected system shutdowns. The issue has been resolved by updating the code to unpack the heap data in a different way. Red Hat would like to thank Brian Carpenter for reporting this issue.

New features and enhancements

- The Red Hat Enterprise Linux for Critical System Applications 7.5 ISO image includes new features and enhancements, such as:

- Support for Secure Boot
- Improved performance of in-memory databases with the introduction of a new kernel feature, acpi_cpufreq
- Improvements to UEFI boot support including support for Secure Boot workaround solutions
- Support for HVM guests on POWER8 systems

Timeline

Published on: 10/14/2022 12:15:00 UTC
Last modified on: 10/15/2022 02:10:00 UTC

References