bpftool, kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2019:0818

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)

• Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• rbd: avoid corruption on partially completed bios [rhel-7.6.z] (BZ#1672514)

• xfs_vm_writepages deadly embrace between kworker and user task. [rhel-7.6.z] (BZ#1673281)

• Offload Connections always get vlan priority 0 [rhel-7.6.z] (BZ#1673821)

• [NOKIA] RHEL sends flood of Neighbour Solicitations under specific conditions [rhel-7.6.z] (BZ#1677179)

• RHEL 7.6 - Host crash occurred on NVMe/IB system while running controller reset [rhel-7.6.z] (BZ#1678214)

• [rhel7] raid0 md workqueue deadlock with stacked md devices [rhel-7.6.z] (BZ#1678215)

• [PureStorage7.6]nvme disconnect following an unsuccessful Admin queue creation causes kernel panic [rhel-7.6.z] (BZ#1678216)

• RFC: Regression with -fstack-check in ‘backport upstream large stack guard patch to RHEL6’ patch [rhel-7.6.z] (BZ#1678221)

• [Hyper-V] [RHEL 7.6]hv_netvsc: Fix a network regression after ifdown/ifup [rhel-7.6.z] (BZ#1679997)

• rtc_cmos: probe of 00:01 failed with error -16 [rhel-7.6.z] (BZ#1683078)

• ACPI WDAT watchdog update [rhel-7.6.z] (BZ#1683079)

• high ovs-vswitchd CPU usage when VRRP over VXLAN tunnel causing qrouter fail-over [rhel-7.6.z] (BZ#1683093)

• Openshift node drops outgoing POD traffic due to NAT hashtable race in __ip_conntrack_confirm() [rhel-7.6.z] (BZ#1686766)

• [Backport] [v3,2/2] net: igmp: Allow user-space configuration of igmp unsolicited report interval [rhel-7.6.z] (BZ#1686771)

• [RHEL7.6]: Intermittently seen FIFO parity error on T6225-SO adapter [rhel-7.6.z] (BZ#1687487)

• The number of unsolict report about IGMP is incorrect [rhel-7.6.z] (BZ#1688225)

• RDT driver causing failure to boot on AMD Rome system with more than 255 CPUs [rhel-7.6.z] (BZ#1689120)

• mpt3sas_cm0: fault_state(0x2100)! [rhel-7.6.z] (BZ#1689379)

• rwsem in inconsistent state leading system to hung [rhel-7.6.z] (BZ#1690323)

Users of kernel are advised to upgrade to these updated packages, which fix these bugs.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2019-April/085440.html

Affected packages:
bpftool
kernel
kernel-abi-whitelists
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-headers
kernel-tools
kernel-tools-libs
kernel-tools-libs-devel
perf
python-perf

Upstream details at:
https://access.redhat.com/errata/RHSA-2019:0818