4.3 - RHSA-2019:2169

Problem Description:

An update for linux-firmware is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch

3. Description:

The linux-firmware packages contain all of the firmware files that are required by various devices to operate.

Security Fix(es):

* kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange (CVE-2018-5383)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1614159 - CVE-2018-5383 kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange 1654809 - [qed] 8.37.7.0 firmware image is needed for DPDK 18.11 1671610 - [Diamanti]Programming the VF MAC address fails without updated FW 1698960 - Cavium/Marvell 7.7 FEAT] BNX2X_FW: Update to 7.13.11.0 firmware files 1702330 - [NETRO 7.7 Feat] Pull new version of Netronome flower firmware (AOTC-2.10.A.23)