[El-errata] ELSA-2018-4301 Important: Oracle Linux 5 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Dec 10 09:26:40 PST 2018 

Oracle Linux Security Advisory ELSA-2018-4301

http://linux.oracle.com/errata/ELSA-2018-4301.html

The following updated rpms for Oracle Linux 5 Extended Lifecycle Support 
(ELS) have been uploaded to the Unbreakable Linux Network:

i386:
kernel-uek-2.6.39-400.304.1.el5uek.i686.rpm
kernel-uek-debug-2.6.39-400.304.1.el5uek.i686.rpm
kernel-uek-debug-devel-2.6.39-400.304.1.el5uek.i686.rpm
kernel-uek-devel-2.6.39-400.304.1.el5uek.i686.rpm
kernel-uek-doc-2.6.39-400.304.1.el5uek.noarch.rpm
kernel-uek-firmware-2.6.39-400.304.1.el5uek.noarch.rpm

x86_64:
kernel-uek-firmware-2.6.39-400.304.1.el5uek.noarch.rpm
kernel-uek-doc-2.6.39-400.304.1.el5uek.noarch.rpm
kernel-uek-2.6.39-400.304.1.el5uek.x86_64.rpm
kernel-uek-devel-2.6.39-400.304.1.el5uek.x86_64.rpm
kernel-uek-debug-devel-2.6.39-400.304.1.el5uek.x86_64.rpm
kernel-uek-debug-2.6.39-400.304.1.el5uek.x86_64.rpm




Description of changes:

[2.6.39-400.304.1.el5uek]
- mnt: Prevent pivot_root from creating a loop in the mount tree (Eric 
W. Biederman) [Orabug: 26575709] {CVE-2014-7970} {CVE-2014-7970}
- vfs: more mnt_parent cleanups (Al Viro) [Orabug: 26575709] {CVE-2014-7970}
- vfs: new internal helper: mnt_has_parent(mnt) (Al Viro) [Orabug: 
26575709] {CVE-2014-7970}
- ALSA: seq: Fix racy pool initializations (Takashi Iwai) [Orabug: 
28459730] {CVE-2018-7566}
- xen-netback: calculate full_coalesce before the pre-estimation of ring 
buffer slots to consume (Dongli Zhang) [Orabug: 28818690] - scsi: sg: 
allocate with __GFP_ZERO in sg_build_indirect() (Alexander Potapenko) 
[Orabug: 28892695] {CVE-2018-1000204}
- KVM: MTRR: remove MSR 0x2f8 (Andy Honig) [Orabug: 28901711] 
{CVE-2016-3713} {CVE-2016-3713}
- cdrom: fix improper type cast, which can leat to information leak. 
(Young_X) [Orabug: 28929788] {CVE-2018-16658} {CVE-2018-10940} 
{CVE-2018-18710}
- udf: Check component length before reading it (Jan Kara) [Orabug: 
28941923] {CVE-2014-9728}
- udf: Verify symlink size before loading it (Shan Hai) [Orabug: 
28941923] {CVE-2014-9728}
- udf: Verify i_size when loading inode (Shan Hai) [Orabug: 28941923] 
{CVE-2014-9728}
- floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl 
(Andy Whitcroft) [Orabug: 28956549] {CVE-2018-7755} {CVE-2018-7755}
- crypto: salsa20 - fix blkcipher_walk API usage (Eric Biggers) [Orabug: 
28976586] {CVE-2017-17805}
- crypto: hmac - require that the underlying hash algorithm is unkeyed 
(Eric Biggers) [Orabug: 28976655] {CVE-2017-17806}

More information about the El-errata mailing list