[El-errata] ELSA-2019-0818 Important: Oracle Linux 7 kernel security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Apr 23 21:19:26 PDT 2019 

Oracle Linux Security Advisory ELSA-2019-0818

http://linux.oracle.com/errata/ELSA-2019-0818.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
bpftool-3.10.0-957.12.1.el7.x86_64.rpm
kernel-3.10.0-957.12.1.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-957.12.1.el7.noarch.rpm
kernel-debug-3.10.0-957.12.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-957.12.1.el7.x86_64.rpm
kernel-devel-3.10.0-957.12.1.el7.x86_64.rpm
kernel-doc-3.10.0-957.12.1.el7.noarch.rpm
kernel-headers-3.10.0-957.12.1.el7.x86_64.rpm
kernel-tools-3.10.0-957.12.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-957.12.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-957.12.1.el7.x86_64.rpm
perf-3.10.0-957.12.1.el7.x86_64.rpm
python-perf-3.10.0-957.12.1.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-957.12.1.el7.src.rpm



Description of changes:

[3.10.0-957.12.1.el7.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel 
(olkmod_signing_key.x509)(alexey.petrenko at oracle.com)
- Update x509.genkey [bug 24817676]

[3.10.0-957.12.1.el7]
- [kernel] locking/rwsem: Fix (possible) missed wakeup (Waiman Long) 
[1690323 1547078]
- [kernel] futex: Fix (possible) missed wakeup (Waiman Long) [1690323 
1547078]
- [kernel] futex: Use smp_store_release() in mark_wake_futex() (Waiman 
Long) [1690323 1547078]
- [kernel] sched/wake_q: Fix wakeup ordering for wake_q (Waiman Long) 
[1690323 1547078]
- [kernel] sched/wake_q: Document wake_q_add() (Waiman Long) [1690323 
1547078]
- [scsi] mpt3sas: As per MPI-spec, use combined reply queue for SAS3.5 
controllers when HBA supports more than 16 MSI-x vectors (Tomas Henzl) 
[1689379 1649288]
- [x86] cpu: avoid crash in get_cpu_cache_id() (David Arcari) [1689120 
1626279]
- [net] igmp: Allow user-space configuration of igmp unsolicited report 
interval (Hangbin Liu) [1686771 1663941]
- [net] igmp: Don't flush routing cache when force_igmp_version is 
modified (Hangbin Liu) [1686771 1663941]
- [net] igmp: fix incorrect unsolicit report count after link down and 
up (Hangbin Liu) [1688225 1623359]
- [net] igmp: fix incorrect unsolicit report count when join group 
(Hangbin Liu) [1688225 1623359]
- [net] igmp: make function __ip_mc_inc_group() static (Hangbin Liu) 
[1688225 1623359]
- [net] igmp: Reduce Unsolicited report interval to 1s when using IGMPv3 
(Hangbin Liu) [1688225 1623359]
- [netdrv] cxgb4: Mask out interrupts that are not enabled (Arjun 
Vynipadath) [1687487 1678729]
- [acpi] apci / watchdog: enable acpi_watchdog_uses_rtc (David Arcari) 
[1683078 1663637]
- [watchdog] simplify getting .drvdata (David Arcari) [1683079 1666393]
- [acpi] acpi / watchdog: Prefer iTCO_wdt always when WDAT table uses 
RTC SRAM (David Arcari) [1683079 1666393]
- [acpi] acpi / watchdog: Prefer iTCO_wdt on Lenovo Z50-70 (David 
Arcari) [1683079 1666393]
- [acpi] acpi / watchdog: properly initialize resources (David Arcari) 
[1683079 1666393]
- [acpi] acpi / watchdog: Fix init failure with overlapping register 
regions (David Arcari) [1683079 1666393]
- [acpi] acpi / watchdog: Print out error number when device creation 
fails (David Arcari) [1683079 1666393]
- [net] netfilter: nat: limit port clash resolution attempts (Florian 
Westphal) [1683093 1654777]
- [net] netfilter: nat: remove l4 protocol port rovers (Florian 
Westphal) [1683093 1654777]
- [net] netfilter: nat: cope with negative port range (Florian Westphal) 
[1683093 1654777]
- [x86] mm/fault: Allow stack access below rsp (Waiman Long) [1678221 
1651416]
- [nvme] nvme-rdma: fix possible double free of controller async event 
buffer (David Milburn) [1678214 1659532]
- [nvme] nvme-rdma: fix possible free of a non-allocated async event 
buffer (David Milburn) [1678214 1659532]
- [nvme] nvme-rdma: stop admin queue before freeing it (David Milburn) 
[1678214 1659532]
- [nvme] rdma: fix double freeing of async event data (David Milburn) 
[1678216 1655786]
- [md] fix memleak for mempool (Nigel Croxon) [1678215 1599780]
- [md] Memory leak when flush bio size is zero (Nigel Croxon) [1678215 
1599780]
- [md] fix lock contention for flush bios (Nigel Croxon) [1678215 1599780]
- [net] ipv6: rate-limit probes for neighbourless routes (Sabrina 
Dubroca) [1677179 1637821]
- [net] ipv6: Re-arrange code in rt6_probe() (Sabrina Dubroca) [1677179 
1637821]
- [netdrv] cxgb4: update supported DCB version (Arjun Vynipadath) 
[1673821 1668570]
- [netdrv] cxgb4: when disabling dcb set txq dcb priority to 0 (Arjun 
Vynipadath) [1673821 1668570]
- [kvm] kvm: fix kvm_ioctl_create_device() reference counting (Paolo 
Bonzini) [1671922 1671923] {CVE-2019-6974}
- [kvm] KVM: nVMX: unconditionally cancel preemption timer in 
free_nested (Paolo Bonzini) [1671905 1671906] {CVE-2019-7221}
- [mm] page-writeback.c: fix range_cyclic writeback vs writepages 
deadlock (Brian Foster) [1673281 1591574]
- [fs] rbd: avoid corruption on partially completed bios (Ilya Dryomov) 
[1672514 1613493]

[3.10.0-957.11.1.el7]
- [net] netfilter: nf_nat: skip nat clash resolution for same-origin 
entries (Florian Westphal) [1686766 1648965]
- [net] netfilter: nf_conntrack: resolve clash for matching conntracks 
(Florian Westphal) [1686766 1648965]
- [net] netfilter: conntrack: skip clash resolution if nat is in place 
(Florian Westphal) [1686766 1648965]
- [net] netfilter: conntrack: introduce clash resolution on insertion 
race (Florian Westphal) [1686766 1648965]
- [net] netfilter: conntrack: fix race between confirmation and flush 
(Florian Westphal) [1686766 1648965]
- [net] netfilter: conntrack: introduce nf_ct_acct_update() (Florian 
Westphal) [1686766 1648965]
- [netdrv] hv_netvsc: Fix a network regression after ifdown/ifup 
(Mohammed Gamal) [1679997 1661632]

More information about the El-errata mailing list