From el-errata at oss.oracle.com Mon Dec 2 10:19:46 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 2 Dec 2019 10:19:46 -0800 Subject: [El-errata] ELBA-2019-3696 Oracle Linux 8 yum bug fix update Message-ID: <848e4872-4742-48f4-eeca-1abd760f2cea@oracle.com> Oracle Linux Bug Fix Advisory ELBA-2019-3696 http://linux.oracle.com/errata/ELBA-2019-3696.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: dnf-4.2.7-7.el8_1.noarch.rpm dnf-automatic-4.2.7-7.el8_1.noarch.rpm dnf-data-4.2.7-7.el8_1.noarch.rpm libdnf-0.35.1-9.0.1.el8_1.i686.rpm libdnf-0.35.1-9.0.1.el8_1.x86_64.rpm python3-dnf-4.2.7-7.el8_1.noarch.rpm python3-hawkey-0.35.1-9.0.1.el8_1.x86_64.rpm python3-libdnf-0.35.1-9.0.1.el8_1.x86_64.rpm yum-4.2.7-7.el8_1.noarch.rpm aarch64: dnf-4.2.7-7.el8_1.noarch.rpm dnf-automatic-4.2.7-7.el8_1.noarch.rpm dnf-data-4.2.7-7.el8_1.noarch.rpm libdnf-0.35.1-9.0.1.el8_1.aarch64.rpm python3-dnf-4.2.7-7.el8_1.noarch.rpm python3-hawkey-0.35.1-9.0.1.el8_1.aarch64.rpm python3-libdnf-0.35.1-9.0.1.el8_1.aarch64.rpm yum-4.2.7-7.el8_1.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/dnf-4.2.7-7.el8_1.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/libdnf-0.35.1-9.0.1.el8_1.src.rpm Description of changes: dnf [4.2.7-7] - Prevent reinstalling modified packages with same NEVRA (RhBug:1728252,1644241,1760825) libdnf [0.35.1-9.0.1] - Disable rhsm [Orabug: 29901202] - Replaced bugzilla.redhat.com with bugzilla.oracle.com in config [Orabug: 29656932] - Add support for apps that use libdnf to access yum url with 'ociregion' variable [Orabug: 30121584] (Frank Deng) [0.35.1-9] - Prevent reinstalling modified packages with same NEVRA (RhBug:1728252,1644241,1760825) From el-errata at oss.oracle.com Mon Dec 2 14:37:22 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 2 Dec 2019 14:37:22 -0800 Subject: [El-errata] ELSA-2019-4024 Important: Oracle Linux 7 SDL security update Message-ID: <9e46d56b-c061-b92c-5c8a-43089f381223@oracle.com> Oracle Linux Security Advisory ELSA-2019-4024 http://linux.oracle.com/errata/ELSA-2019-4024.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: SDL-1.2.15-15.el7_7.i686.rpm SDL-1.2.15-15.el7_7.x86_64.rpm SDL-devel-1.2.15-15.el7_7.i686.rpm SDL-devel-1.2.15-15.el7_7.x86_64.rpm SDL-static-1.2.15-15.el7_7.i686.rpm SDL-static-1.2.15-15.el7_7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/SDL-1.2.15-15.el7_7.src.rpm Description of changes: [1.2.15-15] - Fix CVE-2019-13616 (a heap buffer over-read in BlitNtoN) (bug #1747237) - Resolves: rhbz#1756276 From el-errata at oss.oracle.com Thu Dec 5 05:37:34 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 5 Dec 2019 05:37:34 -0800 Subject: [El-errata] ELSA-2019-4868 Important: Oracle Linux 6 microcode_ctl security update Message-ID: Oracle Linux Security Advisory ELSA-2019-4868 http://linux.oracle.com/errata/ELSA-2019-4868.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: i386: microcode_ctl-1.17-33.19.0.4.el6_10.i686.rpm x86_64: microcode_ctl-1.17-33.19.0.4.el6_10.x86_64.rpm SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/microcode_ctl-1.17-33.19.0.4.el6_10.src.rpm Description of changes: [3:1.17-33.19.0.4] - set early_microcode="no" in virtualized guests to avoid early load bugs [Orabug: 30618737] [3:1.17-33.19.0.1] - merge Oracle changes for early load via dracut - enable late load on install for UEK4 kernels marked safe (except BDW-79) - update 06-55-04 to 0x2000065 - update 06-55-07 to 0x500002c From el-errata at oss.oracle.com Thu Dec 5 05:37:55 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 5 Dec 2019 05:37:55 -0800 Subject: [El-errata] ELSA-2019-4867 Important: Oracle Linux 7 microcode_ctl security update Message-ID: <55b54389-b5cd-c156-f2b5-ed9f55b95ba5@oracle.com> Oracle Linux Security Advisory ELSA-2019-4867 http://linux.oracle.com/errata/ELSA-2019-4867.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: microcode_ctl-2.1-53.3.0.4.el7_7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/microcode_ctl-2.1-53.3.0.4.el7_7.src.rpm Description of changes: [2:2.1-53.3.0.4] - set early_microcode="no" in virtualized guests to avoid early load bugs [Orabug: 30618736] [2:2.1-53.3.0.1] - do not late load prior to 3.10.0 - ensure late loading fixes are present on 4.1.12-* and 4.14.35-* - enable early loading on 06-4f-01 - update 06-55-04 to 0x2000065 - update 06-55-07 to 0x500002c From el-errata at oss.oracle.com Fri Dec 6 05:27:01 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 6 Dec 2019 05:27:01 -0800 Subject: [El-errata] ELSA-2019-4111 Critical: Oracle Linux 8 firefox security update Message-ID: <31647d16-abe3-e185-5f5f-06a489c09e08@oracle.com> Oracle Linux Security Advisory ELSA-2019-4111 http://linux.oracle.com/errata/ELSA-2019-4111.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: firefox-68.3.0-1.0.1.el8_1.x86_64.rpm aarch64: firefox-68.3.0-1.0.1.el8_1.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/firefox-68.3.0-1.0.1.el8_1.src.rpm Description of changes: [68.3.0-1.0.1] - Rebuild to pickup Oracle default bookmarks [Orabug: 30069264] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Remove upstream references [Orabug: 30530527] [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild From el-errata at oss.oracle.com Fri Dec 6 05:27:26 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 6 Dec 2019 05:27:26 -0800 Subject: [El-errata] ELBA-2019-4112 Oracle Linux 8 fence-agents bug fix update Message-ID: <6ba6dfe3-8555-3207-5b3d-0124b94f5a4d@oracle.com> Oracle Linux Bug Fix Advisory ELBA-2019-4112 http://linux.oracle.com/errata/ELBA-2019-4112.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: fence-agents-all-4.2.1-30.el8_1.1.x86_64.rpm fence-agents-amt-ws-4.2.1-30.el8_1.1.noarch.rpm fence-agents-apc-4.2.1-30.el8_1.1.noarch.rpm fence-agents-apc-snmp-4.2.1-30.el8_1.1.noarch.rpm fence-agents-bladecenter-4.2.1-30.el8_1.1.noarch.rpm fence-agents-brocade-4.2.1-30.el8_1.1.noarch.rpm fence-agents-cisco-mds-4.2.1-30.el8_1.1.noarch.rpm fence-agents-cisco-ucs-4.2.1-30.el8_1.1.noarch.rpm fence-agents-common-4.2.1-30.el8_1.1.noarch.rpm fence-agents-compute-4.2.1-30.el8_1.1.noarch.rpm fence-agents-drac5-4.2.1-30.el8_1.1.noarch.rpm fence-agents-eaton-snmp-4.2.1-30.el8_1.1.noarch.rpm fence-agents-emerson-4.2.1-30.el8_1.1.noarch.rpm fence-agents-eps-4.2.1-30.el8_1.1.noarch.rpm fence-agents-heuristics-ping-4.2.1-30.el8_1.1.noarch.rpm fence-agents-hpblade-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ibmblade-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ifmib-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ilo-moonshot-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ilo-mp-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ilo-ssh-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ilo2-4.2.1-30.el8_1.1.noarch.rpm fence-agents-intelmodular-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ipdu-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ipmilan-4.2.1-30.el8_1.1.noarch.rpm fence-agents-kdump-4.2.1-30.el8_1.1.x86_64.rpm fence-agents-mpath-4.2.1-30.el8_1.1.noarch.rpm fence-agents-redfish-4.2.1-30.el8_1.1.x86_64.rpm fence-agents-rhevm-4.2.1-30.el8_1.1.noarch.rpm fence-agents-rsa-4.2.1-30.el8_1.1.noarch.rpm fence-agents-rsb-4.2.1-30.el8_1.1.noarch.rpm fence-agents-sbd-4.2.1-30.el8_1.1.noarch.rpm fence-agents-scsi-4.2.1-30.el8_1.1.noarch.rpm fence-agents-virsh-4.2.1-30.el8_1.1.noarch.rpm fence-agents-vmware-rest-4.2.1-30.el8_1.1.noarch.rpm fence-agents-vmware-soap-4.2.1-30.el8_1.1.noarch.rpm fence-agents-wti-4.2.1-30.el8_1.1.noarch.rpm aarch64: fence-agents-all-4.2.1-30.el8_1.1.aarch64.rpm fence-agents-amt-ws-4.2.1-30.el8_1.1.noarch.rpm fence-agents-apc-4.2.1-30.el8_1.1.noarch.rpm fence-agents-apc-snmp-4.2.1-30.el8_1.1.noarch.rpm fence-agents-bladecenter-4.2.1-30.el8_1.1.noarch.rpm fence-agents-brocade-4.2.1-30.el8_1.1.noarch.rpm fence-agents-cisco-mds-4.2.1-30.el8_1.1.noarch.rpm fence-agents-cisco-ucs-4.2.1-30.el8_1.1.noarch.rpm fence-agents-common-4.2.1-30.el8_1.1.noarch.rpm fence-agents-compute-4.2.1-30.el8_1.1.noarch.rpm fence-agents-drac5-4.2.1-30.el8_1.1.noarch.rpm fence-agents-eaton-snmp-4.2.1-30.el8_1.1.noarch.rpm fence-agents-emerson-4.2.1-30.el8_1.1.noarch.rpm fence-agents-eps-4.2.1-30.el8_1.1.noarch.rpm fence-agents-heuristics-ping-4.2.1-30.el8_1.1.noarch.rpm fence-agents-hpblade-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ibmblade-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ifmib-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ilo-moonshot-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ilo-mp-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ilo-ssh-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ilo2-4.2.1-30.el8_1.1.noarch.rpm fence-agents-intelmodular-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ipdu-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ipmilan-4.2.1-30.el8_1.1.noarch.rpm fence-agents-kdump-4.2.1-30.el8_1.1.aarch64.rpm fence-agents-mpath-4.2.1-30.el8_1.1.noarch.rpm fence-agents-redfish-4.2.1-30.el8_1.1.aarch64.rpm fence-agents-rhevm-4.2.1-30.el8_1.1.noarch.rpm fence-agents-rsa-4.2.1-30.el8_1.1.noarch.rpm fence-agents-rsb-4.2.1-30.el8_1.1.noarch.rpm fence-agents-sbd-4.2.1-30.el8_1.1.noarch.rpm fence-agents-scsi-4.2.1-30.el8_1.1.noarch.rpm fence-agents-virsh-4.2.1-30.el8_1.1.noarch.rpm fence-agents-vmware-rest-4.2.1-30.el8_1.1.noarch.rpm fence-agents-vmware-soap-4.2.1-30.el8_1.1.noarch.rpm fence-agents-wti-4.2.1-30.el8_1.1.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/fence-agents-4.2.1-30.el8_1.1.src.rpm Description of changes: [4.2.1-30.1] - fence_compute: disable service after force-down Resolves: rhbz#1762432 From el-errata at oss.oracle.com Fri Dec 6 07:42:58 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 6 Dec 2019 07:42:58 -0800 Subject: [El-errata] ELBA-2019-4106 Oracle Linux 7 kernel bug fix update Message-ID: <792d4030-ce98-3913-7828-ee80eaf8939a@oracle.com> Oracle Linux Bug Fix Advisory ELBA-2019-4106 http://linux.oracle.com/errata/ELBA-2019-4106.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-3.10.0-1062.9.1.el7.x86_64.rpm kernel-3.10.0-1062.9.1.el7.x86_64.rpm kernel-abi-whitelists-3.10.0-1062.9.1.el7.noarch.rpm kernel-debug-3.10.0-1062.9.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.9.1.el7.x86_64.rpm kernel-devel-3.10.0-1062.9.1.el7.x86_64.rpm kernel-doc-3.10.0-1062.9.1.el7.noarch.rpm kernel-headers-3.10.0-1062.9.1.el7.x86_64.rpm kernel-tools-3.10.0-1062.9.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.9.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.9.1.el7.x86_64.rpm perf-3.10.0-1062.9.1.el7.x86_64.rpm python-perf-3.10.0-1062.9.1.el7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-1062.9.1.el7.src.rpm Description of changes: [3.10.0-1062.9.1.el7.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko at oracle.com) - Update x509.genkey [Orabug: 24817676] [3.10.0-1062.9.1.el7] - [kernel] sched: Fix race between task_group and sched_task_group (Oleksandr Natalenko) [1778545 1738415] [3.10.0-1062.8.1.el7] - [kernel] sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices (Phil Auld) [1770738 1752136] From el-errata at oss.oracle.com Fri Dec 6 07:43:19 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 6 Dec 2019 07:43:19 -0800 Subject: [El-errata] ELSA-2019-4107 Critical: Oracle Linux 7 firefox security update Message-ID: <74c4bb4e-f405-a69f-5631-81e6f629aada@oracle.com> Oracle Linux Security Advisory ELSA-2019-4107 http://linux.oracle.com/errata/ELSA-2019-4107.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: firefox-68.3.0-1.0.1.el7_7.i686.rpm firefox-68.3.0-1.0.1.el7_7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/firefox-68.3.0-1.0.1.el7_7.src.rpm Description of changes: [68.3.0-1.0.1] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild From el-errata at oss.oracle.com Fri Dec 6 07:43:40 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 6 Dec 2019 07:43:40 -0800 Subject: [El-errata] ELSA-2019-4107 Critical: Oracle Linux 7 firefox security update (aarch64) Message-ID: <30427948-2428-e275-8916-46c5bd82924f@oracle.com> Oracle Linux Security Advisory ELSA-2019-4107 http://linux.oracle.com/errata/ELSA-2019-4107.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: aarch64: firefox-68.3.0-1.0.1.el7_7.aarch64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/firefox-68.3.0-1.0.1.el7_7.src.rpm Description of changes: [68.3.0-1.0.1] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild From el-errata at oss.oracle.com Fri Dec 6 13:15:55 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 6 Dec 2019 13:15:55 -0800 Subject: [El-errata] ELBA-2019-4106-1 Oracle Linux 7 kernel bug fix update Message-ID: <0c4f4144-a336-b131-d5a5-36f7b135c3c5@oracle.com> Oracle Linux Bug Fix Advisory ELBA-2019-4106-1 http://linux.oracle.com/errata/ELBA-2019-4106-1.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-3.10.0-1062.9.1.0.1.el7.x86_64.rpm kernel-3.10.0-1062.9.1.0.1.el7.x86_64.rpm kernel-abi-whitelists-3.10.0-1062.9.1.0.1.el7.noarch.rpm kernel-debug-3.10.0-1062.9.1.0.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.9.1.0.1.el7.x86_64.rpm kernel-devel-3.10.0-1062.9.1.0.1.el7.x86_64.rpm kernel-doc-3.10.0-1062.9.1.0.1.el7.noarch.rpm kernel-headers-3.10.0-1062.9.1.0.1.el7.x86_64.rpm kernel-tools-3.10.0-1062.9.1.0.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.9.1.0.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.9.1.0.1.el7.x86_64.rpm perf-3.10.0-1062.9.1.0.1.el7.x86_64.rpm python-perf-3.10.0-1062.9.1.0.1.el7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-1062.9.1.0.1.el7.src.rpm Description of changes: [3.10.0-1062.9.1.0.1.el7.OL7] - [xen/balloon] Support xend-based toolstack (Orabug: 28663970) - [x86/apic/x2apic] avoid allocate multiple irq vectors for a single interrupt on multiple cpu, otherwise irq vectors would be used up when there are only 2 cpu online per node. [Orabug: 28691156] - [bonding] avoid repeated display of same link status change. [Orabug: 28109857] - [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [Orabug: 22552377] From el-errata at oss.oracle.com Mon Dec 9 09:55:43 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 9 Dec 2019 09:55:43 -0800 Subject: [El-errata] ELSA-2019-4870 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update Message-ID: <1b52a51c-233a-289e-2ea3-a3407b8fe92d@oracle.com> Oracle Linux Security Advisory ELSA-2019-4870 http://linux.oracle.com/errata/ELSA-2019-4870.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-doc-4.1.12-124.34.1.el7uek.noarch.rpm kernel-uek-firmware-4.1.12-124.34.1.el7uek.noarch.rpm kernel-uek-4.1.12-124.34.1.el7uek.x86_64.rpm kernel-uek-devel-4.1.12-124.34.1.el7uek.x86_64.rpm kernel-uek-debug-4.1.12-124.34.1.el7uek.x86_64.rpm kernel-uek-debug-devel-4.1.12-124.34.1.el7uek.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.1.12-124.34.1.el7uek.src.rpm Description of changes: [4.1.12-124.34.1.el7uek] - block/loop: set hw_sectors (Shaohua Li) [Orabug: 30244514] - block-mq: fix hung due to too much warning log (Junxiao Bi) [Orabug: 30273956] - oled: export symbols (Wengang Wang) [Orabug: 30512063] - oled: give panic handler chance to run before kexec (Wengang Wang) [Orabug: 30512063] - USB: sisusbvga: fix oops in error path of sisusb_probe (Oliver Neukum) [Orabug: 30548565] {CVE-2019-15219} [4.1.12-124.33.5.el7uek] - net/mlx5: bump driver rev (Brian Maly) [Orabug: 30479538] - net/mlx5: Add 25G and 50G types (John Donnelly) [Orabug: 30479538] - net/mlx5: Add ConnectX-5 PCIe 4.0 VF device ID (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Fix pci error recovery flow (Mohamad Haj Yahia) [Orabug: 30479538] - net/mlx5: Add timeout handle to commands with callback (Mohamad Haj Yahia) [Orabug: 30479538] - net/mlx5: Fix potential deadlock in command mode change (Mohamad Haj Yahia) [Orabug: 30479538] - net/mlx5: Fix wait_vital for VFs and remove fixed sleep (Daniel Jurgens) [Orabug: 30479538] - net/mlx5: Add ConnectX-5 PCIe 4.0 to list of supported devices (Majd Dibbiny) [Orabug: 30479538] - net/mlx5e: Add missing 50G baseSR2 link mode (Gal Pressman) [Orabug: 30479538] - net/mlx5_core: Add ConnectX-5 to list of supported devices (Majd Dibbiny) [Orabug: 30479538] - net/mlx5e: Fix MLX5E_100BASE_T define (Rana Shahout) [Orabug: 30479538] - net/mlx5e: Fix soft lockup when HW Timestamping is enabled (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5: Make command timeout way shorter (Or Gerlitz) [Orabug: 30479538] - net/mlx5: Fix teardown errors that happen in pci error handler (Mohamad Haj Yahia) [Orabug: 30479538] - IB/mlx5: Support setting Ethernet priority for Raw Packet QPs (majd at mellanox.com) [Orabug: 30479538] - IB/mlx5: Add Raw Packet QP query functionality (majd at mellanox.com) [Orabug: 30479538] - net/mlx5_core: Warn on unsupported events of QP/RQ/SQ (majd at mellanox.com) [Orabug: 30479538] - net/mlx5_core: Add RQ and SQ event handling (majd at mellanox.com) [Orabug: 30479538] - net/mlx5_core: Export transport objects (majd at mellanox.com) [Orabug: 30479538] - IB/mlx5: Add CQE version 1 support to user QPs and SRQs (Haggai Abramovsky) [Orabug: 30479538] - net/mlx5_core: Fix trimming down IRQ number (Doron Tsur) [Orabug: 30479538] - net/mlx5_core: Export flow steering API (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Make ipv4/ipv6 location more clear (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Enable flow steering support for the IB driver (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Initialize namespaces only when supported by device (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Set priority attributes (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Connect flow tables (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Introduce modify flow table command (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Managing root flow table (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Add utilities to find next and prev flow-tables (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Introduce flow steering autogrouped flow table (Maor Gottlieb) [Orabug: 30479538] - net/mlx5e: Add PTP Hardware Clock (PHC) support (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5e: Add HW timestamping (TS) support (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5_core: Introduce access function to read internal timer (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5e: Do not modify the TX SKB (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Add setting ATOMIC endian mode (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5_core: Introduce access functions to enable/disable RoCE (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Break down the vport mac address query function (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Rename en_flow_table.c to en_fs.c (Maor Gottlieb) [Orabug: 30479538] - net/mlx5: Use flow steering infrastructure for mlx5_en (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Flow steering tree initialization (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Introduce flow steering API (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Add flow steering lookup algorithms (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Add flow steering base data structures (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Introduce flow steering firmware commands (Maor Gottlieb) [Orabug: 30479538] - net/mlx5e: Assign random MAC address if needed (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Fix query E-Switch capabilities (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Add support for SR-IOV ndos (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce get vf statistics (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce set vport vlan (VST mode) (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce HCA cap and E-Switch vport context (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce Vport administration functions (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Add SR-IOV (FDB) support (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce FDB hardware capabilities (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introducing E-Switch and l2 table (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Write vlan list into vport context (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Write UC/MC list and promisc mode into vport context (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introduce access functions to modify/query vport vlans (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introduce access functions to modify/query vport promisc mode (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introduce access functions to modify/query vport state (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introduce access functions to modify/query vport mac lists (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Update access functions to Query/Modify vport MAC address (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Add HW capabilities and structs for SR-IOV E-Switch (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: Add base sriov support (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Modify enable/disable hca functions (Eli Cohen) [Orabug: 30479538] - mlx5: support napi_complete_done() (Eric Dumazet) [Orabug: 30479538] - mlx5: add busy polling support (Eric Dumazet) [Orabug: 30479538] - net/mlx5e: Use the right DMA free function on TX path (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Max mtu comparison fix (Doron Tsur) [Orabug: 30479538] - net/mlx5e: Added self loopback prevention (Tariq Toukan) [Orabug: 30479538] - net/mlx5e: Fix inline header size calculation (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Fix LSO vlan insertion (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Re-eanble client vlan TX acceleration (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Return error in case mlx5e_set_features() fails (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Don't allow more than max supported channels (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Use the the real irqn in eq->irqn (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Wait for RX buffers initialization in a more proper manner (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Avoid NULL pointer access in case of configuration failure (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Wait for FW readiness on startup (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Add pci error handlers to mlx5_core driver (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Fix internal error detection conditions (Eli Cohen) [Orabug: 30479538] (Christoph Hellwig) [Orabug: 30479538] - net/mlx5e: Disable VLAN filter in promiscuous mode (Achiad Shochat) [Orabug: 30479538] - net/mlx5: Fix typo in mlx5_query_port_pvlc (Jiri Pirko) [Orabug: 30479538] - net/mlx5_core: Use private health thread for each device (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Use accessor functions to read from device memory (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Prepare cmd interface to system errors handling (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Improve mlx5 messages (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Update health syndromes (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Fix wrong name in struct (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: New init and exit flow for mlx5_core (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Fix notification of page supplement error (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Fix async commands return code (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Remove redundant "err" variable usage (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Fix struct type in the DESTROY_TIR/TIS device commands (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Priv state flag not rolled-back upon netdev open error (Achiad Shochat) [Orabug: 30479538] - IB/mlx5: Remove support for IB_DEVICE_LOCAL_DMA_LKEY (Sagi Grimberg) [Orabug: 30479538] - mlx5: Fix incorrect wc pkey_index assignment for GSI messages (Sagi Grimberg) [Orabug: 30479538] - mlx5: Expose max_sge_rd correctly (Sagi Grimberg) [Orabug: 30479538] - mlx5: Expose correct page_size_cap in device attributes (Sagi Grimberg) [Orabug: 30479538] - mlx5: Fix missing device local_dma_lkey (Sagi Grimberg) [Orabug: 30479538] - net/mlx5e: Avoid accessing NULL pointer at ndo_select_queue (Rana Shahout) [Orabug: 30479538] - mlx5e: Fix sparse warnings in mlx5e_handle_csum(). (David S. Miller) [Orabug: 30479538] - net/mlx5e: Support RX CHECKSUM_COMPLETE (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Support ethtool get/set_pauseparam (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Ethtool link speed setting fixes (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: HW LRO changes/fixes (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Support smaller RX/TX ring sizes (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Add ethtool RSS configuration options (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Make RSS indirection table size a constant (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Have a single RSS Toeplitz hash key (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Set log_uar_page_sz for non 4K page size architecture (Carol L Soto) [Orabug: 30479538] - net/mlx5_core: Support physical port counters (Gal Pressman) [Orabug: 30479538] - net/mlx5e: Take advantage of the light-weight netdev open/stop (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Disable async events before unregister_netdev() (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Rename/move functions following the ndo_stop flow change (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Light-weight netdev open/stop (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Introduce access function to modify RSS/LRO params (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Introduce the "Drop RQ" (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Unify the RX flow (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove the mlx5e_update_priv_params() function (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Introduce create/destroy RSS indir table access functions (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Do not use netdev_err() before the netdev is registered (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Avoid redundant de-reference (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove redundant assignment of sq->user_index (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove redundant field mlx5e_priv->num_tc (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Use hard-coded 4K page size for RQ/SQ/CQ (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Check the return value of mlx5_command_exec() (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5e: Input IPSEC.SPI into the RX RSS hash function (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Cosmetics: use BIT() instead of "1 <<", and others (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: TX latency optimization to save DMA reads (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Support TX packet copy into WQE (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Allocate DMA coherent memory on reader NUMA node (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Support ETH_RSS_HASH_XOR (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Prefetch skb data on RX (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Pop cq outside mlx5e_get_cqe (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove mlx5e_cq.sqrq back-pointer (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove extra spaces (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Avoid TX CQE generation if more xmit packets expected (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Avoid redundant dev_kfree_skb() upon NOP completion (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove re-assignment of wq type in mlx5e_enable_rq() (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Use skb_shinfo(skb)->gso_segs rather than counting them (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Static mapping of netdev priv resources to/from netdev TX queues (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Add transport domain to the ethernet TIRs/TISs (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Add transport domain alloc/dealloc support (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Support NETIF_F_SG (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Enforce max flow-tables level >= 3 (Gal Pressman) [Orabug: 30479538] - net/mlx5e: Disable client vlan TX acceleration (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Add HW cacheline start padding (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Fix HW MTU settings (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: fix an error code (Dan Carpenter) [Orabug: 30479538] - net/mlx5_core: Fix static checker warnings around system guid query flow (Majd Dibbiny) [Orabug: 30479538] - mlx5: Enable mutual support for IB and Ethernet (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5_core: Add more query port helpers (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Use port number when querying port ptys (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Use port number in the query port mtu helpers (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Get vendor-id using the query adapter command (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Add new query HCA vport commands (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Make the vport helpers available for the IB driver too (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Check the return bitmask when querying ISSI (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5_core: Enable XRCs and SRQs when using ISSI > 0 (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5_core: Apply proper name convention to helpers (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5_en: Add missing check for memory allocation failure (Amir Vadai) [Orabug: 30479538] - net/mlx5: Extend mlx5_core to support ConnectX-4 Ethernet functionality (Amir Vadai) [Orabug: 30479538] - net/mlx5: Ethernet resource handling files (Amir Vadai) [Orabug: 30479538] - net/mlx5: Ethernet Datapath files (Amir Vadai) [Orabug: 30479538] - net/mlx5_core: Set/Query port MTU commands (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: Modify CQ moderation parameters (Rana Shahout) [Orabug: 30479538] - net/mlx5_core: Implement get/set port status (Rana Shahout) [Orabug: 30479538] - net/mlx5_core: Implement access functions of ptys register fields (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: New device capabilities handling (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: HW data structs/types definitions cleanup (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: Set irq affinity hints (Saeed Mahameed) [Orabug: 30479538] - mlx5: add kcompat.h (Brian Maly) [Orabug: 30479538] - net/mlx5_core,mlx5_ib: Do not use vmap() on coherent memory (Amir Vadai) [Orabug: 30479538] - mlx5: enable module in kernel configs (Brian Maly) [Orabug: 30479538] - config: disable mlx5_ib (Brian Maly) [Orabug: 30479538] - nano: remove mlx5_ib (Brian Maly) [Orabug: 30479538] - fix retpoline build breakage when CONFIG_RETPOLINE is not set (Brian Maly) [Orabug: 30479538] From el-errata at oss.oracle.com Mon Dec 9 09:56:24 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 9 Dec 2019 09:56:24 -0800 Subject: [El-errata] ELSA-2019-4870 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update Message-ID: <625e603b-9842-182d-6571-322d301504bf@oracle.com> Oracle Linux Security Advisory ELSA-2019-4870 http://linux.oracle.com/errata/ELSA-2019-4870.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-doc-4.1.12-124.34.1.el6uek.noarch.rpm kernel-uek-firmware-4.1.12-124.34.1.el6uek.noarch.rpm kernel-uek-4.1.12-124.34.1.el6uek.x86_64.rpm kernel-uek-devel-4.1.12-124.34.1.el6uek.x86_64.rpm kernel-uek-debug-4.1.12-124.34.1.el6uek.x86_64.rpm kernel-uek-debug-devel-4.1.12-124.34.1.el6uek.x86_64.rpm SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-4.1.12-124.34.1.el6uek.src.rpm Description of changes: [4.1.12-124.34.1.el6uek] - block/loop: set hw_sectors (Shaohua Li) [Orabug: 30244514] - block-mq: fix hung due to too much warning log (Junxiao Bi) [Orabug: 30273956] - oled: export symbols (Wengang Wang) [Orabug: 30512063] - oled: give panic handler chance to run before kexec (Wengang Wang) [Orabug: 30512063] - USB: sisusbvga: fix oops in error path of sisusb_probe (Oliver Neukum) [Orabug: 30548565] {CVE-2019-15219} [4.1.12-124.33.5.el6uek] - net/mlx5: bump driver rev (Brian Maly) [Orabug: 30479538] - net/mlx5: Add 25G and 50G types (John Donnelly) [Orabug: 30479538] - net/mlx5: Add ConnectX-5 PCIe 4.0 VF device ID (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Fix pci error recovery flow (Mohamad Haj Yahia) [Orabug: 30479538] - net/mlx5: Add timeout handle to commands with callback (Mohamad Haj Yahia) [Orabug: 30479538] - net/mlx5: Fix potential deadlock in command mode change (Mohamad Haj Yahia) [Orabug: 30479538] - net/mlx5: Fix wait_vital for VFs and remove fixed sleep (Daniel Jurgens) [Orabug: 30479538] - net/mlx5: Add ConnectX-5 PCIe 4.0 to list of supported devices (Majd Dibbiny) [Orabug: 30479538] - net/mlx5e: Add missing 50G baseSR2 link mode (Gal Pressman) [Orabug: 30479538] - net/mlx5_core: Add ConnectX-5 to list of supported devices (Majd Dibbiny) [Orabug: 30479538] - net/mlx5e: Fix MLX5E_100BASE_T define (Rana Shahout) [Orabug: 30479538] - net/mlx5e: Fix soft lockup when HW Timestamping is enabled (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5: Make command timeout way shorter (Or Gerlitz) [Orabug: 30479538] - net/mlx5: Fix teardown errors that happen in pci error handler (Mohamad Haj Yahia) [Orabug: 30479538] - IB/mlx5: Support setting Ethernet priority for Raw Packet QPs (majd at mellanox.com) [Orabug: 30479538] - IB/mlx5: Add Raw Packet QP query functionality (majd at mellanox.com) [Orabug: 30479538] - net/mlx5_core: Warn on unsupported events of QP/RQ/SQ (majd at mellanox.com) [Orabug: 30479538] - net/mlx5_core: Add RQ and SQ event handling (majd at mellanox.com) [Orabug: 30479538] - net/mlx5_core: Export transport objects (majd at mellanox.com) [Orabug: 30479538] - IB/mlx5: Add CQE version 1 support to user QPs and SRQs (Haggai Abramovsky) [Orabug: 30479538] - net/mlx5_core: Fix trimming down IRQ number (Doron Tsur) [Orabug: 30479538] - net/mlx5_core: Export flow steering API (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Make ipv4/ipv6 location more clear (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Enable flow steering support for the IB driver (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Initialize namespaces only when supported by device (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Set priority attributes (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Connect flow tables (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Introduce modify flow table command (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Managing root flow table (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Add utilities to find next and prev flow-tables (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Introduce flow steering autogrouped flow table (Maor Gottlieb) [Orabug: 30479538] - net/mlx5e: Add PTP Hardware Clock (PHC) support (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5e: Add HW timestamping (TS) support (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5_core: Introduce access function to read internal timer (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5e: Do not modify the TX SKB (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Add setting ATOMIC endian mode (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5_core: Introduce access functions to enable/disable RoCE (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Break down the vport mac address query function (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Rename en_flow_table.c to en_fs.c (Maor Gottlieb) [Orabug: 30479538] - net/mlx5: Use flow steering infrastructure for mlx5_en (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Flow steering tree initialization (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Introduce flow steering API (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Add flow steering lookup algorithms (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Add flow steering base data structures (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Introduce flow steering firmware commands (Maor Gottlieb) [Orabug: 30479538] - net/mlx5e: Assign random MAC address if needed (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Fix query E-Switch capabilities (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Add support for SR-IOV ndos (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce get vf statistics (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce set vport vlan (VST mode) (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce HCA cap and E-Switch vport context (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce Vport administration functions (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Add SR-IOV (FDB) support (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce FDB hardware capabilities (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introducing E-Switch and l2 table (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Write vlan list into vport context (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Write UC/MC list and promisc mode into vport context (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introduce access functions to modify/query vport vlans (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introduce access functions to modify/query vport promisc mode (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introduce access functions to modify/query vport state (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introduce access functions to modify/query vport mac lists (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Update access functions to Query/Modify vport MAC address (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Add HW capabilities and structs for SR-IOV E-Switch (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: Add base sriov support (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Modify enable/disable hca functions (Eli Cohen) [Orabug: 30479538] - mlx5: support napi_complete_done() (Eric Dumazet) [Orabug: 30479538] - mlx5: add busy polling support (Eric Dumazet) [Orabug: 30479538] - net/mlx5e: Use the right DMA free function on TX path (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Max mtu comparison fix (Doron Tsur) [Orabug: 30479538] - net/mlx5e: Added self loopback prevention (Tariq Toukan) [Orabug: 30479538] - net/mlx5e: Fix inline header size calculation (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Fix LSO vlan insertion (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Re-eanble client vlan TX acceleration (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Return error in case mlx5e_set_features() fails (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Don't allow more than max supported channels (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Use the the real irqn in eq->irqn (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Wait for RX buffers initialization in a more proper manner (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Avoid NULL pointer access in case of configuration failure (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Wait for FW readiness on startup (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Add pci error handlers to mlx5_core driver (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Fix internal error detection conditions (Eli Cohen) [Orabug: 30479538] (Christoph Hellwig) [Orabug: 30479538] - net/mlx5e: Disable VLAN filter in promiscuous mode (Achiad Shochat) [Orabug: 30479538] - net/mlx5: Fix typo in mlx5_query_port_pvlc (Jiri Pirko) [Orabug: 30479538] - net/mlx5_core: Use private health thread for each device (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Use accessor functions to read from device memory (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Prepare cmd interface to system errors handling (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Improve mlx5 messages (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Update health syndromes (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Fix wrong name in struct (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: New init and exit flow for mlx5_core (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Fix notification of page supplement error (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Fix async commands return code (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Remove redundant "err" variable usage (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Fix struct type in the DESTROY_TIR/TIS device commands (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Priv state flag not rolled-back upon netdev open error (Achiad Shochat) [Orabug: 30479538] - IB/mlx5: Remove support for IB_DEVICE_LOCAL_DMA_LKEY (Sagi Grimberg) [Orabug: 30479538] - mlx5: Fix incorrect wc pkey_index assignment for GSI messages (Sagi Grimberg) [Orabug: 30479538] - mlx5: Expose max_sge_rd correctly (Sagi Grimberg) [Orabug: 30479538] - mlx5: Expose correct page_size_cap in device attributes (Sagi Grimberg) [Orabug: 30479538] - mlx5: Fix missing device local_dma_lkey (Sagi Grimberg) [Orabug: 30479538] - net/mlx5e: Avoid accessing NULL pointer at ndo_select_queue (Rana Shahout) [Orabug: 30479538] - mlx5e: Fix sparse warnings in mlx5e_handle_csum(). (David S. Miller) [Orabug: 30479538] - net/mlx5e: Support RX CHECKSUM_COMPLETE (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Support ethtool get/set_pauseparam (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Ethtool link speed setting fixes (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: HW LRO changes/fixes (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Support smaller RX/TX ring sizes (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Add ethtool RSS configuration options (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Make RSS indirection table size a constant (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Have a single RSS Toeplitz hash key (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Set log_uar_page_sz for non 4K page size architecture (Carol L Soto) [Orabug: 30479538] - net/mlx5_core: Support physical port counters (Gal Pressman) [Orabug: 30479538] - net/mlx5e: Take advantage of the light-weight netdev open/stop (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Disable async events before unregister_netdev() (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Rename/move functions following the ndo_stop flow change (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Light-weight netdev open/stop (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Introduce access function to modify RSS/LRO params (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Introduce the "Drop RQ" (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Unify the RX flow (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove the mlx5e_update_priv_params() function (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Introduce create/destroy RSS indir table access functions (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Do not use netdev_err() before the netdev is registered (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Avoid redundant de-reference (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove redundant assignment of sq->user_index (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove redundant field mlx5e_priv->num_tc (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Use hard-coded 4K page size for RQ/SQ/CQ (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Check the return value of mlx5_command_exec() (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5e: Input IPSEC.SPI into the RX RSS hash function (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Cosmetics: use BIT() instead of "1 <<", and others (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: TX latency optimization to save DMA reads (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Support TX packet copy into WQE (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Allocate DMA coherent memory on reader NUMA node (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Support ETH_RSS_HASH_XOR (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Prefetch skb data on RX (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Pop cq outside mlx5e_get_cqe (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove mlx5e_cq.sqrq back-pointer (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove extra spaces (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Avoid TX CQE generation if more xmit packets expected (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Avoid redundant dev_kfree_skb() upon NOP completion (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove re-assignment of wq type in mlx5e_enable_rq() (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Use skb_shinfo(skb)->gso_segs rather than counting them (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Static mapping of netdev priv resources to/from netdev TX queues (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Add transport domain to the ethernet TIRs/TISs (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Add transport domain alloc/dealloc support (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Support NETIF_F_SG (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Enforce max flow-tables level >= 3 (Gal Pressman) [Orabug: 30479538] - net/mlx5e: Disable client vlan TX acceleration (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Add HW cacheline start padding (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Fix HW MTU settings (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: fix an error code (Dan Carpenter) [Orabug: 30479538] - net/mlx5_core: Fix static checker warnings around system guid query flow (Majd Dibbiny) [Orabug: 30479538] - mlx5: Enable mutual support for IB and Ethernet (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5_core: Add more query port helpers (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Use port number when querying port ptys (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Use port number in the query port mtu helpers (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Get vendor-id using the query adapter command (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Add new query HCA vport commands (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Make the vport helpers available for the IB driver too (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Check the return bitmask when querying ISSI (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5_core: Enable XRCs and SRQs when using ISSI > 0 (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5_core: Apply proper name convention to helpers (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5_en: Add missing check for memory allocation failure (Amir Vadai) [Orabug: 30479538] - net/mlx5: Extend mlx5_core to support ConnectX-4 Ethernet functionality (Amir Vadai) [Orabug: 30479538] - net/mlx5: Ethernet resource handling files (Amir Vadai) [Orabug: 30479538] - net/mlx5: Ethernet Datapath files (Amir Vadai) [Orabug: 30479538] - net/mlx5_core: Set/Query port MTU commands (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: Modify CQ moderation parameters (Rana Shahout) [Orabug: 30479538] - net/mlx5_core: Implement get/set port status (Rana Shahout) [Orabug: 30479538] - net/mlx5_core: Implement access functions of ptys register fields (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: New device capabilities handling (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: HW data structs/types definitions cleanup (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: Set irq affinity hints (Saeed Mahameed) [Orabug: 30479538] - mlx5: add kcompat.h (Brian Maly) [Orabug: 30479538] - net/mlx5_core,mlx5_ib: Do not use vmap() on coherent memory (Amir Vadai) [Orabug: 30479538] - mlx5: enable module in kernel configs (Brian Maly) [Orabug: 30479538] - config: disable mlx5_ib (Brian Maly) [Orabug: 30479538] - nano: remove mlx5_ib (Brian Maly) [Orabug: 30479538] - fix retpoline build breakage when CONFIG_RETPOLINE is not set (Brian Maly) [Orabug: 30479538] From el-errata at oss.oracle.com Mon Dec 9 13:13:57 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 9 Dec 2019 13:13:57 -0800 Subject: [El-errata] ELSA-2019-4871 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update Message-ID: <606d4344-a741-1f0a-f806-40dd45426ef6@oracle.com> Oracle Linux Security Advisory ELSA-2019-4871 http://linux.oracle.com/errata/ELSA-2019-4871.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-firmware-3.8.13-118.41.1.el7uek.noarch.rpm kernel-uek-doc-3.8.13-118.41.1.el7uek.noarch.rpm kernel-uek-3.8.13-118.41.1.el7uek.x86_64.rpm kernel-uek-devel-3.8.13-118.41.1.el7uek.x86_64.rpm kernel-uek-debug-devel-3.8.13-118.41.1.el7uek.x86_64.rpm kernel-uek-debug-3.8.13-118.41.1.el7uek.x86_64.rpm dtrace-modules-3.8.13-118.41.1.el7uek-0.4.5-3.el7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-3.8.13-118.41.1.el7uek.src.rpm http://oss.oracle.com/ol7/SRPMS-updates/dtrace-modules-3.8.13-118.41.1.el7uek-0.4.5-3.el7.src.rpm Description of changes: kernel-uek [3.8.13-118.41.1.el7uek] - x86/speculation: Determine swapgs before alternative instructions are set (Patrick Colp) [Orabug: 30379626] - ieee802154: enforce CAP_NET_RAW for raw sockets (Allen Pais) [Orabug: 30444947] {CVE-2019-17053} - mISDN: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30445159] {CVE-2019-17055} - net: sit: fix memory leak in sit_init_net() (Mao Wenan) [Orabug: 30445307] {CVE-2019-16994} - media: dvb: usb: fix use after free in dvb_usb_device_exit (Oliver Neukum) [Orabug: 30490492] {CVE-2019-15213} - media: cpia2_usb: first wake up, then free in disconnect (Oliver Neukum) [Orabug: 30511742] {CVE-2019-15215} - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Vandana BN) [Orabug: 30532775] {CVE-2019-15217} - USB: sisusbvga: fix oops in error path of sisusb_probe (Oliver Neukum) [Orabug: 30548566] {CVE-2019-15219} From el-errata at oss.oracle.com Mon Dec 9 13:14:13 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 9 Dec 2019 13:14:13 -0800 Subject: [El-errata] ELSA-2019-4871 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update Message-ID: <1f2119e9-290c-f8b2-f865-f3e81dc314a0@oracle.com> Oracle Linux Security Advisory ELSA-2019-4871 http://linux.oracle.com/errata/ELSA-2019-4871.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-firmware-3.8.13-118.41.1.el6uek.noarch.rpm kernel-uek-doc-3.8.13-118.41.1.el6uek.noarch.rpm kernel-uek-3.8.13-118.41.1.el6uek.x86_64.rpm kernel-uek-devel-3.8.13-118.41.1.el6uek.x86_64.rpm kernel-uek-debug-devel-3.8.13-118.41.1.el6uek.x86_64.rpm kernel-uek-debug-3.8.13-118.41.1.el6uek.x86_64.rpm dtrace-modules-3.8.13-118.41.1.el6uek-0.4.5-3.el6.x86_64.rpm SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-3.8.13-118.41.1.el6uek.src.rpm http://oss.oracle.com/ol6/SRPMS-updates/dtrace-modules-3.8.13-118.41.1.el6uek-0.4.5-3.el6.src.rpm Description of changes: kernel-uek [3.8.13-118.41.1.el6uek] - x86/speculation: Determine swapgs before alternative instructions are set (Patrick Colp) [Orabug: 30379626] - ieee802154: enforce CAP_NET_RAW for raw sockets (Allen Pais) [Orabug: 30444947] {CVE-2019-17053} - mISDN: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30445159] {CVE-2019-17055} - net: sit: fix memory leak in sit_init_net() (Mao Wenan) [Orabug: 30445307] {CVE-2019-16994} - media: dvb: usb: fix use after free in dvb_usb_device_exit (Oliver Neukum) [Orabug: 30490492] {CVE-2019-15213} - media: cpia2_usb: first wake up, then free in disconnect (Oliver Neukum) [Orabug: 30511742] {CVE-2019-15215} - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Vandana BN) [Orabug: 30532775] {CVE-2019-15217} - USB: sisusbvga: fix oops in error path of sisusb_probe (Oliver Neukum) [Orabug: 30548566] {CVE-2019-15219} From el-errata at oss.oracle.com Mon Dec 9 15:17:30 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 9 Dec 2019 15:17:30 -0800 Subject: [El-errata] ELSA-2019-4872 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2019-4872 http://linux.oracle.com/errata/ELSA-2019-4872.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: i386: kernel-uek-2.6.39-400.317.1.el6uek.i686.rpm kernel-uek-debug-2.6.39-400.317.1.el6uek.i686.rpm kernel-uek-debug-devel-2.6.39-400.317.1.el6uek.i686.rpm kernel-uek-devel-2.6.39-400.317.1.el6uek.i686.rpm kernel-uek-doc-2.6.39-400.317.1.el6uek.noarch.rpm kernel-uek-firmware-2.6.39-400.317.1.el6uek.noarch.rpm x86_64: kernel-uek-firmware-2.6.39-400.317.1.el6uek.noarch.rpm kernel-uek-doc-2.6.39-400.317.1.el6uek.noarch.rpm kernel-uek-2.6.39-400.317.1.el6uek.x86_64.rpm kernel-uek-devel-2.6.39-400.317.1.el6uek.x86_64.rpm kernel-uek-debug-devel-2.6.39-400.317.1.el6uek.x86_64.rpm kernel-uek-debug-2.6.39-400.317.1.el6uek.x86_64.rpm SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-2.6.39-400.317.1.el6uek.src.rpm Description of changes: [2.6.39-400.317.1.el6uek] - ieee802154: enforce CAP_NET_RAW for raw sockets (Allen Pais) [Orabug: 30444948] {CVE-2019-17053} - mISDN: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30445161] {CVE-2019-17055} - net: sit: fix memory leak in sit_init_net() (Mao Wenan) [Orabug: 30445309] {CVE-2019-16994} - media: dvb: usb: fix use after free in dvb_usb_device_exit (Oliver Neukum) [Orabug: 30490493] {CVE-2019-15213} - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Vandana BN) [Orabug: 30532776] {CVE-2019-15217} - USB: sisusbvga: fix oops in error path of sisusb_probe (Oliver Neukum) [Orabug: 30548567] {CVE-2019-15219} From el-errata at oss.oracle.com Mon Dec 9 15:17:57 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 9 Dec 2019 15:17:57 -0800 Subject: [El-errata] ELSA-2019-4872 Important: Oracle Linux 5 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update Message-ID: <323a6173-4e4b-7d20-f2cf-db786091632b@oracle.com> Oracle Linux Security Advisory ELSA-2019-4872 http://linux.oracle.com/errata/ELSA-2019-4872.html The following updated rpms for Oracle Linux 5 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network: i386: kernel-uek-2.6.39-400.317.1.el5uek.i686.rpm kernel-uek-debug-2.6.39-400.317.1.el5uek.i686.rpm kernel-uek-debug-devel-2.6.39-400.317.1.el5uek.i686.rpm kernel-uek-devel-2.6.39-400.317.1.el5uek.i686.rpm kernel-uek-doc-2.6.39-400.317.1.el5uek.noarch.rpm kernel-uek-firmware-2.6.39-400.317.1.el5uek.noarch.rpm x86_64: kernel-uek-firmware-2.6.39-400.317.1.el5uek.noarch.rpm kernel-uek-doc-2.6.39-400.317.1.el5uek.noarch.rpm kernel-uek-2.6.39-400.317.1.el5uek.x86_64.rpm kernel-uek-devel-2.6.39-400.317.1.el5uek.x86_64.rpm kernel-uek-debug-devel-2.6.39-400.317.1.el5uek.x86_64.rpm kernel-uek-debug-2.6.39-400.317.1.el5uek.x86_64.rpm Description of changes: [2.6.39-400.317.1.el5uek] - ieee802154: enforce CAP_NET_RAW for raw sockets (Allen Pais) [Orabug: 30444948] {CVE-2019-17053} - mISDN: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30445161] {CVE-2019-17055} - net: sit: fix memory leak in sit_init_net() (Mao Wenan) [Orabug: 30445309] {CVE-2019-16994} - media: dvb: usb: fix use after free in dvb_usb_device_exit (Oliver Neukum) [Orabug: 30490493] {CVE-2019-15213} - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Vandana BN) [Orabug: 30532776] {CVE-2019-15217} - USB: sisusbvga: fix oops in error path of sisusb_probe (Oliver Neukum) [Orabug: 30548567] {CVE-2019-15219} From el-errata at oss.oracle.com Mon Dec 9 17:43:29 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 9 Dec 2019 17:43:29 -0800 Subject: [El-errata] ELSA-2019-4114 Important: Oracle Linux 8 nss security update Message-ID: <2043be0c-0bdc-fbf8-6efc-3c42417522f1@oracle.com> Oracle Linux Security Advisory ELSA-2019-4114 http://linux.oracle.com/errata/ELSA-2019-4114.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: nss-3.44.0-9.el8_1.i686.rpm nss-3.44.0-9.el8_1.x86_64.rpm nss-devel-3.44.0-9.el8_1.i686.rpm nss-devel-3.44.0-9.el8_1.x86_64.rpm nss-softokn-3.44.0-9.el8_1.i686.rpm nss-softokn-3.44.0-9.el8_1.x86_64.rpm nss-softokn-devel-3.44.0-9.el8_1.i686.rpm nss-softokn-devel-3.44.0-9.el8_1.x86_64.rpm nss-softokn-freebl-3.44.0-9.el8_1.i686.rpm nss-softokn-freebl-3.44.0-9.el8_1.x86_64.rpm nss-softokn-freebl-devel-3.44.0-9.el8_1.i686.rpm nss-softokn-freebl-devel-3.44.0-9.el8_1.x86_64.rpm nss-sysinit-3.44.0-9.el8_1.x86_64.rpm nss-tools-3.44.0-9.el8_1.x86_64.rpm nss-util-3.44.0-9.el8_1.i686.rpm nss-util-3.44.0-9.el8_1.x86_64.rpm nss-util-devel-3.44.0-9.el8_1.i686.rpm nss-util-devel-3.44.0-9.el8_1.x86_64.rpm aarch64: nss-3.44.0-9.el8_1.aarch64.rpm nss-devel-3.44.0-9.el8_1.aarch64.rpm nss-softokn-3.44.0-9.el8_1.aarch64.rpm nss-softokn-devel-3.44.0-9.el8_1.aarch64.rpm nss-softokn-freebl-3.44.0-9.el8_1.aarch64.rpm nss-softokn-freebl-devel-3.44.0-9.el8_1.aarch64.rpm nss-sysinit-3.44.0-9.el8_1.aarch64.rpm nss-tools-3.44.0-9.el8_1.aarch64.rpm nss-util-3.44.0-9.el8_1.aarch64.rpm nss-util-devel-3.44.0-9.el8_1.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/nss-3.44.0-9.el8_1.src.rpm Description of changes: [3.44.0-9] - Fix out-of-bounds write in NSC_EncryptUpdate (#1775912) From el-errata at oss.oracle.com Wed Dec 11 05:06:17 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 11 Dec 2019 14:06:17 +0100 Subject: [El-errata] New Ksplice updates for UEKR2 2.6.39 on OL5 and OL6 (ELSA-2019-4872) Message-ID: <201912111306.xBBD6MKh019545@aserv0121.oracle.com> Synopsis: ELSA-2019-4872 can now be patched using Ksplice CVEs: CVE-2019-15213 CVE-2019-15217 CVE-2019-15219 CVE-2019-16994 CVE-2019-17053 CVE-2019-17055 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2019-4872. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2019-4872.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running UEKR2 2.6.39 on OL5 and OL6 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2019-15219: Denial-of-service in USB 2.0 SVGA dongle driver when using a malicious USB device. A logic error in USB 2.0 SVGA dongle driver could lead to a NULL pointer dereference. A local attacker could use this flaw and a malicious USB device to cause a denial-of-service. Orabug: 30548567 * CVE-2019-15217: NULL pointer deference when using USB ZR364XX Camera driver. A missing check when querying capabilities of USB ZR364XX Camera device from user space could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. Orabug: 30532776 * CVE-2019-15213: Denial-of-service when removing a USB DVB device. A use-after-free when releasing a USB DVB device could lead to a kernel crash. An attacker could exploit this to cause a denial-of-service by plugging in a malicious USB device. Orabug: 30490493 * CVE-2019-16994: Denial-of-service in IPv6-in-IPv4 tunnel registration. A missing free of resources when registering an IPv6-in-IPv4 tunnel fails could lead to a memory leak. A local attacker could use this flaw to exhaust kernel memory and cause a denial-of-service. Orabug: 30445309 * CVE-2019-17055: Permission bypass when creating a Modular ISDN socket. A missing check on user capabilities when creating a Modular ISDN socket could lead to a permission bypass. Orabug: 30445161 * CVE-2019-17053: Permission bypass when creating a IEEE 802.15.4 socket. A missing check on user capabilities when creating a IEEE 802.15.4 socket could lead to a permission bypass. Orabug: 30444948 SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Wed Dec 11 06:58:04 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 11 Dec 2019 14:58:04 GMT Subject: [El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2019-4870) Message-ID: <2wtk2hp238-1@userp3030.oracle.com> Synopsis: ELSA-2019-4870 can now be patched using Ksplice CVEs: CVE-2019-15219 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2019-4870. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2019-4870.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on OL6 and OL7 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2019-15219: Denial-of-service in USB 2.0 SVGA dongle driver when using a malicious USB device. A logic error in USB 2.0 SVGA dongle driver could lead to a NULL pointer deference. A local attacker could use this flaw and a malicious USB device to cause a denial-of-service. Orabug: 30548565 * Kernel hang in block layer during CPU hotplug. Excessive warning logging in the block layer could result in a flood of kernel messages and deadlock during CPU hotplug under specific conditions. Orabug: 30273956 * Reduced throughput in loopback disk devices. Failure to set the maximum number of hardware sectors on a loopback device could result in excessive operation fragmentation and suboptimal performance on some backing devices. Orabug: 30244514 SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Wed Dec 11 07:00:54 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 11 Dec 2019 15:00:54 +0000 Subject: [El-errata] New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2019-4871) Message-ID: <20191211150054.GI19109@cedar> Synopsis: ELSA-2019-4871 can now be patched using Ksplice CVEs: CVE-2019-1125 CVE-2019-15213 CVE-2019-15215 CVE-2019-15217 CVE-2019-15219 CVE-2019-16994 CVE-2019-17053 CVE-2019-17055 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2019-4871. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2019-4871.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running UEKR3 3.8.13 on OL6 and OL7 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2019-15219: Denial-of-service in USB 2.0 SVGA dongle driver when using a malicious USB device. A logic error in USB 2.0 SVGA dongle driver could lead to a NULL pointer dereference. A local attacker could use this flaw and a malicious USB device to cause a denial-of-service. Orabug: 30548566 * CVE-2019-15217: NULL pointer deference when using USB ZR364XX Camera driver. A missing check when querying capabilities of USB ZR364XX Camera device from user space could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. Orabug: 30532775 * CVE-2019-15215: Denial-of-service when disconnecting CPiA2 USB camera. A use-after-free vulnerability in the V4L2 interface for CPiA2 USB camera allows a malicious USB device to crash the kernel. An attacker could exploit this to cause a denial-of-service. Orabug: 30511742 * CVE-2019-15213: Denial-of-service when removing a USB DVB device. A use-after-free when releasing a USB DVB device could lead to a kernel crash. An attacker could exploit this to cause a denial-of-service by plugging in a malicious USB device. Orabug: 30490492 * CVE-2019-16994: Denial-of-service in IPv6-in-IPv4 tunnel registration. A missing free of resources when registering an IPv6-in-IPv4 tunnel fails could lead to a memory leak. A local attacker could use this flaw to exhaust kernel memory and cause a denial-of-service. Orabug: 30445307 * CVE-2019-17055: Permission bypass when creating a Modular ISDN socket. A missing check on user capabilities when creating a Modular ISDN socket could lead to a permission bypass. Orabug: 30445159 * CVE-2019-17053: Permission bypass when creating a IEEE 802.15.4 socket. A missing check on user capabilities when creating a IEEE 802.15.4 socket could lead to a permission bypass. Orabug: 30444947 * Improved fix to CVE-2019-1125: Information leak in kernel entry code when swapping GS. The original CVE-2019-1125 did not correctly handle late microcode updates resulting in a missing mitigation if the microcode was loaded after boot time. Orabug: 30379626 SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Wed Dec 11 15:20:19 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 11 Dec 2019 15:20:19 -0800 Subject: [El-errata] ELSA-2019-4148 Important: Oracle Linux 7 thunderbird security update Message-ID: Oracle Linux Security Advisory ELSA-2019-4148 http://linux.oracle.com/errata/ELSA-2019-4148.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: thunderbird-68.3.0-1.0.1.el7_7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/thunderbird-68.3.0-1.0.1.el7_7.src.rpm Description of changes: [68.3.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.3.0-1] - Update to 68.3.0 build2 [68.2.0-2] - Added patch for TLS 1.3 support. From el-errata at oss.oracle.com Wed Dec 11 15:20:37 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 11 Dec 2019 15:20:37 -0800 Subject: [El-errata] ELBA-2019-4150 Oracle Linux 7 python-requests bug fix update Message-ID: <7e174d15-5168-2aae-7cb2-93d212aa68fa@oracle.com> Oracle Linux Bug Fix Advisory ELBA-2019-4150 http://linux.oracle.com/errata/ELBA-2019-4150.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: python-requests-2.6.0-8.el7_7.noarch.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/python-requests-2.6.0-8.el7_7.src.rpm Description of changes: [2.6.0-8] - Import urllib3 and chardet from the global namespace Resolves: rhbz#1776294 From el-errata at oss.oracle.com Wed Dec 11 15:20:55 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 11 Dec 2019 15:20:55 -0800 Subject: [El-errata] ELSA-2019-4195 Important: Oracle Linux 8 thunderbird security update Message-ID: Oracle Linux Security Advisory ELSA-2019-4195 http://linux.oracle.com/errata/ELSA-2019-4195.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: thunderbird-68.3.0-2.0.1.el8_1.x86_64.rpm aarch64: SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/thunderbird-68.3.0-2.0.1.el8_1.src.rpm Description of changes: [68.3.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.3.0-2] - Update to 68.3.0 build2 [68.2.0-2] - Added patch for TLS 1.3 support. From el-errata at oss.oracle.com Wed Dec 11 15:21:13 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 11 Dec 2019 15:21:13 -0800 Subject: [El-errata] ELEA-2019-4194 Oracle Linux 8 microcode_ctl bug fix and enhancement update Message-ID: Oracle Linux Enhancement Advisory ELEA-2019-4194 http://linux.oracle.com/errata/ELEA-2019-4194.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: microcode_ctl-20190618-1.20191115.3.el8_1.x86_64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/microcode_ctl-20190618-1.20191115.3.el8_1.src.rpm Description of changes: [4:20190618-1.20191115.3] - Update stale posttrans dependency, add triggers for proper handling of the debug kernel flavour along with kernel-rt (#1780009). [4:20190618-1.20191115.2] - Do not update 06-55-04 (SKL-SP/W/X) to revision 0x2000065, use 0x2000064 by default. [4:20190618-1.20191115.1] - Update Intel CPU microcode to microcode-20191115 release: - Update of 06-4e-03/0xc0 (SKL-U/Y D0) from revision 0xd4 up to 0xd6; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 R0/N0) from revision 0xd4 up to 0xd6; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) from revision 0xc6 up to 0xca; - Update of 06-8e-09/0xc0 (KBL-U/Y H0) from revision 0xc6 up to 0xca; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0) from revision 0xc6 up to 0xca; - Update of 06-8e-0b/0xd0 (WHL-U W0) from revision 0xc6 up to 0xca; - Update of 06-8e-0c/0x94 (AML-Y V0, CML-U 4+2 V0, WHL-U V0) from revision 0xc6 up to 0xca; - Update of 06-9e-09/0x2a (KBL-G/X H0, KBL-H/S/Xeon E3 B0) from revision 0xc6 up to 0xca; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) from revision 0xc6 up to 0xca; - Update of 06-9e-0b/0x02 (CFL-S B0) from revision 0xc6 up to 0xca; - Update of 06-9e-0c/0x22 (CFL-S/Xeon E P0) from revision 0xc6 up to 0xca; - Update of 06-9e-0d/0x22 (CFL-H/S R0) from revision 0xc6 up to 0xca; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) from revision 0xc6 up to 0xca. [4:20190618-1.20191113.1] - Update Intel CPU microcode to microcode-20191113 release: - Update of 06-9e-0c (CFL-H/S P0) microcode from revision 0xae up to 0xc6. - Drop 0001-releasenote-changes-summary-fixes.patch. [4:20190618-1.20191112.2] - Package the publicy available microcode-20191112 release (#1758539): - Addition of 06-4d-08/0x1 (AVN B0/C0) microcode at revision 0x12d; - Addition of 06-55-06/0xbf (CSL-SP B0) microcode at revision 0x400002c; - Addition of 06-7a-08/0x1 (GLK R0) microcode at revision 0x16; - Update of 06-55-03/0x97 (SKL-SP B1) microcode from revision 0x1000150 up to 0x1000151; - Update of 06-55-04/0xb7 (SKL-SP H0/M0/U0, SKL-D M1) microcode from revision 0x2000064 up to 0x2000065; - Update of 06-55-07/0xbf (CSL-SP B1) microcode from revision 0x500002b up to 0x500002c; - Update of 06-7a-01/0x1 (GLK B0) microcode from revision 0x2e up to 0x32; - Include 06-9e-0c (CFL-H/S P0) microcode from the microcode-20190918 release. - Correct the releasenote file (0001-releasenote-changes-summary-fixes.patch). - Update README.caveats with the link to the new Knowledge Base article. From el-errata at oss.oracle.com Wed Dec 11 15:21:44 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 11 Dec 2019 15:21:44 -0800 Subject: [El-errata] ELSA-2019-4152 Important: Oracle Linux 6 nss-softokn security update Message-ID: <84350bab-db55-427d-3c0e-635208f1568b@oracle.com> Oracle Linux Security Advisory ELSA-2019-4152 http://linux.oracle.com/errata/ELSA-2019-4152.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: i386: nss-softokn-3.44.0-6.0.1.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.0.1.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.0.1.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.0.1.el6_10.i686.rpm x86_64: nss-softokn-3.44.0-6.0.1.el6_10.i686.rpm nss-softokn-3.44.0-6.0.1.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.0.1.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.0.1.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.0.1.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.0.1.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.0.1.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.0.1.el6_10.x86_64.rpm SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/nss-softokn-3.44.0-6.0.1.el6_10.src.rpm Description of changes: [3.44.0-6.0.1] - Add fips140-2 DSA Known Answer Test fix [Orabug 26696773] - Add fips140-2 ECDSA/RSA/DSA Pairwise Consistency Test fix [Orabug 26617866], [Orabug 26617833], [Orabug 26617780] [3.44.0-6] - Fix out-of-bounds write in NSC_EncryptUpdate (#1775909) From el-errata at oss.oracle.com Wed Dec 11 15:23:02 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 11 Dec 2019 15:23:02 -0800 Subject: [El-errata] ELBA-2019-4150 Oracle Linux 7 python-requests bug fix update (aarch64) Message-ID: Oracle Linux Bug Fix Advisory ELBA-2019-4150 http://linux.oracle.com/errata/ELBA-2019-4150.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: aarch64: python-requests-2.6.0-8.el7_7.noarch.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/python-requests-2.6.0-8.el7_7.src.rpm Description of changes: [2.6.0-8] - Import urllib3 and chardet from the global namespace Resolves: rhbz#1776294 From el-errata at oss.oracle.com Wed Dec 11 15:23:38 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 11 Dec 2019 15:23:38 -0800 Subject: [El-errata] ELSA-2019-4148 Important: Oracle Linux 7 thunderbird security update (aarch64) Message-ID: Oracle Linux Security Advisory ELSA-2019-4148 http://linux.oracle.com/errata/ELSA-2019-4148.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: aarch64: thunderbird-68.3.0-1.0.1.el7_7.aarch64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/thunderbird-68.3.0-1.0.1.el7_7.src.rpm Description of changes: [68.3.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.3.0-1] - Update to 68.3.0 build2 [68.2.0-2] - Added patch for TLS 1.3 support. From el-errata at oss.oracle.com Wed Dec 11 19:00:19 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 11 Dec 2019 19:00:19 -0800 Subject: [El-errata] ELSA-2019-4190 Important: Oracle Linux 7 nss, nss-softokn, nss-util security update Message-ID: Oracle Linux Security Advisory ELSA-2019-4190 http://linux.oracle.com/errata/ELSA-2019-4190.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: nss-3.44.0-7.el7_7.i686.rpm nss-3.44.0-7.el7_7.x86_64.rpm nss-devel-3.44.0-7.el7_7.i686.rpm nss-devel-3.44.0-7.el7_7.x86_64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm nss-softokn-3.44.0-8.0.1.el7_7.i686.rpm nss-softokn-3.44.0-8.0.1.el7_7.x86_64.rpm nss-softokn-devel-3.44.0-8.0.1.el7_7.i686.rpm nss-softokn-devel-3.44.0-8.0.1.el7_7.x86_64.rpm nss-softokn-freebl-3.44.0-8.0.1.el7_7.i686.rpm nss-softokn-freebl-3.44.0-8.0.1.el7_7.x86_64.rpm nss-softokn-freebl-devel-3.44.0-8.0.1.el7_7.i686.rpm nss-softokn-freebl-devel-3.44.0-8.0.1.el7_7.x86_64.rpm nss-sysinit-3.44.0-7.el7_7.x86_64.rpm nss-tools-3.44.0-7.el7_7.x86_64.rpm nss-util-3.44.0-4.el7_7.i686.rpm nss-util-3.44.0-4.el7_7.x86_64.rpm nss-util-devel-3.44.0-4.el7_7.i686.rpm nss-util-devel-3.44.0-4.el7_7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/nss-3.44.0-7.el7_7.src.rpm http://oss.oracle.com/ol7/SRPMS-updates/nss-softokn-3.44.0-8.0.1.el7_7.src.rpm http://oss.oracle.com/ol7/SRPMS-updates/nss-util-3.44.0-4.el7_7.src.rpm Description of changes: nss [3.44.0-7] - Increase timeout on ssl_gtest so that slow platforms can complete when running on a busy system. [3.44.0-6] - back out out-of-bounds patch (patch for nss-softokn). - Fix segfault on empty or malformed ecdh keys (#1777712) [3.44.0-5] - Fix out-of-bounds write in NSC_EncryptUpdate (#1775910) nss-softokn [3.44.0-8.0.1] - Add fips140-2 DSA Known Answer Test fix [Orabug: 26679337] - Add fips140-2 ECDSA/RSA/DSA Pairwise Consistency Test fix [Orabug: 26617814], [Orabug: 26617879], [Orabug: 26617849] [3.44.0-8] - Fix segfault on empty or malformed ecdh keys (#1777712) [3.44.0-7] - Fix out-of-bounds write in NSC_EncryptUpdate (#1775911,#1775910) [3.44.0-6] - Fix fipstest to use the standard mechanism for TLS 1.2 PRF nss-util [3.44.0-4] - Fix segfault on empty or malformed ecdh keys (#1777712) From el-errata at oss.oracle.com Wed Dec 11 19:00:35 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 11 Dec 2019 19:00:35 -0800 Subject: [El-errata] ELSA-2019-4148 Important: Oracle Linux 7 thunderbird security update (aarch64) Message-ID: <1198ee3b-e3be-6f16-4219-f06d9723d9f3@oracle.com> Oracle Linux Security Advisory ELSA-2019-4148 http://linux.oracle.com/errata/ELSA-2019-4148.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: aarch64: thunderbird-68.3.0-1.0.1.el7_7.aarch64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/thunderbird-68.3.0-1.0.1.el7_7.src.rpm Description of changes: [68.3.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.3.0-1] - Update to 68.3.0 build2 [68.2.0-2] - Added patch for TLS 1.3 support. From el-errata at oss.oracle.com Wed Dec 11 19:04:49 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 11 Dec 2019 19:04:49 -0800 Subject: [El-errata] ELSA-2019-4190 Important: Oracle Linux 7 nss, nss-softokn, nss-util security update (aarch64) Message-ID: <160abf0e-9915-ae93-b38c-004c586d8941@oracle.com> Oracle Linux Security Advisory ELSA-2019-4190 http://linux.oracle.com/errata/ELSA-2019-4190.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: aarch64: nss-3.44.0-7.el7_7.aarch64.rpm nss-devel-3.44.0-7.el7_7.aarch64.rpm nss-sysinit-3.44.0-7.el7_7.aarch64.rpm nss-tools-3.44.0-7.el7_7.aarch64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.aarch64.rpm nss-softokn-3.44.0-8.0.1.el7_7.aarch64.rpm nss-softokn-devel-3.44.0-8.0.1.el7_7.aarch64.rpm nss-softokn-freebl-3.44.0-8.0.1.el7_7.aarch64.rpm nss-softokn-freebl-devel-3.44.0-8.0.1.el7_7.aarch64.rpm nss-util-3.44.0-4.el7_7.aarch64.rpm nss-util-devel-3.44.0-4.el7_7.aarch64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/nss-3.44.0-7.el7_7.src.rpm http://oss.oracle.com/ol7/SRPMS-updates/nss-softokn-3.44.0-8.0.1.el7_7.src.rpm http://oss.oracle.com/ol7/SRPMS-updates/nss-util-3.44.0-4.el7_7.src.rpm Description of changes: nss [3.44.0-7] - Increase timeout on ssl_gtest so that slow platforms can complete when running on a busy system. [3.44.0-6] - back out out-of-bounds patch (patch for nss-softokn). - Fix segfault on empty or malformed ecdh keys (#1777712) [3.44.0-5] - Fix out-of-bounds write in NSC_EncryptUpdate (#1775910) nss-softokn [3.44.0-8.0.1] - Add fips140-2 DSA Known Answer Test fix [Orabug: 26679337] - Add fips140-2 ECDSA/RSA/DSA Pairwise Consistency Test fix [Orabug: 26617814], [Orabug: 26617879], [Orabug: 26617849] [3.44.0-8] - Fix segfault on empty or malformed ecdh keys (#1777712) [3.44.0-7] - Fix out-of-bounds write in NSC_EncryptUpdate (#1775911,#1775910) [3.44.0-6] - Fix fipstest to use the standard mechanism for TLS 1.2 PRF nss-util [3.44.0-4] - Fix segfault on empty or malformed ecdh keys (#1777712) From el-errata at oss.oracle.com Fri Dec 13 07:05:13 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Dec 2019 16:05:13 +0100 Subject: [El-errata] New Ksplice updates for Oracle Enhanced RHCK 7 (ELBA-2019-3872-1) Message-ID: <201912131505.xBDF5Ku1031642@aserv0122.oracle.com> Synopsis: ELBA-2019-3872-1 can now be patched using Ksplice CVEs: CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-11135 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Bug Fix Advisory, ELBA-2019-3872-1. More information about this errata can be found at https://linux.oracle.com/errata/ELBA-2019-3872-1.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running Oracle Enhanced RHCK 7 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2018-12207: Machine Check Exception on page size change. A hardware bug in Intel x86 processors can result in a Machine Check Exception when a page table mapping for currently executing instructions is changed. A privileged user in a guest VM could use this flaw to crash the host, leading to a denial-of-service. * CVE-2019-11135: Side-channel information leak in Intel TSX. A side-channel information leak on some generations of Intel processors could allow the leaking of internal microarchitectural buffers during asynchronous aborts in a TSX transaction. For CPUs that are vulnerable to Microarchitectural Data Sampling, existing mitigations cover CVE-2019-11135, for newer CPUs with hardware fixes for MDS, TSX is transparently disabled. On these newer CPUs, TSX functionality can be restored by writing 0 to /sys/kernel/debug/x86/tsx_force_abort. * CVE-2019-0155: Privilege escalation in Intel i915 graphics driver. Missing validation of MMIO commands to the Intel i915 device driver could result in illicit page table modifications. An attacker could use this to access sensitive information or elevate privileges. * CVE-2019-0154: Denial-of-service in Intel i915 graphics driver. Due to a hardware error, the Intel i915 device state could get corrupted. A malicious user could use this to cause denial-of-service. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Fri Dec 13 08:44:19 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Dec 2019 08:44:19 -0800 Subject: [El-errata] ELSA-2019-4878 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2019-4878 http://linux.oracle.com/errata/ELSA-2019-4878.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-4.14.35-1902.8.4.el7uek.x86_64.rpm kernel-uek-debug-4.14.35-1902.8.4.el7uek.x86_64.rpm kernel-uek-debug-devel-4.14.35-1902.8.4.el7uek.x86_64.rpm kernel-uek-devel-4.14.35-1902.8.4.el7uek.x86_64.rpm kernel-uek-tools-4.14.35-1902.8.4.el7uek.x86_64.rpm kernel-uek-doc-4.14.35-1902.8.4.el7uek.noarch.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1902.8.4.el7uek.src.rpm Description of changes: [4.14.35-1902.8.4.el7uek] - Revert "oled: give panic handler chance to run before kexec" (John Donnelly) [Orabug: 30594702] - Revert "oled: export symbols" (John Donnelly) [Orabug: 30594702] - net/rds: Recycle RDS headers to speed up connection fail over (Ka-Cheong Poon) [Orabug: 30628735] - net/rds: Reduce RDS headers de-allocation time (Ka-Cheong Poon) [Orabug: 30628735] - net/rds: Should use rds_rtd_ptr() to trace pointer value (Ka-Cheong Poon) [Orabug: 30628735] [4.14.35-1902.8.3.el7uek] - rds: Disable heartbeat by default (H?kon Bugge) [Orabug: 30580080] [4.14.35-1902.8.2.el7uek] - rds:ib: Set RoCE ACK timeout before resolving route (Dag Moxnes) [Orabug: 30581176] - RDMA/cma: Use ACK timeout for RoCE packetLifeTime (Dag Moxnes) [Orabug: 30581176] - x86/hyperv: Make vapic support x2apic mode (Roman Kagan) [Orabug: 30571044] - PCI: hv: Refactor hv_irq_unmask() to use cpumask_to_vpset() (Maya Nakamura) [Orabug: 30571044] - PCI: hv: Replace hv_vp_set with hv_vpset (Maya Nakamura) [Orabug: 30571044] - PCI: hv: Add __aligned(8) to struct retarget_msi_interrupt (Maya Nakamura) [Orabug: 30571044] - MAINTAINERS: Add Hyper-V IOMMU driver into Hyper-V CORE AND DRIVERS scope (Lan Tianyu) [Orabug: 30571044] - iommu/hyper-v: Add Hyper-V stub IOMMU driver (Lan Tianyu) [Orabug: 30571044] - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (Lan Tianyu) [Orabug: 30571044] - x86/apic: Provide apic_ack_irq() (Thomas Gleixner) [Orabug: 30571044] - rds: ib: update WR sizes when bringing up connection (Dag Moxnes) [Orabug: 30572790] - USB: sisusbvga: fix oops in error path of sisusb_probe (Oliver Neukum) [Orabug: 30548564] {CVE-2019-15219} - block-mq: fix hung due to too much warning log (Junxiao Bi) [Orabug: 30544816] - oled: export symbols (Wengang Wang) [Orabug: 30550387] - oled: give panic handler chance to run before kexec (Wengang Wang) [Orabug: 30550387] [4.14.35-1902.8.1.el7uek] - ocfs2: protect extent tree in ocfs2_prepare_inode_for_write() (Shuning Zhang) [Orabug: 30545335] - kvm: mmu: ITLB_MULTIHIT mitigation selection (Kanth Ghatraju) [Orabug: 30539764] - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (Josh Poimboeuf) [Orabug: 30539764] - cpu/speculation: Uninline and export CPU mitigations helpers (Tyler Hicks) [Orabug: 30539764] - x86/speculation/taa: Fix for mitigation for TSX Async Abort (Kanth Ghatraju) [Orabug: 30533711] - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Vandana BN) [Orabug: 30532773] {CVE-2019-15217} - x86: cpu: bugs.c: Fix compile error when CONFIG_XEN=n (Aaron Young) [Orabug: 30516915] - SUNRPC: Remove xprt_connect_status() (Trond Myklebust) [Orabug: 30513391] - SUNRPC: Handle ENETDOWN errors (Trond Myklebust) [Orabug: 30513391] - x86/platform/uv: Account for UV Hubless in is_uvX_hub Ops (Mike Travis) [Orabug: 30518602] - x86/platform/uv: Check EFI Boot to set reboot type (Mike Travis) [Orabug: 30518602] - x86/platform/uv: Decode UVsystab Info (Mike Travis) [Orabug: 30518602] - x86/platform/uv: Add UV Hubbed/Hubless Proc FS Files (Mike Travis) [Orabug: 30518602] - x86/platform/uv: Setup UV functions for Hubless UV Systems (Mike Travis) [Orabug: 30518602] - x86/platform/uv: Add return code to UV BIOS Init function (Mike Travis) [Orabug: 30518602] - x86/platform/uv: Return UV Hubless System Type (Mike Travis) [Orabug: 30518602] - x86/platform/uv: Save OEM_ID from ACPI MADT probe (Mike Travis) [Orabug: 30518602] [4.14.35-1902.8.0.1.sn.el7uek] - rds: ib: Improve neighbor cache flush throttling (Dag Moxnes) [Orabug: 30472626] - KVM: VMX: Do not change PID.NDST when loading a blocked vCPU (Joao Martins) [Orabug: 30512558] - KVM: x86: Recompute PID.ON when clearing PID.SN (Joao Martins) [Orabug: 30512558] - Revert "KVM: VMX: sync pending posted interrupts based on PIR" (Joao Martins) [Orabug: 30512558] - cpuidle: haltpoll: Take 'idle=' override into account (Zhenzhong Duan) [Orabug: 30519673] - media: cpia2_usb: first wake up, then free in disconnect (Oliver Neukum) [Orabug: 30511740] {CVE-2019-15215} - rds: ib: __flush_neigh_conn error messages in syslog during failover/failback (Dag Moxnes) [Orabug: 30499609] - kdump: decouple trace_extern_vmcoreinfo_setup from CONFIG_TRACING (Dave Kleikamp) [Orabug: 30493478] - media: dvb: usb: fix use after free in dvb_usb_device_exit (Oliver Neukum) [Orabug: 30490490] {CVE-2019-15213} - net: sit: fix memory leak in sit_init_net() (Mao Wenan) [Orabug: 30445304] {CVE-2019-16994} - mISDN: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30445156] {CVE-2019-17055} - ieee802154: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30444945] {CVE-2019-17053} - net: hsr: fix memory leak in hsr_dev_finalize() (Mao Wenan) [Orabug: 30444852] {CVE-2019-16995} - vhost/vsock: fix uninitialized vhost_vsock->guest_cid (Stefan Hajnoczi) [Orabug: 30339795] - fm10k: Fix a potential NULL pointer dereference (Yue Haibing) [Orabug: 30322694] {CVE-2019-15924} - x86/apic: Get rid of multi CPU affinity (Thomas Gleixner) [Orabug: 29645216] - rds: ib: need to flush neighbor cache for local peer connections on failover (Dag Moxnes) [Orabug: 30472629] From el-errata at oss.oracle.com Fri Dec 13 08:44:39 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 13 Dec 2019 08:44:39 -0800 Subject: [El-errata] ELSA-2019-4878 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64) Message-ID: <4bb8c7b3-4e54-e709-c1b3-6d6a3c8db461@oracle.com> Oracle Linux Security Advisory ELSA-2019-4878 http://linux.oracle.com/errata/ELSA-2019-4878.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: aarch64: kernel-uek-4.14.35-1902.8.4.el7uek.aarch64.rpm kernel-uek-debug-4.14.35-1902.8.4.el7uek.aarch64.rpm kernel-uek-debug-devel-4.14.35-1902.8.4.el7uek.aarch64.rpm kernel-uek-devel-4.14.35-1902.8.4.el7uek.aarch64.rpm kernel-uek-tools-4.14.35-1902.8.4.el7uek.aarch64.rpm kernel-uek-tools-libs-4.14.35-1902.8.4.el7uek.aarch64.rpm kernel-uek-tools-libs-devel-4.14.35-1902.8.4.el7uek.aarch64.rpm perf-4.14.35-1902.8.4.el7uek.aarch64.rpm python-perf-4.14.35-1902.8.4.el7uek.aarch64.rpm kernel-uek-headers-4.14.35-1902.8.4.el7uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1902.8.4.el7uek.src.rpm Description of changes: [4.14.35-1902.8.4.el7uek] - Revert "oled: give panic handler chance to run before kexec" (John Donnelly) [Orabug: 30594702] - Revert "oled: export symbols" (John Donnelly) [Orabug: 30594702] - net/rds: Recycle RDS headers to speed up connection fail over (Ka-Cheong Poon) [Orabug: 30628735] - net/rds: Reduce RDS headers de-allocation time (Ka-Cheong Poon) [Orabug: 30628735] - net/rds: Should use rds_rtd_ptr() to trace pointer value (Ka-Cheong Poon) [Orabug: 30628735] [4.14.35-1902.8.3.el7uek] - rds: Disable heartbeat by default (H?kon Bugge) [Orabug: 30580080] [4.14.35-1902.8.2.el7uek] - rds:ib: Set RoCE ACK timeout before resolving route (Dag Moxnes) [Orabug: 30581176] - RDMA/cma: Use ACK timeout for RoCE packetLifeTime (Dag Moxnes) [Orabug: 30581176] - x86/hyperv: Make vapic support x2apic mode (Roman Kagan) [Orabug: 30571044] - PCI: hv: Refactor hv_irq_unmask() to use cpumask_to_vpset() (Maya Nakamura) [Orabug: 30571044] - PCI: hv: Replace hv_vp_set with hv_vpset (Maya Nakamura) [Orabug: 30571044] - PCI: hv: Add __aligned(8) to struct retarget_msi_interrupt (Maya Nakamura) [Orabug: 30571044] - MAINTAINERS: Add Hyper-V IOMMU driver into Hyper-V CORE AND DRIVERS scope (Lan Tianyu) [Orabug: 30571044] - iommu/hyper-v: Add Hyper-V stub IOMMU driver (Lan Tianyu) [Orabug: 30571044] - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (Lan Tianyu) [Orabug: 30571044] - x86/apic: Provide apic_ack_irq() (Thomas Gleixner) [Orabug: 30571044] - rds: ib: update WR sizes when bringing up connection (Dag Moxnes) [Orabug: 30572790] - USB: sisusbvga: fix oops in error path of sisusb_probe (Oliver Neukum) [Orabug: 30548564] {CVE-2019-15219} - block-mq: fix hung due to too much warning log (Junxiao Bi) [Orabug: 30544816] - oled: export symbols (Wengang Wang) [Orabug: 30550387] - oled: give panic handler chance to run before kexec (Wengang Wang) [Orabug: 30550387] [4.14.35-1902.8.1.el7uek] - ocfs2: protect extent tree in ocfs2_prepare_inode_for_write() (Shuning Zhang) [Orabug: 30545335] - kvm: mmu: ITLB_MULTIHIT mitigation selection (Kanth Ghatraju) [Orabug: 30539764] - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (Josh Poimboeuf) [Orabug: 30539764] - cpu/speculation: Uninline and export CPU mitigations helpers (Tyler Hicks) [Orabug: 30539764] - x86/speculation/taa: Fix for mitigation for TSX Async Abort (Kanth Ghatraju) [Orabug: 30533711] - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Vandana BN) [Orabug: 30532773] {CVE-2019-15217} - x86: cpu: bugs.c: Fix compile error when CONFIG_XEN=n (Aaron Young) [Orabug: 30516915] - SUNRPC: Remove xprt_connect_status() (Trond Myklebust) [Orabug: 30513391] - SUNRPC: Handle ENETDOWN errors (Trond Myklebust) [Orabug: 30513391] - x86/platform/uv: Account for UV Hubless in is_uvX_hub Ops (Mike Travis) [Orabug: 30518602] - x86/platform/uv: Check EFI Boot to set reboot type (Mike Travis) [Orabug: 30518602] - x86/platform/uv: Decode UVsystab Info (Mike Travis) [Orabug: 30518602] - x86/platform/uv: Add UV Hubbed/Hubless Proc FS Files (Mike Travis) [Orabug: 30518602] - x86/platform/uv: Setup UV functions for Hubless UV Systems (Mike Travis) [Orabug: 30518602] - x86/platform/uv: Add return code to UV BIOS Init function (Mike Travis) [Orabug: 30518602] - x86/platform/uv: Return UV Hubless System Type (Mike Travis) [Orabug: 30518602] - x86/platform/uv: Save OEM_ID from ACPI MADT probe (Mike Travis) [Orabug: 30518602] [4.14.35-1902.8.0.1.sn.el7uek] - rds: ib: Improve neighbor cache flush throttling (Dag Moxnes) [Orabug: 30472626] - KVM: VMX: Do not change PID.NDST when loading a blocked vCPU (Joao Martins) [Orabug: 30512558] - KVM: x86: Recompute PID.ON when clearing PID.SN (Joao Martins) [Orabug: 30512558] - Revert "KVM: VMX: sync pending posted interrupts based on PIR" (Joao Martins) [Orabug: 30512558] - cpuidle: haltpoll: Take 'idle=' override into account (Zhenzhong Duan) [Orabug: 30519673] - media: cpia2_usb: first wake up, then free in disconnect (Oliver Neukum) [Orabug: 30511740] {CVE-2019-15215} - rds: ib: __flush_neigh_conn error messages in syslog during failover/failback (Dag Moxnes) [Orabug: 30499609] - kdump: decouple trace_extern_vmcoreinfo_setup from CONFIG_TRACING (Dave Kleikamp) [Orabug: 30493478] - media: dvb: usb: fix use after free in dvb_usb_device_exit (Oliver Neukum) [Orabug: 30490490] {CVE-2019-15213} - net: sit: fix memory leak in sit_init_net() (Mao Wenan) [Orabug: 30445304] {CVE-2019-16994} - mISDN: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30445156] {CVE-2019-17055} - ieee802154: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30444945] {CVE-2019-17053} - net: hsr: fix memory leak in hsr_dev_finalize() (Mao Wenan) [Orabug: 30444852] {CVE-2019-16995} - vhost/vsock: fix uninitialized vhost_vsock->guest_cid (Stefan Hajnoczi) [Orabug: 30339795] - fm10k: Fix a potential NULL pointer dereference (Yue Haibing) [Orabug: 30322694] {CVE-2019-15924} - x86/apic: Get rid of multi CPU affinity (Thomas Gleixner) [Orabug: 29645216] - rds: ib: need to flush neighbor cache for local peer connections on failover (Dag Moxnes) [Orabug: 30472629] From el-errata at oss.oracle.com Mon Dec 16 10:10:34 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 16 Dec 2019 18:10:34 GMT Subject: [El-errata] New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2019-4878) Message-ID: <2ww98shwnj-1@aserp3020.oracle.com> Synopsis: ELSA-2019-4878 can now be patched using Ksplice CVEs: CVE-2018-14625 CVE-2019-11135 CVE-2019-15213 CVE-2019-15215 CVE-2019-15217 CVE-2019-15219 CVE-2019-15924 CVE-2019-16994 CVE-2019-16995 CVE-2019-17053 CVE-2019-17055 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2019-4878. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2019-4878.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35 on OL7 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2019-16995: Denial-of-service in HSR networking finalization. Missing resource deallocation in the High-availability Seamless Redundancy network core could result in memory exhaustion and eventual crash. Orabug: 30444852 * CVE-2019-17053: Permission bypass when creating a IEEE 802.15.4 socket. A missing check on user capabilities when creating a IEEE 802.15.4 socket could lead to a permission bypass. Orabug: 30444945 * CVE-2019-17055: Permission bypass when creating a Modular ISDN socket. A missing check on user capabilities when creating a Modular ISDN socket could lead to a permission bypass. Orabug: 30445156 * CVE-2019-16994: Denial-of-service when registering an IPv6-in-IPv4 tunnel. A missing free of resources when registering an IPv6-in-IPv4 tunnel fails could lead to a memory leak. A local attacker could use this flaw to exhaust kernel memory and cause a denial-of-service. Orabug: 30445304 * CVE-2019-15213: Denial-of-service when removing a USB DVB device. A use-after-free when releasing a USB DVB device could lead to a kernel crash. An attacker could exploit this to cause a denial-of-service by plugging in a malicious USB device. Orabug: 30490490 * CVE-2019-15215: Denial-of-service when disconnecting CPiA2 USB camera. A use-after-free vulnerability in the V4L2 interface for CPiA2 USB camera allows a malicious USB device to crash the kernel. An attacker could exploit this to cause a denial-of-service. Orabug: 30511740 * CVE-2019-15217: NULL pointer deference when using USB ZR364XX Camera driver. A missing check when querying capabilities of USB ZR364XX Camera device from user space could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. Orabug: 30532773 * Kernel hang in block layer during CPU hotplug. Excessive warning logging in the block layer could result in a flood of kernel messages and deadlock during CPU hotplug under specific conditions. Orabug: 30544816 * CVE-2019-15219: Denial-of-service in USB 2.0 SVGA dongle driver when using a malicious USB device. A logic error in USB 2.0 SVGA dongle driver could lead to a NULL pointer deference. A local attacker could use this flaw and a malicious USB device to cause a denial-of-service. Orabug: 30548564 * Improved fix to CVE-2018-14625: Kernel information leak when releasing a vsock. A use-after-free bug when releasing an AF_VSOCK socket may allow an attacker to read kernel memory from inside VM guest. This could be exploited to leak privileged information and possibly impersonate AF_VSOCK messages destined to other clients. Orabug: 30339795 * Kernel crash in OCFS2 direct IO cluster allocation. Missing locking when allocating clusters during a direct IO operation could result in triggering a kernel assertion and subsequent crash. Orabug: 30545335 * CVE-2019-15924: Denial-of-service in Intel FM10000 Ethernet Switch module load failure. Missing error handling when creating a workqueue for an Intel FM10000 Ethernet Switch could result in a NULL pointer dereference and kernel crash under specific conditions. Orabug: 30322694 * Missing MDS and Spectre v2 mitigations on EIBRS supported CPUs. On systems that support Enhanced IBRS (EIBRS), the mitigations could be incorrectly set when toggling the symmetric multithreading (SMT) feature at runtime. Orabug: 30539764 * Improved fix to CVE-2019-11135: Side-channel information leak in Intel TSX. The original fix for CVE-2019-11135 did not correctly initialize the TSX mitigation which could result in an incomplete mitigation. Orabug: 30533711 SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Tue Dec 17 04:41:02 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 17 Dec 2019 04:41:02 -0800 Subject: [El-errata] ELSA-2019-4240 Critical: Oracle Linux 7 openslp security update Message-ID: Oracle Linux Security Advisory ELSA-2019-4240 http://linux.oracle.com/errata/ELSA-2019-4240.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: openslp-2.0.0-8.el7_7.i686.rpm openslp-2.0.0-8.el7_7.x86_64.rpm openslp-devel-2.0.0-8.el7_7.i686.rpm openslp-devel-2.0.0-8.el7_7.x86_64.rpm openslp-server-2.0.0-8.el7_7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/openslp-2.0.0-8.el7_7.src.rpm Description of changes: [1:2.0.0-8] - Fix a heap-based buffer overflow vulnerability leading to remote code execution, CVE-2019-5544 Resolves: #1781701 From el-errata at oss.oracle.com Tue Dec 17 04:41:16 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 17 Dec 2019 04:41:16 -0800 Subject: [El-errata] ELSA-2019-4240 Critical: Oracle Linux 7 openslp security update (aarch64) Message-ID: <2eaf42ef-6177-b074-dc7e-bd004634d663@oracle.com> Oracle Linux Security Advisory ELSA-2019-4240 http://linux.oracle.com/errata/ELSA-2019-4240.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: aarch64: openslp-2.0.0-8.el7_7.aarch64.rpm openslp-server-2.0.0-8.el7_7.aarch64.rpm openslp-devel-2.0.0-8.el7_7.aarch64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/openslp-2.0.0-8.el7_7.src.rpm Description of changes: [1:2.0.0-8] - Fix a heap-based buffer overflow vulnerability leading to remote code execution, CVE-2019-5544 Resolves: #1781701 From el-errata at oss.oracle.com Wed Dec 18 06:20:25 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Dec 2019 06:20:25 -0800 Subject: [El-errata] ELBA-2019-4246 Oracle Linux 7 open-vm-tools bug fix update Message-ID: <7e38c480-ab1e-c454-28ce-43ad2b2498e4@oracle.com> Oracle Linux Bug Fix Advisory ELBA-2019-4246 http://linux.oracle.com/errata/ELBA-2019-4246.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: open-vm-tools-10.3.0-2.0.1.el7_7.1.x86_64.rpm open-vm-tools-desktop-10.3.0-2.0.1.el7_7.1.x86_64.rpm open-vm-tools-devel-10.3.0-2.0.1.el7_7.1.x86_64.rpm open-vm-tools-test-10.3.0-2.0.1.el7_7.1.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/open-vm-tools-10.3.0-2.0.1.el7_7.1.src.rpm Description of changes: [10.3.0-2.0.1] - fix spaces in vmware udev rule for scsi devices - Orabug 24461968 - Fix vmware udev rule in 99-vmware-scsi-timeout.rules file. - Orabug 22815019 - Increase timeout for scsi devices on VMWare guests by adding a udev rule. - Created a new file 99-vmware-scsi-timeout.rules - Modified spec file to install this new file. - Orabug 21819156 [10.3.0-2.el7_7.1] - ovt-Fix-memory-leaks-in-vix-tools.patch [bz#1772825] - ovt-End-VGAuth-impersonation-in-the.patch [bz#1772825] - ovt-Fix-leaks-in-ListAliases-and.patch [bz#1772825] - Resolves: bz#1772825 ([ESXi][RHEL7.7.z]Need to backport some severe memory leak fixes from upstream [rhel-7.7.z]) From el-errata at oss.oracle.com Wed Dec 18 06:22:10 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Dec 2019 06:22:10 -0800 Subject: [El-errata] ELBA-2019-4244 Oracle Linux 8 setup bug fix update Message-ID: <581f67a4-50d7-0fee-9c96-748344302a7b@oracle.com> Oracle Linux Bug Fix Advisory ELBA-2019-4244 http://linux.oracle.com/errata/ELBA-2019-4244.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: setup-2.12.2-2.el8_1.1.noarch.rpm aarch64: setup-2.12.2-2.el8_1.1.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/setup-2.12.2-2.el8_1.1.src.rpm Description of changes: [2.12.2-2.1] - fix lang.csh script so .cshrc gets read again (#1755360) From el-errata at oss.oracle.com Wed Dec 18 06:22:31 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Dec 2019 06:22:31 -0800 Subject: [El-errata] ELSA-2019-4869 Important: Oracle Linux 8 grub2 security update Message-ID: Oracle Linux Security Advisory ELSA-2019-4869 http://linux.oracle.com/errata/ELSA-2019-4869.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: grub2-common-2.02-78.0.2.el8.noarch.rpm grub2-efi-aa64-modules-2.02-78.0.2.el8.noarch.rpm grub2-efi-ia32-2.02-78.0.2.el8.x86_64.rpm grub2-efi-ia32-cdboot-2.02-78.0.2.el8.x86_64.rpm grub2-efi-ia32-modules-2.02-78.0.2.el8.noarch.rpm grub2-efi-x64-2.02-78.0.2.el8.x86_64.rpm grub2-efi-x64-cdboot-2.02-78.0.2.el8.x86_64.rpm grub2-efi-x64-modules-2.02-78.0.2.el8.noarch.rpm grub2-pc-2.02-78.0.2.el8.x86_64.rpm grub2-pc-modules-2.02-78.0.2.el8.noarch.rpm grub2-tools-2.02-78.0.2.el8.x86_64.rpm grub2-tools-efi-2.02-78.0.2.el8.x86_64.rpm grub2-tools-extra-2.02-78.0.2.el8.x86_64.rpm grub2-tools-minimal-2.02-78.0.2.el8.x86_64.rpm aarch64: grub2-common-2.02-78.0.2.el8.noarch.rpm grub2-efi-aa64-2.02-78.0.2.el8.aarch64.rpm grub2-efi-aa64-cdboot-2.02-78.0.2.el8.aarch64.rpm grub2-efi-aa64-modules-2.02-78.0.2.el8.noarch.rpm grub2-efi-ia32-modules-2.02-78.0.2.el8.noarch.rpm grub2-efi-x64-modules-2.02-78.0.2.el8.noarch.rpm grub2-pc-modules-2.02-78.0.2.el8.noarch.rpm grub2-tools-2.02-78.0.2.el8.aarch64.rpm grub2-tools-extra-2.02-78.0.2.el8.aarch64.rpm grub2-tools-minimal-2.02-78.0.2.el8.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/grub2-2.02-78.0.2.el8.src.rpm Description of changes: [2.02-78.0.2] - grub-set-bootflag: fix grubenv update method, fix CVE-2019-14865 [Orabug: 30607067] From el-errata at oss.oracle.com Wed Dec 18 06:22:53 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Dec 2019 06:22:53 -0800 Subject: [El-errata] ELBA-2019-4271 Oracle Linux 8 mesa bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2019-4271 http://linux.oracle.com/errata/ELBA-2019-4271.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: mesa-dri-drivers-19.1.4-3.el8_1.i686.rpm mesa-dri-drivers-19.1.4-3.el8_1.x86_64.rpm mesa-filesystem-19.1.4-3.el8_1.i686.rpm mesa-filesystem-19.1.4-3.el8_1.x86_64.rpm mesa-khr-devel-19.1.4-3.el8_1.i686.rpm mesa-khr-devel-19.1.4-3.el8_1.x86_64.rpm mesa-libEGL-19.1.4-3.el8_1.i686.rpm mesa-libEGL-19.1.4-3.el8_1.x86_64.rpm mesa-libEGL-devel-19.1.4-3.el8_1.i686.rpm mesa-libEGL-devel-19.1.4-3.el8_1.x86_64.rpm mesa-libGL-19.1.4-3.el8_1.i686.rpm mesa-libGL-19.1.4-3.el8_1.x86_64.rpm mesa-libGL-devel-19.1.4-3.el8_1.i686.rpm mesa-libGL-devel-19.1.4-3.el8_1.x86_64.rpm mesa-libGLES-19.1.4-3.el8_1.x86_64.rpm mesa-libOSMesa-19.1.4-3.el8_1.i686.rpm mesa-libOSMesa-19.1.4-3.el8_1.x86_64.rpm mesa-libgbm-19.1.4-3.el8_1.i686.rpm mesa-libgbm-19.1.4-3.el8_1.x86_64.rpm mesa-libglapi-19.1.4-3.el8_1.i686.rpm mesa-libglapi-19.1.4-3.el8_1.x86_64.rpm mesa-libxatracker-19.1.4-3.el8_1.i686.rpm mesa-libxatracker-19.1.4-3.el8_1.x86_64.rpm mesa-vdpau-drivers-19.1.4-3.el8_1.i686.rpm mesa-vdpau-drivers-19.1.4-3.el8_1.x86_64.rpm mesa-vulkan-devel-19.1.4-3.el8_1.i686.rpm mesa-vulkan-devel-19.1.4-3.el8_1.x86_64.rpm mesa-vulkan-drivers-19.1.4-3.el8_1.i686.rpm mesa-vulkan-drivers-19.1.4-3.el8_1.x86_64.rpm mesa-libGLES-19.1.4-3.el8_1.i686.rpm mesa-libGLES-devel-19.1.4-3.el8_1.i686.rpm mesa-libGLES-devel-19.1.4-3.el8_1.x86_64.rpm mesa-libOSMesa-devel-19.1.4-3.el8_1.i686.rpm mesa-libOSMesa-devel-19.1.4-3.el8_1.x86_64.rpm mesa-libgbm-devel-19.1.4-3.el8_1.i686.rpm mesa-libgbm-devel-19.1.4-3.el8_1.x86_64.rpm aarch64: mesa-dri-drivers-19.1.4-3.el8_1.aarch64.rpm mesa-filesystem-19.1.4-3.el8_1.aarch64.rpm mesa-khr-devel-19.1.4-3.el8_1.aarch64.rpm mesa-libEGL-19.1.4-3.el8_1.aarch64.rpm mesa-libEGL-devel-19.1.4-3.el8_1.aarch64.rpm mesa-libGL-19.1.4-3.el8_1.aarch64.rpm mesa-libGL-devel-19.1.4-3.el8_1.aarch64.rpm mesa-libGLES-19.1.4-3.el8_1.aarch64.rpm mesa-libOSMesa-19.1.4-3.el8_1.aarch64.rpm mesa-libgbm-19.1.4-3.el8_1.aarch64.rpm mesa-libglapi-19.1.4-3.el8_1.aarch64.rpm mesa-libxatracker-19.1.4-3.el8_1.aarch64.rpm mesa-vdpau-drivers-19.1.4-3.el8_1.aarch64.rpm mesa-libGLES-devel-19.1.4-3.el8_1.aarch64.rpm mesa-libOSMesa-devel-19.1.4-3.el8_1.aarch64.rpm mesa-libgbm-devel-19.1.4-3.el8_1.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/mesa-19.1.4-3.el8_1.src.rpm Description of changes: [19.1.4-3] - Patch to require Large CodeModel for llvmpipe on ppc64 From el-errata at oss.oracle.com Wed Dec 18 06:23:32 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Dec 2019 06:23:32 -0800 Subject: [El-errata] ELBA-2019-4260 Oracle Linux 8 sos-collector bug fix update Message-ID: <3d0d327b-6011-8104-2831-0cae2b675400@oracle.com> Oracle Linux Bug Fix Advisory ELBA-2019-4260 http://linux.oracle.com/errata/ELBA-2019-4260.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: sos-collector-1.8-1.el8.noarch.rpm aarch64: sos-collector-1.8-1.el8.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/sos-collector-1.8-1.el8.src.rpm Description of changes: [1.8-1] - Rebase to upstream 1.8 - Resolves: RHBZ#1751633 From el-errata at oss.oracle.com Wed Dec 18 06:23:13 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Dec 2019 06:23:13 -0800 Subject: [El-errata] ELBA-2019-4267 Oracle Linux 8 gnome-session bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2019-4267 http://linux.oracle.com/errata/ELBA-2019-4267.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: gnome-session-3.28.1-7.el8_1.x86_64.rpm gnome-session-wayland-session-3.28.1-7.el8_1.x86_64.rpm gnome-session-xsession-3.28.1-7.el8_1.x86_64.rpm aarch64: SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/gnome-session-3.28.1-7.el8_1.src.rpm Description of changes: [3.28.1-7] - make /sbin/nologin fail on wayland Resolves: #1752493 From el-errata at oss.oracle.com Wed Dec 18 06:24:13 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Dec 2019 06:24:13 -0800 Subject: [El-errata] ELBA-2019-4261 Oracle Linux 8 pacemaker bug fix update Message-ID: <5d2ac73e-e735-6c9a-992a-6671d47a81c9@oracle.com> Oracle Linux Bug Fix Advisory ELBA-2019-4261 http://linux.oracle.com/errata/ELBA-2019-4261.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: pacemaker-cluster-libs-2.0.2-3.el8_1.2.i686.rpm pacemaker-cluster-libs-2.0.2-3.el8_1.2.x86_64.rpm pacemaker-libs-2.0.2-3.el8_1.2.i686.rpm pacemaker-libs-2.0.2-3.el8_1.2.x86_64.rpm pacemaker-schemas-2.0.2-3.el8_1.2.noarch.rpm aarch64: pacemaker-cluster-libs-2.0.2-3.el8_1.2.aarch64.rpm pacemaker-libs-2.0.2-3.el8_1.2.aarch64.rpm pacemaker-schemas-2.0.2-3.el8_1.2.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/pacemaker-2.0.2-3.el8_1.2.src.rpm Description of changes: [2.0.2-3.2] - Correct gating test syntax and add z-stream tag to build - Resolves: rhbz#1764181 [2.0.2-3.1] - Improve efficiency when closing file descriptors after a fork - Resolves: rhbz#1764181 From el-errata at oss.oracle.com Wed Dec 18 06:23:53 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Dec 2019 06:23:53 -0800 Subject: [El-errata] ELBA-2019-4265 Oracle Linux 8 mutter bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2019-4265 http://linux.oracle.com/errata/ELBA-2019-4265.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: mutter-3.32.2-11.el8_1.i686.rpm mutter-3.32.2-11.el8_1.x86_64.rpm mutter-devel-3.32.2-11.el8_1.i686.rpm mutter-devel-3.32.2-11.el8_1.x86_64.rpm aarch64: SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/mutter-3.32.2-11.el8_1.src.rpm Description of changes: [3.32.2-11] - Backports shadow FB improvements on llvmpipe Resolves: #1757144 From el-errata at oss.oracle.com Wed Dec 18 06:24:32 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Dec 2019 06:24:32 -0800 Subject: [El-errata] ELBA-2019-4281 Oracle Linux 8 opencryptoki bug fix and enhancement update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2019-4281 http://linux.oracle.com/errata/ELBA-2019-4281.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: opencryptoki-3.11.1-3.el8_1.x86_64.rpm opencryptoki-icsftok-3.11.1-3.el8_1.x86_64.rpm opencryptoki-libs-3.11.1-3.el8_1.i686.rpm opencryptoki-libs-3.11.1-3.el8_1.x86_64.rpm opencryptoki-swtok-3.11.1-3.el8_1.x86_64.rpm opencryptoki-tpmtok-3.11.1-3.el8_1.x86_64.rpm opencryptoki-devel-3.11.1-3.el8_1.i686.rpm opencryptoki-devel-3.11.1-3.el8_1.x86_64.rpm aarch64: opencryptoki-3.11.1-3.el8_1.aarch64.rpm opencryptoki-icsftok-3.11.1-3.el8_1.aarch64.rpm opencryptoki-libs-3.11.1-3.el8_1.aarch64.rpm opencryptoki-swtok-3.11.1-3.el8_1.aarch64.rpm opencryptoki-tpmtok-3.11.1-3.el8_1.aarch64.rpm opencryptoki-devel-3.11.1-3.el8_1.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/opencryptoki-3.11.1-3.el8_1.src.rpm Description of changes: [3.11.1-3] - Resolves: #1772108, support tolerated new crypto cards From el-errata at oss.oracle.com Wed Dec 18 06:24:51 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Dec 2019 06:24:51 -0800 Subject: [El-errata] ELEA-2019-4263 Oracle Linux 8 flatpak enhancement update Message-ID: Oracle Linux Enhancement Advisory ELEA-2019-4263 http://linux.oracle.com/errata/ELEA-2019-4263.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: flatpak-1.0.9-1.el8_1.x86_64.rpm flatpak-libs-1.0.9-1.el8_1.i686.rpm flatpak-libs-1.0.9-1.el8_1.x86_64.rpm aarch64: flatpak-1.0.9-1.el8_1.aarch64.rpm flatpak-libs-1.0.9-1.el8_1.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/flatpak-1.0.9-1.el8_1.src.rpm Description of changes: [1.0.9-1] - Update to 1.0.9 (#1753613) From el-errata at oss.oracle.com Wed Dec 18 08:43:49 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Dec 2019 08:43:49 -0800 Subject: [El-errata] ELSA-2019-4254 Moderate: Oracle Linux 6 freetype security update Message-ID: <8691b289-c162-7a0e-e904-de1c29014149@oracle.com> Oracle Linux Security Advisory ELSA-2019-4254 http://linux.oracle.com/errata/ELSA-2019-4254.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: i386: freetype-2.3.11-19.el6_10.i686.rpm freetype-demos-2.3.11-19.el6_10.i686.rpm freetype-devel-2.3.11-19.el6_10.i686.rpm x86_64: freetype-2.3.11-19.el6_10.i686.rpm freetype-2.3.11-19.el6_10.x86_64.rpm freetype-demos-2.3.11-19.el6_10.x86_64.rpm freetype-devel-2.3.11-19.el6_10.i686.rpm freetype-devel-2.3.11-19.el6_10.x86_64.rpm SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/freetype-2.3.11-19.el6_10.src.rpm Description of changes: [2.3.11-19] - Fix potential buffer overflow - Resolves: #1767863 [2.3.11-18] - Fix potential buffer overflow - Resolves: #1758402 From el-errata at oss.oracle.com Wed Dec 18 08:43:31 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Dec 2019 08:43:31 -0800 Subject: [El-errata] ELBA-2019-4251 Oracle Linux 6 net-snmp bug fix update Message-ID: <1fc64758-45f7-12ee-6090-6bf9784c83b8@oracle.com> Oracle Linux Bug Fix Advisory ELBA-2019-4251 http://linux.oracle.com/errata/ELBA-2019-4251.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: i386: net-snmp-5.5-60.0.1.el6_10.1.i686.rpm net-snmp-devel-5.5-60.0.1.el6_10.1.i686.rpm net-snmp-libs-5.5-60.0.1.el6_10.1.i686.rpm net-snmp-perl-5.5-60.0.1.el6_10.1.i686.rpm net-snmp-python-5.5-60.0.1.el6_10.1.i686.rpm net-snmp-utils-5.5-60.0.1.el6_10.1.i686.rpm x86_64: net-snmp-5.5-60.0.1.el6_10.1.x86_64.rpm net-snmp-devel-5.5-60.0.1.el6_10.1.i686.rpm net-snmp-devel-5.5-60.0.1.el6_10.1.x86_64.rpm net-snmp-libs-5.5-60.0.1.el6_10.1.i686.rpm net-snmp-libs-5.5-60.0.1.el6_10.1.x86_64.rpm net-snmp-perl-5.5-60.0.1.el6_10.1.x86_64.rpm net-snmp-python-5.5-60.0.1.el6_10.1.x86_64.rpm net-snmp-utils-5.5-60.0.1.el6_10.1.x86_64.rpm SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/net-snmp-5.5-60.0.1.el6_10.1.src.rpm Description of changes: [1:5.5-60.0.1.el6.1] - Add Oracle ACFS to hrStorage (John Haxby) [orabug 18510373] [1:5.5-60.el6.1] - fix fsync issue (#1703099) From el-errata at oss.oracle.com Wed Dec 18 08:44:13 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Dec 2019 08:44:13 -0800 Subject: [El-errata] ELSA-2019-4256 Important: Oracle Linux 6 kernel security and bug fix update Message-ID: Oracle Linux Security Advisory ELSA-2019-4256 http://linux.oracle.com/errata/ELSA-2019-4256.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: i386: kernel-2.6.32-754.25.1.el6.i686.rpm kernel-abi-whitelists-2.6.32-754.25.1.el6.noarch.rpm kernel-debug-2.6.32-754.25.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.25.1.el6.i686.rpm kernel-devel-2.6.32-754.25.1.el6.i686.rpm kernel-doc-2.6.32-754.25.1.el6.noarch.rpm kernel-firmware-2.6.32-754.25.1.el6.noarch.rpm kernel-headers-2.6.32-754.25.1.el6.i686.rpm perf-2.6.32-754.25.1.el6.i686.rpm python-perf-2.6.32-754.25.1.el6.i686.rpm x86_64: kernel-2.6.32-754.25.1.el6.x86_64.rpm kernel-abi-whitelists-2.6.32-754.25.1.el6.noarch.rpm kernel-debug-2.6.32-754.25.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.25.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.25.1.el6.x86_64.rpm kernel-devel-2.6.32-754.25.1.el6.x86_64.rpm kernel-doc-2.6.32-754.25.1.el6.noarch.rpm kernel-firmware-2.6.32-754.25.1.el6.noarch.rpm kernel-headers-2.6.32-754.25.1.el6.x86_64.rpm perf-2.6.32-754.25.1.el6.x86_64.rpm python-perf-2.6.32-754.25.1.el6.x86_64.rpm SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/kernel-2.6.32-754.25.1.el6.src.rpm Description of changes: [2.6.32-754.25.1.el6.OL6] - Update genkey [Orabug: 25599697] [2.6.32-754.25.1.el6] - [kvm] KVM: VMX: Set VMENTER_L1D_FLUSH_NOT_REQUIRED if !X86_BUG_L1TF (Waiman Long) [1733760] - [virt] KVM: coalesced_mmio: add bounds checking (Bandan Das) [1746799] {CVE-2019-14821} - [virt] KVM: MMIO: Lock coalesced device when checking for available entry (Bandan Das) [1746799] {CVE-2019-14821} - [scsi] scsi: bnx2fc: Handle scope bits when array returns BUSY or TSF (Nilesh Javali) [1749512] - [scsi] scsi: bnx2fc: remove set but not used variables 'task', 'port', 'orig_task' (Nilesh Javali) [1749512] - [scsi] scsi: bnx2fc: remove set but not used variables 'lport', 'host' (Nilesh Javali) [1749512] - [security] KEYS: prevent creating a different user's keyrings (David Howells) [1537371] - [documentation] Documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1692385] {CVE-2018-12207} - [kvm] KVM: introduce no_huge_pages module parameter (Paolo Bonzini) [1692385] {CVE-2018-12207} - [x86] x86: Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1692385] {CVE-2018-12207} - [x86] x86/spec_ctrl/taa: Enable TAA status change after late microcode (Waiman Long) [1766531] {CVE-2019-11135} - [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135} - [base] x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135} - [x86] x86/speculation/taa: Add mitigation for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135} - [x86] x86/cpu: Add a helper function x86_read_arch_cap_msr() (Waiman Long) [1766531] {CVE-2019-11135} - [x86] x86/msr: Add the IA32_TSX_CTRL MSR (Waiman Long) [1766531] {CVE-2019-11135} - [drm] drm/i915/cmdparser: Fix jump whitelist clearing (Denys Vlasenko) [1756891] {CVE-2019-0155} - [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1756824] {CVE-2019-0154} - [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1756824] {CVE-2019-0154} - [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915/gtt: Disable read-only support under GVT (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] erm/i915/gtt: Read-only pages for insert_entries on bdw+ (Dave Airlie) [1756891] {CVE-2019-0155} - [drm] drm/i915/gtt: Add read only pages to gen8_pte_encode (Dave Airlie) [1756891] {CVE-2019-0155} From el-errata at oss.oracle.com Wed Dec 18 08:43:11 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Dec 2019 08:43:11 -0800 Subject: [El-errata] ELBA-2019-4253 Oracle Linux 6 curl bug fix update Message-ID: <91e05127-452d-f51e-75c0-4ffe5357b499@oracle.com> Oracle Linux Bug Fix Advisory ELBA-2019-4253 http://linux.oracle.com/errata/ELBA-2019-4253.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: i386: curl-7.19.7-54.0.1.el6_10.i686.rpm libcurl-7.19.7-54.0.1.el6_10.i686.rpm libcurl-devel-7.19.7-54.0.1.el6_10.i686.rpm x86_64: curl-7.19.7-54.0.1.el6_10.x86_64.rpm libcurl-7.19.7-54.0.1.el6_10.i686.rpm libcurl-7.19.7-54.0.1.el6_10.x86_64.rpm libcurl-devel-7.19.7-54.0.1.el6_10.i686.rpm libcurl-devel-7.19.7-54.0.1.el6_10.x86_64.rpm SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/curl-7.19.7-54.0.1.el6_10.src.rpm Description of changes: [7.19.7-54.0.1] - Security Fixes [OraBug: 28939992] - CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html) - CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html) - CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html) - CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html) - CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html) - CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html) - CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html) - CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html) - use PK11_CreateManagedGenericObject in libcurl to prevent memory leak [orabug 28666473] [7.19.7-54] - fix auth failure with duplicated WWW-Authenticate header (#1757643) From el-errata at oss.oracle.com Wed Dec 18 09:10:51 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Dec 2019 17:10:51 +0000 Subject: [El-errata] New Ksplice updates for RHCK 6 (ELSA-2019-3836) Message-ID: <8a53fbb8-cf1a-b9e7-68d1-dcbc4d248059@oracle.com> Synopsis: ELSA-2019-3836 can now be patched using Ksplice CVEs: CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-11135 CVE-2019-3900 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2019-3836. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2019-3836.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running RHCK 6 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2019-3900: Infinite loop in vhost_net driver under heavy load. It is possible, under certain conditions, for the vhost_net driver to get caught in a near-infinite loop while trying to process incoming packets. This flaw could be exploited by a malicious local or remote attacker in order to cause a deny access to network services that rely on the vhost_net driver. * CVE-2019-11135: Side-channel information leak in Intel TSX. A side-channel information leak on some generations of Intel processors could allow the leaking of internal microarchitectural buffers during asynchronous aborts in a TSX transaction. For CPUs that are vulnerable to Microarchitectural Data Sampling, existing mitigations cover CVE-2019-11135, for newer CPUs with hardware fixes for MDS, TSX is transparently disabled. On these newer CPUs, TSX functionality can be restored by writing 0 to /sys/kernel/debug/x86/tsx_force_abort. * CVE-2018-12207: Machine Check Exception on page size change. A hardware bug in Intel x86 processors can result in a Machine Check Exception when a page table mapping for currently executing instructions is changed. A privileged user in a guest VM could use this flaw to crash the host, leading to a denial-of-service. * CVE-2019-0155: Privilege escalation in Intel i915 graphics driver. Missing validation of MMIO commands to the Intel i915 device driver could result in illicit page table modifications. An attacker could use this to access sensitive information or elevate privileges. * CVE-2019-0154: Denial-of-service in Intel i915 graphics driver. Due to a hardware error, the Intel i915 device state could get corrupted. A malicious user could use this to cause denial-of-service. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Wed Dec 18 09:12:14 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Dec 2019 17:12:14 +0000 Subject: [El-errata] New Ksplice updates for RHCK 6 (ELSA-2019-3878) Message-ID: <4b1859f9-bc7e-99d1-43d8-c7d737441991@oracle.com> Synopsis: ELSA-2019-3878 can now be patched using Ksplice CVEs: CVE-2019-0155 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2019-3878. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2019-3878.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running RHCK 6 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * Improved fix for CVE-2019-0155: Privilege escalation in Intel i915 graphics driver. Missing zeroing of data used to disallow rogue i915 instructions could make i915 driver vulnerable to CVE-2019-0155 on 64 bits systems. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Wed Dec 18 12:51:34 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Dec 2019 12:51:34 -0800 Subject: [El-errata] ELBA-2019-4270 Oracle Linux 8 open-vm-tools bug fix update Message-ID: <6b49f60b-4cc6-d2bd-1eba-bb22c562ce6a@oracle.com> Oracle Linux Bug Fix Advisory ELBA-2019-4270 http://linux.oracle.com/errata/ELBA-2019-4270.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: open-vm-tools-10.3.10-3.0.1.el8_1.1.x86_64.rpm open-vm-tools-desktop-10.3.10-3.0.1.el8_1.1.x86_64.rpm aarch64: SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/open-vm-tools-10.3.10-3.0.1.el8_1.1.src.rpm Description of changes: [10.3.10-3.0.1.el8_1.1] - Fix spaces in vmware udev rule for scsi devices [Orabug: 24461968] - Fix vmware udev rule in 99-vmware-scsi-timeout.rules file. [Orabug: 22815019] - Increase timeout for scsi devices on VMWare guests by adding a udev rule. [Orabug: 21819156] [10.3.10-3.el8_1_0.1] - ovt-Fix-memory-leaks-in-vix-tools-plugin.patch [bz#1773903] - ovt-End-VGAuth-impersonation-in-the-case-of-error2.patch [bz#1773903] - ovt-Fix-leaks-in-ListAliases-and-ListMappedAliases-9bc72.patch [bz#1773903] - Resolves: bz#1773903 ([ESXi][RHEL8.0]Need to backport some severe memory leak fixes from upstream [rhel-8.1.0.z]) From el-errata at oss.oracle.com Wed Dec 18 12:55:12 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Dec 2019 12:55:12 -0800 Subject: [El-errata] ELBA-2019-4278 Oracle Linux 8 sos bug fix update Message-ID: <31167c3f-eb14-21ce-8080-027b56ba1e0e@oracle.com> Oracle Linux Bug Fix Advisory ELBA-2019-4278 http://linux.oracle.com/errata/ELBA-2019-4278.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: sos-3.7-8.0.1.el8_1.noarch.rpm sos-audit-3.7-8.0.1.el8_1.noarch.rpm aarch64: sos-3.7-8.0.1.el8_1.noarch.rpm sos-audit-3.7-8.0.1.el8_1.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/sos-3.7-8.0.1.el8_1.src.rpm Description of changes: [3.7-8.0.1.el8_1] - Added sos-oraclelinux-vendor-vendorurl.patch - Fix os detect string for Oracle Linux [Orabug: 28674897] - Add ksplice plugin [Orabug: 30273666] (Philippe Vanhaesendonck) [3.7-8] - [ovn_central] call podman exec without a timeout Resolves: bz1767359 [3.7-7] - [ovirt_hosted_engine] Add gluster deployment and cleanup log Resolves: bz1767361 - [vdsm]: Fix executing shell commands Resolves: bz1751171 - [ovn_*] Add support to containerized setups Resolves: bz1767359 - [ipa] collect ipa-healthcheck logs, kdcproxy configs, httpd cert Resolves: bz1767360 From el-errata at oss.oracle.com Wed Dec 18 12:55:42 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Dec 2019 12:55:42 -0800 Subject: [El-errata] ELBA-2019-4276 Oracle Linux 8 systemd bug fix update Message-ID: <622157d1-be09-e44b-8200-9005ad5c3446@oracle.com> Oracle Linux Bug Fix Advisory ELBA-2019-4276 http://linux.oracle.com/errata/ELBA-2019-4276.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: systemd-239-18.0.2.el8_1.1.i686.rpm systemd-239-18.0.2.el8_1.1.x86_64.rpm systemd-container-239-18.0.2.el8_1.1.i686.rpm systemd-container-239-18.0.2.el8_1.1.x86_64.rpm systemd-devel-239-18.0.2.el8_1.1.i686.rpm systemd-devel-239-18.0.2.el8_1.1.x86_64.rpm systemd-journal-remote-239-18.0.2.el8_1.1.x86_64.rpm systemd-libs-239-18.0.2.el8_1.1.i686.rpm systemd-libs-239-18.0.2.el8_1.1.x86_64.rpm systemd-pam-239-18.0.2.el8_1.1.x86_64.rpm systemd-tests-239-18.0.2.el8_1.1.x86_64.rpm systemd-udev-239-18.0.2.el8_1.1.x86_64.rpm aarch64: systemd-239-18.0.2.el8_1.1.aarch64.rpm systemd-container-239-18.0.2.el8_1.1.aarch64.rpm systemd-devel-239-18.0.2.el8_1.1.aarch64.rpm systemd-journal-remote-239-18.0.2.el8_1.1.aarch64.rpm systemd-libs-239-18.0.2.el8_1.1.aarch64.rpm systemd-pam-239-18.0.2.el8_1.1.aarch64.rpm systemd-tests-239-18.0.2.el8_1.1.aarch64.rpm systemd-udev-239-18.0.2.el8_1.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/systemd-239-18.0.2.el8_1.1.src.rpm Description of changes: [239-18.0.2.el8_1.1] - fix to generate systemd-pstore.service file [Orabug: 30230056] - fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam at oracle.com) [Orabug: 25897792] - set "RemoveIPC=no" in logind.conf as default for OL7.2 [Orabug: 22224874] - allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] - add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475] - Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056] [239-18.1] - journal: rely on _cleanup_free_ to free a temporary string used in client_context_read_cgroup (#1767716) From el-errata at oss.oracle.com Wed Dec 18 12:56:12 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Dec 2019 12:56:12 -0800 Subject: [El-errata] ELBA-2019-4272 Oracle Linux 8 wget bugfix update Message-ID: <14c10d58-30fd-1486-496b-1f5ead699841@oracle.com> Oracle Linux Bug Fix Advisory ELBA-2019-4272 http://linux.oracle.com/errata/ELBA-2019-4272.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: wget-1.19.5-8.0.1.el8_1.1.x86_64.rpm aarch64: wget-1.19.5-8.0.1.el8_1.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/wget-1.19.5-8.0.1.el8_1.1.src.rpm Description of changes: [1.19.5-8.0.1.el8_1.1] - SSLv3 support dropped from openssll, v3 test certificates need to be replaced [Orabug: 29613455] [1.19.5-8.1] - Fix issue with dot-prefixed domain names in no_proxy ENV (#1772821) [1.19.5-8] - Fix CVE-2019-5953 (#1696736) From el-errata at oss.oracle.com Wed Dec 18 12:56:31 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Dec 2019 12:56:31 -0800 Subject: [El-errata] ELEA-2019-4262 Oracle Linux 8 webkit2gtk3 enhancement update Message-ID: Oracle Linux Enhancement Advisory ELEA-2019-4262 http://linux.oracle.com/errata/ELEA-2019-4262.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: webkit2gtk3-2.24.4-2.el8_1.i686.rpm webkit2gtk3-2.24.4-2.el8_1.x86_64.rpm webkit2gtk3-devel-2.24.4-2.el8_1.i686.rpm webkit2gtk3-devel-2.24.4-2.el8_1.x86_64.rpm webkit2gtk3-jsc-2.24.4-2.el8_1.i686.rpm webkit2gtk3-jsc-2.24.4-2.el8_1.x86_64.rpm webkit2gtk3-jsc-devel-2.24.4-2.el8_1.i686.rpm webkit2gtk3-jsc-devel-2.24.4-2.el8_1.x86_64.rpm webkit2gtk3-plugin-process-gtk2-2.24.4-2.el8_1.i686.rpm webkit2gtk3-plugin-process-gtk2-2.24.4-2.el8_1.x86_64.rpm aarch64: webkit2gtk3-2.24.4-2.el8_1.aarch64.rpm webkit2gtk3-jsc-2.24.4-2.el8_1.aarch64.rpm webkit2gtk3-plugin-process-gtk2-2.24.4-2.el8_1.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/webkit2gtk3-2.24.4-2.el8_1.src.rpm Description of changes: [2.24.4-2] - Related: rhbz#1755824 Bump NVR [2.24.4-1] - Resolves: rhbz#1755824 Update to 2.24.4 From el-errata at oss.oracle.com Wed Dec 18 12:56:54 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Dec 2019 12:56:54 -0800 Subject: [El-errata] ELBA-2019-4277 Oracle Linux 8 dracut bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2019-4277 http://linux.oracle.com/errata/ELBA-2019-4277.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: dracut-049-27.git20190906.0.2.el8_1.1.x86_64.rpm dracut-caps-049-27.git20190906.0.2.el8_1.1.x86_64.rpm dracut-config-generic-049-27.git20190906.0.2.el8_1.1.x86_64.rpm dracut-config-rescue-049-27.git20190906.0.2.el8_1.1.x86_64.rpm dracut-live-049-27.git20190906.0.2.el8_1.1.x86_64.rpm dracut-network-049-27.git20190906.0.2.el8_1.1.x86_64.rpm dracut-squash-049-27.git20190906.0.2.el8_1.1.x86_64.rpm dracut-tools-049-27.git20190906.0.2.el8_1.1.x86_64.rpm aarch64: dracut-049-27.git20190906.0.2.el8_1.1.aarch64.rpm dracut-caps-049-27.git20190906.0.2.el8_1.1.aarch64.rpm dracut-config-generic-049-27.git20190906.0.2.el8_1.1.aarch64.rpm dracut-config-rescue-049-27.git20190906.0.2.el8_1.1.aarch64.rpm dracut-live-049-27.git20190906.0.2.el8_1.1.aarch64.rpm dracut-network-049-27.git20190906.0.2.el8_1.1.aarch64.rpm dracut-squash-049-27.git20190906.0.2.el8_1.1.aarch64.rpm dracut-tools-049-27.git20190906.0.2.el8_1.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/dracut-049-27.git20190906.0.2.el8_1.1.src.rpm Description of changes: [049-27.git20190906.0.2.el8_1.1] - add ofb and cts to 01fips kernel module list [Orabug: 30622737] - dracut-shutdown.service should run before shutdown.target is invoked [Orabug: 29629738] - Fix kernel-core POSTTRANS script issues with kernel command line [Orabug: 29542203] - Fix dhclient classless static route parsing [Orabug: 28881975] - Fix iscsi code strictly checking for is_boot_target [Orabug: 29864620] - Update list of necessary files after squashfs execution [Orabug: 29864620] - Supress iscsidm error output during non-debug PV boot [Orabug: 29846195] - Stop block device service in case system is dropped to emergency shell [Orabug: 29851988] - Enable booting from block device if netroot=iscsi has failed [Orabug: 29478156] - Fix BOOTPROTO calculation for iscsi [Orabug: 29518713] - Calculate relative path for kernel and initrd in 51-dracut-rescue.instal [Orabug: 29503293] - 40network scripts ifup and netlib updates for iSCSI [Orabug: 28502725] - Increase timeout when waiting for carrier detection on a network interface [Orabug: 24657828] (kevin.x.lyons at oracle.com) - add hyperv-keyboard for Hyper-V Gen2 VM [Orabug: 19191303] (Vaughan Cao) [049-27.git20190906.1] - various fixes to adapt to RHCOS and FCOS From el-errata at oss.oracle.com Wed Dec 18 12:59:10 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 18 Dec 2019 12:59:10 -0800 Subject: [El-errata] ELBA-2019-4280 Oracle Linux 8 kexec-tools bug fix update Message-ID: <1e6213f5-7436-e47e-3c0a-8b6de0cc1ef5@oracle.com> Oracle Linux Bug Fix Advisory ELBA-2019-4280 http://linux.oracle.com/errata/ELBA-2019-4280.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: kexec-tools-2.0.19-12.0.1.el8_1.1.x86_64.rpm aarch64: kexec-tools-2.0.19-12.0.1.el8_1.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/kexec-tools-2.0.19-12.0.1.el8_1.1.src.rpm Description of changes: [2.0.19-12.0.1.el8_1.1] - change makedumpfile fixed size buffer for VMCOREINFO [Orabug: 29870551] - 99kdumpbase: Do not append ip=:dhcp if ip=dhcp is present [Orabug: 29518713] - rebase kexec-tools-2.0.8-dracut-module-setup-ibft-avoid-dup-config.patch [Orabug: 28872281] - don't patch files in SOURCES directory. That breaks building from the srpm (dave.kleikamp at oracle.com) - dracut-module-setup: avoid duplicate config for ibft [Orabug: 22780125] - kdumpctl: exclude default_hugepagesz setting from kdump kernel cmdline (Sriharsha Yadagudde) [Orabug: 19134999] - kdumpctl: verify if kernel support securelevel interface (Sriharsha Yadagudde) [Orabug: 18905671] [2.0.19-12.1] - Don't execute final_action if failure_action terminates the system - dracut-module-setup.sh: Don't use squash module for fadump - Don't mount the dump target unless needed From el-errata at oss.oracle.com Thu Dec 19 08:44:15 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 19 Dec 2019 08:44:15 -0800 Subject: [El-errata] ELEA-2019-4252 Oracle Linux 6 ca-certificates enhancement update Message-ID: <3fd936a8-1e7f-5e15-5f8b-0119d6627df4@oracle.com> Oracle Linux Enhancement Advisory ELEA-2019-4252 http://linux.oracle.com/errata/ELEA-2019-4252.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: i386: ca-certificates-2019.2.32-65.1.el6_10.noarch.rpm x86_64: ca-certificates-2019.2.32-65.1.el6_10.noarch.rpm SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/ca-certificates-2019.2.32-65.1.el6_10.src.rpm Description of changes: [2019.2.32-65.1] - Remove expired 1024 bit roots - Removing: - # Certificate "GTE CyberTrust Global Root" - # Certificate "Equifax Secure CA" - # Certificate "ValiCert Class 1 VA" - # Certificate "ValiCert Class 2 VA" - # Certificate "RSA Root Certificate 1" - # Certificate "Entrust.net Secure Server CA" - # Certificate "NetLock Business (Class B) Root" - # Certificate "NetLock Express (Class C) Root" [2019.2.32-60.0] -Update to CKBI 2.32 from NSS 3.44 - Removing: - # Certificate "Visa eCommerce Root" - # Certificate "AC Raiz Certicamara S.A." - # Certificate "TC TrustCenter Class 3 CA II" - # Certificate "ComSign CA" - # Certificate "S-TRUST Universal Root CA" - # Certificate "T?RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s? H5" - # Certificate "Certplus Root CA G1" - # Certificate "Certplus Root CA G2" - # Certificate "OpenTrust Root CA G1" - # Certificate "OpenTrust Root CA G2" - # Certificate "OpenTrust Root CA G3" - Adding: - # Certificate "GlobalSign Root CA - R6" - # Certificate "OISTE WISeKey Global Root GC CA" - # Certificate "GTS Root R1" - # Certificate "GTS Root R2" - # Certificate "GTS Root R3" - # Certificate "GTS Root R4" - # Certificate "UCA Global G2 Root" - # Certificate "UCA Extended Validation Root" - # Certificate "Certigna Root CA" - # Certificate "emSign Root CA - G1" - # Certificate "emSign ECC Root CA - G3" - # Certificate "emSign Root CA - C1" - # Certificate "emSign ECC Root CA - C3" - # Certificate "Hongkong Post Root CA 3" From el-errata at oss.oracle.com Thu Dec 19 08:44:38 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 19 Dec 2019 08:44:38 -0800 Subject: [El-errata] ELBA-2019-4282 Oracle Linux 8 kernel bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2019-4282 http://linux.oracle.com/errata/ELBA-2019-4282.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-4.18.0-147.3.1.el8_1.x86_64.rpm kernel-4.18.0-147.3.1.el8_1.x86_64.rpm kernel-abi-whitelists-4.18.0-147.3.1.el8_1.noarch.rpm kernel-core-4.18.0-147.3.1.el8_1.x86_64.rpm kernel-cross-headers-4.18.0-147.3.1.el8_1.x86_64.rpm kernel-debug-4.18.0-147.3.1.el8_1.x86_64.rpm kernel-debug-core-4.18.0-147.3.1.el8_1.x86_64.rpm kernel-debug-devel-4.18.0-147.3.1.el8_1.x86_64.rpm kernel-debug-modules-4.18.0-147.3.1.el8_1.x86_64.rpm kernel-debug-modules-extra-4.18.0-147.3.1.el8_1.x86_64.rpm kernel-devel-4.18.0-147.3.1.el8_1.x86_64.rpm kernel-doc-4.18.0-147.3.1.el8_1.noarch.rpm kernel-headers-4.18.0-147.3.1.el8_1.x86_64.rpm kernel-modules-4.18.0-147.3.1.el8_1.x86_64.rpm kernel-modules-extra-4.18.0-147.3.1.el8_1.x86_64.rpm kernel-tools-4.18.0-147.3.1.el8_1.x86_64.rpm kernel-tools-libs-4.18.0-147.3.1.el8_1.x86_64.rpm perf-4.18.0-147.3.1.el8_1.x86_64.rpm python3-perf-4.18.0-147.3.1.el8_1.x86_64.rpm kernel-tools-libs-devel-4.18.0-147.3.1.el8_1.x86_64.rpm aarch64: bpftool-4.18.0-147.3.1.el8_1.aarch64.rpm kernel-4.18.0-147.3.1.el8_1.aarch64.rpm kernel-abi-whitelists-4.18.0-147.3.1.el8_1.noarch.rpm kernel-core-4.18.0-147.3.1.el8_1.aarch64.rpm kernel-cross-headers-4.18.0-147.3.1.el8_1.aarch64.rpm kernel-debug-4.18.0-147.3.1.el8_1.aarch64.rpm kernel-debug-core-4.18.0-147.3.1.el8_1.aarch64.rpm kernel-debug-devel-4.18.0-147.3.1.el8_1.aarch64.rpm kernel-debug-modules-4.18.0-147.3.1.el8_1.aarch64.rpm kernel-debug-modules-extra-4.18.0-147.3.1.el8_1.aarch64.rpm kernel-devel-4.18.0-147.3.1.el8_1.aarch64.rpm kernel-doc-4.18.0-147.3.1.el8_1.noarch.rpm kernel-headers-4.18.0-147.3.1.el8_1.aarch64.rpm kernel-modules-4.18.0-147.3.1.el8_1.aarch64.rpm kernel-modules-extra-4.18.0-147.3.1.el8_1.aarch64.rpm kernel-tools-4.18.0-147.3.1.el8_1.aarch64.rpm kernel-tools-libs-4.18.0-147.3.1.el8_1.aarch64.rpm perf-4.18.0-147.3.1.el8_1.aarch64.rpm python3-perf-4.18.0-147.3.1.el8_1.aarch64.rpm kernel-tools-libs-devel-4.18.0-147.3.1.el8_1.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-147.3.1.el8_1.src.rpm Description of changes: [4.18.0-147.3.1.el8_1.OL8] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] [4.18.0-147.3.1.el8_1] - [x86] kvm: svm: taint module and print taint message iff nested is enabled (Bandan Das) [1776114 1775410] [4.18.0-147.2.1.el8_1] - [sched] fair: Scale bandwidth quota and period without losing quota/period ratio precision (Phil Auld) [1773568 1706247] - [sched] fair: Fix -Wunused-but-set-variable warnings (Phil Auld) [1773568 1706247] - [sched] fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices (Phil Auld) [1773568 1706247] - [powerpc] powerpc/pseries: Track LMB nid instead of using device tree (Steve Best) [1772110 1758742] - [powerpc] powerpc/pseries/memory-hotplug: Only update DT once per memory DLPAR request (Steve Best) [1772110 1758742] - [powerpc] powerpc/rtas: allow rescheduling while changing cpu states (Steve Best) [1772109 1758651] - [powerpc] powerpc/pseries/mobility: use cond_resched when updating device tree (Steve Best) [1772109 1758651] - [netdrv] i40e: Do not check VF state in i40e_ndo_get_vf_config (Stefan Assmann) [1770177 1752498] - [fs] CIFS: Fix use after free of file info structures (Dave Wysochanski) [1767357 1757865] - [fs] cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (Dave Wysochanski) [1767357 1757865] - [netdrv] net/ibmvnic: prevent more than one thread from running in reset (Steve Best) [1764830 1756943] - [netdrv] net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (Steve Best) [1764830 1756943] - [netdrv] ibmvnic: Warn unknown speed message only when carrier is present (Steve Best) [1764832 1749873] - [netdrv] net/ibmvnic: Fix missing { in __ibmvnic_reset (Steve Best) [1764832 1749873] - [netdrv] net/ibmvnic: free reset work of removed device from queue (Steve Best) [1764832 1749873] - [netdrv] ibmvnic: Do not process reset during or after device removal (Steve Best) [1764832 1749873] - [cpuidle] cpuidle: governor: Add new governors to cpuidle_governors again (Marcelo Tosatti) [1764831 1759282] - [cpuidle] cpuidle-haltpoll: do not set an owner to allow modunload (Marcelo Tosatti) [1764831 1759282] - [cpuidle] cpuidle-haltpoll: set haltpoll as preferred governor (Marcelo Tosatti) [1764831 1759282] - [cpuidle] cpuidle: allow governor switch on cpuidle_register_driver() (Marcelo Tosatti) [1764831 1759282] - [cpuidle] cpuidle: Add cpuidle.governor= command line parameter (Marcelo Tosatti) [1764831 1759282] - [cpuidle] cpuidle-haltpoll: vcpu hotplug support (Marcelo Tosatti) [1764831 1759282] - [cpuidle] cpuidle-haltpoll: disable host side polling when kvm virtualized (Marcelo Tosatti) [1764831 1759282] - [cpuidle] cpuidle: add haltpoll governor (Marcelo Tosatti) [1764831 1759282] - [cpuidle] cpuidle: header file stubs must be 'static inline' (Marcelo Tosatti) [1764831 1759282] - [cpuidle] governors: unify last_state_idx (Marcelo Tosatti) [1764831 1759282] - [cpuidle] cpuidle: add poll_limit_ns to cpuidle_device structure (Marcelo Tosatti) [1764831 1759282] - [cpuidle] cpuidle: poll_state: Fix default time limit (Marcelo Tosatti) [1764831 1759282] - [cpuidle] cpuidle: poll_state: Disregard disable idle states (Marcelo Tosatti) [1764831 1759282] - [cpuidle] cpuidle: poll_state: Revise loop termination condition (Marcelo Tosatti) [1764831 1759282] - [cpuidle] cpuidle: menu: Fix wakeup statistics updates for polling state (Marcelo Tosatti) [1764831 1759282] - [cpuidle] cpuidle-haltpoll: return -ENODEV on modinit failure (Marcelo Tosatti) [1764831 1759282] - [cpuidle] add cpuidle-haltpoll driver (Marcelo Tosatti) [1764831 1759282] - [x86] kvm: x86: add host poll control msrs (Vitaly Kuznetsov) [1764831 1749495] - [s390] s390/setup: Fix kernel lock down for s390 (Philipp Rudo) [1764827 1748343] - [powerpc] powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB (Steve Best) [1764826 1744062] - [fs] mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses (Jeff Moyer) [1764825 1743159] - [mm] mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd() (Jeff Moyer) [1764825 1743159] - [pci] PCI: hv: Use bytes 4 and 5 from instance ID as the PCI domain numbers (Mohammed Gamal) [1764634 1671288] - [pci] PCI: hv: Detect and fix Hyper-V PCI domain number collision (Mohammed Gamal) [1764634 1671288] From el-errata at oss.oracle.com Thu Dec 19 08:44:57 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 19 Dec 2019 08:44:57 -0800 Subject: [El-errata] ELBA-2019-4264 Oracle Linux 8 corosync bug fix update Message-ID: <6df09b6e-c142-cd4f-3ad9-6b87f580bf18@oracle.com> Oracle Linux Bug Fix Advisory ELBA-2019-4264 http://linux.oracle.com/errata/ELBA-2019-4264.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: corosynclib-3.0.2-3.el8_1.1.i686.rpm corosynclib-3.0.2-3.el8_1.1.x86_64.rpm corosync-vqsim-3.0.2-3.el8_1.1.x86_64.rpm aarch64: corosynclib-3.0.2-3.el8_1.1.aarch64.rpm corosync-vqsim-3.0.2-3.el8_1.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/corosync-3.0.2-3.el8_1.1.src.rpm Description of changes: [3.0.2-3.1] - Resolves: rhbz#1765619 - totemsrp: Reduce MTU to left room second mcast (rhbz#1765619) - merge upstream commit ee8b8993d98b3f6af9c058194228fc534fcd0796 (rhbz#1765619) From el-errata at oss.oracle.com Thu Dec 19 08:45:19 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 19 Dec 2019 08:45:19 -0800 Subject: [El-errata] ELBA-2019-4279 Oracle Linux 8 NetworkManager bug fix update Message-ID: <41566b2a-59e9-e663-b969-81897a3566b9@oracle.com> Oracle Linux Bug Fix Advisory ELBA-2019-4279 http://linux.oracle.com/errata/ELBA-2019-4279.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: NetworkManager-1.20.0-5.0.1.el8_1.x86_64.rpm NetworkManager-adsl-1.20.0-5.0.1.el8_1.x86_64.rpm NetworkManager-bluetooth-1.20.0-5.0.1.el8_1.x86_64.rpm NetworkManager-config-connectivity-redhat-1.20.0-5.0.1.el8_1.noarch.rpm NetworkManager-config-server-1.20.0-5.0.1.el8_1.noarch.rpm NetworkManager-dispatcher-routing-rules-1.20.0-5.0.1.el8_1.noarch.rpm NetworkManager-libnm-1.20.0-5.0.1.el8_1.i686.rpm NetworkManager-libnm-1.20.0-5.0.1.el8_1.x86_64.rpm NetworkManager-ovs-1.20.0-5.0.1.el8_1.x86_64.rpm NetworkManager-ppp-1.20.0-5.0.1.el8_1.x86_64.rpm NetworkManager-team-1.20.0-5.0.1.el8_1.x86_64.rpm NetworkManager-tui-1.20.0-5.0.1.el8_1.x86_64.rpm NetworkManager-wifi-1.20.0-5.0.1.el8_1.x86_64.rpm NetworkManager-wwan-1.20.0-5.0.1.el8_1.x86_64.rpm NetworkManager-libnm-devel-1.20.0-5.0.1.el8_1.i686.rpm NetworkManager-libnm-devel-1.20.0-5.0.1.el8_1.x86_64.rpm aarch64: NetworkManager-1.20.0-5.0.1.el8_1.aarch64.rpm NetworkManager-adsl-1.20.0-5.0.1.el8_1.aarch64.rpm NetworkManager-bluetooth-1.20.0-5.0.1.el8_1.aarch64.rpm NetworkManager-config-connectivity-redhat-1.20.0-5.0.1.el8_1.noarch.rpm NetworkManager-config-server-1.20.0-5.0.1.el8_1.noarch.rpm NetworkManager-dispatcher-routing-rules-1.20.0-5.0.1.el8_1.noarch.rpm NetworkManager-libnm-1.20.0-5.0.1.el8_1.aarch64.rpm NetworkManager-ovs-1.20.0-5.0.1.el8_1.aarch64.rpm NetworkManager-ppp-1.20.0-5.0.1.el8_1.aarch64.rpm NetworkManager-team-1.20.0-5.0.1.el8_1.aarch64.rpm NetworkManager-tui-1.20.0-5.0.1.el8_1.aarch64.rpm NetworkManager-wifi-1.20.0-5.0.1.el8_1.aarch64.rpm NetworkManager-wwan-1.20.0-5.0.1.el8_1.aarch64.rpm NetworkManager-libnm-devel-1.20.0-5.0.1.el8_1.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/NetworkManager-1.20.0-5.0.1.el8_1.src.rpm Description of changes: [1:1.20.0-5.0.1] - Fix selinux label for dhclient lease file [Orabug: 30537515] - Assume DHCP if we see a lease on taking over an initramfs connection (rh #1771792) - Fix multiple connections for initramfs configured ifcfg file. [Orabug: 30542729] [1:1.20.0-5] - ipv6: disable kernel handling of RAs (accept_ra) (rh #1734470) - device: fix setting MTU lower than 1280 when IPv6 is disabled (rh #1753128) [1:1.20.0-4] - try to keep MTU after the parent interface changes its MTU (rh #1751079) From el-errata at oss.oracle.com Thu Dec 19 09:04:31 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 19 Dec 2019 17:04:31 GMT Subject: [El-errata] New Ksplice updates for RHCK 6 (ELSA-2019-4256) Message-ID: <2x04mqdjrn-1@aserp3020.oracle.com> Synopsis: ELSA-2019-4256 can now be patched using Ksplice CVEs: CVE-2019-14821 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2019-4256. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2019-4256.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running RHCK 6 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2019-14821: Denial-of-service in KVM MMIO coalesced writes. An out-of-bounds access to the coalesced MMIO ring buffer could result in a kernel crash. A malicious guest could use this flaw to crash the hypervisor or potentially, escalate privileges. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Fri Dec 20 06:36:21 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 20 Dec 2019 06:36:21 -0800 Subject: [El-errata] ELSA-2019-4326 Important: Oracle Linux 7 fribidi security update Message-ID: <163a8331-d564-f63c-6115-50908642a081@oracle.com> Oracle Linux Security Advisory ELSA-2019-4326 http://linux.oracle.com/errata/ELSA-2019-4326.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: fribidi-1.0.2-1.el7_7.1.i686.rpm fribidi-1.0.2-1.el7_7.1.x86_64.rpm fribidi-devel-1.0.2-1.el7_7.1.i686.rpm fribidi-devel-1.0.2-1.el7_7.1.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/fribidi-1.0.2-1.el7_7.1.src.rpm Description of changes: [1.0.2-1.1] - Security fix for CVE-2019-18397 Resolves: rhbz#1781224 From el-errata at oss.oracle.com Fri Dec 20 06:36:45 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 20 Dec 2019 06:36:45 -0800 Subject: [El-errata] ELSA-2019-4356 Important: Oracle Linux 8 git security update Message-ID: <4cbf301b-359e-ff17-7641-800759b95c48@oracle.com> Oracle Linux Security Advisory ELSA-2019-4356 http://linux.oracle.com/errata/ELSA-2019-4356.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: git-2.18.2-1.el8_1.x86_64.rpm git-all-2.18.2-1.el8_1.noarch.rpm git-core-2.18.2-1.el8_1.x86_64.rpm git-core-doc-2.18.2-1.el8_1.noarch.rpm git-daemon-2.18.2-1.el8_1.x86_64.rpm git-email-2.18.2-1.el8_1.noarch.rpm git-gui-2.18.2-1.el8_1.noarch.rpm git-instaweb-2.18.2-1.el8_1.x86_64.rpm git-subtree-2.18.2-1.el8_1.x86_64.rpm git-svn-2.18.2-1.el8_1.x86_64.rpm gitk-2.18.2-1.el8_1.noarch.rpm gitweb-2.18.2-1.el8_1.noarch.rpm perl-Git-2.18.2-1.el8_1.noarch.rpm perl-Git-SVN-2.18.2-1.el8_1.noarch.rpm aarch64: git-2.18.2-1.el8_1.aarch64.rpm git-all-2.18.2-1.el8_1.noarch.rpm git-core-2.18.2-1.el8_1.aarch64.rpm git-core-doc-2.18.2-1.el8_1.noarch.rpm git-daemon-2.18.2-1.el8_1.aarch64.rpm git-email-2.18.2-1.el8_1.noarch.rpm git-gui-2.18.2-1.el8_1.noarch.rpm git-instaweb-2.18.2-1.el8_1.aarch64.rpm git-subtree-2.18.2-1.el8_1.aarch64.rpm git-svn-2.18.2-1.el8_1.aarch64.rpm gitk-2.18.2-1.el8_1.noarch.rpm gitweb-2.18.2-1.el8_1.noarch.rpm perl-Git-2.18.2-1.el8_1.noarch.rpm perl-Git-SVN-2.18.2-1.el8_1.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/git-2.18.2-1.el8_1.src.rpm Description of changes: [2.18.2-1] - Update to release 2.18.2 - Remote code execution in recursive clones with nested submodules Resolves: CVE-2019-1387 - Fixes CVE-2019-1348, CVE-2019-1349, CVE-2019-1350, CVE-2019-1351, CVE-2019-1352, CVE-2019-1353, CVE-2019-1354 From el-errata at oss.oracle.com Fri Dec 20 07:33:54 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 20 Dec 2019 07:33:54 -0800 Subject: [El-errata] ELSA-2019-4326 Important: Oracle Linux 7 fribidi security update (aarch64) Message-ID: <54195861-c1a2-8ff0-9418-401669261c64@oracle.com> Oracle Linux Security Advisory ELSA-2019-4326 http://linux.oracle.com/errata/ELSA-2019-4326.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: aarch64: fribidi-1.0.2-1.el7_7.1.aarch64.rpm fribidi-devel-1.0.2-1.el7_7.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/fribidi-1.0.2-1.el7_7.1.src.rpm Description of changes: [1.0.2-1.1] - Security fix for CVE-2019-18397 Resolves: rhbz#1781224 From el-errata at oss.oracle.com Fri Dec 20 07:34:26 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 20 Dec 2019 07:34:26 -0800 Subject: [El-errata] ELSA-2019-4884 Important: Oracle Linux 7 python security update (aarch64) Message-ID: <4f64801f-17b3-e4dc-7830-64bf568a59d8@oracle.com> Oracle Linux Security Advisory ELSA-2019-4884 http://linux.oracle.com/errata/ELSA-2019-4884.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: aarch64: python-2.7.5-86.0.3.el7.aarch64.rpm python-devel-2.7.5-86.0.3.el7.aarch64.rpm python-libs-2.7.5-86.0.3.el7.aarch64.rpm python-debug-2.7.5-86.0.3.el7.aarch64.rpm python-test-2.7.5-86.0.3.el7.aarch64.rpm python-tools-2.7.5-86.0.3.el7.aarch64.rpm tkinter-2.7.5-86.0.3.el7.aarch64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/python-2.7.5-86.0.3.el7.src.rpm Description of changes: [2.7.5-86.0.3] - Prefix dot in domain for proper subdomain validation [CVE-2018-20852][Orabug: 30114725] From el-errata at oss.oracle.com Mon Dec 23 09:56:17 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 23 Dec 2019 12:56:17 -0500 Subject: [El-errata] New Ksplice updates for RHCK 7 (ELSA-2019-3979) Message-ID: <1180a5d4-786b-16f8-90bf-6680f974bd12@oracle.com> Synopsis: ELSA-2019-3979 can now be patched using Ksplice CVEs: CVE-2019-14821 CVE-2019-15239 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2019-3979. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2019-3979.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running RHCK 7 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2019-14821: Denial-of-service in KVM MMIO coalesced writes. An out-of-bounds access to the coalesced MMIO ring buffer could result in a kernel crash.? A malicious guest could use this flaw to crash the hypervisor or potentially, escalate privileges. * Improved fix for CVE-2019-15239: Use-after-free in TCP write queue purge path. A failure to properly zero out pointers to freed memory in the tcp_write_queue_purge function can lead to a use-after-free scenario. This could potentially cause a system to exhibit unexpected behavior, and could lead to a denial-of-service. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Tue Dec 24 05:50:24 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 24 Dec 2019 05:50:24 -0800 Subject: [El-errata] ELSA-2019-4361 Important: Oracle Linux 8 fribidi security update Message-ID: <546b0a80-ffc2-686d-21a9-fa89f0c01f30@oracle.com> Oracle Linux Security Advisory ELSA-2019-4361 http://linux.oracle.com/errata/ELSA-2019-4361.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: fribidi-1.0.4-7.el8_1.i686.rpm fribidi-1.0.4-7.el8_1.x86_64.rpm fribidi-devel-1.0.4-7.el8_1.i686.rpm fribidi-devel-1.0.4-7.el8_1.x86_64.rpm aarch64: fribidi-1.0.4-7.el8_1.aarch64.rpm fribidi-devel-1.0.4-7.el8_1.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/fribidi-1.0.4-7.el8_1.src.rpm Description of changes: [1.0.4-7] - Security fix for CVE-2019-18397 Resolves: rhbz#1781226 From el-errata at oss.oracle.com Tue Dec 24 05:50:58 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Tue, 24 Dec 2019 05:50:58 -0800 Subject: [El-errata] ELBA-2019-4888 Oracle Linux 7 binutils bug fix update Message-ID: Oracle Linux Bug Fix Advisory ELBA-2019-4888 http://linux.oracle.com/errata/ELBA-2019-4888.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: binutils-2.27-41.base.0.5.el7_7.1.x86_64.rpm binutils-devel-2.27-41.base.0.5.el7_7.1.i686.rpm binutils-devel-2.27-41.base.0.5.el7_7.1.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/binutils-2.27-41.base.0.5.el7_7.1.src.rpm Description of changes: [2.27-41.base.0.5.el7_7.1] - Replace the following patches ... binutils-2.33-i386-gas-01-add-md_cons_worker.patch binutils-2.33-i386-gas-02-add-md_generic_table_relax_frag.patch binutils-2.33-i386-gas-03-align-branches-within-a-fixed-boundary.patch binutils-2.33-i386-gas-04-add-mbranches-within-32B-boundaries.patch binutils-2.33-i386-gas-05-add-tests-for-malign-branch-boundary-and-malign.patch - ... with the following upstream versions: binutils-2.33-i386-gas-01-add-md_generic_table_relax_frag.patch binutils-2.33-i386-gas-02-align-branches-within-a-fixed-boundary.patch binutils-2.33-i386-gas-03-add-mbranches-within-32B-boundaries.patch binutils-2.33-i386-gas-04-add-tests-for-malign-branch-boundary-and-malign.patch - Reviewed-by: Jose E. Marchesi