From el-errata at oss.oracle.com Mon Dec 2 10:19:46 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 2 Dec 2019 10:19:46 -0800 Subject: [El-errata] ELBA-2019-3696 Oracle Linux 8 yum bug fix update Message-ID: <848e4872-4742-48f4-eeca-1abd760f2cea@oracle.com> Oracle Linux Bug Fix Advisory ELBA-2019-3696 http://linux.oracle.com/errata/ELBA-2019-3696.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: dnf-4.2.7-7.el8_1.noarch.rpm dnf-automatic-4.2.7-7.el8_1.noarch.rpm dnf-data-4.2.7-7.el8_1.noarch.rpm libdnf-0.35.1-9.0.1.el8_1.i686.rpm libdnf-0.35.1-9.0.1.el8_1.x86_64.rpm python3-dnf-4.2.7-7.el8_1.noarch.rpm python3-hawkey-0.35.1-9.0.1.el8_1.x86_64.rpm python3-libdnf-0.35.1-9.0.1.el8_1.x86_64.rpm yum-4.2.7-7.el8_1.noarch.rpm aarch64: dnf-4.2.7-7.el8_1.noarch.rpm dnf-automatic-4.2.7-7.el8_1.noarch.rpm dnf-data-4.2.7-7.el8_1.noarch.rpm libdnf-0.35.1-9.0.1.el8_1.aarch64.rpm python3-dnf-4.2.7-7.el8_1.noarch.rpm python3-hawkey-0.35.1-9.0.1.el8_1.aarch64.rpm python3-libdnf-0.35.1-9.0.1.el8_1.aarch64.rpm yum-4.2.7-7.el8_1.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/dnf-4.2.7-7.el8_1.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/libdnf-0.35.1-9.0.1.el8_1.src.rpm Description of changes: dnf [4.2.7-7] - Prevent reinstalling modified packages with same NEVRA (RhBug:1728252,1644241,1760825) libdnf [0.35.1-9.0.1] - Disable rhsm [Orabug: 29901202] - Replaced bugzilla.redhat.com with bugzilla.oracle.com in config [Orabug: 29656932] - Add support for apps that use libdnf to access yum url with 'ociregion' variable [Orabug: 30121584] (Frank Deng) [0.35.1-9] - Prevent reinstalling modified packages with same NEVRA (RhBug:1728252,1644241,1760825) From el-errata at oss.oracle.com Mon Dec 2 14:37:22 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 2 Dec 2019 14:37:22 -0800 Subject: [El-errata] ELSA-2019-4024 Important: Oracle Linux 7 SDL security update Message-ID: <9e46d56b-c061-b92c-5c8a-43089f381223@oracle.com> Oracle Linux Security Advisory ELSA-2019-4024 http://linux.oracle.com/errata/ELSA-2019-4024.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: SDL-1.2.15-15.el7_7.i686.rpm SDL-1.2.15-15.el7_7.x86_64.rpm SDL-devel-1.2.15-15.el7_7.i686.rpm SDL-devel-1.2.15-15.el7_7.x86_64.rpm SDL-static-1.2.15-15.el7_7.i686.rpm SDL-static-1.2.15-15.el7_7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/SDL-1.2.15-15.el7_7.src.rpm Description of changes: [1.2.15-15] - Fix CVE-2019-13616 (a heap buffer over-read in BlitNtoN) (bug #1747237) - Resolves: rhbz#1756276 From el-errata at oss.oracle.com Thu Dec 5 05:37:34 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 5 Dec 2019 05:37:34 -0800 Subject: [El-errata] ELSA-2019-4868 Important: Oracle Linux 6 microcode_ctl security update Message-ID: Oracle Linux Security Advisory ELSA-2019-4868 http://linux.oracle.com/errata/ELSA-2019-4868.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: i386: microcode_ctl-1.17-33.19.0.4.el6_10.i686.rpm x86_64: microcode_ctl-1.17-33.19.0.4.el6_10.x86_64.rpm SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/microcode_ctl-1.17-33.19.0.4.el6_10.src.rpm Description of changes: [3:1.17-33.19.0.4] - set early_microcode="no" in virtualized guests to avoid early load bugs [Orabug: 30618737] [3:1.17-33.19.0.1] - merge Oracle changes for early load via dracut - enable late load on install for UEK4 kernels marked safe (except BDW-79) - update 06-55-04 to 0x2000065 - update 06-55-07 to 0x500002c From el-errata at oss.oracle.com Thu Dec 5 05:37:55 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Thu, 5 Dec 2019 05:37:55 -0800 Subject: [El-errata] ELSA-2019-4867 Important: Oracle Linux 7 microcode_ctl security update Message-ID: <55b54389-b5cd-c156-f2b5-ed9f55b95ba5@oracle.com> Oracle Linux Security Advisory ELSA-2019-4867 http://linux.oracle.com/errata/ELSA-2019-4867.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: microcode_ctl-2.1-53.3.0.4.el7_7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/microcode_ctl-2.1-53.3.0.4.el7_7.src.rpm Description of changes: [2:2.1-53.3.0.4] - set early_microcode="no" in virtualized guests to avoid early load bugs [Orabug: 30618736] [2:2.1-53.3.0.1] - do not late load prior to 3.10.0 - ensure late loading fixes are present on 4.1.12-* and 4.14.35-* - enable early loading on 06-4f-01 - update 06-55-04 to 0x2000065 - update 06-55-07 to 0x500002c From el-errata at oss.oracle.com Fri Dec 6 05:27:01 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 6 Dec 2019 05:27:01 -0800 Subject: [El-errata] ELSA-2019-4111 Critical: Oracle Linux 8 firefox security update Message-ID: <31647d16-abe3-e185-5f5f-06a489c09e08@oracle.com> Oracle Linux Security Advisory ELSA-2019-4111 http://linux.oracle.com/errata/ELSA-2019-4111.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: firefox-68.3.0-1.0.1.el8_1.x86_64.rpm aarch64: firefox-68.3.0-1.0.1.el8_1.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/firefox-68.3.0-1.0.1.el8_1.src.rpm Description of changes: [68.3.0-1.0.1] - Rebuild to pickup Oracle default bookmarks [Orabug: 30069264] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Remove upstream references [Orabug: 30530527] [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild From el-errata at oss.oracle.com Fri Dec 6 05:27:26 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 6 Dec 2019 05:27:26 -0800 Subject: [El-errata] ELBA-2019-4112 Oracle Linux 8 fence-agents bug fix update Message-ID: <6ba6dfe3-8555-3207-5b3d-0124b94f5a4d@oracle.com> Oracle Linux Bug Fix Advisory ELBA-2019-4112 http://linux.oracle.com/errata/ELBA-2019-4112.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: fence-agents-all-4.2.1-30.el8_1.1.x86_64.rpm fence-agents-amt-ws-4.2.1-30.el8_1.1.noarch.rpm fence-agents-apc-4.2.1-30.el8_1.1.noarch.rpm fence-agents-apc-snmp-4.2.1-30.el8_1.1.noarch.rpm fence-agents-bladecenter-4.2.1-30.el8_1.1.noarch.rpm fence-agents-brocade-4.2.1-30.el8_1.1.noarch.rpm fence-agents-cisco-mds-4.2.1-30.el8_1.1.noarch.rpm fence-agents-cisco-ucs-4.2.1-30.el8_1.1.noarch.rpm fence-agents-common-4.2.1-30.el8_1.1.noarch.rpm fence-agents-compute-4.2.1-30.el8_1.1.noarch.rpm fence-agents-drac5-4.2.1-30.el8_1.1.noarch.rpm fence-agents-eaton-snmp-4.2.1-30.el8_1.1.noarch.rpm fence-agents-emerson-4.2.1-30.el8_1.1.noarch.rpm fence-agents-eps-4.2.1-30.el8_1.1.noarch.rpm fence-agents-heuristics-ping-4.2.1-30.el8_1.1.noarch.rpm fence-agents-hpblade-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ibmblade-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ifmib-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ilo-moonshot-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ilo-mp-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ilo-ssh-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ilo2-4.2.1-30.el8_1.1.noarch.rpm fence-agents-intelmodular-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ipdu-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ipmilan-4.2.1-30.el8_1.1.noarch.rpm fence-agents-kdump-4.2.1-30.el8_1.1.x86_64.rpm fence-agents-mpath-4.2.1-30.el8_1.1.noarch.rpm fence-agents-redfish-4.2.1-30.el8_1.1.x86_64.rpm fence-agents-rhevm-4.2.1-30.el8_1.1.noarch.rpm fence-agents-rsa-4.2.1-30.el8_1.1.noarch.rpm fence-agents-rsb-4.2.1-30.el8_1.1.noarch.rpm fence-agents-sbd-4.2.1-30.el8_1.1.noarch.rpm fence-agents-scsi-4.2.1-30.el8_1.1.noarch.rpm fence-agents-virsh-4.2.1-30.el8_1.1.noarch.rpm fence-agents-vmware-rest-4.2.1-30.el8_1.1.noarch.rpm fence-agents-vmware-soap-4.2.1-30.el8_1.1.noarch.rpm fence-agents-wti-4.2.1-30.el8_1.1.noarch.rpm aarch64: fence-agents-all-4.2.1-30.el8_1.1.aarch64.rpm fence-agents-amt-ws-4.2.1-30.el8_1.1.noarch.rpm fence-agents-apc-4.2.1-30.el8_1.1.noarch.rpm fence-agents-apc-snmp-4.2.1-30.el8_1.1.noarch.rpm fence-agents-bladecenter-4.2.1-30.el8_1.1.noarch.rpm fence-agents-brocade-4.2.1-30.el8_1.1.noarch.rpm fence-agents-cisco-mds-4.2.1-30.el8_1.1.noarch.rpm fence-agents-cisco-ucs-4.2.1-30.el8_1.1.noarch.rpm fence-agents-common-4.2.1-30.el8_1.1.noarch.rpm fence-agents-compute-4.2.1-30.el8_1.1.noarch.rpm fence-agents-drac5-4.2.1-30.el8_1.1.noarch.rpm fence-agents-eaton-snmp-4.2.1-30.el8_1.1.noarch.rpm fence-agents-emerson-4.2.1-30.el8_1.1.noarch.rpm fence-agents-eps-4.2.1-30.el8_1.1.noarch.rpm fence-agents-heuristics-ping-4.2.1-30.el8_1.1.noarch.rpm fence-agents-hpblade-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ibmblade-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ifmib-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ilo-moonshot-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ilo-mp-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ilo-ssh-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ilo2-4.2.1-30.el8_1.1.noarch.rpm fence-agents-intelmodular-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ipdu-4.2.1-30.el8_1.1.noarch.rpm fence-agents-ipmilan-4.2.1-30.el8_1.1.noarch.rpm fence-agents-kdump-4.2.1-30.el8_1.1.aarch64.rpm fence-agents-mpath-4.2.1-30.el8_1.1.noarch.rpm fence-agents-redfish-4.2.1-30.el8_1.1.aarch64.rpm fence-agents-rhevm-4.2.1-30.el8_1.1.noarch.rpm fence-agents-rsa-4.2.1-30.el8_1.1.noarch.rpm fence-agents-rsb-4.2.1-30.el8_1.1.noarch.rpm fence-agents-sbd-4.2.1-30.el8_1.1.noarch.rpm fence-agents-scsi-4.2.1-30.el8_1.1.noarch.rpm fence-agents-virsh-4.2.1-30.el8_1.1.noarch.rpm fence-agents-vmware-rest-4.2.1-30.el8_1.1.noarch.rpm fence-agents-vmware-soap-4.2.1-30.el8_1.1.noarch.rpm fence-agents-wti-4.2.1-30.el8_1.1.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/fence-agents-4.2.1-30.el8_1.1.src.rpm Description of changes: [4.2.1-30.1] - fence_compute: disable service after force-down Resolves: rhbz#1762432 From el-errata at oss.oracle.com Fri Dec 6 07:42:58 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 6 Dec 2019 07:42:58 -0800 Subject: [El-errata] ELBA-2019-4106 Oracle Linux 7 kernel bug fix update Message-ID: <792d4030-ce98-3913-7828-ee80eaf8939a@oracle.com> Oracle Linux Bug Fix Advisory ELBA-2019-4106 http://linux.oracle.com/errata/ELBA-2019-4106.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-3.10.0-1062.9.1.el7.x86_64.rpm kernel-3.10.0-1062.9.1.el7.x86_64.rpm kernel-abi-whitelists-3.10.0-1062.9.1.el7.noarch.rpm kernel-debug-3.10.0-1062.9.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.9.1.el7.x86_64.rpm kernel-devel-3.10.0-1062.9.1.el7.x86_64.rpm kernel-doc-3.10.0-1062.9.1.el7.noarch.rpm kernel-headers-3.10.0-1062.9.1.el7.x86_64.rpm kernel-tools-3.10.0-1062.9.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.9.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.9.1.el7.x86_64.rpm perf-3.10.0-1062.9.1.el7.x86_64.rpm python-perf-3.10.0-1062.9.1.el7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-1062.9.1.el7.src.rpm Description of changes: [3.10.0-1062.9.1.el7.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko at oracle.com) - Update x509.genkey [Orabug: 24817676] [3.10.0-1062.9.1.el7] - [kernel] sched: Fix race between task_group and sched_task_group (Oleksandr Natalenko) [1778545 1738415] [3.10.0-1062.8.1.el7] - [kernel] sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices (Phil Auld) [1770738 1752136] From el-errata at oss.oracle.com Fri Dec 6 07:43:19 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 6 Dec 2019 07:43:19 -0800 Subject: [El-errata] ELSA-2019-4107 Critical: Oracle Linux 7 firefox security update Message-ID: <74c4bb4e-f405-a69f-5631-81e6f629aada@oracle.com> Oracle Linux Security Advisory ELSA-2019-4107 http://linux.oracle.com/errata/ELSA-2019-4107.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: firefox-68.3.0-1.0.1.el7_7.i686.rpm firefox-68.3.0-1.0.1.el7_7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/firefox-68.3.0-1.0.1.el7_7.src.rpm Description of changes: [68.3.0-1.0.1] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild From el-errata at oss.oracle.com Fri Dec 6 07:43:40 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 6 Dec 2019 07:43:40 -0800 Subject: [El-errata] ELSA-2019-4107 Critical: Oracle Linux 7 firefox security update (aarch64) Message-ID: <30427948-2428-e275-8916-46c5bd82924f@oracle.com> Oracle Linux Security Advisory ELSA-2019-4107 http://linux.oracle.com/errata/ELSA-2019-4107.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: aarch64: firefox-68.3.0-1.0.1.el7_7.aarch64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/firefox-68.3.0-1.0.1.el7_7.src.rpm Description of changes: [68.3.0-1.0.1] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild From el-errata at oss.oracle.com Fri Dec 6 13:15:55 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Fri, 6 Dec 2019 13:15:55 -0800 Subject: [El-errata] ELBA-2019-4106-1 Oracle Linux 7 kernel bug fix update Message-ID: <0c4f4144-a336-b131-d5a5-36f7b135c3c5@oracle.com> Oracle Linux Bug Fix Advisory ELBA-2019-4106-1 http://linux.oracle.com/errata/ELBA-2019-4106-1.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-3.10.0-1062.9.1.0.1.el7.x86_64.rpm kernel-3.10.0-1062.9.1.0.1.el7.x86_64.rpm kernel-abi-whitelists-3.10.0-1062.9.1.0.1.el7.noarch.rpm kernel-debug-3.10.0-1062.9.1.0.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.9.1.0.1.el7.x86_64.rpm kernel-devel-3.10.0-1062.9.1.0.1.el7.x86_64.rpm kernel-doc-3.10.0-1062.9.1.0.1.el7.noarch.rpm kernel-headers-3.10.0-1062.9.1.0.1.el7.x86_64.rpm kernel-tools-3.10.0-1062.9.1.0.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.9.1.0.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.9.1.0.1.el7.x86_64.rpm perf-3.10.0-1062.9.1.0.1.el7.x86_64.rpm python-perf-3.10.0-1062.9.1.0.1.el7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-1062.9.1.0.1.el7.src.rpm Description of changes: [3.10.0-1062.9.1.0.1.el7.OL7] - [xen/balloon] Support xend-based toolstack (Orabug: 28663970) - [x86/apic/x2apic] avoid allocate multiple irq vectors for a single interrupt on multiple cpu, otherwise irq vectors would be used up when there are only 2 cpu online per node. [Orabug: 28691156] - [bonding] avoid repeated display of same link status change. [Orabug: 28109857] - [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [Orabug: 22552377] From el-errata at oss.oracle.com Mon Dec 9 09:55:43 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 9 Dec 2019 09:55:43 -0800 Subject: [El-errata] ELSA-2019-4870 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update Message-ID: <1b52a51c-233a-289e-2ea3-a3407b8fe92d@oracle.com> Oracle Linux Security Advisory ELSA-2019-4870 http://linux.oracle.com/errata/ELSA-2019-4870.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-doc-4.1.12-124.34.1.el7uek.noarch.rpm kernel-uek-firmware-4.1.12-124.34.1.el7uek.noarch.rpm kernel-uek-4.1.12-124.34.1.el7uek.x86_64.rpm kernel-uek-devel-4.1.12-124.34.1.el7uek.x86_64.rpm kernel-uek-debug-4.1.12-124.34.1.el7uek.x86_64.rpm kernel-uek-debug-devel-4.1.12-124.34.1.el7uek.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.1.12-124.34.1.el7uek.src.rpm Description of changes: [4.1.12-124.34.1.el7uek] - block/loop: set hw_sectors (Shaohua Li) [Orabug: 30244514] - block-mq: fix hung due to too much warning log (Junxiao Bi) [Orabug: 30273956] - oled: export symbols (Wengang Wang) [Orabug: 30512063] - oled: give panic handler chance to run before kexec (Wengang Wang) [Orabug: 30512063] - USB: sisusbvga: fix oops in error path of sisusb_probe (Oliver Neukum) [Orabug: 30548565] {CVE-2019-15219} [4.1.12-124.33.5.el7uek] - net/mlx5: bump driver rev (Brian Maly) [Orabug: 30479538] - net/mlx5: Add 25G and 50G types (John Donnelly) [Orabug: 30479538] - net/mlx5: Add ConnectX-5 PCIe 4.0 VF device ID (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Fix pci error recovery flow (Mohamad Haj Yahia) [Orabug: 30479538] - net/mlx5: Add timeout handle to commands with callback (Mohamad Haj Yahia) [Orabug: 30479538] - net/mlx5: Fix potential deadlock in command mode change (Mohamad Haj Yahia) [Orabug: 30479538] - net/mlx5: Fix wait_vital for VFs and remove fixed sleep (Daniel Jurgens) [Orabug: 30479538] - net/mlx5: Add ConnectX-5 PCIe 4.0 to list of supported devices (Majd Dibbiny) [Orabug: 30479538] - net/mlx5e: Add missing 50G baseSR2 link mode (Gal Pressman) [Orabug: 30479538] - net/mlx5_core: Add ConnectX-5 to list of supported devices (Majd Dibbiny) [Orabug: 30479538] - net/mlx5e: Fix MLX5E_100BASE_T define (Rana Shahout) [Orabug: 30479538] - net/mlx5e: Fix soft lockup when HW Timestamping is enabled (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5: Make command timeout way shorter (Or Gerlitz) [Orabug: 30479538] - net/mlx5: Fix teardown errors that happen in pci error handler (Mohamad Haj Yahia) [Orabug: 30479538] - IB/mlx5: Support setting Ethernet priority for Raw Packet QPs (majd at mellanox.com) [Orabug: 30479538] - IB/mlx5: Add Raw Packet QP query functionality (majd at mellanox.com) [Orabug: 30479538] - net/mlx5_core: Warn on unsupported events of QP/RQ/SQ (majd at mellanox.com) [Orabug: 30479538] - net/mlx5_core: Add RQ and SQ event handling (majd at mellanox.com) [Orabug: 30479538] - net/mlx5_core: Export transport objects (majd at mellanox.com) [Orabug: 30479538] - IB/mlx5: Add CQE version 1 support to user QPs and SRQs (Haggai Abramovsky) [Orabug: 30479538] - net/mlx5_core: Fix trimming down IRQ number (Doron Tsur) [Orabug: 30479538] - net/mlx5_core: Export flow steering API (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Make ipv4/ipv6 location more clear (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Enable flow steering support for the IB driver (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Initialize namespaces only when supported by device (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Set priority attributes (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Connect flow tables (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Introduce modify flow table command (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Managing root flow table (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Add utilities to find next and prev flow-tables (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Introduce flow steering autogrouped flow table (Maor Gottlieb) [Orabug: 30479538] - net/mlx5e: Add PTP Hardware Clock (PHC) support (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5e: Add HW timestamping (TS) support (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5_core: Introduce access function to read internal timer (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5e: Do not modify the TX SKB (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Add setting ATOMIC endian mode (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5_core: Introduce access functions to enable/disable RoCE (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Break down the vport mac address query function (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Rename en_flow_table.c to en_fs.c (Maor Gottlieb) [Orabug: 30479538] - net/mlx5: Use flow steering infrastructure for mlx5_en (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Flow steering tree initialization (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Introduce flow steering API (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Add flow steering lookup algorithms (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Add flow steering base data structures (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Introduce flow steering firmware commands (Maor Gottlieb) [Orabug: 30479538] - net/mlx5e: Assign random MAC address if needed (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Fix query E-Switch capabilities (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Add support for SR-IOV ndos (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce get vf statistics (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce set vport vlan (VST mode) (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce HCA cap and E-Switch vport context (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce Vport administration functions (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Add SR-IOV (FDB) support (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce FDB hardware capabilities (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introducing E-Switch and l2 table (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Write vlan list into vport context (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Write UC/MC list and promisc mode into vport context (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introduce access functions to modify/query vport vlans (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introduce access functions to modify/query vport promisc mode (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introduce access functions to modify/query vport state (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introduce access functions to modify/query vport mac lists (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Update access functions to Query/Modify vport MAC address (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Add HW capabilities and structs for SR-IOV E-Switch (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: Add base sriov support (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Modify enable/disable hca functions (Eli Cohen) [Orabug: 30479538] - mlx5: support napi_complete_done() (Eric Dumazet) [Orabug: 30479538] - mlx5: add busy polling support (Eric Dumazet) [Orabug: 30479538] - net/mlx5e: Use the right DMA free function on TX path (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Max mtu comparison fix (Doron Tsur) [Orabug: 30479538] - net/mlx5e: Added self loopback prevention (Tariq Toukan) [Orabug: 30479538] - net/mlx5e: Fix inline header size calculation (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Fix LSO vlan insertion (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Re-eanble client vlan TX acceleration (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Return error in case mlx5e_set_features() fails (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Don't allow more than max supported channels (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Use the the real irqn in eq->irqn (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Wait for RX buffers initialization in a more proper manner (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Avoid NULL pointer access in case of configuration failure (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Wait for FW readiness on startup (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Add pci error handlers to mlx5_core driver (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Fix internal error detection conditions (Eli Cohen) [Orabug: 30479538] (Christoph Hellwig) [Orabug: 30479538] - net/mlx5e: Disable VLAN filter in promiscuous mode (Achiad Shochat) [Orabug: 30479538] - net/mlx5: Fix typo in mlx5_query_port_pvlc (Jiri Pirko) [Orabug: 30479538] - net/mlx5_core: Use private health thread for each device (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Use accessor functions to read from device memory (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Prepare cmd interface to system errors handling (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Improve mlx5 messages (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Update health syndromes (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Fix wrong name in struct (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: New init and exit flow for mlx5_core (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Fix notification of page supplement error (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Fix async commands return code (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Remove redundant "err" variable usage (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Fix struct type in the DESTROY_TIR/TIS device commands (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Priv state flag not rolled-back upon netdev open error (Achiad Shochat) [Orabug: 30479538] - IB/mlx5: Remove support for IB_DEVICE_LOCAL_DMA_LKEY (Sagi Grimberg) [Orabug: 30479538] - mlx5: Fix incorrect wc pkey_index assignment for GSI messages (Sagi Grimberg) [Orabug: 30479538] - mlx5: Expose max_sge_rd correctly (Sagi Grimberg) [Orabug: 30479538] - mlx5: Expose correct page_size_cap in device attributes (Sagi Grimberg) [Orabug: 30479538] - mlx5: Fix missing device local_dma_lkey (Sagi Grimberg) [Orabug: 30479538] - net/mlx5e: Avoid accessing NULL pointer at ndo_select_queue (Rana Shahout) [Orabug: 30479538] - mlx5e: Fix sparse warnings in mlx5e_handle_csum(). (David S. Miller) [Orabug: 30479538] - net/mlx5e: Support RX CHECKSUM_COMPLETE (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Support ethtool get/set_pauseparam (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Ethtool link speed setting fixes (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: HW LRO changes/fixes (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Support smaller RX/TX ring sizes (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Add ethtool RSS configuration options (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Make RSS indirection table size a constant (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Have a single RSS Toeplitz hash key (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Set log_uar_page_sz for non 4K page size architecture (Carol L Soto) [Orabug: 30479538] - net/mlx5_core: Support physical port counters (Gal Pressman) [Orabug: 30479538] - net/mlx5e: Take advantage of the light-weight netdev open/stop (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Disable async events before unregister_netdev() (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Rename/move functions following the ndo_stop flow change (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Light-weight netdev open/stop (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Introduce access function to modify RSS/LRO params (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Introduce the "Drop RQ" (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Unify the RX flow (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove the mlx5e_update_priv_params() function (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Introduce create/destroy RSS indir table access functions (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Do not use netdev_err() before the netdev is registered (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Avoid redundant de-reference (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove redundant assignment of sq->user_index (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove redundant field mlx5e_priv->num_tc (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Use hard-coded 4K page size for RQ/SQ/CQ (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Check the return value of mlx5_command_exec() (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5e: Input IPSEC.SPI into the RX RSS hash function (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Cosmetics: use BIT() instead of "1 <<", and others (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: TX latency optimization to save DMA reads (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Support TX packet copy into WQE (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Allocate DMA coherent memory on reader NUMA node (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Support ETH_RSS_HASH_XOR (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Prefetch skb data on RX (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Pop cq outside mlx5e_get_cqe (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove mlx5e_cq.sqrq back-pointer (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove extra spaces (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Avoid TX CQE generation if more xmit packets expected (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Avoid redundant dev_kfree_skb() upon NOP completion (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove re-assignment of wq type in mlx5e_enable_rq() (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Use skb_shinfo(skb)->gso_segs rather than counting them (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Static mapping of netdev priv resources to/from netdev TX queues (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Add transport domain to the ethernet TIRs/TISs (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Add transport domain alloc/dealloc support (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Support NETIF_F_SG (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Enforce max flow-tables level >= 3 (Gal Pressman) [Orabug: 30479538] - net/mlx5e: Disable client vlan TX acceleration (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Add HW cacheline start padding (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Fix HW MTU settings (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: fix an error code (Dan Carpenter) [Orabug: 30479538] - net/mlx5_core: Fix static checker warnings around system guid query flow (Majd Dibbiny) [Orabug: 30479538] - mlx5: Enable mutual support for IB and Ethernet (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5_core: Add more query port helpers (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Use port number when querying port ptys (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Use port number in the query port mtu helpers (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Get vendor-id using the query adapter command (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Add new query HCA vport commands (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Make the vport helpers available for the IB driver too (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Check the return bitmask when querying ISSI (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5_core: Enable XRCs and SRQs when using ISSI > 0 (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5_core: Apply proper name convention to helpers (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5_en: Add missing check for memory allocation failure (Amir Vadai) [Orabug: 30479538] - net/mlx5: Extend mlx5_core to support ConnectX-4 Ethernet functionality (Amir Vadai) [Orabug: 30479538] - net/mlx5: Ethernet resource handling files (Amir Vadai) [Orabug: 30479538] - net/mlx5: Ethernet Datapath files (Amir Vadai) [Orabug: 30479538] - net/mlx5_core: Set/Query port MTU commands (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: Modify CQ moderation parameters (Rana Shahout) [Orabug: 30479538] - net/mlx5_core: Implement get/set port status (Rana Shahout) [Orabug: 30479538] - net/mlx5_core: Implement access functions of ptys register fields (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: New device capabilities handling (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: HW data structs/types definitions cleanup (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: Set irq affinity hints (Saeed Mahameed) [Orabug: 30479538] - mlx5: add kcompat.h (Brian Maly) [Orabug: 30479538] - net/mlx5_core,mlx5_ib: Do not use vmap() on coherent memory (Amir Vadai) [Orabug: 30479538] - mlx5: enable module in kernel configs (Brian Maly) [Orabug: 30479538] - config: disable mlx5_ib (Brian Maly) [Orabug: 30479538] - nano: remove mlx5_ib (Brian Maly) [Orabug: 30479538] - fix retpoline build breakage when CONFIG_RETPOLINE is not set (Brian Maly) [Orabug: 30479538] From el-errata at oss.oracle.com Mon Dec 9 09:56:24 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 9 Dec 2019 09:56:24 -0800 Subject: [El-errata] ELSA-2019-4870 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update Message-ID: <625e603b-9842-182d-6571-322d301504bf@oracle.com> Oracle Linux Security Advisory ELSA-2019-4870 http://linux.oracle.com/errata/ELSA-2019-4870.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-doc-4.1.12-124.34.1.el6uek.noarch.rpm kernel-uek-firmware-4.1.12-124.34.1.el6uek.noarch.rpm kernel-uek-4.1.12-124.34.1.el6uek.x86_64.rpm kernel-uek-devel-4.1.12-124.34.1.el6uek.x86_64.rpm kernel-uek-debug-4.1.12-124.34.1.el6uek.x86_64.rpm kernel-uek-debug-devel-4.1.12-124.34.1.el6uek.x86_64.rpm SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-4.1.12-124.34.1.el6uek.src.rpm Description of changes: [4.1.12-124.34.1.el6uek] - block/loop: set hw_sectors (Shaohua Li) [Orabug: 30244514] - block-mq: fix hung due to too much warning log (Junxiao Bi) [Orabug: 30273956] - oled: export symbols (Wengang Wang) [Orabug: 30512063] - oled: give panic handler chance to run before kexec (Wengang Wang) [Orabug: 30512063] - USB: sisusbvga: fix oops in error path of sisusb_probe (Oliver Neukum) [Orabug: 30548565] {CVE-2019-15219} [4.1.12-124.33.5.el6uek] - net/mlx5: bump driver rev (Brian Maly) [Orabug: 30479538] - net/mlx5: Add 25G and 50G types (John Donnelly) [Orabug: 30479538] - net/mlx5: Add ConnectX-5 PCIe 4.0 VF device ID (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Fix pci error recovery flow (Mohamad Haj Yahia) [Orabug: 30479538] - net/mlx5: Add timeout handle to commands with callback (Mohamad Haj Yahia) [Orabug: 30479538] - net/mlx5: Fix potential deadlock in command mode change (Mohamad Haj Yahia) [Orabug: 30479538] - net/mlx5: Fix wait_vital for VFs and remove fixed sleep (Daniel Jurgens) [Orabug: 30479538] - net/mlx5: Add ConnectX-5 PCIe 4.0 to list of supported devices (Majd Dibbiny) [Orabug: 30479538] - net/mlx5e: Add missing 50G baseSR2 link mode (Gal Pressman) [Orabug: 30479538] - net/mlx5_core: Add ConnectX-5 to list of supported devices (Majd Dibbiny) [Orabug: 30479538] - net/mlx5e: Fix MLX5E_100BASE_T define (Rana Shahout) [Orabug: 30479538] - net/mlx5e: Fix soft lockup when HW Timestamping is enabled (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5: Make command timeout way shorter (Or Gerlitz) [Orabug: 30479538] - net/mlx5: Fix teardown errors that happen in pci error handler (Mohamad Haj Yahia) [Orabug: 30479538] - IB/mlx5: Support setting Ethernet priority for Raw Packet QPs (majd at mellanox.com) [Orabug: 30479538] - IB/mlx5: Add Raw Packet QP query functionality (majd at mellanox.com) [Orabug: 30479538] - net/mlx5_core: Warn on unsupported events of QP/RQ/SQ (majd at mellanox.com) [Orabug: 30479538] - net/mlx5_core: Add RQ and SQ event handling (majd at mellanox.com) [Orabug: 30479538] - net/mlx5_core: Export transport objects (majd at mellanox.com) [Orabug: 30479538] - IB/mlx5: Add CQE version 1 support to user QPs and SRQs (Haggai Abramovsky) [Orabug: 30479538] - net/mlx5_core: Fix trimming down IRQ number (Doron Tsur) [Orabug: 30479538] - net/mlx5_core: Export flow steering API (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Make ipv4/ipv6 location more clear (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Enable flow steering support for the IB driver (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Initialize namespaces only when supported by device (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Set priority attributes (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Connect flow tables (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Introduce modify flow table command (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Managing root flow table (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Add utilities to find next and prev flow-tables (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Introduce flow steering autogrouped flow table (Maor Gottlieb) [Orabug: 30479538] - net/mlx5e: Add PTP Hardware Clock (PHC) support (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5e: Add HW timestamping (TS) support (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5_core: Introduce access function to read internal timer (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5e: Do not modify the TX SKB (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Add setting ATOMIC endian mode (Eran Ben Elisha) [Orabug: 30479538] - net/mlx5_core: Introduce access functions to enable/disable RoCE (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Break down the vport mac address query function (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Rename en_flow_table.c to en_fs.c (Maor Gottlieb) [Orabug: 30479538] - net/mlx5: Use flow steering infrastructure for mlx5_en (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Flow steering tree initialization (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Introduce flow steering API (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Add flow steering lookup algorithms (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Add flow steering base data structures (Maor Gottlieb) [Orabug: 30479538] - net/mlx5_core: Introduce flow steering firmware commands (Maor Gottlieb) [Orabug: 30479538] - net/mlx5e: Assign random MAC address if needed (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Fix query E-Switch capabilities (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Add support for SR-IOV ndos (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce get vf statistics (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce set vport vlan (VST mode) (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce HCA cap and E-Switch vport context (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce Vport administration functions (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Add SR-IOV (FDB) support (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: E-Switch, Introduce FDB hardware capabilities (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introducing E-Switch and l2 table (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Write vlan list into vport context (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Write UC/MC list and promisc mode into vport context (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introduce access functions to modify/query vport vlans (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introduce access functions to modify/query vport promisc mode (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introduce access functions to modify/query vport state (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Introduce access functions to modify/query vport mac lists (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Update access functions to Query/Modify vport MAC address (Saeed Mahameed) [Orabug: 30479538] - net/mlx5: Add HW capabilities and structs for SR-IOV E-Switch (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: Add base sriov support (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Modify enable/disable hca functions (Eli Cohen) [Orabug: 30479538] - mlx5: support napi_complete_done() (Eric Dumazet) [Orabug: 30479538] - mlx5: add busy polling support (Eric Dumazet) [Orabug: 30479538] - net/mlx5e: Use the right DMA free function on TX path (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Max mtu comparison fix (Doron Tsur) [Orabug: 30479538] - net/mlx5e: Added self loopback prevention (Tariq Toukan) [Orabug: 30479538] - net/mlx5e: Fix inline header size calculation (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Fix LSO vlan insertion (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Re-eanble client vlan TX acceleration (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Return error in case mlx5e_set_features() fails (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Don't allow more than max supported channels (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Use the the real irqn in eq->irqn (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Wait for RX buffers initialization in a more proper manner (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Avoid NULL pointer access in case of configuration failure (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Wait for FW readiness on startup (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Add pci error handlers to mlx5_core driver (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Fix internal error detection conditions (Eli Cohen) [Orabug: 30479538] (Christoph Hellwig) [Orabug: 30479538] - net/mlx5e: Disable VLAN filter in promiscuous mode (Achiad Shochat) [Orabug: 30479538] - net/mlx5: Fix typo in mlx5_query_port_pvlc (Jiri Pirko) [Orabug: 30479538] - net/mlx5_core: Use private health thread for each device (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Use accessor functions to read from device memory (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Prepare cmd interface to system errors handling (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Improve mlx5 messages (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Update health syndromes (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Fix wrong name in struct (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: New init and exit flow for mlx5_core (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Fix notification of page supplement error (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Fix async commands return code (Eli Cohen) [Orabug: 30479538] - net/mlx5_core: Remove redundant "err" variable usage (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Fix struct type in the DESTROY_TIR/TIS device commands (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Priv state flag not rolled-back upon netdev open error (Achiad Shochat) [Orabug: 30479538] - IB/mlx5: Remove support for IB_DEVICE_LOCAL_DMA_LKEY (Sagi Grimberg) [Orabug: 30479538] - mlx5: Fix incorrect wc pkey_index assignment for GSI messages (Sagi Grimberg) [Orabug: 30479538] - mlx5: Expose max_sge_rd correctly (Sagi Grimberg) [Orabug: 30479538] - mlx5: Expose correct page_size_cap in device attributes (Sagi Grimberg) [Orabug: 30479538] - mlx5: Fix missing device local_dma_lkey (Sagi Grimberg) [Orabug: 30479538] - net/mlx5e: Avoid accessing NULL pointer at ndo_select_queue (Rana Shahout) [Orabug: 30479538] - mlx5e: Fix sparse warnings in mlx5e_handle_csum(). (David S. Miller) [Orabug: 30479538] - net/mlx5e: Support RX CHECKSUM_COMPLETE (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Support ethtool get/set_pauseparam (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Ethtool link speed setting fixes (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: HW LRO changes/fixes (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Support smaller RX/TX ring sizes (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Add ethtool RSS configuration options (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Make RSS indirection table size a constant (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Have a single RSS Toeplitz hash key (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Set log_uar_page_sz for non 4K page size architecture (Carol L Soto) [Orabug: 30479538] - net/mlx5_core: Support physical port counters (Gal Pressman) [Orabug: 30479538] - net/mlx5e: Take advantage of the light-weight netdev open/stop (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Disable async events before unregister_netdev() (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Rename/move functions following the ndo_stop flow change (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Light-weight netdev open/stop (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Introduce access function to modify RSS/LRO params (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Introduce the "Drop RQ" (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Unify the RX flow (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove the mlx5e_update_priv_params() function (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Introduce create/destroy RSS indir table access functions (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Do not use netdev_err() before the netdev is registered (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Avoid redundant de-reference (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove redundant assignment of sq->user_index (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove redundant field mlx5e_priv->num_tc (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Use hard-coded 4K page size for RQ/SQ/CQ (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Check the return value of mlx5_command_exec() (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5e: Input IPSEC.SPI into the RX RSS hash function (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Cosmetics: use BIT() instead of "1 <<", and others (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: TX latency optimization to save DMA reads (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Support TX packet copy into WQE (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Allocate DMA coherent memory on reader NUMA node (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Support ETH_RSS_HASH_XOR (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Prefetch skb data on RX (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Pop cq outside mlx5e_get_cqe (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove mlx5e_cq.sqrq back-pointer (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove extra spaces (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Avoid TX CQE generation if more xmit packets expected (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Avoid redundant dev_kfree_skb() upon NOP completion (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Remove re-assignment of wq type in mlx5e_enable_rq() (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Use skb_shinfo(skb)->gso_segs rather than counting them (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Static mapping of netdev priv resources to/from netdev TX queues (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Add transport domain to the ethernet TIRs/TISs (Achiad Shochat) [Orabug: 30479538] - net/mlx5_core: Add transport domain alloc/dealloc support (Achiad Shochat) [Orabug: 30479538] - net/mlx5e: Support NETIF_F_SG (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Enforce max flow-tables level >= 3 (Gal Pressman) [Orabug: 30479538] - net/mlx5e: Disable client vlan TX acceleration (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Add HW cacheline start padding (Saeed Mahameed) [Orabug: 30479538] - net/mlx5e: Fix HW MTU settings (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: fix an error code (Dan Carpenter) [Orabug: 30479538] - net/mlx5_core: Fix static checker warnings around system guid query flow (Majd Dibbiny) [Orabug: 30479538] - mlx5: Enable mutual support for IB and Ethernet (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5_core: Add more query port helpers (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Use port number when querying port ptys (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Use port number in the query port mtu helpers (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Get vendor-id using the query adapter command (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Add new query HCA vport commands (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Make the vport helpers available for the IB driver too (Majd Dibbiny) [Orabug: 30479538] - net/mlx5_core: Check the return bitmask when querying ISSI (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5_core: Enable XRCs and SRQs when using ISSI > 0 (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5_core: Apply proper name convention to helpers (Haggai Abramonvsky) [Orabug: 30479538] - net/mlx5_en: Add missing check for memory allocation failure (Amir Vadai) [Orabug: 30479538] - net/mlx5: Extend mlx5_core to support ConnectX-4 Ethernet functionality (Amir Vadai) [Orabug: 30479538] - net/mlx5: Ethernet resource handling files (Amir Vadai) [Orabug: 30479538] - net/mlx5: Ethernet Datapath files (Amir Vadai) [Orabug: 30479538] - net/mlx5_core: Set/Query port MTU commands (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: Modify CQ moderation parameters (Rana Shahout) [Orabug: 30479538] - net/mlx5_core: Implement get/set port status (Rana Shahout) [Orabug: 30479538] - net/mlx5_core: Implement access functions of ptys register fields (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: New device capabilities handling (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: HW data structs/types definitions cleanup (Saeed Mahameed) [Orabug: 30479538] - net/mlx5_core: Set irq affinity hints (Saeed Mahameed) [Orabug: 30479538] - mlx5: add kcompat.h (Brian Maly) [Orabug: 30479538] - net/mlx5_core,mlx5_ib: Do not use vmap() on coherent memory (Amir Vadai) [Orabug: 30479538] - mlx5: enable module in kernel configs (Brian Maly) [Orabug: 30479538] - config: disable mlx5_ib (Brian Maly) [Orabug: 30479538] - nano: remove mlx5_ib (Brian Maly) [Orabug: 30479538] - fix retpoline build breakage when CONFIG_RETPOLINE is not set (Brian Maly) [Orabug: 30479538] From el-errata at oss.oracle.com Mon Dec 9 13:13:57 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 9 Dec 2019 13:13:57 -0800 Subject: [El-errata] ELSA-2019-4871 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update Message-ID: <606d4344-a741-1f0a-f806-40dd45426ef6@oracle.com> Oracle Linux Security Advisory ELSA-2019-4871 http://linux.oracle.com/errata/ELSA-2019-4871.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-firmware-3.8.13-118.41.1.el7uek.noarch.rpm kernel-uek-doc-3.8.13-118.41.1.el7uek.noarch.rpm kernel-uek-3.8.13-118.41.1.el7uek.x86_64.rpm kernel-uek-devel-3.8.13-118.41.1.el7uek.x86_64.rpm kernel-uek-debug-devel-3.8.13-118.41.1.el7uek.x86_64.rpm kernel-uek-debug-3.8.13-118.41.1.el7uek.x86_64.rpm dtrace-modules-3.8.13-118.41.1.el7uek-0.4.5-3.el7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-3.8.13-118.41.1.el7uek.src.rpm http://oss.oracle.com/ol7/SRPMS-updates/dtrace-modules-3.8.13-118.41.1.el7uek-0.4.5-3.el7.src.rpm Description of changes: kernel-uek [3.8.13-118.41.1.el7uek] - x86/speculation: Determine swapgs before alternative instructions are set (Patrick Colp) [Orabug: 30379626] - ieee802154: enforce CAP_NET_RAW for raw sockets (Allen Pais) [Orabug: 30444947] {CVE-2019-17053} - mISDN: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30445159] {CVE-2019-17055} - net: sit: fix memory leak in sit_init_net() (Mao Wenan) [Orabug: 30445307] {CVE-2019-16994} - media: dvb: usb: fix use after free in dvb_usb_device_exit (Oliver Neukum) [Orabug: 30490492] {CVE-2019-15213} - media: cpia2_usb: first wake up, then free in disconnect (Oliver Neukum) [Orabug: 30511742] {CVE-2019-15215} - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Vandana BN) [Orabug: 30532775] {CVE-2019-15217} - USB: sisusbvga: fix oops in error path of sisusb_probe (Oliver Neukum) [Orabug: 30548566] {CVE-2019-15219} From el-errata at oss.oracle.com Mon Dec 9 13:14:13 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 9 Dec 2019 13:14:13 -0800 Subject: [El-errata] ELSA-2019-4871 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update Message-ID: <1f2119e9-290c-f8b2-f865-f3e81dc314a0@oracle.com> Oracle Linux Security Advisory ELSA-2019-4871 http://linux.oracle.com/errata/ELSA-2019-4871.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-firmware-3.8.13-118.41.1.el6uek.noarch.rpm kernel-uek-doc-3.8.13-118.41.1.el6uek.noarch.rpm kernel-uek-3.8.13-118.41.1.el6uek.x86_64.rpm kernel-uek-devel-3.8.13-118.41.1.el6uek.x86_64.rpm kernel-uek-debug-devel-3.8.13-118.41.1.el6uek.x86_64.rpm kernel-uek-debug-3.8.13-118.41.1.el6uek.x86_64.rpm dtrace-modules-3.8.13-118.41.1.el6uek-0.4.5-3.el6.x86_64.rpm SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-3.8.13-118.41.1.el6uek.src.rpm http://oss.oracle.com/ol6/SRPMS-updates/dtrace-modules-3.8.13-118.41.1.el6uek-0.4.5-3.el6.src.rpm Description of changes: kernel-uek [3.8.13-118.41.1.el6uek] - x86/speculation: Determine swapgs before alternative instructions are set (Patrick Colp) [Orabug: 30379626] - ieee802154: enforce CAP_NET_RAW for raw sockets (Allen Pais) [Orabug: 30444947] {CVE-2019-17053} - mISDN: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30445159] {CVE-2019-17055} - net: sit: fix memory leak in sit_init_net() (Mao Wenan) [Orabug: 30445307] {CVE-2019-16994} - media: dvb: usb: fix use after free in dvb_usb_device_exit (Oliver Neukum) [Orabug: 30490492] {CVE-2019-15213} - media: cpia2_usb: first wake up, then free in disconnect (Oliver Neukum) [Orabug: 30511742] {CVE-2019-15215} - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Vandana BN) [Orabug: 30532775] {CVE-2019-15217} - USB: sisusbvga: fix oops in error path of sisusb_probe (Oliver Neukum) [Orabug: 30548566] {CVE-2019-15219} From el-errata at oss.oracle.com Mon Dec 9 15:17:30 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 9 Dec 2019 15:17:30 -0800 Subject: [El-errata] ELSA-2019-4872 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update Message-ID: Oracle Linux Security Advisory ELSA-2019-4872 http://linux.oracle.com/errata/ELSA-2019-4872.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: i386: kernel-uek-2.6.39-400.317.1.el6uek.i686.rpm kernel-uek-debug-2.6.39-400.317.1.el6uek.i686.rpm kernel-uek-debug-devel-2.6.39-400.317.1.el6uek.i686.rpm kernel-uek-devel-2.6.39-400.317.1.el6uek.i686.rpm kernel-uek-doc-2.6.39-400.317.1.el6uek.noarch.rpm kernel-uek-firmware-2.6.39-400.317.1.el6uek.noarch.rpm x86_64: kernel-uek-firmware-2.6.39-400.317.1.el6uek.noarch.rpm kernel-uek-doc-2.6.39-400.317.1.el6uek.noarch.rpm kernel-uek-2.6.39-400.317.1.el6uek.x86_64.rpm kernel-uek-devel-2.6.39-400.317.1.el6uek.x86_64.rpm kernel-uek-debug-devel-2.6.39-400.317.1.el6uek.x86_64.rpm kernel-uek-debug-2.6.39-400.317.1.el6uek.x86_64.rpm SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-2.6.39-400.317.1.el6uek.src.rpm Description of changes: [2.6.39-400.317.1.el6uek] - ieee802154: enforce CAP_NET_RAW for raw sockets (Allen Pais) [Orabug: 30444948] {CVE-2019-17053} - mISDN: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30445161] {CVE-2019-17055} - net: sit: fix memory leak in sit_init_net() (Mao Wenan) [Orabug: 30445309] {CVE-2019-16994} - media: dvb: usb: fix use after free in dvb_usb_device_exit (Oliver Neukum) [Orabug: 30490493] {CVE-2019-15213} - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Vandana BN) [Orabug: 30532776] {CVE-2019-15217} - USB: sisusbvga: fix oops in error path of sisusb_probe (Oliver Neukum) [Orabug: 30548567] {CVE-2019-15219} From el-errata at oss.oracle.com Mon Dec 9 15:17:57 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 9 Dec 2019 15:17:57 -0800 Subject: [El-errata] ELSA-2019-4872 Important: Oracle Linux 5 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update Message-ID: <323a6173-4e4b-7d20-f2cf-db786091632b@oracle.com> Oracle Linux Security Advisory ELSA-2019-4872 http://linux.oracle.com/errata/ELSA-2019-4872.html The following updated rpms for Oracle Linux 5 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network: i386: kernel-uek-2.6.39-400.317.1.el5uek.i686.rpm kernel-uek-debug-2.6.39-400.317.1.el5uek.i686.rpm kernel-uek-debug-devel-2.6.39-400.317.1.el5uek.i686.rpm kernel-uek-devel-2.6.39-400.317.1.el5uek.i686.rpm kernel-uek-doc-2.6.39-400.317.1.el5uek.noarch.rpm kernel-uek-firmware-2.6.39-400.317.1.el5uek.noarch.rpm x86_64: kernel-uek-firmware-2.6.39-400.317.1.el5uek.noarch.rpm kernel-uek-doc-2.6.39-400.317.1.el5uek.noarch.rpm kernel-uek-2.6.39-400.317.1.el5uek.x86_64.rpm kernel-uek-devel-2.6.39-400.317.1.el5uek.x86_64.rpm kernel-uek-debug-devel-2.6.39-400.317.1.el5uek.x86_64.rpm kernel-uek-debug-2.6.39-400.317.1.el5uek.x86_64.rpm Description of changes: [2.6.39-400.317.1.el5uek] - ieee802154: enforce CAP_NET_RAW for raw sockets (Allen Pais) [Orabug: 30444948] {CVE-2019-17053} - mISDN: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30445161] {CVE-2019-17055} - net: sit: fix memory leak in sit_init_net() (Mao Wenan) [Orabug: 30445309] {CVE-2019-16994} - media: dvb: usb: fix use after free in dvb_usb_device_exit (Oliver Neukum) [Orabug: 30490493] {CVE-2019-15213} - media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Vandana BN) [Orabug: 30532776] {CVE-2019-15217} - USB: sisusbvga: fix oops in error path of sisusb_probe (Oliver Neukum) [Orabug: 30548567] {CVE-2019-15219} From el-errata at oss.oracle.com Mon Dec 9 17:43:29 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Mon, 9 Dec 2019 17:43:29 -0800 Subject: [El-errata] ELSA-2019-4114 Important: Oracle Linux 8 nss security update Message-ID: <2043be0c-0bdc-fbf8-6efc-3c42417522f1@oracle.com> Oracle Linux Security Advisory ELSA-2019-4114 http://linux.oracle.com/errata/ELSA-2019-4114.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: nss-3.44.0-9.el8_1.i686.rpm nss-3.44.0-9.el8_1.x86_64.rpm nss-devel-3.44.0-9.el8_1.i686.rpm nss-devel-3.44.0-9.el8_1.x86_64.rpm nss-softokn-3.44.0-9.el8_1.i686.rpm nss-softokn-3.44.0-9.el8_1.x86_64.rpm nss-softokn-devel-3.44.0-9.el8_1.i686.rpm nss-softokn-devel-3.44.0-9.el8_1.x86_64.rpm nss-softokn-freebl-3.44.0-9.el8_1.i686.rpm nss-softokn-freebl-3.44.0-9.el8_1.x86_64.rpm nss-softokn-freebl-devel-3.44.0-9.el8_1.i686.rpm nss-softokn-freebl-devel-3.44.0-9.el8_1.x86_64.rpm nss-sysinit-3.44.0-9.el8_1.x86_64.rpm nss-tools-3.44.0-9.el8_1.x86_64.rpm nss-util-3.44.0-9.el8_1.i686.rpm nss-util-3.44.0-9.el8_1.x86_64.rpm nss-util-devel-3.44.0-9.el8_1.i686.rpm nss-util-devel-3.44.0-9.el8_1.x86_64.rpm aarch64: nss-3.44.0-9.el8_1.aarch64.rpm nss-devel-3.44.0-9.el8_1.aarch64.rpm nss-softokn-3.44.0-9.el8_1.aarch64.rpm nss-softokn-devel-3.44.0-9.el8_1.aarch64.rpm nss-softokn-freebl-3.44.0-9.el8_1.aarch64.rpm nss-softokn-freebl-devel-3.44.0-9.el8_1.aarch64.rpm nss-sysinit-3.44.0-9.el8_1.aarch64.rpm nss-tools-3.44.0-9.el8_1.aarch64.rpm nss-util-3.44.0-9.el8_1.aarch64.rpm nss-util-devel-3.44.0-9.el8_1.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/nss-3.44.0-9.el8_1.src.rpm Description of changes: [3.44.0-9] - Fix out-of-bounds write in NSC_EncryptUpdate (#1775912) From el-errata at oss.oracle.com Wed Dec 11 05:06:17 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 11 Dec 2019 14:06:17 +0100 Subject: [El-errata] New Ksplice updates for UEKR2 2.6.39 on OL5 and OL6 (ELSA-2019-4872) Message-ID: <201912111306.xBBD6MKh019545@aserv0121.oracle.com> Synopsis: ELSA-2019-4872 can now be patched using Ksplice CVEs: CVE-2019-15213 CVE-2019-15217 CVE-2019-15219 CVE-2019-16994 CVE-2019-17053 CVE-2019-17055 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2019-4872. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2019-4872.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running UEKR2 2.6.39 on OL5 and OL6 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2019-15219: Denial-of-service in USB 2.0 SVGA dongle driver when using a malicious USB device. A logic error in USB 2.0 SVGA dongle driver could lead to a NULL pointer dereference. A local attacker could use this flaw and a malicious USB device to cause a denial-of-service. Orabug: 30548567 * CVE-2019-15217: NULL pointer deference when using USB ZR364XX Camera driver. A missing check when querying capabilities of USB ZR364XX Camera device from user space could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. Orabug: 30532776 * CVE-2019-15213: Denial-of-service when removing a USB DVB device. A use-after-free when releasing a USB DVB device could lead to a kernel crash. An attacker could exploit this to cause a denial-of-service by plugging in a malicious USB device. Orabug: 30490493 * CVE-2019-16994: Denial-of-service in IPv6-in-IPv4 tunnel registration. A missing free of resources when registering an IPv6-in-IPv4 tunnel fails could lead to a memory leak. A local attacker could use this flaw to exhaust kernel memory and cause a denial-of-service. Orabug: 30445309 * CVE-2019-17055: Permission bypass when creating a Modular ISDN socket. A missing check on user capabilities when creating a Modular ISDN socket could lead to a permission bypass. Orabug: 30445161 * CVE-2019-17053: Permission bypass when creating a IEEE 802.15.4 socket. A missing check on user capabilities when creating a IEEE 802.15.4 socket could lead to a permission bypass. Orabug: 30444948 SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Wed Dec 11 06:58:04 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 11 Dec 2019 14:58:04 GMT Subject: [El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2019-4870) Message-ID: <2wtk2hp238-1@userp3030.oracle.com> Synopsis: ELSA-2019-4870 can now be patched using Ksplice CVEs: CVE-2019-15219 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2019-4870. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2019-4870.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on OL6 and OL7 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2019-15219: Denial-of-service in USB 2.0 SVGA dongle driver when using a malicious USB device. A logic error in USB 2.0 SVGA dongle driver could lead to a NULL pointer deference. A local attacker could use this flaw and a malicious USB device to cause a denial-of-service. Orabug: 30548565 * Kernel hang in block layer during CPU hotplug. Excessive warning logging in the block layer could result in a flood of kernel messages and deadlock during CPU hotplug under specific conditions. Orabug: 30273956 * Reduced throughput in loopback disk devices. Failure to set the maximum number of hardware sectors on a loopback device could result in excessive operation fragmentation and suboptimal performance on some backing devices. Orabug: 30244514 SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From el-errata at oss.oracle.com Wed Dec 11 07:00:54 2019 From: el-errata at oss.oracle.com (Errata Announcements for Oracle Linux) Date: Wed, 11 Dec 2019 15:00:54 +0000 Subject: [El-errata] New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2019-4871) Message-ID: <20191211150054.GI19109@cedar> Synopsis: ELSA-2019-4871 can now be patched using Ksplice CVEs: CVE-2019-1125 CVE-2019-15213 CVE-2019-15215 CVE-2019-15217 CVE-2019-15219 CVE-2019-16994 CVE-2019-17053 CVE-2019-17055 Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2019-4871. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2019-4871.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running UEKR3 3.8.13 on OL6 and OL7 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2019-15219: Denial-of-service in USB 2.0 SVGA dongle driver when using a malicious USB device. A logic error in USB 2.0 SVGA dongle driver could lead to a NULL pointer dereference. A local attacker could use this flaw and a malicious USB device to cause a denial-of-service. Orabug: 30548566 * CVE-2019-15217: NULL pointer deference when using USB ZR364XX Camera driver. A missing check when querying capabilities of USB ZR364XX Camera device from user space could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. Orabug: 30532775 * CVE-2019-15215: Denial-of-service when disconnecting CPiA2 USB camera. A use-after-free vulnerability in the V4L2 interface for CPiA2 USB camera allows a malicious USB device to crash the kernel. An attacker could exploit this to cause a denial-of-service. Orabug: 30511742 * CVE-2019-15213: Denial-of-service when removing a USB DVB device. A use-after-free when releasing a USB DVB device could lead to a kernel crash. An attacker could exploit this to cause a denial-of-service by plugging in a malicious USB device. Orabug: 30490492 * CVE-2019-16994: Denial-of-service in IPv6-in-IPv4 tunnel registration. A missing free of resources when registering an IPv6-in-IPv4 tunnel fails could lead to a memory leak. A local attacker could use this flaw to exhaust kernel memory and cause a denial-of-service. Orabug: 30445307 * CVE-2019-17055: Permission bypass when creating a Modular ISDN socket. A missing check on user capabilities when creating a Modular ISDN socket could lead to a permission bypass. Orabug: 30445159 * CVE-2019-17053: Permission bypass when creating a IEEE 802.15.4 socket. A missing check on user capabilities when creating a IEEE 802.15.4 socket could lead to a permission bypass. Orabug: 30444947 * Improved fix to CVE-2019-1125: Information leak in kernel entry code when swapping GS. The original CVE-2019-1125 did not correctly handle late microcode updates resulting in a missing mitigation if the microcode was loaded after boot time. Orabug: 30379626 SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com.