[El-errata] ELSA-2019-4878 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Fri Dec 13 08:44:19 PST 2019
Oracle Linux Security Advisory ELSA-2019-4878
http://linux.oracle.com/errata/ELSA-2019-4878.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-4.14.35-1902.8.4.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-1902.8.4.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-1902.8.4.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-1902.8.4.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-1902.8.4.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-1902.8.4.el7uek.noarch.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1902.8.4.el7uek.src.rpm
Description of changes:
[4.14.35-1902.8.4.el7uek]
- Revert "oled: give panic handler chance to run before kexec" (John Donnelly) [Orabug: 30594702]
- Revert "oled: export symbols" (John Donnelly) [Orabug: 30594702]
- net/rds: Recycle RDS headers to speed up connection fail over (Ka-Cheong Poon) [Orabug: 30628735]
- net/rds: Reduce RDS headers de-allocation time (Ka-Cheong Poon) [Orabug: 30628735]
- net/rds: Should use rds_rtd_ptr() to trace pointer value (Ka-Cheong Poon) [Orabug: 30628735]
[4.14.35-1902.8.3.el7uek]
- rds: Disable heartbeat by default (Håkon Bugge) [Orabug: 30580080]
[4.14.35-1902.8.2.el7uek]
- rds:ib: Set RoCE ACK timeout before resolving route (Dag Moxnes) [Orabug: 30581176]
- RDMA/cma: Use ACK timeout for RoCE packetLifeTime (Dag Moxnes) [Orabug: 30581176]
- x86/hyperv: Make vapic support x2apic mode (Roman Kagan) [Orabug: 30571044]
- PCI: hv: Refactor hv_irq_unmask() to use cpumask_to_vpset() (Maya Nakamura) [Orabug: 30571044]
- PCI: hv: Replace hv_vp_set with hv_vpset (Maya Nakamura) [Orabug: 30571044]
- PCI: hv: Add __aligned(8) to struct retarget_msi_interrupt (Maya Nakamura) [Orabug: 30571044]
- MAINTAINERS: Add Hyper-V IOMMU driver into Hyper-V CORE AND DRIVERS scope (Lan Tianyu) [Orabug: 30571044]
- iommu/hyper-v: Add Hyper-V stub IOMMU driver (Lan Tianyu) [Orabug: 30571044]
- x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (Lan Tianyu) [Orabug: 30571044]
- x86/apic: Provide apic_ack_irq() (Thomas Gleixner) [Orabug: 30571044]
- rds: ib: update WR sizes when bringing up connection (Dag Moxnes) [Orabug: 30572790]
- USB: sisusbvga: fix oops in error path of sisusb_probe (Oliver Neukum) [Orabug: 30548564] {CVE-2019-15219}
- block-mq: fix hung due to too much warning log (Junxiao Bi) [Orabug: 30544816]
- oled: export symbols (Wengang Wang) [Orabug: 30550387]
- oled: give panic handler chance to run before kexec (Wengang Wang) [Orabug: 30550387]
[4.14.35-1902.8.1.el7uek]
- ocfs2: protect extent tree in ocfs2_prepare_inode_for_write() (Shuning Zhang) [Orabug: 30545335]
- kvm: mmu: ITLB_MULTIHIT mitigation selection (Kanth Ghatraju) [Orabug: 30539764]
- x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (Josh Poimboeuf) [Orabug: 30539764]
- cpu/speculation: Uninline and export CPU mitigations helpers (Tyler Hicks) [Orabug: 30539764]
- x86/speculation/taa: Fix for mitigation for TSX Async Abort (Kanth Ghatraju) [Orabug: 30533711]
- media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Vandana BN) [Orabug: 30532773] {CVE-2019-15217}
- x86: cpu: bugs.c: Fix compile error when CONFIG_XEN=n (Aaron Young) [Orabug: 30516915]
- SUNRPC: Remove xprt_connect_status() (Trond Myklebust) [Orabug: 30513391]
- SUNRPC: Handle ENETDOWN errors (Trond Myklebust) [Orabug: 30513391]
- x86/platform/uv: Account for UV Hubless in is_uvX_hub Ops (Mike Travis) [Orabug: 30518602]
- x86/platform/uv: Check EFI Boot to set reboot type (Mike Travis) [Orabug: 30518602]
- x86/platform/uv: Decode UVsystab Info (Mike Travis) [Orabug: 30518602]
- x86/platform/uv: Add UV Hubbed/Hubless Proc FS Files (Mike Travis) [Orabug: 30518602]
- x86/platform/uv: Setup UV functions for Hubless UV Systems (Mike Travis) [Orabug: 30518602]
- x86/platform/uv: Add return code to UV BIOS Init function (Mike Travis) [Orabug: 30518602]
- x86/platform/uv: Return UV Hubless System Type (Mike Travis) [Orabug: 30518602]
- x86/platform/uv: Save OEM_ID from ACPI MADT probe (Mike Travis) [Orabug: 30518602]
[4.14.35-1902.8.0.1.sn.el7uek]
- rds: ib: Improve neighbor cache flush throttling (Dag Moxnes) [Orabug: 30472626]
- KVM: VMX: Do not change PID.NDST when loading a blocked vCPU (Joao Martins) [Orabug: 30512558]
- KVM: x86: Recompute PID.ON when clearing PID.SN (Joao Martins) [Orabug: 30512558]
- Revert "KVM: VMX: sync pending posted interrupts based on PIR" (Joao Martins) [Orabug: 30512558]
- cpuidle: haltpoll: Take 'idle=' override into account (Zhenzhong Duan) [Orabug: 30519673]
- media: cpia2_usb: first wake up, then free in disconnect (Oliver Neukum) [Orabug: 30511740] {CVE-2019-15215}
- rds: ib: __flush_neigh_conn error messages in syslog during failover/failback (Dag Moxnes) [Orabug: 30499609]
- kdump: decouple trace_extern_vmcoreinfo_setup from CONFIG_TRACING (Dave Kleikamp) [Orabug: 30493478]
- media: dvb: usb: fix use after free in dvb_usb_device_exit (Oliver Neukum) [Orabug: 30490490] {CVE-2019-15213}
- net: sit: fix memory leak in sit_init_net() (Mao Wenan) [Orabug: 30445304] {CVE-2019-16994}
- mISDN: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30445156] {CVE-2019-17055}
- ieee802154: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30444945] {CVE-2019-17053}
- net: hsr: fix memory leak in hsr_dev_finalize() (Mao Wenan) [Orabug: 30444852] {CVE-2019-16995}
- vhost/vsock: fix uninitialized vhost_vsock->guest_cid (Stefan Hajnoczi) [Orabug: 30339795]
- fm10k: Fix a potential NULL pointer dereference (Yue Haibing) [Orabug: 30322694] {CVE-2019-15924}
- x86/apic: Get rid of multi CPU affinity (Thomas Gleixner) [Orabug: 29645216]
- rds: ib: need to flush neighbor cache for local peer connections on failover (Dag Moxnes) [Orabug: 30472629]
More information about the El-errata
mailing list