[El-errata] ELSA-2019-4509 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Jan 15 08:58:26 PST 2019
Oracle Linux Security Advisory ELSA-2019-4509
http://linux.oracle.com/errata/ELSA-2019-4509.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
aarch64:
kernel-uek-4.14.35-1844.1.3.el7uek.aarch64.rpm
kernel-uek-debug-4.14.35-1844.1.3.el7uek.aarch64.rpm
kernel-uek-debug-devel-4.14.35-1844.1.3.el7uek.aarch64.rpm
kernel-uek-devel-4.14.35-1844.1.3.el7uek.aarch64.rpm
kernel-uek-tools-4.14.35-1844.1.3.el7uek.aarch64.rpm
kernel-uek-tools-libs-4.14.35-1844.1.3.el7uek.aarch64.rpm
kernel-uek-tools-libs-devel-4.14.35-1844.1.3.el7uek.aarch64.rpm
perf-4.14.35-1844.1.3.el7uek.aarch64.rpm
python-perf-4.14.35-1844.1.3.el7uek.aarch64.rpm
kernel-uek-headers-4.14.35-1844.1.3.el7uek.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1844.1.3.el7uek.src.rpm
Description of changes:
[4.14.35-1844.1.3.el7uek]
- net: rds: fix rds_ib_sysctl_max_recv_allocation error (Zhu Yanjun)
[Orabug: 29003422] - nfs: don't dirty kernel pages read by direct-io
(Dave Kleikamp) [Orabug: 29122062] - KVM: X86: Fix scan ioapic
use-before-initialization (Wanpeng Li) [Orabug: 29026132] {CVE-2018-19407}
- hugetlb: take PMD sharing into account when flushing tlb/caches (Mike
Kravetz) [Orabug: 28951436] - mm: migration: fix migration of huge PMD
shared pages (Mike Kravetz) [Orabug: 28951436] - mm/mmu_notifier: avoid
double notification when it is useless (Jérôme Glisse) [Orabug: 28951436]
[4.14.35-1844.1.2.el7uek]
- ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in
card.c (Hui Peng) [Orabug: 29042979] {CVE-2018-19824}
- arm64/kernel: kaslr: reduce module randomization range to 4 GB (Ard
Biesheuvel) [Orabug: 28954789] - xfs: enhance dinode verifier (Eric
Sandeen) [Orabug: 28997653] {CVE-2018-10322}
- xfs: move inode fork verifiers to xfs_dinode_verify (Darrick J. Wong)
[Orabug: 28997653] {CVE-2018-10322}
- Revert "xfs: move inode fork verifiers to xfs_dinode_verify" (Shan
Hai) [Orabug: 28997653] - Revert "xfs: enhance dinode verifier" (Shan
Hai) [Orabug: 28997653]
[4.14.35-1844.1.1.el7uek]
- arm64: disable /dev/port on 64 bit ARM (Eric Saint-Etienne) [Orabug:
28961247] - crypto: ccp - add timeout support in the SEV command
(Brijesh Singh) [Orabug: 29029018] - crypto: ccp - Add GET_ID SEV
command (Janakarajan Natarajan) [Orabug: 29029018] - crypto: ccp - Add
DOWNLOAD_FIRMWARE SEV command (Janakarajan Natarajan) [Orabug: 29029018]
- net: phy: mdio-bcm-unimac: fix potential NULL dereference in
unimac_mdio_probe() (Wei Yongjun) [Orabug: 27677743] {CVE-2018-8043}
- vti6: remove !skb->ignore_df check from vti6_xmit() (Alexey Kodanev)
[Orabug: 28940590] - A/A failback does not work in concert with ibacm
(Håkon Bugge) [Orabug: 28972800] - ACPICA: Reference Counts: increase
max to 0x4000 for large servers (Erik Schmauss) [Orabug: 29019053]
[4.14.35-1844.1.0.el7uek]
- wil6210: missing length check in wmi_set_ie (Lior David) [Orabug:
28951264] {CVE-2018-5848}
- [PATCH UEK5 u1 v3] dtrace: add DTRACEACT_PCAP for packet capture for
later pcap_dump() (Alan Maguire) [Orabug: 28951771] - floppy: Do not
copy a kernel pointer to user memory in FDGETPRM ioctl (Andy Whitcroft)
{CVE-2018-7755} {CVE-2018-7755}
- [PATCH UEK5 u1 v2] dtrace: fix ip provider inconsistencies between
IPv4/IPv6 (Alan Maguire) [Orabug: 28956807] - x86/speculation: Make
enhanced IBRS the default spectre v2 mitigation (Alejandro Jimenez)
[Orabug: 28992002] - x86/speculation: Enable enhanced IBRS usage
(Alejandro Jimenez) [Orabug: 28992002] - x86/speculation: functions for
supporting enhanced IBRS (Alejandro Jimenez) [Orabug: 28992002] - Add
forward declaration of tlb_flush, required for asm-generic. (Jack Vogel)
[Orabug: 28866513] - x86/mm: Page size aware flush_tlb_mm_range() (Peter
Zijlstra) [Orabug: 28866513] - mm/memory: Move mmu_gather and TLB
invalidation code into its own file (Peter Zijlstra) [Orabug: 28866513]
- asm-generic/tlb: Track which levels of the page tables have been
cleared (Will Deacon) [Orabug: 28866513] - asm-generic/tlb: Track
freeing of page-table directories in struct mmu_gather (Peter Zijlstra)
[Orabug: 28866513] - mm: mmu_notifier fix for tlb_end_vma (Nicholas
Piggin) [Orabug: 28866513] - mm: update comment describing
tlb_gather_mmu (Mike Rapoport) [Orabug: 28866513]
More information about the El-errata
mailing list