[El-errata] ELSA-2019-4510 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Jan 15 10:18:49 PST 2019 

Oracle Linux Security Advisory ELSA-2019-4510

http://linux.oracle.com/errata/ELSA-2019-4510.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.24.3.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.24.3.el7uek.noarch.rpm
kernel-uek-4.1.12-124.24.3.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.24.3.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.24.3.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.24.3.el7uek.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.1.12-124.24.3.el7uek.src.rpm



Description of changes:

[4.1.12-124.24.3.el7uek]
- ext4: update i_disksize when new eof exceeds it (Shan Hai) [Orabug: 
28940828] - ext4: update i_disksize if direct write past ondisk size 
(Eryu Guan) [Orabug: 28940828] - ext4: protect i_disksize update by 
i_data_sem in direct write path (Eryu Guan) [Orabug: 28940828] - ALSA: 
usb-audio: Fix UAF decrement if card has no live interfaces in card.c 
(Hui Peng) [Orabug: 29042981] {CVE-2018-19824}
- ALSA: usb-audio: Replace probing flag with active refcount (Takashi 
Iwai) [Orabug: 29042981] {CVE-2018-19824}
- ALSA: usb-audio: Avoid nested autoresume calls (Takashi Iwai) [Orabug: 
29042981] {CVE-2018-19824}
- ext4: validate that metadata blocks do not overlap superblock 
(Theodore Ts'o) [Orabug: 29114440] {CVE-2018-1094}
- ext4: update inline int ext4_has_metadata_csum(struct super_block *sb) 
(John Donnelly) [Orabug: 29114440] {CVE-2018-1094}
- ext4: always initialize the crc32c checksum driver (Theodore Ts'o) 
[Orabug: 29114440] {CVE-2018-1094} {CVE-2018-1094}
- Revert "bnxt_en: Reduce default rings on multi-port cards." (Brian 
Maly) [Orabug: 28687746] - mlx4_core: Disable P_Key Violation Traps 
(Håkon Bugge) [Orabug: 27693633] - rds: RDS connection does not 
reconnect after CQ access violation error (Venkat Venkatsubra) [Orabug: 
28733324]

[4.1.12-124.24.2.el7uek]
- KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL (KarimAllah Ahmed) 
[Orabug: 28069548] - KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL 
- reloaded (Mihai Carabas) [Orabug: 28069548] - KVM/x86: Add IBPB 
support (Ashok Raj) [Orabug: 28069548] - KVM: x86: pass host_initiated 
to functions that read MSRs (Paolo Bonzini) [Orabug: 28069548] - KVM: 
VMX: make MSR bitmaps per-VCPU (Paolo Bonzini) [Orabug: 28069548] - KVM: 
VMX: introduce alloc_loaded_vmcs (Paolo Bonzini) [Orabug: 28069548] - 
KVM: nVMX: Eliminate vmcs02 pool (Jim Mattson) [Orabug: 28069548] - KVM: 
nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC (Radim 
Krčmář) [Orabug: 28069548] - ocfs2: don't clear bh uptodate for block 
read (Junxiao Bi) [Orabug: 28762940] - ocfs2: clear journal dirty flag 
after shutdown journal (Junxiao Bi) [Orabug: 28924775] - ocfs2: fix 
panic due to unrecovered local alloc (Junxiao Bi) [Orabug: 28924775] - 
net: rds: fix rds_ib_sysctl_max_recv_allocation error (Zhu Yanjun) 
[Orabug: 28947481] - x86/speculation: Always disable IBRS in 
disable_ibrs_and_friends() (Alejandro Jimenez) [Orabug: 29139710]

More information about the El-errata mailing list