[El-errata] ELSA-2019-4575 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Mar 12 06:11:02 PDT 2019

Oracle Linux Security Advisory ELSA-2019-4575


The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

- NFS: commit direct writes even if they fail partially (J. Bruce 
Fields) [Orabug: 28212440] - rds: update correct congestion map for 
loopback transport (Mukesh Kacker) [Orabug: 29175685] - ext4: only look 
at the bg_flags field if it is valid (Theodore Ts'o) [Orabug: 29316684] 
{CVE-2018-10876} {CVE-2018-10876}
- uek-rpm: Add kernel-uek version to kernel-ueknano provides 
(Somasundaram Krishnasamy) [Orabug: 29357643] - net: Set sk_prot_creator 
when cloning sockets to the right proto (Christoph Paasch) [Orabug: 
29422739] {CVE-2018-9568}
- ext4: always check block group bounds in ext4_init_block_bitmap() 
(Theodore Ts'o) [Orabug: 29428607] {CVE-2018-10878}
- ext4: make sure bitmaps and the inode table don't overlap with bg 
descriptors (Theodore Ts'o) [Orabug: 29428607] {CVE-2018-10878}
- vfs: Add sb_rdonly(sb) to query the MS_RDONLY flag on s_flags (David 
Howells) [Orabug: 29428607] {CVE-2018-10878}
- iscsi: Capture iscsi debug messages using tracepoints (Fred Herard) 
[Orabug: 29429855]

- KEYS: add missing permission check for request_key() destination (Eric 
Biggers) [Orabug: 29304551] {CVE-2017-17807}
- KEYS: Don't permit request_key() to construct a new keyring (David 
Howells) [Orabug: 29304551] {CVE-2017-17807}
- mlx4_ib: Distribute completion vectors when zero is supplied (Håkon 
Bugge) [Orabug: 29318191] - bnxt_en: Fix TX timeout during netpoll. 
(Michael Chan) [Orabug: 29357977] - bnxt_en: Fix for system hang if 
request_irq fails (Vikas Gupta) [Orabug: 29357977] - bnxt_en: Fix 
firmware message delay loop regression. (Michael Chan) [Orabug: 
29357977] - bnxt_en: reduce timeout on initial HWRM calls (Andy 
Gospodarek) [Orabug: 29357977] - bnxt_en: Fix NULL pointer dereference 
at bnxt_free_irq(). (Michael Chan) [Orabug: 29357977] - bnxt_en: Check 
valid VNIC ID in bnxt_hwrm_vnic_set_tpa(). (Michael Chan) [Orabug: 
29357977] - bnxt_en: Do not modify max IRQ count after RDMA driver 
requests/frees IRQs. (Michael Chan) [Orabug: 29357977] - mm: cleancache: 
fix corruption on missed inode invalidation (Pavel Tikhomirov) [Orabug: 
29364670] {CVE-2018-16862}
- l2tp: fix reading optional fields of L2TPv3 (Jacob Wen) [Orabug: 
29368048] - net/packet: fix a race in packet_bind() and 
packet_notifier() (Eric Dumazet) [Orabug: 29385593] {CVE-2018-18559}
- ext4: verify the depth of extent tree in ext4_find_extent() (Theodore 
Ts'o) [Orabug: 29396712] {CVE-2018-10877} {CVE-2018-10877}

- blk-mq: Do not invoke .queue_rq() for a stopped queue (Bart Van 
Assche) [Orabug: 28766011] - uek-rpm: use multi-threaded xz compression 
for rpms (Alexander Burmashev) [Orabug: 29323635] - uek-rpm: optimize 
find-requires usage (Alexander Burmashev) [Orabug: 29323635] - 
find-debuginfo.sh: backport parallel files procession (Alexander 
Burmashev) [Orabug: 29323635] - KVM: SVM: Add MSR-based feature support 
for serializing LFENCE (Tom Lendacky) [Orabug: 29335274]

- Enable RANDOMIZE_BASE (John Haxby) [Orabug: 29305587] - slub: make 
->cpu_partial unsigned (Alexey Dobriyan) [Orabug: 28620592] - dtrace: 
support kernels built with RANDOMIZE_BASE (Kris Van Hees) [Orabug: 29204005]

More information about the El-errata mailing list