[El-errata] ELSA-2019-4575 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Mar 12 06:11:02 PDT 2019
Oracle Linux Security Advisory ELSA-2019-4575
http://linux.oracle.com/errata/ELSA-2019-4575.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-doc-4.1.12-124.26.1.el6uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.26.1.el6uek.noarch.rpm
kernel-uek-4.1.12-124.26.1.el6uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.26.1.el6uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.26.1.el6uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.26.1.el6uek.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-4.1.12-124.26.1.el6uek.src.rpm
Description of changes:
[4.1.12-124.26.1.el6uek]
- NFS: commit direct writes even if they fail partially (J. Bruce
Fields) [Orabug: 28212440] - rds: update correct congestion map for
loopback transport (Mukesh Kacker) [Orabug: 29175685] - ext4: only look
at the bg_flags field if it is valid (Theodore Ts'o) [Orabug: 29316684]
{CVE-2018-10876} {CVE-2018-10876}
- uek-rpm: Add kernel-uek version to kernel-ueknano provides
(Somasundaram Krishnasamy) [Orabug: 29357643] - net: Set sk_prot_creator
when cloning sockets to the right proto (Christoph Paasch) [Orabug:
29422739] {CVE-2018-9568}
- ext4: always check block group bounds in ext4_init_block_bitmap()
(Theodore Ts'o) [Orabug: 29428607] {CVE-2018-10878}
- ext4: make sure bitmaps and the inode table don't overlap with bg
descriptors (Theodore Ts'o) [Orabug: 29428607] {CVE-2018-10878}
- vfs: Add sb_rdonly(sb) to query the MS_RDONLY flag on s_flags (David
Howells) [Orabug: 29428607] {CVE-2018-10878}
- iscsi: Capture iscsi debug messages using tracepoints (Fred Herard)
[Orabug: 29429855]
[4.1.12-124.25.4.el6uek]
- KEYS: add missing permission check for request_key() destination (Eric
Biggers) [Orabug: 29304551] {CVE-2017-17807}
- KEYS: Don't permit request_key() to construct a new keyring (David
Howells) [Orabug: 29304551] {CVE-2017-17807}
- mlx4_ib: Distribute completion vectors when zero is supplied (Håkon
Bugge) [Orabug: 29318191] - bnxt_en: Fix TX timeout during netpoll.
(Michael Chan) [Orabug: 29357977] - bnxt_en: Fix for system hang if
request_irq fails (Vikas Gupta) [Orabug: 29357977] - bnxt_en: Fix
firmware message delay loop regression. (Michael Chan) [Orabug:
29357977] - bnxt_en: reduce timeout on initial HWRM calls (Andy
Gospodarek) [Orabug: 29357977] - bnxt_en: Fix NULL pointer dereference
at bnxt_free_irq(). (Michael Chan) [Orabug: 29357977] - bnxt_en: Check
valid VNIC ID in bnxt_hwrm_vnic_set_tpa(). (Michael Chan) [Orabug:
29357977] - bnxt_en: Do not modify max IRQ count after RDMA driver
requests/frees IRQs. (Michael Chan) [Orabug: 29357977] - mm: cleancache:
fix corruption on missed inode invalidation (Pavel Tikhomirov) [Orabug:
29364670] {CVE-2018-16862}
- l2tp: fix reading optional fields of L2TPv3 (Jacob Wen) [Orabug:
29368048] - net/packet: fix a race in packet_bind() and
packet_notifier() (Eric Dumazet) [Orabug: 29385593] {CVE-2018-18559}
- ext4: verify the depth of extent tree in ext4_find_extent() (Theodore
Ts'o) [Orabug: 29396712] {CVE-2018-10877} {CVE-2018-10877}
[4.1.12-124.25.3.el6uek]
- blk-mq: Do not invoke .queue_rq() for a stopped queue (Bart Van
Assche) [Orabug: 28766011] - uek-rpm: use multi-threaded xz compression
for rpms (Alexander Burmashev) [Orabug: 29323635] - uek-rpm: optimize
find-requires usage (Alexander Burmashev) [Orabug: 29323635] -
find-debuginfo.sh: backport parallel files procession (Alexander
Burmashev) [Orabug: 29323635] - KVM: SVM: Add MSR-based feature support
for serializing LFENCE (Tom Lendacky) [Orabug: 29335274]
[4.1.12-124.25.2.el6uek]
- Enable RANDOMIZE_BASE (John Haxby) [Orabug: 29305587] - slub: make
->cpu_partial unsigned (Alexey Dobriyan) [Orabug: 28620592] - dtrace:
support kernels built with RANDOMIZE_BASE (Kris Van Hees) [Orabug: 29204005]
More information about the El-errata
mailing list