[El-errata] ELSA-2019-3055 Important: Oracle Linux 7 kernel security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Oct 17 05:33:13 PDT 2019 

Oracle Linux Security Advisory ELSA-2019-3055

http://linux.oracle.com/errata/ELSA-2019-3055.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
bpftool-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-1062.4.1.el7.noarch.rpm
kernel-debug-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-devel-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-doc-3.10.0-1062.4.1.el7.noarch.rpm
kernel-headers-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-tools-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.4.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.4.1.el7.x86_64.rpm
perf-3.10.0-1062.4.1.el7.x86_64.rpm
python-perf-3.10.0-1062.4.1.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-1062.4.1.el7.src.rpm



Description of changes:

[3.10.0-1062.4.1.el7.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel 
(olkmod_signing_key.x509)(alexey.petrenko at oracle.com)
- Update x509.genkey [Orabug: 24817676]

[3.10.0-1062.4.1.el7]
- [vhost] vhost: make sure log_num < in_num (Eugenio Perez) [1750879 
1750880] {CVE-2019-14835}

[3.10.0-1062.3.1.el7]
- [net] Bluetooth: Fix faulty expression for minimum encryption key size 
check (Gopal Tiwari) [1743084 1743085] {CVE-2019-9506}
- [net] Bluetooth: Fix regression with minimum encryption key size 
alignment (Gopal Tiwari) [1743084 1743085] {CVE-2019-9506}
- [net] Bluetooth: Align minimum encryption key size for LE and BR/EDR 
connections (Gopal Tiwari) [1743084 1743085] {CVE-2019-9506}
- [net] macvlan: Support bonding events (Davide Caratti) [1751579 1733589]
- [wireless] mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() 
(Stanislaw Gruszka) [1714469 1721742 1714470 1721743] {CVE-2019-10126 
CVE-2019-3846}
- [wireless] mwifiex: Mark expected switch fall-through (Stanislaw 
Gruszka) [1714469 1721742 1714470 1721743] {CVE-2019-10126 CVE-2019-3846}
- [wireless] mwifiex: Fix skipped vendor specific IEs (Stanislaw 
Gruszka) [1714469 1721742 1714470 1721743] {CVE-2019-10126 CVE-2019-3846}
- [wireless] mwifiex: fix 802.11n/WPA detection (Stanislaw Gruszka) 
[1714469 1721742 1714470 1721743] {CVE-2019-10126 CVE-2019-3846}
- [wireless] mwifiex: Don't abort on small, spec-compliant vendor IEs 
(Stanislaw Gruszka) [1714469 1721742 1714470 1721743] {CVE-2019-10126 
CVE-2019-3846}
- [wireless] mwifiex: Abort at too short BSS descriptor element 
(Stanislaw Gruszka) [1714469 1721742 1714470 1721743] {CVE-2019-10126 
CVE-2019-3846}
- [wireless] mwifiex: Fix possible buffer overflows at parsing bss 
descriptor (Stanislaw Gruszka) [1714469 1721742 1714470 1721743] 
{CVE-2019-10126 CVE-2019-3846}
- [net] sunrpc: Fix possible autodisconnect during connect due to old 
last_used (Dave Wysochanski) [1749290 1723537]
- [drm] drm/ast: Fixed reboot test may cause system hanged (Dave Airlie) 
[1749296 1739971]
- [block] block: blk_init_allocated_queue() set q->fq as NULL in the 
fail case (Ming Lei) [1739326 1739327] {CVE-2018-20856}
- [pci] PCI: hv: Fix a use-after-free bug in hv_eject_device_work() 
(Mohammed Gamal) [1748239 1732924]
- [pci] PCI: hv: Add pci_destroy_slot() in pci_devices_present_work(), 
if necessary (Mohammed Gamal) [1748239 1732924]
- [pci] PCI: hv: Add hv_pci_remove_slots() when we unload the driver 
(Mohammed Gamal) [1748239 1732924]
- [pci] PCI: hv: Fix a memory leak in hv_eject_device_work() (Mohammed 
Gamal) [1748239 1732924]
- [pci] PCI: hv: support reporting serial number as slot information 
(Mohammed Gamal) [1748239 1732924]
- [pci] PCI: hv: Remove unused reason for refcount handler (Mohammed 
Gamal) [1748239 1732924]
- [pci] PCI: hv: Convert hv_pci_dev.refs from atomic_t to refcount_t 
(Mohammed Gamal) [1748239 1732924]
- [pci] PCI: hv: Remove the bogus test in hv_eject_device_work() 
(Mohammed Gamal) [1748239 1732924]
- [fs] NFSv4: Replace closed stateids with the "invalid special stateid" 
(Steve Dickson) [1744946 1733347]
- [nvme] nvme-rdma: use dynamic dma mapping per command (David Milburn) 
[1744444 1637693]
- [nvme] nvme-rdma: remove redundant reference between ib_device and 
tagset (David Milburn) [1744444 1637693]
- [nvme] nvme-rdma: always have a valid trsvcid (David Milburn) [1744443 
1717536]
- [nvme] nvme-rdma: use inet_pton_with_scope helper (David Milburn) 
[1744443 1717536]
- [nvme] nvmet-rdma: use generic inet_pton_with_scope (David Milburn) 
[1744443 1717536]
- [iommu] x86/hyper-v: add msi_setup_irq/msi_alloc_irq stubs to fix 
x2apic mode (Vitaly Kuznetsov) [1743324 1736750]
- [mm] slub: make dead caches discard free slabs immediately (Aristeu 
Rozanski) [1741920 1649189]
- [mm] mm: charge/uncharge kmemcg from generic page allocator paths 
(Aristeu Rozanski) [1741920 1649189]
- [mm] memcg: do not account memory used for cache creation (Aristeu 
Rozanski) [1741920 1649189]
- [mm] memcg: also test for skip accounting at the page allocation level 
(Aristeu Rozanski) [1741920 1649189]
- [fs] kmemcg: account certain kmem allocations to memcg (Aristeu 
Rozanski) [1741920 1649189]
- [mm] vmalloc: allow to account vmalloc to memcg (Aristeu Rozanski) 
[1741920 1649189]
- [mm] slab: add SLAB_ACCOUNT flag (Aristeu Rozanski) [1741920 1649189]
- [include] memcg: only account kmem allocations marked as __GFP_ACCOUNT 
(Aristeu Rozanski) [1741920 1649189]
- [include] mm: get rid of __GFP_KMEMCG (Aristeu Rozanski) [1741920 1649189]
- [mm] slb: charge slabs to kmemcg explicitly (Aristeu Rozanski) 
[1741920 1649189]
- [mm] mm: rename allocflags_to_migratetype for clarity (Rafael Aquini) 
[1741920 1730471]
- [x86] cpuidle-haltpoll: disable host side polling when kvm virtualized 
(Marcelo Tosatti) [1740192 1734501]
- [kvm] kvm: x86: add host poll control msrs (Marcelo Tosatti) [1740192 
1734501]
- [cpuidle] cpuidle: add haltpoll governor (Marcelo Tosatti) [1740192 
1734501]
- [cpuidle] governors: unify last_state_idx (Marcelo Tosatti) [1740192 
1734501]
- [cpuidle] cpuidle: add poll_limit_ns to cpuidle_device structure 
(Marcelo Tosatti) [1740192 1734501]
- [cpuidle] add cpuidle-haltpoll driver (Marcelo Tosatti) [1740192 1734501]
- [cpuidle] cpuidle: poll_state: Fix default time limit (Marcelo 
Tosatti) [1740192 1734501]
- [cpuidle] cpuidle: poll_state: Disregard disable idle states (Marcelo 
Tosatti) [1740192 1734501]
- [cpuidle] cpuidle: poll_state: Revise loop termination condition 
(Marcelo Tosatti) [1740192 1734501]
- [cpuidle] cpuidle: menu: Fix wakeup statistics updates for polling 
state (Marcelo Tosatti) [1740192 1734501]
- [cpuidle] cpuidle: poll_state: Avoid invoking local_clock() too often 
(Marcelo Tosatti) [1740192 1734501]
- [cpuidle] cpuidle: poll_state: Add time limit to poll_idle() (Marcelo 
Tosatti) [1740192 1734501]
- [cpuidle] cpuidle: Move polling state initialization code to separate 
file (Marcelo Tosatti) [1740192 1734501]
- [cpuidle] cpuidle: Remove time measurement in poll state (Marcelo 
Tosatti) [1740192 1734501]
- [cpuidle] cpuidle: Set polling in poll_idle (Marcelo Tosatti) [1740192 
1734501]
- [cpuidle] cpuidle: dont call poll_idle_init() for every cpu (Marcelo 
Tosatti) [1740192 1734501]
- [hv] hv: vmbus: Implement Direct Mode for stimer0 (Vitaly Kuznetsov) 
[1740188 1712344]
- [kernel] sched: Reduce contention in update_cfs_rq_blocked_load() 
(Marcelo Tosatti) [1740180 1734515]
- [ipc] ipc: drop non-RCU allocation (Vladis Dronov) [1740178 1733016]
- [ipc] ipc/util.c: use kvfree() in ipc_rcu_free() (Vladis Dronov) 
[1740178 1733016]
- [ipc] tree wide: use kvfree() than conditional kfree()/vfree() (Vladis 
Dronov) [1740178 1733016]
- [ipc] standardize code comments (Waiman Long) [1740178 1373519]
- [ipc] whitespace cleanup (Waiman Long) [1740178 1373519]
- [fs] gfs2: gfs2_walk_metadata fix (Andreas Grunbacher) [1737373 1724362]
- [fs] gfs2: Inode dirtying fix (Andreas Grunbacher) [1737373 1724362]
- [fs] gfs2: Fix rounding error in gfs2_iomap_page_prepare (Andreas 
Grunbacher) [1737373 1724362]
- [fs] iomap: fix page_done callback for short writes (Andreas 
Grunbacher) [1737373 1724362]
- [fs] fs: fold __generic_write_end back into generic_write_end (Andreas 
Grunbacher) [1737373 1724362]
- [fs] iomap: don't mark the inode dirty in iomap_write_end (Andreas 
Grunbacher) [1737373 1724362]
- [fs] gfs2: Fix iomap write page reclaim deadlock (Andreas Grunbacher) 
[1737373 1724362]
- [fs] iomap: Add a page_prepare callback (Andreas Grunbacher) [1737373 
1724362]
- [fs] iomap: Fix use-after-free error in page_done callback (Andreas 
Grunbacher) [1737373 1724362]
- [fs] fs: Turn __generic_write_end into a void function (Andreas 
Grunbacher) [1737373 1724362]
- [fs] iomap: Clean up __generic_write_end calling (Andreas Grunbacher) 
[1737373 1724362]

[3.10.0-1062.2.1.el7]
- [x86] aesni: initialize gcm(aes) cryptd child's key/authsize (Sabrina 
Dubroca) [1744442 1698551]
- [netdrv] bnx2x: Disable multi-cos feature (Manish Chopra) [1741926 
1704157]

More information about the El-errata mailing list