[El-errata] ELSA-2020-5663 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Apr 27 20:05:39 PDT 2020 

Oracle Linux Security Advisory ELSA-2020-5663

http://linux.oracle.com/errata/ELSA-2020-5663.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2011.1.2.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2011.1.2.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2011.1.2.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2011.1.2.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2011.1.2.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2011.1.2.el7uek.x86_64.rpm

aarch64:
kernel-uek-5.4.17-2011.1.2.el7uek.aarch64.rpm
kernel-uek-debug-5.4.17-2011.1.2.el7uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2011.1.2.el7uek.aarch64.rpm
kernel-uek-devel-5.4.17-2011.1.2.el7uek.aarch64.rpm
kernel-uek-doc-5.4.17-2011.1.2.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2011.1.2.el7uek.aarch64.rpm
kernel-uek-tools-libs-5.4.17-2011.1.2.el7uek.aarch64.rpm
perf-5.4.17-2011.1.2.el7uek.aarch64.rpm
python-perf-5.4.17-2011.1.2.el7uek.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-5.4.17-2011.1.2.el7uek.src.rpm



Description of changes:

[5.4.17-2011.1.2.el7uek]
- ctf: discard CTF from the vDSO (Nick Alcock)  [Orabug: 31194036]

[5.4.17-2011.1.1.el7uek]
- slcan: Don't transmit uninitialized stack data in padding (Richard Palethorpe)  [Orabug: 31136750]  {CVE-2020-11494}
- blktrace: Protect q->blk_trace with RCU (Jan Kara)  [Orabug: 31123573]  {CVE-2019-19768}
- KVM: x86: clear stale x86_emulate_ctxt->intercept value (Vitaly Kuznetsov)  [Orabug: 31118688]
- perf/x86/amd: Add support for Large Increment per Cycle Events (Kim Phillips)  [Orabug: 31104924]
- perf/x86/amd: Constrain Large Increment per Cycle events (Kim Phillips)  [Orabug: 31104924]
- kvm/svm: PKU not currently supported (John Allen)  [Orabug: 31104924]
- KVM: SVM: Override default MMIO mask if memory encryption is enabled (Tom Lendacky)  [Orabug: 31104924]
- EDAC/amd64: Drop some family checks for newer systems (Yazen Ghannam)  [Orabug: 31104924]
- x86/amd_nb: Add Family 19h PCI IDs (Yazen Ghannam)  [Orabug: 31104924]
- EDAC/mce_amd: Always load on SMCA systems (Yazen Ghannam)  [Orabug: 31104924]
- x86/MCE/AMD, EDAC/mce_amd: Add new Load Store unit McaType (Yazen Ghannam)  [Orabug: 31104924]
- EDAC/amd64: Add family ops for Family 19h Models 00h-0Fh (Yazen Ghannam)  [Orabug: 31104924]
- EDAC/amd64: Check for memory before fully initializing an instance (Yazen Ghannam)  [Orabug: 31104924]
- EDAC/amd64: Use cached data when checking for ECC (Yazen Ghannam)  [Orabug: 31104924]
- EDAC/amd64: Save max number of controllers to family type (Yazen Ghannam)  [Orabug: 31104924]
- EDAC/amd64: Gather hardware information early (Yazen Ghannam)  [Orabug: 31104924]
- EDAC/amd64: Make struct amd64_family_type global (Yazen Ghannam)  [Orabug: 31104924]
- floppy: check FDC index for errors before assigning it (Linus Torvalds)  [Orabug: 31067510]  {CVE-2020-9383}
- KVM: SVM: Guard against DEACTIVATE when performing WBINVD/DF_FLUSH (Tom Lendacky)  [Orabug: 31012269]
- KVM: SVM: Serialize access to the SEV ASID bitmap (Tom Lendacky)  [Orabug: 31012269]
- iommu/vt-d: Allow devices with RMRRs to use identity domain (Lu Baolu)  [Orabug: 31127400]

[5.4.17-2011.1.0.el7uek]
- vhost: Check docket sk_family instead of call getname (Eugenio Pérez)  [Orabug: 31085989]  {CVE-2020-10942}
- selftests/net: add definition for SOL_DCCP to fix compilation errors for old libc (Alan Maguire)  [Orabug: 31078892]
- kernel: cpu.c: fix print typo about SMT status (Mihai Carabas)  [Orabug: 31053334]
- nfs: optimise readdir cache page invalidation (Dai Ngo)  [Orabug: 31044292]
- NFS: Directory page cache pages need to be locked when read (Trond Myklebust)  [Orabug: 31044292]
- rds: transport module should be auto loaded when transport is set (Rao Shoaib)  [Orabug: 31032126]
- efi: Fix a race and a buffer overflow while reading efivars via sysfs (Vladis Dronov)  [Orabug: 31020408]
- net: Support GRO/GSO fraglist chaining. (Steffen Klassert)  [Orabug: 30670829]
- net: Add fraglist GRO/GSO feature flags (Steffen Klassert)  [Orabug: 30670829]
- udp: Support UDP fraglist GRO/GSO. (Steffen Klassert)  [Orabug: 30670829]
- net: remove the check argument from __skb_gro_checksum_convert (Li RongQing)  [Orabug: 30670829]
- Revert "nvme_fc: add module to ops template to allow module references" (John Donnelly)  [Orabug: 31119387]
- ext4: add cond_resched() to ext4_protect_reserved_inode (Shijie Luo)  [Orabug: 31067112]  {CVE-2020-8992}
- dsa: disable module unloading for ARM64 (Allen Pais)  [Orabug: 30456791]
- bpf: Undo incorrect __reg_bound_offset32 handling (Daniel Borkmann)  [Orabug: 31127385]  {CVE-2020-8835}
- bpf: Fix tnum constraints for 32-bit comparisons (Jann Horn)  [Orabug: 31127385]  {CVE-2020-8835}

More information about the El-errata mailing list