[El-errata] ELSA-2020-5956 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Dec 1 19:53:08 PST 2020
Oracle Linux Security Advisory ELSA-2020-5956
http://linux.oracle.com/errata/ELSA-2020-5956.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-firmware-3.8.13-118.51.2.el6uek.noarch.rpm
kernel-uek-doc-3.8.13-118.51.2.el6uek.noarch.rpm
kernel-uek-3.8.13-118.51.2.el6uek.x86_64.rpm
kernel-uek-devel-3.8.13-118.51.2.el6uek.x86_64.rpm
kernel-uek-debug-devel-3.8.13-118.51.2.el6uek.x86_64.rpm
kernel-uek-debug-3.8.13-118.51.2.el6uek.x86_64.rpm
dtrace-modules-3.8.13-118.51.2.el6uek-0.4.5-3.el6.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-3.8.13-118.51.2.el6uek.src.rpm
http://oss.oracle.com/ol6/SRPMS-updates/dtrace-modules-3.8.13-118.51.2.el6uek-0.4.5-3.el6.src.rpm
Description of changes:
kernel-uek
[3.8.13-118.51.2.el6uek]
- Revert "kexec: Validate pe files against the system_lacklist_keyring"
(John Donnelly) [Orabug: 32171714] {CVE-2020-26541} {CVE-2020-26541}
[3.8.13-118.51.1.el6uek]
- usb: cdc-acm: make sure a refcount is taken early enough (Oliver
Neukum) [Orabug: 31351090] {CVE-2019-19530}
- kexec: Validate pe files against the system_lacklist_keyring (Eric
Snowberg) [Orabug: 31961121] {CVE-2020-26541}
- uek-rpm: Update secure boot UEK signing certificates (Brian Maly)
[Orabug: 31974695]
dtrace-modules-3.8.13-118.51.2.el6uek
[0.4.5-3]
- Synchronize versions with OL7
[0.4.5-2]
- Validate d_path() argument pointer to avoid crash.
[Orabug: 21304207]
[0.4.5-1]
- Support USDT for 32-bit applications on 64-bit hosts.
[Orabug: 21219315]
- Convert from sdt_instr_t to asm_instr_t.
[Orabug: 21219374]
- Restructuring to support DTrace on multiple architectures.
[Orabug: 21273259]
- Fix dtrace_helptrace_buffer memory leak.
[Orabug: 20514336]
- Add .gitignore file.
[Orabug: 20266608]
[0.4.4-1]
- Rename dtrace-modules-headers to dtrace-modules-shared-headers.
[Orabug: 20508087]
[0.4.3-4]
- Updated NEWS file: test stress/buffering/tst.resize1.d is XFAIL for now.
- Align with kernel header file change: FOLL_NOFAULT -> FOLL_IMMED.
[Orabug: 18653713]
[0.4.3-3]
- Rebuild with cleaned up source tree.
[0.4.3-2]
- Various fixes to handle multi-threaded processes.
[Orabug: 18412802]
[0.4.3-1]
- Implmentation of profile-* probes in the profile provider.
[Orabug: 18323513]
[0.4.2-3]
- Obsolete the old provider headers package.
[Orabug: 18061595]
[0.4.2-2]
- Change name of provider headers package, to avoid conflicts on yum update.
[Orabug: 18061595]
[0.4.2-1]
- Fix 'vtimestamp' implementation.
[Orabug: 17741477]
- Support SDT probes points in kernel modules.
[Orabug: 17851716]
[0.4.1-3]
- Fix 'errno' implementation.
[Orabug: 17704568]
[0.4.1-2]
- Fix lock ordering issues.
[Orabug: 17624236]
[0.4.1-1]
- Align with new cyclic implementation in UEK3 kernel.
[Orabug: 17553446]
- Bugfix for module reference counting.
- Fix memory leak.
- Fix race condition in speculative tracing buffer cleaning.
[Orabug: 17591351]
- Ensure safe access to userspace stack memory location.
[Orabug: 17591351]
[0.4.0-2]
- Bugfix for ustack() to avoid using vma data.
[0.4.0-1]
- Bugfix for module unloading.
- Support meta-providers, USDT, and fasttrap (for USDT only).
- Export DTrace kernel headers to userspace.
- Improved ustack() robustness.
[Orabug: 17591351]
- Reimplemented ustack().
(Nick Alcock) [Orabug: 17591351]
- Bugfixes.
[0.3.2]
- Release for new kernel and CTF section layout
[0.3.1]
- Skipped version number
[0.3.0-2]
- Remove development-only providers because they should not be
built/released.
[0.3.0]
- Release of the DTrace kernel modules for UEK2 2.6.39-201.0.1 (DTrace
kernel).
[0.2.5-2]
- Fix typo causing unconditional depmod at postinstall time
[0.2.5]
- New kernel, new userspace: no module changes.
[0.2.4]
- Ban unloading of in-use dtrace modules while dtrace is running.
[0.2.3]
- There is one new DTrace option now, used internally by the
testsuite.
[0.2.2]
- Switch MUTEX_HELD() from using mutex_is_locked() to new mutex_owned().
[0.2.1]
- Ensure that allocation attempts are done in atomic fashion so that a
failing
allocation attempt won't interfere with other allocations.
- Surpress OOM warnings.
[0.2.0]
- Release of the DTrace kernel modules for UEK2 2.6.39-101.0.1 (DTrace
kernel).
[0.1.0-1.el6]
- Disable stub-based syscalls in the release pending merging in fixes.
[0.1]
- Initial release.
More information about the El-errata
mailing list