[El-errata] ELSA-2020-0339 Important: Oracle Linux 8 kernel security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Feb 7 19:25:34 PST 2020


Oracle Linux Security Advisory ELSA-2020-0339

http://linux.oracle.com/errata/ELSA-2020-0339.html

The following updated rpms for Oracle Linux 8 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-abi-whitelists-4.18.0-147.5.1.el8_1.noarch.rpm
kernel-core-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-cross-headers-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-debug-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-debug-core-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-debug-devel-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-debug-modules-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-debug-modules-extra-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-devel-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-doc-4.18.0-147.5.1.el8_1.noarch.rpm
kernel-headers-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-modules-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-modules-extra-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-tools-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-tools-libs-4.18.0-147.5.1.el8_1.x86_64.rpm
perf-4.18.0-147.5.1.el8_1.x86_64.rpm
python3-perf-4.18.0-147.5.1.el8_1.x86_64.rpm
kernel-tools-libs-devel-4.18.0-147.5.1.el8_1.x86_64.rpm

aarch64:
bpftool-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-abi-whitelists-4.18.0-147.5.1.el8_1.noarch.rpm
kernel-core-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-cross-headers-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-debug-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-debug-core-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-debug-devel-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-debug-modules-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-debug-modules-extra-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-devel-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-doc-4.18.0-147.5.1.el8_1.noarch.rpm
kernel-headers-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-modules-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-modules-extra-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-tools-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-tools-libs-4.18.0-147.5.1.el8_1.aarch64.rpm
perf-4.18.0-147.5.1.el8_1.aarch64.rpm
python3-perf-4.18.0-147.5.1.el8_1.aarch64.rpm
kernel-tools-libs-devel-4.18.0-147.5.1.el8_1.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-147.5.1.el8_1.src.rpm



Description of changes:

[4.18.0-147.5.1.el8_1.OL8]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted 
keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]

[4.18.0-147.5.1.el8_1]
- [powerpc] powerpc/shared: Use static key to detect shared processor 
(Phil Auld) [1781114 1767529]
- [powerpc] powerpc/vcpu: Assume dedicated processors as non-preempt 
(Phil Auld) [1781114 1767529]

[4.18.0-147.4.1.el8_1]
- [block] blk-mq: apply normal plugging for HDD (Ming Lei) [1782181 1759380]
- [block] blk-mq: honor IO scheduler for multiqueue devices (Ming Lei) 
[1782181 1759380]
- [block] blk-mq: simplify blk_mq_make_request() (Ming Lei) [1782181 
1759380]
- [block] blk-mq: remove blk_mq_put_ctx() (Ming Lei) [1782181 1759380]
- [x86] kvm: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest 
that lack it (Paolo Bonzini) [1781660 1779553] {CVE-2019-19338}
- [x86] kvm: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality 
(Paolo Bonzini) [1781660 1779553] {CVE-2019-19338}
- [x86] kvm: x86: implement MSR_IA32_TSX_CTRL effect on CPUID (Paolo 
Bonzini) [1781660 1779553] {CVE-2019-19338}
- [x86] kvm: x86: do not modify masked bits of shared MSRs (Paolo 
Bonzini) [1781660 1779553] {CVE-2019-19338}
- [x86] kvm: x86: fix presentation of TSX feature in ARCH_CAPABILITIES 
(Paolo Bonzini) [1781660 1779553] {CVE-2019-19338}
- [x86] kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Paolo 
Bonzini) [1781660 1779553] {CVE-2019-19338}
- [fs] cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs 
(Leif Sahlberg) [1778693 1765979]
- [fs] cifs: avoid using MID 0xFFFF (Leif Sahlberg) [1778693 1765979]
- [fs] cifs: Fix retry mid list corruption on reconnects (Leif Sahlberg) 
[1778693 1765979]
- [fs] smb3: fix unmount hang in open_shroot (Leif Sahlberg) [1781113 
1757670]
- [fs] CIFS: fix deadlock in cached root handling (Leif Sahlberg) 
[1781113 1757670]
- [fs] Fix match_server check to allow for auto dialect negotiate (Leif 
Sahlberg) [1781113 1757670]
- [fs] SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing 
write (Leif Sahlberg) [1781113 1757670]
- [fs] cifs: fix panic in smb2_reconnect (Leif Sahlberg) [1781113 1757670]
- [fs] cifs: fix strcat buffer overflow and reduce raciness in 
smb21_set_oplock_level() (Leif Sahlberg) [1781113 1757670]
- [fs] smb3: fix signing verification of large reads (Dave Wysochanski) 
[1781110 1753114]
- [scsi] scsi: lpfc: Fix port relogin failure due to GID_FT interaction 
(Dick Kennedy) [1781108 1733217]
- [fs] xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due 
to EDQUOT (Bill O'Donnell) [1778692 1739607]
- [net] cfg80211: wext: avoid copying malformed SSIDs (Jarod Wilson) 
[1778633 1778634] {CVE-2019-17133}
- [block] blkcg: perpcu_ref init/exit should be done from 
blkg_alloc/free() (Ming Lei) [1777766 1741392]
- [fs] userfaultfd_release: always remove uffd flags and clear 
vm_userfaultfd_ctx (Alex Gladkov) [1777389 1749763] {CVE-2019-14898}
- [netdrv] mwifiex: Fix three heap overflow at parsing element in 
cfg80211_ap_settings (Jarod Wilson) [1776618 1775484] {CVE-2019-14814 
CVE-2019-14815 CVE-2019-14816}
- [netdrv] mwifiex: fix possible heap overflow in 
mwifiex_process_country_ie() (Jarod Wilson) [1776209 1776210] 
{CVE-2019-14895}
- [netdrv] mwifiex: Fix heap overflow in 
mmwifiex_process_tdls_action_frame() (Jarod Wilson) [1776161 1776162] 
{CVE-2019-14901}
- [netdrv] rtlwifi: Fix potential overflow on P2P code (Jarod Wilson) 
[1775222 1775223] {CVE-2019-17666}
- [pci] hv: Avoid use of hv_pci_dev->pci_slot after freeing it (Mohammed 
Gamal) [1764635 1737569]





More information about the El-errata mailing list