[El-errata] ELSA-2020-5710 Important: Oracle Linux 5 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Jun 5 08:32:11 PDT 2020 

Oracle Linux Security Advisory ELSA-2020-5710

http://linux.oracle.com/errata/ELSA-2020-5710.html

The following updated rpms for Oracle Linux 5 Extended Lifecycle Support 
(ELS) have been uploaded to the Unbreakable Linux Network:

i386:
kernel-uek-2.6.39-400.323.1.el5uek.i686.rpm
kernel-uek-debug-2.6.39-400.323.1.el5uek.i686.rpm
kernel-uek-debug-devel-2.6.39-400.323.1.el5uek.i686.rpm
kernel-uek-devel-2.6.39-400.323.1.el5uek.i686.rpm
kernel-uek-doc-2.6.39-400.323.1.el5uek.noarch.rpm
kernel-uek-firmware-2.6.39-400.323.1.el5uek.noarch.rpm

x86_64:
kernel-uek-firmware-2.6.39-400.323.1.el5uek.noarch.rpm
kernel-uek-doc-2.6.39-400.323.1.el5uek.noarch.rpm
kernel-uek-2.6.39-400.323.1.el5uek.x86_64.rpm
kernel-uek-devel-2.6.39-400.323.1.el5uek.x86_64.rpm
kernel-uek-debug-devel-2.6.39-400.323.1.el5uek.x86_64.rpm
kernel-uek-debug-2.6.39-400.323.1.el5uek.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol5/SRPMS-updates/kernel-uek-2.6.39-400.323.1.el5uek.src.rpm



Description of changes:

[2.6.39-400.323.1.el5uek]
- USB: adutux: fix use-after-free on disconnect (Johan Hovold) [Orabug: 
31240297] {CVE-2019-19523}
- USB: core: Fix races in character device registration and 
deregistraion (Alan Stern) [Orabug: 31317669] {CVE-2019-19537}
- USB: iowarrior: fix use-after-free on disconnect (Johan Hovold) 
[Orabug: 31351064] {CVE-2019-19528}
- usb: iowarrior: fix deadlock on disconnect (Oliver Neukum) [Orabug: 
31351064] {CVE-2019-19528}

[2.6.39-400.322.1.el5uek]
- ipvs: reset ipvs pointer in netns (Julian Anastasov) [Orabug: 
31027196] - ipvs: prefer NETDEV_DOWN event to free cached dsts (Julian 
Anastasov) [Orabug: 31027196] - HID: hiddev: do cleanup in failure of 
opening a device (Hillf Danton) [Orabug: 31206362] {CVE-2019-19527}
- HID: hiddev: avoid opening a disconnected device (Hillf Danton) 
[Orabug: 31206362] {CVE-2019-19527}
- HID: Fix assumption that devices have inputs (Alan Stern) [Orabug: 
31208624] {CVE-2019-19532}

More information about the El-errata mailing list