[El-errata] ELSA-2020-2664 Important: Oracle Linux 7 kernel security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Jun 24 08:38:16 PDT 2020


Oracle Linux Security Advisory ELSA-2020-2664

http://linux.oracle.com/errata/ELSA-2020-2664.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
bpftool-3.10.0-1127.13.1.el7.x86_64.rpm
kernel-3.10.0-1127.13.1.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-1127.13.1.el7.noarch.rpm
kernel-debug-3.10.0-1127.13.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1127.13.1.el7.x86_64.rpm
kernel-devel-3.10.0-1127.13.1.el7.x86_64.rpm
kernel-doc-3.10.0-1127.13.1.el7.noarch.rpm
kernel-headers-3.10.0-1127.13.1.el7.x86_64.rpm
kernel-tools-3.10.0-1127.13.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1127.13.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1127.13.1.el7.x86_64.rpm
perf-3.10.0-1127.13.1.el7.x86_64.rpm
python-perf-3.10.0-1127.13.1.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-1127.13.1.el7.src.rpm



Description of changes:

[3.10.0-1127.13.1.el7.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel 
(olkmod_signing_key.x509)(alexey.petrenko at oracle.com)
- Update x509.genkey [Orabug: 24817676]

[3.10.0-1127.13.1.el7]
- [x86] x86/speculation: Support old struct x86_cpu_id & x86_match_cpu() 
kABI (Waiman Long) [1827187 1827188] {CVE-2020-0543}
- [documentation] x86/speculation: Add Ivy Bridge to affected list 
(Waiman Long) [1827187 1827188] {CVE-2020-0543}
- [documentation] x86/speculation: Add SRBDS vulnerability and 
mitigation documentation (Waiman Long) [1827187 1827188] {CVE-2020-0543}
- [x86] x86/speculation: Add Special Register Buffer Data Sampling 
(SRBDS) mitigation (Waiman Long) [1827187 1827188] {CVE-2020-0543}
- [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long) 
[1827187 1827188] {CVE-2020-0543}
- [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman 
Long) [1827187 1827188] {CVE-2020-0543}
- [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long) 
[1827187 1827188] {CVE-2020-0543}
- [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827187 
1827188] {CVE-2020-0543}
- [cpufreq] x86/devicetable: Move x86 specific macro out of generic code 
(Waiman Long) [1827187 1827188] {CVE-2020-0543}
header (Waiman Long) [1827187 1827188] {CVE-2020-0543}

[3.10.0-1127.12.1.el7]
- [x86] x86/speculation: Prevent deadlock on ssb_state::lock (Waiman 
Long) [1841121 1836322]
- [vfio] vfio-pci: Invalidate mmaps and block MMIO access on disabled 
memory (Alex Williamson) [1837297 1820632] {CVE-2020-12888}
- [vfio] vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) 
[1837297 1820632] {CVE-2020-12888}
- [vfio] vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) 
[1837297 1820632] {CVE-2020-12888}
- [vfio] vfio/type1: Fix VA->PA translation for PFNMAP VMAs in 
vaddr_get_pfn() (Alex Williamson) [1837297 1820632] {CVE-2020-12888}
- [vfio] vfio/pci: call irq_bypass_unregister_producer() before freeing 
irq (Alex Williamson) [1837297 1820632] {CVE-2020-12888}
- [vfio] vfio_pci: Enable memory accesses before calling pci_map_rom 
(Alex Williamson) [1837297 1820632] {CVE-2020-12888}

[3.10.0-1127.11.1.el7]
- [fs] cachefiles: Fix race between read_waiter and read_copier 
involving op->to_do (Dave Wysochanski) [1839757 1829662]





More information about the El-errata mailing list