[El-errata] ELSA-2020-5884 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Oct 13 02:52:55 PDT 2020
Oracle Linux Security Advisory ELSA-2020-5884
http://linux.oracle.com/errata/ELSA-2020-5884.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-5.4.17-2011.7.4.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2011.7.4.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2011.7.4.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2011.7.4.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2011.7.4.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2011.7.4.el7uek.x86_64.rpm
aarch64:
kernel-uek-5.4.17-2011.7.4.el7uek.aarch64.rpm
kernel-uek-debug-5.4.17-2011.7.4.el7uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2011.7.4.el7uek.aarch64.rpm
kernel-uek-devel-5.4.17-2011.7.4.el7uek.aarch64.rpm
kernel-uek-doc-5.4.17-2011.7.4.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2011.7.4.el7uek.aarch64.rpm
kernel-uek-tools-libs-5.4.17-2011.7.4.el7uek.aarch64.rpm
perf-5.4.17-2011.7.4.el7uek.aarch64.rpm
python-perf-5.4.17-2011.7.4.el7uek.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-5.4.17-2011.7.4.el7uek.src.rpm
Description of changes:
[5.4.17-2011.7.4.el7uek]
- iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (Suravee Suthikulpanit) [Orabug: 31931369]
- iommu/amd: Fix potential @entry null deref (Joao Martins) [Orabug: 31931369]
- iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (Suravee Suthikulpanit) [Orabug: 31931369]
[5.4.17-2011.7.3.el7uek]
- xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [Orabug: 31895365] {CVE-2020-14385}
- ext4: fix potential negative array index in do_split() (Eric Sandeen) [Orabug: 31895327] {CVE-2020-14314}
- mm/hugetlb: fix a race between hugetlb sysctl handlers (Muchun Song) [Orabug: 31884234] {CVE-2020-25285}
- rbd: require global CAP_SYS_ADMIN for mapping and unmapping (Ilya Dryomov) [Orabug: 31884154] {CVE-2020-25284}
- nfs: Fix getxattr kernel panic and memory overflow (Jeffrey Mitchell) [Orabug: 31872895] {CVE-2020-25212}
- libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (Jane Chu) [Orabug: 31861296]
- libnvdimm/security: the 'security' attr never (Jane Chu) [Orabug: 31861296]
- libnvdimm/security: fix a typo (Jane Chu) [Orabug: 31861296]
- mmc: sdhci: Silence MMC warnings (Maxime Ripard) [Orabug: 31746382]
- bcm2835-dma: Add support for per-channel flags (Phil Elwell) [Orabug: 31746382]
- mmc: sdhci-iproc: Fix vmmc regulators on iProc (Phil Elwell) [Orabug: 31746382]
- KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722763]
- KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722763]
- KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722763]
[5.4.17-2011.7.2.el7uek]
- net/packet: fix overflow in tpacket_rcv (Or Cohen) [Orabug: 31866487] {CVE-2020-14386} {CVE-2020-14386}
- block: better deal with the delayed not supported case in blk_cloned_rq_check_limits (Ritika Srivastava) [Orabug: 31850341]
- block: Return blk_status_t instead of errno codes (Ritika Srivastava) [Orabug: 31850341]
- iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (Suravee Suthikulpanit) [Orabug: 31849530]
- uek-rpm: ol8: config-aarch64: add *_MEMORY_HOTPLUG (Mihai Carabas) [Orabug: 31848696]
[5.4.17-2011.7.1.el7uek]
- IB/mlx5: Expose RoCE accelerator counters (Avihai Horon) [Orabug: 31621895]
- net/mlx5: Add RoCE accelerator counters (Leon Romanovsky) [Orabug: 31621895]
- cgroup: Fix sock_cgroup_data on big-endian. (Cong Wang) [Orabug: 31779795] {CVE-2020-14356}
- cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (Cong Wang) [Orabug: 31779795] {CVE-2020-14356}
- Revert "aarch64/BM: config failed, hub doesn't have any ports" (Thomas Tai) [Orabug: 31838351]
- kvm: ioapic: Restrict lazy EOI update to edge-triggered interrupts (Paolo Bonzini) [Orabug: 31839185]
- iavf: use generic power management (Vaibhav Gupta) [Orabug: 31700015]
- iavf: Fix updating statistics (Tony Nguyen) [Orabug: 31700015]
- iavf: fix error return code in iavf_init_get_resources() (Wei Yongjun) [Orabug: 31700015]
- iavf: increase reset complete wait time (Paul Greenwalt) [Orabug: 31700015]
- iavf: Fix reporting 2.5 Gb and 5Gb speeds (Brett Creeley) [Orabug: 31700015]
- iavf: use appropriate enum for comparison (Aleksandr Loktionov) [Orabug: 31700015]
- iavf: Enable support for up to 16 queues (Mitch Williams) [Orabug: 31700015]
- iavf: fix speed reporting over virtchnl (Brett Creeley) [Orabug: 31700015]
- iavf: remove current MAC address filter on VF reset (Stefan Assmann) [Orabug: 31700015]
- i40e: Fix crash during removing i40e driver (Grzegorz Szczurek) [Orabug: 31700015]
- i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (Przemyslaw Patynowski) [Orabug: 31700015]
- i40e: introduce new dump desc XDP command (Ciara Loftus) [Orabug: 31700015]
- i40e: add XDP ring statistics to dump VSI debug output (Ciara Loftus) [Orabug: 31700015]
- i40e: add XDP ring statistics to VSI stats (Ciara Loftus) [Orabug: 31700015]
- i40e: move check of full Tx ring to outside of send loop (Magnus Karlsson) [Orabug: 31700015]
- i40e: eliminate division in napi_poll data path (Magnus Karlsson) [Orabug: 31700015]
- i40e: optimize AF_XDP Tx completion path (Magnus Karlsson) [Orabug: 31700015]
- i40e: Add support for a new feature Total Port Shutdown (Arkadiusz Kubalewski) [Orabug: 31700015]
- i40e: Remove scheduling while atomic possibility (Aleksandr Loktionov) [Orabug: 31700015]
- i40e: Add support for 5Gbps cards (Aleksandr Loktionov) [Orabug: 31700015]
- i40e: Add a check to see if MFS is set (Todd Fujinaka) [Orabug: 31700015]
- i40e: detect and log info about pre-recovery mode (Piotr Kwapulinski) [Orabug: 31700015]
- i40e: make PF wait reset loop reliable (Piotr Kwapulinski) [Orabug: 31700015]
- i40e: remove unused defines (Jesse Brandeburg) [Orabug: 31700015]
- i40e: Move client header location (Shiraz Saleem) [Orabug: 31700015]
- i40e: fix crash when Rx descriptor count is changed (Björn Töpel) [Orabug: 31700015]
- i40e: Make i40e_shutdown_adminq() return void (Jason Yan) [Orabug: 31700015]
- i40e: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 31700015]
- i40e: Separate kernel allocated rx_bi rings from AF_XDP rings (Björn Töpel) [Orabug: 31700015]
- i40e: Refactor rx_bi accesses (Björn Töpel) [Orabug: 31700015]
- i40e: Remove unneeded conversion to bool (Jason Yan) [Orabug: 31700015]
- i40e: fix spelling mistake "to" -> "too" (Colin Ian King) [Orabug: 31700015]
- i40e: Set PHY Access flag on X722 (Adam Ludkiewicz) [Orabug: 31700015]
- i40e: implement VF stats NDO (Jesse Brandeburg) [Orabug: 31700015]
- i40e: enable X710 support (Alice Michael) [Orabug: 31700015]
- i40e: Add UDP segmentation offload support (Josh Hunt) [Orabug: 31700015]
- i40e: Refactoring VF MAC filters counting to make more reliable (Aleksandr Loktionov) [Orabug: 31700015]
- i40e: Fix LED blinking flow for X710T*L devices (Damian Milosek) [Orabug: 31700015]
- i40e: allow ethtool to report SW and FW versions in recovery mode (Piotr Kwapulinski) [Orabug: 31700015]
- i40e: Extend PHY access with page change flag (Piotr Azarewicz) [Orabug: 31700015]
- i40e: Extract detection of HW flags into a function (Piotr Azarewicz) [Orabug: 31700015]
- i40e: Fix for persistent lldp support (Sylwia Wnuczko) [Orabug: 31700015]
- i40e: protect ring accesses with READ- and WRITE_ONCE (Ciara Loftus) [Orabug: 31700015]
- i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (Brett Creeley) [Orabug: 31700015]
- i40e: Relax i40e_xsk_wakeup's return value when PF is busy (Maciej Fijalkowski) [Orabug: 31700015]
- i40e: Fix virtchnl_queue_select bitmap validation (Brett Creeley) [Orabug: 31700015]
[5.4.17-2011.7.0.el7uek]
- sample-trace-array: Fix sleeping function called from invalid context (Kefeng Wang) [Orabug: 31543029]
- sample-trace-array: Remove trace_array 'sample-instance' (Kefeng Wang) [Orabug: 31543029]
- tracing: Sample module to demonstrate kernel access to Ftrace instances. (Divya Indi) [Orabug: 31543029]
- tracing: Adding new functions for kernel access to Ftrace instances (Divya Indi) [Orabug: 31543029]
- tracing: Adding NULL checks for trace_array descriptor pointer (Divya Indi) [Orabug: 31543029]
- tracing: Verify if trace array exists before destroying it. (Divya Indi) [Orabug: 31543029]
- tracing: Declare newly exported APIs in include/linux/trace.h (Divya Indi) [Orabug: 31543029]
- RDMA/cm: Fix missing RDMA_CM_EVENT_REJECTED event after receiving REJ message (Leon Romanovsky) [Orabug: 31784656]
- RDMA/cm: Protect access to remote_sidr_table (Maor Gottlieb) [Orabug: 31784889]
- rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783146]
More information about the El-errata
mailing list