[El-errata] ELSA-2020-5844 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Sep 11 12:53:53 PDT 2020 

Oracle Linux Security Advisory ELSA-2020-5844

http://linux.oracle.com/errata/ELSA-2020-5844.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-uek-4.14.35-2025.400.9.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-2025.400.9.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-2025.400.9.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-2025.400.9.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-2025.400.9.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-2025.400.9.el7uek.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-2025.400.9.el7uek.src.rpm



Description of changes:

[4.14.35-2025.400.9.el7uek]
- btrfs: merge btrfs_find_device and find_device (Anand Jain)  [Orabug: 31867382]  {CVE-2019-18885}
- sctp: implement memory accounting on tx path (Xin Long)  [Orabug: 31867387]  {CVE-2019-3874}
- Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()" (Wade Mealing)  [Orabug: 31867403]  {CVE-2020-10781}
- x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. (Anthony Steinhauser)  [Orabug: 31867441]  {CVE-2020-10767}
- md: get sysfs entry after redundancy attr group create (Junxiao Bi)  [Orabug: 31867436]
- md: fix deadlock causing by sysfs_notify (Junxiao Bi)  [Orabug: 31867436]
- random32: update the net random state on interrupt and activity (Willy Tarreau)  [Orabug: 31867433]  {CVE-2020-16166}
- vgacon: Fix for missing check in scrollback handling (Yunhai Zhang)  [Orabug: 31867431]  {CVE-2020-14331} {CVE-2020-14331}
- Reverts "rds: avoid unnecessary cong_update in loop transport" (Iraimani Pavadai)  [Orabug: 31867423]
- net/mlx5e: Poll event queue upon TX timeout before performing full channels recovery (Eran Ben Elisha)  [Orabug: 31867421]
- net/rds: Incorrect pointer used in rds_getname() (Ka-Cheong Poon)  [Orabug: 31867418]
- nfsd: apply umask on fs without ACL support (J. Bruce Fields)  [Orabug: 31867417]  {CVE-2020-24394}
- RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood)  [Orabug: 31867413]
- rename kABI whitelists to lockedlists (Dan Duval)  [Orabug: 31867411]

[4.14.35-2025.400.8.el7uek]
- rds: Test parameter in rds_ib_recv_cache_put (Hans Westgaard Ry)  [Orabug: 31737041]
- net/rds: rds_ib_remove_one() needs to wait (Ka-Cheong Poon)  [Orabug: 31777364]
- RDMA/cm: Fix missing RDMA_CM_EVENT_REJECTED event after receiving REJ message (Leon Romanovsky)  [Orabug: 31784658]
- RDMA/cm: Protect access to remote_sidr_table (Maor Gottlieb)  [Orabug: 31784891]
- tcp: add sanity tests in tcp_add_backlog() (Eric Dumazet)  [Orabug: 31780103]

More information about the El-errata mailing list