[Oraclevm-errata] OVMSA-2019-0002 Important: Oracle VM 3.4 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Tue Feb 5 07:02:02 PST 2019 

Oracle VM Security Advisory OVMSA-2019-0002

The following updated rpms for Oracle VM 3.4 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-uek-4.1.12-124.24.5.el6uek.x86_64.rpm
kernel-uek-firmware-4.1.12-124.24.5.el6uek.noarch.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/kernel-uek-4.1.12-124.24.5.el6uek.src.rpm



Description of changes:

[4.1.12-124.24.5.el6uek]
- rds: congestion updates can be missed when kernel low on memory (Mukesh Kacker)  [Orabug: 28425811]
- net/rds: ib: Fix endless RNR Retries caused by memory allocation failures (Venkat Venkatsubra)  [Orabug: 28127993]
- net: rds: fix excess initialization of the recv SGEs (Zhu Yanjun)  [Orabug: 29004503]
- xhci: fix usb2 resume timing and races. (Mathias Nyman)  [Orabug: 29028940]
- xhci: Fix a race in usb2 LPM resume, blocking U3 for usb2 devices (Mathias Nyman)  [Orabug: 29028940]
- userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli)  [Orabug: 29163750]  {CVE-2018-18397}
- userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli)  [Orabug: 29163750]  {CVE-2018-18397}
- x86/apic/x2apic: set affinity of a single interrupt to one cpu (Jianchao Wang)  [Orabug: 29196396]
- xen/blkback: rework validate_io_op() (Dongli Zhang)  [Orabug: 29199843]
- xen/blkback: optimize validate_io_op() to filter BLKIF_OP_RESERVED_1 operation (Dongli Zhang)  [Orabug: 29199843]
- xen/blkback: do not BUG() for invalid blkif_request from frontend (Dongli Zhang)  [Orabug: 29199843]
- net/rds: WARNING: at net/rds/recv.c:222 rds_recv_hs_exthdrs+0xf8/0x1e0 (Venkat Venkatsubra)  [Orabug: 29201779]
- xen-netback: wake up xenvif_dealloc_kthread when it should stop (Dongli Zhang)  [Orabug: 29217927]
- Revert "xfs: remove nonblocking mode from xfs_vm_writepage" (Wengang Wang)  [Orabug: 29279692]
- Revert "xfs: remove xfs_cancel_ioend" (Wengang Wang)  [Orabug: 29279692]
- Revert "xfs: Introduce writeback context for writepages" (Wengang Wang)  [Orabug: 29279692]
- Revert "xfs: xfs_cluster_write is redundant" (Wengang Wang)  [Orabug: 29279692]
- Revert "xfs: factor mapping out of xfs_do_writepage" (Wengang Wang)  [Orabug: 29279692]
- Revert "xfs: don't chain ioends during writepage submission" (Wengang Wang)  [Orabug: 29279692]

[4.1.12-124.24.4.el6uek]
- mstflint: Fix coding style issues - left with LINUX_VERSION_CODE (Idan Mehalel)  [Orabug: 28878697]
- mstflint: Fix coding-style issues (Idan Mehalel)  [Orabug: 28878697]
- mstflint: Fix errors found with checkpatch script (Idan Mehalel)  [Orabug: 28878697]
- Added support for 5th Gen devices in Secure Boot module and mtcr (Adham Masarwah)  [Orabug: 28878697]
- Fix typos in mst_kernel (Adham Masarwah)  [Orabug: 28878697]
- bnxt_en: Report PCIe link properties with pcie_print_link_status() (Brian Maly)  [Orabug: 28942099]
- selinux: Perform both commoncap and selinux xattr checks (Eric W. Biederman)  [Orabug: 28951521]
- Introduce v3 namespaced file capabilities (Serge E. Hallyn)  [Orabug: 28951521]
- rds: ib: Use a delay when reconnecting to the very same IP address (Håkon Bugge)  [Orabug: 29138813]
- Change mincore() to count "mapped" pages rather than "cached" pages (Linus Torvalds)  [Orabug: 29187415]  {CVE-2019-5489}
- NFSD: Set the attributes used to store the verifier for EXCLUSIVE4_1 (Kinglong Mee)  [Orabug: 29204157]

[4.1.12-124.24.3.el6uek]
- ext4: update i_disksize when new eof exceeds it (Shan Hai)  [Orabug: 28940828]
- ext4: update i_disksize if direct write past ondisk size (Eryu Guan)  [Orabug: 28940828]
- ext4: protect i_disksize update by i_data_sem in direct write path (Eryu Guan)  [Orabug: 28940828]
- ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c (Hui Peng)  [Orabug: 29042981]  {CVE-2018-19824}
- ALSA: usb-audio: Replace probing flag with active refcount (Takashi Iwai)  [Orabug: 29042981]  {CVE-2018-19824}
- ALSA: usb-audio: Avoid nested autoresume calls (Takashi Iwai)  [Orabug: 29042981]  {CVE-2018-19824}
- ext4: validate that metadata blocks do not overlap superblock (Theodore Ts'o)  [Orabug: 29114440]  {CVE-2018-1094}
- ext4: update inline int ext4_has_metadata_csum(struct super_block *sb) (John Donnelly)  [Orabug: 29114440]  {CVE-2018-1094}
- ext4: always initialize the crc32c checksum driver (Theodore Ts'o)  [Orabug: 29114440]  {CVE-2018-1094} {CVE-2018-1094}
- Revert "bnxt_en: Reduce default rings on multi-port cards." (Brian Maly)  [Orabug: 28687746]
- mlx4_core: Disable P_Key Violation Traps (Håkon Bugge)  [Orabug: 27693633]
- rds: RDS connection does not reconnect after CQ access violation error (Venkat Venkatsubra)  [Orabug: 28733324]

[4.1.12-124.24.2.el6uek]
- KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL (KarimAllah Ahmed)  [Orabug: 28069548]
- KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL - reloaded (Mihai Carabas)  [Orabug: 28069548]
- KVM/x86: Add IBPB support (Ashok Raj)  [Orabug: 28069548]
- KVM: x86: pass host_initiated to functions that read MSRs (Paolo Bonzini)  [Orabug: 28069548]
- KVM: VMX: make MSR bitmaps per-VCPU (Paolo Bonzini)  [Orabug: 28069548]
- KVM: VMX: introduce alloc_loaded_vmcs (Paolo Bonzini)  [Orabug: 28069548]
- KVM: nVMX: Eliminate vmcs02 pool (Jim Mattson)  [Orabug: 28069548]
- KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC (Radim Krčmář)  [Orabug: 28069548]
- ocfs2: don't clear bh uptodate for block read (Junxiao Bi)  [Orabug: 28762940]
- ocfs2: clear journal dirty flag after shutdown journal (Junxiao Bi)  [Orabug: 28924775]
- ocfs2: fix panic due to unrecovered local alloc (Junxiao Bi)  [Orabug: 28924775]
- net: rds: fix rds_ib_sysctl_max_recv_allocation error (Zhu Yanjun)  [Orabug: 28947481]
- x86/speculation: Always disable IBRS in disable_ibrs_and_friends() (Alejandro Jimenez)  [Orabug: 29139710]

[4.1.12-124.24.1.el6uek]
- pinctrl: amd: Use devm_pinctrl_register() for pinctrl registration (Laxman Dewangan)  [Orabug: 27539246]  {CVE-2017-18174}
- mlock: fix mlock count can not decrease in race condition (Yisheng Xie)  [Orabug: 27677611]  {CVE-2017-18221}
- perf/core: Fix the perf_cpu_time_max_percent check (Tan Xiaojun)  [Orabug: 27823815]  {CVE-2017-18255}
- x86/microcode/intel: Fix a wrong assignment of revision in _save_mc (Zhenzhong Duan)  [Orabug: 28190263]
- mm: cma: fix incorrect type conversion for size during dma allocation (Rohit Vaswani)  [Orabug: 28407826]  {CVE-2017-9725}
- x86/speculation: Make enhanced IBRS the default spectre v2 mitigation (Alejandro Jimenez)  [Orabug: 28474851]
- x86/speculation: Enable enhanced IBRS usage (Alejandro Jimenez)  [Orabug: 28474851]
- x86/speculation: functions for supporting enhanced IBRS (Alejandro Jimenez)  [Orabug: 28474851]
- xen/blkback: fix disconnect while I/Os in flight (Juergen Gross)  [Orabug: 28744234]
- mlx4_vnic: use the mlid while calling ib_detach_mcast (aru kolappan)  [Orabug: 29029705]
- ext4: fail ext4_iget for root directory if unallocated (Theodore Ts'o)  [Orabug: 29048557]  {CVE-2018-1092} {CVE-2018-1092}
- Bluetooth: hidp: buffer overflow in hidp_process_report (Mark Salyzyn)  [Orabug: 29121215]  {CVE-2018-9363} {CVE-2018-9363}
- HID: debug: check length before copy_to_user() (Daniel Rosenberg)  [Orabug: 29128165]  {CVE-2018-9516}
- x86/MCE: Serialize sysfs changes (Seunghun Han)  [Orabug: 29149888]  {CVE-2018-7995}
- Input: i8042 - fix crash at boot time (Chen Hong)  [Orabug: 29152328]  {CVE-2017-18079}

[4.1.12-124.23.4.el6uek]
- base/memory, hotplug: fix a kernel oops in show_valid_zones() (Toshi Kani)  [Orabug: 29050538]
- mm/memory_hotplug.c: check start_pfn in test_pages_in_a_zone() (Toshi Kani)  [Orabug: 29050538]
- drivers/base/memory.c: prohibit offlining of memory blocks with missing sections (Seth Jennings)  [Orabug: 29050538]
- mm: Check if section present during memory block (un)registering (Yinghai Lu)  [Orabug: 29050538]
- hugetlb: take PMD sharing into account when flushing tlb/caches (Mike Kravetz)  [Orabug: 28951854]
- mm: migration: fix migration of huge PMD shared pages (Mike Kravetz)  [Orabug: 28951854]
- hugetlbfs: use truncate mutex to prevent pmd sharing race (Mike Kravetz)  [Orabug: 28896255]

[4.1.12-124.23.3.el6uek]
- rds: ib: Improve tracing during failover/back (Håkon Bugge)  [Orabug: 28860366]
- rds: ib: Remove superfluous add of address on fail-back device (Håkon Bugge)  [Orabug: 28860366]
- libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset (Fred Herard)  [Orabug: 28946207]
- wil6210: missing length check in wmi_set_ie (Lior David)  [Orabug: 28951265]  {CVE-2018-5848}
- netfilter: xt_osf: Add missing permission checks (Kevin Cernekee)  [Orabug: 29037831]  {CVE-2017-17450}
- x86/speculation: Fix bad argument to rdmsrl() in cpu_set_bug_bits() (Alejandro Jimenez)  [Orabug: 29044805]

More information about the Oraclevm-errata mailing list