[Oraclevm-errata] OVMSA-2019-0022 Important: Oracle VM 3.4 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Thu May 30 07:54:59 PDT 2019


Oracle VM Security Advisory OVMSA-2019-0022

The following updated rpms for Oracle VM 3.4 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-uek-4.1.12-124.27.1.el6uek.x86_64.rpm
kernel-uek-firmware-4.1.12-124.27.1.el6uek.noarch.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/kernel-uek-4.1.12-124.27.1.el6uek.src.rpm



Description of changes:

[4.1.12-124.27.1.el6uek]
- scsi: libfc: sanitize E_D_TOV and R_A_TOV setting (Hannes Reinecke)  [Orabug: 25933179]
- scsi: libfc: use configured rport E_D_TOV (Hannes Reinecke)  [Orabug: 25933179]
- scsi: libfc: additional debugging messages (Hannes Reinecke)  [Orabug: 25933179]
- scsi: libfc: don't advance state machine for incoming FLOGI (Hannes Reinecke)  [Orabug: 25933179]
- scsi: libfc: Do not login if the port is already started (Hannes Reinecke)  [Orabug: 25933179]
- scsi: libfc: Do not drop down to FLOGI for fc_rport_login() (Hannes Reinecke)  [Orabug: 25933179]
- scsi: libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS response. (Chad Dupuis)  [Orabug: 25933179]
- scsi: libfc: Fixup disc_mutex handling (Hannes Reinecke)  [Orabug: 25933179]
- xve: arm ud tx cq to generate completion interrupts (Ajaykumar Hotchandani)  [Orabug: 28267050]
- net: sched: run ingress qdisc without locks (Alexei Starovoitov)  [Orabug: 29395374]
- bnxt_en: Fix typo in firmware message timeout logic. (Michael Chan)  [Orabug: 29412112]
- bnxt_en: Wait longer for the firmware message response to complete. (Michael Chan)  [Orabug: 29412112]
- mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed. (Tetsuo Handa)  [Orabug: 29456281]
- X.509: Handle midnight alternative notation in GeneralizedTime (David Howells)  [Orabug: 29460344]  {CVE-2015-5327}
- X.509: Support leap seconds (David Howells)  [Orabug: 29460344]  {CVE-2015-5327}
- X.509: Fix the time validation [ver #2] (David Howells)  [Orabug: 29460344]  {CVE-2015-5327} {CVE-2015-5327}
- be2net: enable new Kconfig items in kernel configs (Brian Maly)  [Orabug: 29475071]
- benet: remove broken and unused macro (Lubomir Rintel)  [Orabug: 29475071]
- be2net: don't flip hw_features when VXLANs are added/deleted (Davide Caratti)  [Orabug: 29475071]
- be2net: Fix memory leak in be_cmd_get_profile_config() (Petr Oros)  [Orabug: 29475071]
- be2net: Use Kconfig flag to support for enabling/disabling adapters (Petr Oros)  [Orabug: 29475071]
- be2net: Mark expected switch fall-through (Gustavo A. R. Silva)  [Orabug: 29475071]
- be2net: fix spelling mistake "seqence" -> "sequence" (Colin Ian King)  [Orabug: 29475071]
- be2net: Update the driver version to 12.0.0.0 (Suresh Reddy)  [Orabug: 29475071]
- be2net: gather debug info and reset adapter (only for Lancer) on a tx-timeout (Suresh Reddy)  [Orabug: 29475071]
- be2net: move rss_flags field in rss_info to ensure proper alignment (Ivan Vecera)  [Orabug: 29475071]
- be2net: re-order fields in be_error_recovert to avoid hole (Ivan Vecera)  [Orabug: 29475071]
- be2net: remove unused tx_jiffies field from be_tx_stats (Ivan Vecera)  [Orabug: 29475071]
- be2net: move txcp field in be_tx_obj to eliminate holes in the struct (Ivan Vecera)  [Orabug: 29475071]
- be2net: reorder fields in be_eq_obj structure (Ivan Vecera)  [Orabug: 29475071]
- be2net: remove unused old custom busy-poll fields (Ivan Vecera)  [Orabug: 29475071]
- be2net: remove unused old AIC info (Ivan Vecera)  [Orabug: 29475071]
- be2net: Fix error detection logic for BE3 (Suresh Reddy)  [Orabug: 29475071]
- scsi: sd: Do not override max_sectors_kb sysfs setting (Martin K. Petersen)  [Orabug: 29596510]
- USB: serial: io_ti: fix div-by-zero in set_termios (Johan Hovold)  [Orabug: 29487834]  {CVE-2017-18360}
- bnxt_en: Drop oversize TX packets to prevent errors. (Michael Chan)  [Orabug: 29516462]
- x86/speculation: Read per-cpu value of x86_spec_ctrl_priv in x86_virt_spec_ctrl() (Alejandro Jimenez)  [Orabug: 29526401]
- x86/speculation: Keep enhanced IBRS on when prctl is used for SSBD control (Alejandro Jimenez)  [Orabug: 29526401]
- USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data (Hui Peng)  [Orabug: 29605982]  {CVE-2018-19985} {CVE-2018-19985}
- swiotlb: save io_tlb_used to local variable before leaving critical section (Dongli Zhang)  [Orabug: 29637525]
- swiotlb: dump used and total slots when swiotlb buffer is full (Dongli Zhang)  [Orabug: 29637525]
- x86/bugs, kvm: don't miss SSBD when IBRS is in use. (Quentin Casasnovas)  [Orabug: 29642113]
- cifs: Fix use after free of a mid_q_entry (Shuning Zhang)  [Orabug: 29654888]
- binfmt_elf: switch to new creds when switching to new mm (Linus Torvalds)  [Orabug: 29677233]  {CVE-2019-11190}
- x86/microcode: Don't return error if microcode update is not needed (Boris Ostrovsky)  [Orabug: 29759756]




More information about the Oraclevm-errata mailing list