[Oraclevm-errata] OVMSA-2021-0035 Important: Oracle VM 3 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Mon Oct 11 20:57:50 PDT 2021


Oracle VM Security Advisory OVMSA-2021-0035

The following updated rpms for Oracle VM 3 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-4.1.12-124.56.1.el6uek.x86_64.rpm
kernel-uek-firmware-4.1.12-124.56.1.el6uek.noarch.rpm



Related CVEs:

CVE-2017-18216
CVE-2018-9517
CVE-2019-10220
CVE-2019-19063
CVE-2019-19066
CVE-2019-19074
CVE-2019-3901
CVE-2020-12771




Description of changes:

[4.1.12-124.56.1.el6uek]
- ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (alex chen)  [Orabug: 29184589]  {CVE-2017-18216}
- bcache: fix potential deadlock problem in btree_gc_coalesce (Zhiqiang Liu)   {CVE-2020-12771}
- filldir[64]: remove WARN_ON_ONCE() for bad directory entries (Linus Torvalds)  [Orabug: 31351271]  {CVE-2019-10220}
- Make filldir[64]() verify the directory entry filename is valid (Linus Torvalds)  [Orabug: 31351271]  {CVE-2019-10220}
- ath9k: release allocated buffer if timed out (Navid Emamdoost)  [Orabug: 31351559]  {CVE-2019-19074}
- scsi: bfa: release allocated memory in case of error (Navid Emamdoost)  [Orabug: 31351615]  {CVE-2019-19066}
- rtlwifi: prevent memory leak in rtl_usb_probe (Navid Emamdoost)  [Orabug: 31351626]  {CVE-2019-19063}
- perf/core: Fix perf_event_open() vs. execve() race (Peter Zijlstra)  [Orabug: 31351766]  {CVE-2019-3901}
- l2tp: pass tunnel pointer to ->session_create() (Guillaume Nault)  [Orabug: 31352004]  {CVE-2018-9517}
- net: bonding: add new option arp_allslaves for arp_ip_target (Venkat Venkatsubra)  [Orabug: 33039295]
- Revert "uek-rpm: mark /etc/ld.so.conf.d/ files as %config" (aloktiw)  [Orabug: 33359684]
- ksplice: Fix build warning with ksplice_sysctls (John Donnelly)  [Orabug: 33365274]
- kvm:vmx Fix build error in kvm/vmx.c (John Donnelly)  [Orabug: 33375485]
- vmscan: Fix build error in mm/vmscan.c (John Donnelly)  [Orabug: 33375931]
- constify iov_iter_count() and iter_is_iovec() (Al Viro)  [Orabug: 33381741]

[4.1.12-124.55.3.el6uek]
- fs/namespace.c: fix mountpoint reference counter race (Piotr Krysiuk)  [Orabug: 31350976]  {CVE-2020-12114} {CVE-2020-12114}
- btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik)  [Orabug: 31351025]  {CVE-2019-19448} {CVE-2019-19448}
- cfg80211: wext: avoid copying malformed SSIDs (Will Deacon)  [Orabug: 31351800]  {CVE-2019-17133}
- vhost_net: fix possible infinite loop (Jason Wang)  [Orabug: 31351950]  {CVE-2019-3900} {CVE-2019-3900}
- vhost: introduce vhost_exceeds_weight() (Jason Wang)  [Orabug: 31351950]  {CVE-2019-3900}
- vhost_net: introduce vhost_exceeds_weight() (Jason Wang)  [Orabug: 31351950]  {CVE-2019-3900}
- vhost_net: use packet weight for rx handler, too (Paolo Abeni)  [Orabug: 31351950]  {CVE-2019-3900}
- vhost-net: set packet weight of tx polling to 2 * vq size (haibinzhang(张海斌))  [Orabug: 31351950]  {CVE-2019-3900}
- mac80211: extend protection against mixed key and fragment cache attacks (Wen Gong)  [Orabug: 33009788]  {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24586} {CVE-2020-24587}
- mac80211: do not accept/forward invalid EAPOL frames (Johannes Berg)  [Orabug: 33009788]  {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}
- mac80211: prevent attacks on TKIP/WEP as well (Johannes Berg)  [Orabug: 33009788]  {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}
- mac80211: check defrag PN against current frame (Johannes Berg)  [Orabug: 33009788]  {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}
- mac80211: add fragment cache to sta_info (Johannes Berg)  [Orabug: 33009788]  {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}
- mac80211: drop A-MSDUs on old ciphers (Johannes Berg)  [Orabug: 33009788]  {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24588}
- cfg80211: mitigate A-MSDU aggregation attacks (Mathy Vanhoef)  [Orabug: 33009788]  {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24588}
- mac80211: properly handle A-MSDUs that start with an RFC 1042 header (Mathy Vanhoef)  [Orabug: 33009788]  {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}
- mac80211: prevent mixed key and fragment cache attacks (Mathy Vanhoef)  [Orabug: 33009788]  {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24587} {CVE-2020-24586}
- mac80211: assure all fragments are encrypted (Mathy Vanhoef)  [Orabug: 33009788]  {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-26147}
- sctp: validate from_addr_param return (Marcelo Ricardo Leitner)  [Orabug: 33198409]  {CVE-2021-3655}
- virtio_console: Assure used length from device is limited (Xie Yongji)  [Orabug: 33209274]  {CVE-2021-38160}
- net_sched: cls_route: remove the right filter from hashtable (Cong Wang)  [Orabug: 33326887]  {CVE-2021-3715}
- HID: make arrays usage and value to be the same (Will McVicker)  [Orabug: 33326939]  {CVE-2021-0512}
- ext4: fix race writing to an inline_data file while its xattrs are changing (Theodore Ts'o)  [Orabug: 33327200]  {CVE-2021-40490}

[4.1.12-124.55.2.el6uek]
- x86/mm: Fix compiler warning in pageattr.c (John Donnelly)  [Orabug: 33332673]
- security: Make inode argument of inode_getsecid non-const (Andreas Gruenbacher)  [Orabug: 33337179]
- security: Make inode argument of inode_getsecurity non-const (Andreas Gruenbacher)  [Orabug: 33337179]

[4.1.12-124.55.1.el6uek]
- cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE (Srinivas Dasari)  [Orabug: 31351335]  {CVE-2017-11089}
- ocfs2: issue zeroout to EOF blocks (Junxiao Bi)  [Orabug: 32974989]
- ocfs2: fix zero out valid data (Junxiao Bi)  [Orabug: 32974989]
- ocfs2: fix data corruption by fallocate (Junxiao Bi)  [Orabug: 32974989]
- l2tp: fix l2tp_eth module loading (Guillaume Nault)  [Orabug: 33114384]  {CVE-2020-27067}
- af_key: pfkey_dump needs parameter validation (Mark Salyzyn)  [Orabug: 33114539]  {CVE-2021-0605}
- af_key: Add lock to key dump (Yuejie Shi)  [Orabug: 33114539]  {CVE-2021-0605}
- Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl (Alexander Larkin)  [Orabug: 33114989]  {CVE-2021-3612}
- Input: joydev - prevent potential read overflow in ioctl (Dan Carpenter)  [Orabug: 33114989]  {CVE-2021-3612}
- tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. (Haoran Luo)  [Orabug: 33198437]  {CVE-2021-3679}
- dtrace: Corrects - warning: assignment makes pointer from integer without a cast (John Donnelly)  [Orabug: 33314947]




More information about the Oraclevm-errata mailing list