[Oraclevm-errata] OVMSA-2022-0026 Important: Oracle VM 3 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update

[Errata Announcements for Oracle VM]

Oracle VM Security Advisory OVMSA-2022-0026

The following updated rpms for Oracle VM 3 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-4.1.12-124.67.3.el6uek.x86_64.rpm
kernel-uek-firmware-4.1.12-124.67.3.el6uek.noarch.rpm



Related CVEs:

CVE-2017-16537
CVE-2020-14390
CVE-2021-45486
CVE-2021-30002
CVE-2018-9422
CVE-2021-43976
CVE-2022-3028
CVE-2022-0850
CVE-2022-2964
CVE-2017-7472
CVE-2017-18270
CVE-2020-12770
CVE-2022-36879
CVE-2022-1184
CVE-2022-2503




Description of changes:

[4.1.12-124.67.3.el6uek]
- media: imon: Fix null-ptr-deref in imon_probe (Arvind Yadav)  [Orabug: 31225377]  {CVE-2017-16537}
- fbcon: remove soft scrollback code (Linus Torvalds)  [Orabug: 31914703]  {CVE-2020-14390}
- inet: use bigger hash table for IP ID generation (Eric Dumazet)  [Orabug: 33778986]  {CVE-2021-45486}
- ipv4: speedup ip_idents_reserve() (Eric Dumazet)  [Orabug: 33778986]

[4.1.12-124.67.2.el6uek]
- media: v4l: ioctl: Fix memory leak in video_usercopy (Sakari Ailus)  [Orabug: 32759975]  {CVE-2021-30002}
- usbnet: silence an unnecessary warning (Oliver Neukum)  [Orabug: 23589045]
- futex: Remove requirement for lock_page() in get_futex_key() (Mel Gorman)  [Orabug: 29048998]  {CVE-2018-9422}
- mwifiex: Fix skb_over_panic in mwifiex_usb_recv() (Zekun Shen)  [Orabug: 33784271]  {CVE-2021-43976}
- af_key: Do not call xfrm_probe_algs in parallel (Herbert Xu)  [Orabug: 34566754]  {CVE-2022-3028}
- ext4: fix kernel infoleak via ext4_extent_header (Anirudh Rayabharam)  [Orabug: 34579226]  {CVE-2022-0850}
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (Jann Horn)  [Orabug: 34594265]  {CVE-2022-2964}
- net: usb: ax88179_178a: initialize local variables before use (Phillip Potter)  [Orabug: 34594265]
- net: usb: ax88179_178a: fix packet alignment padding (Jeremy Kerr)  [Orabug: 34594265]
- ax88179_178a: Check for supported Wake-on-LAN modes (Florian Fainelli)  [Orabug: 34594265]
- Net Driver: Add Cypress GX3 VID=04b4 PID=3610. (Allan Chou)  [Orabug: 34594265]

[4.1.12-124.67.1.el6uek]
- KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings (Eric Biggers)  [Orabug: 27902747]  {CVE-2017-7472}
- KEYS: prevent creating a different user's keyrings (Eric Biggers)  [Orabug: 29013653]  {CVE-2017-18270}
- scsi: sg: add sg_remove_request in sg_write (Wu Bo)  [Orabug: 31350699]  {CVE-2020-12770}
- xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() (Hangyu Hua)  [Orabug: 34503626]  {CVE-2022-36879}
- ext4: verify dir block before splitting it (Jan Kara)  [Orabug: 34555416]  {CVE-2022-1184}
- dm verity: set DM_TARGET_IMMUTABLE feature flag (Sarthak Kukreti)  [Orabug: 34555434]  {CVE-2022-2503}