Oracle alert ELSA-2020-5866 (kernel)
From: | Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> | |
To: | el-errata@oss.oracle.com | |
Subject: | [El-errata] ELSA-2020-5866 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update | |
Date: | Tue, 06 Oct 2020 20:33:12 -0700 | |
Message-ID: | <d6a1cc99-8f24-f991-e5a1-09b7df43eb41@oracle.com> |
Oracle Linux Security Advisory ELSA-2020-5866 http://linux.oracle.com/errata/ELSA-2020-5866.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-doc-4.1.12-124.43.4.el6uek.noarch.rpm kernel-uek-firmware-4.1.12-124.43.4.el6uek.noarch.rpm kernel-uek-4.1.12-124.43.4.el6uek.x86_64.rpm kernel-uek-devel-4.1.12-124.43.4.el6uek.x86_64.rpm kernel-uek-debug-4.1.12-124.43.4.el6uek.x86_64.rpm kernel-uek-debug-devel-4.1.12-124.43.4.el6uek.x86_64.rpm SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-4.1.12... Description of changes: [4.1.12-124.43.4.el6uek] - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974) (Jann Horn) [Orabug: 29434845] {CVE-2019-6974} - KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) (Peter Shier) [Orabug: 29434898] {CVE-2019-7221} - KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222) (Paolo Bonzini) [Orabug: 29434924] {CVE-2019-7222} - net: arc_emac: fix koops caused by sk_buff free (Alexander Kochetkov) [Orabug: 30254239] {CVE-2016-10906} - GFS2: don't set rgrp gl_object until it's inserted into rgrp tree (Bob Peterson) [Orabug: 30254251] {CVE-2016-10905} - GFS2: Fix rgrp end rounding problem for bsize < page size (Bob Peterson) [Orabug: 30254251] {CVE-2016-10905} - x86/apic/msi: update address_hi on set msi affinity (Joe Jin) [Orabug: 31477035] - x86/apic/msi: check and sync apic IRR on msi_set_affinity (Joe Jin) [Orabug: 31477035] - net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup (Sabrina Dubroca) [Orabug: 31872821] {CVE-2020-1749} - nfs: Fix getxattr kernel panic and memory overflow (Jeffrey Mitchell) [Orabug: 31872910] {CVE-2020-25212} - rbd: require global CAP_SYS_ADMIN for mapping and unmapping (Ilya Dryomov) [Orabug: 31884169] {CVE-2020-25284} - mm/hugetlb: fix a race between hugetlb sysctl handlers (Muchun Song) [Orabug: 31884239] {CVE-2020-25285} - ext4: fix potential negative array index in do_split() (Eric Sandeen) [Orabug: 31895331] {CVE-2020-14314} [4.1.12-124.43.3.el6uek] - ARM: amba: Fix race condition with driver_override (Geert Uytterhoeven) [Orabug: 29671212] {CVE-2018-9415} - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (xiao jin) [Orabug: 30120513] {CVE-2018-20856} - USB: serial: omninet: fix reference leaks at open (Johan Hovold) [Orabug: 30484761] {CVE-2017-8925} - nl80211: validate beacon head (Johannes Berg) [Orabug: 30556264] {CVE-2019-16746} - cfg80211: Use const more consistently in for_each_element macros (Jouni Malinen) [Orabug: 30556264] {CVE-2019-16746} - cfg80211: add and use strongly typed element iteration macros (Johannes Berg) [Orabug: 30556264] {CVE-2019-16746} - cfg80211: add helper to find an IE that matches a byte-array (Luca Coelho) [Orabug: 30556264] {CVE-2019-16746} - cfg80211: allow finding vendor with OUI without specifying the OUI type (Emmanuel Grumbach) [Orabug: 30556264] {CVE-2019-16746} - dccp: Fix memleak in __feat_register_sp (YueHaibing) [Orabug: 30732821] {CVE-2019-20096} - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (YueHaibing) [Orabug: 30732938] {CVE-2019-20054} - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (YueHaibing) [Orabug: 30732938] {CVE-2019-20054} - scsi: libsas: stop discovering if oob mode is disconnected (Jason Yan) [Orabug: 30770913] {CVE-2019-19965} - kernel/sysctl.c: fix out-of-bounds access when setting file-max (Will Deacon) [Orabug: 31350720] {CVE-2019-14898} - sysctl: handle overflow for file-max (Christian Brauner) [Orabug: 31350720] {CVE-2019-14898} - ath9k_htc: release allocated buffer if timed out (Navid Emamdoost) [Orabug: 31351572] {CVE-2019-19073} - can: gs_usb: gs_can_open(): prevent memory leak (Navid Emamdoost) [Orabug: 31351682] {CVE-2019-19052} - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() (Takashi Iwai) [Orabug: 31351837] {CVE-2019-15927} - media: usb: siano: Fix general protection fault in smsusb (Alan Stern) [Orabug: 31351875] {CVE-2019-15218} - crypto: vmac - separate tfm and request context (Eric Biggers) [Orabug: 31584410] - SUNRPC: Fix a race with XPRT_CONNECTING (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Fix disconnection races (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Add a helper to wake up a sleeping rpc_task and set its status (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Reduce latency when send queue is congested (Trond Myklebust) [Orabug: 31796770] - SUNRPC: RPC transport queue must be low latency (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Fix a potential race in xprt_connect() (Trond Myklebust) [Orabug: 31796770] - SUNRPC: ensure correct error is reported by xs_tcp_setup_socket() (NeilBrown) [Orabug: 31796770] - SUNRPC: Fix races between socket connection and destroy code (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Prevent SYN+SYNACK+RST storms (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Report TCP errors to the caller (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Ensure we release the TCP socket once it has been closed (Trond Myklebust) [Orabug: 31796770] - net-gro: fix use-after-free read in napi_gro_frags() (Eric Dumazet) [Orabug: 31856195] {CVE-2020-10720} - PCI: Probe bridge window attributes once at enumeration-time (Bjorn Helgaas) [Orabug: 31867577] [4.1.12-124.43.2.el6uek] - ALSA: seq: Cancel pending autoload work at unbinding device (Takashi Iwai) [Orabug: 31352045] {CVE-2017-16528} - USB: serial: io_ti: fix information leak in completion handler (Johan Hovold) [Orabug: 31352084] {CVE-2017-8924} - sample-trace-array: Fix sleeping function called from invalid context (Kefeng Wang) [Orabug: 31543032] - sample-trace-array: Remove trace_array 'sample-instance' (Kefeng Wang) [Orabug: 31543032] - tracing: Sample module to demonstrate kernel access to Ftrace instances. (Divya Indi) [Orabug: 31543032] - tracing: Adding new functions for kernel access to Ftrace instances (Aruna Ramakrishna) [Orabug: 31543032] - tracing: Adding NULL checks for trace_array descriptor pointer (Divya Indi) [Orabug: 31543032] - tracing: Verify if trace array exists before destroying it. (Divya Indi) [Orabug: 31543032] - tracing: Declare newly exported APIs in include/linux/trace.h (Divya Indi) [Orabug: 31543032] - tracing: Kernel access to Ftrace instances (Divya Indi) [Orabug: 31543032] [4.1.12-124.43.1.el6uek] - blktrace: Protect q->blk_trace with RCU (Jan Kara) [Orabug: 31123576] {CVE-2019-19768} - media: technisat-usb2: break out of loop at end of buffer (Sean Young) [Orabug: 31224554] {CVE-2019-15505} - btrfs: merge btrfs_find_device and find_device (Anand Jain) [Orabug: 31351746] {CVE-2019-18885} - RDMA/cxgb4: Do not dma memory off of the stack (Greg KH) [Orabug: 31351783] {CVE-2019-17075} - mwifiex: Abort at too short BSS descriptor element (Takashi Iwai) [Orabug: 31351916] {CVE-2019-3846} - mwifiex: Fix possible buffer overflows at parsing bss descriptor (Takashi Iwai) [Orabug: 31351916] {CVE-2019-3846} {CVE-2019-3846} - repair kABI breakage from "fs: prevent page refcount overflow in pipe_buf_get" (Dan Duval) [Orabug: 31351941] {CVE-2019-11487} - mm: prevent get_user_pages() from overflowing page refcount (Linus Torvalds) [Orabug: 31351941] {CVE-2019-11487} - mm: add 'try_get_page()' helper function (Linus Torvalds) [Orabug: 31351941] {CVE-2019-11487} - fs: prevent page refcount overflow in pipe_buf_get (Matthew Wilcox) [Orabug: 31351941] {CVE-2019-11487} - mm: make page ref count overflow check tighter and more explicit (Linus Torvalds) [Orabug: 31351941] {CVE-2019-11487} - sctp: implement memory accounting on tx path (Xin Long) [Orabug: 31351960] {CVE-2019-3874} - sunrpc: use SVC_NET() in svcauth_gss_* functions (Vasily Averin) [Orabug: 31351995] {CVE-2018-16884} - sunrpc: use-after-free in svc_process_common() (Vasily Averin) [Orabug: 31351995] {CVE-2018-16884} - af_packet: set defaule value for tmo (Mao Wenan) [Orabug: 31439107] {CVE-2019-20812} - selinux: properly handle multiple messages in selinux_netlink_send() (Paul Moore) [Orabug: 31439369] {CVE-2020-10751} - selinux: Print 'sclass' as string when unrecognized netlink message occurs (Marek Milkovic) [Orabug: 31439369] {CVE-2020-10751} - mac80211: Do not send Layer 2 Update frame before authorization (Jouni Malinen) [Orabug: 31473652] {CVE-2019-5108} - cfg80211/mac80211: make ieee80211_send_layer2_update a public function (Dedy Lansky) [Orabug: 31473652] {CVE-2019-5108} - crypto: authenc - fix parsing key with misaligned rta_len (Eric Biggers) [Orabug: 31535529] {CVE-2020-10769} - vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31705121] {CVE-2020-14331} {CVE-2020-14331} - rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783151] [4.1.12-124.42.4.el6uek] - rds/ib: Make i_{recv,send}_hdrs non-contigious (Hans Westgaard Ry) [Orabug: 30634865] - md: get sysfs entry after redundancy attr group create (Junxiao Bi) [Orabug: 31683116] - md: fix deadlock causing by sysfs_notify (Junxiao Bi) [Orabug: 31683116] [4.1.12-124.42.3.el6uek] - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351221] {CVE-2019-19535} - media: hdpvr: Fix an error handling path in hdpvr_probe() (Arvind Yadav) [Orabug: 31352053] {CVE-2017-16644} - fs/binfmt_misc.c: do not allow offset overflow (Thadeu Lima de Souza Cascardo) [Orabug: 31588258] - clear inode and truncate pages before enqueuing for async inactivation (Gautham Ananthakrishna) [Orabug: 31744270] [4.1.12-124.42.2.el6uek] - mm: create alloc_last_chance debugfs entries (Mike Kravetz) [Orabug: 31295499] - mm: perform 'last chance' reclaim efforts before allocation failure (Mike Kravetz) [Orabug: 31295499] - mm: let page allocation slowpath retry 'order' times (Mike Kravetz) [Orabug: 31295499] - fix kABI breakage from "netns: provide pure entropy for net_hash_mix()" (Dan Duval) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639} - netns: provide pure entropy for net_hash_mix() (Eric Dumazet) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639} - hrtimer: Annotate lockless access to timer->base (Eric Dumazet) [Orabug: 31380495] - rds: ib: Revert "net/rds: Avoid stalled connection due to CM REQ retries" (Håkon Bugge) [Orabug: 31648141] - rds: Clear reconnect pending bit (Håkon Bugge) [Orabug: 31648141] - RDMA/netlink: Do not always generate an ACK for some netlink operations (Håkon Bugge) [Orabug: 31666975] - genirq/proc: Return proper error code when irq_set_affinity() fails (Wen Yaxng) [Orabug: 31723450] [4.1.12-124.42.1.el6uek] - fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Alexander Potapenko) [Orabug: 31350639] {CVE-2020-10732} - crypto: user - fix memory leak in crypto_report (Navid Emamdoost) [Orabug: 31351640] {CVE-2019-19062} - of: unittest: fix memory leak in unittest_data_add (Navid Emamdoost) [Orabug: 31351702] {CVE-2019-19049} - IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi) [Orabug: 31656992] - net-sysfs: call dev_hold if kobject_init_and_add success (YueHaibing) [Orabug: 31687545] {CVE-2019-20811} _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata