[ELSA-2019-0818] kernel security and bug fix update
[3.10.0-957.12.1.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [bug 24817676]
[3.10.0-957.12.1]
- [kernel] locking/rwsem: Fix (possible) missed wakeup (Waiman Long) [1690323 1547078]
- [kernel] futex: Fix (possible) missed wakeup (Waiman Long) [1690323 1547078]
- [kernel] futex: Use smp_store_release() in mark_wake_futex() (Waiman Long) [1690323 1547078]
- [kernel] sched/wake_q: Fix wakeup ordering for wake_q (Waiman Long) [1690323 1547078]
- [kernel] sched/wake_q: Document wake_q_add() (Waiman Long) [1690323 1547078]
- [scsi] mpt3sas: As per MPI-spec, use combined reply queue for SAS3.5 controllers when HBA supports more than 16 MSI-x vectors (Tomas Henzl) [1689379 1649288]
- [x86] cpu: avoid crash in get_cpu_cache_id() (David Arcari) [1689120 1626279]
- [net] igmp: Allow user-space configuration of igmp unsolicited report interval (Hangbin Liu) [1686771 1663941]
- [net] igmp: Don't flush routing cache when force_igmp_version is modified (Hangbin Liu) [1686771 1663941]
- [net] igmp: fix incorrect unsolicit report count after link down and up (Hangbin Liu) [1688225 1623359]
- [net] igmp: fix incorrect unsolicit report count when join group (Hangbin Liu) [1688225 1623359]
- [net] igmp: make function __ip_mc_inc_group() static (Hangbin Liu) [1688225 1623359]
- [net] igmp: Reduce Unsolicited report interval to 1s when using IGMPv3 (Hangbin Liu) [1688225 1623359]
- [netdrv] cxgb4: Mask out interrupts that are not enabled (Arjun Vynipadath) [1687487 1678729]
- [acpi] apci / watchdog: enable acpi_watchdog_uses_rtc (David Arcari) [1683078 1663637]
- [watchdog] simplify getting .drvdata (David Arcari) [1683079 1666393]
- [acpi] acpi / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (David Arcari) [1683079 1666393]
- [acpi] acpi / watchdog: Prefer iTCO_wdt on Lenovo Z50-70 (David Arcari) [1683079 1666393]
- [acpi] acpi / watchdog: properly initialize resources (David Arcari) [1683079 1666393]
- [acpi] acpi / watchdog: Fix init failure with overlapping register regions (David Arcari) [1683079 1666393]
- [acpi] acpi / watchdog: Print out error number when device creation fails (David Arcari) [1683079 1666393]
- [net] netfilter: nat: limit port clash resolution attempts (Florian Westphal) [1683093 1654777]
- [net] netfilter: nat: remove l4 protocol port rovers (Florian Westphal) [1683093 1654777]
- [net] netfilter: nat: cope with negative port range (Florian Westphal) [1683093 1654777]
- [x86] mm/fault: Allow stack access below rsp (Waiman Long) [1678221 1651416]
- [nvme] nvme-rdma: fix possible double free of controller async event buffer (David Milburn) [1678214 1659532]
- [nvme] nvme-rdma: fix possible free of a non-allocated async event buffer (David Milburn) [1678214 1659532]
- [nvme] nvme-rdma: stop admin queue before freeing it (David Milburn) [1678214 1659532]
- [nvme] rdma: fix double freeing of async event data (David Milburn) [1678216 1655786]
- [md] fix memleak for mempool (Nigel Croxon) [1678215 1599780]
- [md] Memory leak when flush bio size is zero (Nigel Croxon) [1678215 1599780]
- [md] fix lock contention for flush bios (Nigel Croxon) [1678215 1599780]
- [net] ipv6: rate-limit probes for neighbourless routes (Sabrina Dubroca) [1677179 1637821]
- [net] ipv6: Re-arrange code in rt6_probe() (Sabrina Dubroca) [1677179 1637821]
- [netdrv] cxgb4: update supported DCB version (Arjun Vynipadath) [1673821 1668570]
- [netdrv] cxgb4: when disabling dcb set txq dcb priority to 0 (Arjun Vynipadath) [1673821 1668570]
- [kvm] kvm: fix kvm_ioctl_create_device() reference counting (Paolo Bonzini) [1671922 1671923] {CVE-2019-6974}
- [kvm] KVM: nVMX: unconditionally cancel preemption timer in free_nested (Paolo Bonzini) [1671905 1671906] {CVE-2019-7221}
- [mm] page-writeback.c: fix range_cyclic writeback vs writepages deadlock (Brian Foster) [1673281 1591574]
- [fs] rbd: avoid corruption on partially completed bios (Ilya Dryomov) [1672514 1613493]
[3.10.0-957.11.1]
- [net] netfilter: nf_nat: skip nat clash resolution for same-origin entries (Florian Westphal) [1686766 1648965]
- [net] netfilter: nf_conntrack: resolve clash for matching conntracks (Florian Westphal) [1686766 1648965]
- [net] netfilter: conntrack: skip clash resolution if nat is in place (Florian Westphal) [1686766 1648965]
- [net] netfilter: conntrack: introduce clash resolution on insertion race (Florian Westphal) [1686766 1648965]
- [net] netfilter: conntrack: fix race between confirmation and flush (Florian Westphal) [1686766 1648965]
- [net] netfilter: conntrack: introduce nf_ct_acct_update() (Florian Westphal) [1686766 1648965]
- [netdrv] hv_netvsc: Fix a network regression after ifdown/ifup (Mohammed Gamal) [1679997 1661632]
- ID
- ELSA-2019-0818
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2019-0818.html
- Published
-
2019-04-23T00:00:00
(5 years ago) - Modified
-
2019-04-23T00:00:00
(5 years ago) - Rights
- Copyright 2019 Oracle, Inc.
- Other Advisories
-
- ALAS-2019-1165
- ALAS2-2019-1165
- ELSA-2019-4612
- ELSA-2020-5866
- FEDORA-2019-164946aa7f
- FEDORA-2019-16de0047d4
- FEDORA-2019-196ab64d65
- FEDORA-2019-1b986880ea
- FEDORA-2019-1e8a4c6958
- FEDORA-2019-3da64f3e61
- FEDORA-2019-41e28660ae
- FEDORA-2019-48b34fc991
- FEDORA-2019-65c6d11eba
- FEDORA-2019-69c132b061
- FEDORA-2019-6bda4c81f4
- FEDORA-2019-7462acf8ba
- FEDORA-2019-7a3fc17778
- FEDORA-2019-7bdeed7fc5
- FEDORA-2019-7ec378191e
- FEDORA-2019-8169b57f28
- FEDORA-2019-8219efa9f6
- FEDORA-2019-83858fc57b
- FEDORA-2019-87e7046631
- FEDORA-2019-914542e05c
- FEDORA-2019-94dc902948
- FEDORA-2019-97380355ae
- FEDORA-2019-a570a92d5a
- FEDORA-2019-a6cd583a8d
- FEDORA-2019-a95015e60f
- FEDORA-2019-be9add5b77
- FEDORA-2019-c36afa818c
- FEDORA-2019-ce2933b003
- FEDORA-2019-e6bf55e821
- openSUSE-SU-2019:0203-1
- RHSA-2019:0818
- RHSA-2019:0833
- SSA:2019-169-01
- SUSE-SU-2019:0541-1
- SUSE-SU-2019:0645-1
- SUSE-SU-2019:0672-1
- SUSE-SU-2019:0683-1
- SUSE-SU-2019:0709-1
- SUSE-SU-2019:0722-1
- SUSE-SU-2019:0726-1
- SUSE-SU-2019:0740-1
- SUSE-SU-2019:0745-1
- SUSE-SU-2019:0754-1
- SUSE-SU-2019:0765-1
- SUSE-SU-2019:0767-1
- SUSE-SU-2019:0784-1
- SUSE-SU-2019:0785-1
- SUSE-SU-2019:0828-1
- SUSE-SU-2019:0845-1
- SUSE-SU-2019:0901-1
- SUSE-SU-2019:1289-1
- USN-3930-1
- USN-3930-2
- USN-3931-1
- USN-3931-2
- USN-3932-1
- USN-3932-2
- USN-3933-1
- USN-3933-2
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2019-0818 | http://linux.oracle.com/errata/ELSA-2019-0818.html | |
CVE | CVE-2019-6974 | http://linux.oracle.com/cve/CVE-2019-6974.html | |
CVE | CVE-2019-7221 | http://linux.oracle.com/cve/CVE-2019-7221.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux | python-perf | < 3.10.0-957.12.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux | perf | < 3.10.0-957.12.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-7 | oraclelinux | kernel | < 3.10.0-957.12.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-7 | oraclelinux | kernel-tools | < 3.10.0-957.12.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-7 | oraclelinux | kernel-tools-libs | < 3.10.0-957.12.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-7 | oraclelinux | kernel-tools-libs-devel | < 3.10.0-957.12.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-7 | oraclelinux | kernel-headers | < 3.10.0-957.12.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-7 | oraclelinux | kernel-doc | < 3.10.0-957.12.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-7 | oraclelinux | kernel-devel | < 3.10.0-957.12.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-7 | oraclelinux | kernel-debug | < 3.10.0-957.12.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-7 | oraclelinux | kernel-debug-devel | < 3.10.0-957.12.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-7 | oraclelinux | kernel-abi-whitelists | < 3.10.0-957.12.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-7 | oraclelinux | bpftool | < 3.10.0-957.12.1.el7 | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |