[ELSA-2019-0818] kernel security and bug fix update

Severity Important

Affected Packages 13

CVEs 2

[3.10.0-957.12.1.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [bug 24817676]

[3.10.0-957.12.1]
- [kernel] locking/rwsem: Fix (possible) missed wakeup (Waiman Long) [1690323 1547078]
- [kernel] futex: Fix (possible) missed wakeup (Waiman Long) [1690323 1547078]
- [kernel] futex: Use smp_store_release() in mark_wake_futex() (Waiman Long) [1690323 1547078]
- [kernel] sched/wake_q: Fix wakeup ordering for wake_q (Waiman Long) [1690323 1547078]
- [kernel] sched/wake_q: Document wake_q_add() (Waiman Long) [1690323 1547078]
- [scsi] mpt3sas: As per MPI-spec, use combined reply queue for SAS3.5 controllers when HBA supports more than 16 MSI-x vectors (Tomas Henzl) [1689379 1649288]
- [x86] cpu: avoid crash in get_cpu_cache_id() (David Arcari) [1689120 1626279]
- [net] igmp: Allow user-space configuration of igmp unsolicited report interval (Hangbin Liu) [1686771 1663941]
- [net] igmp: Don't flush routing cache when force_igmp_version is modified (Hangbin Liu) [1686771 1663941]
- [net] igmp: fix incorrect unsolicit report count after link down and up (Hangbin Liu) [1688225 1623359]
- [net] igmp: fix incorrect unsolicit report count when join group (Hangbin Liu) [1688225 1623359]
- [net] igmp: make function __ip_mc_inc_group() static (Hangbin Liu) [1688225 1623359]
- [net] igmp: Reduce Unsolicited report interval to 1s when using IGMPv3 (Hangbin Liu) [1688225 1623359]
- [netdrv] cxgb4: Mask out interrupts that are not enabled (Arjun Vynipadath) [1687487 1678729]
- [acpi] apci / watchdog: enable acpi_watchdog_uses_rtc (David Arcari) [1683078 1663637]
- [watchdog] simplify getting .drvdata (David Arcari) [1683079 1666393]
- [acpi] acpi / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (David Arcari) [1683079 1666393]
- [acpi] acpi / watchdog: Prefer iTCO_wdt on Lenovo Z50-70 (David Arcari) [1683079 1666393]
- [acpi] acpi / watchdog: properly initialize resources (David Arcari) [1683079 1666393]
- [acpi] acpi / watchdog: Fix init failure with overlapping register regions (David Arcari) [1683079 1666393]
- [acpi] acpi / watchdog: Print out error number when device creation fails (David Arcari) [1683079 1666393]
- [net] netfilter: nat: limit port clash resolution attempts (Florian Westphal) [1683093 1654777]
- [net] netfilter: nat: remove l4 protocol port rovers (Florian Westphal) [1683093 1654777]
- [net] netfilter: nat: cope with negative port range (Florian Westphal) [1683093 1654777]
- [x86] mm/fault: Allow stack access below rsp (Waiman Long) [1678221 1651416]
- [nvme] nvme-rdma: fix possible double free of controller async event buffer (David Milburn) [1678214 1659532]
- [nvme] nvme-rdma: fix possible free of a non-allocated async event buffer (David Milburn) [1678214 1659532]
- [nvme] nvme-rdma: stop admin queue before freeing it (David Milburn) [1678214 1659532]
- [nvme] rdma: fix double freeing of async event data (David Milburn) [1678216 1655786]
- [md] fix memleak for mempool (Nigel Croxon) [1678215 1599780]
- [md] Memory leak when flush bio size is zero (Nigel Croxon) [1678215 1599780]
- [md] fix lock contention for flush bios (Nigel Croxon) [1678215 1599780]
- [net] ipv6: rate-limit probes for neighbourless routes (Sabrina Dubroca) [1677179 1637821]
- [net] ipv6: Re-arrange code in rt6_probe() (Sabrina Dubroca) [1677179 1637821]
- [netdrv] cxgb4: update supported DCB version (Arjun Vynipadath) [1673821 1668570]
- [netdrv] cxgb4: when disabling dcb set txq dcb priority to 0 (Arjun Vynipadath) [1673821 1668570]
- [kvm] kvm: fix kvm_ioctl_create_device() reference counting (Paolo Bonzini) [1671922 1671923] {CVE-2019-6974}
- [kvm] KVM: nVMX: unconditionally cancel preemption timer in free_nested (Paolo Bonzini) [1671905 1671906] {CVE-2019-7221}
- [mm] page-writeback.c: fix range_cyclic writeback vs writepages deadlock (Brian Foster) [1673281 1591574]
- [fs] rbd: avoid corruption on partially completed bios (Ilya Dryomov) [1672514 1613493]

[3.10.0-957.11.1]
- [net] netfilter: nf_nat: skip nat clash resolution for same-origin entries (Florian Westphal) [1686766 1648965]
- [net] netfilter: nf_conntrack: resolve clash for matching conntracks (Florian Westphal) [1686766 1648965]
- [net] netfilter: conntrack: skip clash resolution if nat is in place (Florian Westphal) [1686766 1648965]
- [net] netfilter: conntrack: introduce clash resolution on insertion race (Florian Westphal) [1686766 1648965]
- [net] netfilter: conntrack: fix race between confirmation and flush (Florian Westphal) [1686766 1648965]
- [net] netfilter: conntrack: introduce nf_ct_acct_update() (Florian Westphal) [1686766 1648965]
- [netdrv] hv_netvsc: Fix a network regression after ifdown/ifup (Mohammed Gamal) [1679997 1661632]

Package	Affected Version
pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7	< 3.10.0-957.12.1.el7
pkg:rpm/oraclelinux/perf?distro=oraclelinux-7	< 3.10.0-957.12.1.el7
pkg:rpm/oraclelinux/kernel?distro=oraclelinux-7	< 3.10.0-957.12.1.el7
pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-7	< 3.10.0-957.12.1.el7
pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-7	< 3.10.0-957.12.1.el7
pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-7	< 3.10.0-957.12.1.el7
pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-7	< 3.10.0-957.12.1.el7
pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-7	< 3.10.0-957.12.1.el7
pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-7	< 3.10.0-957.12.1.el7
pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-7	< 3.10.0-957.12.1.el7
pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-7	< 3.10.0-957.12.1.el7
pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-7	< 3.10.0-957.12.1.el7
pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-7	< 3.10.0-957.12.1.el7

ID

ELSA-2019-0818

Severity

important

URL

https://linux.oracle.com/errata/ELSA-2019-0818.html

Published

2019-04-23T00:00:00
(5 years ago)

Modified

2019-04-23T00:00:00
(5 years ago)

Rights

Other Advisories

Source	# ID	URL
elsa	ELSA-2019-0818	http://linux.oracle.com/errata/ELSA-2019-0818.html
CVE	CVE-2019-6974	http://linux.oracle.com/cve/CVE-2019-6974.html
CVE	CVE-2019-7221	http://linux.oracle.com/cve/CVE-2019-7221.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7	oraclelinux	python-perf	< 3.10.0-957.12.1.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/perf?distro=oraclelinux-7	oraclelinux	perf	< 3.10.0-957.12.1.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel?distro=oraclelinux-7	oraclelinux	kernel	< 3.10.0-957.12.1.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-7	oraclelinux	kernel-tools	< 3.10.0-957.12.1.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-7	oraclelinux	kernel-tools-libs	< 3.10.0-957.12.1.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-7	oraclelinux	kernel-tools-libs-devel	< 3.10.0-957.12.1.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-7	oraclelinux	kernel-headers	< 3.10.0-957.12.1.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-7	oraclelinux	kernel-doc	< 3.10.0-957.12.1.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-7	oraclelinux	kernel-devel	< 3.10.0-957.12.1.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-7	oraclelinux	kernel-debug	< 3.10.0-957.12.1.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-7	oraclelinux	kernel-debug-devel	< 3.10.0-957.12.1.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-7	oraclelinux	kernel-abi-whitelists	< 3.10.0-957.12.1.el7	oraclelinux-7
Affected	pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-7	oraclelinux	bpftool	< 3.10.0-957.12.1.el7	oraclelinux-7

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date