[ELSA-2019-4541] Unbreakable Enterprise kernel security update
[4.14.35-1844.2.5]
- x86/apic: Switch all APICs to Fixed delivery mode (Thomas Gleixner) [Orabug: 29262403]
[4.14.35-1844.2.4]
- x86/platform/UV: Add check of TSC state set by UV BIOS (mike.travis@hpe.com) [Orabug: 29205471]
- x86/tsc: Provide a means to disable TSC ART (mike.travis@hpe.com) [Orabug: 29205471]
- x86/tsc: Drastically reduce the number of firmware bug warnings (mike.travis@hpe.com) [Orabug: 29205471]
- x86/tsc: Skip TSC test and error messages if already unstable (mike.travis@hpe.com) [Orabug: 29205471]
- x86/tsc: Add option that TSC on Socket 0 being non-zero is valid (mike.travis@hpe.com) [Orabug: 29205471]
- scsi: lpfc: Enable Management features for IF_TYPE=6 (James Smart) [Orabug: 29248376]
[4.14.35-1844.2.3]
- RDS: Heap OOB write in rds_message_alloc_sgs() (Mohamed Ghannam) [Orabug: 28983233]
- proc: restrict kernel stack dumps to root (Jann Horn) [Orabug: 29114876] {CVE-2018-17972}
- rds: congestion updates can be missed when kernel low on memory (Mukesh Kacker) [Orabug: 29200902]
- x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (Zhenzhong Duan) [Orabug: 29211613]
- xen-netback: wake up xenvif_dealloc_kthread when it should stop (Dongli Zhang) [Orabug: 29237355]
- xen/blkback: rework validate_io_op() (Dongli Zhang) [Orabug: 29237430]
- xen/blkback: optimize validate_io_op() to filter BLKIF_OP_RESERVED_1 operation (Dongli Zhang) [Orabug: 29237430]
- xen/blkback: do not BUG() for invalid blkif_request from frontend (Dongli Zhang) [Orabug: 29237430]
- net/rds: WARNING: at net/rds/recv.c:222 rds_recv_hs_exthdrs+0xf8/0x1e0 (Venkat Venkatsubra) [Orabug: 29248238]
- kvm: x86: Add AMDs EX_CFG to the list of ignored MSRs (Eduardo Habkost) [Orabug: 29254549]
- alarmtimer: Prevent overflow for relative nanosleep (Thomas Gleixner) [Orabug: 29269148] {CVE-2018-13053}
[4.14.35-1844.2.2]
- genirq/affinity: Dont return with empty affinity masks on error (Thomas Gleixner) [Orabug: 29209330]
- x86/apic/x2apic: set affinity of a single interrupt to one cpu (Jianchao Wang) [Orabug: 29201434]
- uek-rpm: Update x86_64 config options (Victor Erminpour) [Orabug: 29129556]
- net: rds: fix excess initialization of the recv SGEs (Zhu Yanjun) [Orabug: 29004501]
- nvme-pci: fix memory leak on probe failure (Keith Busch) [Orabug: 29214245]
- nvme-pci: limit max IO size and segments to avoid high order allocations (Jens Axboe) [Orabug: 29214245]
- arm64, dtrace: add non-virtual clocksources to fbt blacklist (Nick Alcock) [Orabug: 29220926]
- net/rds: ib: Fix endless RNR Retries caused by memory allocation failures (Venkat Venkatsubra) [Orabug: 29222874]
- x86/speculation: simplify IBRS firmware control (Alexandre Chartre) [Orabug: 29225114]
- x86/speculation: use jump label instead of alternative to control IBRS firmware (Alexandre Chartre) [Orabug: 29225114]
- x86/speculation: fix and simplify IBPB control (Alexandre Chartre) [Orabug: 29225114]
- x86/speculation: use jump label instead of alternative to control IBPB (Alexandre Chartre) [Orabug: 29225114]
- x86/speculation: move ANNOTATE_* macros to a new header file (Alexandre Chartre) [Orabug: 29225114]
- be2net: Update the driver version to 12.0.0.0 (Suresh Reddy) [Orabug: 29228473]
- be2net: Handle transmit completion errors in Lancer (Suresh Reddy) [Orabug: 29228473]
- be2net: Fix HW stall issue in Lancer (Suresh Reddy) [Orabug: 29228473]
- x86/platform/UV: Fix GAM MMR references in the UV x2apic code (Mike Travis) [Orabug: 29205471]
- x86/platform/UV: Fix GAM MMR changes in UV4A (Mike Travis) [Orabug: 29205471]
- x86/platform/UV: Add references to access fixed UV4A HUB MMRs (Mike Travis) [Orabug: 29205471]
- x86/platform/UV: Fix UV4A support on new Intel Processors (Mike Travis) [Orabug: 29205471]
- x86/platform/UV: Update uv_mmrs.h to prepare for UV4A fixes (Mike Travis) [Orabug: 29205471]
[4.14.35-1844.2.1]
- rds: Incorrect rds-info send and retransmission message output (Ka-Cheong Poon) [Orabug: 29024033]
- mlx4_core: Disable P_Key Violation Traps (Hakon Bugge) [Orabug: 28861014]
- rds: ib: Use a delay when reconnecting to the very same IP address (Hakon Bugge) [Orabug: 29161391]
- KVM: Fix UAF in nested posted interrupt processing (Cfir Cohen) [Orabug: 29172125] {CVE-2018-16882}
- x86/alternative: check int3 breakpoint physical addresses (Alexandre Chartre) [Orabug: 29178334]
- Change mincore() to count 'mapped' pages rather than 'cached' pages (Linus Torvalds) [Orabug: 29187408] {CVE-2019-5489}
- net/rds: RDS connection does not reconnect after CQ access violation error (Venkat Venkatsubra) [Orabug: 29180514]
[4.14.35-1844.2.0]
- userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli) [Orabug: 29163742] {CVE-2018-18397}
- userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli) [Orabug: 29163742] {CVE-2018-18397}
- ocfs2: dont clear bh uptodate for block read (Junxiao Bi) [Orabug: 29159655]
- ocfs2: clear journal dirty flag after shutdown journal (Junxiao Bi) [Orabug: 29154599]
- ocfs2: fix panic due to unrecovered local alloc (Junxiao Bi) [Orabug: 29154599]
| Package | Affected Version |
|---|---|
 pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7
|
< 4.14.35-1844.2.5.el7uek |
|
pkg:rpm/oraclelinux/perf?distro=oraclelinux-7
|
< 4.14.35-1844.2.5.el7uek |
|
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7
|
< 4.14.35-1844.2.5.el7uek |
|
pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7
|
< 4.14.35-1844.2.5.el7uek |
|
pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7
|
< 4.14.35-1844.2.5.el7uek |
|
pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7
|
< 4.14.35-1844.2.5.el7uek |
|
pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7
|
< 4.14.35-1844.2.5.el7uek |
|
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7
|
< 4.14.35-1844.2.5.el7uek |
|
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7
|
< 4.14.35-1844.2.5.el7uek |
|
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7
|
< 4.14.35-1844.2.5.el7uek |
|
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7
|
< 4.14.35-1844.2.5.el7uek |
- ID
- ELSA-2019-4541
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2019-4541.html
- Published
-
2019-02-12T00:00:00
(5 years ago) - Modified
-
2019-02-12T00:00:00
(5 years ago) - Rights
- Copyright 2019 Oracle, Inc.
- Other Advisories
-
-
ALAS-2018-1100
-
ALAS-2019-1214
-
ALAS2-2018-1100
-
ALAS2-2019-1214
-
DSA-4465-1
-
ELSA-2019-0163
-
ELSA-2019-0512
-
ELSA-2019-2029
-
ELSA-2019-2473
-
ELSA-2019-3517
-
ELSA-2019-4528
-
ELSA-2019-4531
-
ELSA-2019-4532
-
ELSA-2019-4576
-
ELSA-2019-4577
-
ELSA-2023-12232
-
FEDORA-2018-0edb45d9db
-
FEDORA-2018-1621b2204a
-
FEDORA-2018-1c80fea1cd
-
FEDORA-2018-2ee3411cb8
-
FEDORA-2018-2f6df9abfb
-
FEDORA-2018-3857a8b41a
-
FEDORA-2018-49bda79bd5
-
FEDORA-2018-50075276e8
-
FEDORA-2018-59e4747e0f
-
FEDORA-2018-6e8c330d50
-
FEDORA-2018-79d7c3d2df
-
FEDORA-2018-8422d94975
-
FEDORA-2018-8484550fff
-
FEDORA-2018-94315e9a6b
-
FEDORA-2018-9f4381d8c4
-
FEDORA-2018-a0914af224
-
FEDORA-2018-b68776e5b0
-
FEDORA-2018-c0a1284064
-
FEDORA-2018-ca0e10fc6e
-
FEDORA-2018-cc812838fb
-
FEDORA-2018-d77cc41f35
-
FEDORA-2018-ddbaca855e
-
FEDORA-2018-e820fccd83
-
FEDORA-2018-ec3bf1b228
-
FEDORA-2018-f8cba144ae
-
FEDORA-2019-16de0047d4
-
FEDORA-2019-196ab64d65
-
FEDORA-2019-1b986880ea
-
FEDORA-2019-20a89ca9af
-
FEDORA-2019-337484d88b
-
FEDORA-2019-3da64f3e61
-
FEDORA-2019-4002b91800
-
FEDORA-2019-509c133845
-
FEDORA-2019-65c6d11eba
-
FEDORA-2019-7d3500d712
-
FEDORA-2019-a6cd583a8d
-
FEDORA-2019-c36afa818c
-
FEDORA-2019-ce2933b003
-
openSUSE-SU-2019:0065-1
-
openSUSE-SU-2019:1479-1
-
openSUSE-SU-2019:1579-1
-
RHSA-2019:0163
-
RHSA-2019:0512
-
RHSA-2019:0514
-
RHSA-2019:2029
-
RHSA-2019:2043
-
RHSA-2019:2473
-
RHSA-2019:3309
-
RHSA-2019:3517
-
SSA:2019-030-01
-
SUSE-SU-2018:2051-1
-
SUSE-SU-2018:2092-1
-
SUSE-SU-2018:2150-1
-
SUSE-SU-2018:2222-1
-
SUSE-SU-2018:2332-1
-
SUSE-SU-2018:2344-1
-
SUSE-SU-2018:2344-2
-
SUSE-SU-2018:2362-1
-
SUSE-SU-2018:2366-1
-
SUSE-SU-2018:2384-1
-
SUSE-SU-2018:2637-1
-
SUSE-SU-2019:0150-1
-
SUSE-SU-2019:0196-1
-
SUSE-SU-2019:0222-1
-
SUSE-SU-2019:0224-1
-
SUSE-SU-2019:1527-1
-
SUSE-SU-2019:1529-1
-
SUSE-SU-2019:1530-1
-
SUSE-SU-2019:1532-1
-
SUSE-SU-2019:1533-1
-
SUSE-SU-2019:1534-1
-
SUSE-SU-2019:1535-1
-
SUSE-SU-2019:1536-1
-
SUSE-SU-2019:1550-1
-
SUSE-SU-2019:1692-1
-
SUSE-SU-2019:2430-1
-
SUSE-SU-2021:3929-1
-
SUSE-SU-2021:3935-1
-
USN-3821-1
-
USN-3821-2
-
USN-3832-1
-
USN-3835-1
-
USN-3871-1
-
USN-3871-3
-
USN-3871-4
-
USN-3871-5
-
USN-3872-1
-
USN-3878-1
-
USN-3878-2
-
USN-3880-1
-
USN-3880-2
-
USN-3901-1
-
USN-3901-2
-
USN-3903-1
-
USN-3903-2
-
USN-4094-1
-
USN-4118-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| elsa | ELSA-2019-4541 |
|
|
| CVE | CVE-2019-5489 |
|
|
| CVE | CVE-2018-18397 |
|
|
| CVE | CVE-2018-17972 |
|
|
| CVE | CVE-2018-16882 |
|
|
| CVE | CVE-2018-13053 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux |
python-perf
|
< 4.14.35-1844.2.5.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux |
perf
|
< 4.14.35-1844.2.5.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | oraclelinux |
kernel-uek
|
< 4.14.35-1844.2.5.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7 | oraclelinux |
kernel-uek-tools
|
< 4.14.35-1844.2.5.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7 | oraclelinux |
kernel-uek-tools-libs
|
< 4.14.35-1844.2.5.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7 | oraclelinux |
kernel-uek-tools-libs-devel
|
< 4.14.35-1844.2.5.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7 | oraclelinux |
kernel-uek-headers
|
< 4.14.35-1844.2.5.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | oraclelinux |
kernel-uek-doc
|
< 4.14.35-1844.2.5.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | oraclelinux |
kernel-uek-devel
|
< 4.14.35-1844.2.5.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | oraclelinux |
kernel-uek-debug
|
< 4.14.35-1844.2.5.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | oraclelinux |
kernel-uek-debug-devel
|
< 4.14.35-1844.2.5.el7uek | oraclelinux-7 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |