[ELSA-2019-4541] Unbreakable Enterprise kernel security update
[4.14.35-1844.2.5]
- x86/apic: Switch all APICs to Fixed delivery mode (Thomas Gleixner) [Orabug: 29262403]
[4.14.35-1844.2.4]
- x86/platform/UV: Add check of TSC state set by UV BIOS (mike.travis@hpe.com) [Orabug: 29205471]
- x86/tsc: Provide a means to disable TSC ART (mike.travis@hpe.com) [Orabug: 29205471]
- x86/tsc: Drastically reduce the number of firmware bug warnings (mike.travis@hpe.com) [Orabug: 29205471]
- x86/tsc: Skip TSC test and error messages if already unstable (mike.travis@hpe.com) [Orabug: 29205471]
- x86/tsc: Add option that TSC on Socket 0 being non-zero is valid (mike.travis@hpe.com) [Orabug: 29205471]
- scsi: lpfc: Enable Management features for IF_TYPE=6 (James Smart) [Orabug: 29248376]
[4.14.35-1844.2.3]
- RDS: Heap OOB write in rds_message_alloc_sgs() (Mohamed Ghannam) [Orabug: 28983233]
- proc: restrict kernel stack dumps to root (Jann Horn) [Orabug: 29114876] {CVE-2018-17972}
- rds: congestion updates can be missed when kernel low on memory (Mukesh Kacker) [Orabug: 29200902]
- x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (Zhenzhong Duan) [Orabug: 29211613]
- xen-netback: wake up xenvif_dealloc_kthread when it should stop (Dongli Zhang) [Orabug: 29237355]
- xen/blkback: rework validate_io_op() (Dongli Zhang) [Orabug: 29237430]
- xen/blkback: optimize validate_io_op() to filter BLKIF_OP_RESERVED_1 operation (Dongli Zhang) [Orabug: 29237430]
- xen/blkback: do not BUG() for invalid blkif_request from frontend (Dongli Zhang) [Orabug: 29237430]
- net/rds: WARNING: at net/rds/recv.c:222 rds_recv_hs_exthdrs+0xf8/0x1e0 (Venkat Venkatsubra) [Orabug: 29248238]
- kvm: x86: Add AMDs EX_CFG to the list of ignored MSRs (Eduardo Habkost) [Orabug: 29254549]
- alarmtimer: Prevent overflow for relative nanosleep (Thomas Gleixner) [Orabug: 29269148] {CVE-2018-13053}
[4.14.35-1844.2.2]
- genirq/affinity: Dont return with empty affinity masks on error (Thomas Gleixner) [Orabug: 29209330]
- x86/apic/x2apic: set affinity of a single interrupt to one cpu (Jianchao Wang) [Orabug: 29201434]
- uek-rpm: Update x86_64 config options (Victor Erminpour) [Orabug: 29129556]
- net: rds: fix excess initialization of the recv SGEs (Zhu Yanjun) [Orabug: 29004501]
- nvme-pci: fix memory leak on probe failure (Keith Busch) [Orabug: 29214245]
- nvme-pci: limit max IO size and segments to avoid high order allocations (Jens Axboe) [Orabug: 29214245]
- arm64, dtrace: add non-virtual clocksources to fbt blacklist (Nick Alcock) [Orabug: 29220926]
- net/rds: ib: Fix endless RNR Retries caused by memory allocation failures (Venkat Venkatsubra) [Orabug: 29222874]
- x86/speculation: simplify IBRS firmware control (Alexandre Chartre) [Orabug: 29225114]
- x86/speculation: use jump label instead of alternative to control IBRS firmware (Alexandre Chartre) [Orabug: 29225114]
- x86/speculation: fix and simplify IBPB control (Alexandre Chartre) [Orabug: 29225114]
- x86/speculation: use jump label instead of alternative to control IBPB (Alexandre Chartre) [Orabug: 29225114]
- x86/speculation: move ANNOTATE_* macros to a new header file (Alexandre Chartre) [Orabug: 29225114]
- be2net: Update the driver version to 12.0.0.0 (Suresh Reddy) [Orabug: 29228473]
- be2net: Handle transmit completion errors in Lancer (Suresh Reddy) [Orabug: 29228473]
- be2net: Fix HW stall issue in Lancer (Suresh Reddy) [Orabug: 29228473]
- x86/platform/UV: Fix GAM MMR references in the UV x2apic code (Mike Travis) [Orabug: 29205471]
- x86/platform/UV: Fix GAM MMR changes in UV4A (Mike Travis) [Orabug: 29205471]
- x86/platform/UV: Add references to access fixed UV4A HUB MMRs (Mike Travis) [Orabug: 29205471]
- x86/platform/UV: Fix UV4A support on new Intel Processors (Mike Travis) [Orabug: 29205471]
- x86/platform/UV: Update uv_mmrs.h to prepare for UV4A fixes (Mike Travis) [Orabug: 29205471]
[4.14.35-1844.2.1]
- rds: Incorrect rds-info send and retransmission message output (Ka-Cheong Poon) [Orabug: 29024033]
- mlx4_core: Disable P_Key Violation Traps (Hakon Bugge) [Orabug: 28861014]
- rds: ib: Use a delay when reconnecting to the very same IP address (Hakon Bugge) [Orabug: 29161391]
- KVM: Fix UAF in nested posted interrupt processing (Cfir Cohen) [Orabug: 29172125] {CVE-2018-16882}
- x86/alternative: check int3 breakpoint physical addresses (Alexandre Chartre) [Orabug: 29178334]
- Change mincore() to count 'mapped' pages rather than 'cached' pages (Linus Torvalds) [Orabug: 29187408] {CVE-2019-5489}
- net/rds: RDS connection does not reconnect after CQ access violation error (Venkat Venkatsubra) [Orabug: 29180514]
[4.14.35-1844.2.0]
- userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli) [Orabug: 29163742] {CVE-2018-18397}
- userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli) [Orabug: 29163742] {CVE-2018-18397}
- ocfs2: dont clear bh uptodate for block read (Junxiao Bi) [Orabug: 29159655]
- ocfs2: clear journal dirty flag after shutdown journal (Junxiao Bi) [Orabug: 29154599]
- ocfs2: fix panic due to unrecovered local alloc (Junxiao Bi) [Orabug: 29154599]
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | < 4.14.35-1844.2.5.el7uek |
pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | < 4.14.35-1844.2.5.el7uek |
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | < 4.14.35-1844.2.5.el7uek |
pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7 | < 4.14.35-1844.2.5.el7uek |
pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7 | < 4.14.35-1844.2.5.el7uek |
pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7 | < 4.14.35-1844.2.5.el7uek |
pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7 | < 4.14.35-1844.2.5.el7uek |
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | < 4.14.35-1844.2.5.el7uek |
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | < 4.14.35-1844.2.5.el7uek |
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | < 4.14.35-1844.2.5.el7uek |
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | < 4.14.35-1844.2.5.el7uek |
- ID
- ELSA-2019-4541
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2019-4541.html
- Published
-
2019-02-12T00:00:00
(5 years ago) - Modified
-
2019-02-12T00:00:00
(5 years ago) - Rights
- Copyright 2019 Oracle, Inc.
- Other Advisories
-
- ALAS-2018-1100
- ALAS-2019-1214
- ALAS2-2018-1100
- ALAS2-2019-1214
- DSA-4465-1
- ELSA-2019-0163
- ELSA-2019-0512
- ELSA-2019-2029
- ELSA-2019-2473
- ELSA-2019-3517
- ELSA-2019-4528
- ELSA-2019-4531
- ELSA-2019-4532
- ELSA-2019-4576
- ELSA-2019-4577
- ELSA-2023-12232
- FEDORA-2018-0edb45d9db
- FEDORA-2018-1621b2204a
- FEDORA-2018-1c80fea1cd
- FEDORA-2018-2ee3411cb8
- FEDORA-2018-2f6df9abfb
- FEDORA-2018-3857a8b41a
- FEDORA-2018-49bda79bd5
- FEDORA-2018-50075276e8
- FEDORA-2018-59e4747e0f
- FEDORA-2018-6e8c330d50
- FEDORA-2018-79d7c3d2df
- FEDORA-2018-8422d94975
- FEDORA-2018-8484550fff
- FEDORA-2018-94315e9a6b
- FEDORA-2018-9f4381d8c4
- FEDORA-2018-a0914af224
- FEDORA-2018-b68776e5b0
- FEDORA-2018-c0a1284064
- FEDORA-2018-ca0e10fc6e
- FEDORA-2018-cc812838fb
- FEDORA-2018-d77cc41f35
- FEDORA-2018-ddbaca855e
- FEDORA-2018-e820fccd83
- FEDORA-2018-ec3bf1b228
- FEDORA-2018-f8cba144ae
- FEDORA-2019-16de0047d4
- FEDORA-2019-196ab64d65
- FEDORA-2019-1b986880ea
- FEDORA-2019-20a89ca9af
- FEDORA-2019-337484d88b
- FEDORA-2019-3da64f3e61
- FEDORA-2019-4002b91800
- FEDORA-2019-509c133845
- FEDORA-2019-65c6d11eba
- FEDORA-2019-7d3500d712
- FEDORA-2019-a6cd583a8d
- FEDORA-2019-c36afa818c
- FEDORA-2019-ce2933b003
- openSUSE-SU-2019:0065-1
- openSUSE-SU-2019:1479-1
- openSUSE-SU-2019:1579-1
- RHSA-2019:0163
- RHSA-2019:0512
- RHSA-2019:0514
- RHSA-2019:2029
- RHSA-2019:2043
- RHSA-2019:2473
- RHSA-2019:3309
- RHSA-2019:3517
- SSA:2019-030-01
- SUSE-SU-2018:2051-1
- SUSE-SU-2018:2092-1
- SUSE-SU-2018:2150-1
- SUSE-SU-2018:2222-1
- SUSE-SU-2018:2332-1
- SUSE-SU-2018:2344-1
- SUSE-SU-2018:2344-2
- SUSE-SU-2018:2362-1
- SUSE-SU-2018:2366-1
- SUSE-SU-2018:2384-1
- SUSE-SU-2018:2637-1
- SUSE-SU-2019:0150-1
- SUSE-SU-2019:0196-1
- SUSE-SU-2019:0222-1
- SUSE-SU-2019:0224-1
- SUSE-SU-2019:1527-1
- SUSE-SU-2019:1529-1
- SUSE-SU-2019:1530-1
- SUSE-SU-2019:1532-1
- SUSE-SU-2019:1533-1
- SUSE-SU-2019:1534-1
- SUSE-SU-2019:1535-1
- SUSE-SU-2019:1536-1
- SUSE-SU-2019:1550-1
- SUSE-SU-2019:1692-1
- SUSE-SU-2019:2430-1
- SUSE-SU-2021:3929-1
- SUSE-SU-2021:3935-1
- USN-3821-1
- USN-3821-2
- USN-3832-1
- USN-3835-1
- USN-3871-1
- USN-3871-3
- USN-3871-4
- USN-3871-5
- USN-3872-1
- USN-3878-1
- USN-3878-2
- USN-3880-1
- USN-3880-2
- USN-3901-1
- USN-3901-2
- USN-3903-1
- USN-3903-2
- USN-4094-1
- USN-4118-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2019-4541 | http://linux.oracle.com/errata/ELSA-2019-4541.html | |
CVE | CVE-2019-5489 | http://linux.oracle.com/cve/CVE-2019-5489.html | |
CVE | CVE-2018-18397 | http://linux.oracle.com/cve/CVE-2018-18397.html | |
CVE | CVE-2018-17972 | http://linux.oracle.com/cve/CVE-2018-17972.html | |
CVE | CVE-2018-16882 | http://linux.oracle.com/cve/CVE-2018-16882.html | |
CVE | CVE-2018-13053 | http://linux.oracle.com/cve/CVE-2018-13053.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux | python-perf | < 4.14.35-1844.2.5.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux | perf | < 4.14.35-1844.2.5.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | oraclelinux | kernel-uek | < 4.14.35-1844.2.5.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools | < 4.14.35-1844.2.5.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools-libs | < 4.14.35-1844.2.5.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools-libs-devel | < 4.14.35-1844.2.5.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7 | oraclelinux | kernel-uek-headers | < 4.14.35-1844.2.5.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | oraclelinux | kernel-uek-doc | < 4.14.35-1844.2.5.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-devel | < 4.14.35-1844.2.5.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug | < 4.14.35-1844.2.5.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug-devel | < 4.14.35-1844.2.5.el7uek | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |