[ELSA-2019-4575] Unbreakable Enterprise kernel security update
[4.1.12-124.26.1]
- NFS: commit direct writes even if they fail partially (J. Bruce Fields) [Orabug: 28212440]
- rds: update correct congestion map for loopback transport (Mukesh Kacker) [Orabug: 29175685]
- ext4: only look at the bg_flags field if it is valid (Theodore Tso) [Orabug: 29316684] {CVE-2018-10876} {CVE-2018-10876}
- uek-rpm: Add kernel-uek version to kernel-ueknano provides (Somasundaram Krishnasamy) [Orabug: 29357643]
- net: Set sk_prot_creator when cloning sockets to the right proto (Christoph Paasch) [Orabug: 29422739] {CVE-2018-9568}
- ext4: always check block group bounds in ext4_init_block_bitmap() (Theodore Tso) [Orabug: 29428607] {CVE-2018-10878}
- ext4: make sure bitmaps and the inode table dont overlap with bg descriptors (Theodore Tso) [Orabug: 29428607] {CVE-2018-10878}
- vfs: Add sb_rdonly(sb) to query the MS_RDONLY flag on s_flags (David Howells) [Orabug: 29428607] {CVE-2018-10878}
- iscsi: Capture iscsi debug messages using tracepoints (Fred Herard) [Orabug: 29429855]
[4.1.12-124.25.4]
- KEYS: add missing permission check for request_key() destination (Eric Biggers) [Orabug: 29304551] {CVE-2017-17807}
- KEYS: Dont permit request_key() to construct a new keyring (David Howells) [Orabug: 29304551] {CVE-2017-17807}
- mlx4_ib: Distribute completion vectors when zero is supplied (Hakon Bugge) [Orabug: 29318191]
- bnxt_en: Fix TX timeout during netpoll. (Michael Chan) [Orabug: 29357977]
- bnxt_en: Fix for system hang if request_irq fails (Vikas Gupta) [Orabug: 29357977]
- bnxt_en: Fix firmware message delay loop regression. (Michael Chan) [Orabug: 29357977]
- bnxt_en: reduce timeout on initial HWRM calls (Andy Gospodarek) [Orabug: 29357977]
- bnxt_en: Fix NULL pointer dereference at bnxt_free_irq(). (Michael Chan) [Orabug: 29357977]
- bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa(). (Michael Chan) [Orabug: 29357977]
- bnxt_en: Do not modify max IRQ count after RDMA driver requests/frees IRQs. (Michael Chan) [Orabug: 29357977]
- mm: cleancache: fix corruption on missed inode invalidation (Pavel Tikhomirov) [Orabug: 29364670] {CVE-2018-16862}
- l2tp: fix reading optional fields of L2TPv3 (Jacob Wen) [Orabug: 29368048]
- net/packet: fix a race in packet_bind() and packet_notifier() (Eric Dumazet) [Orabug: 29385593] {CVE-2018-18559}
- ext4: verify the depth of extent tree in ext4_find_extent() (Theodore Tso) [Orabug: 29396712] {CVE-2018-10877} {CVE-2018-10877}
[4.1.12-124.25.3]
- blk-mq: Do not invoke .queue_rq() for a stopped queue (Bart Van Assche) [Orabug: 28766011]
- uek-rpm: use multi-threaded xz compression for rpms (Alexander Burmashev) [Orabug: 29323635]
- uek-rpm: optimize find-requires usage (Alexander Burmashev) [Orabug: 29323635]
- find-debuginfo.sh: backport parallel files procession (Alexander Burmashev) [Orabug: 29323635]
- KVM: SVM: Add MSR-based feature support for serializing LFENCE (Tom Lendacky) [Orabug: 29335274]
[4.1.12-124.25.2]
- Enable RANDOMIZE_BASE (John Haxby) [Orabug: 29305587]
- slub: make ->cpu_partial unsigned (Alexey Dobriyan) [Orabug: 28620592]
- dtrace: support kernels built with RANDOMIZE_BASE (Kris Van Hees) [Orabug: 29204005]
- ID
- ELSA-2019-4575
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2019-4575.html
- Published
-
2019-03-12T00:00:00
(5 years ago) - Modified
-
2019-03-12T00:00:00
(5 years ago) - Rights
- Copyright 2019 Oracle, Inc.
- Other Advisories
-
-
ALAS-2018-1133
-
ALAS2-2018-1133
-
DSA-4073-1
-
DSA-4082-1
-
ELSA-2018-3083
-
ELSA-2019-0163
-
ELSA-2019-0512
-
ELSA-2019-2736
-
ELSA-2019-4576
-
ELSA-2019-4577
-
ELSA-2019-4600
-
ELSA-2019-4601
-
ELSA-2020-1016
-
FEDORA-2018-2645eb8dab
-
FEDORA-2018-3857a8b41a
-
FEDORA-2018-5904d0794d
-
FEDORA-2018-6e8c330d50
-
FEDORA-2018-87ba0312c2
-
FEDORA-2018-a0914af224
-
FEDORA-2019-164946aa7f
-
FEDORA-2019-16de0047d4
-
FEDORA-2019-196ab64d65
-
FEDORA-2019-1b986880ea
-
FEDORA-2019-1e8a4c6958
-
FEDORA-2019-20a89ca9af
-
FEDORA-2019-337484d88b
-
FEDORA-2019-3da64f3e61
-
FEDORA-2019-4002b91800
-
FEDORA-2019-41e28660ae
-
FEDORA-2019-48b34fc991
-
FEDORA-2019-509c133845
-
FEDORA-2019-65c6d11eba
-
FEDORA-2019-69c132b061
-
FEDORA-2019-6bda4c81f4
-
FEDORA-2019-7462acf8ba
-
FEDORA-2019-7a3fc17778
-
FEDORA-2019-7bdeed7fc5
-
FEDORA-2019-7d3500d712
-
FEDORA-2019-7ec378191e
-
FEDORA-2019-8169b57f28
-
FEDORA-2019-8219efa9f6
-
FEDORA-2019-83858fc57b
-
FEDORA-2019-87e7046631
-
FEDORA-2019-914542e05c
-
FEDORA-2019-94dc902948
-
FEDORA-2019-96b31a9602
-
FEDORA-2019-97380355ae
-
FEDORA-2019-a570a92d5a
-
FEDORA-2019-a6cd583a8d
-
FEDORA-2019-a95015e60f
-
FEDORA-2019-aabdaa013d
-
FEDORA-2019-b0f7a7b74b
-
FEDORA-2019-be9add5b77
-
FEDORA-2019-c36afa818c
-
FEDORA-2019-ce2933b003
-
FEDORA-2019-e6bf55e821
-
FEDORA-2019-f812c9fb22
-
openSUSE-SU-2019:0065-1
-
RHSA-2018:3083
-
RHSA-2018:3096
-
RHSA-2019:0163
-
RHSA-2019:0188
-
RHSA-2019:0512
-
RHSA-2019:0514
-
RHSA-2019:2736
-
RHSA-2020:1016
-
RHSA-2020:1070
-
SSA:2019-030-01
-
SUSE-SU-2018:2380-1
-
SUSE-SU-2018:2381-1
-
SUSE-SU-2018:2450-1
-
SUSE-SU-2018:2596-1
-
SUSE-SU-2018:2775-1
-
SUSE-SU-2018:2776-1
-
SUSE-SU-2018:2858-1
-
SUSE-SU-2018:2908-1
-
SUSE-SU-2018:2908-2
-
SUSE-SU-2018:3083-1
-
SUSE-SU-2018:3084-1
-
SUSE-SU-2018:4153-1
-
SUSE-SU-2018:4154-1
-
SUSE-SU-2018:4157-1
-
SUSE-SU-2018:4158-1
-
SUSE-SU-2018:4195-1
-
SUSE-SU-2018:4196-1
-
SUSE-SU-2018:4238-1
-
SUSE-SU-2019:0148-1
-
SUSE-SU-2019:0150-1
-
SUSE-SU-2019:0196-1
-
SUSE-SU-2019:0222-1
-
SUSE-SU-2019:0224-1
-
SUSE-SU-2019:0320-1
-
SUSE-SU-2019:0439-1
-
SUSE-SU-2019:0541-1
-
SUSE-SU-2019:1289-1
-
USN-3617-1
-
USN-3617-2
-
USN-3617-3
-
USN-3619-1
-
USN-3619-2
-
USN-3620-1
-
USN-3620-2
-
USN-3632-1
-
USN-3753-1
-
USN-3753-2
-
USN-3754-1
-
USN-3871-1
-
USN-3871-3
-
USN-3871-4
-
USN-3871-5
-
USN-3879-1
-
USN-3879-2
-
USN-3880-1
-
USN-3880-2
-
USN-4094-1
-
USN-4118-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| elsa | ELSA-2019-4575 |
|
|
| CVE | CVE-2018-10878 |
|
|
| CVE | CVE-2018-18559 |
|
|
| CVE | CVE-2017-17807 |
|
|
| CVE | CVE-2018-10876 |
|
|
| CVE | CVE-2018-9568 |
|
|
| CVE | CVE-2018-10877 |
|
|
| CVE | CVE-2018-16862 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | oraclelinux |
 kernel-uek
|
< 4.1.12-124.26.1.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-6 | oraclelinux |
kernel-uek
|
< 4.1.12-124.26.1.el6uek | oraclelinux-6 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-7 | oraclelinux |
kernel-uek-firmware
|
< 4.1.12-124.26.1.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-6 | oraclelinux |
kernel-uek-firmware
|
< 4.1.12-124.26.1.el6uek | oraclelinux-6 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | oraclelinux |
kernel-uek-doc
|
< 4.1.12-124.26.1.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-6 | oraclelinux |
kernel-uek-doc
|
< 4.1.12-124.26.1.el6uek | oraclelinux-6 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | oraclelinux |
kernel-uek-devel
|
< 4.1.12-124.26.1.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-6 | oraclelinux |
kernel-uek-devel
|
< 4.1.12-124.26.1.el6uek | oraclelinux-6 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | oraclelinux |
kernel-uek-debug
|
< 4.1.12-124.26.1.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-6 | oraclelinux |
kernel-uek-debug
|
< 4.1.12-124.26.1.el6uek | oraclelinux-6 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | oraclelinux |
kernel-uek-debug-devel
|
< 4.1.12-124.26.1.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-6 | oraclelinux |
kernel-uek-debug-devel
|
< 4.1.12-124.26.1.el6uek | oraclelinux-6 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |