[ELSA-2019-4670] Unbreakable Enterprise kernel security update

Severity Important

Affected Packages 12

CVEs 7

[4.1.12-124.28.1]
- hugetlbfs: don't retry when pool page allocations start to fail (Mike Kravetz) [Orabug: 29324267]
- x86/speculation: RSB stuffing with retpoline on Skylake+ cpus (William Roche) [Orabug: 29660924]
- x86/speculation: reformatting RSB overwrite macro (William Roche) [Orabug: 29660924]
- x86/speculation: Dynamic enable and disable of RSB stuffing with IBRS&!SMEP (William Roche) [Orabug: 29660924]
- x86/speculation: STUFF_RSB dynamic enable (William Roche) [Orabug: 29660924]
- int3 handler better address space detection on interrupts (William Roche) [Orabug: 29660924]
- repairing out-of-tree build functionality (Mark Nicholson) [Orabug: 29755100]
- ext4: fix false negatives and false positives in ext4_check_descriptors() (Shuning Zhang) [Orabug: 29797007]

[4.1.12-124.27.3]
- ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (Shuning Zhang) [Orabug: 29233739]
- Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer (Marcel Holtmann) [Orabug: 29526426] {CVE-2019-3459}
- Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (Marcel Holtmann) [Orabug: 29526426] {CVE-2019-3459}
- HID: debug: fix the ring buffer implementation (Vladis Dronov) [Orabug: 29629481] {CVE-2019-3819} {CVE-2019-3819}
- scsi: target: iscsi: Use hex2bin instead of a re-implementation (Vincent Pelletier) [Orabug: 29778875] {CVE-2018-14633} {CVE-2018-14633}
- scsi: libsas: fix a race condition when smp task timeout (Jason Yan) [Orabug: 29783225] {CVE-2018-20836}
- scsi: megaraid_sas: return error when create DMA pool failed (Jason Yan) [Orabug: 29783254] {CVE-2019-11810}
- Bluetooth: hidp: fix buffer overflow (Young Xiao) [Orabug: 29786786] {CVE-2011-1079} {CVE-2019-11884}
- x86/speculation/mds: Add 'mitigations=' support for MDS (Kanth Ghatraju) [Orabug: 29791046]
- net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock(). (Mao Wenan) [Orabug: 29802785] {CVE-2019-11815}

Package	Affected Version
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7	< 4.1.12-124.28.1.el7uek
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-6	< 4.1.12-124.28.1.el6uek
pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-7	< 4.1.12-124.28.1.el7uek
pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-6	< 4.1.12-124.28.1.el6uek
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7	< 4.1.12-124.28.1.el7uek
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-6	< 4.1.12-124.28.1.el6uek
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7	< 4.1.12-124.28.1.el7uek
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-6	< 4.1.12-124.28.1.el6uek
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7	< 4.1.12-124.28.1.el7uek
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-6	< 4.1.12-124.28.1.el6uek
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7	< 4.1.12-124.28.1.el7uek
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-6	< 4.1.12-124.28.1.el6uek

ID

ELSA-2019-4670

Severity

important

URL

https://linux.oracle.com/errata/ELSA-2019-4670.html

Published

2019-06-04T00:00:00
(5 years ago)

Modified

2019-06-04T00:00:00
(5 years ago)

Rights

Other Advisories

Source	# ID	URL
elsa	ELSA-2019-4670	http://linux.oracle.com/errata/ELSA-2019-4670.html
CVE	CVE-2018-20836	http://linux.oracle.com/cve/CVE-2018-20836.html
CVE	CVE-2019-11810	http://linux.oracle.com/cve/CVE-2019-11810.html
CVE	CVE-2019-11815	http://linux.oracle.com/cve/CVE-2019-11815.html
CVE	CVE-2019-11884	http://linux.oracle.com/cve/CVE-2019-11884.html
CVE	CVE-2019-3459	http://linux.oracle.com/cve/CVE-2019-3459.html
CVE	CVE-2019-3819	http://linux.oracle.com/cve/CVE-2019-3819.html
CVE	CVE-2018-14633	http://linux.oracle.com/cve/CVE-2018-14633.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7	oraclelinux	kernel-uek	< 4.1.12-124.28.1.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-6	oraclelinux	kernel-uek	< 4.1.12-124.28.1.el6uek	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-7	oraclelinux	kernel-uek-firmware	< 4.1.12-124.28.1.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-6	oraclelinux	kernel-uek-firmware	< 4.1.12-124.28.1.el6uek	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7	oraclelinux	kernel-uek-doc	< 4.1.12-124.28.1.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-6	oraclelinux	kernel-uek-doc	< 4.1.12-124.28.1.el6uek	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7	oraclelinux	kernel-uek-devel	< 4.1.12-124.28.1.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-6	oraclelinux	kernel-uek-devel	< 4.1.12-124.28.1.el6uek	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7	oraclelinux	kernel-uek-debug	< 4.1.12-124.28.1.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-6	oraclelinux	kernel-uek-debug	< 4.1.12-124.28.1.el6uek	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7	oraclelinux	kernel-uek-debug-devel	< 4.1.12-124.28.1.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-6	oraclelinux	kernel-uek-debug-devel	< 4.1.12-124.28.1.el6uek	oraclelinux-6

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date