[ELSA-2020-5837] Unbreakable Enterprise kernel security update

Severity Important

Affected Packages 12

CVEs 8

[4.1.12-124.42.3]
- can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351221] {CVE-2019-19535}
- media: hdpvr: Fix an error handling path in hdpvr_probe() (Arvind Yadav) [Orabug: 31352053] {CVE-2017-16644}
- fs/binfmt_misc.c: do not allow offset overflow (Thadeu Lima de Souza Cascardo) [Orabug: 31588258]
- clear inode and truncate pages before enqueuing for async inactivation (Gautham Ananthakrishna) [Orabug: 31744270]

[4.1.12-124.42.2]
- mm: create alloc_last_chance debugfs entries (Mike Kravetz) [Orabug: 31295499]
- mm: perform 'last chance' reclaim efforts before allocation failure (Mike Kravetz) [Orabug: 31295499]
- mm: let page allocation slowpath retry 'order' times (Mike Kravetz) [Orabug: 31295499]
- fix kABI breakage from 'netns: provide pure entropy for net_hash_mix()' (Dan Duval) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639}
- netns: provide pure entropy for net_hash_mix() (Eric Dumazet) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639}
- hrtimer: Annotate lockless access to timer->base (Eric Dumazet) [Orabug: 31380495]
- rds: ib: Revert 'net/rds: Avoid stalled connection due to CM REQ retries' (Hakon Bugge) [Orabug: 31648141]
- rds: Clear reconnect pending bit (Hakon Bugge) [Orabug: 31648141]
- RDMA/netlink: Do not always generate an ACK for some netlink operations (Hakon Bugge) [Orabug: 31666975]
- genirq/proc: Return proper error code when irq_set_affinity() fails (Wen Yaxng) [Orabug: 31723450]

[4.1.12-124.42.1]
- fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Alexander Potapenko) [Orabug: 31350639] {CVE-2020-10732}
- crypto: user - fix memory leak in crypto_report (Navid Emamdoost) [Orabug: 31351640] {CVE-2019-19062}
- of: unittest: fix memory leak in unittest_data_add (Navid Emamdoost) [Orabug: 31351702] {CVE-2019-19049}
- IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi) [Orabug: 31656992]
- net-sysfs: call dev_hold if kobject_init_and_add success (YueHaibing) [Orabug: 31687545] {CVE-2019-20811}

Package	Affected Version
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7	< 4.1.12-124.42.3.el7uek
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-6	< 4.1.12-124.42.3.el6uek
pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-7	< 4.1.12-124.42.3.el7uek
pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-6	< 4.1.12-124.42.3.el6uek
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7	< 4.1.12-124.42.3.el7uek
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-6	< 4.1.12-124.42.3.el6uek
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7	< 4.1.12-124.42.3.el7uek
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-6	< 4.1.12-124.42.3.el6uek
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7	< 4.1.12-124.42.3.el7uek
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-6	< 4.1.12-124.42.3.el6uek
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7	< 4.1.12-124.42.3.el7uek
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-6	< 4.1.12-124.42.3.el6uek

ID

ELSA-2020-5837

Severity

important

URL

https://linux.oracle.com/errata/ELSA-2020-5837.html

Published

2020-09-03T00:00:00
(4 years ago)

Modified

2020-09-03T00:00:00
(4 years ago)

Rights

Other Advisories

Source	# ID	URL
elsa	ELSA-2020-5837	https://linux.oracle.com/errata/ELSA-2020-5837.html
CVE	CVE-2020-10732	https://linux.oracle.com/cve/CVE-2020-10732.html
CVE	CVE-2019-19049	https://linux.oracle.com/cve/CVE-2019-19049.html
CVE	CVE-2019-19062	https://linux.oracle.com/cve/CVE-2019-19062.html
CVE	CVE-2019-20811	https://linux.oracle.com/cve/CVE-2019-20811.html
CVE	CVE-2017-16644	https://linux.oracle.com/cve/CVE-2017-16644.html
CVE	CVE-2019-10639	https://linux.oracle.com/cve/CVE-2019-10639.html
CVE	CVE-2019-19535	https://linux.oracle.com/cve/CVE-2019-19535.html
CVE	CVE-2019-10638	https://linux.oracle.com/cve/CVE-2019-10638.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7	oraclelinux	kernel-uek	< 4.1.12-124.42.3.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-6	oraclelinux	kernel-uek	< 4.1.12-124.42.3.el6uek	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-7	oraclelinux	kernel-uek-firmware	< 4.1.12-124.42.3.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-6	oraclelinux	kernel-uek-firmware	< 4.1.12-124.42.3.el6uek	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7	oraclelinux	kernel-uek-doc	< 4.1.12-124.42.3.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-6	oraclelinux	kernel-uek-doc	< 4.1.12-124.42.3.el6uek	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7	oraclelinux	kernel-uek-devel	< 4.1.12-124.42.3.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-6	oraclelinux	kernel-uek-devel	< 4.1.12-124.42.3.el6uek	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7	oraclelinux	kernel-uek-debug	< 4.1.12-124.42.3.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-6	oraclelinux	kernel-uek-debug	< 4.1.12-124.42.3.el6uek	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7	oraclelinux	kernel-uek-debug-devel	< 4.1.12-124.42.3.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-6	oraclelinux	kernel-uek-debug-devel	< 4.1.12-124.42.3.el6uek	oraclelinux-6

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date