ELSA-2019-1959
- ULN >
- Oracle Linux Errata repository >
- ELSA-2019-1959
ELSA-2019-1959 - kernel security, bug fix, and enhancement update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2019-08-19 |
Description
- [4.18.0-80.7.1_0.OL8]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
[4.18.0-80.7.1_0]
- [x86] Update stepping values for Whiskey Lake U/Y (David Arcari) [1722372 1704801]
- [x86] x86/perf/amd: Resolve NMI latency issues for active PMCs (David Arcari) [1722367 1640238]
- [x86] x86/perf/amd: Resolve race condition when disabling PMC (David Arcari) [1722367 1640238]
- [edac] EDAC/amd64: Set maximum channel layer size depending on family (Gary Hook) [1722365 1690984]
- [edac] EDAC/amd64: Adjust printed chip select sizes when interleaved (Gary Hook) [1722365 1690984]
- [edac] EDAC/amd64: Recognize x16 symbol size (Gary Hook) [1722365 1690984]
- [edac] EDAC/amd64: Support more than two Unified Memory Controllers (Gary Hook) [1722365 1690984]
- [edac] EDAC/amd64: Use a macro for iterating over Unified Memory Controllers (Gary Hook) [1722365 1690984]
- [edac] EDAC, amd64: Add Family 17h, models 10h-2fh support (Gary Hook) [1722365 1690984]
- [edac] EDAC/amd64: Add Family 17h Model 30h PCI IDs (Aristeu Rozanski) [1722365 1696603]
- [x86] mark AMD Rome processors supported (David Arcari) [1721972 1520002]
- [x86] x86/mce: Handle varying MCA bank counts (David Arcari) [1721233 1668779]
- [iommu] iommu/vt-d: Disable ATS support on untrusted devices (Jerry Snitselaar) [1700376 1692246]
- [documentation] thunderbolt: Export IOMMU based DMA protection support to userspace (Jerry Snitselaar) [1700376 1692246]
- [iommu] iommu/vt-d: Do not enable ATS for untrusted devices (Jerry Snitselaar) [1700376 1692246]
- [iommu] iommu/vt-d: Force IOMMU on for platform opt in hint (Jerry Snitselaar) [1700376 1692246]
- [pci] PCI / ACPI: Identify untrusted PCI devices (Myron Stowe) [1700376 1704979]
- [acpi] ACPI / property: Allow multiple property compatible _DSD entries (Myron Stowe) [1700376 1537397]
- [net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Florian Westphal) [1719922 1719923] {CVE-2019-11479}
- [net] tcp: add tcp_min_snd_mss sysctl (Florian Westphal) [1719922 1719923] {CVE-2019-11479}
- [net] tcp: tcp_fragment() should apply sane memory limits (Florian Westphal) [1719857 1719858] {CVE-2019-11478}
- [net] tcp: limit payload size of sacked skbs (Florian Westphal) [1719602 1719603] {CVE-2019-11477}
[4.18.0-80.6.1_0]
- [mm] mm: defer ZONE_DEVICE page initialization to the point where we init pgmap (Waiman Long) [1719635 1666538]
- [mm] mm: create non-atomic version of SetPageReserved for init use (Waiman Long) [1719635 1666538]
- [mm] mm: provide kernel parameter to allow disabling page init poisoning (Waiman Long) [1719635 1666538]
- [mm] mm, slub: restore the original intention of prefetch_freepointer() (Rafael Aquini) [1718237 1714671]
- [security] selinux: do not report error on connect(AF_UNSPEC) (Ondrej Mosnacek) [1717870 1707828]
- [security] selinux: Check address length before reading address family (Ondrej Mosnacek) [1717870 1707828]
- [powerpc] powerpc/tm: Fix stack pointer corruption (Desnes Augusto Nunes do Rosario) [1717869 1707635]
- [md] dm cache metadata: Fix loading discard bitset (Mike Snitzer) [1717868 1701618]
- [md] dm mpath: fix missing call of path selector type->end_io (Mike Snitzer) [1717804 1686227]
- [mm] mm/memory.c: do_fault: avoid usage of stale vm_area_struct ('Herton R. Krzesinski') [1717801 1684734]
- [net] sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (Scott Mayhew) [1717800 1679183]
- [net] sunrpc: Don't use stack buffer with scatterlist (Scott Mayhew) [1717800 1679183]
- [scsi] scsi: mpt3sas: Fix kernel panic during expander reset (Tomas Henzl) [1717791 1677693]
- [security] selinux: always allow mounting submounts (Ondrej Mosnacek) [1717777 1647723]
- [drm] drm/bufs: Fix Spectre v1 vulnerability (Rob Clark) [1717382 1663467]
- [drm] drm/ioctl: Fix Spectre v1 vulnerabilities (Rob Clark) [1717382 1663467]
- [tools] perf annotate: Fix getting source line failure (Michael Petlan) [1716887 1614435]
- [iommu] iommu/amd: Set exclusion range correctly (Jerry Snitselaar) [1715336 1702766]
- [iommu] iommu/amd: Reserve exclusion range in iova-domain (Jerry Snitselaar) [1717344 1694835]
- [kvm] KVM: PPC: Book3S: Add count cache flush parameters to kvmppc_get_cpu_char() (Vitaly Kuznetsov) [1715018 1694456]
- [s390] kvm: s390: Fix potential spectre warnings (Thomas Huth) [1714754 1702344]
- [drm] drm/i915/gvt: Fix mmap range check (Alex Williamson) [1713572 1713573] {CVE-2019-11085}
- [scsi] scsi: megaraid_sas: return error when create DMA pool failed (Tomas Henzl) [1712862 1712863] {CVE-2019-11810}
[4.18.0-80.5.1_0]
- [kernel] sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup (Joel Savitz) [1715345 1695651]
- [kernel] sched/fair: Fix O(nr_cgroups) in the load balancing path (Phil Auld) [1715343 1685636] {CVE-2018-20784}
- [kernel] sched/fair: Fix insertion in rq->leaf_cfs_rq_list (Phil Auld) [1715343 1685636] {CVE-2018-20784}
- [kernel] sched/fair: Add tmp_alone_branch assertion (Phil Auld) [1715343 1685636] {CVE-2018-20784}
- [kernel] sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c (Phil Auld) [1715343 1685636] {CVE-2018-20784}
- [rpmspec] apply linux-kernel-test.patch when building ('Herton R. Krzesinski') [1715340 1690534]
- [rpmspec] Fix cross builds (Jiri Olsa) [1715339 1694956]
- [kernel] sched/fair: Do not re-read ->h_load_next during hierarchical load calculation (Phil Auld) [1715337 1701762]
- [kvm] KVM: PPC: Book3S HV: Save/restore vrsave register in kvmhv_p9_guest_entry() (Suraj Jitindar Singh) [1714753 1700272]
- [powerpc] KVM: PPC: Book3S HV: Perserve PSSCR FAKE_SUSPEND bit on guest exit (Suraj Jitindar Singh) [1714751 1689768]
- [powerpc] powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (David Gibson) [1714746 1674410]
- [char] ipmi_si: fix use-after-free of resource->name (Tony Camuso) [1714409 1714410] {CVE-2019-11811}
- [x86] Update stepping values for coffee lake desktop (David Arcari) [1711048 1704800]
Related CVEs
| CVE-2018-20784 |
| CVE-2019-11810 |
| CVE-2019-11811 |
| CVE-2019-11085 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 8 (aarch64) | kernel-4.18.0-80.7.1.el8_0.src.rpm | ef30813335b1b52febfe780d14f0b18a8cf65e11459d1ba87c68535df17d562f | - | ol8_aarch64_codeready_builder |
| kernel-tools-libs-devel-4.18.0-80.7.1.el8_0.aarch64.rpm | 127c7ac164f975bc05519b26d375080fafb46f430d95513bf46b7e4ce4d2cb1c | - | ol8_aarch64_codeready_builder | |
| Oracle Linux 8 (x86_64) | kernel-4.18.0-80.7.1.el8_0.src.rpm | ef30813335b1b52febfe780d14f0b18a8cf65e11459d1ba87c68535df17d562f | - | ol8_x86_64_baseos_latest |
| kernel-4.18.0-80.7.1.el8_0.src.rpm | ef30813335b1b52febfe780d14f0b18a8cf65e11459d1ba87c68535df17d562f | - | ol8_x86_64_codeready_builder | |
| kernel-4.18.0-80.7.1.el8_0.src.rpm | ef30813335b1b52febfe780d14f0b18a8cf65e11459d1ba87c68535df17d562f | - | ol8_x86_64_u0_baseos_patch | |
| bpftool-4.18.0-80.7.1.el8_0.x86_64.rpm | 6d6f054c3e6a9bfed1f311763a811efae408264a07e24276ccae31e718b75f16 | - | ol8_x86_64_baseos_latest | |
| bpftool-4.18.0-80.7.1.el8_0.x86_64.rpm | 6d6f054c3e6a9bfed1f311763a811efae408264a07e24276ccae31e718b75f16 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-4.18.0-80.7.1.el8_0.x86_64.rpm | 52b406dc9e1b3237654fd011d0b28f2cafb97e91bdbc4e91db31275be328a0ef | - | ol8_x86_64_baseos_latest | |
| kernel-4.18.0-80.7.1.el8_0.x86_64.rpm | 52b406dc9e1b3237654fd011d0b28f2cafb97e91bdbc4e91db31275be328a0ef | - | ol8_x86_64_u0_baseos_patch | |
| kernel-abi-whitelists-4.18.0-80.7.1.el8_0.noarch.rpm | 7f13c4d451cc15261e140f968ebb5e19a5549316d7b46871fe4eb41f392a3309 | - | ol8_x86_64_baseos_latest | |
| kernel-abi-whitelists-4.18.0-80.7.1.el8_0.noarch.rpm | 7f13c4d451cc15261e140f968ebb5e19a5549316d7b46871fe4eb41f392a3309 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-core-4.18.0-80.7.1.el8_0.x86_64.rpm | d0d93323ab034e36ca7edb4353c0a48f94dd182e60a4c666f9b1cbc81aa1aee1 | - | ol8_x86_64_baseos_latest | |
| kernel-core-4.18.0-80.7.1.el8_0.x86_64.rpm | d0d93323ab034e36ca7edb4353c0a48f94dd182e60a4c666f9b1cbc81aa1aee1 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-cross-headers-4.18.0-80.7.1.el8_0.x86_64.rpm | d698e4548e28febb229db6efe00aeb71be7a7f20f4000ae8405faacf37cffa18 | - | ol8_x86_64_baseos_latest | |
| kernel-cross-headers-4.18.0-80.7.1.el8_0.x86_64.rpm | d698e4548e28febb229db6efe00aeb71be7a7f20f4000ae8405faacf37cffa18 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-debug-4.18.0-80.7.1.el8_0.x86_64.rpm | 6ac70ce54cef8fd3a597670ea53a9ca5e0ebb7a73d4ff44207e75515c7bb9c6b | - | ol8_x86_64_baseos_latest | |
| kernel-debug-4.18.0-80.7.1.el8_0.x86_64.rpm | 6ac70ce54cef8fd3a597670ea53a9ca5e0ebb7a73d4ff44207e75515c7bb9c6b | - | ol8_x86_64_u0_baseos_patch | |
| kernel-debug-core-4.18.0-80.7.1.el8_0.x86_64.rpm | 4a4fc74d4b998160fd0d74ae6708a1648075d9371d8e719e6b0dd72e71750591 | - | ol8_x86_64_baseos_latest | |
| kernel-debug-core-4.18.0-80.7.1.el8_0.x86_64.rpm | 4a4fc74d4b998160fd0d74ae6708a1648075d9371d8e719e6b0dd72e71750591 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-debug-devel-4.18.0-80.7.1.el8_0.x86_64.rpm | 7a391dc242a414e15265d39135722e3a22bc8f4887b14dbf9ccbed41befc0252 | - | ol8_x86_64_baseos_latest | |
| kernel-debug-devel-4.18.0-80.7.1.el8_0.x86_64.rpm | 7a391dc242a414e15265d39135722e3a22bc8f4887b14dbf9ccbed41befc0252 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-debug-modules-4.18.0-80.7.1.el8_0.x86_64.rpm | 7343ab21bfd10973616ef13bb917ba1185e20270d242b4c1b4993400cbfb1801 | - | ol8_x86_64_baseos_latest | |
| kernel-debug-modules-4.18.0-80.7.1.el8_0.x86_64.rpm | 7343ab21bfd10973616ef13bb917ba1185e20270d242b4c1b4993400cbfb1801 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-debug-modules-extra-4.18.0-80.7.1.el8_0.x86_64.rpm | 0232625c18dad21d3b0a27cbe4553ef19735d679c73771bc8dbd080fbbdefa67 | - | ol8_x86_64_baseos_latest | |
| kernel-debug-modules-extra-4.18.0-80.7.1.el8_0.x86_64.rpm | 0232625c18dad21d3b0a27cbe4553ef19735d679c73771bc8dbd080fbbdefa67 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-devel-4.18.0-80.7.1.el8_0.x86_64.rpm | db7850c632ad881f445109878c0ccd7824f755139cb3de8bdad857424e16e0e5 | - | ol8_x86_64_baseos_latest | |
| kernel-devel-4.18.0-80.7.1.el8_0.x86_64.rpm | db7850c632ad881f445109878c0ccd7824f755139cb3de8bdad857424e16e0e5 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-doc-4.18.0-80.7.1.el8_0.noarch.rpm | 877254d05245d435238888c9716f2b2cf45c38603d153ba794b3066a061260d9 | - | ol8_x86_64_baseos_latest | |
| kernel-doc-4.18.0-80.7.1.el8_0.noarch.rpm | 877254d05245d435238888c9716f2b2cf45c38603d153ba794b3066a061260d9 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-headers-4.18.0-80.7.1.el8_0.x86_64.rpm | 2f060c164b99b62dbede3f4f528ff2169b2410c2b7e93306ea1cf0a4dfa3d89a | - | ol8_x86_64_baseos_latest | |
| kernel-headers-4.18.0-80.7.1.el8_0.x86_64.rpm | 2f060c164b99b62dbede3f4f528ff2169b2410c2b7e93306ea1cf0a4dfa3d89a | - | ol8_x86_64_u0_baseos_patch | |
| kernel-modules-4.18.0-80.7.1.el8_0.x86_64.rpm | f252b5faa00ec52abe1d0c0d5859458f5f2391e77313bae0cc1cb13a39efd87f | - | ol8_x86_64_baseos_latest | |
| kernel-modules-4.18.0-80.7.1.el8_0.x86_64.rpm | f252b5faa00ec52abe1d0c0d5859458f5f2391e77313bae0cc1cb13a39efd87f | - | ol8_x86_64_u0_baseos_patch | |
| kernel-modules-extra-4.18.0-80.7.1.el8_0.x86_64.rpm | 7409d7fa9f74a08a3f8991b806d26de693a4ce86a2ca2cf483eeeb662daf57cc | - | ol8_x86_64_baseos_latest | |
| kernel-modules-extra-4.18.0-80.7.1.el8_0.x86_64.rpm | 7409d7fa9f74a08a3f8991b806d26de693a4ce86a2ca2cf483eeeb662daf57cc | - | ol8_x86_64_u0_baseos_patch | |
| kernel-tools-4.18.0-80.7.1.el8_0.x86_64.rpm | e9adfbab7b5de43a32508922f0fadeefa245edfe1969bf77187b58fea4185f35 | - | ol8_x86_64_baseos_latest | |
| kernel-tools-4.18.0-80.7.1.el8_0.x86_64.rpm | e9adfbab7b5de43a32508922f0fadeefa245edfe1969bf77187b58fea4185f35 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-tools-libs-4.18.0-80.7.1.el8_0.x86_64.rpm | b205bd7980861722a8318b2a20aea614d7fbc0fac5fa50bab3ab66eca9db5e84 | - | ol8_x86_64_baseos_latest | |
| kernel-tools-libs-4.18.0-80.7.1.el8_0.x86_64.rpm | b205bd7980861722a8318b2a20aea614d7fbc0fac5fa50bab3ab66eca9db5e84 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-tools-libs-devel-4.18.0-80.7.1.el8_0.x86_64.rpm | cc7c3edd263b118102e6328d1419cd8c564485326c9abb528ea1b07596932dfe | - | ol8_x86_64_codeready_builder | |
| perf-4.18.0-80.7.1.el8_0.x86_64.rpm | e06b5d45fa8e8c5c7ee23ea761125eb42c1e6b9b61a27d05ba36c5106332742a | - | ol8_x86_64_baseos_latest | |
| perf-4.18.0-80.7.1.el8_0.x86_64.rpm | e06b5d45fa8e8c5c7ee23ea761125eb42c1e6b9b61a27d05ba36c5106332742a | - | ol8_x86_64_u0_baseos_patch | |
| python3-perf-4.18.0-80.7.1.el8_0.x86_64.rpm | 1b643f1a7e4cc32b1af62633367a90f646fc4c67240751a0ffbe1fac8d26222c | - | ol8_x86_64_baseos_latest | |
| python3-perf-4.18.0-80.7.1.el8_0.x86_64.rpm | 1b643f1a7e4cc32b1af62633367a90f646fc4c67240751a0ffbe1fac8d26222c | - | ol8_x86_64_u0_baseos_patch | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
