ELSA-2019-4256

ELSA-2019-4256 - kernel security and bug fix update

Type:SECURITY
Severity:IMPORTANT
Release Date:2019-12-18

Description


[2.6.32-754.25.1.OL6]
- Update genkey [Orabug: 25599697]

[2.6.32-754.25.1]
- [kvm] KVM: VMX: Set VMENTER_L1D_FLUSH_NOT_REQUIRED if !X86_BUG_L1TF (Waiman Long) [1733760]
- [virt] KVM: coalesced_mmio: add bounds checking (Bandan Das) [1746799] {CVE-2019-14821}
- [virt] KVM: MMIO: Lock coalesced device when checking for available entry (Bandan Das) [1746799] {CVE-2019-14821}
- [scsi] scsi: bnx2fc: Handle scope bits when array returns BUSY or TSF (Nilesh Javali) [1749512]
- [scsi] scsi: bnx2fc: remove set but not used variables 'task', 'port', 'orig_task' (Nilesh Javali) [1749512]
- [scsi] scsi: bnx2fc: remove set but not used variables 'lport', 'host' (Nilesh Javali) [1749512]
- [security] KEYS: prevent creating a different user's keyrings (David Howells) [1537371]
- [documentation] Documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1692385] {CVE-2018-12207}
- [kvm] KVM: introduce no_huge_pages module parameter (Paolo Bonzini) [1692385] {CVE-2018-12207}
- [x86] x86: Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1692385] {CVE-2018-12207}
- [x86] x86/spec_ctrl/taa: Enable TAA status change after late microcode (Waiman Long) [1766531] {CVE-2019-11135}
- [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135}
- [base] x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135}
- [x86] x86/speculation/taa: Add mitigation for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135}
- [x86] x86/cpu: Add a helper function x86_read_arch_cap_msr() (Waiman Long) [1766531] {CVE-2019-11135}
- [x86] x86/msr: Add the IA32_TSX_CTRL MSR (Waiman Long) [1766531] {CVE-2019-11135}
- [drm] drm/i915/cmdparser: Fix jump whitelist clearing (Denys Vlasenko) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1756824] {CVE-2019-0154}
- [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1756824] {CVE-2019-0154}
- [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915/gtt: Disable read-only support under GVT (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] erm/i915/gtt: Read-only pages for insert_entries on bdw+ (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915/gtt: Add read only pages to gen8_pte_encode (Dave Airlie) [1756891] {CVE-2019-0155}


Related CVEs


CVE-2019-14821

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 6 (i386) kernel-2.6.32-754.25.1.el6.src.rpm82d99b19bc6c988ec9cf01e7c34f33a4-
kernel-2.6.32-754.25.1.el6.i686.rpmc90ade44fab2679fd22fdccefa6dd60c-
kernel-abi-whitelists-2.6.32-754.25.1.el6.noarch.rpm05a1e466659039f8fd48fc03292bcaf4-
kernel-debug-2.6.32-754.25.1.el6.i686.rpm0d0a9e71049af432f9fb36635c84a9ac-
kernel-debug-devel-2.6.32-754.25.1.el6.i686.rpm4a9613a33ffda783afc13380af54d92c-
kernel-devel-2.6.32-754.25.1.el6.i686.rpm2cff5d60385442979f52fbaa51dbf9df-
kernel-doc-2.6.32-754.25.1.el6.noarch.rpm49d585614d2c44d393fe9a299d0f043f-
kernel-firmware-2.6.32-754.25.1.el6.noarch.rpm4fe5e47403182407cf81badd80475c94-
kernel-headers-2.6.32-754.25.1.el6.i686.rpm2fae8bc008714dab3e3e55aa1b732499-
perf-2.6.32-754.25.1.el6.i686.rpme04f475bee2b48e562db2f5f0c8605db-
python-perf-2.6.32-754.25.1.el6.i686.rpm89636eaa952cb01a8cb3f847c0708fb2-
Oracle Linux 6 (x86_64) kernel-2.6.32-754.25.1.el6.src.rpm82d99b19bc6c988ec9cf01e7c34f33a4-
kernel-2.6.32-754.25.1.el6.x86_64.rpm39bd74f5e4665bc9291194b326e6b0c0-
kernel-abi-whitelists-2.6.32-754.25.1.el6.noarch.rpm05a1e466659039f8fd48fc03292bcaf4-
kernel-debug-2.6.32-754.25.1.el6.x86_64.rpmdd9aabf3a0f36f2b6b7c4b4aae347c79-
kernel-debug-devel-2.6.32-754.25.1.el6.i686.rpm4a9613a33ffda783afc13380af54d92c-
kernel-debug-devel-2.6.32-754.25.1.el6.x86_64.rpmb4b904203317136077bf090fea55743d-
kernel-devel-2.6.32-754.25.1.el6.x86_64.rpmfbb5da685b2ff4da7e789a9f1f8a15e4-
kernel-doc-2.6.32-754.25.1.el6.noarch.rpm49d585614d2c44d393fe9a299d0f043f-
kernel-firmware-2.6.32-754.25.1.el6.noarch.rpm4fe5e47403182407cf81badd80475c94-
kernel-headers-2.6.32-754.25.1.el6.x86_64.rpm4c3f4e608726286707e1ef2469849d87-
perf-2.6.32-754.25.1.el6.x86_64.rpmeb37e83959343c5f42882644764864ba-
python-perf-2.6.32-754.25.1.el6.x86_64.rpmcfc60715001fdfd281574f2af311b8c8-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete