ELSA-2020-0339

ELSA-2020-0339 - kernel security and bug fix update

Type:SECURITY
Severity:IMPORTANT
Release Date:2020-02-07

Description


[4.18.0-147.5.1_1.OL8]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]

[4.18.0-147.5.1_1]
- [powerpc] powerpc/shared: Use static key to detect shared processor (Phil Auld) [1781114 1767529]
- [powerpc] powerpc/vcpu: Assume dedicated processors as non-preempt (Phil Auld) [1781114 1767529]

[4.18.0-147.4.1_1]
- [block] blk-mq: apply normal plugging for HDD (Ming Lei) [1782181 1759380]
- [block] blk-mq: honor IO scheduler for multiqueue devices (Ming Lei) [1782181 1759380]
- [block] blk-mq: simplify blk_mq_make_request() (Ming Lei) [1782181 1759380]
- [block] blk-mq: remove blk_mq_put_ctx() (Ming Lei) [1782181 1759380]
- [x86] kvm: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest that lack it (Paolo Bonzini) [1781660 1779553] {CVE-2019-19338}
- [x86] kvm: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality (Paolo Bonzini) [1781660 1779553] {CVE-2019-19338}
- [x86] kvm: x86: implement MSR_IA32_TSX_CTRL effect on CPUID (Paolo Bonzini) [1781660 1779553] {CVE-2019-19338}
- [x86] kvm: x86: do not modify masked bits of shared MSRs (Paolo Bonzini) [1781660 1779553] {CVE-2019-19338}
- [x86] kvm: x86: fix presentation of TSX feature in ARCH_CAPABILITIES (Paolo Bonzini) [1781660 1779553] {CVE-2019-19338}
- [x86] kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Paolo Bonzini) [1781660 1779553] {CVE-2019-19338}
- [fs] cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (Leif Sahlberg) [1778693 1765979]
- [fs] cifs: avoid using MID 0xFFFF (Leif Sahlberg) [1778693 1765979]
- [fs] cifs: Fix retry mid list corruption on reconnects (Leif Sahlberg) [1778693 1765979]
- [fs] smb3: fix unmount hang in open_shroot (Leif Sahlberg) [1781113 1757670]
- [fs] CIFS: fix deadlock in cached root handling (Leif Sahlberg) [1781113 1757670]
- [fs] Fix match_server check to allow for auto dialect negotiate (Leif Sahlberg) [1781113 1757670]
- [fs] SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (Leif Sahlberg) [1781113 1757670]
- [fs] cifs: fix panic in smb2_reconnect (Leif Sahlberg) [1781113 1757670]
- [fs] cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (Leif Sahlberg) [1781113 1757670]
- [fs] smb3: fix signing verification of large reads (Dave Wysochanski) [1781110 1753114]
- [scsi] scsi: lpfc: Fix port relogin failure due to GID_FT interaction (Dick Kennedy) [1781108 1733217]
- [fs] xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (Bill O'Donnell) [1778692 1739607]
- [net] cfg80211: wext: avoid copying malformed SSIDs (Jarod Wilson) [1778633 1778634] {CVE-2019-17133}
- [block] blkcg: perpcu_ref init/exit should be done from blkg_alloc/free() (Ming Lei) [1777766 1741392]
- [fs] userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx (Alex Gladkov) [1777389 1749763] {CVE-2019-14898}
- [netdrv] mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings (Jarod Wilson) [1776618 1775484] {CVE-2019-14814 CVE-2019-14815 CVE-2019-14816}
- [netdrv] mwifiex: fix possible heap overflow in mwifiex_process_country_ie() (Jarod Wilson) [1776209 1776210] {CVE-2019-14895}
- [netdrv] mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() (Jarod Wilson) [1776161 1776162] {CVE-2019-14901}
- [netdrv] rtlwifi: Fix potential overflow on P2P code (Jarod Wilson) [1775222 1775223] {CVE-2019-17666}
- [pci] hv: Avoid use of hv_pci_dev->pci_slot after freeing it (Mohammed Gamal) [1764635 1737569]


Related CVEs


CVE-2019-14814
CVE-2019-14816
CVE-2019-14898
CVE-2019-14895
CVE-2019-17666
CVE-2019-19338
CVE-2019-14901
CVE-2019-14815

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) kernel-4.18.0-147.5.1.el8_1.src.rpma1f057b54fccc8713c16a7b1c5c1a249-
bpftool-4.18.0-147.5.1.el8_1.aarch64.rpmccbf898b8b1cb5e0be6656121badaa59-
kernel-4.18.0-147.5.1.el8_1.aarch64.rpme0f2e758e2fcaf95635a035153b9300a-
kernel-abi-whitelists-4.18.0-147.5.1.el8_1.noarch.rpm4eb7492e8888cdebbc8f97798d70daa5-
kernel-core-4.18.0-147.5.1.el8_1.aarch64.rpmc57ef7d41395223821708665b57727a7-
kernel-cross-headers-4.18.0-147.5.1.el8_1.aarch64.rpmda1c977f0622f72c6509584102696884-
kernel-debug-4.18.0-147.5.1.el8_1.aarch64.rpm104dfb502dbf4d991e4afe26ed131692-
kernel-debug-core-4.18.0-147.5.1.el8_1.aarch64.rpmec0da5c15f0f160e1c0f4c061db22263-
kernel-debug-devel-4.18.0-147.5.1.el8_1.aarch64.rpmedb6217c31556812984fdcd817efce2c-
kernel-debug-modules-4.18.0-147.5.1.el8_1.aarch64.rpm067ea4e4aed64877823381ee446e1fe6-
kernel-debug-modules-extra-4.18.0-147.5.1.el8_1.aarch64.rpmc4f1b1a3e97c418c4193e9f49cdc74b2-
kernel-devel-4.18.0-147.5.1.el8_1.aarch64.rpm0c0238f1a99c44f774138af1695edd20-
kernel-doc-4.18.0-147.5.1.el8_1.noarch.rpm679f4bb50fc98797e612741a8a147348-
kernel-headers-4.18.0-147.5.1.el8_1.aarch64.rpm0125417d60246df839d072580c9ef0fc-
kernel-modules-4.18.0-147.5.1.el8_1.aarch64.rpm13589de931fb5bf212ad18a9086d4ce1-
kernel-modules-extra-4.18.0-147.5.1.el8_1.aarch64.rpmb778eab15812234661f6f1051d03be80-
kernel-tools-4.18.0-147.5.1.el8_1.aarch64.rpm25ff0bf7d27f24577c7c584c324d8137-
kernel-tools-libs-4.18.0-147.5.1.el8_1.aarch64.rpm9db56313261d220ed16afb4ced2398be-
kernel-tools-libs-devel-4.18.0-147.5.1.el8_1.aarch64.rpmba70ae352a4c0961daee155c5dee6823-
perf-4.18.0-147.5.1.el8_1.aarch64.rpme9e8e70f460e6b849ef376691f661435-
python3-perf-4.18.0-147.5.1.el8_1.aarch64.rpmf3345c8e9a77fd6b2f84e8ccc564e5aa-
Oracle Linux 8 (x86_64) kernel-4.18.0-147.5.1.el8_1.src.rpma1f057b54fccc8713c16a7b1c5c1a249-
bpftool-4.18.0-147.5.1.el8_1.x86_64.rpm5ba5a6bd43983afaa91f88aae238d0b9-
kernel-4.18.0-147.5.1.el8_1.x86_64.rpmeb2a501bd54a11363d23c81562b06179-
kernel-abi-whitelists-4.18.0-147.5.1.el8_1.noarch.rpm4eb7492e8888cdebbc8f97798d70daa5-
kernel-core-4.18.0-147.5.1.el8_1.x86_64.rpm2db86ee1493c8c1da9d2afbe8305ab36-
kernel-cross-headers-4.18.0-147.5.1.el8_1.x86_64.rpmf16c032251559273aefde1d8dbb8e509-
kernel-debug-4.18.0-147.5.1.el8_1.x86_64.rpm4746be225df93a0dca61465950f6baac-
kernel-debug-core-4.18.0-147.5.1.el8_1.x86_64.rpm26e51694d5a8b6ca011c8aea97c8367d-
kernel-debug-devel-4.18.0-147.5.1.el8_1.x86_64.rpmb0d117abf124b19b2689bb8e4f3ea735-
kernel-debug-modules-4.18.0-147.5.1.el8_1.x86_64.rpm8a3cc71e905015fb94a6d25c68ed9f6f-
kernel-debug-modules-extra-4.18.0-147.5.1.el8_1.x86_64.rpmf66571df2eed45b6f5345be11ba730db-
kernel-devel-4.18.0-147.5.1.el8_1.x86_64.rpmd8ee3cb055706b77649c87e911f20bb7-
kernel-doc-4.18.0-147.5.1.el8_1.noarch.rpm679f4bb50fc98797e612741a8a147348-
kernel-headers-4.18.0-147.5.1.el8_1.x86_64.rpmb93399ae9f1c63f079a3dd83c79e542e-
kernel-modules-4.18.0-147.5.1.el8_1.x86_64.rpme15d91e029d9679a768763de162c89ca-
kernel-modules-extra-4.18.0-147.5.1.el8_1.x86_64.rpmd79da52c0412ce9e75641c843e6aa825-
kernel-tools-4.18.0-147.5.1.el8_1.x86_64.rpm3df3b892af0cbf4729eecba05357da0a-
kernel-tools-libs-4.18.0-147.5.1.el8_1.x86_64.rpm271abad77849e197a25935b2051de02d-
kernel-tools-libs-devel-4.18.0-147.5.1.el8_1.x86_64.rpm3e82cf43295cd1ac4d082ff87ecb3aa2-
perf-4.18.0-147.5.1.el8_1.x86_64.rpm108c314976f42721008685c80723cc59-
python3-perf-4.18.0-147.5.1.el8_1.x86_64.rpm5e7c2fdfb87ea65bd41e15b08c4dcafe-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete