ELSA-2020-5845

ELSA-2020-5845 - Unbreakable Enterprise kernel security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2020-09-11

Description


[4.14.35-1902.306.2]
- rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783150]
- sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices (Dave Chiluk) [Orabug: 31350999] {CVE-2019-19922}
- sched/fair: Fix throttle_list starvation with low CFS quota (Phil Auld) [Orabug: 31350999] {CVE-2019-19922}
- sched/fair: Fix bandwidth timer clock drift condition (Xunlei Pang) [Orabug: 31350999] {CVE-2019-19922}
- btrfs: tree-checker: Verify block_group_item (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: tree-check: reduce stack consumption in check_dir_item (David Sterba) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: tree-checker: use %zu format string for size_t (Arnd Bergmann) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: tree-checker: Add checker for dir item (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: tree-checker: Fix false panic for sanity test (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: tree-checker: Enhance btrfs_check_node output (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: Move leaf and node validation checker to tree-checker.c (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: Add checker for EXTENT_CSUM (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: Add sanity check for EXTENT_DATA when reading out leaf (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: Check if item pointer overlaps with the item itself (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: Refactor check_leaf function for later expansion (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- RDMA/cm: Fix missing RDMA_CM_EVENT_REJECTED event after receiving REJ message (Leon Romanovsky) [Orabug: 31784659]
- nfsd: apply umask on fs without ACL support (J. Bruce Fields) [Orabug: 31779888] {CVE-2020-24394}
- Reverts 'rds: avoid unnecessary cong_update in loop transport' (Iraimani Pavadai) [Orabug: 31741325]
- sctp: implement memory accounting on tx path (Xin Long) [Orabug: 31351959] {CVE-2019-3874}
- vhost_net: fix possible infinite loop (Jason Wang) [Orabug: 31351949] {CVE-2019-3900} {CVE-2019-3900}
- vhost: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 31351949] {CVE-2019-3900}
- vhost_net: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 31351949] {CVE-2019-3900}
- vhost_net: use packet weight for rx handler, too (Paolo Abeni) [Orabug: 31351949] {CVE-2019-3900}
- vhost-net: set packet weight of tx polling to 2 * vq size (haibinzhang() [Orabug: 31351949] {CVE-2019-3900}
- repair kABI breakage from 'fs: prevent page refcount overflow in pipe_buf_get' (Dan Duval) [Orabug: 31351940] {CVE-2019-11487}
- fs: prevent page refcount overflow in pipe_buf_get (Matthew Wilcox) [Orabug: 31351940] {CVE-2019-11487}
- mm: add 'try_get_page()' helper function (Linus Torvalds) [Orabug: 31351940] {CVE-2019-11487}
- mm: prevent get_user_pages() from overflowing page refcount (Linus Torvalds) [Orabug: 31351940] {CVE-2019-11487}
- mm: make page ref count overflow check tighter and more explicit (Linus Torvalds) [Orabug: 31351940] {CVE-2019-11487}
- tracing: Fix buffer_ref pipe ops (Jann Horn) [Orabug: 31351940] {CVE-2019-11487}
- RDMA/cm: Protect access to remote_sidr_table (Maor Gottlieb) [Orabug: 31784892]
- net/rds: rds_ib_remove_one() needs to wait (Ka-Cheong Poon) [Orabug: 31794612]
- uek-rpm: Disable secureboot signing for OL7 aarch64 (Somasundaram Krishnasamy) [Orabug: 31793663]


Related CVEs


CVE-2019-19535
CVE-2019-17133
CVE-2020-12771
CVE-2019-15218
CVE-2019-19052
CVE-2019-19063
CVE-2019-19078
CVE-2020-10767
CVE-2019-10639
CVE-2020-10781
CVE-2019-10638
CVE-2019-19066
CVE-2019-3874
CVE-2019-5108
CVE-2020-16166
CVE-2019-20812
CVE-2019-3900
CVE-2019-11487
CVE-2019-19074
CVE-2020-14331
CVE-2019-16746
CVE-2018-14613
CVE-2020-12114
CVE-2019-14898
CVE-2019-19922
CVE-2020-24394
CVE-2020-10751
CVE-2019-19073
CVE-2020-10769
CVE-2018-16884
CVE-2019-17075
CVE-2019-18885

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) kernel-uek-4.14.35-1902.306.2.el7uek.src.rpm50f6d525b7dd5a00c71a5d0e5b392278ELSA-2020-5884
kernel-uek-4.14.35-1902.306.2.el7uek.aarch64.rpmaceccb6892a302b45344fcf2bb34b5fbELSA-2020-5884
kernel-uek-debug-4.14.35-1902.306.2.el7uek.aarch64.rpmcd2fad03abe35de07f57b6f72ea4e529ELSA-2020-5884
kernel-uek-debug-devel-4.14.35-1902.306.2.el7uek.aarch64.rpmb9d8e528f2de483c25bc2e02bd9bdae4ELSA-2020-5884
kernel-uek-devel-4.14.35-1902.306.2.el7uek.aarch64.rpm0fc63bff627e8d58c250dc97ef49ec19ELSA-2020-5884
kernel-uek-headers-4.14.35-1902.306.2.el7uek.aarch64.rpm5f164fd34e3df128b4baa48a1ac94df2ELSA-2020-5885
kernel-uek-tools-4.14.35-1902.306.2.el7uek.aarch64.rpm0e43f323740cd6e373e82b00a63bfe20ELSA-2020-5884
kernel-uek-tools-libs-4.14.35-1902.306.2.el7uek.aarch64.rpm307f46c43ae83a6c151c43da73242492ELSA-2020-5884
kernel-uek-tools-libs-devel-4.14.35-1902.306.2.el7uek.aarch64.rpmaed8aad63aa3bdff8b39ad12530b5550ELSA-2020-5885
perf-4.14.35-1902.306.2.el7uek.aarch64.rpm9215e343133976dc6378bae2b1fd62b4ELSA-2020-5884
python-perf-4.14.35-1902.306.2.el7uek.aarch64.rpm8f034951e042c0aa36ead77948dea739ELSA-2020-5884
Oracle Linux 7 (x86_64) kernel-uek-4.14.35-1902.306.2.el7uek.src.rpm50f6d525b7dd5a00c71a5d0e5b392278ELSA-2020-5884
kernel-uek-4.14.35-1902.306.2.el7uek.x86_64.rpma5a9de721c5618364d72e868ec0c4c1aELSA-2020-5884
kernel-uek-debug-4.14.35-1902.306.2.el7uek.x86_64.rpm6a776bec635c164ee5c3d88753c917a4ELSA-2020-5884
kernel-uek-debug-devel-4.14.35-1902.306.2.el7uek.x86_64.rpma29ac6ba766c0319d5733fe7b963d4e8ELSA-2020-5884
kernel-uek-devel-4.14.35-1902.306.2.el7uek.x86_64.rpm6c07c315df88e86c9c2165bc3da5520dELSA-2020-5884
kernel-uek-doc-4.14.35-1902.306.2.el7uek.noarch.rpm0142eae1ec762962722872df4b2d939aELSA-2020-5884
kernel-uek-tools-4.14.35-1902.306.2.el7uek.x86_64.rpme2eb104e2c58eb94d4ba97317236a22fELSA-2020-5884



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete