OVMSA-2019-0009 - Unbreakable Enterprise kernel security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2019-03-12 |
Description
[4.1.12-124.26.1]
- NFS: commit direct writes even if they fail partially (J. Bruce Fields) [Orabug: 28212440]
- rds: update correct congestion map for loopback transport (Mukesh Kacker) [Orabug: 29175685]
- ext4: only look at the bg_flags field if it is valid (Theodore Tso) [Orabug: 29316684] {CVE-2018-10876} {CVE-2018-10876}
- uek-rpm: Add kernel-uek version to kernel-ueknano provides (Somasundaram Krishnasamy) [Orabug: 29357643]
- net: Set sk_prot_creator when cloning sockets to the right proto (Christoph Paasch) [Orabug: 29422739] {CVE-2018-9568}
- ext4: always check block group bounds in ext4_init_block_bitmap() (Theodore Tso) [Orabug: 29428607] {CVE-2018-10878}
- ext4: make sure bitmaps and the inode table dont overlap with bg descriptors (Theodore Tso) [Orabug: 29428607] {CVE-2018-10878}
- vfs: Add sb_rdonly(sb) to query the MS_RDONLY flag on s_flags (David Howells) [Orabug: 29428607] {CVE-2018-10878}
- iscsi: Capture iscsi debug messages using tracepoints (Fred Herard) [Orabug: 29429855]
[4.1.12-124.25.4]
- KEYS: add missing permission check for request_key() destination (Eric Biggers) [Orabug: 29304551] {CVE-2017-17807}
- KEYS: Dont permit request_key() to construct a new keyring (David Howells) [Orabug: 29304551] {CVE-2017-17807}
- mlx4_ib: Distribute completion vectors when zero is supplied (Hakon Bugge) [Orabug: 29318191]
- bnxt_en: Fix TX timeout during netpoll. (Michael Chan) [Orabug: 29357977]
- bnxt_en: Fix for system hang if request_irq fails (Vikas Gupta) [Orabug: 29357977]
- bnxt_en: Fix firmware message delay loop regression. (Michael Chan) [Orabug: 29357977]
- bnxt_en: reduce timeout on initial HWRM calls (Andy Gospodarek) [Orabug: 29357977]
- bnxt_en: Fix NULL pointer dereference at bnxt_free_irq(). (Michael Chan) [Orabug: 29357977]
- bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa(). (Michael Chan) [Orabug: 29357977]
- bnxt_en: Do not modify max IRQ count after RDMA driver requests/frees IRQs. (Michael Chan) [Orabug: 29357977]
- mm: cleancache: fix corruption on missed inode invalidation (Pavel Tikhomirov) [Orabug: 29364670] {CVE-2018-16862}
- l2tp: fix reading optional fields of L2TPv3 (Jacob Wen) [Orabug: 29368048]
- net/packet: fix a race in packet_bind() and packet_notifier() (Eric Dumazet) [Orabug: 29385593] {CVE-2018-18559}
- ext4: verify the depth of extent tree in ext4_find_extent() (Theodore Tso) [Orabug: 29396712] {CVE-2018-10877} {CVE-2018-10877}
[4.1.12-124.25.3]
- blk-mq: Do not invoke .queue_rq() for a stopped queue (Bart Van Assche) [Orabug: 28766011]
- uek-rpm: use multi-threaded xz compression for rpms (Alexander Burmashev) [Orabug: 29323635]
- uek-rpm: optimize find-requires usage (Alexander Burmashev) [Orabug: 29323635]
- find-debuginfo.sh: backport parallel files procession (Alexander Burmashev) [Orabug: 29323635]
- KVM: SVM: Add MSR-based feature support for serializing LFENCE (Tom Lendacky) [Orabug: 29335274]
[4.1.12-124.25.2]
- Enable RANDOMIZE_BASE (John Haxby) [Orabug: 29305587]
- slub: make ->cpu_partial unsigned (Alexey Dobriyan) [Orabug: 28620592]
- dtrace: support kernels built with RANDOMIZE_BASE (Kris Van Hees) [Orabug: 29204005]
Related CVEs
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
|
| Oracle VM 3.4 (x86_64) | kernel-uek-4.1.12-124.26.1.el6uek.src.rpm | b0baa4c3b9204fbc8536335350a9b85d5d7fc1cec21c53f4769e4e1de47e5acf | OVMSA-2025-0001 | ovm34_x86_64_latest |
| kernel-uek-4.1.12-124.26.1.el6uek.x86_64.rpm | ffc0d337702a2cde0e7c1d7fc85e4bb82f428da46dcb599fde2cfb143e69338b | OVMSA-2025-0001 | ovm34_x86_64_latest |
| kernel-uek-firmware-4.1.12-124.26.1.el6uek.noarch.rpm | 29eaab65067edec485c43bd726943da02686dce6d309b1e7ed1cb0d1f27a9127 | OVMSA-2025-0001 | ovm34_x86_64_latest |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
