OVMSA-2019-0009

OVMSA-2019-0009 - Unbreakable Enterprise kernel security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2019-03-12

Description


[4.1.12-124.26.1]
- NFS: commit direct writes even if they fail partially (J. Bruce Fields) [Orabug: 28212440]
- rds: update correct congestion map for loopback transport (Mukesh Kacker) [Orabug: 29175685]
- ext4: only look at the bg_flags field if it is valid (Theodore Tso) [Orabug: 29316684] {CVE-2018-10876} {CVE-2018-10876}
- uek-rpm: Add kernel-uek version to kernel-ueknano provides (Somasundaram Krishnasamy) [Orabug: 29357643]
- net: Set sk_prot_creator when cloning sockets to the right proto (Christoph Paasch) [Orabug: 29422739] {CVE-2018-9568}
- ext4: always check block group bounds in ext4_init_block_bitmap() (Theodore Tso) [Orabug: 29428607] {CVE-2018-10878}
- ext4: make sure bitmaps and the inode table dont overlap with bg descriptors (Theodore Tso) [Orabug: 29428607] {CVE-2018-10878}
- vfs: Add sb_rdonly(sb) to query the MS_RDONLY flag on s_flags (David Howells) [Orabug: 29428607] {CVE-2018-10878}
- iscsi: Capture iscsi debug messages using tracepoints (Fred Herard) [Orabug: 29429855]

[4.1.12-124.25.4]
- KEYS: add missing permission check for request_key() destination (Eric Biggers) [Orabug: 29304551] {CVE-2017-17807}
- KEYS: Dont permit request_key() to construct a new keyring (David Howells) [Orabug: 29304551] {CVE-2017-17807}
- mlx4_ib: Distribute completion vectors when zero is supplied (Hakon Bugge) [Orabug: 29318191]
- bnxt_en: Fix TX timeout during netpoll. (Michael Chan) [Orabug: 29357977]
- bnxt_en: Fix for system hang if request_irq fails (Vikas Gupta) [Orabug: 29357977]
- bnxt_en: Fix firmware message delay loop regression. (Michael Chan) [Orabug: 29357977]
- bnxt_en: reduce timeout on initial HWRM calls (Andy Gospodarek) [Orabug: 29357977]
- bnxt_en: Fix NULL pointer dereference at bnxt_free_irq(). (Michael Chan) [Orabug: 29357977]
- bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa(). (Michael Chan) [Orabug: 29357977]
- bnxt_en: Do not modify max IRQ count after RDMA driver requests/frees IRQs. (Michael Chan) [Orabug: 29357977]
- mm: cleancache: fix corruption on missed inode invalidation (Pavel Tikhomirov) [Orabug: 29364670] {CVE-2018-16862}
- l2tp: fix reading optional fields of L2TPv3 (Jacob Wen) [Orabug: 29368048]
- net/packet: fix a race in packet_bind() and packet_notifier() (Eric Dumazet) [Orabug: 29385593] {CVE-2018-18559}
- ext4: verify the depth of extent tree in ext4_find_extent() (Theodore Tso) [Orabug: 29396712] {CVE-2018-10877} {CVE-2018-10877}

[4.1.12-124.25.3]
- blk-mq: Do not invoke .queue_rq() for a stopped queue (Bart Van Assche) [Orabug: 28766011]
- uek-rpm: use multi-threaded xz compression for rpms (Alexander Burmashev) [Orabug: 29323635]
- uek-rpm: optimize find-requires usage (Alexander Burmashev) [Orabug: 29323635]
- find-debuginfo.sh: backport parallel files procession (Alexander Burmashev) [Orabug: 29323635]
- KVM: SVM: Add MSR-based feature support for serializing LFENCE (Tom Lendacky) [Orabug: 29335274]

[4.1.12-124.25.2]
- Enable RANDOMIZE_BASE (John Haxby) [Orabug: 29305587]
- slub: make ->cpu_partial unsigned (Alexey Dobriyan) [Orabug: 28620592]
- dtrace: support kernels built with RANDOMIZE_BASE (Kris Van Hees) [Orabug: 29204005]


Related CVEs


CVE-2018-10878
CVE-2018-18559
CVE-2017-17807
CVE-2018-10876
CVE-2018-9568
CVE-2018-10877
CVE-2018-16862

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle VM 3.4 (x86_64) kernel-uek-4.1.12-124.26.1.el6uek.src.rpma2d8763e5204f129dbc0623bccbfd381OVMSA-2021-0016
kernel-uek-4.1.12-124.26.1.el6uek.x86_64.rpm14f5ccd294ddc6f3d620ded79a94ec24OVMSA-2021-0016
kernel-uek-firmware-4.1.12-124.26.1.el6uek.noarch.rpme4a6270d2cfa5584eae2defaf93b1999OVMSA-2021-0016



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete