OVMSA-2020-0041 - Unbreakable Enterprise kernel security update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2020-09-03 |
Description
[4.1.12-124.42.3]
- can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351221] {CVE-2019-19535}
- media: hdpvr: Fix an error handling path in hdpvr_probe() (Arvind Yadav) [Orabug: 31352053] {CVE-2017-16644}
- fs/binfmt_misc.c: do not allow offset overflow (Thadeu Lima de Souza Cascardo) [Orabug: 31588258]
- clear inode and truncate pages before enqueuing for async inactivation (Gautham Ananthakrishna) [Orabug: 31744270]
[4.1.12-124.42.2]
- mm: create alloc_last_chance debugfs entries (Mike Kravetz) [Orabug: 31295499]
- mm: perform 'last chance' reclaim efforts before allocation failure (Mike Kravetz) [Orabug: 31295499]
- mm: let page allocation slowpath retry 'order' times (Mike Kravetz) [Orabug: 31295499]
- fix kABI breakage from 'netns: provide pure entropy for net_hash_mix()' (Dan Duval) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639}
- netns: provide pure entropy for net_hash_mix() (Eric Dumazet) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639}
- hrtimer: Annotate lockless access to timer->base (Eric Dumazet) [Orabug: 31380495]
- rds: ib: Revert 'net/rds: Avoid stalled connection due to CM REQ retries' (Hakon Bugge) [Orabug: 31648141]
- rds: Clear reconnect pending bit (Hakon Bugge) [Orabug: 31648141]
- RDMA/netlink: Do not always generate an ACK for some netlink operations (Hakon Bugge) [Orabug: 31666975]
- genirq/proc: Return proper error code when irq_set_affinity() fails (Wen Yaxng) [Orabug: 31723450]
[4.1.12-124.42.1]
- fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Alexander Potapenko) [Orabug: 31350639] {CVE-2020-10732}
- crypto: user - fix memory leak in crypto_report (Navid Emamdoost) [Orabug: 31351640] {CVE-2019-19062}
- of: unittest: fix memory leak in unittest_data_add (Navid Emamdoost) [Orabug: 31351702] {CVE-2019-19049}
- IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi) [Orabug: 31656992]
- net-sysfs: call dev_hold if kobject_init_and_add success (YueHaibing) [Orabug: 31687545] {CVE-2019-20811}
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
| Oracle VM 3.4 (x86_64) | kernel-uek-4.1.12-124.42.3.el6uek.src.rpm | 9882a5d4528381ec1a4d56dd5432fa36 | OVMSA-2021-0016 |
| kernel-uek-4.1.12-124.42.3.el6uek.x86_64.rpm | 071efdb0a8557d288a7cc8eeb0ac4f90 | OVMSA-2021-0016 |
| kernel-uek-firmware-4.1.12-124.42.3.el6uek.noarch.rpm | 01a778f46868b798625df0af4239a61d | OVMSA-2021-0016 |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
