Oracle Errata System Oracle Linux 5.11 2024-09-21T18:48:17 Oracle Linux 7 [68.4.1-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [68.4.1-1] - Update to 68.4.1esr build1 - Update to 68.4.0esr build1 - Fix for wrong intl.accept_lang when using non en-us langpack CRITICAL Copyright 2020 Oracle, Inc. CVE-2019-17024 CVE-2019-17022 CVE-2019-17016 CVE-2019-17017 CVE-2019-17026 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 6 [68.4.1-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build CRITICAL Copyright 2020 Oracle, Inc. CVE-2019-17024 CVE-2019-17026 CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 8 [68.4.1-1.0.1.el8_1] - Rebuild to pickup Oracle default bookmarks [Orabug: 30069264] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Remove upstream references [Orabug: 30530527] [68.4.1-1] - Update to 68.4.1esr build1 - Update to 68.4.0esr build1 - Fix for wrong intl.accept_lang when using non en-us langpack CRITICAL Copyright 2020 Oracle, Inc. CVE-2019-17022 CVE-2019-17016 CVE-2019-17017 CVE-2019-17024 CVE-2019-17026 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [68.4.1-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.4.1-2] - Update to 68.4.1 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17022 CVE-2019-17024 CVE-2019-17016 CVE-2019-17017 CVE-2019-17026 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1:11.0.6.10-1.0.1] - link atomic for ix86 build [1:11.0.6.10-1] - Add JDK-8236039 backport to resolve OpenShift blocker - Resolves: rhbz#1785753 [1:11.0.6.10-0] - Update to shenandoah-jdk-11.0.6+10 (GA) - Switch to GA mode for final release. - Resolves: rhbz#1785753 [1:11.0.6.1-0.1.ea] - Update to shenandoah-jdk-11.0.6+1 (EA) - Switch to EA mode for 11.0.6 pre-release builds. - Add support for jfr binary. - Resolves: rhbz#1785753 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2604 CVE-2020-2655 CVE-2020-2654 CVE-2020-2583 CVE-2020-2590 CVE-2020-2601 CVE-2020-2593 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 6 [68.4.1-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.4.1-2] - Update to 68.4.1 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17017 CVE-2019-17024 CVE-2019-17026 CVE-2019-17016 CVE-2019-17022 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [1.8.3.1-21] - Fix CVE-2019-1387 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-1387 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 8 [68.4.1-2.0.1.el8_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.4.1-2] - Update to 68.4.1 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17022 CVE-2019-17017 CVE-2019-17016 CVE-2019-17026 CVE-2019-17024 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1:11.0.6.10-1] - Update to shenandoah-jdk-11.0.6+10 (GA) - Switch to GA mode for final release. - Add JDK-8236039 backport to resolve OpenShift blocker - Resolves: rhbz#1785753 [1:11.0.6.1-0.0.ea] - Update to shenandoah-jdk-11.0.6+1 (EA) - Switch to EA mode for 11.0.6 pre-release builds. - Add support for jfr binary. - Drop JDK-8230923 now applied upstream. - Resolves: rhbz#1785753 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2583 CVE-2020-2655 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [102-2.0.1.el8_1] - support OL release scheme [3.0.102-2] - Fix prebuilts leaking into the final build - Fix regressions in binary hardering - Resolves: RHBZ#1788171 [3.0.102-1] - Update to .NET Core Runtime 3.0.2 and SDK 3.0.102 - Resolves: RHBZ#1788171 CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-0602 CVE-2020-0603 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream Oracle Linux 6 [1:1.8.0.242.b07-1] - Add backports of JDK-8031111 & JDK-8132111 to fix TCK issue. - Resolves: rhbz#1785753 [1:1.8.0.242.b07-0] - Update to aarch64-shenandoah-jdk8u242-b07. - Switch to GA mode for final release. - Remove Shenandoah S390 patch which is now included upstream as JDK-8236829. - Resolves: rhbz#1785753 [1:1.8.0.242.b05-0.1.ea] - Update to aarch64-shenandoah-jdk8u242-b05. - Attempt to fix Shenandoah formatting failures on S390, introduced by JDK-8232102. - Revise b05 snapshot to include JDK-8236178. - Add additional Shenandoah formatting fixes revealed by successful -Wno-error=format run - Resolves: rhbz#1785753 [1:1.8.0.242.b01-0.0.ea] - Update to aarch64-shenandoah-jdk8u242-b01. - Switch to EA mode. - Resolves: rhbz#1785753 [1:1.8.0.232.b09-3] - Revert SSBD removal for now, until appropriate messaging has been decided. - Resolves: rhbz#1785753 [1:1.8.0.232.b09-2] - Remove CVE-2018-3639 mitigation due to performance regression and OpenJDK position on speculative execution vulnerabilities. https://mail.openjdk.java.net/pipermail/vuln-announce/2019-July/000002.html - Resolves: rhbz#1785753 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2590 CVE-2020-2604 CVE-2020-2601 CVE-2020-2593 CVE-2020-2659 CVE-2020-2583 CVE-2020-2654 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [1.8.3-15] - Fix CVE-2014-0114 - Fix CVE-2019-10086 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-10086 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [2.5-9.el7_7.1] - Do not eval strings passed to toColor - Resolves: #1788552 [2.5-9] - Mass rebuild 2014-01-24 [2.5-8] - Mass rebuild 2013-12-27 [2.5-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [2.5-6] - Add a dep on python-imaging to process images [2.5-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [2.5-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [2.5-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [2.5-2] - Update to version 2.5 of reportlab. - Remove tabs in specfile. [2.3-3] - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild [2.3-2] - Do not bundle fonts - Point the config to Fedora's font locations [2.3-1] - Updated to 2.3 - New version is no longer noarch. [2.1-6] - Rebuild for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [2.1-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [2.1-4] - Fix locations for Python 2.6 [2.1-3] - Rebuild for Python 2.6 [2.1-2] - Remove luxi font. (#427845) - Add patch to not search for the luxi font. [2.1-1] - Update to 2.1. [2.0-2] - Make docs subpackage. [2.0-1] - Update to 2.0. [1.21.1-2] - Rebuild against new python. [1.21.1-1] - Update to 1.20.1. [1.20-5] - rebuilt for new gcc4.1 snapshot and glibc changes [1.20-4] - Add dist tag. (#176479) [1.20-3.fc4] - Switchback to sitelib patch. - Make package noarch. [1.20-2.fc4] - Use python_sitearch to fix x86_64 build. [1.20-1.fc4] - Rebuild for Python 2.4. - Update to 1.20. - Switch to the new python macros for python-abi - Add dist tag. [0:1.19-0.fdr.2] - Removed ghosts. [0:1.19-0.fdr.1] - Initial Fedora RPM build. IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17626 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1:1.8.0.242.b08-0] - Update to aarch64-shenandoah-jdk8u242-b08. - Remove local copies of JDK-8031111 & JDK-8132111 as replaced by upstream versions. - Resolves: rhbz#1785753 [1:1.8.0.242.b07-1] - Add backports of JDK-8031111 & JDK-8132111 to fix TCK issue. - Resolves: rhbz#1785753 [1:1.8.0.242.b07-0] - Update to aarch64-shenandoah-jdk8u242-b07. - Switch to GA mode for final release. - Remove Shenandoah S390 patch which is now included upstream as JDK-8236829. - Resolves: rhbz#1785753 [1:1.8.0.242.b06-0.0.ea] - Update to aarch64-shenandoah-jdk8u242-b06 (EA) - Resolves: rhbz#1785753 [1:1.8.0.242.b05-0.1.ea] - Update to aarch64-shenandoah-jdk8u242-b05. - Attempt to fix Shenandoah formatting failures on S390, introduced by JDK-8232102. - Revise b05 snapshot to include JDK-8236178. - Add additional Shenandoah formatting fixes revealed by successful -Wno-error=format run - Resolves: rhbz#1785753 [1:1.8.0.242.b02-0.0.ea] - Update to aarch64-shenandoah-jdk8u242-b02. - Resolves: rhbz#1785753 [1:1.8.0.242.b01-0.1.ea] - Revert SSBD removal for now, until appropriate messaging has been decided. - Resolves: rhbz#1785753 [1:1.8.0.242.b01-0.0.ea] - Update to aarch64-shenandoah-jdk8u242-b01. - Switch to EA mode. - Resolves: rhbz#1785753 [1:1.8.0.232.b09-1] - Remove CVE-2018-3639 mitigation due to performance regression and OpenJDK position on speculative execution vulnerabilities. https://mail.openjdk.java.net/pipermail/vuln-announce/2019-July/000002.html - Resolves: rhbz#1785753 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2590 CVE-2020-2604 CVE-2020-2654 CVE-2020-2583 CVE-2020-2659 CVE-2020-2601 CVE-2020-2593 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 6 [2.3-3.el6_10.1] - Do not eval strings passed to toColor - Resolves: #1788551 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17626 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.0.0-4] - Fix a heap-based buffer overflow vulnerability leading to remote code execution, CVE-2019-5544 Resolves: #1788447 CRITICAL Copyright 2020 Oracle, Inc. CVE-2019-5544 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 8 [3.4.0-6.el8_1_0.2] - Fix Requires for doc subpackage - Resolves: #1788556 [3.4.0-6.el8_1_0.1] - Do not eval strings passed to toColor - Resolves: #1788555 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17626 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1:1.8.0.242.b08-0] - Update to aarch64-shenandoah-jdk8u242-b08. - Remove local copies of JDK-8031111 & JDK-8132111 as replaced by upstream versions. - Resolves: rhbz#1785753 [1:1.8.0.242.b07-1] - Add backports of JDK-8031111 & JDK-8132111 to fix TCK issue. - Resolves: rhbz#1785753 [1:1.8.0.242.b07-0] - Update to aarch64-shenandoah-jdk8u242-b07. - Switch to GA mode for final release. - Remove Shenandoah S390 patch which is now included upstream as JDK-8236829. - Resolves: rhbz#1785753 [1:1.8.0.242.b05-0.1.ea] - Update to aarch64-shenandoah-jdk8u242-b05. - Attempt to fix Shenandoah formatting failures on S390, introduced by JDK-8232102. - Revise b05 snapshot to include JDK-8236178. - Add additional Shenandoah formatting fixes revealed by successful -Wno-error=format run - Resolves: rhbz#1785753 [1:1.8.0.242.b01-0.0.ea] - Update to aarch64-shenandoah-jdk8u242-b01. - Switch to EA mode. - Resolves: rhbz#1785753 [1:1.8.0.232.b09-4] - Revert SSBD removal for now, until appropriate messaging has been decided. - Resolves: rhbz#1785753 [1:1.8.0.232.b09-3] - Remove CVE-2018-3639 mitigation due to performance regression and OpenJDK position on speculative execution vulnerabilities. https://mail.openjdk.java.net/pipermail/vuln-announce/2019-July/000002.html - Resolves: rhbz#1785753 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2601 CVE-2020-2659 CVE-2020-2604 CVE-2020-2590 CVE-2020-2593 CVE-2020-2583 CVE-2020-2654 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [3.1.2-14] - Fix patch application error [3.1.2-13] - Fix CVE-2019-18408: RAR use-after-free IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18408 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 7 [3.7.17-8.1] - Fixes for CVE-2019-13734 (#1786505) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-13734 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:linux:7::beta cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 7 [2.3.1-2] - Fix CVE-2020-6851 resolves: #1790586 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6851 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [3.3.2-8] - Fix CVE-2019-18408: RAR use-after-free IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18408 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::codeready_builder cpe:/o:oracle:linux:8:2:baseos_base cpe:/o:oracle:linux:8:1:baseos_patch Oracle Linux 8 [3.26.0-4] - Fixed CVE-2019-13734 (#1786508) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-13734 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:1:baseos_patch Oracle Linux 8 [2.3.1-2] - Fix CVE-2020-6851 (#1790589) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6851 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 hivex libguestfs [1:1.38.4-14.0.1] - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.38.4-14] - v2v: use -T as argument of scp when copying vmx files via ssh resolves: rhbz#1738886 * Fri Jun 28 2019 Danilo de Paula <ddepaula@redhat.com> - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [1:1.38.4-12] - v2v: update nbdkit information in documentation resolves: rhbz#1651115 - v2v: use proper SELinux label for nbdkit sockets resolves: rhbz#1717088 libguestfs-winsupport [8.0-4] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) libiscsi [1.18.0-8] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [1.18.0-7.el8] - libiscsi-redhat-Remove-disable-werror-from-spec-file.patch [bz#1581025] - Resolves: bz#1581025 (Remove --disable-werror from spec file) [-] - libiscsi-fix-connection-to-LUN-with-IPv6-address.patch [bz#1597942] - Resolves: bz#1597942 (Qemu-kvm fails to connect to iscsi LUN by IPV6 address) [1.18.0-5.el8] - libiscsi-iser_rcv_completion-unify-error-handling.patch [bz#1634541] - libiscsi-iser-fix-posting-of-receive-descriptors.patch [bz#1634541] - libiscsi-sync-remove-unnecessary-checks.patch [bz#1634541] - libiscsi-do-not-warn-for-strncpy.patch [bz#1634541] - libiscsi-avoid-fallthrough.patch [bz#1634541] - libiscsi-avoid-truncation-when-logging-message-that-includes-.patch [bz#1634541] - Resolves: bz#1634541 (Fix important coverity issues (libiscsi)) [1.18.0-4.el8] - Fixed a build issue with the latest rdma-core [1.18.0-2] - Fix rdma deps and don't restrict archs - Add --disable-werror to fix gcc8 build (bz #1556044) - Spec file cleanups (bz #1483290) [1.18.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [1.18.0-1] - Rebased to version 1.18.0 - Added patch to fix gcc7 warnings [1.15.0-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1.15.0-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1.15.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [1.15.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.15.0-1] - Rebased to version 1.15.0 - Removed patch 20 as it has been upstreamed - Disabled patch 12 as need for revised one is in question - Updated patch 13 to current tree - New tool iscsi-perf [1.11.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.11.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [1.11.0-1] - Rebased to version 1.11.0 - Most patches removed - New tool iscsi-swp + manpages [1.9.0-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [1.9.0-5] - Rebuild for new libgcrypt [1.9.0-4] - Cleaned up patches 18/19 to match upstream more closely [1.9.0-3] - Improved patch 18 to cover write side too [1.9.0-2] - Add patch 18 to fix QEMU's scsi-generic mode [1.9.0-1] - Rebase to 1.9.0 - Cherry-pick selected patches from upstream [1.7.0-6] - Add patch 5 to silence strict aliasing warnings [1.7.0-5] - Add patch 4 to enable installing of iscsi-test binary [1.7.0-4] - Add patch 2 for FIPS mode - Add patch 3 to avoid segmentation fault on iscsi-tools [1.7.0-3] - Correct license for libiscsi-utils, prefer %global to %define - Add Requires - Remove percent-clean section [1.7.0-2] - Use percent-config for ld.so.conf.d file. [1.7.0-1] - Initial version (bug 914752) libvirt [4.5.0-35.2.0.1.el8] - added librbd1 as dependency (Keshav Sharma) [4.5.0-35.2.el8] - cpu_map: Add TAA_NO bit for IA32_ARCH_CAPABILITIES MSR (CVE-2019-11135) - cpu_map: Add TSX_CTRL bit for IA32_ARCH_CAPABILITIES MSR (CVE-2019-11135) [4.5.0-35.1.el8] - cpu_conf: Pass policy to CPU feature filtering callbacks (rhbz#1775133, rhbz#1775134, rhbz#1775137) - qemuxml2*test: Add tests for Icelake-Server, -pconfig (rhbz#1775133, rhbz#1775134, rhbz#1775137) - qemu: Drop disabled CPU features unknown to QEMU (rhbz#1775133, rhbz#1775134, rhbz#1775137) - cputest: Add data for Ice Lake Server CPU (rhbz#1775133, rhbz#1775134, rhbz#1775137) - cpu_map: Drop pconfig from Icelake-Server CPU model (rhbz#1775133, rhbz#1775134, rhbz#1775137) - qemu: Fix NULL ptr dereference caused by qemuDomainDefFormatBufInternal (rhbz#1775133, rhbz#1775134, rhbz#1775137) [4.5.0-35] - vircgroupv2: fix setting cpu.max period (rhbz#1749227) [4.5.0-34] - vircgroupv2: fix abort in VIR_AUTOFREE (rhbz#1747440) [4.5.0-33] - vircgroupv2: fix parsing multiple values in single file (rhbz#1741825) - vircgroupv2: fix virCgroupV2GetCpuCfsQuota for 'max' value (rhbz#1741837) [4.5.0-32] - virDomainObjListAddLocked: Produce better error message than 'Duplicate key' (rhbz#1737790) - virdbus: Grab a ref as long as the while loop is executed (rhbz#1741900) [4.5.0-31] - virDomainObjListAddLocked: fix double free (rhbz#1728530) - docs: schemas: Decouple the virtio options from each other (rhbz#1729675) - util: command: use VIR_AUTOFREE instead of VIR_FREE for scalar types (rhbz#1721434) - util: command: define cleanup function using VIR_DEFINE_AUTOPTR_FUNC (rhbz#1721434) - util: netdevopenvswitch: use VIR_AUTOFREE instead of VIR_FREE for scalar types (rhbz#1721434) - util: virnetdevopenvswitch: Drop an unused variable @ovs_timeout (rhbz#1721434) - util: netdevopenvswitch: use VIR_AUTOPTR for aggregate types (rhbz#1721434) - util: suppress unimportant ovs-vsctl errors when getting interface stats (rhbz#1721434) - virNetDevOpenvswitchInterfaceStats: Optimize for speed (rhbz#1721434) - test: Introduce virnetdevopenvswitchtest (rhbz#1721434) - vircommand: Separate mass FD closing into a function (rhbz#1721434) - virCommand: use procfs to learn opened FDs (rhbz#1721434) - util: command: Ignore bitmap errors when enumerating file descriptors to close (rhbz#1721434) - util: Avoid possible error in virCommandMassClose (rhbz#1721434) - vircgroup: fix cgroups v2 controllers detection (rhbz#1689297) - vircgroupv2: store enabled controllers (rhbz#1689297) [4.5.0-30] - virWaitForDevices: Drop confusing part of comment (rhbz#1710575) - lib: Drop UDEVSETTLE (rhbz#1710575) - m4: Provide default value fore UDEVADM (rhbz#1710575) - m4: Drop needless string checks (rhbz#1710575) - util: vircgroup: introduce virCgroup(Get|Set)ValueRaw (rhbz#1658890) - util: vircgroup: move virCgroupGetValueStr out of virCgroupGetValueForBlkDev (rhbz#1658890) - util: vircgroupv1: add support for BFQ blkio files (rhbz#1658890) - util: vircgroupv2: add support for BFQ files (rhbz#1658890) - Handle copying bitmaps to larger data buffers (rhbz#1703160) [4.5.0-29] - cpu: allow include files for CPU definition (rhbz#1686895) - cpu: fix cleanup when signature parsing fails (rhbz#1686895) - cpu: push more parsing logic into common code (rhbz#1686895) - cpu: simplify failure cleanup paths (rhbz#1686895) - cpu_map: Add support for arch-capabilities feature (rhbz#1693433) - cputest: Add data for Intel(R) Xeon(R) CPU E5-2630 v4 (rhbz#1686895) - cputest: Add data for Intel(R) Core(TM) i7-7600U (rhbz#1686895) - cputest: Add data for Intel(R) Xeon(R) CPU E7540 (rhbz#1686895) - cputest: Add data for Intel(R) Xeon(R) CPU E5-2650 (rhbz#1686895) - cputest: Add data for Intel(R) Core(TM) i7-8700 (rhbz#1686895) - cpu_x86: Separate ancestor model parsing from x86ModelParse (rhbz#1686895) - cpu_x86: Separate signature parsing from x86ModelParse (rhbz#1686895) - cpu_x86: Separate vendor parsing from x86ModelParse (rhbz#1686895) - cpu_x86: Separate feature list parsing from x86ModelParse (rhbz#1686895) - cpu_x86: Make sure CPU model names are unique in cpu_map (rhbz#1686895) - cpu_x86: Add x86ModelCopySignatures helper (rhbz#1686895) - cpu_x86: Store CPU signature in an array (rhbz#1686895) - cpu_x86: Allow multiple signatures for a CPU model (rhbz#1686895) - cpu_x86: Log decoded CPU model and signatures (rhbz#1686895) - qemu_capabilities: Inroduce virQEMUCapsGetCPUModelX86Data (rhbz#1686895) - qemu_capabilities: Introduce virQEMUCapsGetCPUModelInfo (rhbz#1686895) - qemu_capabilities: Use virQEMUCapsGetCPUModelInfo (rhbz#1686895) - cpu_x86: Add virCPUx86DataGetSignature for tests (rhbz#1686895) - cpu_map: Add hex representation of signatures (rhbz#1686895) - cputest: Test CPU signatures (rhbz#1686895) - cpu_map: Add more signatures for Conroe CPU model (rhbz#1686895) - cpu_map: Add more signatures for Penryn CPU model (rhbz#1686895) - cpu_map: Add more signatures for Nehalem CPU models (rhbz#1686895) - cpu_map: Add more signatures for Westmere CPU model (rhbz#1686895) - cpu_map: Add more signatures for SandyBridge CPU models (rhbz#1686895) - cpu_map: Add more signatures for IvyBridge CPU models (rhbz#1686895) - cpu_map: Add more signatures for Haswell CPU models (rhbz#1686895) - cpu_map: Add more signatures for Broadwell CPU models (rhbz#1686895) - cpu_map: Add more signatures for Skylake-Client CPU models (rhbz#1686895) - cpu: Don't access invalid memory in virCPUx86Translate (rhbz#1686895) - cpu_x86: Require <cpuid> within <feature> in CPU map (rhbz#1697627) - cputest: Add data for Intel(R) Xeon(R) Platinum 8268 CPU (rhbz#1693433) - cpu_map: Add Cascadelake-Server CPU model (rhbz#1693433) - cpu_x86: Introduce virCPUx86DataItem container struct (rhbz#1697627) - cpu_x86: Rename virCPUx86Vendor.cpuid (rhbz#1697627) - cpu_x86: Rename virCPUx86DataItem variables (rhbz#1697627) - cpu_x86: Rename x86DataCpuidNext function (rhbz#1697627) - cpu_x86: Rename x86DataCpuid (rhbz#1697627) - cpu_x86: Rename virCPUx86CPUIDSorter (rhbz#1697627) - cpu_x86: Rename virCPUx86DataAddCPUIDInt (rhbz#1697627) - cpu_x86: Rename virCPUx86DataAddCPUID (rhbz#1697627) - cpu_x86: Rename virCPUx86VendorToCPUID (rhbz#1697627) - cpu_x86: Simplify x86DataAdd (rhbz#1697627) - cpu_x86: Introduce virCPUx86DataCmp (rhbz#1697627) - cpu_x86: Make x86cpuidSetBits more general (rhbz#1697627) - cpu_x86: Make x86cpuidClearBits more general (rhbz#1697627) - cpu_x86: Make x86cpuidAndBits more general (rhbz#1697627) - cpu_x86: Make x86cpuidMatchMasked more general (rhbz#1697627) - cpu_x86: Make x86cpuidMatch more general (rhbz#1697627) - cpu_x86: Store virCPUx86DataItem content in union (rhbz#1697627) - cpu_x86: Add support for storing MSR features in CPU map (rhbz#1697627) - cpu_x86: Move *CheckFeature functions (rhbz#1697627) - cputest: Add support for MSR features to cpu-parse.sh (rhbz#1697627) - util: file: introduce VIR_AUTOCLOSE macro to close fd of the file automatically (rhbz#1697627) - vircpuhost: Add support for reading MSRs (rhbz#1697627) - virhostcpu: Make virHostCPUGetMSR() work only on x86 (rhbz#1697627) - cpu_x86: Fix placement of *CheckFeature functions (rhbz#1697627) - cpu_conf: Introduce virCPUDefFilterFeatures (rhbz#1697627) - qemu_command: Use consistent syntax for CPU features (rhbz#1697627) - tests: Add QEMU caps data for future 4.1.0 (rhbz#1697627) - tests: Add domain capabilities case for QEMU 4.1.0 (rhbz#1697627) - qemuxml2argvtest: Add test for CPU features translation (rhbz#1697627) - qemu: Add APIs for translating CPU features (rhbz#1697627) - qemu: Probe for max-x86_64-cpu type (rhbz#1697627) - qemu: Probe for 'unavailable-features' CPU property (rhbz#1697627) - qemu: Probe host CPU after capabilities (rhbz#1697627) - qemu_command: Use canonical names of CPU features (rhbz#1697627) - qemu: Translate feature names from query-cpu-model-expansion (rhbz#1697627) - qemu: Don't use full CPU model expansion (rhbz#1697627) - qemu: Make qemuMonitorGetGuestCPU usable on x86 only (rhbz#1697627) - cpu: Introduce virCPUDataAddFeature (rhbz#1697627) - qemu: Add type filter to qemuMonitorJSONParsePropsList (rhbz#1697627) - util: string: Introduce macro for automatic string lists (rhbz#1697627) - util: json: define cleanup function using VIR_DEFINE_AUTOPTR_FUNC (rhbz#1697627) - qemu: Introduce generic qemuMonitorGetGuestCPU (rhbz#1697627) - qemu_process: Prefer generic qemuMonitorGetGuestCPU (rhbz#1697627) - util: Rework virStringListAdd (rhbz#1697627) - conf: Introduce virCPUDefCheckFeatures (rhbz#1697627) - cpu_x86: Turn virCPUx86DataIteratorInit into a function (rhbz#1697627) - cpu_x86: Introduce virCPUx86FeatureFilter*MSR (rhbz#1697627) - cpu_x86: Read CPU features from IA32_ARCH_CAPABILITIES MSR (rhbz#1697627) - cpu_map: Introduce IA32_ARCH_CAPABILITIES MSR features (rhbz#1697627) - qemu: Forbid MSR features with old QEMU (rhbz#1697627) - qemu: Drop MSR features from host-model with old QEMU (rhbz#1697627) - cpu_x86: Fix memory leak - virCPUx86GetHost (rhbz#1697627) - qemu: Use @tmpChr in qemuDomainDetachChrDevice to build device string (rhbz#1624204) - qemu: Drop 'user-' prefix for guestfwd netdev (rhbz#1624204) - qemu_hotplug: Attach guestfwd using netdev_add (rhbz#1624204) - qemu_hotplug: Detach guestfwd using netdev_del (rhbz#1624204) - qemuhotplugtest: Test guestfwd attach and detach (rhbz#1624204) - daemon: Register secret driver before storage driver (rhbz#1685151) - bhyve: Move autostarting of domains into bhyveStateInitialize (rhbz#1685151) - Revert 'virStateDriver - Separate AutoStart from Initialize' (rhbz#1685151) - Revert 'Separate out StateAutoStart from StateInitialize' (rhbz#1685151) - util: moving 'type' argument to avoid issues with mount() syscall. (rhbz#1689297) - util: cgroup: use VIR_AUTOFREE instead of VIR_FREE for scalar types (rhbz#1689297) - vircgroup: Rename structs to start with underscore (rhbz#1689297) - vircgroup: Introduce standard set of typedefs and use them (rhbz#1689297) - vircgroup: Extract file link resolving into separate function (rhbz#1689297) - vircgroup: Remove unused function virCgroupKill() (rhbz#1689297) - vircgroup: Unexport unused function virCgroupAddTaskController() (rhbz#1689297) - vircgroup: Unexport unused function virCgroupRemoveRecursively (rhbz#1689297) - vircgroup: Move function used in tests into vircgrouppriv.h (rhbz#1689297) - vircgroup: Remove pointless bool parameter (rhbz#1689297) - vircgroup: Extract mount options matching into function (rhbz#1689297) - vircgroup: Use virCgroupMountOptsMatchController in virCgroupDetectPlacement (rhbz#1689297) - vircgroup: Introduce virCgroupEnableMissingControllers (rhbz#1689297) - vircgroup: machinename will never be NULL (rhbz#1689297) - vircgroup: Remove virCgroupAddTaskController (rhbz#1689297) - vircgroup: Introduce virCgroupGetMemoryStat (rhbz#1689297) - lxc: Use virCgroupGetMemoryStat (rhbz#1689297) - vircgroup: fix MinGW build (rhbz#1689297) - vircgroup: Duplicate string before modifying (rhbz#1689297) - vircgroup: Extract controller detection into function (rhbz#1689297) - vircgroup: Extract placement validation into function (rhbz#1689297) - vircgroup: Split virCgroupPathOfController into two functions (rhbz#1689297) - vircgroup: Call virCgroupRemove inside virCgroupMakeGroup (rhbz#1689297) - vircgroup: Simplify if conditions in virCgroupMakeGroup (rhbz#1689297) - vircgroup: Remove obsolete sa_assert (rhbz#1689297) - tests: Resolve possible overrun (rhbz#1689297) - vircgroup: cleanup controllers not managed by systemd on error (rhbz#1689297) - vircgroup: fix bug in virCgroupEnableMissingControllers (rhbz#1689297) - vircgroup: rename virCgroupAdd.*Task to virCgroupAdd.*Process (rhbz#1689297) - vircgroup: introduce virCgroupTaskFlags (rhbz#1689297) - vircgroup: introduce virCgroupAddThread (rhbz#1689297) - vircgroupmock: cleanup unused cgroup files (rhbz#1689297) - vircgroupmock: rewrite cgroup fopen mocking (rhbz#1689297) - vircgrouptest: call virCgroupDetectMounts directly (rhbz#1689297) - vircgrouptest: call virCgroupNewSelf instead virCgroupDetectMounts (rhbz#1689297) - util: introduce vircgroupbackend files (rhbz#1689297) - vircgroup: introduce cgroup v1 backend files (rhbz#1689297) - vircgroup: extract virCgroupV1Available (rhbz#1689297) - vircgroup: detect available backend for cgroup (rhbz#1689297) - vircgroup: extract virCgroupV1ValidateMachineGroup (rhbz#1689297) - vircgroup: extract virCgroupV1CopyMounts (rhbz#1689297) - vircgroup: extract v1 detect functions (rhbz#1689297) - vircgroup: extract virCgroupV1CopyPlacement (rhbz#1689297) - vircgroup: extract virCgroupV1ValidatePlacement (rhbz#1689297) - vircgroup: extract virCgroupV1StealPlacement (rhbz#1689297) - vircgroup: extract virCgroupV1DetectControllers (rhbz#1689297) - vircgroup: extract virCgroupV1HasController (rhbz#1689297) - vircgroup: extract virCgroupV1GetAnyController (rhbz#1689297) - vircgroup: extract virCgroupV1PathOfController (rhbz#1689297) - vircgroup: extract virCgroupV1MakeGroup (rhbz#1689297) - vircgroup: extract virCgroupV1Remove (rhbz#1689297) - vircgroup: extract virCgroupV1AddTask (rhbz#1689297) - vircgroup: extract virCgroupV1HasEmptyTasks (rhbz#1689297) - vircgroup: extract virCgroupV1BindMount (rhbz#1689297) - vircgroup: extract virCgroupV1SetOwner (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)BlkioWeight (rhbz#1689297) - vircgroup: extract virCgroupV1GetBlkioIoServiced (rhbz#1689297) - vircgroup: extract virCgroupV1GetBlkioIoDeviceServiced (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)BlkioDeviceWeight (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)BlkioDeviceReadIops (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)BlkioDeviceWriteIops (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)BlkioDeviceReadBps (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)BlkioDeviceWriteBps (rhbz#1689297) - vircgroup: extract virCgroupV1SetMemory (rhbz#1689297) - vircgroup: extract virCgroupV1GetMemoryStat (rhbz#1689297) - vircgroup: extract virCgroupV1GetMemoryUsage (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)Memory*Limit (rhbz#1689297) - vircgroup: extract virCgroupV1GetMemSwapUsage (rhbz#1689297) - vircgroup: extract virCgroupV1(Allow|Deny)Device (rhbz#1689297) - vircgroup: extract virCgroupV1(Allow|Deny)AllDevices (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)CpuShares (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)CpuCfsPeriod (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)CpuCfsQuota (rhbz#1689297) - vircgroup: extract virCgroupV1SupportsCpuBW (rhbz#1689297) - vircgroup: extract virCgroupV1GetCpuacct*Usage (rhbz#1689297) - vircgroup: extract virCgroupV1GetCpuacctStat (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)FreezerState (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)CpusetMems (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)CpusetMemoryMigrate (rhbz#1689297) - vircgroup: extract virCgroupV1(Set|Get)CpusetCpus (rhbz#1689297) - vircgroup: rename virCgroupController into virCgroupV1Controller (rhbz#1689297) - vircgroup: rename controllers to legacy (rhbz#1689297) - vircgroup: remove VIR_CGROUP_SUPPORTED (rhbz#1689297) - vircgroup: include system headers only on linux (rhbz#1689297) - vircgroupv1: fix build on non-linux OSes (rhbz#1689297) - Revert 'vircgroup: cleanup controllers not managed by systemd on error' (rhbz#1689297) - util: introduce cgroup v2 files (rhbz#1689297) - vircgroup: introduce virCgroupV2Available (rhbz#1689297) - vircgroup: introduce virCgroupV2ValidateMachineGroup (rhbz#1689297) - vircgroup: introduce virCgroupV2CopyMounts (rhbz#1689297) - vircgroup: introduce virCgroupV2CopyPlacement (rhbz#1689297) - vircgroup: introduce virCgroupV2DetectMounts (rhbz#1689297) - vircgroup: introduce virCgroupV2DetectPlacement (rhbz#1689297) - vircgroup: introduce virCgroupV2ValidatePlacement (rhbz#1689297) - vircgroup: introduce virCgroupV2StealPlacement (rhbz#1689297) - vircgroup: introduce virCgroupV2DetectControllers (rhbz#1689297) - vircgroup: introduce virCgroupV2HasController (rhbz#1689297) - vircgroup: introduce virCgroupV2GetAnyController (rhbz#1689297) - vircgroup: introduce virCgroupV2PathOfController (rhbz#1689297) - vircgroup: introduce virCgroupV2MakeGroup (rhbz#1689297) - vircgroup: introduce virCgroupV2Remove (rhbz#1689297) - vircgroup: introduce virCgroupV2AddTask (rhbz#1689297) - vircgroup: introduce virCgroupV2HasEmptyTasks (rhbz#1689297) - vircgroup: introduce virCgroupV2BindMount (rhbz#1689297) - vircgroup: introduce virCgroupV2SetOwner (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)BlkioWeight (rhbz#1689297) - vircgroup: introduce virCgroupV2GetBlkioIoServiced (rhbz#1689297) - vircgroup: introduce virCgroupV2GetBlkioIoDeviceServiced (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceWeight (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceReadIops (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceWriteIops (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceReadBps (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)BlkioDeviceWriteBps (rhbz#1689297) - vircgroup: introduce virCgroupV2SetMemory (rhbz#1689297) - vircgroup: introduce virCgroupV2GetMemoryStat (rhbz#1689297) - vircgroup: introduce virCgroupV2GetMemoryUsage (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)MemoryHardLimit (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)MemorySoftLimit (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)MemSwapHardLimit (rhbz#1689297) - vircgroup: introduce virCgroupV2GetMemSwapUsage (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)CpuShares (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)CpuCfsPeriod (rhbz#1689297) - vircgroup: introduce virCgroupV2(Set|Get)CpuCfsQuota (rhbz#1689297) - vircgroup: introduce virCgroupV2SupportsCpuBW (rhbz#1689297) - vircgroup: introduce virCgroupV2GetCpuacctUsage (rhbz#1689297) - vircgroup: introduce virCgroupV2GetCpuacctStat (rhbz#1689297) - vircgroup: register cgroup v2 backend (rhbz#1689297) - vircgroup: add support for hybrid configuration (rhbz#1689297) - vircgroupmock: change cgroup prefix (rhbz#1689297) - vircgroupmock: add support to test cgroup v2 (rhbz#1689297) - vircgrouptest: introduce initFakeFS and cleanupFakeFS helpers (rhbz#1689297) - vircgrouptest: prepare testCgroupDetectMounts for cgroup v2 (rhbz#1689297) - vircgrouptest: add detect mounts test for cgroup v2 (rhbz#1689297) - vircgrouptest: add detect mounts test for hybrid cgroups (rhbz#1689297) - vircgrouptest: prepare validateCgroup for cgroupv2 (rhbz#1689297) - vircgrouptest: add cgroup v2 tests (rhbz#1689297) - vircgrouptest: add hybrid tests (rhbz#1689297) - virt-host-validate: rewrite cgroup detection to use util/vircgroup (rhbz#1689297) - virt-host-validate: require freezer for LXC (rhbz#1689297) - virt-host-validate: Fix build on non-Linux (rhbz#1689297) - tests: Use correct function name in error path (rhbz#1689297) - util: Fix virCgroupGetMemoryStat (rhbz#1689297) - tests: Augment vcgrouptest to add virCgroupGetMemoryStat (rhbz#1689297) - vircgroup: introduce virCgroupKillRecursiveCB (rhbz#1689297) - vircgroupv2: fix virCgroupV2ValidateMachineGroup (rhbz#1689297) - util: implement virCgroupV2(Set|Get)CpusetMems (rhbz#1689297) - util: implement virCgroupV2(Set|Get)CpusetMemoryMigrate (rhbz#1689297) - util: implement virCgroupV2(Set|Get)CpusetCpus (rhbz#1689297) - util: enable cgroups v2 cpuset controller for threads (rhbz#1689297) - util: vircgroup: pass parent cgroup into virCgroupDetectControllersCB (rhbz#1689297) - internal: introduce a family of NULLSTR macros (rhbz#1689297) - util: vircgroup: improve controller detection (rhbz#1689297) - util: vircgroupv2: use any controller to create thread directory (rhbz#1689297) - util: vircgroupv2: enable CPU controller only if it's available (rhbz#1689297) - util: vircgroupv2: separate return values of virCgroupV2EnableController (rhbz#1689297) - util: vircgroupv2: don't error out if enabling controller fails (rhbz#1689297) - util: vircgroupv2: mark only requested controllers as available (rhbz#1689297) - Revert 'util: vircgroup: pass parent cgroup into virCgroupDetectControllersCB' (rhbz#1689297) - util: vircgroupv2: stop enabling missing controllers with systemd (rhbz#1689297) [4.5.0-28] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [4.5.0-27] - RHEL: spec: Disable gluster on i686 (rhbz#1722668) - rpc: virnetlibsshsession: update deprecated functions (rhbz#1722735) [4.5.0-26] - api: disallow virDomainSaveImageGetXMLDesc on read-only connections (CVE-2019-10161) - api: disallow virDomainManagedSaveDefineXML on read-only connections (CVE-2019-10166) - api: disallow virConnectGetDomainCapabilities on read-only connections (CVE-2019-10167) - api: disallow virConnect*HypervisorCPU on read-only connections (CVE-2019-10168) [4.5.0-25] - admin: reject clients unless their UID matches the current UID (CVE-2019-10132) - locking: restrict sockets to mode 0600 (CVE-2019-10132) - logging: restrict sockets to mode 0600 (CVE-2019-10132) - util: skip RDMA detection for non-PCI network devices (rhbz#1693299) - virfile: Detect ceph as shared FS (rhbz#1698133) - virfile: added GPFS as shared fs (rhbz#1698133) - util: bitmap: define cleanup function using VIR_DEFINE_AUTOPTR_FUNC (rhbz#1716943) - qemu: Rework setting process affinity (rhbz#1716943) - qemu: Set up EMULATOR thread and cpuset.mems before exec()-ing qemu (rhbz#1716943) - conf: Add definitions for 'uid' and 'fid' PCI address attributes (rhbz#1508149) - qemu: Introduce zPCI capability (rhbz#1508149) - qemu: Enable PCI multi bus for S390 guests (rhbz#1508149) - conf: Introduce extension flag and zPCI member for PCI address (rhbz#1508149) - conf: Introduce address caching for PCI extensions (rhbz#1508149) - qemu: Auto add pci-root for s390/s390x guests (rhbz#1508149) - conf: use virXMLFormatElement() in virDomainDeviceInfoFormat() (rhbz#1508149) - conf: Introduce parser, formatter for uid and fid (rhbz#1508149) - qemu: Add zPCI address definition check (rhbz#1508149) - conf: Allocate/release 'uid' and 'fid' in PCI address (rhbz#1508149) - qemu: Generate and use zPCI device in QEMU command line (rhbz#1508149) - qemu: Add hotpluging support for PCI devices on S390 guests (rhbz#1508149) - qemuDomainRemoveRNGDevice: Remove associated chardev too (rhbz#1508149) - qemu_hotplug: remove erroneous call to qemuDomainDetachExtensionDevice() (rhbz#1508149) - qemu_hotplug: remove another erroneous qemuDomainDetachExtensionDevice() call (rhbz#1508149) - util: Propagate numad failures correctly (rhbz#1716907) - util: Introduce virBitmapUnion() (rhbz#1716908) - util: Introduce virNumaNodesetToCPUset() (rhbz#1716908) - qemu: Fix qemuProcessInitCpuAffinity() (rhbz#1716908) - qemu: Fix leak in qemuProcessInitCpuAffinity() (rhbz#1716908) - qemu: Drop cleanup label from qemuProcessInitCpuAffinity() (rhbz#1716908) - qemu: Fix NULL pointer access in qemuProcessInitCpuAffinity() (rhbz#1716908) - qemuBuildMemoryBackendProps: Pass @priv instead of its individual members (rhbz#1624223) - qemu: Don't use -mem-prealloc among with .prealloc=yes (rhbz#1624223) - nwfilter: fix adding std MAC and IP values to filter binding (rhbz#1691356) - qemuProcessBuildDestroyMemoryPathsImpl: Don't overwrite error (rhbz#1658112) - qemu_security: Fully implement qemuSecurityDomainSetPathLabel (rhbz#1658112) - qemu: process: SEV: Assume libDir to be the directory to create files in (rhbz#1658112) - qemu: process: SEV: Relabel guest owner's SEV files created before start (rhbz#1658112) [4.5.0-24] - tests: qemuxml2argv: add CAPS_ARCH_LATEST macro (rhbz#1698855) - qemu: Add ccw support for vhost-vsock (rhbz#1698855) - qemu: Allow creating ppc64 guests with graphics and no USB mouse (rhbz#1683681) - conf: Expose virDomainSCSIDriveAddressIsUsed (rhbz#1692354) - qemuhotplugtest: Don't plug a SCSI disk at unit 7 (rhbz#1692354) - qemu_hotplug: Check for duplicate drive addresses (rhbz#1692354) - cpu_map: Add support for cldemote CPU feature (rhbz#1537731) - util: alloc: add macros for implementing automatic cleanup functionality (rhbz#1505998) - qemu: domain: Simplify non-VFIO memLockLimit calculation for PPC64 (rhbz#1505998) - qemu_domain: add a PPC64 memLockLimit helper (rhbz#1505998) - qemu_domain: NVLink2 bridge detection function for PPC64 (rhbz#1505998) - PPC64 support for NVIDIA V100 GPU with NVLink2 passthrough (rhbz#1505998) - cpu_x86: Do not cache microcode version (CVE-2018-12127, CVE-2019-11091, CVE-2018-12126, CVE-2018-12130) - qemu: Don't cache microcode version (CVE-2018-12127, CVE-2019-11091, CVE-2018-12126, CVE-2018-12130) - cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5 (CVE-2018-12127, CVE-2019-11091, CVE-2018-12126, CVE-2018-12130) - cpu_map: Define md-clear CPUID bit (CVE-2018-12127, CVE-2019-11091, CVE-2018-12126, CVE-2018-12130) [4.5.0-23] - network: explicitly allow icmp/icmpv6 in libvirt zonefile (rhbz#1650320) [4.5.0-22] - util: fix memory leak in virFirewallDInterfaceSetZone() (rhbz#1650320) [4.5.0-21] - docs: Drop /dev/net/tun from the list of shared devices (rhbz#1665400) - qemu: conf: Remove /dev/sev from the default cgroup device acl list (rhbz#1665400) - qemu: cgroup: Expose /dev/sev/ only to domains that require SEV (rhbz#1665400) - qemu: domain: Add /dev/sev into the domain mount namespace selectively (rhbz#1665400) - security: dac: Relabel /dev/sev in the namespace (rhbz#1665400) - qemu: caps: Use CAP_DAC_OVERRIDE for probing to avoid permission issues (rhbz#1665400) - qemu: caps: Don't try to ask for CAP_DAC_OVERRIDE if non-root (rhbz#1665400) - Revert 'RHEL: Require firewalld-filesystem for firewalld rpm macros' (rhbz#1650320) - Revert 'RHEL: network: regain guest network connectivity after firewalld switch to nftables' (rhbz#1650320) - configure: change HAVE_FIREWALLD to WITH_FIREWALLD (rhbz#1650320) - util: move all firewalld-specific stuff into its own files (rhbz#1650320) - util: new virFirewallD APIs + docs (rhbz#1650320) - configure: selectively install a firewalld 'libvirt' zone (rhbz#1650320) - network: set firewalld zone of bridges to 'libvirt' zone when appropriate (rhbz#1650320) - network: allow configuring firewalld zone for virtual network bridge device (rhbz#1650320) - util: remove test code accidentally committed to virFirewallDZoneExists (rhbz#1650320) - qemu: command: Don't skip 'readonly' and throttling info for empty drive (rhbz#1670337) [4.5.0-20] - RHEL: qemu: Fix crash trying to use iSCSI hostdev (rhbz#1669424) [4.5.0-19] - qemu: Fix logic error in qemuSetUnprivSGIO (rhbz#1666605) - tests: qemuxml2argv: Add test case for empty CDROM with cache mode (rhbz#1553255) - qemu: command: Don't format image properties for empty -drive (rhbz#1553255) [4.5.0-18] - conf: correct false boot order error during domain parse (rhbz#1630393) - qemu: Remove duplicated qemuAgentCheckError (rhbz#1665000) - qemu: require reply from guest agent in qemuAgentGetInterfaces (rhbz#1665000) - qemu: Filter non SCSI hostdevs in qemuHostdevPrepareSCSIDevices (rhbz#1665244) - util: remove const specifier from nlmsghdr arg to virNetlinkDumpCallback() (rhbz#1583131) - util: add a function to insert new interfaces to IPv6CheckForwarding list (rhbz#1583131) - util: use nlmsg_find_attr() instead of an open-coded loop (rhbz#1583131) - util: check accept_ra for all nexthop interfaces of multipath routes (rhbz#1583131) - util: make forgotten changes suggested during review of commit d40b820c (rhbz#1583131) [4.5.0-17] - virsh: Strip XML declaration when extracting CPU XMLs (rhbz#1659048) - RHEL: qemu: Add ability to set sgio values for hostdev (rhbz#1582424) - RHEL: qemu: Add check for unpriv sgio for SCSI generic host device (rhbz#1582424) - qemu: Alter @val usage in qemuSetUnprivSGIO (rhbz#1656362) - qemu: Alter qemuSetUnprivSGIO hostdev shareable logic (rhbz#1656362) [4.5.0-16] - util: Don't overflow in virRandomBits (rhbz#1655586) - virrandom: Avoid undefined behaviour in virRandomBits (rhbz#1655586) - spec: remove libcgroup and cgconfig (rhbz#1602407) - qemu: Drop duplicated code from qemuDomainDefValidateFeatures() (rhbz#1647822) - tests: Add capabilities data for QEMU 3.1.0 on ppc64 (rhbz#1647822) - qemu: Introduce QEMU_CAPS_MACHINE_PSERIES_CAP_NESTED_HV (rhbz#1647822) - conf: Parse and format nested-hv feature (rhbz#1647822) - qemu: Format nested-hv feature on the command line (rhbz#1647822) - qemu: Add check for whether KVM nesting is enabled (rhbz#1645139) - secret: Add check/validation for correct usage when LookupByUUID (rhbz#1656255) - cpu: Add support for 'stibp' x86_64 feature (rhbz#1655032) [4.5.0-15] - virfile: Take symlink into account in virFileIsSharedFixFUSE (rhbz#1634782) - qemu: Ignore nwfilter binding instantiation issues during reconnect (rhbz#1648544) - qemu: Set identity for the reconnect all thread (rhbz#1648546) - Revert 'access: Modify the VIR_ERR_ACCESS_DENIED to include driverName' (rhbz#1631608) - access: Modify the VIR_ERR_ACCESS_DENIED to include driverName (rhbz#1631608) - qemu: add vfio-ap capability (rhbz#1508146) - qemu: vfio-ap device support (rhbz#1508146) - qemu: Extract MDEV VFIO PCI validation code into a separate helper (rhbz#1508146) - conf: Move VFIO AP validation from post parse to QEMU validation code (rhbz#1508146) - qemu: Fix post-copy migration on the source (rhbz#1649169) [4.5.0-14] - storage: Remove secretPath from _virStorageBackendQemuImgInfo (rhbz#1645459) - storage: Allow for inputvol to have any format for encryption (rhbz#1645459) - storage: Allow inputvol to be encrypted (rhbz#1645459) - access: Modify the VIR_ERR_ACCESS_DENIED to include driverName (rhbz#1631608) - docs: Enhance polkit documentation to describe secondary connection (rhbz#1631608) - qemu: Don't ignore resume events (rhbz#1634758, rhbz#1643338) [4.5.0-13] - Revert 'spec: Temporarily drop gluster support' (rhbz#1599339) [4.5.0-12] - RHEL: Require firewalld-filesystem for firewalld rpm macros (rhbz#1639932) [4.5.0-11] - virfile: fix cast-align error (rhbz#1634782) - virfiletest: Fix test name prefix for virFileInData test (rhbz#1634782) - virfiletst: Test virFileIsSharedFS (rhbz#1634782) - virFileIsSharedFSType: Detect direct mount points (rhbz#1634782) - virfile: Rework virFileIsSharedFixFUSE (rhbz#1634782) - RHEL: network: regain guest network connectivity after firewalld switch to nftables (rhbz#1638864) [4.5.0-10] - conf: Fix check for chardev source path (rhbz#1609723) - tests: Reuse qemucapabilities data for qemucaps2xml (rhbz#1629862) - tests: Add more tests to qemucaps2xml (rhbz#1629862) - qemu: Drop QEMU_CAPS_ENABLE_KVM (rhbz#1629862) - qemu: Avoid probing non-native binaries all the time (rhbz#1629862) - qemu: Clarify QEMU_CAPS_KVM (rhbz#1629862) - qemu: Don't check for /dev/kvm presence (rhbz#1629862) - tests: Follow up on qemucaps2xmldata rename (rhbz#1629862) - security: dac: also label listen UNIX sockets (rhbz#1634775) - spec: Set correct TLS priority (rhbz#1632269) - spec: Build ceph and gluster support everywhere (rhbz#1599546) - virsh: Require explicit --domain for domxml-to-native (rhbz#1634769) - virFileIsSharedFSType: Check for fuse.glusterfs too (rhbz#1634782) - qemu: fix up permissions for pre-created UNIX sockets (rhbz#1634775) - cpu_map: Add features for Icelake CPUs (rhbz#1527657, rhbz#1526625) - cpu_map: Add Icelake CPU models (rhbz#1526625) - qemu: Properly report VIR_DOMAIN_EVENT_RESUMED_FROM_SNAPSHOT (rhbz#1634758) - qemu: Report more appropriate running reasons (rhbz#1634758) - qemu: Pass running reason to RESUME event handler (rhbz#1634758) - qemu: Map running reason to resume event detail (rhbz#1634758) - qemu: Avoid duplicate resume events and state changes (rhbz#1634758) - conf: qemu: add support for Hyper-V frequency MSRs (rhbz#1589702) - conf: qemu: add support for Hyper-V reenlightenment notifications (rhbz#1589702) - conf: qemu: add support for Hyper-V PV TLB flush (rhbz#1589702) [4.5.0-9] - RHEL: Fix virConnectGetMaxVcpus output (rhbz#1582222) - storage: Add --shrink to qemu-img command when shrinking vol (rhbz#1622534) - access: Fix nwfilter-binding ACL access API name generation (rhbz#1622540) - conf: Add validation of input devices (rhbz#1591240) - tests: qemu: Remove disk from graphics-vnc-tls (rhbz#1598167) - tests: qemu: test more versions for graphics-vnc-tls (rhbz#1598167) - qemu: vnc: switch to tls-creds-x509 (rhbz#1598167) - qemu: mdev: Use vfio-pci 'display' property only with vfio-pci mdevs (rhbz#1624740) - virDomainDefCompatibleDevice: Relax alias change check (rhbz#1603133) - virDomainDetachDeviceFlags: Clarify update semantics (rhbz#1603133) - virDomainNetDefCheckABIStability: Check for MTU change too (rhbz#1623158) - RHEL: spec: Require python3-devel on RHEL-8 (rhbz#1518446) - qemu: monitor: Remove qemuMonitorJSONExtractCPUArchInfo wrapper (rhbz#1598829) - qemu: monitor: Use 'target' instead of 'arch' in reply of 'query-cpus-fast' (rhbz#1598829) [4.5.0-8] - tests: Add missing thread_siblings_list files (rhbz#1608479) - util: Rewrite virHostCPUCountThreadSiblings() (rhbz#1608479) - utils: Remove arbitrary limit on socket_id/core_id (rhbz#1608479) - tests: Add linux-high-ids test (rhbz#1608479) - qemu: hotplug: Fix asynchronous unplug of 'shmem' (rhbz#1618680) - tests: rename hugepages to hugepages-default (rhbz#1615461) - tests: extract hugepages-numa-default-dimm out of hugepages-numa (rhbz#1615461) - tests: rename hugepages-numa into hugepages-numa-default (rhbz#1615461) - tests: remove unnecessary XML elements from hugepages-numa-default (rhbz#1615461) - tests: extract pages-discard out of hugepages-pages (rhbz#1615461) - tests: rename hugepages-pages into hugepages-numa-nodeset (rhbz#1615461) - tests: rename hugepages-pages2 into hugepages-numa-default-2M (rhbz#1615461) - tests: extract pages-discard-hugepages out of hugepages-pages3 (rhbz#1615461) - tests: rename hugepages-pages3 into hugepages-numa-nodeset-part (rhbz#1615461) - tests: rename hugepages-pages4 into hugepages-numa-nodeset-nonexist (rhbz#1615461) - tests: rename hugepages-pages5 into hugepages-default-2M (rhbz#1615461) - tests: rename hugepages-pages6 into hugepages-default-system-size (rhbz#1615461) - tests: rename hugepages-pages7 into pages-dimm-discard (rhbz#1615461) - tests: rename hugepages-pages8 into hugepages-nodeset-nonexist (rhbz#1615461) - tests: introduce hugepages-default-1G-nodeset-2M (rhbz#1615461) - tests: introduce hugepages-nodeset (rhbz#1615461) - conf: Move hugepage XML validation check out of qemu_command (rhbz#1615461) - conf: Move hugepages validation out of XML parser (rhbz#1615461) - conf: Introduce virDomainDefPostParseMemtune (rhbz#1615461) - tests: sev: Test launch-security with specific QEMU version (rhbz#1619150) - qemu: Fix probing of AMD SEV support (rhbz#1619150) - qemu: caps: Format SEV platform data into qemuCaps cache (rhbz#1619150) - conf: Parse guestfwd channel device info again (rhbz#1610072) [4.5.0-7] - qemu_migration: Avoid writing to freed memory (rhbz#1615854) [4.5.0-6] - qemu: Exempt video model 'none' from getting a PCI address on Q35 - conf: Fix a error msg typo in virDomainVideoDefValidate [4.5.0-5] - esx storage: Fix typo lsilogic -> lsiLogic - networkGetDHCPLeases: Don't always report error if unable to read leases file - nwfilter: Resolve SEGV for NWFilter Snoop processing - qemu: Remove unused bypassSecurityDriver from qemuOpenFileAs - qemuDomainSaveMemory: Don't enforce dynamicOwnership - domain_nwfilter: Return early if net has no name in virDomainConfNWFilterTeardownImpl - examples: Add clean-traffic-gateway into nwfilters [4.5.0-4] - qemu: hotplug: don't overwrite error message in qemuDomainAttachNetDevice - qemu: hotplug: report error when changing rom enabled attr for net iface - qemu: Fix setting global_period cputune element - tests: qemucaps: Add test data for upcoming qemu 3.0.0 - qemu: capabilities: Add capability for werror/rerror for 'usb-device' frontend - qemu: command: Move graphics iteration to its own function - qemu: address: Handle all the video devices within a single loop - conf: Introduce virDomainVideoDefClear helper - conf: Introduce virDomainDefPostParseVideo helper - qemu: validate: Enforce compile time switch type checking for videos - tests: Add capabilities data for QEMU 2.11 x86_64 - tests: Update capabilities data for QEMU 3.0.0 x86_64 - qemu: qemuBuildHostdevCommandLine: Use a helper variable mdevsrc - qemu: caps: Introduce a capability for egl-headless - qemu: Introduce a new graphics display type 'headless' - qemu: caps: Add vfio-pci.display capability - conf: Introduce virDomainGraphicsDefHasOpenGL helper - conf: Replace 'error' with 'cleanup' in virDomainHostdevDefParseXMLSubsys - conf: Introduce new <hostdev> attribute 'display' - qemu: command: Enable formatting vfio-pci.display option onto cmdline - docs: Rephrase the mediated devices hostdev section a bit - conf: Introduce new video type 'none' - virt-xml-validate: Add schema for nwfilterbinding - tools: Fix typo generating adapter_wwpn field - src: Fix memory leak in virNWFilterBindingDispose [4.5.0-3] - qemu: hotplug: Do not try to add secret object for TLS if it does not exist - qemu: monitor: Make qemuMonitorAddObject more robust against programming errors - spec: Explicitly require matching libvirt-libs - virDomainConfNWFilterInstantiate: initialize @xml to avoid random crash - qemuProcessStartPRDaemonHook: Try to set NS iff domain was started with one - qemuDomainValidateStorageSource: Relax PR validation - virStoragePRDefFormat: Suppress path formatting for migratable XML - qemu: Wire up PR_MANAGER_STATUS_CHANGED event - qemu_monitor: Introduce qemuMonitorJSONGetPRManagerInfo - qemu: Fetch pr-helper process info on reconnect - qemu: Fix ATTRIBUTE_NONNULL for qemuMonitorAddObject - virsh.pod: Fix a command name typo in nwfilter-binding-undefine - docs: schema: Add missing <alias> to vsock device - virnetdevtap: Don't crash on !ifname in virNetDevTapInterfaceStats - tests: fix TLS handshake failure with TLS 1.3 [4.5.0-2] - qemu: Add capability for the HTM pSeries feature - conf: Parse and format the HTM pSeries feature - qemu: Format the HTM pSeries feature - qemu: hotplug: Don't access srcPriv when it's not allocated - qemuDomainNestedJobAllowed: Allow QEMU_JOB_NONE - src: Mention DEVICE_REMOVAL_FAILED event in virDomainDetachDeviceAlias docs - virsh.pod: Drop --persistent for detach-device-alias - qemu: don't use chardev FD passing with standalone args - qemu: remove chardevStdioLogd param from vhostuser code path - qemu: consolidate parameters of qemuBuildChrChardevStr into flags - qemu: don't use chardev FD passing for vhostuser backend - qemu: fix UNIX socket chardevs operating in client mode - qemuDomainDeviceDefValidateNetwork: Check for range only if IP prefix set - spec: Temporarily drop gluster support [4.5.0-1] - Rebased to libvirt-4.5.0 [4.3.0-1] - Rebased to libvirt-4.3.0 [4.1.0-2] - Fix systemd macro argument with line continuations (rhbz#1558648) [4.1.0-1] - Rebase to version 4.1.0 [4.0.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [4.0.0-1] - Rebase to version 4.0.0 [3.10.0-2] - Rebuild for xen 4.10 [3.10.0-1] - Rebase to version 3.10.0 [3.9.0-1] - Rebase to version 3.9.0 [3.8.0-1] - Rebase to version 3.8.0 [3.7.0-1] - Rebase to version 3.7.0 [3.6.0-1] - Rebase to version 3.6.0 [3.5.0-4] - Rebuild with binutils fix for ppc64le (#1475636) [3.5.0-3] - Disabled RBD on i386, arm, ppc64 (rhbz #1474743) [3.5.0-2] - Rebuild for xen 4.9 [3.5.0-1] - Rebase to version 3.5.0 [3.4.0-1] - Rebase to version 3.4.0 [3.3.0-1] - Rebase to version 3.3.0 [3.2.0-1] - Rebase to version 3.2.0 [3.1.0-1] - Rebase to version 3.1.0 [3.0.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [3.0.0-1] - Rebase to version 3.0.0 libvirt-dbus libvirt-python nbdkit netcf [0.2.8-12] - Resolves: rhbz#1602628 perl-Sys-Virt qemu-kvm [2.12.0-88.0.1.el8_1_0.2] - Added bug30251155-remove-upstream-reference [Orabug: 30251155] [2.12.0-88.el8_1_0.2] - kvm-target-i386-Export-TAA_NO-bit-to-guests.patch [bz#1771970] - kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch [bz#1771970] - Resolves: bz#1771970 (CVE-2019-11135 virt:rhel/qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-8.1.0.z]) [2.12.0-88.el8_1_0.1] - kvm-s390-PCI-fix-IOMMU-region-init.patch [bz#1764829] - Resolves: bz#1764829 (RHEL8.1 Snapshot3 - Passthrough PCI card goes into error state if used in domain (kvm) [rhel-8.1.0.z]) [2.12.0-88.el8] - Revert fix for bz#1749724 - this got delayed to 8.2 (CVE-2019-15890 qemu-kvm: QEMU: Slirp: use-after-free during packet reassembly [rhel-8]) [2.12.0-86.el8] - kvm-Do-not-run-iotests-on-brew-build.patch [bz#1742819] - kvm-target-ppc-spapr-Add-workaround-option-to-SPAPR_CAP_.patch [bz#1744415] - kvm-target-ppc-spapr-Add-SPAPR_CAP_CCF_ASSIST.patch [bz#1744415] - kvm-i386-x86_cpu_list_feature_names-function.patch [bz#1747185] - kvm-i386-unavailable-features-QOM-property.patch [bz#1747185] - kvm-file-posix-Handle-undetectable-alignment.patch [bz#1738839] - kvm-iotests-Tweak-221-sizing-for-different-hole-granular.patch [bz#1738839] - kvm-iotests-Filter-175-s-allocation-information.patch [bz#1738839] - kvm-block-posix-Always-allocate-the-first-block.patch [bz#1738839] - kvm-iotests-Test-allocate_first_block-with-O_DIRECT.patch [bz#1738839] - Resolves: bz#1738839 (I/O error when virtio-blk disk is backed by a raw image on 4k disk) - Resolves: bz#1742819 (Remove iotests from qemu-kvm builds [RHEL 8.1.0]) - Resolves: bz#1744415 (Backport support for count cache flush Spectre v2 mitigation [slow train]) - Resolves: bz#1747185 ('filtered-features' QOM property is not available) [2.12.0-85.el8] - kvm-console-Avoid-segfault-in-screendump.patch [bz#1684383] - kvm-usb-hub-clear-suspend-on-detach.patch [bz#1619661] - kvm-qemu-img-fix-regression-copying-secrets-during-conve.patch [bz#1727821] - Resolves: bz#1619661 (the attach hub on one hub still exits in device manager after unhotplug) - Resolves: bz#1684383 (qemu crashed when take screenshot for 2nd head of virtio video device if the display not opened by virt-viewer) - Resolves: bz#1727821 (Failed to convert a source image to the qcow2 image encrypted by luks) [2.12.0-84.el8] - kvm-vnc-detect-and-optimize-pageflips.patch [bz#1727033] - kvm-block-backend-Make-blk_inc-dec_in_flight-public.patch [bz#1716349] - kvm-virtio-blk-Increase-in_flight-for-request-restart-BH.patch [bz#1716349] - kvm-block-Fix-AioContext-switch-for-drained-node.patch [bz#1716349] - kvm-test-bdrv-drain-AioContext-switch-in-drained-section.patch [bz#1716349] - kvm-block-Use-normal-drain-for-bdrv_set_aio_context.patch [bz#1716349] - kvm-block-Fix-AioContext-switch-for-bs-drv-NULL.patch [bz#1716347] - kvm-iothread-fix-crash-with-invalid-properties.patch [bz#1687541] - kvm-iothread-replace-init_done_cond-with-a-semaphore.patch [bz#1687541] - kvm-RHEL-disable-hostmem-memfd.patch [bz#1740797] - Resolves: bz#1687541 (qemu aborted when start guest with a big iothreads) - Resolves: bz#1716347 (Qemu Core dump when quit vm that's in status 'paused(io-error)' with data plane enabled) - Resolves: bz#1716349 (qemu with iothreads enabled crashes on resume after enospc pause for disk extension) - Resolves: bz#1727033 (vnc server should detect page-flips and avoid sending fullscreen updates then.) - Resolves: bz#1740797 (Disable memfd in QEMU) [2.12.0-83.el8] - kvm-hw-block-pflash_cfi01-Add-missing-DeviceReset-handle.patch [bz#1707192] - kvm-block-file-posix-Unaligned-O_DIRECT-block-status.patch [bz#1678979] - kvm-iotests-Test-unaligned-raw-images-with-O_DIRECT.patch [bz#1678979] - kvm-nbd-client-Lower-min_block-for-block-status-unaligne.patch [bz#1678979] - kvm-nbd-client-Reject-inaccessible-tail-of-inconsistent-.patch [bz#1678979] - kvm-nbd-client-Support-qemu-img-convert-from-unaligned-s.patch [bz#1678979] - kvm-block-Add-bdrv_get_request_alignment.patch [bz#1678979] - kvm-nbd-server-Advertise-actual-minimum-block-size.patch [bz#1678979] - kvm-slirp-check-sscanf-result-when-emulating-ident.patch [bz#1727642] - kvm-slirp-fix-big-little-endian-conversion-in-ident-prot.patch [bz#1727642] - kvm-slirp-ensure-there-is-enough-space-in-mbuf-to-null-t.patch [bz#1727642] - kvm-slirp-don-t-manipulate-so_rcv-in-tcp_emu.patch [bz#1727642] - kvm-tap-set-vhostfd-passed-from-qemu-cli-to-non-blocking.patch [bz#1732642] - kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch [bz#1734751] - Resolves: bz#1678979 (qemu-img convert abort when converting image with unaligned size (qemu-img: block/io.c:2134: bdrv_co_block_status: Assertion ret == cpu->kvm_msr_buf->nmsrs' failed.) [2.12.0-71.el8] - kvm-s390-bios-Skip-bootmap-signature-entries.patch [bz#1683275] - Resolves: bz#1683275 ([IBM 8.1 FEAT] KVM: Secure Linux Boot Toleration (qemu)) [2.12.0-70.el8] - kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch [bz#1561761] - kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch [bz#1561761] - kvm-i386-Add-CPUID-bit-for-PCONFIG.patch [bz#1561761] - kvm-i386-Add-CPUID-bit-for-WBNOINVD.patch [bz#1561761] - kvm-i386-Add-new-CPU-model-Icelake-Server-Client.patch [bz#1561761] - kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch [bz#1561761] - kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch [bz#1561761] - kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch [bz#1561761] - kvm-i386-remove-the-new-CPUID-PCONFIG-from-Icelake-Serve.patch [bz#1561761] - kvm-Revert-i386-Add-CPUID-bit-for-PCONFIG.patch [bz#1561761] - Resolves: bz#1561761 ([Intel 8.1 Feat] qemu-kvm Introduce Icelake cpu model) [2.12.0-69.el8] - kvm-tests-crypto-Use-the-IEC-binary-prefix-definitions.patch [bz#1680231] - kvm-crypto-expand-algorithm-coverage-for-cipher-benchmar.patch [bz#1680231] - kvm-crypto-remove-code-duplication-in-tweak-encrypt-decr.patch [bz#1680231] - kvm-crypto-introduce-a-xts_uint128-data-type.patch [bz#1680231] - kvm-crypto-convert-xts_tweak_encdec-to-use-xts_uint128-t.patch [bz#1680231] - kvm-crypto-convert-xts_mult_x-to-use-xts_uint128-type.patch [bz#1680231] - kvm-crypto-annotate-xts_tweak_encdec-as-inlineable.patch [bz#1680231] - kvm-crypto-refactor-XTS-cipher-mode-test-suite.patch [bz#1680231] - kvm-crypto-add-testing-for-unaligned-buffers-with-XTS-ci.patch [bz#1680231] - Resolves: bz#1680231 (severe performance impact using luks format) [2.12.0-68.el8] - kvm-s390x-ipl-Try-to-detect-Linux-vs-non-Linux-for-initi.patch [bz#1699070] - kvm-loader-Check-access-size-when-calling-rom_ptr-to-avo.patch [bz#1699070] - kvm-hw-s390x-Use-the-IEC-binary-prefix-definitions.patch [bz#1699070] - kvm-s390x-storage-attributes-fix-CMMA_BLOCK_SIZE-usage.patch [bz#1699070] - kvm-s390x-cpumodel-fix-segmentation-fault-when-baselinin.patch [bz#1699070] - kvm-hw-s390x-s390-pci-bus-Convert-sysbus-init-function-t.patch [bz#1699070] - kvm-s390x-pci-properly-fail-if-the-zPCI-device-cannot-be.patch [bz#1699070] - kvm-s390x-pci-rename-hotplug-handler-callbacks.patch [bz#1699070] - kvm-s390-avoid-potential-null-dereference-in-s390_pcihos.patch [bz#1699070] - kvm-s390x-pci-Send-correct-event-on-hotplug.patch [bz#1699070] - kvm-s390x-pci-Set-the-iommu-region-size-mpcifc-request.patch [bz#1699070] - kvm-s390x-pci-Always-delete-and-free-the-release_timer.patch [bz#1699070] - kvm-s390x-pci-Ignore-the-unplug-call-if-we-already-have-.patch [bz#1699070] - kvm-s390x-pci-Use-hotplug_dev-instead-of-looking-up-the-.patch [bz#1699070] - kvm-s390x-pci-Move-some-hotplug-checks-to-the-pre_plug-h.patch [bz#1699070] - kvm-s390x-pci-Introduce-unplug-requests-and-split-unplug.patch [bz#1699070] - kvm-s390x-pci-Drop-release-timer-and-replace-it-with-a-f.patch [bz#1699070] - kvm-s390x-pci-mark-zpci-devices-as-unmigratable.patch [bz#1699070] - kvm-s390x-pci-Fix-primary-bus-number-for-PCI-bridges.patch [bz#1699070] - kvm-s390x-pci-Fix-hotplugging-of-PCI-bridges.patch [bz#1699070] - kvm-s390x-pci-Warn-when-adding-PCI-devices-without-the-z.patch [bz#1699070] - kvm-s390x-pci-Unplug-remaining-requested-devices-on-pcih.patch [bz#1699070] - kvm-s390x-refactor-reset-reipl-handling.patch [bz#1699070] - kvm-s390-ipl-fix-ipl-with-no-reboot.patch [bz#1699070] - Resolves: bz#1699070 (Backport s390x-related fixes for qemu-kvm) [2.12.0-67.el8] - kvm-device_tree-Fix-integer-overflowing-in-load_device_t.patch [bz#1693116] - Resolves: bz#1693116 (CVE-2018-20815 qemu-kvm: QEMU: device_tree: heap buffer overflow while loading device tree blob [rhel-8.0]) [2.12.0-66.el8] - kvm-iotests-153-Fix-dead-code.patch [bz#1694148] - kvm-file-posix-Include-filename-in-locking-error-message.patch [bz#1694148] - kvm-file-posix-Skip-effectiveless-OFD-lock-operations.patch [bz#1694148] - kvm-file-posix-Drop-s-lock_fd.patch [bz#1694148] - kvm-tests-Add-unit-tests-for-image-locking.patch [bz#1694148] - kvm-file-posix-Fix-shared-locks-on-reopen-commit.patch [bz#1694148] - kvm-iotests-Test-file-posix-locking-and-reopen.patch [bz#1694148] - kvm-block-file-posix-do-not-fail-on-unlock-bytes.patch [bz#1694148] - kvm-hostmem-file-remove-object-id-from-pmem-error-messag.patch [bz#1687596] - kvm-redhat-setting-target-release-to-rhel-8.1.0.patch [] - kvm-redhat-removing-iotest-182.patch [] - Resolves: bz#1687596 ([Intel 8.1 BUG][KVM][Crystal Ridge]object_get_canonical_path_component: assertion failed: (obj->parent != NULL)) - Resolves: bz#1694148 (QEMU image locking needn't double open fd number, and it should not fail when attempting to release locks) [2.12.0-65.el8] - kvm-s390x-cpumodel-mepochptff-warn-when-no-mepoch-and-re.patch [bz#1664371] - kvm-s390x-cpumodel-add-z14-GA2-model.patch [bz#1664371] - kvm-redhat-s390x-cpumodel-enable-mepoch-by-default-for-z.patch [bz#1664371] - kvm-intel_iommu-fix-operator-in-vtd_switch_address_space.patch [bz#1662272] - kvm-intel_iommu-reset-intr_enabled-when-system-reset.patch [bz#1662272] - kvm-pci-msi-export-msi_is_masked.patch [bz#1662272] - kvm-i386-kvm-ignore-masked-irqs-when-update-msi-routes.patch [bz#1662272] - Resolves: bz#1662272 (Boot guest with device assignment+vIOMMU, qemu prompts 'vtd_interrupt_remap_msi: MSI address low 32 bit invalid: 0x0' when first rebooting guest) - Resolves: bz#1664371 ([IBM 8.1 FEAT] Update hardware CPU Model z14 (kvm) - qemu part) [2.12.0-64.el8] - kvm-doc-fix-the-configuration-path.patch [bz#1645411] - kvm-Increase-number-of-iotests-being-run-as-a-part-of-RH.patch [bz#1664463] - kvm-Load-kvm-module-during-boot.patch [bz#1676907 bz#1685995] - kvm-qemu-kvm.spec.template-Update-pyton-path-to-system-i.patch [] - Resolves: bz#1645411 (the 'fsfreeze-hook' script path shown by command 'qemu-ga --help' or 'man qemu-ga' is wrong) - Resolves: bz#1664463 (Modify iotest behavior to include luks and nbd and fail build if iotests fail) - Resolves: bz#1676907 (/dev/kvm device exists but kernel module is not loaded on boot up causing VM start to fail in libvirt) - Resolves: bz#1685995 (/dev/kvm device exists but kernel module is not loaded on boot up causing VM start to fail in libvirt) [2.12.0-63.el8] - kvm-scsi-generic-avoid-possible-out-of-bounds-access-to-.patch [bz#1668162] - Resolves: bz#1668162 (CVE-2019-6501 qemu-kvm: QEMU: scsi-generic: possible OOB access while handling inquiry request [rhel-8]) [2.12.0-62.el8] - kvm-slirp-check-data-length-while-emulating-ident-functi.patch [bz#1669069] - Resolves: bz#1669069 (CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu() [rhel-8.0]) [2.12.0-61.el8] - kvm-qemu-ga-make-get-fsinfo-work-over-pci-bridges.patch [bz#1666952] - kvm-qga-fix-driver-leak-in-guest-get-fsinfo.patch [bz#1666952] - Resolves: bz#1666952 (qemu-guest-agent does not parse PCI bridge links in 'build_guest_fsinfo_for_real_device' (q35)) [2.12.0-60.el8] - kvm-ne2000-fix-possible-out-of-bound-access-in-ne2000_re.patch [bz#1636784] - kvm-rtl8139-fix-possible-out-of-bound-access.patch [bz#1636784] - kvm-pcnet-fix-possible-buffer-overflow.patch [bz#1636784] - kvm-net-ignore-packet-size-greater-than-INT_MAX.patch [bz#1636784] - kvm-net-drop-too-large-packet-early.patch [bz#1636784] - kvm-net-hub-suppress-warnings-of-no-host-network-for-qte.patch [bz#1636784] - kvm-virtio-net-test-accept-variable-length-argument-in-p.patch [bz#1636784] - kvm-virtio-net-test-remove-unused-macro.patch [bz#1636784] - kvm-virtio-net-test-add-large-tx-buffer-test.patch [bz#1636784] - kvm-s390x-Return-specification-exception-for-unimplement.patch [bz#1668261] - kvm-cpus-ignore-ESRCH-in-qemu_cpu_kick_thread.patch [bz#1665844] - Resolves: bz#1636784 (CVE-2018-17963 qemu-kvm: Qemu: net: ignore packets with large size [rhel-8]) - Resolves: bz#1665844 (Guest quit with error when hotunplug cpu) - Resolves: bz#1668261 ([RHEL8] Backport diag308 stable exception fix (qemu-kvm)) [2.12.0-59.el8] - kvm-hw-scsi-cleanups-before-VPD-BL-emulation.patch [bz#1639957] - kvm-hw-scsi-centralize-SG_IO-calls-into-single-function.patch [bz#1639957] - kvm-hw-scsi-add-VPD-Block-Limits-emulation.patch [bz#1639957] - kvm-scsi-disk-Block-Device-Characteristics-emulation-fix.patch [bz#1639957] - kvm-scsi-generic-keep-VPD-page-list-sorted.patch [bz#1639957] - kvm-scsi-generic-avoid-out-of-bounds-access-to-VPD-page-.patch [bz#1639957] - kvm-scsi-generic-avoid-invalid-access-to-struct-when-emu.patch [bz#1639957] - kvm-scsi-generic-do-not-do-VPD-emulation-for-sense-other.patch [bz#1639957] - Resolves: bz#1639957 ([RHEL.8] scsi host device passthrough limits IO writes - slow train) [2.12.0-58.el8] - kvm-block-Update-flags-in-bdrv_set_read_only.patch [bz#1644996] - kvm-block-Add-auto-read-only-option.patch [bz#1644996] - kvm-rbd-Close-image-in-qemu_rbd_open-error-path.patch [bz#1644996] - kvm-block-Require-auto-read-only-for-existing-fallbacks.patch [bz#1644996] - kvm-nbd-Support-auto-read-only-option.patch [bz#1644996] - kvm-file-posix-Support-auto-read-only-option.patch [bz#1644996] - kvm-curl-Support-auto-read-only-option.patch [bz#1644996] - kvm-gluster-Support-auto-read-only-option.patch [bz#1644996] - kvm-iscsi-Support-auto-read-only-option.patch [bz#1644996] - kvm-block-Make-auto-read-only-on-default-for-drive.patch [bz#1644996] - kvm-qemu-iotests-Test-auto-read-only-with-drive-and-bloc.patch [bz#1644996] - kvm-block-Fix-update-of-BDRV_O_AUTO_RDONLY-in-update_fla.patch [bz#1644996] - kvm-qemu-img-Add-C-option-for-convert-with-copy-offloadi.patch [bz#1623082] - kvm-iotests-Add-test-for-qemu-img-convert-C-compatibilit.patch [bz#1623082] - Resolves: bz#1623082 ([rhel.8.0]Target files for 'qemu-img convert' do not support thin_provisoning with iscsi/nfs backend) - Resolves: bz#1644996 (block-commit can't be used with -blockdev) [2.12.0-57.el8] - kvm-qemu-kvm.spec.template-Update-files-for-tests-rpm-to.patch [bz#1601107] [2.12.0-56.el8] - kvm-Run-iotests-as-part-of-the-build-process.patch [bz#1661026] - kvm-Introduce-the-qemu-kvm-tests-rpm.patch [bz#1601107] - Resolves: bz#1601107 (qemu-kvm packaging: make running qemu-iotests more robust) - Resolves: bz#1661026 (Run iotests as part of build process) [2.12.0-55.el8] - kvm-block-Don-t-inactivate-children-before-parents.patch [bz#1659395] - kvm-iotests-Test-migration-with-blockdev.patch [bz#1659395] - Resolves: bz#1659395 (src qemu core dump when do migration ( block device node-name changed after change cdrom) - Slow Train) [2.12.0-54.el8] - kvm-s390x-tcg-avoid-overflows-in-time2tod-tod2time.patch [bz#1653569] - kvm-s390x-kvm-pass-values-instead-of-pointers-to-kvm_s39.patch [bz#1653569] - kvm-s390x-tod-factor-out-TOD-into-separate-device.patch [bz#1653569] - kvm-s390x-tcg-drop-tod_basetime.patch [bz#1653569] - kvm-s390x-tcg-properly-implement-the-TOD.patch [bz#1653569] - kvm-s390x-tcg-SET-CLOCK-COMPARATOR-can-clear-CKC-interru.patch [bz#1653569] - kvm-s390x-tcg-implement-SET-CLOCK.patch [bz#1653569] - kvm-s390x-tcg-rearm-the-CKC-timer-during-migration.patch [bz#1653569] - kvm-s390x-tcg-fix-locking-problem-with-tcg_s390_tod_upda.patch [bz#1653569] - kvm-hw-s390x-Include-the-tod-qemu-also-for-builds-with-d.patch [bz#1653569] - kvm-s390x-tod-Properly-stop-the-KVM-TOD-while-the-guest-.patch [bz#1653569] - kvm-hw-s390x-Fix-bad-mask-in-time2tod.patch [bz#1653569] - kvm-migration-discard-non-migratable-RAMBlocks.patch [bz#1539285] - kvm-vfio-pci-do-not-set-the-PCIDevice-has_rom-attribute.patch [bz#1539285] - kvm-memory-exec-Expose-all-memory-block-related-flags.patch [bz#1539285] - kvm-memory-exec-switch-file-ram-allocation-functions-to-.patch [bz#1539285] - kvm-configure-add-libpmem-support.patch [bz#1539285] - kvm-hostmem-file-add-the-pmem-option.patch [bz#1539285] - kvm-mem-nvdimm-ensure-write-persistence-to-PMEM-in-label.patch [bz#1539285] - kvm-migration-ram-Add-check-and-info-message-to-nvdimm-p.patch [bz#1539285] - kvm-migration-ram-ensure-write-persistence-on-loading-al.patch [bz#1539285] - Resolves: bz#1539285 ([Intel 8.0 Bug] [KVM][Crystal Ridge] Lack of data persistence guarantee of QEMU writes to host PMEM) - Resolves: bz#1653569 (Stress guest and stop it, then do live migration, guest hit call trace on destination end) [2.12.0-53.el8] - kvm-ui-add-qapi-parser-for-display.patch [bz#1652871] - kvm-ui-switch-trivial-displays-to-qapi-parser.patch [bz#1652871] - kvm-qapi-Add-rendernode-display-option-for-egl-headless.patch [bz#1652871] - kvm-ui-Allow-specifying-rendernode-display-option-for-eg.patch [bz#1652871] - kvm-qapi-add-query-display-options-command.patch [bz#1652871] - Resolves: bz#1652871 (QEMU doesn't expose rendernode option for egl-headless display type) [2.12.0-52.el8] - kvm-Add-edk2-Requires-to-qemu-kvm.patch [bz#1654276] - Resolves: bz#1654276 (qemu-kvm: Should depend on the architecture-appropriate guest firmware) [2.12.0-51.el8] - kvm-x86-host-phys-bits-limit-option.patch [bz#1598284] - kvm-rhel-Set-host-phys-bits-limit-48-on-rhel-machine-typ.patch [bz#1598284] - kvm-i386-do-not-migrate-MSR_SMI_COUNT-on-machine-types-2.patch [bz#1659565] - kvm-pc-x-migrate-smi-count-to-PC_RHEL_COMPAT.patch [bz#1659565] - kvm-slow-train-kvm-clear-out-KVM_ASYNC_PF_DELIVERY_AS_PF.patch [bz#1656829] - Resolves: bz#1598284 ([Intel 8.0 Alpha] physical bits should < 48 when host with 5level paging &EPT5 and qemu command with '-cpu qemu64' parameters.) - Resolves: bz#1656829 (8->7 migration failed: qemu-kvm: error: failed to set MSR 0x4b564d02 to 0x27fc13285) - Resolves: bz#1659565 (machine type: required compat flag x-migrate-smi-count=off) [2.12.0-51] - kvm-Add-edk2-Requires-to-qemu-kvm.patch [bz#1654276] - Resolves: bz#1654276 (qemu-kvm: Should depend on the architecture-appropriate guest firmware) [-] - kvm-redhat-enable-tpmdev-passthrough.patch [bz#1654486] - Resolves: bz#1654486 ([RFE] enable TPM passthrough at compile time (qemu-kvm)) [qemu-kvm-2.12.0-48] - kvm-redhat-use-autopatch-instead-of-PATCHAPPLY.patch [bz#1613128] - kvm-redhat-Removing-some-unused-build-flags-in-the-spec-.patch [bz#1613128] - kvm-redhat-Fixing-rhev-ma-conflicts.patch [bz#1613126] - kvm-redhat-Remove-_smp_mflags-cleanup-workaround-for-s39.patch [bz#1613128] - kvm-redhat-Removing-dead-code-from-the-spec-file.patch [bz#1613128] - kvm-i386-Add-stibp-flag-name.patch [bz#1639446] - kvm-Add-functional-acceptance-tests-infrastructure.patch [bz#1655807] - kvm-scripts-qemu.py-allow-adding-to-the-list-of-extra-ar.patch [bz#1655807] - kvm-Acceptance-tests-add-quick-VNC-tests.patch [bz#1655807] - kvm-scripts-qemu.py-introduce-set_console-method.patch [bz#1655807] - kvm-Acceptance-tests-add-Linux-kernel-boot-and-console-c.patch [bz#1655807] - kvm-Bootstrap-Python-venv-for-tests.patch [bz#1655807] - kvm-Acceptance-tests-add-make-rule-for-running-them.patch [bz#1655807] - Resolves: bz#1613126 (Check and fix qemu-kvm-rhev and qemu-kvm-ma conflicts in qemu-kvm for rhel-8) - Resolves: bz#1613128 (Spec file clean up) - Resolves: bz#1639446 (Cross migration from RHEL7.5 to RHEL8 shouldn't fail with cpu flag stibp [qemu-kvm]) - Resolves: bz#1655807 (Backport avocado-qemu tests for QEMU 2.12) [qemu-kvm-2.12.0-47] - kvm-Disable-CONFIG_IPMI-and-CONFIG_I2C-for-ppc64.patch [bz#1640044] - kvm-Disable-CONFIG_CAN_BUS-and-CONFIG_CAN_SJA1000.patch [bz#1640042] - Resolves: bz#1640042 (Disable CONFIG_CAN_BUS and CONFIG_CAN_SJA1000 config switches) - Resolves: bz#1640044 (Disable CONFIG_I2C and CONFIG_IPMI in default-configs/ppc64-softmmu.mak) [qemu-kvm-2.12.0-46] - kvm-qcow2-Give-the-refcount-cache-the-minimum-possible-s.patch [bz#1656507] - kvm-docs-Document-the-new-default-sizes-of-the-qcow2-cac.patch [bz#1656507] - kvm-qcow2-Fix-Coverity-warning-when-calculating-the-refc.patch [bz#1656507] - kvm-include-Add-IEC-binary-prefixes-in-qemu-units.h.patch [bz#1656507] - kvm-qcow2-Options-documentation-fixes.patch [bz#1656507] - kvm-include-Add-a-lookup-table-of-sizes.patch [bz#1656507] - kvm-qcow2-Make-sizes-more-humanly-readable.patch [bz#1656507] - kvm-qcow2-Avoid-duplication-in-setting-the-refcount-cach.patch [bz#1656507] - kvm-qcow2-Assign-the-L2-cache-relatively-to-the-image-si.patch [bz#1656507] - kvm-qcow2-Increase-the-default-upper-limit-on-the-L2-cac.patch [bz#1656507] - kvm-qcow2-Resize-the-cache-upon-image-resizing.patch [bz#1656507] - kvm-qcow2-Set-the-default-cache-clean-interval-to-10-min.patch [bz#1656507] - kvm-qcow2-Explicit-number-replaced-by-a-constant.patch [bz#1656507] - kvm-block-backend-Set-werror-rerror-defaults-in-blk_new.patch [bz#1657637] - kvm-qcow2-Fix-cache-clean-interval-documentation.patch [bz#1656507] - Resolves: bz#1656507 ([RHEL.8] qcow2 cache is too small) - Resolves: bz#1657637 (Wrong werror default for -device drive=<node-name>) [qemu-kvm-2.12.0-45] - kvm-target-ppc-add-basic-support-for-PTCR-on-POWER9.patch [bz#1639069] - kvm-linux-headers-Update-for-nested-KVM-HV-downstream-on.patch [bz#1639069] - kvm-target-ppc-Add-one-reg-id-for-ptcr.patch [bz#1639069] - kvm-ppc-spapr_caps-Add-SPAPR_CAP_NESTED_KVM_HV.patch [bz#1639069] - kvm-Re-enable-CONFIG_HYPERV_TESTDEV.patch [bz#1651195] - kvm-qxl-use-guest_monitor_config-for-local-renderer.patch [bz#1610163] - kvm-Declare-cirrus-vga-as-deprecated.patch [bz#1651994] - kvm-Do-not-build-bluetooth-support.patch [bz#1654651] - kvm-vfio-helpers-Fix-qemu_vfio_open_pci-crash.patch [bz#1645840] - kvm-balloon-Allow-multiple-inhibit-users.patch [bz#1650272] - kvm-Use-inhibit-to-prevent-ballooning-without-synchr.patch [bz#1650272] - kvm-vfio-Inhibit-ballooning-based-on-group-attachment-to.patch [bz#1650272] - kvm-vfio-ccw-pci-Allow-devices-to-opt-in-for-ballooning.patch [bz#1650272] - kvm-vfio-pci-Handle-subsystem-realpath-returning-NULL.patch [bz#1650272] - kvm-vfio-pci-Fix-failure-to-close-file-descriptor-on-err.patch [bz#1650272] - kvm-postcopy-Synchronize-usage-of-the-balloon-inhibitor.patch [bz#1650272] - Resolves: bz#1610163 (guest shows border blurred screen with some resolutions when qemu boot with -device qxl-vga ,and guest on rhel7.6 has no such question) - Resolves: bz#1639069 ([IBM 8.0 FEAT] POWER9 - Nested virtualization in RHEL8.0 KVM for ppc64le - qemu-kvm side) - Resolves: bz#1645840 (Qemu core dump when hotplug nvme:// drive via -blockdev) - Resolves: bz#1650272 (Ballooning is incompatible with vfio assigned devices, but not prevented) - Resolves: bz#1651195 (Re-enable hyperv-testdev device) - Resolves: bz#1651994 (Declare the 'Cirrus VGA' device emulation of QEMU as deprecated in RHEL8) - Resolves: bz#1654651 (Qemu: hw: bt: keep bt/* objects from building [rhel-8.0]) [qemu-kvm-2.12.0-44] - kvm-block-Make-more-block-drivers-compile-time-configura.patch [bz#1598842 bz#1598842] - kvm-RHEL8-Add-disable-configure-options-to-qemu-spec-fil.patch [bz#1598842] - Resolves: bz#1598842 (Compile out unused block drivers) [qemu-kvm-2.12.0-43] - kvm-configure-add-test-for-libudev.patch [bz#1636185] - kvm-qga-linux-report-disk-serial-number.patch [bz#1636185] - kvm-qga-linux-return-disk-device-in-guest-get-fsinfo.patch [bz#1636185] - kvm-qemu-error-introduce-error-warn-_report_once.patch [bz#1625173] - kvm-intel-iommu-start-to-use-error_report_once.patch [bz#1625173] - kvm-intel-iommu-replace-more-vtd_err_-traces.patch [bz#1625173] - kvm-intel_iommu-introduce-vtd_reset_caches.patch [bz#1625173] - kvm-intel_iommu-better-handling-of-dmar-state-switch.patch [bz#1625173] - kvm-intel_iommu-move-ce-fetching-out-when-sync-shadow.patch [bz#1625173 bz#1629616] - kvm-intel_iommu-handle-invalid-ce-for-shadow-sync.patch [bz#1625173 bz#1629616] - kvm-block-remove-bdrv_dirty_bitmap_make_anon.patch [bz#1518989] - kvm-block-simplify-code-around-releasing-bitmaps.patch [bz#1518989] - kvm-hbitmap-Add-advance-param-to-hbitmap_iter_next.patch [bz#1518989] - kvm-test-hbitmap-Add-non-advancing-iter_next-tests.patch [bz#1518989] - kvm-block-dirty-bitmap-Add-bdrv_dirty_iter_next_area.patch [bz#1518989] - kvm-blockdev-backup-add-bitmap-argument.patch [bz#1518989] - kvm-dirty-bitmap-switch-assert-fails-to-errors-in-bdrv_m.patch [bz#1518989] - kvm-dirty-bitmap-rename-bdrv_undo_clear_dirty_bitmap.patch [bz#1518989] - kvm-dirty-bitmap-make-it-possible-to-restore-bitmap-afte.patch [bz#1518989] - kvm-blockdev-rename-block-dirty-bitmap-clear-transaction.patch [bz#1518989] - kvm-qapi-add-transaction-support-for-x-block-dirty-bitma.patch [bz#1518989] - kvm-block-dirty-bitmaps-add-user_locked-status-checker.patch [bz#1518989] - kvm-block-dirty-bitmaps-fix-merge-permissions.patch [bz#1518989] - kvm-block-dirty-bitmaps-allow-clear-on-disabled-bitmaps.patch [bz#1518989] - kvm-block-dirty-bitmaps-prohibit-enable-disable-on-locke.patch [bz#1518989] - kvm-block-backup-prohibit-backup-from-using-in-use-bitma.patch [bz#1518989] - kvm-nbd-forbid-use-of-frozen-bitmaps.patch [bz#1518989] - kvm-bitmap-Update-count-after-a-merge.patch [bz#1518989] - kvm-iotests-169-drop-deprecated-autoload-parameter.patch [bz#1518989] - kvm-block-qcow2-improve-error-message-in-qcow2_inactivat.patch [bz#1518989] - kvm-bloc-qcow2-drop-dirty_bitmaps_loaded-state-variable.patch [bz#1518989] - kvm-dirty-bitmaps-clean-up-bitmaps-loading-and-migration.patch [bz#1518989] - kvm-iotests-improve-169.patch [bz#1518989] - kvm-iotests-169-add-cases-for-source-vm-resuming.patch [bz#1518989] - kvm-pc-dimm-turn-alignment-assert-into-check.patch [bz#1630116] - Resolves: bz#1518989 (RFE: QEMU Incremental live backup) - Resolves: bz#1625173 ([NVMe Device Assignment] Guest could not boot up with q35+iommu) - Resolves: bz#1629616 (boot guest with q35+vIOMMU+ device assignment, qemu terminal shows 'qemu-kvm: VFIO_UNMAP_DMA: -22' when return assigned network devices from vfio driver to ixgbe in guest) - Resolves: bz#1630116 (pc_dimm_get_free_addr: assertion failed: (QEMU_ALIGN_UP(address_space_start, align) == address_space_start)) - Resolves: bz#1636185 ([RFE] Report disk device name and serial number (qemu-guest-agent on Linux)) [2.12.0-42.el8] - kvm-luks-Allow-share-rw-on.patch [bz#1629701] - kvm-redhat-reenable-gluster-support.patch [bz#1599340] - kvm-redhat-bump-libusb-requirement.patch [bz#1627970] - Resolves: bz#1599340 (Reenable glusterfs in qemu-kvm once BZ#1567292 gets fixed) - Resolves: bz#1627970 (symbol lookup error: /usr/libexec/qemu-kvm: undefined symbol: libusb_set_option) - Resolves: bz#1629701 ('share-rw=on' does not work for luks format image - Fast Train) [2.12.0-41.el8] - kvm-block-rbd-pull-out-qemu_rbd_convert_options.patch [bz#1635585] - kvm-block-rbd-Attempt-to-parse-legacy-filenames.patch [bz#1635585] - kvm-block-rbd-add-deprecation-documentation-for-filename.patch [bz#1635585] - kvm-block-rbd-add-iotest-for-rbd-legacy-keyvalue-filenam.patch [bz#1635585] - Resolves: bz#1635585 (rbd json format of 7.6 is incompatible with 7.5) [2.12.0-40.el8] - kvm-vnc-call-sasl_server_init-only-when-required.patch [bz#1609327] - kvm-nbd-server-fix-NBD_CMD_CACHE.patch [bz#1636142] - kvm-nbd-fix-NBD_FLAG_SEND_CACHE-value.patch [bz#1636142] - kvm-test-bdrv-drain-bdrv_drain-works-with-cross-AioConte.patch [bz#1637976] - kvm-block-Use-bdrv_do_drain_begin-end-in-bdrv_drain_all.patch [bz#1637976] - kvm-block-Remove-recursive-parameter-from-bdrv_drain_inv.patch [bz#1637976] - kvm-block-Don-t-manually-poll-in-bdrv_drain_all.patch [bz#1637976] - kvm-tests-test-bdrv-drain-bdrv_drain_all-works-in-corout.patch [bz#1637976] - kvm-block-Avoid-unnecessary-aio_poll-in-AIO_WAIT_WHILE.patch [bz#1637976] - kvm-block-Really-pause-block-jobs-on-drain.patch [bz#1637976] - kvm-block-Remove-bdrv_drain_recurse.patch [bz#1637976] - kvm-test-bdrv-drain-Add-test-for-node-deletion.patch [bz#1637976] - kvm-block-Drain-recursively-with-a-single-BDRV_POLL_WHIL.patch [bz#1637976] - kvm-test-bdrv-drain-Test-node-deletion-in-subtree-recurs.patch [bz#1637976] - kvm-block-Don-t-poll-in-parent-drain-callbacks.patch [bz#1637976] - kvm-test-bdrv-drain-Graph-change-through-parent-callback.patch [bz#1637976] - kvm-block-Defer-.bdrv_drain_begin-callback-to-polling-ph.patch [bz#1637976] - kvm-test-bdrv-drain-Test-that-bdrv_drain_invoke-doesn-t-.patch [bz#1637976] - kvm-block-Allow-AIO_WAIT_WHILE-with-NULL-ctx.patch [bz#1637976] - kvm-block-Move-bdrv_drain_all_begin-out-of-coroutine-con.patch [bz#1637976] - kvm-block-ignore_bds_parents-parameter-for-drain-functio.patch [bz#1637976] - kvm-block-Allow-graph-changes-in-bdrv_drain_all_begin-en.patch [bz#1637976] - kvm-test-bdrv-drain-Test-graph-changes-in-drain_all-sect.patch [bz#1637976] - kvm-block-Poll-after-drain-on-attaching-a-node.patch [bz#1637976] - kvm-test-bdrv-drain-Test-bdrv_append-to-drained-node.patch [bz#1637976] - kvm-block-linux-aio-acquire-AioContext-before-qemu_laio_.patch [bz#1637976] - kvm-util-async-use-qemu_aio_coroutine_enter-in-co_schedu.patch [bz#1637976] - kvm-job-Fix-nested-aio_poll-hanging-in-job_txn_apply.patch [bz#1637976] - kvm-job-Fix-missing-locking-due-to-mismerge.patch [bz#1637976] - kvm-blockjob-Wake-up-BDS-when-job-becomes-idle.patch [bz#1637976] - kvm-aio-wait-Increase-num_waiters-even-in-home-thread.patch [bz#1637976] - kvm-test-bdrv-drain-Drain-with-block-jobs-in-an-I-O-thre.patch [bz#1637976] - kvm-test-blockjob-Acquire-AioContext-around-job_cancel_s.patch [bz#1637976] - kvm-job-Use-AIO_WAIT_WHILE-in-job_finish_sync.patch [bz#1637976] - kvm-test-bdrv-drain-Test-AIO_WAIT_WHILE-in-completion-ca.patch [bz#1637976] - kvm-block-Add-missing-locking-in-bdrv_co_drain_bh_cb.patch [bz#1637976] - kvm-block-backend-Add-.drained_poll-callback.patch [bz#1637976] - kvm-block-backend-Fix-potential-double-blk_delete.patch [bz#1637976] - kvm-block-backend-Decrease-in_flight-only-after-callback.patch [bz#1637976] - kvm-blockjob-Lie-better-in-child_job_drained_poll.patch [bz#1637976] - kvm-block-Remove-aio_poll-in-bdrv_drain_poll-variants.patch [bz#1637976] - kvm-test-bdrv-drain-Test-nested-poll-in-bdrv_drain_poll_.patch [bz#1637976] - kvm-job-Avoid-deadlocks-in-job_completed_txn_abort.patch [bz#1637976] - kvm-test-bdrv-drain-AIO_WAIT_WHILE-in-job-.commit-.abort.patch [bz#1637976] - kvm-test-bdrv-drain-Fix-outdated-comments.patch [bz#1637976] - kvm-block-Use-a-single-global-AioWait.patch [bz#1637976] - kvm-test-bdrv-drain-Test-draining-job-source-child-and-p.patch [bz#1637976] - kvm-qemu-img-Fix-assert-when-mapping-unaligned-raw-file.patch [bz#1639374] - kvm-iotests-Add-test-221-to-catch-qemu-img-map-regressio.patch [bz#1639374] - Resolves: bz#1609327 (qemu-kvm[37046]: Could not find keytab file: /etc/qemu/krb5.tab: Unknown error 49408) - Resolves: bz#1636142 (qemu NBD_CMD_CACHE flaws impacting non-qemu NBD clients) - Resolves: bz#1637976 (Crashes and hangs with iothreads vs. block jobs) - Resolves: bz#1639374 (qemu-img map 'Aborted (core dumped)' when specifying a plain file) [2.12.0-39.el8] - kvm-linux-headers-update.patch [bz#1508142] - kvm-s390x-cpumodel-Set-up-CPU-model-for-AP-device-suppor.patch [bz#1508142] - kvm-s390x-kvm-enable-AP-instruction-interpretation-for-g.patch [bz#1508142] - kvm-s390x-ap-base-Adjunct-Processor-AP-object-model.patch [bz#1508142] - kvm-s390x-vfio-ap-Introduce-VFIO-AP-device.patch [bz#1508142] - kvm-s390-doc-detailed-specifications-for-AP-virtualizati.patch [bz#1508142] - Resolves: bz#1508142 ([IBM 8.0 FEAT] KVM: Guest-dedicated Crypto Adapters - qemu part) [2.12.0-38.el8] - kvm-Revert-hw-acpi-build-build-SRAT-memory-affinity-stru.patch [bz#1609235] - kvm-add-udev-kvm-check.patch [bz#1552663] - kvm-aio-posix-Don-t-count-ctx-notifier-as-progress-when-.patch [bz#1623085] - kvm-aio-Do-aio_notify_accept-only-during-blocking-aio_po.patch [bz#1623085] - kvm-aio-posix-fix-concurrent-access-to-poll_disable_cnt.patch [bz#1632622] - kvm-aio-posix-compute-timeout-before-polling.patch [bz#1632622] - kvm-aio-posix-do-skip-system-call-if-ctx-notifier-pollin.patch [bz#1632622] - kvm-intel-iommu-send-PSI-always-even-if-across-PDEs.patch [bz#1450712] - kvm-intel-iommu-remove-IntelIOMMUNotifierNode.patch [bz#1450712] - kvm-intel-iommu-add-iommu-lock.patch [bz#1450712] - kvm-intel-iommu-only-do-page-walk-for-MAP-notifiers.patch [bz#1450712] - kvm-intel-iommu-introduce-vtd_page_walk_info.patch [bz#1450712] - kvm-intel-iommu-pass-in-address-space-when-page-walk.patch [bz#1450712] - kvm-intel-iommu-trace-domain-id-during-page-walk.patch [bz#1450712] - kvm-util-implement-simple-iova-tree.patch [bz#1450712] - kvm-intel-iommu-rework-the-page-walk-logic.patch [bz#1450712] - kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch [bz#1633928] - Resolves: bz#1450712 (Booting nested guest with vIOMMU, the assigned network devices can not receive packets (qemu)) - Resolves: bz#1552663 (81-kvm-rhel.rules is no longer part of initscripts) - Resolves: bz#1609235 (Win2016 guest can't recognize pc-dimm hotplugged to node 0) - Resolves: bz#1623085 (VM doesn't boot from HD) - Resolves: bz#1632622 (~40% virtio_blk disk performance drop for win2012r2 guest when comparing qemu-kvm-rhev-2.12.0-9 with qemu-kvm-rhev-2.12.0-12) - Resolves: bz#1633928 (CVE-2018-3639 qemu-kvm: hw: cpu: speculative store bypass [rhel-8.0]) [2.12.0-37.el8] - kvm-block-for-jobs-do-not-clear-user_paused-until-after-.patch [bz#1635583] - kvm-iotests-Add-failure-matching-to-common.qemu.patch [bz#1635583] - kvm-block-iotest-to-catch-abort-on-forced-blockjob-cance.patch [bz#1635583] - Resolves: bz#1635583 (Quitting VM causes qemu core dump once the block mirror job paused for no enough target space) [2.12.0-36.el8] - kvm-check-Only-test-ivshm-when-it-is-compiled-in.patch [bz#1621817] - kvm-Disable-ivshmem.patch [bz#1621817] - kvm-mirror-Fail-gracefully-for-source-target.patch [bz#1637963] - kvm-commit-Add-top-node-base-node-options.patch [bz#1637970] - kvm-qemu-iotests-Test-commit-with-top-node-base-node.patch [bz#1637970] - Resolves: bz#1621817 (Disable IVSHMEM in RHEL 8) - Resolves: bz#1637963 (Segfault on 'blockdev-mirror' with same node as source and target) - Resolves: bz#1637970 (allow using node-names with block-commit) [2.12.0-35.el8] - kvm-redhat-make-the-plugins-executable.patch [bz#1638304] - Resolves: bz#1638304 (the driver packages lack all the library Requires) [2.12.0-34.el8] - kvm-seccomp-allow-sched_setscheduler-with-SCHED_IDLE-pol.patch [bz#1618356] - kvm-seccomp-use-SIGSYS-signal-instead-of-killing-the-thr.patch [bz#1618356] - kvm-seccomp-prefer-SCMP_ACT_KILL_PROCESS-if-available.patch [bz#1618356] - kvm-configure-require-libseccomp-2.2.0.patch [bz#1618356] - kvm-seccomp-set-the-seccomp-filter-to-all-threads.patch [bz#1618356] - kvm-memory-cleanup-side-effects-of-memory_region_init_fo.patch [bz#1600365] - Resolves: bz#1600365 (QEMU core dumped when hotplug memory exceeding host hugepages and with discard-data=yes) - Resolves: bz#1618356 (qemu-kvm: Qemu: seccomp: blacklist is not applied to all threads [rhel-8]) [2.12.0-33.el8] - kvm-migration-postcopy-Clear-have_listen_thread.patch [bz#1608765] - kvm-migration-cleanup-in-error-paths-in-loadvm.patch [bz#1608765] - kvm-jobs-change-start-callback-to-run-callback.patch [bz#1632939] - kvm-jobs-canonize-Error-object.patch [bz#1632939] - kvm-jobs-add-exit-shim.patch [bz#1632939] - kvm-block-commit-utilize-job_exit-shim.patch [bz#1632939] - kvm-block-mirror-utilize-job_exit-shim.patch [bz#1632939] - kvm-jobs-utilize-job_exit-shim.patch [bz#1632939] - kvm-block-backup-make-function-variables-consistently-na.patch [bz#1632939] - kvm-jobs-remove-ret-argument-to-job_completed-privatize-.patch [bz#1632939] - kvm-jobs-remove-job_defer_to_main_loop.patch [bz#1632939] - kvm-block-commit-add-block-job-creation-flags.patch [bz#1632939] - kvm-block-mirror-add-block-job-creation-flags.patch [bz#1632939] - kvm-block-stream-add-block-job-creation-flags.patch [bz#1632939] - kvm-block-commit-refactor-commit-to-use-job-callbacks.patch [bz#1632939] - kvm-block-mirror-don-t-install-backing-chain-on-abort.patch [bz#1632939] - kvm-block-mirror-conservative-mirror_exit-refactor.patch [bz#1632939] - kvm-block-stream-refactor-stream-to-use-job-callbacks.patch [bz#1632939] - kvm-tests-blockjob-replace-Blockjob-with-Job.patch [bz#1632939] - kvm-tests-test-blockjob-remove-exit-callback.patch [bz#1632939] - kvm-tests-test-blockjob-txn-move-.exit-to-.clean.patch [bz#1632939] - kvm-jobs-remove-.exit-callback.patch [bz#1632939] - kvm-qapi-block-commit-expose-new-job-properties.patch [bz#1632939] - kvm-qapi-block-mirror-expose-new-job-properties.patch [bz#1632939] - kvm-qapi-block-stream-expose-new-job-properties.patch [bz#1632939] - kvm-block-backup-qapi-documentation-fixup.patch [bz#1632939] - kvm-blockdev-document-transactional-shortcomings.patch [bz#1632939] - Resolves: bz#1608765 (After postcopy migration, do savevm and loadvm, guest hang and call trace) - Resolves: bz#1632939 (qemu blockjobs other than backup do not support job-finalize or job-dismiss) [2.12.0-32.el8] - kvm-Re-enable-disabled-Hyper-V-enlightenments.patch [bz#1625185] - kvm-Fix-annocheck-issues.patch [bz#1624164] - kvm-exec-check-that-alignment-is-a-power-of-two.patch [bz#1630746] - kvm-curl-Make-sslverify-off-disable-host-as-well-as-peer.patch [bz#1575925] - Resolves: bz#1575925 ('SSL: no alternative certificate subject name matches target host name' error even though sslverify = off) - Resolves: bz#1624164 (Review annocheck distro flag failures in qemu-kvm) - Resolves: bz#1625185 (Re-enable disabled Hyper-V enlightenments) - Resolves: bz#1630746 (qemu_ram_mmap: Assertion skip_bytes < pnum' failed.) - Resolves: bz#1591076 (The driver of 'throttle' is not whitelisted) - Resolves: bz#1592817 (Retrying on serial_xmit if the pipe is broken may compromise the Guest) - Resolves: bz#1594135 (system_reset many times linux guests cause qemu process Aborted) - Resolves: bz#1595173 (blockdev-create is blocking) - Resolves: bz#1595180 (Can't set rerror/werror with usb-storage) - Resolves: bz#1595740 (RHEL-Alt-7.6 - qemu has error during migration of larger guests) - Resolves: bz#1599335 (Image creation locking is too tight and is not properly released) - Resolves: bz#1599515 (qemu core-dump with aio_read via hmp (util/qemu-thread-posix.c:64: qemu_mutex_lock_impl: Assertion *pnum && (((*pnum) % (align)) == 0) && align > offset - aligned_offset\' failed)) - Resolves: bz#1707192 (implement missing reset handler for cfi.pflash01 - slow train) - Resolves: bz#1727642 (CVE-2019-6778 qemu-kvm: QEMU: slirp: heap buffer overflow in tcp_emu()) - Resolves: bz#1732642 (enable the virtio-net frontend to work with the vhost-net backend in SEV guests) - Resolves: bz#1734751 (CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-8.1.0]) [2.12.0-82.el8] - kvm-i386-Add-new-model-of-Cascadelake-Server.patch [bz#1629906] - kvm-i386-Update-stepping-of-Cascadelake-Server.patch [bz#1629906] - kvm-target-i386-Disable-MPX-support-on-named-CPU-models.patch [bz#1629906] - kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-named-CPU-NEW.patch [bz#1629906] - kvm-i386-Disable-OSPKE-on-CPU-model-definitions-NEW.patch [bz#1629906] - kvm-block-ssh-Convert-from-DPRINTF-macro-to-trace-events.patch [bz#1513367] - kvm-block-ssh-Do-not-report-read-write-flush-errors-to-t.patch [bz#1513367] - kvm-qemu-iotests-Fix-paths-for-NFS.patch [bz#1513367] - kvm-qemu-iotests-Filter-NFS-paths.patch [bz#1513367] - kvm-iotests-Filter-SSH-paths.patch [bz#1513367] - kvm-block-ssh-Implement-.bdrv_refresh_filename.patch [bz#1513367] - kvm-iotests-Use-Python-byte-strings-where-appropriate.patch [bz#1513367] - kvm-iotests-Unify-log-outputs-between-Python-2-and-3.patch [bz#1513367] - kvm-ssh-switch-from-libssh2-to-libssh.patch [bz#1513367] - kvm-redhat-switch-from-libssh2-to-libssh.patch [bz#1513367] - kvm-block-gluster-limit-the-transfer-size-to-512-MiB.patch [bz#1728657] - kvm-s390-cpumodel-fix-description-for-the-new-vector-fac.patch [bz#1729975] - kvm-s390x-cpumodel-remove-esort-from-the-default-model.patch [bz#1729975] - kvm-s390x-cpumodel-also-change-name-of-vxbeh.patch [bz#1729975] - kvm-s390x-cpumodel-change-internal-name-of-vxpdeh-to-mat.patch [bz#1729975] - kvm-target-i386-sev-Do-not-unpin-ram-device-memory-regio.patch [bz#1728958] - kvm-i386-Save-EFER-for-32-bit-targets.patch [bz#1689269] - kvm-target-i386-rename-HF_SVMI_MASK-to-HF_GUEST_MASK.patch [bz#1689269] - kvm-target-i386-kvm-add-VMX-migration-blocker.patch [bz#1689269] - kvm-target-i386-kvm-just-return-after-migrate_add_blocke.patch [bz#1689269] - kvm-target-i386-kvm-Delete-VMX-migration-blocker-on-vCPU.patch [bz#1689269] - kvm-Introduce-kvm_arch_destroy_vcpu.patch [bz#1689269] - kvm-target-i386-kvm-Use-symbolic-constant-for-DB-BP-exce.patch [bz#1689269] - kvm-target-i386-kvm-Re-inject-DB-to-guest-with-updated-D.patch [bz#1689269] - kvm-target-i386-kvm-Block-migration-for-vCPUs-exposed-wi.patch [bz#1689269] - kvm-target-i386-kvm-do-not-initialize-padding-fields.patch [bz#1689269] - kvm-linux-headers-synchronize-generic-and-x86-KVM-header.patch [bz#1689269] - kvm-vmstate-Add-support-for-kernel-integer-types.patch [bz#1689269] - kvm-target-i386-kvm-Add-support-for-save-and-restore-nes.patch [bz#1689269] - kvm-target-i386-kvm-Add-support-for-KVM_CAP_EXCEPTION_PA.patch [bz#1689269] - kvm-target-i386-kvm-Add-nested-migration-blocker-only-wh.patch [bz#1689269] - kvm-target-i386-kvm-Demand-nested-migration-kernel-capab.patch [bz#1689269] - kvm-target-i386-skip-KVM_GET-SET_NESTED_STATE-if-VMX-dis.patch [bz#1689269] - kvm-i386-kvm-Do-not-sync-nested-state-during-runtime.patch [bz#1689269] - Resolves: bz#1513367 (qemu with libssh) - Resolves: bz#1629906 ([Intel 8.1 Feat] qemu-kvm Introduce Cascade Lake (CLX) cpu model) - Resolves: bz#1689269 (Nested KVM: support for migration of nested hypervisors - Slow Train) - Resolves: bz#1728657 ('qemu-io write' to a raw image over libgfapi fails) - Resolves: bz#1728958 (Hot unplug vfio-pci NIC devices from sev guest will cause qemu-kvm: sev_ram_block_removed: failed to unregister region) - Resolves: bz#1729975 (RHEL 8.1 Pre-Beta - Fix for hardware CPU Model) [2.12.0-81.el8] - kvm-target-i386-add-MDS-NO-feature.patch [bz#1714792] - kvm-virtio-gpu-pass-down-VirtIOGPU-pointer-to-a-bunch-of.patch [bz#1531543] - kvm-virtio-gpu-add-iommu-support.patch [bz#1531543] - kvm-virtio-gpu-fix-unmap-in-error-path.patch [bz#1531543] - Resolves: bz#1531543 ([RFE] add iommu support to virtio-gpu) - Resolves: bz#1714792 ([Intel 8.1 FEAT] MDS_NO exposure to guest) [2.12.0-80.el8] - kvm-qxl-check-release-info-object.patch [bz#1712705] - kvm-iotests-Make-182-do-without-device_add.patch [bz#1707598] - Resolves: bz#1707598 (qemu-iotest 182 fails without device hotplugging support) - Resolves: bz#1712705 (CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-8]) [15:2.12.0-79] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [2.12.0-78.el8] - kvm-gluster-Handle-changed-glfs_ftruncate-signature.patch [bz#1721983] - kvm-gluster-the-glfs_io_cbk-callback-function-pointer-ad.patch [bz#1721983] - Resolves: bz#1721983 (qemu-kvm can't be build with new gluster version (6.0.6)) [2.12.0-77.el8] - kvm-i386-Make-arch_capabilities-migratable.patch [bz#1709970] - kvm-spapr-Fix-ibm-max-associativity-domains-property-num.patch [bz#1710662] - kvm-linux-headers-Update-for-NVLink2-passthrough-downstr.patch [bz#1710662] - kvm-pci-Move-NVIDIA-vendor-id-to-the-rest-of-ids.patch [bz#1710662] - kvm-vfio-quirks-Add-common-quirk-alloc-helper.patch [bz#1710662] - kvm-vfio-Make-vfio_get_region_info_cap-public.patch [bz#1710662] - kvm-spapr-Support-NVIDIA-V100-GPU-with-NVLink2.patch [bz#1710662] - kvm-qemu-kvm.spec-bump-libseccomp-2.4.0.patch [bz#1719578] - Resolves: bz#1709970 ([Intel 8.1 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM - qemu-kvm) - Resolves: bz#1710662 ([IBM 8.1 FEAT] POWER9 - Virt: qemu: NVLink2 passthru to guest - Nvidia Volta (GPU) (kvm)) - Resolves: bz#1719578 (VM failed to start with error 'failed to install seccomp syscall filter in the kernel') [2.12.0-76.el8] - kvm-Introduce-new-no_guest_reset-parameter-for-usb-host-.patch [bz#1713677] - kvm-usb-call-reset-handler-before-updating-state.patch [bz#1713677] - kvm-usb-host-skip-reset-for-untouched-devices.patch [bz#1713677] - kvm-usb-host-avoid-libusb_set_configuration-calls.patch [bz#1713677] - kvm-virtio-scsi-Move-BlockBackend-back-to-the-main-AioCo.patch [bz#1673396 bz#1673401] - kvm-scsi-disk-Acquire-the-AioContext-in-scsi_-_realize.patch [bz#1673396 bz#1673401] - kvm-virtio-scsi-Forbid-devices-with-different-iothreads-.patch [bz#1673396 bz#1673401] - kvm-Disable-VXHS-support.patch [bz#1714933] - Resolves: bz#1673396 (qemu-kvm core dumped after hotplug the deleted disk with iothread parameter) - Resolves: bz#1673401 (Qemu core dump when start guest with two disks using same drive) - Resolves: bz#1713677 (Detached device when trying to upgrade USB device firmware when in doing USB Passthrough via QEMU) - Resolves: bz#1714933 (Disable VXHS in qemu-kvm) [2.12.0-75.el8] - kvm-s390x-cpumodel-enum-type-S390FeatGroup-now-gets-gene.patch [bz#1660912] - kvm-linux-headers-update-against-Linux-5.2-rc1.patch [bz#1660912] - kvm-s390x-cpumodel-ignore-csske-for-expansion.patch [bz#1660912] - kvm-s390x-cpumodel-Miscellaneous-Instruction-Extensions-.patch [bz#1660912] - kvm-s390x-cpumodel-msa9-facility.patch [bz#1660912] - kvm-s390x-cpumodel-vector-enhancements.patch [bz#1660912] - kvm-s390x-cpumodel-enhanced-sort-facility.patch [bz#1660912] - kvm-s390x-cpumodel-add-Deflate-conversion-facility.patch [bz#1660912] - kvm-s390x-cpumodel-add-gen15-defintions.patch [bz#1660912] - kvm-s390x-cpumodel-wire-up-8561-and-8562-as-gen15-machin.patch [bz#1660912] - kvm-spice-set-device-address-and-device-display-ID-in-QX.patch [bz#1712946] - kvm-hw-pci-Add-missing-include.patch [bz#1712946] - Resolves: bz#1660912 ([IBM 8.1 FEAT] KVM s390x: Add hardware CPU Model - qemu part) - Resolves: bz#1712946 (qemu-kvm build is broken due to spice_qxl_set_max_monitors being deprecated) [2.12.0-74.el8] - kvm-x86-cpu-Enable-CLDEMOTE-Demote-Cache-Line-cpu-featur.patch [bz#1696436] - kvm-memory-Fix-the-memory-region-type-assignment-order.patch [bz#1667249] - kvm-target-i386-sev-Do-not-pin-the-ram-device-memory-reg.patch [bz#1667249] - kvm-block-Fix-invalidate_cache-error-path-for-parent-act.patch [bz#1673010] - kvm-target-i386-define-md-clear-bit.patch [bz#1703302 bz#1703308] - Resolves: bz#1667249 (Fail to launch AMD SEV VM with assigned PCI device) - Resolves: bz#1673010 (Local VM and migrated VM on the same host can run with same RAW file as visual disk source while without shareable configured or lock manager enabled) - Resolves: bz#1696436 ([Intel 8.0 Feat] KVM Enabling SnowRidge new NIs - qemu-kvm) - Resolves: bz#1703302 (CVE-2018-12130 virt:rhel/qemu-kvm: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [rhel-8]) - Resolves: bz#1703308 (CVE-2018-12127 virt:rhel/qemu-kvm: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [rhel-8]) [2.12.0-73.el8] - kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-named-CPU-mo.patch [bz#1561761] - kvm-i386-Disable-OSPKE-on-CPU-model-definitions.patch [bz#1561761] - Resolves: bz#1561761 ([Intel 8.1 Feat] qemu-kvm Introduce Icelake cpu model) [2.12.0-72.el8] - kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch [bz#1707706] - kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch [bz#1707706] - Resolves: bz#1707706 (/builddir/build/BUILD/qemu-2.12.0/target/i386/kvm.c:2031: kvm_put_msrs: Assertion is_power_of_2(align)' failed) [2.12.0-31.el8] - kvm-i386-Disable-TOPOEXT-by-default-on-cpu-host.patch [bz#1619804] - kvm-redhat-enable-opengl-add-build-and-runtime-deps.patch [bz#1618412] - Resolves: bz#1618412 (Enable opengl (for intel vgpu display)) - Resolves: bz#1619804 (kernel panic in init_amd_cacheinfo) [2.12.0-30.el8] - kvm-redhat-Disable-vhost-crypto.patch [bz#1625668] - Resolves: bz#1625668 (Decide if we should disable 'vhost-crypto' or not) [2.12.0-29.el8] - kvm-target-i386-sev-fix-memory-leaks.patch [bz#1615717] - kvm-i386-Fix-arch_query_cpu_model_expansion-leak.patch [bz#1615717] - kvm-redhat-Update-build-configuration.patch [bz#1573156] - Resolves: bz#1573156 (Update build configure for QEMU 2.12.0) - Resolves: bz#1615717 (Memory leaks) [2.12.0-28.el8] - kvm-e1000e-Do-not-auto-clear-ICR-bits-which-aren-t-set-i.patch [bz#1596024] - kvm-e1000e-Prevent-MSI-MSI-X-storms.patch [bz#1596024] - kvm-Drop-build_configure.sh-and-Makefile.local-files.patch [] - kvm-Fix-subject-line-in-.gitpublish.patch [] - Resolves: bz#1596024 (The network link can't be detected on guest when the guest uses e1000e model type) [2.12.0-27.el8] - kvm-Fix-libusb-1.0.22-deprecated-libusb_set_debug-with-l.patch [bz#1622656] - Resolves: bz#1622656 (qemu-kvm fails to build due to libusb_set_debug being deprecated) [2.12.0-26.el8] - kvm-redhat-remove-extra-in-rhel_rhev_conflicts-macro.patch [bz#1618752] - Resolves: bz#1618752 (qemu-kvm can't be installed in RHEL-8 as it Conflicts with itself.) [2.12.0-25.el8] - kvm-Migration-TLS-Fix-crash-due-to-double-cleanup.patch [bz#1594384] - Resolves: bz#1594384 (2.12 migration fixes) [2.12.0-24.el8] - kvm-Add-qemu-keymap-to-qemu-kvm-common.patch [bz#1593117] - Resolves: bz#1593117 (add qemu-keymap utility) [2.12.0-23.el8] - Fixing an issue with some old command in the spec file [2.12.0-22.el8] - Fix an issue with the build_configure script. - Resolves: bz#1425820 (Improve QEMU packaging layout with modularization of the block layer) [2.12.0-20.el8] - kvm-migration-stop-compressing-page-in-migration-thread.patch [bz#1594384] - kvm-migration-stop-compression-to-allocate-and-free-memo.patch [bz#1594384] - kvm-migration-stop-decompression-to-allocate-and-free-me.patch [bz#1594384] - kvm-migration-detect-compression-and-decompression-error.patch [bz#1594384] - kvm-migration-introduce-control_save_page.patch [bz#1594384] - kvm-migration-move-some-code-to-ram_save_host_page.patch [bz#1594384] - kvm-migration-move-calling-control_save_page-to-the-comm.patch [bz#1594384] - kvm-migration-move-calling-save_zero_page-to-the-common-.patch [bz#1594384] - kvm-migration-introduce-save_normal_page.patch [bz#1594384] - kvm-migration-remove-ram_save_compressed_page.patch [bz#1594384] - kvm-migration-block-dirty-bitmap-fix-memory-leak-in-dirt.patch [bz#1594384] - kvm-migration-fix-saving-normal-page-even-if-it-s-been-c.patch [bz#1594384] - kvm-migration-update-index-field-when-delete-or-qsort-RD.patch [bz#1594384] - kvm-migration-introduce-decompress-error-check.patch [bz#1594384] - kvm-migration-Don-t-activate-block-devices-if-using-S.patch [bz#1594384] - kvm-migration-not-wait-RDMA_CM_EVENT_DISCONNECTED-event-.patch [bz#1594384] - kvm-migration-block-dirty-bitmap-fix-dirty_bitmap_load.patch [bz#1594384] - kvm-s390x-add-RHEL-7.6-machine-type-for-ccw.patch [bz#1595718] - kvm-s390x-cpumodel-default-enable-bpb-and-ppa15-for-z196.patch [bz#1595718] - kvm-linux-headers-asm-s390-kvm.h-header-sync.patch [bz#1612938] - kvm-s390x-kvm-add-etoken-facility.patch [bz#1612938] - Resolves: bz#1594384 (2.12 migration fixes) - Resolves: bz#1595718 (Add ppa15/bpb to the default cpu model for z196 and higher in the 7.6 s390-ccw-virtio machine) - Resolves: bz#1612938 (Add etoken support to qemu-kvm for s390x KVM guests) [2.12.0-18.el8] Mass import from RHEL 7.6 qemu-kvm-rhev, including fixes to the following BZs: - kvm-AArch64-Add-virt-rhel7.6-machine-type.patch [bz#1558723] - kvm-cpus-Fix-event-order-on-resume-of-stopped-guest.patch [bz#1566153] - kvm-qemu-img-Check-post-truncation-size.patch [bz#1523065] - kvm-vga-catch-depth-0.patch [bz#1575541] - kvm-Fix-x-hv-max-vps-compat-value-for-7.4-machine-type.patch [bz#1583959] - kvm-ccid-card-passthru-fix-regression-in-realize.patch [bz#1584984] - kvm-Use-4-MB-vram-for-cirrus.patch [bz#1542080] - kvm-spapr_pci-Remove-unhelpful-pagesize-warning.patch [bz#1505664] - kvm-rpm-Add-nvme-VFIO-driver-to-rw-whitelist.patch [bz#1416180] - kvm-qobject-Use-qobject_to-instead-of-type-cast.patch [bz#1557995] - kvm-qobject-Ensure-base-is-at-offset-0.patch [bz#1557995] - kvm-qobject-use-a-QObjectBase_-struct.patch [bz#1557995] - kvm-qobject-Replace-qobject_incref-QINCREF-qobject_decre.patch [bz#1557995] - kvm-qobject-Modify-qobject_ref-to-return-obj.patch [bz#1557995] - kvm-rbd-Drop-deprecated-drive-parameter-filename.patch [bz#1557995] - kvm-iscsi-Drop-deprecated-drive-parameter-filename.patch [bz#1557995] - kvm-block-Add-block-specific-QDict-header.patch [bz#1557995] - kvm-qobject-Move-block-specific-qdict-code-to-block-qdic.patch [bz#1557995] - kvm-block-Fix-blockdev-for-certain-non-string-scalars.patch [bz#1557995] - kvm-block-Fix-drive-for-certain-non-string-scalars.patch [bz#1557995] - kvm-block-Clean-up-a-misuse-of-qobject_to-in-.bdrv_co_cr.patch [bz#1557995] - kvm-block-Factor-out-qobject_input_visitor_new_flat_conf.patch [bz#1557995] - kvm-block-Make-remaining-uses-of-qobject-input-visitor-m.patch [bz#1557995] - kvm-block-qdict-Simplify-qdict_flatten_qdict.patch [bz#1557995] - kvm-block-qdict-Tweak-qdict_flatten_qdict-qdict_flatten_.patch [bz#1557995] - kvm-block-qdict-Clean-up-qdict_crumple-a-bit.patch [bz#1557995] - kvm-block-qdict-Simplify-qdict_is_list-some.patch [bz#1557995] - kvm-check-block-qdict-Rename-qdict_flatten-s-variables-f.patch [bz#1557995] - kvm-check-block-qdict-Cover-flattening-of-empty-lists-an.patch [bz#1557995] - kvm-block-Fix-blockdev-blockdev-add-for-empty-objects-an.patch [bz#1557995] - kvm-rbd-New-parameter-auth-client-required.patch [bz#1557995] - kvm-rbd-New-parameter-key-secret.patch [bz#1557995] - kvm-block-mirror-honor-ratelimit-again.patch [bz#1572856] - kvm-block-mirror-Make-cancel-always-cancel-pre-READY.patch [bz#1572856] - kvm-iotests-Add-test-for-cancelling-a-mirror-job.patch [bz#1572856] - kvm-iotests-Split-214-off-of-122.patch [bz#1518738] - kvm-block-Add-COR-filter-driver.patch [bz#1518738] - kvm-block-BLK_PERM_WRITE-includes-._UNCHANGED.patch [bz#1518738] - kvm-block-Add-BDRV_REQ_WRITE_UNCHANGED-flag.patch [bz#1518738] - kvm-block-Set-BDRV_REQ_WRITE_UNCHANGED-for-COR-writes.patch [bz#1518738] - kvm-block-quorum-Support-BDRV_REQ_WRITE_UNCHANGED.patch [bz#1518738] - kvm-block-Support-BDRV_REQ_WRITE_UNCHANGED-in-filters.patch [bz#1518738] - kvm-iotests-Clean-up-wrap-image-in-197.patch [bz#1518738] - kvm-iotests-Copy-197-for-COR-filter-driver.patch [bz#1518738] - kvm-iotests-Add-test-for-COR-across-nodes.patch [bz#1518738] - kvm-qemu-io-Use-purely-string-blockdev-options.patch [bz#1576598] - kvm-qemu-img-Use-only-string-options-in-img_open_opts.patch [bz#1576598] - kvm-iotests-Add-test-for-U-force-share-conflicts.patch [bz#1576598] - kvm-qemu-io-Drop-command-functions-return-values.patch [bz#1519617] - kvm-qemu-io-Let-command-functions-return-error-code.patch [bz#1519617] - kvm-qemu-io-Exit-with-error-when-a-command-failed.patch [bz#1519617] - kvm-iotests.py-Add-qemu_io_silent.patch [bz#1519617] - kvm-iotests-Let-216-make-use-of-qemu-io-s-exit-code.patch [bz#1519617] - kvm-qcow2-Repair-OFLAG_COPIED-when-fixing-leaks.patch [bz#1527085] - kvm-iotests-Repairing-error-during-snapshot-deletion.patch [bz#1527085] - kvm-block-Make-bdrv_is_writable-public.patch [bz#1588039] - kvm-qcow2-Do-not-mark-inactive-images-corrupt.patch [bz#1588039] - kvm-iotests-Add-case-for-a-corrupted-inactive-image.patch [bz#1588039] - kvm-main-loop-drop-spin_counter.patch [bz#1168213] - kvm-target-ppc-Factor-out-the-parsing-in-kvmppc_get_cpu_.patch [bz#1560847] - kvm-target-ppc-Don-t-require-private-l1d-cache-on-POWER8.patch [bz#1560847] - kvm-ppc-spapr_caps-Don-t-disable-cap_cfpc-on-POWER8-by-d.patch [bz#1560847] - kvm-qxl-fix-local-renderer-crash.patch [bz#1567733] - kvm-qemu-img-Amendment-support-implies-create_opts.patch [bz#1537956] - kvm-block-Add-Error-parameter-to-bdrv_amend_options.patch [bz#1537956] - kvm-qemu-option-Pull-out-Supported-options-print.patch [bz#1537956] - kvm-qemu-img-Add-print_amend_option_help.patch [bz#1537956] - kvm-qemu-img-Recognize-no-creation-support-in-o-help.patch [bz#1537956] - kvm-iotests-Test-help-option-for-unsupporting-formats.patch [bz#1537956] - kvm-iotests-Rework-113.patch [bz#1537956] - kvm-qemu-img-Resolve-relative-backing-paths-in-rebase.patch [bz#1569835] - kvm-iotests-Add-test-for-rebasing-with-relative-paths.patch [bz#1569835] - kvm-qemu-img-Special-post-backing-convert-handling.patch [bz#1527898] - kvm-iotests-Test-post-backing-convert-target-behavior.patch [bz#1527898] - kvm-migration-calculate-expected_downtime-with-ram_bytes.patch [bz#1564576] - kvm-sheepdog-Fix-sd_co_create_opts-memory-leaks.patch [bz#1513543] - kvm-qemu-iotests-reduce-chance-of-races-in-185.patch [bz#1513543] - kvm-blockjob-do-not-cancel-timer-in-resume.patch [bz#1513543] - kvm-nfs-Fix-error-path-in-nfs_options_qdict_to_qapi.patch [bz#1513543] - kvm-nfs-Remove-processed-options-from-QDict.patch [bz#1513543] - kvm-blockjob-drop-block_job_pause-resume_all.patch [bz#1513543] - kvm-blockjob-expose-error-string-via-query.patch [bz#1513543] - kvm-blockjob-Fix-assertion-in-block_job_finalize.patch [bz#1513543] - kvm-blockjob-Wrappers-for-progress-counter-access.patch [bz#1513543] - kvm-blockjob-Move-RateLimit-to-BlockJob.patch [bz#1513543] - kvm-blockjob-Implement-block_job_set_speed-centrally.patch [bz#1513543] - kvm-blockjob-Introduce-block_job_ratelimit_get_delay.patch [bz#1513543] - kvm-blockjob-Add-block_job_driver.patch [bz#1513543] - kvm-blockjob-Update-block-job-pause-resume-documentation.patch [bz#1513543] - kvm-blockjob-Improve-BlockJobInfo.offset-len-documentati.patch [bz#1513543] - kvm-job-Create-Job-JobDriver-and-job_create.patch [bz#1513543] - kvm-job-Rename-BlockJobType-into-JobType.patch [bz#1513543] - kvm-job-Add-JobDriver.job_type.patch [bz#1513543] - kvm-job-Add-job_delete.patch [bz#1513543] - kvm-job-Maintain-a-list-of-all-jobs.patch [bz#1513543] - kvm-job-Move-state-transitions-to-Job.patch [bz#1513543] - kvm-job-Add-reference-counting.patch [bz#1513543] - kvm-job-Move-cancelled-to-Job.patch [bz#1513543] - kvm-job-Add-Job.aio_context.patch [bz#1513543] - kvm-job-Move-defer_to_main_loop-to-Job.patch [bz#1513543] - kvm-job-Move-coroutine-and-related-code-to-Job.patch [bz#1513543] - kvm-job-Add-job_sleep_ns.patch [bz#1513543] - kvm-job-Move-pause-resume-functions-to-Job.patch [bz#1513543] - kvm-job-Replace-BlockJob.completed-with-job_is_completed.patch [bz#1513543] - kvm-job-Move-BlockJobCreateFlags-to-Job.patch [bz#1513543] - kvm-blockjob-Split-block_job_event_pending.patch [bz#1513543] - kvm-job-Add-job_event_.patch [bz#1513543] - kvm-job-Move-single-job-finalisation-to-Job.patch [bz#1513543] - kvm-job-Convert-block_job_cancel_async-to-Job.patch [bz#1513543] - kvm-job-Add-job_drain.patch [bz#1513543] - kvm-job-Move-.complete-callback-to-Job.patch [bz#1513543] - kvm-job-Move-job_finish_sync-to-Job.patch [bz#1513543] - kvm-job-Switch-transactions-to-JobTxn.patch [bz#1513543] - kvm-job-Move-transactions-to-Job.patch [bz#1513543] - kvm-job-Move-completion-and-cancellation-to-Job.patch [bz#1513543] - kvm-block-Cancel-job-in-bdrv_close_all-callers.patch [bz#1513543] - kvm-job-Add-job_yield.patch [bz#1513543] - kvm-job-Add-job_dismiss.patch [bz#1513543] - kvm-job-Add-job_is_ready.patch [bz#1513543] - kvm-job-Add-job_transition_to_ready.patch [bz#1513543] - kvm-job-Move-progress-fields-to-Job.patch [bz#1513543] - kvm-job-Introduce-qapi-job.json.patch [bz#1513543] - kvm-job-Add-JOB_STATUS_CHANGE-QMP-event.patch [bz#1513543] - kvm-job-Add-lifecycle-QMP-commands.patch [bz#1513543] - kvm-job-Add-query-jobs-QMP-command.patch [bz#1513543] - kvm-blockjob-Remove-BlockJob.driver.patch [bz#1513543] - kvm-iotests-Move-qmp_to_opts-to-VM.patch [bz#1513543] - kvm-qemu-iotests-Test-job-with-block-jobs.patch [bz#1513543] - kvm-vdi-Fix-vdi_co_do_create-return-value.patch [bz#1513543] - kvm-vhdx-Fix-vhdx_co_create-return-value.patch [bz#1513543] - kvm-job-Add-error-message-for-failing-jobs.patch [bz#1513543] - kvm-block-create-Make-x-blockdev-create-a-job.patch [bz#1513543] - kvm-qemu-iotests-Add-VM.get_qmp_events_filtered.patch [bz#1513543] - kvm-qemu-iotests-Add-VM.qmp_log.patch [bz#1513543] - kvm-qemu-iotests-Add-iotests.img_info_log.patch [bz#1513543] - kvm-qemu-iotests-Add-VM.run_job.patch [bz#1513543] - kvm-qemu-iotests-iotests.py-helper-for-non-file-protocol.patch [bz#1513543] - kvm-qemu-iotests-Rewrite-206-for-blockdev-create-job.patch [bz#1513543] - kvm-qemu-iotests-Rewrite-207-for-blockdev-create-job.patch [bz#1513543] - kvm-qemu-iotests-Rewrite-210-for-blockdev-create-job.patch [bz#1513543] - kvm-qemu-iotests-Rewrite-211-for-blockdev-create-job.patch [bz#1513543] - kvm-qemu-iotests-Rewrite-212-for-blockdev-create-job.patch [bz#1513543] - kvm-qemu-iotests-Rewrite-213-for-blockdev-create-job.patch [bz#1513543] - kvm-block-create-Mark-blockdev-create-stable.patch [bz#1513543] - kvm-jobs-fix-stale-wording.patch [bz#1513543] - kvm-jobs-fix-verb-references-in-docs.patch [bz#1513543] - kvm-iotests-Fix-219-s-timing.patch [bz#1513543] - kvm-iotests-improve-pause_job.patch [bz#1513543] - kvm-rpm-Whitelist-copy-on-read-block-driver.patch [bz#1518738] - kvm-rpm-add-throttle-driver-to-rw-whitelist.patch [bz#1591076] - kvm-usb-host-skip-open-on-pending-postload-bh.patch [bz#1572851] - kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch [bz#1574216] - kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch [bz#1574216] - kvm-block-file-posix-Pass-FD-to-locking-helpers.patch [bz#1519144] - kvm-block-file-posix-File-locking-during-creation.patch [bz#1519144] - kvm-iotests-Add-creation-test-to-153.patch [bz#1519144] - kvm-vhost-user-add-Net-prefix-to-internal-state-structur.patch [bz#1526645] - kvm-virtio-support-setting-memory-region-based-host-noti.patch [bz#1526645] - kvm-vhost-user-support-receiving-file-descriptors-in-sla.patch [bz#1526645] - kvm-osdep-add-wait.h-compat-macros.patch [bz#1526645] - kvm-vhost-user-bridge-support-host-notifier.patch [bz#1526645] - kvm-vhost-allow-backends-to-filter-memory-sections.patch [bz#1526645] - kvm-vhost-user-allow-slave-to-send-fds-via-slave-channel.patch [bz#1526645] - kvm-vhost-user-introduce-shared-vhost-user-state.patch [bz#1526645] - kvm-vhost-user-support-registering-external-host-notifie.patch [bz#1526645] - kvm-libvhost-user-support-host-notifier.patch [bz#1526645] - kvm-block-Introduce-API-for-copy-offloading.patch [bz#1482537] - kvm-raw-Check-byte-range-uniformly.patch [bz#1482537] - kvm-raw-Implement-copy-offloading.patch [bz#1482537] - kvm-qcow2-Implement-copy-offloading.patch [bz#1482537] - kvm-file-posix-Implement-bdrv_co_copy_range.patch [bz#1482537] - kvm-iscsi-Query-and-save-device-designator-when-opening.patch [bz#1482537] - kvm-iscsi-Create-and-use-iscsi_co_wait_for_task.patch [bz#1482537] - kvm-iscsi-Implement-copy-offloading.patch [bz#1482537] - kvm-block-backend-Add-blk_co_copy_range.patch [bz#1482537] - kvm-qemu-img-Convert-with-copy-offloading.patch [bz#1482537] - kvm-qcow2-Fix-src_offset-in-copy-offloading.patch [bz#1482537] - kvm-iscsi-Don-t-blindly-use-designator-length-in-respons.patch [bz#1482537] - kvm-file-posix-Fix-EINTR-handling.patch [bz#1482537] - kvm-usb-storage-Add-rerror-werror-properties.patch [bz#1595180] - kvm-numa-clarify-error-message-when-node-index-is-out-of.patch [bz#1578381] - kvm-qemu-iotests-Update-026.out.nocache-reference-output.patch [bz#1528541] - kvm-qcow2-Free-allocated-clusters-on-write-error.patch [bz#1528541] - kvm-qemu-iotests-Test-qcow2-not-leaking-clusters-on-writ.patch [bz#1528541] - kvm-qemu-options-Add-missing-newline-to-accel-help-text.patch [bz#1586313] - kvm-xhci-fix-guest-triggerable-assert.patch [bz#1594135] - kvm-virtio-gpu-tweak-scanout-disable.patch [bz#1589634] - kvm-virtio-gpu-update-old-resource-too.patch [bz#1589634] - kvm-virtio-gpu-disable-scanout-when-backing-resource-is-.patch [bz#1589634] - kvm-block-Don-t-silently-truncate-node-names.patch [bz#1549654] - kvm-pr-helper-fix-socket-path-default-in-help.patch [bz#1533158] - kvm-pr-helper-fix-assertion-failure-on-failed-multipath-.patch [bz#1533158] - kvm-pr-manager-helper-avoid-SIGSEGV-when-writing-to-the-.patch [bz#1533158] - kvm-pr-manager-put-stubs-in-.c-file.patch [bz#1533158] - kvm-pr-manager-add-query-pr-managers-QMP-command.patch [bz#1533158] - kvm-pr-manager-helper-report-event-on-connection-disconn.patch [bz#1533158] - kvm-pr-helper-avoid-error-on-PR-IN-command-with-zero-req.patch [bz#1533158] - kvm-pr-helper-Rework-socket-path-handling.patch [bz#1533158] - kvm-pr-manager-helper-fix-memory-leak-on-event.patch [bz#1533158] - kvm-object-fix-OBJ_PROP_LINK_UNREF_ON_RELEASE-ambivalenc.patch [bz#1556678] - kvm-usb-hcd-xhci-test-add-a-test-for-ccid-hotplug.patch [bz#1556678] - kvm-Revert-usb-release-the-created-buses.patch [bz#1556678] - kvm-file-posix-Fix-creation-locking.patch [bz#1599335] - kvm-file-posix-Unlock-FD-after-creation.patch [bz#1599335] - kvm-ahci-trim-signatures-on-raise-lower.patch [bz#1584914] - kvm-ahci-fix-PxCI-register-race.patch [bz#1584914] - kvm-ahci-don-t-schedule-unnecessary-BH.patch [bz#1584914] - kvm-qcow2-Fix-qcow2_truncate-error-return-value.patch [bz#1595173] - kvm-block-Convert-.bdrv_truncate-callback-to-coroutine_f.patch [bz#1595173] - kvm-qcow2-Remove-coroutine-trampoline-for-preallocate_co.patch [bz#1595173] - kvm-block-Move-bdrv_truncate-implementation-to-io.c.patch [bz#1595173] - kvm-block-Use-tracked-request-for-truncate.patch [bz#1595173] - kvm-file-posix-Make-.bdrv_co_truncate-asynchronous.patch [bz#1595173] - kvm-block-Fix-copy-on-read-crash-with-partial-final-clus.patch [bz#1590640] - kvm-block-fix-QEMU-crash-with-scsi-hd-and-drive_del.patch [bz#1599515] - kvm-virtio-rng-process-pending-requests-on-DRIVER_OK.patch [bz#1576743] - kvm-file-posix-specify-expected-filetypes.patch [bz#1525829] - kvm-iotests-add-test-226-for-file-driver-types.patch [bz#1525829] - kvm-block-dirty-bitmap-add-lock-to-bdrv_enable-disable_d.patch [bz#1207657] - kvm-qapi-add-x-block-dirty-bitmap-enable-disable.patch [bz#1207657] - kvm-qmp-transaction-support-for-x-block-dirty-bitmap-ena.patch [bz#1207657] - kvm-qapi-add-x-block-dirty-bitmap-merge.patch [bz#1207657] - kvm-qapi-add-disabled-parameter-to-block-dirty-bitmap-ad.patch [bz#1207657] - kvm-block-dirty-bitmap-add-bdrv_enable_dirty_bitmap_lock.patch [bz#1207657] - kvm-dirty-bitmap-fix-double-lock-on-bitmap-enabling.patch [bz#1207657] - kvm-block-qcow2-bitmap-fix-free_bitmap_clusters.patch [bz#1207657] - kvm-qcow2-add-overlap-check-for-bitmap-directory.patch [bz#1207657] - kvm-blockdev-enable-non-root-nodes-for-backup-source.patch [bz#1207657] - kvm-iotests-add-222-to-test-basic-fleecing.patch [bz#1207657] - kvm-qcow2-Remove-dead-check-on-ret.patch [bz#1207657] - kvm-block-Move-request-tracking-to-children-in-copy-offl.patch [bz#1207657] - kvm-block-Fix-parameter-checking-in-bdrv_co_copy_range_i.patch [bz#1207657] - kvm-block-Honour-BDRV_REQ_NO_SERIALISING-in-copy-range.patch [bz#1207657] - kvm-backup-Use-copy-offloading.patch [bz#1207657] - kvm-block-backup-disable-copy-offloading-for-backup.patch [bz#1207657] - kvm-iotests-222-Don-t-run-with-luks.patch [bz#1207657] - kvm-block-io-fix-copy_range.patch [bz#1207657] - kvm-block-split-flags-in-copy_range.patch [bz#1207657] - kvm-block-add-BDRV_REQ_SERIALISING-flag.patch [bz#1207657] - kvm-block-backup-fix-fleecing-scheme-use-serialized-writ.patch [bz#1207657] - kvm-nbd-server-Reject-0-length-block-status-request.patch [bz#1207657] - kvm-nbd-server-fix-trace.patch [bz#1207657] - kvm-nbd-server-refactor-NBDExportMetaContexts.patch [bz#1207657] - kvm-nbd-server-add-nbd_meta_empty_or_pattern-helper.patch [bz#1207657] - kvm-nbd-server-implement-dirty-bitmap-export.patch [bz#1207657] - kvm-qapi-new-qmp-command-nbd-server-add-bitmap.patch [bz#1207657] - kvm-docs-interop-add-nbd.txt.patch [bz#1207657] - kvm-nbd-server-introduce-NBD_CMD_CACHE.patch [bz#1207657] - kvm-nbd-server-Silence-gcc-false-positive.patch [bz#1207657] - kvm-nbd-server-Fix-dirty-bitmap-logic-regression.patch [bz#1207657] - kvm-nbd-server-fix-nbd_co_send_block_status.patch [bz#1207657] - kvm-nbd-client-Add-x-dirty-bitmap-to-query-bitmap-from-s.patch [bz#1207657] - kvm-iotests-New-test-223-for-exporting-dirty-bitmap-over.patch [bz#1207657] - kvm-hw-char-serial-Only-retry-if-qemu_chr_fe_write-retur.patch [bz#1592817] - kvm-hw-char-serial-retry-write-if-EAGAIN.patch [bz#1592817] - kvm-throttle-groups-fix-hang-when-group-member-leaves.patch [bz#1535914] - kvm-Disable-aarch64-devices-reappeared-after-2.12-rebase.patch [bz#1586357] - kvm-Disable-split-irq-device.patch [bz#1586357] - kvm-Disable-AT24Cx-i2c-eeprom.patch [bz#1586357] - kvm-Disable-CAN-bus-devices.patch [bz#1586357] - kvm-Disable-new-superio-devices.patch [bz#1586357] - kvm-Disable-new-pvrdma-device.patch [bz#1586357] - kvm-qdev-add-HotplugHandler-post_plug-callback.patch [bz#1607891] - kvm-virtio-scsi-fix-hotplug-reset-vs-event-race.patch [bz#1607891] - kvm-e1000-Fix-tso_props-compat-for-82540em.patch [bz#1608778] - kvm-slirp-correct-size-computation-while-concatenating-m.patch [bz#1586255] - kvm-s390x-sclp-fix-maxram-calculation.patch [bz#1595740] - kvm-redhat-Make-gitpublish-profile-the-default-one.patch [bz#1425820] - Resolves: bz#1168213 (main-loop: WARNING: I/O thread spun for 1000 iterations while doing stream block device.) - Resolves: bz#1207657 (RFE: QEMU Incremental live backup - push and pull modes) - Resolves: bz#1416180 (QEMU VFIO based block driver for NVMe devices) - Resolves: bz#1425820 (Improve QEMU packaging layout with modularization of the block layer) - Resolves: bz#1482537 ([RFE] qemu-img copy-offloading (convert command)) - Resolves: bz#1505664 ('qemu-kvm: System page size 0x1000000 is not enabled in page_size_mask (0x11000). Performance may be slow' show up while using hugepage as guest's memory) - Resolves: bz#1513543 ([RFE] Add block job to create format on a storage device) - Resolves: bz#1518738 (Add 'copy-on-read' filter driver for use with blockdev-add) - Resolves: bz#1519144 (qemu-img: image locking doesn't cover image creation) - Resolves: bz#1519617 (The exit code should be non-zero when qemu-io reports an error) - Resolves: bz#1523065 ('qemu-img resize' should fail to decrease the size of logical partition/lvm/iSCSI image with raw format) - Resolves: bz#1525829 (can not boot up a scsi-block passthrough disk via -blockdev with error 'cannot get SG_IO version number: Operation not supported. Is this a SCSI device?') - Resolves: bz#1526645 ([Intel 7.6 FEAT] vHost Data Plane Acceleration (vDPA) - vhost user client - qemu-kvm-rhev) - Resolves: bz#1527085 (The copied flag should be updated during '-r leaks') - Resolves: bz#1527898 ([RFE] qemu-img should leave cluster unallocated if it's read as zero throughout the backing chain) - Resolves: bz#1528541 (qemu-img check reports tons of leaked clusters after re-start nfs service to resume writing data in guest) - Resolves: bz#1533158 (QEMU support for libvirtd restarting qemu-pr-helper) - Resolves: bz#1535914 (Disable io throttling for one member disk of a group during io will induce the other one hang with io) - Resolves: bz#1537956 (RFE: qemu-img amend should list the true supported options) - Resolves: bz#1542080 (Qemu core dump at cirrus_invalidate_region) - Resolves: bz#1549654 (Reject node-names which would be truncated by the block layer commands) - Resolves: bz#1556678 (Hot plug usb-ccid for the 2nd time with the same ID as the 1st time failed) - Resolves: bz#1557995 (QAPI schema for RBD storage misses the 'password-secret' option) - Resolves: bz#1558723 (Create RHEL-7.6 QEMU machine type for AArch64) - Resolves: bz#1560847 ([Power8][FW b0320a_1812.861][rhel7.5rc2 3.10.0-861.el7.ppc64le][qemu-kvm-{ma,rhev}-2.10.0-21.el7_5.1.ppc64le] KVM guest does not default to ori type flush even with pseries-rhel7.5.0-sxxm) - Resolves: bz#1564576 (Pegas 1.1 - Require to backport qemu-kvm patch that fixes expected_downtime calculation during migration) - Resolves: bz#1566153 (IOERROR pause code lost after resuming a VM while I/O error is still present) - Resolves: bz#1567733 (qemu abort when migrate during guest reboot) - Resolves: bz#1569835 (qemu-img get wrong backing file path after rebasing image with relative path) - Resolves: bz#1572851 (Core dumped after migration when with usb-host) - Resolves: bz#1572856 ('block-job-cancel' can not cancel a 'drive-mirror' job) - Resolves: bz#1574216 (CVE-2018-3639 qemu-kvm-rhev: hw: cpu: speculative store bypass [rhel-7.6]) - Resolves: bz#1575541 (qemu core dump while installing win10 guest) - Resolves: bz#1576598 (Segfault in qemu-io and qemu-img with -U --image-opts force-share=off) - Resolves: bz#1576743 (virtio-rng hangs when running on recent (2.x) QEMU versions) - Resolves: bz#1578381 (Error message need update when specify numa distance with node index >=128) - Resolves: bz#1583959 (Incorrect vcpu count limit for 7.4 machine types for windows guests) - Resolves: bz#1584914 (SATA emulator lags and hangs) - Resolves: bz#1584984 (Vm starts failed with 'passthrough' smartcard) - Resolves: bz#1586255 (CVE-2018-11806 qemu-kvm-rhev: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-7.6]) - Resolves: bz#1586313 (-smp option is not easily found in the output of qemu help) - Resolves: bz#1586357 (Disable new devices in 2.12) - Resolves: bz#1588039 (Possible assertion failure in qemu when a corrupted image is used during an incoming migration) - Resolves: bz#1589634 (Migration failed when rebooting guest with multiple virtio videos) - Resolves: bz#1590640 (qemu-kvm: block/io.c:1098: bdrv_co_do_copy_on_readv: Assertion mutex->initialized' failed)) - Resolves: bz#1607891 (Hotplug events are sometimes lost with virtio-scsi + iothread) - Resolves: bz#1608778 (qemu/migration: migrate failed from RHEL.7.6 to RHEL.7.5 with e1000-82540em) [2.12.0-17.el8] - kvm-linux-headers-Update-to-include-KVM_CAP_S390_HPAGE_1.patch [bz#1610906] - kvm-s390x-Enable-KVM-huge-page-backing-support.patch [bz#1610906] - kvm-redhat-s390x-add-hpage-1-to-kvm.conf.patch [bz#1610906] - Resolves: bz#1610906 ([IBM 8.0 FEAT] KVM: Huge Pages - libhugetlbfs Enablement - qemu-kvm part) [2.12.0-16.el8] - kvm-spapr-Correct-inverted-test-in-spapr_pc_dimm_node.patch [bz#1601671] - kvm-osdep-powerpc64-align-memory-to-allow-2MB-radix-THP-.patch [bz#1601317] - kvm-RHEL-8.0-Add-pseries-rhel7.6.0-sxxm-machine-type.patch [bz#1595501] - kvm-i386-Helpers-to-encode-cache-information-consistentl.patch [bz#1597739] - kvm-i386-Add-cache-information-in-X86CPUDefinition.patch [bz#1597739] - kvm-i386-Initialize-cache-information-for-EPYC-family-pr.patch [bz#1597739] - kvm-i386-Add-new-property-to-control-cache-info.patch [bz#1597739] - kvm-i386-Clean-up-cache-CPUID-code.patch [bz#1597739] - kvm-i386-Populate-AMD-Processor-Cache-Information-for-cp.patch [bz#1597739] - kvm-i386-Add-support-for-CPUID_8000_001E-for-AMD.patch [bz#1597739] - kvm-i386-Fix-up-the-Node-id-for-CPUID_8000_001E.patch [bz#1597739] - kvm-i386-Enable-TOPOEXT-feature-on-AMD-EPYC-CPU.patch [bz#1597739] - kvm-i386-Remove-generic-SMT-thread-check.patch [bz#1597739] - kvm-i386-Allow-TOPOEXT-to-be-enabled-on-older-kernels.patch [bz#1597739] - Resolves: bz#1595501 (Create pseries-rhel7.6.0-sxxm machine type) - Resolves: bz#1597739 (AMD EPYC/Zen SMT support for KVM / QEMU guest (qemu-kvm)) - Resolves: bz#1601317 (RHEL8.0 - qemu patch to align memory to allow 2MB THP) - Resolves: bz#1601671 (After rebooting guest,all the hot plug memory will be assigned to the 1st numa node.) [2.12.0-15.el8] - kvm-spapr-Add-ibm-max-associativity-domains-property.patch [bz#1599593] - kvm-Revert-spapr-Don-t-allow-memory-hotplug-to-memory-le.patch [bz#1599593] - kvm-simpletrace-Convert-name-from-mapping-record-to-str.patch [bz#1594969] - kvm-tests-fix-TLS-handshake-failure-with-TLS-1.3.patch [bz#1602403] - Resolves: bz#1594969 (simpletrace.py fails when running with Python 3) - Resolves: bz#1599593 (User can't hotplug memory to less memory numa node on rhel8) - Resolves: bz#1602403 (test-crypto-tlssession unit test fails with assertions) [2.12.0-14.el8] - kvm-vfio-pci-Default-display-option-to-off.patch [bz#1590511] - kvm-python-futurize-f-libfuturize.fixes.fix_print_with_i.patch [bz#1571533] - kvm-python-futurize-f-lib2to3.fixes.fix_except.patch [bz#1571533] - kvm-Revert-Defining-a-shebang-for-python-scripts.patch [bz#1571533] - kvm-spec-Fix-ambiguous-python-interpreter-name.patch [bz#1571533] - kvm-qemu-ga-blacklisting-guest-exec-and-guest-exec-statu.patch [bz#1518132] - kvm-redhat-rewrap-build_configure.sh-cmdline-for-the-rh-.patch - kvm-redhat-remove-the-VTD-LIVE_BLOCK_OPS-and-RHV-options.patch - kvm-redhat-fix-the-rh-env-prep-target-s-dependency-on-th.patch - kvm-redhat-remove-dead-code-related-to-s390-not-s390x.patch - kvm-redhat-sync-compiler-flags-from-the-spec-file-to-rh-.patch - kvm-redhat-sync-guest-agent-enablement-and-tcmalloc-usag.patch - kvm-redhat-fix-up-Python-3-dependency-for-building-QEMU.patch - kvm-redhat-fix-up-Python-dependency-for-SRPM-generation.patch - kvm-redhat-disable-glusterfs-dependency-support-temporar.patch - Resolves: bz#1518132 (Ensure file access RPCs are disabled by default) - Resolves: bz#1571533 (Convert qemu-kvm python scripts to python3) - Resolves: bz#1590511 (Fails to start guest with Intel vGPU device) [2.12.0-13.el8] - Resolves: bz#1508137 ([IBM 8.0 FEAT] KVM: Interactive Bootloader (qemu)) - Resolves: bz#1513558 (Remove RHEL6 machine types) - Resolves: bz#1568600 (pc-i440fx-rhel7.6.0 and pc-q35-rhel7.6.0 machine types (x86)) - Resolves: bz#1570029 ([IBM 8.0 FEAT] KVM: 3270 Connectivity - qemu part) - Resolves: bz#1578855 (Enable Native Ceph support on non x86_64 CPUs) - Resolves: bz#1585651 (RHEL 7.6 new pseries machine type (ppc64le)) - Resolves: bz#1592337 ([IBM 8.0 FEAT] KVM: CPU Model z14 ZR1 (qemu-kvm)) [2.12.0-11.el8.1] - Resolves: bz#1576468 (Enable vhost_user in qemu-kvm 2.12) [2.12.0-11.el8] - Resolves: bz#1574406 ([RHEL 8][qemu-kvm] Failed to find romfile 'efi-virtio.rom') - Resolves: bz#1569675 (Backwards compatibility of pc-*-rhel7.5.0 and older machine-types) - Resolves: bz#1576045 (Fix build issue by using python3) - Resolves: bz#1571145 (qemu-kvm segfaults on RHEL 8 when run guestfsd under TCG) [2.12.0-10.el] - Fixing some issues with packaging. - Rebasing to 2.12.0-rc4 [2.11.0-7.el8] - Bumping epoch for RHEL8 and dropping self-obsoleting [2.11.0-6.el8] - Rebuilding [2.11.0-5.el8] - Prepare building on RHEL-8.0 sgabios MODERATE Copyright 2020 Oracle, Inc. CVE-2019-11135 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 6 [1.7.1-10] - fixes arbitrary code execution via .gitmodules Resolves: CVE-2018-17456 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2018-17456 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 8 go-toolset [1.12.12-1] - Update for golang package fixes [1.12.12-1] - Bump version to 1.12.12 golang [1.12.12-4.0.1] - from upstream https://github.com/golang/go/issues/2775 - move arbitrary value 10% to 15% for GC tests, hits 10.48% on our - infrastructure - Resolves failing post build tests [Orabug: 30241946] [1.12.12-4] - Fix boring/aes_test.go tags [1.12.12-3] - Fix tarball [1.12.12-2] - Fix stub boring.(Sign/Verify)RSAPKCS1v15 functions [1.12.12-1] - Rebase to 1.12.12 - Revert to Sign/Verify operations not expected unhashed inputs - Remove previously added verbose output - Better expose openssl errors [1.12.8-4] - Reduce number of threads when testing on i686 [1.12.8-3] - Relax FIPS requirements to unblock OpenShift testing MODERATE Copyright 2020 Oracle, Inc. CVE-2019-16276 CVE-2019-17596 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.02-78.0.3.el8_1.1] - honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497] - set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597] - Update upstream references [Orabug: 26388226] - Copy symvers.gz to /boot during kernel install [Orabug: 29773086] - Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955] - fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481] - Fix comparison in patch for 18504756 - Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481] - update Oracle Linux certificates (Alexey Petrenko) - Put 'with' in menuentry instead of 'using' [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] [2.02-78.el8_1.1] - grub-set-bootflag: Write new env to tmpfile and then rename (hdegoede) Resolves: CVE-2019-14865 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-14865 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:1:baseos_patch Oracle Linux 8 [4.18.0-147.5.1_1.OL8] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] [4.18.0-147.5.1_1] - [powerpc] powerpc/shared: Use static key to detect shared processor (Phil Auld) [1781114 1767529] - [powerpc] powerpc/vcpu: Assume dedicated processors as non-preempt (Phil Auld) [1781114 1767529] [4.18.0-147.4.1_1] - [block] blk-mq: apply normal plugging for HDD (Ming Lei) [1782181 1759380] - [block] blk-mq: honor IO scheduler for multiqueue devices (Ming Lei) [1782181 1759380] - [block] blk-mq: simplify blk_mq_make_request() (Ming Lei) [1782181 1759380] - [block] blk-mq: remove blk_mq_put_ctx() (Ming Lei) [1782181 1759380] - [x86] kvm: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest that lack it (Paolo Bonzini) [1781660 1779553] {CVE-2019-19338} - [x86] kvm: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality (Paolo Bonzini) [1781660 1779553] {CVE-2019-19338} - [x86] kvm: x86: implement MSR_IA32_TSX_CTRL effect on CPUID (Paolo Bonzini) [1781660 1779553] {CVE-2019-19338} - [x86] kvm: x86: do not modify masked bits of shared MSRs (Paolo Bonzini) [1781660 1779553] {CVE-2019-19338} - [x86] kvm: x86: fix presentation of TSX feature in ARCH_CAPABILITIES (Paolo Bonzini) [1781660 1779553] {CVE-2019-19338} - [x86] kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Paolo Bonzini) [1781660 1779553] {CVE-2019-19338} - [fs] cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (Leif Sahlberg) [1778693 1765979] - [fs] cifs: avoid using MID 0xFFFF (Leif Sahlberg) [1778693 1765979] - [fs] cifs: Fix retry mid list corruption on reconnects (Leif Sahlberg) [1778693 1765979] - [fs] smb3: fix unmount hang in open_shroot (Leif Sahlberg) [1781113 1757670] - [fs] CIFS: fix deadlock in cached root handling (Leif Sahlberg) [1781113 1757670] - [fs] Fix match_server check to allow for auto dialect negotiate (Leif Sahlberg) [1781113 1757670] - [fs] SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (Leif Sahlberg) [1781113 1757670] - [fs] cifs: fix panic in smb2_reconnect (Leif Sahlberg) [1781113 1757670] - [fs] cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() (Leif Sahlberg) [1781113 1757670] - [fs] smb3: fix signing verification of large reads (Dave Wysochanski) [1781110 1753114] - [scsi] scsi: lpfc: Fix port relogin failure due to GID_FT interaction (Dick Kennedy) [1781108 1733217] - [fs] xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (Bill O'Donnell) [1778692 1739607] - [net] cfg80211: wext: avoid copying malformed SSIDs (Jarod Wilson) [1778633 1778634] {CVE-2019-17133} - [block] blkcg: perpcu_ref init/exit should be done from blkg_alloc/free() (Ming Lei) [1777766 1741392] - [fs] userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx (Alex Gladkov) [1777389 1749763] {CVE-2019-14898} - [netdrv] mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings (Jarod Wilson) [1776618 1775484] {CVE-2019-14814 CVE-2019-14815 CVE-2019-14816} - [netdrv] mwifiex: fix possible heap overflow in mwifiex_process_country_ie() (Jarod Wilson) [1776209 1776210] {CVE-2019-14895} - [netdrv] mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() (Jarod Wilson) [1776161 1776162] {CVE-2019-14901} - [netdrv] rtlwifi: Fix potential overflow on P2P code (Jarod Wilson) [1775222 1775223] {CVE-2019-17666} - [pci] hv: Avoid use of hv_pci_dev->pci_slot after freeing it (Mohammed Gamal) [1764635 1737569] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-14814 CVE-2019-14816 CVE-2019-14898 CVE-2019-14895 CVE-2019-17666 CVE-2019-19338 CVE-2019-14901 CVE-2019-14815 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:1:baseos_patch cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 buildah [1.11.6-4.0.1] - Fixes troubles with oracle registry login [Orabug: 29937283] [1.11.6-4] - compile in FIPS mode - Related: RHELPLAN-25138 [1.11.6-3] - be sure to use golang >= 1.12.12-4 - Related: RHELPLAN-25138 [1.11.6-2] - fix chroot: unmount with MNT_DETACH instead of UnmountMountpoints() - bug reference 1772179 - Related: RHELPLAN-25138 [1.11.6-1] - update to buildah 1.11.6 - Related: RHELPLAN-25138 [1.11.5-1] - update to buildah 1.11.5 - Related: RHELPLAN-25138 [1.11.4-2] - fix %gobuild macro to not to ignore BUILDTAGS [1.11.4-1] - update to 1.11.4 [1.9.0-5] - Use autosetup macro again. [1.9.0-4] - Fix CVE-2019-10214 (#1734653). [1.9.0-3] - Resolves: #1721247 - enable fips mode [1.9.0-2] - Resolves: #1720654 - tests subpackage depends on golang explicitly [1.9.0-1] - Resolves: #1720654 - rebase to v1.9.0 [1.8.3-1] - Resolves: #1720654 - rebase to v1.8.3 [1.8-0.git021d607] - package system tests [1.5-3.gite94b4f9] - re-enable debuginfo [1.5-2.gite94b4f9] - go toolset not in scl anymore [1.5-1.gite94b4f9] - rebase [1.4-3.git608fa84] - fedora-like go compiler macro in buildrequires is enough [1.4-2.git608fa84] - rebase [1.3-3.git4888163] - Resolves: #1615611 - rebuild with gobuild tag 'no_openssl' [1.3-2.git4888163] - Resolves: #1614009 - built with updated scl-ized go-toolset dep - build with %gobuild [1.3-1] - Bump to v1.3 - Vendor in lates containers/image - build-using-dockerfile: let -t include transports again - Block use of /proc/acpi and /proc/keys from inside containers - Fix handling of --registries-conf - Fix becoming a maintainer link - add optional CI test fo darwin - Don't pass a nil error to errors.Wrapf() - image filter test: use kubernetes/pause as a 'since' - Add --cidfile option to from - vendor: update containers/storage - Contributors need to find the CONTRIBUTOR.md file easier - Add a --loglevel option to build-with-dockerfile - Create Development plan - cmd: Code improvement - allow buildah cross compile for a darwin target - Add unused function param lint check - docs: Follow man-pages(7) suggestions for SYNOPSIS - Start using github.com/seccomp/containers-golang - umount: add all option to umount all mounted containers - runConfigureNetwork(): remove an unused parameter - Update github.com/opencontainers/selinux - Fix buildah bud --layers - Force ownership of /etc/hosts and /etc/resolv.conf to 0:0 - main: if unprivileged, reexec in a user namespace - Vendor in latest imagebuilder - Reduce the complexity of the buildah.Run function - mount: output it before replacing lastError - Vendor in latest selinux-go code - Implement basic recognition of the '--isolation' option - Run(): try to resolve non-absolute paths using /usr/local/bin:/bin:/usr/bin - Run(): don't include any default environment variables - build without seccomp - vendor in latest runtime-tools - bind/mount_unsupported.go: remove import errors - Update github.com/opencontainers/runc - Add Capabilities lists to BuilderInfo - Tweaks for commit tests - commit: recognize committing to second storage locations - Fix ARGS parsing for run commands - Add info on registries.conf to from manpage - Switch from using docker to podman for testing in .papr - buildah: set the HTTP User-Agent - ONBUILD tutorial - Add information about the configuration files to the install docs - Makefile: add uninstall - Add tilde info for push to troubleshooting - mount: support multiple inputs - Use the right formatting when adding entries to /etc/hosts - Vendor in latest go-selinux bindings - Allow --userns-uid-map/--userns-gid-map to be global options - bind: factor out UnmountMountpoints - Run(): simplify runCopyStdio() - Run(): handle POLLNVAL results - Run(): tweak terminal mode handling - Run(): rename 'copyStdio' to 'copyPipes' - Run(): don't set a Pdeathsig for the runtime - Run(): add options for adding and removing capabilities - Run(): don't use a callback when a slice will do - setupSeccomp(): refactor - Change RunOptions.Stdin/Stdout/Stderr to just be Reader/Writers - Escape use of '_' in .md docs - Break out getProcIDMappings() - Break out SetupIntermediateMountNamespace() - Add Multi From Demo - Use the c/image conversion code instead of converting configs manually - Don't throw away the manifest MIME type and guess again - Consolidate loading manifest and config in initConfig - Pass a types.Image to Builder.initConfig - Require an image ID in importBuilderDataFromImage - Use c/image/manifest.GuessMIMEType instead of a custom heuristic - Do not ignore any parsing errors in initConfig - Explicitly handle 'from scratch' images in Builder.initConfig - Fix parsing of OCI images - Simplify dead but dangerous-looking error handling - Don't ignore v2s1 history if docker_version is not set - Add --rm and --force-rm to buildah bud - Add --all,-a flag to buildah images - Separate stdio buffering from writing - Remove tty check from images --format - Add environment variable BUILDAH_RUNTIME - Add --layers and --no-cache to buildah bud - Touch up images man - version.md: fix DESCRIPTION - tests: add containers test - tests: add images test - images: fix usage - fix make clean error - Change 'registries' to 'container registries' in man - add commit test - Add(): learn to record hashes of what we add - Minor update to buildah config documentation for entrypoint - Bump to v1.2-dev - Add registries.conf link to a few man pages [1.2-3] - do not depend on btrfs-progs for rhel8 [1.2-2] - buildah does not require ostree [1.2-1] - Vendor in latest containers/image - build-using-dockerfile: let -t include transports again - Block use of /proc/acpi and /proc/keys from inside containers - Fix handling of --registries-conf - Fix becoming a maintainer link - add optional CI test fo darwin - Don't pass a nil error to errors.Wrapf() - image filter test: use kubernetes/pause as a 'since' - Add --cidfile option to from - vendor: update containers/storage - Contributors need to find the CONTRIBUTOR.md file easier - Add a --loglevel option to build-with-dockerfile - Create Development plan - cmd: Code improvement - allow buildah cross compile for a darwin target - Add unused function param lint check - docs: Follow man-pages(7) suggestions for SYNOPSIS - Start using github.com/seccomp/containers-golang - umount: add all option to umount all mounted containers - runConfigureNetwork(): remove an unused parameter - Update github.com/opencontainers/selinux - Fix buildah bud --layers - Force ownership of /etc/hosts and /etc/resolv.conf to 0:0 - main: if unprivileged, reexec in a user namespace - Vendor in latest imagebuilder - Reduce the complexity of the buildah.Run function - mount: output it before replacing lastError - Vendor in latest selinux-go code - Implement basic recognition of the '--isolation' option - Run(): try to resolve non-absolute paths using /usr/local/bin:/bin:/usr/bin - Run(): don't include any default environment variables - build without seccomp - vendor in latest runtime-tools - bind/mount_unsupported.go: remove import errors - Update github.com/opencontainers/runc - Add Capabilities lists to BuilderInfo - Tweaks for commit tests - commit: recognize committing to second storage locations - Fix ARGS parsing for run commands - Add info on registries.conf to from manpage - Switch from using docker to podman for testing in .papr - buildah: set the HTTP User-Agent - ONBUILD tutorial - Add information about the configuration files to the install docs - Makefile: add uninstall - Add tilde info for push to troubleshooting - mount: support multiple inputs - Use the right formatting when adding entries to /etc/hosts - Vendor in latest go-selinux bindings - Allow --userns-uid-map/--userns-gid-map to be global options - bind: factor out UnmountMountpoints - Run(): simplify runCopyStdio() - Run(): handle POLLNVAL results - Run(): tweak terminal mode handling - Run(): rename 'copyStdio' to 'copyPipes' - Run(): don't set a Pdeathsig for the runtime - Run(): add options for adding and removing capabilities - Run(): don't use a callback when a slice will do - setupSeccomp(): refactor - Change RunOptions.Stdin/Stdout/Stderr to just be Reader/Writers - Escape use of '_' in .md docs - Break out getProcIDMappings() - Break out SetupIntermediateMountNamespace() - Add Multi From Demo - Use the c/image conversion code instead of converting configs manually - Don't throw away the manifest MIME type and guess again - Consolidate loading manifest and config in initConfig - Pass a types.Image to Builder.initConfig - Require an image ID in importBuilderDataFromImage - Use c/image/manifest.GuessMIMEType instead of a custom heuristic - Do not ignore any parsing errors in initConfig - Explicitly handle 'from scratch' images in Builder.initConfig - Fix parsing of OCI images - Simplify dead but dangerous-looking error handling - Don't ignore v2s1 history if docker_version is not set - Add --rm and --force-rm to buildah bud - Add --all,-a flag to buildah images - Separate stdio buffering from writing - Remove tty check from images --format - Add environment variable BUILDAH_RUNTIME - Add --layers and --no-cache to buildah bud - Touch up images man - version.md: fix DESCRIPTION - tests: add containers test - tests: add images test - images: fix usage - fix make clean error - Change 'registries' to 'container registries' in man - add commit test - Add(): learn to record hashes of what we add - Minor update to buildah config documentation for entrypoint - Add registries.conf link to a few man pages [1.1-1] - Drop capabilities if running container processes as non root - Print Warning message if cmd will not be used based on entrypoint - Update 01-intro.md - Shouldn't add insecure registries to list of search registries - Report errors on bad transports specification when pushing images - Move parsing code out of common for namespaces and into pkg/parse.go - Add disable-content-trust noop flag to bud - Change freenode chan to buildah - runCopyStdio(): don't close stdin unless we saw POLLHUP - Add registry errors for pull - runCollectOutput(): just read until the pipes are closed on us - Run(): provide redirection for stdio - rmi, rm: add test - add mount test - Add parameter judgment for commands that do not require parameters - Add context dir to bud command in baseline test - run.bats: check that we can run with symlinks in the bundle path - Give better messages to users when image can not be found - use absolute path for bundlePath - Add environment variable to buildah --format - rm: add validation to args and all option - Accept json array input for config entrypoint - Run(): process RunOptions.Mounts, and its flags - Run(): only collect error output from stdio pipes if we created some - Add OnBuild support for Dockerfiles - Quick fix on demo readme - run: fix validate flags - buildah bud should require a context directory or URL - Touchup tutorial for run changes - Validate common bud and from flags - images: Error if the specified imagename does not exist - inspect: Increase err judgments to avoid panic - add test to inspect - buildah bud picks up ENV from base image - Extend the amount of time travis_wait should wait - Add a make target for Installing CNI plugins - Add tests for namespace control flags - copy.bats: check ownerships in the container - Fix SELinux test errors when SELinux is enabled - Add example CNI configurations - Run: set supplemental group IDs - Run: use a temporary mount namespace - Use CNI to configure container networks - add/secrets/commit: Use mappings when setting permissions on added content - Add CLI options for specifying namespace and cgroup setup - Always set mappings when using user namespaces - Run(): break out creation of stdio pipe descriptors - Read UID/GID mapping information from containers and images - Additional bud CI tests - Run integration tests under travis_wait in Travis - build-using-dockerfile: add --annotation - Implement --squash for build-using-dockerfile and commit - Vendor in latest container/storage for devicemapper support - add test to inspect - Vendor github.com/onsi/ginkgo and github.com/onsi/gomega - Test with Go 1.10, too - Add console syntax highlighting to troubleshooting page - bud.bats: print '' before checking its contents - Manage 'Run' containers more closely - Break Builder.Run()'s 'run runc' bits out - util.ResolveName(): handle completion for tagged/digested image names - Handle /etc/hosts and /etc/resolv.conf properly in container - Documentation fixes - Make it easier to parse our temporary directory as an image name - Makefile: list new pkg/ subdirectoris as dependencies for buildah - containerImageSource: return more-correct errors - API cleanup: PullPolicy and TerminalPolicy should be types - Make 'run --terminal' and 'run -t' aliases for 'run --tty' - Vendor github.com/containernetworking/cni v0.6.0 - Update github.com/containers/storage - Update github.com/projectatomic/libpod - Add support for buildah bud --label - buildah push/from can push and pull images with no reference - Vendor in latest containers/image - Update gometalinter to fix install.tools error - Update troubleshooting with new run workaround - Added a bud demo and tidied up - Attempt to download file from url, if fails assume Dockerfile - Add buildah bud CI tests for ENV variables - Re-enable rpm .spec version check and new commit test - Update buildah scratch demo to support el7 - Added Docker compatibility demo - Update to F28 and new run format in baseline test - Touchup man page short options across man pages - Added demo dir and a demo. chged distrorlease - builder-inspect: fix format option - Add cpu-shares short flag (-c) and cpu-shares CI tests - Minor fixes to formatting in rpm spec changelog - Fix rpm .spec changelog formatting - CI tests and minor fix for cache related noop flags - buildah-from: add effective value to mount propagation [1.0-1] - Remove buildah run cmd and entrypoint execution - Add Files section with registries.conf to pertinent man pages - Force 'localhost' as a default registry - Add --compress, --rm, --squash flags as a noop for bud - Add FIPS mode secret to buildah run and bud - Add config --comment/--domainname/--history-comment/--hostname - Add support for --iidfile to bud and commit - Add /bin/sh -c to entrypoint in config - buildah images and podman images are listing different sizes - Remove tarball as an option from buildah push --help - Update entrypoint behaviour to match docker - Display imageId after commit - config: add support for StopSignal - Allow referencing stages as index and names - Add multi-stage builds support - Vendor in latest imagebuilder, to get mixed case AS support - Allow umount to have multi-containers - Update buildah push doc - buildah bud walks symlinks - Imagename is required for commit atm, update manpage [0.16-3.git532e267] - Resolves: #1573681 - built commit 532e267 [0.16.0-2.git6f7d05b] - built commit 6f7d05b [0.16-1] - Add support for shell - Vendor in latest containers/image - docker-archive generates docker legacy compatible images - Do not create subdirectories for layers with no configs - Ensure the layer IDs in legacy docker/tarfile metadata are unique - docker-archive: repeated layers are symlinked in the tar file - sysregistries: remove all trailing slashes - Improve docker/* error messages - Fix failure to make auth directory - Create a new slice in Schema1.UpdateLayerInfos - Drop unused storageImageDestination.{image,systemContext} - Load a *storage.Image only once in storageImageSource - Support gzip for docker-archive files - Remove .tar extension from blob and config file names - ostree, src: support copy of compressed layers - ostree: re-pull layer if it misses uncompressed_digest|uncompressed_size - image: fix docker schema v1 -> OCI conversion - Add /etc/containers/certs.d as default certs directory - Change image time to locale, add troubleshooting.md, add logo to other mds - Allow --cmd parameter to have commands as values - Document the mounts.conf file - Fix man pages to format correctly - buildah from now supports pulling images using the following transports: - docker-archive, oci-archive, and dir. - If the user overrides the storage driver, the options should be dropped - Show Config/Manifest as JSON string in inspect when format is not set - Adds feature to pull compressed docker-archive files [0.15-1] - Fix handling of buildah run command options [0.14-1] - If commonOpts do not exist, we should return rather then segfault - Display full error string instead of just status - Implement --volume and --shm-size for bud and from - Fix secrets patch for buildah bud - Fixes the naming issue of blobs and config for the dir transport by removing the .tar extension [0.13-1.git99066e0] - use correct version [0.12-4.git99066e0] - enable debuginfo [0.12-3.git99066e0] - BR: libseccomp-devel [0.12-2.git99066e0] - Resolves: #1548535 - built commit 99066e0 [0.12-1] - Added handing for simpler error message for Unknown Dockerfile instructions. - Change default certs directory to /etc/containers/certs.dir - Vendor in latest containers/image - Vendor in latest containers/storage - build-using-dockerfile: set the 'author' field for MAINTAINER - Return exit code 1 when buildah-rmi fails - Trim the image reference to just its name before calling getImageName - Touch up rmi -f usage statement - Add --format and --filter to buildah containers - Add --prune,-p option to rmi command - Add authfile param to commit - Fix --runtime-flag for buildah run and bud - format should override quiet for images - Allow all auth params to work with bud - Do not overwrite directory permissions on --chown - Unescape HTML characters output into the terminal - Fix: setting the container name to the image - Prompt for un/pwd if not supplied with --creds - Make bud be really quiet - Return a better error message when failed to resolve an image - Update auth tests and fix bud man page [0.11-3.git49095a8] - Resolves: #1542236 - add ostree and bump runc dep [0.11-2.git49095a8] - rebased to 49095a83f8622cf69532352d183337635562e261 [0.11-1] - Add --all to remove containers - Add --all functionality to rmi - Show ctrid when doing rm -all - Ignore sequential duplicate layers when reading v2s1 - Lots of minor bug fixes - Vendor in latest containers/image and containers/storage [0.10-2] - Fix checkin [0.10-1] - Display Config and Manifest as strings - Bump containers/image - Use configured registries to resolve image names - Update to work with newer image library - Add --chown option to add/copy commands [0.9-2.git04ea079] - build for all arches [0.9-1] - Allow push to use the image id - Make sure builtin volumes have the correct label [0.8-1] - Buildah bud was failing on SELinux machines, this fixes this - Block access to certain kernel file systems inside of the container [0.7-1] - Ignore errors when trying to read containers buildah.json for loading SELinux reservations - Use credentials from kpod login for buildah - Adds support for converting manifest types when using the dir transport - Rework how we do UID resolution in images - Bump github.com/vbatts/tar-split - Set option.terminal appropriately in run [0.5-5.gitf7dc659] - revert building for s390x, it is intended for rhel 7.5 [0.5-4] - Add requires for container-selinux [0.5-3.gitf7dc659] - build for s390x, https://bugzilla.redhat.com/show_bug.cgi?id=1482234 [0.5-2] - Bump github.com/vbatts/tar-split - Fixes CVE That could allow a container image to cause a DOS [0.5-1] - Add secrets patch to buildah - Add proper SELinux labeling to buildah run - Add tls-verify to bud command - Make filtering by date use the image's date - images: don't list unnamed images twice - Fix timeout issue - Add further tty verbiage to buildah run - Make inspect try an image on failure if type not specified - Add support for - Tons of bug fixes and code cleanup [0.4-2.git01db066] - bump to latest version - set GIT_COMMIT at build-time [0.4-1.git9cbccf88c] - Add default transport to push if not provided - Avoid trying to print a nil ImageReference - Add authentication to commit and push - Add information on buildah from man page on transports - Remove --transport flag - Run: do not complain about missing volume locations - Add credentials to buildah from - Remove export command - Run(): create the right working directory - Improve 'from' behavior with unnamed references - Avoid parsing image metadata for dates and layers - Read the image's creation date from public API - Bump containers/storage and containers/image - Don't panic if an image's ID can't be parsed - Turn on --enable-gc when running gometalinter - rmi: handle truncated image IDs [0.4-1.git9cbccf8] - bump to v0.4 [0.3-4.gitb9b2a8a] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [0.3-3.gitb9b2a8a] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [0.3-2.gitb9b2a8a7e] - Bump for inclusion of OCI 1.0 Runtime and Image Spec [0.2.0-1.gitac2aad6] - buildah run: Add support for -- ending options parsing - buildah Add/Copy support for glob syntax - buildah commit: Add flag to remove containers on commit - buildah push: Improve man page and help information - buildah run: add a way to disable PTY allocation - Buildah docs: clarify --runtime-flag of run command - Update to match newer storage and image-spec APIs - Update containers/storage and containers/image versions - buildah export: add support - buildah images: update commands - buildah images: Add JSON output option - buildah rmi: update commands - buildah containers: Add JSON output option - buildah version: add command - buildah run: Handle run without an explicit command correctly - Ensure volume points get created, and with perms - buildah containers: Add a -a/--all option [0.1.0-2.git597d2ab9] - Release Candidate 1 - All features have now been implemented. [0.0.1-1.git7a0a5333] - First package for Fedora cockpit-podman [11-1] - Fix Alert notification in Image Search Modal - Allow more than a single Error Notification for Container action errors - Various Alert cleanups - Translation updates - Related: RHELPLAN-25138 [10-1] - Support for user containers - Show list of containers that use given image - Show placeholder while loading containers and images - Fix setting memory limit - bug 1732713 - Add container Terminal - bug 1703245 - Related: RHELPLAN-25138 conmon [2:2.0.6-1] - update to 2.0.6 - Related: RHELPLAN-25138 [2:2.0.5-1] - update to 2.0.5 - Related: RHELPLAN-25138 [2:2.0.4-1] - update to 2.0.4 bugfix release - Related: RHELPLAN-25138 [2:2.0.3-2.giteb5fa88] - BR: systemd-devel - Related: RHELPLAN-25138 [2:2.0.3-1.giteb5fa88] - update to 2.0.3 [2:2.0.2-0.1.dev.git422ce21] - build latest upstream master [2:2.0.0-2] - remove BR: go-md2man since no manpages yet [2:2.0.0-1] container-selinux [2:2.124.0-1] - update to 2.124.0 - Related: RHELPLAN-25138 [2:2.123.0-2] - implement spec file refactoring by Zdenek Pytela, namely: Change the uninstall command in the %postun section of the specfile to use the %selinux_modules_uninstall macro which uses priority 200. Change the install command in the %post section if the specfile to use the %selinux_modules_install macro. Replace relabel commands with using the %selinux_relabel_pre and %selinux_relabel_post macros. Change formatting so that the lines are vertically aligned in the %postun section. (https://github.com/containers/container-selinux/pull/85) - Related: RHELPLAN-25138 [2:2.123.0-1] - update to 2.123.0 - Related: RHELPLAN-25138 [2:2.122.0-1] - update to 2.122.0 [2:2.119.0-3.gita233788] - update to master container-selinux - bug 1769469 [2:2.119.0-2] - fix post scriptlet - fail if semodule fails - bug 1729272 [2:2.119.0-1] - update to 2.119.0 [2:2.116-1] - update to 2.116, bug 1748519 [2:2.107-2] - Use at least selinux policy 3.14.3-9.el8, Resolves: #1728700 [2:2.107-1] - Resolves: #1720654 - rebase to v2.107 [2:2.89-1.git2521d0d] - bump to v2.89 [2:2.75-1.git99e2cfd] - bump to v2.75 - built commit 99e2cfd [2:2.74-1] - Resolves: #1641655 - bump to v2.74 - built commit a62c2db [2:2.73-3] - tweak macro for fedora - applies to rhel8 as well [2:2.73-2] - moved changelog entries: - Define spc_t as a container_domain, so that container_runtime will transition to spc_t even when setup with nosuid. - Allow container_runtimes to setattr on callers fifo_files - Fix restorecon to not error on missing directory [2.69-3] - Make sure we pull in the latest selinux-policy [2.69-2] - Add map support to container-selinux for RHEL 7.5 - Dontudit attempts to write to kernel_sysctl_t [2.68-1] - Add label for /var/lib/origin - Add customizable_file_t to customizable_types [2.67-1] - Add policy for container_logreader_t [2.66-1] - Allow dnsmasq to dbus chat with spc_t [2.64-1] - Allow containers to create all socket classes [2.62-1] - Label overlay directories under /var/lib/containers/ correctly [2.61-1] - Allow spc_t to load kernel modules from inside of container [2.60-1] - Allow containers to list cgroup directories - Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t. [2.58-2] - Run restorecon /usr/bin/podman in postinstall [2.58-1] - Add labels to allow podman to be run from a systemd unit file [2.57-1] - Set the version of SELinux policy required to the latest to fix build issues. [2.56-1] - Allow container_runtime_t to transition to spc_t over unlabeled files [2.55-1] Allow iptables to read container state Dontaudit attempts from containers to write to /proc/self Allow spc_t to change attributes on container_runtime_t fifo files [2.52-1] - Add better support for writing custom selinux policy for customer container domains. [2.51-1] - Allow shell_exec_t as a container_runtime_t entrypoint [2.50-1] - Allow bin_t as a container_runtime_t entrypoint [2.49-1] - Add support for MLS running container runtimes - Add missing allow rules for running systemd in a container [2.48-1] - Update policy to match master branch - Remove typebounds and replace with nnp_transition and nosuid_transition calls [2.41-1] - Add support to nnp_transition for container domains - Eliminates need for typebounds. [2.40-1] - Allow container_runtime_t to use user ttys - Fixes bounds check for container_t [2.39-1] - Allow container runtimes to use interited terminals. This helps satisfy the bounds check of container_t versus container_runtime_t. [2.38-1] - Allow container runtimes to mmap container_file_t devices - Add labeling for rhel push plugin [2.37-1] - Allow containers to use inherited ttys - Allow ostree to handle labels under /var/lib/containers/ostree [2.36-1] - Allow containers to relabelto/from all file types to container_file_t [2.35-1] - Allow container to map chr_files labeled container_file_t [2.34-1] - Dontaudit container processes getattr on kernel file systems [2.33-1] - Allow containers to read /etc/resolv.conf and /etc/hosts if volume - mounted into container. [2.32-1] - Make sure users creating content in /var/lib with right labels [2.31-1] - Allow the container runtime to dbus chat with dnsmasq - add dontaudit rules for container trying to write to /proc [2.29-1] - Add support for lxcd - Add support for labeling of tmpfs storage created within a container. [2.28-1] - Allow a container to umount a container_file_t filesystem [2.27-1] - Allow container runtimes to work with the netfilter sockets - Allow container_file_t to be an entrypoint for VM's - Allow spc_t domains to transition to svirt_t [2.24-1] - Make sure container_runtime_t has all access of container_t [2.23-1] - Allow container runtimes to create sockets in tmp dirs [2.22-1] - Add additonal support for crio labeling. [2.21-3] - Fixup spec file conditionals [2:2.21-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [2.21-1] - Allow containers to execmod on container_share_t files. [2.20-2] - Relabel runc and crio executables [2.20-1] - Allow container processes to getsession [2:2.19-2.1] - update release tag to isolate from 7.3 [2:2.19-1] - Fix mcs transition problem on stdin/stdout/stderr - Add labels for CRI-O - Allow containers to use tunnel sockets [2:2.15-1.1] - Resolves: #1451289 - rebase to v2.15 - built @origin/RHEL-1.12 commit 583ca40 [2:2.10-2.1] - Make sure we have a late enough version of policycoreutils [2:2.10-1] - Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container [2:2.9-4] - Resolves: #1425574 - built commit 79a6d70 [2:2.9-3] - Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4 [2:2.9-2] - built @origin/RHEL-1.12 commit 33cb78b [2:2.8-2] - [2:2.7-1] - built origin/RHEL-1.12 commit 21dd37b [2:2.4-2] - correct version-release in changelog entries [2:2.4-1] - Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc* [2:2.3-1] - Fix labeling on /usr/bin/runc.* - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content [2:2.2-4] - use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7 [2:2.2-3] - properly disable docker module in %post [2:2.2-2] - depend on selinux-policy-targeted - relabel docker-latest* files as well [2:2.2-1] - bump to v2.2 - additional labeling for ocid [2:2.0-2] - install policy at level 200 - From: Dan Walsh <dwalsh@redhat.com> [2:2.0-1] - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel [2:1.12.4-29] - new package (separated from docker) containernetworking-plugins [0.8.3-4.0.1] - Disable debuginfo [0.8.3-4] - compile with no_openssl - Related: RHELPLAN-25138 [0.8.3-3] - compile in FIPS mode - Related: RHELPLAN-25138 [0.8.3-2] - be sure to use golang >= 1.12.12-4 - Related: RHELPLAN-25138 [0.8.3-1] - update to 0.8.3 - Related: RHELPLAN-25138 [0.8.1-2] - backport https://github.com/coreos/go-iptables/pull/62 from Michael Cambria - Resolves: #1627561 [0.8.1-1] - Resolves: #1720319 - bump to v0.8.1 [0.7.5-1] - Resolves: #1616063 - bump to v0.7.5 [0.7.4-3.git9ebe139] - re-enable debuginfo [0.7.4-2.git9ebe139] - rebase, removed patch that is already upstream [0.7.3-7.git19f2f28] - go tools not in scl anymore [0.7.3-6.git19f2f28] - correct tag specification format in %gobuild macro [0.7.3-5.git19f2f28] - Resolves: #1616062 - patch to revert coreos/go-iptables bump [0.7.3-4.git19f2f28] - Resolves:#1603012 - fix versioning, upstream got it wrong at 7.2 [0.7.2-3.git19f2f28] - disable i686 temporarily for appstream builds - update golang deps and gobuild definition [0.7.2-2.git19f2f28] - rebase [0.7.0-103.gitdd8ff8a] - enable scl with the toolset [0.7.0-102.gitdd8ff8a] - remove devel and unittest subpackages - use new go-toolset deps [0.7.0-101] - rebase - patches already upstream, removed [0.6.0-6] - Imported from Fedora - Renamed CNI -> plugins [0.6.0-4] - Own the libexec cni directory [0.6.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [0.6.0-2] - skip settling IPv4 addresses [0.6.0-1] - rebased to 7480240de9749f9a0a5c8614b17f1f03e0c06ab9 [0.5.2-7] - do not install to /opt (against Fedora Guidelines) [0.5.2-6] - Enable devel subpackage [0.5.2-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [0.5.2-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [0.5.2-3] - excludearch: ppc64 as it's not in goarches anymore - re-enable s390x [0.5.2-2] - upstream moved to github.com/containernetworking/plugins - built commit dcf7368 - provides: containernetworking-plugins - use vendored deps because they're a lot less of a PITA - excludearch: s390x for now (rhbz#1466865) [0.5.2-1] - Update to 0.5.2 - Softlink to default /opt/cni/bin directories [0.5.1-1] - Initial package fuse-overlayfs [0.7.2-1] - update to 0.7.2 - Related: RHELPLAN-25138 [0.7-1] - update to 0.7 - apply patch to fix build on RHEL-8 - Related: RHELPLAN-25138 [0.4.1-1] - Resolves: #1720654 - rebase to v0.4.1 [0.3-2] - rebase - Resolves:#1666510 [0.1-7.dev.git50c7a50] - Resolves: #1640232 - built commit 50c7a50 [0.1-6.dev.git1c72a1a] - Resolves: #1614856 - add manpage - built commit 1c72a1a - add BR: go-md2man [0.1-5.dev.gitd40ac75] - built commit d40ac75 - remove fedora bz ids - Exclude ix86 and ppc64 [0.1-4.dev.git79c70fd] - Resolves: #1609598 - initial upload to Fedora - bundled gnulib [0.1-3.dev.git79c70fd] - correct license field [0.1-2.dev.git79c70fd] - fix license [0.1-1.dev.git13575b6] - First package for Fedora podman [1.6.4-2.0.1] - delivering fix for [Orabug: 29874238] by Nikita Gerasimov <nikita.gerasimov@oracle.com> [1.6.4-2] - apply fix for bug 1757845 - Related: RHELPLAN-25138 [1.6.4-1] - update to 1.6.4 - Related: RHELPLAN-25138 [1.6.3-6] - remove BR: device-mapper-devel, minor spec file changes - Related: RHELPLAN-25138 [1.6.3-5] - Ensure volumes reacquire locks on state refresh (thanks Matt Heon) - Related: RHELPLAN-25138 [1.6.3-4] - use the file events logger backend if systemd isn't available (thanks to Giuseppe Scrivano) - Related: RHELPLAN-25138 [1.6.3-3] - require slirp4netns >= 0.4.0-1 - Related: RHELPLAN-25138 [1.6.3-2] - apply fix to not to fail gating tests: don't parse the config for cgroup-manager default - don't hang while on podman run --rm - bug 1767663 [1.6.3-1] - update to podman 1.6.3 - addresses CVE-2019-18466 [1.6.2-6] - fix %gobuild macro to not to ignore BUILDTAGS [1.6.2-5] - use btrfs_noversion to really disable BTRFS support - amend/reuse BUILDTAGS - still keep device-mapper-devel BR otherwise build fails despite dm support being disabled (build scripting invokes pkg-config for devmapper which is shipped by the dm-devel package) [1.6.2-4] - disable BTRFS support [1.6.2-3] - split podman and conmon packages - drop BR: device-mapper-devel and update BRs in general [1.6.2-2] - drop oci-systemd-hook requirement - drop upstreamed CVE-2019-10214 patch [1.6.2-1] - update to podman 1.6.2 [1.4.2-6] - fix build with --nocheck (#1721394) - escape commented out macros [1.4.2-5] - Fix CVE-2019-10214 (#1734649). [1.4.2-4] - update to latest conmon (Resolves: #1743685) [1.4.2-3] - update to v1.4.2-stable1 - Resolves: #1741157 [1.4.2-2] - Resolves: #1669197, #1705763, #1737077, #1671622, #1723879, #1730281, - Resolves: #1731117 - built libpod v1.4.2-stable1 [1.4.2-1] - Resolves: #1721638 - bump to v1.4.2 [1.4.1-4] - Resolves: #1720654 - update dep on libvarlink - Resolves: #1721247 - enable fips mode [1.4.1-3] - Resolves: #1720654 - podman requires podman-manpages - update dep on cni plugins >= 0.8.1-1 [1.4.1-2] - Resolves: #1720654 - podman-manpages obsoletes podman < 1.4.1-2 [1.4.1-1] - Resolves: #1720654 - bump to v1.4.1 - bump conmon to v0.3.0 [1.4.0-1] - Resolves: #1720654 - bump to v1.4.0 [1.3.2-2] - Resolves: #1683217 - tests subpackage requires slirp4netns [1.3.2-1] - Resolves: #1707220 - bump to v1.3.2 - built conmon v0.2.0 [1.2.0-1.git3bd528e5] - package system tests, zsh completion. Update CI tests to use new -tests pkg [1.1.0-1.git006206a] - bump to v1.1.0 [1.0.1-1.git2c74edd] - bump to v1.0.1 [1.0.0-2.git921f98f] - rebase [1.0.0-1.git82e8011] - rebase to v1, yay! - rebase conmon to 9b1f0a08285a7f74b21cc9b6bfd98a48905a7ba2 - Resolves:#1623282 - python interface removed, moved to https://github.com/containers/python-podman/ [0.12.1.2-4.git9551f6b] - re-enable debuginfo [0.12.1.2-3.git9551f6b] - python libraries added - resolves: #1657180 [0.12.1.2-2.git9551f6b] - rebase [0.11.1.1-3.git594495d] - go tools not in scl anymore [0.11.1.1-2.git594495d] - fedora-like buildrequires go toolset [0.11.1.1-1.git594495d] - Resolves: #1636230 - build with FIPS enabled golang toolchain - bump to v0.11.1.1 - built commit 594495d [0.11.1-3.gita4adfe5] - podman-docker provides docker - Resolves: #1650355 [0.11.1-2.gita4adfe5] - Require platform-python-setuptools instead of python3-setuptools - Resolves: rhbz#1650144 [0.11.1-1.gita4adfe5] - bump to v0.11.1 - built libpod commit a4adfe5 - built conmon from cri-o commit 464dba6 [0.10.1.3-5.gitdb08685] - Resolves: #1625384 - keep BR: device-mapper-devel but don't build with it - not having device-mapper-devel seems to have brew not recognize %{_unitdir} [0.10.1.3-4.gitdb08685] - Resolves: #1625384 - correctly add buildtags to remove devmapper [0.10.1.3-3.gitdb08685] - Resolves: #1625384 - build without device-mapper-devel (no podman support) and lvm2 [0.10.1.3-2.gitdb08685] - Resolves: #1625384 - depend on lvm2 [0.10.1.3-1.gitdb08685] - Resolves: #1640298 - update vendored buildah to allow building when there are running containers - bump to v0.10.1.3 - built podman commit db08685 [0.10.1.2-1.git2b4f8d1] - Resolves: #1625378 - bump to v0.10.1.2 - built podman commit 2b4f8d1 [0.10.1.1-1.git4bea3e9] - bump to v0.10.1.1 - built podman commit 4bea3e9 [0.10.1-1.gite4a1553] - bump podman to v0.10.1 - built podman commit e4a1553 - built conmon from cri-o commit a30f93c [0.9.3.1-4.git1cd906d] - rebased cri-o to 1.11.6 [0.9.3.1-3.git1cd906d] - rebase [0.9.2-2.git37a2afe] - rebase to podman 0.9.2 - rebase to cri-o 0.11.4 [0.9.1.1-2.git123de30] - rebase [0.8.4-1.git9f9b8cf] - bump to v0.8.4 - built commit 9f9b8cf - upstream username changed from projectatomic to containers - use containernetworking-plugins >= 0.7.3-5 [0.8.2.1-2.git7a526bb] - Resolves: #1615607 - rebuild with gobuild tag 'no_openssl' [0.8.2.1-1.git7a526bb] - Upstream 0.8.2.1 release - Add support for podman-docker Resolves: rhbz#1615104 [0.8.2-1.dev.git8b2d38e] - Resolves: #1614710 - podman search name includes registry - bump to v0.8.2-dev - built libpod commit 8b2d38e - built conmon from cri-o commit acc0ee7 [0.8.1-2.git6b4ab2a] - Add recommends for slirp4netns and container-selinux [0.8.1-2.git6b4ab2a] - bump to v0.8.1 - use %go{build,generate} instead of go build and go generate - update go deps to use scl-ized builds - No need for Makefile patch for python installs [0.8.1-1.git6b4ab2a] - Bump to v0.8.1 [0.7.4-2.git079121] - podman should not require atomic-registries [0.7.4-1.dev.git9a18681] - bump to v0.7.4-dev - built commit 9a18681 [0.7.3-2.git079121] - Turn on ostree support - Upstream 0.7.3 [0.7.2-2.git4ca4c5f] - Upstream 0.7.2 release [0.7.1-3.git84cfdb2] - rebuilt [0.7.1-2.git84cfdb2] - rebase to 84cfdb2 [0.7.1-1.git802d4f2] - Upstream 0.7.1 release [0.6.4-2.gitd5beb2f] - disable devel and unittest subpackages - include conditionals for rhel-8.0 [0.6.4-1.gitd5beb2f] - do not compress debuginfo with dwz to support delve debugger [0.6.1-3.git3e0ff12] - do not compress debuginfo with dwz to support delve debugger [0.6.1-2.git3e0ff12] - bash completion shouldn't have shebang [0.6.1-1.git3e0ff12] - Resolves: #1584429 - drop capabilities when running a container as non-root - bump to v0.6.1 - built podman commit 3e0ff12 - built conmon from cri-o commit 1c0c3b0 - drop containernetworking-plugins subpackage, it's now split out into a standalone package [0.4.1-4.gitb51d327] - Resolves: #1572538 - build host-device and portmap plugins [0.4.1-3.gitb51d327] - correct dep on containernetworking-plugins [0.4.1-2.gitb51d327] - add containernetworking-plugins v0.7.0 as a subpackage (podman dep) - release tag for the containernetworking-plugins is actually gotten from podman release tag. [0.4.1-1.gitb51d327] - bump to v0.4.1 - built commit b51d327 [0.3.3-1.dev.gitbc358eb] - built podman commit bc358eb - built conmon from cri-o commit 712f3b8 [0.3.2-1.gitf79a39a] - Release 0.3.2-1 [0.3.1-2.git98b95ff] - Correct RPM version [0.3.1-1-gitc187538] - Release 0.3.1-1 [0.2.2-2.git525e3b1] - Build on ARMv7 too (Fedora supports containers on that arch too) [0.2.2-1.git525e3b1] - Release 0.2.2 [0.2.1-1.git3d0100b] - Release 0.2.1 [0.2-3.git3d0100b] - Add dep for atomic-registries [0.2-2.git3d0100b] - Add more 64bit arches - Add containernetworking-cni dependancy - Add iptables dependancy [0-2.1.git3d0100] - Release 0.2 [0-0.3.git367213a] - Resolves: #1541554 - first official build - built commit 367213a [0-0.2.git0387f69] - built commit 0387f69 [0-0.1.gitc1b2278] - First package for Fedora python-podman-api [1.2.0-0.2.gitd0a45fe] - revert update to 1.6.0 due to new python3-pbr dependency which is not in RHEL - Related: RHELPLAN-25138 [1.2.0-0.1.gitd0a45fe] - Initial package runc [1.0.0-64.rc9] - use no_openssl in BUILDTAGS (no vendored crypto in runc) - Related: RHELPLAN-25138 [1.0.0-63.rc9] - be sure to use golang >= 1.12.12-4 - Related: RHELPLAN-25138 [1.0.0-62.rc9] - rebuild because of CVE-2019-9512 and CVE-2019-9514 - Related: RHELPLAN-25138 [1.0.0-61.rc9] - update to runc 1.0.0-rc9 release - amend golang deps - fixes CVE-2019-16884 [1.0.0-60.rc8] - Resolves: #1721247 - enable fips mode [1.0.0-59.rc8] - Resolves: #1720654 - rebase to v1.0.0-rc8 [1.0.0-57.rc5.dev.git2abd837] - Resolves: #1693424 - podman rootless: cannot specify gid= mount options [1.0.0-56.rc5.dev.git2abd837] - change-default-root patch not needed as there's no docker on rhel8 [1.0.0-55.rc5.dev.git2abd837] - Resolves: CVE-2019-5736 [1.0.0-54.rc5.dev.git2abd837] - re-enable debuginfo [1.0.0-53.rc5.dev.git2abd837] - go toolset not in scl anymore [1.0.0-52.rc5.dev.git2abd837] - rebase [2:1.0.0-51.dev.gitfdd8055] - Fix handling of tmpcopyup [2:1.0.0-49.rc5.dev.gitb4e2ecb] - %gobuild uses no_openssl - remove unused devel and unit-test subpackages [2:1.0.0-48.rc5.dev.gitad0f525] - build with %gobuild - exlude i686 temporarily because of go-toolset issues [1.0.0-47.dev.gitb4e2ecb] - Rebuild with fixed binutils [2:1.0.0-46.dev.gitb4e2ecb] - Add patch https://github.com/opencontainers/runc/pull/1807 to allow - runc and podman to work with sd_notify [2:1.0.0-40.rc5.dev.gitad0f525] - Remove sysclt handling, not needed in RHEL8 - Make sure package built with seccomp flags - Remove rectty - Add completions [2:1.0.0-36.rc5.dev.gitad0f525] - Better handling of user namespace [2:1.0.0-31.rc5.git0cbfd83] - Fix issues between SELinux and UserNamespace [1.0.0-27.rc5.dev.git4bb1fe4] - rebuilt, placed missing changelog entry back [2:1.0.0-26.rc5.git4bb1fe4] - release v1.0.0~rc5 [1.0.0-26.rc4.git9f9c962] - Bump to the latest from upstream [1.0.0-25.rc4.gite6516b3] - built commit e6516b3 [1.0.0-24.rc4.dev.gitc6e4a1e.1] - rebase to c6e4a1ebeb1a72b529c6f1b6ee2b1ae5b868b14f - https://github.com/opencontainers/runc/pull/1651 [1.0.0-23.rc4.git1d3ab6d] - Resolves: #1524654 [1.0.0-22.rc4.git1d3ab6d] - Many Stability fixes - Many fixes for rootless containers - Many fixes for static builds [1.0.0-21.rc4.dev.gitaea4f21] - enable debuginfo and include -buildmode=pie for go build [1.0.0-20.rc4.dev.gitaea4f21] - use Makefile [1.0.0-19.rc4.dev.gitaea4f21] - disable debuginfo temporarily [1.0.0-18.rc4.dev.gitaea4f21] - enable debuginfo [1.0.0-17.rc4.gitaea4f21] - Add container-selinux prerequires to make sure runc is labeled correctly [1.0.0-16.rc4.dev.gitaea4f21] - correct the release tag 'rc4dev' -> 'rc4.dev' cause I'm OCD [1.0.0-15.rc4dev.gitaea4f21] - Use the same checkout as Fedora for lates CRI-O [1.0.0-14.rc4dev.git84a082b] - rebase to 84a082bfef6f932de921437815355186db37aeb1 [1.0.0-13.rc3.gitd40db12] - Resolves: #1479489 - built commit d40db12 [1.0.0-12.1.gitf8ce01d] - disable s390x temporarily because of indefinite wait times on brew [1.0.0-11.1.gitf8ce01d] - correct previous bogus date : [1.0.0-10.1.gitf8ce01d] - Resolves: #1441737 - run sysctl_apply for sysctl knob [1.0.0-9.1.gitf8ce01d] - Resolves: #1447078 - change default root path - add commit e800860 from runc @projectatomic/change-root-path [1.0.0-8.1.gitf8ce01d] - Resolves: #1441737 - enable kernel sysctl knob /proc/sys/fs/may_detach_mounts [1.0.0-7.1.gitf8ce01d] - Resolves: #1429675 - built @opencontainers/master commit f8ce01d [1.0.0-4.1.gitee992e5] - built @projectatomic/master commit ee992e5 [1.0.0-3.rc2] - Resolves: #1426674 - built projectatomic/runc_rhel_7 commit 5d93f81 [1.0.0-2.rc2] - Resolves: #1419702 - rebase to latest upstream master - built commit b263a43 [1.0.0-1.rc2] - Resolves: #1412239 - *CVE-2016-9962* - set init processes as non-dumpable, runc patch from Michael Crosby <crosbymichael@gmail.com> [0.1.1-6] - Resolves: #1373980 - rebuild for 7.3.0 [0.1.1-5] - build with golang >= 1.6.2 [0.1.1-4] - release tags were inconsistent in the previous build [0.1.1-1] - Resolves: #1341267 - rebase runc to v0.1.1 [0.1.0-3] - add selinux build tag - add BR: libseccomp-devel [0.1.0-2] - Resolves: #1328970 - add seccomp buildtag [0.1.0-1] - Resolves: rhbz#1328616 - rebase to v0.1.0 [0.0.8-1.git4155b68] - Resolves: rhbz#1277245 - bump to 0.0.8 - Resolves: rhbz#1302363 - criu is a runtime dep - Resolves: rhbz#1302348 - libseccomp-golang is bundled in Godeps - manpages included [1:0.0.5-0.1.git97bc9a7] - Update to 0.0.5, introduce Epoch for Fedora due to 0.2 version instead of 0.0.2 [0.2-0.2.git90e6d37] - First package for Fedora resolves: #1255179 skopeo [0.1.40-8.0.1] - Add oracle registry into the conf file [Orabug: 29845934] - Fix oracle registry login issues [Orabug: 29937192] [1:0.1.40-8] - change the search order of registries and remove quay.io (#1784267) [1:0.1.40-7] - compile in FIPS mode - Related: RHELPLAN-25138 [1:0.1.40-6] - be sure to use golang >= 1.12.12-4 - Related: RHELPLAN-25138 [1:0.1.40-5] - fix file list - Related: RHELPLAN-25138 [1:0.1.40-4] - add missing source files to git - Related: RHELPLAN-25138 [1:0.1.40-3] - rebuild because of CVE-2019-9512 and CVE-2019-9514 - Related: RHELPLAN-25138 [1:0.1.40-2] - comment out mountopt option in order to fix gating tests see bug 1769769 [1:0.1.40-1] - update to 0.1.40 [1:0.1.37-5] - Fix CVE-2019-10214 (#1734651). [1:0.1.37-4] - fix permissions of rhel/secrets Resolves: #1691543 [1:0.1.37-3] - Resolves: #1719994 - add registry.access.redhat.com to registries.conf [1:0.1.37-2] - Resolves: #1721247 - enable fips mode [1:0.1.37-1] - Resolves: #1720654 - rebase to v0.1.37 [1:0.1.36-1.git6307635] - built upstream tag v0.1.36, including system tests [1:0.1.32-4.git1715c90] - Fixes @openshift/machine-config-operator#669 - install /etc/containers/oci/hooks.d and /etc/containers/certs.d [1:0.1.32-3.git1715c90] - rebase [1:0.1.32-2.git1715c90] - re-enable debuginfo [1:0.1.31-12.gitb0b750d] - go tools not in scl anymore [1:0.1.31-11.gitb0b750d] - Resolves: #1615609 - built upstream tag v0.1.31 [1:0.1.31-10.git0144aa8] - Resolves: #1616069 - correct order of registries [1:0.1.31-9.git0144aa8] - Resolves: #1615609 - rebuild with gobuild tag 'no_openssl' [1:0.1.31-8.git0144aa8] - Resolves: #1614934 - containers-common soft dep on slirp4netns and fuse-overlayfs [1:0.1.31-7.git0144aa8] - build with %gobuild - use scl-ized go-toolset as dep - disable i686 builds temporarily because of go-toolset issues [1:0.1.31-6.git0144aa8] - add statx to seccomp.json to containers-config - add seccomp.json to containers-config [1:0.1.31-4.git0144aa8] - Resolves: #1597629 - handle dependency issue for skopeo-containers - rename skopeo-containers to containers-common as in Fedora [1:0.1.31-3.git0144aa8] - Resolves: #1583762 - btrfs dep removal needs exclude_graphdriver_btrfs buildtag [1:0.1.31-2.git0144aa8] - correct bz in previous changelog [1:0.1.31-1.git0144aa8] - Resolves: #1580938 - resolve FTBFS - Resolves: #1583762 - remove dependency on btrfs-progs-devel - bump to v0.1.31 (from master) - built commit ca3bff6 - use go-toolset deps for rhel8 [0.1.29-5.git7add6fc] - Fix small typo in registries.conf [0.1.29-4.git] - Add policy.json.5 [0.1.29-3.git] - Add registries.conf [0.1.29-2.git] - Add registries.conf man page [0.1.29-1.git] - bump to 0.1.29-1 - Updated containers/image docker-archive generates docker legacy compatible images Do not create subdirectories for layers with no configs Ensure the layer IDs in legacy docker/tarfile metadata are unique docker-archive: repeated layers are symlinked in the tar file sysregistries: remove all trailing slashes Improve docker/* error messages Fix failure to make auth directory Create a new slice in Schema1.UpdateLayerInfos Drop unused storageImageDestination.{image,systemContext} Load a *storage.Image only once in storageImageSource Support gzip for docker-archive files Remove .tar extension from blob and config file names ostree, src: support copy of compressed layers ostree: re-pull layer if it misses uncompressed_digest|uncompressed_size image: fix docker schema v1 -> OCI conversion Add /etc/containers/certs.d as default certs directory [0.1.28-2.git0270e56] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [0.1.28-1.git] - Vendor in fixed libraries in containers/image and containers/storage [0.1.27-1.git] - Fix Conflicts to Obsoletes - Add better docs to man pages. - Use credentials from authfile for skopeo commands - Support storage='' in /etc/containers/storage.conf - Add global --override-arch and --override-os options [0.1.25-2.git2e8377a7] - Add manifest type conversion to skopeo copy - User can select from 3 manifest types: oci, v2s1, or v2s2 - e.g skopeo copy --format v2s1 --compress-blobs docker-archive:alp.tar dir:my-directory [0.1.25-2.git7fd6f66b] - Force storage.conf to default to overlay [0.1.25-1.git7fd6f66b] - Fix CVE in tar-split - copy: add shared blob directory support for OCI sources/destinations - Aligning Docker version between containers/image and skopeo - Update image-tools, and remove the duplicate Sirupsen/logrus vendor - makefile: use -buildmode=pie [0.1.24-8.git28d4e08a] - Add /usr/share/containers/mounts.conf [0.1.24-7.git28d4e08a] - Bug fixes - Update to release [0.1.24-6.dev.git28d4e08] - skopeo-containers conflicts with docker-rhsubscription <= 2:1.13.1-31 [0.1.24-5.dev.git28d4e08] - Add rhel subscription secrets data to skopeo-containers [0.1.24-4.dev.git28d4e08] - Update container/storage.conf and containers-storage.conf man page - Default override to true so it is consistent with RHEL. [0.1.24-3.dev.git28d4e08] - built commit 28d4e08 [0.1.24-2.dev.git875dd2e] - built commit 875dd2e - Resolves: gh#416 [0.1.24-1.dev.gita41cd0] - bump to 0.1.24-dev - correct a prior bogus date - fix macro in comment warning [0.1.23-6.dev.git1bbd87] - Change name of storage.conf.5 man page to containers-storage.conf.5, since it conflicts with inn package - Also remove default to 'overalay' in the configuration, since we should - allow containers storage to pick the best default for the platform. [0.1.23-5.git1bbd87f] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [0.1.23-4.git1bbd87f] - Rebuild with binutils fix for ppc64le (#1475636) [0.1.23-3.git1bbd87f] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [0.1.23-2.dev.git1bbd87] - Fix storage.conf man page to be storage.conf.5.gz so that it works. [0.1.23-1.dev.git1bbd87] - Support for OCI V1.0 Images - Update to image-spec v1.0.0 and revendor - Fixes for authentication [0.1.22-2.dev.git5d24b67] - Epoch: 1 for CentOS as CentOS Extras' build already has epoch set to 1 [0.1.22-1.dev.git5d24b67] - Give more useful help when explaining usage - Also specify container-storage as a valid transport - Remove docker reference wherever possible - vendor in ostree fixes [0.1.21-1.dev.git0b73154] - Add support for storage.conf and storage-config.5.md from github container storage package - Bump to the latest version of skopeo - vendor.conf: add ostree-go - it is used by containers/image for pulling images to the OSTree storage. - fail early when image os does not match host os - Improve documentation on what to do with containers/image failures in test-skopeo - We now have the docker-archive: transport - Integration tests with built registries also exist - Support /etc/docker/certs.d - update image-spec to v1.0.0-rc6 [0.1.20-1.dev.git0224d8c] - BZ #1380078 - New release [0.1.19-2.dev.git0224d8c] - No golang support for ppc64. Adding exclude arch. BZ #1445490 [0.1.19-1.dev.git0224d8c] - bump to v0.1.19-dev - built commit 0224d8c [0.1.17-3.dev.git2b3af4a] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [0.1.17-2.dev.git2b3af4a] - Rebuild for gpgme 1.18 [0.1.17-1.dev.git2b3af4a] - bump to 0.1.17-dev [0.1.14-6.git550a480] - Fix BZ#1391932 [0.1.14-5.git550a480] - Conflicts with atomic in skopeo-containers [0.1.14-4.git550a480] - built skopeo-containers [0.1.14-3.gitd830391] - built mtrmac/integrate-all-the-things commit d830391 [0.1.14-2.git362bfc5] - built commit 362bfc5 [0.1.14-1.gitffe92ed] - build origin/master commit ffe92ed [0.1.13-6] - https://fedoraproject.org/wiki/Changes/golang1.7 [0.1.13-5] - include go-srpm-macros and compiler(go-compiler) in fedora conditionals - define %gobuild if not already - add patch to build with older version of golang [0.1.13-4] - update to v0.1.12 [0.1.12-3] - fix go build source path [0.1.12-2] - update to v0.1.12 [0.1.11-1] - update to v0.1.11 [0.1.10-1] - update to v0.1.10 - change runcom -> projectatomic [0.1.9-1] - update to v0.1.9 [0.1.8-1] - update to v0.1.8 [0.1.4-2] - https://fedoraproject.org/wiki/Changes/golang1.6 [0.1.4] - First package for Fedora slirp4netns [0.4.2-2.git21fdece] - Fix CVE-2020-7039. - Related: RHELPLAN-25138 [0.4.2-1.git21fdece] - update to latest 0.4.2, fixes bug 1763454 - Related: RHELPLAN-25138 [0.4.0-2] - add new BR: libseccomp-devel [0.4.0-1] - update to v.0.4.0 - sync with fedora spec - drop applied CVE-2019-14378 patch [0.3.0-4] - Fix CVE-2019-14378 (#1755595). [0.3.0-3] - Resolves: #1683217 - BR: glib2-devel [0.3.0-2] - Resolves: #1683217 - bump slirp4netns to v0.3.0 [0.3.0-1.alpha.2.git30883b5] - bump to v0.3.0-alpha.2 [0.1-2.dev.gitc4e1bc5] - changed summary [0.1-1.dev.gitc4e1bc5] - First package for RHEL 8 - import from Fedora rawhide - Exclude ix86 and ppc64 toolbox [0.0.4-1.el8] - Update for rhel8.1 container-tools module [0.0.4-1.rhaos4.2.el8] - Add help switch per RHBZ#1684258 - Spec fixes found by rpmlint [0.0.3-1.rhaos4.1.el8] - Use rhel8/support-tools [0.0.2-1.rhaos4.1.el8] - Add runlabel options and fix default image [0.0.1-1.rhaos4.1.el8] - Initial Specfile for Red Hat CoreOS Toolbox udica [0.2.1-2] - initial import to container-tools 8.2.0 - Related: RHELPLAN-25139 [0.2.1-1] - New rebase https://github.com/containers/udica/releases/tag/v0.2.0 Resolves: rhbz#1757693 [0.2.0-1] - New rebase https://github.com/containers/udica/releases/tag/v0.2.0 Resolves: rhbz#1757693 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-7039 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [1.5.3-167.el7_7.4] - kvm-target-i386-add-MDS-NO-feature.patch [bz#1755333] - Resolves: bz#1755333 ([Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm [rhel-7.7.z]) [1.5.3-167.el7_7.3] - kvm-target-i386-Export-TAA_NO-bit-to-guests.patch [bz#1771960] - kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch [bz#1771960] - Resolves: bz#1771960 (CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.7.z]) [1.5.3-167.el7_7.2] - kvm-target-i386-Merge-feature-filtering-checking-functio.patch [bz#1730606] - kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch [bz#1730606] - kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch [bz#1730606] - kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch [bz#1730606] - kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch [bz#1730606] - kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch [bz#1730606] - kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch [bz#1730606] - kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch [bz#1730606] - kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch [bz#1730606] - kvm-Remove-arch-capabilities-deprecation.patch [bz#1730606] - Resolves: bz#1730606 ([Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm [rhel-7.7.z]) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-11135 CVE-2019-14378 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:7:patch Oracle Linux 7 [3.10.0-1062.12.1.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] [3.10.0-1062.12.1] - [powerpc] powerpc/pseries: Remove confusing warning message (Gustavo Duarte) [1780148 1748306] - [powerpc] powerpc/pseries: Call H_BLOCK_REMOVE when supported (Gustavo Duarte) [1780148 1748306] - [powerpc] powerpc/pseries: Read TLB Block Invalidate Characteristics (Gustavo Duarte) [1780148 1748306] - [scsi] scsi: bnx2fc: Handle scope bits when array returns BUSY or TSF (Nilesh Javali) [1776290 1750577] - [scsi] scsi: bnx2fc: remove set but not used variables 'task', 'port', 'orig_task' (Nilesh Javali) [1776290 1750577] - [scsi] scsi: bnx2fc: remove set but not used variables 'lport', 'host' (Nilesh Javali) [1776290 1750577] - [scsi] scsi: bnx2fc: remove set but not used variable 'fh' (Nilesh Javali) [1776290 1750577] - [fs] SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (Leif Sahlberg) [1767621 1764567] [3.10.0-1062.11.1] - [tty] TTY: serial_core, add ->install (Kenneth Yin) [1780163 1443152] - [net] gro: fix use-after-free read in napi_gro_frags() (Paolo Abeni) [1780033 1750810] - [net] cfg80211: wext: avoid copying malformed SSIDs (Stanislaw Gruszka) [1778631 1778632] - [fs] userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx (Alex Gladkov) [1777351 1749766] - [fs] gfs2: Use async glocks for rename (Robert S Peterson) [1777297 1677686] - [fs] gfs2: create function gfs2_glock_update_hold_time (Robert S Peterson) [1777297 1677686] - [fs] gfs2: separate holder for rgrps in gfs2_rename (Robert S Peterson) [1777297 1677686] - [wireless] mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings (Stanislaw Gruszka) [1776615 1776616] - [x86] cpuidle-haltpoll: vcpu hotplug support (Marcelo Tosatti) [1776289 1771849] - [cpuidle] cpuidle-haltpoll: return -ENODEV on modinit failure (Marcelo Tosatti) [1776289 1756843] - [wireless] mwifiex: fix possible heap overflow in mwifiex_process_country_ie() (Stanislaw Gruszka) [1776205 1776206] - [wireless] mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() (Stanislaw Gruszka) [1776156 1776157] {CVE-2019-14901} - [fs] vfs: Fix EOVERFLOW testing in put_compat_statfs64 (Eric Sandeen) [1775678 1758001] - [x86] x86/atomic: Fix smp_mb__{before,after}_atomic() (Prarit Bhargava) [1772812 1769569] - [mm] mm-vmstat-reduce-zone-lock-holding-time-by-proc-pagetypeinfo-fix (Waiman Long) [1770732 1757943] - [mm] mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (Waiman Long) [1770732 1757943] - [mm] mm, vmstat: hide /proc/pagetypeinfo from normal users (Waiman Long) [1770732 1757943] - [md] dm rq: fix handling underlying queue busy (Ming Lei) [1770113 1767482] - [pci] hv: Use bytes 4 and 5 from instance ID as the PCI domain numbers (Mohammed Gamal) [1766097 1634251] - [pci] hv: Detect and fix Hyper-V PCI domain number collision (Mohammed Gamal) [1766097 1634251] - [pci] hv: Serialize the present and eject work items (Mohammed Gamal) [1766097 1634251] - [netdrv] hv_netvsc: fix network namespace issues with VF support (Mohammed Gamal) [1766093 1741334] - [netdrv] hv_netvsc: move VF to same namespace as netvsc device (Mohammed Gamal) [1766093 1741334] - [netdrv] hv_netvsc: set master device (Mohammed Gamal) [1766093 1741334] - [pci] PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it (Mohammed Gamal) [1766089 1737567] [3.10.0-1062.10.1] - [net] netfilter: masquerade: don't flush all conntracks if only one address deleted on device (Patrick Talbert) [1779564 1771396] - [net] netfilter: conntrack: resched in nf_ct_iterate_cleanup (Patrick Talbert) [1779564 1771396] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17133 CVE-2019-14895 CVE-2019-14901 CVE-2019-14816 CVE-2019-14898 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ol7 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [4.6.5-11.0.1] - Blank out header-logo.png product-name.png - Replace login-screen-logo.png [Orabug: 20362818] [4.6.5-11.el7_7.4] - Resolves: #1781153 - After upgrade AD Trust Agents were removed from LDAP - trust upgrade: ensure that host is member of adtrust agents - Resolves: #1777303 - CVE-2019-10195 ipa: batch API logging user passwords to /var/log/httpd/error_log - CVE-2019-10195: Don't log passwords embedded in commands in calls using batch - Resolves: #1773953 - User incorrectly added to negative cache when backend is reconnecting to IPA service / timed out: error code 32 'No such object' - extdom: unify error code handling especially LDAP_NO_SUCH_OBJECT - ipa-extdom-extop: test timed out getgrgid_r - Resolves: #1770728 - Issue with adding multiple RHEL 7 IPA replica to RHEL 6 IPA master - DL0 replica install: fix nsDS5ReplicaBindDN config - Resolves: #1767300 - CVE-2019-14867 ipa: Denial of service in IPA server due to wrong use of ber_scanf() - Make sure to have storage space for tag IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-14867 CVE-2019-10195 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:7:patch Oracle Linux 6 [0.26-8.2] - Fix insufficient encoding checks for LZ Resolves: rhbz#1598651 [0.26-8.1] - Fix flexible array buffer overflow Resolves: rhbz#1596008 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-10893 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 8 [1.8.25p1-8.1] - RHEL 8.1.0.Z ERRATUM - CVE-2019-18634 Resolves: rhbz#1798092 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18634 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:1:baseos_patch Oracle Linux 8 [68.5.0-2.0.1.el8_1] - Rebuild to pickup Oracle default bookmarks [Orabug: 30069264] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Remove upstream references [Orabug: 30530527] - Update to 68.5.0 build2 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6800 CVE-2020-6798 CVE-2020-6796 cpe:/a:oracle:linux:8::appstream Oracle Linux 6 [20120801-38] - Do not evaluate arithmetic expressions from environment variables at startup Resolves: #1790542 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-14868 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 Oracle Linux 7 [68.5.0-2.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6798 CVE-2020-6796 CVE-2020-6800 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:7:patch Oracle Linux 6 [68.5.0-2.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6796 CVE-2020-6798 CVE-2020-6800 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [1.8.23-4.0.2.2] - Bump release to avoid conflict with previous Orace Linux errata [1.8.23-4.2] - RHEL 7.7.z - fixed CVE-2019-18634 Resolves: rhbz#1798094 [1.8.23-4.1] - RHEL-7.7.z - fixed CVE-2019-14287 Resolves: rhbz#1760694 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18634 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ol7 Oracle Linux 7 [1:1.7.0.251-2.6.21.0.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.251-2.6.21.0] - Bump to 2.6.21 and OpenJDK 7u251-b02. - Resolves: rhbz#1785753 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2654 CVE-2020-2593 CVE-2020-2590 CVE-2020-2604 CVE-2020-2659 CVE-2020-2583 CVE-2020-2601 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [2.3.1-3] - Fix CVE-2020-8112 resolves: #1801030 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8112 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 8 [20120801-253.0.1.el8_1] - Disable _AST_no_spawnveg for taskset workaround [Orabug: 26754277] Red Hat Bug: #1295563 [20120801-253] - Do not evaluate arithmetic expressions from environment variables at startup Resolves: #1790546 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-14868 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [20120801-140.0.1] - disable _AST_no_spawnveg for taskset workaround [orabug 26754277] Red Hat Bug: #1295563 [20120801-140] - Do not evaluate arithmetic expressions from environment variables at startup Resolves: #1790543 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-14868 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ol7 Oracle Linux 8 [2.3.1-3] - Fix CVE-2020-8112 (#1801033) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8112 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 6 [68.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.5.0-1] - Update to 68.5.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6798 CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 CVE-2020-6795 CVE-2020-6800 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 8 [239-18.0.2.el8_1.4] - fix to generate systemd-pstore.service file [Orabug: 30230056] - fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam@oracle.com) [Orabug: 25897792] - set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874] - allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] - add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475] - Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056] [239-18.4] - sd-bus: use 'queue' message references for managing r/w message queues in connection objects (CVE-2020-1712) [239-18.3] - core, job: fix breakage of ordering dependencies by systemctl reload command (#1781712) - syslog: fix segfault in syslog_parse_priority() (#1781712) - journald: fixed assertion failure when system journal rotation fails (#9893) (#1781712) - test: use PBKDF2 instead of Argon2 in cryptsetup... (#1781712) - test: mask several unnecessary services (#1781712) - test: bump the second partition's size to 50M (#1781712) - sd-bus: make rqueue/wqueue sizes of type size_t (#20201712) - sd-bus: reorder bus ref and bus message ref handling (#20201712) - sd-bus: make sure dispatch_rqueue() initializes return parameter on all types of success (#20201712) - sd-bus: drop two inappropriate empty lines (#20201712) - sd-bus: initialize mutex after we allocated the wqueue (#20201712) - sd-bus: always go through sd_bus_unref() to free messages (#20201712) - bus-message: introduce two kinds of references to bus messages (#20201712) - sd-bus: introduce API for re-enqueuing incoming messages (#20201712) - sd-event: add sd_event_source_disable_unref() helper (#20201712) - polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it (#20201712) [239-18.2] - ask-password: prevent buffer overrow when reading from keyring (#1777037) [239-18.1] - journal: rely on _cleanup_free_ to free a temporary string used in client_context_read_cgroup (#1767716) [239-18] - shared/but-util: drop trusted annotation from bus_open_system_watch_bind_with_description() (#1746857) - sd-bus: adjust indentation of comments (#1746857) - resolved: do not run loop twice (#1746857) - resolved: allow access to Set*Link and Revert methods through polkit (#1746857) - resolved: query polkit only after parsing the data (#1746857) [239-17] - mount: simplify /proc/self/mountinfo handler (#1696178) - mount: rescan /proc/self/mountinfo before processing waitid() results (#1696178) - swap: scan /proc/swaps before processing waitid() results (#1696178) - analyze-security: fix potential division by zero (#1734400) [239-16] - sd-bus: deal with cookie overruns (#1694999) - journal-remote: do not request Content-Length if Transfer-Encoding is chunked (#1708849) - journal: do not remove multiple spaces after identifier in syslog message (#1691817) - cryptsetup: Do not fallback to PLAIN mapping if LUKS data device set fails. (#1719153) - cryptsetup: call crypt_load() for LUKS only once (#1719153) - cryptsetup: Add LUKS2 token support. (#1719153) - udev/scsi_id: fix incorrect page length when get device identification VPD page (#1713227) - Change job mode of manager triggered restarts to JOB_REPLACE (#11456 - bash-completion: analyze: support 'security' (#1733395) - man: note that journal does not validate syslog fields (#1707175) - rules: skip memory hotplug on ppc64 (#1713159) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1712 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:1:baseos_patch Oracle Linux 7 [68.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.5.0-1] - Update to 68.5.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6798 CVE-2020-6795 CVE-2020-6800 CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [68.5.0-1.0.1.el8_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.5.0-1] - Update to 68.5.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6792 CVE-2020-6793 CVE-2020-6798 CVE-2020-6795 CVE-2020-6794 CVE-2020-6800 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [2.0.0-20gitd1c6db8] - Combined fixes for CVE-2020-5312 and CVE-2019-16865 Resolves: rhbz#1789533 Resolves: rhbz#1774066 [2.0.0-19gitd1c6db8] - Reenabled webp support on little endian archs. [2.0.0-18gitd1c6db8] - Disabled webp support on ppc64le due to #962091 and #1127230. - Updated URL. [2.0.0-17gitd1c6db8] - Wiped out some memory leaks. [2.0.0-15.gitd1c6db8] - Mass rebuild 2014-01-24 [2.0.0-14gitd1c6db8] - Fixed memory corruption. - Resolves: rhbz#1001122 [2.0.0-13.gitd1c6db8] - Mass rebuild 2013-12-27 [2.0.0-12] - Mark doc subpackage arch dependent. Docs are built depending on supported features, which are different across archs. Resolves: rhbz#987839 [2.0.0-11] - Drop lcms support Resolves: rhbz#987839 [2.0.0-10] - Build without webp support on s390* archs Resolves: rhbz#962059 [2.0.0-9.gitd1c6db8] - Conditionaly disable build of python3 parts on RHEL system [2.0.0-8.gitd1c6db8] - Add patch to fix test failure on big-endian [2.0.0-7.gitd1c6db8] - Remove Obsoletes in the python-pillow-qt subpackage. Obsoletes isn't appropriate since qt support didn't exist in the previous python-pillow package so there's no reason to drag in python-pillow-qt when updating python-pillow. [2.0.0-6.gitd1c6db8] - Update to latest git - python-pillow_quantization.patch now upstream - python-pillow_endianness.patch now upstream - Add subpackage for ImageQt module, with correct dependencies - Add PyQt4 and numpy BR (for generating docs / running tests) [2.0.0-5.git93a488e] - Reenable tests on bigendian, add patches for #928927 [2.0.0-4.git93a488e] - Update to latest git - disable tests on bigendian (PPC*, S390*) until rhbz#928927 is fixed [2.0.0-3.gitde210a2] - python-pillow_tempfile.patch now upstream - Add python3-imaging provides (bug #924867) [2.0.0-2.git2e88848] - Update to latest git - Remove python-pillow-disable-test.patch, gcc is now fixed - Add python-pillow_tempfile.patch to prevent a temporary file from getting packaged [2.0.0-1.git2f4207c] - Update to 2.0.0 git snapshot - Enable python3 packages - Add libwebp-devel BR for Pillow 2.0.0 [1.7.8-6.20130305git] - Add ARM support [1.7.8-5.20130305git] - add s390* and ppc* to arch detection [1.7.8-4.20130305git7866759] - Update to latest git snapshot - 0001-Cast-hash-table-values-to-unsigned-long.patch now upstream - Pillow-1.7.8-selftest.patch now upstream [1.7.8-3.20130210gite09ff61] - Really remove -fno-strict-aliasing - Place comment on how to retreive source just above the Source0 line [1.7.8-2.20130210gite09ff61] - Rebuild without -fno-strict-aliasing - Add patch for upstream issue #52 [1.7.8-1.20130210gite09ff61] - Initial RPM package IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-16865 CVE-2020-5312 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:7:patch Oracle Linux 8 nodejs [1:10.19.0-1] - Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606 [1:10.16.3-1] - Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518 [1:10.14.1-1] - Resolves: RHBZ#1644207 - fixes node-gyp permissions - rebase [1:10.11.0-2] - BuildRequire nodejs-packaging for proper npm dependency generation - Resolves: rhbz#1615947 [1:10.11.0-1] - Rebase to 10.11.0 - Import changes from fedora - Resolves: rhbz#1621766 [1:10.7.0-5] - Import sources from fedora - Allow using python2 at %build and %install - turn off debug for aarch64 [1:10.7.0-4] - Fix npm upgrade scriptlet - Fix unexpected trailing .1 in npm release field [1:10.7.0-3] - Restore annotations to binaries - Fix unexpected trailing .1 in release field [1:10.7.0-2] - Update to 10.7.0 - https://nodejs.org/en/blog/release/v10.7.0/ - https://nodejs.org/en/blog/release/v10.6.0/ [1:10.5.0-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [1:10.5.0-1] - Update to 10.5.0 - https://nodejs.org/en/blog/release/v10.5.0/ [1:10.4.1-1] - Update to 10.4.1 to address security issues - https://nodejs.org/en/blog/release/v10.4.1/ - Resolves: rhbz#1590801 - Resolves: rhbz#1591014 - Resolves: rhbz#1591019 [1:10.4.0-1] - Update to 10.4.0 - https://nodejs.org/en/blog/release/v10.4.0/ [1:10.3.0-1] - Update to 10.3.0 - Update npm to 6.1.0 - https://nodejs.org/en/blog/release/v10.3.0/ [1:10.2.1-2] - Fix up bare 'python' to be python2 - Drop redundant entry in docs section [1:10.2.1-1] - Update to 10.2.1 - https://nodejs.org/en/blog/release/v10.2.1/ [1:10.2.0-1] - Update to 10.2.0 - https://nodejs.org/en/blog/release/v10.2.0/ [1:10.1.0-3] - Fix incorrect rpm macro [1:10.1.0-2] - Include upstream v8 fix for ppc64[le] - Disable debug build on ppc64[le] and s390x [1:10.1.0-1] - Update to 10.1.0 - https://nodejs.org/en/blog/release/v10.1.0/ - Reenable node_g binary [1:10.0.0-1] - Update to 10.0.0 - https://nodejs.org/en/blog/release/v10.0.0/ - Drop workaround patch - Temporarily drop node_g binary due to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85587 [1:9.11.1-2] - Use standard Fedora linker flags (bug #1543859) [1:9.11.1-1] - Update to 9.11.1 - https://nodejs.org/en/blog/release/v9.11.0/ - https://nodejs.org/en/blog/release/v9.11.1/ [1:9.10.0-1] - Update to 9.10.0 - https://nodejs.org/en/blog/release/v9.10.0/ [1:9.9.0-1] - Update to 9.9.0 - https://nodejs.org/en/blog/release/v9.9.0/ [1:9.8.0-1] - Update to 9.8.0 - https://nodejs.org/en/blog/release/v9.8.0/ [1:9.7.0-1] - Update to 9.7.0 - https://nodejs.org/en/blog/release/v9.7.0/ - Work around F28 build issue [1:9.6.1-1] - Update to 9.6.1 - https://nodejs.org/en/blog/release/v9.6.1/ - https://nodejs.org/en/blog/release/v9.6.0/ [1:9.5.0-1] - Package Node.js 9.5.0 [1:8.9.4-2] - Fix incorrect Requires: [1:8.9.4-1] - Update to 8.9.4 - https://nodejs.org/en/blog/release/v8.9.4/ - Switch to system copy of nghttp2 [1:8.9.3-2] - Update to 8.9.3 - https://nodejs.org/en/blog/release/v8.9.3/ - https://nodejs.org/en/blog/release/v8.9.2/ [1:8.9.1-2] - Rebuild for ICU 60.1 [1:8.9.1-1] - Update to 8.9.1 [1:8.9.0-1] - Update to 8.9.0 - Drop upstreamed patch [1:8.8.1-1] - Update to 8.8.1 to fix a regression [1:8.8.0-1] - Security update to 8.8.0 - https://nodejs.org/en/blog/release/v8.8.0/ [1:8.7.0-1] - Update to 8.7.0 - https://nodejs.org/en/blog/release/v8.7.0/ [1:8.6.0-2] - Use bcond macro instead of bootstrap conditional [1:8.6.0-1] - Fix nghttp2 version - Update to 8.6.0 - https://nodejs.org/en/blog/release/v8.6.0/ [1:8.5.0-3] - Build with bootstrap + bundle libuv for modularity - backport patch for aarch64 debug build [1:8.5.0-2] - Disable debug builds on aarch64 due to https://github.com/nodejs/node/issues/15395 [1:8.5.0-1] - Update to v8.5.0 - https://nodejs.org/en/blog/release/v8.5.0/ [1:8.4.0-2] - Refactor openssl BR [1:8.4.0-1] - Update to v8.4.0 - https://nodejs.org/en/blog/release/v8.4.0/ - http2 is now supported, add bundled nghttp2 - remove openssl 1.0.1 patches, we won't be using them in fedora [1:8.3.0-1] - Update to v8.3.0 - https://nodejs.org/en/blog/release/v8.3.0/ - update V8 to 6.0 - update minimal gcc and g++ requirements to 4.9.4 [1:8.2.1-2] - Bump release to fix broken dependencies [1:8.2.1-1.2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1:8.2.1-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1:8.2.1-1] - Update to v8.2.1 - https://nodejs.org/en/blog/release/v8.2.1/ [1:8.2.0-1] - Update to v8.2.0 - https://nodejs.org/en/blog/release/v8.2.0/ - Update npm to 5.3.0 - Adds npx command [1:8.1.4-3] - s/BuildRequires/Requires/ for http-parser-devel%{?_isa} [1:8.1.4-2] - Rename python-devel to python2-devel - own %{_pkgdocdir}/npm [1:8.1.4-1] - Update to v8.1.4 - https://nodejs.org/en/blog/release/v8.1.4/ - Drop upstreamed c-ares patch [1:8.1.3-1] - Update to v8.1.3 - https://nodejs.org/en/blog/release/v8.1.3/ [1:8.1.2-1] - Update to v8.1.2 - remove GCC 7 patch, as it is now fixed in node >= 6.12 nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15604 CVE-2019-15605 CVE-2019-15606 CVE-2019-16776 CVE-2019-16775 CVE-2019-16777 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [5.1.1-10] - Bump and rebuild for gating to deliver CVE fixes Resolves: rhbz#1789535 [5.1.1-9] - Fix for CVE-2020-5311 - out-of-bounds write in expandrow Resolves: rhbz#1789535 [5.1.1-8] - Combined fixes for CVE-2020-5312 and CVE-2019-16865 Resolves: rhbz#1789533 Resolves: rhbz#1774066 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-5312 CVE-2019-16865 CVE-2020-5311 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 nodejs [1:12.16.1-1] - Resolves: RHBZ#1800393, RHBZ#1800394, RHBZ#1800380 - Rebase to 12.16.1 nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15606 CVE-2019-15605 CVE-2019-15604 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 7 [2.4.5-34.0.2] - Userland headers should always appear before kernel - [Orabug: 27656836] (philip.copeland@oracle.com) [2.4.5-34] - Fixed buffer overflow in the eap_request and eap_response functions Resolves: CVE-2020-8597 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8597 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 6 [2.4.5-11] - Fixed buffer overflow in the eap_request and eap_response functions Resolves: CVE-2020-8597 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8597 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1:1.7.0.251-2.6.21.0.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.251-2.6.21.0] - Bump to 2.6.21 and OpenJDK 7u251-b02. - Resolves: rhbz#1785753 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 CVE-2020-2590 CVE-2020-2593 CVE-2020-2583 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 8 [2.4.7-26] - Fixed buffer overflow in the eap_request and eap_response functions Resolves: CVE-2020-8597 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8597 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:1:baseos_patch cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 6 [3.0.1-21] - add security fix for CVE-2018-1311 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2018-1311 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [2.7.1-8.2] - Do not break ABI with CVE-2019-15605 fix [2.7.1-8.1] - Resolves: CVE-2019-15605 http-parser: nodejs: HTTP request smuggling using malformed Transfer-Encoding header IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15605 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ol7 cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 Oracle Linux 7 [3.1.1-10] - add security fix for CVE-2018-1311 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2018-1311 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 8 [2.8.0-5.2] - Do not break ABI with CVE-2019-15605 fix [2.8.0-5.1] - Resolves: CVE-2019-15605 http-parser: nodejs: HTTP request smuggling using malformed Transfer-Encoding header IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15605 cpe:/a:oracle:linux:8::appstream Oracle Linux 6 [1.8.6p3-29.0.1.el6_10.3] - Fixes [OraBug: 28747380] sudo does not honor env_keep-='KRB5CCNAME' after 'sudo -k' (isaac.chen@oracle.com) [1.8.6p3-29.3] - RHEL-6.10.z ERRATUM - fixed CVE-2019-18634 Resolves: rhbz#1799018 [1.8.6p3-29.2] - RHEL-6.10.z ERRATUM - fixed CVE-2019-14287 Resolves: rhbz#1760684 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18634 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 Oracle Linux 6 [0.12.1.2-2.506.el6_10.6] - kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch [bz#1734747] - kvm-Using-ip_deq-after-m_free-might-read-pointers-from-a.patch [bz#1749731] - kvm-tcp_emu-Fix-oob-access.patch [bz#1791558] - kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch [bz#1791558] - kvm-slirp-use-correct-size-while-emulating-commands.patch [bz#1791558] - Resolves: bz#1734747 (CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-6.10.z]) - Resolves: bz#1749731 (CVE-2019-15890 qemu-kvm: QEMU: Slirp: use-after-free during packet reassembly [rhel-6]) - Resolves: bz#1791558 (CVE-2020-7039 qemu-kvm: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() [rhel-6.10.z]) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-7039 CVE-2019-14378 CVE-2019-15890 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.6.32-754.28.1.OL6] - Update genkey [bug 25599697] [2.6.32-754.28.1] - [netdrv] ixgbevf: Use cached link state instead of re-reading the value for ethtool (Ken Cox) [1795404] - [isdn] mISDN: enforce CAP_NET_RAW for raw sockets (Andrea Claudi) [1779473] {CVE-2019-17055} - [net] cfg80211: wext: avoid copying malformed SSIDs (Jarod Wilson) [1778625] {CVE-2019-17133} - [netdrv] bonding: speed/duplex update at NETDEV_UP event (Patrick Talbert) [1772779] - [netdrv] bonding: make speed, duplex setting consistent with link state (Patrick Talbert) [1772779] - [netdrv] bonding: simplify / unify event handling code for 3ad mode (Patrick Talbert) [1772779] - [netdrv] bonding: unify all places where actor-oper key needs to be updated (Patrick Talbert) [1772779] - [netdrv] bonding: simple code refactor (Patrick Talbert) [1772779] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17133 CVE-2019-17055 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 Oracle Linux 7 [68.6.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file * Wed Mar 04 2020 Jan Horak <jhorak@redhat.com> - Update to 68.6.0 build1 [68.5.0-3] - Added fix for rhbz#1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6805 CVE-2020-6811 CVE-2019-20503 CVE-2020-6807 CVE-2020-6812 CVE-2020-6806 CVE-2020-6814 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 6 [68.6.0-1.0.1.el6_10] - fix LD_LIBRARY_PATH - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [68.6.0-1] - Update to 68.6.0 build1 [68.5.0-3] - Added fix for rhbz#1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-20503 CVE-2020-6814 CVE-2020-6805 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6806 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 8 [68.6.0-1.0.1.el8_1] - Rebuild to pickup Oracle default bookmarks [Orabug: 30069264] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Remove upstream references [Orabug: 30530527] [68.6.0-1.0.1] - Update to 68.6.0 build1 [68.5.0-3] - Added fix for rhbz#1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6812 CVE-2020-6806 CVE-2020-6807 CVE-2019-20503 CVE-2020-6811 CVE-2020-6805 CVE-2020-6814 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [3.10.0-1062.18.1.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] [3.10.0-1062.18.1] - [x86] x86/boot/64: Round memory hole size up to next PMD page (Frank Ramsay) [1798163 1773762] - [x86] x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (Frank Ramsay) [1798163 1773762] - [fs] gfs2: Use d_materialise_unique instead of d_splice_alias (2) (Andreas Grunbacher) [1796431 1784550] - [fs] gfs2: gfs2_create_inode(): don't bother with d_splice_alias() (Andreas Grunbacher) [1796431 1784550] - [fs] gfs2: bugger off early if O_CREAT open finds a directory (Andreas Grunbacher) [1796431 1784550] - [scsi] scsi: hpsa: remove printing internal cdb on tag collision (Joseph Szczypek) [1793579 1741355] - [scsi] scsi: hpsa: correct scsi command status issue after reset (Joseph Szczypek) [1793579 1741355] - [infiniband] IB/mlx5: Fix MR registration flow to use UMR properly (Alaa Hleihel) [1792371 1741343] - [scsi] qedf: Initialize rport while creation of vport (Nilesh Javali) [1791825 1760746] - [scsi] scsi: hpsa: add missing hunks in reset-patch (Joseph Szczypek) [1791782 1761978] - [block] block: don't change REQ_NR_BITS (Ming Lei) [1791781 1779712] - [scsi] scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (Himanshu Madhani) [1791595 1729270] - [drm] drm/radeon: fix si_enable_smc_cac() failed issue (Dave Airlie) [1789744 1780026] - [scsi] scsi: bnx2fc: timeout calculation invalid for bnx2fc_eh_abort() (Nilesh Javali) [1784824 1772966] - [md] md/raid10: prevent access of uninitialized resync_pages offset (Nigel Croxon) [1781584 1767935] - [fs] fix inode leaks on d_splice_alias() failure exits (Miklos Szeredi) [1781159 1749390] - [fs] cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active (David Howells) [1780149 1765975] - [mm] mm: swap: clean up swap readahead (Rafael Aquini) [1780035 1725396] - [mm] mm: do_swap_page: clean up parameter list passing a pointer to struct vm_fault (Rafael Aquini) [1780035 1725396] - [mm] mm: __handle_mm_fault: introduce explicit barrier after orig_pte dereference (Rafael Aquini) [1780035 1725396] - [x86] kvm: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest that lack it (Paolo Bonzini) [1779766 1779768] - [x86] kvm: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338} - [x86] kvm: x86: Mark expected switch fall-throughs (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338} - [x86] kvm: x86: implement MSR_IA32_TSX_CTRL effect on CPUID (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338} - [x86] kvm: x86: do not modify masked bits of shared MSRs (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338} - [x86] kvm: x86: fix presentation of TSX feature in ARCH_CAPABILITIES (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338} - [x86] kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338} - [s390] scsi: zfcp: fix reaction on bit error threshold notification (Philipp Rudo) [1778691 1765123] - [net] ipv6: Rewind hlist offset on interrupted /proc/net/if_inet6 read (Stefano Brivio) [1778084 1753480] - [net] revert '[net] ipv6: Display all addresses in output of /proc/net/if_inet6' (Stefano Brivio) [1778084 1753480] - [wireless] rtlwifi: Fix potential overflow on P2P code (Josef Oskera) [1775235 1775236] {CVE-2019-17666} - [md] md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (Xiao Ni) [1773482 1752061] - [fs] fscache: Don't use a constructor function on the slab allocator (David Howells) [1793086 1739996] - [mm] mm: fix insert_pfn regression (Jeff Moyer) [1793088 1739889] - [mm] mm/page_idle.c: fix oops because end_pfn is larger than max_pfn (Rafael Aquini) [1768386 1730471] - [mm] mm/mlock.c: mlockall error for flag MCL_ONFAULT (Rafael Aquini) [1768386 1730471] - [mm] hugetlb: use same fault hash key for shared and private mappings (Rafael Aquini) [1768386 1730471] - [mm] hugetlbfs: on restore reserve error path retain subpool reservation (Rafael Aquini) [1768386 1730471] - [mm] mm/memory.c: fix modifying of page protection by insert_pfn() (Rafael Aquini) [1768386 1730471] - [mm] mm, swap: bounds check swap_info array accesses to avoid NULL derefs (Rafael Aquini) [1768386 1730471] - [mm] mm/slub.c: remove an unused addr argument (Rafael Aquini) [1768386 1730471] - [mm] hugetlbfs: fix races and page leaks during migration (Rafael Aquini) [1768386 1730471] - [mm] mm, oom: fix use-after-free in oom_kill_process (Rafael Aquini) [1768386 1730471] - [mm] percpu: convert spin_lock_irq to spin_lock_irqsave (Rafael Aquini) [1768386 1730471] - [mm] mm/swapfile.c: use kvzalloc for swap_info_struct allocation (Rafael Aquini) [1768386 1730471] - [mm] hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (Rafael Aquini) [1768386 1730471] - [mm] mm: Fix warning in insert_pfn() (Rafael Aquini) [1768386 1730471] - [mm] hugetlbfs: dirty pages as they are added to pagecache (Rafael Aquini) [1768386 1730471] - [mm] mm/swapfile.c: fix swap_count comment about nonexistent SWAP_HAS_CONT (Rafael Aquini) [1768386 1730471] - [mm] slab: __GFP_ZERO is incompatible with a constructor (Rafael Aquini) [1768386 1730471] - [mm] mm: fix the NULL mapping case in __isolate_lru_page() (Rafael Aquini) [1768386 1730471] - [mm] mm/filemap.c: fix NULL pointer in page_cache_tree_insert() (Rafael Aquini) [1768386 1730471] - [fs] block_invalidatepage(): only release page if the full page was invalidated (Rafael Aquini) [1768386 1730471] - [mm] mm/mempolicy.c: avoid use uninitialized preferred_node (Rafael Aquini) [1768386 1730471] - [mm] mm: pin address_space before dereferencing it while isolating an LRU page (Rafael Aquini) [1768386 1730471] - [fs] fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate() (Rafael Aquini) [1768386 1730471] - [mm] mm: do not rely on preempt_count in print_vma_addr (Rafael Aquini) [1768386 1730471] - [mm] mm, swap: fix race between swap count continuation operations (Rafael Aquini) [1768386 1730471] - [mm] mm: meminit: mark init_reserved_page as __meminit (Rafael Aquini) [1768386 1730471] - [mm] mm/vmstat.c: fix wrong comment (Rafael Aquini) [1768386 1730471] - [mm] mm, hugetlb: do not allocate non-migrateable gigantic pages from movable zones (Rafael Aquini) [1768386 1730471] - [mm] mm: always flush VMA ranges affected by zap_page_range (Rafael Aquini) [1768386 1730471] - [mm] mm/mremap: fail map duplication attempts for private mappings (Rafael Aquini) [1768386 1730471] - [mm] mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack (Rafael Aquini) [1768386 1730471] - [mm] mm: numa: avoid waiting on freed migrated pages (Rafael Aquini) [1768386 1730471] - [mm] mm/memory-failure.c: use compound_head() flags for huge pages (Rafael Aquini) [1768386 1730471] - [fs] fs/block_dev: always invalidate cleancache in invalidate_bdev() (Rafael Aquini) [1768386 1730471] - [mm] percpu: remove unused chunk_alloc parameter from pcpu_get_pages() (Rafael Aquini) [1768386 1730471] - [mm] percpu: acquire pcpu_lock when updating pcpu_nr_empty_pop_pages (Rafael Aquini) [1768386 1730471] - [mm] mm: do not access page->mapping directly on page_endio (Rafael Aquini) [1768386 1730471] - [mm] mm/page_alloc: fix nodes for reclaim in fast path (Rafael Aquini) [1768386 1730471] - [mm] mm: alloc_contig_range: allow to specify GFP mask (Rafael Aquini) [1768386 1730471] - [mm] mm: vmscan: scan dirty pages even in laptop mode (Rafael Aquini) [1768386 1730471] - [mm] mm/mempolicy.c: do not put mempolicy before using its nodemask (Rafael Aquini) [1768386 1730471] - [mm] mm: fix set pageblock migratetype in deferred struct page init (Rafael Aquini) [1768386 1730471] - [mm] mm: delete unnecessary and unsafe init_tlb_ubc() (Rafael Aquini) [1768386 1730471] - [kernel] mm, mempolicy: task->mempolicy must be NULL before dropping final reference (Rafael Aquini) [1768386 1730471] - [mm] mm: use phys_addr_t for reserve_bootmem_region() arguments (Rafael Aquini) [1768386 1730471] - [mm] mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (Rafael Aquini) [1768386 1730471] - [mm] mm: soft-offline: check return value in second __get_any_page() call (Rafael Aquini) [1768386 1730471] - [include] include/linux/memblock.h: fix ordering of 'flags' argument in comments (Rafael Aquini) [1768386 1730471] - [mm] rmap: fix theoretical race between do_wp_page and shrink_active_list (Rafael Aquini) [1768386 1730471] - [mm] mm/mremap.c: clean up goto just return ERR_PTR (Rafael Aquini) [1768386 1730471] - [mm] mremap should return -ENOMEM when __vm_enough_memory fail (Rafael Aquini) [1768386 1730471] - [mm] writeback: fix possible underflow in write bandwidth calculation (Rafael Aquini) [1768386 1730471] - [mm] writeback: add missing INITIAL_JIFFIES init in global_update_bandwidth() (Rafael Aquini) [1768386 1730471] - [mm] mm/memory.c: actually remap enough memory (Rafael Aquini) [1768386 1730471] - [mm] mm/compaction: fix wrong order check in compact_finished() (Rafael Aquini) [1768386 1730471] - [mm] mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled process being killed (Rafael Aquini) [1768386 1730471] - [mm] mm: fix anon_vma_clone() error treatment (Rafael Aquini) [1768386 1730471] - [mm] mm, thp: fix collapsing of hugepages on madvise (Rafael Aquini) [1768386 1730471] - [mm] cgroup/kmemleak: add kmemleak_free() for cgroup deallocations (Rafael Aquini) [1768386 1730471] - [mm] OOM, PM: OOM killed task shouldn't escape PM suspend (Rafael Aquini) [1768386 1730471] - [mm] mm, compaction: pass gfp mask to compact_control (Rafael Aquini) [1768386 1730471] - [mm] mm: page_alloc: abort fair zone allocation policy when remotes nodes are encountered (Rafael Aquini) [1768386 1730471] - [mm] mm: vmscan: only update per-cpu thresholds for online CPU (Rafael Aquini) [1768386 1730471] - [mm] mm, thp: replace smp_mb after atomic_add by smp_mb__after_atomic (Rafael Aquini) [1768386 1730471] - [mm] mm, thp: move invariant bug check out of loop in __split_huge_page_map (Rafael Aquini) [1768386 1730471] - [mm] thp: consolidate assert checks in __split_huge_page() (Rafael Aquini) [1768386 1730471] - [mm] mm: fix sleeping function warning from __put_anon_vma (Rafael Aquini) [1768386 1730471] - [mm] mm: cleanup add_to_page_cache_locked() (Rafael Aquini) [1768386 1730471] - [mm] mm: mempolicy: turn vma_set_policy() into vma_dup_policy() (Rafael Aquini) [1768386 1730471] - [powerpc] powerpc/pseries: correctly track irq state in default idle (Steve Best) [1767620 1751970] - [mm] mm: prevent get_user_pages() from overflowing page refcount (Aristeu Rozanski) [1705004 1705005] {CVE-2019-11487} - [mm] mm/hugetlb.c: __get_user_pages ignores certain follow_hugetlb_page errors (Aristeu Rozanski) [1705004 1705005] {CVE-2019-11487} [3.10.0-1062.17.1] - [kvm] kvm: x86: always expose VIRT_SSBD to guests (Eduardo Habkost) [1797511 1744281] - [kvm] kvm: x86: fix reporting of AMD speculation bug CPUID leaf (Eduardo Habkost) [1797511 1744281] [3.10.0-1062.16.1] - [netdrv] ixgbevf: Use cached link state instead of re-reading the value for ethtool (Ken Cox) [1796798 1794812] - [kernel] sched: Fix schedule_tail() to disable preemption (Phil Auld) [1796261 1771094] [3.10.0-1062.15.1] - [tools] perf top: Fix global-buffer-overflow issue (Michael Petlan) [1793581 1757325] - [tools] perf top: Always sample time to satisfy needs of use of ordered queuing (Michael Petlan) [1793581 1757325] [3.10.0-1062.14.1] - [s390] jump_label: replace stop_machine with smp_call_function (Hendrik Brueckner) [1787559 1720387] - [s390] kernel: avoid cpu yield in SMT environment (Philipp Rudo) [1787558 1777876] - [x86] mm: serialize against gup_fast in pmdp_splitting_flush() (Vitaly Kuznetsov) [1783177 1674266] [3.10.0-1062.13.1] - [scsi] libiscsi: fall back to sendmsg for slab pages (Oleksandr Natalenko) [1784826 1720506] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17666 CVE-2019-19338 CVE-2019-11487 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ol7 Oracle Linux 7 [9.0.3-7] - Bump Resolves: rhbz#1649153 Resolves: rhbz#1700824 Resolves: rhbz#1702473 Resolves: rhbz#1643829 [9.0.3-6] - Add four new patches for CVEs in bundled urllib3 and requests CVE-2018-20060, CVE-2019-11236, CVE-2019-11324, CVE-2018-18074 Resolves: rhbz#1649153 Resolves: rhbz#1700824 Resolves: rhbz#1702473 Resolves: rhbz#1643829 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-20060 CVE-2019-11324 CVE-2018-18074 CVE-2019-11236 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:7:patch Oracle Linux 7 [15.1.0-4] - Bump Resolves: rhbz#1649153 Resolves: rhbz#1700824 Resolves: rhbz#1643829 [15.1.0-3] - Add three new patches for CVEs in bundled urllib3 and requests CVE-2018-20060, CVE-2019-11236, CVE-2018-18074 Resolves: rhbz#1649153 Resolves: rhbz#1700824 Resolves: rhbz#1643829 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-11236 CVE-2018-18074 CVE-2018-20060 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::latest Oracle Linux 7 [5.0.2-34.el7_7.2] - improve printing of error messages introduced by the fix of CVE-2019-20044 [5.0.2-33.el7_7.1] - drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-20044 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [0:7.0.76-11] - Resolves: rhbz#1806801 CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1938 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 6 [4.3.11-11] - improve printing of error messages introduced by the fix of CVE-2019-20044 [4.3.11-10] - drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-20044 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [4.2.1-15] - Apply icu.13634.integer.overflow.patch - Apply icu.20958.segv.mapper.patch - Resolves: rhbz#1809876 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10531 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 Oracle Linux 7 [50.2-4] - Apply ICU-13634-Adding-integer-overflow-logic-to-ICU4C-num.patch - Apply ICU-20958-Prevent-SEGV_MAPERR-in-append.patch - Resolves: rhbz#1808235 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10531 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:linux:7::beta cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 6 [1.1.6-20] - Fixes for CVE-2020-5312 and related part of CVE-2019-16865 Resolves: rhbz#1789533 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-5312 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 8 [60.3-2] - Apply ICU-13634-Adding-integer-overflow-logic-to-ICU4C-num.patch - Apply ICU-20958-Prevent-SEGV_MAPERR-in-append.patch - Resolves: rhbz#1808238 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10531 cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/o:oracle:linux:8:6:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 cpe:/o:oracle:linux:8:2:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/o:oracle:linux:8:1:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/o:oracle:linux:8:5:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/o:oracle:linux:8:8:baseos_base cpe:/o:oracle:linux:8:9:baseos_base cpe:/o:oracle:linux:8:3:baseos_base cpe:/o:oracle:linux:8:4:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8:7:baseos_base cpe:/o:oracle:linux:8::baseos_developer Oracle Linux 8 [5.5.1-6.el8_1.2] - improve printing of error messages introduced by the fix of CVE-2019-20044 [5.5.1-6.el8_1.1] - drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-20044 cpe:/o:oracle:linux:8:2:baseos_base cpe:/o:oracle:linux:8:3:baseos_base cpe:/o:oracle:linux:8:4:baseos_base cpe:/o:oracle:linux:8:5:baseos_base cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:1:baseos_patch cpe:/o:oracle:linux:8::baseos_latest Oracle Linux 7 [68.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.6.0-1] - Update to 68.6.0 build2 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6805 CVE-2020-6807 CVE-2020-6814 CVE-2020-6811 CVE-2019-20503 CVE-2020-6806 CVE-2020-6812 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest Oracle Linux 6 [0:6.0.24-114] - Related: rhbz#1806803 Update patch to remove secret attribute renaming [0:6.0.24-113] - Related: rhbz#1806803 Add IIS attributes to filter pattern and update secret logic [0:6.0.24-112] - Resolves: rhbz#1806803 CVE-2020-1938 tomcat6: tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1938 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [0.9.9-14] - Fix CVE-2019-15690 (an integer overflow in HandleCursorShape() in a client) (bug #1814339) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15690 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 6 [68.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.6.0-1] - Update to 68.6.0 build2 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-20503 CVE-2020-6807 CVE-2020-6811 CVE-2020-6806 CVE-2020-6812 CVE-2020-6814 CVE-2020-6805 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 8 [68.6.0-1.0.1.el8_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.6.0-1] - Update to 68.6.0 build2 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6814 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6805 CVE-2020-6812 CVE-2019-20503 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [0.9.11-9.2] - Enable gating (bug #1681199) [0.9.11-9.1] - Fix CVE-2019-15690 (an integer overflow in HandleCursorShape() in a client) (bug #1814342) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15690 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.8.18-12] - Disable -fstrict-aliasing (RPMDiff issue) [1.8.18-11] - Backport fix for CVE-2020-5208 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-5208 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [0:1.8.18-9] - Disable -fstrict-aliasing (RPMDiff issue) [0:1.8.18-8] - Backport fix for CVE-2020-5208 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-5208 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 7 [8.24.0-52] RHEL 7.8 ERRATUM - edited patch file ID for imfile to not log useless errors also improved file-id behavior to adress newly found problems resolves: rhbz#1763746 [8.24.0-49] RHEL 7.8 ERRATUM - fixed fsync patch to actually revognize the new option resolves: rhbz#1696686 (failedQA) [8.24.0-48] RHEL 7.8 ERRATUM - added patch resolving crash on wrong MsgProperty resolves: rhbz#1549706 - added patch resolving CVE in pmaixforward module resolves: rhbz#1768320 - added patch resolving CVE in pmcisconames module resolves: rhbz#1768323 - added patch implementing file ID for imfile resolves: rhbz#1763746 - added patch fixing omelasticsearch with ES 6.X resolves: rhbz#1600171 [8.24.0-47] RHEL 7.8 ERRATUM - edited imfile truncation detection patch with reression fix resolves: rhbz#1744856 [8.24.0-46] RHEL 7.8 ERRATUM - Support Intermediate Certificate Chains in rsyslog resolves: rhbz#1627799 - fixed WorAroundJournalBug patch to not cause leaks resolves: rhbz#1744617 - added patch fixing possible segfault in rate-limiter resolves: rhbz#1744682 [8.24.0-45] RHEL 7.8 ERRATUM - fixed fsync patch according to covscan results resolves: rhbz#1696686 [8.24.0-44] RHEL 7.8 ERRATUM - added patch and doc-patch for new caseSensitive imUDP/TCP option resolves: rhbz#1309698 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-17041 CVE-2019-17042 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 Oracle Linux 7 [0.14.0-8] - Resolves: rhbz#1731052 - CVE-2019-13038 mod_auth_mellon: an Open Redirect via the login?ReturnTo= substring which could facilitate information theft [rhel-7] [0.14.0-7] - Resolves: rhbz#1727789 - mod_auth_mellon fix for AJAX header name X-Requested-With [0.14.0-6] - Apply the patch from the previous commit - Resolves: rhbz#1692470 - CVE-2019-3877 mod_auth_mellon: open redirect in logout url when using URLs with backslashes [rhel-7] [0.14.0-5] - Resolves: rhbz#1692470 - CVE-2019-3877 mod_auth_mellon: open redirect in logout url when using URLs with backslashes [rhel-7] [0.14.0-4] - Resolves: rhbz#1576719 - ECP flow not triggering, instead client access secured resources without ECP authentication [0.14.0-3] - Resolves: rhbz#1652980 - mod_auth_mellon Cert files name wrong when hostname contains a number MODERATE Copyright 2020 Oracle, Inc. CVE-2019-13038 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::beta Oracle Linux 7 [2.1.0-11] - add security fix for CVE-2015-2716 MODERATE Copyright 2020 Oracle, Inc. CVE-2015-2716 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 Oracle Linux 7 [3.10.0-1127.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] [3.10.0-1127] - [fs] flexfiles: Dont tie up all the rpciod threads in resends (Benjamin Coddington) [1778963] [3.10.0-1126] - [scsi] scsi: qla2xxx: Fix unbound NVME response length (Himanshu Madhani) [1788669] [3.10.0-1125] - [fs] mark struct file that had write access grabbed by open() (Miklos Szeredi) [1679829] - [fs] fold __get_file_write_access() into its only caller (Miklos Szeredi) [1679829] - [powerpc] get rid of DEBUG_WRITECOUNT (Miklos Szeredi) [1679829] - [fs] dont bother with {get, put}_write_access() on non-regular files (Miklos Szeredi) [1679829] - [fs] gfs2: Use d_materialise_unique instead of d_splice_alias (2) (Andreas Grunbacher) [1784550] - [fs] gfs2: gfs2_create_inode(): dont bother with d_splice_alias() (Andreas Grunbacher) [1784550] - [fs] gfs2: bugger off early if O_CREAT open finds a directory (Andreas Grunbacher) [1784550] - [fs] libceph: fix PG split vs OSD (re)connect race (Ilya Dryomov) [1785656] - [scsi] Fix driver intialization failure for sli4 non nvme (Dick Kennedy) [1783899] - [netdrv] hv_netvsc: fix race that may miss tx queue wakeup (Mohammed Gamal) [1781322] [3.10.0-1124] - [s390] s390: wire up sys_renameat2 (Miklos Szeredi) [1773504] - [net] ipvs: do not use random local source address for tunnels (Xin Long) [1786676] - [misc] mei: me: add cannon point device ids for 4th device (Jerry Snitselaar) [1745139] - [misc] mei: me: add cannon point device ids (Jerry Snitselaar) [1745139] - [netdrv] bnxt_en: Support all variants of the 5750X chip family (Jonathan Toppins) [1789345] [3.10.0-1123] - [mm] mm: prevent get_user_pages() from overflowing page refcount (Aristeu Rozanski) [1705005] {CVE-2019-11487} - [mm] mm/hugetlb.c: __get_user_pages ignores certain follow_hugetlb_page errors (Aristeu Rozanski) [1705005] {CVE-2019-11487} - [fs] CIFS: avoid using MID 0xFFFF (Leif Sahlberg) [1771255] - [net] netfilter: xt_TRACE: add explicitly nf_logger_find_get call (Phil Sutter) [1774444] - [wireless] rtlwifi: Fix potential overflow on P2P code (Josef Oskera) [1775236] {CVE-2019-17666} [3.10.0-1122] - [drm] drm/amd/powerplay: use hardware fan control if no powerplay fan table (Lyude Paul) [1729286] - [nvme] nvme-fc: fix double-free scenarios on hw queues (Ewan Milne) [1731286] - [x86] kvm: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest that lack it (Paolo Bonzini) [1779768] - [x86] kvm: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality (Paolo Bonzini) [1779768] {CVE-2019-19338} - [x86] kvm: x86: Mark expected switch fall-throughs (Paolo Bonzini) [1779768] {CVE-2019-19338} - [x86] kvm: x86: implement MSR_IA32_TSX_CTRL effect on CPUID (Paolo Bonzini) [1779768] {CVE-2019-19338} - [x86] kvm: x86: do not modify masked bits of shared MSRs (Paolo Bonzini) [1779768] {CVE-2019-19338} - [x86] kvm: x86: fix presentation of TSX feature in ARCH_CAPABILITIES (Paolo Bonzini) [1779768] {CVE-2019-19338} - [x86] kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Paolo Bonzini) [1779768] {CVE-2019-19338} - [s390] s390/qeth: ensure linear access to packet headers (Philipp Rudo) [1782927] - [s390] s390/qeth: guard against runt packets (Philipp Rudo) [1782927] - [s390] s390/qeth: consolidate skb allocation (Philipp Rudo) [1782927] - [s390] s390/qeth: clean up page frag creation (Philipp Rudo) [1782927] - [netdrv] i40e: Fix for persistent lldp support (Stefan Assmann) [1782689] [3.10.0-1121] - [platform] thinkpad_acpi: Dont yell on unsupported brightness interfaces (Lyude Paul) [1305619] - [platform] thinkpad-acpi: fix handle locate for video and query of _BCL (Lyude Paul) [1305619] - [s390] kernel: avoid cpu yield in SMT environment (Philipp Rudo) [1777876] - [scsi] scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (Himanshu Madhani) [1783016] - [scsi] scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX (Himanshu Madhani) [1783016] - [scsi] scsi: qla2xxx: Correctly retrieve and interpret active flash region (Himanshu Madhani) [1783016] - [powerpc] KVM: PPC: Book3S HV: Flush link stack on guest exit to host kernel (Gustavo Duarte) [1777710] - [powerpc] powerpc/book3s64: Fix link stack flush on context switch (Gustavo Duarte) [1777710] - [powerpc] powerpc/64s: support nospectre_v2 cmdline option (Gustavo Duarte) [1777710] - [net] openvswitch: fix flow command message size (Paolo Abeni) [1776578] - [block] brd: re-enable __GFP_HIGHMEM in brd_insert_page() (Jeff Moyer) [1781298] - [block] brd: remove dax support (Jeff Moyer) [1781298] - [nvme] nvme: dont access the inlined bio after nvmet request is completed (Ming Lei) [1631120] - [fs] epoll: fix race between ep_poll_callback(POLLFREE) and ep_free()/ep_remove() (Miklos Szeredi) [1780128] - [nvme] nvme: fix NULL pointer dereference in nvme_init_subsystem (Ewan Milne) [1781316] - [nvme] nvme-fabrics: allow duplicate connections to the discovery controller (Ewan Milne) [1781316] - [scsi] scsi: bnx2fc: timeout calculation invalid for bnx2fc_eh_abort() (Nilesh Javali) [1772966] [3.10.0-1120] - [md] raid5: need to set STRIPE_HANDLE for batch head (Xiao Ni) [1774330] - [drm] drm/radeon: fix si_enable_smc_cac() failed issue (Dave Airlie) [1780026] - [block] block: dont change REQ_NR_BITS (Ming Lei) [1779712] [3.10.0-1119] - [x86] mm: serialize against gup_fast in pmdp_splitting_flush() (Vitaly Kuznetsov) [1674266] - [vhost] vsock: split packets to send using multiple buffers (Stefano Garzarella) [1777349] - [md] md/raid10: prevent access of uninitialized resync_pages offset (Nigel Croxon) [1767935] - [x86] perf/x86: Modify error message in virtualized environment (Michael Petlan) [1759758] - [fs] cifs: Fix infinite loop when using hard mount option (Dave Wysochanski) [1770404] - [wireless] mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() (Stanislaw Gruszka) [1776157] {CVE-2019-14901} [3.10.0-1118] - [net] ipv6: support more tunnel interfaces for EUI64 link-local generation (Guillaume Nault) [1770686] - [net] netfilter: masquerade: dont flush all conntracks if only one address deleted on device (Patrick Talbert) [1771396] - [net] netfilter: conntrack: resched in nf_ct_iterate_cleanup (Patrick Talbert) [1771396] - [net] ipvs: fix buffer overflow with sync daemon and service (Davide Caratti) [1725440] - [net] ipvs: fix rtnl_lock lockups caused by start_sync_thread (Davide Caratti) [1725440] - [net] ipvs: Pass ipvs not net to make_receive_sock (Davide Caratti) [1725440] - [net] ipvs: Pass ipvs not net to make_send_sock (Davide Caratti) [1725440] - [net] ipvs: Pass ipvs not net to start_sync_thread (Davide Caratti) [1725440] - [net] ipvs: Pass ipvs not net to ip_vs_genl_new_daemon (Davide Caratti) [1725440] - [net] ipvs: add sync_maxlen parameter for the sync daemon (Davide Caratti) [1725440] - [net] ipvs: call rtnl_lock early (Davide Caratti) [1725440] - [net] netfilter: dont use mutex_lock_interruptible() (Davide Caratti) [1725440] - [net] ipvs: fix memory leak in ip_vs_ctl.c (Davide Caratti) [1725440] - [wireless] mwifiex: fix possible heap overflow in mwifiex_process_country_ie() (Stanislaw Gruszka) [1776206] - [scsi] Revert 'qla2xxx: Mark NVMe/FC initiator mode usage as technology preview' (Ewan Milne) [1642968] [3.10.0-1117] - [x86] x86/speculation: Remove unneeded STIBP code (Waiman Long) [1766540] {CVE-2019-11135} - [x86] x86/speculation: Fix redundant MDS mitigation message (Waiman Long) [1766540] {CVE-2019-11135} - [documentation] x86/speculation: Fix incorrect MDS/TAA mitigation status (Waiman Long) [1766540] {CVE-2019-11135} - [x86] x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (Waiman Long) [1766540] {CVE-2019-11135} - [x86] x86/tsx: Add config options to set tsx=on|off|auto (Waiman Long) [1766540] {CVE-2019-11135} - [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Waiman Long) [1766540] {CVE-2019-11135} - [x86] x86/tsx: Add 'auto' option to the tsx= cmdline parameter (Waiman Long) [1766540] {CVE-2019-11135} - [base] x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Waiman Long) [1766540] {CVE-2019-11135} - [x86] x86/speculation/taa: Add mitigation for TSX Async Abort (Waiman Long) [1766540] {CVE-2019-11135} - [x86] x86/cpu: Add a 'tsx=' cmdline option with TSX disabled by default (Waiman Long) [1766540] {CVE-2019-11135} - [x86] x86/cpu: Add a helper function x86_read_arch_cap_msr() (Waiman Long) [1766540] {CVE-2019-11135} - [x86] x86/msr: Add the IA32_TSX_CTRL MSR (Waiman Long) [1766540] {CVE-2019-11135} - [documentation] documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] kvm: x86: mmu: Recovery of shattered NX large pages (Paolo Bonzini) [1690343] {CVE-2018-12207} - [virt] kvm: Add helper function for creating VM worker threads (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [1690343] {CVE-2018-12207} - [kernel] cpu/speculation: Uninline and export CPU mitigations helpers (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] cpu: Add Tremont to the cpu vulnerability whitelist (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] kvm: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] kvm: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] kvm: mmu: Do not release the page inside mmu_set_spte() (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] kvm: x86: mmu: Remove unused parameter of __direct_map() (Paolo Bonzini) [1690343] {CVE-2018-12207} - [virt] kvm: Convert kvm_lock to a mutex (Paolo Bonzini) [1690343] {CVE-2018-12207} - [x86] kvm: mmu: drop vcpu param in gpte_access (Paolo Bonzini) [1690343] {CVE-2018-12207} - [virt] kvm: x86, powerpc: do not allow clearing largepages debugfs entry (Paolo Bonzini) [1690343] {CVE-2018-12207} [3.10.0-1116] - [netdrv] net/mlx5: Fix auto group size calculation (Alaa Hleihel) [1769309] - [mm] x86/io: add interface to reserve io memtype for a resource range. (v1.1) (Dave Airlie) [1739623] - [sound] alsa: emux: Fix potential Spectre v1 vulnerabilities (Jaroslav Kysela) [1672561] - [s390] s390/smt: Fix s390 SMT reporting (Josh Poimboeuf) [1764184] - [mm] mm: swap: clean up swap readahead (Rafael Aquini) [1725396] - [mm] mm: do_swap_page: clean up parameter list passing a pointer to struct vm_fault (Rafael Aquini) [1725396] - [mm] mm: __handle_mm_fault: introduce explicit barrier after orig_pte dereference (Rafael Aquini) [1725396] - [fs] cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active (David Howells) [1765975] [3.10.0-1115] - [scsi] Fix stack tarce when lpfc driver is unloaded (Dick Kennedy) [1774744] - [scsi] qla2xxx: Update driver version (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix partial flash write of MBI (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix device connect issues in P2P configuration (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix a NULL pointer dereference (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix double scsi_done for abort path (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix driver unload hang (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix SRB leak on switch command timeout (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix premature timer expiration (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Uninline qla2x00_init_timer() (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Do command completion on abort timeout (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Dual FCP-NVMe target port support (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Use tabs instead of spaces for indentation (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix N2N link up fail (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix N2N link reset (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Really fix qla2xxx_eh_abort() (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Reduce the number of forward declarations (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Remove a superfluous forward declaration (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix stuck login session (Himanshu Madhani) [1731581] - [scsi] scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (Himanshu Madhani) [1731581] - [media] cx24116: fix a buffer overflow when checking userspace params (Jarod Wilson) [1737279] {CVE-2015-9289} - [scsi] qedf: Initialize rport while creation of vport (Nilesh Javali) [1760746] - [fs] Fix the locking in dcache_readdir() and friends (Ondrej Mosnacek) [1510603] - [fs] much milder d_walk() race (Ondrej Mosnacek) [1510603] - [fs] libfs.c: new helper - next_positive() (Ondrej Mosnacek) [1510603] - [fs] dcache_{readdir, dir_lseek}(): dont bother with nested ->d_lock (Ondrej Mosnacek) [1510603] - [security] selinuxfs: dont open-code d_genocide() (Ondrej Mosnacek) [1510603] - [fs] fs/dcache: Enable automatic reclaim of excess negative dentries (Waiman Long) [1489573] - [fs] fs/dcache: Add sysctl parameter negative-dentry-limit as a soft limit on negative dentries (Waiman Long) [1489573] - [fs] fs/dcache: Move percpu count updates out of dcache_lru_lock (Waiman Long) [1489573] - [fs] fs/dcache: Dont set DCACHE_REFERENCED on dentries when first put into LRU (Waiman Long) [1489573] [3.10.0-1114] - [kernel] sched/numa: Fix a possible divide-by-zero (Vladis Dronov) [1765959] - [x86] x86/boot/64: Round memory hole size up to next PMD page (Frank Ramsay) [1773762] - [x86] x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (Frank Ramsay) [1773762] - [kernel] seccomp: Fix tracer exit notifications during fatal signals (Vladis Dronov) [1770484] - [x86] x86/ptrace: run seccomp after ptrace (Vladis Dronov) [1770484] - [fs] cifs: Fix retry mid list corruption on reconnects (Dave Wysochanski) [1614201] - [fs] cifs: add a warning if we try to to dequeue a deleted mid (Dave Wysochanski) [1614201] - [fs] cifs: Fix use after free of a mid_q_entry (Dave Wysochanski) [1614201] - [fs] Dont log confusing message on reconnect by default (Dave Wysochanski) [1614201] - [fs] ceph: mark Fw cap dirty after splice write (Zheng Yan) [1710751] - [fs] cifs: Force reval dentry if LOOKUP_REVAL flag is set (Dave Wysochanski) [1771657] - [fs] cifs: Force revalidate inode when dentry is stale (Dave Wysochanski) [1771657] - [fs] cifs: Gracefully handle QueryInfo errors during open (Dave Wysochanski) [1771657] [3.10.0-1113] - [drm] drm/i915/cmdparser: Fix jump whitelist clearing (Dave Airlie) [1756883] {CVE-2019-0155} - [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1756816] {CVE-2019-0154} - [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1756816] {CVE-2019-0154} - [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756883] {CVE-2019-0155} - [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756883] {CVE-2019-0155} - [drm] drm/i915/cmdparser: Use explicit goto for error paths (Dave Airlie) [1756883] {CVE-2019-0155} - [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756883] {CVE-2019-0155} - [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756883] {CVE-2019-0155} - [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756883] {CVE-2019-0155} - [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756883] {CVE-2019-0155} - [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756883] {CVE-2019-0155} - [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756883] {CVE-2019-0155} - [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756883] {CVE-2019-0155} - [fs] Fix error code in nfs_lookup_verify_inode() (Benjamin Coddington) [1761957] - [scsi] scsi: qla2xxx: Initialized mailbox to prevent driver load failure (Himanshu Madhani) [1770307] - [powerpc] powerpc/ptrace: run seccomp after ptrace (Vladis Dronov) [1760294] - [s390] s390/ptrace: run seccomp after ptrace (Vladis Dronov) [1760294] - [s390] s390/seccomp: fix error return for filtered system calls (Vladis Dronov) [1760294] - [netdrv] bnxt_en: flow_offload: offload tunnel decap rules via indirect callbacks (Davide Caratti) [1717422] - [x86] cpuidle-haltpoll: vcpu hotplug support (Marcelo Tosatti) [1771849] - [x86] kvm: x86: skip populating logical dest map if apic is not sw enabled (Bandan Das) [1738496] - [x86] kvm: x86: remove unnecessary recalculate_apic_map (Bandan Das) [1738496] - [scsi] scsi: bnx2fc: Handle scope bits when array returns BUSY or TSF (Nilesh Javali) [1750577] - [scsi] scsi: bnx2fc: remove set but not used variables 'task', 'port', 'orig_task' (Nilesh Javali) [1750577] - [scsi] scsi: bnx2fc: remove set but not used variables 'lport', 'host' (Nilesh Javali) [1750577] - [scsi] scsi: bnx2fc: remove set but not used variable 'fh' (Nilesh Javali) [1750577] - [scsi] scsi: qedi: Remove WARN_ON from clear task context (Nilesh Javali) [1461697] - [scsi] scsi: qedi: Remove WARN_ON for untracked cleanup (Nilesh Javali) [1461697] [3.10.0-1112] - [scsi] scsi: mpt3sas: change allocation option (Tomas Henzl) [1763796] - [md] md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (Xiao Ni) [1752061] - [kvm] KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [1760668] - [net] mac80211: Reject malformed SSID elements (Stanislaw Gruszka) [1748266] - [net] cfg80211: wext: avoid copying malformed SSIDs (Stanislaw Gruszka) [1748266] - [wireless] iwlwifi: pcie: change qu with jf devices to use qu configuration (Stanislaw Gruszka) [1748266] - [net] mac80211: fix txq null pointer dereference (Stanislaw Gruszka) [1748266] - [net] nl80211: fix null pointer dereference (Stanislaw Gruszka) [1748266] - [net] cfg80211: initialize on-stack chandefs (Stanislaw Gruszka) [1748266] - [net] cfg80211: validate SSID/MBSSID element ordering assumption (Stanislaw Gruszka) [1748266] - [net] nl80211: validate beacon head (Stanislaw Gruszka) [1748266] - [net] mac80211: keep BHs disabled while calling drv_tx_wake_queue() (Stanislaw Gruszka) [1748266] - [net] cfg80211: Purge frame registrations on iftype change (Stanislaw Gruszka) [1748266] - [wireless] rtw88: pci: Use DMA sync instead of remapping in RX ISR (Stanislaw Gruszka) [1748266] - [wireless] rtw88: pci: Rearrange the memory usage for skb in RX ISR (Stanislaw Gruszka) [1748266] - [wireless] iwlwifi: fw: dont send GEO_TX_POWER_LIMIT command to FW version 36 (Stanislaw Gruszka) [1748266] - [net] nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (Stanislaw Gruszka) [1748266] - [net] mac80211: Do not send Layer 2 Update frame before authorization (Stanislaw Gruszka) [1748266] - [wireless] iwlwifi: assign directly to iwl_trans->cfg in QuZ detection (Stanislaw Gruszka) [1748266] - [wireless] mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings (Stanislaw Gruszka) [1748266] - [net] mac80211: Correctly set noencrypt for PAE frames (Stanislaw Gruszka) [1748266] - [net] mac80211: Dont memset RXCB prior to PAE intercept (Stanislaw Gruszka) [1748266] - [wireless] iwlwifi: pcie: handle switching killer Qu B0 NICs to C0 (Stanislaw Gruszka) [1748266] - [net] Revert 'cfg80211: fix processing world regdomain when non modular' (Stanislaw Gruszka) [1748266] - [net] mac80211: fix possible sta leak (Stanislaw Gruszka) [1748266] - [wireless] iwlwifi: pcie: fix recognition of QuZ devices (Stanislaw Gruszka) [1748266] - [wireless] iwlwifi: pcie: dont switch FW to qnj when ax201 is detected (Stanislaw Gruszka) [1748266] - [wireless] iwlwifi: pcie: fix the byte count table format for 22560 devices (Stanislaw Gruszka) [1748266] - [wireless] iwlwifi: mvm: Allow multicast data frames only when associated (Stanislaw Gruszka) [1748266] - [netdrv] i40e: initialize ITRN registers with correct values (Stefan Assmann) [1630307] - [net] tuntap: synchronize through tfiles array instead of tun->numqueues (Eugenio Perez) [1713616] - [net] tuntap: fix use after free during release (Eugenio Perez) [1713616] - [net] tun: fix use after free for ptr_array (Eugenio Perez) [1713616] - [net] tun/tap: sanitize TUNSETSNDBUF input (Eugenio Perez) [1713616] - [block] block: Dont merge requests if integrity flags differ (Ming Lei) [1767605] - [block] blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (Ming Lei) [1767605] - [x86] x86/atomic: Fix smp_mb__{before,after}_atomic() (Prarit Bhargava) [1769569] - [netdrv] qede: fix NULL pointer deref in __qede_remove() (Manish Chopra) [1766574] - [fs] xfs: only trace buffer items if they exist (Brian Foster) [1768722] - [nvme] nvme: make fabrics command run on a separate request queue (David Milburn) [1769900] - [nvme] nvme: Restart request timers in resetting state (David Milburn) [1769900] - [nvme] nvme-rdma: fix possible use-after-free in connect timeout (David Milburn) [1769900] - [netdrv] i40e: enable X710 support (Stefan Assmann) [1764987] [3.10.0-1111] - [md] md: support for queue flag QUEUE_FLAG_NO_SG_MERGE (Nigel Croxon) [1767472] - [net] ipv4: Return -ENETUNREACH if we cant create route but saddr is valid (Stefano Brivio) [1633140] - [net] ipv6: Rewind hlist offset on interrupted /proc/net/if_inet6 read (Stefano Brivio) [1753480] - [net] revert '[net] ipv6: Display all addresses in output of /proc/net/if_inet6' (Stefano Brivio) [1753480] - [net] sock: fix lockdep annotation in release_sock (Paolo Abeni) [1753150] - [mm] mm-vmstat-reduce-zone-lock-holding-time-by-proc-pagetypeinfo-fix (Waiman Long) [1757943] - [mm] mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (Waiman Long) [1757943] - [mm] mm, vmstat: hide /proc/pagetypeinfo from normal users (Waiman Long) [1757943] [3.10.0-1110] - [nvme] nvme-pci: Fix controller freeze wait disabling (David Milburn) [1766279] - [net] mac80211: fix kfree() on stack memory in ieee80211_crypto_aes_gmac_decrypt() (Stanislaw Gruszka) [1764510] - [md] dm rq: fix handling underlying queue busy (Ming Lei) [1767482] [3.10.0-1109] - [netdrv] net/mlx5e: Initialize on stack link modes bitmap (Alaa Hleihel) [1764272] - [netdrv] net/mlx5e: Fix ethtool self test: link speed (Alaa Hleihel) [1764272] - [netdrv] net/mlx5e: ethtool, Avoid setting speed to 56GBASE when autoneg off (Alaa Hleihel) [1764272] - [fs] xfs: end sync buffer I/O properly on shutdown error (Brian Foster) [1750602] - [fs] xfs: kill __xfs_buf_submit_common() (Brian Foster) [1750602] - [fs] xfs: combinesync buffer submission apis (Brian Foster) [1750602] - [fs] xfs: lobotomise xfs_trans_read_buf_map() (Brian Foster) [1750602] - [fs] cifs: Fix use after free of file info structures (Dave Wysochanski) [1757872] - [fs] vfs: Fix EOVERFLOW testing in put_compat_statfs64 (Eric Sandeen) [1758001] - [mm] mm, compaction: avoid isolating pinned pages (Rafael Aquini) [1344862] - [scsi] scsi: smartpqi: change TMF timeout from 60 to 30 seconds (Don Brace) [1709620] - [scsi] scsi: smartpqi: fix LUN reset when fw bkgnd thread is hung (Don Brace) [1709620] - [scsi] scsi: smartpqi: add inquiry timeouts (Don Brace) [1709620] - [scsi] scsi: smartpqi: increase LUN reset timeout (Don Brace) [1709620] - [firmware] x86, efi: never relocate kernel below lowest acceptable address (Kairui Song) [1732737] - [powerpc] powerpc: dump kernel log before carrying out fadump or kdump (Desnes Augusto Nunes do Rosario) [1750250] - [s390] s390/cpumsf: Check for CPU Measurement sampling (Philipp Rudo) [1765124] - [s390] scsi: zfcp: fix reaction on bit error threshold notification (Philipp Rudo) [1765123] - [mm] s390/mm: Fix swiotlb for protected virtualization (Philipp Rudo) [1765122] [3.10.0-1108] - [powerpc] powerpc/pseries: Remove confusing warning message (Gustavo Duarte) [1748306] - [powerpc] powerpc/pseries: Call H_BLOCK_REMOVE when supported (Gustavo Duarte) [1748306] - [powerpc] powerpc/pseries: Read TLB Block Invalidate Characteristics (Gustavo Duarte) [1748306] - [scsi] hpsa: update driver version (Joseph Szczypek) [1761978] - [scsi] scsi: hpsa: add missing hunks in reset-patch (Joseph Szczypek) [1761978] - [tty] TTY: serial_core, add ->install (Kenneth Yin) [1443152] - [scsi] scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (Ewan Milne) [1734685] - [fs] scsi: sysfs: Introduce sysfs_{un, }break_active_protection() (Ewan Milne) [1734685] [3.10.0-1107] - [x86] x86/kdump: Reserve extra memory when SME or SEV is active (Kairui Song) [1724887] - [block] block: fix blk_recount_segments (Ming Lei) [1762459] - [nvme] nvme-pci: Fix a race in controller removal (Gopal Tiwari) [1761998] - [char] hpet: Fix output of hpet_mmap kernel parameter (Prarit Bhargava) [1764790] - [tools] perf tools: Apply new CPU topology sysfs attributes (Jiri Olsa) [1640900] - [tools] perf header: Rename 'sibling cores' to 'sibling sockets' (Jiri Olsa) [1640900] - [tools] perf stat: Support per-die aggregation (Jiri Olsa) [1640900] - [tools] perf stat: Support 'percore' event qualifier (Jiri Olsa) [1640900] - [tools] perf stat: Factor out aggregate counts printing (Jiri Olsa) [1640900] - [tools] perf tools: Add a 'percore' event qualifier (Jiri Olsa) [1640900] - [tools] perf header: Add die information in CPU topology (Jiri Olsa) [1640900] - [tools] perf cpumap: Retrieve die id information (Jiri Olsa) [1640900] - [tools] perf tools: Use sysfs__mountpoint() when reading cpu topology (Jiri Olsa) [1640900] - [tools] perf tools: Add numa_topology object (Jiri Olsa) [1640900] - [tools] perf header: Fix wrong node write in NUMA_TOPOLOGY feature (Jiri Olsa) [1640900] - [tools] perf tools: Add cpu_topology object (Jiri Olsa) [1640900] - [tools] perf header: Remove unused 'cpu_nr' field from 'struct cpu_topo' (Jiri Olsa) [1640900] - [acpi] ACPICA: Increase total number of possible Owner IDs (Frank Ramsay) [1756339] - [fs] SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (Leif Sahlberg) [1764567] - [netdrv] mark the intel igc driver as tech preview (David Arcari) [1721615] - [netdrv] igc: Clean up unused shadow_vfta pointer (David Arcari) [1721615] - [netdrv] igc: Add Rx checksum support (David Arcari) [1721615] - [netdrv] igc: Add set_rx_mode support (David Arcari) [1721615] - [netdrv] igc: Add SCTP CRC checksumming functionality (David Arcari) [1721615] - [netdrv] igc: Add tx_csum offload functionality (David Arcari) [1721615] - [netdrv] igc: Remove unneeded PCI bus defines (David Arcari) [1721615] - [netdrv] igc: Add NVM checksum validation (David Arcari) [1721615] - [netdrv] igc: Remove useless forward declaration (David Arcari) [1721615] - [netdrv] ethernet: Delete unnecessary checks before the macro call 'dev_kfree_skb' (David Arcari) [1721615] - [netdrv] igc: Add more SKUs for i225 device (David Arcari) [1721615] - [netdrv] igc: Update the MAC reset flow (David Arcari) [1721615] - [netdrv] igc: Remove the unused field from a device specification structure (David Arcari) [1721615] - [netdrv] igc: Remove the polarity field from a PHY information structure (David Arcari) [1721615] - [netdrv] igc: Prefer pcie_capability_read_word() (David Arcari) [1721615] - [netdrv] igc: Cleanup the redundant code (David Arcari) [1721615] - [netdrv] igc: Add flow control support (David Arcari) [1721615] - [netdrv] igc: Remove the obsolete workaround (David Arcari) [1721615] - [netdrv] igc: Clean up unused pointers (David Arcari) [1721615] - [netdrv] igc: Fix double definitions (David Arcari) [1721615] - [netdrv] igb/igc: warn when fatal read failure happens (David Arcari) [1721615] - [netdrv] Revert 'mark the intel igc driver as tech preview' (David Arcari) [1721615] - [md] dm: Use kzalloc for all structs with embedded biosets/mempools (Mike Snitzer) [1766389] [3.10.0-1106] - [net] sysfs: Fix mem leak in netdev_register_kobject (Stefano Brivio) [1752690] {CVE-2019-15916} - [fs] revert [fs] cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (Dave Wysochanski) [1757872] - [fs] revert [fs] cifs: add spinlock for the openFileList to cifsInodeInfo (Dave Wysochanski) [1757872] - [fs] revert [fs] cifs: add more spinlocks to pretect against races (Dave Wysochanski) [1757872] - [fs] fix inode leaks on d_splice_alias() failure exits (Miklos Szeredi) [1749390] - [mm] percpu: remove spurious lock dependency between percpu and sched (Vladis Dronov) [1744633] - [mm] percpu: stop printing kernel addresses (Vladis Dronov) [1744633] - [mm] percpu: use chunk scan_hint to skip some scanning (Vladis Dronov) [1744633] - [mm] percpu: convert chunk hints to be based on pcpu_block_md (Vladis Dronov) [1744633] - [mm] percpu: make pcpu_block_md generic (Vladis Dronov) [1744633] - [mm] percpu: use block scan_hint to only scan forward (Vladis Dronov) [1744633] - [mm] percpu: remember largest area skipped during allocation (Vladis Dronov) [1744633] - [mm] percpu: add block level scan_hint (Vladis Dronov) [1744633] - [mm] percpu: set PCPU_BITMAP_BLOCK_SIZE to PAGE_SIZE (Vladis Dronov) [1744633] - [mm] percpu: relegate chunks unusable when failing small allocations (Vladis Dronov) [1744633] - [mm] percpu: manage chunks based on contig_bits instead of free_bytes (Vladis Dronov) [1744633] - [mm] percpu: introduce helper to determine if two regions overlap (Vladis Dronov) [1744633] - [mm] percpu: do not search past bitmap when allocating an area (Vladis Dronov) [1744633] - [mm] percpu: update free path with correct new free region (Vladis Dronov) [1744633] - [mm] mm/percpu: add checks for the return value of memblock_alloc*() (Vladis Dronov) [1744633] - [mm] percpu: km: no need to consider pcpu_group_offsets (Vladis Dronov) [1744633] - [mm] percpu: use nr_groups as check condition (Vladis Dronov) [1744633] - [mm] percpu: stop leaking bitmap metadata blocks (Vladis Dronov) [1744633] - [fs] /proc/meminfo: add percpu populated pages count (Vladis Dronov) [1744633] - [mm] mm: Allow to kill tasks doing pcpu_alloc() and waiting for pcpu_balance_workfn() (Vladis Dronov) [1744633] - [mm] percpu: include linux/sched.h for cond_resched() (Vladis Dronov) [1744633] - [mm] percpu: add a schedule point in pcpu_balance_workfn() (Vladis Dronov) [1744633] - [mm] percpu: fix iteration to prevent skipping over block (Vladis Dronov) [1744633] - [mm] percpu: fix starting offset for chunk statistics traversal (Vladis Dronov) [1744633] - [mm] percpu: update header to contain bitmap allocator explanation (Vladis Dronov) [1744633] - [mm] percpu: update pcpu_find_block_fit to use an iterator (Vladis Dronov) [1744633] - [mm] percpu: use metadata blocks to update the chunk contig hint (Vladis Dronov) [1744633] - [mm] percpu: update free path to take advantage of contig hints (Vladis Dronov) [1744633] - [mm] percpu: update alloc path to only scan if contig hints are broken (Vladis Dronov) [1744633] - [mm] percpu: keep track of the best offset for contig hints (Vladis Dronov) [1744633] - [mm] percpu: skip chunks if the alloc does not fit in the contig hint (Vladis Dronov) [1744633] - [mm] percpu: add first_bit to keep track of the first free in the bitmap (Vladis Dronov) [1744633] - [mm] percpu: introduce bitmap metadata blocks (Vladis Dronov) [1744633] - [mm] percpu: replace area map allocator with bitmap (Vladis Dronov) [1744633] - [mm] percpu: generalize bitmap (un)populated iterators (Vladis Dronov) [1744633] - [mm] percpu: increase minimum percpu allocation size and align first regions (Vladis Dronov) [1744633] - [mm] percpu: introduce nr_empty_pop_pages to help empty page accounting (Vladis Dronov) [1744633] - [mm] percpu: change the number of pages marked in the first_chunk pop bitmap (Vladis Dronov) [1744633] - [mm] percpu: combine percpu address checks (Vladis Dronov) [1744633] - [mm] percpu: modify base_addr to be region specific (Vladis Dronov) [1744633] - [mm] percpu: setup_first_chunk rename schunk/dchunk to chunk (Vladis Dronov) [1744633] - [mm] percpu: end chunk area maps page aligned for the populated bitmap (Vladis Dronov) [1744633] - [mm] percpu: unify allocation of schunk and dchunk (Vladis Dronov) [1744633] - [mm] percpu: setup_first_chunk remove dyn_size and consolidate logic (Vladis Dronov) [1744633] - [mm] percpu: remove has_reserved from pcpu_chunk (Vladis Dronov) [1744633] - [mm] percpu: introduce start_offset to pcpu_chunk (Vladis Dronov) [1744633] - [mm] percpu: setup_first_chunk enforce dynamic region must exist (Vladis Dronov) [1744633] - [mm] percpu: update the header comment and pcpu_build_alloc_info comments (Vladis Dronov) [1744633] - [mm] percpu: expose pcpu_nr_empty_pop_pages in pcpu_stats (Vladis Dronov) [1744633] - [mm] percpu: change the format for percpu_stats output (Vladis Dronov) [1744633] - [mm] percpu: pcpu-stats change void buffer to int buffer (Vladis Dronov) [1744633] - [mm] percpu: fix static checker warnings in pcpu_destroy_chunk (Vladis Dronov) [1744633] - [mm] percpu: fix early calls for spinlock in pcpu_stats (Vladis Dronov) [1744633] - [mm] percpu: resolve err may not be initialized in pcpu_alloc (Vladis Dronov) [1744633] - [mm] percpu: add tracepoint support for percpu memory (Vladis Dronov) [1744633] - [mm] percpu: expose statistics about percpu memory via debugfs (Vladis Dronov) [1744633] - [mm] percpu: migrate percpu data structures to internal header (Vladis Dronov) [1744633] - [mm] percpu: add missing lockdep_assert_held to func pcpu_free_area (Vladis Dronov) [1744633] - [mm] percpu: ensure the requested alignment is power of two (Vladis Dronov) [1744633] - [mm] tree wide: use kvfree() than conditional kfree()/vfree() (Vladis Dronov) [1744633] - [mm] mm/percpu: use offset_in_page macro (Vladis Dronov) [1744633] - [mm] percpu: clean up of schunk->mapassignment in pcpu_setup_first_chunk (Vladis Dronov) [1744633] - [mm] mm/percpu.c: fix panic triggered by BUG_ON() falsely (Vladis Dronov) [1744633] - [mm] mm/percpu.c: fix potential memory leakage for pcpu_embed_first_chunk() (Vladis Dronov) [1744633] - [mm] mm/percpu.c: correct max_distance calculation for pcpu_embed_first_chunk() (Vladis Dronov) [1744633] - [mm] mm: percpu: use pr_fmt to prefix output (Vladis Dronov) [1744633] (Vladis Dronov) [1744633] - [mm] mm: coalesce split strings (Vladis Dronov) [1744633] - [mm] mm: convert pr_warning to pr_warn (Vladis Dronov) [1744633] - [mm] percpu: use *pbto print bitmaps including cpumasks and nodemasks (Vladis Dronov) [1744633] - [mm] percpu: off by one in BUG_ON() (Vladis Dronov) [1744633] - [mm] mm/percpu.c: use memblock apis for early memory allocations (Vladis Dronov) [1744633] - [mm] percpu: use VMALLOC_TOTAL instead of VMALLOC_END - VMALLOC_START (Vladis Dronov) [1744633] - [mm] percpu: fix bootmem error handling in pcpu_page_first_chunk() (Vladis Dronov) [1744633] [3.10.0-1105] - [nvme] nvme: Treat discovery subsystems as unique subsystems (Ewan Milne) [1731579] - [scsi] scsi: core: Log SCSI command age with errors (Ewan Milne) [1751716] - [security] selinux: fix context string corruption in convert_context() (Ondrej Mosnacek) [1759803] - [usb] xhci: Prevent deadlock when xhci adapter breaks during init (Torez Smith) [1710090] - [scsi] scsi: core: add new RDAC LENOVO/DE_Series device (Ewan Milne) [1699439] - [wireless] Correct strange error in Makefiles for building modules in separate directories (Neil Horman) [1753927] - [md] dm snapshot: rework COW throttling to fix deadlock (Mike Snitzer) [1758603] - [md] dm snapshot: introduce account_start_copy() and account_end_copy() (Mike Snitzer) [1758603] - [drm] i915: Stop reconfiguring our shmemfs mountpoint (Vladis Dronov) [1759980] - [kernel] perf/core: Fix perf_event_open() vs. execve() race (Jiri Olsa) [1701620] {CVE-2019-3901} [3.10.0-1104] - [md] raid5: dont set STRIPE_HANDLE to stripe which is in batch list (Nigel Croxon) [1631765 1750287] - [kernel] alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (Vladis Dronov) [1760639] - [kernel] alarmtimer: Remove unused but set variable (Vladis Dronov) [1760639] - [x86] efi/x86: do not clean dummy variable in kexec path (Bhupesh Sharma) [1707669] - [cpuidle] cpuidle-haltpoll: return -ENODEV on modinit failure (Marcelo Tosatti) [1756843] - [x86] perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp (David Arcari) [1730884] - [infiniband] RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (Selvin Xavier) [1629037] - [infiniband] RDMA/bnxt_re: Increase depth of control path command queue (Selvin Xavier) [1629037] - [x86] x86/efi/pti: In __load_cr3(), EFI PGD has no shadow (Lenny Szubowicz) [1750767] - [char] hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (Prarit Bhargava) [1660800] MODERATE Copyright 2020 Oracle, Inc. CVE-2018-19985 CVE-2019-9503 CVE-2019-10638 CVE-2019-13648 CVE-2019-10639 CVE-2019-18660 CVE-2019-15916 CVE-2019-12382 CVE-2017-17807 CVE-2018-7191 CVE-2015-9289 CVE-2019-10207 CVE-2019-11190 CVE-2019-13233 CVE-2018-20169 CVE-2019-3901 CVE-2019-16746 CVE-2019-11884 CVE-2019-14283 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 Oracle Linux 7 [7.29.0-57.0.1] - Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug: 30568724] - Security Fixes [OraBug: 28939992] - CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html) - CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html) - CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html) - CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html) - CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html) - CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html) - CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html) - CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html) - CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html) [7.29.0-57] - allow curl to POST from a char device (#1769307) [7.29.0-56] - fix auth failure with duplicated WWW-Authenticate header (#1754736) [7.29.0-55] - fix TFTP receive buffer overflow (CVE-2019-5436) LOW Copyright 2020 Oracle, Inc. CVE-2019-5436 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 Oracle Linux 7 accountsservice [0.6.50-7] - version bump to prevent future update path introduced by RHBA-2019:45836 Resolves: #1721562 colord [1.3.4-2] - Downgrade a trivial warning to a debug statement - Resolves: #1421231 control-center [3.28.1-6] - Calculate better extents for the configured displays arrangement Resolves: #1591643 [3.28.1-5] - Fix crash in thunderbolt panel Resolves: #1672289 gdm [3.28.2-22] - Fix PostSession on reboot too - Fix spew in log on shutdown Related: #1547158 [3.28.2-18] - Include gdm-disable-wayland binary Resolves: #1749325 [3.28.2-17] - Fix PostSession Resolves: #1547158 gnome-online-accounts [3.28.2-1] - Update to 3.28.2 Resolves: #1674534 gnome-settings-daemon [3.28.1-8] - Add display mapping check specific for the Dell Canvas Resolves: #1548320 [3.28.1-7] - Fallback scale properly without org.gnome.Mutter.DisplayConfig Resolves: #1556776 [3.28.1-6] - Handle rfkill device disappearing Resolves: #1691197 gnome-shell [3.28.3-24] - Fix orphaned animation actors Related: #1753799 [3.28.3-23] - Fix 'Not Listed?' entry to shows characters instead of bullets Resolves: #1772896 [3.28.3-22] - Fix partial lock screen bypass Resolves: #1669393 [3.28.3-21] - Add missing comma neglected in last build Related: #1766501 [3.28.3-20] - Performance backports Resolves: #1766501 [3.28.3-19] - Fix crash when window removed Resolves: #1752547 [3.28.3-18] - Change method for handling rapid mouse input better Resolves: #1657887 [3.28.3-17] - Handle rapid mouse input better Resolves: #1657887 [3.28.3-16] - Support horizontal workspace layouts Related: #1720286 [3.28.3-15] - Backport window management crash fix Resolves: #1743913 gnome-shell-extensions [3.28.1-11] - A couple of fixes to the classic backports Resolves: #1778270 [3.28.1-10] - Fix unwanted appearance of workspace switcher menu Resolves: #1752357 [3.28.1-9] - Make classic mode more classic Resolves: #1720286 [3.28.1-8] - Add extra-osk-keys extension Resolves: #1702417 gnome-tweak-tool [3.28.1-7] - Resolves: #1789491 (Extensions panel is empty) [3.28.1-6] - Resolves: #1460768 (Cannot hide desktop icons in classic mode) - Resolves: #1607839 (Invisible panel is made visible on click between Setting and Toggle button) [3.28.1-5] - Reflect extension status in the UI - Resolves: #1474852 [3.28.1-4] - Fix keyboard panel crashes - Resolves: #1667421 [3.28.1-3] - Fixes to port to python2 - Resolves: #1610335 gsettings-desktop-schemas [3.28.0-3] - add setting to display Show Password menu Related: #1506370 gtk3 [3.22.30-5] - Handle lack of SVG loader gracefully - Resolves: #1660642 [3.22.30-4] - Clamp X11 window size both when creating and resizing - Resolves: #1687745 libcanberra [0.30-9] - Quiet theme sounds when not available (rebuild for 7.8) - Resolves: rhbz#1556800 [0.30-8] - Quiet theme sounds when not available (rebuild) - Resolves: rhbz#1556800 [0.30-7] - Quiet theme sounds when not available - Resolves: rhbz#1556800 [0.30-6] - Add quiet option - Resolves: rhbz#1556800 libgweather [3.28.2-3] - Fix multilib conflict in subpackage (#1623538) LibRaw [0.19.4-1] - Update to 0.19.4 - Resolves: #1741274 mutter [3.28.3-20] - Free close dialog before unmanaging parent Related: #1753799 [3.28.3-19] - Fix invalid read in idle monitor Resolves: #1752378 [3.28.3-18] - More performance backports Resolves: #1766501 [3.28.3-17] - Dont freeze if input happens after many days of inactivity Resolves: #1728761 [3.28.3-16] - Dont loose pointer button grabs Resolves: #1657887 [3.28.3-15] - Expose workspace layout as properties Related: #1720286 nautilus [3.26.1-7] - Remove brasero-nautilus requirement from s390x and ppc64 arches (rhbz#1723283) osinfo-db [20190805-2.0.1] - Add Oracle os info files [20190805-2] - Resolves: rhbz#1750807 - Fedora/RHEL/CentOS JeOS kickstart files for unattended installation are broken [20190805-1] - Resolves: rhbz#1737367 - Update to latest upstream release - Resolves: rhbz#1737369 - Add 7.8 to the osinfo-db which will be used on 7.8 shared-mime-info [1.8-5] - support new toplevel font types Resolves: #1678448 tracker [1.10.5-8] - Avoid dconf warnings in tracker-extract Resolves: #1474305 Resolves: #1508660 [1.10.5-7] - Fix potential crash on files ending with invalid UTF-8 Resolves: #1646345 xchat [1:2.8.8-25] - Fix a typo in the patch to restore the status icon after resuming Resolves: #1544840 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-3820 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:linux:7::beta cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 7 [5.11-36] - fix out-of-bounds read via a crafted ELF file (CVE-2018-10360) LOW Copyright 2020 Oracle, Inc. CVE-2018-10360 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 Oracle Linux 7 [1:1.8.5-4] - Resolves: #1483569, incorrect processing of code blocks - Resolves: #1724173 - CVE-2016-10245, cross-site scripting LOW Copyright 2020 Oracle, Inc. CVE-2016-10245 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 7 [2:2012-45.20130427_r30134] - Related: #1650521, buffer overflow in t1_check_unusual_charstring function [2:2012-44.20130427_r30134] - Resolves: #1650521, buffer overflow in t1_check_unusual_charstring function MODERATE Copyright 2020 Oracle, Inc. CVE-2018-17407 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 7 [1.15-22] - Resolves: #1686115, integer overflow in png_compress [1.15-21] - Resolves: #1711051, CVE-2019-8383 denial of service - Resolves: #1710910, CVE-2019-8379 null pointer dereference [1.15-20] - Mass rebuild 2014-01-24 [1.15-19] - Mass rebuild 2013-12-27 [1.15-18] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [1.15-17] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [1.15-16] - Add disttag, modernise spec file [1.15-15] - Rebuilt for c++ ABI breakage [1.15-14] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [1.15-13] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [1.15-12] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [1.15-11] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [1.15-10] - Autorebuild for GCC 4.3 [1.15-9] - Rebuild for new BuildID feature. [1.15-8] - Update License field. - Remove dist tag, since the package will seldom change. [1.15-7] - Switch to using DESTDIR install method. [1.15-6] - Switch to use downloads.sf.net source URL. - Tweak defattr. [1.15-5] - FC6 rebuild, remove gcc-c++ build requirement (its a default). [1.15-4] - FC5 rebuild. [1.15-3] - Rebuild for new gcc/glibc. [1.15-2] - Rebuild for FC5. [1.15-1] - Update to 1.15, includes 64bit fixes. [1.14-5] - Update 64bit patch to a cleaner approach as Ralf suggested. [1.14-4] - fix build on 64bit arches [1.14-3] - rebuild on all arches [1.14-2] - rebuilt [1.14-1] - Update to 1.14. [1.13-1] - Update to 1.13. [1.12-1] - Update to 1.12. [1.11-1] - Update to 1.11. [1.10-1] - Update to 1.10. [1.7-2] - Rebuild for Fedora Core 1. - Added missing build dependencies, thanks to mach. * Tue Aug 26 2003 Matthias Saou <http://freshrpms.net/> - Update to 1.7. * Thu May 22 2003 Matthias Saou <http://freshrpms.net/> - Initial RPM release. MODERATE Copyright 2020 Oracle, Inc. CVE-2019-9210 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [4.4.8-12] - Resolves: #1611641 - CVE-2018-10916 lftp: particular remote file names may lead to current working directory erased MODERATE Copyright 2020 Oracle, Inc. CVE-2018-10916 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1.10.14-24.0.1] - Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect [1.10.14-24] - Related: #1613034 - Typo in the previous patch discovered by covscan [1.10.14-23] - Related: #1613034 - Fixing an infinite loop created by previous update [1.10.14-22] - Related: #1633330 - fixing a couple of covscan issues [1.10.14-21] - Related: #1254543 - removing endian shift in packetlogger because it failed to recognize bluetooth hci packet [1.10.14-20] - Resolves: #1254543 - valgrind reports errors on pcap file from an older cve [1.10.14-19] - Related: #1633330 - A few more checks in the packet dissector [1.10.14-18] - Resolves: #1176967 - wireshark crashes opening large packet captures [1.10.14-17] - Resolves: #1557212 - CVE-2018-7418 SIGCOMP dissector crash in packet-sigcomp.c - Resolves: #1588208 - CVE-2018-11362 Out-of-bounds Read in packet-ldss.c - Resolves: #1612146 - CVE-2018-14340 Multiple dissectors could crash - Resolves: #1613032 - CVE-2018-14341 DICOM dissector infinite loop - Resolves: #1613034 - CVE-2018-14368 Bazaar dissector infinite loop - Resolves: #1633330 - CVE-2018-16057 Radiotap dissector crash - Resolves: #1660148 - CVE-2018-19622 Infinite loop in the MMSE dissector MODERATE Copyright 2020 Oracle, Inc. CVE-2018-14340 CVE-2018-14341 CVE-2018-19622 CVE-2018-11362 CVE-2018-14368 CVE-2018-16057 CVE-2018-7418 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1:1.6.3-43] - 1687571 - cupsd doesnt clean tmp files if client conn is terminated abnormally [1:1.6.3-42] - 1651575 - CVE-2018-4700 cups [1:1.6.3-41] - 1608764 - CVE-2018-4180 cups - 1607291 - CVE-2018-4181 cups MODERATE Copyright 2020 Oracle, Inc. CVE-2018-4180 CVE-2018-4181 CVE-2018-4700 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 Oracle Linux 7 [1.1.0-5] - Resolves: rhbz#1740212 - New defect found in libosinfo-1.1.0-4.el7 [1.1.0-4] - Resolves: rhbz#1727842 - CVE-2019-13313 libosinfo: osinfo-install-script option leaks password via command line argument LOW Copyright 2020 Oracle, Inc. CVE-2019-13313 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 7 [3:2.1.15-30] - Resolves: #1599692 - Sanitize input on listinfo page (CVE-2018-0618) [3:2.1.15-29] - Resolves: #1611689 - Trim long text in 'no such list' messages [3:2.1.15-28] - Resolves: #1718180 - Try to decode member name first [3:2.1.15-27] - Related : #1545973 - Bump release to override rhel-7.4.z version MODERATE Copyright 2020 Oracle, Inc. CVE-2018-0618 CVE-2018-13796 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::beta Oracle Linux 7 [32:9.11.4-16.P2] - Finish dig query when name is too long (#1743572) [32:9.11.4-15.P2] - Stop listening on IPv6 by default (#1753259) [32:9.11.4-14.P2] - Limit number of queries per TCP connection (CVE-2019-6477) [32:9.11.4-13.P2] - Revert not searching names with dot (#1743572) [32:9.11.4-12.P2] - Fix mkeys test validating CVE-2018-5745 fix [32:9.11.4-11.P2] - Use monotonic time in export library (#1093803) [32:9.11.4-10.P2] - Fix CVE-2018-5745 - Fix CVE-2019-6465 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-6465 CVE-2018-5745 CVE-2019-6477 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1:2.2.36-6] - fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes (#1741787) [1:2.2.36-5] - fix CVE-2019-3814: improper certificate validation (#1674369) - fix CVE-2019-7524: buffer overflow in indexer-worker process resulting in privilege escalation (#1700398) [1:2.2.36-4] - use portreserve to avoid port conflicts(#1270283) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-7524 CVE-2019-3814 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [7:3.5.20-15] - Resolves: #1690551 - Squid cache_peer DNS lookup failed when not all lower case - Resolves: #1680022 - squid cant display download/upload packet size for HTTPS sites - Resolves: #1717430 - Excessive memory usage when running out of descriptors - Resolves: #1676420 - Cache siblings return wrongly cached gateway timeouts - Resolves: #1729435 - CVE-2019-13345 squid: XSS via user_name or auth parameter in cachemgr.cgi - Resolves: #1582301 - CVE-2018-1000024 CVE-2018-1000027 squid: various flaws [7:3.5.20-13] - Resolves: #1620546 - migration of upstream squid MODERATE Copyright 2020 Oracle, Inc. CVE-2018-1000027 CVE-2019-13345 CVE-2018-1000024 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 evince [3.28.2-9] - Handle failure from TIFFReadRGBAImageOriented - Resolves: #1717352 poppler [0.26.5-42] - Fix potential integer overflow and check length for negative values - Resolves: #1757283 [0.26.5-41] - Ignore dict Length if it is broken - Resolves: #1733026 [0.26.5-40] - Fail gracefully if not all components of JPEG2000Stream - have the same size - Resolves: #1723504 [0.26.5-39] - Check whether input is RGB in PSOutputDev::checkPageSlice() - Resolves: #1697575 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-9959 CVE-2018-21009 CVE-2019-12293 CVE-2019-11459 CVE-2019-10871 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 atk [2.28.1-2] - Remove patch to fix invalid unref at atk_gobject_accessible_object_gone_cb() - Resolves: #1753123 evolution [3.28.5-8] - Update patch for RH bug #1686408 (CVE-2018-15587: Reposition signature bar) [3.28.5-7] - Add patch for RH bug #1686408 (CVE-2018-15587: Reposition signature bar) [3.28.5-6] - Add patch for RH bug #1753122 (GalA11yETableItem: Incorrect implementation of AtkObjectClass::ref_child()) evolution-data-server [3.28.5-4] - Add patch related to evolution-ews CVE-2019-3890 (RH bug #1696762) evolution-ews [3.28.5-5] - Remove patch for RH bug #1764669 (Send meeting change notifications only if being the organizer) [3.28.5-4] - Add patch for RH bug #1392567 (Sync CategoryList with mail Labels) - Add patch for RH bug #1764669 (Send meeting change notifications only if being the organizer) [3.28.5-3] - Add patch for RH bug #1696760 (CVE-2019-3890 - SSL Certificates are not validated) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-3890 CVE-2018-15587 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 7 [1:5.7.2-47] - revert calculation of free space (#1779609) [1:5.7.2-46] - fix sha224 and sha384 declaration check (#1774693) [1:5.7.2-45] - fix memory leak introduced by fix of snmp v3 traps forwarding (#1751195) [1:5.7.2-44] - add support for glusterfs (#1316386) - change services to start after network-online.target (#1388118) - fix interface fadeout configuration (#1547355) - fix scanf pattern for ICMP stats (#1693547) - change buffer size in pass_common.c file (#1695363 and #1731357) - remove initial whitespace reading from scanf pattern of /sys/dev/block/../stat file (#1700494) - fix for CVE-2018-18066 (#1638911) - add Counter64 support for UCD-SNMP-MIB (#1703752) MODERATE Copyright 2020 Oracle, Inc. CVE-2018-18066 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [4.10.4-10] - resolves: #1786324 - fix security level check for DsRGetForestTrustInformation [4.10.4-9] - resolves: #1764468 - Fix CVE-2019-10218 [4.10.4-8] - resolves: #1656541 - Fix join using netbios name [4.10.4-7] - resolves: #1657428 - Fix spnego downgrade - resolves: #1663064 - Fix net ads join in hardened environments [4.10.4-6] - resolves: #1753254 - Fix trusted domain enumeration in windind caused a Active Directory update [4.10.4-5] - resolves: #1751335 - Fix username/passwd auth with smbspool [4.10.4-4] - resolves: #1740986 - Fix issues creating BUILTIN\Guests [4.10.4-3] - resolves: #1746240 - Security fix for CVE-2019-10197 [4.10.4-2] - resolves: #1740000 - Fix 'net ads join createcomputer=<accountou>' [4.10.4-1] - resolves: #1497809 - Add --resolve-uids for 'smbstatus -L' - resolves: #1714947 - Fix idmap_tdb2 scripts [4.10.4-0] - resolves: #1724991 - Update to version 4.10.4 - resolves: #1595277 - Update manpage for 'net ads lookup' MODERATE Copyright 2020 Oracle, Inc. CVE-2019-10218 CVE-2019-10197 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 Oracle Linux 7 [12.1.0-6] - Fix CVE-2019-12387 (HTTP Header Injection) Resolves: rhbz#1721518 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-12387 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1:5.5.65-1] - Rebase to 5.5.65 Also fixes: CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2805 Resolves: #1741357 - Revert upstream changes that make the mysql_install_db relocatable because it broke mysql_install_db when run without --rpm arg Resolves: #1731062 - Add openssl BR that was missing for the tests MODERATE Copyright 2020 Oracle, Inc. CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2805 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7:8:beta Oracle Linux 7 [5.44-6] - fixing CVE-2018-10910. Resolves: #1609340 LOW Copyright 2020 Oracle, Inc. CVE-2018-10910 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 7 [5.4.16-48] - fix underflow in env_path_info in fpm_main.c CVE-2019-11043 [5.4.16-47] - fix stack-buffer-overflow while parsing HTTP response CVE-2018-7584 - fix out-of-bounds read in base64_decode_xmlrpc CVE-2019-9024 - fix reflected XSS in phar 404 page CVE-2018-5712 - fix reflected XSS in phar 403 and 404 error pages CVE-2018-10547 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-5712 CVE-2019-9024 CVE-2018-10547 CVE-2018-7584 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 7 [4.2.46-34] - BASH_CMD should not be writable in restricted shell Resolves: #1693181 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-9924 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 Oracle Linux 7 [1.5.3-173.el7] - kvm-tcp_emu-Fix-oob-access.patch [bz#1791560] - kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch [bz#1791560] - kvm-slirp-use-correct-size-while-emulating-commands.patch [bz#1791560] - Resolves: bz#1791560 (CVE-2020-7039 qemu-kvm: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() [rhel-7.8]) [1.5.3-172.el7] - kvm-target-i386-Export-TAA_NO-bit-to-guests.patch [bz#1771961] - kvm-target-i386-add-support-for-MSR_IA32_TSX_CTRL.patch [bz#1771961] - Resolves: bz#1771961 (CVE-2019-11135 qemu-kvm: hw: TSX Transaction Asynchronous Abort (TAA) [rhel-7.8]) [1.5.3-171.el7] - kvm-i386-Add-new-model-of-Cascadelake-Server.patch [bz#1638471] - kvm-i386-Disable-OSPKE-on-Cascadelake-Server.patch [bz#1638471] - kvm-i386-remove-the-INTEL_PT-CPUID-bit-from-Cascadelake-.patch [bz#1638471] - kvm-Add-missing-brackets-to-CPUID-0x80000008-code.patch [bz#1760607] - Resolves: bz#1638471 ([Intel 7.8 Feat] qemu-kvm Introduce Cascade Lake (CLX) cpu model) - Resolves: bz#1760607 (Corrupted EAX values due to missing brackets at CPUID[0x800000008] code) [1.5.3-170.el7] - kvm-Using-ip_deq-after-m_free-might-read-pointers-from-a.patch [bz#1749735] - kvm-target-i386-Merge-feature-filtering-checking-functio.patch [bz#1709971] - kvm-target-i386-Isolate-KVM-specific-code-on-CPU-feature.patch [bz#1709971] - kvm-i386-Add-new-MSR-indices-for-IA32_PRED_CMD-and-IA32_.patch [bz#1709971] - kvm-i386-Add-CPUID-bit-and-feature-words-for-IA32_ARCH_C.patch [bz#1709971] - kvm-Add-support-to-KVM_GET_MSR_FEATURE_INDEX_LIST-an.patch [bz#1709971] - kvm-x86-Data-structure-changes-to-support-MSR-based-feat.patch [bz#1709971] - kvm-x86-define-a-new-MSR-based-feature-word-FEATURE_WORD.patch [bz#1709971] - kvm-Use-KVM_GET_MSR_INDEX_LIST-for-MSR_IA32_ARCH_CAP.patch [bz#1709971] - kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch [bz#1709971] - kvm-Remove-arch-capabilities-deprecation.patch [bz#1709971] - kvm-target-i386-add-MDS-NO-feature.patch [bz#1714791] - Resolves: bz#1709971 ([Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm) - Resolves: bz#1714791 ([Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm) - Resolves: bz#1749735 (CVE-2019-15890 qemu-kvm: QEMU: Slirp: use-after-free during packet reassembly [rhel-7]) [1.5.3-169.el7] - kvm-target-i386-Support-invariant-tsc-flag.patch [bz#1626871] - kvm-target-i386-block-migration-and-savevm-if-invariant-.patch [bz#1626871] - kvm-i386-Don-t-copy-host-virtual-address-limit.patch [bz#1706658] - Resolves: bz#1626871 ([RFE] request for using TscInvariant feature with qemu-kvm.) - Resolves: bz#1706658 ([Intel 7.8 Bug] qemu-kvm fail with 'err:kvm_init_vcpu() invalidate argumant' on ICX platform) [1.5.3-168.el7] - kvm-qxl-check-release-info-object.patch [bz#1712703] - kvm-bswap.h-Remove-cpu_to_be16wu.patch [bz#1270166] - kvm-net-Transmit-zero-UDP-checksum-as-0xFFFF.patch [bz#1270166] - kvm-Fix-heap-overflow-in-ip_reass-on-big-packet-input.patch [bz#1734749] - Resolves: bz#1270166 (UDP packet checksum is not converted from 0x0000 to 0xffff with Qemu e1000 emulation.) - Resolves: bz#1712703 (CVE-2019-12155 qemu-kvm: QEMU: qxl: null pointer dereference while releasing spice resources [rhel-7]) - Resolves: bz#1734749 (CVE-2019-14378 qemu-kvm: QEMU: slirp: heap buffer overflow during packet reassembly [rhel-7.8]) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-7039 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:base Oracle Linux 7 [2.4.6-93.0.1] - replace index.html with Oracles index page oracle_index.html [2.4.6-93] - Resolves: #1677496 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time [2.4.6-92] - htpasswd: add SHA-2 crypt() support (#1486889) [2.4.6-91] - Resolves: #1630886 - scriptlet can fail if hostname is not installed - Resolves: #1565465 - CVE-2017-15710 httpd: Out of bound write in mod_authnz_ldap when using too small Accept-Language values - Resolves: #1568298 - CVE-2018-1301 httpd: Out of bounds access after failure in reading the HTTP request - Resolves: #1673457 - Apache child process crashes because ScriptAliasMatch directive - Resolves: #1633152 - mod_session missing apr-util-openssl - Resolves: #1649470 - httpd response contains garbage in Content-Type header - Resolves: #1724034 - Unexpected OCSP in proxy SSL connection MODERATE Copyright 2020 Oracle, Inc. CVE-2018-1301 CVE-2017-15710 CVE-2018-17199 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [5:1.5.21-29] - Fix IMAP header caching path traversal vulnerability - Resolves: #1608011 - Resolves: CVE-2018-14355 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-14355 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::beta Oracle Linux 7 [2.7.5-88.0.1] - Add Oracle Linux distribution in platform.py [orabug 20812544] [2.7.5-88] - Security fix for CVE-2019-16056 Resolves: rhbz#1750773 [2.7.5-87] - Fix CVE-2018-20852 Resolves: rhbz#1741551 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-16056 CVE-2018-20852 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ol7 Oracle Linux 7 [3.6.8-13.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-13] - Security fix for CVE-2019-16056 Resolves: rhbz#1750774 [3.6.8-12] - Add support for OpenSSL FIPS mode - Fix faulthandler stack size Resolves: rhbz#1732908 [3.6.8-11] - Security fix for CVE-2018-20852 Resolves: rhbz#1741552 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-20852 CVE-2019-16056 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 Oracle Linux 7 [0.112-26.0.1] - Increase timeout to avoid defunct processes [Orabug: 26930744] [0.112-26] - Refined upstream fix of CVE-2018-1116 to avoid ABI changes - Related: rhbz#1601411 [0.112-25] - fix of CVE-2018-1116 - Resolves: rhbz#1601411 [0.112-24] - pkttyagent: resetting terminal erases rest of input line - Resolves: rhbz#1753037 [0.112-23] - pkttyagent: process stopped by SIGTTOU if run in background job - Resolves: rhbz#1724444 LOW Copyright 2020 Oracle, Inc. CVE-2018-1116 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7::beta cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 Oracle Linux 7 [0.19.8.1-3] - fix CVE-2018-18751: double-free in xgettext (rhbz#1648433) LOW Copyright 2020 Oracle, Inc. CVE-2018-18751 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 Oracle Linux 7 [1:5.3.6.1-24.0.1] - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile - Build with --with-vendor='Oracle America, Inc.' [1:5.3.6.1-24] - Resolves: rhbz#1728763 bg of blocks is black [1:5.3.6.1-23] - Resolves: rhbz#1601372 libreoffice fails to build with --nocheck [1:5.3.6.1-22] - Resolves: rhbz#1743962 CVE-2019-9848 - Resolves: rhbz#1743954 CVE-2019-9849 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-9851 CVE-2019-9850 CVE-2019-9849 CVE-2019-9848 CVE-2019-9852 CVE-2019-9854 CVE-2019-9853 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1.8.0-3] - Fix for CVE-2019-14850 denial of service due to premature opening of back-end connection resolves: rhbz#1757261 [1.8.0-2] - Explicitly disable nbdkit-ext2-plugin in configure resolves: rhbz#1724242 LOW Copyright 2020 Oracle, Inc. CVE-2019-14850 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1:4.8.7-8] - Fix QImage allocation failure in qgifhandler Resolves: bz#1667863 - Fix QTgaFile CPU exhaustion Resolves: bz#1667879 - Fix QBmpHandler segmentation fault on malformed BMP file Resolves: bz#1667862 [1:4.8.7-7] - Fix crash when parsing malformed url reference in svg Resolves: bz#1667882 [1:4.8.7-6] - Fix crash in qppmhandler for certain malformed image files Resolves: bz#1702031 [1:4.8.7-5] - Fix possible heap corruption in QXmlStream Resolves: bz#1667861 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-19870 CVE-2018-19871 CVE-2018-19873 CVE-2018-19872 CVE-2018-15518 CVE-2018-19869 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 7 [4.10.5-8] - Fix path traversal issue when extracting an .okular file Resolves: bz#1634726 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-1000801 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest Oracle Linux 7 [1.8-8.20130218git] - Fixed OOB read when loading invalid ogg flac file Resolves: bz#1585260 LOW Copyright 2020 Oracle, Inc. CVE-2018-11439 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 7 [0.6.31-20] - multicast DNS no longer responds to unicast queries outside of local network (#1663410) LOW Copyright 2020 Oracle, Inc. CVE-2017-6519 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:linux:7::beta cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 7 [0.13.62-12] - Fix a directory traversal bug - unzip-mem should now strip all '../' prefixes from the archived files - Resolves: CVE-2018-17828 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-17828 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 7 autotrace [0.31.1-38] - Resolves: #1765205 rebuild against new IM emacs [1:24.3-23] - Resolves: #1765208 rebuild against new IM ImageMagick [6.9.10.68-3] - Fixing freeze when svg file contains class='' [6.9.10.68-2] - Fixed ghostscript fonts, fixed multilib conflicts [6.9.10.68-1] - Rebase to 6.9.10.68 inkscape [0.92.2-3] - Resolves: #1765211 rebuild against new IM MODERATE Copyright 2020 Oracle, Inc. CVE-2017-18271 CVE-2018-10805 CVE-2018-15607 CVE-2019-11598 CVE-2019-12978 CVE-2019-13304 CVE-2019-13306 CVE-2019-13311 CVE-2019-14981 CVE-2019-16708 CVE-2019-16711 CVE-2019-19949 CVE-2017-11166 CVE-2018-14434 CVE-2019-13297 CVE-2019-7398 CVE-2019-11597 CVE-2019-13134 CVE-2019-13305 CVE-2019-13307 CVE-2018-10804 CVE-2019-7175 CVE-2019-15141 CVE-2019-16713 CVE-2018-13153 CVE-2019-7397 CVE-2019-12975 CVE-2019-13295 CVE-2019-13301 CVE-2017-1000476 CVE-2018-16750 CVE-2019-10650 CVE-2019-16712 CVE-2019-17540 CVE-2017-12805 CVE-2018-18544 CVE-2019-10131 CVE-2019-13300 CVE-2018-12600 CVE-2018-14436 CVE-2018-16328 CVE-2019-14980 CVE-2018-14435 CVE-2018-20467 CVE-2019-13133 CVE-2019-13135 CVE-2019-13310 CVE-2019-15139 CVE-2019-17541 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2018-14437 CVE-2018-16749 CVE-2019-9956 CVE-2019-11470 CVE-2019-11472 CVE-2019-12976 CVE-2019-12979 CVE-2019-15140 CVE-2019-16709 CVE-2019-16710 CVE-2017-18273 CVE-2018-8804 CVE-2018-9133 CVE-2019-13309 CVE-2017-12806 CVE-2018-10177 CVE-2018-11656 CVE-2018-12599 CVE-2019-12974 CVE-2019-13454 CVE-2019-19948 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 7 [6.0-21] - Fix CVE-2019-13232 - Resolves: CVE-2019-13232 LOW Copyright 2020 Oracle, Inc. CVE-2019-13232 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7::beta cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 Oracle Linux 7 [1.0.25-11] - fix CVE-2018-13139 - stack-based buffer overflow in sndfile-deinterleave utility (#1598577) MODERATE Copyright 2020 Oracle, Inc. CVE-2018-13139 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1.0.1-9] Also add O_EXCL to log_blackbox.c when creating files Resolves: rhbz#1714853 [1.0.1-8] Improve socket security Resolves: rhbz#1714853 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-12779 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::beta Oracle Linux 7 [2.9.1-6.0.1.4] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.9.1-6.4] - Fix CVE-2015-8035 (#1595697) - Fix CVE-2018-14404 (#1602817) - Fix CVE-2017-15412 (#1729857) - Fix CVE-2016-5131 (#1714050) - Fix CVE-2017-18258 (#1579211) - Fix CVE-2018-1456 (#1622715) MODERATE Copyright 2020 Oracle, Inc. CVE-2015-8035 CVE-2017-15412 CVE-2017-18258 CVE-2018-14404 CVE-2016-5131 CVE-2018-14567 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:linux:7:8:beta Oracle Linux 7 [1.5.3-173.el7_8.1] - kvm-util-add-slirp_fmt-helpers.patch [bz#1798970] - kvm-tcp_emu-fix-unsafe-snprintf-usages.patch [bz#1798970] - Resolves: bz#1798970 (CVE-2020-8608 qemu-kvm: QEMU: Slirp: potential OOB access due to unsafe snprintf() usages [rhel-7.8.z]) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8608 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:patch Oracle Linux 8 [1.8.15-6.1] - - Fix hapack zero byte input causing overwrite (CVE-2020-11100, #1819518) [1.8.15-6] - Add gating tests (#1682106) CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-11100 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 nodejs [1:12.16.1-2] - Fix CVE-2020-10531 [1:12.16.1-1] - Resolves: RHBZ#1800393, RHBZ#1800394, RHBZ#1800380 - Rebase to 12.16.1 [1:12.14.1-1] - Rebase to 12.14.1 [1:12.13.1-1] - Resolves: RHBZ# 1773503, update to 12.13.1 - minor clean up and sync with Fedora spec - turn off debug builds [1:12.4.0-2] - Resolves:RHBZ#1685191 - Add condition to libs [1:12.4.0-1] - Update to v12.x - Add v8-devel and libs subpackages from fedora [1:10.14.1-2] - move nodejs-packaging BR out of conditional [1:10.14.1-1] - Resolves: RHBZ#1644207 - fixes node-gyp permissions - rebase [1:10.11.0-2] - BuildRequire nodejs-packaging for proper npm dependency generation - Resolves: rhbz#1615947 [1:10.11.0-1] - Rebase to 10.11.0 - Import changes from fedora - Resolves: rhbz#1621766 [1:10.7.0-5] - Import sources from fedora - Allow using python2 at %build and %install - turn off debug for aarch64 [1:10.7.0-4] - Fix npm upgrade scriptlet - Fix unexpected trailing .1 in npm release field [1:10.7.0-3] - Restore annotations to binaries - Fix unexpected trailing .1 in release field [1:10.7.0-2] - Update to 10.7.0 - https://nodejs.org/en/blog/release/v10.7.0/ - https://nodejs.org/en/blog/release/v10.6.0/ [1:10.5.0-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [1:10.5.0-1] - Update to 10.5.0 - https://nodejs.org/en/blog/release/v10.5.0/ [1:10.4.1-1] - Update to 10.4.1 to address security issues - https://nodejs.org/en/blog/release/v10.4.1/ - Resolves: rhbz#1590801 - Resolves: rhbz#1591014 - Resolves: rhbz#1591019 [1:10.4.0-1] - Update to 10.4.0 - https://nodejs.org/en/blog/release/v10.4.0/ [1:10.3.0-1] - Update to 10.3.0 - Update npm to 6.1.0 - https://nodejs.org/en/blog/release/v10.3.0/ [1:10.2.1-2] - Fix up bare 'python' to be python2 - Drop redundant entry in docs section [1:10.2.1-1] - Update to 10.2.1 - https://nodejs.org/en/blog/release/v10.2.1/ [1:10.2.0-1] - Update to 10.2.0 - https://nodejs.org/en/blog/release/v10.2.0/ [1:10.1.0-3] - Fix incorrect rpm macro [1:10.1.0-2] - Include upstream v8 fix for ppc64[le] - Disable debug build on ppc64[le] and s390x [1:10.1.0-1] - Update to 10.1.0 - https://nodejs.org/en/blog/release/v10.1.0/ - Reenable node_g binary [1:10.0.0-1] - Update to 10.0.0 - https://nodejs.org/en/blog/release/v10.0.0/ - Drop workaround patch - Temporarily drop node_g binary due to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85587 [1:9.11.1-2] - Use standard Fedora linker flags (bug #1543859) [1:9.11.1-1] - Update to 9.11.1 - https://nodejs.org/en/blog/release/v9.11.0/ - https://nodejs.org/en/blog/release/v9.11.1/ [1:9.10.0-1] - Update to 9.10.0 - https://nodejs.org/en/blog/release/v9.10.0/ [1:9.9.0-1] - Update to 9.9.0 - https://nodejs.org/en/blog/release/v9.9.0/ [1:9.8.0-1] - Update to 9.8.0 - https://nodejs.org/en/blog/release/v9.8.0/ [1:9.7.0-1] - Update to 9.7.0 - https://nodejs.org/en/blog/release/v9.7.0/ - Work around F28 build issue [1:9.6.1-1] - Update to 9.6.1 - https://nodejs.org/en/blog/release/v9.6.1/ - https://nodejs.org/en/blog/release/v9.6.0/ [1:9.5.0-1] - Package Node.js 9.5.0 [1:8.9.4-2] - Fix incorrect Requires: [1:8.9.4-1] - Update to 8.9.4 - https://nodejs.org/en/blog/release/v8.9.4/ - Switch to system copy of nghttp2 [1:8.9.3-2] - Update to 8.9.3 - https://nodejs.org/en/blog/release/v8.9.3/ - https://nodejs.org/en/blog/release/v8.9.2/ [1:8.9.1-2] - Rebuild for ICU 60.1 [1:8.9.1-1] - Update to 8.9.1 [1:8.9.0-1] - Update to 8.9.0 - Drop upstreamed patch [1:8.8.1-1] - Update to 8.8.1 to fix a regression [1:8.8.0-1] - Security update to 8.8.0 - https://nodejs.org/en/blog/release/v8.8.0/ [1:8.7.0-1] - Update to 8.7.0 - https://nodejs.org/en/blog/release/v8.7.0/ [1:8.6.0-2] - Use bcond macro instead of bootstrap conditional [1:8.6.0-1] - Fix nghttp2 version - Update to 8.6.0 - https://nodejs.org/en/blog/release/v8.6.0/ [1:8.5.0-3] - Build with bootstrap + bundle libuv for modularity - backport patch for aarch64 debug build [1:8.5.0-2] - Disable debug builds on aarch64 due to https://github.com/nodejs/node/issues/15395 [1:8.5.0-1] - Update to v8.5.0 - https://nodejs.org/en/blog/release/v8.5.0/ [1:8.4.0-2] - Refactor openssl BR [1:8.4.0-1] - Update to v8.4.0 - https://nodejs.org/en/blog/release/v8.4.0/ - http2 is now supported, add bundled nghttp2 - remove openssl 1.0.1 patches, we won't be using them in fedora [1:8.3.0-1] - Update to v8.3.0 - https://nodejs.org/en/blog/release/v8.3.0/ - update V8 to 6.0 - update minimal gcc and g++ requirements to 4.9.4 [1:8.2.1-2] - Bump release to fix broken dependencies [1:8.2.1-1.2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1:8.2.1-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1:8.2.1-1] - Update to v8.2.1 - https://nodejs.org/en/blog/release/v8.2.1/ [1:8.2.0-1] - Update to v8.2.0 - https://nodejs.org/en/blog/release/v8.2.0/ - Update npm to 5.3.0 - Adds npx command [1:8.1.4-3] - s/BuildRequires/Requires/ for http-parser-devel%{?_isa} [1:8.1.4-2] - Rename python-devel to python2-devel - own %{_pkgdocdir}/npm [1:8.1.4-1] - Update to v8.1.4 - https://nodejs.org/en/blog/release/v8.1.4/ - Drop upstreamed c-ares patch [1:8.1.3-1] - Update to v8.1.3 - https://nodejs.org/en/blog/release/v8.1.3/ [1:8.1.2-1] - Update to v8.1.2 - remove GCC 7 patch, as it is now fixed in node >= 6.12 nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10531 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 nodejs [1:10.19.0-2] - Resolves: RHBZ#1811498 [1:10.19.0-1] - Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606 [1:10.16.3-1] - Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518 [1:10.14.1-1] - Resolves: RHBZ#1644207 - fixes node-gyp permissions - rebase [1:10.11.0-2] - BuildRequire nodejs-packaging for proper npm dependency generation - Resolves: rhbz#1615947 [1:10.11.0-1] - Rebase to 10.11.0 - Import changes from fedora - Resolves: rhbz#1621766 [1:10.7.0-5] - Import sources from fedora - Allow using python2 at %build and %install - turn off debug for aarch64 [1:10.7.0-4] - Fix npm upgrade scriptlet - Fix unexpected trailing .1 in npm release field [1:10.7.0-3] - Restore annotations to binaries - Fix unexpected trailing .1 in release field [1:10.7.0-2] - Update to 10.7.0 - https://nodejs.org/en/blog/release/v10.7.0/ - https://nodejs.org/en/blog/release/v10.6.0/ [1:10.5.0-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [1:10.5.0-1] - Update to 10.5.0 - https://nodejs.org/en/blog/release/v10.5.0/ [1:10.4.1-1] - Update to 10.4.1 to address security issues - https://nodejs.org/en/blog/release/v10.4.1/ - Resolves: rhbz#1590801 - Resolves: rhbz#1591014 - Resolves: rhbz#1591019 [1:10.4.0-1] - Update to 10.4.0 - https://nodejs.org/en/blog/release/v10.4.0/ [1:10.3.0-1] - Update to 10.3.0 - Update npm to 6.1.0 - https://nodejs.org/en/blog/release/v10.3.0/ [1:10.2.1-2] - Fix up bare 'python' to be python2 - Drop redundant entry in docs section [1:10.2.1-1] - Update to 10.2.1 - https://nodejs.org/en/blog/release/v10.2.1/ [1:10.2.0-1] - Update to 10.2.0 - https://nodejs.org/en/blog/release/v10.2.0/ [1:10.1.0-3] - Fix incorrect rpm macro [1:10.1.0-2] - Include upstream v8 fix for ppc64[le] - Disable debug build on ppc64[le] and s390x [1:10.1.0-1] - Update to 10.1.0 - https://nodejs.org/en/blog/release/v10.1.0/ - Reenable node_g binary [1:10.0.0-1] - Update to 10.0.0 - https://nodejs.org/en/blog/release/v10.0.0/ - Drop workaround patch - Temporarily drop node_g binary due to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85587 [1:9.11.1-2] - Use standard Fedora linker flags (bug #1543859) [1:9.11.1-1] - Update to 9.11.1 - https://nodejs.org/en/blog/release/v9.11.0/ - https://nodejs.org/en/blog/release/v9.11.1/ [1:9.10.0-1] - Update to 9.10.0 - https://nodejs.org/en/blog/release/v9.10.0/ [1:9.9.0-1] - Update to 9.9.0 - https://nodejs.org/en/blog/release/v9.9.0/ [1:9.8.0-1] - Update to 9.8.0 - https://nodejs.org/en/blog/release/v9.8.0/ [1:9.7.0-1] - Update to 9.7.0 - https://nodejs.org/en/blog/release/v9.7.0/ - Work around F28 build issue [1:9.6.1-1] - Update to 9.6.1 - https://nodejs.org/en/blog/release/v9.6.1/ - https://nodejs.org/en/blog/release/v9.6.0/ [1:9.5.0-1] - Package Node.js 9.5.0 [1:8.9.4-2] - Fix incorrect Requires: [1:8.9.4-1] - Update to 8.9.4 - https://nodejs.org/en/blog/release/v8.9.4/ - Switch to system copy of nghttp2 [1:8.9.3-2] - Update to 8.9.3 - https://nodejs.org/en/blog/release/v8.9.3/ - https://nodejs.org/en/blog/release/v8.9.2/ [1:8.9.1-2] - Rebuild for ICU 60.1 [1:8.9.1-1] - Update to 8.9.1 [1:8.9.0-1] - Update to 8.9.0 - Drop upstreamed patch [1:8.8.1-1] - Update to 8.8.1 to fix a regression [1:8.8.0-1] - Security update to 8.8.0 - https://nodejs.org/en/blog/release/v8.8.0/ [1:8.7.0-1] - Update to 8.7.0 - https://nodejs.org/en/blog/release/v8.7.0/ [1:8.6.0-2] - Use bcond macro instead of bootstrap conditional [1:8.6.0-1] - Fix nghttp2 version - Update to 8.6.0 - https://nodejs.org/en/blog/release/v8.6.0/ [1:8.5.0-3] - Build with bootstrap + bundle libuv for modularity - backport patch for aarch64 debug build [1:8.5.0-2] - Disable debug builds on aarch64 due to https://github.com/nodejs/node/issues/15395 [1:8.5.0-1] - Update to v8.5.0 - https://nodejs.org/en/blog/release/v8.5.0/ [1:8.4.0-2] - Refactor openssl BR [1:8.4.0-1] - Update to v8.4.0 - https://nodejs.org/en/blog/release/v8.4.0/ - http2 is now supported, add bundled nghttp2 - remove openssl 1.0.1 patches, we won't be using them in fedora [1:8.3.0-1] - Update to v8.3.0 - https://nodejs.org/en/blog/release/v8.3.0/ - update V8 to 6.0 - update minimal gcc and g++ requirements to 4.9.4 [1:8.2.1-2] - Bump release to fix broken dependencies [1:8.2.1-1.2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1:8.2.1-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1:8.2.1-1] - Update to v8.2.1 - https://nodejs.org/en/blog/release/v8.2.1/ [1:8.2.0-1] - Update to v8.2.0 - https://nodejs.org/en/blog/release/v8.2.0/ - Update npm to 5.3.0 - Adds npx command [1:8.1.4-3] - s/BuildRequires/Requires/ for http-parser-devel%{?_isa} [1:8.1.4-2] - Rename python-devel to python2-devel - own %{_pkgdocdir}/npm [1:8.1.4-1] - Update to v8.1.4 - https://nodejs.org/en/blog/release/v8.1.4/ - Drop upstreamed c-ares patch [1:8.1.3-1] - Update to v8.1.3 - https://nodejs.org/en/blog/release/v8.1.3/ [1:8.1.2-1] - Update to v8.1.2 - remove GCC 7 patch, as it is now fixed in node >= 6.12 nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10531 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [1:0.17-73.1] - Resolves: #1814473 - Arbitrary remote code execution in utility.c via short writes or urgent data IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10188 cpe:/a:oracle:linux:8::appstream Oracle Linux 6 [1.8.15-3] - Backport fix for CVE-2020-5208 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-5208 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [1:0.17-65] - Resolves: #1814475 - Arbitrary remote code execution in utility.c via short writes or urgent data IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10188 cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::beta Oracle Linux 6 [1:0.17-49] - Resolves: #1814775 - Arbitrary remote code execution in utility.c via short writes or urgent data IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10188 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [68.6.1-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [68.6.1-1] - Update to 68.6.1 ESR CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-6819 CVE-2020-6820 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 6 [68.6.1-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [68.6.1-1] - Update to 68.6.1 ESR * Wed Mar 04 2020 Jan Horak <jhorak@redhat.com> - Update to 68.6.0 build1 [68.5.0-3] - Added fix for rhbz#1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-6819 CVE-2020-6820 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 8 [68.6.1-1.0.1.el8_1] - Rebuild to pickup Oracle default bookmarks [Orabug: 30069264] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Remove upstream references [Orabug: 30530527] [68.6.1-1] - Update to 68.6.1 ESR CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-6819 CVE-2020-6820 cpe:/a:oracle:linux:8::appstream Oracle Linux 6 [1.0.1-10] - Apply previous patch - Resolves: #1814774 [1.0.1-9] - Fix CVE-2020-10188 (netclear()/nextitem() buffer overrun) - Resolves: #1814774 [1.0.1-8] - bump release number to sort newer than the recent 6.2 update IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10188 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 8 qemu-kvm [2.12.0-88.0.1.el8_1_0.3] - Added bug30251155-remove-upstream-reference [Orabug: 30251155] [2.12.0-88.el8_1_0.3] - kvm-tcp_emu-Fix-oob-access.patch [bz#1791565] - kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch [bz#1791565] - kvm-slirp-use-correct-size-while-emulating-commands.patch [bz#1791565] - kvm-iscsi-Avoid-potential-for-get_status-overflow.patch [bz#1794500] - kvm-iscsi-Cap-block-count-from-GET-LBA-STATUS-CVE-2020-1.patch [bz#1794500] - Resolves: bz#1791565 (CVE-2020-7039 virt:rhel/qemu-kvm: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() [rhel-8.1.0.z]) - Resolves: bz#1794500 (CVE-2020-1711 qemu-kvm: QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server [rhel-8.1.0.z]) libvirt [4.5.0-35.3.0.1] - added librbd1 as dependency (Keshav Sharma) [4.5.0-35.3.el8] - qemu: Translate features in virQEMUCapsGetCPUFeatures (rhbz#1809510) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-7039 CVE-2020-1711 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [4.18.0-147.8.1_1.OL8] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] [4.18.0-147.8.1_1] - rebuild, due infrastructure issues last kernel build wasn't signed properly [1807231 1807216] [4.18.0-147.7.1_1] - [hid] hiddev: do cleanup in failure of opening a device (Benjamin Tissoires) [1803458 1803460] {CVE-2019-19527} - [hid] hiddev: avoid opening a disconnected device (Benjamin Tissoires) [1803458 1803460] {CVE-2019-19527} - [nvme] nvmet: fix discover log page when offsets are used (Gopal Tiwari) [1801216 1745836] - [netdrv] ibmvnic: Serialize device queries (Steve Best) [1794060 1778037] - [netdrv] ibmvnic: Bound waits for device queries (Steve Best) [1794060 1778037] - [netdrv] ibmvnic: Terminate waiting device threads after loss of service (Steve Best) [1794060 1778037] - [netdrv] ibmvnic: Fix completion structure initialization (Steve Best) [1794060 1778037] - [netdrv] ibmvnic: Ignore H_FUNCTION return from H_EOI to tolerate XIVE mode (Steve Best) [1794060 1778037] - [tools] selftests/powerpc: Fix compile error on tlbie_test due to newer gcc (Desnes Augusto Nunes do Rosario) [1794058 1755707] - [tools] selftests/powerpc: Add test case for tlbie vs mtpidr ordering issue (Desnes Augusto Nunes do Rosario) [1794058 1755707] - [powerpc] powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (Desnes Augusto Nunes do Rosario) [1794058 1755707] - [powerpc] powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (Desnes Augusto Nunes do Rosario) [1794058 1755707] - [powerpc] powerpc/book3s64/mm: Don't do tlbie fixup for some hardware revisions (Desnes Augusto Nunes do Rosario) [1794058 1755707] [4.18.0-147.6.1_1] - [crypto] crypto: chelsio - count incomplete block in IV (Jonathan Toppins) [1798527 1725813] - [crypto] crypto: chelsio - Fix softlockup with heavy I/O (Jonathan Toppins) [1798527 1725813] - [crypto] crypto: chelsio - Fix NULL pointer dereference (Jonathan Toppins) [1798527 1725813] - [nvme] nvme: Treat discovery subsystems as unique subsystems (Ewan Milne) [1798381 1757525] - [mm] mm/page-writeback.c: don't break integrity writeback on ->writepage() error (Christoph von Recklinghausen) [1797962 1782117] - [lib] crc-t10dif: crc_t10dif_mutex can be static (Vladis Dronov) [1797961 1769462] - [lib] crc-t10dif: Allow current transform to be inspected in sysfs (Vladis Dronov) [1797961 1769462] - [lib] crc-t10dif: Pick better transform if one becomes available (Vladis Dronov) [1797961 1769462] - [crypto] api - Introduce notifier for new crypto algorithms (Vladis Dronov) [1797961 1769462] - [block] blk-mq: make sure that line break can be printed (Ming Lei) [1797960 1741462] - [block] blk-mq: avoid sysfs buffer overflow with too many CPU cores (Ming Lei) [1797960 1741462] - [scsi] hpsa: update driver version (Joseph Szczypek) [1797519 1761968] - [scsi] scsi: hpsa: add missing hunks in reset-patch (Joseph Szczypek) [1797519 1761968] - [arm64] arm64: compat: Workaround Neoverse-N1 #1542419 for compat user-space (Mark Salter) [1797518 1757828] - [arm64] arm64: Fake the IminLine size on systems affected by Neoverse-N1 #1542419 (Mark Salter) [1797518 1757828] - [arm64] arm64: errata: Hide CTR_EL0.DIC on systems affected by Neoverse-N1 #1542419 (Mark Salter) [1797518 1757828] - [arm64] arm64: Handle erratum 1418040 as a superset of erratum 1188873 (Mark Salter) [1797518 1757828] - [arm64] arm64: errata: Add workaround for Cortex-A76 erratum #1463225 (Mark Salter) [1797518 1757828] - [arm64] arm64: Kconfig: Tidy up errata workaround help text (Mark Salter) [1797518 1757828] - [arm64] arm64: Apply ARM64_ERRATUM_1188873 to Neoverse-N1 (Mark Salter) [1797518 1757828] - [arm64] arm64: Add part number for Neoverse N1 (Mark Salter) [1797518 1757828] - [arm64] arm64: Make ARM64_ERRATUM_1188873 depend on COMPAT (Mark Salter) [1797518 1757828] - [arm64] arm64: Restrict ARM64_ERRATUM_1188873 mitigation to AArch32 (Mark Salter) [1797518 1757828] - [arm64] arm64: arch_timer: avoid unused function warning (Mark Salter) [1797518 1757828] - [arm64] arm64: Add workaround for Cortex-A76 erratum 1286807 (Mark Salter) [1797518 1757828] - [md] dm snapshot: rework COW throttling to fix deadlock (Mike Snitzer) [1796490 1758605] - [md] dm snapshot: introduce account_start_copy() and account_end_copy() (Mike Snitzer) [1796490 1758605] - [block] fix memleak of bio integrity data (Ming Lei) [1795338 1779898] - [powerpc] xive: Prevent page fault issues in the machine crash handler (Diego Domingos) [1795337 1756116] - [scsi] scsi: megaraid_sas: IRQ poll to avoid CPU hard lockups (Tomas Henzl) [1795335 1726251] - [powerpc] powerpc/perf: Disable trace_imc pmu (Steve Best) [1794061 1785573] - [s390] s390/qeth: ensure linear access to packet headers (Philipp Rudo) [1794059 1781085] - [s390] s390/qeth: guard against runt packets (Philipp Rudo) [1794059 1781085] - [s390] s390/qeth: handle skb allocation error gracefully (Philipp Rudo) [1794059 1781085] - [s390] s390/qeth: drop unwanted packets earlier in RX path (Philipp Rudo) [1794059 1781085] - [s390] s390/qeth: support per-frame invalidation (Philipp Rudo) [1794059 1781085] - [s390] s390/qeth: gather more detailed RX dropped/error statistics (Philipp Rudo) [1794059 1781085] - [s390] s390/net: Mark expected switch fall-throughs (Philipp Rudo) [1794059 1781085] - [s390] s390/qeth: consolidate skb RX processing in L3 driver (Philipp Rudo) [1794059 1781085] - [s390] s390/qeth: remove RX seqno in skb->cb (Philipp Rudo) [1794059 1781085] - [powerpc] kvm: ppc: book3s hv: Flush link stack on guest exit to host kernel (Gustavo Duarte) [1794056 1777686] {CVE-2019-18660} - [powerpc] book3s64: Fix link stack flush on context switch (Gustavo Duarte) [1794056 1777686] {CVE-2019-18660} - [powerpc] 64s: support nospectre_v2 cmdline option (Gustavo Duarte) [1794056 1777686] {CVE-2019-18660} - [powerpc] fsl: Update Spectre v2 reporting (Gustavo Duarte) [1794056 1777686] {CVE-2019-18660} - [powerpc] fsl: Add nospectre_v2 command line argument (Gustavo Duarte) [1794056 1777686] {CVE-2019-18660} - [powerpc] fsl: Fix spectre_v2 mitigations reporting (Gustavo Duarte) [1794056 1777686] {CVE-2019-18660} - [powerpc] 64: Make meltdown reporting Book3S 64 specific (Gustavo Duarte) [1794056 1777686] {CVE-2019-18660} - [powerpc] 64: Disable the speculation barrier from the command line (Gustavo Duarte) [1794056 1777686] {CVE-2019-18660} - [firmware] efi/memreserve: Register reservations as 'reserved' in /proc/iomem (Bhupesh Sharma) [1792200 1772730] - [firmware] efi/memreserve: deal with memreserve entries in unmapped memory (Bhupesh Sharma) [1792200 1772730] - [s390] s390/cpum_sf: save TOD clock base in SDBs for time conversion (Philipp Rudo) [1792198 1743504] - [s390] s390/sclp: Fix bit checked for has_sipl (Philipp Rudo) [1791408 1748347] - [scsi] qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (Himanshu Madhani) [1790350 1782598] - [scsi] qla2xxx: Added support for MPI and PEP regions for ISP28XX (Himanshu Madhani) [1790350 1782598] - [scsi] qla2xxx: Correctly retrieve and interpret active flash region (Himanshu Madhani) [1790350 1782598] - [powerpc] powerpc/tm: Fix FP/VMX unavailable exceptions inside a transaction (Gustavo Duarte) [1788862 1750653] {CVE-2019-15030} - [powerpc] powerpc/tm: Fix restoring FP/VMX facility incorrectly on interrupts (Gustavo Duarte) [1791630 1750653] {CVE-2019-15031} - [scsi] scsi: qla2xxx: Fix different size DMA Alloc/Unmap (Himanshu Madhani) [1788206 1753031] - [scsi] qla2xxx: call dma_free_coherent with correct size in all cases in qla24xx_sp_unmap (Himanshu Madhani) [1788206 1753031] - [fs] devpts_pty_kill(): don't bother with d_delete() (Eric Sandeen) [1783959 1772718] - [fs] devpts: always delete dcache dentry-s in dput() (Eric Sandeen) [1783959 1772718] MODERATE Copyright 2020 Oracle, Inc. CVE-2019-18660 CVE-2019-15030 CVE-2019-15031 CVE-2019-19527 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:1:baseos_patch cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 buildah [1.11.6-6.0.1] - Fixes troubles with oracle registry login [Orabug: 29937283] [1.11.6-6] - fix COPY command takes long time with buildah - Resolves: #1806119 [1.11.6-5] - fix Podman support for FIPS Mode requires a bind mount inside the container - Resolves: #1804188 cockpit-podman [11-1] - Fix Alert notification in Image Search Modal - Allow more than a single Error Notification for Container action errors - Various Alert cleanups - Translation updates - Related: RHELPLAN-25138 [10-1] - Support for user containers - Show list of containers that use given image - Show placeholder while loading containers and images - Fix setting memory limit - bug 1732713 - Add container Terminal - bug 1703245 - Related: RHELPLAN-25138 conmon [2:2.0.6-1] - update to 2.0.6 - Related: RHELPLAN-25138 [2:2.0.5-1] - update to 2.0.5 - Related: RHELPLAN-25138 [2:2.0.4-1] - update to 2.0.4 bugfix release - Related: RHELPLAN-25138 [2:2.0.3-2.giteb5fa88] - BR: systemd-devel - Related: RHELPLAN-25138 [2:2.0.3-1.giteb5fa88] - update to 2.0.3 [2:2.0.2-0.1.dev.git422ce21] - build latest upstream master [2:2.0.0-2] - remove BR: go-md2man since no manpages yet container-selinux [2:2.124.0-1] - update to 2.124.0 - Related: RHELPLAN-25138 fuse-overlayfs [0.7.2-5] - be sure to work properly also with older rhel8 kernels, thanks to Giuseppe Scrivano - Resolves: #1803495 [0.7.2-4] - latest iteration of segfault fix patch, thanks to Giuseppe Scrivano - Resolves: #1803495 [0.7.2-3] - fix fuse-overlayfs segfault - Resolves: #1805016 [0.7.2-2] - fix useradd and groupadd fail under rootless Buildah and podman - Resolves: #1803495 podman [1.6.4-4.0.1] - delivering fix for [Orabug: 29874238] by Nikita Gerasimov <nikita.gerasimov@oracle.com> [1.6.4-4] - fix podman (1.6.4) rhel 8.1 no route to host from inside container - Resolves: #1806900 [1.6.4-3] - fix Podman support for FIPS Mode requires a bind mount inside the container - Resolves: #1804194 python-podman-api [1.2.0-0.2.gitd0a45fe] - revert update to 1.6.0 due to new python3-pbr dependency which is not in RHEL - Related: RHELPLAN-25138 runc [1.0.0-64.rc9] - use no_openssl in BUILDTAGS (no vendored crypto in runc) - Related: RHELPLAN-25138 [1.0.0-63.rc9] - be sure to use golang >= 1.12.12-4 - Related: RHELPLAN-25138 [1.0.0-62.rc9] - rebuild because of CVE-2019-9512 and CVE-2019-9514 - Related: RHELPLAN-25138 [1.0.0-61.rc9] - update to runc 1.0.0-rc9 release - amend golang deps - fixes CVE-2019-16884 [1.0.0-60.rc8] - Resolves: #1721247 - enable fips mode [1.0.0-59.rc8] - Resolves: #1720654 - rebase to v1.0.0-rc8 [1.0.0-57.rc5.dev.git2abd837] - Resolves: #1693424 - podman rootless: cannot specify gid= mount options skopeo [0.1.40-8.0.1] - Add oracle registry into the conf file [Orabug: 29845934] - Fix oracle registry login issues [Orabug: 29937192] [1:0.1.40-8] - change the search order of registries and remove quay.io (#1784267) slirp4netns [0.4.2-3.git21fdece] - Fix CVE-2020-8608 - Related: RHELPLAN-25138 toolbox [0.0.4-1.el8] - Update for rhel8.1 container-tools module udica [0.2.1-2] - initial import to container-tools 8.2.0 - Related: RHELPLAN-25139 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8608 cpe:/a:oracle:linux:8::appstream Oracle Linux 6 [0.12.1.2-2.506.el6_10.7] - kvm-slirp-disable-tcp_emu.patch [bz#1791680] - kvm-slirp-add-slirp_fmt-helpers.patch [bz#1798966] - kvm-tcp_emu-fix-unsafe-snprintf-usages.patch [bz#1798966] - Resolves: bz#1791680 (QEMU: Slirp: disable emulation of tcp programs like ftp IRC etc. [rhel-6]) - Resolves: bz#1798966 (CVE-2020-8608 qemu-kvm: QEMU: Slirp: potential OOB access due to unsafe snprintf() usages [rhel-6.10.z]) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8608 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 Oracle Linux 8 [68.7.0-2.0.1.el8_1] - Rebuild to pickup Oracle default bookmarks [Orabug: 30069264] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Remove upstream references [Orabug: 30530527] [68.7.0-2] - Update to 68.7.0 build3 [68.6.1-1] - Update to 68.6.1 ESR * Wed Mar 04 2020 Jan Horak <jhorak@redhat.com> - Update to 68.6.0 build1 [68.5.0-3] - Added fix for rhbz#1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6822 CVE-2020-6825 CVE-2020-6821 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [68.7.0-2.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [68.7.0-2] - Update to 68.7.0 build3 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6821 CVE-2020-6825 CVE-2020-6822 cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 6 [68.7.0-2.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [68.7.0-2] - Update to 68.7.0 build3 [68.6.1-1] - Update to 68.6.1 ESR * Wed Mar 04 2020 Jan Horak <jhorak@redhat.com> - Update to 68.6.0 build1 [68.5.0-3] - Added fix for rhbz#1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6821 CVE-2020-6822 CVE-2020-6825 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6820 CVE-2020-6821 CVE-2020-6825 CVE-2020-6822 CVE-2020-6819 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [68.7.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.7.0-1] - Update to 68.7.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6825 CVE-2020-6821 CVE-2020-6822 CVE-2020-6819 CVE-2020-6820 cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta Oracle Linux 8 [68.7.0-1.0.1.el8_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.7.0-1] - Update to 68.7.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6821 CVE-2020-6822 CVE-2020-6820 CVE-2020-6825 CVE-2020-6819 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.9.0-14] - Bump build version Resolves: bz#1819877 Resolves: bz#1819879 Resolves: bz#1819882 Resolves: bz#1819886 Resolves: bz#1819884 [1.9.0-13] - Fix stack buffer overflow in CMsgReader::readSetCursor Resolves: bz#1819877 - Fix heap buffer overflow in DecodeManager::decodeRect Resolves: bz#1819879 - Fix heap buffer overflow in TightDecoder::FilterGradient Resolves: bz#1819882 - Fix heap-based buffer overflow triggered from CopyRectDecoder Resolves: bz#1819886 - Fix stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder Resolves: bz#1819884 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-15693 CVE-2019-15691 CVE-2019-15692 CVE-2019-15695 CVE-2019-15694 cpe:/a:oracle:linux:8::appstream Oracle Linux 6 [1:1.8.0.252.b09-2] - Add release notes. - Resolves: rhbz#1810557 [1:1.8.0.252.b09-1] - Make use of --with-extra-asflags introduced in jdk8u252-b01. - Resolves: rhbz#1810557 [1:1.8.0.252.b09-0] - Update to aarch64-shenandoah-jdk8u242-b09. - Switch to GA mode for final release. - Resolves: rhbz#1810557 [1:1.8.0.252.b08-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b08. - Resolves: rhbz#1810557 [1:1.8.0.252.b07-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b07. - Resolves: rhbz#1810557 [1:1.8.0.252.b06-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b06. - Resolves: rhbz#1810557 [1:1.8.0.252.b05-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b05. - Resolves: rhbz#1810557 [1:1.8.0.252.b04-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b04. - Resolves: rhbz#1810557 [1:1.8.0.252.b03-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b03. - Resolves: rhbz#1810557 [1:1.8.0.252.b02-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b02. - Resolves: rhbz#1810557 [1:1.8.0.252.b01-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b01. - Switch to EA mode. - Adjust JDK-8199936/PR3533 patch following JDK-8227397 configure change - Resolves: rhbz#1810557 [1:1.8.0.242.b08-0] - Update to aarch64-shenandoah-jdk8u242-b08. - Remove local copies of JDK-8031111 & JDK-8132111 as replaced by upstream versions. - Resolves: rhbz#1785753 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2803 CVE-2020-2830 CVE-2020-2773 CVE-2020-2754 CVE-2020-2805 CVE-2020-2755 CVE-2020-2800 CVE-2020-2781 CVE-2020-2756 CVE-2020-2757 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [1:1.7.0.261-2.6.22.2.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.261-2.6.22.2] - Modify NEWS installation to avoid subpackage naming. - Resolves: rhbz#1810557 [1:1.7.0.261-2.6.22.1] - Add release notes from IcedTea. - Mark license files with appropriate macro. - Resolves: rhbz#1810557 [1:1.7.0.261-2.6.22.0] - Bump to 2.6.22 and OpenJDK 7u261-b02. - Resolves: rhbz#1810557 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2803 CVE-2020-2781 CVE-2020-2800 CVE-2020-2805 CVE-2020-2773 CVE-2020-2830 CVE-2020-2756 CVE-2020-2757 cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 6 [1:1.7.0.261-2.6.22.1.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.261-2.6.22.1] - Add release notes from IcedTea. - Resolves: rhbz#1810557 [1:1.7.0.261-2.6.22.0] - Bump to 2.6.22 and OpenJDK 7u261-b02. - Resolves: rhbz#1810557 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2756 CVE-2020-2781 CVE-2020-2800 CVE-2020-2757 CVE-2020-2773 CVE-2020-2805 CVE-2020-2830 CVE-2020-2803 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [1:11.0.7.10-4.0.1] - link atomic for ix86 build [1:11.0.7.10-4] - Add JDK-8228407 backport to resolve crashes during verification. - Resolves: rhbz#1810557 [1:11.0.7.10-3] - Amend release notes, removing issue actually fixed in 11.0.6. - Resolves: rhbz#1810557 [1:11.0.7.10-2] - Add release notes. - Resolves: rhbz#1810557 [1:11.0.7.10-1] - Make use of --with-extra-asflags introduced in jdk-11.0.6+1. - Resolves: rhbz#1810557 [1:11.0.7.10-0] - Update to shenandoah-jdk-11.0.7+10 (GA) - Switch to GA mode for final release. - Resolves: rhbz#1810557 [1:11.0.7.9-0.0.ea] - Update to shenandoah-jdk-11.0.7+9 (EA) - Resolves: rhbz#1810557 [1:11.0.7.8-0.0.ea] - Update to shenandoah-jdk-11.0.7+8 (EA) - Resolves: rhbz#1810557 [1:11.0.7.7-0.0.ea] - Update to shenandoah-jdk-11.0.7+7 (EA) - Resolves: rhbz#1810557 [1:11.0.7.6-0.0.ea] - Update to shenandoah-jdk-11.0.7+6 (EA) - Resolves: rhbz#1810557 [1:11.0.7.5-0.0.ea] - Update to shenandoah-jdk-11.0.7+5 (EA) - Resolves: rhbz#1810557 [1:11.0.7.4-0.0.ea] - Update to shenandoah-jdk-11.0.7+4 (EA) - Resolves: rhbz#1810557 [1:11.0.7.3-0.0.ea] - Update to shenandoah-jdk-11.0.7+3 (EA) - Resolves: rhbz#1810557 [1:11.0.7.2-0.0.ea] - Update to shenandoah-jdk-11.0.7+2 (EA) - Resolves: rhbz#1810557 [1:11.0.7.1-0.0.ea] - Update to shenandoah-jdk-11.0.7+1 (EA) - Switch to EA mode for 11.0.7 pre-release builds. - Drop JDK-8236039 backport now applied upstream. - Resolves: rhbz#1810557 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2773 CVE-2020-2778 CVE-2020-2805 CVE-2020-2800 CVE-2020-2803 CVE-2020-2830 CVE-2020-2781 CVE-2020-2754 CVE-2020-2816 CVE-2020-2767 CVE-2020-2755 CVE-2020-2757 CVE-2020-2756 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1.8.3.1-22 ] - Crafted URL containing new lines can cause credential leak - Resolves: CVE-2020-5260 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-5260 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1:1.8.0.252.b09-2] - Add release notes. - Mark license files with appropriate macro. - Resolves: rhbz#1810557 [1:1.8.0.252.b09-1] - Make use of --with-extra-asflags introduced in jdk8u252-b01. - Resolves: rhbz#1810557 [1:1.8.0.252.b09-0] - Update to aarch64-shenandoah-jdk8u242-b09. - Switch to GA mode for final release. - Resolves: rhbz#1810557 [1:1.8.0.252.b08-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b08. - Resolves: rhbz#1810557 [1:1.8.0.252.b07-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b07. - Resolves: rhbz#1810557 [1:1.8.0.252.b06-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b06. - Resolves: rhbz#1810557 [1:1.8.0.252.b05-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b05. - Resolves: rhbz#1810557 [1:1.8.0.252.b04-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b04. - Resolves: rhbz#1810557 [1:1.8.0.252.b03-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b03. - Adjust PR2974/RH1337583 & PR3083/RH1346460 following context changes in JDK-8230978 - Resolves: rhbz#1810557 [1:1.8.0.252.b02-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b02. - Resolves: rhbz#1810557 [1:1.8.0.252.b01-0.1.ea] - Update to aarch64-shenandoah-jdk8u252-b01. - Switch to EA mode. - Adjust JDK-8199936/PR3533 patch following JDK-8227397 configure change - Remove local copies of JDK-8231991 & JDK-8234107 as replaced by upstream versions. - Resolves: rhbz#1810557 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2800 CVE-2020-2754 CVE-2020-2755 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 CVE-2020-2757 CVE-2020-2773 CVE-2020-2756 CVE-2020-2781 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [2.18.2-2] - Crafted URL containing new lines can cause credential leak - Resolves: CVE-2020-5260 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-5260 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1:11.0.7.10-1] - Add JDK-8228407 backport to resolve crashes during verification. - Resolves: rhbz#1810557 [1:11.0.7.10-1] - Amend release notes, removing issue actually fixed in 11.0.6. - Resolves: rhbz#1810557 [1:11.0.7.10-1] - Re-apply --with-extra-asflags as crash was not due to this. - Resolves: rhbz#1810557 [1:11.0.7.10-1] - Add release notes. - Resolves: rhbz#1810557 [1:11.0.7.10-1] - Revert asflags changes as build remains broken. - Resolves: rhbz#1810557 [1:11.0.7.10-1] - Build still failing with just assembler build notes option, trying with just optimisation flags. - Resolves: rhbz#1810557 [1:11.0.7.10-1] - Passing optimisation flags to assembler causes build to crash. - Resolves: rhbz#1810557 [1:11.0.7.10-1] - Make use of --with-extra-asflags introduced in jdk-11.0.6+1. - Resolves: rhbz#1810557 [1:11.0.7.10-0] - Update to shenandoah-jdk-11.0.7+10 (GA) - Switch to GA mode for final release. - Resolves: rhbz#1810557 [1:11.0.7.9-0.0.ea] - Update to shenandoah-jdk-11.0.7+9 (EA) - Resolves: rhbz#1810557 [1:11.0.7.8-0.0.ea] - Update to shenandoah-jdk-11.0.7+8 (EA) - Resolves: rhbz#1810557 [1:11.0.7.7-0.0.ea] - Update to shenandoah-jdk-11.0.7+7 (EA) - Resolves: rhbz#1810557 [1:11.0.7.6-0.0.ea] - Update to shenandoah-jdk-11.0.7+6 (EA) - Resolves: rhbz#1810557 [1:11.0.7.5-0.0.ea] - Update to shenandoah-jdk-11.0.7+5 (EA) - Resolves: rhbz#1810557 [1:11.0.7.4-0.0.ea] - Update to shenandoah-jdk-11.0.7+4 (EA) - Resolves: rhbz#1810557 [1:11.0.7.3-0.0.ea] - Update to shenandoah-jdk-11.0.7+3 (EA) - Resolves: rhbz#1810557 [1:11.0.7.2-0.0.ea] - Update to shenandoah-jdk-11.0.7+2 (EA) - Resolves: rhbz#1810557 [1:11.0.7.1-0.0.ea] - Update to shenandoah-jdk-11.0.7+1 (EA) - Switch to EA mode for 11.0.7 pre-release builds. - Drop JDK-8236039 backport now applied upstream. - Resolves: rhbz#1810557 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2767 CVE-2020-2800 CVE-2020-2756 CVE-2020-2755 CVE-2020-2781 CVE-2020-2754 CVE-2020-2757 CVE-2020-2778 CVE-2020-2816 CVE-2020-2830 CVE-2020-2803 CVE-2020-2805 CVE-2020-2773 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1:1.8.0.252.b09-2] - Add release notes. - Resolves: rhbz#1810557 [1:1.8.0.252.b09-1] - Make use of --with-extra-asflags introduced in jdk8u252-b01. - Resolves: rhbz#1810557 [1:1.8.0.252.b09-0] - Update to aarch64-shenandoah-jdk8u252-b09. - Switch to GA mode for final release. - Resolves: rhbz#1810557 [1:1.8.0.252.b08-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b08. - Resolves: rhbz#1810557 [1:1.8.0.252.b07-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b07. - Resolves: rhbz#1810557 [1:1.8.0.252.b06-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b06. - Resolves: rhbz#1810557 [1:1.8.0.252.b05-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b05. - Resolves: rhbz#1810557 [1:1.8.0.252.b04-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b04. - Resolves: rhbz#1810557 [1:1.8.0.252.b03-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b03. - Adjust PR2974/RH1337583 & PR3083/RH1346460 following context changes in JDK-8230978 - Resolves: rhbz#1810557 [1:1.8.0.252.b02-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b02. - Resolves: rhbz#1810557 [1:1.8.0.252.b01-0.0.ea] - Update to aarch64-shenandoah-jdk8u252-b01. - Switch to EA mode. - Adjust JDK-8199936/PR3533 patch following JDK-8227397 configure change - Resolves: rhbz#1810557 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2830 CVE-2020-2800 CVE-2020-2755 CVE-2020-2781 CVE-2020-2773 CVE-2020-2803 CVE-2020-2754 CVE-2020-2805 CVE-2020-2756 CVE-2020-2757 cpe:/a:oracle:linux:8::appstream Oracle Linux 6 [2.6.32-754.29.1.OL6] - Update genkey [bug 25599697] [2.6.32-754.29.1] - [wireless] rtlwifi: Fix potential overflow on P2P code (Jarod Wilson) [1775226] {CVE-2019-17666} - [x86] mm: revert x86_64 and arm64 ELF_ET_DYN_BASE base changes (Denys Vlasenko) [1485759] - [powerpc] powerpc: move ELF_ET_DYN_BASE to 4GB / 4MB (Denys Vlasenko) [1485759] - binfmt_elf: use ELF_ET_DYN_BASE only for PIE (Denys Vlasenko) [1485759] - [powerpc] powerpc: Use generic PIE randomization (Denys Vlasenko) [1485759] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2017-1000371 CVE-2019-17666 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [12.1.0-7] - Fix CVE-2020-10108 and CVE-2020-10109 multiple HTTP request smuggling vulnderabilities Resolves: rhbz#1813439 rhbz#1813447 - Remove useless macros definitions IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10108 CVE-2020-10109 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [0:1.5.9-3] - fix null-pointer dereference in 'lru mode' and 'lru temp_ttl' (#1709408) - CVE-2019-11596 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-11596 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 exiv2 [0.27.2-5] - Fix failing test Resolves: bz#1800472 [0.27.2-4] - Drop test for the previous CVE as we test it manually and we dont have POC available Resolves: bz#1800472 [0.27.2-3] - Fix infinite loop and hang in Jp2Image::readMetadata() Resolves: bz#1800472 [0.27.2-2] Rebuild Resolves: bz#1651917 [0.27.2-1] - Update to 0.27.2 Resolves: bz#1651917 gegl [0.2.0-39] - Build without exiv2 Resolves: bz#1767748 gnome-color-manager [3.28.0-3] - Rebuild again to correctly trigger side-tag gating (exiv2) Resolves: bz#1757445 [3.28.0-2] - Rebuild (exiv2) Resolves: bz#1757445 libgexiv2 [0.10.8-4] - Rebuild again to correctly trigger side-tag gating (exiv2) Resolves: bz#1757444 [0.10.8-3] - Rebuild (exiv2) Resolves: bz#1757444 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-4868 CVE-2018-9304 CVE-2018-9303 CVE-2019-13113 CVE-2019-20421 CVE-2018-18915 CVE-2019-13109 CVE-2019-13114 CVE-2018-9305 CVE-2018-17230 CVE-2019-9143 CVE-2019-13111 CVE-2018-17282 CVE-2018-19535 CVE-2017-18005 CVE-2018-10772 CVE-2018-17229 CVE-2018-19107 CVE-2018-19607 CVE-2018-20096 CVE-2018-20098 CVE-2018-20099 CVE-2019-13112 CVE-2018-19108 CVE-2018-9306 CVE-2018-11037 CVE-2018-14338 CVE-2018-17581 CVE-2018-20097 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 [5.1.0-15] - fix Out-of-bounds read in WavpackVerifySingleBlock function (#1663151) - CVE-2018-19841 [5.1.0-14] - fix uninitialized variable in ParseCaffHeaderConfig (#1741251) - CVE-2019-1010317 [5.1.0-13] - fortify parsing of .dff files (#1707428, #1733627) - CVE-2019-1010315 - CVE-2019-11498 [5.1.0-12] - fix possible infinite loop in WavpackPackInit function (#1663154) - CVE-2018-19840 [5.1.0-11] - Fix issues with gating [5.1.0-10] - fix uninitialized variable in ParseWave64HeaderConfig (#1741200) - CVE-2019-1010319 LOW Copyright 2020 Oracle, Inc. CVE-2018-19840 CVE-2019-1010315 CVE-2019-1010319 CVE-2018-19841 CVE-2019-11498 CVE-2019-1010317 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [6.0.6.1-20.0.1.el8] - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile - Build with --with-vendor='Oracle America, Inc.' [1:6.0.6.1-20] - Resolves: rhbz#1743958 CVE-2019-9849, etc. - Resolves: rhbz#1648281 Junk character gets added when some emojis are inserted MODERATE Copyright 2020 Oracle, Inc. CVE-2019-9849 CVE-2019-9852 CVE-2019-9853 CVE-2019-9854 CVE-2019-9850 CVE-2019-9851 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 evolution [3.28.5-12] - Add patch for RH bug #1778799 (New Mail account wizard ignores email address change) [3.28.5-11] - Update patch for RH bug #1764563 (CVE-2018-15587: Reposition signature bar) [3.28.5-10] - Add patch for RH bug #1764563 (CVE-2018-15587: Reposition signature bar) - Add patch for RH bug #1753220 (GalA11yETableItem: Incorrect implementation of AtkObjectClass::ref_child()) evolution-data-server [3.28.5-13] - Resolves: #1791547 (test-cal-meta-backend cannot run without installed Evolution) [3.28.5-12] - Add patch for RH bug #1788478 (EDBusServer: Delay new module load) evolution-ews [3.28.5-9] - Remove patch for RH bug #1765005 (Reject creating meetings organized by other users) [3.28.5-8] - Remove patch for RH bug #1765005 (Send meeting change notifications only if being the organizer) [3.28.5-7] - Add patch for RH bug #1764818 (Sync CategoryList with mail Labels) - Add patch for RH bug #1765005 (Send meeting change notifications only if being the organizer) [3.28.5-6] - Add patch for RH bug #1741091 (Birthday date of Contact depends on system timezone) MODERATE Copyright 2020 Oracle, Inc. CVE-2018-15587 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [14:4.9.2-6] - Resolves: #1715423 - tcpdump pre creates user and groups unconditionally - Resolves: #1655622 - CVE-2018-19519 Stack-based buffer over-read in print-hncp.c:print_prefix() via crafted pcap LOW Copyright 2020 Oracle, Inc. CVE-2018-19519 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-18074 CVE-2018-20852 CVE-2019-16056 CVE-2019-11324 CVE-2018-20060 CVE-2019-11236 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.1.1-3] - Fixed use after free when sending SASL login to server Resolves: CVE-2019-13045 LOW Copyright 2020 Oracle, Inc. CVE-2019-13045 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-11036 CVE-2019-11040 CVE-2019-11039 CVE-2019-11041 CVE-2019-11042 CVE-2019-9023 CVE-2019-9024 CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9638 CVE-2019-9640 CVE-2019-9637 CVE-2018-20783 CVE-2019-11035 CVE-2019-9639 CVE-2019-11034 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 gstreamer1 [1.16.1-2] - Update to 1.16.2 for correctly pick up for side gating - Resolves: rhbz#1756299 [1.16.1-1] - Update to 1.16.1 - Enable libcap for the ptp helper permissions - Resolves: rhbz#1756299 gstreamer1-plugins-bad-free [1.16.1-1] - Update to 1.16.1 - Remove upstreamed patches - Remove dependency on removed package - Add sctp and closedcaption plugins - The vcdsrc plugin was removed - Resolves: rhbz#1756299 gstreamer1-plugins-base [1.16.1-1] - Update to 1.16.1 - Resolves: rhbz#1756299 gstreamer1-plugins-good [1.16.1-1] - Update to 1.16.1 - enable cairo plugins - Resolves: rhbz#1756299 gstreamer1-plugins-ugly-free [1.16.1-1] - Update to 1.16.1 - Only enable mpeg2dec on Fedora - Resolves: rhbz#1756299 [1.16.0-3] - Conflicts: gstreamer1-plugins-ugly < 1.16.0-2 [1.16.0-2] - Enable mpeg2dec plugin (#1709470) libmad [0.15.1b-25] - Add patches to avoid various buffer overruns - Fixes CVE-2018-7263 - Resolves: rhbz#1547507 orc [0.4.28-3] - x86: add endbr32 and endbr64 instructions - Resolves: rhbz#1693292 SDL [1.2.15-37] - Rebuild - Resolves: rhbz#1756279 SDL2 [2.0.10-2] - Fix CVE-2019-13616 SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c - Resolves: rhbz#1756279 [2.0.10-1] - Update to 2.0.10 - Resolves: rhbz#1751780 [2.0.9-3] - use khrplatform defines, not ptrdiff_t LOW Copyright 2020 Oracle, Inc. CVE-2018-7263 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder_developer cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [8.2-11.0.1] - Import Implement s390x arch13 support (Andreas Krebbel, RH BZ 1768593). [8.2-8.0.2] - Forward-port patches from ol8-u1: gdb-ctf-forward-type.patch gdb-ctf-func-args.patch gdb-ctf-optout-var.patch - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [8.2-8.0.1] - Forward-port patches from ol8-u1: gdb-ctf.patch gdb-ctf-upstream1.patch gdb-ctf-prfunc.patch - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [8.2-8.el8] - Fix buffer overflow reading sections with invalid sizes (Keith Seitz, RH BZ 1742099) [8.2-7.el8] - Fix segfault that happens on parse_macro_definition because debugedit corrupts the .debug_macro section (Sergio Durigan Junior, RH BZ 1708192). MODERATE Copyright 2020 Oracle, Inc. CVE-2019-1010180 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.0.28-10] - fix CVE-2018-19661 and CVE-2018-19662 - buffer over-read in the function i2alaw_array in alaw (#1673085) [1.0.28-9] - fix CVE-2018-13139 - stack-based buffer overflow in sndfile-deinterleave utility (#1598482) MODERATE Copyright 2020 Oracle, Inc. CVE-2018-13139 CVE-2018-19662 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-16943 CVE-2019-17531 CVE-2019-16942 CVE-2019-16335 CVE-2019-14540 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-1726 CVE-2019-19921 CVE-2020-1702 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [0.13.68-8] - Fix CVE-2018-17828 in the 'single z' binaries - Resolves: #1772447 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-17828 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [6.3.6-1] - add weak depenency on grafana-pcp - add patch to mute shellcheck SC1090 for grafana-cli - update to 6.3.6 upstream community sources, see CHANGELOG [6.3.5-1] - drop uaparser patch now its upstream - add xerrors patch, see https://github.com/golang/go/issues/32246 - use vendor sources on rawhide until modules are fully supported - update to latest upstream community sources, see CHANGELOG [6.3.4-1] - include fix for CVE-2019-15043 - add patch for uaparser on 32bit systems - update to latest upstream community sources, see CHANGELOG [6.2.5-1] - update to latest upstream community sources, see CHANGELOG MODERATE Copyright 2020 Oracle, Inc. CVE-2019-15043 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [0.14.0-11] - Resolves: rhbz#1731053 - CVE-2019-13038 mod_auth_mellon: an Open Redirect via the login?ReturnTo= substring which could facilitate information theft [rhel-8] [0.14.0-10] - Resolves: rhbz#1761774 - mod_auth_mellon fix for AJAX header name X-Requested-With MODERATE Copyright 2020 Oracle, Inc. CVE-2019-13038 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 python-qt5 [5.13.1-1] - 5.13.1 Resolves: bz#1775603 qgnomeplatform [0.4-3] - Rebuild (qt5) Resolves: bz#1774418 qt5 [5.12.5-3] - Re-add srpm macros, just leave them empty Resolves: bz#1733133 [5.12.5-2] - Drop srpm macros as we dont ship qtwebengine Resolves: bz#1733133 [5.12.5-1] - 5.12.5 + sync with Fedora Resolves: bz#1733133 qt5-qt3d [5.12.5-2] - Fix multilib issue Resolves: bz#1765637 [5.12.5-1] - 5.12.5 Resolves: bz#1733159 qt5-qtbase [5.12-5-4] - Fix build on RHEL 7 kernel Resolves: bz#1733135 [5.12-5-2] - Remove Android specific test to avoid unnecessary dependencies Resolves: bz#1733135 [5.12-5-1] - 5.12.5 + sync with Fedora Resolves: bz#1733135 qt5-qtcanvas3d [5.12.5-1] - 5.12.5 Resolves: bz#1733136 qt5-qtconnectivity [5.12.5-1] - 5.12.5 Resolves: bz#1733137 qt5-qtdeclarative [5.12-5-1] - 5.12.5 Resolves: bz#1733139 qt5-qtdoc [5.12.5-1] - 5.12.5 Resolves: bz#1733140 qt5-qtgraphicaleffects [5.12.5-1] - 5.12.5 Resolves: bz#1733141 qt5-qtimageformats [5.12.5-1] - 5.12.5 Resolves: bz#1733142 qt5-qtlocation [5.12.5-1] - 5.12.5 Resolves: bz#1733143 qt5-qtmultimedia [5.12.5-1] - 5.12.5 Resolves: bz#1733144 qt5-qtquickcontrols2 [5.12.5-1] - 5.12.5 Resolves: bz#1733146 qt5-qtquickcontrols [5.12.5-1] - 5.12.5 Resolves: bz#1733145 qt5-qtscript [5.12.5-1] - 5.12.5 Resolves: bz#1733147 qt5-qtsensors [5.12.5-1] - 5.12.5 Resolves: bz#1733148 qt5-qtserialbus [5.12.5-1] - 5.12.5 Resolves: bz#1733149 qt5-qtserialport [5.12.5-1] - 5.12.5 Resolves: bz#1733150 qt5-qtsvg [5.12.5-1] - 5.12.5 Resolves: bz#1733151 qt5-qttools [5.12.5-1] - 5.12.5 Resolves: bz#1733152 qt5-qttranslations [5.12.5-1] - 5.12.5 Resolves: bz#1733153 qt5-qtwayland [5.12.5-1] - 5.12.5 Resolves: bz#1733154 qt5-qtwebchannel [5.12.5-1] - 5.12.5 Resolves: bz#1733155 qt5-qtwebsockets [5.12.5-1] - 5.12.5 Resolves: bz#1733156 qt5-qtx11extras [5.12.5-1] - 5.12.5 Resolves: bz#1733158 qt5-qtxmlpatterns [5.12.5-1] - 5.12.5 Resolves: bz#1733157 sip [4.19.19-1] - 4.19.19 Resolves: bz#1775604 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-19871 CVE-2018-19872 CVE-2018-19869 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:2:baseos_base cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-13456 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [0.7-0.2.alpha.4] - Fix for CVE-2019-1010305 - Remove 'fix' for CVE-2018-14680 as this fix is included in base tar ball. resolves: rhbz#1736745, rhbz#1736743 [0.7-0.2.alpha.3] - Add gating tests resolves: rhbz#1682770 LOW Copyright 2020 Oracle, Inc. CVE-2019-1010305 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 [4.0.9-17] - Add upstream test suite and enable it in gating [4.0.9-16] - Fix CVE-2019-14973 (#1755705) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-14973 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [8.1911.0-3] RHEL 8.2.0 ERRATUM - added patch reverting rejecting expired certs by default resolves: rhbz#1782353 - added patch silencing false errors on config.enabled statement resolves: rhbz#1659383 [8.1911.0-2] RHEL 8.2.0 ERRATUM - cleaned old patches, fixed patch names resolves: rhbz#1740683 [8.1911.0-1] RHEL 8.2.0 ERRATUM - rebased to 8.1911.0 upstream version, removed, previously upstreamed patches resolves: rhbz#1740683 resolves: rhbz#1659383 resolves: rhbz#1746876 resolves: rhbz#1676559 resolves: rhbz#1692072 resolves: rhbz#1692073 resolves: rhbz#1692074 resolves: rhbz#1699242 resolves: rhbz#1738213 resolves: rhbz#1744691 resolves: rhbz#1755218 resolves: rhbz#1768321 resolves: rhbz#1768324 - added patch fixing imfile stefiles naming resolves: rhbz#1763757 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-17041 CVE-2019-17042 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.6.2-21] - A further Coverity fix (#1602585) [2.6.2-20] - Fix buffer overruns found by Coverity (#1602585) [2.6.2-19] - Fix two issues found by Coverity (#1602585) [2.6.2-18] - Apply patch for CVE-2018-12085 (#1589942) [2.6.2-17] - Fix CVE-2018-11577 (#1585906) - Fix CVE-2018-11684 (#1588632) - Fix CVE-2018-11685 (#1588637) - Fix CVE-2018-12085 (#1589942) MODERATE Copyright 2020 Oracle, Inc. CVE-2018-11685 CVE-2018-11684 CVE-2018-11577 CVE-2018-12085 cpe:/a:oracle:linux:8::distro_builder cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [20190829git37eef91017ad-9.el8] - edk2-OvmfPkg-QemuVideoDxe-unbreak-secondary-vga-and-bochs.patch [bz#1806359] - Resolves: bz#1806359 (bochs-display cannot show graphic wihout driver attach) [20190829git37eef91017ad-8.el8] - edk2-MdeModulePkg-Enable-Disable-S3BootScript-dynamically.patch [bz#1801274] - edk2-MdeModulePkg-PiDxeS3BootScriptLib-Fix-potential-nume.patch [bz#1801274] - Resolves: bz#1801274 (CVE-2019-14563 edk2: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib [rhel-8]) [20190829git37eef91017ad-7.el8] - edk2-SecurityPkg-Fix-spelling-errors-PARTIAL-PICK.patch [bz#1751993] - edk2-SecurityPkg-DxeImageVerificationHandler-simplify-Ver.patch [bz#1751993] - edk2-SecurityPkg-DxeImageVerificationHandler-remove-else-.patch [bz#1751993] - edk2-SecurityPkg-DxeImageVerificationHandler-keep-PE-COFF.patch [bz#1751993] - edk2-SecurityPkg-DxeImageVerificationHandler-narrow-down-.patch [bz#1751993] - edk2-SecurityPkg-DxeImageVerificationHandler-fix-retval-o.patch [bz#1751993] - edk2-SecurityPkg-DxeImageVerificationHandler-remove-super.patch [bz#1751993] - edk2-SecurityPkg-DxeImageVerificationHandler-unnest-AddIm.patch [bz#1751993] - edk2-SecurityPkg-DxeImageVerificationHandler-eliminate-St.patch [bz#1751993] - edk2-SecurityPkg-DxeImageVerificationHandler-fix-retval-f.patch [bz#1751993] - edk2-SecurityPkg-DxeImageVerificationHandler-fix-imgexec-.patch [bz#1751993] - edk2-SecurityPkg-DxeImageVerificationHandler-fix-defer-vs.patch [bz#1751993] - Resolves: bz#1751993 (DxeImageVerificationLib handles 'DENY execute on security violation' like 'DEFER execute on security violation' [rhel8]) [20190829git37eef91017ad-6.el8] - edk2-UefiCpuPkg-PiSmmCpuDxeSmm-fix-2M-4K-page-splitting-r.patch [bz#1789335] - Resolves: bz#1789335 (VM with edk2 cant boot when setting memory with '-m 2001') [20190829git37eef91017ad-5.el8] - edk2-MdeModulePkg-UefiBootManagerLib-log-reserved-mem-all.patch [bz#1789797] - edk2-NetworkPkg-HttpDxe-fix-32-bit-truncation-in-HTTPS-do.patch [bz#1789797] - Resolves: bz#1789797 (Backport upstream patch series: 'UefiBootManagerLib, HttpDxe: tweaks for large HTTP(S) downloads' to improve HTTP(S) Boot experience with large (4GiB+) files) [20190829git37eef91017ad-4.el8] - edk2-redhat-set-guest-RAM-size-to-768M-for-SB-varstore-te.patch [bz#1778301] - edk2-redhat-re-enable-Secure-Boot-varstore-template-verif.patch [bz#1778301] - Resolves: bz#1778301 (re-enable Secure Boot (varstore template) verification in %check) [20190829git37eef91017ad-3.el8] - Update used openssl version [bz#1616029] - Resolves: bz#1616029 (rebuild edk2 against the final RHEL-8.2.0 version of OpenSSL-1.1.1) [20190829git37eef91017ad-2.el8] - edk2-MdePkg-Include-Protocol-Tls.h-Add-the-data-type-of-E.patch [bz#1536624] - edk2-CryptoPkg-TlsLib-Add-the-new-API-TlsSetVerifyHost-CV.patch [bz#1536624] - edk2-CryptoPkg-Crt-turn-strchr-into-a-function-CVE-2019-1.patch [bz#1536624] - edk2-CryptoPkg-Crt-satisfy-inet_pton.c-dependencies-CVE-2.patch [bz#1536624] - edk2-CryptoPkg-Crt-import-inet_pton.c-CVE-2019-14553.patch [bz#1536624] - edk2-CryptoPkg-TlsLib-TlsSetVerifyHost-parse-IP-address-l.patch [bz#1536624] - edk2-NetworkPkg-TlsDxe-Add-the-support-of-host-validation.patch [bz#1536624] - edk2-NetworkPkg-HttpDxe-Set-the-HostName-for-the-verifica.patch [bz#1536624] - edk2-redhat-enable-HTTPS-Boot.patch [bz#1536624] - Resolves: bz#1536624 (HTTPS enablement in OVMF) [20190829git37eef91017ad-1.el8] - Rebase to edk2-stable201908 [bz#1748180] - Resolves: bz#1748180 ((edk2-rebase-rhel-8.2) - rebase edk2 to upstream tag edk2-stable201908 for RHEL-8.2) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-14563 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.79-11] - Support multiple static leases for single mac on IPv6 (#1779187) [2.79-10] - Fix memory leak in helper.c (#1795370) [2.79-9] - Fix replies to non-recursive queries (#1700916) [2.79-8] - Fix dhcp_lease_time (#1746411) [2.79-7] - Fix TCP queries after interface recreation (#1728698) LOW Copyright 2020 Oracle, Inc. CVE-2019-14834 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.7.3-10] - Secure ipsec mode (#1772061) - CVE-2019-18934 [1.7.3-9] - Use pthread_mutex_t locks when dealing with I/O operations (#1775708) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-18934 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.8.23-3] - Fix hapack zero byte input causing overwrite (CVE-2020-11100, #1819519) [1.8.23-2] - Consider exist status 143 as success (#1778844) [1.8.23-1] - Update to 1.8.23 (#1774745) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-18277 CVE-2019-19330 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [19.11-4] - Remove MLX{4,5} glue libraries since RHEL 8 ships the correct libibverbs library. (#1805140) [19.11-3] - Remove /usr/share/dpdk/mk/exec-env/{bsd,linux}app symlinks (#1773889) [19.11-2] - Add pretrans to handle /usr/share/dpdk/mk/exec-env/{bsd,linux}app (#1773889) [19.11-1] - Rebase to 19.11 (#1773889) - Remove dpdk-pdump (#1779229) [18.11.2-4] - Pass the correct LDFLAGS to host apps (dpdk-pmdinfogen) too (#1755538) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-14818 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [3.6.8-23.0.1.el8] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-23] - Modify the test suite to better handle disabled SSL/TLS versions and FIPS mode - Use OpenSSLs DRBG and disable os.getrandom() function in FIPS mode Resolves: rhbz#1754028, rhbz#1754027, rhbz#1754026, rhbz#1774471 [3.6.8-22] - Changed Requires into Recommends for python3-pip to allow a lower RHEL8 footprint for containers and other minimal environments Resolves: rhbz#1756217 [3.6.8-21] - Patch 329 (FIPS) modified: Added workaround for mod_ssl: Skip error checking in _Py_hashlib_fips_error Resolves: rhbz#1760106 [3.6.8-20] - Security fix for CVE-2019-16056 Resolves: rhbz#1750776 [3.6.8-19] - Skip windows specific test_get_exe_bytes test case and enable test_distutils Resolves: rhbz#1754040 [3.6.8-18] - Reduce the number of tests running during the profile guided optimizations build - Enable profile guided optimizations for all the supported architectures Resolves: rhbz#1749576 [3.6.8-17] - Security fix for CVE-2018-20852 Resolves: rhbz#1741553 [3.6.8-16] - Properly pass the -Og optimization flag to the debug build Resolves: rhbz#1712977 and rhbz#1714733 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-20852 CVE-2019-16056 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:2:baseos_base Oracle Linux 8 [1:2.2.6-33] - fix more memory leaks found by coverity in 1775668 [1:2.2.6-32] - fix covscan issues raised by 1775668 [1:2.2.6-31] - 1775668 - cupsd eats a lot of memory when lots of queue with extensive PPDs are created [1:2.2.6-30] - 1774462 - CVE-2019-8675 - buffer overflow in SNMP and IPP, memory disclosure and DoS in scheduler - 1774463 - CVE-2019-8696 [1:2.2.6-29] - 1700663 - Stop advertising the HTTP methods that are supported LOW Copyright 2020 Oracle, Inc. CVE-2019-8696 CVE-2019-8675 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:2:baseos_base Oracle Linux 8 accountsservice [0.6.50-8] - Dont set HasNoUsers=true if realmd has providers Related: #1750516 appstream-data [8-20191129] - Regenerate the RHEL metadata to include the latest evince changes - Resolves: #1768461 clutter [1.26.2-8] - rebuild to get the new in 8.2.0 - plus address #1785233 evince [3.28.4-4] - Remove metainfo for plugins since they are not real addons - Resolves: #1760363 gdm [3.28.3-29] - Make GNOME work slightly better in the multiple logins case. Related: #1710882 [3.28.3-28] - Correct wayland session detection logic when deciding whether or not to run Xsession script Resolves: #1728330 [3.28.3-27] - Dont run initial-setup for machines enrolled in IPA setup. Resolves: #1750516 [3.28.3-26] - Forward port RHEL 7 patch to allow multiple logins for the same user with XDMCP connections. Resolves: #1710882 [3.28.3-25] - Reenable wayland on hybrid setups (except virt pass through) Resolves: #1749960 - Reenable wayland on qxl Resolves: #1744452 [3.28.3-24] - Reenable wayland on cirrus Resolves: #1744527 [3.28.3-23] - Correct timedlogin based screenlock bypass Resolves: #1672829 gjs [1.56.2-4] - Rebuild for mozjs60 s390x fixes - Related: #1803824 gnome-boxes [3.28.5-8] - Present undetected OSes - Related: #1793413 gnome-control-center [3.28.2-19] - Backport tool serial/ID detection fixes - Resolves: #1782517 [3.28.2-18] - Pick 'Generic Pen' correctly on unknown tool IDs - Resolves: #1782517 [3.28.2-17] - Restore remote desktop password on wayland - Resolves: #1763207 [3.28.2-16] - Add patch to support more than 5 enroll steps - Resolves: #1789474 [3.28.2-15] - Fix another crash changing panel with Ethernet dialog opened - Resolves: #1692299 [3.28.2-14] - Restore placeholder label after removing last VPN connection - Resolves: #1782425 [3.28.2-13] - Make IPv4/v6 configuration pages scroll to focus - Resolves: #1671709 [3.28.2-12] - Fix spacing in 'new VPN' dialog - Resolves: #1656988 [3.28.2-11] - Fix crash when changing panel with Ethernet dialog opened - Resolves: #1692299 [3.28.2-10] - Fix Wacom tablet removal on wayland session - Resolves: #1658001 [3.28.2-9] - Fix possible crash when closing the wifi panel - Resolves: #1778668 [3.28.2-8] - Need rebuild in correct build target - Resolves: #1749372 [3.28.2-7] - Fix warning when disabling sharing - Resolves: #1749372 [3.28.2-6] - Add subscription manager integration - Resolves: #1720251 gnome-menus [3.13.3-11] - swallow up redhat-menus Resolves: #1715890 gnome-online-accounts [3.28.2-1] - Update to 3.28.2 Resolves: #1674535 gnome-remote-desktop [0.1.6-8] - Update patch to handle older libvncserver at build time Resolves: #1684729 [0.1.6-7] - Handle auth settings changes Resolves: #1684729 [0.1.6-6] - Fix initial black content issue Resolves: #1765448 gnome-session [3.28.1-8] - rebuild and version bump to avoid future conflict with z-stream version Resolves: #1745147 gnome-shell [3.32.2-14] - Do not set Wacom LEDs through gnome-settings-daemon, rely on kernel driver Resolves: #1687979 [3.32.2-13] - Update pad OSD on mode switching Resolves: #1716774 [3.32.2-12] - Fix window dragging with tablets in the overview Resolves: #1716767 - Fix high-contrast/symbolic race Resolves: #1730612 - Make perf-tool usable on wayland Resolves: #1652178 [3.32.2-11] - Warn when logging in as root Resolves: #1746327 [3.32.2-10] - Fix leaks in app picker Related: #1719819 gnome-software [3.30.6-3] - Fix issues with installing Cockpit - Resolves: #1759913 gnome-terminal [3.28.3-1] - Update to 3.28.3 - Resolves: #1642427 gnome-tweaks [3.28.1-7] - extensions: Incorrectly shows enabled extensions as disabled after enable-all - Resolves: #1804123 gsettings-desktop-schemas [3.32-0-4] - Backport setting for overlay scrolling Resolves: #1723464 gtk3 [3.22.30-5] - Add setting for turning off overlay scrollbars (rhbz#1736742) LibRaw [0.19.5-1] - 0.19.5 Resolves: #1671744 libvncserver [0.9.11-14] - Fix CVE-2019-15690 (an integer overflow in HandleCursorShape() in a client) (bug #1814343) [0.9.11-13] - Manually apply new patch Resolves: #1684729 [0.9.11-12] - Add API needed by gnome-remote-desktop to handle settings changes Resolves: #1684729 [0.9.11-11] - Enable gating through gnome-remote-desktop for now Resolves: #1765448 [0.9.11-10] - Update TLS security type enablement patches Resolves: #1765448 libxslt [1.1.32-4.0.1] - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball [1.1.32-4] - Fix multilib issues with devel subpackage (#1765632) mozjs52 [52.9.0-2.0.1.el8] - Use bugzilla.oracle.com as bug reporting URL. [52.9.0-2] - Rebuild for CET notes - Resolves: #1657318 mozjs60 [.9.0-4.0.1.el8] - Remove upstream reference [Orabug: 30212498] [60.9.0-4] - Update enddianness.patch with more s390x fixes - Enable tests on s390x again - Resolves: #1803824 [60.9.0-3] - Fix multilib conflicts in js-config.h [60.9.0-2] - Backport patches for s390x support - Resolves: #1746889 [60.9.0-1] - Update to 60.9.0 [60.7.0-2] - Enable gating [60.7.0-1] - Update to 60.7.0 [60.6.1-2] - Backport two Firefox 61 patches and allow compiler optimizations on aarch64 [60.6.1-1] - Update to 60.6.1 [60.4.0-5] - Re-enable null pointer gcc optimization [60.4.0-4] - Rebuild for readline 8.0 [60.4.0-3] - Build aarch64 with -O0 because of rhbz#1676292 [60.4.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild [60.4.0-1] - Update to 60.4.0 mutter [3.32.2-34] - gnome-shell core dump after connection to docking station Resolves: #1809079 [3.32.2-33] - Respect xrandr --panning Resolves: #1690170 [3.32.2-32] - Revert stored-config behavior for VMs Resolves: #1365717 [3.32.2-31] - Fixup detection of multiple mode switch buttons Resolves: #1687979 [3.32.2-30] - Avoid toggling wacom touchpads on tap-to-click/drag setting updates Resolves: #1716754 [3.32.2-29] - Fixup Wacom pad OSD so it appears on the right monitor Resolves: #1777556 [3.32.2-28] - Fixup automatic enabling of wacom touchpad tapping Resolves: #1716754 [3.32.2-27] - Fixup handling of multiple mode switch buttons in pads Resolves: #1687979 [3.32.2-26] - Let pad OSD update on mode switching Resolves: #1716774 [3.32.2-25] - Fix Wacom OSDs so they appear on the right monitor Resolves: #1777556 [3.32.2-24] - Handle multiple mode switch buttons in Cintiq 27QHD Resolves: #1687979 [3.32.2-23] - Enable tapping features by default on standalone Wacom tablets Resolves: #1716754 [3.32.2-22] - Fix detection of Wacom tablet features on X11 Resolves: #1759619 [3.32.2-21] - Fix mode switch pad buttons without LEDs Resolves: #1666070 [3.32.2-20] - Need rebuild in correct build target Resolves: #1730891 [3.32.2-19] - Fix pop ups with stylus input Resolves: #1730891 [3.32.2-18] - Revert memory leak fix Resolves: #1777911 [3.32.2-17] - Fix some memory leaks Resolves: #1719819 [3.32.2-16] - Fix build due to egl.pc provider change Related: #1776530 [3.32.2-15] - Handle lack of RANDR Resolves: #1776530 [3.32.2-14] - Backports shadow FB improvements on llvmpipe Resolves: #1737553 [3.32.2-13] - Fix invalid read in idle monitor Resolves: #1766695 nautilus [3.28.1-12] - Do not lose filename results due to stop words (rhbz#1646352) [3.28.1-11] - Fix criticals when moving file to trash (rhbz#1721133) - Fix criticals when closing properties window (rhbz#1721124) vala [0.40.19-1] - Update to 0.40.19 - Resolves: #1753520 [0.40.18-1] - Update to 0.40.18 - Resolves: #1753520 [0.40.17-1] - Update to 0.40.17 - Resolves: #1753520 vinagre [3.22.0-21] - Allow the launch of multiple application instances - Related: #1788531 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-12448 CVE-2019-12449 CVE-2019-12447 CVE-2018-20337 CVE-2019-3825 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/o:oracle:linux:8:6:baseos_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:2:baseos_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder_developer cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:linux:8:9:appstream_base cpe:/o:oracle:linux:8:5:baseos_base cpe:/a:oracle:linux:8::appstream_developer cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/o:oracle:linux:8:8:baseos_base cpe:/o:oracle:linux:8:3:baseos_base cpe:/o:oracle:linux:8:4:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/o:oracle:linux:8:7:baseos_base cpe:/o:oracle:linux:8::baseos_developer cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [4.18.0-193.el8.OL8] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] [4.18.0-193.el8] - [kvm] KVM: PPC: Book3S HV: Use __gfn_to_pfn_memslot in HPT page fault handler (Sam Bobroff) [1815491] - [net] tcp: also NULL skb->dev when copy was needed (Florian Westphal) [1775961 ] - [net] tcp: ensure skb->dev is NULL before leaving TCP stack (Florian Westphal) [1775961] [4.18.0-192.el8] - [drm] drm/bochs: downgrade pci_request_region failure from error to warning (D ave Airlie) [1804735] - [drm] drm/bochs: deinit bugfix (Dave Airlie) [1804735] - [fs] gfs2: fix O_EXCL|O_CREAT handling on cold dcache (Andrew Price) [1811787] - [net] esp: remove the skb from the chain when its enqueued in cryptd_wq (Xin Long) [1807909] - [powerpc] powerpc/nvdimm: set target_node properly (Diego Domingos) [1815038] [4.18.0-191.el8] - [netdrv] net/mlx5e: Dont clear the whole vf config when switching modes (moha mad meib) [1814350] - [fs] fuse: fix stack use after return (Miklos Szeredi) [1814666] [4.18.0-190.el8] - [powerpc] powerpc/pseries: Avoid NULL pointer dereference when drmem is unavai lable (David Hildenbrand) [1812874] - [x86] kvm/svm: PKU not currently supported (Wei Huang) [1789159] - [x86] Remove the unsupported check for Cooper Lake (David Arcari) [1813921] [4.18.0-189.el8] - [netdrv] net/mlx5e: Show/set Rx network flow classification rules on ul rep (A laa Hleihel) [1795156 1794280] - [netdrv] net/mlx5e: Init ethtool steering for representors (Alaa Hleihel) [179 5156 1794280] - [netdrv] net/mlx5e: Show/set Rx flow indir table and RSS hash key on ul rep (A laa Hleihel) [1795156 1794280] - [netdrv] net/mlx5e: Introduce root ft concept for representors netdevs (Alaa H leihel) [1795156 1794280] - [netdrv] net/mlx5: E-Switch, Use vport metadata matching only when mandatory ( Alaa Hleihel) [1795156] - [nvme] nvme: log additional message for controller status (David Milburn) [175 2952] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15221 CVE-2019-17055 CVE-2019-15099 CVE-2020-1749 CVE-2019-8980 CVE-2019-15090 CVE-2019-19768 CVE-2018-16871 CVE-2019-10639 CVE-2019-17053 CVE-2019-18805 CVE-2019-19534 CVE-2019-19057 CVE-2019-19073 CVE-2019-19074 CVE-2019-19922 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::codeready_builder cpe:/o:oracle:linux:8:2:baseos_base Oracle Linux 8 [6.0-43] - Update the man page with the new exit code introduced in 6.0-42 - Related: CVE-2019-13232 [6.0-42] - Fix CVE-2019-13232 - Resolves: CVE-2019-13232 LOW Copyright 2020 Oracle, Inc. CVE-2019-13232 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:2:baseos_base cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [7.61.1-12] - double free due to subsequent call of realloc() (CVE-2019-5481) - fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) - fix TFTP receive buffer overflow (CVE-2019-5436) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-5436 CVE-2019-5482 CVE-2019-5481 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:2:baseos_base Oracle Linux 8 [239-29.0.1.el8] - fix to enable systemd-pstore.service [Orabug: 30951066] - journal: change support URL shown in the catalog entries [Orabug: 30853009] - fix to generate systemd-pstore.service file [Orabug: 30230056] - fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam@oracle.com) [Orabug: 25897792] - set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874] - allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] - add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475] - Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056] [239-29] - cryptsetup: Treat key file errors as a failed password attempt (#1763155) [239-28] - pid1: fix DefaultTasksMax initialization (#1809037) - cgroup: make sure that cpuset is supported on cgroup v2 and disabled with v1 (#1808940) - test: introduce TEST-36-NUMAPOLICY (#1808940) - test: replace tail -f with journal cursor which should be more reliable (#1808940) - test: support MPOL_LOCAL matching in unpatched strace versions (#1808940) - test: make sure the strace process is indeed dead (#1808940) - test: skip the test on systems without NUMA support (#1808940) - test: give strace some time to initialize (#1808940) - test: add a simple sanity check for systems without NUMA support (#1808940) - test: drop the missed || exit 1 expression (#1808940) - test: replace cursor file with a plain cursor (#1808940) [239-27] - cgroup: introduce support for cgroup v2 CPUSET controller (#1724617) [239-26] - seccomp: introduce seccomp_restrict_suid_sgid() for blocking chmod() for suid/sgid files (#1687512) - test: add test case for restrict_suid_sgid() (#1687512) - core: expose SUID/SGID restriction as new unit setting RestrictSUIDSGID= (#1687512) - analyze: check for RestrictSUIDSGID= in 'systemd-analyze security' (#1687512) - man: document the new RestrictSUIDSGID= setting (#1687512) - units: turn on RestrictSUIDSGID= in most of our long-running daemons (#1687512) - core: imply NNP and SUID/SGID restriction for DynamicUser=yes service (#1687512) [239-25] - sd-bus: use 'queue' message references for managing r/w message queues in connection objects (CVE-2020-1712) - pid1: make sure to restore correct default values for some rlimits (#1789930) - main: introduce a define HIGH_RLIMIT_MEMLOCK similar to HIGH_RLIMIT_NOFILE (#1789930) [239-24] - rules: reintroduce 60-alias-kmsg.rules (#1739353) - sd-bus: make rqueue/wqueue sizes of type size_t (CVE-2020-1712) - sd-bus: reorder bus ref and bus message ref handling (CVE-2020-1712) - sd-bus: make sure dispatch_rqueue() initializes return parameter on all types of success (CVE-2020-1712) - sd-bus: drop two inappropriate empty lines (CVE-2020-1712) - sd-bus: initialize mutex after we allocated the wqueue (CVE-2020-1712) - sd-bus: always go through sd_bus_unref() to free messages (CVE-2020-1712) - bus-message: introduce two kinds of references to bus messages (CVE-2020-1712) - sd-bus: introduce API for re-enqueuing incoming messages (CVE-2020-1712) - sd-event: add sd_event_source_disable_unref() helper (CVE-2020-1712) - polkit: when authorizing via PK lets re-resolve callback/userdata instead of caching it (CVE-2020-1712) - sysctl: lets by default increase the numeric PID range from 2^16 to 2^22 (#1744214) - journal: do not trigger assertion when journal_file_close() get NULL (#1788085) - journal: use cleanup attribute at one more place (#1788085) [239-23] - catalog: fix name of variable (#1677768) - cryptsetup: add keyfile-timeout to allow a keydev timeout and allow to fallback to a password if it fails. (#1763155) - cryptsetup: add documentation for keyfile-timeout (#1763155) - cryptsetup: use unabbrieviated variable names (#1763155) - cryptsetup: dont assert on variable which is optional (#1763155) - cryptsetup-generator: guess whether the keyfile argument is two items or one (#1763155) - crypt-util: Translate libcryptsetup log level instead of using log_debug() (#1776408) - cryptsetup: add some commenting about EAGAIN generation (#1776408) - cryptsetup: downgrade a log message we ignore (#1776408) - cryptsetup: rework how we log about activation failures (#1776408) [239-22] - spec: dont ship /var/log/README - spec: provide systemd-rpm-macros [239-21] - test-cpu-set-util: fix comparison for allocation size (#1734787) - test-cpu-set-util: fix allocation size check on i386 (#1734787) [239-20] - journal: rely on _cleanup_free_ to free a temporary string used in client_context_read_cgroup (#1764560) - basic/user-util: allow dots in user names (#1717603) - sd-bus: bump message queue size again (#1770189) - tests: put fuzz_journald_processing_function in a .c file (#1764560) - tests: add a fuzzer for dev_kmsg_record (#1764560) - basic: remove an assertion from cunescape_one (#1764560) - journal: fix an off-by-one error in dev_kmsg_record (#1764560) - tests: add a reproducer for a memory leak fixed in 30eddcd51b8a472e05d3b8d1 in August (#1764560) - tests: add a reproducer for a heap-buffer-overflow fixed in 937b1171378bc1000a (#1764560) - test: initialize syslog_fd in fuzz-journald-kmsg too (#1764560) - tests: add a fuzzer for process_audit_string (#1764560) - journald: check whether sscanf has changed the value corresponding to %n (#1764560) - tests: introduce dummy_server_init and use it in all journald fuzzers (#1764560) - tests: add a fuzzer for journald streams (#1764560) - tests: add a fuzzer for server_process_native_file (#1764560) - fuzz-journal-stream: avoid assertion failure on samples which dont fit in pipe (#1764560) - journald: take leading spaces into account in syslog_parse_identifier (#1764560) - Add a warning about the difference in permissions between existing directories and unit settings. (#1778384) - execute: remove one redundant comparison check (#1778384) - core: change ownership/mode of the execution directories also for static users (#1778384) - core/dbus-execute: remove unnecessary initialization (#1734787) - shared/cpu-set-util: move the part to print cpu-set into a separate function (#1734787) - shared/cpu-set-util: remove now-unused CPU_SIZE_TO_NUM() (#1734787) - Rework cpu affinity parsing (#1734787) - Move cpus_in_affinity_mask() to cpu-set-util.[ch] (#1734787) - test-cpu-set-util: add simple test for cpus_in_affinity_mask() (#1734787) - test-cpu-set-util: add a smoke test for test_parse_cpu_set_extend() (#1734787) - pid1: parse CPUAffinity= in incremental fashion (#1734787) - pid1: dont reset setting from /proc/cmdline upon restart (#1734787) - pid1: when reloading configuration, forget old settings (#1734787) - test-execute: use CPUSet too (#1734787) - shared/cpu-set-util: drop now-unused cleanup function (#1734787) - shared/cpu-set-util: make transfer of cpu_set_t over bus endian safe (#1734787) - test-cpu-set-util: add test for dbus conversions (#1734787) - shared/cpu-set-util: introduce cpu_set_to_range() (#1734787) - systemctl: present CPUAffinity mask as a list of CPU index ranges (#1734787) - shared/cpu-set-util: only force range printing one time (#1734787) - execute: dump CPUAffinity as a range string instead of a list of CPUs (#1734787) - cpu-set-util: use %d-%d format in cpu_set_to_range_string() only for actual ranges (#1734787) - core: introduce NUMAPolicy and NUMAMask options (#1734787) - core: disable CPUAccounting by default (#1734787) - set kptr_restrict=1 (#1689346) - cryptsetup: reduce the chance that we will be OOM killed (#1696602) - core, job: fix breakage of ordering dependencies by systemctl reload command (#1766417) - debug-generator: enable custom systemd.debug_shell tty (#1723722) [239-19] - core: never propagate reload failure to service result (#1735787) - man: document systemd-analyze security (#1750343) - man: reorder and add examples to systemd-analyze(1) (#1750343) - travis: move to CentOS 8 docker images (#1761519) - travis: drop SCL remains (#1761519) - syslog: fix segfault in syslog_parse_priority() (#1761519) - sd-bus: make strict asan shut up (#1761519) - travis: dont run slow tests under ASan/UBSan (#1761519) - kernel-install: do not require non-empty kernel cmdline (#1701454) - ask-password: prevent buffer overrow when reading from keyring (#1752050) - core: try to reopen /dev/kmsg again right after mounting /dev (#1749212) - buildsys: dont garbage collect sections while linking (#1748258) - udev: introduce CONST key name (#1762679) - Call getgroups() to know size of supplementary groups array to allocate (#1743230256 KB - Consider smb3 as remote filesystem (#1757257) - process-util: introduce pid_is_my_child() helper (#1744972) - core: reduce the number of stalled PIDs from the watched processes list when possible (#1744972) - core: only watch processes when its really necessary (#1744972) - core: implement per unit journal rate limiting (#1719577) - path: stop watching path specs once we triggered the target unit (#1763161) - journald: fixed assertion failure when system journal rotation fails (#9893) (#1763619) - test: use PBKDF2 instead of Argon2 in cryptsetup... (#1761519) - test: mask several unnecessary services (#1761519) - test: bump the second partitions size to 50M (#1761519) - shared/sleep-config: exclude zram devices from hibernation candidates (#1763617) - selinux: dont log SELINUX_INFO and SELINUX_WARNING messages to audit (#1763612) - sd-device: introduce log_device_*() macros (#1753369) - udev: Add id program and rule for FIDO security tokens (#1753369) - shared/but-util: drop trusted annotation from bus_open_system_watch_bind_with_description() (#1746857) - sd-bus: adjust indentation of comments (#1746857) - resolved: do not run loop twice (#1746857) - resolved: allow access to Set*Link and Revert methods through polkit (#1746857) - resolved: query polkit only after parsing the data (#1746857) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-3844 CVE-2019-3843 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:2:baseos_base Oracle Linux 8 [2.30-73.0.1] - Forward-port of Oracle patches from 2.30-68.0.2. - Reviewed-by: Elena Zannoni <elena.zannoni@oracle.com> [2.30-68.0.2] - Backport the non-cycle-detecting-capable deduplicating CTF linker - Backport a fix for an upstream hashtab crash (no upstream bug number), triggered by the above. - Fix deduplication of ambiguously-named types in CTF. - CTF types without names are not ambiguously-named. - Stop the CTF_LINK_EMPTY_CU_MAPPINGS flag crashing. - Only emit ambiguous types as hidden if they are named and there is already a type with that name. - Make sure completely empty dicts get their header written out properly - Do not fail if adding anonymous struct/union members to structs/unions that already contain other anonymous members at a different offset - Correctly look up pointers to non-root-visible structures - Emit error messages in dumping into the dump stream - Do not abort early on dump-time errors - Elide likely duplicates (same name, same kind) within a single TU (cross- TU duplicate/ambiguous-type detection works as before). - Fix linking of the CTF variable section - Fix spurious conflicts of variables (also affects the nondeduplicating linker) - Defend against CUs without names - When linking only a single input file, set the output CTF CU name to the name of the input - Support cv-qualified bitfields - Fix off-by-one error in SHA-1 sizing [2.30-73] - Remove bogus assertion. (#1801879) [2.30-72] - Allow the BFD library to handle the copying of files containing secondary reloc sections. (#1801879) [2.30-68.0.1] - Ensure 8-byte alignment for AArch64 stubs. - Add CTF support to OL8: CTF machinery, including libctf.so and libctf-nonbfd.so. The linker does not yet deduplicate the CTF type section. - Backport of fix for upstream bug 23919, required by above - [Orabug: 30102938] [Orabug: 30102941] [2.30-71] - Fix a potential seg-fault in the BFD library when parsing pathalogical debug_info sections. (#1779245) - Fix a potential memory exhaustion in the BFD library when parsing corrupt DWARF debug information. [2.30-70] - Re-enable strip merging build notes. (#1777760) [2.30-69] - Fix linker testsuite failures triggered by annobin update. [2.30-68] - Backport H.J.Lus patch to add a workaround for the JCC Errata to the assembler. (#1777002) [2.30-67] - Fix a buffer overrun in the note merging code. (#1774507) [2.30-66] - Fix a seg-fault in gold when linking corrupt input files. (#1739254) [2.30-65] - NVR bump to allow rebuild with reverted version of glibc in the buildroot. [2.30-64] - Stop note merging with no effect from creating null filled note sections. [2.30-63] - Stop objcopy from generating a exit failure status when merging corrupt notes. [2.30-62] - Fix binutils testsuite failure introduced by -60 patch. (#1767711) [2.30-61] - Enable threading in the GOLD linker. (#1729225) - Add check to readelf in order to prevent an integer overflow. [2.30-60] - Add support for SVE Vector PCS on AArch64. (#1726637) - Add fixes for coverity test failures. - Improve objcopys ability to merge GNU build attribute notes. [2.30-59] - Stop the linker from merging groups with different settings of the SHF_EXCLUDE flag. (#1730906) LOW Copyright 2020 Oracle, Inc. CVE-2019-1010204 CVE-2019-17451 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:2:baseos_base Oracle Linux 8 [1.8.29-5] - RHEL 8.2 ERRATUM - CVE-2019-18634 Resolves: rhbz#1798093 [1.8.29-4] - RHEL 8.2 ERRATUM - CVE-2019-19232 Resolves: rhbz#1786987 Resolves: rhbz#1796518 [1.8.29-2] - RHEL 8.2 ERRATUM - rebase to 1.8.29 Resolves: rhbz#1733961 Resolves: rhbz#1651662 [1.8.28p1-1] - RHEL 8.2 ERRATUM - rebase to 1.8.28p1 Resolves: rhbz#1733961 - fixed man page for always_set_home Resolves: rhbz#1576880 - sudo does not work with notbefore/after Resolves: rhbz#1679508 - NOTBEFORE showing value of sudoNotAfter Ldap attribute Resolves: rhbz#1715516 - CVE-2019-14287 sudo - Privilege escalation via 'Runas' specification with 'ALL' keyword Resolves: rhbz#1760697 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-19232 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:2:baseos_base Oracle Linux 8 [3.26.0-6] - Fixed issues found by covscan [3.26.0-5] - Fixed CVE-2019-13752 (#1786529) - Fixed CVE-2019-13753 (#1786535) - Fixed CVE-2019-13734 (#1786509) - Fixed CVE-2019-19924 (#1789776) - Fixed CVE-2019-19923 (#1789812) - Fixed CVE-2019-19925 (#1789808) - Fixed CVE-2019-19959 (#1789823) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-19924 CVE-2019-19925 CVE-2019-8457 CVE-2019-13753 CVE-2019-13752 CVE-2019-19959 CVE-2019-19923 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:2:baseos_base Oracle Linux 8 [2.9.7-7.0.1] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.9.7-7] - Fix CVE-2018-14404 (#1595989) [2.9.7-6] - Fix CVE-2018-9251 (#1565322) MODERATE Copyright 2020 Oracle, Inc. CVE-2018-14404 CVE-2018-9251 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:2:baseos_base Oracle Linux 8 [2.28-101.0.1] - add Ampere emag to tunable cpu list (Patrick McGehearty) - add optimized memset for emag - add an ASIMD variant of strlen for falkor - Orabug: 2700101. - Modify glibc-ora28849085.patch so it works with RHCK kernels. - Orabug: 28849085. - Make _IO_funlockfile match __funlockfile and _IO_flockfile match __flockfile - Both should test - if (stream->_flags & _IO_USER_LOCK) == 0) - _IO_lock_lock (*stream->_lock); - OraBug: 28481550. Reviewed-by: Qing Zhao <qing.zhao@oracle.com> [2.28-101] - ld.so: Reset GL (dl_initfirst) pointer on dlopen failure (#1410154) [2.28-100] - Roll back dynamic linker state on dlopen failure (#1410154) [2.28-99] - s390x: Fix z15 strstr for patterns crossing pages (#1777241) [2.28-98] - Rebuild with new rpm (#1654901) [2.28-97] - Avoid invalid __has_include in <sys/stat.h> (#1775294) [2.28-96] - x86-64: Ignore LD_PREFER_MAP_32BIT_EXEC in SUID binaries (#1774021) [2.28-95] - Fix alignment of TLS variables for tls variant TLS_TCB_AT_TP (#1764214) [2.28-94] - Refuse to dlopen PIE objects (#1764223) [2.28-93] - Fix C.UTF-8 locale source ellipsis expressions (#1361965) [2.28-92] - Fix hangs during malloc tracing (#1764235) [2.28-91] - Support moving versioned symbols between sonames (#1764231) [2.28-90] - Avoid creating stale utmp entries for repeated pututxline (#1749439) [2.28-89] - Backport more precise tokenizer for installed headers test (#1769304) [2.28-88] - math: Enable some math builtins for clang in LLVM Toolset (#1764242) [2.28-87] - Support Fortran vectorized math functions with GCC Toolset 9 (#1764238) [2.28-86] - aarch64: Support STO_AARCH64_VARIANT_PCS, DT_AARCH64_VARIANT_PCS (#1726638) [2.28-85] - Add more test-in-container support (#1747502) [2.28-84] - Fix calling getpwent after endpwent (#1747502) [2.28-83] - nptl: Avoid fork handler lock for async-signal-safe fork (#1746928) [2.28-82] - Call _dl_open_check after relocation (#1682954) [2.28-81] - Add malloc fastbin tunable (#1764218) [2.28-80] - Fix race condition in tst-clone3 and add a new ldconfig test, tst-ldconfig-bad-aux-cache (#1764226) [2.28-79] - Remove unwanted whitespace from size lines and account for top chunk in malloc_info output (#1735747) [2.28-78] - Enhance malloc tcache (#1746933) [2.28-77] - Dont define initgroups in nsswitch.conf (#1747505) [2.28-76] - libio: Remove codecvt vtable. (#1764241) [2.28-75] - Implement --preload option for the dynamic linker.(#1747453) [2.28-74] - Make nsswitch.conf more distribution friendly. Improve nscd.conf comments. (#1747505) [2.28-73] - Update system call names list to Linux 5.3 (#1764234) LOW Copyright 2020 Oracle, Inc. CVE-2019-19126 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder cpe:/o:oracle:linux:8:2:baseos_base Oracle Linux 8 [1.1.1c-15] - add selftest of the RAND_DRBG implementation [1.1.1c-14] - fix incorrect error return value from FIPS_selftest_dsa - S390x: properly restore SIGILL signal handler [1.1.1c-12] - additional fix for the edk2 build [1.1.1c-9] - disallow use of SHA-1 signatures in TLS in FIPS mode [1.1.1c-8] - fix CVE-2019-1547 - side-channel weak encryption vulnerability - fix CVE-2019-1563 - padding oracle in CMS API - fix CVE-2019-1549 - ensure fork safety of the DRBG - fix handling of non-FIPS allowed EC curves in FIPS mode - fix TLS compliance issues [1.1.1c-7] - backported ARM performance fixes from master [1.1.1c-6] - backport of S390x ECC CPACF enhancements from master - FIPS mode: properly disable 1024 bit DSA key generation - FIPS mode: skip ED25519 and ED448 algorithms in openssl speed - FIPS mode: allow AES-CCM ciphersuites [1.1.1c-5] - make the code suitable for edk2 build [1.1.1c-4] - backport of SSKDF from master [1.1.1c-3] - backport of KBKDF and KRB5KDF from master MODERATE Copyright 2020 Oracle, Inc. CVE-2019-1563 CVE-2019-1549 CVE-2019-1547 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:2:baseos_base Oracle Linux 8 [32:9.11.13-3] - Fix rwlock to be thread-safe (#1740511) [32:9.11.13-2] - Release GeoIP data on reload (#1790879) [32:9.11.13-1] - Update to 9.11.13 [32:9.11.12-5] - Report failures on systemctl reload (#1739428) [32:9.11.12-4] - dhcp: Use monotonic time for detecting time jumps if available (#1729211) [32:9.11.12-3] - Backported serve-stale feature (#1664863) [32:9.11.12-2] - Add GeoLite2 support (#1564443) - Add GeoIP to bind-chroot (#1497646) - Fix wrong default GeoIP directory (#1768258) [32:9.11.12-1] - Update to 9.11.12 (#1557762) [32:9.11.11-1] - Update to 9.11.11 [32:9.11.10-1] - Update to 9.11.10 - Share pkcs11-utils and dnssec-utils manuals instead of recommend [32:9.11.7-1] - Update to 9.11.7 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-6477 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:2:baseos_base Oracle Linux 8 [2.7.6-11] - Related: #1733565, apply the patch correctly [2.7.6-10] - CVE-2019-13636 , Dont follow symlinks unless --follow-symlinks is given - Resolves: #1665928, patch has a huge error output and segfaults when the file to be patched does not exist MODERATE Copyright 2020 Oracle, Inc. CVE-2019-13636 cpe:/o:oracle:linux:8:2:baseos_base cpe:/o:oracle:linux:8:10:baseos_base cpe:/o:oracle:linux:8:8:baseos_base cpe:/o:oracle:linux:8:9:baseos_base cpe:/o:oracle:linux:8:3:baseos_base cpe:/o:oracle:linux:8:4:baseos_base cpe:/o:oracle:linux:8:5:baseos_base cpe:/o:oracle:linux:8:6:baseos_base cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:7:baseos_base cpe:/o:oracle:linux:8::baseos_developer Oracle Linux 8 [8.3.1-5.0.3] - Fix Orabug 29838827 - provide an option to adjust the maximum depth of nested #include This is the same bug as gcc upstream PR90581 from Gcc9: gcc9-pr90581.patch - Fix Orabug 29541051 - confusing error message when there is a problem with ASAN_OPTIONS 'ERROR: expected '='' This is the same bug as gcc upstream PR89832 from Gcc9: gcc9-pr89832.patch [8.3.1-5.0.2] - Update support for CTF - Fix Orabug 30833294 GCC generates incorrect CTF for single element arrays - Fix Orabug 30808764 CTF generation fails when __attribute__ ((mode (XX))) is used [8.3.1-5.0.1] - Forward-port Oracle patches from ol8-u1. - Apply ares/neoverse support patches only ifarch aarch64. (Qing Zhao <qing.zhao@oracle.com> 8.3.1-4.5.0.6) - Add 5 patches from gcc9 to support Arm Ares and Neoverse-N1 for Aarch64 gcc9-add-mtune-support-for-arm-ares.patch gcc9-add-vec-reverse.patch gcc9-multiple-changes-align.patch gcc9-initial-mcpu-ares-tuning.patch gcc9-add-support-for-neoverse-n1.patch (Indu Bhagat <indu.bhagat@oracle.com> 8.3.1-4.5.0.5) - Update support for CTF - Fix Orabug 30778534 gcc should generate CTF for functions at file-scope only - Fix Orabug 30779193 CTF generation fails for some flavors of vla - Fix Orabug 30784275 Fix issues wtih CTF generation for typedef constructs ctf-3-generation-and-emission-for-a-single-compilation.patch ctf-4-update-ctf-testsuite.patch (Indu Bhagat <indu.bhagat@oracle.com> 8.3.1-4.5.0.4) - Add support for CTF in GCC - Fix Orabug 30102948 gcc: Add CTF generation to compiler - Fix Orabug 30102949 gcc: Add CTF generation to compiler (aarch64) ctf-1-new-function-lang_GNU_GIMPLE.patch ctf-2-command-line-options-gtLEVEL.patch ctf-3-generation-and-emission-for-a-single-compilation.patch ctf-4-update-ctf-testsuite.patch ctf-5-handle-ctf-sections-when-lto-enabled.patch (Qing Zhao <qing.zhao@oracle.com> 8.3.1-4.5.0.3) - CVE-2018-12207 / Intel SKX102 OL8 gcc: Intel Mitigation for CVE: CVE-2018-12207 - Allow -flto -Wa,-mbranches-within-32B-boundaries to pass -mbranches-within-32B-boundaries to GNU assembler. Without -lfto, -Wa,-mbranches-within-32B-boundaries to pass -mbranches-within-32B-boundaries to GNU assembler using existing GCC binaries. - Mitigation patch: gcc8-Fix-Wa-with-flto.patch (Qing Zhao <qing.zhao@oracle.com> 8.3.1-4.5.0.2) - Fix Orabug 29968294 - Heap corruption with fprofile-dir=%p prevents profiling parallel processes, needed for RDBMS: Add patch to fix PR86057 from Gcc9: gcc9-pr86057.patch - Fix Orabug 30044244 - Profile directory concatenated with object file path This is the same bug as gcc upstream PR91971: gcc9-pr85759.patch gcc10-pr91971.patch (Indu Bhagat <indu.bhagat@oracle.com> 8.3.1-4.5.0.1) - Fix Orabug 29599147 - Need -fprofile-dir=%q{VAR} backported to gcc8 This is the similar GCC PR47618, add the fix from GCC9: gcc9-pr47618.patch - Fix Orabug 29272977 - DB SUPPORT: Need way to dump inlining report from GCC Add -fopt-info-inline support from GCC9: gcc9-opt-info-inline.patch - Fix Orabug 29273006 - DB SUPPORT: need way to turn off inlining of global functions Add -flive-patching support from GCC9: gcc9-fipa-reference-addressable.patch gcc9-fipa-stack-alignment.patch gcc9-add-fomit-frame-pointer-to-test.patch gcc9-extend-live-patching-option-handling.patch gcc9-ipa-stack-alignment-386-test.patch - Introduce 'oracle_release' into .spec file. Echo it to gcc/DEV-PHASE. - Backport 17 ampere patches from https://git.theobroma-systems.com/ampere-computing/gcc.git/log/?h=gcc-8_2_0-amp3-branch e18301133ea622f6d6796ded1d15466e70475cf8: Retpoline (Spectre-V2 mitigation) for aarch64. d735f3ae4712f66362326d179b4d7e9332c79677: Revert 2017-10-24 Richard Biener 271e2811e59c0c77fc022fa86a7030f20b4cac8e: Correct the maximum shift amount for shifted 0512749950d927de3dd695f2f2aacdfd30cf32fd: Add CPU support for Ampere Computings eMAG. c8b87078f9e0714cb9cab602e12a18ceb12df05a: eMAG/Xgene: Procedural cost-model for X-Gene 74610471b3577c5d465c3fd095a65b796b1e074c: Updating cost table for xgene1. ddba1553ac412be5596e6e2962c148032c4cf231: [AArch64] Add Xgene1 prefetch tunings. b7ebb0a10a8900324074070188a0936ed81b28a4: [AArch64] Fix in xgene1_addrcost_table 393dc5c50d55d069f91627bf0be5bab812978850: X-Gene: Adapt tuning struct for GCC 8. b9136d58824af2118c4969c3edb42cad3318b08f: tree-ssa-list-find-pipeline: Add pipelining loads for list finds. 095496dd8a9491a17a9caec173281ad02e559df5: uncse: Added pass to undo common subexpression elimination. a7c8dc238e3656e9d2f9256ee76f933c8d7956fb: loop-prefetcher: Adapt defaults for X-Gene cores. 256307f293f1750851576e14c8a42b696eced2da: tree-ssa-cpp: Dont crash on SSA names without definition stmts. 6e32f53be4f6733f6bfe267ad2337aecaf4047f6: Introduce new option -funroll-more. 1ac2485a2fced091a5cce6343fe6a6337f850e73: New option to bypass aliasing-checks. 66d7d833bece61e58998ad53a609cd32e3ee4fad: cfgloopmanip: Allow forced creation of loop preheaders. c4f89d50e200538b1ac8889801705300e0b27ef2: Add new pass to optimise loops. - Reviewed by: Elena Zannoni <elena.zannoni@oracle.com> [8.3.1-5] - update from Fedora gcc-8.3.1-5 (#1747157) - use unspec_volatile for darn (PR target/91481, #1760205, CVE-2019-15847) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-15847 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder cpe:/o:oracle:linux:8:2:baseos_base Oracle Linux 8 openchange [2.3-24.0.1] - Add patch to build against samba 4.11 [2.3-24] - Rebuild for newer samba and libldb samba [4.11.2-13] - resolves: #1802182 - Fix join using netbios name [4.11.2-12] - related: #1781232 - Improve debug output of smbclient - resolves: #1794461 - Do not return bogus inode numbers in cli_qpathinfo2()/cli_qpathinfo3() for SMB1 - resolves: #1794442 - Fix segfault in smbd_do_qfilepathinfo() [4.11.2-11] - resolves: #1778130 - Remove usage of DES encryption types in krb5 [4.11.2-10] - resolves: #1790353 - Fix access check in DsRGetForestTrustInformation - resolves: #1791209 - Fix CVE-2019-14907 [4.11.2-9] - resolves: #1785134 - Fix libwbclient manual alternative settings [4.11.2-8] - resolves: #1781232 - Fix smbclient debug message [4.11.2-7] - related: #1637861 - Fix trust creation if weak crypto is disallowed [4.11.2-6] - resolves: #1637861 - Use GnuTLS for crypto [4.11.2-4] - related: #1754409 - Add patch to avoid overlinking with libnsl and libsocket - related: #1754409 - Fix permissions for pidl - related: #1754409 - Fix logrotate script - related: #1754409 - Add missing README files [4.11.2-3] - related: #1754409 - Fix pidl packaging [4.11.2-1] - resolves: #1754409 - Rebase to Samba version 4.11.2 - resolves: #1776312 - Winbind is not restarted on upgrade - resolves: #1764469 - Fix CVE-2019-10218 - resolves: #1746241 - Fix CVE-2019-10197 - resolves: #1710980 - Add support for KCM ccache in pam_winbind MODERATE Copyright 2020 Oracle, Inc. CVE-2019-10197 CVE-2019-14907 CVE-2019-10218 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder cpe:/o:oracle:linux:8:2:baseos_base Oracle Linux 8 [2.56.4-8] - Backport patches for GDBus auth Resolves: #1777213 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-14822 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::codeready_builder cpe:/o:oracle:linux:8:2:baseos_base cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [5.50-3] + bluez-5.50-3 - Bump the version [5.50-2] + bluez-5.50-2 - Fixing CVE-2018-10910 (#1606373) LOW Copyright 2020 Oracle, Inc. CVE-2018-10910 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder cpe:/o:oracle:linux:8:2:baseos_base Oracle Linux 8 [1.45.4-3] - Fix clang warning introduced in previous release (#1783777) [1.45.4-2] - Fix ABI breakage introduced in previous release (#1783777) [1.45.4-1] - Rebase to the release 1.45.4 (#1783777) - provide rhel6/7 compatible fs_type in mke2fs.conf (#1780279) - fix crafted ext4 partition leads to out-of-bounds write (#1768709) - include note about supported rhel8 features and options (#1788573) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-5094 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:2:baseos_base Oracle Linux 8 [9.0.3-16] - Add four new patches for CVEs in bundled urllib3 and requests CVE-2018-20060, CVE-2019-11236, CVE-2019-11324, CVE-2018-18074 Resolves: rhbz#1649153 Resolves: rhbz#1700824 Resolves: rhbz#1702473 Resolves: rhbz#1643829 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-11324 CVE-2018-20060 CVE-2019-11236 CVE-2018-18074 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:2:baseos_base Oracle Linux 8 [20170731-14] - Resolves:rh#1790974 - CVE-2020-5395:out-of-bounds write in sfd.c MODERATE Copyright 2020 Oracle, Inc. CVE-2020-5395 cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 buildah [1.5-4.0.1.gite94b4f9] - Fixes troubles with oracle registry login [Orabug: 29937283] [1.5-4.gite94b4f9] - fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process' - Resolves: #1819431 container-selinux [2:2.124.0-1.gitf958d0c] - update to 2.124.0 - Resolves: #1816541 [2:2.94-2.git1e99f1d] - rebuild because of CVE-2019-9512 and CVE-2019-9514 - Resolves: #1766316, #1766215 slirp4netns [0.1-5.dev.gitc4e1bc5] - backport fix for CVE-2020-7039 - Resolves: #1791578 [0.1-4.dev.gitc4e1bc5] - actually add CVE-2019-14378 patch to dist-git - Related: RHELPLAN-25139 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10696 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 buildah [1.11.6-7.0.1] - Fixes troubles with oracle registry login [Orabug: 29937283] [1.11.6-7] - fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process' - Resolves: #1819393 conmon [2:2.0.6-1.0.1] - Remove upstream references [Orabug: 30871880] [2:2.0.6-1] - update to 2.0.6 - Related: RHELPLAN-25139 podman [1.6.4-11.0.1] - delivering fix for [Orabug: 29874238] by Nikita Gerasimov <nikita.gerasimov@oracle.com> [1.6.4-11] - fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process' - Resolves: #1819391 python-podman-api [1.2.0-0.2.gitd0a45fe] - revert update to 1.6.0 due to new python3-pbr dependency which is not in RHEL - Related: RHELPLAN-25139 skopeo [0.1.40-9.0.1] - Add oracle registry into the conf file [Orabug: 29845934 31306708] - Fix oracle registry login issues [Orabug: 29937192] [1:0.1.40-9] - add docker.io into the default registry list - Related: #1810053 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10696 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 buildah [1.11.6-8.0.1] - Fixes troubles with oracle registry login [Orabug: 29937283] [1.11.6-8] - fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process' - Resolves: #1817742 [1.11.6-7] - fix 'COPY command takes long time with buildah' - Resolves: #1806120 cockpit-podman [12-1] - Configure CPU share for system containers - Translation updates conmon [2:2.0.6-1.0.1] - Remove upstream references [Orabug: 30871880] [2:2.0.6-1] - update to 2.0.6 - Related: RHELPLAN-25139 containernetworking-plugins [0.8.3-5.0.1] - Disable debuginfo [0.8.3-5] - compile with no_openssl - Related: RHELPLAN-25139 podman [1.6.4-11.0.1] - delivering fix for [Orabug: 29874238] by Nikita Gerasimov <nikita.gerasimov@oracle.com> [1.6.4-11] - fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process' - Resolves: #1817747 python-podman-api [1.2.0-0.2.gitd0a45fe] - revert update to 1.6.0 due to new python3-pbr dependency which is not in RHEL - Related: RHELPLAN-25139 runc [1.0.0-65.rc10] - address CVE-2019-19921 by updating to rc10 - Resolves: #1801887 skopeo [0.1.40-11.0.1] - Add oracle registry into the conf file [Orabug: 29845934 31306708] - Fix oracle registry login issues [Orabug: 29937192] [1:0.1.40-11] - add docker.io into the default registry list - Related: #1810053 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10696 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.1.51-4] - Increase the release version [2.1.51-3] - targetclid.sock allows unprivileged user to execute commands [2.1.51-2] - Create the target/pr directory when installing the package IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10699 cpe:/a:oracle:linux:8::appstream Oracle Linux 6 [8.2.0-7] - Fix CVE-2020-10108 HTTP request smuggling when presented with two Content-Length headers Resolves: rhbz#1813439 - Remove useless macros definitions IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10108 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 8 [2.18.4-2] - Update to release 2.18.4 - Resolves: CVE-2020-11008 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-11008 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [3.6.8-10] - Fix CVE-2020-11501 (#1826176) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-11501 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:2:baseos_patch Oracle Linux 8 [68.8.0-1.0.1.el8_2] - Rebuild to pickup Oracle default bookmarks [Orabug: 30069264] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Remove upstream references [Orabug: 30530527] * Wed Apr 29 2020 Jan Horak <jhorak@redhat.com> - Update to 68.8.0 build1 [68.7.0-3] - Added fix for rhbz#1821418 CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-12387 CVE-2020-12395 CVE-2020-6831 CVE-2020-12392 cpe:/a:oracle:linux:8::appstream Oracle Linux 6 [68.8.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one * Wed Apr 29 2020 Jan Horak <jhorak@redhat.com> - Update to 68.8.0 build1 [68.7.0-3] - Added fix for rhbz#1821418 [68.7.0-2] - Update to 68.7.0 build3 [68.6.1-1] - Update to 68.6.1 ESR * Wed Mar 04 2020 Jan Horak <jhorak@redhat.com> - Update to 68.6.0 build1 [68.5.0-3] - Added fix for rhbz#1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-12387 CVE-2020-12395 CVE-2020-12392 CVE-2020-6831 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [68.8.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file * Wed Apr 29 2020 Jan Horak <jhorak@redhat.com> - Update to 68.8.0 build1 [68.7.0-3] - Added fix for rhbz#1821418 CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-12392 CVE-2020-6831 CVE-2020-12387 CVE-2020-12395 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [7:3.5.20-15.1] - Resolves: #1828359 - CVE-2020-11945 squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution - Resolves: #1828360 - CVE-2019-12519 squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow - Resolves: #1829772 - CVE-2019-12525 squid: parsing of header Proxy-Authentication leads to memory corruption IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-12519 CVE-2019-12525 CVE-2020-11945 cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 squid [7:4.4-8.1] - Resolves: #1828368 - CVE-2019-12519 squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow - Resolves: #1828367 - CVE-2020-11945 squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution - Resolves: #1829402 - CVE-2019-12525 squid:4/squid: parsing of header Proxy-Authentication leads to memory corruption IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-12519 CVE-2020-11945 CVE-2019-12525 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [68.8.0-1.0.1.el8_2] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.8.0-1] - Update to 68.8.0 build2 CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-6831 CVE-2020-12387 CVE-2020-12397 CVE-2020-12395 CVE-2020-12392 cpe:/a:oracle:linux:8::appstream Oracle Linux 6 [68.8.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.8.0-1] - Update to 68.8.0 build2 CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-6831 CVE-2020-12397 CVE-2020-12395 CVE-2020-12387 CVE-2020-12392 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [68.8.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.8.0-1] - Update to 68.8.0 build2 CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-6831 CVE-2020-12387 CVE-2020-12392 CVE-2020-12395 CVE-2020-12397 cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta Oracle Linux 7 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-11324 CVE-2019-11236 CVE-2018-18074 CVE-2018-20060 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 Oracle Linux 8 [3.29-7.0.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [3.29-7] - Resolves: rhbz#1814935 CVE-2020-1763 doS attack via malicious IKEv1 informational exchange message [rhel-8.2.0.z] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1763 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-20060 CVE-2019-11236 CVE-2018-18074 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7:8:patch Oracle Linux 7 [3.10.0-1127.8.2.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] [3.10.0-1127.8.2] - [net] netlabel: cope with NULL catmap (Paolo Abeni) [1827239 1827240] {CVE-2020-10711} [3.10.0-1127.8.1] - [scsi] scsi: qla2xxx: initialize fc4_type_priority (Nilesh Javali) [1827274 1808129] [3.10.0-1127.7.1] - [net] sched: flower: insert new filter to idr after setting its mask (Davide Caratti) [1824548 1785141] - [netdrv] r8169: fix network stalls due to missing bit TXCFG_AUTO_FIFO (Corinna Vinschen) [1822548 1787263] - [net] net_sched: remove a bogus warning in hfsc (Davide Caratti) [1821262 1781323] - [net] tcp: make tcp_space() aware of socket backlog (Guillaume Nault) [1817499 1790840] - [scsi] iscsi: Avoid potential deadlock in iscsi_if_rx func (Oleksandr Natalenko) [1817497 1715986] - [scsi] scsi: avoid repetitive logging of device offline messages (Nilesh Javali) [1815596 1798042] - [scsi] qla2xxx: Fix I/Os being passed down when FC device is being deleted (Nilesh Javali) [1815596 1798042] - [scsi] scsi: qla2xxx: Fix unbound sleep in fcport delete path (Nilesh Javali) [1815596 1798042] - [scsi] scsi: qla2xxx: Fix hang in fcport delete path (Nilesh Javali) [1815596 1798042] - [scsi] scsi: qla2xxx: Fix stuck session in GNL (Nilesh Javali) [1815596 1798042] - [scsi] scsi: qla2xxx: Correct fcport flags handling (Nilesh Javali) [1815596 1798042] - [scsi] scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (Nilesh Javali) [1815596 1798042] - [scsi] scsi: megaraid_sas: fixup MSIx interrupt setup during resume (Tomas Henzl) [1813249 1807077] - [md] dm mpath: call clear_request_fn_mpio() in multipath_release_clone() (Mike Snitzer) [1812937 1806400] - [scsi] scsi: implement .cleanup_rq callback (Mike Snitzer) [1812937 1806400] - [md] blk-mq: add callback of .cleanup_rq (Mike Snitzer) [1812937 1806400] - [md] dm rq: fix checking of dm_dispatch_clone_request's return value (Ming Lei) [1814537 1805401] [3.10.0-1127.6.1] - [x86] x86/debug: Extend the lower bound of crash kernel low reservations (Pingfan Liu) [1817502 1811511] [3.10.0-1127.5.1] - [netdrv] hv/netvsc: Fix NULL dereference at single queue mode fallback (Mohammed Gamal) [1817935 1806488] - [netdrv] hv/netvsc: fix handling of fallback to single queue mode (Mohammed Gamal) [1817935 1806488] - [netdrv] hv_netvsc: Fix unwanted rx_table reset (Mohammed Gamal) [1817935 1806488] - [netdrv] hv_netvsc: Fix tx_table init in rndis_set_subchannel() (Mohammed Gamal) [1817935 1806488] - [netdrv] hv_netvsc: fix typos in code comments (Mohammed Gamal) [1817935 1806488] - [netdrv] hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe() (Mohammed Gamal) [1817935 1806488] - [netdrv] hv_netvsc: Fix hash key value reset after other ops (Mohammed Gamal) [1817935 1806488] - [netdrv] hv_netvsc: Refactor assignments of struct netvsc_device_info (Mohammed Gamal) [1817935 1806488] - [netdrv] hv_netvsc: split sub-channel setup into async and sync (Mohammed Gamal) [1817935 1806488] - [netdrv] hv_netvsc: Fix send_table offset in case of a host bug (Mohammed Gamal) [1817935 1806488] - [netdrv] hv_netvsc: Add NetVSP v6 and v6.1 into version negotiation (Mohammed Gamal) [1817935 1806488] - [netdrv] hv_netvsc: Fix offset usage in netvsc_send_table() (Mohammed Gamal) [1817935 1806488] - [netdrv] hv_netvsc: simplify receive side calling arguments (Mohammed Gamal) [1817935 1806488] [3.10.0-1127.4.1] - [x86] kvm: x86: do not reset microcode version on INIT or RESET (Paolo Bonzini) [1814003 1801852] - [x86] kvm: x86: list MSR_IA32_UCODE_REV as an emulated MSR (Paolo Bonzini) [1814003 1801852] - [x86] kvm: x86: Allow userspace to define the microcode version (Paolo Bonzini) [1814003 1801852] [3.10.0-1127.3.1] - [md] md/raid6: Set R5_ReadError when there is read failure on parity disk (Xiao Ni) [1810062 1804569] - [kernel] blktrace: fix dereference after null check (Ming Lei) [1806367 1798318] {CVE-2019-19768} - [kernel] blktrace: Protect q->blk_trace with RCU (Ming Lei) [1806367 1798318] {CVE-2019-19768} - [kernel] blktrace: fix trace mutex deadlock (Ming Lei) [1806367 1798318] {CVE-2019-19768} - [kernel] blktrace: fix unlocked registration of tracepoints (Ming Lei) [1806367 1798318] {CVE-2019-19768} - [kernel] blktrace: fix unlocked access to init/start-stop/teardown (Ming Lei) [1806367 1798318] {CVE-2019-19768} [3.10.0-1127.2.1] - [kernel] tick-sched: Update nohz load even if tick already stopped (Scott Wood) [1808030 1694877] [3.10.0-1127.1.1] - [net] openvswitch: support asymmetric conntrack (Aaron Conole) [1806447 1757759] - [kernel] audit: CONFIG_CHANGE don't log internal bookkeeping as an event (Richard Guy Briggs) [1806430 1777239] - [kernel] tracing: Fix possible double free on failure of allocating trace buffer (Jerome Marchand) [1803010 1803011] {CVE-2017-18595} - [kernel] tracing: Fix crash when it fails to alloc ring buffer (Jerome Marchand) [1803010 1803011] {CVE-2017-18595} - [base] of: to support binding numa node to specified device in devicetree (Jeff Moyer) [1801699 1791883] - [ptp] ptp: free ptp device pin descriptors properly (Vladis Dronov) [1798396 1774657] - [ptp] ptp: fix the race between the release of ptp_clock and cdev (Vladis Dronov) [1798396 1774657] - [ptp] ptp: Fix pass zero to ERR_PTR() in ptp_clock_register (Vladis Dronov) [1798396 1774657] - [ptp] ptp: create 'pins' together with the rest of attributes (Vladis Dronov) [1798396 1774657] - [ptp] ptp: use is_visible method to hide unused attributes (Vladis Dronov) [1798396 1774657] - [ptp] ptp: use kcalloc when allocating arrays (Vladis Dronov) [1798396 1774657] - [ptp] ptp: do not explicitly set drvdata in ptp_clock_register() (Vladis Dronov) [1798396 1774657] - [ptp] drivers/ptp: Fix kernel memory disclosure (Vladis Dronov) [1798396 1774657] - [ptp] ptp: Fix resource leak in case of error (Vladis Dronov) [1798396 1774657] - [netdrv] ptp: drivers: set the number of programmable pins (Vladis Dronov) [1798396 1774657] - [ptp] ptp: expose the programmable pins via sysfs (Vladis Dronov) [1798396 1774657] - [documentation] ptp: add the pin GET/SETFUNC ioctls to the testptp program (Vladis Dronov) [1798396 1774657] - [documentation] ptp: Allow selecting trigger/event index in testptp (Vladis Dronov) [1798396 1774657] - [documentation] ptp: add the PTP_SYS_OFFSET ioctl to the testptp program (Vladis Dronov) [1798396 1774657] - [netdrv] ixgbevf: Use cached link state instead of re-reading the value for ethtool (Ken Cox) [1796799 1794812] - [kernel] sched: Fix schedule_tail() to disable preemption (Phil Auld) [1796262 1771094] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10711 CVE-2017-18595 CVE-2019-19768 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [4.18.0-193.1.2_2.OL8] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] [4.18.0-193.1.2_2] - [net] netlabel: cope with NULL catmap (Paolo Abeni) [1827249 1827251] {CVE-2020-10711} - [mm] s390/mm: fix page table upgrade vs 2ndary address mode accesses (Vladis Dronov) [1828153 1828154] {CVE-2020-11884} [4.18.0-193.1.1_2] - [x86] kvm: x86: clear stale x86_emulate_ctxt->intercept value (Jon Maloy) [1824398 1806817] {CVE-2020-2732} - [x86] kvm: vmx: check descriptor table exits on instruction emulation (Jon Maloy) [1824398 1806817] {CVE-2020-2732} - [x86] kvm: nvmx: Check IO instruction VM-exit conditions (Jon Maloy) [1824398 1806817] {CVE-2020-2732} - [x86] kvm: nvmx: Refactor IO bitmap checks into helper function (Jon Maloy) [1824398 1806817] {CVE-2020-2732} - [x86] kvm: nvmx: Don't emulate instructions in guest mode (Jon Maloy) [1824398 1806817] {CVE-2020-2732} - [sound] ALSA: usb-audio: set the interface format after resume on Dell WD19 (Perry Yuan) [1821376 1807965] - [kernel] sched: Avoid scale real weight down to zero (Phil Auld) [1819909 1808562] - [netdrv] hv_netvsc: Fix unwanted rx_table reset (Mohammed Gamal) [1817945 1805950] - [netdrv] hv_netvsc: Fix tx_table init in rndis_set_subchannel() (Mohammed Gamal) [1817945 1805950] - [netdrv] hv_netvsc: Fix send_table offset in case of a host bug (Mohammed Gamal) [1817945 1805950] - [netdrv] hv_netvsc: Fix offset usage in netvsc_send_table() (Mohammed Gamal) [1817945 1805950] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2732 CVE-2020-11884 CVE-2020-10711 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:2:baseos_patch cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 6 [2.6.32-754.29.2.OL6] - Update genkey [bug 25599697] [2.6.32-754.29.2] - [net] netlabel: cope with NULL catmap (Paolo Abeni) [1827226] {CVE-2020-10711} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10711 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 Oracle Linux 8 [2.1.514-2] - Update to new tarball for the release - Resolves: RHBZ#1830065 [2.1.514-1] - Update to .NET Core SDK 2.1.514 and Runtime 2.1.18 - Resolves: RHBZ#1830065 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1108 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [3.1.104-2.0.2] - Update patch to support 8.2 (alexander.burmashev@oracle.com) [3.1.104-2.0.1] - support OL release scheme (alexander.burmashev@oracle.com) [3.1.104-2] - Update to new release - Resolves: RHBZ#1833091 [3.1.104-1] - Update to .NET Core Runtime 3.1.4 and SDK 3.1.104 - Resolves: RHBZ#1833091 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1108 CVE-2020-1161 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [2.0.0-4.rc4] - CVE-2020-11521: Fix out-of-bounds write in planar.c (#1837621) - CVE-2020-11523: Fix integer overflow in region.c (#1837622) - CVE-2020-11524: Fix out-of-bounds write in interleaved.c (#1837623) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-11524 CVE-2020-11521 CVE-2020-11523 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [2:2.0.0-46.rc4.1] - CVE-2020-11521: Fix out-of-bounds write in planar.c (#1837632) - CVE-2020-11523: Fix integer overflow in region.c (#1837633) - CVE-2020-11524: Fix out-of-bounds write in interleaved.c (#1837631) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-11521 CVE-2020-11523 CVE-2020-11524 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 7 [1.8.3.1-23] - Prevent crafted URL containing new lines, empty host or lacks a scheme to cause credential leak. Resolves: CVE-2020-11008 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-11008 cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [32:9.11.13-5] - Limit number of queries triggered by a request (CVE-2020-8616) [32:9.11.13-4] - Fix invalid tsig request (CVE-2020-8617) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8617 CVE-2020-8616 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:2:baseos_patch Oracle Linux 7 [32:9.11.4-16.P2.6] - Fix EDNS512 loops on broken servers [32:9.11.4-16.P2.5] - Add CVE tests to codebase [32:9.11.4-16.P2.4] - Limit number of queries triggered by a request (CVE-2020-8616) - Fix invalid tsig request (CVE-2020-8617) [32:9.11.4-16.P2.3] - Disable atomic operations on ppc64, ppc64le, aarch64, ppc (#1779589) [32:9.11.4-16.P2.2] - Disable unit test timer_test on ppc64le because of its instability [32:9.11.4-16.P2.1] - Prevent deadlock on reload (#1805685) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8616 CVE-2020-8617 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 Oracle Linux 6 [68.9.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one * Fri May 29 2020 Jan Horak <jhorak@redhat.com> - Update to 68.9.0 build1 - Added patch for pipewire 0.3 * Mon May 11 2020 Jan Horak <jhorak@redhat.com> - Added s390x specific patches * Wed Apr 29 2020 Jan Horak <jhorak@redhat.com> - Update to 68.8.0 build1 [68.7.0-3] - Added fix for rhbz#1821418 [68.7.0-2] - Update to 68.7.0 build3 [68.6.1-1] - Update to 68.6.1 ESR * Wed Mar 04 2020 Jan Horak <jhorak@redhat.com> - Update to 68.6.0 build1 [68.5.0-3] - Added fix for rhbz#1805667 - Enabled mzbz@1170092 - Firefox prefs at /etc * Fri Feb 07 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build2 * Wed Feb 05 2020 Jan Horak <jhorak@redhat.com> - Update to 68.5.0 build1 * Wed Jan 08 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.1esr build1 * Fri Jan 03 2020 Jan Horak <jhorak@redhat.com> - Update to 68.4.0esr build1 * Wed Dec 18 2019 Jan Horak <jhorak@redhat.com> - Fix for wrong intl.accept_lang when using non en-us langpack [68.3.0-1] - Update to 68.3.0 ESR [68.2.0-4] - Added patch for TLS 1.3 support. [68.2.0-3] - Rebuild [68.2.0-2] - Rebuild [68.2.0-1] - Update to 68.2.0 ESR [68.1.0-6] - Enable system nss on RHEL6 [68.1.0-2] - Enable building langpacks [68.1.0-1] - Update to 68.1.0 ESR [68.0.1-4] - Enable system nss [68.0.1-3] - Enable official branding [68.0.1-2] - Enabled PipeWire on RHEL8 [68.0.1-1] - Updated to 68.0.1 ESR [68.0-0.11] - Update to 68.0 ESR [68.0-0.10] - Updated to 68.0 alpha 13 - Enabled second arches [68.0-0.1] - Updated to 68.0 alpha [60.6.0-3] - Added Google API keys (mozbz#1531176) [60.6.0-2] - Update to 60.6.0 ESR (Build 2) [60.6.0-1] - Update to 60.6.0 ESR (Build 1) [60.5.1-1] - Update to 60.5.1 ESR [60.5.0-3] - Added fix for rhbz#1672424 - Firefox crashes on NFS drives. [60.5.0-2] - Updated to 60.5.0 ESR build2 [60.5.0-1] - Updated to 60.5.0 ESR build1 [60.4.0-3] - Fixing fontconfig warnings (rhbz#1601475) [60.4.0-2] - Added pipewire patch from Tomas Popela (rhbz#1664270) [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12410 CVE-2020-12406 CVE-2020-12405 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 8 [68.9.0-1.0.1.el8_2] - Rebuild to pickup Oracle default bookmarks [Orabug: 30069264] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Remove upstream references [Orabug: 30530527] * Fri May 29 2020 Jan Horak <jhorak@redhat.com> - Update to 68.9.0 build1 - Added patch for pipewire 0.3 * Mon May 11 2020 Jan Horak <jhorak@redhat.com> - Added s390x specific patches IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [68.9.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file * Fri May 29 2020 Jan Horak <jhorak@redhat.com> - Update to 68.9.0 build1 - Added patch for pipewire 0.3 * Mon May 11 2020 Jan Horak <jhorak@redhat.com> - Added s390x specific patches IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12410 CVE-2020-12405 CVE-2020-12406 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 6 [32:9.8.2-0.68.rc1.7] - Correct tests covering CVE-2020-8617 [32:9.8.2-0.68.rc1.6] - Add additional fix to limit recursions [32:9.8.2-0.68.rc1.5] - Add CVE tests to codebase [32:9.8.2-0.68.rc1.4] - Limit number of queries triggered by a request (CVE-2020-8616) - Fix invalid tsig request (CVE-2020-8617) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8616 CVE-2020-8617 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 Oracle Linux 7 [2.0.0-4.rc4.1] - CVE-2020-13398: Fix out-of-bounds write in crypto.c (#1841974) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13398 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 6 [1.0.2-7] - CVE-2020-13398: Fix out-of-bounds write in crypto.c (#1841980) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13398 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 8 [2:2.0.0-46.rc4.2] - CVE-2020-13398: Fix out-of-bounds write in crypto.c (#1841978) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13398 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 7 [1.6.6-4] - Fix amplifying an incoming query into a large number of queries directed to a target - Resolves: rhbz#1839172 (CVE-2020-12662), rhbz#1840258 (CVE-2020-12663) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12663 CVE-2020-12662 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [1.7.3-11] - Fix amplifying an incoming query into a large number of queries directed to a target - Resolves: rhbz#1839177 (CVE-2020-12662), rhbz#1840262 (CVE-2020-12663) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12662 CVE-2020-12663 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [4.18.0-193.6.3_2.OL8] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] [4.18.0-193.6.3_2] - rebuild to enable xt_u32 module (Jiri Benc) [1840800 1840799 1834769 1838190] [4.18.0-193.6.2_2] - [documentation] x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} - [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} - [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} - [x86] x86/cpu: Add 'table' argument to cpu_matches() (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} - [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} [4.18.0-193.6.1_2] - [char] tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() (Steve Best) [1827632 1808048] - [netdrv] bonding: fix active-backup transition after link failure (Jarod Wilson) [1838477 1819408] - [netdrv] bonding: fix state transition issue in link monitoring (Jarod Wilson) [1838477 1819408] - [kernel] sched/fair: Allow a per-CPU kthread waking a task to stack on the same CPU, to fix XFS performance regression (Phil Auld) [1834517 1745111] - [block] block, bfq: fix use-after-free in bfq_idle_slice_timer_body (Ming Lei) [1835531 1835532] {CVE-2020-12657} - [kvm] KVM: x86: use raw clock values consistently (Marcelo Tosatti) [1822498 1768622] - [kvm] KVM: x86: reorganize pvclock_gtod_data members (Marcelo Tosatti) [1822498 1768622] - [kvm] KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [1822498 1768622] [4.18.0-193.5.1_2] - [fs] nfs: fix NULL deference in nfs4_get_valid_delegation ('J. Bruce Fields') [1837969 1831553] [4.18.0-193.4.1_2] - [bluetooth] Revert 'Bluetooth: btusb: driver to enable the usb-wakeup feature' (Gopal Tiwari) [1827620 1811534] - [net] netlabel: cope with NULL catmap (Paolo Abeni) [1827249 1827251] {CVE-2020-10711} - [mm] s390/mm: fix page table upgrade vs 2ndary address mode accesses (Vladis Dronov) [1828153 1828154] {CVE-2020-11884} [4.18.0-193.3.1_2] - [kernel] sched/isolation: Allow 'isolcpus=' to skip unknown sub-parameters (Peter Xu) [1832367 1799014] - [firmware] efi: fix a mistype in comments mentioning efivar_entry_iter_begin() (Vladis Dronov) [1829527 1804417] - [firmware] efi: add a sanity check to efivar_store_raw() (Vladis Dronov) [1829527 1804417] - [firmware] efi: fix a race and a buffer overflow while reading efivars via sysfs (Vladis Dronov) [1829527 1804417] - [net] net/smc: keep vlan_id for SMC-R in smc_listen_work() (Philipp Rudo) [1827631 1796890] [4.18.0-193.2.1_2] - [net] vti[6]: fix packet tx through bpf_redirect() in XinY cases (Sabrina Dubroca) [1821375 1795145] - [net] xfrm interface: fix packet tx through bpf_redirect() (Sabrina Dubroca) [1821375 1795145] - [net] vti[6]: fix packet tx through bpf_redirect() (Sabrina Dubroca) [1821375 1795145] - [scripts] redhat: fix modpost.c prerequisites (Frantisek Hrbata) [1828229 1818499] - [infiniband] IB/core: Avoid deadlock during netlink message handling (Kamal Heib) [1821381 1818986] - [infiniband] RDMA/core: Support netlink commands in non init_net net namespaces (Kamal Heib) [1821381 1818986] - [misc] mei: me: add comet point (lake) H device ids (Ken Cox) [1825262 1815355] - [misc] mei: me: add comet point (lake) LP device ids (Ken Cox) [1825262 1815355] - [misc] mei: define dma ring buffer sizes for PCH12 HW and newer (Ken Cox) [1825262 1815355] - [misc] mei: hbm: define dma ring setup protocol (Ken Cox) [1825262 1815355] - [net] SUNRPC: fix krb5p mount to provide large enough buffer in rq_rcvsize (Steve Dickson) [1826219 1825388] - [mm] mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (Rafael Aquini) [1827619 1763878] - [mm] mm: thp: fix flags for pmd migration when split (Rafael Aquini) [1827619 1763878] - [mm] mm: thp: relocate flush_cache_range() in migrate_misplaced_transhuge_page() (Rafael Aquini) [1827619 1763878] - [mm] mm: thp: fix mmu_notifier in migrate_misplaced_transhuge_page() (Rafael Aquini) [1827619 1763878] - [mm] mm: thp: fix MADV_DONTNEED vs migrate_misplaced_transhuge_page race condition (Rafael Aquini) [1827619 1763878] - [md] Revert 'dm: always call blk_queue_split() in dm_process_bio()' (Mike Snitzer) [1821382 1820705] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12657 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:2:baseos_patch cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 6 [2.6.32-754.30.2.OL6] - Update genkey [bug 25599697] [2.6.32-754.30.2] - x86/speculation: Provide SRBDS late microcode loading support (Waiman Long) - [documentation] x86/speculation: Add Ivy Bridge to affected list (Waiman Long) [1827185] {CVE-2020-0543} - [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/devicetable: Move x86 specific macro out of generic code (Waiman Long) [1827185] {CVE-2020-0543} [2.6.32-754.30.1] - [net] netlabel: cope with NULL catmap (Paolo Abeni) [1827226] {CVE-2020-10711} - [netdrv] bonding: don't set slave->link in bond_update_speed_duplex() (Patrick Talbert) [1828604] - [security] KEYS: prevent KEYCTL_READ on negative key (Patrick Talbert) [1498368] {CVE-2017-12192} MODERATE Copyright 2020 Oracle, Inc. CVE-2017-12192 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 Oracle Linux 8 [4:20191115-4.20200602.2] - Avoid temporary file creation, used for here-documents in check_caveats. [4:20191115-4.20200602.1] - Update Intel CPU microcode to microcode-20200602 release, addresses CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 (#1827183): - Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f up to 0x621; - Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision 0x718 up to 0x71a; - Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28; - Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e up to 0x2f; - Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25 up to 0x26; - Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c; - Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21 up to 0x22; - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6 up to 0xdc; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151 up to 0x1000157; - Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065 up to 0x2006906; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c up to 0x4002f01; - Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c up to 0x5002f01; - Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6 up to 0xdc; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46 up to 0x78; - Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to 0xd6. - Change the URL to point to the GitHub repository since the microcode download section at Intel Download Center does not exist anymore. [4:20191115-4.20191115.6] - Narrow down SKL-SP/W/X blacklist to exclude Server/FPGA/Fabric segment models. [4:20191115-4.20191115.5] - Re-generate initramfs not only for the currently running kernel, but for several recently installed kernels as well. MODERATE Copyright 2020 Oracle, Inc. CVE-2020-0549 CVE-2020-0543 CVE-2020-0548 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:2:baseos_patch Oracle Linux 7 [2:2.1-61.6.0.1] - update 06-2d-07 to 0x71a - update 06-55-04 to 0x2006906 - update 06-55-07 to 0x5002f01 - for Intel, do not trigger load if on-disk microcode is not an update [Orabug: 30634727] - set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618736] - do not late load prior to 3.10.0 - ensure late loading fixes are present on 4.1.12-* and 4.14.35-* - enable early and late load for 5.4.17-* - enable early loading for 06-4f-01 [2:2.1-61.6] - Avoid temporary file creation, used for here-documents in check_caveats. [2:2.1-61.5] - Update Intel CPU microcode to microcode-20200602 release, addresses CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 (#1827189): - Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f up to 0x621; - Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision 0x718 up to 0x71a; - Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28; - Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e up to 0x2f; - Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25 up to 0x26; - Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c; - Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21 up to 0x22; - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6 up to 0xdc; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151 up to 0x1000157; - Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065 up to 0x2006906; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c up to 0x4002f01; - Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c up to 0x5002f01; - Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6 up to 0xdc; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46 up to 0x78; - Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to 0xd6. - Change the URL in the intel-microcode2ucode.8 to point to the GitHub repository since the microcode download section at Intel Download Center does not exist anymore. [2:2.1-61.4] - Narrow down SKL-SP/W/X blacklist to exclude Server/FPGA/Fabric segment models. [2:2.1-61.3] - Re-generate initramfs not only for the currently running kernel, but for several recently installed kernels as well. [2:2.1-61.2] - Avoid find being SIGPIPE'd on early 'grep -q' exit in the dracut script. [2:2.1-61.1] - Update stale posttrans dependency, add triggers for proper handling of the debug kernel flavour along with kernel-rt. MODERATE Copyright 2020 Oracle, Inc. CVE-2020-0549 CVE-2020-0543 CVE-2020-0548 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:linux:7:8:patch Oracle Linux 6 [3:1.17-33.26.0.1] - update 06-2d-07 to 0x71a - update 06-55-04 to 0x2006906 - update 06-55-07 to 0x5002f01 - merge Oracle changes for early load via dracut - enable late load on install for UEK4 kernels marked safe (except BDW-79) - set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618737] [2:1.17-33.26] - Update Intel CPU microcode to microcode-20200602 release, addresses CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 (#1795353, #1795357, #1827186): - Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28; - Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e up to 0x2f; - Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25 up to 0x26; - Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c; - Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21 up to 0x22; - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6 up to 0xdc; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151 up to 0x1000157; - Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065 up to 0x2006906; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c up to 0x4002f01; - Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c up to 0x5002f01; - Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6 up to 0xdc; - Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca up to 0xd6; - Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca up to 0xd6; - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to 0xd6. [2:1.17-33.25] - Update Intel CPU microcode to microcode-20200520 release (#1839193): - Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f up to 0x621; - Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision 0x718 up to 0x71a; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46 up to 0x78. [2:1.17-33.24] - Narrow down SKL-SP/W/X blacklist to exclude Server/FPGA/Fabric segment models (#1835555). [2:1.17-33.23] - Do not update 06-55-04 (SKL-SP/W/X) to revision 0x2000065, use 0x2000064 by default (#1774635). [2:1.17-33.22] - Update Intel CPU microcode to microcode-20191115 release: - Update of 06-4e-03/0xc0 (SKL-U/Y D0) from revision 0xd4 up to 0xd6; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 R0/N0) from revision 0xd4 up to 0xd6; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) from revision 0xc6 up to 0xca; - Update of 06-8e-09/0xc0 (KBL-U/Y H0) from revision 0xc6 up to 0xca; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0) from revision 0xc6 up to 0xca; - Update of 06-8e-0b/0xd0 (WHL-U W0) from revision 0xc6 up to 0xca; - Update of 06-8e-0c/0x94 (AML-Y V0, CML-U 4+2 V0, WHL-U V0) from revision 0xc6 up to 0xca; - Update of 06-9e-09/0x2a (KBL-G/X H0, KBL-H/S/Xeon E3 B0) from revision 0xc6 up to 0xca; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) from revision 0xc6 up to 0xca; - Update of 06-9e-0b/0x02 (CFL-S B0) from revision 0xc6 up to 0xca; - Update of 06-9e-0c/0x22 (CFL-S/Xeon E P0) from revision 0xc6 up to 0xca; - Update of 06-9e-0d/0x22 (CFL-H/S R0) from revision 0xc6 up to 0xca; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) from revision 0xc6 up to 0xca. [2:1.17-33.21] - Update Intel CPU microcode to microcode-20191113 release: - Update of 06-9e-0c (CFL-H/S P0) microcode from revision 0xae up to 0xc6. - Drop 0001-releasenote-changes-summary-fixes.patch. [2:1.17-33.20] - Package the publicy available microcode-20191112 release (#1755021): - Addition of 06-4d-08/0x1 (AVN B0/C0) microcode at revision 0x12d; - Addition of 06-55-06/0xbf (CSL-SP B0) microcode at revision 0x400002c; - Addition of 06-7a-08/0x1 (GLK R0) microcode at revision 0x16; - Update of 06-55-03/0x97 (SKL-SP B1) microcode from revision 0x1000150 up to 0x1000151; - Update of 06-55-04/0xb7 (SKL-SP H0/M0/U0, SKL-D M1) microcode from revision 0x2000064 up to 0x2000065; - Update of 06-55-07/0xbf (CSL-SP B1) microcode from revision 0x500002b up to 0x500002c; - Update of 06-7a-01/0x1 (GLK B0) microcode from revision 0x2e up to 0x32; - Include 06-9e-0c (CFL-H/S P0) microcode from the microcode-20190918 release. - Correct the releasenote file (0001-releasenote-changes-summary-fixes.patch). - Update README.caveats with the link to the new Knowledge Base article. MODERATE Copyright 2020 Oracle, Inc. CVE-2020-0549 CVE-2020-0543 CVE-2020-0548 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 Oracle Linux 8 [3.1.105-2.0.1.el8_2] - Update patch to support 8.2 (alexander.burmashev@oracle.com) - support OL release scheme (alexander.burmashev@oracle.com) [3.1.105-2] - Remove incorrectly installed files - Resolves: RHBZ#1844515 [3.1.105-1] - Update to .NET Core Runtime 3.1.5 and SDK 3.1.105 - Resolves: RHBZ#1844515 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1108 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.1.515-1] - Update to .NET Core SDK 2.1.515 and Runtime 2.1.19 - Resolves: RHBZ#1843680 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1108 cpe:/a:oracle:linux:8::appstream Oracle Linux 6 [0.6.21-6] - Add patch for CVE-2020-13112 - Resolves: #1840948 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-13112 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [0:6.0.24-115] - Resolves: CVE-2020-9484 tomcat6: tomcat: Apache Tomcat Remote Code Execution via session persistence IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-9484 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [0:7.0.76-12] - Resolves: CVE-2020-9484 tomcat: Apache Tomcat Remote Code Execution via session persistence IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-9484 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [0.6.21-7] - Add patch for CVE-2020-13112 - Resolves: #1840949 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-13112 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [0.6.21-17] - Add patch for CVE-2020-13112 - Resolves: #1840952 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-13112 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 6 [68.9.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.9.0-1] - Update to 68.9.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12398 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 8 [68.9.0-1.0.1.el8_2] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.9.0-1] - Update to 68.9.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12398 CVE-2020-12405 CVE-2020-12410 CVE-2020-12406 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [68.9.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.9.0-1] - Update to 68.9.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12406 CVE-2020-12398 CVE-2020-12405 CVE-2020-12410 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [3.6.8-11] - Fix CVE-2020-13777 (#1844147) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13777 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:2:baseos_patch Oracle Linux 6 [1.4.20-29.1] - Fix segfault in unbound-1.4.20-amplifying-an-incoming-query.patch - Resolves: rhbz#1839171 (CVE-2020-12662), rhbz#1840257 (CVE-2020-12663) [1.4.20-28.1] - Fix unbound-1.4.20-amplifying-an-incoming-query.patch patch so it won't produce compiler warnings - Resolves: rhbz#1839171 (CVE-2020-12662), rhbz#1840257 (CVE-2020-12663) [1.4.20-27.1] - Fix amplifying an incoming query into a large number of queries directed to a target - Resolves: rhbz#1839171 (CVE-2020-12662), rhbz#1840257 (CVE-2020-12663) [1.4.20-26.1] - Resolves: #1655929 - Unbound crashed when running 'unbound-control log_reopen' IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12662 CVE-2020-12663 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 8 [6.3.6-2] - fix CVE-2020-13379 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13379 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [1.6.6-5] - Fix incomplete amplifying-an-incoming-query patch - Resolves: rhbz#1846424 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10772 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 7 [4.2.6p5-29.0.1] - Bump release to avoid ULN conflict with Oracle modified errata. [4.2.6p5-29.el7_8.2] - don't update transmission time on invalid response (CVE-2020-11868) - randomize transmit timestamp in client requests (CVE-?, #1813787) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-11868 CVE-2020-13817 cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [3.10.0-1127.13.1.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] [3.10.0-1127.13.1] - [x86] x86/speculation: Support old struct x86_cpu_id & x86_match_cpu() kABI (Waiman Long) [1827187 1827188] {CVE-2020-0543} - [documentation] x86/speculation: Add Ivy Bridge to affected list (Waiman Long) [1827187 1827188] {CVE-2020-0543} - [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Waiman Long) [1827187 1827188] {CVE-2020-0543} - [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Waiman Long) [1827187 1827188] {CVE-2020-0543} - [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long) [1827187 1827188] {CVE-2020-0543} - [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman Long) [1827187 1827188] {CVE-2020-0543} - [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long) [1827187 1827188] {CVE-2020-0543} - [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827187 1827188] {CVE-2020-0543} - [cpufreq] x86/devicetable: Move x86 specific macro out of generic code (Waiman Long) [1827187 1827188] {CVE-2020-0543} header (Waiman Long) [1827187 1827188] {CVE-2020-0543} [3.10.0-1127.12.1] - [x86] x86/speculation: Prevent deadlock on ssb_state::lock (Waiman Long) [1841121 1836322] - [vfio] vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [1837297 1820632] {CVE-2020-12888} - [vfio] vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [1837297 1820632] {CVE-2020-12888} - [vfio] vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [1837297 1820632] {CVE-2020-12888} - [vfio] vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Alex Williamson) [1837297 1820632] {CVE-2020-12888} - [vfio] vfio/pci: call irq_bypass_unregister_producer() before freeing irq (Alex Williamson) [1837297 1820632] {CVE-2020-12888} - [vfio] vfio_pci: Enable memory accesses before calling pci_map_rom (Alex Williamson) [1837297 1820632] {CVE-2020-12888} [3.10.0-1127.11.1] - [fs] cachefiles: Fix race between read_waiter and read_copier involving op->to_do (Dave Wysochanski) [1839757 1829662] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12888 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [1.33.0-3.el8_2.1] - prevent DoS caused by overly large SETTINGS frames (CVE-2020-11080) [1.33.0-3] - rebuild to trigger gating (#1681044) [1.33.0-2] - backport security fixes from nghttp2-1.39.2 (CVE-2019-9511 and CVE-2019-9513) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-11080 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/o:oracle:linux:8:8:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/o:oracle:linux:8:2:baseos_patch cpe:/o:oracle:linux:8:3:baseos_base cpe:/o:oracle:linux:8:4:baseos_base cpe:/o:oracle:linux:8:5:baseos_base cpe:/o:oracle:linux:8:6:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:7:baseos_base cpe:/o:oracle:linux:8::baseos_developer cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 qemu-kvm [2.12.0-99.0.1.el8_2.2] - Added bug30251155-remove-upstream-reference [Orabug: 30251155] [2.12.0-99.el8_2.2] - kvm-vnc-add-magic-cookie-to-VncState.patch [bz#1816763] - kvm-vnc-fix-memory-leak-when-vnc-disconnect.patch [bz#1816763] - Resolves: bz#1816763 (CVE-2019-20382 virt:rhel/qemu-kvm: QEMU: vnc: memory leakage upon disconnect [rhel-8]) [2.12.0-99.el8.1] - kvm-util-add-slirp_fmt-helpers.patch [bz#1834477] - kvm-dhcpv6-use-slirp_fmt.patch [bz#1834477] - kvm-misc-use-slirp_fmt0.patch [bz#1834477] - kvm-tftp-use-slirp_fmt0.patch [bz#1834477] - kvm-tcp_ctl-use-slirp_fmt.patch [bz#1834477] - kvm-tcp_emu-fix-unsafe-snprintf-usages.patch [bz#1834477] - Resolves: bz#1834477 (CVE-2020-8608 virt:rhel/qemu-kvm: QEMU: Slirp: potential OOB access due to unsafe snprintf() usages [rhel-8.2.0.z]) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-20382 CVE-2020-8608 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 6 [68.10.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [68.10.0-1] - Update to 68.10.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12420 CVE-2020-12421 CVE-2020-12419 CVE-2020-12418 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [68.10.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file * Fri Jun 26 2020 Jan Horak <jhorak@redhat.com> - Update to 68.10.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12420 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12421 cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [68.10.0-1.0.1.el8_2] - Rebuild to pickup Oracle default bookmarks [Orabug: 30069264] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Remove upstream references [Orabug: 30530527] [68.10.0-1] - Update to 68.10.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12419 CVE-2020-12421 CVE-2020-12420 CVE-2020-12417 CVE-2020-12418 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 nodejs [1:10.21.0-3] - Resolves: RHBZ#1845306 - Remove brotli-devel requires from nodejs-devel [1:10.21.0-2] - Resolves: RHBZ#1845306 - Turn off debug builds [1:10.21.0-1] - Security update to 10.21.0 - Resolves: RHBZ#1845306 - Fixes CVE-2020-11080, CVE-2020-8174, CVE-2020-10531 - Bundle brotli, because --shared-brotli configure option is missing - Add i18n subpackage nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8174 CVE-2020-11080 CVE-2020-7598 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 nodejs [12.18.2-1] - Rebase to 12.18.2 [1:12.18.1-1] - Rebase - Spec clean up - Provide i18n package, bundle icu - Resolves: RHBZ#1845310, RHBZ#1845691 [1:12.18.0-1] - Security update to 12.18.0 - Resolves: RHBZ#1845310, RHBZ#1845691 [1:12.16.1-2] - Fix CVE-2020-10531 [1:12.16.1-1] - Resolves: RHBZ#1800395, RHBZ#1800396, RHBZ#1800381 - Rebase to 12.16.1 [1:12.14.1-1] - Rebase to 12.14.1 [1:12.13.1-1] - Resolves: RHBZ# 1773503, update to 12.13.1 - minor clean up and sync with Fedora spec - turn off debug builds [1:12.4.0-2] - Resolves:RHBZ#1685191 - Add condition to libs [1:12.4.0-1] - Update to v12.x - Add v8-devel and libs subpackages from fedora [1:10.14.1-2] - move nodejs-packaging BR out of conditional [1:10.14.1-1] - Resolves: RHBZ#1644207 - fixes node-gyp permissions - rebase [1:10.11.0-2] - BuildRequire nodejs-packaging for proper npm dependency generation - Resolves: rhbz#1615947 [1:10.11.0-1] - Rebase to 10.11.0 - Import changes from fedora - Resolves: rhbz#1621766 [1:10.7.0-5] - Import sources from fedora - Allow using python2 at %build and %install - turn off debug for aarch64 [1:10.7.0-4] - Fix npm upgrade scriptlet - Fix unexpected trailing .1 in npm release field [1:10.7.0-3] - Restore annotations to binaries - Fix unexpected trailing .1 in release field [1:10.7.0-2] - Update to 10.7.0 - https://nodejs.org/en/blog/release/v10.7.0/ - https://nodejs.org/en/blog/release/v10.6.0/ [1:10.5.0-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [1:10.5.0-1] - Update to 10.5.0 - https://nodejs.org/en/blog/release/v10.5.0/ [1:10.4.1-1] - Update to 10.4.1 to address security issues - https://nodejs.org/en/blog/release/v10.4.1/ - Resolves: rhbz#1590801 - Resolves: rhbz#1591014 - Resolves: rhbz#1591019 [1:10.4.0-1] - Update to 10.4.0 - https://nodejs.org/en/blog/release/v10.4.0/ [1:10.3.0-1] - Update to 10.3.0 - Update npm to 6.1.0 - https://nodejs.org/en/blog/release/v10.3.0/ [1:10.2.1-2] - Fix up bare 'python' to be python2 - Drop redundant entry in docs section [1:10.2.1-1] - Update to 10.2.1 - https://nodejs.org/en/blog/release/v10.2.1/ [1:10.2.0-1] - Update to 10.2.0 - https://nodejs.org/en/blog/release/v10.2.0/ [1:10.1.0-3] - Fix incorrect rpm macro [1:10.1.0-2] - Include upstream v8 fix for ppc64[le] - Disable debug build on ppc64[le] and s390x [1:10.1.0-1] - Update to 10.1.0 - https://nodejs.org/en/blog/release/v10.1.0/ - Reenable node_g binary [1:10.0.0-1] - Update to 10.0.0 - https://nodejs.org/en/blog/release/v10.0.0/ - Drop workaround patch - Temporarily drop node_g binary due to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85587 [1:9.11.1-2] - Use standard Fedora linker flags (bug #1543859) [1:9.11.1-1] - Update to 9.11.1 - https://nodejs.org/en/blog/release/v9.11.0/ - https://nodejs.org/en/blog/release/v9.11.1/ [1:9.10.0-1] - Update to 9.10.0 - https://nodejs.org/en/blog/release/v9.10.0/ [1:9.9.0-1] - Update to 9.9.0 - https://nodejs.org/en/blog/release/v9.9.0/ [1:9.8.0-1] - Update to 9.8.0 - https://nodejs.org/en/blog/release/v9.8.0/ [1:9.7.0-1] - Update to 9.7.0 - https://nodejs.org/en/blog/release/v9.7.0/ - Work around F28 build issue [1:9.6.1-1] - Update to 9.6.1 - https://nodejs.org/en/blog/release/v9.6.1/ - https://nodejs.org/en/blog/release/v9.6.0/ [1:9.5.0-1] - Package Node.js 9.5.0 [1:8.9.4-2] - Fix incorrect Requires: [1:8.9.4-1] - Update to 8.9.4 - https://nodejs.org/en/blog/release/v8.9.4/ - Switch to system copy of nghttp2 [1:8.9.3-2] - Update to 8.9.3 - https://nodejs.org/en/blog/release/v8.9.3/ - https://nodejs.org/en/blog/release/v8.9.2/ [1:8.9.1-2] - Rebuild for ICU 60.1 [1:8.9.1-1] - Update to 8.9.1 [1:8.9.0-1] - Update to 8.9.0 - Drop upstreamed patch [1:8.8.1-1] - Update to 8.8.1 to fix a regression [1:8.8.0-1] - Security update to 8.8.0 - https://nodejs.org/en/blog/release/v8.8.0/ [1:8.7.0-1] - Update to 8.7.0 - https://nodejs.org/en/blog/release/v8.7.0/ [1:8.6.0-2] - Use bcond macro instead of bootstrap conditional [1:8.6.0-1] - Fix nghttp2 version - Update to 8.6.0 - https://nodejs.org/en/blog/release/v8.6.0/ [1:8.5.0-3] - Build with bootstrap + bundle libuv for modularity - backport patch for aarch64 debug build [1:8.5.0-2] - Disable debug builds on aarch64 due to https://github.com/nodejs/node/issues/15395 [1:8.5.0-1] - Update to v8.5.0 - https://nodejs.org/en/blog/release/v8.5.0/ [1:8.4.0-2] - Refactor openssl BR [1:8.4.0-1] - Update to v8.4.0 - https://nodejs.org/en/blog/release/v8.4.0/ - http2 is now supported, add bundled nghttp2 - remove openssl 1.0.1 patches, we won't be using them in fedora [1:8.3.0-1] - Update to v8.3.0 - https://nodejs.org/en/blog/release/v8.3.0/ - update V8 to 6.0 - update minimal gcc and g++ requirements to 4.9.4 [1:8.2.1-2] - Bump release to fix broken dependencies [1:8.2.1-1.2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1:8.2.1-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1:8.2.1-1] - Update to v8.2.1 - https://nodejs.org/en/blog/release/v8.2.1/ [1:8.2.0-1] - Update to v8.2.0 - https://nodejs.org/en/blog/release/v8.2.0/ - Update npm to 5.3.0 - Adds npx command [1:8.1.4-3] - s/BuildRequires/Requires/ for http-parser-devel%{?_isa} [1:8.1.4-2] - Rename python-devel to python2-devel - own %{_pkgdocdir}/npm [1:8.1.4-1] - Update to v8.1.4 - https://nodejs.org/en/blog/release/v8.1.4/ - Drop upstreamed c-ares patch [1:8.1.3-1] - Update to v8.1.3 - https://nodejs.org/en/blog/release/v8.1.3/ [1:8.1.2-1] - Update to v8.1.2 - remove GCC 7 patch, as it is now fixed in node >= 6.12 nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8174 CVE-2020-8172 CVE-2020-11080 CVE-2020-7598 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 7 [1:1.10.24-14.0.1] - fix netlink poll: error 4 (Zhenzhong Duan) [1:1.10.24-14] - Fix CVE-2020-12049 (#1851991) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12049 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [0.14-4] - Add explicit package version requirement on jbig2dec-libs to jbig2dec related: #1851057 [0.14-3] - Fix CVE-2020-12268 resolves: #1851057 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12268 cpe:/a:oracle:linux:8::distro_builder cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1:2.3.8-2.1] - fix CVE-2020-10957: malformed NOOP commands leads to DoS (#1840353) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10957 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.0.27-19.1] - 1852468, 1852467, 1852466, 1852465 - prevent buffer overflow in esci2_img - 1852668, 1852667, 1852666, 1852665 - disable autodiscovery for epsonds backend IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12861 CVE-2020-12865 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [68.10.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.10.0-1] - Update to 68.10.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12417 CVE-2020-12418 CVE-2020-12421 CVE-2020-12419 CVE-2020-12420 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 6 [2.6.32-754.31.1.OL6] - Update genkey [bug 25599697] [2.6.32-754.31.1] - [x86] x86/speculation: Provide SRBDS late microcode loading support (Waiman Long) [1827185] {CVE-2020-0543} - [documentation] x86/speculation: Add Ivy Bridge to affected list (Waiman Long) [1827185] {CVE-2020-0543} - [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827185] {CVE-2020-0543} - [x86] x86/devicetable: Move x86 specific macro out of generic code (Waiman Long) [1827185] {CVE-2020-0543} - [netdrv] bonding/802.3ad: fix link_failure_count tracking (Patrick Talbert) [1841819] - [mm] mm: migration: add migrate_entry_wait_huge() (Waiman Long) [1839653] - [powerpc] powerpc/book3s64: Fix link stack flush on context switch (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: support nospectre_v2 cmdline option (Gustavo Duarte) [1796810] - [powerpc] powerpc/security: Fix spectre_v2 reporting (Gustavo Duarte) [1796810] - [powerpc] powerpc/fsl: Update Spectre v2 reporting (Gustavo Duarte) [1796810] - [powerpc] powerpc/fsl: Add nospectre_v2 command line argument (Gustavo Duarte) [1796810] - [powerpc] powerpc/fsl: Fix spectre_v2 mitigations reporting (Gustavo Duarte) [1796810] - [powerpc] powerpc/pseries: Query hypervisor for count cache flush settings (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: Add support for software count cache flush (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: Add new security feature flags for count cache flush (Gustavo Duarte) [1796810] - [powerpc] powerpc/asm: Add a patch_site macro & helpers for patching instructions (Gustavo Duarte) [1796810] - [powerpc] powerpc/64: Make meltdown reporting Book3S 64 specific (Gustavo Duarte) [1796810] - [powerpc] powerpc/64: Call setup_barrier_nospec() from setup_arch() (Gustavo Duarte) [1796810] - [powerpc] powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC (Gustavo Duarte) [1796810] - [powerpc] powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (Gustavo Duarte) [1796810] - [powerpc] powerpc/64: Disable the speculation barrier from the command line (Gustavo Duarte) [1796810] - [powerpc] powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: Enhance the information in cpu_show_spectre_v1() (Gustavo Duarte) [1796810] - [powerpc] powerpc/64: Use barrier_nospec in syscall entry (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: Enable barrier_nospec based on firmware settings (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: Patch barrier_nospec in modules (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: Add support for ori barrier_nospec patching (Gustavo Duarte) [1796810] - [powerpc] powerpc/64s: Add barrier_nospec (Gustavo Duarte) [1796810] - [powerpc] powerpc: Add helper to check if offset is within relative branch range (Gustavo Duarte) [1796810] - [powerpc] powerpc: Have patch_instruction detect faults (Gustavo Duarte) [1796810] - [powerpc] powerpc: Introduce asm-prototypes.h (Gustavo Duarte) [1796810] - [powerpc] powerpc: Move local setup.h declarations to arch includes (Gustavo Duarte) [1796810] MODERATE Copyright 2020 Oracle, Inc. CVE-2019-18660 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 8 [2.1.516-1] - Update to .NET Core SDK 2.1.516 and Runtime 2.1.20 - Resolves: RHBZ#1851983 CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-1147 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [3.1.106-1.0.1] - Update patch to support 8.2 (alexander.burmashev@oracle.com) - support OL release scheme (alexander.burmashev@oracle.com) [3.1.106-1] - Update to .NET Core Runtime 3.1.6 and SDK 3.1.106 - Resolves: RHBZ#1854137 CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-1147 cpe:/a:oracle:linux:8::appstream Oracle Linux 6 [68.10.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.10.0-1] - Update to 68.10.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12419 CVE-2020-12418 CVE-2020-12421 CVE-2020-12420 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [1:1.8.0.262.b10-0] - Update to aarch64-shenandoah-jdk8u262-b10. - Switch to GA mode for final release. - Update release notes for 8u262 release. - Fix typo in jfr_arches which leads to ppc64 being wrongly excluded. - Split JDK-8042159 patch into per-repo patches as upstream. - Update JDK-8042159 JDK patch to apply after JDK-8238002 changes to Awt2dLibraries.gmk - Resolves: rhbz#1838811 [1:1.8.0.262.b09-0.1.ea] - Update to aarch64-shenandoah-jdk8u262-b09-shenandoah-merge-2020-07-03 - Resolves: rhbz#1838811 [1:1.8.0.262.b09-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b09. - With JDK-8248399 fixed, a broken jfr binary is no longer installed on architectures without JFR. - Resolves: rhbz#1838811 [1:1.8.0.262.b08-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b08. - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.2.ea] - Update to aarch64-shenandoah-jdk8u262-b07-shenandoah-merge-2020-06-18. - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.1.ea] - Sync alt-java support with java-11-openjdk version. - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.1.ea] - Created copy of java as alt-java and adapted alternatives and man pages - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b07. - Require tzdata 2020a so system tzdata matches resource updates in b07 - Resolves: rhbz#1838811 [1:1.8.0.262.b06-0.1.ea] - Sync SystemTap & desktop files with upstream IcedTea release 3.15.0, removing previous workarounds - Sync stapinstall handling with RHEL 8 implementation - Need to support noarch for creating source RPMs for non-scratch builds. - Resolves: rhbz#1838811 [1:1.8.0.262.b06-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b06. - Resolves: rhbz#1838811 [1:1.8.0.262.b05-0.1.ea] - Update to aarch64-shenandoah-jdk8u262-b05-shenandoah-merge-2020-06-04. - Resolves: rhbz#1838811 [1:1.8.0.262.b05-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b05. - Resolves: rhbz#1838811 [1:1.8.0.262.b04-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b04. - Resolves: rhbz#1838811 [1:1.8.0.262.b03-0.1.ea] - Update to aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20. - Resolves: rhbz#1838811 [1:1.8.0.262.b03-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b03. - Resolves: rhbz#1838811 [1:1.8.0.262.b02-0.1.ea] - Enable JFR in our builds, ahead of upstream default. - Only enable JFR for JIT builds, as it is not supported with Zero. - Turn off JFR on x86 for now due to assert(SerializePageShiftCount == count) crash. - Introduce jfr_arches for architectures which support JFR. - Resolves: rhbz#1838811 [1:1.8.0.262.b02-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b02. - Resolves: rhbz#1838811 [1:1.8.0.262.b01-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b01. - Switch to EA mode. - Adjust JDK-8143245/PR3548 patch following context changes due to JDK-8203287 for JFR - Adjust RH1648644 following context changes due to introduction of JFR packages - Add recently added binaries to alternatives set (clhsdb, hsdb, jfr) - Resolves: rhbz#1838811 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14583 CVE-2020-14593 CVE-2020-14556 CVE-2020-14578 CVE-2020-14579 CVE-2020-14577 CVE-2020-14621 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1:11.0.8.10-0.0.1] - link atomic for ix86 build [1:11.0.8.10-0] - Update to shenandoah-jdk-11.0.8+10 (GA) - Switch to GA mode for final release. - Update release notes with last minute fix (JDK-8248505). - This tarball is embargoed until 2020-07-14 @ 1pm PT. - Resolves: rhbz#1838811 [1:11.0.8.9-0.0.ea] - Update to shenandoah-jdk-11.0.8+9 (EA) - Update release notes for 11.0.8 release. - This tarball is embargoed until 2020-07-14 @ 1pm PT. - Resolves: rhbz#1838811 [1:11.0.8.8-0.0.ea] - Update to shenandoah-jdk-11.0.8+8 (EA) - Resolves: rhbz#1838811 [1:11.0.8.7-0.1.ea] - java-11-openjdk doesn't have a JRE tree, so don't try and copy alt-java there... - Resolves: rhbz#1838811 [1:11.0.8.7-0.1.ea] - Create a copy of java as alt-java with alternatives and man pages - Resolves: rhbz#1838811 [1:11.0.8.7-0.0.ea] - Update to shenandoah-jdk-11.0.8+7 (EA) - Resolves: rhbz#1838811 [1:11.0.8.6-0.0.ea] - Update to shenandoah-jdk-11.0.8+6 (EA) - Resolves: rhbz#1838811 [1:11.0.8.5-0.0.ea] - Update to shenandoah-jdk-11.0.8+5 (EA) - Resolves: rhbz#1838811 [1:11.0.8.4-0.0.ea] - Update to shenandoah-jdk-11.0.8+4 (EA) - Require tzdata 2020a due to resource changes in JDK-8243541 - Resolves: rhbz#1838811 [1:11.0.8.3-0.0.ea] - Update to shenandoah-jdk-11.0.8+3 (EA) - Resolves: rhbz#1838811 [1:11.0.8.2-0.0.ea] - Update to shenandoah-jdk-11.0.8+2 (EA) - Resolves: rhbz#1838811 [1:11.0.8.1-0.0.ea] - Update to shenandoah-jdk-11.0.8+1 (EA) - Switch to EA mode for 11.0.8 pre-release builds. - Drop JDK-8237396 & JDK-8228407 backports now applied upstream. - Resolves: rhbz#1838811 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14573 CVE-2020-14621 CVE-2020-14562 CVE-2020-14593 CVE-2020-14577 CVE-2020-14583 CVE-2020-14556 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [1:11.0.8.10-0] - Update to shenandoah-jdk-11.0.8+10 (GA) - Switch to GA mode for final release. - Update release notes with last minute fix (JDK-8248505). - This tarball is embargoed until 2020-07-14 @ 1pm PT. - Resolves: rhbz#1838811 [1:11.0.8.9-0.0.ea] - Update to shenandoah-jdk-11.0.8+9 (EA) - Update release notes for 11.0.8 release. - This tarball is embargoed until 2020-07-14 @ 1pm PT. - Resolves: rhbz#1838811 [1:11.0.8.8-0.0.ea] - Update to shenandoah-jdk-11.0.8+8 (EA) - Resolves: rhbz#1838811 [1:11.0.8.7-0.1.ea] - java-11-openjdk doesn't have a JRE tree, so don't try and copy alt-java there... - Resolves: rhbz#1838811 [1:11.0.8.7-0.1.ea] - Create a copy of java as alt-java with alternatives and man pages - Resolves: rhbz#1838811 [1:11.0.8.7-0.0.ea] - Update to shenandoah-jdk-11.0.8+7 (EA) - Resolves: rhbz#1838811 [1:11.0.8.6-0.0.ea] - Update to shenandoah-jdk-11.0.8+6 (EA) - Resolves: rhbz#1838811 [1:11.0.8.5-0.1.ea] - Disable stripping of debug symbols for static libraries part of the -static-libs sub-package. - Resolves: rhbz#1848701 [1:11.0.8.5-0.0.ea] - Update to shenandoah-jdk-11.0.8+5 (EA) - Resolves: rhbz#1838811 [1:11.0.8.4-0.0.ea] - Update to shenandoah-jdk-11.0.8+4 (EA) - Require tzdata 2020a due to resource changes in JDK-8243541 - Resolves: rhbz#1838811 [1:11.0.8.3-0.0.ea] - Update to shenandoah-jdk-11.0.8+3 (EA) - Resolves: rhbz#1838811 [1:11.0.8.2-0.1.ea] - Build static-libs-image and add resulting files via -static-libs sub-package. - Resolves: rhbz#1848701 [1:11.0.8.2-0.0.ea] - Update to shenandoah-jdk-11.0.8+2 (EA) - Resolves: rhbz#1838811 [1:11.0.8.1-0.0.ea] - Update to shenandoah-jdk-11.0.8+1 (EA) - Switch to EA mode for 11.0.8 pre-release builds. - Drop JDK-8237396 & JDK-8228407 backports now applied upstream. - Resolves: rhbz#1838811 [1:11.0.7.10-2] - Add JDK-8228407 backport to resolve crashes during verification. - Resolves: rhbz#1810557 [1:11.0.7.10-2] - Amend release notes, removing issue actually fixed in 11.0.6. - Resolves: rhbz#1810557 [1:11.0.7.10-2] - Add release notes. - Resolves: rhbz#1810557 [1:11.0.7.10-2] - Make use of --with-extra-asflags introduced in jdk-11.0.6+1. - Resolves: rhbz#1810557 [1:11.0.7.10-1] - Update to shenandoah-jdk-11.0.7+10 (GA) - Switch to GA mode for final release. - Resolves: rhbz#1810557 [1:11.0.7.9-0.1.ea] - Update to shenandoah-jdk-11.0.7+9 (EA) - Resolves: rhbz#1810557 [1:11.0.7.8-0.1.ea] - Update to shenandoah-jdk-11.0.7+8 (EA) - Resolves: rhbz#1810557 [1:11.0.7.7-0.1.ea] - Update to shenandoah-jdk-11.0.7+7 (EA) - Resolves: rhbz#1810557 [1:11.0.7.6-0.1.ea] - Update to shenandoah-jdk-11.0.7+6 (EA) - Resolves: rhbz#1810557 [1:11.0.7.5-0.1.ea] - Update to shenandoah-jdk-11.0.7+5 (EA) - Resolves: rhbz#1810557 [1:11.0.7.4-0.1.ea] - Update to shenandoah-jdk-11.0.7+4 (EA) - Resolves: rhbz#1810557 [1:11.0.7.3-0.1.ea] - Update to shenandoah-jdk-11.0.7+3 (EA) - Resolves: rhbz#1810557 [1:11.0.7.2-0.1.ea] - Update to shenandoah-jdk-11.0.7+2 (EA) - Resolves: rhbz#1810557 [1:11.0.7.1-0.1.ea] - Update to shenandoah-jdk-11.0.7+1 (EA) - Switch to EA mode for 11.0.7 pre-release builds. - Drop JDK-8236039 backport now applied upstream. - Resolves: rhbz#1810557 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14583 CVE-2020-14573 CVE-2020-14577 CVE-2020-14593 CVE-2020-14556 CVE-2020-14562 CVE-2020-14621 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1:1.8.0.262.b10-0.1] - Update to aarch64-shenandoah-jdk8u262-b10. - Switch to GA mode for final release. - Update release notes for 8u262 release. - Fix typo in jfr_arches which leads to ppc64 being wrongly excluded. - Split JDK-8042159 patch into per-repo patches as upstream. - Update JDK-8042159 JDK patch to apply after JDK-8238002 changes to Awt2dLibraries.gmk - Resolves: rhbz#1838811 [1:1.8.0.262.b09-0.1.ea] - Update to aarch64-shenandoah-jdk8u262-b09-shenandoah-merge-2020-07-03 - Resolves: rhbz#1838811 [1:1.8.0.262.b09-0.0.ea] - With JDK-8248399 fixed, a broken jfr binary is no longer installed on architectures without JFR. - Resolves: rhbz#1838811 [1:1.8.0.262.b09-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b09. - Resolves: rhbz#1838811 [1:1.8.0.262.b08-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b08. - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.2.ea] - Update to aarch64-shenandoah-jdk8u262-b07-shenandoah-merge-2020-06-18. - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.1.ea] - Sync alt-java support with java-11-openjdk version. - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.1.ea] - Created copy of java as alt-java and adapted alternatives and man pages - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b07. - Require tzdata 2020a so system tzdata matches resource updates in b07 - Resolves: rhbz#1838811 [1:1.8.0.262.b06-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b06. - Resolves: rhbz#1838811 [1:1.8.0.262.b05-0.1.ea] - Update to aarch64-shenandoah-jdk8u262-b05-shenandoah-merge-2020-06-04. - Resolves: rhbz#1838811 [1:1.8.0.262.b05-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b05. - Resolves: rhbz#1838811 [1:1.8.0.262.b04-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b04. - Resolves: rhbz#1838811 [1:1.8.0.262.b03-0.1.ea] - Update to aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20. - Resolves: rhbz#1838811 [1:1.8.0.262.b03-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b03. - Resolves: rhbz#1838811 [1:1.8.0.262.b02-0.1.ea] - Enable JFR in our builds, ahead of upstream default. - Only enable JFR for JIT builds, as it is not supported with Zero. - Turn off JFR on x86 for now due to assert(SerializePageShiftCount == count) crash. - Explicitly list jfr.jar, default.jfc & profile.jfc in the spec file. - Introduce jfr_arches for architectures which support JFR. - Use sa_arches for libsaproc.so inclusion. - Resolves: rhbz#1838811 [1:1.8.0.262.b02-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b02. - Resolves: rhbz#1838811 [1:1.8.0.262.b01-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b01. - Switch to EA mode. - Adjust JDK-8143245/PR3548 patch following context changes due to JDK-8203287 for JFR - Adjust RH1648644 following context changes due to introduction of JFR packages - Add jfr binary to devel package and alternatives set - Resolves: rhbz#1838811 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14556 CVE-2020-14577 CVE-2020-14593 CVE-2020-14621 cpe:/a:oracle:linux:8::appstream Oracle Linux 6 [1:1.8.0.262.b10-0] - Update to aarch64-shenandoah-jdk8u262-b10. - Switch to GA mode for final release. - Update release notes for 8u262 release. - Fix typo in jfr_arches which leads to ppc64 being wrongly excluded. - Split JDK-8042159 patch into per-repo patches as upstream. - Update JDK-8042159 JDK patch to apply after JDK-8238002 changes to Awt2dLibraries.gmk - Resolves: rhbz#1838811 [1:1.8.0.262.b09-0.1.ea] - Update to aarch64-shenandoah-jdk8u262-b09-shenandoah-merge-2020-07-03 - Resolves: rhbz#1838811 [1:1.8.0.262.b09-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b09. - With JDK-8248399 fixed, a broken jfr binary is no longer installed on architectures without JFR. - Resolves: rhbz#1838811 [1:1.8.0.262.b08-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b08. - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.2.ea] - Update to aarch64-shenandoah-jdk8u262-b07-shenandoah-merge-2020-06-18. - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.1.ea] - Sync alt-java support with java-11-openjdk version. - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.1.ea] - Created copy of java as alt-java and adapted alternatives and man pages - Resolves: rhbz#1838811 [1:1.8.0.262.b07-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b07. - Require tzdata 2020a so system tzdata matches resource updates in b07 - Resolves: rhbz#1838811 [1:1.8.0.262.b06-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b06. - Resolves: rhbz#1838811 [1:1.8.0.262.b05-0.1.ea] - Update to aarch64-shenandoah-jdk8u262-b05-shenandoah-merge-2020-06-04. - Resolves: rhbz#1838811 [1:1.8.0.262.b05-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b05. - Resolves: rhbz#1838811 [1:1.8.0.262.b04-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b04. - Resolves: rhbz#1838811 [1:1.8.0.262.b03-0.1.ea] - Update to aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20. - Resolves: rhbz#1838811 [1:1.8.0.262.b03-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b03. - Resolves: rhbz#1838811 [1:1.8.0.262.b02-0.1.ea] - Enable JFR in our builds, ahead of upstream default. - Only enable JFR for JIT builds, as it is not supported with Zero. - Turn off JFR on x86 for now due to assert(SerializePageShiftCount == count) crash. - Introduce jfr_arches for architectures which support JFR. - Resolves: rhbz#1838811 [1:1.8.0.262.b02-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b02. - Resolves: rhbz#1838811 [1:1.8.0.262.b01-0.0.ea] - Update to aarch64-shenandoah-jdk8u262-b01. - Switch to EA mode. - Add recently added binaries to alternatives set (clhsdb, hsdb, jfr) - Resolves: rhbz#1838811 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14593 CVE-2020-14583 CVE-2020-14577 CVE-2020-14578 CVE-2020-14621 CVE-2020-14556 CVE-2020-14579 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 8 [4.18.0-193.13.2_2.OL8] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] [4.18.0-193.13.2_2] - Rebuild to get kernel image properly signed (Bruno Meneguele) [4.18.0-193.13.1_2] - [x86] x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (Lenny Szubowicz) [1846180 1824005] [4.18.0-193.12.1_2] - [net] openvswitch: simplify the ovs_dp_cmd_new (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: fix possible memleak on destroy flow-table (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: add likely in flow_lookup (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: simplify the flow_hash (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: optimize flow-mask looking up (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: optimize flow mask cache hash collision (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: shrink the mask array if necessary (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: convert mask list in mask array (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: add flow-mask cache for performance (Eelco Chaudron) [1851235 1819202] - [net] netfilter: nf_tables: use-after-free in dynamic operations (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: add missing ->release_ops() in error path of newrule() (Phil Sutter) [1845164 1757933] - [net] netfilter: nft_compat: use .release_ops and remove list of extension (Phil Sutter) [1845164 1757933] - [vfio] vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [1837309 1837310] {CVE-2020-12888} - [pci] PCI: pciehp: Fix MSI interrupt race (Myron Stowe) [1852045 1779610] - [kernel] smp: Allow smp_call_function_single_async() to insert locked csd (Peter Xu) [1851406 1830014] - [x86] kvm: Clean up host's steal time structure (Jon Maloy) [1795128 1813987] {CVE-2019-3016} - [x86] kvm: Make sure KVM_VCPU_FLUSH_TLB flag is not missed (Jon Maloy) [1795128 1813987] {CVE-2019-3016} - [virt] x86/kvm: Cache gfn to pfn translation (Jon Maloy) [1795128 1813987] {CVE-2019-3016} - [virt] x86/kvm: Introduce kvm_(un)map_gfn() (Jon Maloy) [1795128 1813987] {CVE-2019-3016} - [x86] kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit (Jon Maloy) [1795128 1813987] {CVE-2019-3016} [4.18.0-193.11.1_2] - [net] netfilter: conntrack: fix infinite loop on rmmod (Florian Westphal) [1851005 1832381] - [net] netfilter: conntrack: allow insertion of clashing entries (Florian Westphal) [1851003 1821404] - [net] netfilter: conntrack: split resolve_clash function (Florian Westphal) [1851003 1821404] - [net] netfilter: conntrack: place confirm-bit setting in a helper (Florian Westphal) [1851003 1821404] - [net] netfilter: never get/set skb->tstamp (Florian Westphal) [1851003 1821404] - [net] netfilter: conntrack: remove two args from resolve_clash (Florian Westphal) [1851003 1821404] - [net] netfilter: conntrack: tell compiler to not inline nf_ct_resolve_clash (Florian Westphal) [1851003 1821404] - [x86] mm: Fix mremap not considering huge pmd devmap (Rafael Aquini) [1843440 1843441] {CVE-2020-10757} - [x86] x86/vector: Remove warning on managed interrupt migration (Peter Xu) [1848545 1812331] - [s390] s390/cio: fix virtio-ccw DMA without PV (Philipp Rudo) [1842620 1814787] [4.18.0-193.10.1_2] - [misc] dma-mapping: zero memory returned from dma_alloc_* (Philipp Rudo) [1847453 1788928] - [nvme] nvme-multipath: fix crash in nvme_mpath_clear_ctrl_paths (Gopal Tiwari) [1846405 1781927] - [net] netfilter: nf_tables: fix infinite loop when expr is not available (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: autoload modules from the abort path (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: remove WARN and add NLA_STRING upper limits (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: store transaction list locally while requesting module (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: use-after-free in failing rule with bound set (Phil Sutter) [1845164 1757933] - [net] netfilter: nft_meta: skip EAGAIN if nft_meta_bridge is not a module (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: force module load in case select_ops() returns -EAGAIN (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: add nft_expr_type_request_module() (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: bogus EBUSY in helper removal from transaction (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: fix set double-free in abort path (Phil Sutter) [1845164 1757933] - [net] netfilter: nft_compat: don't use refcount_inc on newly allocated entry (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: unbind set in rule from commit path (Phil Sutter) [1845164 1757933] - [net] netfilter: nft_compat: destroy function must not have side effects (Phil Sutter) [1845164 1757933] - [net] netfilter: nft_compat: make lists per netns (Phil Sutter) [1845164 1757933] - [net] netfilter: nft_compat: use refcnt_t type for nft_xt reference count (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: fix suspicious RCU usage in nft_chain_stats_replace() (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: asynchronous release (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: split set destruction in deactivate and destroy phase (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: flow event notifier must use transaction mutex (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: use dedicated mutex to guard transactions (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: avoid global info storage (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: take module reference when starting a batch (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: make valid_genid callback mandatory (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: add and use helper for module autoload (Phil Sutter) [1845164 1757933] - [net] netfilter: nat: never update the UDP checksum when it's 0 (Guillaume Nault) [1847128 1794714] - [x86] x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches (Waiman Long) [1847395 1847396] {CVE-2020-10768} - [x86] x86/speculation: Prevent rogue cross-process SSBD shutdown (Waiman Long) [1847357 1847358] {CVE-2020-10766} - [x86] x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS (Waiman Long) [1847378 1847379] {CVE-2020-10767} - [x86] x86/speculation: Add support for STIBP always-on preferred mode (Waiman Long) [1847378 1847379] {CVE-2020-10767} - [x86] x86/speculation: Change misspelled STIPB to STIBP (Waiman Long) [1847378 1847379] {CVE-2020-10767} - [powerpc] powerpc/pseries/ddw: Extend upper limit for huge DMA window for persistent memory (Steve Best) [1842406 1817596] [4.18.0-193.9.1_2] - [wireless] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() (Jarod Wilson) [1844073 1844031] {CVE-2020-12654} - [wireless] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Jarod Wilson) [1844049 1844039] {CVE-2020-12653} - [netdrv] net/mlx5: FPGA, support network cards with standalone FPGA (Alaa Hleihel) [1843544 1789380] - [mm] hugetlbfs: don't retry when pool page allocations start to fail (Rafael Aquini) [1835789 1727288] - [mm] mm, compaction: raise compaction priority after it withdrawns (Rafael Aquini) [1835789 1727288] - [mm] mm, reclaim: cleanup should_continue_reclaim() (Rafael Aquini) [1835789 1727288] - [mm] mm, reclaim: make should_continue_reclaim perform dryrun detection (Rafael Aquini) [1835789 1727288] - [kernel] exit: panic before exit_mm() on global init exit (Oleg Nesterov) [1821378 1808944] - [documentation] x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} - [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} - [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} - [x86] x86/cpu: Add 'table' argument to cpu_matches() (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} - [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} [4.18.0-193.8.1_2] - [vfio] vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [1837309 1837310] {CVE-2020-12888} - [vfio] vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [1837309 1837310] {CVE-2020-12888} - [vfio] vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [1837309 1837310] {CVE-2020-12888} - [vfio] vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Alex Williamson) [1837309 1837310] {CVE-2020-12888} - [vfio] vfio/pci: call irq_bypass_unregister_producer() before freeing irq (Alex Williamson) [1837309 1837310] {CVE-2020-12888} - [vfio] vfio_pci: Enable memory accesses before calling pci_map_rom (Alex Williamson) [1837309 1837310] {CVE-2020-12888} [4.18.0-193.7.1_2] - [sound] ALSA: timer: Fix incorrectly assigned timer instance (Jaroslav Kysela) [1821714 1798468] {CVE-2019-19807} - [netdrv] ibmvnic: Do not process device remove during device reset (Steve Best) [1836229 1813223] - [net] ipv4: really enforce backoff for redirects (Paolo Abeni) [1836302 1834184] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19807 CVE-2020-10757 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2019-3016 CVE-2020-12654 CVE-2020-12653 CVE-2020-12888 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:2:baseos_patch cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1:1.22.8-5] - dhcp: fix handling IO error in nettools DHCPv4 client (rh #1843357) - ifcfg-rh: handle '802-1x.{,phase2-}ca-path' (rh #1843360, CVE-2020-10754) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-10754 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:2:baseos_patch cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.12.8-10.0.1.el8_2] - fix netlink poll: error 4 (Zhenzhong Duan) [1:1.12.8-10] - Fix CVE-2020-12049 (#1851996) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12049 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:2:baseos_patch Oracle Linux 8 cjose [0.6.1-2] - fix concatkdf big endian architecture problem. Upstream issue #77. [0.6.1-1] - upgrade to latest upstream 0.6.1 [0.5.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [0.5.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [0.5.1-1] - Initial packaging mod_auth_openidc [2.3.7-4.3] - Actually apply the previous patch, sigh - Related: rhbz#1820666 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes [rhel-8.2.0.z] - Related: rhbz#1820662 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc: open redirect issue exists in URLs with slash and backslash [rhel-8.2.0.z] [2.3.7-4.2] - Fix the previous backport - Related: rhbz#1820666 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes [rhel-8.2.0.z] - Related: rhbz#1820662 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc: open redirect issue exists in URLs with slash and backslash [rhel-8.2.0.z] [2.3.7-4.1] - Resolves: rhbz#1820666 - CVE-2019-14857 mod_auth_openidc:2.3/mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes [rhel-8.2.0.z] - Resolves: rhbz#1820662 - CVE-2019-20479 mod_auth_openidc:2.3/mod_auth_openidc: open redirect issue exists in URLs with slash and backslash [rhel-8.2.0.z] MODERATE Copyright 2020 Oracle, Inc. CVE-2019-14857 CVE-2019-20479 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_beta cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [68.10.0-1.0.1.el8_2] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.10.0-1] - Update to 68.10.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12420 CVE-2020-12417 CVE-2020-12419 CVE-2020-12421 CVE-2020-12418 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 buildah [1.14.9-1.0.1] - Fixes troubles with oracle registry login [Orabug: 29937283] [1.14.9-1] - update to https://github.com/containers/buildah/releases/tag/v1.14.9 - Related: RHELPLAN-39206 [1.14.8-2] - make container-selinux a soft dependency - Related: #1806044 [1.14.8-1] - update to https://github.com/containers/buildah/releases/tag/v1.14.8 - Related: RHELPLAN-39206 [1.14.7-1] - initial rhel8-8.2.1 build - update to https://github.com/containers/buildah/releases/tag/v1.14.7 - Related: RHELPLAN-39206 cockpit-podman [17-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/17 - Related: RHELPLAN-39206 [16-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/v16 - Related: RHELPLAN-39206 [15-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/15 - Related: RHELPLAN-39206 [12-1] - Configure CPU share for system containers - Translation updates conmon [2:2.0.17-1.0.1] - Remove upstream references [Orabug: 30871880] [2:2.0.17-1] - update to https://github.com/containers/conmon/releases/tag/v2.0.17 - Related: RHELPLAN-39206 [2:2.0.16-1] - update to https://github.com/containers/conmon/releases/tag/v2.0.16 - Related: RHELPLAN-39206 [2:2.0.15-1] - update to 2.0.15 - Related: #1821204 containernetworking-plugins [0.8.6-1] - update to https://github.com/containernetworking/plugins/releases/tag/v0.8.6 - Related: RHELPLAN-39206 [0.8.5-1] - update to https://github.com/containernetworking/plugins/archive/v0.8.5.tar.gz - Related: RHELPLAN-39206 container-selinux [2:2.135.0-1] - update to https://github.com/containers/container-selinux/releases/tag/v2.135.0 - Related: RHELPLAN-39206 [2:2.134.0-1] - update to https://github.com/containers/container-selinux/releases/tag/v2.134.0 - Related: RHELPLAN-39206 [2:2.132.0-2] - sync with Fedora and install selinux contexts file into /usr/share/containers/selinux/contexts (thanks to Dan Walsh) - do not print error in RPM transaction log when customizable_types file is missing - Related: RHELPLAN-39206 [2:2.132.0-1] - update to https://github.com/containers/container-selinux/releases/tag/v2.132.0 - Related: RHELPLAN-39206 [2:2.131.0-1] - update to https://github.com/containers/container-selinux/releases/tag/v2.131.0 - Related: RHELPLAN-39206 [2:2.130.0-1] - update to https://github.com/containers/container-selinux/releases/tag/v2.130.0 - dont use macros in changelog - Related: #1821204 criu [3.14-2] - fix 'Need to fix bugs found by coverity.' - Resolves: #1838991 [3.14-1] - update to https://github.com/checkpoint-restore/criu/releases/tag/v3.14 - Related: RHELPLAN-39206 [3.13-1] - update to 3.13 - Related: RHELPLAN-39206 fuse-overlayfs [1.0.0-2] - remove bogus Provides from spec - Related: RHELPLAN-39206 [1.0.0-1] - update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.0.0 - Related: RHELPLAN-39206 libslirp [4.3.0-3] - fix static analysis issues merged upstream (https://gitlab.freedesktop.org/slirp/libslirp/-/merge_requests/41) - Related: #1823657 [4.3.0-2] - initial libslirp build for container-tools 8.2.1 module - Resolves: #1823657 [4.3.0-1] - New v4.3.0 release podman [1.9.3-2.0.1] - delivering fix for [Orabug: 29874238] by Nikita Gerasimov <nikita.gerasimov@oracle.com> [1.9.3-2] - fix 'Signature verification incorrectly uses mirrors references' - Resolves: #1829061 [1.9.3-1] - update to https://github.com/containers/libpod/releases/tag/v1.9.3 - Related: RHELPLAN-39206 [1.9.2-3] - fix 'Podman support for FIPS Mode requires a bind mount inside the container' - version the oci-systemd-hook obsolete - Related: #1784950 - Related: #1836180 [1.9.2-2] - obsolete oci-systemd-hook package - Resolves: #1836180 [1.9.2-1] - update to https://github.com/containers/libpod/releases/tag/v1.9.2 - Related: RHELPLAN-39206 [1.9.1-2] - make container-selinux a soft dependency - Related: #1806044 [1.9.1-1] - update to https://github.com/containers/libpod/releases/tag/v1.9.1 - Related: RHELPLAN-39206 [1.9.0-2] - remove containers-mounts.conf man page, this is shipped by skopeo: containers-common subpackage - Related: RHELPLAN-39206 [1.9.0-1] - update to https://github.com/containers/libpod/releases/tag/v1.9.0 - Related: RHELPLAN-39206 python-podman-api [1.2.0-0.2.gitd0a45fe] - revert update to 1.6.0 due to new python3-pbr dependency which is not in RHEL - Related: RHELPLAN-25139 [1.2.0-0.1.gitd0a45fe] - Initial package runc [1.0.0-66.rc10] - drop container-selinux runtime dependency - Related: #1806044 [1.0.0-65.rc10] - address CVE-2019-19921 by updating to rc10 - Resolves: #1801887 [1.0.0-64.rc9] - use no_openssl in BUILDTAGS (no vendored crypto in runc) - Related: RHELPLAN-25139 [1.0.0-63.rc9] - be sure to use golang >= 1.12.12-4 - Related: RHELPLAN-25139 [1.0.0-62.rc9] - rebuild because of CVE-2019-9512 and CVE-2019-9514 - Resolves: #1766331, #1766303 [1.0.0-61.rc9] - update to runc 1.0.0-rc9 release - amend golang deps - fixes CVE-2019-16884 - Resolves: #1759651 [1.0.0-60.rc8] - Resolves: #1721247 - enable fips mode [1.0.0-59.rc8] - Resolves: #1720654 - rebase to v1.0.0-rc8 [1.0.0-57.rc5.dev.git2abd837] - Resolves: #1693424 - podman rootless: cannot specify gid= mount options [1.0.0-56.rc5.dev.git2abd837] - change-default-root patch not needed as theres no docker on rhel8 [1.0.0-55.rc5.dev.git2abd837] - Resolves: CVE-2019-5736 [1.0.0-54.rc5.dev.git2abd837] - re-enable debuginfo [1.0.0-53.rc5.dev.git2abd837] - go toolset not in scl anymore [1.0.0-52.rc5.dev.git2abd837] - rebase skopeo [1:1.0.0-1.0.1] - Add oracle registry into the conf file [Orabug: 29845934 31306708] - Fix oracle registry login issues [Orabug: 29937192] [1:1.0.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.0.0 - Related: RHELPLAN-39206 [1:0.2.0-5] - follow Dans suggestion to deliver seccomp.json and storage.conf from Fedora and not directly from upstream yet - Related: RHELPLAN-39206 [1:0.2.0-4] - re-include ppc64 arch, golang doesnt seem broken there any more - synchronize man pages and config files with upstream - Related: RHELPLAN-39206 [1:0.2.0-3] - include and ship containers.conf - Resolves: #1826486 [1:0.2.0-2] - add docker.io into the default registry list - Related: RHELPLAN-39206 [1:0.2.0-1] - update to https://github.com/containers/skopeo/releases/tag/v0.2.0 - initial rhel8-8.2.1 build - Related: RHELPLAN-39206 slirp4netns [1.0.1-1] - update to https://github.com/rootless-containers/slirp4netns/archive/v1.0.1.tar.gz - Related: RHELPLAN-39206 [0.4.3-1] - update to https://github.com/rootless-containers/slirp4netns/archive/v0.4.3.tar.gz - Related: RHELPLAN-39206 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-1983 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [42.2.3-3] - fixed XXE vulnerability unit test [42.2.3-2] - fixed XXE vulnerability (CVE-2020-13692) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13692 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [5.1.1-12] - Fix for CVE-2020-5313 Resolves: rhbz#1789532 [5.1.1-11] - Fix for CVE-2020-11538 Resolves: rhbz#1852814 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-5313 CVE-2020-11538 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [4.18.0-193.14.3_2.OL8] - Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7 [4.18.0-193.14.3_2] - Reverse keys order for dual-signing (Frantisek Hrbata) [1837433 1837434] {CVE-2020-10713} [4.18.0-193.14.2_2] - [kernel] Move to dual-signing to split signing keys up better (pjones) [1837433 1837434] {CVE-2020-10713} - [crypto] pefile: Tolerate other pefile signatures after first (Lenny Szubowicz) [1837433 1837434] {CVE-2020-10713} - [acpi] ACPI: configfs: Disallow loading ACPI tables when locked down (Lenny Szubowicz) [1852968 1852969] {CVE-2020-15780} - [firmware] efi: Restrict efivar_ssdt_load when the kernel is locked down (Lenny Szubowicz) [1852948 1852949] {CVE-2019-20908} [4.18.0-193.14.1_2] - [md] dm mpath: add DM device name to Failing/Reinstating path log messages (Mike Snitzer) [1852050 1822975] - [md] dm mpath: enhance queue_if_no_path debugging (Mike Snitzer) [1852050 1822975] - [md] dm mpath: restrict queue_if_no_path state machine (Mike Snitzer) [1852050 1822975] - [md] dm mpath: simplify __must_push_back (Mike Snitzer) [1852050 1822975] - [md] dm: use DMDEBUG macros now that they use pr_debug variants (Mike Snitzer) [1852050 1822975] - [include] dm: use dynamic debug instead of compile-time config option (Mike Snitzer) [1852050 1822975] - [md] dm mpath: switch paths in dm_blk_ioctl() code path (Mike Snitzer) [1852050 1822975] - [md] dm multipath: use updated MPATHF_QUEUE_IO on mapping for bio-based mpath (Mike Snitzer) [1852050 1822975] - [md] dm: bump version of core and various targets (Mike Snitzer) [1852050 1822975] - [md] dm mpath: Add timeout mechanism for queue_if_no_path (Mike Snitzer) [1852050 1822975] - [md] dm mpath: use true_false for bool variable (Mike Snitzer) [1852050 1822975] - [md] dm mpath: remove harmful bio-based optimization (Mike Snitzer) [1852050 1822975] - [scsi] scsi: libiscsi: fall back to sendmsg for slab pages (Maurizio Lombardi) [1852048 1825775] - [s390] s390/mm: fix panic in gup_fast on large pud (Philipp Rudo) [1853336 1816980] MODERATE Copyright 2020 Oracle, Inc. CVE-2019-20908 CVE-2020-15780 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:2:baseos_patch cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 7 [3.10.0-1127.18.2.OL7] - Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3 [3.10.0-1127.18.2] - [crypto] pefile: Tolerate other pefile signatures after first (Lenny Szubowicz) [1837429 1837430] {CVE-2020-10713} - [kernel] Move to dual-signing to split signing keys up better (pjones) [1837429 1837430] {CVE-2020-10713} [3.10.0-1127.18.1] - [fs] locks: allow filesystems to request that ->setlease be called without i_lock (Jeff Layton) [1838602 1830606] - [fs] locks: move fasync setup into generic_add_lease (Jeff Layton) [1838602 1830606] [3.10.0-1127.17.1] - [vfio] vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [1852245 1820632] - [fs] aio: fix inconsistent ring state (Jeff Moyer) [1850055 1845326] - [wireless] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() (Jarod Wilson) [1844069 1844070] {CVE-2020-12654} - [wireless] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Jarod Wilson) [1844025 1844026] {CVE-2020-12653} - [x86] mm: Fix mremap not considering huge pmd devmap (Rafael Aquini) [1843436 1843437] {CVE-2020-10757} - [mm] mm, dax: check for pmd_none() after split_huge_pmd() (Rafael Aquini) [1843436 1843437] {CVE-2020-10757} - [mm] mm: mremap: streamline move_page_tables()'s move_huge_pmd() corner case (Rafael Aquini) [1843436 1843437] {CVE-2020-10757} - [mm] mm: mremap: validate input before taking lock (Rafael Aquini) [1843436 1843437] {CVE-2020-10757} [3.10.0-1127.16.1] - [kernel] sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision (Artem Savkov) [1850500 1752067] - [block] virtio-blk: improve virtqueue error to BLK_STS (Philipp Rudo) [1842994 1818001] - [block] virtio-blk: fix hw_queue stopped on arbitrary error (Philipp Rudo) [1842994 1818001] [3.10.0-1127.15.1] - [fs] ext4: fix setting of referenced bit in ext4_es_lookup_extent() (Lukas Czerner) [1847343 1663720] - [fs] ext4: introduce aging to extent status tree (Lukas Czerner) [1847343 1663720] - [fs] ext4: cleanup flag definitions for extent status tree (Lukas Czerner) [1847343 1663720] - [fs] ext4: limit number of scanned extents in status tree shrinker (Lukas Czerner) [1847343 1663720] - [fs] ext4: move handling of list of shrinkable inodes into extent status code (Lukas Czerner) [1847343 1663720] - [fs] ext4: change LRU to round-robin in extent status tree shrinker (Lukas Czerner) [1847343 1663720] - [net] netfilter: nat: never update the UDP checksum when it's 0 (Guillaume Nault) [1847333 1834278] - [char] ipmi_si: Only schedule continuously in the thread in maintenance mode (Alexey Klimov) [1841825 1837127] - [scsi] scsi: ibmvfc: Fix NULL return compiler warning (Steve Best) [1830889 1810643] - [scsi] scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (Steve Best) [1830889 1810643] - [hid] HID: hiddev: do cleanup in failure of opening a device (Torez Smith) [1803448 1814257] {CVE-2019-19527} - [hid] HID: hiddev: avoid opening a disconnected device (Torez Smith) [1803448 1814257] {CVE-2019-19527} [3.10.0-1127.14.1] - [fs] NFS: Fix a race between mmap() and O_DIRECT (Benjamin Coddington) [1845520 1813803] - [fs] NFS: Remove a redundant call to unmap_mapping_range() (Benjamin Coddington) [1845520 1813803] - [fs] NFS: Remove redundant waits for O_DIRECT in fsync() and write_begin() (Benjamin Coddington) [1845520 1813803] - [fs] NFS: Cleanup nfs_direct_complete() (Benjamin Coddington) [1845520 1813803] - [fs] NFS: Do not serialise O_DIRECT reads and writes (Benjamin Coddington) [1845520 1813803] - [fs] NFS: Move buffered I/O locking into nfs_file_write() (Benjamin Coddington) [1845520 1813803] - [fs] bdi: make inode_to_bdi() inline (Benjamin Coddington) [1845520 1813803] - [fs] NFS: Remove racy size manipulations in O_DIRECT (Benjamin Coddington) [1845520 1813803] - [fs] NFS: Don't hold the inode lock across fsync() (Benjamin Coddington) [1845520 1813803] - [fs] nfs: remove nfs_inode_dio_wait (Benjamin Coddington) [1845520 1813803] - [fs] nfs: remove nfs4_file_fsync (Benjamin Coddington) [1845520 1813803] - [fs] NFS: Kill NFS_INO_NFS_INO_FLUSHING: it is a performance killer (Benjamin Coddington) [1845520 1813803] - [infiniband] RDMA/bnxt_re: Fix chip number validation Broadcom's Gen P5 series (Jonathan Toppins) [1834190 1823679] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10757 CVE-2019-19527 CVE-2020-12653 CVE-2020-12654 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest Oracle Linux 6 [68.11.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one * Thu Jul 23 2020 Jan Horak <jhorak@redhat.com> - Update to 68.11.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6514 CVE-2020-6463 CVE-2020-15652 CVE-2020-15659 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 8 [68.11.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [68.11.0-1] - Update to 68.11.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6514 CVE-2020-15652 CVE-2020-6463 CVE-2020-15659 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [68.11.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file * Thu Jul 23 2020 Jan Horak <jhorak@redhat.com> - Update to 68.11.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6463 CVE-2020-6514 CVE-2020-15652 CVE-2020-15659 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 nspr [4.25.0-2] - Rebuild [4.25.0-1] - Update to NSPR 4.25 nss [3.53.1-11] - Fix issue with upgradedb where upgradedb expects standard to generate dbm databases, not sql databases (default in RHEL8) [3.53.1-10] - Disable dh timing test because it's unreliable on s390 [3.53.1-9] - Explicitly enable upgradedb/sharedb test cycles [3.53.1-8] - Disable Delegated Credentials for TLS [3.53.1-7] - Fix attribute decryption issue where the private key components integrity check on private attributes where not being checked. [3.53.1-6] - Update nss-rsa-pkcs1-sigalgs.patch to the upstream version [3.53.1-5] - Include required checks for dh and ecdh key generation in FIPS mode. [3.53.1-4] - Add better checks for dh derive operations in FIPS mode. [3.53.1-3] - Disable NSS_HASH_ALG_SUPPORT as well for MD5 (#1849938) - Adjust for update-crypto-policies packaging change (#1848649) - Fix compilation with -Werror=strict-prototypes (#1843417) [3.53.1-2] - Fix regression in MD5 disablement (#1849938) - Include rsa_pkcs1_* in signature_algorithms extension (#1847945) [3.53.1-1] - Update to NSS 3.53.1 [3.53.0-1] - Update to NSS 3.53 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-17006 CVE-2020-12402 CVE-2019-17023 CVE-2019-11756 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [0.9.9-14.1] - Fix CVE-2017-18922 Resolves: #1852509 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2017-18922 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 6 [8.4.704-4] - require explicitly jdk-1.6 due to ABI bytecode compatibility [8.4.704-3] - fixed XXE vulnerability (CVE-2020-13692) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13692 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [9.2.1002-8] - require explicitly jdk-1.7 due to ABI bytecode compatibility [9.2.1002-7] - fixed XXE vulnerability (CVE-2020-13692) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13692 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [68.11.0-1.0.1.el8_2] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.11.0-1] - Update to 68.11.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15652 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [68.11.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.11.0-1] - Update to 68.11.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6463 CVE-2020-6514 CVE-2020-15652 CVE-2020-15659 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 6 [68.11.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.11.0-1] - Update to 68.11.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-6514 CVE-2020-15659 CVE-2020-6463 CVE-2020-15652 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 8 [0.9.11-15.1] - Fix NVR Related: #1852356 [0.9.11-15] - Fix CVE-2017-18922 Resolves: #1852356 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2017-18922 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [3.1.107-1.0.1] - Update patch to support 8.2 (alexander.burmashev@oracle.com) - support OL release scheme (alexander.burmashev@oracle.com) [3.1.107-1] - Update to .NET Core Runtime 3.1.7 and SDK 3.1.107 - Resolves: RHBZ#1862593 - Resolves: RHBZ#1861113 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1597 cpe:/a:oracle:linux:8::appstream Oracle Linux 6 [2.6.32-754.33.1.OL6] - Update genkey [bug 25599697] [2.6.32-754.33.1] - [message] scsi: mptscsih: Fix read sense data size (Tomas Henzl) [1824907] [2.6.32-754.32.1] - [wireless] libertas: make lbs_ibss_join_existing() return error code on rates overflow (Jarod Wilson) [1776569] - [wireless] libertas: don't exit from lbs_ibss_join_existing() with RCU read lock held (Jarod Wilson) [1776569] - [wireless] libertas: Fix two buffer overflows at parsing bss descriptor (Jarod Wilson) [1776569] - [security] keys: Protect request_key() against a type with no match function (Patrick Talbert) [1433220] {CVE-2017-2647} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-14896 CVE-2017-2647 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 Oracle Linux 7 [68.12.0-1.0.3] - Build with rust-toolset 1.43 [68.12.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Improve bindgen configuration wrt clang (bmo#1526857) - Lift MOZ_SMP_FLAGS limit [68.12.0] - Update to 68.12.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15669 CVE-2020-15664 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [78.2.0-2.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.2.0-2] - Update to 78.2.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15664 CVE-2020-12422 CVE-2020-15653 CVE-2020-15656 CVE-2020-15654 CVE-2020-12425 CVE-2020-12424 CVE-2020-15658 CVE-2020-15648 CVE-2020-15669 cpe:/a:oracle:linux:8::appstream Oracle Linux 6 [68.12.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one * Thu Aug 20 2020 Jan Horak <jhorak@redhat.com> - Update to 68.12.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15664 CVE-2020-15669 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [1:2.2.36-6.1] - fix CVE-2020-12100 resource exhaustion via deeply nested MIME parts (#1871841) - fix CVE-2020-12673 out of bound reads in dovecot NTLM implementation (#1871843) - fix CVE-2020-12674 crash due to assert in RPA implementation (#1871842) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12673 CVE-2020-12100 CVE-2020-12674 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 libecap squid [7:4.4-8.2] - Resolves: #1872345 - CVE-2020-15811 squid:4/squid: HTTP Request Splitting could result in cache poisoning - Resolves: #1872330 - CVE-2020-15810 squid:4/squid: HTTP Request Smuggling could result in cache poisoning [7:4.4-8.1] - Resolves: #1828368 - CVE-2019-12519 squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow - Resolves: #1828367 - CVE-2020-11945 squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution - Resolves: #1829402 - CVE-2019-12525 squid:4/squid: parsing of header Proxy-Authentication leads to memory corruption IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15811 CVE-2020-15810 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [68.12.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Build with rust-toolset 1.43 [68.12.0-1] - Update to 68.12.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15664 CVE-2020-15669 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [68.12.0-1.0.1] * Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.12.0-1] - Update to 68.12.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15664 CVE-2020-15669 cpe:/a:oracle:linux:8::appstream Oracle Linux 6 [68.12.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [68.12.0-1] - Update to 68.12.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15664 CVE-2020-15669 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 8 [0.6.12-4.1] - Fix CVE-2020-12825 Resolves: #1866484 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-12825 cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/o:oracle:linux:8:6:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder_developer cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/o:oracle:linux:8:2:baseos_patch cpe:/o:oracle:linux:8:5:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/o:oracle:linux:8:8:baseos_base cpe:/o:oracle:linux:8:9:baseos_base cpe:/o:oracle:linux:8:3:baseos_base cpe:/o:oracle:linux:8:4:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8:7:baseos_base cpe:/o:oracle:linux:8::baseos_developer cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.11.0-3] - Validate paths read from repomd.xml (RhBug:1866498) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14352 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:2:baseos_patch Oracle Linux 8 php [7.3.20-1] - update to 7.3.20 #1856655 php-pear [1:1.10.9-1] - update PEAR to 1.10.9 - update Archive_Tar to 1.4.7 - update Console_Getopt to 1.4.2 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-11040 CVE-2019-11041 CVE-2019-11045 CVE-2019-11047 CVE-2019-11048 CVE-2019-19246 CVE-2020-7060 CVE-2019-11042 CVE-2019-19203 CVE-2019-19204 CVE-2019-20454 CVE-2020-7066 CVE-2020-7062 CVE-2020-7064 CVE-2019-13225 CVE-2020-7059 CVE-2019-16163 CVE-2019-11039 CVE-2020-7065 CVE-2020-7063 CVE-2019-11050 CVE-2019-13224 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 golang [1.13.15-1] - Rebase to 1.13.15 - Related: rhbz#1865875 - Related: rhbz#1865873 go-toolset [1.13.15-1] - Rebase to 1.13.15 - Related: rhbz#1865875 - Related: rhbz#1865873 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-15586 CVE-2020-14040 CVE-2020-16845 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [10.14-1] - Rebase to upstream release 10.14 Fixes RHBZ#1727803 Fixes RHBZ#1741489 Fixes RHBZ#1709196 [10.13-1] - Rebase to upstream release 10.13 Fixes RHBZ#1727803 Fixes RHBZ#1741489 Fixes RHBZ#1709196 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-10164 CVE-2019-10208 CVE-2020-14350 CVE-2019-10130 CVE-2020-14349 CVE-2020-1720 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [3.1.108-2.0.1.el8_2] - Update patch to support 8.2 (alexander.burmashev@oracle.com) - support OL release scheme (alexander.burmashev@oracle.com) [3.1.108-2] - Rebuild to fix tests - Resolves: RHBZ#1874512 [3.1.108-1] - Update to .NET Core Runtime 3.1.8 and SDK 3.1.108 - Resolves: RHBZ#1874512 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1045 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1:2.3.8-2.2] - fix CVE-2020-12100 resource exhaustion via deeply nested MIME parts (#1866755) - fix CVE-2020-12673 out of bound reads in dovecot NTLM implementation (#1866760) - fix CVE-2020-12674 crash due to assert in RPA implementation (#1866767) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12674 CVE-2020-12100 CVE-2020-12673 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 mod_http2 [1.11.3-3.1] - Resolves: #1869072 - CVE-2020-9490 httpd:2.4/mod_http2: httpd: Push diary crash on specifically crafted HTTP/2 header IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-9490 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 mysql [8.0.21-1] - Rebase to 8.0.21 - Use bundled libzstd and libevent for RHSCL and RHEL-8.0.0 - Check that we have correct versions in bundled(*) Provides - Remove re2 bundled dependency [8.0.20-1] - Rebase to 8.0.20 [8.0.19-2] - Specify all perl dependencies [8.0.19-1] - Rebase to 8.0.19 [8.0.18-1] - Rebase to 8.0.18 - Add libzstd-devel dependencies - Include patch to build against protobuf 3.11 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-3004 CVE-2019-3009 CVE-2020-2893 CVE-2020-2925 CVE-2020-14619 CVE-2020-2577 CVE-2020-2589 CVE-2020-2627 CVE-2020-2780 CVE-2020-14547 CVE-2020-14568 CVE-2019-2938 CVE-2019-2957 CVE-2019-2966 CVE-2019-3011 CVE-2020-2570 CVE-2020-2574 CVE-2020-2579 CVE-2020-2580 CVE-2020-2588 CVE-2020-2752 CVE-2020-2762 CVE-2020-2892 CVE-2020-2896 CVE-2020-2903 CVE-2020-2930 CVE-2020-14539 CVE-2020-14575 CVE-2020-14586 CVE-2019-2911 CVE-2019-2963 CVE-2019-2967 CVE-2019-2997 CVE-2020-2573 CVE-2020-2686 CVE-2020-2779 CVE-2020-2804 CVE-2020-2897 CVE-2020-2922 CVE-2020-2928 CVE-2020-14567 CVE-2019-2974 CVE-2019-3018 CVE-2020-2763 CVE-2020-2924 CVE-2020-14576 CVE-2019-2968 CVE-2019-2982 CVE-2019-2991 CVE-2019-2993 CVE-2019-2998 CVE-2020-2679 CVE-2020-2812 CVE-2020-2814 CVE-2020-2921 CVE-2020-14553 CVE-2020-2584 CVE-2020-2774 CVE-2020-14550 CVE-2020-14680 CVE-2020-2760 CVE-2020-14631 CVE-2020-2898 CVE-2020-14540 CVE-2020-14559 CVE-2020-14614 CVE-2019-2914 CVE-2019-2946 CVE-2020-2761 CVE-2020-2765 CVE-2020-2901 CVE-2020-2904 CVE-2020-14597 CVE-2020-14633 CVE-2020-14641 CVE-2020-14702 CVE-2020-2853 CVE-2020-2895 CVE-2020-14632 CVE-2020-14634 CVE-2020-14643 CVE-2020-14651 CVE-2020-14697 CVE-2020-14725 CVE-2020-2660 CVE-2020-2694 CVE-2019-2960 CVE-2020-2759 CVE-2020-2770 CVE-2020-2923 CVE-2020-14620 CVE-2020-14623 CVE-2020-14624 CVE-2020-14654 CVE-2020-14656 CVE-2020-2926 CVE-2020-14663 CVE-2020-14678 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [78.3.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.3.0-1] - Update to 78.3.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15676 CVE-2020-15678 CVE-2020-15677 CVE-2020-15673 cpe:/a:oracle:linux:8::appstream Oracle Linux 6 [78.3.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [78.3.0] - Update to 78.3.0 build1 [78.2.0-3] - Update to 78.2.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15677 CVE-2020-15673 CVE-2020-15676 CVE-2020-15678 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [0.5-0.8.alpha] - Fix for CVE-2019-1010305 resolves: rhbz#1736744 LOW Copyright 2020 Oracle, Inc. CVE-2019-1010305 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 7 [2.17-317.0.1] - Merge RH el7 u8 patches with Oracle patches Review-exception: Simple merge - Adding Mike Fabians C.utf-8 patch (C.utf-8 is a unicode-aware version of the C locale) Orabug 29784239. Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - Remove glibc-ora28641867.patch as duplicate of glibc-rh1705899-4.patch - Make _IO_funlockfile match __funlockfile and _IO_flockfile match __flockfile Both should test if ((stream->_flags & _IO_USER_LOCK) == 0) _IO_lock_lock (*stream->_lock); OraBug 28481550. Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - Modify glibc-ora28849085.patch so it works with RHCK kernels. Orabug 28849085. - Reviewed-by: Egeyar Bagcioglu <egeyar.bagcioglu@oracle.com> - Use NLM_F_SKIP_STATS in uek2 and RTEXT_FILTER_SKIP_STATS in uek4 in getifaddrs. - Orabug 28849085 - Reviewed-by: Patrick McGehearty <patrick.mcgehearty@oracle.com> - Mention CVE numbers in the .spec file for CVE-2015-8983 and CVE-2015-8984. - Orabug 25558067. - Reviewed-by: Egeyar Bagcioglu <egeyar.bagcioglu@oracle.com> - Regenerate plural.c - OraBug 28806294. - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - intl: Port to Bison 3.0 - Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9 - OraBug 28806294. - Reviewed-by: Patrick McGehearty <patrick.mcgehearty@oracle.com> - Fix dbl-64/wordsize-64 remquo (bug 17569). - Backport of upstream d9afe48d55a412e76b0dcb28335fd4b390fe07ae - OraBug 19570749. - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - libio: Disable vtable validation in case of interposition. - Backport of upstream c402355dfa7807b8e0adb27c009135a7e2b9f1b0. - OraBug 28641867. - Reviewed-by: Egeyar Bagcioglu <egeyar.bagcioglu@oracle.com> - Include-linux-falloc.h-in-bits-fcntl-linux.h - Defines FALLOC_FL_PUNSH_HOLE, FALLOC_FL_KEEP_SIZE, FALLOC_FL_COLLAPSE_RANGE, and FALLOC_FL_ZERO_RANGE - OraBug 28483336 - Add MAP_SHARED_VALIDATE and MAP_SYNC flags to - sysdeps/unix/sysv/linux/x86/bits/mman.h - OraBug 28389572 - Update bits/siginfo.h with Linux hwpoison SIGBUS changes. - Adds new SIGBUS error codes for hardware poison signals, syncing with the current kernel headers (v3.9). - It also adds si_trapno field for alpha. - New values: BUS_MCEERR_AR, BUS_MCEERR_AO - OraBug 28124569 [2.17-317] - Do not clobber errno in nss_compat (#1834816) LOW Copyright 2020 Oracle, Inc. CVE-2019-19126 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 Oracle Linux 7 [1:1.6.3-51] - 1823758 - CVE-2017-18190 cups: DNS rebinding attacks via incorrect whitelist [rhel-7] [1:1.6.3-50] - 1813413 - [RHEL 7.7] segfault in cupsdSaveJob() caused by no space in /var [1:1.6.3-49] - more covscan issues raised from the fix 1672212 [1:1.6.3-48] - fixing covscan issue from 1672212 [1:1.6.3-47] - 1672212 - cupsd eats a lot of memory when lots of queue with extensive PPDs are created [1:1.6.3-46] - 1715907 - CUPS- client: cupsGetPPD3() function tries to load PPD from IPP printer and not from the CUPS queue [1:1.6.3-45] - fixing covscan issue from 1774460 [1:1.6.3-44] - 1774460 - CVE-2019-8696 cups: stack-buffer-overflow in libcupss asn1_get_packed function [rhel-7] - 1774461 - CVE-2019-8675 cups: stack-buffer-overflow in libcupss asn1_get_type function [rhel-7] - 1753809 - Settings in ~/.cups/client.conf arent used MODERATE Copyright 2020 Oracle, Inc. CVE-2017-18190 CVE-2019-8675 CVE-2019-8696 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 Oracle Linux 7 [1.2.15-17] - Fix Some CVEs: CVE-2019-7572, CVE-2019-7573, CVE-2019-7574, CVE-2019-7575, CVE-2019-7576, CVE-2019-7577, CVE-2019-7578, CVE-2019-7635, CVE-2019-7636, CVE-2019-7637, CVE-2019-7638 - Resolves: rhbz#1716201, rhbz#1716202, rhbz#1716206, - Resolves: rhbz#1716207, rhbz#1716208 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-7572 CVE-2019-7575 CVE-2019-7635 CVE-2019-7573 CVE-2019-7577 CVE-2019-7637 CVE-2019-7636 CVE-2019-7574 CVE-2019-7578 CVE-2019-7638 CVE-2019-7576 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 7 [4.3.2-12] - Fix pcp-atop dynamic memory initialization issues (BZ 1818710) [4.3.2-8] - Fix rpm %post privilege escalation CVEs (BZs 1815249, 1815528) - Resolve an selinux policy issue with pmlogger (BZ 1792859) LOW Copyright 2020 Oracle, Inc. CVE-2019-3696 CVE-2019-3695 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1.4.4-11.20101004cvs] - Fix global buffer overflow Resolves: bz#1301202 - Fix improper handling of CSRC count and extension header length in RTP header Resolves: bz#1323705 - Fix buffer overflow in application of crypto profiles Resolves: bz#1141897 MODERATE Copyright 2020 Oracle, Inc. CVE-2015-6360 CVE-2013-2139 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 7 [1.8.0-21] - Add upstream patch needed because of previous security fixes Resolves: bz#1826822 [1.8.0-20] - Fix stack buffer overflow in CMsgReader::readSetCursor Resolves: bz#1791773 - Fix heap buffer overflow in DecodeManager::decodeRect Resolves: bz#1791768 - Fix heap buffer overflow in TightDecoder::FilterGradient Resolves: bz#1791763 - Fix heap-based buffer overflow triggered from CopyRectDecoder Resolves: bz#1791747 - Fix stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder Resolves: bz#1791759 - Add option to fallback to empty port when the specified one is taken Resolves: bz#1791996 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-15695 CVE-2019-15691 CVE-2019-15692 CVE-2019-15693 CVE-2019-15694 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1.3.0-8] - Fix for CVE-2020-0034 - Resolves: rhbz#1823909 [1.3.0-7] - Fix for CVE-2019-9232 and CVE-2019-9433 - Resolves: rhbz#1796085, rhbz#1796099 [1.3.0-6] - Fix for CVE-2017-0393 - Resolves: rhbz#1779498 [1.3.0-4] - fix Illegal Instruction abort [1.3.0-3] - update library symbol list for 1.3.0 from Debian [1.3.0-2] - armv7hl specific target [1.3.0-1] - update to 1.3.0 [1.2.0-1] - update to 1.2.0 [1.1.0-1] - update to 1.1.0 [1.0.0-3] - fix vpx.pc file to include -lm (bz825754) [1.0.0-2] - use included vpx.pc file (drop local libvpx.pc) - apply upstream fix to vpx.pc file (bz 814177) [1.0.0-1] - update to 1.0.0 [0.9.7.1-3] - use macro instead of hard-coded version [0.9.7.1-2] - fix build on generic targets [0.9.7.1-1] - libvpx 0.9.7-p1 [0.9.7-1] - libvpx 0.9.7 [0.9.6-2] - add 2 symbols to the shared library for generic targets [0.9.6-1] - update to 0.9.6 [0.9.5-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [0.9.5-2] - apply patch from upstream git (Change I6266aba7), should resolve CVE-2010-4203 [0.9.5-1] - update to 0.9.5 [0.9.1-3] - only package html docs to avoid multilib conflict (bz 613185) [0.9.1-2] - build shared library the old way for generic arches [0.9.1-1] - update to 0.9.1 [0.9.0-7] - update to git revision 8389f1967c5f8b3819cca80705b1b4ba04132b93 - upstream fix for bz 599147 - proper shared library support [0.9.0-6] - add hackish fix for bz 599147 (upstream will hopefully fix properly in future release) [0.9.0-5] - fix noexecstack flag [0.9.0-4] - BuildRequires: yasm (were optimized again) [0.9.0-3] - add pkg-config file - move headers into include/vpx/ - enable optimization [0.9.0-2] - fix permissions on binaries - rename generic binaries to v8_* - link shared library to -lm, -lpthread to resolve missing weak symbols [0.9.0-1] - Initial package for Fedora MODERATE Copyright 2020 Oracle, Inc. CVE-2017-0393 CVE-2020-0034 CVE-2019-9232 CVE-2019-9433 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 7 [1:0.3.6-9] - Apply security patches. CVE-2018-17095, CVE-2018-13440 - Resolves: rhbz#1600369, rhbz#1601014, rhbz#1637128 [1:0.3.6-8] - Escape macros in %changelog [1:0.3.6-7] - Merge upstream pull requests #42,#43,#44 from Agostino Sarubbo to fix security issues. CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838, CVE-2017-6839 [1:0.3.6-6] - patch to compile with GCC 6 [1:0.3.6-5] - Merge fix from upstream pull request #25 for CVE-2015-7747. Test conversion from e.g. 16-bit LE stereo to 8-bit LE mono no longer causes corruption. MODERATE Copyright 2020 Oracle, Inc. CVE-2018-17095 CVE-2018-13440 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [2.76-16] - Fix strict-mode retries on REFUSED (#1755610) [2.76-15] - Forward non-recursive queries to upstream, but serve local names (#1755610) [2.76-14] - Stop treating SERVFAIL as successful response (#1815080) [2.76-13] - Do not ignore DHCPv6 relay messages (#1757247) [2.76-12] - Fix memory leak in create_helper (#1795369) [2.76-11] - Send dhcp_release even for addresses not on local network (#1752569) LOW Copyright 2020 Oracle, Inc. CVE-2019-14834 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 Oracle Linux 7 [2.0.0-21gitd1c6db8] - Fix for CVE-2020-5313 Resolves: rhbz#1789532 [2.0.0-20gitd1c6db8] - Combined fixes for CVE-2020-5312 and CVE-2019-16865 Resolves: rhbz#1789533 Resolves: rhbz#1774066 [2.0.0-19gitd1c6db8] - Reenabled webp support on little endian archs. [2.0.0-18gitd1c6db8] - Disabled webp support on ppc64le due to #962091 and #1127230. - Updated URL. [2.0.0-17gitd1c6db8] - Wiped out some memory leaks. [2.0.0-15.gitd1c6db8] - Mass rebuild 2014-01-24 [2.0.0-14gitd1c6db8] - Fixed memory corruption. - Resolves: rhbz#1001122 [2.0.0-13.gitd1c6db8] - Mass rebuild 2013-12-27 [2.0.0-12] - Mark doc subpackage arch dependent. Docs are built depending on supported features, which are different across archs. Resolves: rhbz#987839 [2.0.0-11] - Drop lcms support Resolves: rhbz#987839 [2.0.0-10] - Build without webp support on s390* archs Resolves: rhbz#962059 [2.0.0-9.gitd1c6db8] - Conditionaly disable build of python3 parts on RHEL system [2.0.0-8.gitd1c6db8] - Add patch to fix test failure on big-endian [2.0.0-7.gitd1c6db8] - Remove Obsoletes in the python-pillow-qt subpackage. Obsoletes isnt appropriate since qt support didnt exist in the previous python-pillow package so theres no reason to drag in python-pillow-qt when updating python-pillow. [2.0.0-6.gitd1c6db8] - Update to latest git - python-pillow_quantization.patch now upstream - python-pillow_endianness.patch now upstream - Add subpackage for ImageQt module, with correct dependencies - Add PyQt4 and numpy BR (for generating docs / running tests) [2.0.0-5.git93a488e] - Reenable tests on bigendian, add patches for #928927 [2.0.0-4.git93a488e] - Update to latest git - disable tests on bigendian (PPC*, S390*) until rhbz#928927 is fixed [2.0.0-3.gitde210a2] - python-pillow_tempfile.patch now upstream - Add python3-imaging provides (bug #924867) [2.0.0-2.git2e88848] - Update to latest git - Remove python-pillow-disable-test.patch, gcc is now fixed - Add python-pillow_tempfile.patch to prevent a temporary file from getting packaged [2.0.0-1.git2f4207c] - Update to 2.0.0 git snapshot - Enable python3 packages - Add libwebp-devel BR for Pillow 2.0.0 [1.7.8-6.20130305git] - Add ARM support [1.7.8-5.20130305git] - add s390* and ppc* to arch detection [1.7.8-4.20130305git7866759] - Update to latest git snapshot - 0001-Cast-hash-table-values-to-unsigned-long.patch now upstream - Pillow-1.7.8-selftest.patch now upstream [1.7.8-3.20130210gite09ff61] - Really remove -fno-strict-aliasing - Place comment on how to retreive source just above the Source0 line [1.7.8-2.20130210gite09ff61] - Rebuild without -fno-strict-aliasing - Add patch for upstream issue #52 [1.7.8-1.20130210gite09ff61] - Initial RPM package MODERATE Copyright 2020 Oracle, Inc. CVE-2020-5313 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 7 [3.6.8-17.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-17] - Overhaul pythons FIPS mode support Resolves: rhbz#1788459 [3.6.8-16] - Security fix for CVE-2020-8492 Resolves: rhbz#1810616 [3.6.8-15] - Security fix for CVE-2019-16935 Resolves: rhbz#1797999 [3.6.8-14] - Provide and obsolete the python36-tools subpackage for EPEL compatibility Resolves: rhbz#1763730 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-16935 CVE-2020-8492 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 Oracle Linux 7 [19.4-7.0.3] - Add conditional restart of NetworkManager for cloud-final. [Orabug: 31965645] - Correct postinstall upgrade cloud-init.service mismerge order. [19.4-7.0.1] - Add Oracle Linux variant to known distros - Add cloud-init hotplug event handling support [Orabug: 30485135] - Oracle data source should configure secondary VNICs [Orabug: 30487563] - Add support for netfailover detection [Orabug: 30487591] - Avoid hotplug handling when configure_secondary_nics is disabled [Orabug: 31086905] - Set per-platform default NM_CONTROLLED=no for OCI [Orabug: 31086905] - Remove secondary VNIC config from cache for hot unplug [Orabug: 31086905] - Fix OL distro specific issues and dependency compatibility [Orabug: 30435672] - Fix swap file size allocation logic to allocate maxsize [Orabug: 29952349] - Make Oracle datasource detect dracut based config files [Orabug: 29956753] [19.4-7.el7] - ci-ec2-only-redact-token-request-headers-in-logs-avoid-.patch [bz#1821999] - Resolves: bz#1821999 ([RHEL7.9] Do not log IMDSv2 token values into cloud-init.log) [19.4-6.el7] - ci-Use-reload-or-try-restart-instead-of-try-reload-or-r.patch [bz#1748015] - ci-ec2-Do-not-log-IMDSv2-token-values-instead-use-REDAC.patch [bz#1821999] - Resolves: bz#1748015 ([cloud-init][RHEL7] /etc/resolv.conf lose config after reboot (initial instance is ok)) - Resolves: bz#1821999 ([RHEL7.9] Do not log IMDSv2 token values into cloud-init.log) [19.4-5.el7] - ci-Remove-race-condition-between-cloud-init-and-Network-v2.patch [bz#1748015] - ci-cc_mounts-fix-incorrect-format-specifiers-316.patch [bz#1772505] - Resolves: bz#1748015 ([cloud-init][RHEL7] /etc/resolv.conf lose config after reboot (initial instance is ok)) - Resolves: bz#1772505 ([RHEL7] swapon fails with 'swapfile has holes' when created on a xfs filesystem by cloud-init) [19.4-4.el7] - ci-swap-file-size-being-used-before-checked-if-str-315.patch [bz#1772505] - Resolves: bz#1772505 ([RHEL7] swapon fails with 'swapfile has holes' when created on a xfs filesystem by cloud-init) [19.4-3.el7] - ci-Do-not-use-fallocate-in-swap-file-creation-on-xfs.-7.patch [bz#1772505] - Resolves: bz#1772505 ([RHEL7] swapon fails with 'swapfile has holes' when created on a xfs filesystem by cloud-init) [19.4-2.el7] - ci-Removing-cloud-user-from-wheel.patch [bz#1549638] - ci-Remove-race-condition-between-cloud-init-and-Network.patch [bz#1748015] - ci-cc_set_password-increase-random-pwlength-from-9-to-2.patch [bz#1812170] - ci-utils-use-SystemRandom-when-generating-random-passwo.patch [bz#1812173] - ci-Enable-ssh_deletekeys-by-default.patch [bz#1574338] - Resolves: bz#1549638 ([RHEL7]cloud-user added to wheel group and sudoers.d causes 'sudo -v' prompts for passphrase) - Resolves: bz#1574338 (CVE-2018-10896 cloud-init: SSH host keys are not regenerated for the new instances [rhel-7]) - Resolves: bz#1748015 ([cloud-init][RHEL7] /etc/resolv.conf lose config after reboot (initial instance is ok)) - Resolves: bz#1812170 (CVE-2020-8632 cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py [rhel-7]) - Resolves: bz#1812173 (CVE-2020-8631 cloud-init: Use of random.choice when generating random password [rhel-7]) [19.4-1.el7] - Rebase to 19.4 [bz#1803094] - Resolves: bz#1803094 ([RHEL-7.9] cloud-init rebase to 19.4) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8631 CVE-2020-8632 CVE-2018-10896 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base Oracle Linux 7 [2:1.5.13-8] - Fix CVE-2017-12652 - Resolves: #1744870 LOW Copyright 2020 Oracle, Inc. CVE-2017-12652 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:linux:7::beta cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 7 [4.0.3-35] - Fix two resource leaks Related: #1771371 [4.0.3-34] - Fix CVE-2019-17546 Resolves: #1771371 [4.0.3-33] - Fix CVE-2019-14973 Resolves: #1755704 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-14973 CVE-2019-17546 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 7 [1.5.3-175.el7] - kvm-vnc-fix-memory-leak-when-vnc-disconnect.patch [bz#1810408] - Resolves: bz#1810408 (CVE-2019-20382 qemu-kvm: QEMU: vnc: memory leakage upon disconnect [rhel-7]) [1.5.3-174.el7] - kvm-util-add-slirp_fmt-helpers2.patch [bz#1800515] - kvm-tcp_emu-fix-unsafe-snprintf-usages2.patch [bz#1800515] - kvm-slirp-disable-tcp_emu.patch [bz#1791679] - kvm-gluster-Handle-changed-glfs_ftruncate-signature.patch [bz#1802215] - kvm-gluster-the-glfs_io_cbk-callback-function-pointer-ad.patch [bz#1802215] - kvm-seccomp-set-the-seccomp-filter-to-all-threads.patch [bz#1618503] - Resolves: bz#1618503 (qemu-kvm: Qemu: seccomp: blacklist is not applied to all threads [rhel-7]) - Resolves: bz#1791679 (QEMU: Slirp: disable emulation of tcp programs like ftp IRC etc. [rhel-7]) - Resolves: bz#1800515 (CVE-2020-8608 qemu-kvm: QEMU: Slirp: potential OOB access due to unsafe snprintf() usages [rhel-7.9]) - Resolves: bz#1802215 (Add support for newer glusterfs) LOW Copyright 2020 Oracle, Inc. CVE-2018-15746 CVE-2019-20382 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base Oracle Linux 7 [2.11-28] - Improper input validation when writing tar header fields (#1766222) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-14866 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:linux:7::beta cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 7 [2.7.5-89.0.1] - Add Oracle Linux distribution in platform.py [orabug 20812544] [2.7.5-89] - Security fix for CVE-2019-16935 Resolves: rhbz#1797998 [2.7.5-88] - Security fix for CVE-2019-16056 Resolves: rhbz#1750773 [2.7.5-87] - Fix CVE-2018-20852 Resolves: rhbz#1741551 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-16935 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:linux:7::beta Oracle Linux 7 [1.8.0-4] - fix integer overflow in SSH_MSG_DISCONNECT logic (CVE-2019-17498) [1.8.0-3] - sanitize public header file (detected by rpmdiff) [1.8.0-2] - fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863) - fix out-of-bounds memory comparison with specially crafted message channel request (CVE-2019-3862) - fix out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861) - fix zero-byte allocation in SFTP packet processing resulting in out-of-bounds read (CVE-2019-3858) - fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857) - fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856) - fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855) [1.8.0-1] - rebase to 1.8.0 (#1592784) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-17498 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 Oracle Linux 7 [7.29.0-59.0.1] - Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug: 30568724] - Security Fixes [OraBug: 28939992] - CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html) - CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html) - CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html) - CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html) - CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html) - CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html) - CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html) - CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html) - CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html) - Drop 1001-tftp-Alloc-maximum-blksize-and-use-default-unless-OA.patch [7.29.0-59] - http: free protocol-specific struct in setup_connection callback (#1836773) [7.29.0-58] - fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-5482 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 Oracle Linux 7 [1.0.25-12] - fix CVE-2018-19662 - buffer over-read in the function i2alaw_array (#1673086) LOW Copyright 2020 Oracle, Inc. CVE-2018-19662 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 7 [4.6.8-5.0.1] - Blank out header-logo.png product-name.png - Replace login-screen-logo.png [Orabug: 20362818] [4.6.8-5.el7] - Resolves: #1826659 IPA: Ldap authentication failure due to Kerberos principal expiration UTC timestamp - ipa-pwd-extop: use timegm() instead of mktime() to preserve timezone offset [4.6.8-4.el7] - Resolves: #1842950 ipa-adtrust-install fails when replica is offline - ipa-adtrust-install: avoid failure when replica is offline - Resolves: #1831856 CVE-2020-11022 ipa: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method - WebUI: Apply jQuery patch to fix htmlPrefilter issue [4.6.8-3.el7] - Resolves: #1834385 Man page syntax issue detected by rpminspect - Man pages: fix syntax issues - Resolves: #1829787 ipa service-del deletes the required principal when specified in lower/upper case - Make check_required_principal() case-insensitive - Resolves: #1825829 ipa-advise on a RHEL7 IdM server generate a configuration script for client having hardcoded python3 - ipa-advise: fallback to /usr/libexec/platform-python if python3 not found - Resolves: #1812020 CVE-2015-9251 ipa: js-jquery: Cross-site scripting via cross-domain ajax requests - Web UI: Upgrade jQuery version 2.0.3 -> 3.4.1 - Resolves: #1713487 CVE-2019-11358 ipa: js-jquery: prototype pollution in objects prototype leading to denial of service or remote code execution or property injection - Web UI: Upgrade jQuery version 2.0.3 -> 3.4.1 [4.6.8-2.el7] - Resolves: #1802408 CVE-2020-1722 ipa: No password length restriction leads to denial of service - Add interactive prompt for the LDAP bind password to ipa-getkeytab - CVE-2020-1722: prevent use of too long passwords [4.6.8-1.el7] - Resolves: #1819725 - Rebase IPA to latest 4.6.x version - Resolves: #1817927 - host-add --password logs cleartext userpassword to Apache error log - Resolves: #1817923 - IPA upgrade is failing with error 'Failed to get request: bus, object_path and dbus_interface must not be None.' - Resolves: #1817922 - covscan memory leaks report - Resolves: #1817919 - Enable compat tree to provide information about AD users and groups on trust agents - Resolves: #1817918 - Secure tomcat AJP connector - Resolves: #1817886 - ipa group-add-member: prevent adding IPA objects as external members - Resolves: #1788718 - ipa-server-install incorrectly setting slew mode (-x) when setting up ntpd [4.6.6-12.el7] - Resolves: #1754902 - Running ipa-server-install fails when RHEL 7.7 packages are installed on RHEL 7.6 - Resolves: #1404770 - ID Views: do not allow custom Views for the masters - idviews: prevent applying to a master - Resolves: #1801791 - Compatibility Schema difference in functionality for systems following RHEL 7.5 -> 7.6 upgrade path as opposed to new RHEL 7.6 systems - install/updates: move external members past schema compat update - Resolves: #1795890 - ipa-pkinit-manage enable fails on replica if it doesnt host the CA - pkinit setup: fix regression on master install - pkinit enable: use local dogtag only if host has CA - Resolves: #1788907 - Renewed certs are not picked up by IPA CAs - Allow an empty cookie in dogtag-ipa-ca-renew-agent-submit - Resolves: #1780548 - Man page ipa-cacert-manage does not display correctly on RHEL - ipa-cacert-manage man page: fix indentation - Resolves: #1782587 - add 'systemctl restart sssd' to warning message when adding trust agents to replicas - adtrust.py: mention restarting sssd when adding trust agents - Resolves: #1771356 - Default client configuration breaks ssh in FIPS mode - Use default ssh host key algorithms - Resolves: #1755535 - ipa-advise on a RHEL7 IdM server is not able to generate a configuration script for a RHEL8 IdM client - smartcard: make the ipa-advise script compatible with authselect/authconfig - Resolves: #1758406 - KRA authentication fails when IPA CA has custom Subject DN - upgrade: fix ipakra people entry 'description' attribute - krainstance: set correct issuer DN in uid=ipakra entry - Resolves: #1756568 - ipa-server-certinstall man page does not match built-in help - ipa-server-certinstall manpage: add missing options - Resolves: #1206690 - UPG not being enforced properly - ipa user_add: do not check group if UPG is disabled - Resolves: #1811982 - CVE-2018-14042 ipa: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. - Resolves: #1811978 - CVE-2018-14040 ipa: bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute - Resolves: #1811972 - CVE-2016-10735 ipa: bootstrap: XSS in the data-target attribute - Resolves: #1811969 -CVE-2018-20676 ipa: bootstrap: XSS in the tooltip data-viewport attribute - Resolves: #1811966 - CVE-2018-20677 ipa: bootstrap: XSS in the affix configuration target property - Resolves: #1811962 - CVE-2019-8331 ipa: bootstrap: XSS in the tooltip or popover data-template attribute - Web UI: Upgrade Bootstrap version 3.3.7 -> 3.4.1 - Resolves: #1769791 - Invisible part of notification area in Web UI intercepts clicks of some page elements - WebUI: Fix notification area layout - Resolves: #1545755 - ipa-replica-prepare should not update pki admin password - Fix indentation levels - ipa-pwd-extop: use SLAPI_BIND_TARGET_SDN - ipa-pwd-extop: dont check password policy for non-Kerberos account set by DM or a passsync manager - Dont save password history on non-Kerberos accounts MODERATE Copyright 2020 Oracle, Inc. CVE-2019-11358 CVE-2015-9251 CVE-2020-11022 CVE-2018-20677 CVE-2018-14042 CVE-2018-20676 CVE-2018-14040 CVE-2019-8331 CVE-2020-1722 CVE-2016-10735 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base Oracle Linux 7 [2.6.3-7.git4391e5c] - Fix CVE-2019-3833 Resolves: #1677691 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-3833 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 7 [0.2.8.4-44] - Resolves: rhbz#1840569 adapt to new urw-fonts [0.2.8.4-43] - Resolves: rhbz#1679005 CVE-2019-6978 [0.2.8.4-42] - Related: rhbz#1239162 fix patch context LOW Copyright 2020 Oracle, Inc. CVE-2019-6978 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [0.6-8] - Resolves: rhbz#1803831 CVE-2019-17400 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-17400 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [0.8.0-3] - Resolves: #1809991, CVE-2019-18609 - integer overflow MODERATE Copyright 2020 Oracle, Inc. CVE-2019-18609 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 7 [2.1.0-12] - add security fixes for CVE-2018-20843, CVE-2019-15903 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-20843 CVE-2019-15903 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 Oracle Linux 7 [2.4.6-95.0.1] - replace index.html with Oracles index page oracle_index.html [2.4.6-95] - Resolves: #1823262 - CVE-2020-1934 httpd: mod_proxy_ftp use of uninitialized value [2.4.6-94] - Resolves: #1565491 - CVE-2017-15715 httpd: <FilesMatch> bypass with a trailing newline in the file name - Resolves: #1747283 - CVE-2019-10098 httpd: mod_rewrite potential open redirect - Resolves: #1724879 - httpd terminates all SSL connections using an abortive shutdown - Resolves: #1715981 - Backport of SessionExpiryUpdateInterval directive - Resolves: #1565457 - CVE-2018-1303 httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause a denial of service - Resolves: #1566531 - CVE-2018-1283 httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications MODERATE Copyright 2020 Oracle, Inc. CVE-2018-1303 CVE-2017-15715 CVE-2020-1934 CVE-2018-1283 CVE-2020-1927 CVE-2019-10098 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [20120731b-13] - Resolves:rh#1790973 - CVE-2020-5395:out-of-bounds write in sfd.c MODERATE Copyright 2020 Oracle, Inc. CVE-2020-5395 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1.8.8-7] - Fix a regression in the previous patches - Related: rhbz#1805748 - CVE-2019-20479 mod_auth_openidc: open redirect issue exists in URLs with slash and backslash [rhel-7] [1.8.8-6] - Resolves: rhbz#1805748 - CVE-2019-20479 mod_auth_openidc: open redirect issue exists in URLs with slash and backslash [rhel-7] - Resolves: rhbz#1805067 - CVE-2019-14857 mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes [rhel-7] LOW Copyright 2020 Oracle, Inc. CVE-2019-14857 CVE-2019-20479 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base Oracle Linux 7 [1.3.2-16] - Resolves: rhbz#1775556 CVE-2019-16707 LOW Copyright 2020 Oracle, Inc. CVE-2019-16707 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7::latest Oracle Linux 7 [1.7.14-16] - add security fix for CVE-2018-11782 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-11782 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 7 [3.4.0-6] - Fix CVE-2019-12420 - Resolves: rhbz#1812976 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-12420 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7::latest Oracle Linux 7 evince [3.28.2-10] - Do not try to use icon_view widget when in tree view mode - Resolves: #1610436 poppler [0.26.5-43] - Fix crash on broken file in tilingPatternFill() - Resolves: #1801340 LOW Copyright 2020 Oracle, Inc. CVE-2019-14494 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 7 glib2 [2.56.1-7] - Backport patch to limit access to files when copying (CVE-2019-12450) Resolves: #1722099 [2.56.1-6] - Backport patches for GDBus auth Resolves: #1777221 ibus [1.5.17-11] - Resolves: #1750835 - Fix CVE-2019-14822 missing authorization allows MODERATE Copyright 2020 Oracle, Inc. CVE-2019-14822 CVE-2019-12450 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:linux:7::beta Oracle Linux 7 [4.10-16-5] - related: #1785121 - Add missing RPM Requires [4.10.16-2] - resolves: #1828354 - add additioanl hostnames to the keytab - resolves: #1836427 - add dnshostname option net-ads-join [4.10.16-1] - related: #1785121 - Rebase to version 4.10.16 [4.10.15-5] - resolves: #1831986 - Fix gencache for normal users [4.10.15-4] - resolves: #1813017 - Fix smbclient log to file [4.10.15-3] - Removed patch for #1634057 [4.10.15-2] - resolves: #1825505 - Compilation of samba sources fails on RHEL [4.10.15-1] - related: #1785121 - Rebase to version 4.10.15 - resolves: #1828924 - Fix typo in pam_winbind documentation about require_membership_of - resolves: #1801496 - Add missing ctdb directories [4.10.13-2] - resolves: #1810511 - Fix net-ads-keytab-create to include UPN [4.10.13-1] - resolves: #1785121 - Rebase to vesion 4.10.13 - resolves: #1791208 - Fix CVE-2019-14907 - resolves: #1737888 - Fix manual libwbclient alternative settings - resolves: #1634057 - Return correct stat for SMB1 with POSIX extensions MODERATE Copyright 2020 Oracle, Inc. CVE-2019-14907 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [3.0.13-15] - Fixes EAP-PWD: DoS issues due to multithreaded BN_CTX access Resolves: bz#1818808 [3.0.13-14 - Fixes receiving of multiple RADIUS packets under load Resolves: bz#1630684 [3.0.13-13] - Fixes logging of cleartext pap password Resolves: bz#1677435 [3.0.13-12] - Fixes paircompare with attribute references and expansions Resolves: bz#1592741 [3.0.13-11] - Fixes logrotate, EAP-PWD vulnerability Resolves: bz#1719368 privilege escalation due to insecure logrotate configuration Resolves: bz#1751796 eap-pwd: Information leak due to aborting when needing more than 10 iterations MODERATE Copyright 2020 Oracle, Inc. CVE-2019-13456 CVE-2019-10143 CVE-2019-17185 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 7 [2.9.1-6.0.1.5] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.9.1-6.5] - Fix CVE-2019-19956 (#1793000) - Fix CVE-2019-20388 (#1810057) - Fix CVE-2020-7595 (#1810073) - Fix xsd:any schema validation (#1812145) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-19956 CVE-2020-7595 CVE-2019-20388 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 Oracle Linux 7 [4.5.0-36] - virDevMapperGetTargetsImpl: Be tolerant to kernels without DM support (rhbz#1823976) - virDevMapperGetTargetsImpl: quit early if device is not a devmapper target (rhbz#1823976) [4.5.0-35] - qemu: dont take agent and monitor job for shutdown (CVE-2019-20485) - qemu: dont hold a monitor and agent job for reboot (CVE-2019-20485) - qemu: dont hold monitor and agent job when setting time (CVE-2019-20485) - qemu: remove use of qemuDomainObjBeginJobWithAgent() (CVE-2019-20485) - qemu: remove qemuDomainObjBegin/EndJobWithAgent() (CVE-2019-20485) - storage: Fix daemon crash on lookup storagepool by targetpath (CVE-2020-10703) [4.5.0-34] - vmx: shortcut earlier few 'ignore' cases in virVMXParseDisk() (rhbz#1815269) - vmx: make 'fileName' optional for CD-ROMs (rhbz#1815269) - RHEL: Fix migration on AMD hosts with old QEMU (rhbz#1815572) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-10703 CVE-2019-20485 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [5.44-7] - fixing CVE-2020-0556 . MODERATE Copyright 2020 Oracle, Inc. CVE-2020-0556 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1:1.18.8-1] - Update to 1.18.8 relase - ifcfg-rh: handle '802-1x.{,phase2-}ca-path' (rh #1841397, CVE-2020-10754) - ifcfg-rh: handle 802-1x.pin properties. [1:1.18.6-4] - ip-tunnel: set cloned-mac-address only for layer2 tunnel devices (rh #1832170) [1:1.18.6-3] - Update translations (rh #1796852) [1:1.18.6-2] - vpn: gracefully handle invalid routes from VPN plugins - workaround g_strtoll() failing with EAGAIN (rh #1797915) [1:1.18.6-1] - Update to 1.18.6 release - cli: unset 'ipv[46].never-default' when setting 'ipv[46].gateway' (rh #1785039) - core: keep MTU of MACsec and MAC-VLAN interfaces in sync with parent (rh #1723690) - core: forbid autoactivation of parent when it is blocked by user request (rh #1765566) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-10754 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [0:7.0.76-15] - Resolves: CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS [0:7.0.76-14] - Revert rhbz#1814315 because it caused other issues with ipa-server, see rhbz#1831127 - Resolves: CVE-2020-9484 tomcat: Apache Tomcat Remote Code Execution via session persistence [0:7.0.76-13] - Revert rhbz#1367492 because it caused issues with ipa-server, see rhbz#1831127 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17563 CVE-2020-13935 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1.1.28-6.0.1] - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball [1.1.28-6] - Fix CVE-2019-18197 (#1775516) - Fix CVE-2019-11068 (#1715731) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-18197 CVE-2019-11068 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 7 [219-78.0.1] - Backport upstream patches related to private-tmp (Sushmita Bhattacharya) [Orabug: 31561883] - backport upstream pstore tmpfiles patch (Eric DeVolder) [Orabug: 31414539] - udev rules: fix memory hot add and remove [Orabug: 31309730] - enable and start the pstore service [Orabug: 30950903] - fix to generate the systemd-pstore.service file [Orabug: 30235241] - Backport upstream patches for the new systemd-pstore tool [Orabug: 30235241] - do not create utmp update symlinks for reboot and poweroff [Orabug: 27854896] - OL7 udev rule for virtio net standby interface [Orabug: 28826743] - fix _netdev is missing for iscsi entry in /etc/fstab [Orabug: 25897792] (tony.l.lam@oracle.com) - set 'RemoveIPC=no' in logind.conf as default for OL7.2 [22224874] - allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] - add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475] [219-78] - avoid double free (#1832816) [219-77] - core: coldplug possible nop_job (#1829754) - core: make sure to restore the control command id, too (#1828953) [219-76] - core: enforce a ratelimiter when stopping units due to StopWhenUnneeded=1 (#1775291) - core: rework StopWhenUnneeded= logic (#1775291) [219-75] - journal: break recursion (#1778744) [219-74] - sd-bus: bump message queue size again (#1770158) - unit: fix potential use of cgroup_path after free() when freeing unit (#1760149) - add test for ExecStopPost (#1733998) - core: when restarting services, dont close fds (#1757704) - unit: rework a bit how we keep the service fdstore from being destroyed during service restart (#1757704) - tests: add basic journal test (#1757704) - tests: add regression test for 'systemctl restart systemd-journald' (#1757704) - tests: add test that journald keeps fds over termination by signal (#1757704) - nss-util: silence warning about deprecated RES_USE_INET6 (#1799002) - journal: do not trigger assertion when journal_file_close() get NULL (#1786046) - mount: dont propagate errors from mount_setup_unit() further up (#1804757) - mount: when allocating a Mount object based on /proc/self/mountinfo mark it so (#1804757) - fix the fix for #1691511 (#1804757) - v3: Properly parsing SCSI Hyperv devices (#8509) (#1809053) - Consider smb3 as remote filesystem (#1811700) - mount: dont add Requires for tmp.mount (#1813270) - sd-bus: when attached to an sd-event loop, disconnect on processing errors (#1769928) - sd-journal: close journal files that were deleted by journald before weve setup inotify watch (#1812889) - sd-journal: remove the dead code and actually fix #14695 (#1812889) - swap: adjust swap.c in a similar way to what we just did to mount.c (#1749621) - swap: finish the secondary swap units jobs if deactivation of the primary swap unit fails (#1749621) - core: add a new unit file setting CollectMode= for tweaking the GC logic (#1817576) - run: add '-G' as shortcut for '--property=CollectMode=inactive-or-failed' (#1817576) - core: clarify that the CollectMode bus property is constant (#1817576) - udev-rules: make tape-changers also apprear in /dev/tape/by-path/ (#1814028) - logind: check PolicyKit before allowing VT switch (#1797672) - timer: dont use persietent file timestamps from the future (#6823) (#1769923) - core: transition to FINAL_SIGTERM state after ExecStopPost= (#1766477) - bus_open leak sd_event_source when udevadm trigger (#1798503) - journal-remote: split-mode=host, remove port from journal filename (#1244691) - core: downgrade log message about inability to propagate cgroup release message (#1679934) - units: move Before deps for quota services to remote-fs.target (#5627) (#1693374) - set kptr_restrict=1 (#1689344) [219-73.3] - journal: do not trigger assertion when journal_file_close() get NULL (#1807798) [219-73.2] - core: when restarting services, dont close fds (#1803802) - unit: rework a bit how we keep the service fdstore from being destroyed during service restart (#1803802) - tests: add basic journal test (#1803802) - tests: add regression test for 'systemctl restart systemd-journald' (#1803802) - tests: add test that journald keeps fds over termination by signal (#1803802) [219-73.1] - unit: fix potential use of cgroup_path after free() when freeing unit (#1760149) LOW Copyright 2020 Oracle, Inc. CVE-2019-20386 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 Oracle Linux 7 [1.45.6-19] - fix issues with meta_bg when resizing file system (#1849718) [1.42.9-18] - fix out-of-bounds write on corrupted fs (#1797731) - fix out-of-bounds write on corrupted fs (#1768710) - fix e2fsprogs creating corrupted meta image (#1711880) - fix typo in ext4 man page (#1720130) - provide easy metod for creating compatible rhel6 fs (#1780277) - better handling of trivial dir link count problem (#1820048) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-5094 CVE-2019-5188 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 Oracle Linux 7 [4.10.5-9] - Document::processAction: If the url points to a binary, dont run it Resolves: bz#1821451 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-9359 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base Oracle Linux 7 [5.9.7-4] - Fix: Files placed by attacker can influence the working directory and lead to malicious code execution Resolves: bz#1814740 Resolves: bz#1814685 [5.9.7-3] - Fix multilib issue with qtcore-config.h header file Resolves: bz#1534528 - Move libQt5EglFSDeviceIntegration lib into correct subpackage Resolves: bz#1792680 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-0570 CVE-2020-0569 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1:5.5.68-1] - Rebase to 5.5.68 This is the last upstream release. This major version reached upstream EOL - Related to: rhbz#1834835 [1:5.5.67-2] - Resolves: rhbz#1689827 [1:5.5.67-1] - Rebase to 5.5.67 - Related to: rhbz#1834835 - CVEs fixed: rhbz#1821939 CVE-2020-2574 [1:5.5.66-1] - Rebase to 5.5.66 - Related to: rhbz#1834835 - CVEs fixed: rhbz#1769276 rhbz#1830110 CVE-2019-2974 CVE-2020-2780 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-2752 CVE-2020-2574 CVE-2020-2812 CVE-2019-2974 CVE-2020-2780 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 Oracle Linux 7 [0.27.0-3] - Validate relationship of the total size to the offset to avoid crash Resolves: bz#1775695 LOW Copyright 2020 Oracle, Inc. CVE-2019-17402 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta Oracle Linux 7 [2.1.1-2] - Update to 2.1.1 (#1834286) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-11042 CVE-2020-11087 CVE-2020-11018 CVE-2020-11045 CVE-2020-11048 CVE-2020-11088 CVE-2020-11040 CVE-2020-11047 CVE-2020-11039 CVE-2020-11044 CVE-2020-11041 CVE-2020-11526 CVE-2020-13397 CVE-2020-11086 CVE-2020-11049 CVE-2020-11089 CVE-2020-11019 CVE-2020-11043 CVE-2020-11046 CVE-2020-11522 CVE-2020-11525 CVE-2020-11058 CVE-2020-13396 CVE-2020-11038 CVE-2020-11085 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1:1.10.24-15.0.1] - fix netlink poll: error 4 (Zhenzhong Duan) [1:1.10.24-15] - Fix CVE-2020-12049 (#1851992) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-12749 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 7 [2.28.2-2] - Resolves: rhbz#1817144 Rebuild to support ppc and s390 [2.28.2-1] - Resolves: rhbz#1817144 Rebase to 2.28.2 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-8563 CVE-2019-8678 CVE-2019-8821 CVE-2019-8607 CVE-2019-8625 CVE-2019-8658 CVE-2019-8666 CVE-2019-8683 CVE-2019-8686 CVE-2019-8689 CVE-2019-8719 CVE-2019-8811 CVE-2019-8819 CVE-2020-3901 CVE-2020-3902 CVE-2019-8506 CVE-2019-8544 CVE-2019-8597 CVE-2019-8615 CVE-2019-8622 CVE-2019-8649 CVE-2019-8766 CVE-2019-8812 CVE-2019-8823 CVE-2020-10018 CVE-2019-8535 CVE-2019-8583 CVE-2019-8608 CVE-2019-8672 CVE-2019-8684 CVE-2020-11793 CVE-2019-8584 CVE-2019-8524 CVE-2019-8551 CVE-2019-8571 CVE-2019-8596 CVE-2019-8623 CVE-2019-8808 CVE-2020-3885 CVE-2020-3900 CVE-2019-8536 CVE-2019-8558 CVE-2019-8782 CVE-2019-8783 CVE-2019-8820 CVE-2020-3867 CVE-2020-3899 CVE-2019-8559 CVE-2019-8671 CVE-2019-8673 CVE-2019-8707 CVE-2019-8720 CVE-2019-8835 CVE-2019-8844 CVE-2019-8676 CVE-2019-8735 CVE-2019-8743 CVE-2020-3864 CVE-2020-3897 CVE-2019-8595 CVE-2019-8601 CVE-2019-8609 CVE-2019-8611 CVE-2019-8669 CVE-2020-3862 CVE-2020-3895 CVE-2019-8677 CVE-2019-8680 CVE-2019-8763 CVE-2019-8846 CVE-2019-8610 CVE-2019-8690 CVE-2019-8726 CVE-2019-8765 CVE-2019-8768 CVE-2019-8769 CVE-2019-8771 CVE-2019-8813 CVE-2019-8815 CVE-2019-8816 CVE-2019-8822 CVE-2019-6251 CVE-2019-8674 CVE-2019-8681 CVE-2019-8710 CVE-2019-8733 CVE-2019-6237 CVE-2019-8586 CVE-2019-8594 CVE-2019-8619 CVE-2019-8687 CVE-2019-8764 CVE-2019-11070 CVE-2020-3865 CVE-2020-3868 CVE-2020-3894 CVE-2019-8587 CVE-2019-8644 CVE-2019-8679 CVE-2019-8688 CVE-2019-8814 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1.7.1-8] - fix CVE-2020-11764 (#1833552) - fix CVE-2020-11763 (#1833566) - fix CVE-2020-11761 (#1834461) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-11763 CVE-2020-11764 CVE-2020-11761 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [0.6.22-1] - Upgrade to 0.6.22 - Resolves: #1841316 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-0093 CVE-2020-0182 CVE-2020-13113 CVE-2020-12767 CVE-2020-13114 CVE-2019-9278 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [2.4.44-22] - Fix CVE-2020-12243 openldap: denial of service via nested boolean expressions in LDAP search filters (#1838405) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-12243 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 Oracle Linux 6 [0.12.1.2-2.506.el6_10.8] - kvm-qemu-kvm-QEMU-usb-check-RNDIS-message-length.patch [bz#1869684] - kvm-qemu-kvm-QEMU-usb-fix-setup_len-init-CVE-2020-14364.patch [bz#1869684] - Resolves: bz#1869684 (CVE-2020-14364 qemu-kvm: QEMU: usb: out-of-bounds r/w access issue while processing usb packets [rhel-6.10.z]) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14364 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 Oracle Linux 8 qemu-kvm [2.12.0-99.0.1.el8_2.4] - Added bug30251155-remove-upstream-reference [Orabug: 30251155] [2.12.0-99.el8_2.4] - kvm-usb-fix-setup_len-init-CVE-2020-14364.patch [bz#1869708] - Resolves: bz#1869708 (CVE-2020-14364 qemu-kvm: QEMU: usb: out-of-bounds r/w access issue while processing usb packets [rhel-8.2.0.z]) [2.12.0-99.el8_2.3] - kvm-Drop-bogus-IPv6-messages.patch [bz#1838092 bz#1867075 bz#1870421] - Resolves: bz#1838092 (CVE-2020-10756 virt:8.2/qemu-kvm: QEMU: slirp: networking out-of-bounds read information disclosure vulnerability [rhel-av-8]) - Resolves: bz#1867075 (CVE-2020-10756 virt:8.3/qemu-kvm: QEMU: slirp: networking out-of-bounds read information disclosure vulnerability [rhel-av-8]) - Resolves: bz#1870421 (CVE-2020-10756 virt:rhel/qemu-kvm: QEMU: slirp: networking out-of-bounds read information disclosure vulnerability [rhel-8.2.0.z]) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14364 CVE-2020-10756 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 7 [3.10.0-1160.OL7] - Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3 [3.10.0-1160] - [kernel] modsign: Add nomokvarconfig kernel parameter (Lenny Szubowicz) [1867857] - [firmware] modsign: Add support for loading certs from the EFI MOK config table (Lenny Szubowicz) [1867857] - [kernel] modsign: Move import of MokListRT certs to separate routine (Lenny Szubowicz) [1867857] - [kernel] modsign: Avoid spurious error message after last MokListRTn (Lenny Szubowicz) [1867857] [3.10.0-1159] - [kernel] modsign: Import certificates from optional MokListRT (Lenny Szubowicz) [1862840] - [crypto] crypto/pefile: Support multiple signatures in verify_pefile_signature (Lenny Szubowicz) [1862840] - [crypto] crypto/pefile: Tolerate other pefile signatures after first (Lenny Szubowicz) [1862840] [3.10.0-1158] - [redhat] switch secureboot kernel image signing to release keys (Jan Stancek) [] [3.10.0-1157] - [fs] signal: Dont send signals to tasks that dont exist (Vladis Dronov) [1856166] [3.10.0-1156] - [fs] gfs2: Fix regression due to unwanted gfs2_qa_put (Robert S Peterson) [1798713] - [include] signal: Unfairly acquire tasklist_lock in send_sigio() if irq disabled (Waiman Long) [1838799] - [fs] signal: Dont take tasklist_lock if PID type is PIDTYPE_PID (Waiman Long) [1838799] - [vfio] vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [1820632] {CVE-2020-12888} [3.10.0-1155] - [x86] Revert 'x86: respect memory size limiting via mem= parameter' (Joel Savitz) [1851576] - [mm] Revert 'mm/memory_hotplug.c: only respect mem= parameter during boot stage' (Joel Savitz) [1851576] - [fs] nfsd: only WARN once on unmapped errors ('J. Bruce Fields') [1850430] - [powerpc] pci/of: Fix OF flags parsing for 64bit BARs (Greg Kurz) [1840114] - [fs] cifs: fix NULL dereference in match_prepath (Leif Sahlberg) [1759852] [3.10.0-1154] - [fs] gfs2: move privileged user check to gfs2_quota_lock_check (Robert S Peterson) [1798713] - [fs] gfs2: Fix problems regarding gfs2_qa_get and _put (Robert S Peterson) [1798713] - [fs] gfs2: dont call quota_unhold if quotas are not locked (Robert S Peterson) [1798713] - [fs] gfs2: Remove unnecessary gfs2_qa_{get, put} pairs (Robert S Peterson) [1798713] - [fs] gfs2: Split gfs2_rsqa_delete into gfs2_rs_delete and gfs2_qa_put (Robert S Peterson) [1798713] - [fs] gfs2: Change inode qa_data to allow multiple users (Robert S Peterson) [1798713] - [fs] gfs2: eliminate gfs2_rsqa_alloc in favor of gfs2_qa_alloc (Robert S Peterson) [1798713] - [fs] gfs2: Switch to list_{first,last}_entry (Robert S Peterson) [1798713] - [fs] gfs2: Clean up inode initialization and teardown (Robert S Peterson) [1798713] - [fs] gfs2: Minor gfs2_alloc_inode cleanup (Robert S Peterson) [1798713] - [fs] gfs2: Fix busy-on-umount in gfs2_atomic_open() (Andrew Price) [1812558] [3.10.0-1153] - [x86] mm: Fix mremap not considering huge pmd devmap (Rafael Aquini) [1843437] {CVE-2020-10757} - [mm] mm, dax: check for pmd_none() after split_huge_pmd() (Rafael Aquini) [1843437] {CVE-2020-10757} - [mm] mm: mremap: streamline move_page_tables()s move_huge_pmd() corner case (Rafael Aquini) [1843437] {CVE-2020-10757} - [mm] mm: mremap: validate input before taking lock (Rafael Aquini) [1843437] {CVE-2020-10757} - [wireless] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() (Jarod Wilson) [1844070] {CVE-2020-12654} - [wireless] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Jarod Wilson) [1844026] {CVE-2020-12653} - [net] netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6 (Florian Westphal) [1845428] [3.10.0-1152] - [nvmem] nvmem: properly handle returned value nvmem_reg_read (Vladis Dronov) [1844409] - [mailbox] PCC: fix dereference of ERR_PTR (Vladis Dronov) [1844409] - [kernel] futex: Unlock hb->lock in futex_wait_requeue_pi() error path (Vladis Dronov) [1844409] - [fs] aio: fix inconsistent ring state (Jeff Moyer) [1845326] - [vfio] vfio/mdev: make create attribute static (Vladis Dronov) [1837549] - [vfio] treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Synchronize device create/remove with parent removal (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Avoid creating sysfs remove file on stale device removal (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Improve the create/remove sequence (Vladis Dronov) [1837549] - [vfio] treewide: Add SPDX license identifier - Makefile/Kconfig (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Avoid inline get and put parent helpers (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Fix aborting mdev child device removal if one fails (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Follow correct remove sequence (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Avoid masking error code to EBUSY (Vladis Dronov) [1837549] - [include] vfio/mdev: Drop redundant extern for exported symbols (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Removed unused kref (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Avoid release parent reference during error path (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Add iommu related member in mdev_device (Vladis Dronov) [1837549] - [vfio] vfio/mdev: add static modifier to add_mdev_supported_type (Vladis Dronov) [1837549] - [vfio] vfio: mdev: make a couple of functions and structure vfio_mdev_driver static (Vladis Dronov) [1837549] - [char] tpm/tpm_tis: Free IRQ if probing fails (David Arcari) [1774698] - [kernel] audit: fix a memleak caused by auditing load module (Richard Guy Briggs) [1843370] - [kernel] audit: fix potential null dereference 'context->module.name' (Richard Guy Briggs) [1843370] - [nvme] nvme: limit number of IO queues on Dell/Samsung config (David Milburn) [1837617] [3.10.0-1151] - [netdrv] qede: Fix multicast mac configuration (Michal Schmidt) [1740064] - [scsi] sd_dif: avoid incorrect ref_tag errors on 4K devices larger than 2TB (Ewan Milne) [1833528] - [hid] HID: hiddev: do cleanup in failure of opening a device (Torez Smith) [1814257] {CVE-2019-19527} - [hid] HID: hiddev: avoid opening a disconnected device (Torez Smith) [1814257] {CVE-2019-19527} - [x86] x86: make mul_u64_u64_div_u64() 'static inline' (Oleg Nesterov) [1845864] - [mm] mm: page_isolation: fix potential warning from user (Rafael Aquini) [1845620] - [s390] s390/mm: correct return value of pmd_pfn (Claudio Imbrenda) [1841106] - [fs] fs/proc/vmcore.c:mmap_vmcore: skip non-ram pages reported by hypervisors (Lianbo Jiang) [1790799] - [kernel] kernel/sysctl.c: ignore out-of-range taint bits introduced via kernel.tainted (Rafael Aquini) [1845356] - [documentation] kernel: add panic_on_taint (Rafael Aquini) [1845356] - [fs] ext4: Remove unwanted ext4_bread() from ext4_quota_write() (Lukas Czerner) [1845379] - [scsi] scsi: sg: add sg_remove_request in sg_write ('Ewan D. Milne') [1840699] {CVE-2020-12770} - [fs] fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Donghai Qiao) [1832062] {CVE-2020-10732} [3.10.0-1150] - [netdrv] net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget (Alaa Hleihel) [1845020] - [mm] memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (Waiman Long) [1842715] - [mm] memcg: only free spare array when readers are done (Waiman Long) [1842715] - [powerpc] powerpc/crashkernel: Take 'mem=' option into account (Pingfan Liu) [1751555] - [infiniband] IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (Kamal Heib) [1597952] - [security] selinux: properly handle multiple messages in selinux_netlink_send() (Ondrej Mosnacek) [1839650] {CVE-2020-10751} - [netdrv] net: ena: Add PCI shutdown handler to allow safe kexec (Bhupesh Sharma) [1841578] - [x86] x86/speculation: Support old struct x86_cpu_id & x86_match_cpu() kABI (Waiman Long) [1827188] {CVE-2020-0543} - [documentation] x86/speculation: Add Ivy Bridge to affected list (Waiman Long) [1827188] {CVE-2020-0543} - [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Waiman Long) [1827188] {CVE-2020-0543} - [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Waiman Long) [1827188] {CVE-2020-0543} - [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long) [1827188] {CVE-2020-0543} - [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman Long) [1827188] {CVE-2020-0543} - [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long) [1827188] {CVE-2020-0543} - [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827188] {CVE-2020-0543} - [cpufreq] x86/devicetable: Move x86 specific macro out of generic code (Waiman Long) [1827188] {CVE-2020-0543} header (Waiman Long) [1827188] {CVE-2020-0543} [3.10.0-1149] - [mm] mm/memory_hotplug.c: only respect mem= parameter during boot stage (Joel Savitz) [1838795] - [netdrv] qed: Reduce the severity of ptp debug message (Manish Chopra) [1703770] - [kernel] pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes (Jay Shin) [1836620] - [fs] gfs2: remove BUG_ON() from gfs2_log_alloc_bio() (Abhijith Das) [1828454] - [fs] gfs2: Even more gfs2_find_jhead fixes (Abhijith Das) [1828454] - [fs] quota: fix return value in dqget() (Eric Sandeen) [1842761] - [fs] proc_sysctl.c: fix potential page fault while unregistering sysctl table (Carlos Maiolino) [1843368] - [fs] ext4: fix error handling in ext4_ext_shift_extents (Lukas Czerner) [1843366] - [vhost] vhost: Check docket sk_family instead of call getname (Vladis Dronov) [1823302] {CVE-2020-10942} - [input] hyperv-keyboard - add module description (Mohammed Gamal) [1842689] - [hv] hv: Add a module description line to the hv_vmbus driver (Mohammed Gamal) [1842689] - [hid] hyperv: Add a module description line (Mohammed Gamal) [1842689] - [x86] sched/cputime: Improve cputime_adjust() (Oleg Nesterov) [1511040] - [acpi] ACPI: APEI: call into AER handling regardless of severity (Al Stone) [1737246] - [acpi] ACPI: APEI: handle PCIe AER errors in separate function (Al Stone) [1737246] - [acpi] ras: acpi/apei: cper: add support for generic data v3 structure (Al Stone) [1737246] - [acpi] ACPICA: ACPI 6.1: Updates for the HEST ACPI table (Al Stone) [1737246] - [acpi] ACPI / APEI: Switch to use new generic UUID API (Al Stone) [1737246] - [x86] x86/efi-bgrt: Quirk for BGRT when memory encryption active (Lenny Szubowicz) [1723477] - [scsi] scsi: megaraid_sas: Update driver version to 07.714.04.00-rc1 (Tomas Henzl) [1840550] - [scsi] scsi: megaraid_sas: TM command refire leads to controller firmware crash (Tomas Henzl) [1840550] - [scsi] scsi: megaraid_sas: Replace undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro (Tomas Henzl) [1840550] - [scsi] scsi: megaraid_sas: Limit device queue depth to controller queue depth (Tomas Henzl) [1840550] - [vfio] vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [1820632] {CVE-2020-12888} - [vfio] vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [1820632] {CVE-2020-12888} - [vfio] vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [1820632] {CVE-2020-12888} - [vfio] vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Alex Williamson) [1820632] {CVE-2020-12888} - [vfio] vfio/pci: call irq_bypass_unregister_producer() before freeing irq (Alex Williamson) [1820632] {CVE-2020-12888} - [vfio] vfio_pci: Enable memory accesses before calling pci_map_rom (Alex Williamson) [1820632] {CVE-2020-12888} - [fs] signal: Extend exec_id to 64bits (Chris von Recklinghausen) [1834650] {CVE-2020-12826} [3.10.0-1148] - [x86] hyper-v: Report crash data in die() when panic_on_oops is set (Mohammed Gamal) [1828450] - [hv] x86/hyper-v: Report crash register data when sysctl_record_panic_msg is not set (Mohammed Gamal) [1828450] - [x86] hyper-v: Report crash register data or kmsg before running crash kernel (Mohammed Gamal) [1828450] - [hv] x86/hyper-v: Trigger crash enlightenment only once during system crash (Mohammed Gamal) [1828450] - [hv] x86/hyper-v: Free hv_panic_page when fail to register kmsg dump (Mohammed Gamal) [1828450] - [hv] x86/hyper-v: Unload vmbus channel in hv panic callback (Mohammed Gamal) [1828450] - [hv] vmbus: Fix the issue with freeing up hv_ctl_table_hdr (Mohammed Gamal) [1828450] - [hv] vmus: Fix the check for return value from kmsg get dump buffer (Mohammed Gamal) [1828450] - [hv] Send one page worth of kmsg dump over Hyper-V during panic (Mohammed Gamal) [1828450] - [x86] kvm: x86: Allow suppressing prints on RDMSR/WRMSR of unhandled MSRs (Vitaly Kuznetsov) [1837412] - [fs] ext4: Fix race when checking i_size on direct i/o read (Lukas Czerner) [1506437] - [fs] copy_file_range should return ENOSYS not EOPNOTSUPP ('J. Bruce Fields') [1783554] - [fs] NFSv4.1 fix incorrect return value in copy_file_range ('J. Bruce Fields') [1783554] - [x86] Remove the unsupported check for Intel IceLake (Steve Best) [1841237] - [md] md/raid1: release pending accounting for an I/O only after write-behind is also finished (Nigel Croxon) [1792520] - [net] gre: fix uninit-value in __iptunnel_pull_header (Guillaume Nault) [1840321] - [net] inet: protect against too small mtu values. (Guillaume Nault) [1840321] - [net] Fix one possible memleak in ip_setup_cork (Guillaume Nault) [1840321] - [net] fix a potential recursive NETDEV_FEAT_CHANGE (Guillaume Nault) [1839130] - [net] fix null de-reference of device refcount (Guillaume Nault) [1839130] - [net] sch_choke: avoid potential panic in choke_reset() (Davide Caratti) [1839118] - [net] net_sched: fix datalen for ematch (Davide Caratti) [1839118] - [net] netem: fix error path for corrupted GSO frames (Davide Caratti) [1839118] - [net] avoid potential infinite loop in tc_ctl_action() (Davide Caratti) [1839118] - [net] net_sched: let qdisc_put() accept NULL pointer (Davide Caratti) [1839118] - [net] ipv4: really enforce backoff for redirects (Paolo Abeni) [1832332] - [net] ipv4: avoid mixed n_redirects and rate_tokens usage (Paolo Abeni) [1832332] - [net] ipv4: use a dedicated counter for icmp_v4 redirect packets (Paolo Abeni) [1832332] - [net] ipset: Update byte and packet counters regardless of whether they match (Phil Sutter) [1801366] - [net] xfrm: skip rt6i_idev update in xfrm6_dst_ifdown if loopback_idev is gone (Sabrina Dubroca) [1390049] [3.10.0-1147] - [nvme] nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info (Gopal Tiwari) [1839991] - [fs] pipe: actually allow root to exceed the pipe buffer limits (Jan Stancek) [1839629] - [scsi] Revert 'scsi: mpt3sas: Dont change the DMA coherent mask after allocations' (Tomas Henzl) [1839128] - [scsi] Revert 'scsi: mpt3sas: Rename function name is_MSB_are_same' (Tomas Henzl) [1839128] - [scsi] Revert 'scsi: mpt3sas: Separate out RDPQ allocation to new function' (Tomas Henzl) [1839128] - [scsi] Revert 'scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region' (Tomas Henzl) [1839128] - [netdrv] net/mlx5e: Avoid duplicating rule destinations (Alaa Hleihel) [1727593] - [netdrv] net/mlx5e: Extend encap entry with reference counter (Alaa Hleihel) [1727593] - [netdrv] net/mlx5e: Fix free peer_flow when refcount is 0 (Alaa Hleihel) [1727593] - [netdrv] net/mlx5e: Extend tc flow struct with reference counter (Alaa Hleihel) [1727593] - [netdrv] net/mlx5e: Dont make internal use of errno to denote missing neigh (Alaa Hleihel) [1727593] - [netdrv] net/mlx5e: Fix freeing flow with kfree() and not kvfree() (Alaa Hleihel) [1727593] - [drm] drm/nouveau/gr/gp107, gp108: implement workaround for HW hanging during init (Karol Herbst) [1834360 1834356 1833485] - [drm] drm/nouveau: workaround runpm fail by disabling PCI power management on certain intel bridges (Karol Herbst) [1834360 1834356 1833485] [3.10.0-1146] - [net] revert 'rtnetlink: validate IFLA_MTU attribute in rtnl_create_link()' (Jiri Benc) [1839608] - [net] ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface (Davide Caratti) [1838936] - [net] ipv6: Handle missing host route in __ipv6_ifa_notify (Davide Caratti) [1838936] - [net] ipv6: drop incoming packets having a v4mapped source address (Davide Caratti) [1838936] - [net] l2tp: fix infoleak in l2tp_ip6_recvmsg() (Andrea Claudi) [1837546] - [net] vti6: Fix memory leak of skb if input policy check fails (Patrick Talbert) [1836160] - [net] tcp: prevent bogus FRTO undos with non-SACK flows (Guillaume Nault) [1694860] - [scsi] scsi: smartpqi: fix controller lockup observed during force reboot (Don Brace) [1775369] - [fs] ext4: fix setting of referenced bit in ext4_es_lookup_extent() (Lukas Czerner) [1663720] - [fs] ext4: introduce aging to extent status tree (Lukas Czerner) [1663720] - [fs] ext4: cleanup flag definitions for extent status tree (Lukas Czerner) [1663720] - [fs] ext4: limit number of scanned extents in status tree shrinker (Lukas Czerner) [1663720] - [fs] ext4: move handling of list of shrinkable inodes into extent status code (Lukas Czerner) [1663720] - [fs] ext4: change LRU to round-robin in extent status tree shrinker (Lukas Czerner) [1663720] - [fs] ext4, jbd2: ensure panic when aborting with zero errno (Lukas Czerner) [1834783] - [fs] jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record (Lukas Czerner) [1834783] - [fs] jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal (Lukas Czerner) [1834783] - [fs] ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (Lukas Czerner) [1834783] - [fs] ext4: fix missing return values checks in ext4_cross_rename (Lukas Czerner) [1836819] - [fs] ext4: Fix POSIX ACL leak in ext4_xattr_set_acl (Lukas Czerner) [1543020] - [vfio] vfio-pci: Mask cap zero (Alex Williamson) [1838717] - [x86] Mark Intel Cooper Lake (CPX) supported (Steve Best) [1773681] - [fs] fs/bio-integrity: dont enable integrity for data-less bio (Ming Lei) [1835943] - [char] ipmi_si: Only schedule continuously in the thread in maintenance mode (Alexey Klimov) [1837127] - [kernel] wait/ptrace: assume __WALL if the child is traced (Oleg Nesterov) [1497808] - [mm] mm, hugetlb, soft_offline: save compound page order before page migration (Artem Savkov) [1751589] - [fs] fs/hugetlbfs/inode.c: fix hwpoison reserve accounting (Artem Savkov) [1751589] - [fs] mm: hwpoison: dissolve in-use hugepage in unrecoverable memory error (Artem Savkov) [1751589] - [mm] mm: soft-offline: dissolve free hugepage if soft-offlined (Artem Savkov) [1751589] - [mm] mm: hugetlb: soft-offline: dissolve source hugepage after successful migration (Artem Savkov) [1751589] - [mm] mm: hwpoison: change PageHWPoison behavior on hugetlb pages (Artem Savkov) [1751589] - [mm] mm: hugetlb: prevent reuse of hwpoisoned free hugepages (Artem Savkov) [1751589] - [netdrv] net/mlx5: Tidy up and fix reverse christmas ordring (Alaa Hleihel) [1831134] - [netdrv] net/mlx5: Expose port speed when possible (Alaa Hleihel) [1831134] - [include] net/mlx5: Expose link speed directly (Alaa Hleihel) [1831134] - [usb] USB: core: Fix races in character device registration and deregistraion (Torez Smith) [1785065] {CVE-2019-19537} - [usb] usb: cdc-acm: make sure a refcount is taken early enough (Torez Smith) [1802548] {CVE-2019-19530} - [usb] USB: adutux: fix use-after-free on disconnect (Torez Smith) [1798822] {CVE-2019-19523} - [media] media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Torez Smith) [1795597] {CVE-2019-15217} [3.10.0-1145] - [scsi] scsi: qla2xxx: Do not log message when reading port speed via sysfs (Ewan Milne) [1837543] - [mm] mm: dmapool: add/remove sysfs file outside of the pool lock lock (Waiman Long) [1836837] - [mm] Fix unbalanced mutex in dma_pool_create() (Waiman Long) [1836837] - [mm] mm/dmapool.c: remove redundant NULL check for dev in dma_pool_create() (Waiman Long) [1836837] - [x86] x86/speculation: Prevent deadlock on ssb_state::lock (Waiman Long) [1836322] - [netdrv] can, slip: Protect tty->disc_data in write_wakeup and close with RCU (John Linville) [1805590] - [netdrv] slcan: Port write_wakeup deadlock fix from slip (John Linville) [1805590] - [fs] ext4: fix support for inode sizes > 1024 bytes (Lukas Czerner) [1817634] {CVE-2019-19767} - [fs] ext4: add more paranoia checking in ext4_expand_extra_isize handling (Lukas Czerner) [1817634] {CVE-2019-19767} - [fs] ext4: forbid i_extra_isize not divisible by 4 (Lukas Czerner) [1817634] {CVE-2019-19767} - [fs] ext4: validate the debug_want_extra_isize mount option at parse time (Lukas Czerner) [1817634] {CVE-2019-19767} - [fs] cachefiles: Fix race between read_waiter and read_copier involving op->to_do (Dave Wysochanski) [1829662] - [fs] jbd2: Fix possible overflow in jbd2_log_space_left() (Lukas Czerner) [1626092] - [media] media: v4l: event: Add subscription to list before calling 'add' operation (Jarod Wilson) [1828802] {CVE-2019-9458} - [media] media: v4l: event: Prevent freeing event subscriptions while accessed (Jarod Wilson) [1828802] {CVE-2019-9458} - [fs] block: Prevent hung_check firing during long sync IO (Ming Lei) [1724345] [3.10.0-1144] - [crypto] crypto: user - fix memory leak in crypto_report (Vladis Dronov) [1825132] {CVE-2019-18808 CVE-2019-19062} - [crypto] crypto: ccp - Release all allocated memory if sha type is invalid (Vladis Dronov) [1825132] {CVE-2019-18808} - [net] xfrm: policy: Fix doulbe free in xfrm_policy_timer (Xin Long) [1836813] - [net] xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire (Xin Long) [1836813] - [net] xfrm: fix uctx len check in verify_sec_ctx_len (Xin Long) [1836813] - [net] rtnetlink: validate IFLA_MTU attribute in rtnl_create_link() (Jiri Benc) [1835352] - [net] rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (Jiri Benc) [1835352] - [net] netlink: fix uninit-value in netlink_sendmsg (Jiri Benc) [1835352] - [net] netlink: make sure nladdr has correct size in netlink_connect() (Jiri Benc) [1835352] - [net] rtnetlink: fix info leak in RTM_GETSTATS call (Jiri Benc) [1835352] - [net] rtnetlink: release net refcnt on error in do_setlink() (Jiri Benc) [1835352] - [net] bridge: deny dev_set_mac_address() when unregistering (Hangbin Liu) [1834203] - [net] bridge/mdb: remove wrong use of NLM_F_MULTI (Hangbin Liu) [1834203] - [net] udp: disable inner UDP checksum offloads in IPsec case (Sabrina Dubroca) [1826244] - [net] sctp: Fix SHUTDOWN CTSN Ack in the peer restart case (Xin Long) [1833869] - [net] sctp: Fix bundling of SHUTDOWN with COOKIE-ACK (Xin Long) [1833869] - [net] sctp: fix possibly using a bad saddr with a given dst (Xin Long) [1833869] - [net] sctp: fix refcount bug in sctp_wfree (Xin Long) [1833869] - [net] sctp: move the format error check out of __sctp_sf_do_9_1_abort (Xin Long) [1833869] - [net] sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY (Xin Long) [1833869] - [net] sctp: fully initialize v4 addr in some functions (Xin Long) [1833869] - [net] sctp: simplify addr copy (Xin Long) [1833869] - [net] sctp: cache netns in sctp_ep_common (Xin Long) [1833869] - [net] sctp: destroy bucket if failed to bind addr (Xin Long) [1833869] - [net] sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (Xin Long) [1833869] - [net] netfilter: nat: never update the UDP checksum when its 0 (Guillaume Nault) [1834278] - [net] esp4: add length check for UDP encapsulation (Sabrina Dubroca) [1825155] - [net] sit: fix memory leak in sit_init_net() (Andrea Claudi) [1830011] {CVE-2019-16994} - [net] sched: cbs: fix NULL dereference in case cbs_init() fails (Davide Caratti) [1830245] - [net] netfilter: nf_tables: use-after-free in dynamic operations (Phil Sutter) [1819087] - [net] tcp: tcp_v4_err() should be more careful (Marcelo Leitner) [1749964] - [net] tcp: remove BUG_ON from tcp_v4_err (Marcelo Leitner) [1749964] - [net] tcp: clear icsk_backoff in tcp_write_queue_purge() (Marcelo Leitner) [1749964] - [net] psample: fix skb_over_panic (Sabrina Dubroca) [1823251] - [net] sched: ensure opts_len <= IP_TUNNEL_OPTS_MAX in act_tunnel_key (Patrick Talbert) [1823691] - [netdrv] fjes: Handle workqueue allocation failure (Masayoshi Mizuma) [1830563] {CVE-2019-16231} [3.10.0-1143] - [mm] mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (Rafael Aquini) [1834434] {CVE-2020-11565} - [fs] fs: avoid softlockups in s_inodes iterators (Jay Shin) [1760145] - [scsi] scsi: core: Add DID_ALLOC_FAILURE and DID_MEDIUM_ERROR to hostbyte_table (Maurizio Lombardi) [1832019] - [fs] locks: allow filesystems to request that ->setlease be called without i_lock (Jeff Layton) [1830606] - [fs] locks: move fasync setup into generic_add_lease (Jeff Layton) [1830606] - [fs] revert '[fs] xfs: catch bad stripe alignment configurations' (Carlos Maiolino) [1836292] - [scsi] scsi: scsi_debug: num_tgts must be >= 0 (Ewan Milne) [1834998] - [scsi] scsi: scsi_debug: Avoid PI being disabled when TPGS is enabled (Ewan Milne) [1834998] - [scsi] scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded (Ewan Milne) [1834998] - [scsi] scsi_debug: check for bigger value first (Ewan Milne) [1834998] - [scsi] scsi_debug: vfree is null safe so drop the check (Ewan Milne) [1834998] - [scsi] scsi_debug: error message should say scsi_host_alloc not scsi_register (Ewan Milne) [1834998] - [fs] xfs: Fix tail rounding in xfs_alloc_file_space() (Bill ODonnell) [1833223] - [fs] ceph: dont drop message if it contains more data than expected (Jeff Layton) [1828340] - [fs] ceph: dont error out on larger-than-expected session messages (Jeff Layton) [1828340] - [acpi] ACPI: disable BERT by default, add parameter to enable it (Aristeu Rozanski) [1525298] - [acpi] ACPI: APEI: Fix possible out-of-bounds access to BERT region (Aristeu Rozanski) [1525298] - [acpi] ACPI / sysfs: Extend ACPI sysfs to provide access to boot error region (Aristeu Rozanski) [1525298] - [acpi] ACPI: APEI: Fix BERT resources conflict with ACPI NVS area (Aristeu Rozanski) [1525298] - [acpi] ACPI / APEI: Add Boot Error Record Table (BERT) support (Aristeu Rozanski) [1525298] - [acpi] ACPICA: Restore error table definitions to reduce code differences between Linux and ACPICA upstream (Aristeu Rozanski) [1525298] [3.10.0-1142] - [fs] gfs2: Another gfs2_walk_metadata fix (Andreas Grunbacher) [1822230] - [fs] ext4: prevent ext4_quota_write() from failing due to ENOSPC (Lukas Czerner) [1068952] - [fs] ext4: do not zeroout extents beyond i_disksize (Lukas Czerner) [1834320] - [fs] pnfs: Ensure we layoutcommit before revalidating attributes (Benjamin Coddington) [1827647] - [fs] nfs: flush data when locking a file to ensure cache coherence for mmap (Scott Mayhew) [1813811] - [fs] call fsnotify_sb_delete after evict_inodes (Jay Shin) [1760145] - [fs] inode: dont softlockup when evicting inodes (Jay Shin) [1760145] - [fs] drop_caches.c: avoid softlockups in drop_pagecache_sb() (Jay Shin) [1760145] - [fs] gfs2: More gfs2_find_jhead fixes (Abhijith Das) [1828454] - [fs] gfs2: Another gfs2_find_jhead fix (Abhijith Das) [1828454] - [fs] nfs: fix mount/umount race in nlmclnt (Jay Shin) [1771205] - [fs] nlm_shutdown_hosts_net() cleanup (Jay Shin) [1771205] - [scsi] scsi: megaraid: Use true, false for bool variables (Tomas Henzl) [1827037] - [scsi] scsi: megaraid: make two symbols static in megaraid_sas_base.c (Tomas Henzl) [1827037] - [scsi] scsi: megaraid: make some symbols static in megaraid_sas_fusion.c (Tomas Henzl) [1827037] - [scsi] scsi: megaraid: make some symbols static in megaraid_sas_fp.c (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Use scnprintf() for avoiding potential buffer overflow (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: silence a warning (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: fix indentation issue (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Limit the number of retries for the IOCTLs causing firmware fault (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Re-Define enum DCMD_RETURN_STATUS (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Do not set HBA Operational if FW is not in operational state (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Do not kill HBA if JBOD Seqence map or RAID map is disabled (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Do not kill host bus adapter, if adapter is already dead (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Update optimal queue depth for SAS and NVMe devices (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Reset adapter if FW is not in READY state after device resume (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Make poll_aen_lock static (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Fix a compilation warning (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Make a bunch of functions static (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Make some functions static (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: remove unused variables 'debugBlk', 'fusion' (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Unique names for MSI-X vectors (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: fix panic on loading firmware crashdump (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: fix spelling mistake 'megarid_sas' -> 'megaraid_sas' (Tomas Henzl) [1827037] - [scsi] scsi: mpt3sas: Disable DIF when prot_mask set to zero (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Separate out RDPQ allocation to new function (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Rename function name is_MSB_are_same (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Dont change the DMA coherent mask after allocations (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Fix kernel panic observed on soft HBA unplug (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Fix double free in attach error handling (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Use Component img header to get Package ver (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Fix module parameter max_msix_vectors (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Reject NVMe Encap cmnds to unsupported HBA (Tomas Henzl) [1832868] - [netdrv] hv_netvsc: Fix error handling in netvsc_set_features() (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Sync offloading features to VF NIC (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Fix IP header checksum for coalesced packets (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Fix rndis_per_packet_info internal field initialization (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Add handler for LRO setting change (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Add support for LRO/RSC in the vSwitch (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Add handlers for ethtool get/set msg level (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Fix the variable sizes in ipsecv2 and rsc offload (Mohammed Gamal) [1821814] - [fs] fix mntput/mntput race (Miklos Szeredi) [1828320] - [wireless] rtlwifi: prevent memory leak in rtl_usb_probe (Jarod Wilson) [1829847] {CVE-2019-19063} - [wireless] iwlwifi: dbg_ini: fix memory leak in alloc_sgtable (Jarod Wilson) [1829375] {CVE-2019-19058} - [net] nl80211: fix memory leak in nl80211_get_ftm_responder_stats (Jarod Wilson) [1829289] {CVE-2019-19055} - [wireless] iwlwifi: pcie: fix memory leaks in iwl_pcie_ctxt_info_gen3_init (Jarod Wilson) [1829393] {CVE-2019-19059} [3.10.0-1141] - [kernel] sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision (Artem Savkov) [1752067] - [edac] EDAC: skx_common: downgrade message importance on missing PCI device (Aristeu Rozanski) [1832683] - [s390] s390/qdio: consider ERROR buffers for inbound-full condition (Philipp Rudo) [1831791] - [s390] s390/ftrace: fix potential crashes when switching tracers (Philipp Rudo) [1813124] - [netdrv] ibmvnic: Skip fatal error reset after passive init (Steve Best) [1830992] - [scsi] smartpqi: bump driver version (Don Brace) [1822762] - [scsi] scsi: smartpqi: add bay identifier (Don Brace) [1822762] - [scsi] scsi: smartpqi: add module param to hide vsep (Don Brace) [1822762] - [scsi] scsi: bnx2fc: Update the driver version to 2.12.13 (Nilesh Javali) [1709542] - [scsi] scsi: bnx2fc: fix boolreturn.cocci warnings (Nilesh Javali) [1709542] - [scsi] scsi: bnx2fc: Fix SCSI command completion after cleanup is posted (Nilesh Javali) [1709542] - [scsi] scsi: bnx2fc: Process the RQE with CQE in interrupt context (Nilesh Javali) [1709542] - [scsi] scsi: qla2xxx: Fix a recently introduced kernel warning (Nilesh Javali) [1828875] - [scsi] Fix abort timeouts in CQ Full conditions (Dick Kennedy) [1802654] - [input] Input: add safety guards to input_set_keycode() (Chris von Recklinghausen) [1828222] {CVE-2019-20636} - [scsi] scsi: libsas: delete sas port if expander discover failed (Tomas Henzl) [1829965] {CVE-2019-15807} - [net] netlabel: cope with NULL catmap (Paolo Abeni) [1827240] {CVE-2020-10711} [3.10.0-1140] - [netdrv] mlx5: Remove unsupported tag for ConnectX-6 Dx device (Alaa Hleihel) [1829777] - [fs] xfs: clear PF_MEMALLOC before exiting xfsaild thread (Brian Foster) [1827910] - [fs] gfs2: fix O_EXCL|O_CREAT handling on cold dcache (Andrew Price) [1812558] - [fs] nfs: Correct an nfs page array calculation error (Jay Shin) [1824270] - [infiniband] RDMA/bnxt_re: Fix stat push into dma buffer on gen p5 devices (Jonathan Toppins) [1828475 1824438] - [netdrv] bnxt_en: Fix allocation of zero statistics block size regression (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Allocate the larger per-ring statistics block for 57500 chips (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Expand bnxt_tpa_info struct to support 57500 chips (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Refactor TPA logic (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Add TPA structure definitions for BCM57500 chips (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Update firmware interface spec. to 1.10.0.89 (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Update firmware interface to 1.10.0.69 (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Update firmware interface spec. to 1.10.0.47 (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Refactor ethtool ring statistics logic (Jonathan Toppins) [1824438] - [block] blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (Ming Lei) [1825431] - [scsi] scsi: fnic: do not queue commands during fwreset (Govindarajulu Varadarajan) [1794150] - [scsi] scsi: fnic: fix invalid stack access (Govindarajulu Varadarajan) [1794150] - [scsi] scsi: fnic: fix use after free (Govindarajulu Varadarajan) [1794150] - [netdrv] enic: prevent waking up stopped tx queues over watchdog reset (Govindarajulu Varadarajan) [1794148] - [fs] ceph: use ceph_evict_inode to cleanup inodes resource (Jeff Layton) [1784016] - [fs] ceph: fix use-after-free in __ceph_remove_cap() (Jeff Layton) [1784016] - [fs] ceph: hold i_ceph_lock when removing caps for freeing inode (Jeff Layton) [1784016] - [input] Input: ff-memless - kill timer in destroy() (Chris von Recklinghausen) [1815021] {CVE-2019-19524} - [scsi] scsi: qla2xxx: fix a potential NULL pointer dereference ('Ewan D. Milne') [1829246] {CVE-2019-16233} [3.10.0-1139] - [fs] nfsd: Fix races between nfsd4_cb_release() and nfsd4_shutdown_callback() ('J. Bruce Fields') [1448750] - [fs] nfsd: minor 4.1 callback cleanup ('J. Bruce Fields') [1448750] - [fs] nfsd: Dont release the callback slot unless it was actually held (Benjamin Coddington) [1448750] - [lib] kobject: dont use WARN for registration failures (Ewan Milne) [1756495] - [lib] lib/kobject: Join string literals back (Ewan Milne) [1756495] - [scsi] scsi: ibmvfc: Dont send implicit logouts prior to NPIV login (Steve Best) [1828726] - [fs] nfs: Serialize O_DIRECT reads and writes (Benjamin Coddington) [1826571] - [mm] mm/page_owner: convert page_owner_inited to static key (Rafael Aquini) [1781726] - [mm] mm/page_owner: set correct gfp_mask on page_owner (Rafael Aquini) [1781726] - [mm] mm/page_owner: fix possible access violation (Rafael Aquini) [1781726] - [mm] mm/page_owner: use late_initcall to hook in enabling (Rafael Aquini) [1781726] - [mm] mm/page_owner: remove unnecessary stack_trace field (Rafael Aquini) [1781726] - [mm] mm/page_owner: correct owner information for early allocated pages (Rafael Aquini) [1781726] - [mm] mm/page_owner: keep track of page owners (Rafael Aquini) [1781726] - [documentation] Documentation: add new page_owner document (Rafael Aquini) [1781726] - [kernel] stacktrace: introduce snprint_stack_trace for buffer output (Rafael Aquini) [1781726] [3.10.0-1138] - [infiniband] RDMA/bnxt_re: Fix chip number validation Broadcoms Gen P5 series (Jonathan Toppins) [1823679] - [scsi] scsi: qla2xxx: Silence fwdump template message (Ewan Milne) [1783191] - [scsi] scsi: hpsa: Update driver version (Joseph Szczypek) [1808403] - [scsi] scsi: hpsa: correct race condition in offload enabled (Joseph Szczypek) [1808403] - [netdrv] bonding: fix active-backup transition after link failure (Jarod Wilson) [1712235] - [netdrv] bonding: fix state transition issue in link monitoring (Jarod Wilson) [1712235] - [netdrv] bonding: fix potential NULL deref in bond_update_slave_arr (Jarod Wilson) [1712235] - [netdrv] bonding: Force slave speed check after link state recovery for 802.3ad (Jarod Wilson) [1712235] - [i2c] i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA (Vladis Dronov) [1822641] {CVE-2017-18551} - [acpi] ACPI / EC: Ensure lock is acquired before accessing ec struct (Al Stone) [1811132] - [x86] x86/mce: Do not log spurious corrected mce errors (Prarit Bhargava) [1797205] - [wireless] mwifiex: Fix mem leak in mwifiex_tm_cmd (Jarod Wilson) [1804971] {CVE-2019-20095} - [kernel] kernel/module.c: wakeup processes in module_wq on module unload (Prarit Bhargava) [1771939] - [acpi] ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (Prarit Bhargava) [1790782] [3.10.0-1137] - [tty] tty/hvc: Use IRQF_SHARED for OPAL hvc consoles (Gustavo Duarte) [1600213] - [mm] mm/swap_slots.c: fix race conditions in swap_slots cache init (Rafael Aquini) - [block] loop: set PF_MEMALLOC_NOIO for the worker thread (Ming Lei) [1825950] - [tty] serial: 8250: drop the printk from serial8250_interrupt() (Prarit Bhargava) [1825049] - [net] net: linkwatch: add check for netdevice being present to linkwatch_do_dev (Alaa Hleihel) [1595302] [3.10.0-1136] - [fs] sunrpc: expiry_time should be seconds not timeval (Benjamin Coddington) [1794055] - [nvdimm] Revert 'driver boilerplate changes to properly manage device_rh' (Christoph von Recklinghausen) [1823750] - [base] call device_rh_free in device_release before driver/class/type release is called (Christoph von Recklinghausen) [1822888] - [md] md:md-faulty kernel panic is caused by QUEUE_FLAG_NO_SG_MERGE (Nigel Croxon) [1822462] - [firmware] efi: cper: print AER info of PCIe fatal error (Vladis Dronov) [1820646] - [scsi] qla2xxx: Update driver version to 10.01.00.22.07.9-k (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix message indicating vectors used by driver (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Move free of fcport out of interrupt context (Nilesh Javali) [1808129] - [scsi] qla2xxx: delete all sessions before unregister local nvme port (Nilesh Javali) [1808129] - [scsi] qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix a NULL pointer dereference in an error path (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix mtcp dump collection failure (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix RIDA Format-2 (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix stuck login session using prli_pend_timer (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Use common routine to free fcport struct (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix update_fcport for current_topology (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix fabric scan hang (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Complain if sp->done() is not called from the completion path (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Change discovery state before PLOGI (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Initialize free_work before flushing it (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Retry fabric Scan on IOCB queue full (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: initialize fc4_type_priority (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix a dma_pool_free() call (Nilesh Javali) [1808129] - [security] selinux: ensure we cleanup the internal AVC counters on error in avc_insert() (Artem Savkov) [1808675] - [acpi] ACPICA: Mark acpi_ut_create_internal_object_dbg() memory allocations as non-leaks (Artem Savkov) [1808675] - [x86] x86/microcode/AMD: Free unneeded patch before exit from update_cache() (Artem Savkov) [1808675] - [mm] memcg: ensure mem_cgroup_idr is updated in a coordinated manner (Aaron Tomlin) [1822405] - [mm] mm/page_alloc: increase default min_free_kbytes bound (Joel Savitz) [1704326] - [scsi] scsi: lpfc: Fix unexpected error messages during RSCN handling (Dick Kennedy) [1743667] - [scsi] scsi: lpfc: Fix discovery failures when target device connectivity bounces (Dick Kennedy) [1743667] - [scsi] scsi: lpfc: Fix devices that dont return after devloss followed by rediscovery (Dick Kennedy) [1743667] - [scsi] scsi: lpfc: Fix port relogin failure due to GID_FT interaction (Dick Kennedy) [1743667] - [video] vgacon: Fix a UAF in vgacon_invert_region (Vladis Dronov) [1818730] {CVE-2020-8647 CVE-2020-8649} - [x86] uprobes/x86: Fix detection of 32-bit user mode (Oleg Nesterov) [1804959] - [powerpc] module: Handle R_PPC64_ENTRY relocations (Yauheni Kaliuta) [1657540] - [scripts] recordmcount.pl: support data in text section on powerpc (Yauheni Kaliuta) [1657540] - [powerpc] boot: Request no dynamic linker for boot wrapper (Yauheni Kaliuta) [1657540] [3.10.0-1135] - [fs] fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Dave Wysochanski) [1683490] - [fs] fscache: Pass the correct cancelled indications to fscache_op_complete() (Dave Wysochanski) [1683490] - [char] tpm: ibmvtpm: Wait for buffer to be set before proceeding (Jerry Snitselaar) [1815536] - [fs] NFS: Fix a race between mmap() and O_DIRECT (Benjamin Coddington) [1813803] - [fs] NFS: Remove a redundant call to unmap_mapping_range() (Benjamin Coddington) [1813803] - [fs] NFS: Remove redundant waits for O_DIRECT in fsync() and write_begin() (Benjamin Coddington) [1813803] - [fs] NFS: Cleanup nfs_direct_complete() (Benjamin Coddington) [1813803] - [fs] NFS: Do not serialise O_DIRECT reads and writes (Benjamin Coddington) [1813803] - [fs] NFS: Move buffered I/O locking into nfs_file_write() (Benjamin Coddington) [1813803] - [fs] bdi: make inode_to_bdi() inline (Benjamin Coddington) [1813803] - [fs] NFS: Remove racy size manipulations in O_DIRECT (Benjamin Coddington) [1813803] - [fs] NFS: Dont hold the inode lock across fsync() (Benjamin Coddington) [1813803] - [fs] nfs: remove nfs_inode_dio_wait (Benjamin Coddington) [1813803] - [fs] nfs: remove nfs4_file_fsync (Benjamin Coddington) [1813803] - [fs] NFS: Kill NFS_INO_NFS_INO_FLUSHING: it is a performance killer (Benjamin Coddington) [1813803] - [fs] filesystem-dax: Fix dax_layout_busy_page() livelock (Carlos Maiolino) [1817866] - [block] blk-mq: fix hang caused by freeze/unfreeze sequence (Ming Lei) [1821718] - [fs] ceph: dont NULL terminate virtual xattrs (Jeff Layton) [1717454] - [fs] ceph: return -ERANGE if virtual xattr value didnt fit in buffer (Jeff Layton) [1717454] - [fs] ceph: make getxattr_cb return ssize_t (Jeff Layton) [1717454] - [fs] ceph: use bit flags to define vxattr attributes (Jeff Layton) [1717454] - [tty] tty: Prevent ldisc drivers from re-using stale tty fields (Vladis Dronov) [1820031] - [powerpc] powerpc64/kexec: Hard disable ftrace before switching to the new kernel (Jerome Marchand) [1731578] - [powerpc] powerpc64/ftrace: Delay enabling ftrace on secondary cpus (Jerome Marchand) [1731578] - [powerpc] powerpc64/ftrace: Add helpers to hard disable ftrace (Jerome Marchand) [1731578] - [powerpc] powerpc64/ftrace: Rearrange #ifdef sections in ftrace.h (Jerome Marchand) [1731578] - [powerpc] powerpc64/ftrace: Add a field in paca to disable ftrace in unsafe code paths (Jerome Marchand) [1731578] - [powerpc] powerpc/ftrace: Pass the correct stack pointer for DYNAMIC_FTRACE_WITH_REGS (Jerome Marchand) [1731578] - [isdn] mISDN: enforce CAP_NET_RAW for raw sockets (Andrea Claudi) [1779474] {CVE-2019-17055} - [virtio] virtio-balloon: fix managed page counts when migrating pages between zones (David Hildenbrand) [1780330] [3.10.0-1134] - [net] netfilter: nf_log: fix uninit read in nf_log_proc_dostring (Phil Sutter) [1770232] - [net] netfilter: nf_log: fix error on write NONE to logger choice sysctl (Phil Sutter) [1770232] - [net] ethtool: convert large order kmalloc allocations to vzalloc (Davide Caratti) [1786448] - [net] l2tp: Allow duplicate session creation with UDP (Guillaume Nault) [1808928] - [net] sched: flower: insert new filter to idr after setting its mask (Davide Caratti) [1785141] - [net] ipv6: remove printk (Hangbin Liu) [1779533] - [net] netfilter: ctnetlink: netns exit must wait for callbacks (Florian Westphal) [1766816] - [net] raw: do not report ICMP redirects to user space (Hangbin Liu) [1758386] [3.10.0-1133] - [powerpc] powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property() (Steve Best) [1806629] {CVE-2019-12614} - [s390] s390/pci: Recover handle in clp_set_pci_fn() (Philipp Rudo) [1816662] - [fs] xfs: fix attr leaf header freemap.size underflow (Bill ODonnell) [1808671] - [block] floppy: check FDC index for errors before assigning it (Ming Lei) [1815403] {CVE-2020-9383} - [block] virtio-blk: improve virtqueue error to BLK_STS (Philipp Rudo) [1818001] - [block] virtio-blk: fix hw_queue stopped on arbitrary error (Philipp Rudo) [1818001] - [s390] dasd: fix endless loop after read unit address configuration (Philipp Rudo) [1816661] - [fs] CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks (Leif Sahlberg) [1504193] - [fs] cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (Leif Sahlberg) [1504193] - [char] ipmi: Fix memory leak in __ipmi_bmc_register (Tony Camuso) [1812836] {CVE-2019-19046} - [net] ipvs: Remove noisy debug print from ip_vs_del_service (Alexey Klimov) [1769816] [3.10.0-1132] - [tools] tools/power turbostat: Support Ice Lake server (Steve Best) [1776508] - [nvme] nvme-fc: ensure association_id is cleared regardless of a Disconnect LS (Ewan Milne) [1816752] - [nvme] nvme-fc: clarify error messages (Ewan Milne) [1816752] - [nvme] nvme-fc: fix module unloads while lports still pending (Ewan Milne) [1816752] - [scsi] scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI (Ewan Milne) [1816307] - [scsi] scsi: core: Fix a compiler warning triggered by the SCSI logging code (Ewan Milne) [1816307] - [scsi] scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) (Ewan Milne) [1816307] - [scsi] scsi: core: scsi_trace: Use get_unaligned_be*() (Ewan Milne) [1816307] - [scsi] scsi: core: try to get module before removing device (Ewan Milne) [1816307] - [scsi] scsi: scsi_dh_alua: handle RTPG sense code correctly during state transitions (Ewan Milne) [1816307] - [scsi] scsi: device_handler: remove VLAs (Ewan Milne) [1816307] - [scsi] scsi: scsi_dh: Document alua_rtpg_queue() arguments (Ewan Milne) [1816307] - [scsi] scsi: scsi_dh_alua: skip RTPG for devices only supporting active/optimized (Ewan Milne) [1816307] - [scsi] scsi: scsi_dh_emc: return success in clariion_std_inquiry() (Ewan Milne) [1816307] - [target] scsi: target: iscsi: rename some variables to avoid confusion (Maurizio Lombardi) [1806966] - [target] scsi: target: iscsi: tie the challenge length to the hash digest size (Maurizio Lombardi) [1806966] - [target] scsi: target: iscsi: CHAP: add support for SHA1, SHA256 and SHA3-256 (Maurizio Lombardi) [1806966] - [target] scsi: target: compare full CHAP_A Algorithm strings (Maurizio Lombardi) [1806966] - [base] device_release() can call device_rh_free() too (Christoph von Recklinghausen) [1793248] - [nvdimm] driver boilerplate changes to properly manage device_rh (Christoph von Recklinghausen) [1793248] - [base] Add an interface for certain drivers who manage their own struct devices to disassociate their device_rhs (Christoph von Recklinghausen) [1793248] - [base] kfree(dev->device_rh) in device_create_release() (Christoph von Recklinghausen) [1793248] - [base] kfree and zero device_rh in device_release() (Christoph von Recklinghausen) [1793248] - [input] Revert 'Fix device_rh memory leak' (Christoph von Recklinghausen) [1793248] - [scsi] Revert 'Fix device_rh leak in scsi_alloc_target()' (Christoph von Recklinghausen) [1793248] - [scsi] Revert 'Fix memory leaks in scsi_alloc_sdev()' (Christoph von Recklinghausen) [1793248] - [nvdimm] libnvdimm/security: Consolidate 'security' operations (Jeff Moyer) [1735364] - [nvdimm] libnvdimm/security: Tighten scope of nvdimm->busy vs security operations (Jeff Moyer) [1735364] - [nvdimm] libnvdimm/security: Introduce a 'frozen' attribute (Jeff Moyer) [1735364] - [acpi] libnvdimm/security, acpi/nfit: unify zero-key for all security commands (Jeff Moyer) [1735364] - [nvdimm] libnvdimm/security: provide fix for secure-erase to use zero-key (Jeff Moyer) [1735364] - [block] block: fix checking return value of blk_mq_init_queue (Maxim Levitsky) [1795777] - [bluetooth] Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() (Aristeu Rozanski) [1808803] {CVE-2019-15917} [3.10.0-1131] - [x86] kvm: x86: clear stale x86_emulate_ctxt->intercept value (Jon Maloy) [1806818] {CVE-2020-2732} - [x86] kvm: vmx: check descriptor table exits on instruction emulation (Jon Maloy) [1806818] {CVE-2020-2732} - [x86] kvm: nvmx: Check IO instruction VM-exit conditions (Jon Maloy) [1806818] {CVE-2020-2732} - [x86] kvm: nvmx: Refactor IO bitmap checks into helper function (Jon Maloy) [1806818] {CVE-2020-2732} - [x86] kvm: nvmx: Dont emulate instructions in guest mode (Jon Maloy) [1806818] {CVE-2020-2732} - [x86] kvm: x86: Fix kvm_bitmap_or_dest_vcpus() to use irq shorthand (Nitesh Narayan Lal) [1772082] - [x86] kvm: x86: Initializing all kvm_lapic_irq fields in ioapic_write_indirect (Nitesh Narayan Lal) [1772082] - [virt] kvm: x86: remove set but not used variable 'called' (Nitesh Narayan Lal) [1772082] - [x86] kvm: x86: Zero the IOAPIC scan request dest vCPUs bitmap (Nitesh Narayan Lal) [1772082] - [x86] kvm: x86: deliver KVM IOAPIC scan request to target vCPUs (Nitesh Narayan Lal) [1772082] - [kernel] kvm: remember position in kvm->vcpus array (Nitesh Narayan Lal) [1772082] - [x86] kvm: x86: Drop KVM_APIC_SHORT_MASK and KVM_APIC_DEST_MASK (Nitesh Narayan Lal) [1772082] - [virt] kvm: introduce kvm_make_vcpus_request_mask() API (Nitesh Narayan Lal) [1772082] - [virt] kvm: avoid unused variable warning for UP builds (Nitesh Narayan Lal) [1772082] - [kernel] smp, cpumask: Use non-atomic cpumask_{set, clear}_cpu() (Nitesh Narayan Lal) [1772082] - [fs] nfs: change sign of nfs_fh length ('J. Bruce Fields') [1813326] - [netdrv] ibmvnic: Do not process device remove during device reset (Steve Best) [1813903] - [x86] x86/debug: Extend the lower bound of crash kernel low reservations (Pingfan Liu) [1811511] - [net] tcp: make tcp_space() aware of socket backlog (Guillaume Nault) [1790840] - [net] ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup (Sabrina Dubroca) [1774447] {CVE-2020-1749} - [net] ipv6: add net argument to ip6_dst_lookup_flow (Sabrina Dubroca) [1774447] {CVE-2020-1749} - [net] ipv6: constify ip6_dst_lookup_{flow|tail}() sock arguments (Sabrina Dubroca) [1774447] {CVE-2020-1749} - [net] macvlan: return correct error value (Matteo Croce) [1654878] - [net] ieee802154: enforce CAP_NET_RAW for raw sockets (Andrea Claudi) [1779494] {CVE-2019-17053} - [net] ipv4: fix fnhe usage by non-cached routes (Hangbin Liu) [1788435] - [net] route: do not cache fib route info on local routes with oif (Hangbin Liu) [1788435] - [net] ip6_tunnel: fix potential NULL pointer dereference (Hangbin Liu) [1767045] - [net] net_sched: remove a bogus warning in hfsc (Davide Caratti) [1781323] - [netdrv] net/mlx5e: allow TSO on VXLAN over VLAN topologies (Davide Caratti) [1780646] [3.10.0-1130] - [scsi] scsi: avoid repetitive logging of device offline messages (Nilesh Javali) [1798042] - [scsi] qla2xxx: Fix I/Os being passed down when FC device is being deleted (Nilesh Javali) [1798042] - [scsi] scsi: qla2xxx: Fix unbound sleep in fcport delete path (Nilesh Javali) [1798042] - [scsi] scsi: qla2xxx: Fix hang in fcport delete path (Nilesh Javali) [1798042] - [scsi] scsi: qla2xxx: Fix stuck session in GNL (Nilesh Javali) [1798042] - [scsi] scsi: qla2xxx: Correct fcport flags handling (Nilesh Javali) [1798042] - [scsi] scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (Nilesh Javali) [1798042] - [scsi] iscsi: Avoid potential deadlock in iscsi_if_rx func (Oleksandr Natalenko) [1715986] - [netdrv] hv/netvsc: Fix NULL dereference at single queue mode fallback (Mohammed Gamal) [1806488] - [netdrv] hv/netvsc: fix handling of fallback to single queue mode (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix unwanted rx_table reset (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix tx_table init in rndis_set_subchannel() (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: fix typos in code comments (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe() (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix hash key value reset after other ops (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Refactor assignments of struct netvsc_device_info (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: split sub-channel setup into async and sync (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix send_table offset in case of a host bug (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Add NetVSP v6 and v6.1 into version negotiation (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix offset usage in netvsc_send_table() (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: simplify receive side calling arguments (Mohammed Gamal) [1806488] - [scsi] scsi: ibmvfc: Fix NULL return compiler warning (Steve Best) [1810643] - [scsi] scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (Steve Best) [1810643] - [s390] s390/vdso: add vdso support for coarse clocks (Philipp Rudo) [1791822] - [s390] s390/vdso: remove NULL pointer check from clock_gettime (Philipp Rudo) [1791822] - [s390] scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (Philipp Rudo) [1804807] [3.10.0-1129] - [tools] perf header: Use last modification time for timestamp (Michael Petlan) [1789947] - [tools] perf header: Fix up argument to ctime() (Michael Petlan) [1789947] - [hid] HID: multitouch: Add pointstick support for ALPS Touchpad (Benjamin Tissoires) [1672425] - [kernel] blktrace: fix dereference after null check (Ming Lei) [1798318] {CVE-2019-19768} - [kernel] blktrace: Protect q->blk_trace with RCU (Ming Lei) [1798318] {CVE-2019-19768} - [kernel] blktrace: fix trace mutex deadlock (Ming Lei) [1798318] {CVE-2019-19768} - [kernel] blktrace: fix unlocked registration of tracepoints (Ming Lei) [1798318] {CVE-2019-19768} - [kernel] blktrace: fix unlocked access to init/start-stop/teardown (Ming Lei) [1798318] {CVE-2019-19768} - [kernel] tracing: Handle NULL formats in hold_module_trace_bprintk_format() (Oleksandr Natalenko) [1811565] - [kernel] tracing: Fix trace_printk() to print when not using bprintk() (Oleksandr Natalenko) [1811565] - [sound] ALSA: timer: Fix incorrectly assigned timer instance (Jaroslav Kysela) [1798457] {CVE-2019-19807} - [x86] kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332) (Philippe Mathieu-Daud) [1783455] {CVE-2019-19332} - [x86] kvm: x86: do not reset microcode version on INIT or RESET (Paolo Bonzini) [1801852] - [x86] kvm: x86: list MSR_IA32_UCODE_REV as an emulated MSR (Paolo Bonzini) [1801852] - [x86] kvm: x86: Allow userspace to define the microcode version (Paolo Bonzini) [1801852] [3.10.0-1128] - [fs] ceph: only use d_name directly when parent is locked (Jeff Layton) [1699402] - [fs] ext4: work around deleting a file with i_nlink == 0 safely (Carlos Maiolino) [1801046] - [fs] xfs: attach dquots and reserve quota blocks during unwritten conversion (Carlos Maiolino) [1786005] - [fs] Revert 'xfs: attach dquots and reserve quota blocks during unwritten conversion' (Carlos Maiolino) [1786005] - [md] dm mpath: call clear_request_fn_mpio() in multipath_release_clone() (Mike Snitzer) [1806400] - [scsi] scsi: implement .cleanup_rq callback (Mike Snitzer) [1806400] - [md] blk-mq: add callback of .cleanup_rq (Mike Snitzer) [1806400] - [target] target: call init_timer_on_stack() to initialize login_timer (Maurizio Lombardi) [1810037] - [scsi] scsi: megaraid_sas: fixup MSIx interrupt setup during resume (Tomas Henzl) [1807077] - [tools] selftests/livepatch: Test interaction with ftrace_enabled (Yannick Cote) [1806653] - [tools] selftests/livepatch: Make dynamic debug setup and restore generic (Yannick Cote) [1806653] - [kernel] ftrace: Introduce PERMANENT ftrace_ops flag (Yannick Cote) [1806653] - [tools] selftests/livepatch: push and pop dynamic debug config (Yannick Cote) [1806653] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19524 CVE-2020-10942 CVE-2019-15217 CVE-2019-19046 CVE-2019-19062 CVE-2019-19534 CVE-2019-19537 CVE-2019-19807 CVE-2019-20095 CVE-2019-9454 CVE-2019-12614 CVE-2019-19059 CVE-2020-1749 CVE-2019-15917 CVE-2020-2732 CVE-2020-10751 CVE-2020-12826 CVE-2019-15807 CVE-2019-16994 CVE-2020-8647 CVE-2019-19058 CVE-2020-9383 CVE-2020-10742 CVE-2018-20836 CVE-2019-19530 CVE-2020-14305 CVE-2017-18551 CVE-2019-19447 CVE-2019-18808 CVE-2020-8649 CVE-2020-12770 CVE-2019-19063 CVE-2019-19767 CVE-2019-20054 CVE-2019-20636 CVE-2019-19055 CVE-2020-10690 CVE-2020-11565 CVE-2019-17053 CVE-2019-17055 CVE-2019-16233 CVE-2019-16231 CVE-2019-19523 CVE-2020-10732 CVE-2019-19332 CVE-2019-9458 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [0.6.12-6] - Rebuild with 7.9-z target Related: #1835951 [0.6.12-5] - Fix CVE-2020-12825 Resolves: #1835951 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-12825 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 7 nspr [4.25.0-2] - Rebuild to fix wrong dist tag [4.25.0-1] - Rebase to NSPR 4.25 nss [3.53.1-3] - Disable dh timing test because it's unreliable on s390 (from Bob Relyea) - Explicitly enable upgradedb/sharedb test cycles [3.53.1-2] - Disable TLS 1.3 by default [3.53.1-1] - Rebase to NSS 3.53.1 [3.44.0-8] - Increase timeout on ssl_gtest so that slow platforms can complete when running on a busy system. nss-softokn [3.53.1-6.0.1] - Add fips140-2 DSA Known Answer Test fix [Orabug: 26679337] - Add fips140-2 ECDSA/RSA/DSA Pairwise Consistency Test fix [Orabug: 26617814], [Orabug: 26617879], [Orabug: 26617849] [3.53.1-6] - turn of ALTIVEC instruction for powerpc because they require power8 and we need to support power7 on RHEL7 still. - Fix typo in measure. - Make sure only 2048 and greater primes are used in FIPS mode for dh. [3.53.1-5] - Fix the patch application in the previous change [3.53.1-4] - Fix glibc regression in the rebase; run RNG self-tests only if NSPR is linked [3.53.1-3] - include patches for CVE-2020-6829, CVE-2020-12400, and CVE-2020-12401 from upstream (ECC constant time issues). - include patches for CVE-2020-12403 from upstream (CHACHA issues). - include self-tests for kdfs and cmac. [3.53.1-2] - Install cmac.h required by blapi.h (#1764513) [3.53.1-1] - Rebase to NSS 3.53.1 nss-util [3.53.1-1] - Rebase to NSS 3.53.1 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-17006 CVE-2020-6829 CVE-2020-12402 CVE-2019-17023 CVE-2019-11727 CVE-2020-12401 CVE-2020-12403 CVE-2019-11719 CVE-2019-11756 CVE-2020-12400 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:linux:7::u8_security_validation cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 Oracle Linux 7 [1.5.3-175.el7_9.1] - Fixing release number for z-stream IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14364 CVE-2020-1983 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [78.3.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.3.0] - Update to 78.3.0 build1 [78.2.0-3] - Update to 78.2.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12422 CVE-2020-15673 CVE-2020-15676 CVE-2020-12425 CVE-2020-15648 CVE-2020-15654 CVE-2020-15678 CVE-2020-12424 CVE-2020-15656 CVE-2020-15653 CVE-2020-15677 CVE-2020-15658 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [7:3.5.20-17.4] - Resolves: #1872349 - CVE-2020-24606 squid: Improper Input Validation could result in a DoS - Resolves: #1872327 - CVE-2020-15810 squid: HTTP Request Smuggling could result in cache poisoning - Resolves: #1872342 - CVE-2020-15811 squid: HTTP Request Splitting could result in cache poisoning [7:3.5.20-17.2] - Resolves: #1802516 - CVE-2020-8449 squid: Improper input validation issues in HTTP Request processing - Resolves: #1802515 - CVE-2020-8450 squid: Buffer overflow in a Squid acting as reverse-proxy - Resolves: #1853129 - CVE-2020-15049 squid: request smuggling and poisoning attack against the HTTP cache - Resolves: #1802517 - CVE-2019-12528 squid: Information Disclosure issue in FTP Gateway [7:3.5.20-17] - Resolves: #1828361 - CVE-2020-11945 squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution - Resolves: #1828362 - CVE-2019-12519 squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow [rhel [7:3.5.20-16] - Resolves: #1738582 - CVE-2019-12525 squid: parsing of header Proxy-Authentication leads to memory corruption IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15049 CVE-2020-15810 CVE-2020-15811 CVE-2019-12528 CVE-2020-24606 CVE-2020-8450 CVE-2020-8449 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [78.3.1-1.0.1] - Update to 68.12.0 build1 [78.3.1-1] - Update to 78.3.1 build1 [78.3.0-3] - Update to 78.3.0 build1 - Remove librdp.so as long as we cannot ship it in RHEL [78.2.1-1] - Update to 78.2.1 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15677 CVE-2020-15673 CVE-2020-15676 CVE-2020-15678 cpe:/a:oracle:linux:8::appstream Oracle Linux 6 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15673 CVE-2020-15678 CVE-2020-15676 CVE-2020-15677 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [78.3.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.3.1-1] - Update to 78.3.1 build1 [78.3.0-3] - Update to 78.3.0 build1 - Remove librdp.so as long as we cannot ship it in RHEL [78.2.1-1] - Update to 78.2.1 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15673 CVE-2020-15678 CVE-2020-15677 CVE-2020-15676 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 6 [2.6.32-754.35.1.OL6] - Update genkey [bug 25599697] [2.6.32-754.35.1] - [ata] libata: fix NULL sdev dereference race in atapi_qc_complete() (Kenneth Yin) [1876296] [2.6.32-754.34.1] - [mm] mm: prevent get_user_pages() from overflowing page refcount (Aristeu Rozanski) [1705003] - [mm] mm/hugetlb.c: __get_user_pages ignores certain follow_hugetlb_page errors (Aristeu Rozanski) [1705003] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-11487 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [32:9.8.2-0.68.rc1.8] - Fix tsig-request verify (CVE-2020-8622) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8622 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 Oracle Linux 8 spice [0.14.2-1.1] - Fix multiple buffer overflows in QUIC decoding code Resolves: CVE-2020-14355 spice-gtk [0.37-1.2] - Fix multiple buffer overflows in QUIC decoding code Resolves: CVE-2020-14355 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14355 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 7 spice [0.14.0-9.0.2.el7_9.1] - Add ARM support [0.14.0-9.1] - Fix multiple buffer overflows in QUIC decoding code Resolves: CVE-2020-14355 spice-gtk [0.35-5.1] - Fix multiple buffer overflows in QUIC decoding code Resolves: CVE-2020-14355 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14355 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 nodejs [1:12.18.4-2] - Resolves: RHBZ#1883966 - nodejs-devel not installable due to missing brotli - Some spec fixes [12.18.4-1] - Rebase to 12.18.4 nodejs-nodemon nodejs-packaging MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8252 CVE-2020-15095 CVE-2020-8116 CVE-2020-8201 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 7 [3.10.0-1160.2.2.OL7] - Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3 [3.10.0-1160.2.2] - [net] bluetooth: l2cap: Fix calling sk_filter on non-socket based channel (Gopal Tiwari) [1888253] {CVE-2020-12351} - [net] bluetooth: a2mp: Fix not initializing all members (Gopal Tiwari) [1888797] {CVE-2020-12352} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12352 CVE-2020-12351 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [4.18.0-193.28.1_2.OL8] - Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7 [4.18.0-193.28.1_2] - [net] Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel (Gopal Tiwari) [1888256 1888258] {CVE-2020-12351} - [net] Bluetooth: A2MP: Fix not initializing all members (Gopal Tiwari) [1888906 1888807] {CVE-2020-12352} [4.18.0-193.27.1_2] - [powerpc] powerpc/pseries: Do not initiate shutdown when system is running on UPS (Diego Domingos) [1882243 1870477] - [video] vgacon: Fix for missing check in scrollback handling (Lyude Paul) [1859471 1859472] {CVE-2020-14331} [4.18.0-193.26.1_2] - [firmware] efi: don't reserve MOK config table memory region (Kairui Song) [1879988 1878584] - [security] integrity: Load certs from the EFI MOK config table (Lenny Szubowicz) [1877528 1868306] - [security] integrity: Move import of MokListRT certs to a separate routine (Lenny Szubowicz) [1877528 1868306] - [firmware] efi: Support for MOK variable config table (Lenny Szubowicz) [1877528 1868306] - [security] efi: Only print errors about failing to get certs if EFI vars are found (Lenny Szubowicz) [1877528 1804969] - [fs] ceph: fix inode number handling on arches with 32-bit ino_t (Jeff Layton) [1875787 1866018] - [fs] ceph: handle zero-length feature mask in session messages (Jeff Layton) [1875787 1866018] - [fs] ceph: fix endianness bug when handling MDS session feature bits (Jeff Layton) [1875787 1866018] - [netdrv] net/mlx5e: Fix missing cleanup of ethtool steering during rep rx cleanup (Alaa Hleihel) [1857777 1856660] [4.18.0-193.25.1_2] - [net] netfilter: conntrack: proc: rename stat column (Florian Westphal) [1882095 1875681] - [net] netfilter: conntrack: add clash resolution stat counter (Florian Westphal) [1882095 1875681] - [net] netfilter: conntrack: remove ignore stats (Florian Westphal) [1882095 1875681] - [net] netfilter: conntrack: do not increment two error counters at same time (Florian Westphal) [1882095 1875681] - [net] netfilter: conntrack: do not auto-delete clash entries on reply (Florian Westphal) [1882095 1875681] - [fs] xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [1881085 1875316] {CVE-2020-14385} - [kernel] time/tick-broadcast: Fix tick_broadcast_offline() lockdep complaint (Alexey Klimov) [1880081 1877380] - [net] atomics/treewide: Rename __atomic_add_unless() => atomic_fetch_add_unless() (Yauheni Kaliuta) [1880081 1813370] - [kernel] timers: Lower base clock forwarding threshold (Phil Auld) [1877417 1833096] [4.18.0-193.24.1_2] - [kernel] timers: Remove must_forward_clk (Phil Auld) [1877417 1833096] - [kernel] timers: Spare timer softirq until next expiry (Phil Auld) [1877417 1833096] - [kernel] timers: Expand clk forward logic beyond nohz (Phil Auld) [1877417 1833096] - [kernel] timers: Reuse next expiry cache after nohz exit (Phil Auld) [1877417 1833096] - [kernel] timers: Always keep track of next expiry (Phil Auld) [1877417 1833096] - [kernel] timers: Optimize _next_timer_interrupt() level iteration (Phil Auld) [1877417 1833096] - [kernel] timers: Add comments about calc_index() ceiling work (Phil Auld) [1877417 1833096] - [kernel] timers: Move trigger_dyntick_cpu() to enqueue_timer() (Phil Auld) [1877417 1833096] - [kernel] timers: Use only bucket expiry for base->next_expiry value (Phil Auld) [1877417 1833096] - [kernel] timers: Preserve higher bits of expiration on index calculation (Phil Auld) [1877417 1833096] - [kernel] timer: Fix wheel index calculation on last level (Phil Auld) [1877417 1833096] - [kernel] timer: Prevent base->clk from moving backward (Phil Auld) [1877417 1833096] - [kernel] timer: Read jiffies once when forwarding base clk (Phil Auld) [1877417 1833096] - [infiniband] RDMA/umem: Fix ib_umem_find_best_pgsz() (Kamal Heib) [1872424 1856158] - [net] net: accept an empty mask in /sys/class/net/*/queues/rx-*/rps_cpus (Nitesh Narayan Lal) [1870181 1868433] - [net] net: Restrict receive packets queuing to housekeeping CPUs (Nitesh Narayan Lal) [1867174 1844520] - [pci] PCI: Restrict probe functions to housekeeping CPUs (Nitesh Narayan Lal) [1867174 1844520] - [lib] lib: Restrict cpumask_local_spread to houskeeping CPUs (Nitesh Narayan Lal) [1867174 1844520] - [s390] s390/pci: Fix unexpected write combine on resource (Philipp Rudo) [1869276 1827311] [4.18.0-193.23.1_2] - [net] packet: fix overflow in tpacket_rcv (Hangbin Liu) [1876223 1876224] {CVE-2020-14386} - [net] packet: make tp_drops atomic (Hangbin Liu) [1876223 1876224] {CVE-2020-14386} [4.18.0-193.22.1_2] - [crypto] pefile: Support multiple signatures in verify_pefile_signature (Lenny Szubowicz) [1877530 1862072] - [crypto] Revert 'pefile: Tolerate other pefile signatures after first' (Bruno Meneguele) - [infiniband] IB/hfi1: Fix another case where pq is left on waitlist (Kamal Heib) [1872766 1859209] - [infiniband] IB/hfi1: Ensure pq is not left on waitlist (Kamal Heib) [1872766 1859209] [4.18.0-193.21.1_2] - [scsi] scsi: ibmvfc: Fix NULL return compiler warning (Steve Best) [1866371 1810653] - [scsi] scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (Steve Best) [1866371 1810653] [4.18.0-193.20.1_2] - [infiniband] IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE (Kamal Heib) [1872771 1850314] - [block] blk-mq: Rerun dispatching in the case of budget contention (Ming Lei) [1869779 1824037] - [block] blk-mq: Add blk_mq_delay_run_hw_queues() API call (Ming Lei) [1869779 1824037] - [block] blk-mq: In blk_mq_dispatch_rq_list() 'no budget' is a reason to kick (Ming Lei) [1869779 1824037] - [block] blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (Ming Lei) [1869779 1824037] - [md] dm mpath: use double checked locking in fast path (Mike Snitzer) [1869386 1848651] - [md] dm mpath: rename current_pgpath to pgpath in multipath_prepare_ioctl (Mike Snitzer) [1869386 1848651] - [md] dm mpath: rework __map_bio() (Mike Snitzer) [1869386 1848651] - [md] dm mpath: factor out multipath_queue_bio (Mike Snitzer) [1869386 1848651] - [md] dm mpath: push locking down to must_push_back_rq() (Mike Snitzer) [1869386 1848651] - [md] dm mpath: take m->lock spinlock when testing QUEUE_IF_NO_PATH (Mike Snitzer) [1869386 1848651] - [md] dm mpath: changes from initial m->flags locking audit (Mike Snitzer) [1869386 1848651] - [md] dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue() (Mike Snitzer) [1869386 1848651] - [md] dm: do not use waitqueue for request-based DM (Mike Snitzer) [1869386 1848651] - [block] blk-mq: consider non-idle request as 'inflight' in blk_mq_rq_inflight() (Mike Snitzer) [1869386 1848651] - [kernel] sched/deadline: Initialize ->dl_boosted (Phil Auld) [1867612 1854179] - [kernel] sched/core: Fix PI boosting between RT and DEADLINE tasks (Phil Auld) [1867612 1854179] - [net] net/smc: tolerate future SMCD versions (Philipp Rudo) [1866390 1854992] - [net] openvswitch: fixes potential deadlock in dp cleanup code (Eelco Chaudron) [1859216 1845662] - [net] openvswitch: reorder masks array based on usage (Eelco Chaudron) [1859216 1845662] - [net] openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len (Lorenzo Bianconi) [1860169 1851888] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14331 CVE-2020-14385 CVE-2020-12351 CVE-2020-14386 CVE-2020-12352 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:2:baseos_patch cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1:11.0.9.11-0] - Update to jdk-11.0.9+11 - Update release notes for 11.0.9 release. - Add backport of JDK-8254177 to update to tzdata 2020b - Require tzdata 2020b due to resource changes in JDK-8254177 - Delay tzdata 2020b dependency until tzdata update has shipped. - This tarball is embargoed until 2020-10-20 @ 1pm PT. - Resolves: rhbz#1876665 [1:11.0.9.10-0.0.ea] - Update to jdk-11.0.9+10 (EA) - With Shenandoah now upstream in OpenJDK 11, we can use jdk-updates/jdk11 directly - Following JDK-8005165, class data sharing can be enabled on all JIT architectures - Update tarball generation script to use PR3802, handling JDK-8233228 & JDK-8177334 - Remove JDK-8252258/RH1868406 now applied upstream. - Improve quoting of vendor name - Resolves: rhbz#1876665 [1:11.0.9.10-0.0.ea] - Set vendor property and vendor URLs - Made URLs to be preconfigured by OS - Moved vendor_version_string to a better place - Resolves: rhbz#1876665 [1:11.0.9.10-0.0.ea] - Update static-libs packaging to new layout - Resolves: rhbz#1876665 [1:11.0.9.1-0.1.ea] - Cleanup architecture and JVM feature handling in preparation for using upstreamed Shenandoah. - Resolves: rhbz#1876665 [1:11.0.9.1-0.0.ea] - Update to shenandoah-jdk-11.0.9+1 (EA) - Switch to EA mode for 11.0.9 pre-release builds. - JDK-8245832 increases the set of static libraries, so try and include them all with a wildcard. - Resolves: rhbz#1876665 [1:11.0.8.10-2] - Add JDK-8252258 to return default vendor to the original value of 'Oracle Corporation' - Include a test in the RPM to check the build has the correct vendor information. - Use 'oj_' prefix on new vendor globals to avoid a conflict with RPM's vendor value. - Resolves: rhbz#1873390 [1:11.0.8.10-1] - Added scriplet to handle dir->symlink change when updating el7->el8 - Symlink hunk moved behind the main copy logic, to be more user-friendly with multiple installs - Resolves: rhbz#1871709 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-14803 CVE-2020-14782 CVE-2020-14779 CVE-2020-14797 CVE-2020-14796 CVE-2020-14781 CVE-2020-14792 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [1:11.0.9.11-0.0.1] - link atomic for ix86 build [1:11.0.9.11-0] - Delay tzdata 2020b dependency until tzdata update has shipped. - Resolves: rhbz#1876665 [1:11.0.9.11-0] - Update to jdk-11.0.9+11 - Update release notes for 11.0.9 release. - Add backport of JDK-8254177 to update to tzdata 2020b - Require tzdata 2020b due to resource changes in JDK-8254177 - This tarball is embargoed until 2020-10-20 @ 1pm PT. - Resolves: rhbz#1876665 [1:11.0.9.10-0.1.ea] - Improve quoting of vendor name - Resolves: rhbz#1876665 [1:11.0.9.10-0.1.ea] - Set vendor property and vendor URLs - Made URLs to be preconfigured by OS - Moved vendor_version_string to a better place - Resolves: rhbz#1876665 [1:11.0.9.10-0.0.ea] - Update to jdk-11.0.9+10 (EA) - Resolves: rhbz#1876665 [1:11.0.9.9-0.0.ea] - Update to jdk-11.0.9+9 (EA) - Resolves: rhbz#1876665 [1:11.0.9.8-0.0.ea] - Update to jdk-11.0.9+8 (EA) - Remove JDK-8252258/RH1868406 now applied upstream. - Resolves: rhbz#1876665 [1:11.0.9.7-0.0.ea] - Update to jdk-11.0.9+7 (EA) - Resolves: rhbz#1876665 [1:11.0.9.6-0.1.ea] - Update static-libs packaging to new layout - Resolves: rhbz#1876665 [1:11.0.9.6-0.0.ea] - Update to jdk-11.0.9+6 (EA) - Update tarball generation script to use PR3802, handling JDK-8233228 & JDK-8177334 - Resolves: rhbz#1876665 [1:11.0.9.5-0.0.ea] - Update to jdk-11.0.9+5 (EA) - Resolves: rhbz#1876665 [1:11.0.9.4-0.0.ea] - Update to jdk-11.0.9+4 (EA) - Resolves: rhbz#1876665 [1:11.0.9.3-0.0.ea] - Update to jdk-11.0.9+3 (EA) - Resolves: rhbz#1876665 [1:11.0.9.2-0.1.ea] - Following JDK-8005165, class data sharing can be enabled on all JIT architectures - Resolves: rhbz#1876665 [1:11.0.9.2-0.0.ea] - Update to jdk-11.0.9+2 (EA) - With Shenandoah now upstream in OpenJDK 11, we can use jdk-updates/jdk11 directly - Resolves: rhbz#1876665 [1:11.0.9.1-0.0.ea] - JDK-8245832 increases the set of static libraries, so try and include them all with a wildcard. - Resolves: rhbz#1876665 [1:11.0.9.1-0.0.ea] - Cleanup architecture and JVM feature handling in preparation for using upstreamed Shenandoah. - Resolves: rhbz#1876665 [1:11.0.9.1-0.0.ea] - Update to shenandoah-jdk-11.0.9+1 (EA) - Switch to EA mode for 11.0.9 pre-release builds. - Drop JDK-8227269, JDK-8241750 & JDK-8245714 backports now applied upstream. - Resolves: rhbz#1876665 [1:11.0.8.10-2] - Add JDK-8252258 to return default vendor to the original value of 'Oracle Corporation' - Include a test in the RPM to check the build has the correct vendor information. - Use 'oj_' prefix on new vendor globals to avoid a conflict with RPM's vendor value. - Resolves: rhbz#1876665 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-14797 CVE-2020-14779 CVE-2020-14781 CVE-2020-14803 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [78.4.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.4.0-1] - Update to 78.4.0 build2 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15969 CVE-2020-15683 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [78.4.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.4.0-1] - Update to 78.4.0 build2 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15969 CVE-2020-15683 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1:1.8.0.272.b10-1] - Add backport of JDK-8215727: 'Restore JFR thread sampler loop to old / previous behaviour' - Resolves: rhbz#1876665 [1:1.8.0.272.b10-0] - Update to aarch64-shenandoah-jdk8u272-b10. - Switch to GA mode for final release. - Update release notes for 8u272 release. - Add backport of JDK-8254177 to update to tzdata 2020b - Require tzdata 2020b due to resource changes in JDK-8254177 - Delay tzdata 2020b dependency until tzdata update has shipped. - Adjust JDK-8062808/PR3548 following constantPool.hpp context change in JDK-8243302 - Adjust PR3593 following g1StringDedupTable.cpp context change in JDK-8240124 & JDK-8244955 - This tarball is embargoed until 2020-10-20 @ 1pm PT. - Resolves: rhbz#1876665 [1:1.8.0.272.b09-0.1.ea] - Include a test in the RPM to check the build has the correct vendor information. - Use 'oj_' prefix on new vendor globals to avoid a conflict with RPM's vendor value. - Improve quoting of vendor name - Resolves: rhbz#1876665 [1:1.8.0.272.b09-0.1.ea] - Set vendor property and vendor URLs - Made URLs to be preconfigured by OS - Resolves: rhbz#1876665 [1:1.8.0.272.b09-0.0.ea] - Update to aarch64-shenandoah-jdk8u272-b09 (EA). - Switch to EA mode. - Add debugging output for build. - JFR must now be explicitly disabled when unwanted (e.g. x86), following switch of upstream default. - Remove JDK-8154313 backport now applied upstream. - Change target from 'zip-docs' to 'docs-zip', which is the naming used upstream. - Update tarball generation script to use PR3795, following inclusion of JDK-8177334 - Add additional s390 size_t case in g1ConcurrentMarkObjArrayProcessor.cpp introduced by JDK-8057003 - Add additional s390 log2_intptr case in shenandoahUtils.cpp introduced by JDK-8245464 - Enable JFR on x86, now we have JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR - Update tarball generation script to use PR3799, following inclusion of JDK-8245468 (TLSv1.3) - Remove JDK-8165996/PR3506/RH1760437 as now applied upstream. - Resolves: rhbz#1876665 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-14803 CVE-2020-14782 CVE-2020-14796 CVE-2020-14781 CVE-2020-14792 CVE-2020-14779 CVE-2020-14797 cpe:/a:oracle:linux:8::appstream Oracle Linux 6 [1:1.8.0.272.b10-0] - Remove the 64-bit siphash test which fails to compile on x86-32 debug builds with gcc 4.4.7 in RHEL 6 - Resolves: rhbz#1876665 [1:1.8.0.272.b10-0] - Update to aarch64-shenandoah-jdk8u272-b10. - Switch to GA mode for final release. - Update release notes for 8u272 release. - Add backport of JDK-8254177 to update to tzdata 2020b - Require tzdata 2020b due to resource changes in JDK-8254177 - Adjust PR3593 following g1StringDedupTable.cpp context change in JDK-8240124 & JDK-8244955 - Include a test in the RPM to check the build has the correct vendor information. - Use 'oj_' prefix on new vendor globals to avoid a conflict with RPM's vendor value. - Improve quoting of vendor name - Add backport of JDK-8215727: 'Restore JFR thread sampler loop to old / previous behaviour' - This tarball is embargoed until 2020-10-20 @ 1pm PT. - Resolves: rhbz#1876665 [1:1.8.0.272.b10-0] - Set vendor property and vendor URLs - Made URLs to be preconfigured by OS - Resolves: rhbz#1876665 [1:1.8.0.272.b09-0.0.ea] - Update to aarch64-shenandoah-jdk8u272-b09 (EA). - Switch to EA mode. - Add debugging output for build. - JFR must now be explicitly disabled when unwanted (e.g. x86), following switch of upstream default. - Update tarball generation script to use PR3795, following inclusion of JDK-8177334 - Add additional s390 size_t case in g1ConcurrentMarkObjArrayProcessor.cpp introduced by JDK-8057003 - Add additional s390 log2_intptr case in shenandoahUtils.cpp introduced by JDK-8245464 - Enable JFR on x86, now we have JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR - Update tarball generation script to use PR3799, following inclusion of JDK-8245468 (TLSv1.3) - Resolves: rhbz#1876665 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-14779 CVE-2020-14796 CVE-2020-14782 CVE-2020-14792 CVE-2020-14797 CVE-2020-14803 CVE-2020-14781 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [1:1.8.0.272.b10-1] - Add backport of JDK-8215727: 'Restore JFR thread sampler loop to old / previous behaviour' - Resolves: rhbz#1876665 [1:1.8.0.272.b10-0] - Update to aarch64-shenandoah-jdk8u272-b10. - Switch to GA mode for final release. - Update release notes for 8u272 release. - Add backport of JDK-8254177 to update to tzdata 2020b - Require tzdata 2020b due to resource changes in JDK-8254177 - Delay tzdata 2020b dependency until tzdata update has shipped. - Adjust JDK-8062808/PR3548 following constantPool.hpp context change in JDK-8243302 - Adjust PR3593 following g1StringDedupTable.cpp context change in JDK-8240124 & JDK-8244955 - This tarball is embargoed until 2020-10-20 @ 1pm PT. - Resolves: rhbz#1876665 [1:1.8.0.272.b09-0.1.ea] - Include a test in the RPM to check the build has the correct vendor information. - Use 'oj_' prefix on new vendor globals to avoid a conflict with RPM's vendor value. - Improve quoting of vendor name - Resolves: rhbz#1876665 [1:1.8.0.272.b09-0.1.ea] - Set vendor property and vendor URLs - Made URLs to be preconfigured by OS - Resolves: rhbz#1876665 [1:1.8.0.272.b09-0.0.ea] - Update to aarch64-shenandoah-jdk8u272-b09 (EA). - Resolves: rhbz#1876665 [1:1.8.0.272.b08-0.0.ea] - Update to aarch64-shenandoah-jdk8u272-b08 (EA). - Resolves: rhbz#1876665 [1:1.8.0.272.b07-0.0.ea] - Update to aarch64-shenandoah-jdk8u272-b07. - Resolves: rhbz#1876665 [1:1.8.0.272.b06-0.0.ea] - Update to aarch64-shenandoah-jdk8u272-b06. - Update tarball generation script to use PR3799, following inclusion of JDK-8245468 (TLSv1.3) - Resolves: rhbz#1876665 [1:1.8.0.272.b05-0.2.ea] - Enable JFR on x86, now we have JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR - Resolves: rhbz#1876665 [1:1.8.0.272.b05-0.1.ea] - Update to aarch64-shenandoah-jdk8u272-b05-shenandoah-merge-2020-08-28. - Add additional s390 log2_intptr case in shenandoahUtils.cpp introduced by JDK-8245464 - Resolves: rhbz#1876665 [1:1.8.0.272.b05-0.0.ea] - Update to aarch64-shenandoah-jdk8u272-b05. - Fix context in JDK-8186464/RH1433262 patch, following JDK-8078334 @randomness tag addition. - Add additional s390 size_t case in g1ConcurrentMarkObjArrayProcessor.cpp introduced by JDK-8057003 - Resolves: rhbz#1876665 [1:1.8.0.272.b04-0.0.ea] - Update to aarch64-shenandoah-jdk8u272-b04. - Update tarball generation script to use PR3795, following inclusion of JDK-8177334 - Resolves: rhbz#1876665 [1:1.8.0.272.b03-0.0.ea] - Update to aarch64-shenandoah-jdk8u272-b03. - Resolves: rhbz#1876665 [1:1.8.0.272.b02-0.0.ea] - Update to aarch64-shenandoah-jdk8u272-b02. - Remove JDK-8154313 backport now applied upstream. - Change target from 'zip-docs' to 'docs-zip', which is the naming used upstream. - Resolves: rhbz#1876665 [1:1.8.0.272.b01-0.1.ea] - Update to aarch64-shenandoah-jdk8u272-b01. - Switch to EA mode. - Add debugging output for build. - JFR must now be explicitly disabled when unwanted (e.g. x86), following switch of upstream default. - Remove ZipConstants change from JDK-8186464 backport, now provided upstream by JDK-8075774 - Resolves: rhbz#1876665 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-14797 CVE-2020-14803 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [4.18.0-240.OL8] - Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7 [4.18.0-240] - [include] block: allow for_each_bvec to support zero len bvec (Ming Lei) [1872032] - [nvme] nvme-pci: disable the write zeros command for Intel 600P/P3100 (David Milburn) [1875391] [4.18.0-239] - [init] init/Kconfig: disable io_uring (Jeff Moyer) [1879754] - [block] blk-mq: always allow reserved allocation in hctx_may_queue (Ming Lei) [1740874] - [nvme] nvme-rdma: Avoid double freeing of async event data (Gopal Tiwari) [1878140] - [kernel] printk: queue wake_up_klogd irq_work only if per-CPU areas are ready (Igor Mammedov) [1867022] [4.18.0-238] - [firmware] efi: dont reserve MOK config table memory region (Kairui Song) [1878584] - [fs] xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [1875316] {CVE-2020-14385} - [powerpc] powerpc/pseries: Do not initiate shutdown when system is running on UPS (Diego Domingos) [1870477] [4.18.0-237] - [fs] nfsd: avoid a NULL dereference in __cld_pipe_upcall() (Scott Mayhew) [1847225] - [net] packet: fix overflow in tpacket_rcv (Hangbin Liu) [1876224] {CVE-2020-14386} - [net] packet: make tp_drops atomic (Hangbin Liu) [1876224] {CVE-2020-14386} - [net] espintcp: restore IP CB before handing the packet to xfrm (Sabrina Dubroca) [1868201] - [fs] Revert NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (Benjamin Coddington) [1865978] - [fs] Revert NFSv4.x recover from pre-mature loss of openstateid (Benjamin Coddington) [1865978] - [infiniband] RDMA/mlx4: Read pkey table length instead of hardcoded value (Alaa Hleihel) [1853564] - [net] net/smc: set rx_off for SMCR explicitly (Philipp Rudo) [1875833] - [drm] drm/i915: Auto detect DPCD backlight support by default (Lyude Paul) [1872381] - [drm] drm/i915: Fix DPCD register order in intel_dp_aux_enable_backlight() (Lyude Paul) [1872381] - [drm] drm/i915: Assume 100 brightness when not in DPCD control mode (Lyude Paul) [1872381] - [drm] drm/i915: Fix eDP DPCD aux max backlight calculations (Lyude Paul) [1872381] - [kernel] tracing: Define MCOUNT_INSN_SIZE when not defined without direct calls (Jiri Olsa) [1857599] - [kernel] ftrace: Fix function_graph tracer interaction with BPF trampoline (Jiri Olsa) [1857599] - [x86] x86/function_graph: Simplify with function_graph_enter() (Jiri Olsa) [1857599] - [kernel] function_graph: Create function_graph_enter() to consolidate architecture code (Jiri Olsa) [1857599] [4.18.0-236] - [crypto] pefile: Support multiple signatures in verify_pefile_signature (Lenny Szubowicz) [1862072] - [security] integrity: Load certs from the EFI MOK config table (Lenny Szubowicz) [1868306] - [security] integrity: Move import of MokListRT certs to a separate routine (Lenny Szubowicz) [1868306] - [firmware] efi: Support for MOK variable config table (Lenny Szubowicz) [1868306] - [kernel] Move to dual-signing to split signing keys up better (Frantisek Hrbata) [1837434] {CVE-2020-10713} - [powerpc] pseries/hotplug-cpu: wait indefinitely for vCPU death (Michael Roth) [1856588] - [powerpc] kvm: ppc: book3s hv: Rework secure mem slot dropping (Michael Roth) [1851259] - [powerpc] kvm: ppc: book3s hv: Move kvmppc_svm_page_out up (Michael Roth) [1851259] - [powerpc] kvm: ppc: book3s hv: Migrate hot plugged memory (Michael Roth) [1851259] - [powerpc] kvm: ppc: book3s hv: In H_SVM_INIT_DONE, migrate remaining normal-GFNs to secure-GFNs (Michael Roth) [1851259] - [powerpc] kvm: ppc: book3s hv: Track the state GFNs associated with secure VMs (Michael Roth) [1851259] - [powerpc] kvm: ppc: book3s hv: Disable page merging in H_SVM_INIT_START (Michael Roth) [1851259] - [powerpc] kvm: ppc: book3s hv: Fix function definition in book3s_hv_uvmem.c (Michael Roth) [1851259] - [kernel] mmap locking api: initial implementation as rwsem wrappers (Michael Roth) [1851259] - [mm] handle multiple owners of device private pages in migrate_vma (Michael Roth) [1851259] - [mm] migrate.c: clean up useless code in migrate_vma_collect_pmd() (Michael Roth) [1851259] - [mm] remove the unused MIGRATE_PFN_DEVICE flag (Michael Roth) [1851259] - [powerpc] rhel: powerpc: kvm: Increase HDEC threshold to enter guest (David Gibson) [1733467] - [netdrv] r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (Michal Schmidt) [1851966] - [fs] ceph: fix inode number handling on arches with 32-bit ino_t (Jeff Layton) [1869679] - [fs] ceph: dont allow setlease on cephfs (Jeff Layton) [1872382] - [block] blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART (Ming Lei) [1859628] [4.18.0-235] - [s390] scsi: zfcp: Move allocation of the shost object to after xconf- and xport-data (Claudio Imbrenda) [1872799] - [s390] scsi: zfcp: Fence early sysfs interfaces for accesses of shost objects (Claudio Imbrenda) [1872799] - [s390] scsi: zfcp: Fence adapter status propagation for common statuses (Claudio Imbrenda) [1872799] - [s390] scsi: zfcp: Move p-t-p port allocation to after xport data (Claudio Imbrenda) [1872799] - [s390] scsi: zfcp: Fence fc_host updates during link-down handling (Claudio Imbrenda) [1872799] - [s390] scsi: zfcp: Move fc_host updates during xport data handling into fenced function (Claudio Imbrenda) [1872799] - [s390] scsi: zfcp: Move shost updates during xconfig data handling into fenced function (Claudio Imbrenda) [1872799] - [s390] scsi: zfcp: Move shost modification after QDIO (re-)open into fenced function (Claudio Imbrenda) [1872799] - [s390] scsi: zfcp: fix fc_host attributes that should be unknown on local link down (Claudio Imbrenda) [1872799] - [s390] scsi: zfcp: wire previously driver-specific sysfs attributes also to fc_host (Claudio Imbrenda) [1872799] - [s390] scsi: zfcp: expose fabric name as common fc_host sysfs attribute (Claudio Imbrenda) [1872799] - [s390] scsi: zfcp: add diagnostics buffer for exchange config data (Claudio Imbrenda) [1872799] - [s390] scsi: zfcp: diagnostics buffer caching and use for exchange port data (Claudio Imbrenda) [1872799] - [s390] scsi: zfcp: signal incomplete or error for sync exchange config/port data (Claudio Imbrenda) [1872799] - [s390] scsi: zfcp: Fix use-after-free in request timeout handlers (Claudio Imbrenda) [1872796] - [tools] selftests/powerpc: Update the stack expansion test (Gustavo Duarte) [1869755] - [mm] powerpc: Allow 4224 bytes of stack expansion for the signal frame (Gustavo Duarte) [1869755] - [tools] selftests/powerpc: Add test of stack expansion logic (Gustavo Duarte) [1869755] - [mm] mm: check that mm is still valid in madvise() (Jeff Moyer) [1874560] - [block] block: virtio_blk: fix handling single range discard request (Ming Lei) [1842035] - [block] block: respect queue limit of max discard segment (Ming Lei) [1842035] - [fs] io_uring: Fix NULL pointer dereference in loop_rw_iter() (Jeff Moyer) [1854649] - [fs] io_uring: return locked and pinned page accounting (Jeff Moyer) [1854649] - [fs] io_uring: always allow drain/link/hardlink/async sqe flags (Jeff Moyer) [1854649] - [fs] io_uring: ensure double poll additions work with both request types (Jeff Moyer) [1854649] - [fs] io_uring: fix recvmsg memory leak with buffer selection (Jeff Moyer) [1854649] - [fs] io_uring: fix missing msg_name assignment (Jeff Moyer) [1854649] - [fs] io_uring: fix memleak in io_sqe_files_register() (Jeff Moyer) [1854649] - [fs] io_uring: account user memory freed when exit has been queued (Jeff Moyer) [1854649] - [fs] io_uring: fix memleak in __io_sqe_files_update() (Jeff Moyer) [1854649] - [fs] io_uring: fix regression with always ignoring signals in io_cqring_wait() (Jeff Moyer) [1854649] - [fs] io_uring: use signal based task_work running (Jeff Moyer) [1854649] - [kernel] task_work: teach task_work_add() to do signal_wake_up() (Jeff Moyer) [1854649] - [fs] io_uring: fix missing ->mm on exit (Jeff Moyer) [1854649] - [fs] io_uring: fix potential use after free on fallback request free (Jeff Moyer) [1854649] - [fs] io_uring: fix req->work corruption (Jeff Moyer) [1854649] - [fs] io_uring: fix NULL-mm for linked reqs (Jeff Moyer) [1854649] - [fs] io_uring: fix current->mm NULL dereference on exit (Jeff Moyer) [1854649] - [fs] io_uring: fix hanging iopoll in case of -EAGAIN (Jeff Moyer) [1854649] - [fs] io_uring: fix io_sq_thread no schedule when busy (Jeff Moyer) [1854649] - [fs] io_uring: fix possible race condition against REQ_F_NEED_CLEANUP (Jeff Moyer) [1854649] - [fs] io_uring: reap poll completions while waiting for refs to drop on exit (Jeff Moyer) [1854649] - [fs] io_uring: acquire mm for task_work for SQPOLL (Jeff Moyer) [1854649] - [fs] io_uring: add memory barrier to synchronize io_kiocbs result and iopoll_completed (Jeff Moyer) [1854649] - [fs] io_uring: dont fail links for EAGAIN error in IOPOLL mode (Jeff Moyer) [1854649] - [fs] io_uring: fix io_kiocb.flags modification race in IOPOLL mode (Jeff Moyer) [1854649] - [fs] io_uring: allow O_NONBLOCK async retry (Jeff Moyer) [1854649] - [fs] io_uring: use kvfree() in io_sqe_buffer_register() (Jeff Moyer) [1854649] - [fs] io_uring: validate the full range of provided buffers for access (Jeff Moyer) [1854649] - [fs] io_uring: re-set iov base/len for buffer select retry (Jeff Moyer) [1854649] - [fs] io_uring: fix {SQ, IO}POLL with unsupported opcodes (Jeff Moyer) [1854649] - [fs] io_uring: disallow close of ring itself (Jeff Moyer) [1854649] - [fs] io_uring: fix overflowed reqs cancellation (Jeff Moyer) [1854649] - [fs] io_uring: fix flush req->refs underflow (Jeff Moyer) [1854649] - [fs] io_uring: async task poll trigger cleanup (Jeff Moyer) [1854649] - [fs] io_uring: allow POLL_ADD with double poll_wait() users (Jeff Moyer) [1854649] - [fs] io_uring: remove fd is io_uring from close path (Jeff Moyer) [1854649] - [nvme] nvme: allow retry for requests with REQ_FAILFAST_TRANSPORT set (Mike Snitzer) [1843515] - [nvme] nvme: decouple basic ANA log page re-read support from native multipathing (Mike Snitzer) [1843515] - [nvme] nvme: update failover handling to work with REQ_FAILFAST_TRANSPORT (Mike Snitzer) [1843515] - [nvme] nvme: Return BLK_STS_TARGET if the DNR bit is set (Mike Snitzer) [1843515] - [nvme] nvme: redirect commands on dying queue (Mike Snitzer) [1843515] - [nvme] nvme: just check the status code type in nvme_is_path_error (Mike Snitzer) [1843515] - [nvme] nvme: refactor command completion (Mike Snitzer) [1843515] - [nvme] nvme-multipath: do not reset on unknown status (Mike Snitzer) [1843515] - [nvme] Revert nvme: allow ANA support to be independent of native multipathing (Mike Snitzer) [1843515] - [nvme] Revert nvme-multipath: do not reset on unknown status (Mike Snitzer) [1843515] - [mm] mm, THP, swap: fix allocating cluster for swapfile by mistake (Gao Xiang) [1855474] - [net] sched: act_ct: Fix skb double-free in tcf_ct_handle_fragments() error flow (Marcelo Leitner) [1866391] - [net] netfilter: conntrack: allow sctp hearbeat after connection re-use (Florian Westphal) [1865798] - [video] vgacon: Fix for missing check in scrollback handling (Lyude Paul) [1859472] {CVE-2020-14331} - [scsi] Revert scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (Nilesh Javali) [1866744] - [scsi] Revert scsi: qla2xxx: Fix crash on qla2x00_mailbox_command (Nilesh Javali) [1866744] - [scsi] scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (Nilesh Javali) [1866744] - [scsi] scsi: qla2xxx: Check if FW supports MQ before enabling (Nilesh Javali) [1866744] - [scsi] scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (Nilesh Javali) [1866744] - [scsi] scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (Nilesh Javali) [1866744] - [scsi] scsi: qla2xxx: Reduce noisy debug message (Nilesh Javali) [1866744] - [scsi] scsi: qla2xxx: Fix login timeout (Nilesh Javali) [1866744] - [scsi] scsi: qla2xxx: Flush I/O on zone disable (Nilesh Javali) [1866744] - [scsi] scsi: qla2xxx: Flush all sessions on zone disable (Nilesh Javali) [1866744] - [tools] bpf: selftests: global_funcs: Check err_str before strstr (Yauheni Kaliuta) [1873163] - [netdrv] net/mlx5e: E-Switch, Specify flow_source for rule with no in_port (Alaa Hleihel) [1869602] - [netdrv] net/mlx5e: E-Switch, Add misc bit when misc fields changed for mirroring (Alaa Hleihel) [1869602] - [tools] selftests/bpf: test for map update access from within EXT programs (=?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?=) [1871071] - [tools] selftests/bpf: test for checking return code for the extended prog (=?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?=) [1871071] - [tools] selftests/bpf: Add test for freplace program with write access (=?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?=) [1871071] - [net] bpf: verifier: use target programs type for access verifications (=?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?=) [1871071] - [scsi] scsi: lpfc: Fix NVMe rport deregister and registration during ADISC (Dick Kennedy) [1871223] - [scsi] scsi: lpfc: Fix LUN loss after cable pull (Dick Kennedy) [1871223] - [infiniband] RDMA/bnxt_re: Do not add user qps to flushlist (Selvin Xavier) [1858674] - [fs] NFSv4.0 allow nconnect for v4.0 (Benjamin Coddington) [1842746] - [mm] mm/vunmap: add cond_resched() in vunmap_pmd_range (Rafael Aquini) [1871710] - [s390] s390/bpf: Maintain 8-byte stack alignment (Jiri Olsa) [1871040] [4.18.0-234] - [netdrv] vrf: Fix IPv6 with qdisc and xfrm (Sabrina Dubroca) [1868565] - [netdrv] vrf: make sure skb->data contains ip header to make routing (Sabrina Dubroca) [1868565] - [netdrv] vrf: Check skb for XFRM_TRANSFORMED flag (Sabrina Dubroca) [1868565] - [net] Do not clear the sock TX queue in sk_set_socket() (Andrea Claudi) [1850421] - [net] Use RCU_INIT_POINTER() to set sk_wq (Andrea Claudi) [1850421] - [net] netfilter: ip6tables: Add a .pre_exit hook in all ip6table_foo.c. (Florian Westphal) [1862384] - [net] netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c. (Florian Westphal) [1862384] - [net] netfilter: ipset: Fix an error code in ip_set_sockfn_get() (Florian Westphal) [1862384] - [net] netfilter: nft_set_rbtree: Dont account for expired elements on insertion (Florian Westphal) [1862384] - [net] netfilter: nft_set_rbtree: Drop spurious condition for overlap detection on insertion (Florian Westphal) [1862384] - [net] netfilter: nft_set_rbtree: Detect partial overlaps on insertion (Florian Westphal) [1862384] - [net] netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start() (Florian Westphal) [1862384] - [net] netfilter: nf_tables: fix nat hook table deletion (Florian Westphal) [1862384] - [net] netfilter: ipset: call ip_set_free() instead of kfree() (Florian Westphal) [1862384] - [net] netfilter: ip6tables: Split ip6t_unregister_table() into pre_exit and exit helpers. (Florian Westphal) [1862384] - [net] netfilter: iptables: Split ipt_unregister_table() into pre_exit and exit helpers. (Florian Westphal) [1862384] - [net] netfilter: nft_set_pipapo: Disable preemption before getting per-CPU pointer (Florian Westphal) [1862384] - [net] netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported (Florian Westphal) [1862384] - [net] netfilter: conntrack: comparison of unsigned in cthelper confirmation (Florian Westphal) [1862384] - [net] netfilter: conntrack: refetch conntrack after nf_conntrack_update() (Florian Westphal) [1862384] - [net] netfilter: conntrack: Pass value of ctinfo to __nf_conntrack_update (Florian Westphal) [1862384] - [net] netfilter: conntrack: make conntrack userspace helpers work again (Florian Westphal) [1862384] - [net] netfilter: nfnetlink_cthelper: unbreak userspace helper support (Florian Westphal) [1862384] - [net] netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build (Florian Westphal) [1862384] - [net] netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code (Florian Westphal) [1862384] - [net] netfilter: nft_set_bitmap: initialize set element extension in lookups (Florian Westphal) [1862384] - [net] netfilter: nft_fwd_netdev: validate family and chain type (Florian Westphal) [1862384] - [net] netfilter: nft_payload: add missing attribute validation for payload csum flags (Florian Westphal) [1862384] - [net] netfilter: cthelper: add missing attribute validation for cthelper (Florian Westphal) [1862384] - [net] netfilter: ipset: Fix forceadd evaluation path (Florian Westphal) [1862384] - [net] netfilter: bridge: make sure to pull arp header in br_nf_forward_arp() (Florian Westphal) [1862384] - [net] netfilter: nft_set_rbtree: bogus lookup/get on consecutive elements in named sets (Florian Westphal) [1862384] - [net] netfilter: ctnetlink: netns exit must wait for callbacks (Florian Westphal) [1862384] - [arm64] kvm: arm64: Dont inherit exec permission across page-table levels (Andrew Jones) [1869297] - [arm64] kvm: arm64: Flush the instruction cache if not unmapping the VM on reboot (Andrew Jones) [1869297] - [s390] s390, dcssblk: kaddr and pfn can be NULL to ->direct_access() (Claudio Imbrenda) [1868927] - [fs] chardev: Avoid potential use-after-free in chrdev_open() (Vladis Dronov) [1866324] {CVE-2020-0305} - [net] net: accept an empty mask in /sys/class/net/*/queues/rx-*/rps_cpus (Nitesh Narayan Lal) [1868433] - [x86] Revert x86/intel: Disable HPET on Intel Ice Lake platforms (David Arcari) [1868405] - [kernel] sched: Fix race against ptrace_freeze_trace() (Oleg Nesterov) [1862560] - [kernel] sched: Fix loadavg accounting race (Oleg Nesterov) [1862560] - [kernel] kernel/sched/: remove caller signal_pending branch predictions (Oleg Nesterov) [1862560] - [kernel] locking/spinlock, sched/core: Clarify requirements for smp_mb__after_spinlock() (Oleg Nesterov) [1862560] - [nvme] nvme: multipath: round-robin: eliminate fallback variable (Gopal Tiwari) [1868443] - [nvme] nvme: multipath: round-robin: fix single non-optimized path case (Gopal Tiwari) [1868443] - [nvme] nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (Gopal Tiwari) [1868443] - [nvme] nvme-multipath: fix logic for non-optimized paths (Gopal Tiwari) [1868443] - [tools] selftests/bpf: Fix segmentation fault in test_progs (Yauheni Kaliuta) [1868494] - [pci] hv: Fix a timing issue which causes kdump to fail occasionally (Mohammed Gamal) [1861960] - [hv] hv: vmbus: Only notify Hyper-V for die events that are oops (Vitaly Kuznetsov) [1868131] - [x86] kvm: nsvm: Correctly set the shadow NPT root level in its MMU role (Vitaly Kuznetsov) [1845507] - [x86] kvm: x86: drop superfluous mmu_check_root() from fast_pgd_switch() (Vitaly Kuznetsov) [1845507] - [x86] kvm: nsvm: use nested_svm_load_cr3() on guest->host switch (Vitaly Kuznetsov) [1845507] - [x86] kvm: nsvm: implement nested_svm_load_cr3() and use it for host->guest switch (Vitaly Kuznetsov) [1845507] - [x86] kvm: nsvm: move kvm_set_cr3() after nested_svm_uninit_mmu_context() (Vitaly Kuznetsov) [1845507] - [x86] kvm: nsvm: introduce nested_svm_load_cr3()/nested_npt_enabled() (Vitaly Kuznetsov) [1845507] - [x86] kvm: nsvm: prepare to handle errors from enter_svm_guest_mode() (Vitaly Kuznetsov) [1845507] - [x86] kvm: nsvm: reset nested_run_pending upon nested_svm_vmrun_msrpm() failure (Vitaly Kuznetsov) [1845507] - [x86] kvm: mmu: stop dereferencing vcpu->arch.mmu to get the context for MMU init (Vitaly Kuznetsov) [1845507] - [x86] kvm: nsvm: split kvm_init_shadow_npt_mmu() from kvm_init_shadow_mmu() (Vitaly Kuznetsov) [1845507] - [security] selinux: compute genfs symlink context in case of CephFS (Ondrej Mosnacek) [1865800] - [fs] ceph: set sec_context xattr on symlink creation (Ondrej Mosnacek) [1861509] - [tools] selftests: bpf: define SO_RCVTIMEO and SO_SNDTIMEO properly for ppc64le (Jiri Benc) [1860386] - [tools] bpf: Sync RHEL version of asm-generic/socket.h to tools/ (Jiri Benc) [1860386] - [tools] selftests: bpf: skip tests not working on RHEL (Jiri Benc) [1866908] - [tools] Revert selftests: bpf: disable test_lwt_seg6local (Jiri Benc) [1866908] - [tools] Revert bpf: selftests: remove test_bpftool_build.sh from TEST_PROGS (Jiri Benc) [1866908] - [tools] selftests: add option to skip specific tests in RHEL (Jiri Benc) [1866908] - [tools] selftests: bpf: switch off timeout (Jiri Benc) [1866908] - [tools] selftest/firmware: Add selftest timeout in settings (Jiri Benc) [1866908] - [tools] selftests/harness: Limit step counter reporting (Jiri Benc) [1866908] - [tools] selftests/harness: Clean up kern-doc for fixtures (Jiri Benc) [1866908] - [tools] selftests: fix condition in run_tests (Jiri Benc) [1866908] - [tools] selftests: do not use .ONESHELL (Jiri Benc) [1866908] - [tools] selftests/harness: Report skip reason (Jiri Benc) [1866908] - [tools] selftests/harness: Display signed values correctly (Jiri Benc) [1866908] - [tools] selftests/harness: Refactor XFAIL into SKIP (Jiri Benc) [1866908] - [tools] selftests/harness: Switch to TAP output (Jiri Benc) [1866908] - [tools] selftests: Add header documentation and helpers (Jiri Benc) [1866908] - [tools] kselftest: fix TAP output for skipped tests (Jiri Benc) [1866908] - [tools] kselftest: ksft_test_num return type should be unsigned (Jiri Benc) [1866908] - [tools] selftests: introduce gen_tar Makefile target (Jiri Benc) [1866908] - [tools] kselftest: add fixture variants (Jiri Benc) [1866908] - [tools] kselftest: run tests by fixture (Jiri Benc) [1866908] - [tools] kselftest: create fixture objects (Jiri Benc) [1866908] - [tools] kselftest: factor out list manipulation to a helper (Jiri Benc) [1866908] - [tools] selftests: add build/cross-build dependency check script (Jiri Benc) [1866908] - [tools] kselftest/runner: allow to properly deliver signals to tests (Jiri Benc) [1866908] - [tools] selftests/harness: fix spelling mistake SIGARLM -> SIGALRM (Jiri Benc) [1866908] - [tools] selftests: enforce local header dependency in lib.mk (Jiri Benc) [1866908] - [tools] selftests/harness: Handle timeouts cleanly (Jiri Benc) [1866908] - [tools] selftests/harness: Move test child waiting logic (Jiri Benc) [1866908] - [tools] selftests: Fix kselftest O=objdir build from cluttering top level objdir (Jiri Benc) [1866908] - [tools] selftests: allow detection of build failures (Jiri Benc) [1866908] - [tools] selftests: fix build behaviour on targets failures (Jiri Benc) [1866908] - [tools] kselftest: Support old perl versions (Jiri Benc) [1866908] - [tools] kselftest/runner: Print new line in print of timeout log (Jiri Benc) [1866908] - [tools] selftests: Fix dangling documentation references to kselftest_module.sh (Jiri Benc) [1866908] - [tools] kselftest: Fix NULL INSTALL_PATH for TARGETS runlist (Jiri Benc) [1866908] - [tools] selftests: Move kselftest_module.sh into kselftest/ (Jiri Benc) [1866908] - [tools] selftests: gen_kselftest_tar.sh: Do not clobber kselftest/ (Jiri Benc) [1866908] - [tools] selftests/kselftest/runner.sh: Add 45 second timeout per test (Jiri Benc) [1866908] - [tools] kselftest: exclude failed TARGETS from runlist (Jiri Benc) [1866908] - [tools] kselftest: add capability to skip chosen TARGETS (Jiri Benc) [1866908] - [tools] selftests: Add kselftest-all and kselftest-install targets (Jiri Benc) [1866908] - [tools] selftests: use instead of make (Jiri Benc) [1866908] - [tools] kselftest: save-and-restore errno to allow for m formatting (Jiri Benc) [1866908] - [tools] treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 481 (Jiri Benc) [1866908] - [tools] selftests/harness: Allow test to configure timeout (Jiri Benc) [1866908] - [tools] selftests: avoid KBUILD_OUTPUT dir cluttering with selftest objects (Jiri Benc) [1866908] - [tools] selftests: fix bpf build/test workflow regression when KBUILD_OUTPUT is set (Jiri Benc) [1866908] - [tools] selftests: fix install target to use default install path (Jiri Benc) [1866908] - [tools] selftests: build and run gpio when output directory is the src dir (Jiri Benc) [1866908] - [documentation] doc: kselftest: Fix KBUILD_OUTPUT usage instructions (Jiri Benc) [1866908] - [tools] selftests: fix headers_install circular dependency (Jiri Benc) [1866908] - [tools] selftests/harness: Add 30 second timeout per test (Jiri Benc) [1866908] - [tools] kselftest: Add test module framework header (Jiri Benc) [1866908] - [tools] kselftest: Add test runner creation script (Jiri Benc) [1866908] - [tools] selftests/harness: Update named initializer syntax (Jiri Benc) [1866908] - [tools] selftest: include stdio.h in kselftest.h (Jiri Benc) [1866908] - [tools] selftests: do not macro-expand failed assertion expressions (Jiri Benc) [1866908] - [documentation] Documentation/dev-tools: clean up kselftest.rst (Jiri Benc) [1866908] - [documentation] doc: dev-tools: kselftest.rst: update config file location (Jiri Benc) [1866908] - [documentation] doc: dev-tools: kselftest.rst: update contributing new tests (Jiri Benc) [1866908] [4.18.0-233] - [fs] nfs: ensure correct writeback errors are returned on close() (Scott Mayhew) [1849424] - [netdrv] net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (Dean Nelson) [1824858] - [crypto] crypto: ecc - SP800-56A rev 3 local public key validation (Herbert Xu) [1855817] - [crypto] crypto: dh - SP800-56A rev 3 local public key validation (Herbert Xu) [1855817] - [crypto] crypto: dh - check validity of Z before export (Herbert Xu) [1855817] - [lib] lib/mpi: Add mpi_sub_ui() (Herbert Xu) [1855817] - [crypto] crypto: ecdh - check validity of Z before export (Herbert Xu) [1855817] - [netdrv] net: thunderx: initialize VFs mailbox mutex before first usage (Dean Nelson) [1866827] - [kernel] timers: Lower base clock forwarding threshold (Phil Auld) [1833096] - [kernel] timers: Remove must_forward_clk (Phil Auld) [1833096] - [kernel] timers: Spare timer softirq until next expiry (Phil Auld) [1833096] - [kernel] timers: Expand clk forward logic beyond nohz (Phil Auld) [1833096] - [kernel] timers: Reuse next expiry cache after nohz exit (Phil Auld) [1833096] - [kernel] timers: Always keep track of next expiry (Phil Auld) [1833096] - [kernel] timers: Optimize _next_timer_interrupt() level iteration (Phil Auld) [1833096] - [kernel] timers: Add comments about calc_index() ceiling work (Phil Auld) [1833096] - [kernel] timers: Move trigger_dyntick_cpu() to enqueue_timer() (Phil Auld) [1833096] - [kernel] timers: Use only bucket expiry for base->next_expiry value (Phil Auld) [1833096] - [kernel] timers: Preserve higher bits of expiration on index calculation (Phil Auld) [1833096] - [kernel] timer: Fix wheel index calculation on last level (Phil Auld) [1833096] - [kernel] timer: Prevent base->clk from moving backward (Phil Auld) [1833096] - [kernel] timer: Read jiffies once when forwarding base clk (Phil Auld) [1833096] - [powerpc] powerpc/64: Update Speculation_Store_Bypass in /proc/<pid>/status (Gustavo Duarte) [1773868] - [scsi] scsi: virtio-scsi: Correctly handle the case where all LUNs are unplugged (Maxim Levitsky) [1756093] - [kvm] kvm: x86: replace kvm_spec_ctrl_test_value with runtime test on the host (Maxim Levitsky) [1853447] - [kvm] x86/kvm: Move context tracking where it belongs (Nitesh Narayan Lal) [1854011] - [scsi] scsi: megaraid_sas: Clear affinity hint (Tomas Henzl) [1828351] - [netdrv] revert vxlan: fix tos value before xmit (Andrea Claudi) [1862166] - [net] udp: Copy has_conns in reuseport_grow(). (Marcelo Leitner) [1867160] - [net] dev: Defer free of skbs in flush_backlog (Marcelo Leitner) [1867160] - [include] net: core: reduce recursion limit value (Marcelo Leitner) [1867160] - [netdrv] pppoe: only process PADT targeted at local interfaces (Andrea Claudi) [1866850] - [net] espintcp: count packets dropped in espintcp_rcv (Sabrina Dubroca) [1866393] - [net] espintcp: handle short messages instead of breaking the encap socket (Sabrina Dubroca) [1866393] - [net] espintcp: recv() should return 0 when the peer socket is closed (Sabrina Dubroca) [1866393] - [net] espintcp: support non-blocking sends (Sabrina Dubroca) [1866393] - [net] mptcp: be careful on subflow creation (Davide Caratti) [1862200] - [net] mptcp: fix bogus sendmsg() return code under pressure (Davide Caratti) [1862200] - [net] mptcp: fix joined subflows with unblocking sk (Davide Caratti) [1862200] - [net] subflow: explicitly check for plain tcp rsk (Davide Caratti) [1862200] - [net] mptcp: silence warning in subflow_data_ready() (Davide Caratti) [1862200] - [net] mptcp: fix race in subflow_data_ready() (Davide Caratti) [1862200] - [net] mptcp: fix memory leak in mptcp_subflow_create_socket() (Davide Caratti) [1862200] - [net] mptcp: dont leak msk in token container (Davide Caratti) [1862200] - [net] ipv4: Silence suspicious RCU usage warning (Guillaume Nault) [1866430] - [net] devinet: fix memleak in inetdev_init() (Guillaume Nault) [1866430] - [net] ipip: fix wrong address family in init error path (Guillaume Nault) [1866430] - [net] inet_csk: Fix so_reuseport bind-address cache in tb->fast* (Guillaume Nault) [1866430] - [net] ipmr: Add lockdep expression to ipmr_for_each_table macro (Guillaume Nault) [1866430] - [net] ipmr: Fix RCU list debugging warning (Guillaume Nault) [1866430] - [net] tcp: make sure listeners dont initialize congestion-control state (Paolo Abeni) [1865904] - [net] sched: The error lable position is corrected in ct_init_module (Davide Caratti) [1865890] - [net] sched: cls_api: fix nooffloaddevcnt warning dmesg log (Davide Caratti) [1865890] - [net] tls: fix race condition causing kernel panic (Sabrina Dubroca) [1861756] - [net] tls: free record only on encryption error (Sabrina Dubroca) [1861756] - [net] tls: fix encryption error checking (Sabrina Dubroca) [1861756] - [net] l2tp: add sk_family checks to l2tp_validate_socket (Guillaume Nault) [1861453] - [net] l2tp: do not use inet_hash()/inet_unhash() (Guillaume Nault) [1861453] - [net] tipc: allow to build NACK message in link timeout function (Xin Long) [1860877] - [net] tipc: fix retransmission on unicast links (Xin Long) [1860877] - [net] tipc: fix NULL pointer dereference in tipc_disc_rcv() (Xin Long) [1860877] - [net] tipc: remove set but not used variable prev (Xin Long) [1860877] - [net] tipc: call tsk_set_importance from tipc_topsrv_create_listener (Xin Long) [1860877] - [net] tipc: add support for broadcast rcv stats dumping (Xin Long) [1860877] - [net] tipc: enable broadcast retrans via unicast (Xin Long) [1860877] - [net] tipc: add back link trace events (Xin Long) [1860877] - [net] tipc: introduce Gap ACK blocks for broadcast link (Xin Long) [1860877] - [net] tipc: block BH before using dst_cache (Xin Long) [1860877] - [net] tipc: fix partial topology connection closure (Xin Long) [1860877] - [net] xfrm: policy: match with both mark and mask on user interfaces (Xin Long) [1854116] - [scsi] scsi: dh: Add Fujitsu device to devinfo and dh lists (Ewan Milne) [1861418] - [x86] kvm: Set KVM_SOFT_MAX_VCPUS to 1024 (Eduardo Habkost) [1856996] - [md] dm integrity: fix integrity recalculation that is improperly skipped (Mike Snitzer) [1860160] - [netdrv] ibmvnic: Fix IRQ mapping disposal in error path (Steve Best) [1867498] - [infiniband] IB/hfi1: Do not destroy link_wq when the device is shut down (Kamal Heib) [1858392] - [infiniband] IB/hfi1: Do not destroy hfi1_wq when the device is shut down (Kamal Heib) [1858392] - [netdrv] Revert net/broadcom: Clean broadcom code from driver versions (Jonathan Toppins) [1867146] - [net] devmap: Use bpf_map_area_alloc() for allocating hash buckets (Jiri Benc) [1842380] - [kernel] kexec_file: Correctly output debugging information for the PT_LOAD ELF header (Lianbo Jiang) [1861186] - [kernel] kexec: Improve & fix crash_exclude_mem_range() to handle overlapping ranges (Lianbo Jiang) [1861186] - [x86] x86/crash: Correct the address boundary of function parameters (Lianbo Jiang) [1861186] - [fs] ceph: handle zero-length feature mask in session messages (Jeff Layton) [1866018] - [s390] s390/bpf: Tolerate not converging code shrinking (Yauheni Kaliuta) [1857120] - [s390] s390/bpf: Use brcl for jumping to exit_ip if necessary (Yauheni Kaliuta) [1857120] - [s390] s390/bpf: Fix sign extension in branch_ku (Yauheni Kaliuta) [1857120] - [tools] selftests: bpf: test_kmod.sh: Fix running out of srctree (Yauheni Kaliuta) [1857120] - [lib] bpf: revert test_bpf: Flag tests that cannot be jited on s390 (Yauheni Kaliuta) [1857120] - [kernel] uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned (Oleg Nesterov) [1848596] [4.18.0-232] - [fs] nfs: nfs_file_write() should check for writeback errors (Scott Mayhew) [1852788] - [s390] s390/cpum_cf, perf: change DFLT_CCERROR counter name (Philipp Rudo) [1865794] - [net] net/smc: unique reason code for exceeded max dmb count (Philipp Rudo) [1865792] - [s390] s390/ism: indicate correct error reason in ism_alloc_dmb() (Philipp Rudo) [1865792] - [net] net/smc: fix dmb buffer shortage (Philipp Rudo) [1865792] - [net] net/smc: put slot when connection is killed (Philipp Rudo) [1865792] - [net] net/smc: fix restoring of fallback changes (Philipp Rudo) [1865792] - [net] net/smc: remove freed buffer from list (Philipp Rudo) [1865792] - [net] net/smc: do not call dma sync for unmapped memory (Philipp Rudo) [1865792] - [net] net/smc: fix handling of delete link requests (Philipp Rudo) [1865792] - [net] net/smc: move add link processing for new device into llc layer (Philipp Rudo) [1865792] - [net] net/smc: drop out-of-flow llc response messages (Philipp Rudo) [1865792] - [net] net/smc: protect smc ib device initialization (Philipp Rudo) [1865792] - [net] net/smc: fix link lookup for new rdma connections (Philipp Rudo) [1865792] - [net] net/smc: clear link during SMC client link down processing (Philipp Rudo) [1865792] - [net] net/smc: handle unexpected response types for confirm link (Philipp Rudo) [1865792] - [net] net/smc: switch smcd_dev_list spinlock to mutex (Philipp Rudo) [1865792] - [net] net/smc: fix sleep bug in smc_pnet_find_roce_resource() (Philipp Rudo) [1865792] - [net] net/smc: fix work request handling (Philipp Rudo) [1865792] - [net] net/smc: separate LLC wait queues for flow and messages (Philipp Rudo) [1865792] - [net] net/smc: pre-fetch send buffer outside of send_lock (Philipp Rudo) [1865792] - [nvme] nvme-fc: set max_segments to lldd max value (Ewan Milne) [1853181] - [powerpc] ppc64/kexec_file: enable early kernels OPAL calls (Diego Domingos) [1829715] - [powerpc] ppc64/kexec_file: fix kexec load failure with lack of memory hole (Diego Domingos) [1829715] - [powerpc] ppc64/kexec_file: add appropriate regions for memory reserve map (Diego Domingos) [1829715] - [powerpc] ppc64/kexec_file: prepare elfcore header for crashing kernel (Diego Domingos) [1829715] - [powerpc] ppc64/kexec_file: setup backup region for kdump kernel (Diego Domingos) [1829715] - [powerpc] ppc64/kexec_file: restrict memory usage of kdump kernel (Diego Domingos) [1829715] - [mm] powerpc/drmem: make lmb walk a bit more flexible (Diego Domingos) [1829715] - [powerpc] ppc64/kexec_file: avoid stomping memory used by special regions (Diego Domingos) [1829715] - [powerpc] powerpc/kexec_file: add helper functions for getting memory ranges (Diego Domingos) [1829715] - [powerpc] powerpc/kexec_file: mark PPC64 specific code (Diego Domingos) [1829715] - [kernel] kexec_file: allow archs to handle special regions while locating memory hole (Diego Domingos) [1829715] - [netdrv] net/mlx5e: CT: Support restore ipv6 tunnel (Alaa Hleihel) [1862975] - [netdrv] ionic: unlock queue mutex in error path (Jonathan Toppins) [1854270] - [netdrv] ionic: use mutex to protect queue operations (Jonathan Toppins) [1854270] - [net] xfrm: esp6: fix the location of the transport header with encapsulation (Sabrina Dubroca) [1857653] - [net] ipv4: fill fl4_icmp_{type, code} in ping_v4_sendmsg (Sabrina Dubroca) [1861324] - [netdrv] geneve: fix an uninitialized value in geneve_changelink() (Sabrina Dubroca) [1860945] - [net] ip_tunnel: fix use-after-free in ip_tunnel_lookup() (Sabrina Dubroca) [1860945] - [netdrv] vxlan: Avoid infinite loop when suppressing NS messages with invalid options (Sabrina Dubroca) [1860945] - [tools] selftests: mptcp: capture pcap on both sides (Hangbin Liu) [1859880] - [tools] selftests/net: report etf errors correctly (Hangbin Liu) [1859880] - [tools] selftests: net: ip_defrag: ignore EPERM (Hangbin Liu) [1859880] - [tools] selftests: forwarding: pedit_dsfield: Check counter value (Hangbin Liu) [1859880] - [tools] selftests: net: tcp_mmap: fix SO_RCVLOWAT setting (Hangbin Liu) [1859880] - [tools] selftests: net: tcp_mmap: clear whole tcp_zerocopy_receive struct (Hangbin Liu) [1859880] - [tools] selftests: A few improvements to fib_nexthops.sh (Hangbin Liu) [1859880] - [tools] selftests: Add tests for vrf and xfrms (Hangbin Liu) [1859880] - [tools] selftests: pmtu: implement IPIP, SIT and ip6tnl PMTU discovery tests (Hangbin Liu) [1859880] - [tools] selftests/net/forwarding: define libs as TEST_PROGS_EXTENDED (Hangbin Liu) [1859880] - [tools] selftests/net/forwarding: add Makefile to install tests (Hangbin Liu) [1859880] - [tools] selftests: nft_concat_range: Move option for list ruleset before command (Hangbin Liu) [1859880] - [tools] selftests: netfilter: use randomized netns names (Hangbin Liu) [1859880] - [tools] kselftests: netfilter: fix leftover net/net-next merge conflict (Hangbin Liu) [1859880] - [tools] selftests: netfilter: missing error check when setting up veth interface (Hangbin Liu) [1859880] - [net] sctp: Dont advertise IPv4 addresses if ipv6only is set on the socket (Xin Long) [1860673] - [net] sctp: check assoc before SCTP_ADDR_{MADE_PRIM, ADDED} event (Xin Long) [1860673] - [net] sctp: fix typo sctp_ulpevent_nofity_peer_addr_change (Xin Long) [1860673] - [net] sctp: Fix spelling in Kconfig help (Xin Long) [1860673] - [net] sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed (Xin Long) [1860673] - [net] sctp: Dont add the shutdown timer if its already been added (Xin Long) [1860673] - [net] sctp: Fix SHUTDOWN CTSN Ack in the peer restart case (Xin Long) [1860673] - [net] sctp: Fix bundling of SHUTDOWN with COOKIE-ACK (Xin Long) [1860673] - [net] ip6_vti: use IS_REACHABLE to avoid some compile errors (Xin Long) [1840976 1835075] - [net] xfrm: interface: use IS_REACHABLE to avoid some compile errors (Xin Long) [1840976 1835075] - [net] xfrm: interface: not xfrmi_ipv6/ipip_handler twice (Xin Long) [1840976 1835075] - [net] ip6_vti: not register vti_ipv6_handler twice (Xin Long) [1840976 1835075] - [net] ip_vti: not register vti_ipip_handler twice (Xin Long) [1840976 1835075] - [net] xfrm: interface: support IPIP and IPIP6 tunnels processing with .cb_handler (Xin Long) [1840976 1835075] - [net] xfrm: interface: support IP6IP6 and IP6IP tunnels processing with .cb_handler (Xin Long) [1840976 1835075] - [net] ipcomp: assign if_id to child tunnel from parent tunnel (Xin Long) [1840976 1835075] - [net] ip6_vti: support IP6IP tunnel processing (Xin Long) [1840976 1835075] - [net] ip6_vti: support IP6IP6 tunnel processing with .cb_handler (Xin Long) [1840976 1835075] - [net] ip_vti: support IPIP6 tunnel processing (Xin Long) [1840976 1835075] - [net] ip_vti: support IPIP tunnel processing with .cb_handler (Xin Long) [1840976 1835075] - [net] tunnel6: add tunnel6_input_afinfo for ipip and ipv6 tunnels (Xin Long) [1840976 1835075] - [net] tunnel4: add cb_handler to struct xfrm_tunnel (Xin Long) [1840976 1835075] - [net] xfrm: add is_ipip to struct xfrm_input_afinfo (Xin Long) [1840976 1835075] - [net] tunnel6: support for IPPROTO_MPLS (Xin Long) [1840976 1835075] - [net] virtio_vsock: Enhance connection semantics (Stefano Garzarella) [1861735] - [net] virtio_vsock: Fix race condition in virtio_transport_recv_pkt (Stefano Garzarella) [1858135] - [net] vsock/virtio: annotate the_virtio_vsock RCU pointer (Stefano Garzarella) [1861762] - [vhost] vsock/virtio: fix multiple packet delivery to monitoring devices (Stefano Garzarella) [1861762] - [vhost] vsock: fix packet delivery order to monitoring devices (Stefano Garzarella) [1861762] - [vhost] vsock: accept only packets with the right dst_cid (Stefano Garzarella) [1861762] - [vhost] vsock: refuse CID assigned to the guest->host transport (Stefano Garzarella) [1861762] - [vhost] vsock: switch to a mutex for vhost_vsock_hash (Stefano Garzarella) [1861762] - [net] vsock: fix timeout in vsock_accept() (Stefano Garzarella) [1861762] - [net] vsock: Simplify __vsock_release() (Stefano Garzarella) [1861762] - [netdrv] net/mlx5e: Fix kernel crash when setting vf VLANID on a VF dev (Alaa Hleihel) [1859477] - [netdrv] net/mlx5e: Modify uplink state on interface up/down (Alaa Hleihel) [1861720 1859477] - [netdrv] net/mlx5e: Fix missing cleanup of ethtool steering during rep rx cleanup (Alaa Hleihel) [1859477 1856660] - [netdrv] ixgbe: Add ethtool support to enable 2.5 and 5.0 Gbps support (Ken Cox) [1835962] - [x86] x86/purgatory: Add -fno-stack-protector (Lianbo Jiang) [1857528] - [x86] x86/purgatory: Fail the build if purgatory.ro has missing symbols (Lianbo Jiang) [1857528] - [x86] x86/purgatory: Do not use __builtin_memcpy and __builtin_memset (Lianbo Jiang) [1857528] - [x86] x86/boot: Provide KASAN compatible aliases for string routines (Lianbo Jiang) [1857528] - [x86] x86/purgatory: Disable various profiling and sanitizing options (Lianbo Jiang) [1857528] - [x86] x86/boot: Restrict header scope to make Clang happy (Lianbo Jiang) [1857528] [4.18.0-231] - [x86] x86/entry/64: Update comments and sanity tests for create_gap (Jiri Olsa) [1850831] - [x86] x86/alternatives: add missing insn.h include (Jiri Olsa) [1850831] - [x86] x86/alternatives: Teach text_poke_bp() to emulate instructions (Jiri Olsa) [1850831] - [x86] x86/paravirt: Standardize insn_buff variable names (Jiri Olsa) [1850831] - [x86] x86_64: Allow breakpoints to emulate call instructions (Jiri Olsa) [1850831] - [x86] x86_64: Add gap to int3 to allow for call emulation (Jiri Olsa) [1850831] - [x86] x86/alternatives: Sync bp_patching update for avoiding NULL pointer exception (Jiri Olsa) [1850831] - [nvme] nvme: add a Identify Namespace Identification Descriptor list quirk (Gopal Tiwari) [1862136] - [nvme] nvme: fix identify error status silent ignore (Gopal Tiwari) [1862136] - [nvme] nvme: fix possible hang when ns scanning fails during error recovery (Gopal Tiwari) [1862136] - [nvme] nvme: refactor nvme_identify_ns_descs error handling (Gopal Tiwari) [1862136] - [infiniband] IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE (Kamal Heib) [1850314] - [powerpc] powerpc/pseries: PCIE PHB reset (Steve Best) [1747345] - [drm] drm/nouveau/kms: Handle -EINPROGRESS in nouveau_display_acpi_ntfy() (Lyude Paul) [1827812] - [drm] drm/nouveau/kms: Fix runtime PM leak in nouveau_display_acpi_ntfy() (Lyude Paul) [1827812] - [drm] drm/nouveau/kms: Invert conditionals in nouveau_display_acpi_ntfy() (Lyude Paul) [1827812] - [drm] drm/nouveau/kms: Use pm_runtime_put_autosuspend() in hpd_work (Lyude Paul) [1827812] - [drm] drm/nouveau/kms/fbcon: Use pm_runtime_put_autosuspend() in suspend work (Lyude Paul) [1827812] - [drm] drm/nouveau/kms/fbcon: Fix pm_runtime calls in nouveau_fbcon_output_poll_changed() (Lyude Paul) [1827812] - [drm] drm/nouveau/kms/fbcon: Correct pm_runtime calls in nouveau_fbcon_release() (Lyude Paul) [1827812] - [drm] drm/nouveau/kms: Fix rpm leak in nouveau_connector_hotplug() (Lyude Paul) [1827812] - [drm] drm/nouveau/kms: Handle -EINPROGRESS in nouveau_connector_hotplug() (Lyude Paul) [1827812] - [drm] drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (Lyude Paul) [1827812] - [drm] drm/nouveau/kms/tu102: wait for core update to complete when assigning windows (Lyude Paul) [1827812] - [drm] drm/nouveau/disp/gm200-: fix regression from HDA SOR selection changes (Lyude Paul) [1827812] - [drm] drm/amd/powerplay: fix a crash when overclocking Vega M (Lyude Paul) [1827812] - [drm] drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (Lyude Paul) [1827812] - [drm] drm/amdgpu: fix preemption unit test (Lyude Paul) [1827812] - [drm] drm/amdgpu/gfx10: fix race condition for kiq (Lyude Paul) [1827812] - [drm] drm/amd/display: add dmcub check on RENOIR (Lyude Paul) [1827812] - [drm] drm/amd/display: Check DMCU Exists Before Loading (Lyude Paul) [1827812] - [drm] drm/nouveau/nouveau: fix page fault on device private memory (Lyude Paul) [1827812] - [drm] drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout (Lyude Paul) [1827812] - [drm] drm/i915/perf: Use GTT when saving/restoring engine GPR (Lyude Paul) [1827812] - [drm] drm/i915/gvt: Fix two CFL MMIO handling caused by regression (Lyude Paul) [1827812] - [drm] drm/i915/gt: Only swap to a random sibling once upon creation (Lyude Paul) [1827812] - [drm] drm/i915/gt: Ignore irq enabling on the virtual engines (Lyude Paul) [1827812] - [drm] drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2 (Lyude Paul) [1827812] - [drm] drm/amdgpu/display: create fake mst encoders ahead of time (v4) (Lyude Paul) [1827812] - [drm] drm/amd/display: handle failed allocation during stream construction (Lyude Paul) [1827812] - [drm] drm/amdgpu/sdma5: fix wptr overwritten in ->get_wptr() (Lyude Paul) [1827812] - [drm] drm/amdgpu/powerplay: Modify SMC message name for setting power profile mode (Lyude Paul) [1827812] - [drm] drm/i915: Also drop vm.ref along error paths for vma construction (Lyude Paul) [1827812] - [drm] drm/i915: Drop vm.ref for duplicate vma on construction (Lyude Paul) [1827812] - [drm] drm/amdgpu: asd function needs to be unloaded in suspend phase (Lyude Paul) [1827812] - [drm] drm/amdgpu: add TMR destory function for psp (Lyude Paul) [1827812] - [drm] drm/amdgpu: dont do soft recovery if gpu_recovery=0 (Lyude Paul) [1827812] - [drm] drm/i915: Skip stale object handle for debugfs per-file-stats (Lyude Paul) [1827812] - [drm] drm/i915/gt: Pin the rings before marking active (Lyude Paul) [1827812] - [drm] drm/radeon: fix double free (Lyude Paul) [1827812] - [drm] drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 (Lyude Paul) [1827812] - [drm] drm: panel-orientation-quirks: Add quirk for Asus T101HA panel (Lyude Paul) [1827812] - [iommu] iommu/vt-d: Dont apply gfx quirks to untrusted devices (Lyude Paul) [1827812] - [drm] drm/tegra: hub: Do not enable orphaned window group (Lyude Paul) [1827812] - [drm] drm/ttm: Fix dma_fence refcnt leak when adding move fence (Lyude Paul) [1827812] - [drm] drm/ttm: Fix dma_fence refcnt leak in ttm_bo_vm_fault_reserved (Lyude Paul) [1827812] - [drm] drm/amdgpu/atomfirmware: fix vram_info fetching for renoir (Lyude Paul) [1827812] - [drm] drm/amdgpu: use u rather than d for sclk/mclk (Lyude Paul) [1827812] - [drm] drm/amd/display: Only revalidate bandwidth on medium and fast updates (Lyude Paul) [1827812] - [drm] drm/i915/gt: Mark timeline->cacheline as destroyed after rcu grace period (Lyude Paul) [1827812] - [drm] drm/amd/display: Fix ineffective setting of max bpc property (Lyude Paul) [1827812] - [drm] drm/amd/display: Fix incorrectly pruned modes with deep color (Lyude Paul) [1827812] - [drm] drm/amdgpu: add fw release for sdma v5_0 (Lyude Paul) [1827812] - [drm] drm/radeon: fix fb_div check in ni_init_smc_spll_table() (Lyude Paul) [1827812] - [drm] drm/amd: fix potential memleak in err branch (Lyude Paul) [1827812] - [drm] drm/amd/display: Enable output_bpc property on all outputs (Lyude Paul) [1827812] - [drm] drm/amd/display: Use kfree() to free rgb_user in calculate_user_regamma_ramp() (Lyude Paul) [1827812] - [drm] Revert drm/amd/display: disable dcn20 abm feature for bring up (Lyude Paul) [1827812] - [drm] drm/i915/gt: Move gen4 GT workarounds from init_clock_gating to workarounds (Lyude Paul) [1827812] - [drm] drm/i915/gt: Move vlv GT workarounds from init_clock_gating to workarounds (Lyude Paul) [1827812] - [drm] drm/i915/gt: Move ilk GT workarounds from init_clock_gating to workarounds (Lyude Paul) [1827812] - [drm] drm/i915/gt: Move snb GT workarounds from init_clock_gating to workarounds (Lyude Paul) [1827812] - [drm] drm/i915/gt: Move ivb GT workarounds from init_clock_gating to workarounds (Lyude Paul) [1827812] - [drm] drm/i915/gt: Move hsw GT workarounds from init_clock_gating to workarounds (Lyude Paul) [1827812] - [drm] drm/i915/gt: Incrementally check for rewinding (Lyude Paul) [1827812] - [drm] drm/i915/tc: fix the reset of ln0 (Lyude Paul) [1827812] - [drm] drm/i915/icl+: Fix hotplug interrupt disabling after storm detection (Lyude Paul) [1827812] - [drm] drm/amd/display: Use kvfree() to free coeff in build_regamma() (Lyude Paul) [1827812] - [drm] drm/amdkfd: Use correct major in devcgroup check (Lyude Paul) [1827812] - [drm] drm/connector: notify userspace on hotplug after register complete (Lyude Paul) [1827812] - [drm] drm/i915: Whitelist context-local timestamp in the gen9 cmdparser (Lyude Paul) [1827812] - [drm] drm/i915/gem: Avoid iterating an empty list (Lyude Paul) [1827812] - [drm] drm/i915: Fix AUX power domain toggling across TypeC mode resets (Lyude Paul) [1827812] - [drm] drm/dp_mst: Increase ACT retry timeout to 3s (Lyude Paul) [1827812] - [drm] drm/ast: Dont check new mode if CRTC is being disabled (Lyude Paul) [1827812] - [drm] drm/amdgpu: Replace invalid device ID with a valid device ID (Lyude Paul) [1827812] - [drm] drm/amdgpu/display: use blanked rather than plane state for sync groups (Lyude Paul) [1827812] - [drm] drm/qxl: Use correct notify port address when creating cursor ring (Lyude Paul) [1827812] - [drm] drm/dp_mst: Reformat drm_dp_check_act_status() a bit (Lyude Paul) [1827812] - [drm] drm/ast: fix missing break in switch statement for format->cppcase 4 (Lyude Paul) [1827812] - [drm] drm/amd/display: Revalidate bandwidth before commiting DC updates (Lyude Paul) [1827812] - [drm] drm/nouveau: gr/gk20a: Use firmware version 0 (Lyude Paul) [1827812] - [drm] drm/amdgpu: Sync with VM root BO when switching VM to CPU update mode (Lyude Paul) [1827812] - [drm] drm/amd/powerpay: Disable gfxoff when setting manual mode on picasso and raven (Lyude Paul) [1827812] - [drm] drm/amd/display: Do not disable pipe split if mode is not supported (Lyude Paul) [1827812] - [drm] drm/amd/display: dmcu wait loop calculation is incorrect in RV (Lyude Paul) [1827812] - [drm] drm/amd/display: Correct updating logic of dcn21s pipe VM flags (Lyude Paul) [1827812] - [drm] drm/ast: Allocate initial CRTC state of the correct size (Lyude Paul) [1827812] - [drm] drm/hisilicon: Enforce 128-byte stride alignment to fix the hardware limitation (Lyude Paul) [1827812] - [drm] drm/dp: Lenovo X13 Yoga OLED panel brightness fix (Lyude Paul) [1827812] - [drm] drm/i915/dpcd_bl: Unbreak enable_dpcd_backlight modparam (Lyude Paul) [1827812] - [drm] drm/i915: Force DPCD backlight mode for some Dell CML 2020 panels (Lyude Paul) [1827812] - [drm] drm/i915: Force DPCD backlight mode on X1 Extreme 2nd Gen 4K AMOLED panel (Lyude Paul) [1827812] - [drm] drm/dp: Introduce EDID-based quirks (Lyude Paul) [1827812] - [drm] drm/amdgpu: Init data to avoid oops while reading pp_num_states (Lyude Paul) [1827812] - [drm] drm/amd/display: fix virtual signal dsc setup (Lyude Paul) [1827812] - [drm] drm/amd/display: Force watermark value propagation (Lyude Paul) [1827812] - [drm] drm: bridge: adv7511: Extend list of audio sample rates (Lyude Paul) [1827812] - [drm] drm/amdgpu: fix and cleanup amdgpu_gem_object_close v4 (Lyude Paul) [1827812] - [drm] drm/vkms: Hold gem object while still in-use (Lyude Paul) [1827812] - [drm] drm/amd/display: Not doing optimize bandwidth if flip pending (Lyude Paul) [1827812] - [drm] drm/amd/display: remove invalid dc_is_hw_initialized function (Lyude Paul) [1827812] - [drm] drm/amd/display: DP training to set properly SCRAMBLING_DISABLE (Lyude Paul) [1827812] - [drm] drm/edid: Add Oculus Rift S to non-desktop list (Lyude Paul) [1827812] - [drm] drm/amd/display: Fix potential integer wraparound resulting in a hang (Lyude Paul) [1827812] - [drm] drm/amd/display: Added locking for atomic update stream and update planes (Lyude Paul) [1827812] - [drm] drm/amd/display: Indicate dsc updates explicitly (Lyude Paul) [1827812] - [drm] drm/amd/display: Split program front end part that occur outside lock (Lyude Paul) [1827812] - [drm] drm/amd/display: drop cursor position check in atomic test (Lyude Paul) [1827812] - [drm] drm/amd/amdgpu: Update update_config() logic (Lyude Paul) [1827812] - [drm] drm/amdgpu: Use GEM obj reference for KFD BOs (Lyude Paul) [1827812] - [drm] drm/amd/powerplay: perform PG ungate prior to CG ungate (Lyude Paul) [1827812] - [drm] drm/amdgpu: drop unnecessary cancel_delayed_work_sync on PG ungate (Lyude Paul) [1827812] - [drm] drm/i915: Propagate error from completed fences (Lyude Paul) [1827812] - [drm] drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of inheritance (Lyude Paul) [1827812] - [drm] drm/amd/display: Prevent dpcd reads with passive dongles (Lyude Paul) [1827812] - [drm] drm/amd/display: fix counter in wait_for_no_pipes_pending (Lyude Paul) [1827812] - [gpu] vgaarb: Keep adding VGA device in queue (Lyude Paul) [1827812] MODERATE Copyright 2020 Oracle, Inc. CVE-2019-19767 CVE-2019-19319 CVE-2020-10774 CVE-2020-8649 CVE-2019-16231 CVE-2019-19524 CVE-2019-9458 CVE-2019-19068 CVE-2020-12770 CVE-2020-12826 CVE-2019-19072 CVE-2019-16233 CVE-2020-25641 CVE-2019-19533 CVE-2019-19770 CVE-2019-20054 CVE-2019-18809 CVE-2019-19062 CVE-2019-19063 CVE-2019-19602 CVE-2019-20636 CVE-2020-0444 CVE-2020-11668 CVE-2019-9455 CVE-2020-14381 CVE-2019-15925 CVE-2019-19056 CVE-2019-19543 CVE-2020-0305 CVE-2020-8647 CVE-2020-10773 CVE-2020-10942 CVE-2020-12655 CVE-2020-8648 CVE-2019-12614 CVE-2019-19537 CVE-2020-10751 CVE-2020-12465 CVE-2019-19447 CVE-2020-10732 CVE-2019-19332 CVE-2019-18808 CVE-2019-19046 CVE-2020-11565 CVE-2020-12659 CVE-2019-15917 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::codeready_builder cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [9.0.3-18] - Patch for pip install <url> allow directory traversal, leading to arbitrary file write Resolves: rhbz#1868016 [9.0.3-17] - Remove unused CA bundle from the bundled requests library Resolves: rhbz#1775200 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-20916 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [3.6.8-31.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-31] - Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907) Resolves: rhbz#1856481 - Resolve hash collisions for Pv4Interface and IPv6Interface (CVE-2020-14422) Resolves: rhbz#1854926 [3.6.8-30] - Remove downstream 00178-dont-duplicate-flags-in-sysconfig.patch which introduced a bug on distutils.sysconfig.get_config_var('LIBPL') (rhbz#1851090). [3.6.8-29] - Fix python3-config --configdir (rhbz#1772992). [3.6.8-28] - Security fix for CVE-2020-8492 Resolves: rhbz#1810618 [3.6.8-27] - Add a sentinel value on the Hmac_members table of the fips compliant hmac module Resolves: rhbz#1800512 [3.6.8-26] - Skip test_startup_imports from test_site if we have a .pth file in sys.path Resolves: rhbz#1814392 [3.6.8-25] - Security fix for CVE-2019-16935 Resolves: rhbz#1798001 [3.6.8-24] - Build Python with -fno-semantic-interposition for better performance - https://fedoraproject.org/wiki/Changes/PythonNoSemanticInterpositionSpeedup - Also fix test_gdb failures with Link Time Optimizations Resolves: rhbz#1724996 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-14422 CVE-2019-16935 CVE-2020-8492 CVE-2019-20907 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::distro_builder cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 appstream-data [8-20200724] - Regenerate the RHEL metadata to include the EPEL apps too - Resolves: #1844488 [8-20200630] - Regenerate the RHEL metadata - Resolves: #1844488 fwupd [1.4.2-4.0.1] - Build with the updated Oracle certificate - Use oraclesecureboot301 as certdir [Orabug: 29881368] - Use new signing certificate (Alex Burmashev) [1.4.2-4] - Add signing with redhatsecureboot503 cert Related: CVE-2020-10713 [1.4.2-3] - Obsolete the now-dead fwupdate package to prevent file conflicts - Resolves: #1859202 [1.4.2-2] - Security fix for CVE-2020-10759 - Resolves: #1844324 [1.4.2-1] - New upstream release - Backport a patch to fix the synaptics fingerprint reader update. - Resolves: #1775277 [1.4.1-1] - New upstream release - Resolves: #1775277 gnome-software [3.36.1-4] - Fix 'Show Details' to correctly work for rpm-installed firefox - Resolves: #1845714 [3.36.1-3] - Upload correct 3.36.1 tarball - Fix hardcoded desktop and appdata names to match whats in RHEL 8.3 - Add back shell extensions support - Resolves: #1839774 [3.36.1-2] - Add support for basic auth and webflow auth in flatpak plugin - Resolves: #1815502 [3.36.1-1] - Update to 3.36.1 - Resolves: #1797932 libxmlb [0.1.15-1] - Initial release for RHEL LOW Copyright 2020 Oracle, Inc. CVE-2020-10759 cpe:/a:oracle:linux:8::appstream_developer cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/o:oracle:linux:8:9:baseos_base cpe:/o:oracle:linux:8:6:baseos_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 cpe:/a:oracle:linux:8::distro_builder cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder_developer cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/o:oracle:linux:8:5:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/o:oracle:linux:8:8:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/o:oracle:linux:8:3:baseos_base cpe:/o:oracle:linux:8:4:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8:7:baseos_base cpe:/o:oracle:linux:8::baseos_developer cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [3.26.0-11] - Fixed bug in CVE-2019-20218 (#1791592) [3.26.0-10] - Fixed CVE-2020-13632 (#1845572) - Fixed CVE-2020-13631 (#1845474) - Fixed CVE-2020-13630 (#1845153) [3.26.0-9] - Fixed CVE-2019-5018 (#1721509) [3.26.0-8] - Fixed CVE-2019-16168 (#1826897) [3.26.0-7] - Fixed CVE-2019-20218 (#1791592) - Fixed CVE-2020-6405 (#1804823) - Fixed CVE-2020-0327 (#1816572) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-13631 CVE-2020-13632 CVE-2019-5018 CVE-2020-9327 CVE-2019-16168 CVE-2019-20218 CVE-2020-6405 CVE-2020-13630 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [3.3.2-9] - Fix out-of-bounds read (CVE-2019-19221) (#1803967) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-19221 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::codeready_builder cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [2.28-127.0.1] - add Ampere emag to tunable cpu list (Patrick McGehearty) - add optimized memset for emag - add an ASIMD variant of strlen for falkor - Orabug: 2700101. - Modify glibc-ora28849085.patch so it works with RHCK kernels. - Orabug: 28849085. - Make _IO_funlockfile match __funlockfile and _IO_flockfile match __flockfile - Both should test - if (stream->_flags & _IO_USER_LOCK) == 0) - _IO_lock_lock (*stream->_lock); - OraBug: 28481550. Reviewed-by: Qing Zhao <qing.zhao@oracle.com> [2.28-127] - Improve performance of library strstr() function (#1821531) [2.28-126] - Do not clobber errno in nss_compat (#1836867) [2.28-125] - Support building rpm under newer versions of Coverity Scan (#1835999) [2.28-124] - Enhance memory protection key support on ppc64le (#1642150) [2.28-123] - Reduce IFUNC resolver usage in libpthread and librt (#1748197) [2.28-122] - Math library optimizations for IBM Z (#1780204) - Additional patch for s_nearbyint.c [2.28-121] - elf: Assign TLS modid later during dlopen (#1774115) [2.28-120] - x86-64: Automatically install nss_db.i686 for 32-bit environments (#1807824) [2.28-119] - ppc64le: Enable protection key support (#1642150) [2.28-118] - ppc64le: floating-point status and exception optimizations (#1783303) [2.28-117] - Update to Linux 5.6 syscall-names.list. (#1810224) [2.28-116] - CVE-2020-1751: Fix an array overflow in backtrace on PowerPC. (#1813399) [2.28-115] - CVE:2020-1752: Fix a use after free in glob when expanding ~user. (#1813398) [2.28-114] - CVE-2020-10029: Prevent stack corruption from crafted input in cosl, sinl, sincosl, and tanl function. (#1811796) [2.28-113] - Improve elf/ and nptl/ testsuites (#1810223) [2.28-112] - Fix resource leak in getaddrinfo (#1810146) [2.28-111] - Protect locale archive against corruption (#1784525) [2.28-110] - Properly handle signed vs. unsigned values in mallopt (#1784520) [2.28-109] - Update and harmonize locale names with CLDR (#1757354) [2.28-108] - Fix filter and auxiliary filter implementation (#1812756) [2.28-107] - Handle .dynstr located in separate segment (#1774114) [2.28-106] - Disable vtable validation for pre-2.1 interposed handles (#1775819) [2.28-105] - Define __CORRECT_ISO_CPP_STRING_H_PROTO for Clang. (#1784519) [2.28-104] - Math library optimizations for IBM Z (#1780204) [2.28-103] - Filter 'ignore' autofs mount entries in getmntent (#1743445) [2.28-102] - Fix /etc/resolv.conf reloading defects (#1810142) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-1752 CVE-2020-1751 CVE-2020-10029 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [0.9.0-2] - Resolves: #1809992, CVE-2019-18609 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-18609 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::codeready_builder cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 dleyna-renderer [0.6.0-3] - Add a manual Resolves: #1612579 frei0r-plugins [1.6.1-7] - Rebuild with newer annobin to fix rpmdiff problems - Fix the build with a newer opencv - Resolves: rhbz#1703994 gdm [3.28.3-34] - Fix file descriptor leak Resolves: #1877853 [3.28.3-33] - Fix problem with Xorg fallback Resolves: #1868260 [3.28.3-32] - Add dconf db to file manifest Related: #1833158 [3.28.3-31] - add back gdm system db to dconf profile Resolves: #1833158 [3.28.3-30] - Make sure login screen is killed during login Resolves: #1618481 gnome-control-center [3.28.2-22] - Categorize Infiniband devices correctly Resolves: #1826379 [3.28.2-21] - Honor sound theme changes when changing from the default theme - Resolves: #1706008 [3.28.2-20] - Fix 90min automatic sleep option to not last 80min - Resolves: #1706076 gnome-photos [3.28.1-3] - Disable Python 2 during the build - itstool doesnt need it anymore Resolves: #1597806 [3.28.1-2] - rebuild gnome-remote-desktop [0.1.8-3] - Backport cursor only frame fixes Related: #1837406 [0.1.8-2] - Dont crash on metadata only buffers Resolves: #1847062 [0.1.8-1] - Rebase to 0.1.8 Resolves: #1837406 gnome-session [3.28.1-10.0.1] - Update kiosk-session subpackage with Oracle references [Orabug: 32095108] [3.28.1-10] - Show cursor explicitly from session selector Resolves: #1624430 [3.28.1-9] - Add kiosk-session subpackage to help users set up RHEL for kiosk/point-of-sale use. Resolves: #1739556 gnome-settings-daemon [3.32.0-11] - Remove subman plugin for now Resolves: #1872457 [3.32.0-10] - Disable subman plugin on CentOS Resolves: #1827030 gnome-shell [3.32.2-20] - Fix popupMenu keynav when NumLock is active Resolves: #1840080 [3.32.2-19] - Fix last backport Resolves: #1847051 [3.32.2-18] - Fix more spurious allocation warnings Resolves: #1715845 [3.32.2-17] - Really allow using perf-tool on wayland Resolves: #1652178 - Fix timed login without user list Resolves: #1668895 - Fix HighContrast/symbolic icon mixup Resolves: #1794045 - Backport introspect API changes Resolves: #1837413 [3.32.2-16] - Drop bad upstream patch Resolves: #1820760 [3.32.2-15] - Improve performance under load Resolves: #1820760 gnome-shell-extensions [3.32.1-11] - Adjust dash-to-dock for classic backports Resolves: #1805929 - Fix inconsistent state in window-list prefs dialog Resolves: #1824362 gnome-terminal [3.28.3-2] - Add a manual - Resolves: #1612688 gsettings-desktop-schemas [3.32.0-5] - Recommend DejaVu Sans Mono font as the default monospace font Resolves: #1656262 gtk3 [3.22.30-6] - Fix reuse of list box header widgets (#rhbz1843486) gtk-doc [1.28-2] - Backport a patch to fix x86_64/i686 differences in generated documentation - Resolves: #1634770 gvfs [1.36.2-10] - Fix libusb(x) requirements (rhbz#1866332) [1.36.2-9] - Improve enumeration performance of smb backend (rhbz#1569868) LibRaw [0.19.5-2] - Backport fix for CVE-2020-15503 from Fedora Resolves: #1853529 libsoup [2.62.3-2] - Some WebSocket fixes to unbreak cockpit-desktop (rhbz#1872270) mutter [3.32.2-48] - Fix GLX stereo buffer rebase error Resolves: #1880339 [3.32.2-47] - Fix screen sharing on wayland Resolves: #1873963 [3.32.2-46] - Handle cursor only screen cast frames better Related: #1837381 [3.32.2-45] - Handle GPU unplug gracefully Resolves: #1846191 [3.32.2-44] - Dont show widow actor until explictly shown Resolves: #1719937 [3.32.2-43] - Only treat WM_PROTOCOLS messages as WM_PROTOCOL messages Resolves: #1847203 [3.32.2-42] - Dont pass DMA buffers if they cant be mmap():ed Related: #1847062 [3.32.2-41] - Backport is_rendering_hardware_acclerated() API Related: #1837381 [3.32.2-40] - Fix DMA buffer memory leak Related: #1837381 [3.32.2-39] - Fix incorrect pipewire dependency version Related: #1837381 [3.32.2-38] - Backport screen cast and remote desktop improvements Resolves: #1837381 [3.32.2-37] - Fix corrupted background after suspend Resolves: #1828162 nautilus [3.28.1-14] - Fix broken tracker query under certain locales (rhbz#1847061) [3.28.1-13] - Clear selection if any files dont match the pattern (rhbz#1207179) - Fix endless content size calculations (rhbz#1566027) - Honor umask when creating new files (rhbz#1778579) - Close 'There is no application...' dialog after response (rhbz#1816070) PackageKit [1.1.12-6.0.1] - removed rhel-Vendor.conf.patch [1.1.12-6] - Fix documentation links in Vendor.conf - Resolves: #1837648 [1.1.12-5] - Do not shutdown the daemon on idle - Resolves: #1814820 pipewire0.2 [0.2.7-6] - Fix Conflicts: line - Remove Recommends: line, its wrong - Resolves: rhbz#1832347 [0.2.7-5] - Fix Conflicts: line - Resolves: rhbz#1832347 [0.2.7-4] - Add gating file - Resolves: rhbz#1832347 [0.2.7-3] - Change source URL - Resolves: rhbz#1832347 [0.2.7-2] - Add compat -devel package [0.2.7-1] - First version - Fix bluez5 plugins build pipewire [0.3.6-1] - Update to 0.3.6 - Resolves: rhbz#1832347 [0.3.5-3] - Rebuild - Resolves: rhbz#1832347 [0.3.5-2] - Disable vulkan - Resolves: rhbz#1832347 [0.3.5-1] - Update to 0.3.5 - Disable pulse and jack - Add patch to work with meson 0.49 - Add patch to fix neon compilation - Resolves: rhbz#1832347 potrace [1.15-3] - Fixing build for flatpak (rhbz#1840788) pygobject3 [3.28.3-2] - Add lock to avoid two type object wrappers getting generated at the same time in multi-threaded programs. Resolves: #1844578 tracker [2.1.5-2] - Rebuild to include tracker-devel in CRB - Resolves: #1758891 vte291 [0.52.4-2] - Avoid overriding -fno-exceptions Resolves: #1804719 [0.52.4-1] - Update to 0.52.4 Resolves: #1804719 webkit2gtk3 [2.28.4-1] - Update to 2.28.4 - Related: #1817143 [2.28.2-2] - Related: rhbz#1817143 Properly remove webkit2gtk3-plugin-process-gtk2 package [2.28.2-1] - Resolves: rhbz#1817143 Update to 2.28.2 webrtc-audio-processing [0.3-9] - Rebuild to address Annobin coverage issues Resolves: #1704148 xdg-desktop-portal [1.6.0-2] - Require pipewire0.2-libs for legacy application support. Resolves: #1854734 [1.6.0-1] - Rebase to 1.6.0 (#1775345) - Backport PipeWire 0.3 support (#1775345) - Backport fixes (#1775345) xdg-desktop-portal-gtk [1.6.0-1] - Rebase to 1.6.0 (#1837413) - Bump supported Mutter screen cast API version (#1837413) - Backport bugfix (#1837413) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-8846 CVE-2020-3897 CVE-2020-3900 CVE-2020-9895 CVE-2019-8813 CVE-2020-9806 CVE-2020-3868 CVE-2020-3865 CVE-2020-14391 CVE-2019-8625 CVE-2019-8720 CVE-2019-8808 CVE-2019-8823 CVE-2020-3867 CVE-2019-8820 CVE-2020-3895 CVE-2020-3902 CVE-2019-8710 CVE-2020-3862 CVE-2019-8764 CVE-2020-3864 CVE-2020-3885 CVE-2020-9915 CVE-2019-8769 CVE-2019-8782 CVE-2019-8814 CVE-2019-8816 CVE-2020-9925 CVE-2019-8771 CVE-2019-8811 CVE-2019-8783 CVE-2019-8835 CVE-2019-8844 CVE-2020-3894 CVE-2019-8819 CVE-2019-8766 CVE-2020-9894 CVE-2019-8815 CVE-2020-3899 CVE-2020-3901 CVE-2020-10018 CVE-2019-8743 CVE-2020-9850 CVE-2020-11793 CVE-2020-9843 CVE-2020-15503 CVE-2020-9807 CVE-2019-8812 CVE-2020-9802 CVE-2020-9862 CVE-2020-9803 CVE-2020-9893 CVE-2020-9805 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/o:oracle:linux:8:9:baseos_base cpe:/o:oracle:linux:8:6:baseos_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 cpe:/a:oracle:linux:8::distro_builder cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder_developer cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/o:oracle:linux:8:5:baseos_base cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/o:oracle:linux:8:8:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/o:oracle:linux:8:3:baseos_base cpe:/o:oracle:linux:8:4:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8:7:baseos_base cpe:/o:oracle:linux:8::baseos_developer cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [2:8.0.1763-15.0.1] - - Remove upstream references [Orabug: 31197557] [2:8.0.1763-15] - 1842755 - CVE-2019-20807 [2:8.0.1763-14] - 1745476 - manpage of vim is garbled in Japanese locale MODERATE Copyright 2020 Oracle, Inc. CVE-2019-20807 cpe:/o:oracle:linux:8:4:baseos_base cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [1.1.32-5.0.1] - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball [1.1.32-5] - Fix CVE-2019-18197 (#1775517) - Fix CVE-2019-11068 (#1715732) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-18197 CVE-2019-11068 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [2.30-79.0.1] - Forward-port Oracle patches from 2.30-75.0.1 - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [2.30-79] - Fix x86 assemblers handling of non-8-bit displacements. (#1869401) [2.30-77] - Add tests missing from PT_GNU_SEGMENT patch. (#1870039) [2.30-75.0.1] - Forward-port Oracle patches to OL8.3 beta. [2.30-76] - Have the s.390 assembler include alignment hints with vector instructions. (#1850490) [2.30-75] - Prevent the s/390 linker from rewriting the GOT access for certain symbol types. (#1846972) LOW Copyright 2020 Oracle, Inc. CVE-2019-17450 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [1:2.2.6-38] - 1775590 - rastertoepson filter crashes with paper size A6 [1:2.2.6-37] - forgot to enable optimization - 1833516 [1:2.2.6-36] - 1838449 - ipp/socket backends connect to turned off device for eternity (contimeout is not applied) - 1689207 - Add failover backend - 1833516 - DirtyCleanInterval ignored if there are open client connections [1:2.2.6-35] - 1825254 - CVE-2020-3898 cups: heap based buffer overflow in libcupss ppdFindOption() in ppd-mark.c [1:2.2.6-34] - 1809002 - scriptlet issue, /usr/bin/rm: cannot remove '/var/cache/cups/*.data' [1:2.2.6-34] - 1784884 - cups.service doesnt execute automatically on request [1:2.2.6-34] - 1822135 - _ppdOpen() leaks 'string' variable LOW Copyright 2020 Oracle, Inc. CVE-2020-3898 cpe:/o:oracle:linux:8:4:baseos_base cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [2.9.7-8.0.1] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.9.7-8] - Fix CVE-2019-19956 (#1793001) - Fix CVE-2020-7595 (#1799786) - Fix CVE-2019-20388 (#1810058) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-7595 CVE-2019-20388 CVE-2019-19956 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [5.50-4] + bluez-5.50-4 - Fixing CVE-2020-0556 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-0556 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:3:baseos_patch cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.8.5-4] - add PBKDF2 selftest for FIPS POST [1.8.5-3] - new upstream version 1.8.5 - AES performance improvements backported from master branch - FIPS module is implicit with kernel FIPS flag - always run the FIPS selftests if FIPS module is installed MODERATE Copyright 2020 Oracle, Inc. CVE-2019-13627 cpe:/o:oracle:linux:8:4:baseos_base cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::olcne13 cpe:/a:oracle:linux:8::olcne12 cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [0.20.0-2] - Unbreak different CardOS 5 configurations supporting raw RSA (#1830856) [0.20.0-1] - Rebase to current upstream release (#1810660) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-15946 CVE-2019-19481 CVE-2019-15945 CVE-2019-19479 CVE-2019-20792 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [2.2.5-4] - add security fixes for CVE-2018-20843, CVE-2019-15903 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-20843 CVE-2019-15903 cpe:/o:oracle:linux:8:4:baseos_base cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:5:baseos_base cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [2.2.20-2] - fixes for issues found in Coverity scan [2.2.20-1] - upgrade to 2.2.20 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-13050 cpe:/o:oracle:linux:8:4:baseos_base cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:6:baseos_base cpe:/o:oracle:linux:8:5:baseos_base cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [2.1.27-5] - Reduce excessive GSSAPI plugin logging - Resolves: rhbz#1274734 [2.1.27-4] - Add support for setting maxssf=0 in GSS-SPNEGO - Resolves: rhbz#1822133 [2.1.27-3] - Backport GSSAPI Channel Bindings support - Resolves: rhbz#1817054 [2.1.27-2] - Backport fix for CVE-2019-19906 - Resolves: rhbz#1804036 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-19906 cpe:/o:oracle:linux:8:4:baseos_base cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:5:baseos_base cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [32:9.11.20-5] - Fix tsig-request verify (CVE-2020-8622) - Prevent PKCS11 daemon crash on crafted packet (CVE-2020-8623) - Correct update-policy type subdomain to match documentation (CVE-2020-8624) - Include available test [32:9.11.20-4] - Prevent crash on dstlib initialization failure (#1859454) [32:9.11.20-3] - Add remaining require to bind package (#1633169) [32:9.11.20-2] - Add manual page for dnssec-importkey-pkcs11 (#1666785) - Add versioned depends to all library subpackages [32:9.11.20-1] - Update to 9.11.20 [32:9.11.19-2] - Remove old KSK 19036 from remaining trusted-key.key [32:9.11.19-1] - Update to 9.11.19 (CVE-2020-8616, CVE-2020-8617) [32:9.11.18-1] - Update to 9.11.18 [32:9.11.17-1] - Update to 9.11.17 [32:9.11.14-1] - Update to 9.11.14 - Remove libmaxminddb-devel from devel package dependencies MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8623 CVE-2020-8622 CVE-2020-8619 CVE-2020-8624 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [0.7.11-1] - Update to 0.7.11 - selected bug fixes: * support arch<->noarch package changes when creating patch conflicts from the updateinfo data * also support other rpm database types * fixed solv_zchunk decoding error if large chunks are used * treat retracted pathes as irrelevant * made add_update_target work with multiversion installs - new features * support for SOLVER_BLACKLIST jobs that block the installation of matched packages unless they are directly selected by an SOLVER_INSTALL job * libsolv now also parses the patch status in the updateinfo parser * new solvable_matchessolvable() function * support conda constrains dependencies * new rpm_stat_database() function * new rpm_hash_database_state() function MODERATE Copyright 2020 Oracle, Inc. CVE-2019-20387 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::distro_builder cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [1.1.1g-11] - Further changes for SP 800-56A rev3 requirements [1.1.1g-9] - Rewire FIPS_drbg API to use the RAND_DRBG - Use the well known DH groups in TLS even for 2048 and 1024 bit parameters [1.1.1g-7] - Disallow dropping Extended Master Secret extension on renegotiation - Return alert from s_server if ALPN protocol does not match - SHA1 is allowed in @SECLEVEL=2 only if allowed by TLS SigAlgs configuration [1.1.1g-6] - Add FIPS selftest for PBKDF2 and KBKDF [1.1.1g-5] - Allow only well known DH groups in the FIPS mode [1.1.1g-1] - update to the 1.1.1g release - FIPS module installed state definition is modified LOW Copyright 2020 Oracle, Inc. CVE-2019-1551 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [10.32-2] - Fix CVE-2019-20454 (a crash when \X is used without UTF mode in a JIT) (bug #1734468) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-20454 cpe:/o:oracle:linux:8:3:baseos_base cpe:/o:oracle:linux:8:4:baseos_base cpe:/o:oracle:linux:8:5:baseos_base cpe:/o:oracle:linux:8:6:baseos_base cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [2.3.3-2] - patch: Fix possible memory corruption in LUKS2 validation code in 32bit library. - Resolves: #1872294 [2.3.3-1] - Update to cryptsetup 2.3.3 - Resolves: #1796826 #1743891 #1785748 [2.3.1-1] - Update to cryptsetup 2.3.1 - Resolves: #1796826 #1743891 #1785748 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-14382 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [0.9.4-2] - Do not return error when server properly closed the channel (#1849071) - Add a test for CVE-2019-14889 - Do not parse configuration file in torture_knownhosts test [0.9.4-1] - Update to version 0.9.4 https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/ - Fixed CVE-2019-14889 (#1781782) - Fixed CVE-2020-1730 (#1802422) - Create missing directories in the path provided for known_hosts files (#1733914) - Removed inclusion of OpenSSH server configuration file from libssh_server.config (#1821339) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-1730 CVE-2019-14889 cpe:/o:oracle:linux:8:4:baseos_base cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [14:1.9.1-4] - Related: #1806422 - Building libpcap to side-tag for tcpdump [14:1.9.1-3] - Related: #1743650 - reverting rdma changes due to unresolved dependency loop [14:1.9.1-2] - Related: #1806422 - Building libpcap to side-tag for tcpdump [14:1.9.1-1] - Resolves: #1806422 - rebase libpcap to version 1.9.1 - Resolves: #1743650 - [RFE] enable inbox support for sniffing offloaded (RDMA) traffic with tcpdump - Resolves: #1785330 - Invalid IPv4 addresses are accepted without reporting even a warning - Resolves: #1792208 - Resource exhaustion while PHB header length validation LOW Copyright 2020 Oracle, Inc. CVE-2019-15165 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::codeready_builder cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [239-40.0.1] - backport upstream pstore tmpfiles patch [Orabug: 31420486] - udev rules: fix memory hot add and remove [Orabug: 31310273] - fix to enable systemd-pstore.service [Orabug: 30951066] - journal: change support URL shown in the catalog entries [Orabug: 30853009] - fix to generate systemd-pstore.service file [Orabug: 30230056] - fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam@oracle.com) [Orabug: 25897792] - set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874] - allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] - add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475] - Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056] [239-40] - units: add generic boot-complete.target (#1872243) - man: document new 'boot-complete.target' unit (#1872243) - core: make sure to restore the control command id, too (#1829867) [239-39] - device: make sure we emit PropertiesChanged signal once we set sysfs (#1793533) - device: dont emit PropetiesChanged needlessly (#1793533) [239-38] - spec: fix rpm verification (#1702300) [239-37] - spec: dont package /etc/systemd/system/dbus-org.freedesktop.resolve1.service (#1844465) [239-36] - core: dont consider SERVICE_SKIP_CONDITION for abnormal or failure restarts (#1737283) - selinux: do preprocessor check only in selinux-access.c (#1830861) - basic/cgroup-util: introduce cg_get_keyed_attribute_full() (#1830861) - shared: add generic logic for waiting for a unit to enter some state (#1830861) - shared: fix assert call (#1830861) - shared: Dont try calling NULL callback in bus_wait_for_units_clear (#1830861) - shared: add NULL callback check in one more place (#1830861) - core: introduce support for cgroup freezer (#1830861) - core/cgroup: fix return value of unit_cgorup_freezer_action() (#1830861) - core: fix the return value in order to make sure we dont dipatch method return too early (#1830861) - test: add test for cgroup v2 freezer support (#1830861) - fix mis-merge (#1848421) - tests: sleep a bit and give kernel time to perform the action after manual freeze/thaw (#1848421) [239-35] - spec: fix rpm verification (#1702300) [239-34] - spec: fix rpm verification (#1702300) [239-33] - tmpfiles: fix crash with NULL in arg_root and other fixes and tests (#1836024) - sulogin-shell: Use force if SYSTEMD_SULOGIN_FORCE set (#1625929) - resolvconf: fixes for the compatibility interface (#1835594) - mount: dont add Requires for tmp.mount (#1748840) - core: coldplug possible nop_job (#1829798) - core: add IODeviceLatencyTargetSec (#1831519) - time-util: Introduce parse_sec_def_infinity (#1770379) - cgroup: use structured initialization (#1770379) - core: add CPUQuotaPeriodSec= (#1770379) - core: downgrade CPUQuotaPeriodSec= clamping logs to debug (#1770379) - sd-bus: avoid magic number in SASL length calculation (#1838081) - sd-bus: fix SASL reply to empty AUTH (#1838081) - sd-bus: skip sending formatted UIDs via SASL (#1838081) - core: add MemoryMin (#1763435) - core: introduce cgroup_add_device_allow() (#1763435) - test: remove support for suffix in get_testdata_dir() (#1763435) - cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow (#1763435) - cgroup: Create UNIT_DEFINE_ANCESTOR_MEMORY_LOOKUP (#1763435) - unit: Add DefaultMemoryMin (#1763435) - cgroup: Polish hierarchically aware protection docs a bit (#1763435) - cgroup: Readd some plumbing for DefaultMemoryMin (#1763435) - cgroup: Support 0-value for memory protection directives (#1763435) - cgroup: Test that its possible to set memory protection to 0 again (#1763435) - cgroup: Check ancestor memory min for unified memory config (#1763435) - cgroup: Respect DefaultMemoryMin when setting memory.min (#1763435) - cgroup: Mark memory protections as explicitly set in transient units (#1763435) - meson: allow setting the version string during configuration (#1804252) [239-32] - pid1: fix DefaultTasksMax initialization (#1809037) - cgroup: make sure that cpuset is supported on cgroup v2 and disabled with v1 (#1808940) - test: introduce TEST-36-NUMAPOLICY (#1808940) - test: replace 'tail -f' with journal cursor which should be... (#1808940) - test: support MPOL_LOCAL matching in unpatched strace versions (#1808940) - test: make sure the strace process is indeed dead (#1808940) - test: skip the test on systems without NUMA support (#1808940) - test: give strace some time to initialize (#1808940) - test: add a simple sanity check for systems without NUMA support (#1808940) - test: drop the missed || exit 1 expression (#1808940) - test: replace cursor file with a plain cursor (#1808940) - cryptsetup: Treat key file errors as a failed password attempt (#1763155) - swap: finish the secondary swap units jobs if deactivation of the primary swap unit fails (#1749622) - resolved: Recover missing PrivateTmp=yes and ProtectSystem=strict (#1810869) - bus_open leak sd_event_source when udevadm trigger (#1798504) - core: rework StopWhenUnneeded= logic (#1798046) - pid1: fix the names of AllowedCPUs= and AllowedMemoryNodes= (#1818054) - core: fix re-realization of cgroup siblings (#1818054) - basic: use comma as separator in cpuset cgroup cpu ranges (#1818054) - core: transition to FINAL_SIGTERM state after ExecStopPost= (#1766479) - sd-journal: close journal files that were deleted by journald before weve setup inotify watch (#1796128) - sd-journal: remove the dead code and actually fix #14695 (#1796128) - udev: downgrade message when we fail to set inotify watch up (#1808051) - logind: check PolicyKit before allowing VT switch (#1797679) - test: do not use global variable to pass error (#1823767) - test: install libraries required by tests (#1823767) - test: introduce install_zoneinfo() (#1823767) - test: replace duplicated Makefile by symbolic link (#1823767) - test: add paths of keymaps in install_keymaps() (#1823767) - test: make install_keymaps() optionally install more keymaps (#1823767) - test-fs-util: skip some tests when running in unprivileged container (#1823767) - test-process-util: skip several verifications when running in unprivileged container (#1823767) - test-execute: also check python3 is installed or not (#1823767) - test-execute: skip several tests when running in container (#1823767) - test: introduce test_is_running_from_builddir() (#1823767) - test: make test-catalog relocatable (#1823767) - test: parallelize tasks in TEST-24-UNIT-TESTS (#1823767) - test: try to determine QEMU_SMP dynamically (#1823767) - test: store coredumps in journal (#1823767) - pid1: add new kernel cmdline arg systemd.cpu_affinity= (#1812894) - udev-rules: make tape-changers also apprear in /dev/tape/by-path/ (#1820112) - man: be clearer that .timer time expressions need to be reset to override them (#1816908) - Add support for opening files for appending (#1809175) - nspawn: move payload to sub-cgroup first, then sync cgroup trees (#1837094) - core: move unit_status_emit_starting_stopping_reloading() and related calls to job.c (#1737283) - job: when a job was skipped due to a failed condition, log about it (#1737283) - core: split out all logic that updates a Job on a units unit_notify() invocation (#1737283) - core: make log messages about units entering a 'failed' state recognizable (#1737283) - core: log a recognizable message when a unit succeeds, too (#1737283) - tests: always use the right vtable wrapper calls (#1737283) - test-execute: allow filtering test cases by pattern (#1737283) - test-execute: provide custom failure message (#1737283) - core: ExecCondition= for services (#1737283) - Drop support for lz4 < 1.3.0 (#1843871) - test-compress: add test for short decompress_startswith calls (#1843871) - journal: adapt for new improved LZ4_decompress_safe_partial() (#1843871) - fuzz-compress: add fuzzer for compression and decompression (#1843871) - seccomp: fix __NR__sysctl usage (#1843871) LOW Copyright 2020 Oracle, Inc. CVE-2019-20386 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [2.1.3-2] - Resolves: rhbz#1849615 - Fix CVE-2020-10730 use-after-free [2.1.3-1] - Resolves: rhbz#1817567 - Rebase libldb to 2.1.3 for samba MODERATE Copyright 2020 Oracle, Inc. CVE-2020-10730 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::distro_builder cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [7.61.1-14] - avoid overwriting a local file with -J (CVE-2020-8177) [7.61.1-13] - load built-in openssl engines (#1854369) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8177 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 8 [7.0-10] - Resolves: #1867793 - FRR does not conform to the source port range specified in RFC5881 [7.0-9] - Resolves: #1852476 - default permission issue eases information leaks [7.0-8] - Resolves: #1819319 - frr fails to start start if the initscripts package is missing [7.0-7] - Resolves: #1758544 - IGMPv3 queries may lead to DoS [7.0-6] - Resolves: #1776342 - frr has missing dependency on iproute MODERATE Copyright 2020 Oracle, Inc. CVE-2020-12831 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [3.4.2-10] - Fixed CVE-2018-11805 - Resolves: rhbz#1787514 - Fixed CVE-2020-1930 - Resolves: rhbz#1820649 - Fixed CVE-2020-1931 - Resolves: rhbz#1820650 [3.4.2-9] - Fix CVE-2019-12420 - Resolves: rhbz#1812977 [3.4.2-8] - Removed the obsolete SOUGHT channel for rule updates - Resolves: rhbz#1630362 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-12420 CVE-2020-1930 CVE-2018-11805 CVE-2020-1931 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.2.15-38] - fix CVEs - Resolves: rhbz#1716209, rhbz#1716210, rhbz#1716211, rhbz#1716212, rhbz#1716213, rhbz#1716214, rhbz#1716215, rhbz#1716216, rhbz#1716217, rhbz#1716218, rhbz#1716219 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-7636 CVE-2019-7576 CVE-2019-7572 CVE-2019-7638 CVE-2019-7635 CVE-2019-7637 CVE-2019-7577 CVE-2019-7578 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 libcmis [0.5.2-1] - Related: rhbz#1796893 update to 0.5.2 liborcus [0.14.1-1] - Related: rhbz#1796893 update to 0.14.1 libreoffice [6.3.6.2-3.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. [1:6.3.6.2-3] - Obsoletes any libreoffice-gtk2-debuginfo along with libreoffice-gtk2 [1:6.3.6.2-2] - Resolves: rhbz#1841907 always produce utf-8 from gettext [1:6.3.6.2-1] - rhbz#1796893 latest stable release [1:6.3.5.2-7] - rhbz#1796893 dont show error dialog on G_IO_ERROR_FAILED_HANDLED [1:6.3.5.2-6] - rhbz#1819798 Start Center crash after pressing Help button before using any topevel module [1:6.3.5.2-5] - rhbz#1796893 spreadsheetml2ooo.xsl was not well formed xml - rhbz#1796893 fix impress print dialog range [1:6.3.5.2-4] - rhbz#1796893 fix help->licence info->license [1:6.3.5.2-3] - rhbz#1796893 disable tip of the day by default [1:6.3.5.2-2] - rhbz#1796893 improve langpack requires [1:6.3.5.2-1] - rhbz#1796893 latest stable release LOW Copyright 2020 Oracle, Inc. CVE-2020-12802 CVE-2020-12803 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8::distro_builder cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.7.0-8] - Resolves: rhbz#1796086, rhbz#1796100, rhbz#1796448, rhbz#1796454 - Enable webm-io explicitly [1.7.0-7] - Fix for CVE-2019-9232, CVE-2019-9433, CVE-2019-9371, CVE-2019-2126 - Resolves: rhbz#1796086, rhbz#1796100, rhbz#1796448, rhbz#1796454 - Remove php-cli BR MODERATE Copyright 2020 Oracle, Inc. CVE-2019-2126 CVE-2019-9371 CVE-2019-9232 CVE-2019-9433 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 [4.0.9-18] - Fix CVE-2019-17546 (#1771372) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-17546 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [11.7.3-5] - Rebuild [11.7.3-4] - Package onboarded to gating [11.7.3-3] - Fix memory corruption bug due to integer overflow (#1790608) LOW Copyright 2020 Oracle, Inc. CVE-2019-16167 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-14422 CVE-2019-20477 CVE-2019-20907 CVE-2020-8492 CVE-2020-1747 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [0.66.0-27] - Fix crash on broken file in tilingPatternFill() - Resolves: #1801341 LOW Copyright 2020 Oracle, Inc. CVE-2019-14494 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 freerdp [2:2.1.1-1] - Update to 2.1.1 (rhbz#1834287). [2:2.0.0-47.rc4] - Fix SCARD_INSUFFICIENT_BUFFER error (rhbz#1803054) - Do not advertise /usb in help output (rhbz#1761144) vinagre [3.22.0-23] - Remove unused variable (CovScan) - Related: #1839744 [3.22.0-22] - Rebuild due to new version of FreeRDP - Fix an issue when RDP connection shows just black screen - Resolves: #1839744 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-11085 CVE-2020-11087 CVE-2020-11525 CVE-2020-11039 CVE-2020-11044 CVE-2020-11522 CVE-2020-11043 CVE-2020-11038 CVE-2020-13396 CVE-2020-11019 CVE-2020-11042 CVE-2020-11041 CVE-2020-13397 CVE-2020-11088 CVE-2020-11040 CVE-2020-11058 CVE-2020-11018 CVE-2020-11045 CVE-2020-11046 CVE-2020-11048 CVE-2020-11049 CVE-2020-11089 CVE-2020-11526 CVE-2020-11086 CVE-2020-11047 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 bogofilter [1.2.5-2] - Bump version to have OSCI/gating tests rerun with updated tests [1.2.5-1] - Resolves: #1836279 (Update to 1.2.5) evolution [3.28.5-14] - Related: #1817143 (Add a small patch to behave better with WebKitGTK 2.28) [3.28.5-13] - Resolves: #1836165 (Cannot type the date of a meeting) evolution-data-server [3.28.5-14] - Resolves: #1859141 (CVE-2020-14928: Response Injection via STARTTLS in SMTP and POP3) evolution-mapi [3.28.3-3] - Rebuild for samba 4.12 rebase openchange [2.3-26.0.1] - Use ldconfig_scriptlets [2.3-26] - Add patch to build against samba 4.12 [2.3-25] - Add patch to build against samba 4.11.2 LOW Copyright 2020 Oracle, Inc. CVE-2020-14928 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8::distro_builder cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [19.4-11.0.1] - Forward port applicable cloud-init 18.4-2.0.3 changes to cloud-init-18-5 [Orabug: 30435672] - Update OCI Datasource to support IMDSv2 - limit permissions [Orabug: 31352433] - Changes to ignore all enslaved interfaces [Orabug: 30092148] - Fix swap file size allocation logic to allocate maxsize [Orabug: 29952349] - Make Oracle datasource detect dracut based config files [Orabug: 29956753] - add modified version of enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch: 1. Enable ec2_utils.py having a way to stop retrying to get ec2 metadata 2. Apply stop retrying to get ec2 metadata to helper/openstack.py MetadataReader Resolves: Oracle-Bug:41660 (Bugzilla) - added OL to list of known distros [19.4-11.el8] - ci-cc_mounts-fix-incorrect-format-specifiers-316.patch [bz#1794664] - Resolves: bz#1794664 ([RHEL8] swapon fails with 'swapfile has holes' when created on a xfs filesystem by cloud-init) [19.4-10.el8] - ci-Changing-notation-of-subp-call.patch [bz#1839662] - Resolves: bz#1839662 ([ESXi][RHEL8.3][cloud-init]ERROR log in cloud-init.log after clone VM on ESXi platform) [19.4-9.el8] - ci-Do-not-use-fallocate-in-swap-file-creation-on-xfs.-7.patch [bz#1794664] - ci-swap-file-size-being-used-before-checked-if-str-315.patch [bz#1794664] - ci-Detect-kernel-version-before-swap-file-creation-428.patch [bz#1794664] - Resolves: bz#1794664 ([RHEL8] swapon fails with 'swapfile has holes' when created on a xfs filesystem by cloud-init) [19.4-8.el8] - ci-When-tools.conf-does-not-exist-running-cmd-vmware-to.patch [bz#1839662] - ci-ssh-exit-with-non-zero-status-on-disabled-user-472.patch [bz#1833874] - Resolves: bz#1833874 ([rhel-8.3]using root user error should cause a non-zero exit code) - Resolves: bz#1839662 ([ESXi][RHEL8.3][cloud-init]ERROR log in cloud-init.log after clone VM on ESXi platform) [19.4-7.el8] - Fixing cloud-init-generator permissions [bz#1834173] - Resolves: bz#1834173 ([rhel-8.3]Incorrect ds-identify check in cloud-init-generator) [19.4-6.el8] - ci-ec2-only-redact-token-request-headers-in-logs-avoid-.patch [bz#1822343] - Resolves: bz#1822343 ([RHEL8.3] Do not log IMDSv2 token values into cloud-init.log) [19.4-5.el8] - ci-ec2-Do-not-log-IMDSv2-token-values-instead-use-REDAC.patch [bz#1822343] - ci-Render-the-generator-from-template-instead-of-cp.patch [bz#1834173] - ci-Change-from-redhat-to-rhel-in-systemd-generator-tmpl.patch [bz#1834173] - ci-cloud-init.service.tmpl-use-rhel-instead-of-redhat-4.patch [bz#1834173] - Resolves: bz#1822343 ([RHEL8.3] Do not log IMDSv2 token values into cloud-init.log) - Resolves: bz#1834173 ([rhel-8.3]Incorrect ds-identify check in cloud-init-generator) [19.4-4.el8] - ci-changing-ds-identify-patch-from-usr-lib-to-usr-libex.patch [bz#1834173] - Resolves: bz#1834173 ([rhel-8.3]Incorrect ds-identify check in cloud-init-generator) [19.4-3.el8] - ci-Make-cloud-init.service-execute-after-network-is-up.patch [bz#1803928] - Resolves: bz#1803928 ([RHEL8.3] Race condition of starting cloud-init and NetworkManager) [19.4-2.el8] - ci-cc_set_password-increase-random-pwlength-from-9-to-2.patch [bz#1812171] - ci-utils-use-SystemRandom-when-generating-random-passwo.patch [bz#1812174] - ci-Enable-ssh_deletekeys-by-default.patch [bz#1814152] - ci-Remove-race-condition-between-cloud-init-and-Network.patch [bz#1840648] - Resolves: bz#1812171 (CVE-2020-8632 cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py [rhel-8]) - Resolves: bz#1812174 (CVE-2020-8631 cloud-init: Use of random.choice when generating random password [rhel-8]) - Resolves: bz#1814152 (CVE-2018-10896 cloud-init: default configuration disabled deletion of SSH host keys [rhel-8]) - Resolves: bz#1840648 ([cloud-init][RHEL-8.2.0] /etc/resolv.conf lose config after reboot (initial instance is ok)) [19.4-1.el8] - Rebase to cloud-init 19.4 [bz#1803095] - Resolves: bz#1803095 ([RHEL-8.3.0] cloud-init rebase to 19.4) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8631 CVE-2020-8632 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-20916 CVE-2019-20907 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ol8 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ol8 Oracle Linux 8 [3.0.7-19] - change ownership of pki files (#1710722) [3.0.7-18] - Move old changelog into separate file (#1671239) [3.0.7-17] - Add fix for CVE-2019-19783 - Add fix for CVE-2019-18928 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-19783 CVE-2019-18928 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 * Fri Mar 27 2020 fjanus@redhat.com - 2.2.5-7 - Fix CVE-2018-14553 - Potential Null pointer dereference in gdImageClone Resolves: RHBZ#1811788 - Fixed heap based buffer overflow in gd_color_match.c:gdImageColorMatch() in libgd as used in imagecolormatch() Resolves: RHBZ#1678104 (CVE-2019-6977) - Fixed potential double-free in gdImage*Ptr() Resolves: RHBZ#1679002 (CVE-2019-6978) MODERATE Copyright 2020 Oracle, Inc. CVE-2018-14553 CVE-2019-6977 CVE-2019-6978 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 [3:2.1.29-10] - Fix match patter to reduce false allocation [3:2.1.29-9] - Fix for CVE-2020-12137 [3:2.1.29-8] - Drop unversioned python from comments. [3:2.1.29-7] - Change attr of /etc/mailman [3:2.1.29-6] - Update run directory references (#1805954) - fix #1188043 - set 2775 permission for /etc/mailman MODERATE Copyright 2020 Oracle, Inc. CVE-2020-12137 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 bind-dyndb-ldap [11.3-1] - New upstream release - Resolves: rhbz#1845211 ipa [4.8.7-12.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [4.8.7-12] - Require selinux sub package in the proper version Related: RHBZ#1868432 - SELinux: do not double-define node_t and pki_tomcat_cert_t Related: RHBZ#1868432 - SELinux: add dedicated policy for ipa-pki-retrieve-key + ipatests Related: RHBZ#1868432 - dogtaginstance.py: add --debug to pkispawn Resolves: RHBZ#1879604 [4.8.7-11] - SELinux Policy: let custodia replicate keys Resolves: RHBZ#1868432 [4.8.7-10] - Set mode of /etc/ipa/ca.crt to 0644 in CA-less installations Resolves: RHBZ#1870202 [4.8.7-9] - CAless installation: set the perms on KDC cert file Resolves: RHBZ#1863616 - EPN: handle empty attributes Resolves: RHBZ#1866938 - IPA-EPN: enhance input validation Resolves: RHBZ#1866291 - EPN: enhance input validation Resolves: RHBZ#1863079 - Require new samba build 4.12.3-52 Related: RHBZ#1868558 - Require new selinux-policy build 3.14.3-52 Related: RHBZ#1869311 [4.8.7-8] - [WebUI] IPA Error 3007: RequirmentError while adding members in User ID overrides tab (updated) Resolves: RHBZ#1757045 - ipa-client-install: use the authselect backup during uninstall Resolves: RHBZ#1810179 - Replace SSLCertVerificationError with CertificateError for py36 Resolves: RHBZ#1858318 - Fix AVC denial during ipa-adtrust-install --add-agents Resolves: RHBZ#1859213 [4.8.7-7] - replica install failing with avc denial for custodia component Resolves: RHBZ#1857157 [4.8.7-6] - selinux dont audit rules deny fetching trust topology Resolves: RHBZ#1845596 - fix iPAddress cert issuance for >1 host/service Resolves: RHBZ#1846352 - Specify cert_paths when calling PKIConnection Resolves: RHBZ#1849155 - Update crypto policy to allow AD-SUPPORT when installing IPA Resolves: RHBZ#1851139 - Add version to ipa-idoverride-memberof obsoletes Related: RHBZ#1846434 [4.8.7-5] - Add missing ipa-selinux package Resolves: RHBZ#1853263 [4.8.7-4] - Remove client-epn left over files for ONLY_CLIENT Related: RHBZ#1847999 [4.8.7-3] - [WebUI] IPA Error 3007: RequirmentError while adding members in User ID overrides tab Resolves: RHBZ#1757045 - EPN does not ship its default configuration ( /etc/ipa/epn.conf ) in freeipa-client-epn Resolves: RHBZ#1847999 - FreeIPA - Utilize 256-bit AJP connector passwords Resolves: RHBZ#1849914 - ipa: typo issue in ipanthomedirectoryrive deffinition Resolves: RHBZ#1851411 [4.8.7-2] - Remove ipa-idoverride-memberof as superceded by ipa-server 4.8.7 Resolves: RHBZ#1846434 [4.8.7-1] - Upstream release FreeIPA 4.8.7 - Require new samba build 4.12.3-0 Related: RHBZ#1818765 - New client-epn sub package Resolves: RHBZ#913799 ipa-healthcheck [0.4-6] - The core subpackage can be installed standalone, drop the Requires on the base package. (#1852244) - Add Conflicts < 0.4 to to core to allow downgrading with --allowerasing (#1852244) [0.4-5] - Remove the Obsoletes < 0.4 and add same-version Requires to each subpackage so that upgrades from 0.3 will work (#1852244) opendnssec [2.1.6-2] - Resolves: rhbz#1831732 AVC avc: denied { dac_override } for comm=ods-enforcerd [2.1.6-1] - Resolves: rhbz#1759888 Rebase OpenDNSSEC to 2.1 slapi-nis [0.56.5-4] - Ignore unmatched searches - Resolves: rhbz#1874015 [0.56.5-3] - Fix memory leaks in ID views processing - Resolves: rhbz#1875348 [0.56.5-2] - Initialize map lock in NIS plugin - Resolves: rhbz#1832331 [0.56.5-1] - Upstream release 0.56.5 - Resolves: rhbz#1751295: (2) When sync-repl is enabled, slapi-nis can deadlock during retrochanglog trimming - Resolves: rhbz#1768156: ERR - schemacompat - map rdlock: old way MAP_MONITOR_DISABLED softhsm [2.6.0-3] - Fixes: rhbz#1834909 - softhsm use-after-free on process exit - Synchronize the final fix with Fedora [2.6.0-2] - Fixes: rhbz#1834909 - softhsm use-after-free on process exit [2.6.0-1] - Fixes: rhbz#1818877 - rebase to softhsm 2.6.0+ - Fixes: rhbz#1701233 - support setting supported signature methods on the token MODERATE Copyright 2020 Oracle, Inc. CVE-2018-14040 CVE-2018-20677 CVE-2016-10735 CVE-2018-14042 CVE-2020-11022 CVE-2019-8331 CVE-2019-11358 CVE-2020-1722 CVE-2015-9251 CVE-2018-20676 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-15890 CVE-2019-20485 CVE-2020-14339 CVE-2020-10703 CVE-2020-14301 CVE-2020-1983 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [6.7.4-3] - apply patch for CVE-2020-13430 also to sources, not only to compiled webpack [6.7.4-2] - security fix for CVE-2020-13430 [6.7.4-1] - update to 6.7.4 tagged upstream community sources, see CHANGELOG - security fix for CVE-2020-13379 [6.7.3-1] - update to 6.7.3 tagged upstream community sources, see CHANGELOG - add scripts to list Go dependencies and bundled npmjs dependencies - set Grafana version in Grafana UI and grafana-cli --version - declare README.md as documentation of datasource plugins - create grafana.db on first installation (fixes RH BZ #1805472) - change permissions of /var/lib/grafana to 750 (CVE-2020-12458) - change permissions of /var/lib/grafana/grafana.db to 640 and user/group grafana:grafana (CVE-2020-12458) - change permissions of grafana.ini and ldap.toml to 640 (CVE-2020-12459) [6.6.2-1] - added patch0 to set the version string correctly - removed patch 004-xerrors.patch, its now upstream - added several patches for golang vendored vrs build dep differences - added patch to move grafana-cli binary to libexec dir - update to 6.6.2 tagged upstream community sources, see CHANGELOG MODERATE Copyright 2020 Oracle, Inc. CVE-2020-12458 CVE-2020-12245 CVE-2019-19499 CVE-2020-13430 CVE-2018-18624 CVE-2020-11110 CVE-2020-12052 CVE-2020-12459 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [4.18.0-240.1.1_3.OL8] - Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7 [4.18.0-240.1.1_3] - [net] Bluetooth: fix kernel oops in store_pending_adv_report (Gopal Tiwari) [1888454 1888455] {CVE-2020-24490} - [net] Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel (Gopal Tiwari) [1888257 1888258] {CVE-2020-12351} - [net] Bluetooth: A2MP: Fix not initializing all members (Gopal Tiwari) [1888806 1888807] {CVE-2020-12352} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-24490 CVE-2020-25662 CVE-2020-25661 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:3:baseos_patch cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [0.34.5-3] - Support HOME_MODE from /etc/login.defs Resolves: rhbz#1886362 [0.34.5-2] - Add gating tests using idm:DL1 module stream and upstream tests Resolves: rhbz#1682457 [0.34.5-1] - Upstream release 0.34.5 - Resolves: rhbz#1833289 - Rebase oddjob to 0.34.5 - Resolves: rhbz#1833052 - CVE-2020-10737 oddjob: race condition in oddjob_selinux_mkdir function in mkhomedir.c can lead to symlink attack MODERATE Copyright 2020 Oracle, Inc. CVE-2020-10737 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.6.5-7] - Fix CVE-2019-3833 Resolves: #1687865 [2.6.5-6] - Fix name of Patch6 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-3833 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 qt5-qtbase [5.12.5-6] - OpenSSL: handle SSL_shutdowns errors properly Resolves: bz#1851538 [5.12.5-5] - Fix: Files placed by attacker can influence the working directory and lead to malicious code execution Resolves: bz#1814739 Resolves: bz#1814683 - Fix: XML entity expansion vulnerability Resolves: bz#1822193 qt5-qttools [5.12.5-2] - Rebuild (LLVM-10) Resolves: bz#1832857 qt5-qtwebsockets [5.12.5-2] - Add a public api to set max frame and message size Resolves: bz#1815187 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-0569 CVE-2018-21035 CVE-2020-13962 CVE-2015-9541 CVE-2020-0570 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-10749 CVE-2020-10756 CVE-2020-14040 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.1.53-1] - Update to new upstream version [2.1.52-1] - Update to new upstream version MODERATE Copyright 2020 Oracle, Inc. CVE-2020-13867 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.42.7-4] - Resolves: rhbz#1804519 Add patch for CVE-2019-20446 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-20446 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-11782 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-18676 CVE-2019-18679 CVE-2019-12526 CVE-2019-12854 CVE-2019-12523 CVE-2019-18677 CVE-2019-18860 CVE-2019-12521 CVE-2019-12524 CVE-2020-14058 CVE-2020-24606 CVE-2019-12528 CVE-2020-8449 CVE-2020-8450 CVE-2019-12520 CVE-2019-12529 CVE-2020-15049 CVE-2019-18678 cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 httpd [2.4.37-13.0.1] - Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262] - Replace index.html with Oracles index page oracle_index.html [2.4.37-30] - Resolves: #1209162 - support logging to journald from CustomLog [2.4.37-29] - Resolves: #1823263 (CVE-2020-1934) - CVE-2020-1934 httpd: mod_proxy_ftp use of uninitialized value [2.4.37-28] - Related: #1771847 - BalancerMember ping parameter for mod_proxy_http doesnt work [2.4.37-27] - Resolves: #1823259 - CVE-2020-1927 httpd:2.4/httpd: mod_rewrite configurations vulnerable to open redirect - Resolves: #1747284 - CVE-2019-10098 httpd:2.4/httpd: mod_rewrite potential open redirect - Resolves: #1747281 - CVE-2019-10092 httpd:2.4/httpd: limited cross-site scripting in mod_proxy error page - Resolves: #1747291 - CVE-2019-10097 httpd:2.4/httpd: null-pointer dereference in mod_remoteip - Resolves: #1771847 - BalancerMember ping parameter for mod_proxy_http doesnt work - Resolves: #1794728 - Backport of SessionExpiryUpdateInterval directive mod_http2 [1.15.7-2] - Resolves: #1869073 - CVE-2020-9490 httpd:2.4/mod_http2: httpd: Push diary crash on specifically crafted HTTP/2 header [1.15.7-1] - new version 1.15.7 - Resolves: #1814236 - RFE: mod_http2 rebase - Resolves: #1747289 - CVE-2019-10082 httpd:2.4/mod_http2: httpd: read-after-free in h2 connection shutdown - Resolves: #1696099 - CVE-2019-0197 httpd:2.4/mod_http2: httpd: mod_http2: possible crash on late upgrade - Resolves: #1696094 - CVE-2019-0196 httpd:2.4/mod_http2: httpd: mod_http2: read-after-free on a string compare - Resolves: #1677591 - CVE-2018-17189 httpd:2.4/mod_http2: httpd: mod_http2: DoS via slow, unneeded request bodies mod_md [1:2.0.8-8] - Resolves: #1832844 - mod_md does not work with ACME server that does not provide keyChange or revokeCert resources MODERATE Copyright 2020 Oracle, Inc. CVE-2019-10082 CVE-2018-17189 CVE-2020-1927 CVE-2019-10081 CVE-2019-10097 CVE-2019-10092 CVE-2019-0197 CVE-2019-10098 CVE-2020-1934 CVE-2019-0196 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 varnish [6.0.6-2] - new version 6.0.6 - Resolves: #1795673 - RFE: rebase varnish:6 to latest 6.0.x LTS - Resolves: #1790907 - CVE-2019-20637 varnish: not clearing pointer between two client requests leads to information disclosure - Resolves: #1763958 - CVE-2019-15892 varnish:6/varnish: denial of service handling certain crafted HTTP/1 requests varnish-modules [0.15.0-5] - Related: #1795673 - RFE: rebase varnish:6 to latest 6.0.x LTS MODERATE Copyright 2020 Oracle, Inc. CVE-2019-20637 CVE-2019-15892 CVE-2020-11653 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [14:4.9.3-1] - Resolves: #1804063 - Rebase tcpdump to 4.9.3 to fix multiple CVEs MODERATE Copyright 2020 Oracle, Inc. CVE-2018-10103 CVE-2018-14879 CVE-2018-16451 CVE-2018-14882 CVE-2018-16228 CVE-2018-14467 CVE-2018-14461 CVE-2018-16227 CVE-2018-16230 CVE-2018-16300 CVE-2018-16452 CVE-2018-14463 CVE-2018-14464 CVE-2018-10105 CVE-2018-14468 CVE-2018-14469 CVE-2019-15166 CVE-2018-14881 CVE-2018-14465 CVE-2018-14880 CVE-2018-14462 CVE-2018-14466 CVE-2018-16229 CVE-2018-14470 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1:2.3.8-4] - fix CVE-2020-12100 resource exhaustion via deeply nested MIME parts (#1866756) - fix CVE-2020-12673 out of bound reads in dovecot NTLM implementation (#1866761) - fix CVE-2020-12674 crash due to assert in RPA implementation (#1866768) [1:2.3.8-3] - fix CVE-2020-10957 dovecot: malformed NOOP commands leads to DoS (#1840354) - fix CVE-2020-10958 dovecot: command followed by sufficient number of newlines leads to use-after-free (#1840357) - fix CVE-2020-10967 dovecot: sending mail with empty quoted localpart leads to DoS (#1840356) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-10958 CVE-2020-10967 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [0.6.22-4] - Add patch for CVE-2020-0181/CVE-2020-0198 - Resolves: #1847753 - Resolves: #1847761 [0.6.22-3] - Also remove timezone from the .mo files - Related: #1841320 [0.6.22-2] - Remove timestamps from the .mo files to avoid multilib conflicts - Related: #1841320 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-12767 CVE-2020-0182 CVE-2020-0198 CVE-2019-9278 CVE-2020-0181 CVE-2020-13113 CVE-2020-13114 CVE-2020-0093 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [3.0.20-3] - Require make for proper bootstrap execution, removes post script Resolves: bz#1672285 [3.0.20-2] - Fix breakage caused by OpenSSL FIPS regression Related: bz#1855822 Related: bz#1810911 Resolves: bz#1672285 [3.0.20-1] - Update to FreeRADIUS server version 3.0.20 - Introduce Python 3 support; resolves: bz#1623069 - DoS issues due to multithreaded BN_CTX access; resolves: bz#1818809 - Create tmp files in /run; resolves: bz#1805975 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-17185 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [20200602gitca407c7246bf-3.el8] - edk2-UefiCpuPkg-PiSmmCpuDxeSmm-pause-in-WaitForSemaphore-.patch [bz#1861718] - Resolves: bz#1861718 (Very slow boot when overcommitting CPU) [20200602gitca407c7246bf-2.el8] - edk2-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch [bz#1844682] - edk2-OvmfPkg-GenericQemuLoadImageLib-log-Not-Found-at-INF.patch [bz#1844682] - edk2-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch [bz#1844682] - Resolves: bz#1844682 (silent build of edk2-aarch64 logs DEBUG_ERROR messages that dont actually report serious errors) [20200602gitca407c7246bf-1.el8] - Rebase to edk2-stable202005 [bz#1817035] - Resolves: bz#1817035 ((edk2-rebase-rhel-8.3) - rebase edk2 to upstream tag edk2-stable202005 for RHEL-8.3) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-14559 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [19.11.3-1] - Rebase DPDK to 19.11.3 (#1868708) [19.11.2-1] - Rebase DPDK to 19.11.2 (#1836830, #1837024, #1837030, #1837022) [19.11.1-1] - Rebase DPDK to 19.11.1 (#1824905) - Remove dpdk-pmdinfo.py (#1801361) - Add Requires: rdma-core-devel libmnl-devel on x86_64 for dpdk-devel (#1813252) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10722 CVE-2020-10723 CVE-2020-10726 CVE-2020-10725 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [0.12.0-6] - Fix CVE-2017-18640 by using updated snakeyaml. MODERATE Copyright 2020 Oracle, Inc. CVE-2017-18640 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [3.28.1-3] - Fix CVE-2020-11736 (#1827395) - Fix CVE-2019-16680 (#1767594) MODERATE Copyright 2020 Oracle, Inc. CVE-2019-16680 CVE-2020-11736 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [6.8.2-2] - Fix CVE-2019-13225 Resolves: #1771052 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-13225 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 MODERATE Copyright 2020 Oracle, Inc. CVE-2018-14040 CVE-2020-11023 CVE-2020-15720 CVE-2020-11022 CVE-2020-1721 CVE-2019-8331 CVE-2015-9251 CVE-2016-10735 CVE-2019-10179 CVE-2018-14042 CVE-2019-10146 CVE-2019-11358 CVE-2019-10221 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 7 [2.8-14.el7_9.1] - Test bitmap size earlier for PNGs - Fix memory leak in pngshim.c - Resolves: #1891635 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15999 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 7 [1.6.7-3] - Fix CVE-2020-14363 (#1873922) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14363 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 Oracle Linux 7 [78.4.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.4.0-1] - Update to 78.4.0 build1 - Disabled telemetry IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15683 CVE-2020-15969 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [1.20.4-12] - CVE fixes for: CVE-2020-14345 (#1872389), CVE-2020-14346 (#1872393), CVE-2020-14361 (#1872400), CVE-2020-14362 (#1872407) - Temporarily revert fixes from 1.20.4-11 build for delivery of CVE fixes [1.20.4-11] - Fix a crash when moving an animated cursor between screens - Be case-insentive when matching extension names to enable or disable IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14362 CVE-2020-14345 CVE-2020-14361 CVE-2020-14346 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [78.4.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.4.0-1] - Update to 78.4.0 build1 - Disabled telemetry [78.3.1-1] - Update to 78.3.1 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15683 CVE-2020-15969 cpe:/a:oracle:linux:8::appstream Oracle Linux 6 [1.6.4-4] - Fix CVE-2020-14363 (#1873920) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14363 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 Oracle Linux 6 [78.4.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.4.0-1] - Update to 78.4.0 build1 - Disabled telemetry [78.3.1-1] - Update to 78.3.1 build1 [78.3.0-3] - Update to 78.3.0 build1 - Remove librdp.so as long as we cannot ship it in RHEL [78.2.1-1] - Update to 78.2.1 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15683 CVE-2020-15969 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 8 [2.9.1-4.el8_3.1] - Test bitmap size earlier for PNGs - Fix memory leak in pngshim.c - Resolves: #1891905 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15999 cpe:/o:oracle:linux:8:4:baseos_base cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:6:baseos_base cpe:/o:oracle:linux:8:3:baseos_patch cpe:/o:oracle:linux:8:5:baseos_base Oracle Linux 6 [1.17.4-18.0.1] - Fix regression from the patch for Orabug 27204421 which crashes Xvfb [Orabug: 28485058] - Fix X consumes 100% CPU if messagebus restarted [Orabug: 27204421] - Fix X server failure in FIPS mode [Orabug: 22866111] [1.17.4-18] - CVE fixes for: CVE-2020-14345 (#1872388), CVE-2020-14346 (#1872392), CVE-2020-14361 (#1872399), CVE-2020-14362 (#1872406) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14345 CVE-2020-14346 CVE-2020-14361 CVE-2020-14362 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [7.29.0-59.0.1.1] - Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug: 30568724] - Security Fixes [OraBug: 28939992] - CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html) - CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html) - CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html) - CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html) - CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html) - CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html) - CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html) - CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html) - CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html) - Drop 1001-tftp-Alloc-maximum-blksize-and-use-default-unless-OA.patch [7.29.0-59.el7_9.1] - avoid overwriting a local file with -J (CVE-2020-8177) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8177 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [4.2.1-41.2] - Upgrade bundled python-httplib2 to fix CVE-2020-11078 Resolves: rhbz#1850114 [4.2.1-41.1] - fence_lpar: fix issue with long username, hostname, etc not working when the command run by the agent exceeds 80 characters - fence_evacuate: enable evacuation of instances using private flavors Resolves: rhbz#1860545 Resolves: rhbz#1862024 LOW Copyright 2020 Oracle, Inc. CVE-2020-11078 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [4.1.1-61.4] - Upgrade bundled python-httplib2 to fix CVE-2020-11078 Resolves: rhbz#1850992 [4.1.1-61.2] - azure-lb: fix redirect issue Resolves: rhbz#1850779 [4.1.1-61.1] - gcp-vpc-move-vip: add support for multiple alias IPs - sybaseASE: run verify action during start action only - azure-events: handle exceptions in urlopen Resolves: rhbz#1846732 Resolves: rhbz#1848673 Resolves: rhbz#1862121 LOW Copyright 2021 Oracle, Inc. CVE-2020-11078 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [2.7.5-90.0.1] - Add Oracle Linux distribution in platform.py [orabug 20812544] [2.7.5-90] - Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907) Resolves: rhbz#1856481 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-20907 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [3.6.8-18.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-18] - Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907) Resolves: rhbz#1856481 - Resolve hash collisions for Pv4Interface and IPv6Interface (CVE-2020-14422) Resolves: rhbz#1854926 MODERATE Copyright 2020 Oracle, Inc. CVE-2019-20907 CVE-2020-14422 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [32:9.11.4-26.P2.2] - Fix unsupported algorithms validation (#rh1769876) [32:9.11.4-26.P2.1] - Fix tsig-request verify (CVE-2020-8622) - Prevent PKCS11 daemon crash on crafted packet (CVE-2020-8623) - Correct update-policy type subdomain to match documentation (CVE-2020-8624) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8624 CVE-2020-8623 CVE-2020-8622 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [1.8.1-8] - Validate paths read from repomd.xml (RhBug: 1866500) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-14352 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [0:7.0.76-16] - Resolves: rhbz#1814315 CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling LOW Copyright 2020 Oracle, Inc. CVE-2020-1935 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 qt [1:4.8.7-9] - Fix buffer overflow in XBM parser Resolves: bz#1870297 qt5-qtbase [5.9.7-5] - Fix buffer overflow in XBM parser Resolves: bz#1870365 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-17507 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [3.10.0-1160.6.1.OL7] - Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3 [3.10.0-1160.6.1] - [net] netfilter: nf_queue: place bridge physports into queue_entry struct (Florian Westphal) [1885682] - [net] netfilter: nf_queue: do not release refcouts until nf_reinject is done (Florian Westphal) [1885682] - [net] netfilter: nf_queue: make nf_queue_entry_release_refs static (Florian Westphal) [1885682] - [net] bluetooth: l2cap: Fix calling sk_filter on non-socket based channel (Gopal Tiwari) [1888253] {CVE-2020-12351} - [net] bluetooth: a2mp: Fix not initializing all members (Gopal Tiwari) [1888797] {CVE-2020-12352} [3.10.0-1160.5.1] - [x86] x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (Myron Stowe) [1849223] - [kernel] uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression (Oleg Nesterov) [1861396] - [video] vgacon: Fix for missing check in scrollback handling (Lyude Paul) [1859468] {CVE-2020-14331} - [pci] hv: Retry PCI bus D0 entry on invalid device state (Mohammed Gamal) [1846667] - [pci] hv: Fix the PCI HyperV probe failure path to release resource properly (Mohammed Gamal) [1846667] - [x86] xen: Add call of speculative_store_bypass_ht_init() to PV paths (Vladis Dronov) [1882468] - [powerpc] powerpc/smp: Use nid as fallback for package_id (Desnes Augusto Nunes do Rosario) [1826306] - [powerpc] powerpc/smp: Add Power9 scheduler topology (Desnes Augusto Nunes do Rosario) [1826306] - [kernel] sched: Add a new SD_SHARE_POWERDOMAIN for sched_domain (Desnes Augusto Nunes do Rosario) [1826306] - [powerpc] sched, powerpc: Create a dedicated topology table (Desnes Augusto Nunes do Rosario) [1826306] - [s390] sched, s390: Create a dedicated topology table (Desnes Augusto Nunes do Rosario) [1826306] - [s390] s390/topology: Remove call to update_cpu_masks() (Desnes Augusto Nunes do Rosario) [1826306] - [powerpc] powerpc/smp: Add cpu_l2_cache_map (Desnes Augusto Nunes do Rosario) [1826306] - [powerpc] powerpc/smp: Rework CPU topology construction (Desnes Augusto Nunes do Rosario) [1826306] - [powerpc] powerpc/smp: Use cpu_to_chip_id() to find core siblings (Desnes Augusto Nunes do Rosario) [1826306] - [powerpc] powerpc, hotplug: Avoid to touch non-existent cpumasks (Desnes Augusto Nunes do Rosario) [1826306] [3.10.0-1160.4.1] - [block] virtio-blk: handle block_device_operations callbacks after hot unplug (Stefan Hajnoczi) [1811893] - [scsi] Revert 'scsi: qla2xxx: Fix crash on qla2x00_mailbox_command' (Nilesh Javali) [1826127] - [scsi] scsi: qla2xxx: Fix stale mem access on driver unload (Nilesh Javali) [1826127] - [scsi] scsi: qedf: Fix crash when MFW calls for protocol stats while function is still probing (Nilesh Javali) [1836443] - [scsi] scsi: qedf: Keep track of num of pending flogi (Nilesh Javali) [1836443] - [scsi] scsi: qedf: Fix race betwen fipvlan request and response path (Nilesh Javali) [1836443] - [scsi] scsi: qedf: Decrease the LL2 MTU size to 2500 (Nilesh Javali) [1836443] - [scsi] scsi: qedf: Check for module unloading bit before processing link update AEN (Nilesh Javali) [1836443] - [scsi] scsi: qedf: Initiator fails to re-login to switch after link down (Nilesh Javali) [1836443] - [scsi] scsi: qedf: Fix crash during sg_reset (Nilesh Javali) [1836443] - [scsi] scsi: qedf: Stop sending fipvlan request on unload (Nilesh Javali) [1836443] - [message] scsi: mptscsih: Fix read sense data size (Tomas Henzl) [1829803] - [scsi] scsi: megaraid_sas: Clear affinity hint (Tomas Henzl) [1828312] [3.10.0-1160.3.1] - [net] net-sysfs: Call dev_hold always in rx_queue_add_kobject (Hangbin Liu) [1846454] {CVE-2019-20811} - [net] net-sysfs: Call dev_hold always in netdev_queue_add_kobject (Hangbin Liu) [1846454] {CVE-2019-20811} - [net] net-sysfs: call dev_hold if kobject_init_and_add success (Hangbin Liu) [1846454] {CVE-2019-20811} - [netdrv] macvlan: Change status when lower device goes down (Hangbin Liu) [1848950] - [netdrv] macvlan: make operstate and carrier more accurate (Hangbin Liu) [1848950] - [infiniband] RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (Kamal Heib) [1858707] - [infiniband] RDMA/ipoib: Return void from ipoib_ib_dev_stop() (Kamal Heib) [1858707] - [net] tcp: limit sk_write_qlen based on sndbuf size (Florian Westphal) [1847765] - [netdrv] net/mlx5e: Modify uplink state on interface up/down (Alaa Hleihel) [1733181] - [netdrv] net/mlx5: E-Switch, Disable esw manager vport correctly (Alaa Hleihel) [1733181] - [netdrv] net/mlx5: E-Switch, Properly refer to host PF vport as other vport (Alaa Hleihel) [1733181] MODERATE Copyright 2020 Oracle, Inc. CVE-2019-20811 CVE-2020-14331 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [4.5.0-36.el7_9.3] - rpc: gendispatch: handle empty flags (CVE-2020-25637) - rpc: add support for filtering @acls by uint params (CVE-2020-25637) - rpc: require write acl for guest agent in virDomainInterfaceAddresses (CVE-2020-25637) - qemu: agent: set ifname to NULL after freeing (CVE-2020-25637) - conf: properly clear out autogenerated macvtap names when formatting/parsing (rhbz#1868549) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-25637 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [2:2.1-73.2.0.1] - for Intel, do not trigger load if on-disk microcode is not an update [Orabug: 30634727] - set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618736] - ensure late loading fixes are present on 4.1.12-* and 4.14.35-* - enable early and late load for 5.4.17-* - enable early loading for 06-4f-01 caveat - remove 06-55-04 caveat [2:2.1-73.2] - Update Intel CPU microcode to microcode-20201027 release, addresses CVE-2020-8694, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698 (#1893261, #1893249, #1893229): - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e; - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68; - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0; - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0; - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0; - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision 0xe0; - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2; - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up to 0x2006a08; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde; - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up to 0xe0; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up to 0xde; - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from revision 0xd6 up to 0xde; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up to 0xde; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up to 0xde; - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up to 0xde; - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up to 0xde; - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up to 0xde; - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode from revision 0x43 up to 0x44; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157 up to 0x1000159; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01 up to 0x4003003; - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x5002f01 up to 0x5003003; - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up to 0x40; - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up to 0x1e; - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up to 0x18; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78 up to 0xa0; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca up to 0xe0. [2:2.1-73.1] - Add README file to the documentation directory. - Add publicly-sourced codenames list to supply to gen_provides.sh; update the latter to handle the somewhat different format. - Add SUMMARY.intel-ucode file containing metadata information from the microcode file headers. MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 6 [3:1.17-33.31.0.1] - recognize the 'force-intel' file path available on EL7+ [orabug 31655792] - disable live load during %post due to UEK4 rendezvous timeouts [orabug 31655792] - merge Oracle changes for early load via dracut - remove no longer appropriate caveats for 06-2d-07 and 06-55-04 - remove other caveat support to be compatible with early load logic - enable late load on install for UEK4 kernels marked safe (except BDW-79) - set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618737] [2:1.17-33.31] - Update Intel CPU microcode to microcode-20201027 release, addresses CVE-2020-8694, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698 (#1893243, #1893238): - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode (in microcode.dat) at revision 0x700001e; - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in microcode.dat) at revision 0x68; - Addition of 06-a5-02/0x20 (CML-H R1) microcode (in microcode.dat) at revision 0xe0; - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode (in microcode.dat) at revision 0xe0; - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode (in microcode.dat) at revision 0xe0; - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode (in microcode.dat) at revision 0xe0; - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in microcode-06-4e-03.dat) from revision 0xdc up to 0xe2; - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in microcode-06-55-04.dat) from revision 0x2006906 up to 0x2006a08; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in microcode-06-5e-03.dat) from revision 0xdc up to 0xe2; - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode (in microcode.dat) from revision 0x43 up to 0x44; - Update of 06-55-03/0x97 (SKX-SP B1) microcode (in microcode.dat) from revision 0x1000157 up to 0x1000159; - Update of 06-55-06/0xbf (CLX-SP B0) microcode (in microcode.dat) from revision 0x4002f01 up to 0x4003003; - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode (in microcode.dat) from revision 0x5002f01 up to 0x5003003; - Update of 06-5c-09/0x03 (APL D0) microcode (in microcode.dat) from revision 0x38 up to 0x40; - Update of 06-5c-0a/0x03 (APL B1/F1) microcode (in microcode.dat) from revision 0x16 up to 0x1e; - Update of 06-7a-08/0x01 (GLK-R R0) microcode (in microcode.dat) from revision 0x16 up to 0x18; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode (in microcode.dat) from revision 0x78 up to 0xa0; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in microcode.dat) from revision 0xd6 up to 0xe0; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in microcode.dat) from revision 0xd6 up to 0xde; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode (in microcode.dat) from revision 0xca up to 0xe0. [2:1.17-33.30] - Add README file to the documentation directory. - Add publicly-sourced codenames list to supply to gen_provides.sh; update the latter to handle the somewhat different format. - Add SUMMARY.intel-ucode file containing metadata information from the microcode file headers. MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8698 CVE-2020-8696 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 Oracle Linux 8 [4:20200609-2.20201027.1.0.1] - add support for UEK6 kernels - remove no longer appropriate caveats for 06-2d-07 and 06-55-04 [4:20200609-2.20201027.1] - Update Intel CPU microcode to microcode-20201027 release, addresses CVE-2020-8694, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698 (#1893265, #1893253, #1893233): - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e; - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68; - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0; - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0; - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0; - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision 0xe0; - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2; - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up to 0x2006a08; - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2; - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde; - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde; - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up to 0xe0; - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up to 0xde; - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from revision 0xd6 up to 0xde; - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up to 0xde; - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up to 0xde; - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up to 0xde; - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up to 0xde; - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up to 0xde; - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode from revision 0x43 up to 0x44; - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157 up to 0x1000159; - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01 up to 0x4003003; - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x5002f01 up to 0x5003003; - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up to 0x40; - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up to 0x1e; - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up to 0x18; - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78 up to 0xa0; - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca up to 0xe0. [4:20200609-2.20200609.3] - Add README file to the documentation directory. - Add publicly-sourced codenames list to supply to gen_provides.sh; update the latter to handle the somewhat different format. - Add SUMMARY.intel-ucode file containing metadata information from the microcode file headers. MODERATE Copyright 2020 Oracle, Inc. CVE-2020-8696 CVE-2020-8695 CVE-2020-8698 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:3:baseos_patch Oracle Linux 7 [78.4.1-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file * Tue Nov 10 2020 erack@redhat.com - 78.4.1-1 - Update to 78.4.1 - Filtering nss/nspr libs [78.4.0-3] - Fixing flatpak build, fixing firefox.sh.in to not disable langpacks loading [78.4.0-2] - Enable addon sideloading CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-26950 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [78.4.1-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.4.1-1] - Update to 78.4.1 [78.4.0-3] - Fixing flatpak build, fixing firefox.sh.in to not disable langpacks loading [78.4.0-2] - Enable addon sideloading [78.4.0-1] - Update to 78.4.0 build2 CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-26950 cpe:/a:oracle:linux:8::appstream Oracle Linux 6 [78.4.1-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one * Tue Nov 10 2020 erack@redhat.com - 78.4.1-1 - Update to 78.4.1 - Filtering nss/nspr libs [78.4.0-3] - Fixing flatpak build, fixing firefox.sh.in to not disable langpacks loading [78.4.0-2] - Enable addon sideloading [78.4.0-1] - Update to 78.4.0 build2 * Fri Sep 18 2020 Jan Horak <jhorak@redhat.com> - Update to 78.3.0 build1 [78.2.0-3] - Update to 78.2.0 build1 CRITICAL Copyright 2020 Oracle, Inc. CVE-2020-26950 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1:5.5-60.0.1] - Add Oracle ACFS to hrStorage (John Haxby) [orabug 18510373] [1:5.5-60.el6.2] - fix CVE-2020-15862 (#1875960) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15862 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 Oracle Linux 8 [78.4.3-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.4.3-1] - Update to 78.4.3 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26950 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [78.4.3-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.4.3-1] - Update to 78.4.3 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26950 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 6 [78.4.3-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.4.3-1] - Update to 78.4.3 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26950 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [78.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.5.0-1] - Update to 78.5.0 build3 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26956 CVE-2020-26965 CVE-2020-26958 CVE-2020-26961 CVE-2020-26959 CVE-2020-16012 CVE-2020-26953 CVE-2020-26960 CVE-2020-26951 CVE-2020-26968 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [78.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.5.0-1] - Update to 78.5.0 build3 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-16012 CVE-2020-26959 CVE-2020-26965 CVE-2020-26953 CVE-2020-26956 CVE-2020-26951 CVE-2020-26960 CVE-2020-26958 CVE-2020-26961 CVE-2020-26968 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [78.5.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.5.0-1] - Update to 78.5.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26951 CVE-2020-26953 CVE-2020-26965 CVE-2020-26968 CVE-2020-16012 CVE-2020-26960 CVE-2020-26961 CVE-2020-26958 CVE-2020-26956 CVE-2020-26959 cpe:/a:oracle:linux:8::appstream Oracle Linux 6 [78.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.5.0-1] - Update to 78.5.0 build3 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26951 CVE-2020-26960 CVE-2020-26968 CVE-2020-26953 CVE-2020-26956 CVE-2020-26959 CVE-2020-16012 CVE-2020-26958 CVE-2020-26965 CVE-2020-26961 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [78.5.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.5.0-1] - Update to 78.5.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-16012 CVE-2020-26965 CVE-2020-26960 CVE-2020-26961 CVE-2020-26958 CVE-2020-26956 CVE-2020-26953 CVE-2020-26959 CVE-2020-26968 CVE-2020-26951 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 6 [78.5.0-1.0.1] - Fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [78.5.0-1] - Update to 78.5.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26965 CVE-2020-26951 CVE-2020-26959 CVE-2020-26968 CVE-2020-26961 CVE-2020-26956 CVE-2020-26953 CVE-2020-16012 CVE-2020-26958 CVE-2020-26960 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [1:5.7.2-49.1] - fix CVE-2020-15862 (#1875496) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15862 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 Oracle Linux 8 [0.6.22-5] - Fix CVE-2020-0452 - Resolves: #1902593 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-0452 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream_developer cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 [78.5.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.5.1-1] - Update to 78.5.1 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26970 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [78.5.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.5.1-1] - Update to 78.5.1 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26970 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [12.5-1] - Rebase to upstream release 12.5 Resolves: rhbz#1898228 Resolves: rhbz#1901558 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-25696 CVE-2020-25694 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [0.6.22-2] - Fix CVE-2020-0181, CVE-2020-0198, and CVE-2020-0452 - Resolves: #1902589 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-0452 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [1.20.4-15] - CVE fix for: CVE-2020-25712 (#1904937), CVE-2020-14360 (#1904934) [1.20.4-14] - CVE fix for: CVE-2020-14347 (#1862319) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14347 CVE-2020-14360 CVE-2020-25712 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [2.1.53-1.0.1] - added Requires: python-gobject-base [Orabug: 30252308] [2.1.53-1] - Rebase the targetcli package to fix some security issues MODERATE Copyright 2020 Oracle, Inc. CVE-2020-13867 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 7 [2.1.74-1.0.1] - Add patch 0005-allow-mixed-case-in-oracle-iqns to fix [Orabug: 27613482] - Add patch 0004-allow-underscore-in-oracle-iqns to fix [Orabug: 27582660] - Add patch 0014-reenable-vhost to fix [Orabug: 27707403] <alan.adamson@oracle.com> [2.1.74-1] - Rebase to the latest upstream version MODERATE Copyright 2020 Oracle, Inc. CVE-2020-14019 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [3.10.0-1160.11.1.OL7] - Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3 [3.10.0-1160.11.1] - [netdrv] hdlc_ppp: add range checks in ppp_cp_parse_cr() (Guillaume Nault) [1882078] {CVE-2020-25643} - [fs] ext4: fix potential negative array index in do_split() (Pavel Reichl) [1846164] {CVE-2020-14314} - [fs] nfsd: apply umask on fs without ACL support ('J. Bruce Fields') [1870215] {CVE-2020-24394} - [kernel] watchdog/core: Remove the park_in_progress obfuscation (Waiman Long) [1860661] - [mm] swap_slots: recheck cache->slots_ret under spin_lock_irq() protection (Rafael Aquini) [1862915] - [netdrv] ethernet: i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (Stefan Assmann) [1845677] - [infiniband] mlx5: Fix use-after-free in dereg_mr() (Alaa Hleihel) [1880184] [3.10.0-1160.10.1] - [md] dm-mirror: provide the merge method (Mikulas Patocka) [1890059] - [nvme] nvme-rdma: cancel async events before freeing event struct (David Milburn) [1857397] - [s390] dasd: Use struct_size() helper (Sterling Alexander) [1886477] - [s390] dasd: fix inability to use DASD with DIAG driver (Sterling Alexander) [1886477] - [hv] hv_utils: drain the timesync packets on onchannelcallback (Vitaly Kuznetsov) [1884735] - [hv] hv_utils: return error if host timesysnc update is stale (Vitaly Kuznetsov) [1884735] - [x86] cpu: Re-apply forced caps every time CPU caps are re-read (Herbert Xu) [1886792] - [x86] cpu: Factor out application of forced CPU caps (Herbert Xu) [1886792] [3.10.0-1160.9.1] - [hv] hv: vmbus: Only notify Hyper-V for die events that are oops (Vitaly Kuznetsov) [1868130] - [uapi] include: do not export changes made to struct ip_ct_sctp (Florian Westphal) [1887975] - [net] openvswitch: free vport unless register_netdevice() succeeds (Timothy Redaelli) [1869190] - [net] openvswitch: do not free vport if register_netdevice() is failed (Timothy Redaelli) [1869190] - [kernel] signals: avoid random wakeups in sigsuspend() (Oleg Nesterov) [1704650] - [fs] nfs: Fix getxattr kernel panic and memory overflow (Benjamin Coddington) [1880893] {CVE-2020-25212} [3.10.0-1160.8.1] - [kernel] sched/fair: Fix RCU stall upon -ENOMEM in sched_create_group() (Kenneth Yin) [1878000] - [security] selinux: do not report error on connect(AF_UNSPEC) (Paolo Abeni) [1886305] - [kernel] timer: Fix lockup in __run_timers() caused by large jiffies/timer_jiffies delta (Waiman Long) [1849716] - [mm] revert 'mm/page_alloc: fix memmap_init_zone pageblock alignment' (Artem Savkov) [1878732] - [mm] page_alloc: Make paranoid check in move_freepages a VM_BUG_ON (Artem Savkov) [1878732] - [nvme] rdma: Avoid double freeing of async event data (Gopal Tiwari) [1878950] - [pci] hv: Fix a timing issue which causes kdump to fail occasionally (Mohammed Gamal) [1846667] [3.10.0-1160.7.1] - [fs] xfs: fix off-by-one in inode alloc block reservation calculation (Brian Foster) [1857203] - [fs] xfs: fix inode allocation block res calculation precedence (Brian Foster) [1857203] - [powerpc] powernv/dump: Handle multiple writes to ack attribute (Gustavo Duarte) [1873189] - [powerpc] powernv/dump: Fix race while processing OPAL dump (Gustavo Duarte) [1873189] - [powerpc] powernv: opal-dump: Use IRQ_HANDLED instead of numbers in interrupt handler (Gustavo Duarte) [1873189] - [powerpc] opal_elog: Handle multiple writes to ack attribute (Gustavo Duarte) [1873189] - [powerpc] powernv/elog: Fix race while processing OPAL error log event (Gustavo Duarte) [1873189] - [powerpc] powernv Adapt opal-elog and opal-dump to new sysfs_remove_file_self (Gustavo Duarte) [1873189] - [powerpc] powernv: Fix opal-elog interrupt handler (Gustavo Duarte) [1873189] - [net] flow_dissector: switch to siphash (Davide Caratti) [1835614] {CVE-2019-18282} - [fs] xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [1875317] {CVE-2020-14385} - [fs] cifs: make 'nodfs' mount opt a superblock flag (Leif Sahlberg) [1873033] - [crypto] crypto: authenc - fix parsing key with misaligned rta_len (Herbert Xu) [1846355] {CVE-2020-10769} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14314 CVE-2020-24394 CVE-2020-14385 CVE-2020-10769 CVE-2020-25643 CVE-2019-18282 CVE-2020-25212 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [4.10.17-9] - related: #1853272 - Add back missing patch hunks [4.10.16-8] - resolves: #1878205 - Fix restarting winbind on package upgrade - resolves: #1892632 - Fix CVE-2020-14318 - resolves: #1891687 - Fix CVE-2020-14323 - resolves: #1879834 - Fix CVE-2020-1472 - resolves: #1892313 - Fix memory leak in winbindd (wbinfo -u) - resolves: #1868917 - Fix %U substitution for 'valid users' option - resolves: #1853272 - Fix 'require_membership_of' documentation in pam_winbind{.conf} manpage MODERATE Copyright 2020 Oracle, Inc. CVE-2020-14323 CVE-2020-1472 CVE-2020-14318 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [2.0.35-27] - Fix CVE-2016-5766 - Resolves: #1356813 - Upstream patch: https://github.com/libgd/libgd/commit/aba3db8 MODERATE Copyright 2020 Oracle, Inc. CVE-2016-5766 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [1.1.23-1.0.1] - Upstream reference in pacemaker crm_report binary [Orabug: 31611300] [1.1.23-1.1] - Prevent ACL bypass (CVE-2020-25654) - Resolves: rhbz#1892140 MODERATE Copyright 2021 Oracle, Inc. CVE-2020-25654 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [4.18.0-240.8.1_3.OL8] - Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7 [4.18.0-240.8.1_3] - [s390] s390/dasd: Fix zero write for FBA devices (Ming Lei) [1896787 1881760] - [s390] mm/gup: fix gup_fast with dynamic page table folding (Philipp Rudo) [1896351 1883266] - [netdrv] ibmveth: Identify ingress large send packets (Gustavo Duarte) [1896299 1887038] - [netdrv] ibmveth: Switch order of ibmveth_helper calls (Gustavo Duarte) [1896299 1887038] [4.18.0-240.7.1_3] - [fs] writeback: Drop I_DIRTY_TIME_EXPIRE (Waiman Long) [1901547 1860031] - [fs] writeback: Fix sync livelock due to b_dirty_time processing (Waiman Long) [1901547 1860031] - [fs] writeback: Avoid skipping inode writeback (Waiman Long) [1901547 1860031] - [fs] writeback: Protect inode->i_io_list with inode->i_lock (Waiman Long) [1901547 1860031] - [fs] fs: Introduce DCACHE_DONTCACHE (Waiman Long) [1901547 1860031] - [fs] fs: Lift XFS_IDONTCACHE to the VFS layer (Waiman Long) [1901547 1860031] - [fs] dcache: sort the freeing-without-RCU-delay mess for good (Waiman Long) [1901547 1860031] - [net] ip_tunnel_core: Fix build for archs without _HAVE_ARCH_IPV6_CSUM (Aaron Conole) [1885766 1849736] - [tools] selftests: pmtu.sh: Add tests for UDP tunnels handled by Open vSwitch (Aaron Conole) [1885766 1849736] - [tools] selftests: pmtu.sh: Add tests for bridged UDP tunnels (Aaron Conole) [1885766 1849736] - [net] geneve: Support for PMTU discovery on directly bridged links (Aaron Conole) [1885766 1849736] - [net] vxlan: Support for PMTU discovery on directly bridged links (Aaron Conole) [1885766 1849736] - [net] tunnels: PMTU discovery support for directly bridged IP packets (Aaron Conole) [1885766 1849736] - [net] ipv4: route: Ignore output interface in FIB lookup for PMTU route (Aaron Conole) [1885766 1849736] - [netdrv] geneve: add transport ports in route lookup for geneve (Mark Gray) [1891818 1884481] {CVE-2020-25645} - [kernel] PM: hibernate: Batch hibernate and resume IO requests (Lenny Szubowicz) [1894629 1868096] - [md] dm: fix comment in __dm_suspend() (Mike Snitzer) [1890233 1881531] - [md] dm: fold dm_process_bio() into dm_make_request() (Mike Snitzer) [1890233 1881531] - [md] dm: fix missing imposition of queue_limits from dm_wq_work() thread (Mike Snitzer) [1890233 1881531] - [md] dm: optimize max_io_len() by inlining max_io_len_target_boundary() (Mike Snitzer) [1890233 1881531] - [md] dm: push md->immutable_target optimization down to __process_bio() (Mike Snitzer) [1890233 1881531] - [md] dm: change max_io_len() to use blk_max_size_offset() (Mike Snitzer) [1890233 1881531] - [md] dm table: stack 'chunk_sectors' limit to account for target-specific splitting (Mike Snitzer) [1890233 1881531] - [block] block: allow 'chunk_sectors' to be non-power-of-2 (Mike Snitzer) [1890233 1881531] - [block] block: use lcm_not_zero() when stacking chunk_sectors (Mike Snitzer) [1890233 1881531] - [md] dm: fix bio splitting and its bio completion order for regular IO (Mike Snitzer) [1890233 1881531] [4.18.0-240.6.1_3] - [arm64] paravirt: Initialize steal time when cpu is online (Andrew Jones) [1898758 1879137] - [kvm] Revert 'x86/kvm: Move context tracking where it belongs' (Nitesh Narayan Lal) [1897716 1890284] - [pci] hv: Fix hibernation in case interrupts are not re-created (Mohammed Gamal) [1896435 1846838] - [hv] hv: vmbus: hibernation: do not hang forever in vmbus_bus_resume() (Mohammed Gamal) [1896434 1876519] - [netdrv] hv_netvsc: Cache the current data path to avoid duplicate call and message (Mohammed Gamal) [1896433 1876527] - [netdrv] hv_netvsc: Switch the data path at the right time during hibernation (Mohammed Gamal) [1896433 1876527] - [netdrv] hv_netvsc: Fix hibernation for mlx5 VF driver (Mohammed Gamal) [1896433 1876527] - [tools] selftests/powerpc: Make alignment handler test P9N DD2.1 vector CI load workaround (Gustavo Duarte) [1897278 1887442] - [powerpc] powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation (Gustavo Duarte) [1897278 1887442] [4.18.0-240.5.1_3] - [crypto] crypto: testmgr - mark cts(cbc(aes)) as FIPS allowed (Vladis Dronov) [1886189 1855161] [4.18.0-240.4.1_3] - [kernel] sched/features: Fix !CONFIG_JUMP_LABEL case (Daniel Bristot de Oliveira) [1894073 1885850] [4.18.0-240.3.1_3] - [iommu] iommu/amd: Fix the overwritten field in IVMD header (Baoquan He) [1888113 1869148] - [fs] xfs: trim IO to found COW extent limit (Eric Sandeen) [1886895 1882549] - [char] random32: update the net random state on interrupt and activity (Donghai Qiao) [1888233 1867569] {CVE-2020-16166} - [net] openvswitch: fixes crash if nf_conncount_init() fails (Eelco Chaudron) [1879935 1876445] [4.18.0-240.2.1_3] - [tools] selftests: rtnetlink: Test bridge enslavement with different parent IDs (Jonathan Toppins) [1886017 1860479] - [tools] selftests: rtnetlink: correct the final return value for the test (Jonathan Toppins) [1886017 1860479] - [net] Fix bridge enslavement failure (Jonathan Toppins) [1886017 1860479] - [net] netfilter: conntrack: proc: rename stat column (Florian Westphal) [1882094 1875681] - [net] netfilter: conntrack: add clash resolution stat counter (Florian Westphal) [1882094 1875681] - [net] netfilter: conntrack: remove ignore stats (Florian Westphal) [1882094 1875681] - [net] netfilter: conntrack: do not increment two error counters at same time (Florian Westphal) [1882094 1875681] - [net] netfilter: conntrack: do not auto-delete clash entries on reply (Florian Westphal) [1882094 1875681] - [kernel] time/tick-broadcast: Fix tick_broadcast_offline() lockdep complaint (Alexey Klimov) [1880080 1877380] MODERATE Copyright 2020 Oracle, Inc. CVE-2020-16166 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:3:baseos_patch cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.1.1g-12] - Fix CVE-2020-1971 ediparty null pointer dereference [1.1.1g-11.1] - Implemented new FIPS requirements in regards to KDF and DH selftests - Disallow certificates with explicit EC parameters IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1971 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:3:baseos_patch Oracle Linux 8 [1:5.8-18.1] - revert permission of config files to 600 (#1902662) [1:5.8-18] - fix CVE-2020-15862 (#1886100) - fix bulk responses for invalid PID (#1896760) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15862 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:3:baseos_patch cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [3.6.14-7] - Increase DH key bits to >= 2048 in self-tests (#1879506) - Implement self-tests for KDF and CMAC (#1890870) - Fix CVE-2020-24659: heap buffer-overflow when 'no_renegotiation' alert is received (#1873959) MODERATE Copyright 2020 Oracle, Inc. CVE-2020-24659 cpe:/o:oracle:linux:8:4:baseos_base cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:3:baseos_patch cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.0.4-6.1] - Prevent users from bypassing ACLs by using IPC directly (CVE-2020-25654) - Resolves: rhbz1891528 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-25654 cpe:/a:oracle:linux:8::addons cpe:/a:oracle:linux:8::appstream Oracle Linux 8 delve [1.4.1-1.0.1] - Disable DWARF compression which has issues (Alex Burmashev) [1.4.1-1] - Rebase to 1.4.1 - Resolves: rhbz#1821281 - Related: rhbz#1820596 [1.4.0-2] - Change i686 to a better macro - Related: rhbz#1820596 [1.4.0-1] - Rebase to 1.4.0 - Remove Patch1781 - Related: rhbz#1820596 [1.3.2-3] - Resolves: rhbz#1758612 - Resolves: rhbz#1780554 - Add patch: 1781-pkg-terminal-Fix-exit-status.patch [1.3.2-2] - Added tests - Related: rhbz#1758612 [1.3.2-1] - First package for RHEL - Related: rhbz#1758612 golang [1.14.12-1] - Rebase to 1.14.12 - Resolves: rhbz#1898829 - Resolves: rhbz#1898832 - Resolves: rhbz#1898834 [1.14.10-1] - Rebase to 1.14.10 - Remove patch to fix missing deferreturn on linux/ppc64le rhbz#1854836 - Resolves: rhbz#1897181 - Resolves: rhbz#1897182 - Resolves: rhbz#1897185 go-toolset [1.14.12-1] - Rebase to 1.14.12 - Resolves: rhbz#1898829 - Resolves: rhbz#1898832 - Resolves: rhbz#1898834 [1.14.10-1] - Rebase to 1.14.10 - Resolves: rhbz#1897181 - Resolves: rhbz#1897182 - Resolves: rhbz#1897185 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-28362 CVE-2020-24553 CVE-2020-28366 CVE-2020-28367 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1:1.16.1-1.0.1.1] - Remove Red Hat references [Orabug: 29498217] [1:1.16.1-1.1] - Resolves: #1898952 - CVE 2019-20372 nginx:1.16/nginx: HTTP request smuggling via error pages in http/ngx_http_special_response.c MODERATE Copyright 2020 Oracle, Inc. CVE-2019-20372 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 nodejs [1:12.19.1-1] - Resolves: RHBZ#1901044, #1901045, #1901046, #1901047 - c-ares, ajv and y18n CVEs and yarn installability issues MODERATE Copyright 2020 Oracle, Inc. CVE-2020-7774 CVE-2020-8277 CVE-2020-15366 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 8 asio [1.10.8-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [1.10.8-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1.10.8-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1.10.8-4] - Rebuilt for Boost 1.64 [1.10.8-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [1.10.8-2] - Rebuilt for Boost 1.63 [1.10.8-1] - Update to 1.10.8 [1.10.7-1] - Update to 1.10.7 [1.10.6-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.10.6-6] - Rebuilt for Boost 1.60 [1.10.6-5] - Remove useless pieces of the spec - Conform to more recent SPEC style - Fix date in changelog that was giving warnings [1.10.6-4] - Move from define to global [1.10.6-3] - Rebuilt for Boost 1.59 [1.10.6-2] - Rebuilt for https://fedoraproject.org/wiki/Changes/F23Boost159 [-1.10.6-1] - Update to 1.10.6 version [1.10.4-5] - rebuild for Boost 1.58 [1.10.4-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.10.4-3] - Rebuild for boost 1.57.0 [1.10.4-2] - Forgot to update the commit id [1.10.4-1] - Update to 1.10.4 version [1.10.3-1] - Update to 1.10.3 version [1.4.8-9] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [1.4.8-8] - Rebuild for boost 1.55.0 [1.4.8-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [1.4.8-6] - Rebuild for boost 1.54.0 [1.4.8-5] - Rebuild for Boost-1.53.0 [1.4.8-4] - Rebuild for Boost-1.53.0 [1.4.8-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [1.4.8-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [1.4.8-1] - Update to 1.4.8 bugfix release [1.4.1-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [1.4.1-3] - fix FTBFS #538893 and #599857 (patch by Petr Machata) [1.4.1-2] - The tarball is now a gzip archive [1.4.1-1] - New upstream release [1.2.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [1.2.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [1.2.0-1] - New upstream release galera [25.3.31-1] - Rebase to 25.3.31 Resolves: #1731289, #1856812 Judy mariadb [3:10.3.27-3] - Remove mariadb_rpl.h from includedir This file is shipped in mariadb-connector-c package - Require matching version of mariadb-connector-c package [3:10.3.27-2] - Disable building of the ed25519 client plugin. From now on it will be shipped by 'mariadb-connector-c' package [3:10.3.27-1] - Rebase to 10.3.27 - mariadb-debug_build.patch is no more needed, upstream did the changes: https://github.com/MariaDB/server/commit/31eaa2029f3c2a4f8e5609ce8b87682286238d9a#diff-32766783af7cac683980224d63c59929 https://github.com/MariaDB/server/commit/23c6fb3e6231b8939331e2d9f157092f24ed8f4f#diff-78f3162f137407db5240950beb2bcd7c [3:10.3.23-1] - Rebase to 10.3.23 - Make conflicts between corresponding mariadb and mysql packages explicit - Get rid of the Conflicts macro, it was intended to mark conflicts with *upstream* packages Resolves: #1853159 [3:10.3.22-1] - Rebase to 10.3.22 [3:10.3.21-1] - Rebase to 10.3.21 [3:10.3.20-2] - Change path of groonga's packaged files - Fix bz#1763287 [3:10.3.20-1] - Rebase to 10.3.20 - NOTE: 10.3.19 was deleted by upstream [3:10.3.18-1] - Rebase to 10.3.18 [3:10.3.17-2] - Fix the debug build IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2752 CVE-2020-2574 CVE-2020-2812 CVE-2020-14765 CVE-2020-2760 CVE-2020-14789 CVE-2019-2974 CVE-2020-14776 CVE-2019-2938 CVE-2020-13249 CVE-2020-2814 CVE-2020-2780 CVE-2020-14812 CVE-2020-15180 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:linux:8::codeready_builder_developer Oracle Linux 8 [3.1.11-2] - Require specific minimal version of the 'mariadb' package, if it is installed [3.1.11-1] - Rebase to 3.1.11 [3.1.9-1] - Rebase to 3.1.9 - Overlinking issues fixed by upstream in 3.1.3 release - Add explicit confict between mariadb-connector-c-devel and mysql-devel packages [3.1.2-1] - Rebase to 3.1.2 - Introducing ED25519 plugin - Plugindir issues (from 3.0.9 release) fixed by upstream Resolves: #1691176 [3.0.10-1] - Rebase to 3.0.10 - Use macro for tarball name - Use macro to set build flags - Use macros for make commands - Remove the scriptlets non relevant for RHEL-8 - Add info for the testsuite execution - Remove glob from library version - Remove info about the upstream issues [3.0.8-2] - Add 'zlib-devel' requirement in '-devel' subpackage. MariaDB requires linking with '-lz', which will fail without the zlib library - Resolves: #1710471 [3.0.8-1] - Rebase to 3.0.8 MODERATE Copyright 2020 Oracle, Inc. CVE-2020-13249 CVE-2020-2752 CVE-2020-2574 CVE-2020-2922 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:8:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::appstream_developer Oracle Linux 6 Oracle Linux 7 [4.1.12-124.35.1] - ixgbe: protect TX timestamping from API misuse (Manjunath Patil) [Orabug: 30275491] - block: init flush rq ref count to 1 (Josef Bacik) [Orabug: 30360559] - block: fix null pointer dereference in blk_mq_rq_timed_out() (Yufen Yu) [Orabug: 30360559] - blk-mq: Remove generation seqeunce (Keith Busch) [Orabug: 30360559] - scsi: libsas: delete sas port if expander discover failed (Jason Yan) [Orabug: 30580687] {CVE-2019-15807} - scsi: qla2xxx: fix a potential NULL pointer dereference (Allen Pais) [Orabug: 30618784] {CVE-2019-16233} - printk: Default console logging level should be set to 4 (Boris Ostrovsky) [Orabug: 30657070] [4.1.12-124.34.2] - scsi: lpfc: Remove lpfc_enable_pbde as module parameter (James Smart) [Orabug: 30569875] - scsi: lpfc: Make PBDE optimizations configurable (James Smart) [Orabug: 30569875] - scsi: lpfc: Update driver version to 11.4.0.8 and Copyright updates (Ketan Mukadam) [Orabug: 30569875] - scsi: lpfc: Fix ELS abort on SLI-3 adapters (James Smart) [Orabug: 30569875] - scsi: lpfc: Correct race with abort on completion path (James Smart) [Orabug: 30569875] - scsi: lpfc: update manufacturer attribute to reflect Broadcom (James Smart) [Orabug: 30569875] [Orabug: 29212758] - scsi: lpfc: Enable Management features for IF_TYPE=6 (James Smart) [Orabug: 30569875] [Orabug: 29212758] - scsi: lpfc: Correct topology type reporting on G7 adapters (James Smart) [Orabug: 30569875] [Orabug: 29212758] - scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (James Smart) [Orabug: 30569875] - scsi: lpfc: Fix driver not setting dpp bits correctly in doorbell word (James Smart) [Orabug: 30569875] - scsi: lpfc: Enhance log messages when reporting CQE errors (James Smart) [Orabug: 30569875] - scsi: lpfc: Fix frequency of Release WQE CQEs (James Smart) [Orabug: 30569875] - scsi: lpfc: Code cleanup for 128byte wqe data type (James Smart) [Orabug: 30569875] - scsi: lpfc: use __raw_writeX on DPP copies (James Smart) [Orabug: 30569875] - scsi: lpfc: Add embedded data pointers for enhanced performance (James Smart) [Orabug: 30569875] - scsi: lpfc: Enable fw download on if_type=6 devices (James Smart) [Orabug: 30569875] - scsi: lpfc: Add if_type=6 support for cycling valid bits (James Smart) [Orabug: 30569875] - scsi: lpfc: Add 64G link speed support (James Smart) [Orabug: 30569875] - scsi: lpfc: Add PCI Ids for if_type=6 hardware (James Smart) [Orabug: 30569875] - scsi: lpfc: Add push-to-adapter support to sli4 (James Smart) [Orabug: 30569875] - scsi: lpfc: Add SLI-4 if_type=6 support to the code base (James Smart) [Orabug: 30569875] - scsi: lpfc: Rework sli4 doorbell infrastructure (James Smart) [Orabug: 30569875] - scsi: lpfc: Rework lpfc to allow different sli4 cq and eq handlers (James Smart) [Orabug: 30569875] - x86/bugs: use check_bugs instead of microcode_late_select_mitigation (Mihai Carabas) [Orabug: 30332499] - x86/bugs: spec_ctrl_mutex taken in stop_machine context (Mihai Carabas) [Orabug: 30332499] - x86/microcode: moved cpu feature late eval to stop_machine (Mihai Carabas) [Orabug: 30332499] - x86/cpu: Re-apply forced caps every time CPU caps are re-read (Andy Lutomirski) [Orabug: 30332499] - x86/microcode/intel: Check microcode revision before updating sibling threads (Ashok Raj) [Orabug: 30332499] - tracing: Fix possible double free on failure of allocating trace buffer (Steven Rostedt (VMware)) [Orabug: 30633873] {CVE-2017-18595} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15807 CVE-2019-16233 CVE-2017-18595 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.42.1] - scsi: libsas: delete sas port if expander discover failed (Jason Yan) [Orabug: 30580688] {CVE-2019-15807} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15807 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.318.1] - x86/speculation: Determine swapgs before alternative instructions are set (Patrick Colp) [Orabug: 30379640] - scsi: libsas: delete sas port if expander discover failed (Jason Yan) [Orabug: 30580689] {CVE-2019-15807} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15807 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 7 [4.14.35-1902.10.4.el7uek] - kvm: Don't reference vcpu->arch.st in arch-independent code (Boris Ostrovsky) [Orabug: 30489861] - kvm: fix compile on s390 part 2 (Christian Borntraeger) [Orabug: 30489861] - kvm: fix compilation on s390 (Paolo Bonzini) [Orabug: 30489861] - kvm: fix compilation on aarch64 (Paolo Bonzini) [Orabug: 30489861] [4.14.35-1902.10.3.el7uek] - x86/KVM: Clean up host's steal time structure (Boris Ostrovsky) [Orabug: 30489861] {CVE-2019-3016} {CVE-2019-3016} - x86/KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed (Boris Ostrovsky) [Orabug: 30489861] {CVE-2019-3016} {CVE-2019-3016} - x86/kvm: Cache gfn to pfn translation (Boris Ostrovsky) [Orabug: 30489861] {CVE-2019-3016} {CVE-2019-3016} - x86/kvm: Introduce kvm_(un)map_gfn() (Boris Ostrovsky) [Orabug: 30489861] {CVE-2019-3016} {CVE-2019-3016} - x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit (Boris Ostrovsky) [Orabug: 30489861] {CVE-2019-3016} {CVE-2019-3016} - KVM: Properly check if page is valid in kvm_vcpu_unmap (KarimAllah Ahmed) [Orabug: 30489861] - KVM: Introduce a new guest mapping API (KarimAllah Ahmed) [Orabug: 30489861] - KVM: x86: svm: make sure NMI is injected after nmi_singlestep (Vitaly Kuznetsov) [Orabug: 30714532] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15917 CVE-2019-3016 cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::UEKR5_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::latest Oracle Linux 7 [4.14.35-1902.10.4.1.el7uek] - IB/mlx4: Fix use after free in RDMA CM disconnect code path (Manjunath Patil) [Orabug: 30815818] - IB/mlx4: Fix leak in id_map_find_del (Hakon Bugge) [Orabug: 30815811] - RDMA/cma: Relax device check in cma_match_net_dev() (Hakon Bugge) [Orabug: 30815802] - KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) (Paolo Bonzini) [Orabug: 30815773] {CVE-2019-19332} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19332 CVE-2019-15917 CVE-2019-3016 cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::UEKR5_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.319.1] - net-sysfs: Fix mem leak in netdev_register_kobject (YueHaibing) [Orabug: 30350265] {CVE-2019-15916} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15916 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 7 [4.14.35-1902.10.7] - rtlwifi: Fix potential overflow on P2P code (Laura Abbott) [Orabug: 30807747] {CVE-2019-17666} - rds: fix an infoleak in rds_inc_info_copy (Kangjie Lu) [Orabug: 30770961] {CVE-2016-5244} - KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) (Paolo Bonzini) [Orabug: 30658694] {CVE-2019-19332} [4.14.35-1902.10.6] - IB/mlx4: Fix use after free in RDMA CM disconnect code path (Manjunath Patil) - RDMA/cma: Relax device check in cma_match_net_dev() (Hakon Bugge) [Orabug: 30809126] - IB/mlx4: Fix leak in id_map_find_del (Hakon Bugge) [Orabug: 30805810] - net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c (Peter Oskolkov) [Orabug: 30787503] - net: IP6 defrag: use rbtrees for IPv6 defrag (Peter Oskolkov) [Orabug: 30787503] - ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module (Florian Westphal) [Orabug: 30787503] - net: IP defrag: encapsulate rbtree defrag code into callable functions (Peter Oskolkov) [Orabug: 30787503] - ipv6: frags: fix a lockdep false positive (Eric Dumazet) [Orabug: 30787503] [4.14.35-1902.10.5] - drm/i915/cmdparser: Fix jump whitelist clearing (Ben Hutchings) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/gen8+: Add RC6 CTX corruption WA (Imre Deak) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Lower RM timeout to avoid DSI hard hangs (Uma Shankar) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/cmdparser: Ignore Length operands during command matching (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/cmdparser: Add support for backward jumps (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/cmdparser: Use explicit goto for error paths (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Add gen9 BCS cmdparsing (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Allow parsing of unsized batches (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Add support for mandatory cmdparsing (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Remove Master tables from cmdparser (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Disable Secure Batches for gen6+ (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Rename gen7 cmdparser tables (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Move engine->needs_cmd_parser to engine->flags (Tvrtko Ursulin) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Dont use GPU relocations prior to cmdparser stalls (Chris Wilson) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Silence smatch for cmdparser (Chris Wilson) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/cmdparser: Do not check past the cmd length. (Michal Srb) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/cmdparser: Check reg_table_count before derefencing. (Michal Srb) [Orabug: 30656819] {CVE-2019-0154} - drm/i915: Prevent writing into a read-only object via a GGTT mmap (Chris Wilson) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/gtt: Disable read-only support under GVT (Chris Wilson) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/gtt: Read-only pages for insert_entries on bdw+ (Vivi, Rodrigo) [Orabug: 30656819] {CVE-2019-0154} - drm/i915/gtt: Add read only pages to gen8_pte_encode (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154} - blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (Anchal Agarwal) [Orabug: 30681025] - x86: microcode: propagate return value to siblings (Mihai Carabas) [Orabug: 30557081] - x86/bugs: TSX not disabled at late loading (Mihai Carabas) [Orabug: 30557081] - x86/bugs: missed initconst cpu_vuln_whitelist used at late loading (Mihai Carabas) [Orabug: 30659681] - mwifiex: Fix mem leak in mwifiex_tm_cmd (YueHaibing) [Orabug: 30732918] {CVE-2019-20095} - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (YueHaibing) [Orabug: 30732937] {CVE-2019-20054} - fjes: Handle workqueue allocation failure (Will Deacon) [Orabug: 30771875] {CVE-2019-16231} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-16231 CVE-2019-20054 CVE-2019-17666 CVE-2016-5244 CVE-2019-20095 CVE-2019-3016 CVE-2019-0154 CVE-2019-15917 CVE-2019-19332 cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::UEKR5_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::latest Oracle Linux 6 Oracle Linux 7 [4.1.12-124.36.1] - iscsi-target: graceful disconnect on invalid mapping to iovec (Imran Haider) [Orabug: 30459537] - x86/microcode: Issue update message only once (Borislav Petkov) [Orabug: 30528904] - x86/microcode/intel: Issue the revision updated message only on the BSP (Borislav Petkov) [Orabug: 30528904] - KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) (Paolo Bonzini) [Orabug: 30658695] {CVE-2019-19332} - rtlwifi: Fix potential overflow on P2P code (Laura Abbott) [Orabug: 30807748] {CVE-2019-17666} [4.1.12-124.35.5] - x86: microcode: propagate return value to siblings (Mihai Carabas) [Orabug: 30557086] - x86/bugs: TSX not disabled at late loading (Mihai Carabas) [Orabug: 30557086] - mlx5: lock mlx5_core to prevent module unload (Brian Maly) [Orabug: 30566775] - rds: RDS/TCP does not initiate a connection (Ka-Cheong Poon) [Orabug: 30576433] - x86: bugs: replace static_ with boot_ for CPU bugs mitigations (Mihai Carabas) [Orabug: 30649400] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-17666 CVE-2019-19332 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 7 [4.14.35-1902.10.8] - KVM: nVMX: Check IO instruction VM-exit conditions (Oliver Upton) [Orabug: 30847136] {CVE-2020-2732} - KVM: nVMX: Refactor IO bitmap checks into helper function (Oliver Upton) [Orabug: 30847136] {CVE-2020-2732} - KVM: nVMX: Dont emulate instructions in guest mode (Paolo Bonzini) [Orabug: 30847136] {CVE-2020-2732} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2732 cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::UEKR5_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::latest Oracle Linux 6 Oracle Linux 7 [4.1.12-124.36.3] - Fix KABI error by keeping the struct field being removed by the below patch (Ritika Srivastava) [Orabug: 30902926] - Revert 'PCI: Check pref compatible bit for mem64 resource of PCIe device' (Ritika Srivastava) [Orabug: 30902926] [4.1.12-124.36.2] - rds: Use bitmap to designate dropped connections (Hakon Bugge) [Orabug: 30868399] - rds: Avoid flushing MRs in rds_rdma_drop_keys (aru kolappan) [Orabug: 29797476] - CIFS: fix POSIX lock leak and invalid ptr deref (Aurelien Aptel) [Orabug: 30399972] - mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() (qize wang) [Orabug: 30819439] {CVE-2019-14901} - media: b2c2-flexcop-usb: add sanity checking (Oliver Neukum) [Orabug: 30864533] {CVE-2019-15291} - rds: prevent use-after-free of rds conn in rds_send_drop_to() (Sharath Srinivasan) [Orabug: 30865080] - KVM: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest that lack it (Paolo Bonzini) [Orabug: 30867886] - KVM: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality (Paolo Bonzini) [Orabug: 30867886] - KVM: x86: implement MSR_IA32_TSX_CTRL effect on CPUID (Paolo Bonzini) [Orabug: 30867886] - KVM: x86: do not modify masked bits of shared MSRs (Paolo Bonzini) [Orabug: 30867886] - KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES (Paolo Bonzini) [Orabug: 30867886] - slub: do not sanity check if SLAB_DEBUG_FREE is not set (Dongli Zhang) [Orabug: 30903145] - slub: extend slub debug to handle multiple slabs (Aaron Tomlin) [Orabug: 30903145] - Fix kmalloc slab creation sequence (Christoph Lameter) [Orabug: 30903145] - slab: correct size_index table before replacing the bootstrap kmem_cache_node (Daniel Sanders) [Orabug: 30903145] - mm/slab_common: support the slub_debug boot option on specific object size (Gavin Guo) [Orabug: 30903145] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15291 CVE-2019-14901 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.36.1.1] - KVM: nVMX: Check IO instruction VM-exit conditions (Oliver Upton) [Orabug: 30847137] {CVE-2020-2732} - KVM: nVMX: Refactor IO bitmap checks into helper function (Oliver Upton) [Orabug: 30847137] {CVE-2020-2732} - KVM: nVMX: Dont emulate instructions in guest mode (Paolo Bonzini) [Orabug: 30847137] {CVE-2020-2732} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2732 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.36.4] - KVM: nVMX: Check IO instruction VM-exit conditions (Oliver Upton) [Orabug: 30944739] {CVE-2020-2732} - KVM: nVMX: Refactor IO bitmap checks into helper function (Oliver Upton) [Orabug: 30944739] {CVE-2020-2732} - KVM: nVMX: Don't emulate instructions in guest mode (Paolo Bonzini) [Orabug: 30944739] {CVE-2020-2732} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-2732 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.43.1] - media: b2c2-flexcop-usb: add sanity checking (Oliver Neukum) [Orabug: 30864534] {CVE-2019-15291} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15291 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.320.1] - rds: Avoid flushing MRs in rds_rdma_drop_keys (aru kolappan) [Orabug: 30650888] - media: b2c2-flexcop-usb: add sanity checking (Oliver Neukum) [Orabug: 30864535] {CVE-2019-15291} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-15291 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 7 [78.6.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.6.0-1] - Update to 78.6.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26971 CVE-2020-26974 CVE-2020-35111 CVE-2020-16042 CVE-2020-26973 CVE-2020-35113 CVE-2020-26978 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 6 [7.19.7-54.0.2] - Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug:30568724] 462 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-5482 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 Oracle Linux 8 [78.6.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [78.6.0-1] - Update to 78.6.0 build1 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26974 CVE-2020-35113 CVE-2020-26971 CVE-2020-26978 CVE-2020-16042 CVE-2020-26973 CVE-2020-35111 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [7.29.0-54.0.5.el7_7.2] - Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug:30568724] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-5482 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ol7 cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ol7 Oracle Linux 7 [1.0.2k-21] - remove ASN1_F_ASN1_ITEM_EMBED_D2I from openssl-1.0.2k-cve-2020-1971.patch [1.0.2k-20] - fix CVE-2020-1971 openssl: EDIPARTYNAME NULL pointer de-reference IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1971 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [10.15-1] - Rebase to upstream release 10.15 Resolves: rhbz#1898213 Resolves: rhbz#1898341 Resolves: rhbz#1901567 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [4.14.35-1902.11.3] - xfs: do async inactivation only when fs freezed (Junxiao Bi) [Orabug: 31013775] [4.14.35-1902.11.2] - ib/core: Cancel fmr delayed_worker when in shutdown phase of reboot system (Hans Westgaard Ry) [Orabug: 30967501] - Revert 'printk: Default console logging level should be set to 4' (Cesar Roque) [Orabug: 30833249] - cgroup: psi: fix memory leak when freeing a cgroup work function (Tom Hromatka) [Orabug: 30903264] [4.14.35-1902.11.1] - xfs: fix deadlock between shrinker and fs freeze (Junxiao Bi) [Orabug: 30657780] - xfs: increase the default parallelism levels of pwork clients (Darrick J. Wong) [Orabug: 30657780] - xfs: decide if inode needs inactivation (Darrick J. Wong) [Orabug: 30657780] - xfs: refactor the predicate part of xfs_free_eofblocks (Darrick J. Wong) [Orabug: 30657780] - mwifiex: fix unbalanced locking in mwifiex_process_country_ie() (Brian Norris) [Orabug: 30781858] {CVE-2019-14895} - mwifiex: fix possible heap overflow in mwifiex_process_country_ie() (Ganapathi Bhat) [Orabug: 30781858] {CVE-2019-14895} {CVE-2019-14895} - ipmi_ssif: avoid registering duplicate ssif interface (Kamlakant Patel) [Orabug: 30916684] - ipmi: Fix NULL pointer dereference in ssif_probe (Gustavo A. R. Silva) [Orabug: 30916684] - uio: Fix an Oops on load (Dan Carpenter) [Orabug: 30897832] - drm/i915: Fix use-after-free when destroying GEM context (Tyler Hicks) [Orabug: 30860457] {CVE-2020-7053} - xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (Darrick J. Wong) [Orabug: 30788113] - slub: extend slub debug to handle multiple slabs (Aaron Tomlin) [Orabug: 30903135] - RAS/CEC: Fix binary search function (Borislav Petkov) [Orabug: 30897849] - CIFS: fix POSIX lock leak and invalid ptr deref (Aurelien Aptel) [Orabug: 30809456] - rds: Avoid flushing MRs in rds_rdma_drop_keys (aru kolappan) [Orabug: 30681066] [4.14.35-1902.11.0] - rds: Avoid qp overflow when posting invalidate/register mr with frwr (Hans Westgaard Ry) [Orabug: 30888677] - rds: Use bitmap to designate dropped connections (Hakon Bugge) [Orabug: 30852643] - rds: prevent use-after-free of rds conn in rds_send_drop_to() (Sharath Srinivasan) [Orabug: 30865079] - media: b2c2-flexcop-usb: add sanity checking (Oliver Neukum) [Orabug: 30864532] {CVE-2019-15291} - KVM: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest that lack it (Paolo Bonzini) [Orabug: 30846856] - KVM: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality (Paolo Bonzini) [Orabug: 30846856] - KVM: x86: implement MSR_IA32_TSX_CTRL effect on CPUID (Paolo Bonzini) [Orabug: 30846856] - KVM: x86: do not modify masked bits of shared MSRs (Paolo Bonzini) [Orabug: 30846856] - KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES (Paolo Bonzini) [Orabug: 30846856] - xen/ovmapi: whitelist more caches (Boris Ostrovsky) [Orabug: 30837856] - mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() (qize wang) [Orabug: 30819438] {CVE-2019-14901} - drm/i915/gen9: Clear residual context state on context switch (Akeem G Abodunrin) [Orabug: 30773852] {CVE-2019-14615} {CVE-2019-14615} - rds: unlock rs_snd_lock before calling rhashtable_insert_fast (aru kolappan) [Orabug: 30734590] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-14895 CVE-2019-14615 CVE-2019-14901 CVE-2019-15291 CVE-2020-7053 cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:linux:7::UEKR5_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::latest Oracle Linux 7 [15:3.1.0-7.el7] - qemu-img: Add --target-is-zero to convert (David Edmondson) [15:3.1.0-6.el7] - qemu.spec: Remove 'BuildRequires: kernel' (Karl Heubaum) [Orabug: 30858754] - target/i386: add support for MSR_IA32_TSX_CTRL (Paolo Bonzini) [Orabug: 30652327] - iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711) (Felipe Franciosi) [Orabug: 30807256] {CVE-2020-1711} - scsi: lsi: exit infinite loop while executing script (CVE-2019-12068) (Paolo Bonzini) [Orabug: 30351703] {CVE-2019-12068} - lsi: use enum type for s->waiting (Sven Schnelle) {CVE-2019-12068} - json: Fix % handling when not interpolating (Christophe Fergeau) [Orabug: 30640103] - qemu.spec: enable have_curl in spec (Dongli Zhang) [Orabug: 30640103] - Fix heap overflow in ip_reass on big packet input (Samuel Thibault) [Orabug: 30229916] {CVE-2019-14378} - Make poll_control_msr default 1 (Mark Kanda) - Remove redundant check for host support of halt polling (Mark Kanda) [Orabug: 30240121] - Enable '-Werror' compiler flag (Mark Kanda) [Orabug: 30213025] - qemu-submodule-init: Add Git submodule init script (Karl Heubaum) [Orabug: 30729551] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1711 CVE-2019-14378 CVE-2019-12068 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:linux:7::kvm_utils cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:linux:7:7:patch cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 Oracle Linux 8 [1.0-3.0.1.4] - Increase db_max_size to 100M [1.0-3.4] RHEL 8.3.Z ERRATUM - Adding DISA STIG during OS installation causes 'ipa-server-install' to fail [rhel-8.3.0.z] - fixed java detection Resolves: rhbz#1905895 - Erratum RHBA-2020:4969 is of no help when upgrading partially RHEL 8.2 systems [rhel-8.3.0.z] Resolves: rhbz#1906472 IMPORTANT Copyright 2020 Oracle, Inc. cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [78.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.6.0-1] - Update to 78.6.0 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-16042 CVE-2020-26974 CVE-2020-26973 CVE-2020-35111 CVE-2020-26971 CVE-2020-26978 CVE-2020-35113 cpe:/a:oracle:linux:7:9:patch_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [9.6.20-1] - Rebase to upstream release 9.6.20 Resolves: rhbz#1901563 Resolves: rhbz#1898218 Resolves: rhbz#1898334 [9.6.19-1] - Rebase to 9.6.19 Also fixes: CVE-2019-10208, CVE-2020-14350, CVE-2019-10130 Resolves: #1741490 Resolves: #1867111 Resolves: #1845074 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-10130 CVE-2020-25694 CVE-2020-25695 CVE-2019-10208 CVE-2020-1720 CVE-2020-14350 CVE-2020-25696 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 postgresql [12.5-1] - Rebase to upstream release 12.5 Resolves: rhbz#1901555 Resolves: rhbz#1898223 Resolves: rhbz#1898329 [12.1-3] - Release bump for 8.2.0 BZ#1776805 [12.1-2] - Release bump for rebuild against libpq-12.1-3 [12.1-1] - Rebase to upstream release 12.1 [12.0-1] - Rebase to upstream release 12.0 [12.0-0.3] - Rebase to upstream beta release 12beta4 - postgresql-server-devel requires krb5-devel [12.0-0.2] - Rebase to upstream beta release 12beta3 [12.0-0.1] - Rebase to upstream beta release 12beta2 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14350 CVE-2020-14349 CVE-2020-25694 CVE-2020-1720 CVE-2020-25696 CVE-2020-25695 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [78.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.6.0-1] - Update to 78.6.0 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-26974 CVE-2020-16042 CVE-2020-26971 CVE-2020-35113 CVE-2020-35111 CVE-2020-26973 CVE-2020-26978 cpe:/a:oracle:linux:8::appstream Oracle Linux 6 Oracle Linux 7 [4.1.12-124.38.1] - rds: transport module should be auto loaded when transport is set (Rao Shoaib) [Orabug: 31031928] - KVM: X86: Fix NULL deref in vcpu_scan_ioapic (Wanpeng Li) [Orabug: 31078882] - vhost: Check docket sk_family instead of call getname (Eugenio Perez) [Orabug: 31085993] {CVE-2020-10942} - Revert 'oled: give panic handler chance to run before kexec' (Wengang Wang) [Orabug: 31098797] [4.1.12-124.37.3] - kernel: cpu.c: fix return in void function cpu_smt_disable (Mihai Carabas) [Orabug: 31047871] - net: qlogic: Fix memory leak in ql_alloc_large_buffers (Navid Emamdoost) [Orabug: 31055327] {CVE-2019-18806} - swiotlb: clean up reporting (Kees Cook) [Orabug: 31085017] {CVE-2018-5953} - KVM: x86: Expose more Intel AVX512 feature to guest (Luwei Kang) [Orabug: 31085086] - x86/cpufeature: Enable new AVX-512 features (Fenghua Yu) [Orabug: 31085086] [4.1.12-124.37.2] - xenbus: req->err should be updated before req->state (Dongli Zhang) [Orabug: 30705030] - xenbus: req->body should be updated before req->state (Dongli Zhang) [Orabug: 30705030] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18806 CVE-2020-10942 CVE-2018-5953 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.44.1] - net: qlogic: Fix memory leak in ql_alloc_large_buffers (Navid Emamdoost) [Orabug: 31055328] {CVE-2019-18806} - swiotlb: clean up reporting (Kees Cook) [Orabug: 31085018] {CVE-2018-5953} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18806 CVE-2018-5953 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.321.1] - net: qlogic: Fix memory leak in ql_alloc_large_buffers (Navid Emamdoost) [Orabug: 31055329] {CVE-2019-18806} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18806 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 7 [4.14.35-1902.301.1] - vhost: Check docket sk_family instead of call getname (Eugenio Perez) [Orabug: 31085991] {CVE-2020-10942} - uek-rpm: config-mips64-embedded misc pruning (Eric Saint-Etienne) [Orabug: 31079017] - ubifs: Check for name being NULL while mounting (Richard Weinberger) [Orabug: 29410897] - team: avoid complex list operations in team_nl_cmd_options_set() (Cong Wang) [Orabug: 30886420] - Revert 'oled: give panic handler chance to run before kexec' (Wengang Wang) [Orabug: 31098796] - Revert 'oled: Limit panic routine change x86 only' (Wengang Wang) [Orabug: 31098796] - net/mlx5: Add pci AtomicOps request (Michael Guralnik) [Orabug: 30750027] - PCI: Add pci_enable_atomic_ops_to_root() (Jay Cornwall) [Orabug: 30750027] - locking/rwsem: Prevent decrement of reader count before increment (Waiman Long) [Orabug: 31087349] - net: core: another layer of lists, around PF_MEMALLOC skb handling (Sasha Levin) [Orabug: 31087349] - locking/rwsem: Fix (possible) missed wakeup (Xie Yongji) [Orabug: 31087349] - swiotlb: clean up reporting (Kees Cook) [Orabug: 31085014] {CVE-2018-5953} - nfs: optimise readdir cache page invalidation (Dai Ngo) [Orabug: 31015775] - NFS: Directory page cache pages need to be locked when read (Trond Myklebust) [Orabug: 31015775] - ppp: remove the PPPIOCDETACH ioctl (Eric Biggers) [Orabug: 31061772] - batman-adv: Avoid WARN on net_device without parent in netns (Sven Eckelmann) [Orabug: 30857690] - net: qlogic: Fix memory leak in ql_alloc_large_buffers (Navid Emamdoost) [Orabug: 31055325] {CVE-2019-18806} - net_sched: fix datalen for ematch (Cong Wang) [Orabug: 30877993] - net/xfrm: fix out-of-bounds packet access (Alexei Starovoitov) [Orabug: 30885434] - RDMA/nldev: Provide MR statistics (Erez Alfasi) [Orabug: 30729404] - RDMA/mlx5: Return ODP type per MR (Erez Alfasi) [Orabug: 30729404] - RDMA/nldev: Allow different fill function per resource (Erez Alfasi) [Orabug: 30729404] - IB/mlx5: Introduce ODP diagnostic counters (Erez Alfasi) [Orabug: 30729404] - RDMA/mlx5: Use odp instead of mr->umem in pagefault_mr (Jason Gunthorpe) [Orabug: 30729404] - RDMA/mlx5: Use ib_umem_start instead of umem.address (Jason Gunthorpe) [Orabug: 30729404] - RDMA/odp: Use kvcalloc for the dma_list and page_list (Jason Gunthorpe) [Orabug: 30729404] - RDMA/odp: Check for overflow when computing the umem_odp end (Jason Gunthorpe) [Orabug: 30729404] - RDMA/odp: Provide ib_umem_odp_release() to undo the allocs (Jason Gunthorpe) [Orabug: 30729404] - RDMA/odp: Split creating a umem_odp from ib_umem_get (Jason Gunthorpe) [Orabug: 30729404] - RDMA/odp: Make the three ways to create a umem_odp clear (Jason Gunthorpe) [Orabug: 30729404] - RMDA/odp: Consolidate umem_odp initialization (Jason Gunthorpe) [Orabug: 30729404] - RDMA/odp: Make it clearer when a umem is an implicit ODP umem (Jason Gunthorpe) [Orabug: 30729404] - RDMA/odp: Iterate over the whole rbtree directly (Jason Gunthorpe) [Orabug: 30729404] - RDMA/odp: Use the common interval tree library instead of generic (Jason Gunthorpe) [Orabug: 30729404] - RDMA/mlx5: Fix MR npages calculation for IB_ACCESS_HUGETLB (Jason Gunthorpe) [Orabug: 30729404] - IB/mlx5: Fix implicit MR release flow (Yishai Hadas) [Orabug: 30729404] - RDMA/netlink: Implement counter dumpit calback (Mark Zhang) [Orabug: 30729404] - RDMA/nldev: Allow counter auto mode configration through RDMA netlink (Mark Zhang) [Orabug: 30729404] - RDMA/odp: Fix missed unlock in non-blocking invalidate_start (Jason Gunthorpe) [Orabug: 30729404] - RDMA: Report available cdevs through RDMA_NLDEV_CMD_GET_CHARDEV (Jason Gunthorpe) [Orabug: 30729404] - RDMA: Add NLDEV_GET_CHARDEV to allow char dev discovery and autoload (Jason Gunthorpe) [Orabug: 30729404] - RDMA: Convert put_page() to put_user_page*() (John Hubbard) [Orabug: 30729404] - RDMA/umem: Move page_shift from ib_umem to ib_odp_umem (Jason Gunthorpe) [Orabug: 30729404] - mm: introduce put_user_page*(), placeholder versions (John Hubbard) [Orabug: 30729404] - RDMA/umem: Remove hugetlb flag (Shiraz Saleem) [Orabug: 30729404] - RDMA/bnxt_re: Use core helpers to get aligned DMA address (Shiraz Saleem) [Orabug: 30729404] - RDMA/i40iw: Use core helpers to get aligned DMA address within a supported page size (Shiraz Saleem) [Orabug: 30729404] - RDMA/verbs: Add a DMA iterator to return aligned contiguous memory blocks (Shiraz Saleem) [Orabug: 30729404] - RDMA/umem: Add API to find best driver supported page size in an MR (Shiraz Saleem) [Orabug: 30729404] - RDMA/umem: Handle page combining avoidance correctly in ib_umem_add_sg_table() (Shiraz Saleem) [Orabug: 30729404] - RDMA/core: Add a netlink command to change net namespace of rdma device (Parav Pandit) [Orabug: 30729404] - RDMA/umem: Use correct value for SG entries in sg_copy_to_buffer() (Shiraz Saleem) [Orabug: 30729404] - RDMA/nldev: Return device protocol (Leon Romanovsky) [Orabug: 30729404] - RDMA/umem: Combine contiguous PAGE_SIZE regions in SGEs (Shiraz Saleem) [Orabug: 30729404] - RDMA/core: Add interface to read device namespace sharing mode (Parav Pandit) [Orabug: 30729404] - IB/mlx5: Reset access mask when looping inside page fault handler (Moni Shoua) [Orabug: 30729404] - IB/core: Ensure an invalidate_range callback on ODP MR (Ira Weiny) [Orabug: 30729404] - RDMA/umem: Revert broken 'off by one' fix (John Hubbard) [Orabug: 30729404] - RDMA/umem: minor bug fix in error handling path (John Hubbard) [Orabug: 30729404] - RDMA/nldev: Provide parent IDs for PD, MR and QP objects (Leon Romanovsky) [Orabug: 30729404] - RDMA/nldev: Share with user-space object IDs (Leon Romanovsky) [Orabug: 30729404] - IB/uverbs: Add ib_ucontext to uverbs_attr_bundle sent from ioctl and cmd flows (Shamir Rabinovitch) [Orabug: 30729404] - RDMA/rdmavt: Adapt to handle non-uniform sizes on umem SGEs (Shiraz, Saleem) [Orabug: 30729404] - RDMA/rxe: Use for_each_sg_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404] - RDMA/ocrdma: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404] - RDMA/qedr: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404] - RDMA/cxgb3: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404] - RDMA/cxgb4: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404] - RDMA/i40iw: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404] - RDMA/mthca: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404] - RDMA/bnxt_re: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404] - lib/scatterlist: Provide a DMA page iterator (Jason Gunthorpe) [Orabug: 30729404] - RDMA/nldev: Dynamically generate restrack dumpit callbacks (Leon Romanovsky) [Orabug: 30729404] - IB/{core,hw}: Have ib_umem_get extract the ib_ucontext from ib_udata (Jason Gunthorpe) [Orabug: 30729404] - RDMA/uverbs: Use uverbs_attr_bundle to pass udata for ioctl() (Jason Gunthorpe) [Orabug: 30729404] - RDMA/uverbs: Use uverbs_attr_bundle to pass udata for write_ex (Jason Gunthorpe) [Orabug: 30729404] - RDMA/uverbs: Replace ib_uverbs_file with uverbs_attr_bundle for write (Jason Gunthorpe) [Orabug: 30729404] - RDMA/core: Refactor ib_register_device() function (Parav Pandit) [Orabug: 30729404] - RDMA/core: Fix unwinding flow in case of error to register device (Parav Pandit) [Orabug: 30729404] - RDMA/nldev: Allow IB device rename through RDMA netlink (Leon Romanovsky) [Orabug: 30729404] - RDMA: Fully setup the device name in ib_register_device (Jason Gunthorpe) [Orabug: 30729404] - mm: Introduce kvcalloc() (Kees Cook) [Orabug: 30729404] - RDMA/uapi: Fix uapi breakage (Doug Ledford) [Orabug: 30729404] - RDMA/nldev: helper functions to add driver attributes (Steve Wise) [Orabug: 30729404] - RDMA/nldev: add driver-specific resource tracking (Steve Wise) [Orabug: 30729404] - RDMA/nldev: Add explicit pad attribute (Steve Wise) [Orabug: 30729404] - RDMA/bnxt_re: Add support for MRs with Huge pages (Somnath Kotur) [Orabug: 30729404] - IB/{rdmavt, hfi1, qib}: Self determine driver name (Michael J. Ruhl) [Orabug: 30729404] - RDMA/vmw_pvrdma: Do not re-calculate npages (Yuval Shaia) [Orabug: 30729404] - iw_cxgb4: allocate wait object for each memory object (Steve Wise) [Orabug: 30729404] - IB/uverbs: clean up INIT_UDATA() macro usage (Arnd Bergmann) [Orabug: 30729404] - x86/init: Fix kasan gcc8+ type miss match error. (John Donnelly) [Orabug: 31076337] [4.14.35-1902.301.0] - kernel: cpu.c: fix return in void function cpu_smt_disable (Mihai Carabas) [Orabug: 31049316] - media: usb: fix memory leak in af9005_identify_state (Navid Emamdoost) [Orabug: 31029908] {CVE-2019-18809} - nvme: fix possible deadlock when nvme_update_formats fails (Sagi Grimberg) [Orabug: 31002557] - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (Thadeu Lima de Souza Cascardo) [Orabug: 30995760] - uek-rpm: Make sure perf builds against libnuma and add run-time dependency (Dave Kleikamp) [Orabug: 30896468] - perf/x86/intel: Add Icelake support (Thomas Tai) [Orabug: 30872256] - x86/CPU: Add Icelake model number (Rajneesh Bhardwaj) [Orabug: 30872256] - perf/x86/intel/ds: Handle PEBS overflow for fixed counters (Kan Liang) [Orabug: 30872256] - perf/x86/intel: Introduce PMU flag for Extended PEBS (Kan Liang) [Orabug: 30872256] - tty: Don't hold ldisc lock in tty_reopen() if ldisc present (Dmitry Safonov) [Orabug: 30591419] - tty: Simplify tty->count math in tty_reopen() (Dmitry Safonov) [Orabug: 30591419] - tty: Hold tty_ldisc_lock() during tty_reopen() (Dmitry Safonov) [Orabug: 30591419] - tty/ldsem: Wake up readers after timed out down_write() (Dmitry Safonov) [Orabug: 30591419] - tty: Drop tty->count on tty_reopen() failure (Dmitry Safonov) [Orabug: 30591419] - rds: transport module should be auto loaded when transport is set (Rao Shoaib) [Orabug: 30328633] - net: erspan: fix use-after-free (William Tu) [Orabug: 29784424] - batman-adv: Force mac header to start of data on xmit (Sven Eckelmann) [Orabug: 29784399] - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (Cong Wang) [Orabug: 30886600] - ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() (Cong Wang) [Orabug: 30884437] - add extra symbols from UEK5R3 to the kABI whitelist (Dan Duval) [Orabug: 30295161] - iommu: Force iommu shutdown on panic (John Donnelly) [Orabug: 31043947] - iommu/amd: Only free resources once on init error (Kevin Mitchell) [Orabug: 31043947] - iommu/amd: Move gart fallback to amd_iommu_init (Kevin Mitchell) [Orabug: 31043947] - iommu/amd: Make iommu_disable safer (Kevin Mitchell) [Orabug: 31043947] - iommu/vt-d: Turn off translations at shutdown (Deepa Dinamani) [Orabug: 31043947] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18809 CVE-2018-5953 CVE-2019-18806 CVE-2020-10942 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5_archive cpe:/a:oracle:linux:7::developer_UEKR5 cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 olcne [1.0.3-1] - updated the default Kubernetes version to 1.14.9 kubernetes [1.14.9-1.0.3] - [CVE-2019-11254] kube-apiserver Denial of Service vulnerability from malicious YAML payloads [1.14.9-1.0.2] - Use bounded crio version [1.14.9-1.0.1] - Added Oracle specific build files for Kubernetes cri-o [1.14.7-1.0.5] - Enhance versioning detection [1.14.7-1.0.4] - Golang CVE-2019-16276 [1.14.7-1.0.3] - added THIRD_PARTY_LICENSES.txt file [1.14.7-1.0.2] - moved to semantic versioning for Release [1.14.7-1] - Added Oracle Specifile Files for cri-o cri-tools [1.14.0-1.0.5] - Enhance versioning to support rpm Provides [1.14.0-1.0.4] - Golang CVE-2019-16276 [1.14.0-1.0.3] - added THIRD_PARTY_LICENSES.txt file [1.14.0-1.0.2] - moved to semantic versioning for Release and added Url [1.14.0-1] - Added Oracle Specific Build Files for cri-tools IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-11254 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 7 kubernetes [1.12.10-1.0.11] - [CVE-2019-11254] kube-apiserver Denial of Service vulnerability from malicious YAML payloads [1.12.10-1.0.10] - [CVE-2019-16276] Kubernetes Vulnerabilities Allow Authentication Bypass, DoS [1.12.10-1.0.9] - Define rolling update for flannel [1.12.10-1.0.8] - Modify flannel/dashboard image tags to use images that have the cve fix [1.12.10-1.0.7] - [CVE-2019-11253] Kubernetes API Server JSON/YAML parsing vulnerable to resource exhaustion attack [1.12.10-1.0.6] - [CVE-2019-16276] bump golang to 1.12.10 [1.12.10-1.0.5] - added THIRD_PARTY_LICENSES.txt file [1.12.10-1.0.4] - fix for CVE-2019-11251 [1.12.10-1.0.3] - replacing references to kubernetes-dashboard-amd64 with kubernetes-dashboard [1.12.10-1.0.2] - Added Oracle specific build files for Kubernetes kubeadm-ha-setup [0.0.2-1.0.69] - [CVE-2019-11254] kube-apiserver Denial of Service vulnerability from malicious YAML payloads [0.0.2-1.0.68] - Pull image prior to update and fix image repo for addons [0.0.2-1.0.67] - Bump golang build version [0.0.2-1.0.66] - [CVE-2019-16276] Support patching flannel/dashboard on upgrade [0.0.2-1.0.65] - [CVE 2019-16276] Support deploygin 1.12 and 1.13 with CVE patched [0.0.2-1.0.64] - [CVE-2019-16276] Support patching etcd on upgrade [0.0.2-1.0.63] - [CVE-2019-16276] while upgrading a cluster patch the coredns image [0.0.2-1.0.62] - CVE-2019-16276 : Update flannel , etcd coredns and dashboard images. [0.0.2-1.0.61] - Added Support for 1.13.11 and removed support for 1.13.10 [0.0.2-1.0.59] - Remove Support for 1.14.6 [0.0.2-1.0.58] - Replacing reference to kubernetes-dashboard-amd64 with kubernetes-dashboard [0.0.2-1.0.57] - Support 1.12.10 [0.0.2-1.0.56] - Support 1.14.6 [0.0.2-1.0.55] - Support 1.13.10 [0.0.2-1.0.54] - Support 1.13.9 [0.0.2-1.0.53] - Mark 1.14 as a developer build [0.0.2-1.0.52] - Restore fails when trying to restore after a failed update [0.0.2-1.0.51] - Minor version update doesn't update kubeadm on all master nodes [0.0.2-1.0.50] - Make k8s 1.14 specific changes [0.0.2-1.0.49] - Remove 1.10 and 1.11 version since they are incompatable [0.0.2-1.0.48] - Support deploying 5 master nodes [0.0.2-1.0.47] - Only update/upgrade the controlplane images if they changed in the Release object [0.0.2-1.0.46] - Fix version comparison function during upgrade [0.0.2-1.0.45] - Fix rpm version compare - Allow kubernetes updates for patch version [0.0.2-1.0.44] - Allow assume yes to deploy a single master without the prompt [0.0.2-1.0.43] - Post cluster creation should check only for master nodes [0.0.2-1.0.42] - Update keepalived check api server to ensure we are grepping the correct IP [0.0.2-1.0.41] - Make ha.yaml an optional argument in the cli for single master cluster [0.0.2-1.0.40] - Add pod cidr default and refactor ha.yaml example [0.0.2-1.0.39] - Remove features: feature1_13=true from config [0.0.2-1.0.38] - Default kubernetes version to latest production version [0.0.2-1.0.37] - Fix keepalived issue when firewalld is disable [0.0.2-1.0.36] - Default kubernetes version to latest production version [0.0.2-1.0.35] - Add addons template and config files [0.0.2-1.0.34] - Enhance tests [0.0.2-1.0.33] - fix regression of previous firewall fix [0.0.2-1.0.32] - Fix firewall issues during restore [0.0.2-1.0.31] - Fix firewall issues [0.0.2-1.0.30] - Enhance output while validating the system [0.0.2-1.0.29] - Fix DR in 1.13 [0.0.2-1.0.28] - Fix apiserver_cert_extra_sans for 1.13 clusters [0.0.2-1.0.27] - Fix update/upgrade output message [0.0.2-1.0.26] - Fix major upgrade [0.0.2-1.0.25] - Add registry migration [0.0.2-1.0.24] - Return stdout and stderr from Run function to allow the caller decided what to display [0.0.2-1.0.23] - Proxy variable is inherited in remote master [0.0.2-1.0.22] - The Trim function doesn't work for replacing strings - Upgrade should use the pause container instead of pause-amd64 [0.0.2-1.0.21] - Include 1.12.7 image and update 1.13 and metric servers info [0.0.2-1.0.20] - Support new registries and allow for password to have a colon [0.0.2-1.0.19] - --force flag for full restore [0.0.2-1.0.18] - Change update help message [0.0.2-1.0.17] - Change update message, add ha install command and ask for confirmation [0.0.2-1.0.16] - Change upgrade command name to update [0.0.2-1.0.15] - Fix upgrade for point release [0.0.2-1.0.14] - Move file.go to config.go [0.0.2-1.0.13] - Feature Flag 1.13 code [0.0.2-1.0.12] - Add support of upgrading HA master nodes [0.0.2-1.0.11] - Support deploying Kubernetes version 1.13.2 [0.0.2-1.0.10] - CVE-2018-16875 [0.0.2-1.0.9] - Add timeout to Run() (gitlab issues #3) - Rename path to linux-git.us.oracle.com/Kubernetes [0.0.2-1.0.8] - Remove releases.json dependency [0.0.2-1.0.7] - Pin dependent kubernetes packages [0.0.2-1.0.6] - Update deps for kube 1.13 [0.0.2-1.0.5] - Add test runner in makefile and execute it in CI/CD [0.0.2-1.0.4] - Fix backup path issue again found by Tom Cocozzello [0.0.2-1.0.3] - [Orabug 29152516] Backup and restore /var/lib/kubelet/kubeadm-flags.env too - Cleanup kube-ipvs0 interface too - More code cleanup - Use map for checking kernel module - Fix client joining errors - Addressing Tom Cocozzello's review - Enabling IPVS in HA [0.0.2-1.0.2] - Update dashboard image (CVE-2018-18264) [0.0.2-1.0.1] - Allow Oracle certified addons to be installed via cli [0.0.1-2.0.9] - Use 'dep ensure' to clean up symlinks in the vendor directory [0.0.1-2.0.5] - Clean up un-used build scripts [0.0.1-2.0.4] - Add Makefile for building and testing code [0.0.1-2.0.3] - Fix file restore issue when it contains './' [0.0.1-2.0.2] - Resolve the full filepath when '.' is passed in - Addressing review by Muminul Islam [0.0.1-2.0.1] - Remove 'firewall-cmd --reload' as it can hangs OCI - Fix some errors reported by Shubham - Error out if options is not currently supported in HandleEtcdOps - Fix down issue - Dump log output to /var/log/kubeadm-ha-setup [0.0.1-1.0.37] - Fix kubernetes version - Include log printing when error occurs - Fix client.go regression due to new down function [0.0.1-1.0.36] - Remove Godeps, using dep for now - Check if image is not set before referencing - Rename getEtcdConfigV2 to getEtcdConfig - Adding down functionality - Update ha.yaml file [0.0.1-1.0.35] - Removing etcd.go - Addressing Tom Cocozzello review - [Orabug 28977571] [0.0.1-1.0.34] - Enabling full restore on HA master and single master - Cleanup - Enable single master backup - Double the context request timeout - Implement retryable AddMember [0.0.1-1.0.33] - Modified DR for One node case to use new etcd API - Enhanced the helper scripts such that it will error out - HealthCheck re-implementation [0.0.1-1.0.32] - Update dashboard image [0.0.1-1.0.31] - Needs to be run as a privileged user - Enable CoreDNS as default [0.0.1-1.0.30] - Enable single master setup [0.0.1-1.0.29] - Redesigned for setting up v1.12 HA clusters [0.0.1-1.0.28] - Fixes for v1.11 - Addressing Laszlo Peter review - Addressing Daniel Krasinski review [0.0.1-1.0.27] - Fix build failure - Add UPL LICENSE - Fix the usage of defer - Re-try when docker pull image gets a timeout - Refactor SetupCreds() - Remove --force flag for restore - When something fail, we should lenghten the timeout time [0.0.1-1.0.26] - When context timed out catch it and print stdout, stderr [0.0.1-1.0.25] - Check output from docker client and probe for error [0.0.1-1.0.24] - Properly parse if repo has a special ':' character [0.0.1-1.0.23] - Checking the total nodes would be better implementation - Fixup etcd add member errors [0.0.1-1.0.22] - Pod count could be >= 20 - Remove port 30000-32767/tcp check for client node - Querying k8s cluster health instead of etcd for backup - Cosmestic fix - Etcd one node restore problems [0.0.1-1.0.21] - Check whether repo needs auth even in one node restore case - Fixup the restore script - docker pull image change in behavior in 18.03 - Include client side image repo checking too - Provide a full repo path for comparison - Make kubernetes_developer as the sample repo - Use strings.Contains to compare strings - Fix README - Initial README - Include changes in kube.go [0.0.1-1.0.20] - In OCI LB can takes time to setup properly - Fix random string - [Orabug 28445064] - Replace RunCmdExec() with just Run() - Sanity check for # of master - Make kubeadm token default to be random [0.0.1-1.0.19] - Check if docker exec etcd returns Error - Check env first before trying to pull image - [Orabug 28461826] [0.0.1-1.0.18] - Fixing LB, kubelet, kubectl-proxy - Add a DEBUG flag for more verbose output [0.0.1-1.0.17] - Don't loop forever in client, make Run() more consistent in master - Fixup LB for OCI - Add apiserver-bind-port capability [0.0.1-1.0.17] - Include apiserver_cert_extra_sans and service_cidr [0.0.1-1.0.16] - Include restoring keepalived for one and full restore - For Full Restore we need to first clean up before anything else - Clean up DR, make backup check etcd health first - Properly clean-up flannel.1 and cni0 [0.0.1-1.0.15] - DR code cleanup - Changed permission on the created dir to 0755 - Fix filename not found error [0.0.1-1.0.14] - Don't panic() - In One node restore case verify the ca.crt MD5SUM - Full DR feature - Redesign of the DR - Include file and its line number for logging - Put the binary full path - Re-arrange varibles for ssh.go - Separate etcd cli to another file (etcd.go) - Addition to kubectl cli - Check if MyIP for local node is missing/empty [0.0.1-1.0.13] - Replace binary names - Include the ability to re-try master setup [0.0.1-1.0.12] - Renamed the whole REPO to kubeadm-ha-setup - Don't print out more logs as necessary [0.0.1-1.0.12] - Enhance ssh/sftp code [0.0.1-1.0.11] - Change the storePath - Include keepalived backup and change backup.sh/restore.sh [0.0.1-1.0.10] - Continuing on the restore part - Make the script to query all KUBEDIR directory from a single file - Consolidate KUBEDIR - Make systemd related file 0644 [0.0.1-1.0.9] - Fixup the hardcoded directory as such we are reading from only limited source - Include the Docker API for restore - Initial implementation of DR [0.0.1-1.0.8] - Fixup kubeadm-setup join - systemctl enable kubelet [0.0.1-1.0.7] - Fix LoadBalancer to take care of extra steps [0.0.1-1.0.6] - Cleanup some stdout - Add token field in ha.yaml for ease of automated setup [0.0.1-1.0.5] - If Loadbalancer is preferred/used [0.0.1-1.0.4] - Remove goroutine sleep - unnecessary - Provides structure to store required files and cert files - Fix merge errors [0.0.1-1.0.3] - Create /run/kubeadm w-w/o --skip [0.0.1-1.0.2] - NoHA and LoadBalancer [0.0.1-1.0.1] - Initial build kubeadm-upgrade [0.0.1-1.0.28] -- [CVE-2019-11254] kube-apiserver Denial of Service vulnerability from malicious YAML payloads [0.0.1-1.0.27] -- [CVE-2019-16276] Kubernetes Vulnerabilities Allow Authentication Bypass, DoS [0.0.1-1.0.26] -- Create log folder before any log write or error exit [ orabug: 29806186 ] [0.0.1-1.0.25] -- Enforce exit on errors [0.0.1-1.0.24] -- Dashboard yaml location was moved in Kubernetes 1.12.7 [0.0.1-1.0.23] -- Detect latest kubernetes version from yum [0.0.1-1.0.22] -- Bump up 1.12.7 version for coredns fix [0.0.1-1.0.21] -- CVE-2019-9946 [0.0.1-1.0.20] -- CVE-2019-1002101 [0.0.1-1.0.19] -- Bump up 1.12.6 version [0.0.1-1.0.18] -- Upgrade from 1.9 to 1.12 fails [0.0.1-1.0.17] -- Update the Kubernetes version to include the conntrack fix [0.0.1-1.0.16] -- CVE-2019-1002100 [0.0.1-1.0.15] -- CVE-2018-1002105 [0.0.1-1.0.14] -- Fix kube version for 1.10.5 [0.0.1-1.0.13] -- Updating 1.10 and 1.11 version for CVE fixes -- Include flannel and dashboard upgrade [0.0.1-1.0.12] -- Upgrade to 1.12.5-2.1.1 [0.0.1-1.0.11] -- Upgrade to 1.12.5 [0.0.1-1.0.10] -- Add license info to the script [0.0.1-1.0.9] -- Add license file [0.0.1-1.0.8] -- Fix the bug on number of CPU checking [0.0.1-1.0.7] -- Use install instead of update for a specifc 1.12 version [0.0.1-1.0.6] -- Upgrade cluster to 1.12.3-* version only [0.0.1-1.0.5] -- Add exit handler to gather logs on failure [0.0.1-1.0.4] -- Enhance logging and check return code after kubeadm apply. Checking CPU and Memory of the system [0.0.1-1.0.3] -- Change REPO_PREFIX to use a single repo, increased timeout during cluster health check [0.0.1-1.0.2] -- Added comments and fix rpm name [0.0.1-1.0.1] - Upgrade to 1.12.3 IMPORTANT Copyright 2020 Oracle, Inc. cpe:/a:oracle:linux:7::addons Oracle Linux 7 [4.9.2-4.0.1.el7_7.1] - Fix [CVE-2018-14468] [Orabug: 30480183] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2018-14468 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:linux:7::beta cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 7 Oracle Linux 8 [5.4.17-2011.1.2] - ctf: discard CTF from the vDSO (Nick Alcock) [Orabug: 31194036] [5.4.17-2011.1.1] - slcan: Don't transmit uninitialized stack data in padding (Richard Palethorpe) [Orabug: 31136750] {CVE-2020-11494} - blktrace: Protect q->blk_trace with RCU (Jan Kara) [Orabug: 31123573] {CVE-2019-19768} - KVM: x86: clear stale x86_emulate_ctxt->intercept value (Vitaly Kuznetsov) [Orabug: 31118688] - perf/x86/amd: Add support for Large Increment per Cycle Events (Kim Phillips) [Orabug: 31104924] - perf/x86/amd: Constrain Large Increment per Cycle events (Kim Phillips) [Orabug: 31104924] - kvm/svm: PKU not currently supported (John Allen) [Orabug: 31104924] - KVM: SVM: Override default MMIO mask if memory encryption is enabled (Tom Lendacky) [Orabug: 31104924] - EDAC/amd64: Drop some family checks for newer systems (Yazen Ghannam) [Orabug: 31104924] - x86/amd_nb: Add Family 19h PCI IDs (Yazen Ghannam) [Orabug: 31104924] - EDAC/mce_amd: Always load on SMCA systems (Yazen Ghannam) [Orabug: 31104924] - x86/MCE/AMD, EDAC/mce_amd: Add new Load Store unit McaType (Yazen Ghannam) [Orabug: 31104924] - EDAC/amd64: Add family ops for Family 19h Models 00h-0Fh (Yazen Ghannam) [Orabug: 31104924] - EDAC/amd64: Check for memory before fully initializing an instance (Yazen Ghannam) [Orabug: 31104924] - EDAC/amd64: Use cached data when checking for ECC (Yazen Ghannam) [Orabug: 31104924] - EDAC/amd64: Save max number of controllers to family type (Yazen Ghannam) [Orabug: 31104924] - EDAC/amd64: Gather hardware information early (Yazen Ghannam) [Orabug: 31104924] - EDAC/amd64: Make struct amd64_family_type global (Yazen Ghannam) [Orabug: 31104924] - floppy: check FDC index for errors before assigning it (Linus Torvalds) [Orabug: 31067510] {CVE-2020-9383} - KVM: SVM: Guard against DEACTIVATE when performing WBINVD/DF_FLUSH (Tom Lendacky) [Orabug: 31012269] - KVM: SVM: Serialize access to the SEV ASID bitmap (Tom Lendacky) [Orabug: 31012269] - iommu/vt-d: Allow devices with RMRRs to use identity domain (Lu Baolu) [Orabug: 31127400] [5.4.17-2011.1.0] - vhost: Check docket sk_family instead of call getname (Eugenio Perez) [Orabug: 31085989] {CVE-2020-10942} - selftests/net: add definition for SOL_DCCP to fix compilation errors for old libc (Alan Maguire) [Orabug: 31078892] - kernel: cpu.c: fix print typo about SMT status (Mihai Carabas) [Orabug: 31053334] - nfs: optimise readdir cache page invalidation (Dai Ngo) [Orabug: 31044292] - NFS: Directory page cache pages need to be locked when read (Trond Myklebust) [Orabug: 31044292] - rds: transport module should be auto loaded when transport is set (Rao Shoaib) [Orabug: 31032126] - efi: Fix a race and a buffer overflow while reading efivars via sysfs (Vladis Dronov) [Orabug: 31020408] - net: Support GRO/GSO fraglist chaining. (Steffen Klassert) [Orabug: 30670829] - net: Add fraglist GRO/GSO feature flags (Steffen Klassert) [Orabug: 30670829] - udp: Support UDP fraglist GRO/GSO. (Steffen Klassert) [Orabug: 30670829] - net: remove the check argument from __skb_gro_checksum_convert (Li RongQing) [Orabug: 30670829] - Revert 'nvme_fc: add module to ops template to allow module references' (John Donnelly) [Orabug: 31119387] - ext4: add cond_resched() to ext4_protect_reserved_inode (Shijie Luo) [Orabug: 31067112] {CVE-2020-8992} - dsa: disable module unloading for ARM64 (Allen Pais) [Orabug: 30456791] - bpf: Undo incorrect __reg_bound_offset32 handling (Daniel Borkmann) [Orabug: 31127385] {CVE-2020-8835} - bpf: Fix tnum constraints for 32-bit comparisons (Jann Horn) [Orabug: 31127385] {CVE-2020-8835} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19768 CVE-2020-10942 CVE-2020-11494 CVE-2020-8992 CVE-2020-9383 CVE-2020-8835 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:7::UEKR6 cpe:/a:oracle:linux:8::UEKR6 cpe:/o:oracle:linux:8:2:baseos_base cpe:/a:oracle:linux:8::developer_UEKR6 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.39.1] - qla2xxx: Update driver version to 9.00.00.00.42.0-k1-v2 (Arun Easi) [Orabug: 30372266] - qla2xxx: Fix device discovery when FCP2 device is lost. (Arun Easi) [Orabug: 30372266] - brcmfmac: add subtype check for event handling in data path (John Donnelly) [Orabug: 30776354] {CVE-2019-9503} - percpu-refcount: fix reference leak during percpu-atomic transition (Douglas Miller) [Orabug: 30867060] - blk-mq: Allow timeouts to run while queue is freezing (Gabriel Krisman Bertazi) [Orabug: 30867060] - fs/dcache.c: fix spin lockup issue on nlru->lock (Junxiao Bi) [Orabug: 30953290] - jbd2: disable CONFIG_JBD2_DEBUG (Junxiao Bi) [Orabug: 31234664] - mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf (Navid Emamdoost) [Orabug: 31246302] {CVE-2019-19056} - drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl() (Vladis Dronov) [Orabug: 31262557] {CVE-2017-7346} [4.1.12-124.38.5] - i40e: Increment the driver version for FW API update (Jack Vogel) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Update FW API version to 1.9 (Piotr Azarewicz) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Changed maximum supported FW API version to 1.8 (Adam Ludkiewicz) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Stop dropping 802.1ad tags - eth proto 0x88a8 (Scott Peterson) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: fix reading LLDP configuration (Mariusz Stachura) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Add capability flag for stopping FW LLDP (Krzysztof Galazka) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: refactor FW version checking (Mitch Williams) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: shutdown all IRQs and disable MSI-X when suspended (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: prevent service task from running while we're suspended (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: don't clear suspended state until we finish resuming (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: use newer generic PM support instead of legacy PM callbacks (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: use separate state bit for miscellaneous IRQ setup (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: fix for flow director counters not wrapping as expected (Mariusz Stachura) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: relax warning message in case of version mismatch (Mariusz Stachura) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: simplify member variable accesses (Sudheer Mogilappagari) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Fix link down message when interface is brought up (Sudheer Mogilappagari) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Fix unqualified module message while bringing link up (Sudheer Mogilappagari) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} [4.1.12-124.38.4] - HID: Fix assumption that devices have inputs (Alan Stern) [Orabug: 31208622] {CVE-2019-19532} - qla2xxx: DBG: disable 3D mailbox. (Quinn Tran) [Orabug: 30890687] - scsi: qla2xxx: Fix mtcp dump collection failure (Quinn Tran) [Orabug: 30890687] - scsi: qla2xxx: Add Serdes support for ISP27XX (Joe Carnuccio) [Orabug: 30890687] - vgacon: Fix a UAF in vgacon_invert_region (Zhang Xiaoxu) [Orabug: 31143947] {CVE-2020-8649} {CVE-2020-8647} {CVE-2020-8647} {CVE-2020-8649} {CVE-2020-8649} {CVE-2020-8647} - HID: hiddev: do cleanup in failure of opening a device (Hillf Danton) [Orabug: 31206360] {CVE-2019-19527} - HID: hiddev: avoid opening a disconnected device (Hillf Danton) [Orabug: 31206360] {CVE-2019-19527} - USB: adutux: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31233769] {CVE-2019-19523} [4.1.12-124.38.3] - ipv4: implement support for NOPREFIXROUTE ifa flag for ipv4 address (Paolo Abeni) [Orabug: 30292825] - vt: selection, push sel_lock up (Jiri Slaby) [Orabug: 30923298] {CVE-2020-8648} - vt: selection, push console lock down (Jiri Slaby) [Orabug: 30923298] {CVE-2020-8648} - vt: selection, close sel_buffer race (Jiri Slaby) [Orabug: 30923298] {CVE-2020-8648} {CVE-2020-8648} - xfs: stop searching for free slots in an inode chunk when there are none (Carlos Maiolino) [Orabug: 31030659] - xfs: fix up xfs_swap_extent_forks inline extent handling (Eric Sandeen) [Orabug: 31032831] - xfs: validate sb_logsunit is a multiple of the fs blocksize (Darrick J. Wong) [Orabug: 31034071] - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings (Wen Huang) [Orabug: 31104481] {CVE-2019-14814} {CVE-2019-14815} {CVE-2019-14816} {CVE-2019-14814} {CVE-2019-14815} {CVE-2019-14816} [4.1.12-124.38.2] - rds: fix an infoleak in rds_inc_info_copy (Kangjie Lu) [Orabug: 30770962] {CVE-2016-5244} - xfs: do async inactivation only when fs freezed (Junxiao Bi) [Orabug: 30944736] - xfs: fix deadlock between shrinker and fs freeze (Junxiao Bi) [Orabug: 30944736] - xfs: increase the default parallelism levels of pwork clients (Junxiao Bi) [Orabug: 30944736] - xfs: decide if inode needs inactivation (Junxiao Bi) [Orabug: 30944736] - xfs: refactor the predicate part of xfs_free_eofblocks (Junxiao Bi) [Orabug: 30944736] - floppy: check FDC index for errors before assigning it (Linus Torvalds) [Orabug: 31067516] {CVE-2020-9383} - KVM: x86: clear stale x86_emulate_ctxt->intercept value (Vitaly Kuznetsov) [Orabug: 31118691] - slcan: Don't transmit uninitialized stack data in padding (Richard Palethorpe) [Orabug: 31136753] {CVE-2020-11494} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-0144 CVE-2019-19527 CVE-2016-5244 CVE-2020-8647 CVE-2019-0140 CVE-2019-14815 CVE-2017-7346 CVE-2020-11494 CVE-2020-8649 CVE-2020-9383 CVE-2019-0139 CVE-2020-8648 CVE-2019-19056 CVE-2019-19532 CVE-2019-9503 CVE-2019-14814 CVE-2019-14816 CVE-2019-19523 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.45.1] - HID: hiddev: do cleanup in failure of opening a device (Hillf Danton) [Orabug: 31206361] {CVE-2019-19527} - HID: hiddev: avoid opening a disconnected device (Hillf Danton) [Orabug: 31206361] {CVE-2019-19527} - HID: Fix assumption that devices have inputs (Alan Stern) [Orabug: 31208623] {CVE-2019-19532} - drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl() (Murray McAllister) [Orabug: 31224360] {CVE-2017-7261} - brcmfmac: add subtype check for event handling in data path (John Donnelly) [Orabug: 31234676] {CVE-2019-9503} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2017-7261 CVE-2019-19527 CVE-2019-19532 CVE-2019-9503 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 7 [5.7.0-13.el7] - domain groups: Fix multiple Domain Group vCPU administration flaws (Wim ten Have) [Orabug: 31145304] - qemu: fix missing #if defined(ENABLE_EXADATA) (Menno Lageman) - build: Fix qemu-submodule-init syntax-check issue (Wim ten Have) - libvirt: Fix various introduced Fedora/RHEL build violations (Wim ten Have) [Orabug: 31143337] - qemu: don't hold both jobs for suspend (Jonathon Jongsma) [Orabug: 31073098] {CVE-2019-20485} - domain groups: qemu driver error refers to pCPUs instead of vCPUs (Wim ten Have) [Orabug: 31075757] - node_device_conf: Don't leak @physical_function in virNodeDeviceGetPCISRIOVCaps (Jiang Kun) [Orabug: 31070337] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-20485 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:linux:7::kvm_utils cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [4.14.35-1902.302.2] - KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] {CVE-2013-1798} - KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - x86/microcode/AMD: Increase microcode PATCH_MAX_SIZE (John Allen) [Orabug: 31213449] - HID: hiddev: do cleanup in failure of opening a device (Hillf Danton) [Orabug: 31206359] {CVE-2019-19527} - HID: hiddev: avoid opening a disconnected device (Hillf Danton) [Orabug: 31206359] {CVE-2019-19527} - net/ethernet/octeon: Add ptp_dbg_group module param in octeon-pow-ethernet (Vijay Kumar) [Orabug: 31198851] - net/rds: Fix MR reference counting problem (Ka-Cheong Poon) [Orabug: 31130197] - net/rds: Replace struct rds_mr's r_refcount with struct kref (Ka-Cheong Poon) [Orabug: 31130197] - rds: Fix use-after-free in rds_ib_free_caches (Hans Westgaard Ry) [Orabug: 31200770] - include/linux/relay.h: fix percpu annotation in struct rchan (Luc Van Oostenryck) [Orabug: 31183399] {CVE-2019-19462} - uek-rpm: fix dts rpmbuild when using cross-compiler (Tom Saeger) [Orabug: 30896439] - HID: Fix assumption that devices have inputs (Alan Stern) [Orabug: 30622561] {CVE-2019-19532} - net/ethernet/octeon: Set max/min mtu of pow equivalent to Octeon eth device (Vijay Kumar) [Orabug: 31191751] - vgacon: Fix a UAF in vgacon_invert_region (Zhang Xiaoxu) [Orabug: 31143946] {CVE-2020-8649} {CVE-2020-8647} {CVE-2020-8647} {CVE-2020-8649} {CVE-2020-8647} {CVE-2020-8649} - crypto: ecdh - fix big endian bug in ECC library (Ard Biesheuvel) [Orabug: 31203429] - KVM: x86: fix nested guest live migration with PML (Paolo Bonzini) [Orabug: 31202733] - KVM: x86: assign two bits to track SPTE kinds (Paolo Bonzini) [Orabug: 31202733] - x86/kvm/mmu: introduce guest_mmu (Vitaly Kuznetsov) [Orabug: 31202733] - x86/kvm/mmu.c: add kvm_mmu parameter to kvm_mmu_free_roots() (Vitaly Kuznetsov) [Orabug: 31202733] - x86/kvm/mmu.c: set get_pdptr hook in kvm_init_shadow_ept_mmu() (Vitaly Kuznetsov) [Orabug: 31202733] - x86/kvm/mmu: make vcpu->mmu a pointer to the current MMU (Vitaly Kuznetsov) [Orabug: 31202733] - x86/kvm/nVMX: allow bare VMXON state migration (Vitaly Kuznetsov) [Orabug: 31202164] - sched/fair: Prevent a division by 0 in scale_rt_capacity() (John Sobecki) [Orabug: 31124463] - blktrace: Protect q->blk_trace with RCU (Jan Kara) [Orabug: 31123575] {CVE-2019-19768} - blktrace: fix unlocked access to init/start-stop/teardown (Jens Axboe) [Orabug: 31123575] {CVE-2019-19768} [4.14.35-1902.302.1] - xfs: revert commit c6314bc8055a (Darrick J. Wong) [Orabug: 31180825] - vt: selection, push sel_lock up (Jiri Slaby) [Orabug: 30923296] {CVE-2020-8648} - vt: selection, push console lock down (Jiri Slaby) [Orabug: 30923296] {CVE-2020-8648} - vt: selection, close sel_buffer race (Jiri Slaby) [Orabug: 30923296] {CVE-2020-8648} {CVE-2020-8648} - net_sched: fix an OOB access in cls_tcindex (Cong Wang) [Orabug: 31181100] - mips64: Fix X.509 certificates parsing (Eric Saint-Etienne) [Orabug: 31178433] - efi: Fix a race and a buffer overflow while reading efivars via sysfs (Vladis Dronov) [Orabug: 30990726] - genhd: Fix use after free in __blkdev_get() (Jan Kara) [Orabug: 31161462] - blockdev: Fix livelocks on loop device (Jan Kara) [Orabug: 31161462] - net: validate untrusted gso packets without csum offload (Willem de Bruijn) [Orabug: 31161828] - slcan: Don't transmit uninitialized stack data in padding (Richard Palethorpe) [Orabug: 31136752] {CVE-2020-11494} - crypto: user - fix leaking uninitialized memory to userspace (Eric Biggers) [Orabug: 31081816] {CVE-2018-19854} - scsi: libsas: stop discovering if oob mode is disconnected (Jason Yan) [Orabug: 30770911] {CVE-2019-19965} - dccp: Fix memleak in __feat_register_sp (YueHaibing) [Orabug: 30755059] {CVE-2019-20096} - ovl: relax WARN_ON() on rename to self (Amir Goldstein) [Orabug: 30451796] - bnx2x: Fix VF's VLAN reconfiguration in reload. (Manish Chopra) - bnx2x: Remove configured vlans as part of unload sequence. (Sudarsana Reddy Kalluru) - sch_dsmark: fix potential NULL deref in dsmark_init() (Eric Dumazet) [Orabug: 30453287] [4.14.35-1902.302.0] - mips64:uek-rpm/ol7/config-mips: Enable IP_SET configs (Vijay Kumar) [Orabug: 31123145] - IB/ipoib: Avoid race from waking up the transmission queue (Praveen Kumar Kannoju) [Orabug: 31118993] - KVM: x86: clear stale x86_emulate_ctxt->intercept value (Vitaly Kuznetsov) [Orabug: 31118690] - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings (Wen Huang) [Orabug: 31104480] {CVE-2019-14814} {CVE-2019-14815} {CVE-2019-14816} {CVE-2019-14814} {CVE-2019-14815} {CVE-2019-14816} - arch/mips: Discard the contents of the PCI console if the buffer is full for more than 10 milliseconds (Victor Michel) [Orabug: 31097950] - Add in-kernel X.509 certificate on mips64 (Eric Saint-Etienne) [Orabug: 31090468] - floppy: check FDC index for errors before assigning it (Linus Torvalds) [Orabug: 31067513] {CVE-2020-9383} - KVM: X86: Fix NULL deref in vcpu_scan_ioapic (Wanpeng Li) [Orabug: 31004914] - rds: Add debugfs for inc/frag cache statistics (Hans Westgaard Ry) [Orabug: 30827415] - rds: Add inc/frag cache statistics (Hans Westgaard Ry) [Orabug: 30827415] - rds: Control the CPU (de)allocating fragments (Hans Westgaard Ry) [Orabug: 30827415] - rds: Change caching strategy for receive buffers (Hans Westgaard Ry) [Orabug: 30827415] - rds: Add lockfree stack routines (Hans Westgaard Ry) [Orabug: 30827415] [4.14.35-1902.301.2] - xfs: ratelimit inode flush on buffered write ENOSPC (Darrick J. Wong) [Orabug: 31056429] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-14814 CVE-2019-14816 CVE-2020-8648 CVE-2020-9383 CVE-2019-14815 CVE-2019-19965 CVE-2013-1798 CVE-2019-19532 CVE-2019-20096 CVE-2020-11494 CVE-2020-8647 CVE-2019-19462 CVE-2018-19854 CVE-2019-19527 CVE-2019-19768 CVE-2020-8649 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5_archive cpe:/a:oracle:linux:7::developer_UEKR5 cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 Oracle Linux 8 [5.4.17-2011.2.2uek] - scsi: qla2xxx: Move free of fcport out of interrupt context (Joe Carnuccio) [Orabug: 31225231] - xfs: move inode flush to the sync workqueue (Darrick J. Wong) [Orabug: 31132665] - arm64: Kconfig: Enable NODES_SPAN_OTHER_NODES config for NUMA (Hoan Tran) [Orabug: 31049202] - scsi: bnx2fc: timeout calculation invalid for bnx2fc_eh_abort() (Laurence Oberman) [Orabug: 31207643] - jbd2: disable CONFIG_JBD2_DEBUG (Junxiao Bi) [Orabug: 31264694] [5.4.17-2011.2.1uek] - x86/mce: Restart the system when LMCE UE error occurs (Thomas Tai) [Orabug: 31218859] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-11609 CVE-2020-11608 CVE-2020-11668 CVE-2020-9391 CVE-2020-8647 CVE-2020-8649 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/o:oracle:linux:8:2:baseos_patch cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.46.1] - ipv6: only static routes qualify for equal cost multipathing (Hannes Frederic Sowa) [Orabug: 30977687] {CVE-2013-4125} - USB: adutux: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31240296] {CVE-2019-19523} - USB: core: Fix races in character device registration and deregistraion (Alan Stern) [Orabug: 31317668] {CVE-2019-19537} - USB: iowarrior: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31351063] {CVE-2019-19528} - usb: iowarrior: fix deadlock on disconnect (Oliver Neukum) [Orabug: 31351063] {CVE-2019-19528} - mremap: properly flush TLB before releasing the page (Linus Torvalds) [Orabug: 31352012] {CVE-2018-18281} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2013-4125 CVE-2018-18281 CVE-2019-19523 CVE-2019-19528 CVE-2019-19537 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 6 Oracle Linux 7 [4.1.12-124.39.5] - Input: ff-memless - kill timer in destroy() (Oliver Neukum) [Orabug: 31213691] {CVE-2019-19524} - libertas: Fix two buffer overflows at parsing bss descriptor (Wen Huang) [Orabug: 31351307] {CVE-2019-14896} {CVE-2019-14897} {CVE-2019-14897} - binfmt_elf: use ELF_ET_DYN_BASE only for PIE (Kees Cook) [Orabug: 31352068] {CVE-2017-1000370} {CVE-2017-1000371} {CVE-2017-1000370} - NFSv4.0: Remove transport protocol name from non-UCS client ID (Chuck Lever) [Orabug: 31357212] - NFSv4.0: Remove cl_ipaddr from non-UCS client ID (Chuck Lever) [Orabug: 31357212] - xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31387466] [4.1.12-124.39.4] - acpi: disable erst (Wengang Wang) [Orabug: 31194253] - mdio_bus: Fix use-after-free on device_register fails (YueHaibing) [Orabug: 31222292] {CVE-2019-12819} - rds: ib: Fix dysfunctional long address resolve timeout (Hakon Bugge) [Orabug: 31302708] - vxlan: dont migrate permanent fdb entries during learn (Roopa Prabhu) [Orabug: 31325318] - USB: iowarrior: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31351061] {CVE-2019-19528} - usb: iowarrior: fix deadlock on disconnect (Oliver Neukum) [Orabug: 31351061] {CVE-2019-19528} - mremap: properly flush TLB before releasing the page (Linus Torvalds) [Orabug: 31352011] {CVE-2018-18281} [4.1.12-124.39.3] - Input: add safety guards to input_set_keycode() (Dmitry Torokhov) [Orabug: 31200558] {CVE-2019-20636} - media: stv06xx: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31200579] {CVE-2020-11609} - media: ov519: add missing endpoint sanity checks (Johan Hovold) [Orabug: 31213758] {CVE-2020-11608} - media: xirlink_cit: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31213767] {CVE-2020-11668} - mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring (Navid Emamdoost) [Orabug: 31263147] {CVE-2019-19057} - USB: core: Fix races in character device registration and deregistraion (Alan Stern) [Orabug: 31317667] {CVE-2019-19537} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-11609 CVE-2017-1000370 CVE-2019-12819 CVE-2019-14897 CVE-2019-19528 CVE-2019-19537 CVE-2019-19057 CVE-2018-18281 CVE-2019-19524 CVE-2020-11668 CVE-2019-20636 CVE-2020-11608 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.322.1] - ipvs: reset ipvs pointer in netns (Julian Anastasov) [Orabug: 31027196] - ipvs: prefer NETDEV_DOWN event to free cached dsts (Julian Anastasov) [Orabug: 31027196] - HID: hiddev: do cleanup in failure of opening a device (Hillf Danton) [Orabug: 31206362] {CVE-2019-19527} - HID: hiddev: avoid opening a disconnected device (Hillf Danton) [Orabug: 31206362] {CVE-2019-19527} - HID: Fix assumption that devices have inputs (Alan Stern) [Orabug: 31208624] {CVE-2019-19532} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19532 CVE-2019-19527 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 5 Oracle Linux 6 [2.6.39-400.323.1] - USB: adutux: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31240297] {CVE-2019-19523} - USB: core: Fix races in character device registration and deregistraion (Alan Stern) [Orabug: 31317669] {CVE-2019-19537} - USB: iowarrior: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31351064] {CVE-2019-19528} - usb: iowarrior: fix deadlock on disconnect (Oliver Neukum) [Orabug: 31351064] {CVE-2019-19528} [2.6.39-400.322.1] - ipvs: reset ipvs pointer in netns (Julian Anastasov) [Orabug: 31027196] - ipvs: prefer NETDEV_DOWN event to free cached dsts (Julian Anastasov) [Orabug: 31027196] - HID: hiddev: do cleanup in failure of opening a device (Hillf Danton) [Orabug: 31206362] {CVE-2019-19527} - HID: hiddev: avoid opening a disconnected device (Hillf Danton) [Orabug: 31206362] {CVE-2019-19527} - HID: Fix assumption that devices have inputs (Alan Stern) [Orabug: 31208624] {CVE-2019-19532} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19523 CVE-2019-19528 CVE-2019-19537 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 7 Oracle Linux 8 [5.4.17-2011.3.2.1uek] - x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [Orabug: 31352779] {CVE-2020-0543} - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31352779] {CVE-2020-0543} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31352779] {CVE-2020-0543} - x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31352779] {CVE-2020-0543} - x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31352779] {CVE-2020-0543} - x86/speculation/spectre_v2: Exclude Zhaoxin CPUs from SPECTRE_V2 (Tony W Wang-oc) [Orabug: 31352779] {CVE-2020-0543} [5.4.17-2011.3.2uek] - USB: core: Fix free-while-in-use bug in the USB S-Glibrary (Alan Stern) [Orabug: 31350962] {CVE-2020-12464} - mt76: fix array overflow on receiving too many fragments for a packet (Felix Fietkau) [Orabug: 31350952] {CVE-2020-12465} - mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Qing Xu) [Orabug: 31350929] {CVE-2020-12653} - block, bfq: fix use-after-free in bfq_idle_slice_timer_body (Zhiqiang Liu) [Orabug: 31350910] {CVE-2020-12657} - xsk: Add missing check on user supplied headroom size (Magnus Karlsson) [Orabug: 31350732] {CVE-2020-12659} - mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() (Qing Xu) [Orabug: 31350513] {CVE-2020-12654} - xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31387411] - KVM: x86: Fixes posted interrupt check for IRQs delivery modes (Suravee Suthikulpanit) [Orabug: 31316437] - Revert 'Revert 'nvme_fc: add module to ops template to allow module references'' (James Smart) [Orabug: 31377552] - uek-rpm: Move grub boot menu update to posttrans stage. (Somasundaram Krishnasamy) [Orabug: 31358097] - KVM: SVM: Fix potential memory leak in svm_cpu_init() (Miaohe Lin) [Orabug: 31350455] {CVE-2020-12768} [5.4.17-2011.3.1uek] - intel_idle: Use ACPI _CST for processor models without C-state tables (Rafael J. Wysocki) [Orabug: 31332120] - ACPI: processor: Export acpi_processor_evaluate_cst() (Rafael J. Wysocki) [Orabug: 31332120] - ACPI: processor: Clean up acpi_processor_evaluate_cst() (Rafael J. Wysocki) [Orabug: 31332120] - ACPI: processor: Introduce acpi_processor_evaluate_cst() (Rafael J. Wysocki) [Orabug: 31332120] - ACPI: processor: Export function to claim _CST control (Rafael J. Wysocki) [Orabug: 31332120] - rds: ib: Fix dysfunctional long address resolve timeout (Hakon Bugge) [Orabug: 31302704] - KVM: x86: Revert 'KVM: X86: Fix fpu state crash in kvm guest' (Sean Christopherson) [Orabug: 31333676] - KVM: x86: Ensure guests FPU state is loaded when accessing for emulation (Sean Christopherson) [Orabug: 31333676] - KVM: x86: Handle TIF_NEED_FPU_LOAD in kvm_{load,put}_guest_fpu() (Sean Christopherson) [Orabug: 31333676] - net: dsa: Do not leave DSA master with NULL netdev_ops (Florian Fainelli) [Orabug: 30456791] - Revert 'dsa: disable module unloading for ARM64' (Allen Pais) [Orabug: 30456791] [5.4.17-2011.3.0uek] - NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (Robert Milkowski) [Orabug: 31304406] - NFSv4: try lease recovery on NFS4ERR_EXPIRED (Robert Milkowski) [Orabug: 31304406] - btrfs: Dont submit any btree write bio if the fs has errors (Qu Wenruo) [Orabug: 31265336] {CVE-2019-19377} {CVE-2019-19377} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12653 CVE-2020-12768 CVE-2020-12657 CVE-2020-12659 CVE-2020-12654 CVE-2020-12464 CVE-2019-19377 CVE-2020-0543 CVE-2020-12465 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/o:oracle:linux:8:2:baseos_patch cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 [4.14.35-1902.303.4.1] - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31422209] {CVE-2020-0543} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31422209] {CVE-2020-0543} - x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31422209] {CVE-2020-0543} - x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31422209] {CVE-2020-0543} [4.14.35-1902.303.4] - net/rds: suppress memory allocation failure reports (Manjunath Patil) [Orabug: 31422157] - rds: Do not cancel RDMAs that have been posted to the HCA (Hakon Bugge) [Orabug: 31422151] - rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31422151] - xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31422147] [4.14.35-1902.303.3] - scsi: target: fix hang when multiple threads try to destroy the same iscsi session (Maurizio Lombardi) [Orabug: 31374726] - scsi: target: remove boilerplate code (Maurizio Lombardi) [Orabug: 31374726] - KSPLICE: mips: clear the stack before going in the freezer. (Quentin Casasnovas) [Orabug: 31352999] - KSPLICE: mips: signals the freezer when were coming from the entry code. (Quentin Casasnovas) [Orabug: 31352999] - libertas: Fix two buffer overflows at parsing bss descriptor (Wen Huang) [Orabug: 31351306] {CVE-2019-14896} {CVE-2019-14897} {CVE-2019-14897} - KVM: SVM: Fix potential memory leak in svm_cpu_init() (Miaohe Lin) [Orabug: 31350457] {CVE-2020-12768} - Fix up usage of cfg_enable_fc4_TYPE for backport to UEK5 (Dick Kennedy) [Orabug: 31344936] - scsi: lpfc: Fix unexpected error messages during RSCN handling (James Smart) [Orabug: 31344936] - scsi: lpfc: Fix devices that dont return after devloss followed by rediscovery (James Smart) [Orabug: 31344936] - scsi: lpfc: Fix port relogin failure due to GID_FT interaction (James Smart) [Orabug: 31344936] - scsi: lpfc: Fix discovery failures when target device connectivity bounces (James Smart) [Orabug: 31344936] - NFSv4.0: Remove transport protocol name from non-UCS client ID (Chuck Lever) [Orabug: 31357279] - NFSv4.0: Remove cl_ipaddr from non-UCS client ID (Chuck Lever) [Orabug: 31357279] - slcan: not call free_netdev before rtnl_unlock in slcan_open (Oliver Hartkopp) [Orabug: 31314977] - can, slip: Protect tty->disc_data in write_wakeup and close with RCU (Richard Palethorpe) [Orabug: 31314977] - can: slcan: Fix use-after-free Read in slcan_open (Jouni Hogander) [Orabug: 31314977] - slcan: Fix memory leak in error path (Jouni Hogander) [Orabug: 31314977] - uek-rpm: aarch64 make olddefconfig after inline spinlocks (Tom Saeger) [Orabug: 31314977] - config-aarch64: enable CONFIG_MPLS_IPTUNNEL and CONFIG_BPF_JIT_ALWAYS_ON (Thomas Tai) [Orabug: 31314977] - config-aarch64: enable ISCSI_IBFT (Thomas Tai) [Orabug: 31314977] - iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND (Thomas Tai) [Orabug: 31314977] - config-aarch64: change CONFIG_HZ and CONFIG_FRAME_WARN (Thomas Tai) [Orabug: 31314977] - iommu/arm-smmu-v3: Use WRITE_ONCE() when changing validity of an STE (Will Deacon) [Orabug: 31314977] - iommu/arm-smmu-v3: Prevent any devices access to memory without registration (Zhen Lei) [Orabug: 31314977] - iommu/arm-smmu-v3: Disable default event queue logging (Rick Farrington) [Orabug: 31314977] - iommu/arm-smmu-v3: Dont disable SMMU in kdump kernel (Will Deacon) [Orabug: 31314977] - iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel (Will Deacon) [Orabug: 31314977] - iommu/arm-smmu-v3: Force 32 byte command queue memory reads on SMMU for 96xx and 95xx silicons (Geetha sowjanya) [Orabug: 31314977] - iommu/arm-smmu-v3: Force 32 byte command queue memory reads on CN96XX SMMU (Linu Cherian) [Orabug: 31314977] - iommu/arm-smmu-v3: Use burst-polling for sync completion (Robin Murphy) [Orabug: 31314977] - iommu/arm-smmu-v3: Consolidate identical timeouts (Will Deacon) [Orabug: 31314977] - iommu/arm-smmu-v3: Split arm_smmu_cmdq_issue_sync in half (Will Deacon) [Orabug: 31314977] - iommu/arm-smmu-v3: Use CMD_SYNC completion MSI (Robin Murphy) [Orabug: 31314977] - iommu/arm-smmu-v3: Forget about cmdq-sync interrupt (Robin Murphy) [Orabug: 31314977] - iommu/arm-smmu-v3: Specialise CMD_SYNC handling (Robin Murphy) [Orabug: 31314977] - iommu/arm-smmu-v3: Correct COHACC override message (Robin Murphy) [Orabug: 31314977] - iommu/arm-smmu-v3: Avoid ILLEGAL setting of STE.S1STALLD and CD.S (Yisheng Xie) [Orabug: 31314977] - iommu/arm-smmu-v3: Ensure we sync STE when only changing config field (Will Deacon) [Orabug: 31314977] - iommu/arm-smmu: Remove ACPICA workarounds (Robin Murphy) [Orabug: 31314977] - Revert 'iommu/arm-smmu-v3: Force 32 byte command queue memory reads on CN96XX SMMU' (Eric Snowberg) [Orabug: 31314977] - Revert 'iommu/arm-smmu-v3: Force 32 byte command queue memory reads on SMMU for 96xx and 95xx silicons' (Eric Snowberg) [Orabug: 31314977] - Revert 'iommu/arm-smmu-v3: Abort all transactions if SMMU is enabled in kdump kernel' (Eric Snowberg) [Orabug: 31314977] - Revert 'iommu/arm-smmu-v3: Dont disable SMMU in kdump kernel' (Eric Snowberg) [Orabug: 31314977] - Revert 'iommu/arm-smmu-v3: Disable default event queue logging' (Eric Snowberg) [Orabug: 31314977] - Revert 'iommu/arm-smmu-v3: Prevent any devices access to memory without registration' (Eric Snowberg) [Orabug: 31314977] - lib/list_sort: optimize number of calls to comparison function (George Spelvin) [Orabug: 31314977] - lib/list_sort: simplify and remove MAX_LIST_LENGTH_BITS (George Spelvin) [Orabug: 31314977] - lib/sort: avoid indirect calls to built-in swap (George Spelvin) [Orabug: 31314977] - lib/sort: use more efficient bottom-up heapsort variant (George Spelvin) [Orabug: 31314977] - lib/sort: make swap functions more generic (George Spelvin) [Orabug: 31314977] - KVM: arm/arm64: Only skip MMIO insn once (Andrew Jones) [Orabug: 31314977] - arm64: topology: divorce MC scheduling domain from core_siblings (Jeremy Linton) [Orabug: 31314977] - ACPI: Add PPTT to injectable table list (Jeremy Linton) [Orabug: 31314977] - arm64: topology: enable ACPI/PPTT based CPU topology (Jeremy Linton) [Orabug: 31314977] - arm64: topology: rename cluster_id (Jeremy Linton) [Orabug: 31314977] - drivers: base cacheinfo: Add support for ACPI based firmware tables (Jeremy Linton) [Orabug: 31314977] - ACPI: Enable PPTT support on ARM64 (Jeremy Linton) [Orabug: 31314977] - ACPI/PPTT: Add Processor Properties Topology Table parsing (Jeremy Linton) [Orabug: 31314977] - arm64/acpi: Create arch specific cpu to acpi id helper (Jeremy Linton) [Orabug: 31314977] - cacheinfo: rename of_node to fw_token (Jeremy Linton) [Orabug: 31314977] - drivers: base: cacheinfo: setup DT cache properties early (Jeremy Linton) [Orabug: 31314977] - drivers: base: cacheinfo: move cache_setup_of_node() (Jeremy Linton) [Orabug: 31314977] - ata: Disable AHCI ALPM feature for Ampere Computing eMAG SATA (Suman Tripathi) [Orabug: 31314977] - arm64: locking: Replace ticket lock implementation with qspinlock (Will Deacon) [Orabug: 31314977] - arm64: kconfig: Ensure spinlock fastpaths are inlined if !PREEMPT (Will Deacon) [Orabug: 31314977] - arm64: barrier: Implement smp_cond_load_relaxed (Will Deacon) [Orabug: 31314977] - PM / core: fix deferred probe breaking suspend resume order (Feng Kan) [Orabug: 31314977] - netdev, octeon3-ethernet: increase num_packet_buffers to 4096 (Dave Kleikamp) [Orabug: 31351445] - RDMA/mlx5: Set MR cache limit for both PF and VF (Nikhil Krishna) [Orabug: 31127373] - uek-rpm: Move grub boot menu update to posttrans stage. (Somasundaram Krishnasamy) [Orabug: 31358100] [4.14.35-1902.303.2] - KVM: x86: degrade WARN to pr_warn_ratelimited (Paolo Bonzini) [Orabug: 31333678] - kvm: x86/vmx: Use kzalloc for cached_vmcs12 (Tom Roeder) [Orabug: 31333678] - KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (Liran Alon) [Orabug: 31333678] - net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq (Navid Emamdoost) [Orabug: 31301340] {CVE-2019-19045} - mdio_bus: Fix use-after-free on device_register fails (YueHaibing) [Orabug: 31222291] {CVE-2019-12819} - scsi: qla2xxx: Fix fabric scan hang (Quinn Tran) [Orabug: 31331073] - scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (Himanshu Madhani) [Orabug: 31331073] - nvme: Fix device removal of qla2xxx.ko causing sysfs_warn_dup() warning. (John Donnelly) [Orabug: 31322530] - USB: core: Fix races in character device registration and deregistraion (Alan Stern) [Orabug: 31317666] {CVE-2019-19537} - rds: ib: Fix dysfunctional long address resolve timeout (Hakon Bugge) [Orabug: 31302707] - ocfs2: fix panic due to ocfs2_wq is null (Yi Li) [Orabug: 31117439] - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified (Yang Shi) [Orabug: 30969300] - NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (Robert Milkowski) [Orabug: 30594625] - NFSv4: try lease recovery on NFS4ERR_EXPIRED (Robert Milkowski) [Orabug: 30594625] - KVM: x86: clear SMM flags before loading state while leaving SMM (Sean Christopherson) [Orabug: 31317296] - KVM: x86: Open code kvm_set_hflags (Sean Christopherson) [Orabug: 31317296] - KVM: x86: Load SMRAM in a single shot when leaving SMM (Sean Christopherson) [Orabug: 31317296] - scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (Michael Hernandez) [Orabug: 30846292] - scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX (Michael Hernandez) [Orabug: 30846292] - scsi: qla2xxx: Correctly retrieve and interpret active flash region (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: unregister ports after GPN_FT failure (Martin Wilck) [Orabug: 30846292] - scsi: qla2xxx: dont use zero for FC4_PRIORITY_NVME (Martin Wilck) [Orabug: 30846292] - scsi: qla2xxx: initialize fc4_type_priority (Martin Wilck) [Orabug: 30846292] - scsi: qla2xxx: Fix a dma_pool_free() call (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove an include directive (Bart Van Assche) [Orabug: 30846292] - qla2xxx: Update driver version to 10.01.00.21.76.2-k (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Fix device connect issues in P2P configuration (Arun Easi) [Orabug: 30846292] - scsi: qla2xxx: Fix double scsi_done for abort path (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix SRB leak on switch command timeout (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Do command completion on abort timeout (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Improve logging for scan thread (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Set remove flag for all VP (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Dual FCP-NVMe target port support (Michael Hernandez) [Orabug: 30846292] - scsi: qla2xxx: remove redundant assignment to pointer host (Colin Ian King) [Orabug: 30846292] - scsi: qla2xxx: fix NPIV tear down process (Martin Wilck) [Orabug: 30846292] - scsi: qla2xxx: Fix partial flash write of MBI (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (Daniel Wagner) [Orabug: 30846292] - scsi: qla2xxx: Fix Nport ID display value (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix N2N link up fail (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix N2N link reset (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Optimize NPIV tear down process (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix stale mem access on driver unload (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Silence fwdump template message (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Fix stale session (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix stuck login session (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix driver reload for ISP82xx (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Fix flash read for Qlogic ISPs (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: fix spelling mistake 'initializatin' -> 'initialization' (Colin Ian King) [Orabug: 30846292] - scsi: qla2xxx: Fix a recently introduced kernel warning (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: cleanup trace buffer initialization (Martin Wilck) [Orabug: 30846292] - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (Martin Wilck) [Orabug: 30846292] - scsi: qla2xxx: Fix a NULL pointer dereference (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove two superfluous if-tests (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Report invalid mailbox status codes (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove superfluous sts_entry_* casts (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Make sure that aborted commands are freed (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Check secondary image if reading the primary image fails (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Complain if a soft reset fails (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Check the PCI info string output buffer size (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Complain if waiting for pending commands times out (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Simplify a debug statement (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove dead code (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Complain if parsing the version string fails (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Complain if a mailbox command times out (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Use strlcpy() instead of strncpy() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove two superfluous tests (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove a superfluous pointer check (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Simplify qlt_lport_dump() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Reduce the number of casts in GID list code (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Verify locking assumptions at runtime (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Change data_dsd into an array (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove a superfluous forward declaration (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove an include directive from qla_mr.c (Bart Van Assche) [Orabug: 30846292] header file from qla_dsd.h (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Use tabs instead of spaces for indentation (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Improve Linux kernel coding style conformance (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix hang in fcport delete path (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (Andrew Vasquez) [Orabug: 30846292] - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (Arun Easi) [Orabug: 30846292] - scsi: qla2xxx: Correct error handling during initialization failures (Andrew Vasquez) [Orabug: 30846292] - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix premature timer expiration (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Reject EH_{abort|device_reset|target_request} (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Skip FW dump on LOOP initialization error (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Use Correct index for Q-Pair array (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix abort timeout race condition. (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (Chuhong Yuan) [Orabug: 30846292] - scsi: qla2xxx: Remove unnecessary null check (YueHaibing) [Orabug: 30846292] - qla2xxx: remove SGI SN2 support (Christoph Hellwig) [Orabug: 30846292] - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (Bill Kuzeja) [Orabug: 30846292] - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: on session delete, return nvme cmd (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (Enzo Matsumiya) [Orabug: 30846292] - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (Arun Easi) [Orabug: 30846292] - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (Arun Easi) [Orabug: 30846292] - scsi: qla2xxx: Fix NPIV handling for FC-NVMe (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Add cleanup for PCI EEH recovery (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix hardirq-unsafe locking (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Complain loudly about reference count underflow (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Use __le64 instead of uint32_t[2] for sending DMA addresses to firmware (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Check the size of firmware data structures at compile time (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Pass little-endian values to the firmware (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Split the __qla2x00_abort_all_cmds() function (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (Giridhar Malavali) [Orabug: 30846292] - qla2xxx: Fix DMA Buffer free for DIF Bundling (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove unnecessary locking from the target code (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove qla_tgt_cmd.released (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: target: Fix offline port handling and host reset handling (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Log the status code if a firmware command fails (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Uninline qla2x00_init_timer() (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove a set-but-not-used variable (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Update two source code comments (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Silence Successful ELS IOCB message (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Fix device staying in blocked state (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove two superfluous casts (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (Bart Van Assche) [Orabug: 30846292] include directive (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Move the port_state_str[] definition from a .h to a .c file (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Insert spaces where required (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Fix formatting of pointer types (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Leave a blank line after declarations (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Use tabs to indent code (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Fix FC-AL connection target discovery (Quinn Tran) [Orabug: 30846292] - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (Hannes Reinecke) [Orabug: 30846292] - scsi: tcm_qla2xxx: Minimize #include directives (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Use get/put_unaligned where appropriate (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Reduce the number of forward declarations (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Declare local symbols static (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (Bart Van Assche) [Orabug: 30846292] - scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (Colin Ian King) [Orabug: 30846292] - scsi: qla2xxx: Remove useless set memory to zero use memset() (YueHaibing) [Orabug: 30846292] - scsi: qla2xxx: Set remote port devloss timeout to 0 (Giridhar Malavali) [Orabug: 30846292] - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (Giridhar Malavali) [Orabug: 30846292] - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (Anil Gurumurthy) [Orabug: 30846292] - scsi: qla2xxx: Cleanup fcport memory to prevent leak (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Fix fw dump corruption (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Further limit FLASH region write access from SysFS (Andrew Vasquez) [Orabug: 30846292] - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (Giridhar Malavali) [Orabug: 30846292] - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (Giridhar Malavali) [Orabug: 30846292] - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (Giridhar Malavali) [Orabug: 30846292] - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (Giridhar Malavali) [Orabug: 30846292] - scsi: qla2xxx: Set the SCSI command result before calling the command done (Giridhar Malavali) [Orabug: 30846292] - scsi: qla2xxx: Simplify conditional check again (Nathan Chancellor) [Orabug: 30846292] - scsi: qla2xxx: Fix a small typo in qla_bsg.c (Milan P. Gandhi) [Orabug: 30846292] - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (Milan P. Gandhi) [Orabug: 30846292] - qla2xxx: Add 64GBIT Portspeed for Gen7 adapter (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Secure flash update support for ISP28XX (Michael Hernandez) [Orabug: 30846292] - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Correction and improvement to fwdt processing (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Update flash read/write routine (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Add support for multiple fwdump templates/segments (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Correctly report max/min supported speeds (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Add Serdes support for ISP28XX (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Add Device ID for ISP28XX (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Fix routine qla27xx_dump_{mpi|ram}() (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Remove FW default template (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Add fw_attr and port_no SysFS node (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: check for kstrtol() failure (Dan Carpenter) [Orabug: 30846292] - scsi: qla2xxx: avoid printf format warning (Arnd Bergmann) [Orabug: 30846292] - scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (Bill Kuzeja) [Orabug: 30846292] - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (Giridhar Malavali) [Orabug: 30846292] - scsi: qla2xxx: Add new FW dump template entry types (Joe Carnuccio) [Orabug: 30846292] - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Move marker request behind QPair (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Prevent SysFS access when chip is down (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Add support for setting port speed (Anil Gurumurthy) [Orabug: 30846292] - scsi: qla2xxx: Prevent multiple ADISC commands per session (Quinn Tran) [Orabug: 30846292] - scsi: qla2xxx: Check for FW started flag before aborting (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Fix unload when NVMe devices are configured (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (Darren Trapp) [Orabug: 30846292] - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (Himanshu Madhani) [Orabug: 30846292] - scsi: qla2xxx: remove redundant null check on pointer sess (Colin Ian King) [Orabug: 30846292] - scsi: qla2xxx: Move debug messages before sending srb preventing panic (Bill Kuzeja) [Orabug: 30846292] - scsi: qla2xxx: Add mode control for each physical port (Quinn Tran) [Orabug: 30846292] [4.14.35-1902.303.1] - uek-rpm/ol7/config-mips64: Enable EDAC configs (Vijay Kumar) [Orabug: 31255403] - mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring (Navid Emamdoost) [Orabug: 31263146] {CVE-2019-19057} - loop: set PF_MEMALLOC_NOIO for the worker thread (Mikulas Patocka) [Orabug: 31292386] - mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf (Navid Emamdoost) [Orabug: 31246301] {CVE-2019-19056} - MIPS: Add configs for audit (Vijay Kumar) [Orabug: 31245225] - MIPS: Add syscall auditing support (Ralf Baechle) [Orabug: 31245225] - media: technisat-usb2: break out of loop at end of buffer (Sean Young) [Orabug: 31224553] {CVE-2019-15505} - Input: ff-memless - kill timer in destroy() (Oliver Neukum) [Orabug: 31213690] {CVE-2019-19524} - Input: add safety guards to input_set_keycode() (Dmitry Torokhov) [Orabug: 31200557] {CVE-2019-20636} - fm10k: update driver version to match out-of-tree (Jacob Keller) [Orabug: 31268827] - fm10k: add support for ndo_get_vf_stats operation (Jacob Keller) [Orabug: 31268827] - fm10k: add missing field initializers to TLV attributes) (Jacob Keller) [Orabug: 31268827] - fm10k: use a local variable for the frag pointer (Jacob Keller) [Orabug: 31268827] - fm10k: no need to check return value of debugfs_create functions (Greg Kroah-Hartman) [Orabug: 31268827] - fm10k: fix fm10k_get_fault_pf to read correct address (Jacob Keller) [Orabug: 31268827] - fm10k: convert NON_Q_VECTORS(hw) into NON_Q_VECTORS (Jacob Keller) [Orabug: 31268827] - fm10k: mark unused parameters with __always_unused (Jacob Keller) [Orabug: 31268827] - fm10k: cast page_addr to u8 * when incrementing it (Jacob Keller) [Orabug: 31268827] - fm10k: explicitly return 0 on success path in function (Jacob Keller) [Orabug: 31268827] - fm10k: remove needless initialization of size local variable (Jacob Keller) [Orabug: 31268827] - fm10k: remove needless assignment of err local variable (Jacob Keller) [Orabug: 31268827] - fm10k: remove unnecessary variable initializer (Jacob Keller) [Orabug: 31268827] - fm10k: reduce scope of the ring variable (Jacob Keller) [Orabug: 31268827] - fm10k: reduce the scope of the result local variable (Jacob Keller) [Orabug: 31268827] - fm10k: reduce the scope of the local msg variable (Jacob Keller) [Orabug: 31268827] - fm10k: reduce the scope of the local i variable (Jacob Keller) [Orabug: 31268827] - fm10k: reduce the scope of the err variable (Jacob Keller) [Orabug: 31268827] - fm10k: reduce the scope of the tx_buffer variable (Jacob Keller) [Orabug: 31268827] - fm10k: reduce the scope of the q_idx local variable (Jacob Keller) [Orabug: 31268827] - fm10k: reduce the scope of local err variable (Jacob Keller) [Orabug: 31268827] - fm10k: reduce the scope of qv local variable (Jacob Keller) [Orabug: 31268827] - fm10k: reduce scope of *p local variable (Jacob Keller) [Orabug: 31268827] - fm10k: reduce scope of the err variable (Jacob Keller) [Orabug: 31268827] - fm10k: Use dev_get_drvdata (Chuhong Yuan) [Orabug: 31268827] - fm10k: use struct_size() in kzalloc() (Gustavo A. R. Silva) [Orabug: 31268827] - fm10k: TRIVIAL cleanup of extra spacing in function comment (Jacob Keller) [Orabug: 31268827] - fm10k: bump driver version to match out-of-tree release (Jacob Keller) [Orabug: 31268827] - fm10k: add missing device IDs to the upstream driver (Jacob Keller) [Orabug: 31268827] - fm10k: fix SM mailbox full condition (Ngai-Mint Kwan) [Orabug: 31268827] - Documentation: fm10k: Add kernel documentation (Jeff Kirsher) [Orabug: 31268827] - fm10k: remove ndo_poll_controller (Eric Dumazet) [Orabug: 31268827] - fm10k: dont protect fm10k_queue_mac_request by fm10k_host_mbx_ready (Jacob Keller) [Orabug: 31268827] - fm10k: warn if the stat size is unknown (Jacob Keller) [Orabug: 31268827] - fm10k: use macro to avoid passing the array and size separately (Jacob Keller) [Orabug: 31268827] - fm10k: use variadic arguments to fm10k_add_stat_strings (Jacob Keller) [Orabug: 31268827] - fm10k: reduce duplicate fm10k_stat macro code (Jacob Keller) [Orabug: 31268827] - fm10k: setup VLANs for l2 accelerated macvlan interfaces (Jacob Keller) [Orabug: 31268827] - fm10k: Report PCIe link properties with pcie_print_link_status() (Bjorn Helgaas) [Orabug: 31268827] - fm10k: bump version number (Jacob Keller) [Orabug: 31268827] - fm10k: fix incorrect warning for function prototype (Jacob Keller) [Orabug: 31268827] - fm10k: fix function doxygen comments (Jacob Keller) [Orabug: 31268827] - fm10k: clarify action when updating the VLAN table (Ngai-Mint Kwan) [Orabug: 31268827] - fm10k: correct typo in fm10k_pf.c (Ngai-Mint Kwan) [Orabug: 31268827] - fm10k: dont assume VLAN 1 is enabled (Jacob Keller) [Orabug: 31268827] - fm10k: stop adding VLAN 0 to the VLAN table (Jacob Keller) [Orabug: 31268827] - fm10k: cleanup unnecessary parenthesis in fm10k_iov.c (Jacob Keller) [Orabug: 31268827] - fm10k: Fix configuration for macvlan offload (Alexander Duyck) [Orabug: 31268827] - fm10k: mark PM functions as __maybe_unused (Arnd Bergmann) [Orabug: 31268827] - fm10k: prefer %s and __func__ for diagnostic prints (Jacob Keller) [Orabug: 31268827] - fm10k: Fix misuse of net_ratelimit() (Joe Perches) [Orabug: 31268827] - fm10k: bump version number (Jacob Keller) [Orabug: 31268827] - fm10k: use the MAC/VLAN queue for VF<->PF MAC/VLAN requests (Jacob Keller) [Orabug: 31268827] - fm10k: introduce a message queue for MAC/VLAN messages (Jacob Keller) [Orabug: 31268827] - fm10k: use generic PM hooks instead of legacy PCIe power hooks (Jacob Keller) [Orabug: 31268827] - fm10k: use spinlock to implement mailbox lock (Jacob Keller) [Orabug: 31268827] - fm10k: prepare_for_reset() when we lose PCIe Link (Jacob Keller) [Orabug: 31268827] - fm10k: prevent race condition of __FM10K_SERVICE_SCHED (Jacob Keller) [Orabug: 31268827] - fm10k: move fm10k_prepare_for_reset and fm10k_handle_reset (Jacob Keller) [Orabug: 31268827] - fm10k: avoid divide by zero in rare cases when device is resetting (Jacob Keller) [Orabug: 31268827] - fm10k: dont loop while resetting VFs due to VFLR event (Jacob Keller) [Orabug: 31268827] - fm10k: simplify reading PFVFLRE register (Jacob Keller) [Orabug: 31268827] - fm10k: avoid needless delay when loading driver (Jacob Keller) [Orabug: 31268827] - fm10k: add missing fall through comment (Jacob Keller) [Orabug: 31268827] - fm10k: avoid possible truncation of q_vector->name (Jacob Keller) [Orabug: 31268827] - fm10k: fix typos on fall through comments (Jacob Keller) [Orabug: 31268827] - fm10k: stop spurious link down messages when Tx FIFO is full (Jacob Keller) [Orabug: 31268827] - fm10k: Use seq_putc() in fm10k_dbg_desc_break() (Markus Elfring) [Orabug: 31268827] - fm10k: reschedule service event if we stall the PF<->SM mailbox (Jacob Keller) [Orabug: 31268827] - jbd2: disable CONFIG_JBD2_DEBUG (Junxiao Bi) [Orabug: 31264701] [4.14.35-1902.303.0] - uek-rpm/ol7/config-mips64-embedded: Firewalld reports error and warnings for missing config (Vijay Kumar) [Orabug: 31239302] - brcmfmac: add subtype check for event handling in data path (Arend van Spriel) [Orabug: 31234675] {CVE-2019-9503} - mips64: drivers/watchdog: Add IRQF_NOBALANCING when requesting irq (Thomas Tai) [Orabug: 31233810] - iwlwifi: dbg_ini: fix memory leak in alloc_sgtable (Navid Emamdoost) [Orabug: 31233656] {CVE-2019-19058} - SUNRPC: Allow soft RPC calls to time out when waiting for the XPRT_LOCK (Trond Myklebust) [Orabug: 31226553] - SUNRPC: Turn off throttling of RPC slots for TCP sockets (Trond Myklebust) [Orabug: 31226553] - NFSv4.1: Avoid false retries when RPC calls are interrupted (Trond Myklebust) [Orabug: 31226553] - coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (Andrea Arcangeli) [Orabug: 31222107] {CVE-2019-11599} - ext4: add more paranoia checking in ext4_expand_extra_isize handling (Theodore Tso) [Orabug: 31218807] {CVE-2019-19767} - ext4: fix use-after-free race with debug_want_extra_isize (Barret Rhoden) [Orabug: 31218807] {CVE-2019-19767} - media: xirlink_cit: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31213766] {CVE-2020-11668} - media: ov519: add missing endpoint sanity checks (Johan Hovold) [Orabug: 31213757] {CVE-2020-11608} - media: stv06xx: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31200578] {CVE-2020-11609} - net/flow_dissector: switch to siphash (Eric Dumazet) [Orabug: 30872863] {CVE-2019-18282} - brcmfmac: assure SSID length from firmware is limited (Arend van Spriel) [Orabug: 30872843] {CVE-2019-9500} - xfs: move inode flush to the sync workqueue (Darrick J. Wong) [Orabug: 31056429] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-18282 CVE-2019-9503 CVE-2020-0543 CVE-2019-19057 CVE-2020-11609 CVE-2020-11668 CVE-2019-9500 CVE-2019-12819 CVE-2019-14897 CVE-2019-19045 CVE-2019-14896 CVE-2019-19056 CVE-2019-19524 CVE-2019-19537 CVE-2019-19767 CVE-2019-20636 CVE-2020-12768 CVE-2019-15505 CVE-2019-19058 CVE-2019-11599 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:8:patch Oracle Linux 7 [5.7.0-15.el7] - qemu: Escape the qemu driver systemd DOT hoax (Wim ten Have) [Orabug: 31380815] [5.7.0-14.el7] - vmx: make 'fileName' optional for CD-ROMs (Pino Toscano) [Orabug: 31350200] - vmx: shortcut earlier few 'ignore' cases in virVMXParseDisk() (Pino Toscano) [Orabug: 31350200] - domain group: Fix a potential SEGV while restoring guest domains (Wim ten Have) [Orabug: 31285615] - cpu_map: Distinguish Cascadelake-Server from Skylake-Server (Jiri Denemark) [Orabug: 31214897] - cpu_map: Add more -noTSX x86 CPU models (Christian Ehrhardt) [Orabug: 31214897] - qemuDomainGetStatsIOThread: Don't leak array with 0 iothreads (Peter Krempa) [Orabug: 31251756] {CVE-2020-12430} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12430 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:linux:7::kvm_utils cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 Oracle Linux 7 [5.7.0-15.el7] - qemu: Escape the qemu driver systemd DOT hoax (Wim ten Have) [Orabug: 31380815] [5.7.0-14.el7] - vmx: make 'fileName' optional for CD-ROMs (Pino Toscano) [Orabug: 31350200] - vmx: shortcut earlier few 'ignore' cases in virVMXParseDisk() (Pino Toscano) [Orabug: 31350200] - domain group: Fix a potential SEGV while restoring guest domains (Wim ten Have) [Orabug: 31285615] - cpu_map: Distinguish Cascadelake-Server from Skylake-Server (Jiri Denemark) [Orabug: 31214897] - cpu_map: Add more -noTSX x86 CPU models (Christian Ehrhardt) [Orabug: 31214897] - qemuDomainGetStatsIOThread: Don't leak array with 0 iothreads (Peter Krempa) [Orabug: 31251756] {CVE-2020-12430} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12430 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:linux:7::kvm_utils cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.39.5.1] - x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [Orabug: 31352782] {CVE-2020-0543} - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31352782] {CVE-2020-054 3} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31352782] {CVE- 2020-0543} - x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31352782] {CVE-2020-0543} - x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31352782] {CVE-2020-0543} - x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping (Jia Zhang) [Orabug: 31352782] {CVE-2020-0543} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-0543 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 8 [0.10.4-6.0.1.el8_2.1] - Replace HAM-logo.png with a generic one [0.10.4-6.el8_2.1] - Fixed running pcs status on remote nodes - Fixed ruby daemon closing connection after 30s - Fixed inability to create colocation constraint in webUI - Updated bundled rubygem-json - Resolves: rhbz#1832914 rhbz#1838084 rhbz#1840154 rhbz#1840158 [0.10.4-6] - Fixed communication between python and ruby daemons - Resolves: rhbz#1783106 [0.10.4-5] - Fixed link to sbd man page from doc - Fixed safe-disabling clones, groups, bundles - Fixed sinatra wrapper performance issue - Fixed detecting fence history support - Fixed cookie options - Updated hint for 'resource create ... master' - Updated gating tests execution, smoke tests run from upstream sources - Resolves: rhbz#1750427 rhbz#1781303 rhbz#1783106 rhbz#1793574 [0.10.4-4] - Fix testsuite for pacemaker-2.0.3-4 - Resolves: rhbz#1792946 [0.10.4-3] - Added basic resource views in new webUI IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10663 cpe:/a:oracle:linux:8::addons Oracle Linux 7 kubernetes [1.12.10-1.0.12] - CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements - CVE-2020-8555: Half-Blind SSRF in kube-controller-manager kubeadm-ha-setup [0.0.2-1.0.70] - Enhance image tag read to depend on kubeadm-registry.sh for CVE release CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements CVE-2020-8555: Half-Blind SSRF in kube-controller-manager kubernetes-cni [0.7.1-1.0.1] - Added Oracle specific build files for Kubernetes CNI kubernetes-cni-plugins [0.8.6-1.0.1] - Added Oracle specific build files for Kubernetes CNI Plugins IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8555 CVE-2020-10749 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 cpe:/a:oracle:linux:7::addons Oracle Linux 7 grafana [%{}-1.0.1] - Added Oracle Specific Build Files for grafana kubernetes-cni [0.7.1-1.0.1] - Added Oracle specific build files for Kubernetes CNI kubernetes-cni-plugins [0.8.6-1.0.1] - Added Oracle specific build files for Kubernetes CNI Plugins kubernetes [1.14.9-1.0.4] - CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements - CVE-2020-8555: Half-Blind SSRF in kube-controller-manager [1.14.9-1.0.3] - [CVE-2019-11254] kube-apiserver Denial of Service vulnerability from malicious YAML payloads [1.14.9-1.0.2] - Use bounded crio version [1.14.9-1.0.1] - Added Oracle specific build files for Kubernetes kubernetes [1.17.6-1.0.2.el7] - Update to kubernetes-cni for CVE-2020-10749 [1.17.6-1.0.2.el7] - Added Oracle specific build files for Kubernetes olcne [1.1.1-1] - Update Istio to use Grafana 6.7.4 to address CVE-2020-13379 - Kubernetes update due to CVE-2020-10749 and CVE-2020-8555 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13379 CVE-2020-8555 CVE-2020-10749 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 cpe:/a:oracle:linux:7::addons Oracle Linux 7 kubernetes-cni-plugins [0.8.6-1.0.1] - Added Oracle specific build files for Kubernetes CNI Plugins kubernetes-cni [0.7.1-1.0.1] - Added Oracle specific build files for Kubernetes CNI kubernetes [1.14.9-1.0.4] - CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements - CVE-2020-8555: Half-Blind SSRF in kube-controller-manager [1.14.9-1.0.3] - [CVE-2019-11254] kube-apiserver Denial of Service vulnerability from malicious YAML payloads [1.14.9-1.0.2] - Use bounded crio version [1.14.9-1.0.1] - Added Oracle specific build files for Kubernetes olcne [1.0.4-1] - CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements - CVE-2020-8555: Half-Blind SSRF in kube-controller-manager IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8555 CVE-2020-10749 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 cpe:/a:oracle:linux:7::addons Oracle Linux 7 docker-engine [19.03.11-1.0.0] - update to 19.03.11 for CVE-2020-13401 [19.03.1-1.0.0] - update to 19.03.1 [19.03-0.0.1] - update to 19.03 [18.09.1-1.0.6] - disable kmem accounting for UEKR4 [18.09.1-1.0.5] - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 [18.09.1-1.0.4] - fix authentication error when using docker hub and using --default-registry [18.09.1-1.0.3] - fix authentication errors when using docker hub [18.09.1-1.0.2] - use epoch in container-selinux dependency [18.09.1-1.0.1] - fix 'docker cp doesn't work for btrfs' (OLM-158) - update build to Go 1.10.8 [18.09.1-1.0.0] - update to 18.09.1 [18.09-1.0.0] - rename back to docker-engine, rename dockerd-ce to dockerd and stop using alternatives [18.09-0.0.1] - merge docker-engine.spec changes by Oracle into docker-ce.spec from upstream 18.09 branch [18.03.1.ol-0.0.7] - fix [orabug 28452214] and [orabug 28461404] [18.03.1.ol-0.0.6] - obsolete/provide the docker package [orabug 28216396] - Fix docker plugin reference resolution [orabug 28376247] [18.03.1.ol-1.0.4] - Fixed issue where RPM overwrites config files [17.12.0.ol-1.0.1] - Update docker-engine package for upstream 17.12.0 [17.09.1.ol-1.0.2] - Update docker-engine package for upstream 17.09.1 [17.06.2.ol-1.0.1] - Update docker-engine package for upstream 17.06.2 [orabug 26673768] - Migrate to new 'ol'-based versioning - add docker-storage-config utility [17.03.1-ce-3.0.1] - Update docker-engine package for upstream 17.03.1 - Enable configuration of Docker daemon via sysconfig [orabug 21804877] - Require UEK4 for docker 1.9 [orabug 22235639 22235645] - Add docker.conf for prelink [orabug 25147708] - Update oracle linux selinux policy to match upstream [orabug 25653794] - Use dockerd instead of docker daemon as it is deprecated [orabug 25653794] docker-cli [19.03.11-1.0.0] - update to 19.03.11 for CVE-2020-13401 [19.03.1-1.0.0] - update to 19.03.1 [19.03-0.0.1] - update to 19.03 [18.09.1-1.0.6] - disable kmem accounting for UEKR4 [18.09.1-1.0.5] - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 [18.09.1-1.0.4] - fix authentication error when using docker hub and using --default-registry [18.09.1-1.0.3] - fix authentication errors when using docker hub [18.09-1.0.0] - rename to docker-cli [18.09-0.0.1] - merge docker-engine.spec changes by Oracle into docker-ce-cli.spec from upstream 18.09 branch IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13401 cpe:/a:oracle:linux:7::developer Oracle Linux 7 [4.14.35-1902.303.5.3] - rds: Deregister all FRWR mr with free_mr (Hans Westgaard Ry) [Orabug: 31476202] - Revert rds: Do not cancel RDMAs that have been posted to the HCA (Gerd Rausch) [Orabug: 31475329] - Revert rds: Introduce rds_conn_to_path helper (Gerd Rausch) [Orabug: 31475329] - Revert rds: Three cancel fixes (Gerd Rausch) [Orabug: 31475318] [4.14.35-1902.303.5.2] - rds: Three cancel fixes (Hakon Bugge) [Orabug: 31463014] [4.14.35-1902.303.5.1] - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} - x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} - x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} [4.14.35-1902.303.5] - net/mlx5: Decrease default mr cache size (Artemy Kovalyov) [Orabug: 31446379] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-0543 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:8:patch Oracle Linux 7 docker-cli [19.03.11-4] - added patch for registry list [19.03.11-3] - update to 19.03.11 for CVE-2020-13401 [19.03.1-1.0.0] - update to 19.03.1 [19.03-0.0.1] - update to 19.03 [18.09.1-1.0.6] - disable kmem accounting for UEKR4 [18.09.1-1.0.5] - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 [18.09.1-1.0.4] - fix authentication error when using docker hub and using --default-registry [18.09.1-1.0.3] - fix authentication errors when using docker hub [18.09-1.0.0] - rename to docker-cli [18.09-0.0.1] - merge docker-engine.spec changes by Oracle into docker-ce-cli.spec from upstream 18.09 branch docker-engine [19.03.11-4] - added patch for registry list [19.03.11-3] - update to 19.03.11 for CVE-2020-13401 [19.03.1-1.0.0] - update to 19.03.1 [19.03-0.0.1] - update to 19.03 [18.09.1-1.0.6] - disable kmem accounting for UEKR4 [18.09.1-1.0.5] - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 [18.09.1-1.0.4] - fix authentication error when using docker hub and using --default-registry [18.09.1-1.0.3] - fix authentication errors when using docker hub [18.09.1-1.0.2] - use epoch in container-selinux dependency [18.09.1-1.0.1] - fix 'docker cp doesn't work for btrfs' (OLM-158) - update build to Go 1.10.8 [18.09.1-1.0.0] - update to 18.09.1 [18.09-1.0.0] - rename back to docker-engine, rename dockerd-ce to dockerd and stop using alternatives [18.09-0.0.1] - merge docker-engine.spec changes by Oracle into docker-ce.spec from upstream 18.09 branch [18.03.1.ol-0.0.7] - fix [orabug 28452214] and [orabug 28461404] [18.03.1.ol-0.0.6] - obsolete/provide the docker package [orabug 28216396] - Fix docker plugin reference resolution [orabug 28376247] [18.03.1.ol-1.0.4] - Fixed issue where RPM overwrites config files [17.12.0.ol-1.0.1] - Update docker-engine package for upstream 17.12.0 [17.09.1.ol-1.0.2] - Update docker-engine package for upstream 17.09.1 [17.06.2.ol-1.0.1] - Update docker-engine package for upstream 17.06.2 [orabug 26673768] - Migrate to new 'ol'-based versioning - add docker-storage-config utility [17.03.1-ce-3.0.1] - Update docker-engine package for upstream 17.03.1 - Enable configuration of Docker daemon via sysconfig [orabug 21804877] - Require UEK4 for docker 1.9 [orabug 22235639 22235645] - Add docker.conf for prelink [orabug 25147708] - Update oracle linux selinux policy to match upstream [orabug 25653794] - Use dockerd instead of docker daemon as it is deprecated [orabug 25653794] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-13401 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:linux:7::developer cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:linux:7::addons Oracle Linux 6 Oracle Linux 7 [4.1.12-124.40.6] - ipv4: ipv4_default_advmss() should use route mtu (Eric Dumazet) [Orabug: 31563095] - net: ipv4: Refine the ipv4_default_advmss (Gao Feng) [Orabug: 31563095] [4.1.12-124.40.5] - Revert 'bnxt_en: Remove busy poll logic in the driver.' (Brian Maly) [Orabug: 28151475] - md: batch flush requests. (NeilBrown) [Orabug: 31332821] - ALSA: core: Fix card races between register and disconnect (Takashi Iwai) [Orabug: 31351891] {CVE-2019-15214} - media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner (Malcolm Priestley) [Orabug: 31352061] {CVE-2017-16538} - media: dvb-usb-v2: lmedm04: Improve logic checking of warm start (Malcolm Priestley) [Orabug: 31352061] {CVE-2017-16538} - atomic_open(): fix the handling of create_error (Al Viro) [Orabug: 31493395] [4.1.12-124.40.4] - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (Tomas Bortoli) [Orabug: 31351119] {CVE-2019-19533} - NFS: Fix a performance regression in readdir (Trond Myklebust) [Orabug: 31409061] [4.1.12-124.40.3] - x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [Orabug: 31475612] {CVE-2020-0543} - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31475612] {CVE-2020-0543} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31475612] {CVE-2020-0543} - x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31475612] {CVE-2020-0543} - x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31475612] {CVE-2020-0543} - x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping (Jia Zhang) [Orabug: 31475612] {CVE-2020-0543} [4.1.12-124.40.2] - MCE: Restrict MCE banks to 6 on AMD platform (Zhenzhong Duan) [Orabug: 30000521] - can: peak_usb: fix slab info leak (Johan Hovold) [Orabug: 31351141] {CVE-2019-19534} - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351250] {CVE-2019-19536} - xfs: fix freeze hung (Junxiao Bi) [Orabug: 31430876] [4.1.12-124.40.1] - iscsi_target: fix mismatch spinlock unlock (Junxiao Bi) [Orabug: 31202372] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19533 CVE-2019-19536 CVE-2017-16538 CVE-2019-15214 CVE-2019-19534 CVE-2020-0543 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.47.1] - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (Tomas Bortoli) [Orabug: 31351121] {CVE-2019-19533} - can: peak_usb: fix slab info leak (Johan Hovold) [Orabug: 31351143] {CVE-2019-19534} - ALSA: core: Fix card races between register and disconnect (Takashi Iwai) [Orabug: 31351893] {CVE-2019-15214} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19534 CVE-2019-19533 CVE-2019-15214 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.324.1] - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (Tomas Bortoli) [Orabug: 31351122] {CVE-2019-19533} - ALSA: core: Fix card races between register and disconnect (Takashi Iwai) [Orabug: 31351895] {CVE-2019-15214} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19533 CVE-2019-15214 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 7 [4.14.35-1902.304.6] - bpf: fix sanitation rewrite in case of non-pointers (Daniel Borkmann) [Orabug: 31552243] [4.14.35-1902.304.5] - acpi: disallow loading configfs acpi tables when locked down (Jason A. Donenfeld) [Orabug: 31493187] - selftests/bpf: do not run test_kmod.sh for UEK5 (Alan Maguire) [Orabug: 31540213] - bpf: do not allow root to mangle valid pointers (Alexei Starovoitov) [Orabug: 31540213] - x86/mitigations: reset default value for srbds_mitigation (Mihai Carabas) [Orabug: 31515075] - x86/cpu: clear X86_BUG_SRBDS before late loading (Mihai Carabas) [Orabug: 31515075] - x86/mitigations: update MSRs on all CPUs for SRBDS (Mihai Carabas) [Orabug: 31515075] - p54usb: Fix race between disconnect and firmware loading (Alan Stern) [Orabug: 31351863] {CVE-2019-15220} - media: rc: prevent memory leak in cx23888_ir_probe (Navid Emamdoost) [Orabug: 31351671] {CVE-2019-19054} - mm: Fix mremap not considering huge pmd devmap (Fan Yang) [Orabug: 31452398] {CVE-2020-10757} {CVE-2020-10757} - tcp: implement coalescing on backlog queue (Eric Dumazet) [Orabug: 31517079] - tcp: drop dst in tcp_add_backlog() (Eric Dumazet) [Orabug: 31517079] - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (Daniel Borkmann) [Orabug: 31517079] [4.14.35-1902.304.4] - rds: Fix potential use after free in rds_ib_inc_free (Hans Westgaard Ry) [Orabug: 31504054] - cpu/hotplug: Fix 'SMT disabled by BIOS' detection for KVM (Josh Poimboeuf) [Orabug: 31421904] - RDMA/cm: Spurious WARNING triggered in cm_destroy_id() (Ka-Cheong Poon) [Orabug: 31483289] - RDMA/cm: Make sure the cm_id is in the IB_CM_IDLE state in destroy (Jason Gunthorpe) [Orabug: 31483289] - RDMA/cm: Allow ib_send_cm_sidr_rep() to be done under lock (Jason Gunthorpe) [Orabug: 31483289] - RDMA/cm: Allow ib_send_cm_rej() to be done under lock (Jason Gunthorpe) [Orabug: 31483289] - RDMA/cm: Allow ib_send_cm_drep() to be done under lock (Jason Gunthorpe) [Orabug: 31483289] - RDMA/cm: Allow ib_send_cm_dreq() to be done under lock (Jason Gunthorpe) [Orabug: 31483289] - RDMA/cm: Add some lockdep assertions for cm_id_priv->lock (Jason Gunthorpe) [Orabug: 31483289] - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (Jason Gunthorpe) [Orabug: 31483289] - RDMA/cm: Make the destroy_id flow more robust (Jason Gunthorpe) [Orabug: 31483289] - RDMA/cm: Remove a race freeing timewait_info (Jason Gunthorpe) [Orabug: 31483289] - RDMA/cm: Use refcount_t type for refcount variable (Danit Goldberg) [Orabug: 31483289] - net/rds: NULL pointer de-reference in rds_ib_add_one() (Ka-Cheong Poon) [Orabug: 31501438] - scsi: mpt3sas: Introduce module parameter to override queue depth (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: Fix memset() in non-RDPQ mode (Suganath Prabu S) [Orabug: 31486216] - scsi: mpt3sas: Fix reply queue count in non RDPQ mode (Suganath Prabu S) [Orabug: 31486216] (Samuel Zou) [Orabug: 31486216] - scsi: mpt3sas: Fix double free warnings (Suganath Prabu S) [Orabug: 31486216] - scsi: mpt3sas: Disable DIF when prot_mask set to zero (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: Capture IOC data for debugging purposes (Suganath Prabu) [Orabug: 31486216] - scsi: mpt3sas: Use true, false for ioc->use_32bit_dma (Jason Yan) [Orabug: 31486216] - scsi: mpt3sas: Remove NULL check before freeing function (Jason Yan) [Orabug: 31486216] - scsi: mpt3sas: Update mpt3sas version to 33.101.00.00 (Suganath Prabu) [Orabug: 31486216] - scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region (Suganath Prabu) [Orabug: 31486216] - scsi: mpt3sas: Separate out RDPQ allocation to new function (Suganath Prabu) [Orabug: 31486216] - scsi: mpt3sas: Rename function name is_MSB_are_same (Suganath Prabu) [Orabug: 31486216] - scsi: mpt3sas: Don't change the DMA coherent mask after allocations (Christoph Hellwig) [Orabug: 31486216] - scsi: mpt3sas: use true,false for bool variables (Jason Yan) [Orabug: 31486216] - scsi: mpt3sas: Update drive version to 33.100.00.00 (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: Remove usage of device_busy counter (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: Print function name in which cmd timed out (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: Optimize mpt3sas driver logging (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: print in which path firmware fault occurred (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: Handle CoreDump state from watchdog thread (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: Add support IOCs new state named COREDUMP (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: renamed _base_after_reset_handler function (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: Add support for NVMe shutdown (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: Update MPI Headers to v02.00.57 (Sreekanth Reddy) [Orabug: 31486216] - scsi: mpt3sas: Fix double free in attach error handling (Dan Carpenter) [Orabug: 31486216] - scsi: mpt3sas: change allocation option (Tomas Henzl) [Orabug: 31486216] - KVM: VMX: check descriptor table exits on instruction emulation (Oliver Upton) [Orabug: 31397358] [4.14.35-1902.304.3] - rebuild bumping release [4.14.35-1902.304.2] - bpf: fix sanitation of alu op with pointer / scalar type from different paths (Daniel Borkmann) [Orabug: 31350800] {CVE-2019-7308} - bpf: prevent out of bounds speculation on pointer arithmetic (Daniel Borkmann) [Orabug: 31350800] {CVE-2019-7308} - bpf: restrict unknown scalars of mixed signed bounds for unprivileged (Daniel Borkmann) [Orabug: 31350800] {CVE-2019-7308} - bpf: move {prev_,}insn_idx into verifier env (Daniel Borkmann) [Orabug: 31350800] {CVE-2019-7308} - bpf: reduce verifier memory consumption (Alexei Starovoitov) [Orabug: 31350800] {CVE-2019-7308} - bpf: Prevent memory disambiguation attack (Alexei Starovoitov) [Orabug: 31350800] {CVE-2019-7308} - Revert 'rds: Do not cancel RDMAs that have been posted to the HCA' (Gerd Rausch) [Orabug: 31476562] - Revert 'rds: Introduce rds_conn_to_path helper' (Gerd Rausch) [Orabug: 31476562] - Revert 'rds: Three cancel fixes' (Gerd Rausch) [Orabug: 31476551] - scsi: megaraid_sas: Update driver version to 07.714.04.00-rc1 (Chandrakanth Patil) [Orabug: 31481643] - scsi: megaraid_sas: TM command refire leads to controller firmware crash (Sumit Saxena) [Orabug: 31481643] - scsi: megaraid_sas: Replace undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro (Shivasharan S) [Orabug: 31481643] - scsi: megaraid_sas: Remove IO buffer hole detection logic (Sumit Saxena) [Orabug: 31481643] - scsi: megaraid_sas: Limit device queue depth to controller queue depth (Kashyap Desai) [Orabug: 31481643] - scsi: megaraid: make two symbols static in megaraid_sas_base.c (Jason Yan) [Orabug: 31481643] - scsi: megaraid: make some symbols static in megaraid_sas_fusion.c (Jason Yan) [Orabug: 31481643] - scsi: megaraid_sas: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 31481643] - scsi: megaraid_sas: silence a warning (Tomas Henzl) [Orabug: 31481643] - scsi: megaraid_sas: fix indentation issue (Colin Ian King) [Orabug: 31481643] - scsi: megaraid_sas: fixup MSIx interrupt setup during resume (Hannes Reinecke) [Orabug: 31481643] - scsi: megaraid_sas: Update driver version to 07.713.01.00-rc1 (Anand Lodnoor) [Orabug: 31481643] - scsi: megaraid_sas: Limit the number of retries for the IOCTLs causing firmware fault (Anand Lodnoor) [Orabug: 31481643] - scsi: megaraid_sas: Re-Define enum DCMD_RETURN_STATUS (Anand Lodnoor) [Orabug: 31481643] - scsi: megaraid_sas: Do not set HBA Operational if FW is not in operational state (Anand Lodnoor) [Orabug: 31481643] - scsi: megaraid_sas: Do not kill HBA if JBOD Seqence map or RAID map is disabled (Anand Lodnoor) [Orabug: 31481643] - scsi: megaraid_sas: Do not kill host bus adapter, if adapter is already dead (Anand Lodnoor) [Orabug: 31481643] - scsi: megaraid_sas: Update optimal queue depth for SAS and NVMe devices (Anand Lodnoor) [Orabug: 31481643] - scsi: megaraid_sas: Set no_write_same only for Virtual Disk (Anand Lodnoor) [Orabug: 31481643] - scsi: megaraid_sas: Reset adapter if FW is not in READY state after device resume (Anand Lodnoor) [Orabug: 31481643] - scsi: megaraid_sas: Make poll_aen_lock static (YueHaibing) [Orabug: 31481643] - scsi: megaraid_sas: remove unused variables 'debugBlk','fusion' (zhengbin) [Orabug: 31481643] - scsi: megaraid_sas: Unique names for MSI-X vectors (Chandrakanth Patil) [Orabug: 31481643] - scsi: megaraid_sas: Make some functions static (YueHaibing) [Orabug: 31481643] - scsi: megaraid_sas: fix spelling mistake 'megarid_sas' -> 'megaraid_sas' (Colin Ian King) [Orabug: 31481643] - media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (Tomas Bortoli) [Orabug: 31351117] {CVE-2019-19533} - ALSA: core: Fix card races between register and disconnect (Takashi Iwai) [Orabug: 31351890] {CVE-2019-15214} - ALSA: info: Fix racy addition/deletion of nodes (Takashi Iwai) [Orabug: 31351890] {CVE-2019-15214} - rds: Deregister all FRWR mr with free_mr (Hans Westgaard Ry) [Orabug: 31441472] - uek-rpm: disable CONFIG_IP_PNP (Anjali Kulkarni) [Orabug: 31454846] - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31352781] {CVE-2020-0543} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31352781] {CVE-2020-0543} - x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31352781] {CVE-2020-0543} - x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31352781] {CVE-2020-0543} - netdev, octeon3-ethernet: move timecounter init to network driver probe() (Dave Aldridge) [Orabug: 31439190] - rds: Three cancel fixes (Hakon Bugge) [Orabug: 31463014] - can: peak_usb: fix slab info leak (Johan Hovold) [Orabug: 31351139] {CVE-2019-19534} - uek-rpm: use expand macro with kernel_reqprovconf (Dave Kleikamp) [Orabug: 31454052] - can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351248] {CVE-2019-19536} - net/mlx5: Decrease default mr cache size (Artemy Kovalyov) [Orabug: 31410596] - xfs: fix freeze hung (Junxiao Bi) [Orabug: 31245660] - netlabel: cope with NULL catmap (Paolo Abeni) [Orabug: 31350492] {CVE-2020-10711} - mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() (Qing Xu) [Orabug: 31350516] {CVE-2020-12654} - scsi: sg: add sg_remove_request in sg_write (Wu Bo) [Orabug: 31350698] {CVE-2020-12770} - block, bfq: fix use-after-free in bfq_idle_slice_timer_body (Zhiqiang Liu) [Orabug: 31350912] {CVE-2020-12657} - mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Qing Xu) [Orabug: 31350931] {CVE-2020-12653} - USB: core: Fix free-while-in-use bug in the USB S-Glibrary (Alan Stern) [Orabug: 31350965] {CVE-2020-12464} [4.14.35-1902.304.1] - xfs: add agf freeblocks verify in xfs_agf_verify (Zheng Bin) [Orabug: 31350922] {CVE-2020-12655} - rds: Do not cancel RDMAs that have been posted to the HCA (Hakon Bugge) [Orabug: 31396425] - rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31396425] - mwifiex: Abort at too short BSS descriptor element (Takashi Iwai) [Orabug: 31351915] {CVE-2019-3846} - mwifiex: Fix possible buffer overflows at parsing bss descriptor (Takashi Iwai) [Orabug: 31351915] {CVE-2019-3846} {CVE-2019-3846} - bnxt_en: Fix accumulation of bp->net_stats_prev. (Vijayendra Suman) [Orabug: 31390689] - nfs: initiate returning delegation when reclaiming one that's been recalled (Jeff Layton) [Orabug: 31378792] - NFS: More excessive attribute revalidation in nfs_execute_ok() (Trond Myklebust) [Orabug: 31378792] - uek-rpm: Add support for building a kdump kernel on MIPS64 (Dave Kleikamp) [Orabug: 31373682] - uek-rpm: Add config-mips64-embedded-kdump (Henry Willard) [Orabug: 31373682] - uek-rpm: Don't build kernel-uek-tools or perf packages for mips64 (Dave Kleikamp) [Orabug: 31373682] - scsi: mptfusion: Fix double fetch bug in ioctl (Dan Carpenter) [Orabug: 31350940] {CVE-2020-12652} - ptp: fix the race between the release of ptp_clock and cdev (Vladis Dronov) [Orabug: 31350706] {CVE-2020-10690} - net/rds: suppress memory allocation failure reports (Manjunath Patil) [Orabug: 31359419] [4.14.35-1902.304.0] - mips64/octeon: Initialize netdevice in octeon_pow struct (Vijay Kumar) [Orabug: 31388199] - uek-rpm/ol7/config-mips64: Disable IRQSOFF_TRACER (Henry Willard) [Orabug: 31386710] - xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31249146] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19534 CVE-2019-19533 CVE-2020-10690 CVE-2020-10711 CVE-2019-3846 CVE-2019-19054 CVE-2020-12464 CVE-2020-12652 CVE-2020-10757 CVE-2020-12657 CVE-2019-19536 CVE-2019-7308 CVE-2019-15214 CVE-2020-12770 CVE-2019-15220 CVE-2020-0543 CVE-2020-12655 CVE-2020-12653 CVE-2020-12654 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5_archive cpe:/a:oracle:linux:7::developer_UEKR5 cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 Oracle Linux 8 [5.4.17-2011.4.4uek] - KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (Sean Christopherson) [Orabug: 31536904] [5.4.17-2011.4.3uek] - NFS: replace cross device check in copy_file_range (Olga Kornievskaia) [Orabug: 31507615] - rds: Fix potential use after free in rds_ib_inc_free (Hans Westgaard Ry) [Orabug: 31504052] - perf/smmuv3: Allow sharing MMIO registers with the SMMU driver (Jean-Philippe Brucker) [Orabug: 31422283] - perf/smmuv3: use devm_platform_ioremap_resource() to simplify code (YueHaibing) [Orabug: 31422283] - ACPI/IORT: Fix PMCG node single ID mapping handling (Tuan Phan) [Orabug: 31422283] - uek-rpm: Increase CONFIG_NODES_SHIFT from 2 to 3 (Dave Kleikamp) [Orabug: 31422283] - perf: avoid breaking KABI by reusing enum (Dave Kleikamp) [Orabug: 31422283] - uek-rpm: update aarch64 configs for Ampere eMAG2 (Dave Kleikamp) [Orabug: 31422283] - perf: arm_dmc620: Update ACPI ID. (Tuan Phan) [Orabug: 31422283] - perf: arm_dsu: Support ACPI mode. (Tuan Phan) [Orabug: 31422283] - perf: arm_dsu: Allow IRQ to be shared among devices. (Tuan Phan) [Orabug: 31422283] - perf: arm_cmn: improve and make it work on 2P. (Tuan Phan) [Orabug: 31422283] - Perf: arm-cmn: Allow irq to be shared. (Tuan Phan) [Orabug: 31422283] - BACKPORT: arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work (James Morse) [Orabug: 31422283] - BACKPORT: ACPI / APEI: Kick the memory_failure() queue for synchronous errors (James Morse) [Orabug: 31422283] - BACKPORT: mm/memory-failure: Add memory_failure_queue_kick() (James Morse) [Orabug: 31422283] - perf: Add ARM DMC-620 PMU driver. (Tuan Phan) [Orabug: 31422283] - BACKPORT: WIP: perf/arm-cmn: Add ACPI support (Robin Murphy) [Orabug: 31422283] - BACKPORT: WIP: perf: Add Arm CMN-600 PMU driver (Robin Murphy) [Orabug: 31422283] - BACKPORT: perf: Add Arm CMN-600 DT binding (Robin Murphy) [Orabug: 31422283] - net/rds: NULL pointer de-reference in rds_ib_add_one() (Ka-Cheong Poon) [Orabug: 30984983] - mm: Fix mremap not considering huge pmd devmap (Fan Yang) [Orabug: 31452396] {CVE-2020-10757} {CVE-2020-10757} [5.4.17-2011.4.2uek] - UEK6 compiler warning for /net/rds/ib.c (Sharath Srinivasan) [Orabug: 31489529] - UEK6 compiler warning for /net/rds/send.c (Sharath Srinivasan) [Orabug: 31489529] - Fix up two build warnings in the UEK6 GA tree (Jack Vogel) [Orabug: 31489333] - drivers/scsi/scsi_scan.c Fix the compiler warning. (Sudhakar Panneerselvam) [Orabug: 31489322] - x86/retpoline: Fix retpoline unwind (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - x86: Change {JMP,CALL}_NOSPEC argument (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - x86: Simplify retpoline declaration (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - x86/speculation: Change STUFF_RSB to work with objtool (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] - x86/speculation: Change FILL_RETURN_BUFFER to work with objtool (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - x86/unwind: Introduce UNWIND_HINT_EMPTY_ASM (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] - objtool: Add support for intra-function calls (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] - objtool: Remove INSN_STACK (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - objtool: Make handle_insn_ops() unconditional (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - objtool: Rework allocating stack_ops on decode (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - objtool: UNWIND_HINT_RET_OFFSET should not check registers (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] - objtool: is_fentry_call() crashes if call has no destination (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] - objtool: Uniquely identify alternative instruction groups (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] - objtool: Remove check preventing branches within alternative (Julien Thierry) [Orabug: 31077463] [Orabug: 31489320] - objtool: Introduce HINT_RET_OFFSET (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - objtool: Support multiple stack_op per instruction (Julien Thierry) [Orabug: 31077463] [Orabug: 31489320] } IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-0543 CVE-2020-10757 CVE-2020-10711 CVE-2020-12655 CVE-2020-12770 CVE-2019-19769 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/o:oracle:linux:8:2:baseos_patch cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 kernel-uek-container [4.14.35-1902.303.5.3.el7] - rds: Deregister all FRWR mr with free_mr (Hans Westgaard Ry) [Orabug: 31476202] - Revert 'rds: Do not cancel RDMAs that have been posted to the HCA' (Gerd Rausch) [Orabug: 31475329] - Revert 'rds: Introduce rds_conn_to_path helper' (Gerd Rausch) [Orabug: 31475329] - Revert 'rds: Three cancel fixes' (Gerd Rausch) [Orabug: 31475318] [4.14.35-1902.303.5.2.el7] - rds: Three cancel fixes (Hakon Bugge) [Orabug: 31463014] [4.14.35-1902.303.5.1.el7] - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} - x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} - x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} [4.14.35-1902.303.5.el7] - net/mlx5: Decrease default mr cache size (Artemy Kovalyov) [Orabug: 31446379] [4.14.35-1902.303.4.el7] - net/rds: suppress memory allocation failure reports (Manjunath Patil) [Orabug: 31422157] - rds: Do not cancel RDMAs that have been posted to the HCA (Hakon Bugge) [Orabug: 31422151] - rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31422151] kata-image [1.7.3-1.0.5.1] - Address Kata CVE 2023 kata-runtime [1.7.3-1.0.5] - Address Kata CVE-2020-2023 - Address Kata CVE-2020-2024 - Address Kata CVE-2020-2025 - Address Kata CVE-2020-2026 kata [1.7.3-1.0.7] - Address CVE-2020-2023 - Address CVE-2020-2024 - Address CVE-2020-2025 - Address CVE-2020-2026 kubernetes [1.14.9-1.0.6] - CVE-2020-8559: Privilege escalation from compromised node to cluster - CVE-2020-8557: Node disk DOS by writing to container /etc/hosts [1.14.9-1.0.5] - Update dependency on Kata containers to a build that includes fixes for CVE-2020-2023 thru CVE-2020-2026 kubernetes [1.17.9-1.0.1.el7] - Added Oracle specific build files for Kubernetes istio [1.4.10-1.0.1] - CVE-2020-15104: Incorrect validation of wildcard DNS Subject Alternative Names [1.4.10-1.0.0] - Added Oracle Specific Build Files for istio/istio olcne [1.1.2-6] - Include kata-runtime in the default template [1.1.2-5] - CVE-2020-8559: Privilege escalation from compromised node to cluster - CVE-2020-8557: Node disk DOS by writing to container /etc/hosts [1.1.2-4] - Update arguments added for istio module. [1.1.2-3] - Ensure Istio sidecar injector uses valid executable [1.1.2-2] - Update Kubernetes to use Kata 1.7.3-1.0.7 to address CVE-2020-2023 thru CVE-2020-2026 [1.1.2-1] - Added istio-1.4.10 charts and updated istio.yaml to use istio-1.4.10 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-1764 CVE-2020-15104 CVE-2020-10739 CVE-2020-2024 CVE-2020-8557 CVE-2020-2025 CVE-2020-2026 CVE-2020-11080 CVE-2020-8559 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 7 kernel-uek-container [4.14.35-1902.303.5.3.el7] - rds: Deregister all FRWR mr with free_mr (Hans Westgaard Ry) [Orabug: 31476202] - Revert 'rds: Do not cancel RDMAs that have been posted to the HCA' (Gerd Rausch) [Orabug: 31475329] - Revert 'rds: Introduce rds_conn_to_path helper' (Gerd Rausch) [Orabug: 31475329] - Revert 'rds: Three cancel fixes' (Gerd Rausch) [Orabug: 31475318] [4.14.35-1902.303.5.2.el7] - rds: Three cancel fixes (Hakon Bugge) [Orabug: 31463014] [4.14.35-1902.303.5.1.el7] - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} - x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} - x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31446720] {CVE-2020-0543} [4.14.35-1902.303.5.el7] - net/mlx5: Decrease default mr cache size (Artemy Kovalyov) [Orabug: 31446379] [4.14.35-1902.303.4.el7] - net/rds: suppress memory allocation failure reports (Manjunath Patil) [Orabug: 31422157] - rds: Do not cancel RDMAs that have been posted to the HCA (Hakon Bugge) [Orabug: 31422151] - rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31422151] - xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31422147] kata-image [1.7.3-1.0.5.1] - Address Kata CVE 2023 kata-runtime [1.7.3-1.0.5] - Address Kata CVE-2020-2023 - Address Kata CVE-2020-2024 - Address Kata CVE-2020-2025 - Address Kata CVE-2020-2026 kata [1.7.3-1.0.7] - Address CVE-2020-2023 - Address CVE-2020-2024 - Address CVE-2020-2025 - Address CVE-2020-2026 kubernetes [1.14.9-1.0.6] - CVE-2020-8559: Privilege escalation from compromised node to cluster - CVE-2020-8557: Node disk DOS by writing to container /etc/hosts [1.14.9-1.0.5] - Update dependency on Kata containers to a build that includes fixes for CVE-2020-2023 thru CVE-2020-2026 olcne [1.0.5-3] - update registry image mirroring script [1.0.5-2] - CVE-2020-8559: Privilege escalation from compromised node to cluster - CVE-2020-8557: Node disk DOS by writing to container /etc/hosts - Update bootstrap scripts [1.0.5-1] - Update Kata Containers to address CVEs 2020-2023 thru 2020-2026 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8557 CVE-2020-2024 CVE-2020-2026 CVE-2020-2025 CVE-2020-8559 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 7 [1.12.10-1.0.13] - CVE-2020-8559: Privilege escalation from compromised node to cluster - CVE-2020-8557: Node disk DOS by writing to container /etc/hosts IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8559 CVE-2020-8557 cpe:/a:oracle:linux:7::addons Oracle Linux 7 [2.9.4-1.0.7.el7] - \n- bump release number to 2.9.4-1.0.7 (Lans Hung) \n- fix missing Patch1, Patch2, Patch3 declaration in spec file after using %setup -q /usr/bin/cat /usr/src/redhat/SOURCES/fuse-0001-fix-int64_t-conflict-on-aarch64.patch | /usr/bin/patch -p1 -s /usr/bin/cat /usr/src/redhat/SOURCES/fuse-0002-fusermount-refuse-unknown-options.patch | /usr/bin/patch -p1 -s /usr/bin/cat /usr/src/redhat/SOURCES/fuse-0003-fusermount-don-t-feed-escaped-commas-into-mount-opti.patch | /usr/bin/patch -p1 -s [2.9.4-1.0.6.el7] - Reviewed-by: Laurence Rochfort <laurence.rochfort@oracle.com> (Lans Hung) - add signed-off-by (Lans Hung) - Security Update based on ELSA-2018-3324 fuse: bypass of the 'user_allow_other' restriction when SELinux is active. [OraBugzilla: 43547][CVE-2018-10906] (Lans Hung) [2.9.4-1.0.5.el7] - update to 2.9.4-1.0.5.el7 (lans.hung@oracle.com) - update changelog in .spec file (lans.hung@oracle.com) - move patch to buildrpm/ to fix build failure (lans.hung@oracle.com) - Fix int64_t & uint64_t conflict issue on aarch64. This issue doesn't happen in x86_64 because its bits/sigcontext.h does not include asm/sigcontext.h, which it does on arm64, causing the __s64 definition conflict. This fix uses linux/types.h over manually defined int*_t and uint*_t in fuse_kernel.h. (Lans Hung) [Orabug: 27889694] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2018-10906 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 Oracle Linux 7 [2.02-81.0.3] - Fix CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707 [Orabug: 31225072] - Update signing certificate for efi binaries IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14311 CVE-2020-14310 CVE-2020-14309 CVE-2020-10713 CVE-2020-14308 CVE-2020-15705 CVE-2020-15706 CVE-2020-15707 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 Oracle Linux 8 [2.02-82.0.2.el8_2.1] - Fix CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707 [Orabug: 31225072] - Update signing certificate for efi binaries IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15707 CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15705 CVE-2020-15706 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:2:baseos_patch Oracle Linux 7 [2.02-81.0.4] - Fix CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707 [Orabug: 31225072] - Update signing certificate for efi binaries [2.02-0.81.0.2] - Enable common subpackage build for aarch64 - Disable RHEL patch 0183-efinet-retransmit-if-our-device-is-busy.patch to comply with UEFI spec - increase timeout to 10ms in efinet.c, [Orabug: 27982684] [2.02-0.81.0.1] - Update upstream references [Orabug: 30138841] - build with the updated Oracle certificate - Restore symlink to grub environment file, that was removed during grub2-efi update if grub2 package is also installed on UEFI machines [Orabug: 27345750] - fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481] - Pack files in efidir with disabled rpm verification [Orabug: 27166026] - Fix comparison in patch for [Orabug: 18504756] - Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481] - replace dynamic EFI boot folder path generation with predefined 'redhat' (Alex Burmashev) - update Oracle Linux certificates (Alexey Petrenko) - Put 'with' in menuentry instead of 'using' [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] - changed efidir with 0700 access rights, redhat chose another approach in rhbz#1496952, [Orabug: 28622344] - revert orabug [Orabug: 27166026] changes IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14308 CVE-2020-14310 CVE-2020-14309 CVE-2020-10713 CVE-2020-15705 CVE-2020-15706 CVE-2020-15707 CVE-2020-14311 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:patch Oracle Linux 7 [4.14.35-1902.304.6.3] - Revert 'uek-rpm: Move grub boot menu update to posttrans stage.' (Somasundaram Krishnasamy) [Orabug: 31358100] [4.14.35-1902.304.6.2] - certs: Remove Oracle cert compiled into the kernel (Eric Snowberg) [Orabug: 31668611] - efi: Restrict efivar_ssdt_load when the kernel is locked down (Matthew Garrett) [Orabug: 31662729] {CVE-2019-20908} [4.14.35-1902.304.6.1] - IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi) [Orabug: 31652801] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-20908 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:8:patch Oracle Linux 7 Oracle Linux 8 [5.4.17-2011.4.6.el8uek] - Revert 'uek-rpm: Move grub boot menu update to posttrans stage.' (Somasundaram Krishnasamy) [Orabug: 31358097] [5.4.17-2011.4.5.el8uek] - IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi) [Orabug: 31631527] - certs: Remove Oracle cert compiled into the kernel (Eric Snowberg) [Orabug: 31555595] - acpi: disallow loading configfs acpi tables when locked down (Jason A. Donenfeld) [Orabug: 31642981] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15780 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/o:oracle:linux:8:2:baseos_patch cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.41.4] - uek-rpm: Add OL6 shim conflict for new signing key (Eric Snowberg) [Orabug: 31688239] - Revert 'certs: Add Oracle's new X509 cert into the kernel keyring' (Eric Snowberg) [Orabug: 31688223] - blk-mq: don't overwrite rq->mq_ctx (Jens Axboe) [Orabug: 31457304] - blk-mq: mark ctx as pending at batch in flush plug path (Ming Lei) [Orabug: 31457304] [4.1.12-124.41.3] - scsi: qla2xxx: Fix stuck session in GNL (Quinn Tran) [Orabug: 31561461] - scsi: qla2xxx: Serialize session free in qlt_free_session_done (Quinn Tran) [Orabug: 31561461] - scsi: qla2xxx: v2: Change abort wait_loop from msleep to wait_event_timeout (Giridhar Malavali) [Orabug: 26932683] - scsi: qla2xxx: v2: Move ABTS code behind qpair (Quinn Tran) [Orabug: 31517449] - ocfs2: change slot number type s16 to u16 (Junxiao Bi) [Orabug: 31027042] - ocfs2: fix value of OCFS2_INVALID_SLOT (Junxiao Bi) [Orabug: 31027042] - ocfs2: fix panic on nfs server over ocfs2 (Junxiao Bi) [Orabug: 31027042] - ocfs2: load global_inode_alloc (Junxiao Bi) [Orabug: 31027042] - ocfs2: avoid inode removal while nfsd is accessing it (Junxiao Bi) [Orabug: 31027042] - block_dev: don't test bdev->bd_contains when it is not stable (NeilBrown) [Orabug: 31554143] - KVM: x86: Remove spurious semicolon (Joao Martins) [Orabug: 31584727] [4.1.12-124.41.2] - media: rc: prevent memory leak in cx23888_ir_probe (Navid Emamdoost) [Orabug: 31351672] {CVE-2019-19054} - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [Orabug: 31439671] {CVE-2020-12888} - vfio/pci: Mask buggy SR-IOV VF INTx support (Alex Williamson) [Orabug: 31439671] {CVE-2020-12888} - vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [Orabug: 31439671] {CVE-2020-12888} {CVE-2020-12888} - vfio/pci: Pull BAR mapping setup from read-write path (Alex Williamson) [Orabug: 31439671] {CVE-2020-12888} - vfio_pci: Enable memory accesses before calling pci_map_rom (Eric Auger) [Orabug: 31439671] {CVE-2020-12888} - vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [Orabug: 31439671] {CVE-2020-12888} - vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [Orabug: 31439671] {CVE-2020-12888} - mm: bring in additional flag for fixup_user_fault to signal unlock (Dominik Dingel) [Orabug: 31439671] {CVE-2020-12888} - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Sean Christopherson) [Orabug: 31439671] {CVE-2020-12888} - x86/mitigations: reset default value for srbds_mitigation (Mihai Carabas) [Orabug: 31514993] - x86/cpu: clear X86_BUG_SRBDS before late loading (Mihai Carabas) [Orabug: 31514993] - x86/mitigations: update MSRs on all CPUs for SRBDS (Mihai Carabas) [Orabug: 31514993] - Revert 'x86/efi: Request desired alignment via the PE/COFF headers' (Matt Fleming) [Orabug: 31602576] [4.1.12-124.41.1] - can, slip: Protect tty->disc_data in write_wakeup and close with RCU (Richard Palethorpe) [Orabug: 31516085] {CVE-2020-14416} - scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout() (himanshu.madhani@cavium.com) [Orabug: 31530589] - scsi: qla2xxx: Fix NULL pointer access for fcport structure (Quinn Tran) [Orabug: 31530589] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-12888 CVE-2020-14416 CVE-2019-19054 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.48.1] - crypto: user - fix memory leak in crypto_report (Navid Emamdoost) [Orabug: 31351641] {CVE-2019-19062} - media: rc: prevent memory leak in cx23888_ir_probe (Navid Emamdoost) [Orabug: 31351673] {CVE-2019-19054} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19062 CVE-2019-19054 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 7 [4.14.35-1902.305.4] - ptp: free ptp device pin descriptors properly (Vladis Dronov) [Orabug: 31710994] [4.14.35-1902.305.3] - fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Alexander Potapenko) [Orabug: 31350638] {CVE-2020-10732} - PCI: vmd: Filter resource type bits from shadow register (Jon Derrick) [Orabug: 31674879] - PCI: vmd: Add device id for VMD device 8086:9A0B (Jon Derrick) [Orabug: 31674879] - PCI: vmd: Fix shadow offsets to reflect spec changes (Jon Derrick) [Orabug: 31674879] - PCI: vmd: Fix config addressing when using bus offsets (Jon Derrick) [Orabug: 31674879] - PCI/VMD: Configure MPS settings before adding devices (Jon Derrick) [Orabug: 31674879] - PCI: vmd: Add an additional VMD device id to driver device id table (Jon Derrick) [Orabug: 31674879] - PCI: vmd: Add offset to bus numbers if necessary (Jon Derrick) [Orabug: 31674879] - PCI: vmd: Assign membar addresses from shadow registers (Jon Derrick) [Orabug: 31674879] - PCI: Add Intel VMD devices to pci ids (Jon Derrick) [Orabug: 31674879] - misc: pvpanic: add crash loaded event (zhenwei pi) [Orabug: 31677099] - kvm: Increase KVM_USER_MEM_SLOTS for dense memory hotplug (Eric DeVolder) [Orabug: 31694369] [4.14.35-1902.305.2] - net-sysfs: call dev_hold if kobject_init_and_add success (YueHaibing) [Orabug: 31445419] {CVE-2019-20811} - vfio-pci: protect remap_pfn_range() from simultaneous calls (Ankur Arora) [Orabug: 31663632] {CVE-2020-12888} {CVE-2020-12888} - crypto: user - fix memory leak in crypto_report (Navid Emamdoost) [Orabug: 31351639] {CVE-2019-19062} - iwlwifi: pcie: fix rb_allocator workqueue allocation (Johannes Berg) [Orabug: 31351807] {CVE-2019-16234} - RDMA/netlink: Do not always generate an ACK for some netlink operations (Hakon Bugge) [Orabug: 31666974] - Revert 'uek-rpm: Move grub boot menu update to posttrans stage.' (Somasundaram Krishnasamy) [Orabug: 31358100] - net: dsa: Do not leave DSA master with NULL netdev_ops (Allen Pais) [Orabug: 31038233] - rds/ib: Make i_{recv,send}_hdrs non-contigious (Hans Westgaard Ry) [Orabug: 30358057] - certs: Remove Oracle cert compiled into the kernel (Eric Snowberg) [Orabug: 31555628] - CIFS: dump IPC tcon in debug proc file (Aurelien Aptel) [Orabug: 31500374] - CIFS: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (Aurelien Aptel) [Orabug: 31500374] - CIFS: make IPC a regular tcon (Aurelien Aptel) [Orabug: 31500374] - CIFS: dont log STATUS_NOT_FOUND errors for DFS (Aurelien Aptel) [Orabug: 31500374] - efi: Restrict efivar_ssdt_load when the kernel is locked down (Matthew Garrett) [Orabug: 31643409] {CVE-2019-20908} - uek-rpm: drivers: enable VMD PCIe controller (Todd Vierling) [Orabug: 30646928] - ext4: fix ext4_empty_dir() for directories with holes (Jan Kara) [Orabug: 31265319] {CVE-2019-19037} {CVE-2019-19037} - IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi) [Orabug: 31631531] - ocfs2: change slot number type s16 to u16 (Junxiao Bi) [Orabug: 31480605] - ocfs2: fix value of OCFS2_INVALID_SLOT (Junxiao Bi) [Orabug: 31480605] - ocfs2: fix panic on nfs server over ocfs2 (Junxiao Bi) [Orabug: 31480605] - ocfs2: load global_inode_alloc (Junxiao Bi) [Orabug: 31480605] - ocfs2: avoid inode removal while nfsd is accessing it (Junxiao Bi) [Orabug: 31480605] [4.14.35-1902.305.1] - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (Tony Luck) [Orabug: 31601132] - libertas: fix a potential NULL pointer dereference (Allen Pais) [Orabug: 31351822] {CVE-2019-16232} - ext4: work around deleting a file with i_nlink == 0 safely (Theodore Tso) [Orabug: 31351013] {CVE-2019-19447} [4.14.35-1902.305.0] - thermal: support for Marvell Octeon TX SoC temperature sensors (Eric Saint-Etienne) [Orabug: 31564706] - thermal: support for Marvell Octeon TX2 SoC temperature sensors (Eric Saint-Etienne) [Orabug: 31564706] - x86/speculation: Prevent rogue cross-process SSBD shutdown (Anthony Steinhauser) [Orabug: 31557902] {CVE-2020-10768} - psi: Fix double free (Tom Hromatka) [Orabug: 31535640] - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888} - vfio/pci: Mask buggy SR-IOV VF INTx support (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888} - vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888} {CVE-2020-12888} - vfio/pci: call irq_bypass_unregister_producer() before freeing irq (Jiang Yi) [Orabug: 31439670] {CVE-2020-12888} - vfio/pci: Pull BAR mapping setup from read-write path (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888} - vfio_pci: Enable memory accesses before calling pci_map_rom (Eric Auger) [Orabug: 31439670] {CVE-2020-12888} - vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888} - vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888} - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Sean Christopherson) [Orabug: 31439670] {CVE-2020-12888} - of: unittest: fix memory leak in unittest_data_add (Navid Emamdoost) [Orabug: 31351701] {CVE-2019-19049} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19049 CVE-2019-16234 CVE-2019-19447 CVE-2020-10732 CVE-2019-16232 CVE-2019-19037 CVE-2019-19062 CVE-2019-20908 CVE-2020-10768 CVE-2020-12888 CVE-2019-20811 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5_archive cpe:/a:oracle:linux:7:8:patch cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::UEKR5 Oracle Linux 7 Oracle Linux 8 [5.4.17-2011.5.3uek] - misc: pvpanic: add crash loaded event (zhenwei pi) [Orabug: 31677096] - misc: pvpanic: move bit definition to uapi header file (zhenwei pi) [Orabug: 31677096] - RDMA/netlink: Do not always generate an ACK for some netlink operations (Hakon Bugge) [Orabug: 31666971] - bnxt_en: Fix statistics counters issue during ifdown with older firmware. (Michael Chan) [Orabug: 31660919] - bnxt_en: Do not enable legacy TX push on older firmware. (Michael Chan) [Orabug: 31660919] - bnxt_en: Store the running firmware version code. (Michael Chan) [Orabug: 31660919] - uek-rpm: Disable secureboot signing for OL7 aarch64 (Somasundaram Krishnasamy) [Orabug: 31645596] - PCI: pciehp: Fix indefinite wait on sysfs requests (Lukas Wunner) [Orabug: 31580249] - x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. (Anthony Steinhauser) [Orabug: 31557802] {CVE-2020-10767} - fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Alexander Potapenko) [Orabug: 31350635] {CVE-2020-10732} - rds/ib: Make i_{recv,send}_hdrs non-contigious (Hans Westgaard Ry) [Orabug: 31648239] - uek-rpm: disable CONFIG_CRYPTO_DEV_CAVIUM_ZIP (Dave Kleikamp) [Orabug: 31667368] - vfio-pci: protect remap_pfn_range() from simultaneous calls (Ankur Arora) [Orabug: 31663628] {CVE-2020-12888} {CVE-2020-12888} - uek-rpm: drivers: enable VMD PCIe controller (Todd Vierling) [Orabug: 31636283] - Revert 'uek-rpm: Move grub boot menu update to posttrans stage.' (Somasundaram Krishnasamy) [Orabug: 31689621] - IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi) [Orabug: 31689703] - certs: Remove Oracle cert compiled into the kernel (Eric Snowberg) [Orabug: 31689566] [5.4.17-2011.5.2uek] - drm/i915/gt: Correct mistake in cherry-pick (Jack Vogel) [Orabug: 31211659] - efi/x86: Add TPM related EFI tables to unencrypted mapping checks (Tom Lendacky) [Orabug: 31627285] - ocfs2: change slot number type s16 to u16 (Junxiao Bi) [Orabug: 31480603] - ocfs2: fix value of OCFS2_INVALID_SLOT (Junxiao Bi) [Orabug: 31480603] - ocfs2: fix panic on nfs server over ocfs2 (Junxiao Bi) [Orabug: 31480603] - ocfs2: load global_inode_alloc (Junxiao Bi) [Orabug: 31480603] - ocfs2: avoid inode removal while nfsd is accessing it (Junxiao Bi) [Orabug: 31480603] - scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (Dan Carpenter) [Orabug: 31610239] - scsi: qla2xxx: Keep initiator ports after RSCN (Roman Bolshakov) [Orabug: 31610239] - scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request (Daniel Wagner) [Orabug: 31610239] - scsi: qla2xxx: Remove return value from qla_nvme_ls() (Daniel Wagner) [Orabug: 31610239] - scsi: qla2xxx: Remove an unused function (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Fix endianness annotations in source files (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Fix endianness annotations in header files (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Use make_handle() instead of open-coding it (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Fix the code that reads from mailbox registers (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Use register names instead of register offsets (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Simplify the functions for dumping firmware (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Fix spelling of a variable name (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Make qlafx00_process_aen() return void (Jason Yan) [Orabug: 31610239] - scsi: qla2xxx: Use true, false for ha->fw_dumped (Jason Yan) [Orabug: 31610239] - scsi: qla2xxx: Use true, false for need_mpi_reset (Jason Yan) [Orabug: 31610239] - scsi: qla2xxx: Make qla_set_ini_mode() return void (Jason Yan) [Orabug: 31610239] - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (Viacheslav Dubeyko) [Orabug: 31610239] - scsi: qla2xxx: make 1-bit bit-fields unsigned int (Colin Ian King) [Orabug: 31610239] - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (Arun Easi) [Orabug: 31610239] - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Split qla2x00_configure_local_loop() (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Fix regression warnings (Nilesh Javali) [Orabug: 31610239] - scsi: qla2xxx: Remove non functional code (Daniel Wagner) [Orabug: 31610239] - scsi: qla2xxx: Fix I/Os being passed down when FC device is being deleted (Arun Easi) [Orabug: 31610239] - scsi: qla2xxx: add ring buffer for tracing debug logs (Rajan Shanmugavelu) [Orabug: 31610239] - scsi: qla2xxx: Update driver version to 10.01.00.25-k (Himanshu Madhani) [Orabug: 31610239] - scsi: qla2xxx: Set Nport ID for N2N (Quinn Tran) [Orabug: 31610239] - scsi: qla2xxx: Handle NVME status iocb correctly (Arun Easi) [Orabug: 31610239] - scsi: qla2xxx: Remove restriction of FC T10-PI and FC-NVMe (Quinn Tran) [Orabug: 31610239] - scsi: qla2xxx: Serialize fc_port alloc in N2N (Quinn Tran) [Orabug: 31610239] - scsi: qla2xxx: Fix NPIV instantiation after FW dump (Quinn Tran) [Orabug: 31610239] - scsi: qla2xxx: Fix RDP respond data format (Quinn Tran) [Orabug: 31610239] - scsi: qla2xxx: Force semaphore on flash validation failure (Quinn Tran) [Orabug: 31610239] - scsi: qla2xxx: add more FW debug information (Quinn Tran) [Orabug: 31610239] - scsi: qla2xxx: Update BPM enablement semantics. (Andrew Vasquez) [Orabug: 31610239] - scsi: qla2xxx: fix FW resource count values (Quinn Tran) [Orabug: 31610239] - scsi: qla2xxx: Use a dedicated interrupt handler for 'handshake-required' ISPs (Andrew Vasquez) [Orabug: 31610239] - scsi: qla2xxx: Return appropriate failure through BSG Interface (Michael Hernandez) [Orabug: 31610239] - scsi: qla2xxx: Improved secure flash support messages (Michael Hernandez) [Orabug: 31610239] - scsi: qla2xxx: Fix FCP-SCSI FC4 flag passing error (Quinn Tran) [Orabug: 31610239] - scsi: qla2xxx: Use FC generic update firmware options routine for ISP27xx (Giridhar Malavali) [Orabug: 31610239] - scsi: qla2xxx: Avoid setting firmware options twice in 24xx_update_fw_options. (Giridhar Malavali) [Orabug: 31610239] - scsi: qla2xxx: Add 16.0GT for PCI String (Himanshu Madhani) [Orabug: 31610239] - scsi: qla2xxx: Convert MAKE_HANDLE() from a define into an inline function (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Fix sparse warnings triggered by the PCI state checking code (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Suppress endianness complaints in qla2x00_configure_local_loop() (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Simplify the code for aborting SCSI commands (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Fix sparse warning reported by kbuild bot (Himanshu Madhani) [Orabug: 31610239] - scsi: qla2xxx: Update driver version to 10.01.00.24-k (Himanshu Madhani) [Orabug: 31610239] - scsi: qla2xxx: Use QLA_FW_STOPPED macro to propagate flag (Himanshu Madhani) [Orabug: 31610239] - scsi: qla2xxx: Add fixes for mailbox command (Himanshu Madhani) [Orabug: 31610239] - scsi: qla2xxx: Fix control flags for login/logout IOCB (Himanshu Madhani) [Orabug: 31610239] - scsi: qla2xxx: Save rscn_gen for new fcport (Himanshu Madhani) [Orabug: 31610239] - scsi: qla2xxx: Use correct ISP28xx active FW region (Quinn Tran) [Orabug: 31610239] - scsi: qla2xxx: Print portname for logging in qla24xx_logio_entry() (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Fix qla2x00_echo_test() based on ISP type (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Correction to selection of loopback/echo test (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Use endian macros to assign static fields in fwdump header (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Fix RDP response size (Himanshu Madhani) [Orabug: 31610239] - scsi: qla2xxx: Handle cases for limiting RDP response payload length (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Add deferred queue for processing ABTS and RDP (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Cleanup ELS/PUREX iocb fields (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Show correct port speed capabilities for RDP command (Himanshu Madhani) [Orabug: 31610239] - scsi: qla2xxx: Display message for FCE enabled (Himanshu Madhani) [Orabug: 31610239] - scsi: qla2xxx: Add vendor extended FDMI commands (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Add ql2xrdpenable module parameter for RDP (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Add vendor extended RDP additions and amendments (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Add changes in preparation for vendor extended FDMI/RDP (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Add endianizer macro calls to fc host stats (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Add sysfs node for D-Port Diagnostics AEN data (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Add beacon LED config sysfs interface (Joe Carnuccio) [Orabug: 31610239] - scsi: qla2xxx: Check locking assumptions at runtime in qla2x00_abort_srb() (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Fix a NULL pointer dereference in an error path (Bart Van Assche) [Orabug: 31610239] - scsi: qla2xxx: Fix warning after FC target reset (Viacheslav Dubeyko) [Orabug: 31610239] - scsi: qla2xxx: Fix issue with adapters stopping state (Viacheslav Dubeyko) [Orabug: 31610239] - scsi: qla2xxx: Do not log message when reading port speed via sysfs (Ewan D. Milne) [Orabug: 31610239] - scsi: qla2xxx: Delete all sessions before unregister local nvme port (Quinn Tran) [Orabug: 31610239] - scsi: qla2xxx: check UNLOADING before posting async work (Martin Wilck) [Orabug: 31610239] - scsi: qla2xxx: set UNLOADING before waiting for session deletion (Martin Wilck) [Orabug: 31610239] - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (Tony Luck) [Orabug: 31601130] - uek-rpm: aarch64: Streamline building 4K pages size kernel (Dave Kleikamp) [Orabug: 31500678] - kernel/relay.c: handle alloc_percpu returning NULL in relay_open (Daniel Axtens) [Orabug: 31183397] {CVE-2019-19462} [5.4.17-2011.5.1uek] - x86/microcode: do not modify sibling mask during late update (Mihai Carabas) [Orabug: 31605044] - x86/speculation: Prevent rogue cross-process SSBD shutdown (Anthony Steinhauser) [Orabug: 31557900] {CVE-2020-10768} - x86/kvm/hyper-v: move VMX controls sanitization out of nested_enable_evmcs() (Vitaly Kuznetsov) [Orabug: 31553477] - x86/kvm/hyper-v: remove stale evmcs_already_enabled check from nested_enable_evmcs() (Vitaly Kuznetsov) [Orabug: 31553477] - USB: pci-quirks: Add Raspberry Pi 4 quirk (Nicolas Saenz Julienne) [Orabug: 31527659] - PCI: brcmstb: Wait for Raspberry Pis firmware when present (Nicolas Saenz Julienne) [Orabug: 31527659] - firmware: raspberrypi: Introduce vl805 init routine (Nicolas Saenz Julienne) [Orabug: 31527659] - soc: bcm2835: Add notify xHCI reset property (Nicolas Saenz Julienne) [Orabug: 31527659] - PCI: brcmstb: Disable L0s component of ASPM if requested (Jim Quinlan) [Orabug: 31527659] - PCI: brcmstb: Fix window register offset from 4 to 8 (Jim Quinlan) [Orabug: 31527659] - PCI: brcmstb: Dont clk_put() a managed clock (Jim Quinlan) [Orabug: 31527659] - PCI: brcmstb: Assert fundamental reset on initialization (Nicolas Saenz Julienne) [Orabug: 31527659] - i2c: brcmstb: Fix handling of optional interrupt (Dave Stevenson) [Orabug: 31527659] - ARM: dts: bcm283x: Disable dsi0 node (Nicolas Saenz Julienne) [Orabug: 31527659] - pwm: bcm2835: Dynamically allocate base (Florian Fainelli) [Orabug: 31527659] - ARM: bcm2835_defconfig: Enable fixed-regulator (Nicolas Saenz Julienne) [Orabug: 31527659] - ARM: dts: bcm2711: Add vmmc regulator in emmc2 (Nicolas Saenz Julienne) [Orabug: 31527659] - ARM: dts: bcm2711: Update expgpios GPIO labels (Nicolas Saenz Julienne) [Orabug: 31527659] - i2c: drivers: Use generic definitions for bus frequencies (Andy Shevchenko) [Orabug: 31527659] - i2c: core: Provide generic definitions for bus frequencies (Andy Shevchenko) [Orabug: 31527659] - mmc: sdhci: iproc: Add custom set_power() callback for bcm2711 (Nicolas Saenz Julienne) [Orabug: 31527659] - mmc: sdhci: am654: Use sdhci_set_power_and_voltage() (Nicolas Saenz Julienne) [Orabug: 31527659] - mmc: sdhci: at91: Use sdhci_set_power_and_voltage() (Nicolas Saenz Julienne) [Orabug: 31527659] - mmc: sdhci: arasan: Use sdhci_set_power_and_voltage() (Nicolas Saenz Julienne) [Orabug: 31527659] - mmc: sdhci: Introduce sdhci_set_power_and_bus_voltage() (Nicolas Saenz Julienne) [Orabug: 31527659] - irqchip/bcm2835: Quiesce IRQs left enabled by bootloader (Lukas Wunner) [Orabug: 31527659] - usb: xhci: Enable LPM for VIA LABS VL805 (Nicolas Saenz Julienne) [Orabug: 31527659] - arm64: bcm2835: Drop select of nonexistent HAVE_ARM_ARCH_TIMER (Geert Uytterhoeven) [Orabug: 31527659] - ARM: dts: bcm2711: Move emmc2 into its own bus (Nicolas Saenz Julienne) [Orabug: 31527659] - ARM: dts: bcm2711-rpi-4-b: Add SoC GPIO labels (Stefan Wahren) [Orabug: 31527659] - ARM: bcm2835_defconfig: add support for Raspberry Pi4 (Marek Szyprowski) [Orabug: 31527659] - ARM: bcm2835_defconfig: Explicitly restore CONFIG_DEBUG_FS (Stefan Wahren) [Orabug: 31527659] - ARM: dts: bcm2711: Add pcie0 alias (Nicolas Saenz Julienne) [Orabug: 31527659] - ARM: dts: bcm283x: Add missing properties to the PWR LED (Stefan Wahren) [Orabug: 31527659] - PCI: brcmstb: Fix build on 32bit ARM platforms with older compilers (Marek Szyprowski) [Orabug: 31527659] - net: bcmgenet: Clear ID_MODE_DIS in EXT_RGMII_OOB_CTRL when not needed (Nicolas Saenz Julienne) [Orabug: 31527659] - net: bcmgenet: reduce severity of missing clock warnings (Jeremy Linton) [Orabug: 31527659] - pinctrl: bcm2835: Add support for all GPIOs on BCM2711 (Stefan Wahren) [Orabug: 31527659] - pinctrl: bcm2835: Refactor platform data (Stefan Wahren) [Orabug: 31527659] - pinctrl: bcm2835: Drop unused define (Stefan Wahren) [Orabug: 31527659] - dma-contiguous: CMA: give precedence to cmdline (Nicolas Saenz Julienne) [Orabug: 31527659] - dt-bindings: brcm,avs-ro-thermal: Fix binding check issues (Stefan Wahren) [Orabug: 31527659] - dt-bindings: Add Broadcom AVS RO thermal (Stefan Wahren) [Orabug: 31527659] - serial: 8250_bcm2835aux: Document struct bcm2835aux_data (Lukas Wunner) [Orabug: 31527659] - serial: 8250_bcm2835aux: Use generic remapping code (Lukas Wunner) [Orabug: 31527659] - serial: 8250_bcm2835aux: Allocate uart_8250_port on stack (Lukas Wunner) [Orabug: 31527659] - serial: 8250_bcm2835aux: Suppress register_port error on -EPROBE_DEFER (Lukas Wunner) [Orabug: 31527659] - serial: 8250_bcm2835aux: Suppress clk_get error on -EPROBE_DEFER (Phil Elwell) [Orabug: 31527659] - spi: bcm2835: Raise maximum number of slaves to 4 (Lukas Wunner) [Orabug: 31527659] - Bluetooth: hci_bcm: Drive RTS only for BCM43438 (Stefan Wahren) [Orabug: 31527659] - Bluetooth: hci_bcm: Add device-tree compatible for BCM4329 (Dmitry Osipenko) [Orabug: 31527659] - iommu/dma: Rationalise types for DMA masks (Robin Murphy) [Orabug: 31527659] - hwrng: iproc-rng200 - Add support for BCM2711 (Stefan Wahren) [Orabug: 31527659] - dt-bindings: rng: add BCM2711 RNG compatible (Stefan Wahren) [Orabug: 31527659] - Bluetooth: hci_bcm: Support pcm params in dts (Abhishek Pandit-Subedi) [Orabug: 31527659] - Bluetooth: btbcm: Support pcm configuration (Abhishek Pandit-Subedi) [Orabug: 31527659] - Bluetooth: hci_bcm: Disallow set_baudrate for BCM4354 (Abhishek Pandit-Subedi) [Orabug: 31527659] - Bluetooth: btbcm: Add entry for BCM4335A0 UART bluetooth (Mohammad Rasim) [Orabug: 31527659] - Bluetooth: hci_bcm: Add compatible string for BCM43540 (Abhishek Pandit-Subedi) [Orabug: 31527659] - iommu/dma-iommu: Use the dev->coherent_dma_mask (Tom Murphy) [Orabug: 31527659] - KEYS: Increase system_extra_certificate size to 8192 bytes (Stephen Brennan) [Orabug: 31512725] - vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [Orabug: 31439668] {CVE-2020-12888} - vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [Orabug: 31439668] {CVE-2020-12888} {CVE-2020-12888} - vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [Orabug: 31439668] {CVE-2020-12888} - vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [Orabug: 31439668] {CVE-2020-12888} - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Sean Christopherson) [Orabug: 31439668] {CVE-2020-12888} - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 31595670] [5.4.17-2011.5.0uek] - ctf: support ld --ctf-variables, if available (Nick Alcock) [Orabug: 31535069] - ctf: adjust to upcoming binutils ctf_link_add_ctf API change (Nick Alcock) [Orabug: 31535069] - bpf: Fix up bpf_skb_adjust_room helpers skb csum setting (Daniel Borkmann) [Orabug: 31519461] - aarch64: Enable thermal config for RPi4 (Vijay Kumar) [Orabug: 31518062] - thermal: Add BCM2711 thermal driver (Stefan Wahren) [Orabug: 31518062] - x86/mitigations: reset default value for srbds_mitigation (Mihai Carabas) [Orabug: 31515046] - x86/cpu: clear X86_BUG_SRBDS before late loading (Mihai Carabas) [Orabug: 31515046] - x86/mitigations: update MSRs on all CPUs for SRBDS (Mihai Carabas) [Orabug: 31515046] - acpi: disallow loading configfs acpi tables when locked down (Jason A. Donenfeld) [Orabug: 31493185] - media: rc: prevent memory leak in cx23888_ir_probe (Navid Emamdoost) [Orabug: 31351669] {CVE-2019-19054} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19054 CVE-2019-19462 CVE-2020-10768 CVE-2020-10767 CVE-2020-10732 CVE-2020-12888 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/o:oracle:linux:8:2:baseos_patch cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 docker-cli [19.03.11-5] - Bugfix for 'docker images [name]' not working on docker 19.03.11-ol - Address CVE-2020-16845 [19.03.11-4] - added patch for registry list [19.03.11-3] - update to 19.03.11 for CVE-2020-13401 [19.03.1-1.0.0] - update to 19.03.1 [19.03-0.0.1] - update to 19.03 [18.09.1-1.0.6] - disable kmem accounting for UEKR4 [18.09.1-1.0.5] - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 [18.09.1-1.0.4] - fix authentication error when using docker hub and using --default-registry [18.09.1-1.0.3] - fix authentication errors when using docker hub [18.09-1.0.0] - rename to docker-cli [18.09-0.0.1] - merge docker-engine.spec changes by Oracle into docker-ce-cli.spec from upstream 18.09 branch docker-engine [19.03.11-5] - Bugfix for 'docker images [name]' not working on docker 19.03.11-ol - Address CVE-2020-16845 [19.03.11-4] - added patch for registry list [19.03.11-3] - update to 19.03.11 for CVE-2020-13401 [19.03.1-1.0.0] - update to 19.03.1 [19.03-0.0.1] - update to 19.03 [18.09.1-1.0.6] - disable kmem accounting for UEKR4 [18.09.1-1.0.5] - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 [18.09.1-1.0.4] - fix authentication error when using docker hub and using --default-registry [18.09.1-1.0.3] - fix authentication errors when using docker hub [18.09.1-1.0.2] - use epoch in container-selinux dependency [18.09.1-1.0.1] - fix 'docker cp doesn't work for btrfs' (OLM-158) - update build to Go 1.10.8 [18.09.1-1.0.0] - update to 18.09.1 [18.09-1.0.0] - rename back to docker-engine, rename dockerd-ce to dockerd and stop using alternatives [18.09-0.0.1] - merge docker-engine.spec changes by Oracle into docker-ce.spec from upstream 18.09 branch [18.03.1.ol-0.0.7] - fix [orabug 28452214] and [orabug 28461404] [18.03.1.ol-0.0.6] - obsolete/provide the docker package [orabug 28216396] - Fix docker plugin reference resolution [orabug 28376247] [18.03.1.ol-1.0.4] - Fixed issue where RPM overwrites config files [17.12.0.ol-1.0.1] - Update docker-engine package for upstream 17.12.0 [17.09.1.ol-1.0.2] - Update docker-engine package for upstream 17.09.1 [17.06.2.ol-1.0.1] - Update docker-engine package for upstream 17.06.2 [orabug 26673768] - Migrate to new 'ol'-based versioning - add docker-storage-config utility [17.03.1-ce-3.0.1] - Update docker-engine package for upstream 17.03.1 - Enable configuration of Docker daemon via sysconfig [orabug 21804877] - Require UEK4 for docker 1.9 [orabug 22235639 22235645] - Add docker.conf for prelink [orabug 25147708] - Update oracle linux selinux policy to match upstream [orabug 25653794] - Use dockerd instead of docker daemon as it is deprecated [orabug 25653794] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-16845 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:linux:7::addons cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:linux:7::developer Oracle Linux 7 kubernetes [1.12.10-1.0.15] - Address CVE-2020-16845 kubeadm-ha-setup [0.0.2-1.0.73] - Fix update to coredns image tag [0.0.2-1.0.72] - Address CVE-2020-16845 kubernetes-cni [0.7.1-1.0.3] - Pin min version of cni-plugins kubernetes-cni-plugins [0.8.6-1.0.3] - Address CVE-2020-16845 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-16845 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 cpe:/a:oracle:linux:7::addons Oracle Linux 7 olcne [1.1.5-2] - kubernetes pod subnet flag not honored in flannel configuration [1.1.5-1] - Address CVE-2020-16845 conmon [2.0.10-3] - Address CVE-2020-16845 coredns [1.6.5-1.0.3] - Address CVE-2020-16845 cri-o [1.17.0-1.0.5] - Address CVE-2020-16845 cri-tools [1.17.0-1.0.2] - Address CVE-2020-16845 [1.17.0-1.0.1] - Added Oracle Specific Build Files for cri-tools etcd [3.4.3-1.0.2] - Address CVE-2020-16845 flannel [0.10.0-2.1.12] - Address CVE-2020-16845 [0.10.0-2.1.11] - Resize flannel image [0.10.0-2.1.10] - Fix image location grafana [6.7.4-1.0.2] - Address CVE-2020-16845 helm [3.1.1-1.0.2] - Address CVE-2020-16845 istio [1.4.10-1.0.2] - CVE-2020-16845 encoding/binary: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs kata [1.7.3-1.0.9] - Address CVE-2020-16845 kata-agent [1.7.3-1.0.6] - Address CVE-2020-16845 kata-image [1.7.3-1.0.6.1] - Address CVE-2020-16845 kata-ksm-throttler [1.7.3-1.0.5] - Address CVE-2020-16845 kata-proxy [1.7.3-1.0.5] - Address CVE-2020-16845 kata-runtime [1.7.3-1.0.6] - Address CVE-2020-16845 kata-shim [1.7.3-1.0.5] - Address CVE-2020-16845 kubernetes [1.17.9-1.0.5] - Pin min version of components [1.17.9-1.0.4] - Address CVE-2020-16845 kubernetes-cni [0.7.1-1.0.3] - Pin min version of cni-plugins [0.7.1-1.0.2] - Address CVE-2020-16845 kubernetes-cni-plugins [0.8.6-1.0.3] - Address CVE-2020-16845 kubernetes-dashboard [2.0.0-1.0.2] - Address CVE-2020-16845 prometheus [2.13.1-1.0.3] - Address CVE-2020-16845 yq [2.4.0-1.0.5] - Address CVE-2020-16845 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-16845 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 cpe:/a:oracle:linux:7::olcne12 cpe:/a:oracle:linux:7::addons Oracle Linux 7 coredns [1.3.1-1.0.6] - Address CVE-2020-16845 [1.3.1-1.0.5] - Fix image location cri-o [1.14.7-1.0.8] - Address CVE-2020-16845 cri-tools [1.14.0-1.0.6] - Address CVE-2020-16845 etcd [3.3.10-1.0.5] - Address CVE-2020-16845 [3.3.10-1.0.4] - Fix image location flannel [0.10.0-2.1.12] - Address CVE-2020-16845 [0.10.0-2.1.11] - Resize flannel image [0.10.0-2.1.10] - Fix image location kata [1.7.3-1.0.9] - Address CVE-2020-16845 kata-agent [1.7.3-1.0.6] - Address CVE-2020-16845 kata-image [1.7.3-1.0.6.1] - Address CVE-2020-16845 kata-ksm-throttler [1.7.3-1.0.5] - Address CVE-2020-16845 kata-proxy [1.7.3-1.0.5] - Address CVE-2020-16845 kata-runtime [1.7.3-1.0.6] - Address CVE-2020-16845 kata-shim [1.7.3-1.0.5] - Address CVE-2020-16845 kubernetes [1.14.9-1.0.9] - Pin components min version [1.14.9-1.0.8] - Address CVE-2020-16845 kubernetes-cni [0.7.1-1.0.3] - Pin min version of cni-plugins [0.7.1-1.0.2] - Address CVE-2020-16845 kubernetes-cni-plugins [0.8.6-1.0.3] - Address CVE-2020-16845 kubernetes-dashboard [1.10.1-1.1.8] - Address CVE-2020-16845 [1.8.3-2.0.1] - Update to v1.8.3 olcne [1.0.7-2] - kubernetes pod subnet flag not honored in flannel configuration [1.0.7-1] - Address CVE-2020-16845 yq [2.4.0-1.0.5] - Address CVE-2020-16845 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-16845 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 cpe:/a:oracle:linux:7::olcne12 cpe:/a:oracle:linux:7::addons Oracle Linux 6 Oracle Linux 7 [4.1.12-124.42.3] - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351221] {CVE-2019-19535} - media: hdpvr: Fix an error handling path in hdpvr_probe() (Arvind Yadav) [Orabug: 31352053] {CVE-2017-16644} - fs/binfmt_misc.c: do not allow offset overflow (Thadeu Lima de Souza Cascardo) [Orabug: 31588258] - clear inode and truncate pages before enqueuing for async inactivation (Gautham Ananthakrishna) [Orabug: 31744270] [4.1.12-124.42.2] - mm: create alloc_last_chance debugfs entries (Mike Kravetz) [Orabug: 31295499] - mm: perform 'last chance' reclaim efforts before allocation failure (Mike Kravetz) [Orabug: 31295499] - mm: let page allocation slowpath retry 'order' times (Mike Kravetz) [Orabug: 31295499] - fix kABI breakage from 'netns: provide pure entropy for net_hash_mix()' (Dan Duval) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639} - netns: provide pure entropy for net_hash_mix() (Eric Dumazet) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639} - hrtimer: Annotate lockless access to timer->base (Eric Dumazet) [Orabug: 31380495] - rds: ib: Revert 'net/rds: Avoid stalled connection due to CM REQ retries' (Hakon Bugge) [Orabug: 31648141] - rds: Clear reconnect pending bit (Hakon Bugge) [Orabug: 31648141] - RDMA/netlink: Do not always generate an ACK for some netlink operations (Hakon Bugge) [Orabug: 31666975] - genirq/proc: Return proper error code when irq_set_affinity() fails (Wen Yaxng) [Orabug: 31723450] [4.1.12-124.42.1] - fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Alexander Potapenko) [Orabug: 31350639] {CVE-2020-10732} - crypto: user - fix memory leak in crypto_report (Navid Emamdoost) [Orabug: 31351640] {CVE-2019-19062} - of: unittest: fix memory leak in unittest_data_add (Navid Emamdoost) [Orabug: 31351702] {CVE-2019-19049} - IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi) [Orabug: 31656992] - net-sysfs: call dev_hold if kobject_init_and_add success (YueHaibing) [Orabug: 31687545] {CVE-2019-20811} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10732 CVE-2019-19049 CVE-2019-19062 CVE-2019-20811 CVE-2017-16644 CVE-2019-10639 CVE-2019-19535 CVE-2019-10638 cpe:/a:oracle:linux:6::UEKR4_archive cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:7::UEKR4 cpe:/a:oracle:linux:6::UEKR4 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.49.1] - sunrpc: use SVC_NET() in svcauth_gss_* functions (Vasily Averin) [Orabug: 31351996] {CVE-2018-16884} - sunrpc: use-after-free in svc_process_common() (Vasily Averin) [Orabug: 31351996] {CVE-2018-16884} - af_packet: set defaule value for tmo (Mao Wenan) [Orabug: 31439108] {CVE-2019-20812} - vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31705122] {CVE-2020-14331} {CVE-2020-14331} - rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783152] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-20812 CVE-2018-16884 CVE-2020-14331 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 7 [4.14.35-2025.400.9] - btrfs: merge btrfs_find_device and find_device (Anand Jain) [Orabug: 31867382] {CVE-2019-18885} - sctp: implement memory accounting on tx path (Xin Long) [Orabug: 31867387] {CVE-2019-3874} - Revert 'zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()' (Wade Mealing) [Orabug: 31867403] {CVE-2020-10781} - x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. (Anthony Steinhauser) [Orabug: 31867441] {CVE-2020-10767} - md: get sysfs entry after redundancy attr group create (Junxiao Bi) [Orabug: 31867436] - md: fix deadlock causing by sysfs_notify (Junxiao Bi) [Orabug: 31867436] - random32: update the net random state on interrupt and activity (Willy Tarreau) [Orabug: 31867433] {CVE-2020-16166} - vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31867431] {CVE-2020-14331} {CVE-2020-14331} - Reverts 'rds: avoid unnecessary cong_update in loop transport' (Iraimani Pavadai) [Orabug: 31867423] - net/mlx5e: Poll event queue upon TX timeout before performing full channels recovery (Eran Ben Elisha) [Orabug: 31867421] - net/rds: Incorrect pointer used in rds_getname() (Ka-Cheong Poon) [Orabug: 31867418] - nfsd: apply umask on fs without ACL support (J. Bruce Fields) [Orabug: 31867417] {CVE-2020-24394} - RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31867413] - rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31867411] [4.14.35-2025.400.8] - rds: Test parameter in rds_ib_recv_cache_put (Hans Westgaard Ry) [Orabug: 31737041] - net/rds: rds_ib_remove_one() needs to wait (Ka-Cheong Poon) [Orabug: 31777364] - RDMA/cm: Fix missing RDMA_CM_EVENT_REJECTED event after receiving REJ message (Leon Romanovsky) [Orabug: 31784658] - RDMA/cm: Protect access to remote_sidr_table (Maor Gottlieb) [Orabug: 31784891] - tcp: add sanity tests in tcp_add_backlog() (Eric Dumazet) [Orabug: 31780103] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10767 CVE-2019-18885 CVE-2020-24394 CVE-2020-10781 CVE-2020-14331 CVE-2020-16166 CVE-2019-3874 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5_archive cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:8:patch Oracle Linux 7 [4.14.35-1902.306.2] - rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783150] - sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices (Dave Chiluk) [Orabug: 31350999] {CVE-2019-19922} - sched/fair: Fix throttle_list starvation with low CFS quota (Phil Auld) [Orabug: 31350999] {CVE-2019-19922} - sched/fair: Fix bandwidth timer clock drift condition (Xunlei Pang) [Orabug: 31350999] {CVE-2019-19922} - btrfs: tree-checker: Verify block_group_item (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613} - btrfs: tree-check: reduce stack consumption in check_dir_item (David Sterba) [Orabug: 31351986] {CVE-2018-14613} - btrfs: tree-checker: use %zu format string for size_t (Arnd Bergmann) [Orabug: 31351986] {CVE-2018-14613} - btrfs: tree-checker: Add checker for dir item (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613} - btrfs: tree-checker: Fix false panic for sanity test (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613} - btrfs: tree-checker: Enhance btrfs_check_node output (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613} - btrfs: Move leaf and node validation checker to tree-checker.c (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613} - btrfs: Add checker for EXTENT_CSUM (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613} - btrfs: Add sanity check for EXTENT_DATA when reading out leaf (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613} - btrfs: Check if item pointer overlaps with the item itself (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613} - btrfs: Refactor check_leaf function for later expansion (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613} - RDMA/cm: Fix missing RDMA_CM_EVENT_REJECTED event after receiving REJ message (Leon Romanovsky) [Orabug: 31784659] - nfsd: apply umask on fs without ACL support (J. Bruce Fields) [Orabug: 31779888] {CVE-2020-24394} - Reverts 'rds: avoid unnecessary cong_update in loop transport' (Iraimani Pavadai) [Orabug: 31741325] - sctp: implement memory accounting on tx path (Xin Long) [Orabug: 31351959] {CVE-2019-3874} - vhost_net: fix possible infinite loop (Jason Wang) [Orabug: 31351949] {CVE-2019-3900} {CVE-2019-3900} - vhost: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 31351949] {CVE-2019-3900} - vhost_net: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 31351949] {CVE-2019-3900} - vhost_net: use packet weight for rx handler, too (Paolo Abeni) [Orabug: 31351949] {CVE-2019-3900} - vhost-net: set packet weight of tx polling to 2 * vq size (haibinzhang() [Orabug: 31351949] {CVE-2019-3900} - repair kABI breakage from 'fs: prevent page refcount overflow in pipe_buf_get' (Dan Duval) [Orabug: 31351940] {CVE-2019-11487} - fs: prevent page refcount overflow in pipe_buf_get (Matthew Wilcox) [Orabug: 31351940] {CVE-2019-11487} - mm: add 'try_get_page()' helper function (Linus Torvalds) [Orabug: 31351940] {CVE-2019-11487} - mm: prevent get_user_pages() from overflowing page refcount (Linus Torvalds) [Orabug: 31351940] {CVE-2019-11487} - mm: make page ref count overflow check tighter and more explicit (Linus Torvalds) [Orabug: 31351940] {CVE-2019-11487} - tracing: Fix buffer_ref pipe ops (Jann Horn) [Orabug: 31351940] {CVE-2019-11487} - RDMA/cm: Protect access to remote_sidr_table (Maor Gottlieb) [Orabug: 31784892] - net/rds: rds_ib_remove_one() needs to wait (Ka-Cheong Poon) [Orabug: 31794612] - uek-rpm: Disable secureboot signing for OL7 aarch64 (Somasundaram Krishnasamy) [Orabug: 31793663] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19535 CVE-2019-17133 CVE-2020-12771 CVE-2019-15218 CVE-2019-19052 CVE-2019-19063 CVE-2019-19078 CVE-2020-10767 CVE-2019-10639 CVE-2020-10781 CVE-2019-10638 CVE-2019-19066 CVE-2019-3874 CVE-2019-5108 CVE-2020-16166 CVE-2019-20812 CVE-2019-3900 CVE-2019-11487 CVE-2019-19074 CVE-2020-14331 CVE-2019-16746 CVE-2018-14613 CVE-2020-12114 CVE-2019-14898 CVE-2019-19922 CVE-2020-24394 CVE-2020-10751 CVE-2019-19073 CVE-2020-10769 CVE-2018-16884 CVE-2019-17075 CVE-2019-18885 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5_archive cpe:/a:oracle:linux:7::developer_UEKR5 cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:8:patch Oracle Linux 7 Oracle Linux 8 [5.4.17-2011.6.2] - Revert 'aarch64/BM: config failed, hub doesnt have any ports' (Thomas Tai) [Orabug: 31838351] [Orabug: 31844671] - kvm: ioapic: Restrict lazy EOI update to edge-triggered interrupts (Paolo Bonzini) [Orabug: 31839185] [Orabug: 31844556] [5.4.17-2011.6.1] - nfsd: apply umask on fs without ACL support (J. Bruce Fields) [Orabug: 31779884] {CVE-2020-24394} - arm64/elf: Disable automatic READ_IMPLIES_EXEC for 64-bit address spaces (Kees Cook) [Orabug: 31776626] - arm32/64/elf: Split READ_IMPLIES_EXEC from executable PT_GNU_STACK (Kees Cook) [Orabug: 31776626] - arm32/64/elf: Add tables to document READ_IMPLIES_EXEC (Kees Cook) [Orabug: 31776626] - x86/elf: Disable automatic READ_IMPLIES_EXEC on 64-bit (Kees Cook) [Orabug: 31776626] - x86/elf: Split READ_IMPLIES_EXEC from executable PT_GNU_STACK (Kees Cook) [Orabug: 31776626] - x86/elf: Add table to document READ_IMPLIES_EXEC (Kees Cook) [Orabug: 31776626] - x86/mm: use max memory block size on bare metal (Daniel Jordan) [Orabug: 31771277] - drivers/base/memory.c: cache memory blocks in xarray to accelerate lookup (Scott Cheloha) [Orabug: 31771277] - net/rds: Incorrect pointer used in rds_getname() (Ka-Cheong Poon) [Orabug: 31755752] - RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31688620] - arm64/dts: Serial console fix for RPi4 (Vijay Kumar) [Orabug: 31562971] - md: get sysfs entry after redundancy attr group create (Junxiao Bi) [Orabug: 31682033] - md: fix deadlock causing by sysfs_notify (Junxiao Bi) [Orabug: 31682033] [5.4.17-2011.6.0] - RDMA/mlx5: Set MR cache limit for both PF and VF (Nikhil Krishna) [Orabug: 31358080] - rds: ib: Revert 'net/rds: Avoid stalled connection due to CM REQ retries' (Hakon Bugge) [Orabug: 31648138] - rds: Clear reconnect pending bit (Hakon Bugge) [Orabug: 31648138] - RDMA/cm: Spurious WARNING triggered in cm_destroy_id() (Ka-Cheong Poon) [Orabug: 31483278] - RDMA/cm: Make sure the cm_id is in the IB_CM_IDLE state in destroy (Jason Gunthorpe) [Orabug: 31483278] - RDMA/cm: Allow ib_send_cm_sidr_rep() to be done under lock (Jason Gunthorpe) [Orabug: 31483278] - RDMA/cm: Allow ib_send_cm_rej() to be done under lock (Jason Gunthorpe) [Orabug: 31483278] - RDMA/cm: Allow ib_send_cm_drep() to be done under lock (Jason Gunthorpe) [Orabug: 31483278] - RDMA/cm: Allow ib_send_cm_dreq() to be done under lock (Jason Gunthorpe) [Orabug: 31483278] - RDMA/cm: Add some lockdep assertions for cm_id_priv->lock (Jason Gunthorpe) [Orabug: 31483278] - RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (Jason Gunthorpe) [Orabug: 31483278] - RDMA/cm: Make the destroy_id flow more robust (Jason Gunthorpe) [Orabug: 31483278] - RDMA/cm: Remove a race freeing timewait_info (Jason Gunthorpe) [Orabug: 31483278] - RDMA/cm: Use refcount_t type for refcount variable (Danit Goldberg) [Orabug: 31483278] - bnxt_en: allow firmware to disable VLAN offloads (Michael Chan) - bnxt_en: clean up VLAN feature bit handling (Michael Chan) [Orabug: 31663185] - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features(). (Michael Chan) [Orabug: 31663185] - bnxt_en: Implement ethtool -X to set indirection table. (Michael Chan) [Orabug: 31663185] - bnxt_en: Return correct RSS indirection table entries to ethtool -x. (Michael Chan) [Orabug: 31663185] - bnxt_en: Fill HW RSS table from the RSS logical indirection table. (Michael Chan) [Orabug: 31663185] - bnxt_en: Add helper function to return the number of RSS contexts. (Michael Chan) [Orabug: 31663185] - bnxt_en: Add logical RSS indirection table structure. (Michael Chan) [Orabug: 31663185] - bnxt_en: Fix up bnxt_get_rxfh_indir_size(). (Michael Chan) [Orabug: 31663185] - bnxt_en: Set up the chip specific RSS table size. (Michael Chan) [Orabug: 31663185] - bnxt_en: fix firmware message length endianness (Michael Chan) [Orabug: 31663185] - net: bnxt: Remove Comparison to bool in bnxt_ethtool.c (Jason Yan) [Orabug: 31663185] - bnxt_en: show only relevant ethtool stats for a TX or RX ring (Rajesh Ravi) [Orabug: 31663185] - bnxt_en: Split HW ring statistics strings into RX and TX parts. (Michael Chan) [Orabug: 31663185] - bnxt_en: Refactor the software ring counters. (Michael Chan) [Orabug: 31663185] - bnxt_en: Do not include ETH_FCS_LEN in the max packet length sent to fw. (Vasundhara Volam) [Orabug: 31663185] - bnxt_en: Improve TQM ring context memory sizing formulas. (Michael Chan) [Orabug: 31663185] - bnxt_en: Allocate TQM ring context memory according to fw specification. (Michael Chan) [Orabug: 31663185] - bnxt_en: Update firmware spec. to 1.10.1.33. (Michael Chan) [Orabug: 31663185] - bnxt_en: Return error when allocating zero size context memory. (Michael Chan) [Orabug: 31663185] - bnxt_en: Reset rings if ring reservation fails during open() (Vasundhara Volam) [Orabug: 31663185] - bnxt_en: Return error if bnxt_alloc_ctx_mem() fails. (Michael Chan) [Orabug: 31663185] - bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S. (Michael Chan) [Orabug: 31663185] - bnxt_en: Process the NQ under NAPI continuous polling. (Michael Chan) [Orabug: 31663185] - bnxt_en: Simplify __bnxt_poll_cqs_done(). (Michael Chan) [Orabug: 31663185] - bnxt_en: Handle all NQ notifications in bnxt_poll_p5(). (Michael Chan) [Orabug: 31663185] - bnxt_en: Disable workaround for lost interrupts on 575XX B0 and newer chips. (Michael Chan) [Orabug: 31663185] - bnxt_en: Periodically check and remove aged-out ntuple filters (Michael Chan) [Orabug: 31663185] - bnxt_en: Do not accept fragments for aRFS flow steering. (Michael Chan) [Orabug: 31663185] - bnxt_en: Remove the setting of dev_port. (Michael Chan) [Orabug: 31663185] - bnxt_en: Improve link up detection. (Michael Chan) [Orabug: 31663185] - RDMA/nldev: Provide MR statistics (Erez Alfasi) [Orabug: 31079901] - RDMA/mlx5: Return ODP type per MR (Erez Alfasi) [Orabug: 31079901] - RDMA/nldev: Allow different fill function per resource (Erez Alfasi) [Orabug: 31079901] - IB/mlx5: Introduce ODP diagnostic counters (Erez Alfasi) [Orabug: 31079901] - x86/reboot: Move up iommu_shutdown() before stop_other_cpus() (Saeed Mirzamohammadi) [Orabug: 31542630] - bcache: fix potential deadlock problem in btree_gc_coalesce (Zhiqiang Liu) [Orabug: 31350643] {CVE-2020-12771} - selinux: properly handle multiple messages in selinux_netlink_send() (Paul Moore) [Orabug: 31439365] {CVE-2020-10751} - Revert 'zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()' (Wade Mealing) [Orabug: 31510722] {CVE-2020-10781} - Enable config option CONFIG_NFSD_V4_2_INTER_SSC (Dai Ngo) [Orabug: 31535947] - NFSD: Fix NFS server build errors (Chuck Lever) [Orabug: 31535947] - nfsd4: fix double free in nfsd4_do_async_copy() (Dan Carpenter) [Orabug: 31535947] - NFSD fixing possible null pointer derefering in copy offload (Olga Kornievskaia) [Orabug: 31535947] - NFSD fix nfserro errno mismatch (Olga Kornievskaia) [Orabug: 31535947] - NFSD: fix seqid in copy stateid (Olga Kornievskaia) [Orabug: 31535947] - NFSv4.2 fix memory leak in nfs42_ssc_open (Olga Kornievskaia) [Orabug: 31535947] - NFSv4: Make _nfs42_proc_copy_notify() static (YueHaibing) [Orabug: 31535947] - nfsv4: Move NFSPROC4_CLNT_COPY_NOTIFY to end of list (Trond Myklebust) [Orabug: 31535947] - NFSD: allow inter server COPY to have a STALE source server fh (Olga Kornievskaia) [Orabug: 31535947] - NFSD add nfs4 inter ssc to nfsd4_copy (Olga Kornievskaia) [Orabug: 31535947] - NFSD check stateids against copy stateids (Olga Kornievskaia) [Orabug: 31535947] - NFSD fix mismatching type in nfsd4_set_netaddr (Olga Kornievskaia) [Orabug: 31535947] - NFSD fill-in netloc4 structure (Olga Kornievskaia) [Orabug: 31535947] - NFSD add COPY_NOTIFY operation (Olga Kornievskaia) [Orabug: 31535947] to COPY (Olga Kornievskaia) [Orabug: 31535947] - NFSD COPY_NOTIFY xdr (Olga Kornievskaia) [Orabug: 31535947] - NFSv4.2 fix kfree in __nfs42_copy_file_range (Olga Kornievskaia) [Orabug: 31535947] - NFS based on file size issue sync copy or fallback to generic copy offload (Olga Kornievskaia) [Orabug: 31535947] - NFS: handle source server reboot (Olga Kornievskaia) [Orabug: 31535947] - NFS: skip recovery of copy open on dest server (Olga Kornievskaia) [Orabug: 31535947] - NFS: inter ssc open (Olga Kornievskaia) [Orabug: 31535947] to COPY (Olga Kornievskaia) [Orabug: 31535947] - NFS: add COPY_NOTIFY operation (Olga Kornievskaia) [Orabug: 31535947] - NFS NFSD: defining nl4_servers structure needed by both (Olga Kornievskaia) [Orabug: 31535947] - kvm: svm: Introduce GA Log tracepoint for AVIC (Suravee Suthikulpanit) [Orabug: 31631367] - KVM: SVM: Inhibit APIC virtualization for X2APIC guest (Oliver Upton) [Orabug: 31631367] - KVM: SVM: allocate AVIC data structures based on kvm_amd module parameter (Paolo Bonzini) [Orabug: 31631367] - kvm: x86: svm: Fix NULL pointer dereference when AVIC not enabled (Suravee Suthikulpanit) [Orabug: 31631367] - KVM: SVM: allow AVIC without split irqchip (Paolo Bonzini) [Orabug: 31631367] - kvm: ioapic: Lazy update IOAPIC EOI (Suravee Suthikulpanit) [Orabug: 31631367] - kvm: ioapic: Refactor kvm_ioapic_update_eoi() (Suravee Suthikulpanit) [Orabug: 31631367] - kvm: i8254: Deactivate APICv when using in-kernel PIT re-injection mode. (Suravee Suthikulpanit) [Orabug: 31631367] - svm: Temporarily deactivate AVIC during ExtINT handling (Suravee Suthikulpanit) [Orabug: 31631367] - svm: Deactivate AVIC when launching guest with nested SVM support (Suravee Suthikulpanit) [Orabug: 31631367] - kvm: x86: hyperv: Use APICv update request interface (Suravee Suthikulpanit) [Orabug: 31631367] - svm: Add support for dynamic APICv (Suravee Suthikulpanit) [Orabug: 31631367] - kvm: x86: Introduce x86 ops hook for pre-update APICv (Suravee Suthikulpanit) [Orabug: 31631367] - kvm: x86: Introduce APICv x86 ops for checking APIC inhibit reasons (Suravee Suthikulpanit) [Orabug: 31631367] - KVM: svm: avic: Add support for dynamic setup/teardown of virtual APIC backing page (Suravee Suthikulpanit) [Orabug: 31631367] - kvm: x86: svm: Add support to (de)activate posted interrupts (Suravee Suthikulpanit) [Orabug: 31631367] - kvm: x86: Add APICv (de)activate request trace points (Suravee Suthikulpanit) [Orabug: 31631367] - kvm: x86: Add support for dynamic APICv activation (Suravee Suthikulpanit) [Orabug: 31631367] - KVM: x86: remove get_enable_apicv from kvm_x86_ops (Paolo Bonzini) [Orabug: 31631367] - kvm: x86: Introduce APICv inhibit reason bits (Suravee Suthikulpanit) [Orabug: 31631367] - kvm: lapic: Introduce APICv update helper function (Suravee Suthikulpanit) [Orabug: 31631367] - KVM: X86: Drop KVM_APIC_SHORT_MASK and KVM_APIC_DEST_MASK (Peter Xu) [Orabug: 31631367] - KVM: SVM: Remove check if APICv enabled in SVM update_cr8_intercept() handler (Liran Alon) [Orabug: 31631367] - kvm: x86: Modify kvm_x86_ops.get_enable_apicv() to use struct kvm parameter (Suthikulpanit, Suravee) [Orabug: 31631367] - kvm: Increase KVM_USER_MEM_SLOTS for dense memory hotplug (Eric DeVolder) [Orabug: 31694365] - random32: update the net random state on interrupt and activity (Willy Tarreau) [Orabug: 31698078] {CVE-2020-16166} - vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31705117] {CVE-2020-14331} {CVE-2020-14331} - net/rds: Incorrect WARN_ON() (Ka-Cheong Poon) [Orabug: 31718014] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-16166 CVE-2020-24394 CVE-2020-10751 CVE-2020-12771 CVE-2020-14331 CVE-2020-10781 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/o:oracle:linux:8:2:baseos_patch cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 olcne [1.1.6-1] - support upgrading nginx - Adress CVE-2019-9511 - Adress CVE-2018-16845 - Adress CVE-2017-7529 - support upgrading flannel nginx [1.17.7-2] - Changed nginx home dir to /var/lib/nginx for consistency [1.17.7-1] - Added Oracle Specific Build Files for nginx - Adress CVE-2019-9511 - Adress CVE-2018-16845 - Adress CVE-2017-7529 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2017-7529 CVE-2019-9511 CVE-2018-16845 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 7 [1:1.3.2-1.el7] - Updates for OVMF/AAVMF Version 1.3.2 including: * Fri Jul 31 2020 Aaron Young <aaron.young@oracle.com> - Create new 1.3.2 release for OL7 * Fri May 01 2020 Aaron Young <aaron.young@oracle.com> - Create new 1.3.1 release for OL7 * Wed Feb 05 2020 Aaron Young <aaron.young@oracle.com> - Create new 1.3 release for OL7 which includes the following fixed CVEs: {CVE-2018-12182} {CVE-2019-13224} {CVE-2019-13225} {CVE-2019-14553} * Fri May 17 2019 Aaron Young <aaron.young@oracle.com> - Create new 1.2 release for OL7 which includes the following fixed CVEs: {CVE-2017-5715} {CVE-2017-5731} {CVE-2017-5732} {CVE-2017-5733} {CVE-2017-5734} {CVE-2017-5735} {CVE-2017-5753} {CVE-2018-12178} {CVE-2018-12180} {CVE-2018-12181} {CVE-2018-3630} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-13224 CVE-2019-13225 CVE-2019-14553 CVE-2018-12182 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::kvm_utils cpe:/a:oracle:linux:7:8:patch Oracle Linux 7 olcne [1.0.8-2] - Added nginx-image resource in module definitions to ensure nginx image upgrading [1.0.8-1] - support upgrading nginx - Adress CVE-2019-9511 - Adress CVE-2018-16845 - Adress CVE-2017-7529 - support upgrading flannel nginx [1.17.7-2] - Changed nginx home dir to /var/lib/nginx for consistency [1.17.7-1] - Added Oracle Specific Build Files for nginx - Adress CVE-2019-9511 - Adress CVE-2018-16845 - Adress CVE-2017-7529 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-9511 CVE-2017-7529 CVE-2018-16845 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.43.4] - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974) (Jann Horn) [Orabug: 29434845] {CVE-2019-6974} - KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) (Peter Shier) [Orabug: 29434898] {CVE-2019-7221} - KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222) (Paolo Bonzini) [Orabug: 29434924] {CVE-2019-7222} - net: arc_emac: fix koops caused by sk_buff free (Alexander Kochetkov) [Orabug: 30254239] {CVE-2016-10906} - GFS2: don't set rgrp gl_object until it's inserted into rgrp tree (Bob Peterson) [Orabug: 30254251] {CVE-2016-10905} - GFS2: Fix rgrp end rounding problem for bsize < page size (Bob Peterson) [Orabug: 30254251] {CVE-2016-10905} - x86/apic/msi: update address_hi on set msi affinity (Joe Jin) [Orabug: 31477035] - x86/apic/msi: check and sync apic IRR on msi_set_affinity (Joe Jin) [Orabug: 31477035] - net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup (Sabrina Dubroca) [Orabug: 31872821] {CVE-2020-1749} - nfs: Fix getxattr kernel panic and memory overflow (Jeffrey Mitchell) [Orabug: 31872910] {CVE-2020-25212} - rbd: require global CAP_SYS_ADMIN for mapping and unmapping (Ilya Dryomov) [Orabug: 31884169] {CVE-2020-25284} - mm/hugetlb: fix a race between hugetlb sysctl handlers (Muchun Song) [Orabug: 31884239] {CVE-2020-25285} - ext4: fix potential negative array index in do_split() (Eric Sandeen) [Orabug: 31895331] {CVE-2020-14314} [4.1.12-124.43.3] - ARM: amba: Fix race condition with driver_override (Geert Uytterhoeven) [Orabug: 29671212] {CVE-2018-9415} - block: blk_init_allocated_queue() set q->fq as NULL in the fail case (xiao jin) [Orabug: 30120513] {CVE-2018-20856} - USB: serial: omninet: fix reference leaks at open (Johan Hovold) [Orabug: 30484761] {CVE-2017-8925} - nl80211: validate beacon head (Johannes Berg) [Orabug: 30556264] {CVE-2019-16746} - cfg80211: Use const more consistently in for_each_element macros (Jouni Malinen) [Orabug: 30556264] {CVE-2019-16746} - cfg80211: add and use strongly typed element iteration macros (Johannes Berg) [Orabug: 30556264] {CVE-2019-16746} - cfg80211: add helper to find an IE that matches a byte-array (Luca Coelho) [Orabug: 30556264] {CVE-2019-16746} - cfg80211: allow finding vendor with OUI without specifying the OUI type (Emmanuel Grumbach) [Orabug: 30556264] {CVE-2019-16746} - dccp: Fix memleak in __feat_register_sp (YueHaibing) [Orabug: 30732821] {CVE-2019-20096} - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (YueHaibing) [Orabug: 30732938] {CVE-2019-20054} - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (YueHaibing) [Orabug: 30732938] {CVE-2019-20054} - scsi: libsas: stop discovering if oob mode is disconnected (Jason Yan) [Orabug: 30770913] {CVE-2019-19965} - kernel/sysctl.c: fix out-of-bounds access when setting file-max (Will Deacon) [Orabug: 31350720] {CVE-2019-14898} - sysctl: handle overflow for file-max (Christian Brauner) [Orabug: 31350720] {CVE-2019-14898} - ath9k_htc: release allocated buffer if timed out (Navid Emamdoost) [Orabug: 31351572] {CVE-2019-19073} - can: gs_usb: gs_can_open(): prevent memory leak (Navid Emamdoost) [Orabug: 31351682] {CVE-2019-19052} - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() (Takashi Iwai) [Orabug: 31351837] {CVE-2019-15927} - media: usb: siano: Fix general protection fault in smsusb (Alan Stern) [Orabug: 31351875] {CVE-2019-15218} - crypto: vmac - separate tfm and request context (Eric Biggers) [Orabug: 31584410] - SUNRPC: Fix a race with XPRT_CONNECTING (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Fix disconnection races (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Add a helper to wake up a sleeping rpc_task and set its status (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Reduce latency when send queue is congested (Trond Myklebust) [Orabug: 31796770] - SUNRPC: RPC transport queue must be low latency (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Fix a potential race in xprt_connect() (Trond Myklebust) [Orabug: 31796770] - SUNRPC: ensure correct error is reported by xs_tcp_setup_socket() (NeilBrown) [Orabug: 31796770] - SUNRPC: Fix races between socket connection and destroy code (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Prevent SYN+SYNACK+RST storms (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Report TCP errors to the caller (Trond Myklebust) [Orabug: 31796770] - SUNRPC: Ensure we release the TCP socket once it has been closed (Trond Myklebust) [Orabug: 31796770] - net-gro: fix use-after-free read in napi_gro_frags() (Eric Dumazet) [Orabug: 31856195] {CVE-2020-10720} - PCI: Probe bridge window attributes once at enumeration-time (Bjorn Helgaas) [Orabug: 31867577] [4.1.12-124.43.2] - ALSA: seq: Cancel pending autoload work at unbinding device (Takashi Iwai) [Orabug: 31352045] {CVE-2017-16528} - USB: serial: io_ti: fix information leak in completion handler (Johan Hovold) [Orabug: 31352084] {CVE-2017-8924} - sample-trace-array: Fix sleeping function called from invalid context (Kefeng Wang) [Orabug: 31543032] - sample-trace-array: Remove trace_array 'sample-instance' (Kefeng Wang) [Orabug: 31543032] - tracing: Sample module to demonstrate kernel access to Ftrace instances. (Divya Indi) [Orabug: 31543032] - tracing: Adding new functions for kernel access to Ftrace instances (Aruna Ramakrishna) [Orabug: 31543032] - tracing: Adding NULL checks for trace_array descriptor pointer (Divya Indi) [Orabug: 31543032] - tracing: Verify if trace array exists before destroying it. (Divya Indi) [Orabug: 31543032] - tracing: Declare newly exported APIs in include/linux/trace.h (Divya Indi) [Orabug: 31543032] - tracing: Kernel access to Ftrace instances (Divya Indi) [Orabug: 31543032] [4.1.12-124.43.1] - blktrace: Protect q->blk_trace with RCU (Jan Kara) [Orabug: 31123576] {CVE-2019-19768} - media: technisat-usb2: break out of loop at end of buffer (Sean Young) [Orabug: 31224554] {CVE-2019-15505} - btrfs: merge btrfs_find_device and find_device (Anand Jain) [Orabug: 31351746] {CVE-2019-18885} - RDMA/cxgb4: Do not dma memory off of the stack (Greg KH) [Orabug: 31351783] {CVE-2019-17075} - mwifiex: Abort at too short BSS descriptor element (Takashi Iwai) [Orabug: 31351916] {CVE-2019-3846} - mwifiex: Fix possible buffer overflows at parsing bss descriptor (Takashi Iwai) [Orabug: 31351916] {CVE-2019-3846} {CVE-2019-3846} - repair kABI breakage from 'fs: prevent page refcount overflow in pipe_buf_get' (Dan Duval) [Orabug: 31351941] {CVE-2019-11487} - mm: prevent get_user_pages() from overflowing page refcount (Linus Torvalds) [Orabug: 31351941] {CVE-2019-11487} - mm: add 'try_get_page()' helper function (Linus Torvalds) [Orabug: 31351941] {CVE-2019-11487} - fs: prevent page refcount overflow in pipe_buf_get (Matthew Wilcox) [Orabug: 31351941] {CVE-2019-11487} - mm: make page ref count overflow check tighter and more explicit (Linus Torvalds) [Orabug: 31351941] {CVE-2019-11487} - sctp: implement memory accounting on tx path (Xin Long) [Orabug: 31351960] {CVE-2019-3874} - sunrpc: use SVC_NET() in svcauth_gss_* functions (Vasily Averin) [Orabug: 31351995] {CVE-2018-16884} - sunrpc: use-after-free in svc_process_common() (Vasily Averin) [Orabug: 31351995] {CVE-2018-16884} - af_packet: set defaule value for tmo (Mao Wenan) [Orabug: 31439107] {CVE-2019-20812} - selinux: properly handle multiple messages in selinux_netlink_send() (Paul Moore) [Orabug: 31439369] {CVE-2020-10751} - selinux: Print 'sclass' as string when unrecognized netlink message occurs (Marek Milkovic) [Orabug: 31439369] {CVE-2020-10751} - mac80211: Do not send Layer 2 Update frame before authorization (Jouni Malinen) [Orabug: 31473652] {CVE-2019-5108} - cfg80211/mac80211: make ieee80211_send_layer2_update a public function (Dedy Lansky) [Orabug: 31473652] {CVE-2019-5108} - crypto: authenc - fix parsing key with misaligned rta_len (Eric Biggers) [Orabug: 31535529] {CVE-2020-10769} - vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31705121] {CVE-2020-14331} {CVE-2020-14331} - rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783151] [4.1.12-124.42.4] - rds/ib: Make i_{recv,send}_hdrs non-contigious (Hans Westgaard Ry) [Orabug: 30634865] - md: get sysfs entry after redundancy attr group create (Junxiao Bi) [Orabug: 31683116] - md: fix deadlock causing by sysfs_notify (Junxiao Bi) [Orabug: 31683116] [4.1.12-124.42.3] - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351221] {CVE-2019-19535} - media: hdpvr: Fix an error handling path in hdpvr_probe() (Arvind Yadav) [Orabug: 31352053] {CVE-2017-16644} - fs/binfmt_misc.c: do not allow offset overflow (Thadeu Lima de Souza Cascardo) [Orabug: 31588258] - clear inode and truncate pages before enqueuing for async inactivation (Gautham Ananthakrishna) [Orabug: 31744270] [4.1.12-124.42.2] - mm: create alloc_last_chance debugfs entries (Mike Kravetz) [Orabug: 31295499] - mm: perform 'last chance' reclaim efforts before allocation failure (Mike Kravetz) [Orabug: 31295499] - mm: let page allocation slowpath retry 'order' times (Mike Kravetz) [Orabug: 31295499] - fix kABI breakage from 'netns: provide pure entropy for net_hash_mix()' (Dan Duval) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639} - netns: provide pure entropy for net_hash_mix() (Eric Dumazet) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639} - hrtimer: Annotate lockless access to timer->base (Eric Dumazet) [Orabug: 31380495] - rds: ib: Revert 'net/rds: Avoid stalled connection due to CM REQ retries' (Hakon Bugge) [Orabug: 31648141] - rds: Clear reconnect pending bit (Hakon Bugge) [Orabug: 31648141] - RDMA/netlink: Do not always generate an ACK for some netlink operations (Hakon Bugge) [Orabug: 31666975] - genirq/proc: Return proper error code when irq_set_affinity() fails (Wen Yaxng) [Orabug: 31723450] [4.1.12-124.42.1] - fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Alexander Potapenko) [Orabug: 31350639] {CVE-2020-10732} - crypto: user - fix memory leak in crypto_report (Navid Emamdoost) [Orabug: 31351640] {CVE-2019-19062} - of: unittest: fix memory leak in unittest_data_add (Navid Emamdoost) [Orabug: 31351702] {CVE-2019-19049} - IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi) [Orabug: 31656992] - net-sysfs: call dev_hold if kobject_init_and_add success (YueHaibing) [Orabug: 31687545] {CVE-2019-20811} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2016-10905 CVE-2019-16746 CVE-2019-19768 CVE-2019-20812 CVE-2020-10751 CVE-2017-8924 CVE-2019-17075 CVE-2019-18885 CVE-2020-25212 CVE-2020-10769 CVE-2017-16528 CVE-2018-9415 CVE-2019-5108 CVE-2020-25284 CVE-2019-19965 CVE-2020-14314 CVE-2019-3846 CVE-2020-1749 CVE-2019-15218 CVE-2019-15505 CVE-2019-15927 CVE-2019-19073 CVE-2019-11487 CVE-2019-20096 CVE-2019-3874 CVE-2019-7221 CVE-2016-10906 CVE-2017-8925 CVE-2019-7222 CVE-2020-14331 CVE-2019-19052 CVE-2020-25285 CVE-2019-6974 CVE-2018-20856 CVE-2019-20054 CVE-2020-10720 CVE-2018-16884 CVE-2019-14898 cpe:/a:oracle:linux:6::UEKR4_archive cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:7::UEKR4 cpe:/a:oracle:linux:6::UEKR4 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.325.1] - media: rc: prevent memory leak in cx23888_ir_probe (Navid Emamdoost) [Orabug: 31351676] {CVE-2019-19054} - vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31705125] {CVE-2020-14331} {CVE-2020-14331} - rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783153] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19054 CVE-2020-14331 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.50.1] - USB: serial: omninet: fix reference leaks at open (Mark Nicholson) [Orabug: 30484762] {CVE-2017-8925} - GFS2: don't set rgrp gl_object until it's inserted into rgrp tree (Bob Peterson) [Orabug: 30254252] {CVE-2016-10905} - GFS2: Fix rgrp end rounding problem for bsize < page size (Bob Peterson) [Orabug: 30254252] {CVE-2016-10905} - GFS2: Use range based functions for rgrp sync/invalidation (Steven Whitehouse) [Orabug: 30254252] {CVE-2016-10905} - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (YueHaibing) [Orabug: 30732940] {CVE-2019-20054} - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (YueHaibing) [Orabug: 30732940] {CVE-2019-20054} - scsi: libsas: stop discovering if oob mode is disconnected (Jason Yan) [Orabug: 30770914] {CVE-2019-19965} - ath9k_htc: release allocated buffer if timed out (Navid Emamdoost) [Orabug: 31351573] {CVE-2019-19073} - USB: serial: io_ti: fix information leak in completion handler (Johan Hovold) [Orabug: 31352085] {CVE-2017-8924} - mm/hugetlb: fix a race between hugetlb sysctl handlers (Muchun Song) [Orabug: 31884241] {CVE-2020-25285} - ext4: fix potential negative array index in do_split() (Eric Sandeen) [Orabug: 31895332] {CVE-2020-14314} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19965 CVE-2019-20054 CVE-2019-19073 CVE-2020-25285 CVE-2016-10905 CVE-2017-8924 CVE-2017-8925 CVE-2020-14314 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.326.1] - ath9k_htc: release allocated buffer if timed out (Navid Emamdoost) [Orabug: 31351574] {CVE-2019-19073} - USB: serial: io_ti: fix information leak in completion handler (Johan Hovold) [Orabug: 31352086] {CVE-2017-8924} - mm/hugetlb: fix a race between hugetlb sysctl handlers (Muchun Song) [Orabug: 31884244] {CVE-2020-25285} - ext4: fix potential negative array index in do_split() (Eric Sandeen) [Orabug: 31895333] {CVE-2020-14314} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-14314 CVE-2020-25285 CVE-2017-8924 CVE-2019-19073 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 7 Oracle Linux 8 [5.4.17-2011.7.4] - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (Suravee Suthikulpanit) [Orabug: 31931369] - iommu/amd: Fix potential @entry null deref (Joao Martins) [Orabug: 31931369] - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (Suravee Suthikulpanit) [Orabug: 31931369] [5.4.17-2011.7.3] - xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [Orabug: 31895365] {CVE-2020-14385} - ext4: fix potential negative array index in do_split() (Eric Sandeen) [Orabug: 31895327] {CVE-2020-14314} - mm/hugetlb: fix a race between hugetlb sysctl handlers (Muchun Song) [Orabug: 31884234] {CVE-2020-25285} - rbd: require global CAP_SYS_ADMIN for mapping and unmapping (Ilya Dryomov) [Orabug: 31884154] {CVE-2020-25284} - nfs: Fix getxattr kernel panic and memory overflow (Jeffrey Mitchell) [Orabug: 31872895] {CVE-2020-25212} - libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (Jane Chu) [Orabug: 31861296] - libnvdimm/security: the 'security' attr never (Jane Chu) [Orabug: 31861296] - libnvdimm/security: fix a typo (Jane Chu) [Orabug: 31861296] - mmc: sdhci: Silence MMC warnings (Maxime Ripard) [Orabug: 31746382] - bcm2835-dma: Add support for per-channel flags (Phil Elwell) [Orabug: 31746382] - mmc: sdhci-iproc: Fix vmmc regulators on iProc (Phil Elwell) [Orabug: 31746382] - KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722763] - KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722763] - KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722763] [5.4.17-2011.7.2] - net/packet: fix overflow in tpacket_rcv (Or Cohen) [Orabug: 31866487] {CVE-2020-14386} {CVE-2020-14386} - block: better deal with the delayed not supported case in blk_cloned_rq_check_limits (Ritika Srivastava) [Orabug: 31850341] - block: Return blk_status_t instead of errno codes (Ritika Srivastava) [Orabug: 31850341] - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (Suravee Suthikulpanit) [Orabug: 31849530] - uek-rpm: ol8: config-aarch64: add *_MEMORY_HOTPLUG (Mihai Carabas) [Orabug: 31848696] [5.4.17-2011.7.1] - IB/mlx5: Expose RoCE accelerator counters (Avihai Horon) [Orabug: 31621895] - net/mlx5: Add RoCE accelerator counters (Leon Romanovsky) [Orabug: 31621895] - cgroup: Fix sock_cgroup_data on big-endian. (Cong Wang) [Orabug: 31779795] {CVE-2020-14356} - cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (Cong Wang) [Orabug: 31779795] {CVE-2020-14356} - Revert 'aarch64/BM: config failed, hub doesn't have any ports' (Thomas Tai) [Orabug: 31838351] - kvm: ioapic: Restrict lazy EOI update to edge-triggered interrupts (Paolo Bonzini) [Orabug: 31839185] - iavf: use generic power management (Vaibhav Gupta) [Orabug: 31700015] - iavf: Fix updating statistics (Tony Nguyen) [Orabug: 31700015] - iavf: fix error return code in iavf_init_get_resources() (Wei Yongjun) [Orabug: 31700015] - iavf: increase reset complete wait time (Paul Greenwalt) [Orabug: 31700015] - iavf: Fix reporting 2.5 Gb and 5Gb speeds (Brett Creeley) [Orabug: 31700015] - iavf: use appropriate enum for comparison (Aleksandr Loktionov) [Orabug: 31700015] - iavf: Enable support for up to 16 queues (Mitch Williams) [Orabug: 31700015] - iavf: fix speed reporting over virtchnl (Brett Creeley) [Orabug: 31700015] - iavf: remove current MAC address filter on VF reset (Stefan Assmann) [Orabug: 31700015] - i40e: Fix crash during removing i40e driver (Grzegorz Szczurek) [Orabug: 31700015] - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (Przemyslaw Patynowski) [Orabug: 31700015] - i40e: introduce new dump desc XDP command (Ciara Loftus) [Orabug: 31700015] - i40e: add XDP ring statistics to dump VSI debug output (Ciara Loftus) [Orabug: 31700015] - i40e: add XDP ring statistics to VSI stats (Ciara Loftus) [Orabug: 31700015] - i40e: move check of full Tx ring to outside of send loop (Magnus Karlsson) [Orabug: 31700015] - i40e: eliminate division in napi_poll data path (Magnus Karlsson) [Orabug: 31700015] - i40e: optimize AF_XDP Tx completion path (Magnus Karlsson) [Orabug: 31700015] - i40e: Add support for a new feature Total Port Shutdown (Arkadiusz Kubalewski) [Orabug: 31700015] - i40e: Remove scheduling while atomic possibility (Aleksandr Loktionov) [Orabug: 31700015] - i40e: Add support for 5Gbps cards (Aleksandr Loktionov) [Orabug: 31700015] - i40e: Add a check to see if MFS is set (Todd Fujinaka) [Orabug: 31700015] - i40e: detect and log info about pre-recovery mode (Piotr Kwapulinski) [Orabug: 31700015] - i40e: make PF wait reset loop reliable (Piotr Kwapulinski) [Orabug: 31700015] - i40e: remove unused defines (Jesse Brandeburg) [Orabug: 31700015] - i40e: Move client header location (Shiraz Saleem) [Orabug: 31700015] - i40e: fix crash when Rx descriptor count is changed (Bjorn Topel) [Orabug: 31700015] - i40e: Make i40e_shutdown_adminq() return void (Jason Yan) [Orabug: 31700015] - i40e: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 31700015] - i40e: Separate kernel allocated rx_bi rings from AF_XDP rings (Bjorn Topel) [Orabug: 31700015] - i40e: Refactor rx_bi accesses (Bjorn Topel) [Orabug: 31700015] - i40e: Remove unneeded conversion to bool (Jason Yan) [Orabug: 31700015] - i40e: fix spelling mistake 'to' -> 'too' (Colin Ian King) [Orabug: 31700015] - i40e: Set PHY Access flag on X722 (Adam Ludkiewicz) [Orabug: 31700015] - i40e: implement VF stats NDO (Jesse Brandeburg) [Orabug: 31700015] - i40e: enable X710 support (Alice Michael) [Orabug: 31700015] - i40e: Add UDP segmentation offload support (Josh Hunt) [Orabug: 31700015] - i40e: Refactoring VF MAC filters counting to make more reliable (Aleksandr Loktionov) [Orabug: 31700015] - i40e: Fix LED blinking flow for X710T*L devices (Damian Milosek) [Orabug: 31700015] - i40e: allow ethtool to report SW and FW versions in recovery mode (Piotr Kwapulinski) [Orabug: 31700015] - i40e: Extend PHY access with page change flag (Piotr Azarewicz) [Orabug: 31700015] - i40e: Extract detection of HW flags into a function (Piotr Azarewicz) [Orabug: 31700015] - i40e: Fix for persistent lldp support (Sylwia Wnuczko) [Orabug: 31700015] - i40e: protect ring accesses with READ- and WRITE_ONCE (Ciara Loftus) [Orabug: 31700015] - i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (Brett Creeley) [Orabug: 31700015] - i40e: Relax i40e_xsk_wakeup's return value when PF is busy (Maciej Fijalkowski) [Orabug: 31700015] - i40e: Fix virtchnl_queue_select bitmap validation (Brett Creeley) [Orabug: 31700015] [5.4.17-2011.7.0] - sample-trace-array: Fix sleeping function called from invalid context (Kefeng Wang) [Orabug: 31543029] - sample-trace-array: Remove trace_array 'sample-instance' (Kefeng Wang) [Orabug: 31543029] - tracing: Sample module to demonstrate kernel access to Ftrace instances. (Divya Indi) [Orabug: 31543029] - tracing: Adding new functions for kernel access to Ftrace instances (Divya Indi) [Orabug: 31543029] - tracing: Adding NULL checks for trace_array descriptor pointer (Divya Indi) [Orabug: 31543029] - tracing: Verify if trace array exists before destroying it. (Divya Indi) [Orabug: 31543029] - tracing: Declare newly exported APIs in include/linux/trace.h (Divya Indi) [Orabug: 31543029] - RDMA/cm: Fix missing RDMA_CM_EVENT_REJECTED event after receiving REJ message (Leon Romanovsky) [Orabug: 31784656] - RDMA/cm: Protect access to remote_sidr_table (Maor Gottlieb) [Orabug: 31784889] - rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783146] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-25284 CVE-2020-14314 CVE-2020-14385 CVE-2020-14386 CVE-2020-14356 CVE-2020-25212 CVE-2020-25285 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/o:oracle:linux:8:2:baseos_patch cpe:/a:oracle:linux:7::UEKR6 cpe:/o:oracle:linux:8:3:baseos_base Oracle Linux 7 [4.14.35-2025.401.4] - KVM: x86: always expose VIRT_SSBD to guests (Paolo Bonzini) [Orabug: 31957046] [4.14.35-2025.401.3] - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (Suravee Suthikulpanit) [Orabug: 31931371] - oracleasm: Access d_bdev before dropping inode (Stephen Brennan) [Orabug: 31901948] - net: Correct warning: label 'drop' defined but not used. (John Donnelly) [Orabug: 31916130] - KVM: Corrects build warnings for emulator_get_fpu/emulator_put_fpu (John Donnelly) [Orabug: 31907286] - ext4: fix potential negative array index in do_split() (Eric Sandeen) [Orabug: 31895330] {CVE-2020-14314} - net/rds: Extract dest qp num for displaying in rds-info (Praveen Kumar Kannoju) [Orabug: 31880143] - bpf: Fix bpf_event_output re-entry issue (Allan Zhang) [Orabug: 31865842] - bpf: fix nested bpf tracepoints with per-cpu data (Matt Mullins) [Orabug: 31865842] - uek-rpm: Turn on module signing for embedded2 kernel (Dave Kleikamp) [Orabug: 31895264] - uek-rpm: Clean up config-aarch64-embedded2 (Dave Kleikamp) [Orabug: 31895264] [4.14.35-2025.401.2] - mm/hugetlb: fix a race between hugetlb sysctl handlers (Muchun Song) [Orabug: 31884238] {CVE-2020-25285} - rbd: require global CAP_SYS_ADMIN for mapping and unmapping (Ilya Dryomov) [Orabug: 31884165] {CVE-2020-25284} - nfs: Fix getxattr kernel panic and memory overflow (Jeffrey Mitchell) [Orabug: 31872904] {CVE-2020-25212} - IB/mlx5: Fix MR registration flow to use UMR properly (Guy Levi) [Orabug: 31631231] - IB/mlx5: Prevent concurrent MR updates during invalidation (Moni Shoua) [Orabug: 31631231] - IB/mlx5: Replace kfree with kvfree (Chuhong Yuan) [Orabug: 31631231] - RDMA/odp: Do not leak dma maps when working with huge pages (Jason Gunthorpe) [Orabug: 31631231] - IB/mlx5: Respect new UMR capabilities (Majd Dibbiny) [Orabug: 31631231] - RDMA/mlx5: Unify error flows in rereg MR failure paths (Leon Romanovsky) [Orabug: 31631231] - IB/mlx5: Maintain a single emergency page (Ilya Lesokhin) [Orabug: 31631231] - genirq/irqdomain: Make sure all irq domain flags are distinct (Zenghui Yu) [Orabug: 31885236] - irq/msi: Direct update affinity if irq is for msix or, maskable (Joe Jin) [Orabug: 31885236] - x86/apic/msi: Plug non-maskable MSI affinity race (Joe Jin) [Orabug: 31885236] - mm: memcg: Optimize cgroup traversal in memory.stat read (Tom Hromatka) [Orabug: 31849182] - SUNRPC: Fix disconnection races (Trond Myklebust) [Orabug: 31796863] - SUNRPC: Add a helper to wake up a sleeping rpc_task and set its status (Trond Myklebust) [Orabug: 31796863] - dmaengine: ioatdma: Add Snow Ridge ioatdma device id (Dave Jiang) [Orabug: 31669166] [4.14.35-2025.401.1] - PCI: Probe bridge window attributes once at enumeration-time (Bjorn Helgaas) [Orabug: 31867576] - net/packet: fix overflow in tpacket_rcv (Or Cohen) [Orabug: 31866489] {CVE-2020-14386} {CVE-2020-14386} - scsi: qla2xxx: Fix login timeout (Quinn Tran) [Orabug: 31860034] - block: better deal with the delayed not supported case in blk_cloned_rq_check_limits (Ritika Srivastava) [Orabug: 31850343] - block: Return blk_status_t instead of errno codes (Ritika Srivastava) [Orabug: 31850343] - block: print offending values when cloned rq limits are exceeded (John Pittman) [Orabug: 31850343] - iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (Suravee Suthikulpanit) [Orabug: 31849532] [4.14.35-2025.401.0] - Pensando: kernel config changes for kdump (Rob Gardner) [Orabug: 31821490] - Pensando: Enable iScsi in kernel config (Rob Gardner) [Orabug: 31821490] - sample-trace-array: Fix timer definition in samples/ftrace/sample-trace-array.c (Aruna Ramakrishna) [Orabug: 31845460] - IB/mlx5: Expose RoCE accelerator counters (Avihai Horon) [Orabug: 31621816] - net/mlx5: Add RoCE accelerator counters (Leon Romanovsky) [Orabug: 31621816] - lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() (Christophe Leroy) [Orabug: 29623005] {CVE-2018-20669} - x86: uaccess: Inhibit speculation past access_ok() in user_access_begin() (Will Deacon) [Orabug: 29623005] {CVE-2018-20669} - arch/openrisc: Fix issues with access_ok() (Stafford Horne) [Orabug: 29623005] {CVE-2018-20669} - Fix 'acccess_ok()' on alpha and SH (Linus Torvalds) [Orabug: 29623005] {CVE-2018-20669} - make 'user_access_begin()' do 'access_ok()' (Linus Torvalds) [Orabug: 29623005] {CVE-2018-20669} - kabi fix for reparent slab memory on cgroup removal patchset (Tom Hromatka) [Orabug: 31746022] - mm/memcontrol.c: add missed css_put() (Muchun Song) [Orabug: 31746022] - mm: memcg/slab: reparent memcg kmem_caches on cgroup removal (Roman Gushchin) [Orabug: 31746022] - mm: memcg/slab: stop setting page->mem_cgroup pointer for slab pages (Roman Gushchin) [Orabug: 31746022] - mm: memcg/slab: rework non-root kmem_cache lifecycle management (Roman Gushchin) [Orabug: 31746022] - mm: memcg/slab: synchronize access to kmem_cache dying flag using a spinlock (Roman Gushchin) [Orabug: 31746022] - mm: memcg/slab: don't check the dying flag on kmem_cache creation (Roman Gushchin) [Orabug: 31746022] - mm: memcg/slab: unify SLAB and SLUB page accounting (Roman Gushchin) [Orabug: 31746022] - mm: memcg/slab: introduce __memcg_kmem_uncharge_memcg() (Roman Gushchin) [Orabug: 31746022] - mm: memcg/slab: generalize postponed non-root kmem_cache deactivation (Roman Gushchin) [Orabug: 31746022] - mm: memcg/slab: rename slab delayed deactivation functions and fields (Roman Gushchin) [Orabug: 31746022] - mm: memcg/slab: postpone kmem_cache memcg pointer initialization to memcg_link_cache() (Roman Gushchin) [Orabug: 31746022] - mm: introduce mem_cgroup_put() helper (Roman Gushchin) [Orabug: 31746022] - mm/memcontrol.c: export mem_cgroup_is_root() (Kirill Tkhai) [Orabug: 31746022] - memcg: localize memcg_kmem_enabled() check (Shakeel Butt) [Orabug: 31746022] - mm: fix race between kmem_cache destroy, create and deactivate (Shakeel Butt) [Orabug: 31746022] - uek-rpm: Sync up aarch64 config files with latest Marvell patches (Dave Kleikamp) [Orabug: 31838205] - drivers: marvell: otx2-sdei-ghes: correct issues with crashdump kernel (Rick Farrington) [Orabug: 31838205] - drivers: mtd: spi-nor: Add MX66L2G45GXRI00 macronix flash (Selvam Venkatachalam) [Orabug: 31838205] - irqchip/gic-v3: Add workaround for interrupt loss on IPI (Linu Cherian) [Orabug: 31838205] - octeontx2-af: fix Extended DSA and eDSA parsing (Satha Rao) [Orabug: 31838205] - drivers: gicv3: Adds workaround for Marvell erratum 38545 (Bhaskara Budiredla) [Orabug: 31838205] - octeontx2-af: reset HWS group mask during FLR (Michal Mazur) [Orabug: 31838205] - drivers: marvell: otx2: sdei-ghes: add BERT support for RAS errors (Rick Farrington) [Orabug: 31838205] - ACPI: APEI: BERT: support BERT in non-ACPI systems (Rick Farrington) [Orabug: 31838205] - Documentation: dt: edac: update sdei-ghes/bed-bert settings (Rick Farrington) [Orabug: 31838205] - btrfs: merge btrfs_find_device and find_device (Anand Jain) [Orabug: 31351744] {CVE-2019-18885} - sctp: implement memory accounting on tx path (Xin Long) [Orabug: 31351958] {CVE-2019-3874} - Revert 'zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()' (Wade Mealing) [Orabug: 31510723] {CVE-2020-10781} - sample-trace-array: Fix sleeping function called from invalid context (Kefeng Wang) [Orabug: 31543030] - sample-trace-array: Remove trace_array 'sample-instance' (Kefeng Wang) [Orabug: 31543030] - tracing: Sample module to demonstrate kernel access to Ftrace instances. (Divya Indi) [Orabug: 31543030] - tracing: Adding new functions for kernel access to Ftrace instances (Aruna Ramakrishna) [Orabug: 31543030] - tracing: Adding NULL checks for trace_array descriptor pointer (Divya Indi) [Orabug: 31543030] - tracing: Verify if trace array exists before destroying it. (Divya Indi) [Orabug: 31543030] - tracing: Declare newly exported APIs in include/linux/trace.h (Divya Indi) [Orabug: 31543030] - tracing: Kernel access to Ftrace instances (Divya Indi) [Orabug: 31543030] - x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. (Anthony Steinhauser) [Orabug: 31557803] {CVE-2020-10767} - md: get sysfs entry after redundancy attr group create (Junxiao Bi) [Orabug: 31682037] - md: fix deadlock causing by sysfs_notify (Junxiao Bi) [Orabug: 31682037] - random32: update the net random state on interrupt and activity (Willy Tarreau) [Orabug: 31698082] {CVE-2020-16166} - vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31705119] {CVE-2020-14331} {CVE-2020-14331} - KVM: x86: take as_id into account when checking PGD (Vitaly Kuznetsov) [Orabug: 31722725] - KVM: X86: Fix MSR range of APIC registers in X2APIC mode (Xiaoyao Li) [Orabug: 31722725] - KVM: nVMX: Report NMIs as allowed when in L2 and Exit-on-NMI is set (Sean Christopherson) [Orabug: 31722725] - KVM: nVMX: Remove non-functional 'support' for CR3 target values (Sean Christopherson) [Orabug: 31722725] - KVM: x86/mmu: Avoid an extra memslot lookup in try_async_pf() for L2 (Paolo Bonzini) [Orabug: 31722725] - KVM: x86: Adjust counter sample period after a wrmsr (Eric Hankland) [Orabug: 31722725] - KVM: nVMX: Handle pending #DB when injecting INIT VM-exit (Oliver Upton) [Orabug: 31722725] - KVM: x86: Fix perfctr WRMSR for running counters (Eric Hankland) [Orabug: 31722725] - KVM: nVMX: Check GUEST_DR7 on vmentry of nested guests (Krish Sadhukhan) [Orabug: 31722725] - perf/core: Provide a kernel-internal interface to recalibrate event period (Like Xu) [Orabug: 31722725] - KVM: VMX: Consume pending LAPIC INIT event when exit on INIT_SIGNAL (Liran Alon) [Orabug: 31722725] - KVM: nVMX: cleanup and fix host 64-bit mode checks (Paolo Bonzini) [Orabug: 31722725] - KVM: nVMX: Check Host Address Space Size on vmentry of nested guests (Krish Sadhukhan) [Orabug: 31722725] - KVM: hyperv: Fix Direct Synthetic timers assert an interrupt w/o lapic_in_kernel (Wanpeng Li) [Orabug: 31722725] - KVM: x86: Fix INIT signal handling in various CPU states (Liran Alon) [Orabug: 31722725] - KVM: VMX: Introduce exit reason for receiving INIT signal on guest-mode (Liran Alon) [Orabug: 31722725] - KVM: nVMX: add tracepoint for failed nested VM-Enter (Sean Christopherson) [Orabug: 31722725] - KVM: nVMX: Ignore segment base for VMX memory operand when segment not FS or GS (Liran Alon) [Orabug: 31722725] - kvm: LAPIC: write down valid APIC registers (Paolo Bonzini) [Orabug: 31722725] - KVM: LAPIC: ARBPRI is a reserved register for x2APIC (Paolo Bonzini) [Orabug: 31722725] - KVM nVMX: Check Host Segment Registers and Descriptor Tables on vmentry of nested guests (Krish Sadhukhan) [Orabug: 31722725] - KVM/nVMX: Use kvm_vcpu_map for accessing the shadow VMCS (KarimAllah Ahmed) [Orabug: 31722725] - KVM/nVMX: Use kvm_vcpu_map when mapping the virtual APIC page (KarimAllah Ahmed) [Orabug: 31722725] - KVM: nVMX: Return -EINVAL when signaling failure in VM-Entry helpers (Sean Christopherson) [Orabug: 31722725] - KVM: nVMX: Move guest non-reg state checks to VM-Exit path (Sean Christopherson) [Orabug: 31722725] - kvm: nVMX: Check 'load IA32_PAT' VM-entry control on vmentry (Krish Sadhukhan) [Orabug: 31722725] - kvm: nVMX: Check 'load IA32_PAT' VM-exit control on vmentry (Krish Sadhukhan) [Orabug: 31722725] - KVM: x86: optimize check for valid PAT value (Paolo Bonzini) [Orabug: 31722725] - KVM: nVMX: allow tests to use bad virtual-APIC page address (Paolo Bonzini) [Orabug: 31722725] - x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init (Vitaly Kuznetsov) [Orabug: 31722725] - kvm: nVMX: Add a vmentry check for HOST_SYSENTER_ESP and HOST_SYSENTER_EIP fields (Krish Sadhukhan) [Orabug: 31722725] - KVM: nVMX: Apply addr size mask to effective address for VMX instructions (Sean Christopherson) [Orabug: 31722725] - Reverts 'rds: avoid unnecessary cong_update in loop transport' (Iraimani Pavadai) [Orabug: 31741323] - net/mlx5e: Poll event queue upon TX timeout before performing full channels recovery (Eran Ben Elisha) [Orabug: 31753101] - net/rds: Incorrect pointer used in rds_getname() (Ka-Cheong Poon) [Orabug: 31755754] - nfsd: apply umask on fs without ACL support (J. Bruce Fields) [Orabug: 31779886] {CVE-2020-24394} - RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31688621] - uek-rpm: aarch64: build embedded kernel for Pensando (Dave Kleikamp) [Orabug: 31627078] - Make low-speed APB bus accesses single threaded (Dave Kleikamp) [Orabug: 31627078] - Add /dev/capmem driver for Pensando (David Clear) [Orabug: 31627078] - Kconfig option to disable outer-cache-allocate for Pensando (David Clear) [Orabug: 31627078] - Provide for precise control of pgprot for Pensando (David Clear) [Orabug: 31627078] - Add Pensando Capri board .dts files and default configs (David Clear) [Orabug: 31627078] - Add /proc/xmaps (David Clear) [Orabug: 31627078] - mtd/spi-nor/cadence-quadspi.c: Speed up reads. (David Clear) [Orabug: 31627078] - Add mnic nodes to the Pensando devicetree (David Clear) [Orabug: 31627078] - Pensando Boot State Machine (BSM) integration. (David Clear) [Orabug: 31627078] - Pensando crash dump driver (David Clear) [Orabug: 31627078] - Pensando/Capri PCIE panic handler. (David Clear) [Orabug: 31627078] - Add uio support for Capri PCIE and Link interrupts (David Clear) [Orabug: 31627078] - Interrupt domain controllers for Capri ASIC. (David Clear) [Orabug: 31627078] - Capri SPI driver (David Clear) [Orabug: 31627078] - Add Capri EMMC phy and instantiate the driver in the dts (David Clear) [Orabug: 31627078] - Initial Pensando Capri SoC declaration (David Clear) [Orabug: 31627078] - New quirk for Pensando QSPI controller (David Clear) [Orabug: 31627078] - Add pensando,cpld device tree compat entry (David Clear) [Orabug: 31627078] - add support for NXP PCF85363/PCF85263 real-time clock (David Clear) [Orabug: 31627078] - Support the reset pulse width from the device-tree. (David Clear) [Orabug: 31627078] - Attempt to recover from a stuck SDA line (David Clear) [Orabug: 31627078] - Add driver for the TI TPS53659 (David Clear) [Orabug: 31627078] - support spi-rx-bus-width property on subnodes (David Clear) [Orabug: 31627078] - Support for SPI_NOR_DUAL_READ on Micron (David Clear) [Orabug: 31627078] - mtd: spi-nor: cadence-quadspi: fix spelling mistake: 'Couldnt't' -> 'Couldn't' (Colin Ian King) [Orabug: 31627078] - mtd: spi-nor: cadence-quadspi: Add support for Octal SPI controller (Vignesh R) [Orabug: 31627078] - mtd: spi-nor: Add Micron MT25QU02 support (Thor Thayer) [Orabug: 31627078] - arm64: tlb: Ensure we execute an ISB following walk cache invalidation (Will Deacon) [Orabug: 31627078] - arm64: mm: Add ISB instruction to set_pgd() (Will Deacon) [Orabug: 31627078] - mtd: spi-nor: Allow Cadence QSPI support for ARM64 (Thor Thayer) [Orabug: 31627078] - irqchip/gic-v3: Add workaround for Synquacer pre-ITS (Ard Biesheuvel) [Orabug: 31627078] - irqchip/gic: Make quirks matching conditional on init return value (Ard Biesheuvel) [Orabug: 31627078] - irqchip/gic-v3: Probe device ID space before quirks handling (Ard Biesheuvel) [Orabug: 31627078] - rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783149] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-24394 CVE-2018-20669 CVE-2019-18885 CVE-2019-3874 CVE-2020-14331 CVE-2020-16166 CVE-2020-10767 CVE-2020-10781 CVE-2020-14386 CVE-2020-25212 CVE-2020-14314 CVE-2020-25285 CVE-2020-25284 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5_archive cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 docker-engine [19.03.11-6] - Fix for CVE-2020-15157 [19.03.11-5] - Bugfix for 'docker images [name]' not working on docker 19.03.11-ol - Address CVE-2020-16845 [19.03.11-4] - added patch for registry list [19.03.11-3] - update to 19.03.11 for CVE-2020-13401 [19.03.1-1.0.0] - update to 19.03.1 [19.03-0.0.1] - update to 19.03 [18.09.1-1.0.6] - disable kmem accounting for UEKR4 [18.09.1-1.0.5] - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 [18.09.1-1.0.4] - fix authentication error when using docker hub and using --default-registry [18.09.1-1.0.3] - fix authentication errors when using docker hub [18.09.1-1.0.2] - use epoch in container-selinux dependency [18.09.1-1.0.1] - fix 'docker cp doesn't work for btrfs' (OLM-158) - update build to Go 1.10.8 [18.09.1-1.0.0] - update to 18.09.1 [18.09-1.0.0] - rename back to docker-engine, rename dockerd-ce to dockerd and stop using alternatives [18.09-0.0.1] - merge docker-engine.spec changes by Oracle into docker-ce.spec from upstream 18.09 branch [18.03.1.ol-0.0.7] - fix [orabug 28452214] and [orabug 28461404] [18.03.1.ol-0.0.6] - obsolete/provide the docker package [orabug 28216396] - Fix docker plugin reference resolution [orabug 28376247] [18.03.1.ol-1.0.4] - Fixed issue where RPM overwrites config files [17.12.0.ol-1.0.1] - Update docker-engine package for upstream 17.12.0 [17.09.1.ol-1.0.2] - Update docker-engine package for upstream 17.09.1 [17.06.2.ol-1.0.1] - Update docker-engine package for upstream 17.06.2 [orabug 26673768] - Migrate to new 'ol'-based versioning - add docker-storage-config utility [17.03.1-ce-3.0.1] - Update docker-engine package for upstream 17.03.1 - Enable configuration of Docker daemon via sysconfig [orabug 21804877] - Require UEK4 for docker 1.9 [orabug 22235639 22235645] - Add docker.conf for prelink [orabug 25147708] - Update oracle linux selinux policy to match upstream [orabug 25653794] - Use dockerd instead of docker daemon as it is deprecated [orabug 25653794] docker-cli [19.03.11-6] - Fix for CVE-2020-15157 [19.03.11-5] - Bugfix for 'docker images [name]' not working on docker 19.03.11-ol - Address CVE-2020-16845 [19.03.11-4] - added patch for registry list [19.03.11-3] - update to 19.03.11 for CVE-2020-13401 [19.03.1-1.0.0] - update to 19.03.1 [19.03-0.0.1] - update to 19.03 [18.09.1-1.0.6] - disable kmem accounting for UEKR4 [18.09.1-1.0.5] - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 [18.09.1-1.0.4] - fix authentication error when using docker hub and using --default-registry [18.09.1-1.0.3] - fix authentication errors when using docker hub [18.09-1.0.0] - rename to docker-cli [18.09-0.0.1] - merge docker-engine.spec changes by Oracle into docker-ce-cli.spec from upstream 18.09 branch IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15157 cpe:/a:oracle:linux:7::developer cpe:/a:oracle:linux:7::addons cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 Oracle Linux 7 [1.2.14-1.0.1] - BUILDINFO: commit=259ae80da592d4f6b5e3cdc87202d36bc86a3579 - Addresses CVE-2020-15157 [1.2.14-1.0.0] - Added Oracle specific build files IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15157 cpe:/a:oracle:linux:7::developer cpe:/a:oracle:linux:7::addons cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.44.4] - scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS (himanshu.madhani@cavium.com) [Orabug: 32020790] [4.1.12-124.44.3] - qed: Reduce verbosity of unimplemented MFW messages (Mintz, Yuval) [Orabug: 31959299] - kexec: validate pe files against the system_blacklist_keyring (Eric Snowberg) [Orabug: 31961119] {CVE-2020-26541} [4.1.12-124.44.2] - usb: cdc-acm: make sure a refcount is taken early enough (Oliver Neukum) [Orabug: 31351088] {CVE-2019-19530} - net/rds: migration of a delayed initialized port present in down state (Praveen Kumar Kannoju) [Orabug: 31729995] - net: add high_order_alloc_disable sysctl (Eric Dumazet) [Orabug: 31835223] - mm, page_alloc: double zone's batchsize (Aaron Lu) [Orabug: 31835223] - mm/free_pcppages_bulk: prefetch buddy while not holding lock (Aruna Ramakrishna) [Orabug: 31835223] - mm/free_pcppages_bulk: do not hold lock when picking pages to free (Aruna Ramakrishna) [Orabug: 31835223] - mm, page_alloc: remove unnecessary variable from free_pcppages_bulk (Mel Gorman) [Orabug: 31835223] - netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872865] {CVE-2020-25211} - net/rds: Extract dest qp num for displaying in rds-info (Praveen Kumar Kannoju) [Orabug: 31880144] - uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31974559] [4.1.12-124.44.1] - oracleasm: Retrieve d_bdev before dropping inode (Stephen Brennan) [Orabug: 31832592] - KVM: VMX: fixes for vmentry_l1d_flush module parameter (Paolo Bonzini) [Orabug: 31962487] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2016-7917 CVE-2019-19530 CVE-2020-25643 CVE-2016-7913 CVE-2020-26541 CVE-2020-25211 cpe:/a:oracle:linux:6::UEKR4_archive cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:7::UEKR4 cpe:/a:oracle:linux:6::UEKR4 Oracle Linux 7 [4.14.35-2025.402.2.1] - powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040805] {CVE-2020-8694} {CVE-2020-8695} [4.14.35-2025.402.2] - ocfs2: fix remounting needed after setfacl command (Gang He) - Fix multiple variable definition with syzkaller (Hans Westgaard Ry) [Orabug: 32008770] - drm/vmwgfx: Use the dma scatter-gather iterator to get dma addresses (Thomas Hellstrom) [Orabug: 32010349] - i40e: Corrects i40e_setup_tc and i40e_xdp defined but not used warnings (John Donnelly) [Orabug: 32034050] - bnxt: Corrects warning: 'struct tc_cls_flower_offload' (John Donnelly) [Orabug: 32041757] - SCSI: Corrects 'ret' not used warning (John Donnelly) [Orabug: 32041763] - IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042520] - qed: Corrects warning: 'qed_iwarp_ll2_slowpath' defined but not used (John Donnelly) [Orabug: 32052276] [4.14.35-2025.402.1] - configfs: make ci_type field, some pointers and function arguments const (Bhumika Goyal) [Orabug: 32022427] - IB/ipoib: Arm 'send_cq' to process completions in due time (Gerd Rausch) [Orabug: 31596798] - hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989189] {CVE-2020-25643} - uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010303] - SUNRPC: Remove xprt_connect_status() again (John Donnelly) [Orabug: 32010341] - geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32014099] {CVE-2020-25645} - nvme-fc: fix double-free scenarios on hw queues (James Smart) [Orabug: 32019898] - xfs: fix warning: unused variable 'sb' (John Donnelly) [Orabug: 32010343] - nvme-pci: remove queue_count_ops for write_queues and poll_queues (Minwoo Im) [Orabug: 32010357] - nvme: Corrects warning: unused variable 'startka' (John Donnelly) [Orabug: 32010357] - uek-rpm: config-aarch64-embedded add fast_kexec (Henry Willard) [Orabug: 32010273] - arm64: kexec: Add optional fast shutdown for kexec (Henry Willard) [Orabug: 32010273] - ocfs2: remove unused ocfs2_prepare_inode_for_refcount() (John Donnelly) [Orabug: 32007790] - rds: fixes warning: unused variable 'cache_sz_k' (John Donnelly) [Orabug: 32008320] - panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 32009003] - uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961118] - certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961118] - certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961118] - certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961118] {CVE-2020-26541} - Revert 'l2tp: initialise PPP sessions before registering them' (George Kennedy) [Orabug: 31906205] - btrfs: Don't submit any btree write bio if the fs has errors (Qu Wenruo) [Orabug: 31265337] {CVE-2019-19377} {CVE-2019-19377} {CVE-2019-19377} - btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik) [Orabug: 31351023] {CVE-2019-19448} {CVE-2019-19448} - xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [Orabug: 31895824] {CVE-2020-14385} - net: add high_order_alloc_disable sysctl (Eric Dumazet) [Orabug: 31907603] - mm, page_alloc: double zone's batchsize (Aaron Lu) [Orabug: 31907603] - mm/free_pcppages_bulk: prefetch buddy while not holding lock (Aaron Lu) [Orabug: 31907603] - mm/free_pcppages_bulk: do not hold lock when picking pages to free (Aaron Lu) [Orabug: 31907603] - ghes: Corrects: warning: unused variable 'vaddr' [-Wunused-variable] (John Donnelly) [Orabug: 31995830] - ACPI: properties: Implement get_match_data() callback (Sinan Kaya) [Orabug: 31995830] - blk-mq: warning: unused variable 'ctx' (John Donnelly) [Orabug: 31996284] - x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999336] [4.14.35-2025.402.0] - nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31351789] {CVE-2019-16089} - efi/x86/Add missing error handling to old_memmap 1:1 mapping code (Gen Zhang) [Orabug: 31351924] {CVE-2019-12380} - RDS: add module parameter to allow module unload or not (Hans Westgaard Ry) [Orabug: 31503865] - rds: Revert 'Disable module unload by default' (Hans Westgaard Ry) [Orabug: 31503865] - rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31521372] - EDAC/i10nm: Update driver to support different bus number config register offsets (Qiuxu Zhuo) [Orabug: 31645136] - EDAC, {skx,i10nm}: Make some configurations CPU model specific (Qiuxu Zhuo) [Orabug: 31645136] - mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31682346] - KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722765] - KVM: x86: Manually flush collapsible SPTEs only when toggling flags (Sean Christopherson) [Orabug: 31722765] - KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722765] - KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722765] - cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (Cong Wang) [Orabug: 31779798] {CVE-2020-14356} - bpf: ensure helper ids match between UEK5, UEK6 and upstream (Alan Maguire) [Orabug: 31860453] - netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872862] {CVE-2020-25211} - vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390} - fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390} - KVM: nVMX: do not use dangling shadow VMCS after guest reset (Paolo Bonzini) [Orabug: 31941096] - Revert 'usb: xhci: do not create and register shared_hcd when USB3.0 is disabled' (Thomas Tai) [Orabug: 31943628] - uek-rpm: Use oracle-armset-1 to build uekemb2 (Dave Kleikamp) [Orabug: 31950869] - block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955141] {CVE-2020-25641} - uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979628] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-25643 CVE-2019-16089 CVE-2019-19377 CVE-2019-19448 CVE-2020-14390 CVE-2020-25211 CVE-2020-26541 CVE-2020-14356 CVE-2020-14385 CVE-2019-12380 CVE-2020-25641 CVE-2020-8694 CVE-2020-8695 CVE-2020-25645 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5_archive cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 Oracle Linux 8 [5.4.17-2036.100.6.1.el8uek] - powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040802] {CVE-2020-8694} {CVE-2020-8695} - KVM: ioapic: break infinite recursion on lazy EOI (Vitaly Kuznetsov) [Orabug: 32066585] {CVE-2020-27152} {CVE-2020-27152} - x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999339] - x86/jump_label: Patch one site at a time (Boris Ostrovsky) [Orabug: 31999339] [5.4.17-2036.100.5.el8uek] - uek-rpm: Fix integer test for 4k page size module signing (Dave Kleikamp) [Orabug: 32021114] - uek-rpm/kernel-uek.spec: Sign modules for 4k kernel (Vijay Kumar) [Orabug: 32021114] - hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989185] {CVE-2020-25643} - dm crypt: add flags to optionally bypass kcryptd workqueues (Ignat Korchagin) [Orabug: 31998688] - uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010302] - geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32013938] {CVE-2020-25645} - nvmet: Disable keep-alive timer when kato is cleared to 0h (Amit Engel) [Orabug: 31997181] - KVM: nVMX: stop abusing need_vmcs12_to_shadow_sync for eVMCS mapping (Vitaly Kuznetsov) [Orabug: 31986433] - cpu/hotplug: avoid race between cpuset_hotplug_workfn and later hotplug (Daniel Jordan) [Orabug: 31985221] - uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979626] - uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961115] - certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961115] - certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961115] - certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961115] {CVE-2020-26541} - bcache: stop setting ->queuedata (Christoph Hellwig) [Orabug: 30210051] - bcache: pr_info() format clean up in bcache_device_init() (Coly Li) [Orabug: 30210051] - bcache: use delayed kworker fo asynchronous devices registration (Coly Li) [Orabug: 30210051] - bcache: check and adjust logical block size for backing devices (Mauricio Faria de Oliveira) [Orabug: 30210051] - bcache: configure the asynchronous registertion to be experimental (Coly Li) [Orabug: 30210051] - bcache: asynchronous devices registration (Coly Li) [Orabug: 30210051] uses to a more typical style (Joe Perches) [Orabug: 30210051] - bcache: remove redundant variables i and n (Colin Ian King) [Orabug: 30210051] - bcache: remove a duplicate ->make_request_fn assignment (Christoph Hellwig) [Orabug: 30210051] - bcache: pass the make_request methods to blk_queue_make_request (Christoph Hellwig) [Orabug: 30210051] - bcache: remove dupplicated declaration from btree.h (Coly Li) [Orabug: 30210051] - bcache: optimize barrier usage for atomic operations (Coly Li) [Orabug: 30210051] - bcache: optimize barrier usage for Rmw atomic bitops (Davidlohr Bueso) [Orabug: 30210051] - bcache: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 30210051] - bcache: make bch_sectors_dirty_init() to be multithreaded (Coly Li) [Orabug: 30210051] - bcache: make bch_btree_check() to be multithreaded (Coly Li) [Orabug: 30210051] - bcache: add bcache_ prefix to btree_root() and btree() macros (Coly Li) [Orabug: 30210051] - bcache: move macro btree() and btree_root() into btree.h (Coly Li) [Orabug: 30210051] - bcache: remove macro nr_to_fifo_front() (Coly Li) [Orabug: 30210051] - bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (Coly Li) [Orabug: 30210051] - bcache: check return value of prio_read() (Coly Li) [Orabug: 30210051] - bcache: reap from tail of c->btree_cache in bch_mca_scan() (Coly Li) [Orabug: 30210051] - bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan() (Coly Li) [Orabug: 30210051] - bcache: remove member accessed from struct btree (Coly Li) [Orabug: 30210051] - bcache: add code comments for state->pool in __btree_sort() (Coly Li) [Orabug: 30210051] - bcache: use read_cache_page_gfp to read the superblock (Christoph Hellwig) [Orabug: 30210051] - bcache: store a pointer to the on-disk sb in the cache and cached_dev structures (Christoph Hellwig) [Orabug: 30210051] - bcache: return a pointer to the on-disk sb from read_super (Christoph Hellwig) [Orabug: 30210051] - bcache: transfer the sb_page reference to register_{bdev,cache} (Christoph Hellwig) [Orabug: 30210051] - bcache: use a separate data structure for the on-disk super block (Christoph Hellwig) [Orabug: 30210051] - bcache: don't export symbols (Christoph Hellwig) [Orabug: 30210051] - bcache: remove the extra cflags for request.o (Christoph Hellwig) [Orabug: 30210051] - bcache: add idle_max_writeback_rate sysfs interface (Coly Li) [Orabug: 30210051] - bcache: add code comments in bch_btree_leaf_dirty() (Coly Li) [Orabug: 30210051] - bcache: add code comment bch_keylist_pop() and bch_keylist_pop_front() (Coly Li) [Orabug: 30210051] - bcache: deleted code comments for dead code in bch_data_insert_keys() (Coly Li) [Orabug: 30210051] - bcache: add more accurate error messages in read_super() (Coly Li) [Orabug: 30210051] - bcache: fix a lost wake-up problem caused by mca_cannibalize_lock (Guoju Fang) [Orabug: 30210051] - mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31965669] - rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31933715] - panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 31916337] - nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31972480] {CVE-2019-16089} - vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914650] {CVE-2020-14390} - fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914650] {CVE-2020-14390} - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (Shung-Hsi Yu) [Orabug: 31907969] - PCI: pciehp: Reduce noisiness on hot removal (Lukas Wunner) [Orabug: 30512596] - kdump: update Documentation about crashkernel (Chen Zhou) [Orabug: 31554906] - arm64: kdump: add memory for devices by DT property linux, usable-memory-range (Chen Zhou) [Orabug: 31554906] - kdump: add threshold for the required memory (Chen Zhou) [Orabug: 31554906] - arm64: kdump: reimplement crashkernel=X (Chen Zhou) [Orabug: 31554906] - arm64: kdump: introduce some macroes for crash kernel reservation (Chen Zhou) [Orabug: 31554906] - x86: kdump: move reserve_crashkernel[_low]() into crash_core.c (Chen Zhou) [Orabug: 31554906] - x86: kdump: use macro CRASH_ADDR_LOW_MAX in functions reserve_crashkernel[_low]() (Chen Zhou) [Orabug: 31554906] - x86: kdump: make the lower bound of crash kernel reservation consistent (Chen Zhou) [Orabug: 31554906] - x86: kdump: move CRASH_ALIGN to 2M (Chen Zhou) [Orabug: 31554906] - block: allow 'chunk_sectors' to be non-power-of-2 (Mike Snitzer) [Orabug: 31827023] - block: use lcm_not_zero() when stacking chunk_sectors (Mike Snitzer) [Orabug: 31827023] - dm: fix comment in dm_process_bio() (Mike Snitzer) [Orabug: 31827023] - dm: fix bio splitting and its bio completion order for regular IO (Mike Snitzer) [Orabug: 31827023] - block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955136] {CVE-2020-25641} [5.4.17-2036.100.4.el8uek] - xfs: force writes to delalloc regions to unwritten (Darrick J. Wong) [Orabug: 30787888] - xfs: properly serialise fallocate against AIO+DIO (Dave Chinner) [Orabug: 31366104] - perf/x86/rapl: Add Ice Lake RAPL support (Thomas Tai) [Orabug: 31766610] - xfs: attach dquots and reserve quota blocks during unwritten conversion (Darrick J. Wong) [Orabug: 31785972] - netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872853] {CVE-2020-25211} - net/rds: Extract dest qp num for displaying in rds-info (Praveen Kumar Kannoju) [Orabug: 31880140] - uek-rpm: streamline 4konly build (Dave Kleikamp) [Orabug: 31891770] - bnxt: correct warning: unused variable: 'rc' (John Donnelly) [Orabug: 31907548] - i40e: Correct warning: 'aq_ret' may be used uninitialized, (John Donnelly) [Orabug: 31907631] - uek-rpm: Add ovmapi.ko to uek6 nano_modules (Joe Jin) [Orabug: 31908852] - uek-rpm: config: Enable OVM API (Joe Jin) [Orabug: 31908852] - uek-rpm: Fix kernel-ueknano depmod warnings vhost_iotlb regmap-i2c (Vijayendra Suman) [Orabug: 31916879] - kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (Muchun Song) [Orabug: 31920526] - scsi: page warning: 'page' may be used uninitialized. (John Donnelly) [Orabug: 31920671] - x86/speculation/taa: Add TAA_MITIGATION_IDLE mode (Patrick Colp) [Orabug: 31921884] - oracleasm: Access d_bdev before dropping inode (Stephen Brennan) [Orabug: 31927355] - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (Suravee Suthikulpanit) [Orabug: 31931368] - iommu/amd: Fix potential @entry null deref (Joao Martins) [Orabug: 31931368] - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (Suravee Suthikulpanit) [Orabug: 31931368] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8694 CVE-2020-8695 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/o:oracle:linux:8:2:baseos_patch cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.44.4.1] - powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040806] {CVE-2020-8694} {CVE-2020-8695} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8695 CVE-2020-8694 cpe:/a:oracle:linux:6::UEKR4_archive cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:7::UEKR4 cpe:/a:oracle:linux:6::UEKR4 Oracle Linux 7 [4.14.35-2025.402.2.1.el7] - powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040805] {CVE-2020-8694} {CVE-2020-8695} [4.14.35-2025.402.2.el7] - ocfs2: fix remounting needed after setfacl command (Gang He) - Fix multiple variable definition with syzkaller (Hans Westgaard Ry) [Orabug: 32008770] - drm/vmwgfx: Use the dma scatter-gather iterator to get dma addresses (Thomas Hellstrom) [Orabug: 32010349] - i40e: Corrects i40e_setup_tc and i40e_xdp defined but not used warnings (John Donnelly) [Orabug: 32034050] - bnxt: Corrects warning: 'struct tc_cls_flower_offload' (John Donnelly) [Orabug: 32041757] - SCSI: Corrects 'ret' not used warning (John Donnelly) [Orabug: 32041763] - IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042520] - qed: Corrects warning: 'qed_iwarp_ll2_slowpath' defined but not used (John Donnelly) [Orabug: 32052276] [4.14.35-2025.402.1.el7] - configfs: make ci_type field, some pointers and function arguments const (Bhumika Goyal) [Orabug: 32022427] - IB/ipoib: Arm 'send_cq' to process completions in due time (Gerd Rausch) [Orabug: 31596798] - hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989189] {CVE-2020-25643} - uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010303] - SUNRPC: Remove xprt_connect_status() again (John Donnelly) [Orabug: 32010341] - geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32014099] {CVE-2020-25645} - nvme-fc: fix double-free scenarios on hw queues (James Smart) [Orabug: 32019898] - xfs: fix warning: unused variable 'sb' (John Donnelly) [Orabug: 32010343] - nvme-pci: remove queue_count_ops for write_queues and poll_queues (Minwoo Im) [Orabug: 32010357] - nvme: Corrects warning: unused variable 'startka' (John Donnelly) [Orabug: 32010357] - uek-rpm: config-aarch64-embedded add fast_kexec (Henry Willard) [Orabug: 32010273] - arm64: kexec: Add optional fast shutdown for kexec (Henry Willard) [Orabug: 32010273] - ocfs2: remove unused ocfs2_prepare_inode_for_refcount() (John Donnelly) [Orabug: 32007790] - rds: fixes warning: unused variable 'cache_sz_k' (John Donnelly) [Orabug: 32008320] - panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 32009003] - uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961118] - certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961118] - certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961118] - certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961118] {CVE-2020-26541} - Revert 'l2tp: initialise PPP sessions before registering them' (George Kennedy) [Orabug: 31906205] - btrfs: Don't submit any btree write bio if the fs has errors (Qu Wenruo) [Orabug: 31265337] {CVE-2019-19377} - btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik) [Orabug: 31351023] {CVE-2019-19448} - xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [Orabug: 31895824] {CVE-2020-14385} - net: add high_order_alloc_disable sysctl (Eric Dumazet) [Orabug: 31907603] - mm, page_alloc: double zone's batchsize (Aaron Lu) [Orabug: 31907603] - mm/free_pcppages_bulk: prefetch buddy while not holding lock (Aaron Lu) [Orabug: 31907603] - mm/free_pcppages_bulk: do not hold lock when picking pages to free (Aaron Lu) [Orabug: 31907603] - ghes: Corrects: warning: unused variable 'vaddr' [-Wunused-variable] (John Donnelly) [Orabug: 31995830] - ACPI: properties: Implement get_match_data() callback (Sinan Kaya) [Orabug: 31995830] - blk-mq: warning: unused variable 'ctx' (John Donnelly) [Orabug: 31996284] - x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999336] [4.14.35-2025.402.0.el7] - nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31351789] {CVE-2019-16089} - efi/x86/Add missing error handling to old_memmap 1:1 mapping code (Gen Zhang) [Orabug: 31351924] {CVE-2019-12380} - RDS: add module parameter to allow module unload or not (Hans Westgaard Ry) [Orabug: 31503865] - rds: Revert 'Disable module unload by default' (Hans Westgaard Ry) [Orabug: 31503865] - rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31521372] - EDAC/i10nm: Update driver to support different bus number config register offsets (Qiuxu Zhuo) [Orabug: 31645136] - EDAC, {skx,i10nm}: Make some configurations CPU model specific (Qiuxu Zhuo) [Orabug: 31645136] - mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31682346] - KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722765] - KVM: x86: Manually flush collapsible SPTEs only when toggling flags (Sean Christopherson) [Orabug: 31722765] - KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722765] - KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722765] - cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (Cong Wang) [Orabug: 31779798] {CVE-2020-14356} - bpf: ensure helper ids match between UEK5, UEK6 and upstream (Alan Maguire) [Orabug: 31860453] - netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872862] {CVE-2020-25211} - vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390} - fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390} - KVM: nVMX: do not use dangling shadow VMCS after guest reset (Paolo Bonzini) [Orabug: 31941096] - Revert 'usb: xhci: do not create and register shared_hcd when USB3.0 is disabled' (Thomas Tai) [Orabug: 31943628] - uek-rpm: Use oracle-armset-1 to build uekemb2 (Dave Kleikamp) [Orabug: 31950869] - block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955141] {CVE-2020-25641} - uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979628] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8694 CVE-2020-8695 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 7 [4.14.35-2025.402.2.1.el7] - powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040805] {CVE-2020-8694} {CVE-2020-8695} [4.14.35-2025.402.2.el7] - ocfs2: fix remounting needed after setfacl command (Gang He) - Fix multiple variable definition with syzkaller (Hans Westgaard Ry) [Orabug: 32008770] - drm/vmwgfx: Use the dma scatter-gather iterator to get dma addresses (Thomas Hellstrom) [Orabug: 32010349] - i40e: Corrects i40e_setup_tc and i40e_xdp defined but not used warnings (John Donnelly) [Orabug: 32034050] - bnxt: Corrects warning: 'struct tc_cls_flower_offload' (John Donnelly) [Orabug: 32041757] - SCSI: Corrects 'ret' not used warning (John Donnelly) [Orabug: 32041763] - IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042520] - qed: Corrects warning: 'qed_iwarp_ll2_slowpath' defined but not used (John Donnelly) [Orabug: 32052276] [4.14.35-2025.402.1.el7] - configfs: make ci_type field, some pointers and function arguments const (Bhumika Goyal) [Orabug: 32022427] - IB/ipoib: Arm 'send_cq' to process completions in due time (Gerd Rausch) [Orabug: 31596798] - hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989189] {CVE-2020-25643} - uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010303] - SUNRPC: Remove xprt_connect_status() again (John Donnelly) [Orabug: 32010341] - geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32014099] {CVE-2020-25645} - nvme-fc: fix double-free scenarios on hw queues (James Smart) [Orabug: 32019898] - xfs: fix warning: unused variable 'sb' (John Donnelly) [Orabug: 32010343] - nvme-pci: remove queue_count_ops for write_queues and poll_queues (Minwoo Im) [Orabug: 32010357] - nvme: Corrects warning: unused variable 'startka' (John Donnelly) [Orabug: 32010357] - uek-rpm: config-aarch64-embedded add fast_kexec (Henry Willard) [Orabug: 32010273] - arm64: kexec: Add optional fast shutdown for kexec (Henry Willard) [Orabug: 32010273] - ocfs2: remove unused ocfs2_prepare_inode_for_refcount() (John Donnelly) [Orabug: 32007790] - rds: fixes warning: unused variable 'cache_sz_k' (John Donnelly) [Orabug: 32008320] - panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 32009003] - uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961118] - certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961118] - certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961118] - certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961118] {CVE-2020-26541} - Revert 'l2tp: initialise PPP sessions before registering them' (George Kennedy) [Orabug: 31906205] - btrfs: Don't submit any btree write bio if the fs has errors (Qu Wenruo) [Orabug: 31265337] {CVE-2019-19377} - btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik) [Orabug: 31351023] {CVE-2019-19448} - xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [Orabug: 31895824] {CVE-2020-14385} - net: add high_order_alloc_disable sysctl (Eric Dumazet) [Orabug: 31907603] - mm, page_alloc: double zone's batchsize (Aaron Lu) [Orabug: 31907603] - mm/free_pcppages_bulk: prefetch buddy while not holding lock (Aaron Lu) [Orabug: 31907603] - mm/free_pcppages_bulk: do not hold lock when picking pages to free (Aaron Lu) [Orabug: 31907603] - ghes: Corrects: warning: unused variable 'vaddr' [-Wunused-variable] (John Donnelly) [Orabug: 31995830] - ACPI: properties: Implement get_match_data() callback (Sinan Kaya) [Orabug: 31995830] - blk-mq: warning: unused variable 'ctx' (John Donnelly) [Orabug: 31996284] - x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999336] [4.14.35-2025.402.0.el7] - nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31351789] {CVE-2019-16089} - efi/x86/Add missing error handling to old_memmap 1:1 mapping code (Gen Zhang) [Orabug: 31351924] {CVE-2019-12380} - RDS: add module parameter to allow module unload or not (Hans Westgaard Ry) [Orabug: 31503865] - rds: Revert 'Disable module unload by default' (Hans Westgaard Ry) [Orabug: 31503865] - rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31521372] - EDAC/i10nm: Update driver to support different bus number config register offsets (Qiuxu Zhuo) [Orabug: 31645136] - EDAC, {skx,i10nm}: Make some configurations CPU model specific (Qiuxu Zhuo) [Orabug: 31645136] - mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31682346] - KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722765] - KVM: x86: Manually flush collapsible SPTEs only when toggling flags (Sean Christopherson) [Orabug: 31722765] - KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722765] - KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722765] - cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (Cong Wang) [Orabug: 31779798] {CVE-2020-14356} - bpf: ensure helper ids match between UEK5, UEK6 and upstream (Alan Maguire) [Orabug: 31860453] - netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872862] {CVE-2020-25211} - vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390} - fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390} - KVM: nVMX: do not use dangling shadow VMCS after guest reset (Paolo Bonzini) [Orabug: 31941096] - Revert 'usb: xhci: do not create and register shared_hcd when USB3.0 is disabled' (Thomas Tai) [Orabug: 31943628] - uek-rpm: Use oracle-armset-1 to build uekemb2 (Dave Kleikamp) [Orabug: 31950869] - block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955141] {CVE-2020-25641} - uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979628] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8695 CVE-2020-8694 cpe:/a:oracle:linux:7::olcne cpe:/a:oracle:linux:7::olcne11 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.45.2] - powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32137965] {CVE-2020-8694} {CVE-2020-8695} [4.1.12-124.45.1] - Revert 'x86/efi: Initialize and display UEFI secure boot state a bit later during init' (Eric Snowberg) [Orabug: 31887248] - xfs: fix xfs_inode use after free (Wengang Wang) [Orabug: 31932452] - SUNRPC: ECONNREFUSED should cause a rebind. (NeilBrown) [Orabug: 32070175] - netfilter: nfnetlink: correctly validate length of batch messages (Phil Turnbull) [Orabug: 30658635] {CVE-2016-7917} - xc2028: Fix use-after-free bug properly (Takashi Iwai) [Orabug: 30658659] {CVE-2016-7913} - [media] xc2028: avoid use after free (Mauro Carvalho Chehab) [Orabug: 30658659] {CVE-2016-7913} - uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 30821411] - hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989190] {CVE-2020-25643} - tracing: Reverse the order of trace_types_lock and event_mutex (Alan Maguire) [Orabug: 32002706] - ocfs2/dlm: move lock to the tail of grant queue while doing in-place convert (xuejiufei) [Orabug: 32071234] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8695 CVE-2020-8694 cpe:/a:oracle:linux:6::UEKR4_archive cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:7::UEKR4 cpe:/a:oracle:linux:6::UEKR4 Oracle Linux 6 IMPORTANT Copyright 2020 Oracle, Inc. CVE-2014-4508 cpe:/a:oracle:linux:6::MODRHCK cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 Oracle Linux 5 Oracle Linux 6 [2.6.39-400.327.1] - USB: serial: omninet: fix reference leaks at open (Johan Hovold) [Orabug: 30484765] {CVE-2017-8925} - x86_32, entry: Store badsys error code in %eax (Sven Wegener) [Orabug: 30783266] {CVE-2014-4508} {CVE-2014-4508} - x86_32, entry: Do syscall exit work on badsys (CVE-2014-4508) (Andy Lutomirski) [Orabug: 30783266] {CVE-2014-4508} {CVE-2014-4508} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2017-8925 CVE-2014-4508 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 8 [4.1.1-68] - azure-lb: fix redirect issue Resolves: rhbz#1850778 [4.1.1-67] - gcp-vpc-move-vip: add support for multiple alias IPs Resolves: rhbz#1846733 [4.1.1-65] - azure-events: handle exceptions in urlopen Resolves: rhbz#1845574 [4.1.1-64] - nfsserver: fix NFSv4-only support - azure-events: new resource agent for Azure Resolves: rhbz#1818997 Resolves: rhbz#1819965 [4.1.1-60] - Upgrade bundled python-httplib2 to fix CVE-2020-11078 Resolves: rhbz#1850990 [4.1.1-59] - pgsql: support Pacemaker v2.03+ output Resolves: rhbz#1836186 [4.1.1-56] - Filesystem: set 'fast_stop' default to 'no' for GFS2 filesystems Resolves: rhbz#1814896 [4.1.1-55] - nfsserver: dont log error message when /etc/sysconfig/nfs does not exist - exportfs: describe clientspec format in metadata Resolves: rhbz#1845581 Resolves: rhbz#1845583 [4.1.1-54] - exportfs: add symlink support - aliyun-vpc-move-ip: log output when failing Resolves: rhbz#1820523 Resolves: rhbz#1843999 [4.1.1-53] - podman: force remove container if remove fails Resolves: rhbz#1839721 [4.1.1-52] - gcp-pd-move: new resource agent for Google Cloud Resolves: rhbz#1633251 [4.1.1-51] - NovaEvacuate: suppress expected initial error message - db2 (HADR): promote standby node when master node disappears Resolves: rhbz#1830716 Resolves: rhbz#1836945 [4.1.1-50] - rabbitmq-cluster: increase rabbitmqctl wait timeout during start Resolves: rhbz#1832321 [4.1.1-49] - aws-vpc-route53: new resource agent for AWS - pgsql: improve checks to prevent incorrect status, and set initial score for primary and hot standby Resolves: rhbz#1759115 Resolves: rhbz#1744190 [4.1.1-47] - aws-vpc-move-ip: delete remaining route entries Resolves: rhbz#1819021 [4.1.1-46] - use safe temp file location - ocf-shellfuncs: ocf_is_clone(): fix to return true when clone-max is set to 0 Resolves: rhbz#1817432 Resolves: rhbz#1817598 [4.1.1-45] - azure-lb: support using socat instead of nc - aws-vpc-move-ip: add 'routing_table_role' parameter - redis: fix validate-all action and run it during start Resolves: rhbz#1804658 Resolves: rhbz#1810466 Resolves: rhbz#1792237 [4.1.1-44] - lvmlockd: automatically remove locking_type from lvm.conf for LVM v2.03+ Resolves: rhbz#1808468 [4.1.1-43] - rabbitmq-cluster: delete nodename when stop fails Resolves: rhbz#1792196 [4.1.1-42] - IPsrcaddr: add destination and table parameters Resolves: rhbz#1744224 [4.1.1-40] - podman: improve image exist check - IPaddr2: add CLUSTERIP not supported info to metadata/manpage - Filesystem: refresh UUID if block device doesnt exist Resolves: rhbz#1788889 Resolves: rhbz#1767916 Resolves: rhbz#1777381 [4.1.1-38] - IPaddr2: add noprefixroute parameter Resolves: rhbz#1741042 [4.1.1-36] - exportfs: allow multiple exports with same fsid - mysql/galera: fix incorrect rc Resolves: rhbz#1764888 Resolves: rhbz#1765128 [4.1.1-35] - Route: dont fence when parameters not set - LVM-activate: add partial-activation support Resolves: rhbz#1750261 Resolves: rhbz#1741843 [4.1.1-34] - LVM/clvm: remove manpages for excluded agents - LVM-activate: return NOT_RUNNING when node rejoins cluster - LVM-activate: detect systemid volume without reboot - Filesystem: add symlink support - Filesystem: avoid corrupt mount-list and dont kill incorrect processes for bind-mounts - IPsrcaddr: make proto optional to fix regression when used without NetworkManager - docker: fix stop issues - rabbitmq-cluster: also restore users in single node mode - IPaddr2: sanitize compressed IPv6 IPs - nfsserver: systemd performance improvements - NovaEvacuate: add 'evacuate_delay' parameter Resolves: rhbz#1694392 Resolves: rhbz#1695039 Resolves: rhbz#1738428 Resolves: rhbz#1744103 Resolves: rhbz#1744140 Resolves: rhbz#1757837 Resolves: rhbz#1748768 Resolves: rhbz#1750352 Resolves: rhbz#1751700 Resolves: rhbz#1751962 Resolves: rhbz#1755760 [4.1.1-33] - rabbitmq-cluster: fail monitor when node is in minority partition, fix stop regression, retry start when cluster join fails, ensure node attributes are removed Resolves: rhbz#1745713 [4.1.1-32] - mysql/galera: use runuser/su to avoid using DAC_OVERRIDE Resolves: rhbz#1692960 [4.1.1-31] - podman: add drop-in dependency support Resolves: rhbz#1736746 [4.1.1-30] - iSCSITarget/iSCSILogicalUnit: only create iqn/acls when it doesnt exist Resolves: rhbz#1692413 [4.1.1-29] - CTDB: add support for v4.9+ Resolves: rhbz#1732867 [4.1.1-28] - podman: fixes to avoid bundle resources restarting when probing takes too long - LVM-activate: fix monitor to avoid hang caused by validate-all call Resolves: rhbz#1718219 Resolves: rhbz#1730455 [4.1.1-27] - ocf_log: do not log debug messages when HA_debug unset - Filesystem: remove notify-action from metadata - dhcpd keep SELinux context in chroot Resolves: rhbz#1707969 Resolves: rhbz#1717759 Resolves: rhbz#1719684 [4.1.1-26] - sap/sap-hana: split subpackages into separate packages Resolves: rhbz#1705767 [4.1.1-24] - Squid: fix PID file issue Resolves: rhbz#1689184 [4.1.1-23] - Route: make family parameter optional - redis: mute password warning Resolves: rhbz#1669140 Resolves: rhbz#1683548 [4.1.1-22] - aws-vpc-move-ip: add multi route-table support and fix issue w/multiple NICs Resolves: rhbz#1697559 [4.1.1-21] - gcp-vpc-move-route/gcp-vpc-move-vip: fix Python 3 encoding issue Resolves: rhbz#1695656 [4.1.1-20] - aws-vpc-move-ip: use '--query' to avoid a possible race condition - gcloud-ra: fix Python 3 issue and remove Python 2 detection Resolves: rhbz#1693662 Resolves: rhbz#1691456 [4.1.1-19] - Add CI gating tests - LVM-activate: support LVs from same VG - tomcat: use systemd when catalina.sh is unavailable - Fixed python-devel/perl build dependencies Resolves: rhbz#1682136 Resolves: rhbz#1667414 Resolves: rhbz#1666691 Resolves: rhbz#1595854 [4.1.1-18] - aliyun-vpc-move-ip: exclude from main package - aliyuncli-ra: upgrade bundled python-aliyun-sdk-core and fix Python 3 issues - ocf.py: byte compile Resolves: rhbz#1677204 Resolves: rhbz#1677981 Resolves: rhbz#1678874 [4.1.1-17] - LVM-activate: dont require locking_type Resolves: rhbz#1658664 [4.1.1-16] - vdo-vol: fix monitor-action - LVM-activate: dont fail initial probe Resolves: rhbz#1662466 Resolves: rhbz#1643307 [4.1.1-15] - nfsserver: fix start-issues when nfs_shared_infodir parameter is changed Resolves: rhbz#1642027 [4.1.1-14] - redis: use basename in pidof to avoid issues in containers Resolves: rhbz#1635785 [4.1.1-11] - Remove grpc from bundle Resolves: rhbz#1630627 [4.1.1-10] - systemd-tmpfiles: change path to /run/resource-agents Resolves: rhbz#1631291 [4.1.1-9] - podman: new resource agent Resolves: rhbz#1607607 [4.1.1-8] - LVM: fix missing dash in activate_options - LVM-activate: warn about incorrect vg_access_mode - lvmlockd: add cmirrord support [4.1.1-7] - findif: only match lines containing netmasks [4.1.1-6] - Rebuild with fixed binutils [4.1.1-5] - vdo-vol: new resource agent Resolves: rhbz#1552330 [4.1.1-4] - VirtualDomain: add stateless support - Exclude unsupported agents [4.1.1-3] - Added SAPHana and OpenStack agents [4.1.1-2] - Remove unsupported clvm and LVM agents [4.1.1-1] - Rebase to resource-agents 4.1.1 upstream release. [4.1.0-2] - Add gcc to BuildRequires [4.1.0-1.1] - Escape macros in %changelog [4.1.0-1] - Rebase to resource-agents 4.1.0 upstream release. [4.0.1-1.3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [4.0.1-1.2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [4.0.1-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [4.0.1-1] - Rebase to resource-agents 4.0.1 upstream release. [4.0.0-2] - galera: remove 'long SST monitoring' support due to corner-case issues [4.0.0-1] - Rebase to resource-agents 4.0.0 upstream release. [3.9.7-6] - Add netstat dependency [3.9.7-4] - Rebase to resource-agents 3.9.7 upstream release. [3.9.6-2.2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [3.9.6-2.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [3.9.6-2] - Rebase to latest upstream code in order to pull in rabbitmq-cluster agent [3.9.6-1] - Rebase to resource-agents 3.9.6 upstream release. [3.9.5-12.2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [3.9.5-12.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [3.9.5-12] - Sync with latest upstream. [3.9.5-11] - Sync with latest upstream. [3.9.5-10] - Fix build system for rawhide. [3.9.5-9] - Remove rgmanager agents from build. [3.9.5-8] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [3.9.5-7] - Perl 5.18 rebuild [3.9.5-6] - Restores rsctmp directory to upstream default. [3.9.5-5] - Merges redhat provider into heartbeat provider. Remove rgmanager's redhat provider. Resolves: rhbz#917681 Resolves: rhbz#928890 Resolves: rhbz#952716 Resolves: rhbz#960555 [3.9.5-3] - Fixes build system error with conditional logic involving IPv6addr and updates spec file to build against rhel 7 as well as fedora 19. [3.9.5-2] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-11078 cpe:/a:oracle:linux:8::addons Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.51.2] - Revert 'kexec: Validate pe files against the system_lacklist_keyring' (John Donnelly) [Orabug: 32171714] {CVE-2020-26541} {CVE-2020-26541} [3.8.13-118.51.1] - usb: cdc-acm: make sure a refcount is taken early enough (Oliver Neukum) [Orabug: 31351090] {CVE-2019-19530} - kexec: Validate pe files against the system_lacklist_keyring (Eric Snowberg) [Orabug: 31961121] {CVE-2020-26541} - uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31974695] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19530 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 7 [5.7.0-21.el7] - exadata: Fix the validation when defining domain groups (Wim ten Have) [Orabug: 32085856] - Revert 'qemu: dont take agent and monitor job for shutdown' (Menno Lageman) [Orabug: 32080283] - Revert 'qemu: dont hold a monitor and agent job for reboot' (Menno Lageman) [Orabug: 32080283] - Revert 'qemu: dont hold monitor and agent job when setting time' (Menno Lageman) [Orabug: 32080283] - Revert 'qemu: remove use of qemuDomainObjBeginJobWithAgent()' (Menno Lageman) [Orabug: 32080283] - qemu: improve error message when guest vcpu count exceeds domain group limit (Menno Lageman) [Orabug: 31985111] - qemu: Autonomous hugepage acquisition for 2-MiB and 1-GiB guest memoryBacking. (Wim ten Have) - qemu: Fix a qemuMemReleaseHostHugepages state error (Wim ten Have) [Orabug: 32069203] - qemu: avoid guest CPU process handling if exadataConfig is disabled (Wim ten Have) [Orabug: 32053696] - domain_conf: Relax SCSI addr used check (Michal Privoznik) [Orabug: 31386162] - domain_conf: Make virDomainDeviceFindSCSIController accept virDomainDeviceDriveAddress struct (Michal Privoznik) [Orabug: 31386162] [5.7.0-20.el7] - qemu: remove use of qemuDomainObjBeginJobWithAgent() (Jonathon Jongsma) [Orabug: 31990187] {CVE-2019-20485} - qemu: dont hold monitor and agent job when setting time (Jonathon Jongsma) [Orabug: 31990187] {CVE-2019-20485} - qemu: dont hold a monitor and agent job for reboot (Jonathon Jongsma) [Orabug: 31990187] {CVE-2019-20485} - qemu: dont take agent and monitor job for shutdown (Jonathon Jongsma) [Orabug: 31990187] {CVE-2019-20485} - qemu: agent: set ifname to NULL after freeing (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} - rpc: require write acl for guest agent in virDomainInterfaceAddresses (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} - rpc: add support for filtering @acls by uint params (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} - rpc: gendispatch: handle empty flags (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} - qemu: blockcopy: Fix conditions when virStorageSource should be initialized (Peter Krempa) [Orabug: 31517934] - qemu: blockcopy: Report error on image format detection failure (Peter Krempa) [Orabug: 31517934] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-25637 cpe:/a:oracle:linux:7::kvm_utils cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:linux:7:9:patch Oracle Linux 6 Oracle Linux 7 [4.1.12-124.45.6] - qla2xxx: disable target reset during link reset and update version (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Fix early srb free on abort (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (Masanari Iida) [Orabug: 32095664] - scsi: qla2xxx: Enable Async TMF processing (himanshu.madhani@cavium.com) [Orabug: 32095664] - qla2xxx: tweak debug message for task management path (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (Arun Easi) [Orabug: 32095664] - scsi: qla2xxx: Fix fabric scan hang (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Do command completion on abort timeout (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Fix abort timeout race condition. (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Fix race between switch cmd completion and timeout (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: Add IOCB resource tracking (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx:v2: Fix double scsi_done for abort path (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: v2 Fix a race condition between aborting and completing a SCSI command (Bart Van Assche) [Orabug: 32095664] - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (Bart Van Assche) [Orabug: 32095664] - scsi: qla2xxx: v2 Reject EH_{abort|device_reset|target_request} (Quinn Tran) [Orabug: 32095664] - scsi: qla2xxx: v2: Fix race conditions in the code for aborting SCSI commands (Bart Van Assche) [Orabug: 32095664] [4.1.12-124.45.5] - IB/ipoib: Arm 'send_cq' to process completions in due time (Gerd Rausch) [Orabug: 31512608] [4.1.12-124.45.4] - block: Move part of bdi_destory() to del_gendisk() as bdi_unregister(). (Jan Kara) [Orabug: 32124131] - kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32138039] [4.1.12-124.45.3] - drm/vmwgfx: Make sure backup_handle is always valid (Sinclair Yeh) [Orabug: 31352076] {CVE-2017-9605} - random32: move the pseudo-random 32-bit definitions to prandom.h (Linus Torvalds) [Orabug: 31698086] {CVE-2020-16166} - random32: remove net_rand_state from the latent entropy gcc plugin (Linus Torvalds) [Orabug: 31698086] {CVE-2020-16166} - random: fix circular include dependency on arm64 after addition of percpu.h (Willy Tarreau) [Orabug: 31698086] {CVE-2020-16166} - random32: update the net random state on interrupt and activity (Willy Tarreau) [Orabug: 31698086] {CVE-2020-16166} - x86/kvm: move kvm_load/put_guest_xcr0 into atomic context (WANG Chao) [Orabug: 32021856] - kvm: x86: do not leak guest xcr0 into host interrupt handlers (David Matlack) [Orabug: 32021856] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2017-9605 CVE-2020-16166 cpe:/a:oracle:linux:7::UEKR4 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4 Oracle Linux 7 [1.3.9-2] - BUILDINFO: commit=4737bd3784f16c18474a60d8678371108f995d7c - Addresses CVE-2020-15257 [1.3.9-1] - Added Oracle specific build files IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15257 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:linux:7::developer cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:linux:7::addons cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 Oracle Linux 7 docker-cli [19.03.11-7] - Fix for CVE-2020-15257 [19.03.11-6] - Fix for CVE-2020-15157 [19.03.11-5] - Bugfix for 'docker images [name]' not working on docker 19.03.11-ol - Address CVE-2020-16845 [19.03.11-4] - added patch for registry list [19.03.11-3] - update to 19.03.11 for CVE-2020-13401 [19.03.1-1.0.0] - update to 19.03.1 [19.03-0.0.1] - update to 19.03 [18.09.1-1.0.6] - disable kmem accounting for UEKR4 [18.09.1-1.0.5] - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 [18.09.1-1.0.4] - fix authentication error when using docker hub and using --default-registry [18.09.1-1.0.3] - fix authentication errors when using docker hub [18.09-1.0.0] - rename to docker-cli [18.09-0.0.1] - merge docker-engine.spec changes by Oracle into docker-ce-cli.spec from upstream 18.09 branch docker-engine [19.03.11-7] - Fix for CVE-2020-15257 [19.03.11-6] - Fix for CVE-2020-15157 [19.03.11-5] - Bugfix for 'docker images [name]' not working on docker 19.03.11-ol - Address CVE-2020-16845 [19.03.11-4] - added patch for registry list [19.03.11-3] - update to 19.03.11 for CVE-2020-13401 [19.03.1-1.0.0] - update to 19.03.1 [19.03-0.0.1] - update to 19.03 [18.09.1-1.0.6] - disable kmem accounting for UEKR4 [18.09.1-1.0.5] - apply e4931e664feac6fa8846f3f04268a0cc98822549, fixes CVE-2019-5736 [18.09.1-1.0.4] - fix authentication error when using docker hub and using --default-registry [18.09.1-1.0.3] - fix authentication errors when using docker hub [18.09.1-1.0.2] - use epoch in container-selinux dependency [18.09.1-1.0.1] - fix 'docker cp doesn't work for btrfs' (OLM-158) - update build to Go 1.10.8 [18.09.1-1.0.0] - update to 18.09.1 [18.09-1.0.0] - rename back to docker-engine, rename dockerd-ce to dockerd and stop using alternatives [18.09-0.0.1] - merge docker-engine.spec changes by Oracle into docker-ce.spec from upstream 18.09 branch [18.03.1.ol-0.0.7] - fix [orabug 28452214] and [orabug 28461404] [18.03.1.ol-0.0.6] - obsolete/provide the docker package [orabug 28216396] - Fix docker plugin reference resolution [orabug 28376247] [18.03.1.ol-1.0.4] - Fixed issue where RPM overwrites config files [17.12.0.ol-1.0.1] - Update docker-engine package for upstream 17.12.0 [17.09.1.ol-1.0.2] - Update docker-engine package for upstream 17.09.1 [17.06.2.ol-1.0.1] - Update docker-engine package for upstream 17.06.2 [orabug 26673768] - Migrate to new 'ol'-based versioning - add docker-storage-config utility [17.03.1-ce-3.0.1] - Update docker-engine package for upstream 17.03.1 - Enable configuration of Docker daemon via sysconfig [orabug 21804877] - Require UEK4 for docker 1.9 [orabug 22235639 22235645] - Add docker.conf for prelink [orabug 25147708] - Update oracle linux selinux policy to match upstream [orabug 25653794] - Use dockerd instead of docker daemon as it is deprecated [orabug 25653794] IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-15257 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:linux:7::addons cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:linux:7::developer cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.52.1] - crypto: authenc - fix parsing key with misaligned rta_len (Eric Biggers) [Orabug: 31535530] {CVE-2020-10769} - crypto: authenc - Export key parsing helper function (Mathias Krause) [Orabug: 31535530] {CVE-2020-10769} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10769 cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest Oracle Linux 6 [2.6.39-400.328.1] - crypto: authenc - fix parsing key with misaligned rta_len (Eric Biggers) [Orabug: 31535531] {CVE-2020-10769} - crypto: authenc - Export key parsing helper function (Mathias Krause) [Orabug: 31535531] {CVE-2020-10769} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-10769 cpe:/a:oracle:linux:6::UEK_latest Oracle Linux 7 [4.14.35-2025.403.3] - RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 32005117] - lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 32005117] - lib/scatterlist: Add SG_CHAIN and SG_END macros for LSB encodings (Anshuman Khandual) [Orabug: 32005117] - lib/scatterlist: Avoid potential scatterlist entry overflow (Tvrtko Ursulin) [Orabug: 32005117] - lib/scatterlist: Fix offset type in sg_alloc_table_from_pages (Tvrtko Ursulin) [Orabug: 32005117] - uek-rpm: Don't build emb2 kernel for mips (Dave Kleikamp) [Orabug: 32176889] - vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187748] {CVE-2020-28974} - page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32201999] - xen/events: block rogue events for some time (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/events: add a new 'late EOI' evtchn framework (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673} - xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 32177548] [4.14.35-2025.403.2] - tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) [Orabug: 32122729] {CVE-2020-25668} - vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) [Orabug: 32122952] {CVE-2020-25656} {CVE-2020-25656} - vt: keyboard, simplify vt_kdgkbsent (Jiri Slaby) [Orabug: 32122952] {CVE-2020-25656} - perf/core: Fix a memory leak in perf_event_parse_addr_filter() (kiyin) [Orabug: 32131175] {CVE-2020-25704} - perf/core: Fix bad use of igrab() (Song Liu) [Orabug: 32131175] {CVE-2020-25704} - IB/mlx4: Adjust delayed work when a dup is observed (Hakon Bugge) [Orabug: 32136898] - IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136898] - IB/mlx4: Fix starvation in paravirt mux/demux (Hakon Bugge) [Orabug: 32136898] - IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136898] - IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136898] - IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136898] - xen/gntdev: fix up blockable calls to mn_invl_range_start (Michal Hocko) [Orabug: 32139244] [4.14.35-2025.403.1] - lockdown: By default run in integrity mode. (Konrad Rzeszutek Wilk) [Orabug: 32131561] - Revert 'iomap: Fix pipe page leakage during splicing' (George Kennedy) [Orabug: 32136519] - kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32138016] - Revert 'pci: hardcode enumeration' (Dave Aldridge) [Orabug: 32152249] - hv_utils: drain the timesync packets on onchannelcallback (Vineeth Pillai) [Orabug: 32152144] - hv_utils: return error if host timesysnc update is stale (Vineeth Pillai) [Orabug: 32152144] [4.14.35-2025.403.0] - powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32138487] {CVE-2020-8694} {CVE-2020-8695} - Btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Filipe Manana) [Orabug: 31864726] - btrfs: fix return value mixup in btrfs_get_extent (Pavel Machek) [Orabug: 31864726] - btrfs: inode: Verify inode mode to avoid NULL pointer dereference (Qu Wenruo) [Orabug: 31864726] {CVE-2019-19816} - x86/apic: Get rid of multi CPU affinity (Thomas Gleixner) [Orabug: 31975320] - hv_netvsc: Set probe mode to sync (Haiyang Zhang) [Orabug: 32132413] - net/rds: Check for NULL rds_ibdev in rds_ib_rx() only if rds_ib_srq_enabled (Sharath Srinivasan) [Orabug: 32113843] - perf symbols: Check if we read regular file in dso__load() (Jiri Olsa) [Orabug: 30696035] - rds: Restore MR use-once semantics (Hakon Bugge) [Orabug: 31990092] [Orabug: 31990095] - rds: Fix incorrect cmsg status and use-after-free (Hakon Bugge) [Orabug: 32003078] [Orabug: 32003081] - dm cache: remove all obsolete writethrough-specific code (Mike Snitzer) [Orabug: 32010352] - dm cache: pass cache structure to mode functions (Mike Snitzer) [Orabug: 32010352] - dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue() (Ming Lei) [Orabug: 32010352] - bcache: allocate meta data pages as compound pages (Coly Li) [Orabug: 32010352] - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (ChangSyun Peng) [Orabug: 32010352] - bcache: fix super block seq numbers comparision in register_cache_set() (Coly Li) [Orabug: 32010352] - md-cluster: fix wild pointer of unlock_all_bitmaps() (Zhao Heming) [Orabug: 32010352] - dm: use noio when sending kobject event (Mikulas Patocka) [Orabug: 32010352] - dm zoned: assign max_io_len correctly (Hou Tao) [Orabug: 32010352] - md: add feature flag MD_FEATURE_RAID0_LAYOUT (NeilBrown) [Orabug: 32010352] - dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone (Hannes Reinecke) [Orabug: 32010352] - dm mpath: switch paths in dm_blk_ioctl() code path (Martin Wilck) [Orabug: 32010352] - dm crypt: avoid truncating the logical block size (Eric Biggers) [Orabug: 32010352] - md: don't flush workqueue unconditionally in md_open (Guoqing Jiang) [Orabug: 32010352] - x86/mce/therm_throt: Undo thermal polling properly on CPU offline (Thomas Gleixner) [Orabug: 32010658] - x86/mce/therm_throt: Do not access uninitialized therm_work (Chuansheng Liu) [Orabug: 32010658] - x86/mce/therm_throt: Mark throttle_active_work() as __maybe_unused (Arnd Bergmann) [Orabug: 32010658] - x86/mce/therm_throt: Mask out read-only and reserved MSR bits (Srinivas Pandruvada) [Orabug: 32010658] - x86/mce/therm_throt: Optimize notifications of thermal throttle (Srinivas Pandruvada) [Orabug: 32010658] - jiffies: add utility function to calculate delta in ms (Matteo Croce) [Orabug: 32010658] - rds: Force ordering of {set,clear}_bit operating on m_flags (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] - rds: Do not send canceled operations to the transport layer (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] - rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] - Revert 'RDS: Drop the connection as part of cancel to avoid hangs' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] - Revert 'rds: fix warning in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] - Revert 'rds: Use correct conn when dropping connections due to cancel' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] - Revert 'rds: prevent use-after-free of rds conn in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] - Revert 'rds: Use bitmap to designate dropped connections' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] - Bluetooth: A2MP: Fix not initializing all members (Luiz Augusto von Dentz) [Orabug: 32021288] {CVE-2020-12352} - x86/kvm: move kvm_load/put_guest_xcr0 into atomic context (WANG Chao) [Orabug: 32021855] - arm64: Corrects warning: ISO C90 forbids mixed declarations and code (John Donnelly) [Orabug: 32040061] - hwrng: cavium: Corrects warning: unused variable 'dev_id' (John Donnelly) [Orabug: 32040066] - Lock down /proc/kcore (redux!) (Konrad Rzeszutek Wilk) [Orabug: 32053127] - lockdown: Lock down perf when in confidentiality mode (David Howells) [Orabug: 32053127] - Lock down kprobes (redux!) (Konrad Rzeszutek Wilk) [Orabug: 32053127] - debugfs: whitelist spectre mitigation when locked down (Eric Snowberg) [Orabug: 32053127] - debugfs: Return -EPERM when locked down (Eric Snowberg) [Orabug: 32053127] - debugfs: Restrict debugfs when the kernel is locked down (David Howells) [Orabug: 32053127] - lockdown: Add __kernel_is_confidentiality_mode to figure out whether .. (Konrad Rzeszutek Wilk) [Orabug: 32053127] - dtrace: Restrict access when the kernel is locked down in confidentiality mode (Konrad Rzeszutek Wilk) [Orabug: 32053127] - bpf: Restrict bpf when kernel lockdown is in confidentiality mode (David Howells) [Orabug: 32053127] - security: Add a static lockdown policy LSM [diet-version] (Matthew Garrett) [Orabug: 32053127] - net/rds: Check for NULL rid_dev_rem_complete (Ka-Cheong Poon) [Orabug: 32058618] - scsi: Corrects warning: passing argument 1 of 'wwn_to_u64' mismatch (John Donnelly) [Orabug: 32059622] - ipvlan: Corrects warning: label 'unregister_netdev' defined but not used (John Donnelly) [Orabug: 32059740] - mm, compaction: raise compaction priority after it withdrawns (Vlastimil Babka) [Orabug: 32065218] - mm, reclaim: cleanup should_continue_reclaim() (Vlastimil Babka) [Orabug: 32065218] - mm, reclaim: make should_continue_reclaim perform dryrun detection (Hillf Danton) [Orabug: 32065218] - KVM: Drop 'const' attribute from old memslot in commit_memory_region() (Sean Christopherson) [Orabug: 32068898] - octeontx2-pf: Return proper RSS indirection table size always (Sunil Goutham) [Orabug: 32095651] - octeontx2-af: Free RVU REE irq properly (Smadar Fuks) [Orabug: 32095651] - octeontx2-af: Free RVU NIX IRQs properly. (Rakesh Babu) [Orabug: 32095651] - octeontx2-af: Fix the BPID mask (Subbaraya Sundeep) [Orabug: 32095651] - octeontx2-pf: Fix receive buffer size calculation (Sunil Goutham) [Orabug: 32095651] - octeontx2-af: Fix updating wrong multicast list index in NIX_RX_ACTION (Naveen Mamindlapalli) [Orabug: 32095651] - octeontx2-af: Ratelimit prints from AF error interrupt handlers (Naveen Mamindlapalli) [Orabug: 32095651] - octeontx2-pf: Avoid null pointer dereference (Subbaraya Sundeep) [Orabug: 32095651] - octeontx2-af: Check the msix offset return value (Subbaraya Sundeep) [Orabug: 32095651] - octeontx2-af: make tx nibble fixup is always apply (Stanislaw Kardach) [Orabug: 32095651] - octeontx2-af: Stop kpu parsing at layer3 for ipv6 fragmented packets. (Abhijit Ayarekar) [Orabug: 32095651] - octeontx2-pf: Call mbox_reset before incrementing ack (Hariprasad Kelam) [Orabug: 32095651] - octeontx2-af: Simplify otx2_mbox_reset call (Hariprasad Kelam) [Orabug: 32095651] - A/A Bonding: Increase number and interval of GARPs sent by rdmaip (Sharath Srinivasan) [Orabug: 32095768] - net/rds: Force ARP flush upon RDMA_CM_EVENT_ADDR_CHANGE (Gerd Rausch) [Orabug: 32095962] - rds/ib: Fix: (rds: Deregister all FRWR mr with free_mr) (Manjunath Patil) [Orabug: 32113532] [4.14.35-2025.402.2] - ocfs2: fix remounting needed after setfacl command (Gang He) - Fix multiple variable definition with syzkaller (Hans Westgaard Ry) [Orabug: 32008770] - drm/vmwgfx: Use the dma scatter-gather iterator to get dma addresses (Thomas Hellstrom) [Orabug: 32010349] - i40e: Corrects i40e_setup_tc and i40e_xdp defined but not used warnings (John Donnelly) [Orabug: 32034050] - bnxt: Corrects warning: 'struct tc_cls_flower_offload' (John Donnelly) [Orabug: 32041757] - SCSI: Corrects 'ret' not used warning (John Donnelly) [Orabug: 32041763] - IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042520] - qed: Corrects warning: 'qed_iwarp_ll2_slowpath' defined but not used (John Donnelly) [Orabug: 32052276] - ipv6: fix possible use-after-free in ip6_xmit() (Eric Dumazet) IMPORTANT Copyright 2020 Oracle, Inc. CVE-2019-19816 CVE-2020-8694 CVE-2020-28974 CVE-2020-25656 CVE-2020-25668 CVE-2020-12352 CVE-2020-27673 CVE-2020-25704 CVE-2020-8695 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5_archive cpe:/a:oracle:linux:7::developer_UEKR5 cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 Oracle Linux 8 [5.4.17-2036.101.2uek] - vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187738] {CVE-2020-28974} - page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32177966] - Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) [Orabug: 32176254] {CVE-2020-28915} - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Peilin Ye) [Orabug: 32176254] {CVE-2020-28915} - ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 32159053] - net/rds: rds_ib_remove_one() accesses freed memory (Ka-Cheong Poon) [Orabug: 32213896] - hv_netvsc: make recording RSS hash depend on feature flag (Stephen Hemminger) [Orabug: 32159973] - hv_netvsc: record hardware hash in skb (Stephen Hemminger) [Orabug: 32159973] - RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 32005752] - lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 32005752] - arm64:uek/config: Enable ZONE_DMA config (Vijay Kumar) [Orabug: 31970521] - Revert 'arm64/dts: Serial console fix for RPi4' (Vijay Kumar) [Orabug: 31970521] - uek-rpm: aarch64: enable CONFIG_ACPI_APEI_EINJ (Dave Kleikamp) [Orabug: 32182237] - NFSD: fix missing refcount in nfsd4_copy by nfsd4_do_async_copy (Dai Ngo) [Orabug: 32177992] - NFSD: Fix use-after-free warning when doing inter-server copy (Dai Ngo) [Orabug: 32177992] - xen/events: block rogue events for some time (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/events: add a new 'late EOI' evtchn framework (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673} - xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 32177543] [5.4.17-2036.101.1uek] - uek-rpm: Enable Intel Speed Select Technology interface support (Somasundaram Krishnasamy) [Orabug: 32161425] - platform/x86: ISST: Increase timeout (Srinivas Pandruvada) [Orabug: 32161425] - platform/x86: ISST: Fix wrong unregister type (Srinivas Pandruvada) [Orabug: 32161425] - platform/x86: ISST: Allow additional core-power mailbox commands (Srinivas Pandruvada) [Orabug: 32161425] - IB/mlx4: Convert rej_tmout radix-tree to XArray (Hakon Bugge) [Orabug: 32136895] - IB/mlx4: Adjust delayed work when a dup is observed (Hakon Bugge) [Orabug: 32136895] - IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136895] - IB/mlx4: Fix starvation in paravirt mux/demux (Hakon Bugge) [Orabug: 32136895] - IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136895] - IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136895] - IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136895] - perf/core: Fix a memory leak in perf_event_parse_addr_filter() (kiyin) [Orabug: 32131172] {CVE-2020-25704} - vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) [Orabug: 32122948] {CVE-2020-25656} {CVE-2020-25656} - vt: keyboard, simplify vt_kdgkbsent (Jiri Slaby) [Orabug: 32122948] {CVE-2020-25656} - tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) [Orabug: 32122725] {CVE-2020-25668} - NFSv4.2: Fix NFS4ERR_STALE error when doing inter server copy (Dai Ngo) [Orabug: 31879682] [5.4.17-2036.101.0uek] - hv_utils: drain the timesync packets on onchannelcallback (Vineeth Pillai) [Orabug: 32152142] - hv_utils: return error if host timesysnc update is stale (Vineeth Pillai) [Orabug: 32152142] - x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Icelakex (Ankur Arora) [Orabug: 32143850] - x86/cpu/amd: enable X86_FEATURE_NT_GOOD on AMD Zen (Ankur Arora) [Orabug: 32143850] - x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Broadwellx (Ankur Arora) [Orabug: 32143850] - mm, clear_huge_page: use clear_page_uncached() for gigantic pages (Ankur Arora) [Orabug: 32143850] - x86/clear_page: add clear_page_uncached() (Ankur Arora) [Orabug: 32143850] - x86/asm: add clear_page_nt() (Ankur Arora) [Orabug: 32143850] - perf bench: add memset_movnti() (Ankur Arora) [Orabug: 32143850] - x86/asm: add memset_movnti() (Ankur Arora) [Orabug: 32143850] - x86/cpuid: add X86_FEATURE_NT_GOOD (Ankur Arora) [Orabug: 32143850] - kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32137996] - cifs: handle empty list of targets in cifs_reconnect() (Paulo Alcantara) [Orabug: 32124750] - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (Paulo Alcantara) [Orabug: 32124750] - rds/ib: Fix: (rds: Deregister all FRWR mr with free_mr) (Manjunath Patil) [Orabug: 32113472] - net/rds: Force ARP flush upon RDMA_CM_EVENT_ADDR_CHANGE (Gerd Rausch) [Orabug: 32095959] - uek-rpm: aarch64: increase CONFIG_NODES_SHIFT from 3 to 6 (Dave Kleikamp) [Orabug: 32075923] - rds: Restore MR use-once semantics (Hakon Bugge) [Orabug: 31990092] [Orabug: 32072247] - rds: Fix incorrect cmsg status and use-after-free (Hakon Bugge) [Orabug: 32003078] [Orabug: 32072245] - rds: Force ordering of {set,clear}_bit operating on m_flags (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] - rds: Do not send canceled operations to the transport layer (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] - rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] - Revert 'RDS: Drop the connection as part of cancel to avoid hangs' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] - Revert 'rds: fix warning in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] - Revert 'rds: Use correct conn when dropping connections due to cancel' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] - Revert 'rds: prevent use-after-free of rds conn in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] - Revert 'rds: Use bitmap to designate dropped connections' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] - Revert 'UEK6 compiler warning for /net/rds/send.c' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] - x86/mce/therm_throt: Undo thermal polling properly on CPU offline (Thomas Gleixner) [Orabug: 32048971] - x86/mce/therm_throt: Do not access uninitialized therm_work (Chuansheng Liu) [Orabug: 32048971] - x86/mce/therm_throt: Mark throttle_active_work() as __maybe_unused (Arnd Bergmann) [Orabug: 32048971] - x86/mce/therm_throt: Mask out read-only and reserved MSR bits (Srinivas Pandruvada) [Orabug: 32048971] - x86/mce/therm_throt: Optimize notifications of thermal throttle (Srinivas Pandruvada) [Orabug: 32048971] - ocfs2: fix remounting needed after setfacl command (Gang He) [Orabug: 32042684] - IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042517] - net/rds: Refactor sendmsg ancillary data processing (Ka-Cheong Poon) [Orabug: 32027845] - Bluetooth: A2MP: Fix not initializing all members (Luiz Augusto von Dentz) [Orabug: 32021285] {CVE-2020-12352} - ima: Use ima_hash_algo for collision detection in the measurement list (Roberto Sassu) [Orabug: 31973040] - ima: Calculate and extend PCR with digests in ima_template_entry (Roberto Sassu) [Orabug: 31973040] - ima: Allocate and initialize tfm for each PCR bank (Roberto Sassu) [Orabug: 31973040] - ima: Switch to dynamically allocated buffer for template digests (Roberto Sassu) [Orabug: 31973040] - ima: Store template digest directly in ima_template_entry (Roberto Sassu) [Orabug: 31973040] - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (James Smart) [Orabug: 31598148] - net/rds: Check for NULL rds_ibdev in rds_ib_rx() only if rds_ib_srq_enabled (Sharath Srinivasan) [Orabug: 32113840] - A/A Bonding: Increase number and interval of GARPs sent by rdmaip (Sharath Srinivasan) [Orabug: 32095766] - powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040802] {CVE-2020-8694} {CVE-2020-8695} IMPORTANT Copyright 2020 Oracle, Inc. CVE-2020-8695 CVE-2020-25704 CVE-2020-27673 CVE-2020-25656 CVE-2020-28915 CVE-2020-25668 CVE-2020-12352 CVE-2020-8694 CVE-2020-28974 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:8::developer_UEKR6 cpe:/a:oracle:linux:7::developer_UEKR6 cpe:/o:oracle:linux:8:3:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:7::UEKR6