Описание
ELSA-2019-0818: kernel security and bug fix update (IMPORTANT)
[3.10.0-957.12.1.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [bug 24817676]
[3.10.0-957.12.1]
- [kernel] locking/rwsem: Fix (possible) missed wakeup (Waiman Long) [1690323 1547078]
- [kernel] futex: Fix (possible) missed wakeup (Waiman Long) [1690323 1547078]
- [kernel] futex: Use smp_store_release() in mark_wake_futex() (Waiman Long) [1690323 1547078]
- [kernel] sched/wake_q: Fix wakeup ordering for wake_q (Waiman Long) [1690323 1547078]
- [kernel] sched/wake_q: Document wake_q_add() (Waiman Long) [1690323 1547078]
- [scsi] mpt3sas: As per MPI-spec, use combined reply queue for SAS3.5 controllers when HBA supports more than 16 MSI-x vectors (Tomas Henzl) [1689379 1649288]
- [x86] cpu: avoid crash in get_cpu_cache_id() (David Arcari) [1689120 1626279]
- [net] igmp: Allow user-space configuration of igmp unsolicited report interval (Hangbin Liu) [1686771 1663941]
- [net] igmp: Don't flush routing cache when force_igmp_version is modified (Hangbin Liu) [1686771 1663941]
- [net] igmp: fix incorrect unsolicit report count after link down and up (Hangbin Liu) [1688225 1623359]
- [net] igmp: fix incorrect unsolicit report count when join group (Hangbin Liu) [1688225 1623359]
- [net] igmp: make function __ip_mc_inc_group() static (Hangbin Liu) [1688225 1623359]
- [net] igmp: Reduce Unsolicited report interval to 1s when using IGMPv3 (Hangbin Liu) [1688225 1623359]
- [netdrv] cxgb4: Mask out interrupts that are not enabled (Arjun Vynipadath) [1687487 1678729]
- [acpi] apci / watchdog: enable acpi_watchdog_uses_rtc (David Arcari) [1683078 1663637]
- [watchdog] simplify getting .drvdata (David Arcari) [1683079 1666393]
- [acpi] acpi / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (David Arcari) [1683079 1666393]
- [acpi] acpi / watchdog: Prefer iTCO_wdt on Lenovo Z50-70 (David Arcari) [1683079 1666393]
- [acpi] acpi / watchdog: properly initialize resources (David Arcari) [1683079 1666393]
- [acpi] acpi / watchdog: Fix init failure with overlapping register regions (David Arcari) [1683079 1666393]
- [acpi] acpi / watchdog: Print out error number when device creation fails (David Arcari) [1683079 1666393]
- [net] netfilter: nat: limit port clash resolution attempts (Florian Westphal) [1683093 1654777]
- [net] netfilter: nat: remove l4 protocol port rovers (Florian Westphal) [1683093 1654777]
- [net] netfilter: nat: cope with negative port range (Florian Westphal) [1683093 1654777]
- [x86] mm/fault: Allow stack access below rsp (Waiman Long) [1678221 1651416]
- [nvme] nvme-rdma: fix possible double free of controller async event buffer (David Milburn) [1678214 1659532]
- [nvme] nvme-rdma: fix possible free of a non-allocated async event buffer (David Milburn) [1678214 1659532]
- [nvme] nvme-rdma: stop admin queue before freeing it (David Milburn) [1678214 1659532]
- [nvme] rdma: fix double freeing of async event data (David Milburn) [1678216 1655786]
- [md] fix memleak for mempool (Nigel Croxon) [1678215 1599780]
- [md] Memory leak when flush bio size is zero (Nigel Croxon) [1678215 1599780]
- [md] fix lock contention for flush bios (Nigel Croxon) [1678215 1599780]
- [net] ipv6: rate-limit probes for neighbourless routes (Sabrina Dubroca) [1677179 1637821]
- [net] ipv6: Re-arrange code in rt6_probe() (Sabrina Dubroca) [1677179 1637821]
- [netdrv] cxgb4: update supported DCB version (Arjun Vynipadath) [1673821 1668570]
- [netdrv] cxgb4: when disabling dcb set txq dcb priority to 0 (Arjun Vynipadath) [1673821 1668570]
- [kvm] kvm: fix kvm_ioctl_create_device() reference counting (Paolo Bonzini) [1671922 1671923] {CVE-2019-6974}
- [kvm] KVM: nVMX: unconditionally cancel preemption timer in free_nested (Paolo Bonzini) [1671905 1671906] {CVE-2019-7221}
- [mm] page-writeback.c: fix range_cyclic writeback vs writepages deadlock (Brian Foster) [1673281 1591574]
- [fs] rbd: avoid corruption on partially completed bios (Ilya Dryomov) [1672514 1613493]
[3.10.0-957.11.1]
- [net] netfilter: nf_nat: skip nat clash resolution for same-origin entries (Florian Westphal) [1686766 1648965]
- [net] netfilter: nf_conntrack: resolve clash for matching conntracks (Florian Westphal) [1686766 1648965]
- [net] netfilter: conntrack: skip clash resolution if nat is in place (Florian Westphal) [1686766 1648965]
- [net] netfilter: conntrack: introduce clash resolution on insertion race (Florian Westphal) [1686766 1648965]
- [net] netfilter: conntrack: fix race between confirmation and flush (Florian Westphal) [1686766 1648965]
- [net] netfilter: conntrack: introduce nf_ct_acct_update() (Florian Westphal) [1686766 1648965]
- [netdrv] hv_netvsc: Fix a network regression after ifdown/ifup (Mohammed Gamal) [1679997 1661632]
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
bpftool
3.10.0-957.12.1.el7
kernel
3.10.0-957.12.1.el7
kernel-abi-whitelists
3.10.0-957.12.1.el7
kernel-debug
3.10.0-957.12.1.el7
kernel-debug-devel
3.10.0-957.12.1.el7
kernel-devel
3.10.0-957.12.1.el7
kernel-doc
3.10.0-957.12.1.el7
kernel-headers
3.10.0-957.12.1.el7
kernel-tools
3.10.0-957.12.1.el7
kernel-tools-libs
3.10.0-957.12.1.el7
kernel-tools-libs-devel
3.10.0-957.12.1.el7
perf
3.10.0-957.12.1.el7
python-perf
3.10.0-957.12.1.el7
Связанные CVE
Связанные уязвимости
suse-cvrf
около 6 лет назад
Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP3)
suse-cvrf
около 6 лет назад
Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP2)
suse-cvrf
около 6 лет назад
Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP2)
suse-cvrf
около 6 лет назад
Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP2)
suse-cvrf
около 6 лет назад
Security update for the Linux Kernel (Live Patch 8 for SLE 15)