Описание
ELSA-2019-2600: kernel security and bug fix update (IMPORTANT)
[3.10.0-1062.1.1]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]
[3.10.0-1062.1.1]
- [fs] nfsv4.1: Avoid false retries when RPC calls are interrupted (Benjamin Coddington) [1739077 1732427]
- [fs] NFS4.1 handle interrupted slot reuse from ERR_DELAY (Benjamin Coddington) [1739077 1732427]
- [fs] nfsv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (Benjamin Coddington) [1739077 1732427]
- [fs] cifs: fix panic in smb2_reconnect (Leif Sahlberg) [1737382 1702264]
- [scsi] sg: protect against races between mmap() and SG_SET_RESERVED_SIZE (Ewan Milne) [1737380 1710533]
- [scsi] sg: recheck MMAP_IO request length with lock held (Ewan Milne) [1737380 1710533]
- [scsi] sg: reset 'res_in_use' after unlinking reserved array (Ewan Milne) [1737380 1710533]
- [scsi] sg: protect accesses to 'reserved' page array (Ewan Milne) [1737380 1710533]
- [netdrv] mlx4/en_netdev: allow offloading VXLAN over VLAN (Paolo Abeni) [1734333 1733671]
- [netdrv] brcmfmac: assure SSID length from firmware is limited (Stanislaw Gruszka) [1704879 1704880] {CVE-2019-9500}
- [net] tcp: be more careful in tcp_fragment() (Marcelo Leitner) [1739130 1732106]
- [documentation] Documentation: Add swapgs description to the Spectre v1 documentation (Waiman Long) [1729810 1724510] {CVE-2019-1125}
- [documentation] Documentation: Add section about CPU vulnerabilities for Spectre (Waiman Long) [1729810 1724510] {CVE-2019-1125}
- [x86] x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS (Waiman Long) [1729810 1724510] {CVE-2019-1125}
- [x86] x86/speculation: Enable Spectre v1 swapgs mitigations (Waiman Long) [1729810 1724510] {CVE-2019-1125}
- [x86] x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations (Waiman Long) [1729810 1724510] {CVE-2019-1125}
- [x86] x86/feature: Relocate X86_FEATURE_INVPCID_SINGLE (Waiman Long) [1729810 1724510] {CVE-2019-1125}
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
bpftool
3.10.0-1062.1.1.el7
kernel
3.10.0-1062.1.1.el7
kernel-abi-whitelists
3.10.0-1062.1.1.el7
kernel-debug
3.10.0-1062.1.1.el7
kernel-debug-devel
3.10.0-1062.1.1.el7
kernel-devel
3.10.0-1062.1.1.el7
kernel-doc
3.10.0-1062.1.1.el7
kernel-headers
3.10.0-1062.1.1.el7
kernel-tools
3.10.0-1062.1.1.el7
kernel-tools-libs
3.10.0-1062.1.1.el7
kernel-tools-libs-devel
3.10.0-1062.1.1.el7
perf
3.10.0-1062.1.1.el7
python-perf
3.10.0-1062.1.1.el7
Связанные CVE
Связанные уязвимости
The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc ...
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further. On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125. Microsoft released a...