Описание
ELSA-2019-4708: Unbreakable Enterprise kernel security update (IMPORTANT)
[4.14.35-1902.3.1]
- x86/platform/UV: Mark tsc_check_sync as an init function (mike.travis@hpe.com) [Orabug: 29701029]
- mm, page_alloc: check for max order in hot path (Michal Hocko) [Orabug: 29924411]
- net/mlx5: FW tracer, Enable tracing (Feras Daoud) [Orabug: 29717200]
- net/mlx5: FW tracer, parse traces and kernel tracing support (Feras Daoud) [Orabug: 29717200]
- net/mlx5: FW tracer, events handling (Feras Daoud) [Orabug: 29717200]
- net/mlx5: FW tracer, register log buffer memory key (Saeed Mahameed) [Orabug: 29717200]
- net/mlx5: FW tracer, create trace buffer and copy strings database (Feras Daoud) [Orabug: 29717200]
- net/mlx5: FW tracer, implement tracer logic (Feras Daoud) [Orabug: 29717200]
- net/mlx5: FW tracer, add hardware structures (Feras Daoud) [Orabug: 29717200]
- net/mlx5: Mkey creation command adjustments (Ariel Levkovich) [Orabug: 29717200]
- rds: Incorrect locking in rds_tcp_conn_path_shutdown() (Ka-Cheong Poon) [Orabug: 29814108]
- rds: Add per namespace RDS/TCP accept work queue (Ka-Cheong Poon) [Orabug: 29814108]
- rds: ib: Fix dereference of conn when NULL and cleanup thereof (Hakon Bugge) [Orabug: 29924845]
- AMD: Change CONFIG_EDAC_DECODE_MCE to built-in (George Kennedy) [Orabug: 29926109]
- watchdog: sp5100_tco: Add support for recent FCH versions (Guenter Roeck) [Orabug: 29933621]
- watchdog: sp5100-tco: Abort if watchdog is disabled by hardware (Guenter Roeck) [Orabug: 29933621]
- watchdog: sp5100_tco: Use bit operations (Guenter Roeck) [Orabug: 29933621]
- watchdog: sp5100_tco: Convert to use watchdog subsystem (Guenter Roeck) [Orabug: 29933621]
- watchdog: sp5100_tco: Clean up function and variable names (Guenter Roeck) [Orabug: 29933621]
- watchdog: sp5100_tco: Use dev_ print functions where possible (Guenter Roeck) [Orabug: 29933621]
- watchdog: sp5100_tco: Match PCI device early (Guenter Roeck) [Orabug: 29933621]
- watchdog: sp5100_tco: Clean up sp5100_tco_setupdevice (Guenter Roeck) [Orabug: 29933621]
- watchdog: sp5100_tco: Use standard error codes (Guenter Roeck) [Orabug: 29933621]
- watchdog: sp5100_tco: Use request_muxed_region where possible (Guenter Roeck) [Orabug: 29933621]
- watchdog: sp5100_tco: Always use SP5100_IO_PM_{INDEX_REG,DATA_REG} (Guenter Roeck) [Orabug: 29933621]
- i2c: piix4: Use request_muxed_region (Guenter Roeck) [Orabug: 29933621]
- i2c: piix4: Use usleep_range() (Guenter Roeck) [Orabug: 29933621]
- i2c: piix4: Fix port number check on release (Jean Delvare) [Orabug: 29933621]
- scsi: smartpqi: correct lun reset issues (Kevin Barnett) [Orabug: 29939095]
[4.14.35-1902.3.0]
- nvme.h: fixup ANA group descriptor format (Hannes Reinecke) [Orabug: 29750813]
- nvme: validate cntlid during controller initialisation (Christoph Hellwig) [Orabug: 29750813]
- nvme: change locking for the per-subsystem controller list (Christoph Hellwig) [Orabug: 29750813]
- net/mlx5e: Disable ODP capability advertizing and close kernel ODP flows (Qing Huang) [Orabug: 29786503]
- EDAC/amd64: Adjust printed chip select sizes when interleaved (Yazen Ghannam) [Orabug: 29861840]
- EDAC/amd64: Support more than two controllers for chip select handling (Yazen Ghannam) [Orabug: 29861840]
- EDAC/amd64: Recognize x16 symbol size (Yazen Ghannam) [Orabug: 29861840]
- EDAC/amd64: Set maximum channel layer size depending on family (Yazen Ghannam) [Orabug: 29861840]
- EDAC/amd64: Support more than two Unified Memory Controllers (Yazen Ghannam) [Orabug: 29861840]
- EDAC/amd64: Use a macro for iterating over Unified Memory Controllers (Yazen Ghannam) [Orabug: 29861840]
- EDAC/amd64: Add Family 17h Model 30h PCI IDs (Yazen Ghannam) [Orabug: 29861840]
- EDAC, amd64: Add Family 17h, models 10h-2fh support (Michael Jin) [Orabug: 29861840]
- libnvdimm/namespace: Fix label tracking error (Dan Williams) [Orabug: 29839902]
- fork: record start_time late (David Herrmann) [Orabug: 29850579] {CVE-2019-6133}
- IB/mlx5: Removed an empty file introduced by Mellanox backport (Qing Huang) [Orabug: 29891479]
- config: enable PSI (Tom Hromatka) [Orabug: 29896487]
- net/mlx5: Set FW pre-init timeout to 120k (Yuval Shaia) [Orabug: 29906258]
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
kernel-uek
4.14.35-1902.3.1.el7uek
kernel-uek-debug
4.14.35-1902.3.1.el7uek
kernel-uek-debug-devel
4.14.35-1902.3.1.el7uek
kernel-uek-devel
4.14.35-1902.3.1.el7uek
kernel-uek-headers
4.14.35-1902.3.1.el7uek
kernel-uek-tools
4.14.35-1902.3.1.el7uek
kernel-uek-tools-libs
4.14.35-1902.3.1.el7uek
kernel-uek-tools-libs-devel
4.14.35-1902.3.1.el7uek
perf
4.14.35-1902.3.1.el7uek
python-perf
4.14.35-1902.3.1.el7uek
Oracle Linux x86_64
kernel-uek
4.14.35-1902.3.1.el7uek
kernel-uek-debug
4.14.35-1902.3.1.el7uek
kernel-uek-debug-devel
4.14.35-1902.3.1.el7uek
kernel-uek-devel
4.14.35-1902.3.1.el7uek
kernel-uek-doc
4.14.35-1902.3.1.el7uek
kernel-uek-tools
4.14.35-1902.3.1.el7uek
Связанные CVE
Связанные уязвимости
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism ...
