Описание
ELSA-2020-5837: Unbreakable Enterprise kernel security update (IMPORTANT)
[4.1.12-124.42.3]
- can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351221] {CVE-2019-19535}
- media: hdpvr: Fix an error handling path in hdpvr_probe() (Arvind Yadav) [Orabug: 31352053] {CVE-2017-16644}
- fs/binfmt_misc.c: do not allow offset overflow (Thadeu Lima de Souza Cascardo) [Orabug: 31588258]
- clear inode and truncate pages before enqueuing for async inactivation (Gautham Ananthakrishna) [Orabug: 31744270]
[4.1.12-124.42.2]
- mm: create alloc_last_chance debugfs entries (Mike Kravetz) [Orabug: 31295499]
- mm: perform 'last chance' reclaim efforts before allocation failure (Mike Kravetz) [Orabug: 31295499]
- mm: let page allocation slowpath retry 'order' times (Mike Kravetz) [Orabug: 31295499]
- fix kABI breakage from 'netns: provide pure entropy for net_hash_mix()' (Dan Duval) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639}
- netns: provide pure entropy for net_hash_mix() (Eric Dumazet) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639}
- hrtimer: Annotate lockless access to timer->base (Eric Dumazet) [Orabug: 31380495]
- rds: ib: Revert 'net/rds: Avoid stalled connection due to CM REQ retries' (Hakon Bugge) [Orabug: 31648141]
- rds: Clear reconnect pending bit (Hakon Bugge) [Orabug: 31648141]
- RDMA/netlink: Do not always generate an ACK for some netlink operations (Hakon Bugge) [Orabug: 31666975]
- genirq/proc: Return proper error code when irq_set_affinity() fails (Wen Yaxng) [Orabug: 31723450]
[4.1.12-124.42.1]
- fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Alexander Potapenko) [Orabug: 31350639] {CVE-2020-10732}
- crypto: user - fix memory leak in crypto_report (Navid Emamdoost) [Orabug: 31351640] {CVE-2019-19062}
- of: unittest: fix memory leak in unittest_data_add (Navid Emamdoost) [Orabug: 31351702] {CVE-2019-19049}
- IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi) [Orabug: 31656992]
- net-sysfs: call dev_hold if kobject_init_and_add success (YueHaibing) [Orabug: 31687545] {CVE-2019-20811}
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
kernel-uek
4.1.12-124.42.3.el6uek
kernel-uek-debug
4.1.12-124.42.3.el6uek
kernel-uek-debug-devel
4.1.12-124.42.3.el6uek
kernel-uek-devel
4.1.12-124.42.3.el6uek
kernel-uek-doc
4.1.12-124.42.3.el6uek
kernel-uek-firmware
4.1.12-124.42.3.el6uek
Oracle Linux 7
Oracle Linux x86_64
kernel-uek
4.1.12-124.42.3.el7uek
kernel-uek-debug
4.1.12-124.42.3.el7uek
kernel-uek-debug-devel
4.1.12-124.42.3.el7uek
kernel-uek-devel
4.1.12-124.42.3.el7uek
kernel-uek-doc
4.1.12-124.42.3.el7uek
kernel-uek-firmware
4.1.12-124.42.3.el7uek
Ссылки на источники
Связанные уязвимости
ELSA-2020-5804: Unbreakable Enterprise kernel security update (IMPORTANT)
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
A flaw was found in the Linux kernel's implementation of Userspace cor ...