Oracle Linux 6277 Published by

A kernel security update has been released for Oracle Linux 6




Oracle Linux Security Advisory ELSA-2019-4850

http://linux.oracle.com/errata/ELSA-2019-4850.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.33.4.el6uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.33.4.el6uek.noarch.rpm
kernel-uek-4.1.12-124.33.4.el6uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.33.4.el6uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.33.4.el6uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.33.4.el6uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-4.1.12-124.33.4.el6uek.src.rpm


Description of changes:

[4.1.12-124.33.4.el6uek]
- ocfs2: protect extent tree in ocfs2_prepare_inode_for_write() (Shuning
Zhang) [Orabug: 30036349]
- ocfs2: direct-IO: protect get_blocks (Junxiao Bi) [Orabug: 30036349]
- SUNRPC: Remove xprt_connect_status() (Trond Myklebust) [Orabug: 30165838]
- SUNRPC: Handle ENETDOWN errors (Trond Myklebust) [Orabug: 30165838]
- vhost: make sure log_num < in_num (yongduan) [Orabug: 30312787]
{CVE-2019-14835}
- vhost: block speculation of translated descriptors (Michael S.
Tsirkin) [Orabug: 30312787] {CVE-2019-14835}
- vhost: Fix Spectre V1 vulnerability (Jason Wang) [Orabug: 30312787]
- array_index_nospec: Sanitize speculative array de-references (Dan
Williams) [Orabug: 30312787]
- net: hsr: fix memory leak in hsr_dev_finalize() (Mao Wenan) [Orabug:
30444853] {CVE-2019-16995}
- ieee802154: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug:
30444946] {CVE-2019-17053}
- mISDN: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug:
30445158] {CVE-2019-17055}
- net: sit: fix memory leak in sit_init_net() (Mao Wenan) [Orabug:
30445305] {CVE-2019-16994}
- media: dvb: usb: fix use after free in dvb_usb_device_exit (Oliver
Neukum) [Orabug: 30490491] {CVE-2019-15213}
- media: cpia2_usb: first wake up, then free in disconnect (Oliver
Neukum) [Orabug: 30511741] {CVE-2019-15215}
- media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in
zr364xx_vidioc_querycap (Vandana BN) [Orabug: 30532774] {CVE-2019-15217}
- target: Propagate backend read-only to core_tpg_add_lun (Nicholas
Bellinger) [Orabug: 30538419]
- kvm: mmu: ITLB_MULTIHIT mitigation selection (Kanth Ghatraju) [Orabug:
30539766]
- cpu/speculation: Uninline and export CPU mitigations helpers (Kanth
Ghatraju) [Orabug: 30539766]

[4.1.12-124.33.3.el6uek]
- rds: Use correct conn when dropping connections due to cancel (Håkon
Bugge) [Orabug: 30316058]
- rds: ib: Optimize rds_ib_laddr_check (Håkon Bugge) [Orabug: 30327671]
- rds: Bring loop-back peer down as well (Håkon Bugge) [Orabug: 30271704]
- rds: ib: Avoid connect retry on loopback connections (Håkon Bugge)
[Orabug: 30271704]
- rds: ib: Qualify CM REQ duplicate detection with connection being up
(Håkon Bugge) [Orabug: 30062150]
- rds: Further prioritize local loop-back connections (Håkon Bugge)
[Orabug: 30062150]
- rds: Fix initial zero delay when queuing re-connect work (Håkon Bugge)
[Orabug: 30062150]
- rds: Re-introduce separate work-queue for local connections (Håkon
Bugge) [Orabug: 30062150]
- rds: Re-factor and avoid superfluous queuing of shutdown work (Håkon
Bugge) [Orabug: 29994551]
- rds: ib: Flush ARP cache when connection attempt is rejected (Håkon
Bugge) [Orabug: 29994550]
- rds: ib: Fix incorrect setting of cp_reconnect_racing (Håkon Bugge)
[Orabug: 29994553]
- RDMA/cma: Make # CM retries configurable (Håkon Bugge) [Orabug: 29994555]
- rds: Re-factor and avoid superfluous queuing of reconnect work (Håkon
Bugge) [Orabug: 29994558]
- rds: ib: Correct the cm_id compare commit (Håkon Bugge) [Orabug: 29994560]
- rds: Increase entropy in hashing (Håkon Bugge) [Orabug: 29994561]
- rds: ib: Resurrect the CQs instead of delete+create (Håkon Bugge)
[Orabug: 29994566]
- rds: Avoid queuing superfluous send and recv work (Håkon Bugge)
[Orabug: 29994564]

[4.1.12-124.33.2.el6uek]
- x86/tsx: Add config options to set tsx=on|off|auto (Michal Hocko)
[Orabug: 30517133] {CVE-2019-11135}
- x86/speculation/taa: Add documentation for TSX Async Abort (Pawan
Gupta) [Orabug: 30517133] {CVE-2019-11135}
- x86/tsx: Add "auto" option to the tsx= cmdline parameter (Pawan Gupta)
[Orabug: 30517133] {CVE-2019-11135}
- kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Pawan Gupta)
[Orabug: 30517133] {CVE-2019-11135}
- x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Pawan
Gupta) [Orabug: 30517133] {CVE-2019-11135}
- x86/speculation/taa: Add mitigation for TSX Async Abort (Kanth
Ghatraju) [Orabug: 30517133] {CVE-2019-11135}
- x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
(Pawan Gupta) [Orabug: 30517133] {CVE-2019-11135}
- x86/cpu: Add a helper function x86_read_arch_cap_msr() (Pawan Gupta)
[Orabug: 30517133] {CVE-2019-11135}
- x86/msr: Add the IA32_TSX_CTRL MSR (Pawan Gupta) [Orabug: 30517133]
{CVE-2019-11135}
- kvm: x86: mmu: Recovery of shattered NX large pages (Junaid Shahid)
[Orabug: 30517059] {CVE-2018-12207}
- kvm: Add helper function for creating VM worker threads (Junaid
Shahid) [Orabug: 30517059] {CVE-2018-12207}
- kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [Orabug: 30517059]
{CVE-2018-12207}
- KVM: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini)
[Orabug: 30517059] {CVE-2018-12207}
- KVM: x86: make FNAME(fetch) and __direct_map more similar (Paolo
Bonzini) [Orabug: 30517059] {CVE-2018-12207}
- kvm: x86: Do not release the page inside mmu_set_spte() (Junaid
Shahid) [Orabug: 30517059] {CVE-2018-12207}
- x86/cpu: Add Tremont to the cpu vulnerability whitelist (Pawan Gupta)
[Orabug: 30517059] {CVE-2018-12207}
- x86: Add ITLB_MULTIHIT bug infrastructure (Pawan Gupta) [Orabug:
30517059] {CVE-2018-12207}
- KVM: x86: MMU: Move mapping_level_dirty_bitmap() call in
mapping_level() (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207}
- Revert "KVM: x86: use the fast way to invalidate all pages" (Sean
Christopherson) [Orabug: 30517059] {CVE-2018-12207}
- kvm: Convert kvm_lock to a mutex (Junaid Shahid) [Orabug: 30517059]
{CVE-2018-12207}
- KVM: x86: MMU: Simplify force_pt_level calculation code in
FNAME(page_fault)() (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207}
- KVM: x86: MMU: Make force_pt_level bool (Takuya Yoshikawa) [Orabug:
30517059] {CVE-2018-12207}
- KVM: x86: MMU: Remove unused parameter parent_pte from
kvm_mmu_get_page() (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207}
- KVM: x86: extend usage of RET_MMIO_PF_* constants (Paolo Bonzini)
[Orabug: 30517059] {CVE-2018-12207}
- KVM: x86: MMU: Make mmu_set_spte() return emulate value (Takuya
Yoshikawa) [Orabug: 30517059] {CVE-2018-12207}
- KVM: x86: MMU: Move parent_pte handling from kvm_mmu_get_page() to
link_shadow_page() (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207}
- KVM: x86: MMU: Move initialization of parent_ptes out from
kvm_mmu_alloc_page() (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207}

[4.1.12-124.33.1.el6uek]
- scsi: qla2xxx: Fix NULL pointer crash due to probe failure
(himanshu.madhani@cavium.com) [Orabug: 30161119]
- i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
(Jeremy Compostella) [Orabug: 30210503] {CVE-2017-18551}
- scsi: qla2xxx: Ability to process multiple SGEs in Command SGL for CT
passthrough commands. (Giridhar Malavali) [Orabug: 30256423]
- net-sysfs: Fix mem leak in netdev_register_kobject (YueHaibing)
[Orabug: 30350263] {CVE-2019-15916}
- Drivers: hv: vmbus: add special crash handler (Vitaly Kuznetsov)
[Orabug: 30374399]