An Unbreakable Enterprise kernel security update has been released for Oracle Linux 7.
Oracle Linux Security Advisory ELSA-2020-5569
http://linux.oracle.com/errata/ELSA-2020-5569.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-4.14.35-1902.11.3.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-1902.11.3.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-1902.11.3.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-1902.11.3.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-1902.11.3.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-1902.11.3.el7uek.noarch.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1902.11.3.el7uek.src.rpm
Description of changes:
[4.14.35-1902.11.3.el7uek]
- xfs: do async inactivation only when fs freezed (Junxiao Bi) [Orabug:
31013775]
[4.14.35-1902.11.2.el7uek]
- ib/core: Cancel fmr delayed_worker when in shutdown phase of reboot
system (Hans Westgaard Ry) [Orabug: 30967501] - Revert "printk: Default
console logging level should be set to 4" (Cesar Roque) [Orabug:
30833249] - cgroup: psi: fix memory leak when freeing a cgroup work
function (Tom Hromatka) [Orabug: 30903264]
[4.14.35-1902.11.1.el7uek]
- xfs: fix deadlock between shrinker and fs freeze (Junxiao Bi) [Orabug:
30657780] - xfs: increase the default parallelism levels of pwork
clients (Darrick J. Wong) [Orabug: 30657780] - xfs: decide if inode
needs inactivation (Darrick J. Wong) [Orabug: 30657780] - xfs: refactor
the predicate part of xfs_free_eofblocks (Darrick J. Wong) [Orabug:
30657780] - mwifiex: fix unbalanced locking in
mwifiex_process_country_ie() (Brian Norris) [Orabug: 30781858]
{CVE-2019-14895}
- mwifiex: fix possible heap overflow in mwifiex_process_country_ie()
(Ganapathi Bhat) [Orabug: 30781858] {CVE-2019-14895} {CVE-2019-14895}
- ipmi_ssif: avoid registering duplicate ssif interface (Kamlakant
Patel) [Orabug: 30916684] - ipmi: Fix NULL pointer dereference in
ssif_probe (Gustavo A. R. Silva) [Orabug: 30916684] - uio: Fix an Oops
on load (Dan Carpenter) [Orabug: 30897832] - drm/i915: Fix
use-after-free when destroying GEM context (Tyler Hicks) [Orabug:
30860457] {CVE-2020-7053}
- xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to
EDQUOT (Darrick J. Wong) [Orabug: 30788113] - slub: extend slub debug to
handle multiple slabs (Aaron Tomlin) [Orabug: 30903135] - RAS/CEC: Fix
binary search function (Borislav Petkov) [Orabug: 30897849] - CIFS: fix
POSIX lock leak and invalid ptr deref (Aurelien Aptel) [Orabug:
30809456] - rds: Avoid flushing MRs in rds_rdma_drop_keys (aru kolappan)
[Orabug: 30681066]
[4.14.35-1902.11.0.el7uek]
- rds: Avoid qp overflow when posting invalidate/register mr with frwr
(Hans Westgaard Ry) [Orabug: 30888677] - rds: Use bitmap to designate
dropped connections (Håkon Bugge) [Orabug: 30852643] - rds: prevent
use-after-free of rds conn in rds_send_drop_to() (Sharath Srinivasan)
[Orabug: 30865079] - media: b2c2-flexcop-usb: add sanity checking
(Oliver Neukum) [Orabug: 30864532] {CVE-2019-15291}
- KVM: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest that lack
it (Paolo Bonzini) [Orabug: 30846856] - KVM: vmx: implement
MSR_IA32_TSX_CTRL disable RTM functionality (Paolo Bonzini) [Orabug:
30846856] - KVM: x86: implement MSR_IA32_TSX_CTRL effect on CPUID (Paolo
Bonzini) [Orabug: 30846856] - KVM: x86: do not modify masked bits of
shared MSRs (Paolo Bonzini) [Orabug: 30846856] - KVM: x86: fix
presentation of TSX feature in ARCH_CAPABILITIES (Paolo Bonzini)
[Orabug: 30846856] - xen/ovmapi: whitelist more caches (Boris Ostrovsky)
[Orabug: 30837856] - mwifiex: Fix heap overflow in
mmwifiex_process_tdls_action_frame() (qize wang) [Orabug: 30819438]
{CVE-2019-14901}
- drm/i915/gen9: Clear residual context state on context switch (Akeem G
Abodunrin) [Orabug: 30773852] {CVE-2019-14615} {CVE-2019-14615}
- rds: unlock rs_snd_lock before calling rhashtable_insert_fast (aru
kolappan) [Orabug: 30734590]