Oracle Linux 6255 Published by

An Unbreakable Enterprise kernel security update has been released for Oracle Linux 7.



El-errata: ELSA-2020-5691 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2020-5691

http://linux.oracle.com/errata/ELSA-2020-5691.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2011.2.2.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2011.2.2.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2011.2.2.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2011.2.2.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2011.2.2.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2011.2.2.el7uek.x86_64.rpm

aarch64:
kernel-uek-5.4.17-2011.2.2.el7uek.aarch64.rpm
kernel-uek-debug-5.4.17-2011.2.2.el7uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2011.2.2.el7uek.aarch64.rpm
kernel-uek-devel-5.4.17-2011.2.2.el7uek.aarch64.rpm
kernel-uek-doc-5.4.17-2011.2.2.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2011.2.2.el7uek.aarch64.rpm
kernel-uek-tools-libs-5.4.17-2011.2.2.el7uek.aarch64.rpm
perf-5.4.17-2011.2.2.el7uek.aarch64.rpm
python-perf-5.4.17-2011.2.2.el7uek.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-5.4.17-2011.2.2.el7uek.src.rpm



Description of changes:

[5.4.17-2011.2.2.el7uek]
- scsi: qla2xxx: Move free of fcport out of interrupt context (Joe Carnuccio) [Orabug: 31225231]
- xfs: move inode flush to the sync workqueue (Darrick J. Wong) [Orabug: 31132665]
- arm64: Kconfig: Enable NODES_SPAN_OTHER_NODES config for NUMA (Hoan Tran) [Orabug: 31049202]
- scsi: bnx2fc: timeout calculation invalid for bnx2fc_eh_abort() (Laurence Oberman) [Orabug: 31207643]
- jbd2: disable CONFIG_JBD2_DEBUG (Junxiao Bi) [Orabug: 31264694]

[5.4.17-2011.2.1.el7uek]
- x86/mce: Restart the system when LMCE UE error occurs (Thomas Tai) [Orabug: 31218859]
- media: xirlink_cit: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31213764] {CVE-2020-11668}
- media: ov519: add missing endpoint sanity checks (Johan Hovold) [Orabug: 31213755] {CVE-2020-11608}
- x86/microcode/AMD: Increase microcode PATCH_MAX_SIZE (John Allen) [Orabug: 31213533]
- media: stv06xx: add missing descriptor sanity checks (Johan Hovold) [Orabug: 31200576] {CVE-2020-11609}
- rds: Fix use-after-free in rds_ib_free_caches (Hans Westgaard Ry) [Orabug: 31200768]
- net/rds: Fix MR reference counting problem (Ka-Cheong Poon) [Orabug: 31130194]
- net/rds: Replace struct rds_mr's r_refcount with struct kref (Ka-Cheong Poon) [Orabug: 31130194]
- ctf: discard CTF from the vDSO (Nick Alcock) [Orabug: 31194036]

[5.4.17-2011.2.0.el7uek]
- RDMA/rxe: Enhance Soft Roce to support Oracle proprietary shared PD extension (Rao Shoaib) [Orabug: 31094525]
- mm: Avoid creating virtual address aliases in brk()/mmap()/mremap() (Catalin Marinas) [Orabug: 31053313] {CVE-2020-9391}
- rds: Add debugfs for inc/frag cache statistics (Hans Westgaard Ry) [Orabug: 31137997]
- rds: Add inc/frag cache statistics (Hans Westgaard Ry) [Orabug: 31137997]
- rds: Control the CPU (de)allocating fragments (Hans Westgaard Ry) [Orabug: 31137997]
- rds: Change caching strategy for receive buffers (Hans Westgaard Ry) [Orabug: 31137997]
- rds: Add lockfree stack routines (Hans Westgaard Ry) [Orabug: 31137997]
- net_sched: fix an OOB access in cls_tcindex (Cong Wang) [Orabug: 30871138]
- vgacon: Fix a UAF in vgacon_invert_region (Zhang Xiaoxu) [Orabug: 31143943] {CVE-2020-8649} {CVE-2020-8647} {CVE-2020-8647} {CVE-2020-8649} {CVE-2020-8647}