Oracle Linux 6277 Published by

An Unbreakable Enterprise kernel security update has been released for Oracle Linux 5.



El-errata: ELSA-2020-5710 Important: Oracle Linux 5 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2020-5710

  http://linux.oracle.com/errata/ELSA-2020-5710.html

The following updated rpms for Oracle Linux 5 Extended Lifecycle Support
(ELS) have been uploaded to the Unbreakable Linux Network:

i386:
kernel-uek-2.6.39-400.323.1.el5uek.i686.rpm
kernel-uek-debug-2.6.39-400.323.1.el5uek.i686.rpm
kernel-uek-debug-devel-2.6.39-400.323.1.el5uek.i686.rpm
kernel-uek-devel-2.6.39-400.323.1.el5uek.i686.rpm
kernel-uek-doc-2.6.39-400.323.1.el5uek.noarch.rpm
kernel-uek-firmware-2.6.39-400.323.1.el5uek.noarch.rpm

x86_64:
kernel-uek-firmware-2.6.39-400.323.1.el5uek.noarch.rpm
kernel-uek-doc-2.6.39-400.323.1.el5uek.noarch.rpm
kernel-uek-2.6.39-400.323.1.el5uek.x86_64.rpm
kernel-uek-devel-2.6.39-400.323.1.el5uek.x86_64.rpm
kernel-uek-debug-devel-2.6.39-400.323.1.el5uek.x86_64.rpm
kernel-uek-debug-2.6.39-400.323.1.el5uek.x86_64.rpm

SRPMS:
  http://oss.oracle.com/ol5/SRPMS-updates/kernel-uek-2.6.39-400.323.1.el5uek.src.rpm


Description of changes:

[2.6.39-400.323.1.el5uek]
- USB: adutux: fix use-after-free on disconnect (Johan Hovold) [Orabug:
31240297] {CVE-2019-19523}
- USB: core: Fix races in character device registration and
deregistraion (Alan Stern) [Orabug: 31317669] {CVE-2019-19537}
- USB: iowarrior: fix use-after-free on disconnect (Johan Hovold)
[Orabug: 31351064] {CVE-2019-19528}
- usb: iowarrior: fix deadlock on disconnect (Oliver Neukum) [Orabug:
31351064] {CVE-2019-19528}

[2.6.39-400.322.1.el5uek]
- ipvs: reset ipvs pointer in netns (Julian Anastasov) [Orabug:
31027196] - ipvs: prefer NETDEV_DOWN event to free cached dsts (Julian
Anastasov) [Orabug: 31027196] - HID: hiddev: do cleanup in failure of
opening a device (Hillf Danton) [Orabug: 31206362] {CVE-2019-19527}
- HID: hiddev: avoid opening a disconnected device (Hillf Danton)
[Orabug: 31206362] {CVE-2019-19527}
- HID: Fix assumption that devices have inputs (Alan Stern) [Orabug:
31208624] {CVE-2019-19532}