The following updates has been released for Oracle Linux 6 and 7:
ELSA-2019-4684 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2019-4684 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2019-4685 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2019-4686 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2019-4686 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2019-4686)
New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2019-4684)
ELSA-2019-4684 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2019-4684 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2019-4685 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2019-4686 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2019-4686 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2019-4686)
New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2019-4684)
ELSA-2019-4684 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2019-4684
http://linux.oracle.com/errata/ELSA-2019-4684.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-doc-4.1.12-124.28.3.el6uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.28.3.el6uek.noarch.rpm
kernel-uek-4.1.12-124.28.3.el6uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.28.3.el6uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.28.3.el6uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.28.3.el6uek.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-4.1.12-124.28.3.el6uek.src.rpm
Description of changes:
[4.1.12-124.28.3.el6uek]
- Add CVE numbers for CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 (Chuck Anderson) [Orabug: 29890820] {CVE-2019-11477} {CVE-2019-11478} {CVE-2019-11479} {CVE-2019-11477} {CVE-2019-11478} {CVE-2019-11479}
- tcp: fix fack_count accounting on tcp_shift_skb_data() (Joao Martins) [Orabug: 29890820]
- tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Eric Dumazet) [Orabug: 29886598]
[4.1.12-124.28.2.el6uek]
- tcp: add tcp_min_snd_mss sysctl (Eric Dumazet) [Orabug: 29884306]
- tcp: tcp_fragment() should apply sane memory limits (Eric Dumazet) [Orabug: 29884306]
- tcp: limit payload size of sacked skbs (Eric Dumazet) [Orabug: 29884306]
ELSA-2019-4684 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2019-4684
http://linux.oracle.com/errata/ELSA-2019-4684.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-doc-4.1.12-124.28.3.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.28.3.el7uek.noarch.rpm
kernel-uek-4.1.12-124.28.3.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.28.3.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.28.3.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.28.3.el7uek.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.1.12-124.28.3.el7uek.src.rpm
Description of changes:
[4.1.12-124.28.3.el7uek]
- Add CVE numbers for CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 (Chuck Anderson) [Orabug: 29890820] {CVE-2019-11477} {CVE-2019-11478} {CVE-2019-11479} {CVE-2019-11477} {CVE-2019-11478} {CVE-2019-11479}
- tcp: fix fack_count accounting on tcp_shift_skb_data() (Joao Martins) [Orabug: 29890820]
- tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Eric Dumazet) [Orabug: 29886598]
[4.1.12-124.28.2.el7uek]
- tcp: add tcp_min_snd_mss sysctl (Eric Dumazet) [Orabug: 29884306]
- tcp: tcp_fragment() should apply sane memory limits (Eric Dumazet) [Orabug: 29884306]
- tcp: limit payload size of sacked skbs (Eric Dumazet) [Orabug: 29884306]
ELSA-2019-4685 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2019-4685
http://linux.oracle.com/errata/ELSA-2019-4685.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-4.14.35-1902.2.0.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-1902.2.0.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-1902.2.0.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-1902.2.0.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-1902.2.0.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-1902.2.0.el7uek.noarch.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1902.2.0.el7uek.src.rpm
Description of changes:
[4.14.35-1902.1.5.el7uek]
- CVE numbers for build v4.14.35-1902.1.3 and fixup (Jack Vogel) [Orabug: 29890784] [Orabug: 29884301] [Orabug: 29884301] {CVE-2019-11477} {CVE-2019-11478} {CVE-2019-11479}
[4.14.35-1902.1.4.el7uek]
- tcp: fix fack_count accounting on tcp_shift_skb_data() (Joao Martins) [Orabug: 29890784]
- tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Eric Dumazet) [Orabug: 29886594]
[4.14.35-1902.1.3.el7uek]
- tcp: add tcp_min_snd_mss sysctl (Eric Dumazet) [Orabug: 29884301]
- tcp: tcp_fragment() should apply sane memory limits (Eric Dumazet) [Orabug: 29884301]
- tcp: limit payload size of sacked skbs (Eric Dumazet) [Orabug: 29884301]
[4.14.35-1902.1.2.el7uek]
- libnvdimm/of_pmem: Fix platform_no_drv_owner.cocci warnings (YueHaibing) [Orabug: 29827576]
- libnvdimm, pfn: Fix over-trim in trim_pfn_device() (Wei Yang) [Orabug: 29827576]
- libnvdimm/btt: Fix LBA masking during 'free list' population (Vishal Verma) [Orabug: 29827576]
- libnvdimm/btt: Remove unnecessary code in btt_freelist_init (Vishal Verma) [Orabug: 29827576]
- acpi/nfit: Update NFIT flags error message (Toshi Kani) [Orabug: 29827576]
- libnvdimm/namespace: Clean up holder_class_store() (Dan Williams) [Orabug: 29827576]
- libnvdimm/pfn: Remove dax_label_reserve (Dan Williams) [Orabug: 29827576]
- dax: Check the end of the block-device capacity with dax_direct_access() (Dan Williams) [Orabug: 29827576]
- nfit/ars: Avoid stale ARS results (Dan Williams) [Orabug: 29827576]
- nfit/ars: Allow root to busy-poll the ARS state machine (Dan Williams) [Orabug: 29827576]
- nfit/ars: Introduce scrub_flags (Dan Williams) [Orabug: 29827576]
- nfit/ars: Remove ars_start_flags (Dan Williams) [Orabug: 29827576]
- nfit/ars: Attempt short-ARS even in the no_init_ars case (Dan Williams) [Orabug: 29827576]
- nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot (Dan Williams) [Orabug: 29827576]
- acpi/nfit: Require opt-in for read-only label configurations (Dan Williams) [Orabug: 29827576]
- libnvdimm/pmem: Honor force_raw for legacy pmem regions (Dan Williams) [Orabug: 29827576]
- libnvdimm/pfn: Account for PAGE_SIZE > info-block-size in nd_pfn_init() (Dan Williams) [Orabug: 29827576]
- libnvdimm/dimm: Add a no-BLK quirk based on NVDIMM family (Dan Williams) [Orabug: 29827576]
- nfit: Fix nfit_intel_shutdown_status() command submission (Dan Williams) [Orabug: 29827576]
- libnvdimm/label: Clear 'updating' flag after label-set update (Dan Williams) [Orabug: 29827576]
- nfit: Add Hyper-V NVDIMM DSM command set to white list (Dexuan Cui) [Orabug: 29827576]
- hugetlbfs: boot failure if gigantic pages allocated on command line (Mike Kravetz) [Orabug: 29811544]
- Revert "net_failover: delay taking over primary device to accommodate udevd renaming" (Si-Wei Liu) [Orabug: 29707254]
- failover: allow name change on IFF_UP slave interfaces (Si-Wei Liu) [Orabug: 29707254]
- xfs: add lazytime mount option (Darrick J. Wong) [Orabug: 29609388]
- iversion: make inode_cmp_iversion{+raw} return bool instead of s64 (Jeff Layton) [Orabug: 29609388]
- xfs: implement the lazytime mount option (Christoph Hellwig) [Orabug: 29609388]
- fs: don't clear I_DIRTY_TIME before calling mark_inode_dirty_sync (Christoph Hellwig) [Orabug: 29609388]
- fs: handle inode->i_version more efficiently (Jeff Layton) [Orabug: 29609388]
- btrfs: only dirty the inode in btrfs_update_time if something was changed (Jeff Layton) [Orabug: 29609388]
- xfs: avoid setting XFS_ILOG_CORE if i_version doesn't need incrementing (Jeff Layton) [Orabug: 29609388]
- fs: only set S_VERSION when updating times if necessary (Jeff Layton) [Orabug: 29609388]
- IMA: switch IMA over to new i_version API (Jeff Layton) [Orabug: 29609388]
- xfs: convert to new i_version API (Jeff Layton) [Orabug: 29609388]
- ufs: use new i_version API (Jeff Layton) [Orabug: 29609388]
- ocfs2: convert to new i_version API (Jeff Layton) [Orabug: 29609388]
- nfsd: convert to new i_version API (Jeff Layton) [Orabug: 29609388]
- nfs: convert to new i_version API (Jeff Layton) [Orabug: 29609388]
- ext4: convert to new i_version API (Jeff Layton) [Orabug: 29609388]
- ext2: convert to new i_version API (Jeff Layton) [Orabug: 29609388]
- exofs: switch to new i_version API (Jeff Layton) [Orabug: 29609388]
- btrfs: convert to new i_version API (Jeff Layton) [Orabug: 29609388]
- afs: convert to new i_version API (Jeff Layton) [Orabug: 29609388]
- affs: convert to new i_version API (Jeff Layton) [Orabug: 29609388]
- fat: convert to new i_version API (Jeff Layton) [Orabug: 29609388]
- fs: don't take the i_lock in inode_inc_iversion (Jeff Layton) [Orabug: 29609388]
- fs: new API for handling inode->i_version (Jeff Layton) [Orabug: 29609388]
- orangefs: remove initialization of i_version (Jeff Layton) [Orabug: 29609388]
- nilfs2: remove inode->i_version initialization (Jeff Layton) [Orabug: 29609388]
- jfs: remove increment of i_version counter (Jeff Layton) [Orabug: 29609388]
- hpfs: don't bother with the i_version counter or f_version (Jeff Layton) [Orabug: 29609388]
- f2fs: don't bother with inode->i_version (Jeff Layton) [Orabug: 29609388]
- ceph: remove the bump of i_version (Jeff Layton) [Orabug: 29609388]
- ecryptfs: remove unnecessary i_version bump (Jeff Layton) [Orabug: 29609388]
- EDAC: Drop per-memory controller buses (Borislav Petkov) [Orabug: 29721320]
- EDAC: Don't add devices under /sys/bus/edac (Tony Luck) [Orabug: 29721320]
- EDAC: Raise the maximum number of memory controllers (Justin Ernst) [Orabug: 29721320]
- EDAC, skx_edac: Handle systems with segmented PCI busses (Tony Luck) [Orabug: 29721320]
- block: delete part_round_stats and switch to less precise counting (Mikulas Patocka) [Orabug: 29223046]
- dm: simplify start of block stats accounting for bio-based (Mike Snitzer) [Orabug: 29223046]
[4.14.35-1902.1.1.el7uek]
- ovl: hash non-dir by lower inode for fsnotify (Amir Goldstein) [Orabug: 29634764]
- ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (Shuning Zhang) [Orabug: 29811589]
- x86/speculation/mds: Check for the right microcode before setting mitigation (Kanth Ghatraju) [Orabug: 29797116]
- x86/speculation/mds: Add 'mitigations=' support for MDS (Josh Poimboeuf) [Orabug: 29791045]
- net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock(). (Mao Wenan) [Orabug: 29802783] {CVE-2019-11815}
- Bluetooth: hidp: fix buffer overflow (Young Xiao) [Orabug: 29786769] {CVE-2011-1079} {CVE-2019-11884}
- scsi: megaraid_sas: return error when create DMA pool failed (Jason Yan) [Orabug: 29783169] {CVE-2019-11810}
- scsi: libsas: fix a race condition when smp task timeout (Jason Yan) [Orabug: 29783151] {CVE-2018-20836}
- libnvdimm/pmem: fix a possible OOB access when read and write pmem (Li RongQing) [Orabug: 29791818]
- libnvdimm/namespace: Fix a potential NULL pointer dereference (Kangjie Lu) [Orabug: 29791818]
- tools/testing/nvdimm: Retain security state after overwrite (Dave Jiang) [Orabug: 29791818]
- libnvdimm/security, acpi/nfit: unify zero-key for all security commands (Dave Jiang) [Orabug: 29791818]
- libnvdimm/security: provide fix for secure-erase to use zero-key (Dave Jiang) [Orabug: 29791818]
- acpi/nfit: Always dump _DSM output payload (Dan Williams) [Orabug: 29791818]
- nfit: acpi_nfit_ctl(): Check out_obj->type in the right place (Dexuan Cui) [Orabug: 29791818]
[4.14.35-1902.1.0.el7uek]
- Delay IP migration for failback by 10s for NETDEV_CHANGE event (Sudhakar Dindukurti) [Orabug: 29761379]
- Add more debug messages in Resilient RDMAIP (Sudhakar Dindukurti) [Orabug: 29744760]
- RoCE:KVM guest: failover doesn't work if an interface isn't configured (Sudhakar Dindukurti) [Orabug: 29744721]
- rds: Introduce a pool of worker threads for connection management (Håkon Bugge) [Orabug: 29629985]
- rds: Use rds_conn_path cp_wq when applicable (Håkon Bugge) [Orabug: 29629985]
- rds: ib: Implement proper cm_id compare (Håkon Bugge) [Orabug: 29629985]
- Revert "net/rds: prevent RDS connections using stale ARP entries" (Håkon Bugge) [Orabug: 29629985]
- rds: ib: Flush ARP cache when needed (Håkon Bugge) [Orabug: 29629985]
- rds: Add simple heuristics to determine connect delay (Håkon Bugge) [Orabug: 29629985]
- rds: Fix one-sided connect (Håkon Bugge) [Orabug: 29629985]
- rds: Consolidate and align ftrace related to connection management (Håkon Bugge) [Orabug: 29629985]
- rdmaip: Fix gratuitous ARP storm (Håkon Bugge) [Orabug: 29629985]
- IB/mlx4: Increase the timeout for CM cache (Håkon Bugge) [Orabug: 29629985]
- rds: ib: Use a delay when reconnecting to the very same IP address (Håkon Bugge) [Orabug: 29629985]
- hugetlbfs: don't retry when pool page allocations start to fail (Mike Kravetz) [Orabug: 29778831]
- bnxt_en: Reset device on RX buffer errors. (Michael Chan) [Orabug: 29651239]
- scsi: flip the default on use_clustering (Christoph Hellwig) [Orabug: 29411921]
- scsi: qla2xxx: Update driver version to 10.00.00.13-k (Himanshu Madhani) [Orabug: 29411921]
- scsi: qla2xxx: Use complete switch scan for RSCN events (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (Sawan Chandak) [Orabug: 29411921]
- scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (Giridhar Malavali) [Orabug: 29411921]
- scsi: qla2xxx: allow session delete to finish before create. (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: fix fcport null pointer access. (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: flush IO on chip reset or sess delete (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix session cleanup hang (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Change default ZIO threshold. (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Add pci function reset support. (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix N2N target discovery with Local loop (Himanshu Madhani) [Orabug: 29411921]
- scsi: qla2xxx: Add new FC-NVMe enable BIT to enable FC-NVMe feature (Giridhar Malavali) [Orabug: 29411921]
- scsi: qla2xxx: no need to check return value of debugfs_create functions (Greg Kroah-Hartman) [Orabug: 29411921]
- scsi: qla2xxx: Add protection mask module parameters (Martin K. Petersen) [Orabug: 29411921]
- scsi: qla2xxx: deadlock by configfs_depend_item (Anatoliy Glagolev) [Orabug: 29411921]
- scsi: qla2xxx: Update driver version to 10.00.00.12-k (Himanshu Madhani) [Orabug: 29411921]
- scsi: qla2xxx: Fix for FC-NVMe discovery for NPIV port (Giridhar Malavali) [Orabug: 29411921]
- scsi: qla2xxx: Enable FC-NVME on NPIV ports (Anil Gurumurthy) [Orabug: 29411921]
- Revert "scsi: qla2xxx: Fix NVMe Target discovery" (Himanshu Madhani) [Orabug: 29411921]
- scsi: qla2xxx: Timeouts occur on surprise removal of QLogic adapter (Bill Kuzeja) [Orabug: 29411921]
- scsi: qla2xxx: Initialize port speed to avoid setting lower speed (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix a typo in MODULE_PARM_DESC (Masanari Iida) [Orabug: 29411921]
- scsi: qla2xxx: Remove two arguments from qlafx00_error_entry() (Bart Van Assche) [Orabug: 29411921]
- scsi: qla2xxx: Make sure that qlafx00_ioctl_iosb_entry() initializes 'res' (Bart Van Assche) [Orabug: 29411921]
- scsi: qla2xxx: Remove a set-but-not-used variable (Bart Van Assche) [Orabug: 29411921]
- scsi: qla2xxx: Make qla2x00_sysfs_write_nvram() easier to analyze (Bart Van Assche) [Orabug: 29411921]
- scsi: qla2xxx: Declare local functions 'static' (Bart Van Assche) [Orabug: 29411921]
- scsi: qla2xxx: Improve several kernel-doc headers (Bart Van Assche) [Orabug: 29411921]
- scsi: qla2xxx: Modify fall-through annotations (Bart Van Assche) [Orabug: 29411921]
- scsi: qla2xxx: fully convert to the generic DMA API (Christoph Hellwig) [Orabug: 29411921]
- scsi: qla2xxx: Simplify conditional check (Nathan Chancellor) [Orabug: 29411921]
- scsi: qla2xxx: Remove unnecessary self assignment (Nathan Chancellor) [Orabug: 29411921]
- PCI/AER: Remove pci_cleanup_aer_uncorrect_error_status() calls (Oza Pawandeep) [Orabug: 29411921]
- scsi: qla2xxx: Return switch command on a timeout (Himanshu Madhani) [Orabug: 29411921]
- scsi: qla2xxx: Move log messages before issuing command to firmware (Giridhar Malavali) [Orabug: 29411921]
- scsi: qla2xxx: Fix for double free of SRB structure (Giridhar Malavali) [Orabug: 29411921]
- scsi: qla2xxx: Fix recursive mailbox timeout (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix driver hang when FC-NVMe LUNs are configured (Himanshu Madhani) [Orabug: 29411921]
- scsi: qla2xxx: Fix re-using LoopID when handle is in use (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix duplicate switch database entries (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix NVMe Target discovery (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix NVMe session hang on unload (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: don't allow negative thresholds (Dan Carpenter) [Orabug: 29411921]
- scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (Masanari Iida) [Orabug: 29411921]
- scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (YueHaibing) [Orabug: 29411921]
- scsi: qla2xxx: fix typo "CT-PASSTRHU" -> "CT-PASSTHRU" (Colin Ian King) [Orabug: 29411921]
- scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() (Dan Carpenter) [Orabug: 29411921]
- scsi: qla2xxx: Update driver version to 10.00.00.11-k (Himanshu Madhani) [Orabug: 29411921]
- scsi: qla2xxx: Fix double increment of switch scan retry count (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix duplicate switch's Nport ID entries (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Remove stale debug trace message from tcm_qla2xxx (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix premature command free (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Reject bsg request if chip is down. (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: shutdown chip if reset fail (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix stuck session in PLOGI state (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix early srb free on abort (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix race condition for resource cleanup (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix dropped srb resource. (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix port speed display on chip reset (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Check for Register disconnect (Sawan Chandak) [Orabug: 29411921]
- scsi: qla2xxx: Increase abort timeout value (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Allow FC-NVMe underrun to be handled by transport (Darren Trapp) [Orabug: 29411921]
- scsi: qla2xxx: Update driver version to 10.00.00.10-k (Himanshu Madhani) [Orabug: 29411921]
- scsi: qla2xxx: Move ABTS code behind qpair (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Remove stale ADISC_DONE event (Himanshu Madhani) [Orabug: 29411921]
- scsi: qla2xxx: Fix Remote port registration (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Remove ASYNC GIDPN switch command (Himanshu Madhani) [Orabug: 29411921]
- scsi: qla2xxx: Reduce holding sess_lock to prevent CPU lock-up (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Move {get|rel}_sp to base_qpair struct (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Add support for ZIO6 interrupt threshold (John Donnelly) [Orabug: 29411921]
- scsi: qla2xxx: Fix out of order Termination and ABTS response (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Add logic to detect ABTS hang and response completion (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Add appropriate debug info for invalid RX_ID (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix deadlock between ATIO and HW lock (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Serialize mailbox request (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Update driver to version 10.00.00.09-k (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Terminate Plogi/PRLI if WWN is 0 (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Defer chip reset until target mode is enabled (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix iIDMA error (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Remove all rports if fabric scan retry fails (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Force fw cleanup on ADISC error (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Turn off IOCB timeout timer on IOCB completion (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Decrement login retry count for only plogi (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Move rport registration out of internal work_list (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Remove redundant check for fcport deletion (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Update rscn_rcvd field to more meaningful scan_needed (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Use correct qpair for ABTS/CMD (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix incorrect port speed being set for FC adapters (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix process response queue for ISP26XX and above (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix issue reported by static checker for qla2x00_els_dcmd2_sp_done() (Quinn Tran) [Orabug: 29411921]
- qla2xxx: Update driver version to 10.00.00.08-k (Himanshu Madhani) [Orabug: 29411921]
- scsi: qla2xxx: Migrate NVME N2N handling into state machine (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Save frame payload size from ICB (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix stalled relogin (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix race between switch cmd completion and timeout (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix Management Server NPort handle reservation logic (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Flush mailbox commands on chip reset (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix unintended Logout (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix session state stuck in Get Port DB (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix redundant fc_rport registration (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Silent erroneous message (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Prevent sysfs access when chip is down (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Add longer window for chip reset (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix login retry count (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix N2N link re-connect (Quinn Tran) [Orabug: 29411921]
- qla2xxx: Cleanup for N2N code (Himanshu Madhani) [Orabug: 29411921]
- qla2xxx: Fix driver unload by shutting down chip (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix inconsistent DMA mem alloc/free (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: remove irq save in qla2x00_poll() (Sebastian Andrzej Siewior) [Orabug: 29411921]
- scsi: qla2xxx: Spinlock recursion in qla_target (Mikhail Malygin) [Orabug: 29411921]
- scsi: qla2xxx: Fix crash on qla2x00_mailbox_command (Rodrigo R. Galvao) [Orabug: 29411921]
- scsi: qla2xxx: remove the unused tcm_qla2xxx_cmd_wq (Andrei Vagin) [Orabug: 29411921]
- scsi: qla2xxx: Fix TMF and Multi-Queue config (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Prevent relogin loop by removing stale code (himanshu.madhani@cavium.com) [Orabug: 29411921]
- scsi: qla2xxx: Remove stale debug value for login_retry flag (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Use predefined get_datalen_for_atio() inline function (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix Inquiry command being dropped in Target mode (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Move GPSC and GFPNID out of session management (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Reduce redundant ADISC command for RSCNs (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Delete session for nport id change (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix Rport and session state getting out of sync (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: Fix sending ADISC command for login (Quinn Tran) [Orabug: 29411921]
- scsi: qla2xxx: fx00 copypaste typo (Meelis Roos) [Orabug: 29411921]
- scsi: qla2xxx: fix error message on protocol in bpf_skb_net_grow (Willem de Bruijn) [Orabug: 29766891]
- bpf: reserve flags in bpf_skb_net_shrink (Willem de Bruijn) [Orabug: 29766891]
- bpf: fix whitespace for ENCAP_L2 defines in bpf.h (Alan Maguire) [Orabug: 29766891]
- bpf: sync bpf.h to tools/ for BPF_F_ADJ_ROOM_ENCAP_L2 (Alan Maguire) [Orabug: 29766891]
- bpf: add layer 2 encap support to bpf_skb_adjust_room (Alan Maguire) [Orabug: 29766891]
- bpf: silence uninitialized var warning in bpf_skb_net_grow (Willem de Bruijn) [Orabug: 29766891]
- bpf: Sync bpf.h to tools (Willem de Bruijn) [Orabug: 29766891]
- bpf: add bpf_skb_adjust_room encap flags (Willem de Bruijn) [Orabug: 29766891]
- bpf: add bpf_skb_adjust_room flag BPF_F_ADJ_ROOM_FIXED_GSO (Willem de Bruijn) [Orabug: 29766891]
- bpf: add bpf_skb_adjust_room mode BPF_ADJ_ROOM_MAC (Willem de Bruijn) [Orabug: 29766891]
- bpf: in bpf_skb_adjust_room avoid copy in tx fast path (Willem de Bruijn) [Orabug: 29766891]
- bpf: only test gso type on gso packets (Willem de Bruijn) [Orabug: 29766891]
- bpf: only adjust gso_size on bytestream protocols (Willem de Bruijn) [Orabug: 29766891]
- bpf: fix bpf_skb_adjust_net/bpf_skb_proto_xlat to deal with gso sctp skbs (Daniel Axtens) [Orabug: 29766891]
- docs: segmentation-offloads.txt: add SCTP info (Daniel Axtens) [Orabug: 29766891]
- KVM: VMX: Nop emulation of MSR_IA32_POWER_CTL (Liran Alon) [Orabug: 29772364]
- scsi: target: iscsi: Use bin2hex instead of a re-implementation (Vincent Pelletier) [Orabug: 29778873] {CVE-2018-14633}
- scsi: target: iscsi: Use hex2bin instead of a re-implementation (Vincent Pelletier) [Orabug: 29778873] {CVE-2018-14633} {CVE-2018-14633}
- vxlan: test dev->flags & IFF_UP before accessing vxlan->dev->dev_addr (Venkat Venkatsubra) [Orabug: 29785102]
- vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() (Venkat Venkatsubra) [Orabug: 29785102]
ELSA-2019-4686 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2019-4686
http://linux.oracle.com/errata/ELSA-2019-4686.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-firmware-3.8.13-118.35.2.el6uek.noarch.rpm
kernel-uek-doc-3.8.13-118.35.2.el6uek.noarch.rpm
kernel-uek-3.8.13-118.35.2.el6uek.x86_64.rpm
kernel-uek-devel-3.8.13-118.35.2.el6uek.x86_64.rpm
kernel-uek-debug-devel-3.8.13-118.35.2.el6uek.x86_64.rpm
kernel-uek-debug-3.8.13-118.35.2.el6uek.x86_64.rpm
dtrace-modules-3.8.13-118.35.2.el6uek-0.4.5-3.el6.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-3.8.13-118.35.2.el6uek.src.rpm
http://oss.oracle.com/ol6/SRPMS-updates/dtrace-modules-3.8.13-118.35.2.el6uek-0.4.5-3.el6.src.rpm
Description of changes:
kernel-uek
[3.8.13-118.35.2.el6uek]
- tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Eric Dumazet)
[Orabug: 29886600] {CVE-2019-11477}
- tcp: add tcp_min_snd_mss sysctl (Eric Dumazet) [Orabug: 29884307]
{CVE-2019-11479}
- tcp: tcp_fragment() should apply sane memory limits (Eric Dumazet)
[Orabug: 29884307] {CVE-2019-11478}
- tcp: fix fack_count accounting on tcp_shift_skb_data() (Joao Martins)
[Orabug: 29890831] {CVE-2019-11477}
- tcp: limit payload size of sacked skbs (Eric Dumazet) [Orabug:
29884307] {CVE-2019-11477}
ELSA-2019-4686 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2019-4686
http://linux.oracle.com/errata/ELSA-2019-4686.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-firmware-3.8.13-118.35.2.el7uek.noarch.rpm
kernel-uek-doc-3.8.13-118.35.2.el7uek.noarch.rpm
kernel-uek-3.8.13-118.35.2.el7uek.x86_64.rpm
kernel-uek-devel-3.8.13-118.35.2.el7uek.x86_64.rpm
kernel-uek-debug-devel-3.8.13-118.35.2.el7uek.x86_64.rpm
kernel-uek-debug-3.8.13-118.35.2.el7uek.x86_64.rpm
dtrace-modules-3.8.13-118.35.2.el7uek-0.4.5-3.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-3.8.13-118.35.2.el7uek.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/dtrace-modules-3.8.13-118.35.2.el7uek-0.4.5-3.el7.src.rpm
Description of changes:
kernel-uek
[3.8.13-118.35.2.el7uek]
- tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Eric Dumazet) [Orabug: 29886600] {CVE-2019-11477}
- tcp: add tcp_min_snd_mss sysctl (Eric Dumazet) [Orabug: 29884307] {CVE-2019-11479}
- tcp: tcp_fragment() should apply sane memory limits (Eric Dumazet) [Orabug: 29884307] {CVE-2019-11478}
- tcp: fix fack_count accounting on tcp_shift_skb_data() (Joao Martins) [Orabug: 29890831] {CVE-2019-11477}
- tcp: limit payload size of sacked skbs (Eric Dumazet) [Orabug: 29884307] {CVE-2019-11477}
New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2019-4686)
Synopsis: ELSA-2019-4686 can now be patched using Ksplice
CVEs: CVE-2019-11477 CVE-2019-11478 CVE-2019-11479
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-4686.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2019-4686.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR3 3.8.13 on
OL6 and OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2019-11477, CVE-2019-11478, CVE-2019-11479: Remote Denial-of-service in TCP stack.
A number of errors in the TCP stack could result in a remotely
triggerable denial of service on links with a small Maximum Segment Size
(MSS). A remote user could use a maliciously crafted TCP stream to
either panic the system or exhaust resources.
A new sysctl, ksplice_net_ipv4.tcp_min_snd_mss can be used to to adjust
the minimum Maximum Segment Size and defaults to 48 bytes.
Orabug: 29890831, 29884307, 29886600
SUPPORT
Ksplice support is available at ksplice-support_ww@oracle.com.
New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2019-4684)
Synopsis: ELSA-2019-4684 can now be patched using Ksplice
CVEs: CVE-2019-11477 CVE-2019-11478 CVE-2019-11479
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-4684.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2019-4684.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2019-11477, CVE-2019-11478, CVE-2019-11479: Remote Denial-of-service in TCP stack.
A number of errors in the TCP stack could result in a remotely
triggerable denial of service on links with a small Maximum Segment Size
(MSS). A remote user could use a maliciously crafted TCP stream to
either panic the system or exhaust resources.
A new sysctl, ksplice_net_ipv4.tcp_min_snd_mss can be used to to adjust
the minimum Maximum Segment Size and defaults to 48 bytes.
SUPPORT
Ksplice support is available at ksplice-support_ww@oracle.com.