Oracle Linux 6266 Published by

The following updates has been released for Oracle Linux:

ELBA-2019-1481-1 Oracle Linux 7 kernel bug fix update
ELSA-2019-1481 Important: Oracle Linux 7 kernel security update
ELSA-2019-1488 Important: Oracle Linux 6 kernel security and bug fix update
ELSA-2019-1492 Important: Oracle Linux 6 bind security update
ELSA-2019-4687 Important: Oracle Linux 7 libvirt security update (aarch64)
New Ksplice updates for RHCK 7 (ELSA-2019-1481)
New Ksplice updates for UEKR2 2.6.39 on OL5 and OL6 (ELSA-2019-4689)
New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2019-4685)



ELBA-2019-1481-1 Oracle Linux 7 kernel bug fix update

Oracle Linux Bug Fix Advisory ELBA-2019-1481-1

http://linux.oracle.com/errata/ELBA-2019-1481-1.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
bpftool-3.10.0-957.21.3.0.1.el7.x86_64.rpm
kernel-3.10.0-957.21.3.0.1.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-957.21.3.0.1.el7.noarch.rpm
kernel-debug-3.10.0-957.21.3.0.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-957.21.3.0.1.el7.x86_64.rpm
kernel-devel-3.10.0-957.21.3.0.1.el7.x86_64.rpm
kernel-doc-3.10.0-957.21.3.0.1.el7.noarch.rpm
kernel-headers-3.10.0-957.21.3.0.1.el7.x86_64.rpm
kernel-tools-3.10.0-957.21.3.0.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-957.21.3.0.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-957.21.3.0.1.el7.x86_64.rpm
perf-3.10.0-957.21.3.0.1.el7.x86_64.rpm
python-perf-3.10.0-957.21.3.0.1.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-957.21.3.0.1.el7.src.rpm



Description of changes:

[3.10.0-957.21.3.0.1.el7.OL7]
- [xen/balloon] Support xend-based toolstack (orabug 28663970)
- [x86/apic/x2apic] avoid allocate multiple irq vectors for a single
interrupt on multiple
cpu, otherwise irq vectors would be used up when there are only 2 cpu
online per node.
[orabug28691156]
- [bonding] avoid repeated display of same link status change. [orabug
28109857]
- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug
22552377]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel
(olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [bug 24817676]


ELSA-2019-1481 Important: Oracle Linux 7 kernel security update

Oracle Linux Security Advisory ELSA-2019-1481

http://linux.oracle.com/errata/ELSA-2019-1481.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
bpftool-3.10.0-957.21.3.el7.x86_64.rpm
kernel-3.10.0-957.21.3.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-957.21.3.el7.noarch.rpm
kernel-debug-3.10.0-957.21.3.el7.x86_64.rpm
kernel-debug-devel-3.10.0-957.21.3.el7.x86_64.rpm
kernel-devel-3.10.0-957.21.3.el7.x86_64.rpm
kernel-doc-3.10.0-957.21.3.el7.noarch.rpm
kernel-headers-3.10.0-957.21.3.el7.x86_64.rpm
kernel-tools-3.10.0-957.21.3.el7.x86_64.rpm
kernel-tools-libs-3.10.0-957.21.3.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-957.21.3.el7.x86_64.rpm
perf-3.10.0-957.21.3.el7.x86_64.rpm
python-perf-3.10.0-957.21.3.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-957.21.3.el7.src.rpm



Description of changes:

[3.10.0-957.21.3.el7.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel
(olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [bug 24817676]

[3.10.0-957.21.3.el7]
- [net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Florian
Westphal) [1719914 1719915] {CVE-2019-11479}
- [net] tcp: add tcp_min_snd_mss sysctl (Florian Westphal) [1719914
1719915] {CVE-2019-11479}
- [net] tcp: tcp_fragment() should apply sane memory limits (Florian
Westphal) [1719849 1719850] {CVE-2019-11478}
- [net] tcp: limit payload size of sacked skbs (Florian Westphal)
[1719594 1719595] {CVE-2019-11477}
- [net] tcp: pass previous skb to tcp_shifted_skb() (Florian Westphal)
[1719594 1719595] {CVE-2019-11477}

ELSA-2019-1488 Important: Oracle Linux 6 kernel security and bug fix update

Oracle Linux Security Advisory ELSA-2019-1488

http://linux.oracle.com/errata/ELSA-2019-1488.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
kernel-2.6.32-754.15.3.el6.i686.rpm
kernel-abi-whitelists-2.6.32-754.15.3.el6.noarch.rpm
kernel-debug-2.6.32-754.15.3.el6.i686.rpm
kernel-debug-devel-2.6.32-754.15.3.el6.i686.rpm
kernel-devel-2.6.32-754.15.3.el6.i686.rpm
kernel-doc-2.6.32-754.15.3.el6.noarch.rpm
kernel-firmware-2.6.32-754.15.3.el6.noarch.rpm
kernel-headers-2.6.32-754.15.3.el6.i686.rpm
perf-2.6.32-754.15.3.el6.i686.rpm
python-perf-2.6.32-754.15.3.el6.i686.rpm

x86_64:
kernel-2.6.32-754.15.3.el6.x86_64.rpm
kernel-abi-whitelists-2.6.32-754.15.3.el6.noarch.rpm
kernel-debug-2.6.32-754.15.3.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.15.3.el6.i686.rpm
kernel-debug-devel-2.6.32-754.15.3.el6.x86_64.rpm
kernel-devel-2.6.32-754.15.3.el6.x86_64.rpm
kernel-doc-2.6.32-754.15.3.el6.noarch.rpm
kernel-firmware-2.6.32-754.15.3.el6.noarch.rpm
kernel-headers-2.6.32-754.15.3.el6.x86_64.rpm
perf-2.6.32-754.15.3.el6.x86_64.rpm
python-perf-2.6.32-754.15.3.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-2.6.32-754.15.3.el6.src.rpm



Description of changes:

[2.6.32-754.15.3.el6.OL6]
- Update genkey [bug 25599697]

[2.6.32-754.15.3.el6]
- [net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Florian
Westphal) [1719614] {CVE-2019-11479}
- [net] tcp: add tcp_min_snd_mss sysctl (Florian Westphal) [1719614]
{CVE-2019-11479}
- [net] tcp: tcp_fragment() should apply sane memory limits (Florian
Westphal) [1719840] {CVE-2019-11478}
- [net] tcp: limit payload size of sacked skbs (Florian Westphal)
[1719585] {CVE-2019-11477}
- [net] tcp: pass previous skb to tcp_shifted_skb() (Florian Westphal)
[1719585] {CVE-2019-11477}

[2.6.32-754.15.2.el6]
- [lib] idr: free the top layer if idr tree has the maximum height
(Denys Vlasenko) [1698139] {CVE-2019-3896}
- [lib] idr: fix top layer handling (Denys Vlasenko) [1698139]
{CVE-2019-3896}
- [lib] idr: fix backtrack logic in idr_remove_all (Denys Vlasenko)
[1698139] {CVE-2019-3896}

[2.6.32-754.15.1.el6]
- [x86] x86/speculation: Don't print MDS_MSG_SMT message if mds_nosmt
specified (Waiman Long) [1710081 1710517]
- [x86] x86/spec_ctrl: Fix incorrect MDS handling in late microcode
loading (Waiman Long) [1710081 1710517]
- [x86] x86/speculation: Fix misuse of boot_cpu_has() with bug bits
(Waiman Long) [1710121]
- [x86] x86/speculation/mds: Fix documentation typo (Waiman Long) [1710517]
- [documentation] Documentation: Correct the possible MDS sysfs values
(Waiman Long) [1710517]
- [x86] x86/mds: Add MDSUM variant to the MDS documentation (Waiman
Long) [1710517]
- [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with
mitigations off (Waiman Long) [1710517]
- [x86] x86/speculation/mds: Fix comment (Waiman Long) [1710517]
- [x86] x86/speculation/mds: Add SMT warning message (Waiman Long)
[1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add mds=full, nosmt cmdline option (Waiman
Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127
CVE-2018-12130}
- [x86] x86/speculation: Remove redundant arch_smt_update() invocation
(Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127
CVE-2018-12130}
- [x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long)
[1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/spec_ctrl: Update MDS mitigation status after late microcode
load (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126
CVE-2018-12127 CVE-2018-12130}
- [documentation] Documentation: Add MDS vulnerability documentation
(Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127
CVE-2018-12130}
- [documentation] Documentation: Move L1TF to separate directory (Waiman
Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127
CVE-2018-12130}
- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long)
[1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long)
[1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add mitigation control for MDS (Waiman
Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127
CVE-2018-12130}
- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle
entry (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126
CVE-2018-12127 CVE-2018-12130}
- [kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active
(Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127
CVE-2018-12130}
- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman
Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127
CVE-2018-12130}
- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long)
[1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long)
[1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692386
1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS
(Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127
CVE-2018-12130}
- [x86] x86/speculation: Consolidate CPU whitelists (Waiman Long)
[1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692386 1692387
1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability
(Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127
CVE-2018-12130}
- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692386
1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [kernel] sched/smt: Provide sched_smt_active() (Waiman Long) [1692386
1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation: Provide arch_smt_update() (Waiman Long)
[1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/mm: Fix compilation warning in pgtable_types.h (Waiman Long)
[1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}

ELSA-2019-1492 Important: Oracle Linux 6 bind security update

Oracle Linux Security Advisory ELSA-2019-1492

http://linux.oracle.com/errata/ELSA-2019-1492.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
bind-9.8.2-0.68.rc1.el6_10.3.i686.rpm
bind-chroot-9.8.2-0.68.rc1.el6_10.3.i686.rpm
bind-devel-9.8.2-0.68.rc1.el6_10.3.i686.rpm
bind-libs-9.8.2-0.68.rc1.el6_10.3.i686.rpm
bind-sdb-9.8.2-0.68.rc1.el6_10.3.i686.rpm
bind-utils-9.8.2-0.68.rc1.el6_10.3.i686.rpm

x86_64:
bind-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm
bind-chroot-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm
bind-devel-9.8.2-0.68.rc1.el6_10.3.i686.rpm
bind-devel-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm
bind-libs-9.8.2-0.68.rc1.el6_10.3.i686.rpm
bind-libs-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm
bind-sdb-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm
bind-utils-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/bind-9.8.2-0.68.rc1.el6_10.3.src.rpm



Description of changes:

[32:9.8.2-0.68.rc1.3]
- Use only selected documentation files

[32:9.8.2-0.68.rc1.2]
- Fix CVE-2018-5743

ELSA-2019-4687 Important: Oracle Linux 7 libvirt security update (aarch64)

Oracle Linux Security Advisory ELSA-2019-4687

http://linux.oracle.com/errata/ELSA-2019-4687.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
libvirt-5.0.0-4.el7.aarch64.rpm
libvirt-bash-completion-5.0.0-4.el7.aarch64.rpm
libvirt-client-5.0.0-4.el7.aarch64.rpm
libvirt-daemon-5.0.0-4.el7.aarch64.rpm
libvirt-daemon-config-network-5.0.0-4.el7.aarch64.rpm
libvirt-daemon-config-nwfilter-5.0.0-4.el7.aarch64.rpm
libvirt-daemon-driver-interface-5.0.0-4.el7.aarch64.rpm
libvirt-daemon-driver-lxc-5.0.0-4.el7.aarch64.rpm
libvirt-daemon-driver-network-5.0.0-4.el7.aarch64.rpm
libvirt-daemon-driver-nodedev-5.0.0-4.el7.aarch64.rpm
libvirt-daemon-driver-nwfilter-5.0.0-4.el7.aarch64.rpm
libvirt-daemon-driver-qemu-5.0.0-4.el7.aarch64.rpm
libvirt-daemon-driver-secret-5.0.0-4.el7.aarch64.rpm
libvirt-daemon-driver-storage-5.0.0-4.el7.aarch64.rpm
libvirt-daemon-driver-storage-core-5.0.0-4.el7.aarch64.rpm
libvirt-daemon-driver-storage-disk-5.0.0-4.el7.aarch64.rpm
libvirt-daemon-driver-storage-gluster-5.0.0-4.el7.aarch64.rpm
libvirt-daemon-driver-storage-iscsi-5.0.0-4.el7.aarch64.rpm
libvirt-daemon-driver-storage-logical-5.0.0-4.el7.aarch64.rpm
libvirt-daemon-driver-storage-mpath-5.0.0-4.el7.aarch64.rpm
libvirt-daemon-driver-storage-rbd-5.0.0-4.el7.aarch64.rpm
libvirt-daemon-driver-storage-scsi-5.0.0-4.el7.aarch64.rpm
libvirt-daemon-kvm-5.0.0-4.el7.aarch64.rpm
libvirt-daemon-qemu-5.0.0-4.el7.aarch64.rpm
libvirt-devel-5.0.0-4.el7.aarch64.rpm
libvirt-docs-5.0.0-4.el7.aarch64.rpm
libvirt-libs-5.0.0-4.el7.aarch64.rpm
libvirt-admin-5.0.0-4.el7.aarch64.rpm
libvirt-daemon-lxc-5.0.0-4.el7.aarch64.rpm
libvirt-lock-sanlock-5.0.0-4.el7.aarch64.rpm
libvirt-login-shell-5.0.0-4.el7.aarch64.rpm
libvirt-nss-5.0.0-4.el7.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libvirt-5.0.0-4.el7.src.rpm



Description of changes:

[5.0.0-4.el7]
- logging: restrict sockets to mode 0600 (Daniel P. Berrangé) [Orabug:
29861433] {CVE-2019-10132}
- locking: restrict sockets to mode 0600 (Daniel P. Berrangé) [Orabug:
29861433] {CVE-2019-10132}
- admin: reject clients unless their UID matches the current UID (Daniel
P. Berrangé) [Orabug: 29861433] {CVE-2019-10132}


New Ksplice updates for RHCK 7 (ELSA-2019-1481)

Synopsis: ELSA-2019-1481 can now be patched using Ksplice
CVEs: CVE-2019-11477 CVE-2019-11478 CVE-2019-11479

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-1481.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2019-1481.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 7 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-11477, CVE-2019-11478, CVE-2019-11479: Remote Denial-of-service in
TCP stack.

A number of errors in the TCP stack could result in a remotely
triggerable denial of service on links with a small Maximum Segment Size
(MSS). A remote user could use a maliciously crafted TCP stream to
either panic the system or exhaust resources.

A new sysctl, ksplice_net_ipv4.tcp_min_snd_mss can be used to to adjust
the minimum Maximum Segment Size and defaults to 48 bytes.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.


New Ksplice updates for UEKR2 2.6.39 on OL5 and OL6 (ELSA-2019-4689)

Synopsis: ELSA-2019-4689 can now be patched using Ksplice
CVEs: CVE-2019-11477 CVE-2019-11478 CVE-2019-11479

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-4689.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2019-4689.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR2 2.6.39 on
OL5 and OL6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-11477, CVE-2019-11478, CVE-2019-11479: Remote Denial-of-service in TCP stack.

A number of errors in the TCP stack could result in a remotely
triggerable denial of service on links with a small Maximum Segment Size
(MSS). A remote user could use a maliciously crafted TCP stream to
either panic the system or exhaust resources.

A new sysctl, ksplice_net_ipv4.tcp_min_snd_mss can be used to to adjust
the minimum Maximum Segment Size and defaults to 48 bytes.

Orabug: 29884308, 29890843, 29886601

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.

New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2019-4685)

Synopsis: ELSA-2019-4685 can now be patched using Ksplice
CVEs: CVE-2017-7308 CVE-2018-14633 CVE-2018-14634 CVE-2018-20836 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-11810 CVE-2019-11815 CVE-2019-11884

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-4685.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2019-4685.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-11477, CVE-2019-11478, CVE-2019-11479: Remote Denial-of-service in TCP stack.

A number of errors in the TCP stack could result in a remotely
triggerable denial of service on links with a small Maximum Segment Size
(MSS). A remote user could use a maliciously crafted TCP stream to
either panic the system or exhaust resources.

A new sysctl, ksplice_net_ipv4.tcp_min_snd_mss can be used to to adjust
the minimum Maximum Segment Size and defaults to 48 bytes.

Orabug: 29890784, 29882565


* CVE-2018-14633: Information leak in iSCSI CHAP authentication.

A stack overflow in the iSCSI CHAP authentication MD5 computation could
result in an out of bounds access and denial of service or potentially
leaking sensitive data by an unauthenticated remote user.

Orabug: 29778873


* CVE-2018-14633: Permission bypass in SCSI authentication request process.

A logic error in SCSI authentication request process could lead to a
buffer overflow. A local attacker could use this flaw to expose SCSI
content without permission.

Orabug: 29778873


* Denial-of-service in Reliable Datagram Socket reconnection.

Incorrect timeout logic when performing a reconnection to the same IP
address could result in a flood of reconnect attempts. This could be
exploited by a local user to trigger a network denial of service on the
interface.

Orabug: 29629985


* CVE-2018-20836: Use-after-free in SCSI SAS timeout.

A logic error when performing task completion for a SCSI SAS SMP timeout
could result in a use-after-free and kernel crash.

Orabug: 29783151


* CVE-2019-11810: Denial-of-service in LSI Logic MegaRAID probing.

A logic error in the LSI Logic MegaRAID device probing could result in a
NULL pointer dereference and kernel crash under specific conditions.

Orabug: 29783169


* CVE-2019-11884: Information leak in Bluetooth HIDP HIDPCONNADD ioctl().

Missing string termination in the Bluetooth HIDP HIDPCONNADD ioctl()
could result in leaking the contents of the kernel stack to a local
user.

Orabug: 29786769


* CVE-2019-11815: Use-after-free in RDS socket creation.

A logic error in the RDS code could fail to properly clean up a socket once
it is destroyed, which could then lead to a use-after-free on a new socket
creation. This could be used to cause a denial-of-service.

Orabug: 29802783


* Kernel crash in OCFS2 reading of deleted inodes.

A race condition when reading an inode that has been deleted could
result in a kernel crash under specific conditions.

Orabug: 29811589

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.