The following updates has been released for Oracle Linux:
ELSA-2019-2829 Important: Oracle Linux 7 kernel security update
ELSA-2019-2836 Important: Oracle Linux 7 dovecot security update
ELSA-2019-2836 Important: Oracle Linux 7 dovecot security update (aarch64)
ELSA-2019-4799 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2019-4799 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)
ELSA-2019-4800 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2019-4800 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
New Ksplice updates for RHCK 7 (ELSA-2019-2829-01)
New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2019-4789)
New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2019-4799)
ELSA-2019-2829 Important: Oracle Linux 7 kernel security update
ELSA-2019-2836 Important: Oracle Linux 7 dovecot security update
ELSA-2019-2836 Important: Oracle Linux 7 dovecot security update (aarch64)
ELSA-2019-4799 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2019-4799 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)
ELSA-2019-4800 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2019-4800 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
New Ksplice updates for RHCK 7 (ELSA-2019-2829-01)
New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2019-4789)
New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2019-4799)
ELSA-2019-2829 Important: Oracle Linux 7 kernel security update
Oracle Linux Security Advisory ELSA-2019-2829
http://linux.oracle.com/errata/ELSA-2019-2829.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
bpftool-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-1062.1.2.el7.noarch.rpm
kernel-debug-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-devel-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-doc-3.10.0-1062.1.2.el7.noarch.rpm
kernel-headers-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-tools-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.1.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.1.2.el7.x86_64.rpm
perf-3.10.0-1062.1.2.el7.x86_64.rpm
python-perf-3.10.0-1062.1.2.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-1062.1.2.el7.src.rpm
Description of changes:
[3.10.0-1062.1.2.el7.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel
(olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]
[3.10.0-1062.1.2.el7]
- [vhost] vhost: make sure log_num < in_num (Eugenio Perez) [1750879
1750880] {CVE-2019-14835}
ELSA-2019-2836 Important: Oracle Linux 7 dovecot security update
Oracle Linux Security Advisory ELSA-2019-2836
http://linux.oracle.com/errata/ELSA-2019-2836.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
dovecot-2.2.36-3.el7_7.1.i686.rpm
dovecot-2.2.36-3.el7_7.1.x86_64.rpm
dovecot-devel-2.2.36-3.el7_7.1.x86_64.rpm
dovecot-mysql-2.2.36-3.el7_7.1.x86_64.rpm
dovecot-pgsql-2.2.36-3.el7_7.1.x86_64.rpm
dovecot-pigeonhole-2.2.36-3.el7_7.1.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/dovecot-2.2.36-3.el7_7.1.src.rpm
Description of changes:
[1:2.2.36-3.1]
- fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
when scanning data in quoted strings, leading to out of bounds heap
memory writes (#1751383)
ELSA-2019-2836 Important: Oracle Linux 7 dovecot security update (aarch64)
Oracle Linux Security Advisory ELSA-2019-2836
http://linux.oracle.com/errata/ELSA-2019-2836.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
aarch64:
dovecot-2.2.36-3.el7_7.1.aarch64.rpm
dovecot-mysql-2.2.36-3.el7_7.1.aarch64.rpm
dovecot-pgsql-2.2.36-3.el7_7.1.aarch64.rpm
dovecot-pigeonhole-2.2.36-3.el7_7.1.aarch64.rpm
dovecot-devel-2.2.36-3.el7_7.1.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/dovecot-2.2.36-3.el7_7.1.src.rpm
Description of changes:
[1:2.2.36-3.1]
- fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
when scanning data in quoted strings, leading to out of bounds heap
memory writes (#1751383)
ELSA-2019-4799 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2019-4799
http://linux.oracle.com/errata/ELSA-2019-4799.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-4.14.35-1902.5.2.2.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-1902.5.2.2.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-1902.5.2.2.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-1902.5.2.2.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-1902.5.2.2.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-1902.5.2.2.el7uek.noarch.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1902.5.2.2.el7uek.src.rpm
Description of changes:
[4.14.35-1902.5.2.2.el7uek]
- KVM: coalesced_mmio: add bounds checking (Matt Delco) [Orabug:
30318013] {CVE-2019-14821} {CVE-2019-14821}
ELSA-2019-4799 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)
Oracle Linux Security Advisory ELSA-2019-4799
http://linux.oracle.com/errata/ELSA-2019-4799.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
aarch64:
kernel-uek-4.14.35-1902.5.2.2.el7uek.aarch64.rpm
kernel-uek-debug-4.14.35-1902.5.2.2.el7uek.aarch64.rpm
kernel-uek-debug-devel-4.14.35-1902.5.2.2.el7uek.aarch64.rpm
kernel-uek-devel-4.14.35-1902.5.2.2.el7uek.aarch64.rpm
kernel-uek-tools-4.14.35-1902.5.2.2.el7uek.aarch64.rpm
kernel-uek-tools-libs-4.14.35-1902.5.2.2.el7uek.aarch64.rpm
kernel-uek-tools-libs-devel-4.14.35-1902.5.2.2.el7uek.aarch64.rpm
perf-4.14.35-1902.5.2.2.el7uek.aarch64.rpm
python-perf-4.14.35-1902.5.2.2.el7uek.aarch64.rpm
kernel-uek-headers-4.14.35-1902.5.2.2.el7uek.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1902.5.2.2.el7uek.src.rpm
Description of changes:
[4.14.35-1902.5.2.2.el7uek]
- KVM: coalesced_mmio: add bounds checking (Matt Delco) [Orabug:
30318013] {CVE-2019-14821} {CVE-2019-14821}
ELSA-2019-4800 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2019-4800
http://linux.oracle.com/errata/ELSA-2019-4800.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-doc-4.1.12-124.31.1.1.el6uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.31.1.1.el6uek.noarch.rpm
kernel-uek-4.1.12-124.31.1.1.el6uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.31.1.1.el6uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.31.1.1.el6uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.31.1.1.el6uek.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-4.1.12-124.31.1.1.el6uek.src.rpm
Description of changes:
[4.1.12-124.31.1.1.el6uek]
- KVM: coalesced_mmio: add bounds checking (Matt Delco) [Orabug:
30318042] {CVE-2019-14821} {CVE-2019-14821}
ELSA-2019-4800 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2019-4800
http://linux.oracle.com/errata/ELSA-2019-4800.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-doc-4.1.12-124.31.1.1.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.31.1.1.el7uek.noarch.rpm
kernel-uek-4.1.12-124.31.1.1.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.31.1.1.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.31.1.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.31.1.1.el7uek.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.1.12-124.31.1.1.el7uek.src.rpm
Description of changes:
[4.1.12-124.31.1.1.el7uek]
- KVM: coalesced_mmio: add bounds checking (Matt Delco) [Orabug:
30318042] {CVE-2019-14821} {CVE-2019-14821}
New Ksplice updates for RHCK 7 (ELSA-2019-2829-01)
Synopsis: ELSA-2019-2829-01 can now be patched using Ksplice
CVEs: CVE-2019-14835
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-2829-01.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2019-2829-01.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running RHCK 7 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2019-14835: Privilege escalation during live migration of guest.
A failure to check for guest creating a zero length queue in the vhost driver
can lead to a buffer overflow in the host kernel. A guest virtual machine
could use this flaw to crash the host or potentially escalate privileges when
the virtual machine is live migrated.
Orabug: 30312787
SUPPORT
Ksplice support is available at ksplice-support_ww@oracle.com.
New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2019-4789)
Synopsis: ELSA-2019-4789 can now be patched using Ksplice
CVEs: CVE-2018-18445 CVE-2019-14835
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-4789.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2019-4789.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Improved fix for Spectre v1: Bounds check bypass in Vhost ioctl.
A missing use of the indirect call protection macro in the vhost ioctl
code could lead to speculative execution. A local attacker could use
this flaw to leak information about the running system.
Orabug: 30312787
* CVE-2019-14835: Privilege escalation during live migration of guest.
A failure to check for guest creating a zero length queue in the vhost driver
can lead to a buffer overflow in the host kernel. A guest virtual machine
could use this flaw to crash the host or potentially escalate privileges when
the virtual machine is live migrated.
Orabug: 30312787
SUPPORT
Ksplice support is available at ksplice-support_ww@oracle.com.
New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2019-4799)
Synopsis: ELSA-2019-4799 can now be patched using Ksplice
CVEs: CVE-2019-14821
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-4799.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2019-4799.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2019-14821: Denial-of-service in KVM MMIO coalesced writes.
An out-of-bounds access to the coalesced MMIO ring buffer could result
in a kernel crash. A malicious guest could use this flaw to crash the
hypervisor or potentially, escalate privileges.
Orabug: 30318013
SUPPORT
Ksplice support is available at ksplice-support_ww@oracle.com.
