El-errata: ELSA-2020-5801 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2020-5801
http://linux.oracle.com/errata/ELSA-2020-5801.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-doc-4.1.12-124.41.4.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.41.4.el7uek.noarch.rpm
kernel-uek-4.1.12-124.41.4.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.41.4.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.41.4.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.41.4.el7uek.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.1.12-124.41.4.el7uek.src.rpm
Description of changes:
[4.1.12-124.41.4.el7uek]
- uek-rpm: Add OL6 shim conflict for new signing key (Eric Snowberg)
[Orabug: 31688239] - Revert "certs: Add Oracle's new X509 cert into the
kernel keyring" (Eric Snowberg) [Orabug: 31688223] - blk-mq: don't
overwrite rq->mq_ctx (Jens Axboe) [Orabug: 31457304] - blk-mq: mark ctx
as pending at batch in flush plug path (Ming Lei) [Orabug: 31457304]
[4.1.12-124.41.3.el7uek]
- scsi: qla2xxx: Fix stuck session in GNL (Quinn Tran) [Orabug:
31561461] - scsi: qla2xxx: Serialize session free in
qlt_free_session_done (Quinn Tran) [Orabug: 31561461] - scsi: qla2xxx:
v2: Change abort wait_loop from msleep to wait_event_timeout (Giridhar
Malavali) [Orabug: 26932683] - scsi: qla2xxx: v2: Move ABTS code behind
qpair (Quinn Tran) [Orabug: 31517449] - ocfs2: change slot number type
s16 to u16 (Junxiao Bi) [Orabug: 31027042] - ocfs2: fix value of
OCFS2_INVALID_SLOT (Junxiao Bi) [Orabug: 31027042] - ocfs2: fix panic on
nfs server over ocfs2 (Junxiao Bi) [Orabug: 31027042] - ocfs2: load
global_inode_alloc (Junxiao Bi) [Orabug: 31027042] - ocfs2: avoid inode
removal while nfsd is accessing it (Junxiao Bi) [Orabug: 31027042] -
block_dev: don't test bdev->bd_contains when it is not stable
(NeilBrown) [Orabug: 31554143] - KVM: x86: Remove spurious semicolon
(Joao Martins) [Orabug: 31584727]
[4.1.12-124.41.2.el7uek]
- media: rc: prevent memory leak in cx23888_ir_probe (Navid Emamdoost)
[Orabug: 31351672] {CVE-2019-19054}
- vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson)
[Orabug: 31439671] {CVE-2020-12888}
- vfio/pci: Mask buggy SR-IOV VF INTx support (Alex Williamson) [Orabug:
31439671] {CVE-2020-12888}
- vfio-pci: Invalidate mmaps and block MMIO access on disabled memory
(Alex Williamson) [Orabug: 31439671] {CVE-2020-12888} {CVE-2020-12888}
- vfio/pci: Pull BAR mapping setup from read-write path (Alex
Williamson) [Orabug: 31439671] {CVE-2020-12888}
- vfio_pci: Enable memory accesses before calling pci_map_rom (Eric
Auger) [Orabug: 31439671] {CVE-2020-12888}
- vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson)
[Orabug: 31439671] {CVE-2020-12888}
- vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [Orabug:
31439671] {CVE-2020-12888}
- mm: bring in additional flag for fixup_user_fault to signal unlock
(Dominik Dingel) [Orabug: 31439671] {CVE-2020-12888}
- vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn()
(Sean Christopherson) [Orabug: 31439671] {CVE-2020-12888}
- x86/mitigations: reset default value for srbds_mitigation (Mihai
Carabas) [Orabug: 31514993] - x86/cpu: clear X86_BUG_SRBDS before late
loading (Mihai Carabas) [Orabug: 31514993] - x86/mitigations: update
MSRs on all CPUs for SRBDS (Mihai Carabas) [Orabug: 31514993] - Revert
"x86/efi: Request desired alignment via the PE/COFF headers" (Matt
Fleming) [Orabug: 31602576]
[4.1.12-124.41.1.el7uek]
- can, slip: Protect tty->disc_data in write_wakeup and close with RCU
(Richard Palethorpe) [Orabug: 31516085] {CVE-2020-14416}
- scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout()
(himanshu.madhani@cavium.com) [Orabug: 31530589] - scsi: qla2xxx: Fix
NULL pointer access for fcport structure (Quinn Tran) [Orabug: 31530589]
An Unbreakable Enterprise kernel security update has been released for Oracle Linux 7.
