Lucene search

K
oraclelinuxOracleLinuxELSA-2019-0818
HistoryApr 23, 2019 - 12:00 a.m.

kernel security and bug fix update

2019-04-2300:00:00
linux.oracle.com
236

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.048 Low

EPSS

Percentile

91.8%

[3.10.0-957.12.1.OL7]

  • Oracle Linux certificates (Alexey Petrenko)
  • Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected])
  • Update x509.genkey [bug 24817676]
    [3.10.0-957.12.1]
  • [kernel] locking/rwsem: Fix (possible) missed wakeup (Waiman Long) [1690323 1547078]
  • [kernel] futex: Fix (possible) missed wakeup (Waiman Long) [1690323 1547078]
  • [kernel] futex: Use smp_store_release() in mark_wake_futex() (Waiman Long) [1690323 1547078]
  • [kernel] sched/wake_q: Fix wakeup ordering for wake_q (Waiman Long) [1690323 1547078]
  • [kernel] sched/wake_q: Document wake_q_add() (Waiman Long) [1690323 1547078]
  • [scsi] mpt3sas: As per MPI-spec, use combined reply queue for SAS3.5 controllers when HBA supports more than 16 MSI-x vectors (Tomas Henzl) [1689379 1649288]
  • [x86] cpu: avoid crash in get_cpu_cache_id() (David Arcari) [1689120 1626279]
  • [net] igmp: Allow user-space configuration of igmp unsolicited report interval (Hangbin Liu) [1686771 1663941]
  • [net] igmp: Don’t flush routing cache when force_igmp_version is modified (Hangbin Liu) [1686771 1663941]
  • [net] igmp: fix incorrect unsolicit report count after link down and up (Hangbin Liu) [1688225 1623359]
  • [net] igmp: fix incorrect unsolicit report count when join group (Hangbin Liu) [1688225 1623359]
  • [net] igmp: make function __ip_mc_inc_group() static (Hangbin Liu) [1688225 1623359]
  • [net] igmp: Reduce Unsolicited report interval to 1s when using IGMPv3 (Hangbin Liu) [1688225 1623359]
  • [netdrv] cxgb4: Mask out interrupts that are not enabled (Arjun Vynipadath) [1687487 1678729]
  • [acpi] apci / watchdog: enable acpi_watchdog_uses_rtc (David Arcari) [1683078 1663637]
  • [watchdog] simplify getting .drvdata (David Arcari) [1683079 1666393]
  • [acpi] acpi / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (David Arcari) [1683079 1666393]
  • [acpi] acpi / watchdog: Prefer iTCO_wdt on Lenovo Z50-70 (David Arcari) [1683079 1666393]
  • [acpi] acpi / watchdog: properly initialize resources (David Arcari) [1683079 1666393]
  • [acpi] acpi / watchdog: Fix init failure with overlapping register regions (David Arcari) [1683079 1666393]
  • [acpi] acpi / watchdog: Print out error number when device creation fails (David Arcari) [1683079 1666393]
  • [net] netfilter: nat: limit port clash resolution attempts (Florian Westphal) [1683093 1654777]
  • [net] netfilter: nat: remove l4 protocol port rovers (Florian Westphal) [1683093 1654777]
  • [net] netfilter: nat: cope with negative port range (Florian Westphal) [1683093 1654777]
  • [x86] mm/fault: Allow stack access below rsp (Waiman Long) [1678221 1651416]
  • [nvme] nvme-rdma: fix possible double free of controller async event buffer (David Milburn) [1678214 1659532]
  • [nvme] nvme-rdma: fix possible free of a non-allocated async event buffer (David Milburn) [1678214 1659532]
  • [nvme] nvme-rdma: stop admin queue before freeing it (David Milburn) [1678214 1659532]
  • [nvme] rdma: fix double freeing of async event data (David Milburn) [1678216 1655786]
  • [md] fix memleak for mempool (Nigel Croxon) [1678215 1599780]
  • [md] Memory leak when flush bio size is zero (Nigel Croxon) [1678215 1599780]
  • [md] fix lock contention for flush bios (Nigel Croxon) [1678215 1599780]
  • [net] ipv6: rate-limit probes for neighbourless routes (Sabrina Dubroca) [1677179 1637821]
  • [net] ipv6: Re-arrange code in rt6_probe() (Sabrina Dubroca) [1677179 1637821]
  • [netdrv] cxgb4: update supported DCB version (Arjun Vynipadath) [1673821 1668570]
  • [netdrv] cxgb4: when disabling dcb set txq dcb priority to 0 (Arjun Vynipadath) [1673821 1668570]
  • [kvm] kvm: fix kvm_ioctl_create_device() reference counting (Paolo Bonzini) [1671922 1671923] {CVE-2019-6974}
  • [kvm] KVM: nVMX: unconditionally cancel preemption timer in free_nested (Paolo Bonzini) [1671905 1671906] {CVE-2019-7221}
  • [mm] page-writeback.c: fix range_cyclic writeback vs writepages deadlock (Brian Foster) [1673281 1591574]
  • [fs] rbd: avoid corruption on partially completed bios (Ilya Dryomov) [1672514 1613493]
    [3.10.0-957.11.1]
  • [net] netfilter: nf_nat: skip nat clash resolution for same-origin entries (Florian Westphal) [1686766 1648965]
  • [net] netfilter: nf_conntrack: resolve clash for matching conntracks (Florian Westphal) [1686766 1648965]
  • [net] netfilter: conntrack: skip clash resolution if nat is in place (Florian Westphal) [1686766 1648965]
  • [net] netfilter: conntrack: introduce clash resolution on insertion race (Florian Westphal) [1686766 1648965]
  • [net] netfilter: conntrack: fix race between confirmation and flush (Florian Westphal) [1686766 1648965]
  • [net] netfilter: conntrack: introduce nf_ct_acct_update() (Florian Westphal) [1686766 1648965]
  • [netdrv] hv_netvsc: Fix a network regression after ifdown/ifup (Mohammed Gamal) [1679997 1661632]

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.048 Low

EPSS

Percentile

91.8%