Lucene search

K
oraclelinux
OracleLinuxELSA-2020-0374
HistoryFeb 05, 2020 - 12:00 a.m.

kernel security and bug fix update

2020-02-0500:00:00
linux.oracle.com
110

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

[3.10.0-1062.12.1.OL7]

  • Oracle Linux certificates (Alexey Petrenko)
  • Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
  • Update x509.genkey [Orabug: 24817676]
    [3.10.0-1062.12.1]
  • [powerpc] powerpc/pseries: Remove confusing warning message (Gustavo Duarte) [1780148 1748306]
  • [powerpc] powerpc/pseries: Call H_BLOCK_REMOVE when supported (Gustavo Duarte) [1780148 1748306]
  • [powerpc] powerpc/pseries: Read TLB Block Invalidate Characteristics (Gustavo Duarte) [1780148 1748306]
  • [scsi] scsi: bnx2fc: Handle scope bits when array returns BUSY or TSF (Nilesh Javali) [1776290 1750577]
  • [scsi] scsi: bnx2fc: remove set but not used variables ‘task’, ‘port’, ‘orig_task’ (Nilesh Javali) [1776290 1750577]
  • [scsi] scsi: bnx2fc: remove set but not used variables ‘lport’, ‘host’ (Nilesh Javali) [1776290 1750577]
  • [scsi] scsi: bnx2fc: remove set but not used variable ‘fh’ (Nilesh Javali) [1776290 1750577]
  • [fs] SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (Leif Sahlberg) [1767621 1764567]
    [3.10.0-1062.11.1]
  • [tty] TTY: serial_core, add ->install (Kenneth Yin) [1780163 1443152]
  • [net] gro: fix use-after-free read in napi_gro_frags() (Paolo Abeni) [1780033 1750810]
  • [net] cfg80211: wext: avoid copying malformed SSIDs (Stanislaw Gruszka) [1778631 1778632]
  • [fs] userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx (Alex Gladkov) [1777351 1749766]
  • [fs] gfs2: Use async glocks for rename (Robert S Peterson) [1777297 1677686]
  • [fs] gfs2: create function gfs2_glock_update_hold_time (Robert S Peterson) [1777297 1677686]
  • [fs] gfs2: separate holder for rgrps in gfs2_rename (Robert S Peterson) [1777297 1677686]
  • [wireless] mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings (Stanislaw Gruszka) [1776615 1776616]
  • [x86] cpuidle-haltpoll: vcpu hotplug support (Marcelo Tosatti) [1776289 1771849]
  • [cpuidle] cpuidle-haltpoll: return -ENODEV on modinit failure (Marcelo Tosatti) [1776289 1756843]
  • [wireless] mwifiex: fix possible heap overflow in mwifiex_process_country_ie() (Stanislaw Gruszka) [1776205 1776206]
  • [wireless] mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() (Stanislaw Gruszka) [1776156 1776157] {CVE-2019-14901}
  • [fs] vfs: Fix EOVERFLOW testing in put_compat_statfs64 (Eric Sandeen) [1775678 1758001]
  • [x86] x86/atomic: Fix smp_mb__{before,after}_atomic() (Prarit Bhargava) [1772812 1769569]
  • [mm] mm-vmstat-reduce-zone-lock-holding-time-by-proc-pagetypeinfo-fix (Waiman Long) [1770732 1757943]
  • [mm] mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (Waiman Long) [1770732 1757943]
  • [mm] mm, vmstat: hide /proc/pagetypeinfo from normal users (Waiman Long) [1770732 1757943]
  • [md] dm rq: fix handling underlying queue busy (Ming Lei) [1770113 1767482]
  • [pci] hv: Use bytes 4 and 5 from instance ID as the PCI domain numbers (Mohammed Gamal) [1766097 1634251]
  • [pci] hv: Detect and fix Hyper-V PCI domain number collision (Mohammed Gamal) [1766097 1634251]
  • [pci] hv: Serialize the present and eject work items (Mohammed Gamal) [1766097 1634251]
  • [netdrv] hv_netvsc: fix network namespace issues with VF support (Mohammed Gamal) [1766093 1741334]
  • [netdrv] hv_netvsc: move VF to same namespace as netvsc device (Mohammed Gamal) [1766093 1741334]
  • [netdrv] hv_netvsc: set master device (Mohammed Gamal) [1766093 1741334]
  • [pci] PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it (Mohammed Gamal) [1766089 1737567]
    [3.10.0-1062.10.1]
  • [net] netfilter: masquerade: don’t flush all conntracks if only one address deleted on device (Patrick Talbert) [1779564 1771396]
  • [net] netfilter: conntrack: resched in nf_ct_iterate_cleanup (Patrick Talbert) [1779564 1771396]
How to protect your server from attacks?

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Related for ELSA-2020-0374