[Oraclevm-errata] OVMSA-2019-0009 Important: Oracle VM 3.4 Unbreakable Enterprise kernel security update

Wed Mar 13 08:00:13 PDT 2019

Oracle VM Security Advisory OVMSA-2019-0009

The following updated rpms for Oracle VM 3.4 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-uek-4.1.12-124.26.1.el6uek.x86_64.rpm
kernel-uek-firmware-4.1.12-124.26.1.el6uek.noarch.rpm

SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/kernel-uek-4.1.12-124.26.1.el6uek.src.rpm

Description of changes:

[4.1.12-124.26.1.el6uek]
- NFS: commit direct writes even if they fail partially (J. Bruce Fields)  [Orabug: 28212440]
- rds: update correct congestion map for loopback transport (Mukesh Kacker)  [Orabug: 29175685]
- ext4: only look at the bg_flags field if it is valid (Theodore Ts'o)  [Orabug: 29316684]  {CVE-2018-10876} {CVE-2018-10876}
- uek-rpm: Add kernel-uek version to kernel-ueknano provides (Somasundaram Krishnasamy)  [Orabug: 29357643]
- net: Set sk_prot_creator when cloning sockets to the right proto (Christoph Paasch)  [Orabug: 29422739]  {CVE-2018-9568}
- ext4: always check block group bounds in ext4_init_block_bitmap() (Theodore Ts'o)  [Orabug: 29428607]  {CVE-2018-10878}
- ext4: make sure bitmaps and the inode table don't overlap with bg descriptors (Theodore Ts'o)  [Orabug: 29428607]  {CVE-2018-10878}
- vfs: Add sb_rdonly(sb) to query the MS_RDONLY flag on s_flags (David Howells)  [Orabug: 29428607]  {CVE-2018-10878}
- iscsi: Capture iscsi debug messages using tracepoints (Fred Herard)  [Orabug: 29429855]

[4.1.12-124.25.4.el6uek]
- KEYS: add missing permission check for request_key() destination (Eric Biggers)  [Orabug: 29304551]  {CVE-2017-17807}
- KEYS: Don't permit request_key() to construct a new keyring (David Howells)  [Orabug: 29304551]  {CVE-2017-17807}
- mlx4_ib: Distribute completion vectors when zero is supplied (Håkon Bugge)  [Orabug: 29318191]
- bnxt_en: Fix TX timeout during netpoll. (Michael Chan)  [Orabug: 29357977]
- bnxt_en: Fix for system hang if request_irq fails (Vikas Gupta)  [Orabug: 29357977]
- bnxt_en: Fix firmware message delay loop regression. (Michael Chan)  [Orabug: 29357977]
- bnxt_en: reduce timeout on initial HWRM calls (Andy Gospodarek)  [Orabug: 29357977]
- bnxt_en: Fix NULL pointer dereference at bnxt_free_irq(). (Michael Chan)  [Orabug: 29357977]
- bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa(). (Michael Chan)  [Orabug: 29357977]
- bnxt_en: Do not modify max IRQ count after RDMA driver requests/frees IRQs. (Michael Chan)  [Orabug: 29357977]
- mm: cleancache: fix corruption on missed inode invalidation (Pavel Tikhomirov)  [Orabug: 29364670]  {CVE-2018-16862}
- l2tp: fix reading optional fields of L2TPv3 (Jacob Wen)  [Orabug: 29368048]
- net/packet: fix a race in packet_bind() and packet_notifier() (Eric Dumazet)  [Orabug: 29385593]  {CVE-2018-18559}
- ext4: verify the depth of extent tree in ext4_find_extent() (Theodore Ts'o)  [Orabug: 29396712]  {CVE-2018-10877} {CVE-2018-10877}

[4.1.12-124.25.3.el6uek]
- blk-mq: Do not invoke .queue_rq() for a stopped queue (Bart Van Assche)  [Orabug: 28766011]
- uek-rpm: use multi-threaded xz compression for rpms (Alexander Burmashev)  [Orabug: 29323635]
- uek-rpm: optimize find-requires usage (Alexander Burmashev)  [Orabug: 29323635]
- find-debuginfo.sh: backport parallel files procession (Alexander Burmashev)  [Orabug: 29323635]
- KVM: SVM: Add MSR-based feature support for serializing LFENCE (Tom Lendacky)  [Orabug: 29335274]

[4.1.12-124.25.2.el6uek]
- Enable RANDOMIZE_BASE (John Haxby)  [Orabug: 29305587]
- slub: make ->cpu_partial unsigned (Alexey Dobriyan)  [Orabug: 28620592]
- dtrace: support kernels built with RANDOMIZE_BASE (Kris Van Hees)  [Orabug: 29204005]