Oracle Linux Security Advisory ELSA-2021-9459

https://linux.oracle.com/errata/ELSA-2021-9459.html

The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.54.6.1.el6uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.54.6.1.el6uek.noarch.rpm
kernel-uek-4.1.12-124.54.6.1.el6uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.54.6.1.el6uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.54.6.1.el6uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.54.6.1.el6uek.x86_64.rpm



Related CVEs:

CVE-2019-3900
CVE-2020-24586
CVE-2020-26139
CVE-2020-12114
CVE-2019-19448
CVE-2019-17133
CVE-2020-24587
CVE-2020-24588
CVE-2020-26139
CVE-2020-24587
CVE-2021-3655
CVE-2021-38160
CVE-2020-26140
CVE-2020-26141
CVE-2020-26142
CVE-2020-26143
CVE-2020-26144
CVE-2020-26145
CVE-2020-26146
CVE-2020-26147
CVE-2020-24586
CVE-2021-3715
CVE-2021-0512
CVE-2021-40490




Description of changes:

[4.1.12-124.54.6.1.el6uek]
- fs/namespace.c: fix mountpoint reference counter race (Piotr Krysiuk)  [Orabug: 33369433]  {CVE-2020-12114} {CVE-2020-12114}
- btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik)  [Orabug: 33369414]  {CVE-2019-19448} {CVE-2019-19448}
- cfg80211: wext: avoid copying malformed SSIDs (Will Deacon)  [Orabug: 33369390]  {CVE-2019-17133}
- vhost_net: fix possible infinite loop (Jason Wang)  [Orabug: 33369374]  {CVE-2019-3900} {CVE-2019-3900}
- vhost: introduce vhost_exceeds_weight() (Jason Wang)  [Orabug: 33369374]  {CVE-2019-3900}
- vhost_net: introduce vhost_exceeds_weight() (Jason Wang)  [Orabug: 33369374]  {CVE-2019-3900}
- vhost_net: use packet weight for rx handler, too (Paolo Abeni)  [Orabug: 33369374]  {CVE-2019-3900}
- vhost-net: set packet weight of tx polling to 2 * vq size (haibinzhang(张海斌))  [Orabug: 33369374]  {CVE-2019-3900}
- mac80211: extend protection against mixed key and fragment cache attacks (Wen Gong)  [Orabug: 33369361]  {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24586} {CVE-2020-24587}
- mac80211: do not accept/forward invalid EAPOL frames (Johannes Berg)  [Orabug: 33369361]  {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}
- mac80211: prevent attacks on TKIP/WEP as well (Johannes Berg)  [Orabug: 33369361]  {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}
- mac80211: check defrag PN against current frame (Johannes Berg)  [Orabug: 33369361]  {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}
- mac80211: add fragment cache to sta_info (Johannes Berg)  [Orabug: 33369361]  {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}
- mac80211: drop A-MSDUs on old ciphers (Johannes Berg)  [Orabug: 33369361]  {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24588}
- cfg80211: mitigate A-MSDU aggregation attacks (Mathy Vanhoef)  [Orabug: 33369361]  {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24588}
- mac80211: properly handle A-MSDUs that start with an RFC 1042 header (Mathy Vanhoef)  [Orabug: 33369361]  {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}
- mac80211: prevent mixed key and fragment cache attacks (Mathy Vanhoef)  [Orabug: 33369361]  {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24587} {CVE-2020-24586}
- mac80211: assure all fragments are encrypted (Mathy Vanhoef)  [Orabug: 33369361]  {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-26147}
- sctp: validate from_addr_param return (Marcelo Ricardo Leitner)  [Orabug: 33369303]  {CVE-2021-3655}
- virtio_console: Assure used length from device is limited (Xie Yongji)  [Orabug: 33369276]  {CVE-2021-38160}
- net_sched: cls_route: remove the right filter from hashtable (Cong Wang)  [Orabug: 33369231]  {CVE-2021-3715}
- HID: make arrays usage and value to be the same (Will McVicker)  [Orabug: 33369121]  {CVE-2021-0512}
- ext4: fix race writing to an inline_data file while its xattrs are changing (Theodore Ts'o)  [Orabug: 33369043]  {CVE-2021-40490}

Oracle6: ELSA-2021-9459: Extended Important Security Update

The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network

Summary

[4.1.12-124.54.6.1.el6uek] - fs/namespace.c: fix mountpoint reference counter race (Piotr Krysiuk) [Orabug: 33369433] {CVE-2020-12114} {CVE-2020-12114} - btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik) [Orabug: 33369414] {CVE-2019-19448} {CVE-2019-19448} - cfg80211: wext: avoid copying malformed SSIDs (Will Deacon) [Orabug: 33369390] {CVE-2019-17133} - vhost_net: fix possible infinite loop (Jason Wang) [Orabug: 33369374] {CVE-2019-3900} {CVE-2019-3900} - vhost: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 33369374] {CVE-2019-3900} - vhost_net: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 33369374] {CVE-2019-3900} - vhost_net: use packet weight for rx handler, too (Paolo Abeni) [Orabug: 33369374] {CVE-2019-3900} - vhost-net: set packet weight of tx polling to 2 * vq size (haibinzhang(张海斌)) [Orabug: 33369374] {CVE-2019-3900} - mac80211: extend protection against mixed key and fragment cache attacks (Wen Gong) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24586} {CVE-2020-24587} - mac80211: do not accept/forward invalid EAPOL frames (Johannes Berg) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} - mac80211: prevent attacks on TKIP/WEP as well (Johannes Berg) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} - mac80211: check defrag PN against current frame (Johannes Berg) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} - mac80211: add fragment cache to sta_info (Johannes Berg) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} - mac80211: drop A-MSDUs on old ciphers (Johannes Berg) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24588} - cfg80211: mitigate A-MSDU aggregation attacks (Mathy Vanhoef) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24588} - mac80211: properly handle A-MSDUs that start with an RFC 1042 header (Mathy Vanhoef) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} - mac80211: prevent mixed key and fragment cache attacks (Mathy Vanhoef) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24587} {CVE-2020-24586} - mac80211: assure all fragments are encrypted (Mathy Vanhoef) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-26147} - sctp: validate from_addr_param return (Marcelo Ricardo Leitner) [Orabug: 33369303] {CVE-2021-3655} - virtio_console: Assure used length from device is limited (Xie Yongji) [Orabug: 33369276] {CVE-2021-38160} - net_sched: cls_route: remove the right filter from hashtable (Cong Wang) [Orabug: 33369231] {CVE-2021-3715} - HID: make arrays usage and value to be the same (Will McVicker) [Orabug: 33369121] {CVE-2021-0512} - ext4: fix race writing to an inline_data file while its xattrs are changing (Theodore Ts'o) [Orabug: 33369043] {CVE-2021-40490}

SRPMs

x86_64

kernel-uek-doc-4.1.12-124.54.6.1.el6uek.noarch.rpm kernel-uek-firmware-4.1.12-124.54.6.1.el6uek.noarch.rpm kernel-uek-4.1.12-124.54.6.1.el6uek.x86_64.rpm kernel-uek-devel-4.1.12-124.54.6.1.el6uek.x86_64.rpm kernel-uek-debug-4.1.12-124.54.6.1.el6uek.x86_64.rpm kernel-uek-debug-devel-4.1.12-124.54.6.1.el6uek.x86_64.rpm

aarch64

i386

Severity
Related CVEs: CVE-2019-3900 CVE-2020-24586 CVE-2020-26139 CVE-2020-12114 CVE-2019-19448 CVE-2019-17133 CVE-2020-24587 CVE-2020-24588 CVE-2020-26139 CVE-2020-24587 CVE-2021-3655 CVE-2021-38160 CVE-2020-26140 CVE-2020-26141 CVE-2020-26142 CVE-2020-26143 CVE-2020-26144 CVE-2020-26145 CVE-2020-26146 CVE-2020-26147 CVE-2020-24586 CVE-2021-3715 CVE-2021-0512 CVE-2021-40490

Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved