Synopsis
The remote OracleVM host is missing one or more security updates.
Description
The remote OracleVM system is missing necessary patches to address critical security updates :
- x86/speculation: Exclude ATOMs from speculation through SWAPGS (Thomas Gleixner) [Orabug: 29967571] (CVE-2019-1125)
- x86/speculation: Enable Spectre v1 swapgs mitigations (Josh Poimboeuf) [Orabug: 29967571] (CVE-2019-1125)
- x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations (Josh Poimboeuf) [Orabug: 29967571] (CVE-2019-1125)
- mlx4_core: change log_num_[qp,rdmarc] with scale_profile (Mukesh Kacker) [Orabug: 30064080]
- scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error (Cathy Avery) [Orabug: 30052805]
- USB: check usb_get_extra_descriptor for proper size (Mathias Payer) [Orabug: 29755247] (CVE-2018-20169)
- rds: ib: Fix dereference of conn when NULL and cleanup thereof (Hå kon Bugge) [Orabug: 29924849]
- ext4: zero out the unused memory region in the extent tree block (Sriram Rajagopalan) [Orabug: 29925523] (CVE-2019-11833) (CVE-2019-11833)
- ip_sockglue: Fix missing-check bug in ip_ra_control (Gen Zhang) [Orabug: 29926005] (CVE-2019-12381)
- ipv6_sockglue: Fix a missing-check bug in ip6_ra_control (Gen Zhang) [Orabug: 29926057] (CVE-2019-12378)
- x86/microcode: fix x86_spec_ctrl_mask on late loading.
(Mihai Carabas) [Orabug: 29941248]
- net: rds: fix rds recv memory leak (Zhu Yanjun) [Orabug:
30034815]
Solution
Update the affected kernel-uek / kernel-uek-firmware packages.