Synopsis: Important: kernel security and bug fix update Advisory ID: SLSA-2019:0818-1 Issue Date: 2019-04-23 CVE Numbers: CVE-2019-7221 CVE-2019-6974 -- Security Fix(es): * Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974) * Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221) Bug Fix(es): * rbd: avoid corruption on partially completed bios [rhel-7.6.z] * xfs_vm_writepages deadly embrace between kworker and user task. [rhel-7.6.z] * Offload Connections always get vlan priority 0 [rhel-7.6.z] * [NOKIA] SL sends flood of Neighbour Solicitations under specific conditions [rhel-7.6.z] * SL 7.6 - Host crash occurred on NVMe/IB system while running controller reset [rhel-7.6.z] * [rhel7] raid0 md workqueue deadlock with stacked md devices [rhel-7.6.z] * [PureStorage7.6]nvme disconnect following an unsuccessful Admin queue creation causes kernel panic [rhel-7.6.z] * RFC: Regression with -fstack-check in 'backport upstream large stack guard patch to SL6' patch [rhel-7.6.z] * [Hyper-V] [SL 7.6]hv_netvsc: Fix a network regression after ifdown/ifup [rhel-7.6.z] * rtc_cmos: probe of 00:01 failed with error -16 [rhel-7.6.z] * ACPI WDAT watchdog update [rhel-7.6.z] * high ovs-vswitchd CPU usage when VRRP over VXLAN tunnel causing qrouter fail-over [rhel-7.6.z] * Openshift node drops outgoing POD traffic due to NAT hashtable race in __ip_conntrack_confirm() [rhel-7.6.z] * [Backport] [v3,2/2] net: igmp: Allow user-space configuration of igmp unsolicited report interval [rhel-7.6.z] * [SL7.6]: Intermittently seen FIFO parity error on T6225-SO adapter [rhel-7.6.z] * The number of unsolict report about IGMP is incorrect [rhel-7.6.z] * RDT driver causing failure to boot on AMD Rome system with more than 255 CPUs [rhel-7.6.z] * mpt3sas_cm0: fault_state(0x2100)! [rhel-7.6.z] * rwsem in inconsistent state leading system to hung [rhel-7.6.z] -- SL7 x86_64 bpftool-3.10.0-957.12.1.el7.x86_64.rpm kernel-3.10.0-957.12.1.el7.x86_64.rpm kernel-debug-3.10.0-957.12.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.12.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.12.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.12.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.12.1.el7.x86_64.rpm kernel-devel-3.10.0-957.12.1.el7.x86_64.rpm kernel-headers-3.10.0-957.12.1.el7.x86_64.rpm kernel-tools-3.10.0-957.12.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.12.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.12.1.el7.x86_64.rpm perf-3.10.0-957.12.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.12.1.el7.x86_64.rpm python-perf-3.10.0-957.12.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.12.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.12.1.el7.x86_64.rpm noarch kernel-abi-whitelists-3.10.0-957.12.1.el7.noarch.rpm kernel-doc-3.10.0-957.12.1.el7.noarch.rpm - Scientific Linux Development Team