Ah, I found the issue!
Our security repoclosure scripts are a bit too targeted=.
Alas, TUV doesn't appear to publish the source for their actual kpatch packages
up at git.centos.org so we will not be able to replicate those. I was a bit
hopeful that they would appear over time, but it appears not.
I'll look into retracting the broken package and pulling it off the site (and
dropping it into obsoletes). For now I'd recommend removing the package from
any system where having it blocks the kernel updates.
kpatch-patch-3_10_0-1062_12_1-0-0.el7.x86_64.rpm will be retracted "shortly"
with an announcement sent out to scientific-linux-errata.
Then to update the autobuild scripts.....
Thanks for the report!!!
Pat
--
Pat Riehecky
Fermi National Accelerator Laboratory
www.fnal.gov
www.scientificlinux.org
________________________________________
From: Mailing list for Scientific Linux users worldwide
<scientific-linux-us...@listserv.fnal.gov> on behalf of Patrick Riehecky
<riehe...@fnal.gov>
Sent: Wednesday, March 18, 2020 12:30 PM
To: scientific-linux-users
Subject: Re: [SCIENTIFIC-LINUX-USERS] EXT: Security ERRATA Important: kernel on
SL7.x x86_64
Interesting..... I didn't see this in the internal repoclosures. I'll have to
take a closer look to see what makes the most sense.
Pat
--
Pat Riehecky
Fermi National Accelerator Laboratory
www.fnal.gov
www.scientificlinux.org
________________________________________
From: Mailing list for Scientific Linux users worldwide
<scientific-linux-us...@listserv.fnal.gov> on behalf of Peed, Andrew (GE
Healthcare) <andrew.p...@ge.com>
Sent: Wednesday, March 18, 2020 10:05 AM
To: scientific-linux-users
Subject: Re: [SCIENTIFIC-LINUX-USERS] EXT: Security ERRATA Important: kernel on
SL7.x x86_64
Hi,
When I update my repository with this kernel package update, I get the
following error from repoclosure:
package: kpatch-patch-3_10_0-1062_12_1-0-0.el7.x86_64
unresolved deps:
kernel = 0:3.10.0-1062.12.1.el7
kpatch-patch is self-described in the SPEC file as being an empty package that
provides a method to subscribe to the kpatch stream for
kernel-3.10.0-1062.12.1.el7 (the previous version), and has an explicit
requirement for that version.
Does SL plan to update this package, or will we need to so that we can get a
clean repoclosure?
Thanks,
-- Andy
-----Original Message-----
From: owner-scientific-linux-err...@listserv.fnal.gov
<owner-scientific-linux-err...@listserv.fnal.gov> On Behalf Of Farhan Ahmed
Sent: Tuesday, March 17, 2020 4:43 PM
To: scientific-linux-err...@listserv.fnal.gov
Subject: EXT: Security ERRATA Important: kernel on SL7.x x86_64
Synopsis: Important: kernel security, bug fix, and enhancement update
Advisory ID: SLSA-2020:0834-1
Issue Date: 2020-03-17
CVE Numbers: CVE-2019-11487
CVE-2019-17666
CVE-2019-19338
--
Security Fix(es):
* kernel: Count overflow in FUSE request leading to use-after-free issues.
(CVE-2019-11487)
* kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the
Linux kernel lacks a certain upper-bound check, leading to a buffer overflow
(CVE-2019-17666)
* Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA
(CVE-2019-11135) (CVE-2019-19338)
Bug Fix(es):
* SL7.7 - default idle mishandles lazy irq state
* Sanitize MM backported code for SL7
* A bio with a flush and write to an md device can be lost and never complete
by the md layer
* [FJ7.7 Bug]: [REG] Read from /proc/net/if_inet6 never stop.
* SL7.7 - zfcp: fix reaction on bit error threshold notification
* SL7.7 Snapshot3 - Kernel Panic when running LTP mm test on s390x
* Leak in cachefiles driver
* VFS: Busy inodes after unmount of loop0 when encountering duplicate directory
inodes
* Allocation failure in md's r10buf_pool_alloc function leads to a crash from
accessing uninitialized pointers
* [Hyper-V][SL7.6]Hyper-V guest waiting indefinitely for RCU callback when
removing a mem cgroup
* A bnx2fc abort attempt doesn't timeout from miscalculation causing a huge
timeout value
* scsi: libiscsi: fall back to sendmsg for slab pages
* SL7.7 - kernel: avoid cpu yield in SMT environment
* SL7.6 - kernel: jump label transformation performance
* drm radeon power management warning on VERDE cards
* Duplicate enum value in include/linux/blk_types.h
* [HPE 7.7 Bug] hpsa: bug fix for reset issue
* System Crash on vport creation (NPIV on FCoE)
* [Hyper-V][SL 7.8] Four Mellanox Patches needed for kernels that have that
have SRIOV
* WARNING: CPU: 7 PID: 2049 at mm/slub.c:2296 ___slab_alloc+0x508/0x520
* fio with ioengine=pmemblk on fsdax failed
* [HPE 7.7 Bug] hpsa: bug fixes
* perf top -p PID does not show anything
* Delay in RT task scheduled. Incorrect nr_scheduled value.
* A directory on a gfs2 filesystem appears corrupt on nodeB after nodeA renames
the directory
* ixgbevf interface goes down on hypervisor and causes outage
* Can't enable virt-ssbd on some AMD hosts
* [HPEMC 7.8 BUG] x86/boot/64: Avoid mapping reserved ranges in early page
tables
Enhancement(s):
* scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show'
--
SL7
x86_64
bpftool-3.10.0-1062.18.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-debug-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-devel-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-headers-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-tools-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.18.1.el7.x86_64.rpm
perf-3.10.0-1062.18.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.18.1.el7.x86_64.rpm
python-perf-3.10.0-1062.18.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.18.1.el7.x86_64.rpm
noarch
kernel-abi-whitelists-3.10.0-1062.18.1.el7.noarch.rpm
kernel-doc-3.10.0-1062.18.1.el7.noarch.rpm
- Scientific Linux Development Team
