diff --git a/.gitignore b/.gitignore
index 2c7c773..58c74a4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
-SOURCES/kernel-rt-3.10.0-1062.4.1.rt56.1027.tar.xz
+SOURCES/kernel-rt-3.10.0-1062.4.2.rt56.1028.tar.xz
 SOURCES/rheldup3.x509
 SOURCES/rhelkpatch1.x509
diff --git a/.kernel-rt.metadata b/.kernel-rt.metadata
index 252d6e3..c0c5658 100644
--- a/.kernel-rt.metadata
+++ b/.kernel-rt.metadata
@@ -1,3 +1,3 @@
-ce5d7f5a6437e8f11d9f9a6081ddcf6229897b27 SOURCES/kernel-rt-3.10.0-1062.4.1.rt56.1027.tar.xz
+b217d70b8b1188d304d8fd47b51a35286e3c18b4 SOURCES/kernel-rt-3.10.0-1062.4.2.rt56.1028.tar.xz
 95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509
 d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509
diff --git a/SOURCES/kernel-3.10.0-x86_64-rt-debug.config b/SOURCES/kernel-3.10.0-x86_64-rt-debug.config
index 8c6f575..1a849cb 100644
--- a/SOURCES/kernel-3.10.0-x86_64-rt-debug.config
+++ b/SOURCES/kernel-3.10.0-x86_64-rt-debug.config
@@ -565,6 +565,9 @@ CONFIG_X86_PAT=y
 CONFIG_ARCH_USES_PG_UNCACHED=y
 CONFIG_ARCH_RANDOM=y
 CONFIG_X86_SMAP=y
+# CONFIG_X86_INTEL_TSX_MODE_OFF is not set
+CONFIG_X86_INTEL_TSX_MODE_ON=y
+# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set
 CONFIG_EFI=y
 CONFIG_EFI_STUB=y
 CONFIG_EFI_SECURE_BOOT_SECURELEVEL=y
diff --git a/SOURCES/kernel-3.10.0-x86_64-rt-trace.config b/SOURCES/kernel-3.10.0-x86_64-rt-trace.config
index 267f4af..13aacbb 100644
--- a/SOURCES/kernel-3.10.0-x86_64-rt-trace.config
+++ b/SOURCES/kernel-3.10.0-x86_64-rt-trace.config
@@ -564,6 +564,9 @@ CONFIG_X86_PAT=y
 CONFIG_ARCH_USES_PG_UNCACHED=y
 CONFIG_ARCH_RANDOM=y
 CONFIG_X86_SMAP=y
+# CONFIG_X86_INTEL_TSX_MODE_OFF is not set
+CONFIG_X86_INTEL_TSX_MODE_ON=y
+# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set
 CONFIG_EFI=y
 CONFIG_EFI_STUB=y
 CONFIG_EFI_SECURE_BOOT_SECURELEVEL=y
diff --git a/SOURCES/kernel-3.10.0-x86_64-rt.config b/SOURCES/kernel-3.10.0-x86_64-rt.config
index 15d15cb..4ee762e 100644
--- a/SOURCES/kernel-3.10.0-x86_64-rt.config
+++ b/SOURCES/kernel-3.10.0-x86_64-rt.config
@@ -564,6 +564,9 @@ CONFIG_X86_PAT=y
 CONFIG_ARCH_USES_PG_UNCACHED=y
 CONFIG_ARCH_RANDOM=y
 CONFIG_X86_SMAP=y
+# CONFIG_X86_INTEL_TSX_MODE_OFF is not set
+CONFIG_X86_INTEL_TSX_MODE_ON=y
+# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set
 CONFIG_EFI=y
 CONFIG_EFI_STUB=y
 CONFIG_EFI_SECURE_BOOT_SECURELEVEL=y
diff --git a/SPECS/kernel-rt.spec b/SPECS/kernel-rt.spec
index 87088df..2d124ed 100644
--- a/SPECS/kernel-rt.spec
+++ b/SPECS/kernel-rt.spec
@@ -7,10 +7,10 @@ Summary: The Linux Realtime kernel
 %global dist .el7
 
 # realtimeN
-%global rtbuild 1027
+%global rtbuild 1028
 
 # RHEL7 build number
-%global rhel_build 1062.4.1
+%global rhel_build 1062.4.2
 
 # The preempt RT patch level
 %global rttag rt56
@@ -1433,6 +1433,46 @@ fi
 %endif
 
 %changelog
+* Wed Nov 06 2019 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-1062.4.2.rt56.1028.el7]
+- [rt] Update source tree to match RHEL rhel-7.7.z tree [1740918 1708718]
+- [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1756815 1756816] {CVE-2019-0154}
+- [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1756815 1756816] {CVE-2019-0154}
+- [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
+- [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
+- [drm] drm/i915/cmdparser: Use explicit goto for error paths (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
+- [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
+- [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
+- [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
+- [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
+- [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
+- [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
+- [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
+- [x86] tsx: Add config options to set tsx=on|off|auto (Waiman Long) [1766539 1766540] {CVE-2019-11135}
+- [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}
+- [x86] tsx: Add "auto" option to the tsx= cmdline parameter (Waiman Long) [1766539 1766540] {CVE-2019-11135}
+- [x86] speculation/taa: Add sysfs reporting for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}
+- [x86] speculation/taa: Add mitigation for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}
+- [x86] cpu: Add a "tsx=" cmdline option with TSX disabled by default (Waiman Long) [1766539 1766540] {CVE-2019-11135}
+- [x86] cpu: Add a helper function x86_read_arch_cap_msr() (Waiman Long) [1766539 1766540] {CVE-2019-11135}
+- [x86] msr: Add the IA32_TSX_CTRL MSR (Waiman Long) [1766539 1766540] {CVE-2019-11135}
+- [documentation] documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] kvm: x86: mmu: Recovery of shattered NX large pages (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [virt] kvm: Add helper function for creating VM worker threads (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [kernel] cpu/speculation: Uninline and export CPU mitigations helpers (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] cpu: Add Tremont to the cpu vulnerability whitelist (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] kvm: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] kvm: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] kvm: mmu: Do not release the page inside mmu_set_spte() (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] kvm: x86: mmu: Remove unused parameter of __direct_map() (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [virt] kvm: Convert kvm_lock to a mutex (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] kvm: mmu: drop vcpu param in gpte_access (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [virt] kvm: x86, powerpc: do not allow clearing largepages debugfs entry (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+
 * Wed Sep 25 2019 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-1062.4.1.rt56.1027.el7]
 - [rt] Update source tree to match RHEL rhel-7.7.z tree [1740918 1708718]
 - [vhost] vhost: make sure log_num < in_num (Eugenio Perez) [1750879 1750880] {CVE-2019-14835}