Oracle alert ELSA-2018-0512 (kernel)
| From: | Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> | |
| To: | el-errata@oss.oracle.com | |
| Subject: | [El-errata] ELSA-2018-0512 Important: Oracle Linux 6 kernel security and bug fix update | |
| Date: | Thu, 15 Mar 2018 00:58:04 -0700 | |
| Message-ID: | <5524f61f-6f83-e361-554d-4012668eb85c@oracle.com> |
Oracle Linux Security Advisory ELSA-2018-0512 http://linux.oracle.com/errata/ELSA-2018-0512.html The following updated rpms for Oracle Linux 6 have been uploaded to the Unbreakable Linux Network: i386: kernel-2.6.32-696.23.1.el6.i686.rpm kernel-abi-whitelists-2.6.32-696.23.1.el6.noarch.rpm kernel-debug-2.6.32-696.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-696.23.1.el6.i686.rpm kernel-devel-2.6.32-696.23.1.el6.i686.rpm kernel-doc-2.6.32-696.23.1.el6.noarch.rpm kernel-firmware-2.6.32-696.23.1.el6.noarch.rpm kernel-headers-2.6.32-696.23.1.el6.i686.rpm perf-2.6.32-696.23.1.el6.i686.rpm python-perf-2.6.32-696.23.1.el6.i686.rpm x86_64: kernel-2.6.32-696.23.1.el6.x86_64.rpm kernel-abi-whitelists-2.6.32-696.23.1.el6.noarch.rpm kernel-debug-2.6.32-696.23.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.23.1.el6.i686.rpm kernel-debug-devel-2.6.32-696.23.1.el6.x86_64.rpm kernel-devel-2.6.32-696.23.1.el6.x86_64.rpm kernel-doc-2.6.32-696.23.1.el6.noarch.rpm kernel-firmware-2.6.32-696.23.1.el6.noarch.rpm kernel-headers-2.6.32-696.23.1.el6.x86_64.rpm perf-2.6.32-696.23.1.el6.x86_64.rpm python-perf-2.6.32-696.23.1.el6.x86_64.rpm SRPMS: http://oss.oracle.com/ol6/SRPMS-updates/kernel-2.6.32-696... Description of changes: [2.6.32-696.23.1.el6.OL6] - Update genkey [bug 25599697] [2.6.32-696.23.1.el6] - [scsi] avoid a permanent stop of the scsi device's request queue (Ewan Milne) [1519857 1513455] - [x86] retpoline/hyperv: Convert assembler indirect jumps (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Upgrade GCC retpoline warning to an error for brew builds (Waiman Long) [1543022 1535645] - [x86] retpoline: Don't use kernel indirect thunks in vsyscalls (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Add a read-only retp_enabled debugfs knob (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: detect unretpolined modules (Waiman Long) [1543022 1535645] - [x86] retpoline/ACPI: Convert indirect jump in wakeup code (Waiman Long) [1543022 1535645] - [x86] retpoline/efi: Convert stub indirect calls & jumps (Waiman Long) [1543022 1535645] - [watchdog] hpwdt: remove indirect call in drivers/watchdog/hpwdt.c (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: cleanup __ptrace_may_access (Waiman Long) [1543022 1535645] - [x86] bugs: Drop one "mitigation" from dmesg (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: fix ptrace IBPB optimization (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Avoid returns in IBRS-disabled regions (Waiman Long) [1543022 1535645] - [x86] spectre/meltdown: avoid the vulnerability directory to weaken kernel security (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Update spec_ctrl.txt and kernel-parameters.txt (Waiman Long) [1543022 1535645] - [x86] Use IBRS for firmware update path (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: stuff RSB on context switch with SMEP enabled (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: use upstream RSB stuffing function (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: add ibrs_enabled=3 (ibrs_user) (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Integrate IBRS with retpoline (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: print features changed by microcode loading (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: refactor the init and microcode loading paths (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: move initialization of X86_FEATURE_IBPB_SUPPORT (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: remove SPEC_CTRL_PCP_IBPB bit (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: remove ibrs_enabled variable (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: add ibp_disabled variable (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: add X86_FEATURE_IBP_DISABLE (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: remove IBP disable for AMD model 0x16 (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: remove performance measurements from documentation (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: make ipbp_enabled read-only (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: remove ibpb_enabled=2 mode (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Enable spec_ctrl functions for x86-32 (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: move vmexit rmb in the last branch before IBRS (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: satisfy the barrier like semantics of IBRS (Waiman Long) [1543022 1535645] - [x86] spectre_v1: Mark it as mitigated (Waiman Long) [1543022 1535645] - [x86] pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (Waiman Long) [1543022 1535645] - [x86] mce: Make machine check speculation protected (Waiman Long) [1543022 1535645] - [x86] retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (Waiman Long) [1543022 1535645] - [x86] retpoline: Fill return stack buffer on vmexit (Waiman Long) [1543022 1535645] - [x86] retpoline/irq32: Convert assembler indirect jumps (Waiman Long) [1543022 1535645] - [x86] retpoline/checksum32: Convert assembler indirect jumps (Waiman Long) [1543022 1535645] - [x86] retpoline/entry: Convert entry assembler indirect (Waiman Long) [1543022 1535645] - [x86] retpoline/crypto: Convert crypto assembler indirect jumps (Waiman Long) [1543022 1535645] - [x86] spectre: Add boot time option to select Spectre v2 mitigation (Waiman Long) [1543022 1535645] - [x86] retpoline: Add initial retpoline support (Waiman Long) [1543022 1535645] - [x86] cpu: Implement CPU vulnerabilites sysfs functions (Waiman Long) [1543022 1535645] - [base] sysfs/cpu: Add vulnerability folder (Waiman Long) [1543022 1535645] - [x86] cpufeatures: Add X86_BUG_SPECTRE_V[12] (Waiman Long) [1543022 1535645] - [x86] pti: Add the pti= cmdline option and documentation (Waiman Long) [1543022 1535645] - [x86] cpufeatures: Add X86_BUG_CPU_MELTDOWN (Waiman Long) [1543022 1535645] - [x86] pti: Rename CONFIG_KAISER to CONFIG_PAGE_TABLE_ISOLATION (Waiman Long) [1543022 1535645] - [x86] cpu: Expand cpufeature facility to include cpu bugs (Waiman Long) [1543022 1535645] - [x86] cpu: Merge bugs.c and bugs_64.c (Waiman Long) [1543022 1535645] - [x86] cpu/intel: Introduce macros for Intel family numbers (Waiman Long) [1543022 1535645] - [x86] alternatives: Add missing '\n' at end of ALTERNATIVE inline asm (Waiman Long) [1543022 1535645] - [x86] alternatives: Fix alt_max_short macro to really be a max() (Waiman Long) [1543022 1535645] - [x86] asm: Make asm/alternative.h safe from assembly (Waiman Long) [1543022 1535645] - [x86] alternatives: Document macros (Waiman Long) [1543022 1535645] - [x86] alternatives: Fix ALTERNATIVE_2 padding generation properly (Waiman Long) [1543022 1535645] - [x86] alternatives: Add instruction padding (Waiman Long) [1543022 1535645] (Waiman Long) [1543022 1535645] - [x86] alternative: Use .pushsection/.popsection (Waiman Long) [1543022 1535645] - [x86] copy_user_generic: Optimize copy_user_generic with CPU erms feature (Waiman Long) [1543022 1535645] - [x86] Make .altinstructions bit size neutral (Waiman Long) [1543022 1535645] - [x86] pti: Rework the trampoline stack switching code (Waiman Long) [1543022 1535645] - [x86] pti: Disable interrupt before trampoline stack switching (Waiman Long) [1543022 1535645] [2.6.32-696.22.1.el6] - [mm] add cpu_relax() to "dont return 0 too early" patch (Ian Kent) [1527811 988988] - [mm] don't return 0 too early from find_get_pages() (Ian Kent) [1527811 988988] - [crypto] cryptd: Add cryptd_max_cpu_qlen module parameter (Jon Maxwell) [1527802 1503322] - [powerpc] spinlock: add gmb memory barrier (Mauricio Oliveira) [1531720 1538543] - [powerpc] Prevent Meltdown attack with L1-D$ flush (Mauricio Oliveira) [1531720 1538543] - [s390] vtime: turn BP on when going idle (Hendrik Brueckner) [1532733 1538542] - [s390] cpuinfo: show facilities as reported by stfle (Hendrik Brueckner) [1532733 1538542] - [s390] kconfigs: turn off SHARED_KERNEL support for s390 (Hendrik Brueckner) [1532733 1538542] - [s390] add ppa to system call and program check path (Hendrik Brueckner) [1532733 1538542] - [s390] spinlock: add gmb memory barrier (Hendrik Brueckner) [1532733 1538542] - [s390] introduce CPU alternatives (Hendrik Brueckner) [1532733 1538542] [2.6.32-696.21.1.el6] - [fs] sunrpc: Revert "sunrpc: always treat the invalid cache as unexpired" (Thiago Becker) [1535938 1532786] _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata