|
|
Subscribe / Log in / New account

Oracle alert ELSA-2019-4570 (kernel)



From:
              Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> 


To:
              el-errata@oss.oracle.com 


Subject:
              [El-errata] ELSA-2019-4570 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64) 


Date:
              Tue, 12 Mar 2019 16:32:16 -0700


Message-ID:
              <5f671ce0-f365-cd03-5e9e-20d2e240456e@oracle.com>


Oracle Linux Security Advisory ELSA-2019-4570

http://linux.oracle.com/errata/ELSA-2019-4570.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

aarch64:
kernel-uek-4.14.35-1844.3.2.el7uek.aarch64.rpm
kernel-uek-debug-4.14.35-1844.3.2.el7uek.aarch64.rpm
kernel-uek-debug-devel-4.14.35-1844.3.2.el7uek.aarch64.rpm
kernel-uek-devel-4.14.35-1844.3.2.el7uek.aarch64.rpm
kernel-uek-tools-4.14.35-1844.3.2.el7uek.aarch64.rpm
kernel-uek-tools-libs-4.14.35-1844.3.2.el7uek.aarch64.rpm
kernel-uek-tools-libs-devel-4.14.35-1844.3.2.el7uek.aarch64.rpm
perf-4.14.35-1844.3.2.el7uek.aarch64.rpm
python-perf-4.14.35-1844.3.2.el7uek.aarch64.rpm
kernel-uek-headers-4.14.35-1844.3.2.el7uek.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.3...



Description of changes:

[4.14.35-1844.3.2.el7uek]
- uek-rpm: Remove hardcoded 'kernel_git_commit' macro from specfile (Victor Erminpour)  [Orabug:
29357695]
- mm: cleancache: fix corruption on missed inode invalidation (Pavel Tikhomirov)  [Orabug:
29364665]  {CVE-2018-16862}
- l2tp: fix reading optional fields of L2TPv3 (Jacob Wen)  [Orabug: 29368046]

[4.14.35-1844.3.1.el7uek]
- x86/speculation: Add support for STIBP always-on preferred mode (Thomas Lendacky)  [Orabug:
29344486]
- x86/speculation: Provide IBPB always command line options (Thomas Gleixner)  [Orabug: 29344486]
- x86/speculation: Add seccomp Spectre v2 user space protection mode (Thomas Gleixner)  [Orabug:
29344486]
- x86/speculation: Enable prctl mode for spectre_v2_user (Thomas Gleixner)  [Orabug: 29344486]
- x86/speculation: Add prctl() control for indirect branch speculation (Thomas Gleixner)  [Orabug:
29344486]
- x86/speculation: Prepare arch_smt_update() for PRCTL mode (Thomas Gleixner)  [Orabug: 29344486]
- x86/speculation: Prevent stale SPEC_CTRL msr content (Thomas Gleixner)  [Orabug: 29344486]
- x86/speculation: Split out TIF update (Thomas Gleixner)  [Orabug: 29344486]
- ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (Thomas Gleixner)  [Orabug:
29344486]
- x86/speculation: Remove static key ibpb_enabled_key (Anjali Kulkarni)  [Orabug: 29344486]
- x86/speculation: Prepare for conditional IBPB in switch_mm() (Thomas Gleixner)  [Orabug:
29344486]
- x86/speculation: Avoid __switch_to_xtra() calls (Thomas Gleixner)  [Orabug: 29344486]
- x86/process: Consolidate and simplify switch_to_xtra() code (Thomas Gleixner)  [Orabug:
29344486]
- x86/speculation: Prepare for per task indirect branch speculation control (Tim Chen)  [Orabug:
29344486]
- x86/speculation: Add command line control for indirect branch speculation (Thomas Gleixner)
[Orabug: 29344486]
- x86/speculation: Unify conditional spectre v2 print functions (Thomas Gleixner)  [Orabug:
29344486]
- x86/speculataion: Mark command line parser data __initdata (Thomas Gleixner)  [Orabug: 29344486]
- x86/speculation: Mark string arrays const correctly (Thomas Gleixner)  [Orabug: 29344486]
- x86/speculation: Reorder the spec_v2 code (Thomas Gleixner)  [Orabug: 29344486]
- x86/l1tf: Show actual SMT state (Thomas Gleixner)  [Orabug: 29344486]
- x86/speculation: Rework SMT state change (Thomas Gleixner)  [Orabug: 29344486]
- sched/smt: Expose sched_smt_present static key (Thomas Gleixner)  [Orabug: 29344486]
- x86/Kconfig: Select SCHED_SMT if SMP enabled (Thomas Gleixner)  [Orabug: 29344486]
- sched/smt: Make sched_smt_present track topology (Peter Zijlstra (Intel))  [Orabug: 29344486]
- x86/speculation: Reorganize speculation control MSRs update (Tim Chen)  [Orabug: 29344486]
- x86/speculation: Rename SSBD update functions (Thomas Gleixner)  [Orabug: 29344486]
- x86/speculation: Disable STIBP when enhanced IBRS is in use (Tim Chen)  [Orabug: 29344486]
- x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (Tim Chen)
[Orabug: 29344486]
- x86/speculation: Remove unnecessary ret variable in cpu_show_common() (Tim Chen)  [Orabug:
29344486]
- x86/speculation: Clean up spectre_v2_parse_cmdline() (Tim Chen)  [Orabug: 29344486]
- x86/speculation: Update the TIF_SSBD comment (Tim Chen)  [Orabug: 29344486]
- sched/core: Fix cpu.max vs. cpuhotplug deadlock (Peter Zijlstra)  [Orabug: 29344486]
- x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (Jiri Kosina)  [Orabug:
29344486]
- x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (Jiri Kosina)
[Orabug: 29344486]
- netfilter: nf_tables: deactivate expressions in rule replecement routine (Taehee Yoo)  [Orabug:
29355502]
- btrfs: Verify that every chunk has corresponding block group at mount time (Qu Wenruo)  [Orabug:
29355254]  {CVE-2018-14612}
- mlx4_ib: Distribute completion vectors when zero is supplied (HÃ¥kon Bugge)  [Orabug: 29324328]
- x86/speculation: Clean up retpoline code in bugs.c (Alejandro Jimenez)  [Orabug: 29211613]
- x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (WANG Chao)  [Orabug:
29211613]
- x86/build: Fix compiler support check for CONFIG_RETPOLINE (Masahiro Yamada)  [Orabug: 29211613]
- x86/retpoline: Remove minimal retpoline support (Zhenzhong Duan)  [Orabug: 29211613]
- uek-rpm: Enable device-mapper era driver (Dave Aldridge)  [Orabug: 29283140]
- uek-rpm: use multi-threaded xz compression for rpms (Alexander Burmashev)  [Orabug: 29322860]
- uek-rpm: optimize find-requires usage (Alexander Burmashev)  [Orabug: 29322860]
- find-debuginfo.sh: backport parallel files procession (Alexander Burmashev)  [Orabug: 29322860]

[4.14.35-1844.3.0.el7uek]
- xfs: refactor short form directory structure verifier function (Darrick J. Wong)  [Orabug:
29301204]
- xfs: provide a centralized method for verifying inline fork data (Darrick J. Wong)  [Orabug:
29301204]
- xfs: create structure verifier function for short form symlinks (Darrick J. Wong)  [Orabug:
29301204]
- xfs: create structure verifier function for shortform xattrs (Darrick J. Wong)  [Orabug:
29301204]
- btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (Qu Wenruo)
[Orabug: 29301101]  {CVE-2018-14609}
- iommu/amd: Fix IOMMU page flush when detach device from a domain (Suravee Suthikulpanit)
[Orabug: 29297191]
- x86/apic: Switch all APICs to Fixed delivery mode (Thomas Gleixner)  [Orabug: 29262403]
- kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (Eduardo Habkost)  [Orabug: 29229728]
- bnx2x: disable GSO where gso_size is too big for hardware (Daniel Axtens)  [Orabug: 29125104]
{CVE-2018-1000026}
- net: create skb_gso_validate_mac_len() (Daniel Axtens)  [Orabug: 29125104]  {CVE-2018-1000026}
- slub: make ->cpu_partial unsigned (Alexey Dobriyan)  [Orabug: 28973025]


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds