[El-errata] ELSA-2018-4011 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Sat Jan 13 18:33:42 PST 2018
Oracle Linux Security Advisory ELSA-2018-4011
http://linux.oracle.com/errata/ELSA-2018-4011.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-doc-4.1.12-112.14.11.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-112.14.11.el7uek.noarch.rpm
kernel-uek-4.1.12-112.14.11.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-112.14.11.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-112.14.11.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-112.14.11.el7uek.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.1.12-112.14.11.el7uek.src.rpm
Description of changes:
[4.1.12-112.14.11.el7uek]
- x86/pti/efi: broken conversion from efi to kernel page table (Pavel
Tatashin) [Orabug: 27363926] [Orabug: 27352353] {CVE-2017-5754}
- x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT
(redux) (Konrad Rzeszutek Wilk) [Orabug: 27369994]
- x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value
(Boris Ostrovsky) [Orabug: 27362581]
- x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky)
[Orabug: 27363792]
- x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported.
(Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- x86/entry_64: TRACE_IRQS_OFF before re-enabling. (Jamie Iles)
[Orabug: 27339995] {CVE-2017-5715}
- ptrace: remove unlocked RCU dereference. (Jamie Iles) [Orabug:
27339995] {CVE-2017-5715}
- x86/ia32: Adds code hygiene for 32bit SYSCALL instruction entry.
(Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- x86/ia32: don't save registers on audit call (Konrad Rzeszutek Wilk)
[Orabug: 27339995] {CVE-2017-5715}
- x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL (Konrad
Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk)
[Orabug: 27339995] {CVE-2017-5715}
- x86/spec: Always set IBRS to guest value on VMENTER and host on
VMEXIT. (Konrad Rzeszutek Wilk) [Orabug: 27365544] {CVE-2017-5715}
More information about the El-errata
mailing list