[El-errata] ELSA-2018-1629 Important: Oracle Linux 7 kernel security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue May 22 00:30:22 PDT 2018
Oracle Linux Security Advisory ELSA-2018-1629
http://linux.oracle.com/errata/ELSA-2018-1629.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-3.10.0-862.3.2.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-862.3.2.el7.noarch.rpm
kernel-debug-3.10.0-862.3.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-862.3.2.el7.x86_64.rpm
kernel-devel-3.10.0-862.3.2.el7.x86_64.rpm
kernel-doc-3.10.0-862.3.2.el7.noarch.rpm
kernel-headers-3.10.0-862.3.2.el7.x86_64.rpm
kernel-tools-3.10.0-862.3.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-862.3.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-862.3.2.el7.x86_64.rpm
perf-3.10.0-862.3.2.el7.x86_64.rpm
python-perf-3.10.0-862.3.2.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-862.3.2.el7.src.rpm
Description of changes:
[3.10.0-862.3.2.el7.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel
(olkmod_signing_key.x509)(alexey.petrenko at oracle.com)
- Update x509.genkey [bug 24817676]
[3.10.0-862.3.2.el7]
- [x86] spec_ctrl: Fix late microcode problem with AMD (Waiman Long)
[1566904 1566905] {CVE-2018-3639}
- [x86] entry: Add missing "$" in IBRS macros (Waiman Long) [1566904
1566905] {CVE-2018-3639}
- [x86] spec_ctrl: Clean up entry code & remove unused APIs (Waiman
Long) [1566904 1566905] {CVE-2018-3639}
- [x86] spec_ctrl: Mask off SPEC_CTRL MSR bits that are managed by
kernel (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros
(Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [fs] proc: Use CamelCase for SSBD (Waiman Long) [1566904 1566905]
{CVE-2018-3639}
- [x86] bugs: Rename _RDS to _SSBD (Waiman Long) [1566904 1566905]
{CVE-2018-3639}
- [kernel] seccomp: Enable speculation flaw mitigations (Waiman Long)
[1566904 1566905] {CVE-2018-3639}
- [fs] proc: Provide details on speculation flaw mitigations (Waiman
Long) [1566904 1566905] {CVE-2018-3639}
- [x86] nospec: Allow getting/setting on non-current task (Waiman Long)
[1566904 1566905] {CVE-2018-3639}
- [x86] speculation: Add prctl for Speculative Store Bypass mitigation
(Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] process: Allow runtime control of Speculative Store Bypass
(Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [uapi] prctl: Add speculation control prctls (Waiman Long) [1566904
1566905] {CVE-2018-3639}
- [x86] kvm/vmx: Expose SPEC_CTRL Bit(2) to the guest (Waiman Long)
[1566904 1566905] {CVE-2018-3639}
- [x86] bugs/amd: Add support to disable RDS on Fam[15, 16, 17]h if
requested (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] spec_ctrl: Sync up RDS setting with IBRS code (Waiman Long)
[1566904 1566905] {CVE-2018-3639}
- [x86] bugs: Provide boot parameters for the spec_store_bypass_disable
mitigation (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] bugs: Expose /sys/../spec_store_bypass (Waiman Long) [1566904
1566905] {CVE-2018-3639}
- [x86] bugs: Read SPEC_CTRL MSR during boot and re-use (Waiman Long)
[1566904 1566905] {CVE-2018-3639}
- [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit
(Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] cpufeatures: Make CPU bugs sticky (Waiman Long) [1566904
1566905] {CVE-2018-3639}
[3.10.0-862.3.1.el7]
- [x86] kpti/kexec: fix wrong page address in clear_page (Dave Young)
[1573173 1571162]
- [x86] kvm: fix icebp instruction handling (Paolo Bonzini) [1566849
1566845] {CVE-2018-1087}
- [x86] entry/64: Don't use IST entry for #BP stack (Paolo Bonzini)
[1567084 1567083] {CVE-2018-8897}
- [kernel] perf/hwbp: Simplify the perf-hwbp code, fix documentation
(Eugene Syromiatnikov) [1569878 1569874] {CVE-2018-1000199}
More information about the El-errata
mailing list