[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2018-4261)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Nov 1 02:05:42 PDT 2018 

Synopsis: ELSA-2018-4261 can now be patched using Ksplice
CVEs: CVE-2017-5715 CVE-2018-14734 CVE-2018-15572

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4261.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Support runtime retpoline control for CVE-2017-5715 (Spectre v2).

On some families of Intel processors IBRS is required for full
mitigation of Spectre v2 but has a significant performance overhead
compared to retpoline.  Add support for switching from IBRS to retpoline
where extra performance is required and risk analysis shows that
retpoline offers sufficient protection for the deployment.


* CVE-2018-14734: Use-after-free in Infiniband leave_multicast function.

A race condition in the infiniband code could allow the leave_multicast
function to use a structure that was allocated but subsequently freed in
the process_join function, leading to memory corruption and possible system
crash.

Orabug: 28774517


* CVE-2018-15572: Information leak in context switches (SpectreRSB).

Missing RSB fills on some CPU families during context switch could allow
leaking of information between processes with a Spectre v2 attack.

Orabug: 28631590


* Data corruption in software RAID recovery.

RAID recovery during modifications to the disks before the recovery was
started could cause incorrect data to be recovered or errors reported.

Orabug: 28702623


* Performance degradation in NUMA balancing with shared copy-on-write pages.

A large number of processes using the same shared copy-on-write pages
could interact poorly with NUMA balancing resulting in degraded
performance.

Orabug: 28814880


* Reserved page accounting imbalance with hugetlbfs mappings.

Incorrect handling of dirty hugetlbfs pages could result in a reserved
page count underflow when dropping filesystem caches under specific
conditions.

Orabug: 28813968

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list