[El-errata] ELSA-2018-4242 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Oct 10 11:59:26 PDT 2018 

Oracle Linux Security Advisory ELSA-2018-4242

http://linux.oracle.com/errata/ELSA-2018-4242.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

aarch64:
kernel-uek-4.14.35-1818.3.3.el7uek.aarch64.rpm
kernel-uek-debug-4.14.35-1818.3.3.el7uek.aarch64.rpm
kernel-uek-debug-devel-4.14.35-1818.3.3.el7uek.aarch64.rpm
kernel-uek-devel-4.14.35-1818.3.3.el7uek.aarch64.rpm
kernel-uek-tools-4.14.35-1818.3.3.el7uek.aarch64.rpm
kernel-uek-tools-libs-4.14.35-1818.3.3.el7uek.aarch64.rpm
kernel-uek-tools-libs-devel-4.14.35-1818.3.3.el7uek.aarch64.rpm
perf-4.14.35-1818.3.3.el7uek.aarch64.rpm
python-perf-4.14.35-1818.3.3.el7uek.aarch64.rpm
kernel-uek-headers-4.14.35-1818.3.3.el7uek.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1818.3.3.el7uek.src.rpm



Description of changes:

[4.14.35-1818.3.3.el7uek]
- net: net_failover: fix typo in net_failover_slave_register() (Liran 
Alon)  [Orabug: 28122110]
- virtio_net: Extend virtio to use VF datapath when available (Sridhar 
Samudrala)  [Orabug: 28122110]
- virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit (Sridhar 
Samudrala)  [Orabug: 28122110]
- net: Introduce net_failover driver (Sridhar Samudrala)  [Orabug: 
28122110]
- net: Introduce generic failover module (Sridhar Samudrala)  [Orabug: 
28122110]
- IB/ipoib: Improve filtering log message (Yuval Shaia)  [Orabug: 28655435]
- IB/ipoib: Fix wrong update of arp_blocked counter (Yuval Shaia) 
[Orabug: 28655435]
- IB/ipoib: Update RX counters after ACL filtering (Yuval Shaia) 
[Orabug: 28655435]
- IB/ipoib: Filter RX packets before adding pseudo header (Yuval Shaia) 
[Orabug: 28655435]
- dm crypt: add middle-endian variant of plain64 IV (Konrad Rzeszutek 
Wilk)  [Orabug: 28604629]
- uek-rpm: Disable deprecated CONFIG_ACPI_PROCFS_POWER (Victor 
Erminpour)  [Orabug: 28644322]
- net/rds: Fix call to sleeping function in a non-sleeping context 
(Håkon Bugge)  [Orabug: 28657397]
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott 
Bauer)  [Orabug: 28664499]  {CVE-2018-16658}
- ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c 
(Seunghun Han)  [Orabug: 28664576]  {CVE-2017-13695}
- usb: xhci: do not create and register shared_hcd when USB3.0 is 
disabled (Tung Nguyen)  [Orabug: 28677854]

[4.14.35-1818.3.2.el7uek]
- hwmon: (k10temp) Display both Tctl and Tdie (Guenter Roeck)  [Orabug: 
28143470]
- hwmon: (k10temp) Use API function to access System Management Network 
(Guenter Roeck)  [Orabug: 28143470]
- hwmon: (k10temp) Fix reading critical temperature register (Guenter 
Roeck)  [Orabug: 28143470]
- hwmon: (k10temp) Add temperature offset for Ryzen 2700X (Guenter 
Roeck)  [Orabug: 28143470]
- hwmon: (k10temp) Add support for temperature offsets (Guenter Roeck) 
[Orabug: 28143470]
- hwmon: (k10temp) Add support for family 17h (Guenter Roeck)  [Orabug: 
28143470]
- hwmon: (k10temp) Move chip specific code into probe function (Guenter 
Roeck)  [Orabug: 28143470]
- net/rds: make the source code clean (Zhu Yanjun)  [Orabug: 28607913]
- net/rds: Use rdma_read_gids to get connection SGID/DGID in IPv6 (Zhu 
Yanjun)  [Orabug: 28607913]
- net/rds: Use rdma_read_gids to read connection GIDs (Parav Pandit) 
[Orabug: 28607913]
- posix-timers: Sanitize overrun handling (Thomas Gleixner)  [Orabug: 
28642970]  {CVE-2018-12896}
- crypto: ccp - Add support for new CCP/PSP device ID (Tom Lendacky) 
[Orabug: 28584386]
- crypto: ccp - Support register differences between PSP devices (Tom 
Lendacky)  [Orabug: 28584386]
- crypto: ccp - Remove unused #defines (Tom Lendacky)  [Orabug: 28584386]
- crypto: ccp - Add psp enabled message when initialization succeeds 
(Tom Lendacky)  [Orabug: 28584386]
- crypto: ccp - Fix command completion detection race (Tom Lendacky) 
[Orabug: 28584386]
- iommu/amd: Add support for IOMMU XT mode (Suravee Suthikulpanit) 
[Orabug: 28584386]
- iommu/amd: Add support for higher 64-bit IOMMU Control Register 
(Suravee Suthikulpanit)  [Orabug: 28584386]
- x86: irq_remapping: Move irq remapping mode enum (Suravee 
Suthikulpanit)  [Orabug: 28584386]
- x86/CPU/AMD: Fix LLC ID bit-shift calculation (Suravee Suthikulpanit) 
[Orabug: 28584386]
- x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when 
available (Suravee Suthikulpanit)  [Orabug: 28584386]
- x86/CPU/AMD: Calculate last level cache ID from number of sharing 
threads (Suravee Suthikulpanit)  [Orabug: 28584386]
- x86/CPU: Rename intel_cacheinfo.c to cacheinfo.c (Borislav Petkov) 
[Orabug: 28584386]
- perf/events/amd/uncore: Fix amd_uncore_llc ID to use pre-defined 
cpu_llc_id (Suravee Suthikulpanit)  [Orabug: 28584386]
- x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present 
(Borislav Petkov)  [Orabug: 28584386]

[4.14.35-1818.3.1.el7uek]
- arm64: vdso: fix clock_getres for 4GiB-aligned res (Mark Rutland) 
[Orabug: 28603375]
- locking/qrwlock: Prevent slowpath writers getting held up by fastpath 
(Will Deacon)  [Orabug: 28605196]
- locking/qrwlock, arm64: Move rwlock implementation over to qrwlocks 
(Will Deacon)  [Orabug: 28605196]
- locking/qrwlock: Use atomic_cond_read_acquire() when spinning in 
qrwlock (Will Deacon)  [Orabug: 28605196]
- locking/atomic: Add atomic_cond_read_acquire() (Will Deacon)  [Orabug: 
28605196]
- rds: CVE-2018-7492: Fix NULL pointer dereference in __rds_rdma_map 
(Håkon Bugge)  [Orabug: 28565429]  {CVE-2018-7492}
- irqchip/irq-bcm2836: Add support for DT interrupt polarity (Stefan 
Wahren)  [Orabug: 28596168]
- dt-bindings/bcm2836-l1-intc: Add interrupt polarity support (Stefan 
Wahren)  [Orabug: 28596168]
- dt-bindings/bcm283x: Define polarity of per-cpu interrupts (Stefan 
Wahren)  [Orabug: 28596168]
- x86/spec_ctrl: Only set SPEC_CTRL_IBRS_FIRMWARE if IBRS is actually in 
use (Patrick Colp)  [Orabug: 28610695]

[4.14.35-1818.2.2.el7uek]
- x86/xen: Calculate __max_logical_packages on PV domains (Prarit 
Bhargava)  [Orabug: 28476586]
- x86/entry/64: Remove %ebx handling from error_entry/exit (Andy 
Lutomirski)  [Orabug: 28402921]  {CVE-2018-14678}
- x86/pti: Don't report XenPV as vulnerable (Jiri Kosina)  [Orabug: 
28476680]
- x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (Andi 
Kleen)  [Orabug: 28488807]  {CVE-2018-3620}
- x86/speculation/l1tf: Suggest what to do on systems with too much RAM 
(Vlastimil Babka)  [Orabug: 28488807]  {CVE-2018-3620}
- x86/speculation/l1tf: Fix off-by-one error when warning that system 
has too much RAM (Vlastimil Babka)  [Orabug: 28488807]  {CVE-2018-3620}
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit 
(Vlastimil Babka)  [Orabug: 28488807]  {CVE-2018-3620}
- x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean 
Christopherson)  [Orabug: 28488807]  {CVE-2018-3620}
- x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled 
(Guenter Roeck)  [Orabug: 28488807]  {CVE-2018-3620}
- x86/spectre: Add missing family 6 check to microcode check (Andi 
Kleen)  [Orabug: 28488807]  {CVE-2018-3620}
- KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts 
disabled (Thomas Gleixner)  [Orabug: 28488807]  {CVE-2018-3646}
- x86/microcode: Allow late microcode loading with SMT disabled (Josh 
Poimboeuf)  [Orabug: 28488807]  {CVE-2018-3620}
- PCI: Add ACS quirk for Ampere root ports (Feng Kan)  [Orabug: 28525940]
- xfs: don't fail when converting shortform attr to long form during 
ATTR_REPLACE (Darrick J. Wong)  [Orabug: 28573020]
- uek-rpm: Disable F2FS in the UEK5 config (Victor Erminpour)  [Orabug: 
28577123]

More information about the El-errata mailing list