[El-errata] ELSA-2018-4245 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update

Wed Oct 10 18:28:28 PDT 2018

Oracle Linux Security Advisory ELSA-2018-4245

http://linux.oracle.com/errata/ELSA-2018-4245.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-uek-firmware-3.8.13-118.25.1.el6uek.noarch.rpm
kernel-uek-doc-3.8.13-118.25.1.el6uek.noarch.rpm
kernel-uek-3.8.13-118.25.1.el6uek.x86_64.rpm
kernel-uek-devel-3.8.13-118.25.1.el6uek.x86_64.rpm
kernel-uek-debug-devel-3.8.13-118.25.1.el6uek.x86_64.rpm
kernel-uek-debug-3.8.13-118.25.1.el6uek.x86_64.rpm
dtrace-modules-3.8.13-118.25.1.el6uek-0.4.5-3.el6.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-3.8.13-118.25.1.el6uek.src.rpm
http://oss.oracle.com/ol6/SRPMS-updates/dtrace-modules-3.8.13-118.25.1.el6uek-0.4.5-3.el6.src.rpm

Description of changes:

kernel-uek
[3.8.13-118.25.1.el6uek]
- x86/spectre_v2: Don't check microcode versions when running under 
hypervisors (Konrad Rzeszutek Wilk)  [Orabug: 27959785]
- rds: CVE-2018-7492: Fix NULL pointer dereference in __rds_rdma_map 
(Håkon Bugge)  [Orabug: 28552792]  {CVE-2018-7492}
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott 
Bauer)  [Orabug: 28664530]  {CVE-2018-16658}
- ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c 
(Seunghun Han)  [Orabug: 28664579]  {CVE-2017-13695}
- uek-rpm: Disable deprecated CONFIG_ACPI_PROCFS_POWER (Victor 
Erminpour)  [Orabug: 28680238]
- exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook)  [Orabug: 
28710010]  {CVE-2018-14634}
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit 
(Vlastimil Babka)  [Orabug: 28505476]  {CVE-2018-3620}
- x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil 
Babka)  [Orabug: 28505476]  {CVE-2018-3620}
- x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil 
Babka)  [Orabug: 28505476]  {CVE-2018-3620}
- mm, fremap: mitigate L1TF in remap_file_pages (Daniel Jordan) 
[Orabug: 28505476]  {CVE-2018-3620}
- x86/speculation: Don't mark cpu_no_l1tf __initconst (Boris Ostrovsky) 
[Orabug: 28505476]  {CVE-2018-3620}
- x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen) 
[Orabug: 28505476]  {CVE-2018-3620}
- x86/mm/pat: Make set_memory_np() L1TF safe (Andi Kleen)  [Orabug: 
28505476]  {CVE-2018-3620}
- x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (Matt 
Fleming)  [Orabug: 28505476]  {CVE-2018-3620}
- x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen) 
[Orabug: 28505476]  {CVE-2018-3620}
- x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean 
Christopherson)  [Orabug: 28505476]  {CVE-2018-3620}
- x86/speculation/l1tf: Invert all not present mappings (Andi Kleen) 
[Orabug: 28505476]  {CVE-2018-3620}
- x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad 
Rzeszutek Wilk)  [Orabug: 28505476]  {CVE-2018-3620}
- x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Kleen) 
[Orabug: 28505476]  {CVE-2018-3620}
- x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE 
mappings (Andi Kleen)  [Orabug: 28505476]  {CVE-2018-3620}
- mm/pagewalk.c: prevent positive return value of walk_page_test() from 
being passed to callers (Naoya Horiguchi)  [Orabug: 28505476] 
{CVE-2018-3620}
- pagewalk: improve vma handling (Naoya Horiguchi)  [Orabug: 28505476] 
{CVE-2018-3620}
- mm/pagewalk: remove pgd_entry() and pud_entry() (Naoya Horiguchi) 
[Orabug: 28505476]  {CVE-2018-3620}
- mm/pagewalk.c: fix walk_page_range() access of wrong PTEs (Chen LinX) 
[Orabug: 28505476]  {CVE-2018-3620}
- x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Kleen) 
[Orabug: 28505476]  {CVE-2018-3620}
- x86/cpu/intel: Add Knights Mill to Intel family (Piotr Luc)  [Orabug: 
28505476]  {CVE-2018-3620}
- x86/bugs: Concentrate bug reporting into a separate function (Konrad 
Rzeszutek Wilk)  [Orabug: 28505476]  {CVE-2018-3620}
- x86/bugs: Concentrate bug detection into a separate function (Konrad 
Rzeszutek Wilk)  [Orabug: 28505476]  {CVE-2018-3620}
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and 
X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk)  [Orabug: 28505476] 
{CVE-2018-3620}
- x86/speculation/l1tf: Make sure the first page is always reserved 
(Andi Kleen)  [Orabug: 28505476]  {CVE-2018-3620}
- x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal 
Hocko)  [Orabug: 28505476]  {CVE-2018-3620}
- x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi 
Kleen)  [Orabug: 28505476]  {CVE-2018-3620}
- x86/speculation/l1tf: Protect swap entries against L1TF (Linus 
Torvalds)  [Orabug: 28505476]  {CVE-2018-3620}
- x86/speculation/l1tf: Change order of offset/type in swap entry (Linus 
Torvalds)  [Orabug: 28505476]  {CVE-2018-3620}
- x86/mm: Fix swap entry comment and macro (Dave Hansen)  [Orabug: 
28505476]  {CVE-2018-3620}
- x86/mm: Move swap offset/type up in PTE to work around erratum (Dave 
Hansen)  [Orabug: 28505476]  {CVE-2018-3620}
- mm: x86 pgtable: drop unneeded preprocessor ifdef (Cyrill Gorcunov) 
[Orabug: 28505476]  {CVE-2018-3620}
- x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi 
Kleen)  [Orabug: 28505476]  {CVE-2018-3620}
- x86/mm: Fix regression with huge pages on PAE (Kirill A. Shutemov) 
[Orabug: 28505476]  {CVE-2018-3620}
- x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Toshi Kani) 
[Orabug: 28505476]  {CVE-2018-3620}
- x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Toshi 
Kani)  [Orabug: 28505476]  {CVE-2018-3620}
- x86/asm: Move PUD_PAGE macros to page_types.h (Toshi Kani)  [Orabug: 
28505476]  {CVE-2018-3620}
- x86/speculation: sort X86_BUG_* with X86_FEATURE_* (Daniel Jordan) 
[Orabug: 28505476]  {CVE-2018-3620}
- Disable kaiser if the cpu is not vulnerable to X86_BUG_CPU_MELTDOWN 
(Kanth Ghatraju)  [Orabug: 27958074]
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to 
Meltdown (David Woodhouse)  [Orabug: 27958074]
- x86/msr: Add definitions for IA32_ARCH_CAPABILITIES MSR (Kanth 
Ghatraju)  [Orabug: 27958074]
- x86/cpufeatures: Add Intel feature bit for IA32_ARCH_CAPABILITIES 
supported (Kanth Ghatraju)  [Orabug: 27958074]