[El-errata] ELSA-2019-1167 Important: Oracle Linux 8 kernel security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Aug 1 07:00:10 PDT 2019 

Oracle Linux Security Advisory ELSA-2019-1167

http://linux.oracle.com/errata/ELSA-2019-1167.html

The following updated rpms for Oracle Linux 8 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-80.1.2.el8_0.x86_64.rpm
kernel-4.18.0-80.1.2.el8_0.x86_64.rpm
kernel-abi-whitelists-4.18.0-80.1.2.el8_0.noarch.rpm
kernel-core-4.18.0-80.1.2.el8_0.x86_64.rpm
kernel-cross-headers-4.18.0-80.1.2.el8_0.x86_64.rpm
kernel-debug-4.18.0-80.1.2.el8_0.x86_64.rpm
kernel-debug-core-4.18.0-80.1.2.el8_0.x86_64.rpm
kernel-debug-devel-4.18.0-80.1.2.el8_0.x86_64.rpm
kernel-debug-modules-4.18.0-80.1.2.el8_0.x86_64.rpm
kernel-debug-modules-extra-4.18.0-80.1.2.el8_0.x86_64.rpm
kernel-devel-4.18.0-80.1.2.el8_0.x86_64.rpm
kernel-doc-4.18.0-80.1.2.el8_0.noarch.rpm
kernel-headers-4.18.0-80.1.2.el8_0.x86_64.rpm
kernel-modules-4.18.0-80.1.2.el8_0.x86_64.rpm
kernel-modules-extra-4.18.0-80.1.2.el8_0.x86_64.rpm
kernel-tools-4.18.0-80.1.2.el8_0.x86_64.rpm
kernel-tools-libs-4.18.0-80.1.2.el8_0.x86_64.rpm
perf-4.18.0-80.1.2.el8_0.x86_64.rpm
python3-perf-4.18.0-80.1.2.el8_0.x86_64.rpm
kernel-tools-libs-devel-4.18.0-80.1.2.el8_0.x86_64.rpm

aarch64:
bpftool-4.18.0-80.1.2.el8_0.aarch64.rpm
kernel-4.18.0-80.1.2.el8_0.aarch64.rpm
kernel-abi-whitelists-4.18.0-80.1.2.el8_0.noarch.rpm
kernel-core-4.18.0-80.1.2.el8_0.aarch64.rpm
kernel-cross-headers-4.18.0-80.1.2.el8_0.aarch64.rpm
kernel-debug-4.18.0-80.1.2.el8_0.aarch64.rpm
kernel-debug-core-4.18.0-80.1.2.el8_0.aarch64.rpm
kernel-debug-devel-4.18.0-80.1.2.el8_0.aarch64.rpm
kernel-debug-modules-4.18.0-80.1.2.el8_0.aarch64.rpm
kernel-debug-modules-extra-4.18.0-80.1.2.el8_0.aarch64.rpm
kernel-devel-4.18.0-80.1.2.el8_0.aarch64.rpm
kernel-doc-4.18.0-80.1.2.el8_0.noarch.rpm
kernel-headers-4.18.0-80.1.2.el8_0.aarch64.rpm
kernel-modules-4.18.0-80.1.2.el8_0.aarch64.rpm
kernel-modules-extra-4.18.0-80.1.2.el8_0.aarch64.rpm
kernel-tools-4.18.0-80.1.2.el8_0.aarch64.rpm
kernel-tools-libs-4.18.0-80.1.2.el8_0.aarch64.rpm
perf-4.18.0-80.1.2.el8_0.aarch64.rpm
python3-perf-4.18.0-80.1.2.el8_0.aarch64.rpm
kernel-tools-libs-devel-4.18.0-80.1.2.el8_0.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-80.1.2.el8_0.src.rpm



Description of changes:

[4.18.0-80.1.2.el8_0.OL8]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted 
keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]

[4.18.0-80.1.2.el8_0]
- [arm64] arm64/speculation: Support 'mitigations=' cmdline option (Josh 
Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] 
{CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [s390] s390/speculation: Support 'mitigations=' cmdline option (Josh 
Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] 
{CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [powerpc] powerpc/speculation: Support 'mitigations=' cmdline option 
(Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] 
{CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [powerpc] powerpc/64: Disable the speculation barrier from the command 
line (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] 
{CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add 'mitigations=' support for MDS (Josh 
Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] 
{CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation: Support 'mitigations=' cmdline option (Josh 
Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] 
{CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [kernel] cpu/speculation: Add 'mitigations=' cmdline option (Josh 
Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] 
{CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with 
mitigations off (Josh Poimboeuf) [1698809 1698896 1699001 1690338 
1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Fix comment (Josh Poimboeuf) [1698809 
1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 
CVE-2018-12126}
- [x86] x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) 
[1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 
CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation: Move arch_smt_update() call to after mitigation 
decisions (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 
1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add mds=full, nosmt cmdline option (Josh 
Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] 
{CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [documentation] Documentation: Add MDS vulnerability documentation 
(Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] 
{CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [documentation] Documentation: Move L1TF to separate directory (Josh 
Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] 
{CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Josh Poimboeuf) 
[1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 
CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add sysfs reporting for MDS (Josh 
Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] 
{CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add mitigation control for MDS (Josh 
Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] 
{CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle 
entry (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] 
{CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/kvm/vmx: Add MDS protection when L1D Flush is not active 
(Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] 
{CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Josh 
Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] 
{CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Josh 
Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] 
{CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Josh Poimboeuf) 
[1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 
CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Josh Poimboeuf) 
[1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 
CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Josh 
Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] 
{CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation: Consolidate CPU whitelists (Josh Poimboeuf) 
[1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 
CVE-2018-12127 CVE-2018-12126}
- [x86] x86/msr-index: Cleanup bit defines (Josh Poimboeuf) [1698809 
1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 
CVE-2018-12126}
- [x86] x86/speculation: Cast ~SPEC_CTRL_STIBP atomic value to int (Josh 
Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] 
{CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Josh Poimboeuf) [1698809 
1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 
CVE-2018-12126}
file (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] 
{CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [tools] tools include: Adopt linux/bits.h (Josh Poimboeuf) [1698809 
1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 
CVE-2018-12126}

[4.18.0-80.1.1.el8_0]
- [zstream] switch to zstream (Frantisek Hrbata)

More information about the El-errata mailing list