[El-errata] ELSA-2019-4628 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue May 14 19:13:38 PDT 2019


Oracle Linux Security Advisory ELSA-2019-4628

http://linux.oracle.com/errata/ELSA-2019-4628.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-uek-4.14.35-1844.4.5.2.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-1844.4.5.2.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-1844.4.5.2.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-1844.4.5.2.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-1844.4.5.2.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-1844.4.5.2.el7uek.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1844.4.5.2.el7uek.src.rpm



Description of changes:

[4.14.35-1844.4.5.2.el7uek]
- x86/mds: Add empty commit for CVE-2019-11091 (Konrad Rzeszutek Wilk) 
[Orabug: 29721848] {CVE-2019-11091}
- x86/speculation/mds: Make mds_mitigation mutable after init (Konrad 
Rzeszutek Wilk) [Orabug: 29721835] {CVE-2018-12126} {CVE-2018-12130} 
{CVE-2018-12127}

[4.14.35-1844.4.5.1.el7uek]
- x86/speculation: Support 'mitigations=' cmdline option (Josh 
Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} 
{CVE-2018-12127}
- cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) 
[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations 
off (Konrad Rzeszutek Wilk) [Orabug: 29526899] {CVE-2018-12126} 
{CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Fix comment (Boris Ostrovsky) [Orabug: 29526899] 
{CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add debugfs for controlling MDS (Kanth Ghatraju) 
[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add boot option to enable MDS protection only 
while in idle (Boris Ostrovsky) [Orabug: 29526899] {CVE-2018-12126} 
{CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [Orabug: 
29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation: Move arch_smt_update() call to after mitigation 
decisions (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} 
{CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mds=full,nosmt cmdline option (Josh 
Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} 
{CVE-2018-12127}
- Documentation: Add MDS vulnerability documentation (Thomas Gleixner) 
[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- Documentation: Move L1TF to separate directory (Thomas Gleixner) 
[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) 
[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) 
[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) 
[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Conditionally clear CPU buffers on idle entry 
(Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} 
{CVE-2018-12127}
- x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Thomas 
Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} 
{CVE-2018-12127}
- x86/speculation/mds: Clear CPU buffers on exit to user (Thomas 
Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} 
{CVE-2018-12127}
- x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner) 
[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Andi Kleen) [Orabug: 
29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [Orabug: 
29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) 
[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} 
{CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation: Consolidate CPU whitelists (Thomas Gleixner) [Orabug: 
29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/msr-index: Cleanup bit defines (Thomas Gleixner) [Orabug: 
29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
file (Will Deacon) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} 
{CVE-2018-12127}
- x86/cpu: Sanitize FAM6_ATOM naming (Peter Zijlstra) [Orabug: 29526899] 
{CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- Documentation/l1tf: Fix small spelling typo (Salvatore Bonaccorso) 
[Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation: Simplify the CPU bug detection logic (Dominik 
Brodowski) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} 
{CVE-2018-12127}
- tools include: Adopt linux/bits.h (Arnaldo Carvalho de Melo) [Orabug: 
29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}





More information about the El-errata mailing list