[El-errata] ELSA-2019-1168 Important: Oracle Linux 7 kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed May 15 08:10:32 PDT 2019 

Oracle Linux Security Advisory ELSA-2019-1168

http://linux.oracle.com/errata/ELSA-2019-1168.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
bpftool-3.10.0-957.12.2.el7.x86_64.rpm
kernel-3.10.0-957.12.2.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-957.12.2.el7.noarch.rpm
kernel-debug-3.10.0-957.12.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-957.12.2.el7.x86_64.rpm
kernel-devel-3.10.0-957.12.2.el7.x86_64.rpm
kernel-doc-3.10.0-957.12.2.el7.noarch.rpm
kernel-headers-3.10.0-957.12.2.el7.x86_64.rpm
kernel-tools-3.10.0-957.12.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-957.12.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-957.12.2.el7.x86_64.rpm
perf-3.10.0-957.12.2.el7.x86_64.rpm
python-perf-3.10.0-957.12.2.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-957.12.2.el7.src.rpm



Description of changes:

[3.10.0-957.12.2.el7.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel 
(olkmod_signing_key.x509)(alexey.petrenko at oracle.com)
- Update x509.genkey [bug 24817676]

[3.10.0-957.12.2.el7]
- [x86] x86/speculation/mds: Add SMT warning message (Waiman Long) 
[1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 
CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation: Move arch_smt_update() call to after mitigation 
decisions (Waiman Long) [1692597 1692598 1692599 1690335 1690348 
1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [documentation] x86/speculation/mds: Add mds=full,nosmt cmdline option 
(Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] 
{CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [kernel] x86/speculation: Remove redundant arch_smt_update() 
invocation (Waiman Long) [1692597 1692598 1692599 1690335 1690348 
1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/spec_ctrl: Update MDS mitigation status after late microcode 
load (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] 
{CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) 
[1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 
CVE-2018-12127 CVE-2018-12130}
- [x86] x86/spec_ctrl: Disable automatic enabling of STIBP with SMT on 
(Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] 
{CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [documentation] Documentation: Add MDS vulnerability documentation 
(Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] 
{CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [documentation] Documentation: Move L1TF to separate directory (Waiman 
Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 
CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) 
[1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 
CVE-2018-12127 CVE-2018-12130}
- [base] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long) 
[1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 
CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add mitigation control for MDS (Waiman 
Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 
CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle 
entry (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] 
{CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active 
(Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] 
{CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman 
Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 
CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) 
[1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 
CVE-2018-12130 CVE-2018-12127}
- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) 
[1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 
CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692597 
1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 
CVE-2018-12130}
- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS 
(Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] 
{CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
- [x86] x86/speculation: Consolidate CPU whitelists (Waiman Long) 
[1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 
CVE-2018-12127 CVE-2018-12130}
- [x86] x86/msr-index: Cleanup bit defines (Waiman Long) [1692597 
1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 
CVE-2018-12127}
- [x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692597 1692598 
1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 
CVE-2018-12127}
- [x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability 
(Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] 
{CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
- [x86] x86/speculation: Rework SMT state change (Waiman Long) [1692597 
1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 
CVE-2018-12127}
- [kernel] sched/smt: Expose sched_smt_present static key (Waiman Long) 
[1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 
CVE-2018-12130 CVE-2018-12127}
- [kernel] sched/smt: Make sched_smt_present track topology (Waiman 
Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 
CVE-2018-12130 CVE-2018-12127}
- [x86] x86/speculation: Disable STIBP when enhanced IBRS is in use 
(Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] 
{CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
- [x86] x86/speculation: Move STIPB/IBPB string conditionals out of 
cpu_show_common() (Waiman Long) [1692597 1692598 1692599 1690335 1690348 
1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation: Enable cross-hyperthread spectre v2 STIBP 
mitigation (Waiman Long) [1692597 1692598 1692599 1690335 1690348 
1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/spectre_v2: Make spectre_v2_mitigation mode available 
(Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] 
{CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/spec_ctrl: Add X86_FEATURE_USE_IBPB (Waiman Long) [1692597 
1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 
CVE-2018-12130}
- [x86] x86/spec_ctrl: Add casting to fix compilation error (Waiman 
Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 
CVE-2018-12130 CVE-2018-12127}
- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692597 
1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 
CVE-2018-12127}
- [x86] x86/cpufeatures: Add Intel PCONFIG cpufeature (Waiman Long) 
[1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 
CVE-2018-12130 CVE-2018-12127}

More information about the El-errata mailing list