[El-errata] ELSA-2019-3834 Important: Oracle Linux 7 kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Nov 14 06:59:46 PST 2019


Oracle Linux Security Advisory ELSA-2019-3834

http://linux.oracle.com/errata/ELSA-2019-3834.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
bpftool-3.10.0-1062.4.2.el7.x86_64.rpm
kernel-3.10.0-1062.4.2.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-1062.4.2.el7.noarch.rpm
kernel-debug-3.10.0-1062.4.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.4.2.el7.x86_64.rpm
kernel-devel-3.10.0-1062.4.2.el7.x86_64.rpm
kernel-doc-3.10.0-1062.4.2.el7.noarch.rpm
kernel-headers-3.10.0-1062.4.2.el7.x86_64.rpm
kernel-tools-3.10.0-1062.4.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.4.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.4.2.el7.x86_64.rpm
perf-3.10.0-1062.4.2.el7.x86_64.rpm
python-perf-3.10.0-1062.4.2.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-1062.4.2.el7.src.rpm



Description of changes:

[3.10.0-1062.4.2.el7.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel 
(olkmod_signing_key.x509)(alexey.petrenko at oracle.com)
- Update x509.genkey [Orabug: 24817676]

[3.10.0-1062.4.2.el7]
- [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) 
[1756815 1756816] {CVE-2019-0154}
- [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1756815 
1756816] {CVE-2019-0154}
- [drm] drm/i915/cmdparser: Ignore Length operands during command 
matching (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) 
[1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915/cmdparser: Use explicit goto for error paths (Dave 
Airlie) [1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756882 
1756883] {CVE-2019-0155}
- [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) 
[1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave 
Airlie) [1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) 
[1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) 
[1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) 
[1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756882 
1756883] {CVE-2019-0155}
- [x86] tsx: Add config options to set tsx=on|off|auto (Waiman Long) 
[1766539 1766540] {CVE-2019-11135}
- [documentation] x86/speculation/taa: Add documentation for TSX Async 
Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}
- [x86] tsx: Add "auto" option to the tsx= cmdline parameter (Waiman 
Long) [1766539 1766540] {CVE-2019-11135}
- [x86] speculation/taa: Add sysfs reporting for TSX Async Abort (Waiman 
Long) [1766539 1766540] {CVE-2019-11135}
- [x86] speculation/taa: Add mitigation for TSX Async Abort (Waiman 
Long) [1766539 1766540] {CVE-2019-11135}
- [x86] cpu: Add a "tsx=" cmdline option with TSX disabled by default 
(Waiman Long) [1766539 1766540] {CVE-2019-11135}
- [x86] cpu: Add a helper function x86_read_arch_cap_msr() (Waiman Long) 
[1766539 1766540] {CVE-2019-11135}
- [x86] msr: Add the IA32_TSX_CTRL MSR (Waiman Long) [1766539 1766540] 
{CVE-2019-11135}
- [documentation] documentation: Add ITLB_MULTIHIT documentation (Paolo 
Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: x86: mmu: Recovery of shattered NX large pages (Paolo 
Bonzini) [1733009 1690343] {CVE-2018-12207}
- [virt] kvm: Add helper function for creating VM worker threads (Paolo 
Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [1733009 
1690343] {CVE-2018-12207}
- [kernel] cpu/speculation: Uninline and export CPU mitigations helpers 
(Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] cpu: Add Tremont to the cpu vulnerability whitelist (Paolo 
Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1733009 
1690343] {CVE-2018-12207}
- [x86] kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is 
active (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: x86: add tracepoints around __direct_map and FNAME(fetch) 
(Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (Paolo 
Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: x86: remove now unneeded hugepage gfn adjustment (Paolo 
Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: x86: make FNAME(fetch) and __direct_map more similar (Paolo 
Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: mmu: Do not release the page inside mmu_set_spte() (Paolo 
Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: x86: mmu: Remove unused parameter of __direct_map() (Paolo 
Bonzini) [1733009 1690343] {CVE-2018-12207}
- [virt] kvm: Convert kvm_lock to a mutex (Paolo Bonzini) [1733009 
1690343] {CVE-2018-12207}
- [x86] kvm: mmu: drop vcpu param in gpte_access (Paolo Bonzini) 
[1733009 1690343] {CVE-2018-12207}
- [virt] kvm: x86, powerpc: do not allow clearing largepages debugfs 
entry (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}




More information about the El-errata mailing list