[Oraclevm-errata] OVMSA-2018-0010 Important: Oracle VM 3.4 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Wed Jan 17 18:15:29 PST 2018


Oracle VM Security Advisory OVMSA-2018-0010

The following updated rpms for Oracle VM 3.4 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-uek-4.1.12-112.14.11.el6uek.x86_64.rpm
kernel-uek-firmware-4.1.12-112.14.11.el6uek.noarch.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/kernel-uek-4.1.12-112.14.11.el6uek.src.rpm



Description of changes:

[4.1.12-112.14.11.el6uek]
- x86/pti/efi: broken conversion from efi to kernel page table (Pavel 
Tatashin)  [Orabug: 27363926] [Orabug: 27352353]  {CVE-2017-5754}
- x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT 
(redux) (Konrad Rzeszutek Wilk)  [Orabug: 27369994]
- x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value 
(Boris Ostrovsky)  [Orabug: 27362581]
- x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) 
  [Orabug: 27363792]
- x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported. 
(Konrad Rzeszutek Wilk)  [Orabug: 27339995]  {CVE-2017-5715}
- x86/entry_64: TRACE_IRQS_OFF before re-enabling. (Jamie Iles) 
[Orabug: 27339995]  {CVE-2017-5715}
- ptrace: remove unlocked RCU dereference. (Jamie Iles)  [Orabug: 
27339995]  {CVE-2017-5715}
- x86/ia32: Adds code hygiene for 32bit SYSCALL instruction entry. 
(Konrad Rzeszutek Wilk)  [Orabug: 27339995]  {CVE-2017-5715}
- x86/ia32: don't save registers on audit call (Konrad Rzeszutek Wilk) 
[Orabug: 27339995]  {CVE-2017-5715}
- x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL (Konrad 
Rzeszutek Wilk)  [Orabug: 27339995]  {CVE-2017-5715}
- x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk) 
[Orabug: 27339995]  {CVE-2017-5715}
- x86/spec: Always set IBRS to guest value on VMENTER and host on 
VMEXIT. (Konrad Rzeszutek Wilk)  [Orabug: 27365544]  {CVE-2017-5715}



More information about the Oraclevm-errata mailing list