[Oraclevm-errata] OVMSA-2018-0010 Important: Oracle VM 3.4 Unbreakable Enterprise kernel security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Wed Jan 17 18:15:29 PST 2018
Oracle VM Security Advisory OVMSA-2018-0010
The following updated rpms for Oracle VM 3.4 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-4.1.12-112.14.11.el6uek.x86_64.rpm
kernel-uek-firmware-4.1.12-112.14.11.el6uek.noarch.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/kernel-uek-4.1.12-112.14.11.el6uek.src.rpm
Description of changes:
[4.1.12-112.14.11.el6uek]
- x86/pti/efi: broken conversion from efi to kernel page table (Pavel
Tatashin) [Orabug: 27363926] [Orabug: 27352353] {CVE-2017-5754}
- x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT
(redux) (Konrad Rzeszutek Wilk) [Orabug: 27369994]
- x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value
(Boris Ostrovsky) [Orabug: 27362581]
- x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky)
[Orabug: 27363792]
- x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported.
(Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- x86/entry_64: TRACE_IRQS_OFF before re-enabling. (Jamie Iles)
[Orabug: 27339995] {CVE-2017-5715}
- ptrace: remove unlocked RCU dereference. (Jamie Iles) [Orabug:
27339995] {CVE-2017-5715}
- x86/ia32: Adds code hygiene for 32bit SYSCALL instruction entry.
(Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- x86/ia32: don't save registers on audit call (Konrad Rzeszutek Wilk)
[Orabug: 27339995] {CVE-2017-5715}
- x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL (Konrad
Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk)
[Orabug: 27339995] {CVE-2017-5715}
- x86/spec: Always set IBRS to guest value on VMENTER and host on
VMEXIT. (Konrad Rzeszutek Wilk) [Orabug: 27365544] {CVE-2017-5715}
More information about the Oraclevm-errata
mailing list