[El-errata] ELSA-2018-4011 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Sat Jan 13 18:34:23 PST 2018 

Oracle Linux Security Advisory ELSA-2018-4011

http://linux.oracle.com/errata/ELSA-2018-4011.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-uek-4.1.12-112.14.11.el6uek.x86_64.rpm
kernel-uek-doc-4.1.12-112.14.11.el6uek.noarch.rpm
kernel-uek-firmware-4.1.12-112.14.11.el6uek.noarch.rpm
kernel-uek-devel-4.1.12-112.14.11.el6uek.x86_64.rpm
kernel-uek-debug-4.1.12-112.14.11.el6uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-112.14.11.el6uek.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-4.1.12-112.14.11.el6uek.src.rpm



Description of changes:

[4.1.12-112.14.11.el6uek]
- x86/pti/efi: broken conversion from efi to kernel page table (Pavel 
Tatashin)  [Orabug: 27363926] [Orabug: 27352353]  {CVE-2017-5754}
- x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT 
(redux) (Konrad Rzeszutek Wilk)  [Orabug: 27369994]
- x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value 
(Boris Ostrovsky)  [Orabug: 27362581]
- x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) 
  [Orabug: 27363792]
- x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported. 
(Konrad Rzeszutek Wilk)  [Orabug: 27339995]  {CVE-2017-5715}
- x86/entry_64: TRACE_IRQS_OFF before re-enabling. (Jamie Iles) 
[Orabug: 27339995]  {CVE-2017-5715}
- ptrace: remove unlocked RCU dereference. (Jamie Iles)  [Orabug: 
27339995]  {CVE-2017-5715}
- x86/ia32: Adds code hygiene for 32bit SYSCALL instruction entry. 
(Konrad Rzeszutek Wilk)  [Orabug: 27339995]  {CVE-2017-5715}
- x86/ia32: don't save registers on audit call (Konrad Rzeszutek Wilk) 
[Orabug: 27339995]  {CVE-2017-5715}
- x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL (Konrad 
Rzeszutek Wilk)  [Orabug: 27339995]  {CVE-2017-5715}
- x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk) 
[Orabug: 27339995]  {CVE-2017-5715}
- x86/spec: Always set IBRS to guest value on VMENTER and host on 
VMEXIT. (Konrad Rzeszutek Wilk)  [Orabug: 27365544]  {CVE-2017-5715}

More information about the El-errata mailing list