[El-errata] ELSA-2018-4235 Important: Oracle Linux 5 Extended Lifecycle Support (ELS) kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Oct 1 18:39:07 PDT 2018 

Oracle Linux Security Advisory ELSA-2018-4235

http://linux.oracle.com/errata/ELSA-2018-4235.html

The following updated rpms for Oracle Linux 5 Extended Lifecycle Support 
(ELS) have been uploaded to the Unbreakable Linux Network:

i386:
kernel-2.6.18-419.0.0.0.12.el5.i686.rpm
kernel-debug-2.6.18-419.0.0.0.12.el5.i686.rpm
kernel-debug-devel-2.6.18-419.0.0.0.12.el5.i686.rpm
kernel-devel-2.6.18-419.0.0.0.12.el5.i686.rpm
kernel-doc-2.6.18-419.0.0.0.12.el5.noarch.rpm
kernel-headers-2.6.18-419.0.0.0.12.el5.i386.rpm
kernel-PAE-2.6.18-419.0.0.0.12.el5.i686.rpm
kernel-PAE-devel-2.6.18-419.0.0.0.12.el5.i686.rpm
kernel-xen-2.6.18-419.0.0.0.12.el5.i686.rpm
kernel-xen-devel-2.6.18-419.0.0.0.12.el5.i686.rpm

x86_64:
kernel-2.6.18-419.0.0.0.12.el5.x86_64.rpm
kernel-debug-2.6.18-419.0.0.0.12.el5.x86_64.rpm
kernel-debug-devel-2.6.18-419.0.0.0.12.el5.x86_64.rpm
kernel-devel-2.6.18-419.0.0.0.12.el5.x86_64.rpm
kernel-doc-2.6.18-419.0.0.0.12.el5.noarch.rpm
kernel-headers-2.6.18-419.0.0.0.12.el5.x86_64.rpm
kernel-xen-2.6.18-419.0.0.0.12.el5.x86_64.rpm
kernel-xen-devel-2.6.18-419.0.0.0.12.el5.x86_64.rpm


The following packages were rebuilt to be in sync with the updated 
kernel version (no changes other than updating the version number):
i386:
ocfs2-2.6.18-419.0.0.0.12.el5-1.4.11-1.el5.i686.rpm
ocfs2-2.6.18-419.0.0.0.12.el5PAE-1.4.11-1.el5.i686.rpm
ocfs2-2.6.18-419.0.0.0.12.el5xen-1.4.11-1.el5.i686.rpm
ocfs2-2.6.18-419.0.0.0.12.el5debug-1.4.11-1.el5.i686.rpm
oracleasm-2.6.18-419.0.0.0.12.el5-2.0.5-2.el5.i686.rpm
oracleasm-2.6.18-419.0.0.0.12.el5PAE-2.0.5-2.el5.i686.rpm
oracleasm-2.6.18-419.0.0.0.12.el5xen-2.0.5-2.el5.i686.rpm
oracleasm-2.6.18-419.0.0.0.12.el5debug-2.0.5-2.el5.i686.rpm

x86_64:
ocfs2-2.6.18-419.0.0.0.12.el5-1.4.11-1.el5.x86_64.rpm
ocfs2-2.6.18-419.0.0.0.12.el5xen-1.4.11-1.el5.x86_64.rpm
ocfs2-2.6.18-419.0.0.0.12.el5debug-1.4.11-1.el5.x86_64.rpm
oracleasm-2.6.18-419.0.0.0.12.el5-2.0.5-2.el5.x86_64.rpm
oracleasm-2.6.18-419.0.0.0.12.el5xen-2.0.5-2.el5.x86_64.rpm
oracleasm-2.6.18-419.0.0.0.12.el5debug-2.0.5-2.el5.x86_64.rpm



SRPMS:
http://oss.oracle.com/el5/SRPMS-updates/ocfs2-2.6.18-419.0.0.0.12.el5-1.4.11-1.el5.src.rpm
http://oss.oracle.com/el5/SRPMS-updates/oracleasm-2.6.18-419.0.0.0.12.el5-2.0.5-2.el5.src.rpm


Description of changes:

kernel
[2.6.18-419.0.0.0.12.el5]
- [x86] mm/dump_pagetables: Add a check_l1tf debugfs file (Chris von 
Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] cpu: Make flush_l1d visible in /proc/cpuinfo (Chris von 
Recklinghausen) [1593378]
- [x86] cpufeatures: Add detection of L1D cache flush support. (Chris 
von Recklinghausen) [1593378]
- [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Chris von 
Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Extend 64bit swap file size limit (Chris von 
Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] bugs: Move the l1tf function and define pr_fmt properly (Chris 
von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Limit swap file size to MAX_PA/2 (Chris von 
Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Add sysfs reporting for l1tf (Chris von 
Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Protect PROT_NONE PTEs against speculation 
(Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Protect swap entries against L1TF (Chris von 
Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Change order of offset/type in swap entry 
(Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT 
(Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] cpu: Fix incorrect vulnerabilities files function prototypes 
(Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] bugs: Export the internal __cpu_bugs variable (Chris von 
Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Chris von 
Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] intel-family.h: Add GEMINI_LAKE SOC (Chris von Recklinghausen) 
[1593378] {CVE-2018-3620}
- [x86] mm: Fix swap entry comment and macro (Chris von Recklinghausen) 
[1593378] {CVE-2018-3620}
- [x86] mm: Move swap offset/type up in PTE to work around erratum 
(Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] cpufeatures: Resolve X86_FEATURE_SMEP definition conflict 
(Radomir Vrbovsky) [1570474]
- [x86] fix kexec load warnings with PTI enabled (Rafael Aquini) [1576191]
- [x86] ia32entry: make target ia32_ret_from_sys_call the common exit 
point to long-mode (Rafael Aquini) [1570474] {CVE-2009-2910}
- [x86] spec_ctrl: only perform RSB stuffing on SMEP capable CPUs 
(Rafael Aquini) [1570474] {CVE-2009-2910}
- [net] tcp: fix 0 divide in __tcp_select_window (Davide Caratti) 
[1488343] {CVE-2017-14106}
- [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide 
Caratti) [1488343] {CVE-2017-14106}
- [x86] adjust / fix LDT handling for PTI (Rafael Aquini) [1584622]
- [x86] Fix up /proc/cpuinfo entries (Chris von Recklinghausen) 
[1566896] {CVE-2018-3639}
- [kernel] spec_ctrl: work around broken microcode (Chris von 
Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] Only expose PR_{GET, SET}_SPECULATION_CTRL if CONFIG_SPEC_CTRL 
is defined (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] misc changes to fix i386 builds (Chris von Recklinghausen) 
[1566896] {CVE-2018-3639}
- [x86] amd: Disable AMD SSBD mitigation in a VM (Chris von 
Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros 
(Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs: Rename _RDS to _SSBD (Chris von Recklinghausen) [1566896] 
{CVE-2018-3639}
- [x86] speculation: Add prctl for Speculative Store Bypass mitigation 
(Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] process: Allow runtime control of Speculative Store Bypass 
(Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] 64: add skeletonized version of __switch_to_xtra (Chris von 
Recklinghausen) [1566896] {CVE-2018-3639}
- [kernel] prctl: Add speculation control prctls (Chris von 
Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs/AMD: Add support to disable RDS on Fam[15, 16, 17]h if 
requested (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] spec_ctrl: Sync up RDS setting with IBRS code (Chris von 
Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs: Provide boot parameters for the spec_store_bypass_disable 
mitigation (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs: Expose the /sys/../spec_store_bypass and 
X86_BUG_SPEC_STORE_BYPASS (Chris von Recklinghausen) [1566896] 
{CVE-2018-3639}
- [x86] include: add latest intel-family.h from RHEL6 (Chris von 
Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits 
(Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit 
(Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpuid: Fix up  IBRS/IBPB/STIBP feature bits on Intel (Chris von 
Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpufeatures: Clean up Spectre v2 related CPUID flags (Chris von 
Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpufeatures: Add AMD feature bits for Speculation Control (Chris 
von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpufeatures: Add Intel feature bits for Speculation (Chris von 
Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpu: Add driver auto probing for x86 features (Chris von 
Recklinghausen) [1566896] {CVE-2018-3639}

More information about the El-errata mailing list