[El-errata] ELSA-2019-4643 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu May 16 06:04:55 PDT 2019


Oracle Linux Security Advisory ELSA-2019-4643

http://linux.oracle.com/errata/ELSA-2019-4643.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-uek-4.14.35-1844.5.3.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-1844.5.3.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-1844.5.3.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-1844.5.3.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-1844.5.3.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-1844.5.3.el7uek.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1844.5.3.el7uek.src.rpm



Description of changes:

[4.14.35-1844.5.3.el7uek]
- x86/mds: Add empty commit for CVE-2019-11091 (Konrad Rzeszutek Wilk)  [Orabug: 29721848]  {CVE-2019-11091}
- x86/speculation/mds: Make mds_mitigation mutable after init (Konrad Rzeszutek Wilk)  [Orabug: 29721835]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}

[4.14.35-1844.5.2.el7uek]
- xen: Fix x86 sched_clock() interface for xen (Juergen Gross)  [Orabug: 29464437]
- x86/xen/time: Output xen sched_clock time from 0 (Pavel Tatashin)  [Orabug: 29464437]
- repairing kmodstd to support cross compilation (Mark Nicholson)  [Orabug: 29682406]
- xfs: don't overflow xattr listent buffer (Darrick J. Wong)  [Orabug: 29697225]

[4.14.35-1844.5.1.el7uek]
- x86/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Konrad Rzeszutek Wilk)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Fix comment (Boris Ostrovsky)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add debugfs for controlling MDS (Kanth Ghatraju)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add boot option to enable MDS protection only while in idle (Boris Ostrovsky)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add SMT warning message (Josh Poimboeuf)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation: Move arch_smt_update() call to after mitigation decisions (Josh Poimboeuf)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mds=full,nosmt cmdline option (Josh Poimboeuf)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- Documentation: Add MDS vulnerability documentation (Thomas Gleixner)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- Documentation: Move L1TF to separate directory (Thomas Gleixner)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Thomas Gleixner)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Thomas Gleixner)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Clear CPU buffers on exit to user (Thomas Gleixner)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Andi Kleen)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation: Consolidate CPU whitelists (Thomas Gleixner)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/msr-index: Cleanup bit defines (Thomas Gleixner)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
file (Will Deacon)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/cpu: Sanitize FAM6_ATOM naming (Peter Zijlstra)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- Documentation/l1tf: Fix small spelling typo (Salvatore Bonaccorso)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation: Simplify the CPU bug detection logic (Dominik Brodowski)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- tools include: Adopt linux/bits.h (Arnaldo Carvalho de Melo)  [Orabug: 29526899]  {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}

[4.14.35-1844.5.0.el7uek]
- swiotlb: save io_tlb_used to local variable before leaving critical section (Dongli Zhang)  [Orabug: 29637519]
- swiotlb: dump used and total slots when swiotlb buffer is full (Dongli Zhang)  [Orabug: 29637519]
- bonding: ratelimit no-delay interface up messages (Shamir Rabinovitch)  [Orabug: 29016284]
- xen/netfront: don't bug in case of too many frags (Juergen Gross)  [Orabug: 29462653]
- bnxt_en: Drop oversize TX packets to prevent errors. (Michael Chan)  [Orabug: 29547792]
- xen/netfront: tolerate frags with no data (Juergen Gross)  [Orabug: 29632146]
- net/mlx5: E-Switch, fix syndrome (0x678139) when turn on vepa (Huy Nguyen)  [Orabug: 29455439]
- net/mlx5: E-Switch, Fix access to invalid memory when toggling esw modes (Roi Dayan)  [Orabug: 29455439]
- net/mlx5: Avoid panic when setting vport mac, getting vport config (Tonghao Zhang)  [Orabug: 29455439]
- net/mlx5: Support ndo bridge_setlink and getlink (Huy Nguyen)  [Orabug: 29455439]
- net/mlx5: E-Switch, Add support for VEPA in legacy mode. (Huy Nguyen)  [Orabug: 29455439]
- net/mlx5: Split FDB fast path prio to multiple namespaces (Paul Blakey)  [Orabug: 29455439]
- net/mlx5: E-Switch, Remove unused argument when creating legacy FDB (Eli Cohen)  [Orabug: 29455439]
- net/mlx5: E-switch, Create a second level FDB flow table (Chris Mi)  [Orabug: 29455439]
- net/mlx5: Add cap bits for flow table destination in FDB table (Chris Mi)  [Orabug: 29455439]
- net/mlx5: E-Switch, Reorganize and rename fdb flow tables (Chris Mi)  [Orabug: 29455439]
- net/mlx5: Add destination e-switch owner (Shahar Klein)  [Orabug: 29455439]
- net/mlx5: Properly handle a vport destination when setting FTE (Shahar Klein)  [Orabug: 29455439]
- net/mlx5: E-Switch, Reload IB interface when switching devlink modes (Mark Bloch)  [Orabug: 29455439]
- net/mlx5: E-Switch, Optimize HW steering tables in switchdev mode (Mark Bloch)  [Orabug: 29455439]
- net/mlx5: E-Switch, Increase number of FTEs in FDB in switchdev mode (Mark Bloch)  [Orabug: 29455439]
- net/mlx5: Separate ingress/egress namespaces for each vport (Gal Pressman)  [Orabug: 29455439]
- net/mlx5: Fix ingress/egress naming mistake (Gal Pressman)  [Orabug: 29455439]
- net/mlx5: Initialize destination_flow struct to 0 (Rabie Loulou)  [Orabug: 29455439]
- USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data (Hui Peng)  [Orabug: 29613788]  {CVE-2018-19985} {CVE-2018-19985}
- mm: hwpoison: fix thp split handing in soft_offline_in_use_page() (zhongjiang)  [Orabug: 29613794]  {CVE-2019-10124}
- x86/bugs, kvm: don't miss SSBD when IBRS is in use. (Mihai Carabas)  [Orabug: 29642112]




More information about the El-errata mailing list