Oracle Linux 6267 Published by

The following updates has been released for Oracle Linux:

ELBA-2018-1276 Oracle Linux 7 copy-jdk-configs bug fix update
ELBA-2018-4090 Oracle Linux 7 pcs bug fix update
ELSA-2018-1278 Important: Oracle Linux 7 java-1.7.0-openjdk security update
ELSA-2018-4089 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2018-4089 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
New Ksplice updates for UEKR2 2.6.39 on OL5 and OL6 (ELSA-2018-4088)
New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2018-4084)



ELBA-2018-1276 Oracle Linux 7 copy-jdk-configs bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-1276

http://linux.oracle.com/errata/ELBA-2018-1276.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
copy-jdk-configs-3.3-10.el7_5.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/copy-jdk-configs-3.3-10.el7_5.src.rpm



Description of changes:

[3.3-10]
- added javaws.policy and blacklist
- Resolves: rhbz#1573163

[3.3-3]
- fixes issue when java.security for openjdk7 was erased
- Resolves: rhbz#1573163


ELBA-2018-4090 Oracle Linux 7 pcs bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-4090

http://linux.oracle.com/errata/ELBA-2018-4090.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
pcs-0.9.162-5.0.5.el7_5.1.x86_64.rpm
pcs-snmp-0.9.162-5.0.5.el7_5.1.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/pcs-0.9.162-5.0.5.el7_5.1.src.rpm



Description of changes:

[0.9.162-5.0.5.el7_5.1]
- Revert the prior change to disable aarch64 build

ELSA-2018-1278 Important: Oracle Linux 7 java-1.7.0-openjdk security update

Oracle Linux Security Advisory ELSA-2018-1278

http://linux.oracle.com/errata/ELSA-2018-1278.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
java-1.7.0-openjdk-1.7.0.181-2.6.14.5.0.1.el7.x86_64.rpm
java-1.7.0-openjdk-accessibility-1.7.0.181-2.6.14.5.0.1.el7.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.5.0.1.el7.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.5.0.1.el7.x86_64.rpm
java-1.7.0-openjdk-headless-1.7.0.181-2.6.14.5.0.1.el7.x86_64.rpm
java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.5.0.1.el7.noarch.rpm
java-1.7.0-openjdk-src-1.7.0.181-2.6.14.5.0.1.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/java-1.7.0-openjdk-1.7.0.181-2.6.14.5.0.1.el7.src.rpm



Description of changes:

[1:1.7.0.181-2.6.14.5.0.1]
- Update DISTRO_NAME in specfile

[1:1.7.0.181-2.6.14.5]
- added depndence on latest c-j-c who do not have the incorrect jre-abrt
handling
- Resolves: rhbz#1559766

[1:1.7.0.181-2.6.14.3]
- Bump release number to an unused one as
rhel-7.5-z-java-unsafe-candidate wrongly using .el7
- Resolves: rhbz#1559766

[1:1.7.0.181-2.6.14.1]
- Fix invalid license 'LGPL+' (should be LGPLv2+ for ECC code) and add
missing ones
- Resolves: rhbz#1559766

[1:1.7.0.181-2.6.14.0]
- Bump to 2.6.14 and u181b00.
- Drop 8197981 Zero 32-bit patch now applied upstream.
- Update RC4 patch (8076221/PR2809) to apply after 8175075 (disable 3DES)
- Resolves: rhbz#1559766


ELSA-2018-4089 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2018-4089

http://linux.oracle.com/errata/ELSA-2018-4089.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-firmware-3.8.13-118.20.6.el6uek.noarch.rpm
kernel-uek-doc-3.8.13-118.20.6.el6uek.noarch.rpm
kernel-uek-3.8.13-118.20.6.el6uek.x86_64.rpm
kernel-uek-devel-3.8.13-118.20.6.el6uek.x86_64.rpm
kernel-uek-debug-devel-3.8.13-118.20.6.el6uek.x86_64.rpm
kernel-uek-debug-3.8.13-118.20.6.el6uek.x86_64.rpm
dtrace-modules-3.8.13-118.20.6.el6uek-0.4.5-3.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-3.8.13-118.20.6.el6uek.src.rpm
http://oss.oracle.com/ol6/SRPMS-updates/dtrace-modules-3.8.13-118.20.6.el6uek-0.4.5-3.el6.src.rpm



Description of changes:

kernel-uek
[3.8.13-118.20.6.el6uek]
- perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus
Torvalds) [Orabug: 27947608] {CVE-2018-100199}

[3.8.13-118.20.5.el6uek]
- x86/microcode: probe CPU features on microcode update (Ankur Arora)
[Orabug: 27806667]
- x86/microcode: microcode_write() should not reference boot_cpu_data
(Ankur Arora) [Orabug: 27806667]
- x86/cpufeatures: use cpu_data in init_scattered_cpuid_flags() (Ankur
Arora) [Orabug: 27806667]

[3.8.13-118.20.4.el6uek]
- Drivers: hv: fcopy: set .owner reference for file operations (Joe Jin)
[Orabug: 21191022]
- ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug:
27148281] {CVE-2017-16527}
- HID: usbhid: fix out-of-bounds bug (Jaejoong Kim) [Orabug: 27207929]
{CVE-2017-16533}
- [media] cx231xx-cards: fix NULL-deref on missing association
descriptor (Johan Hovold) [Orabug: 27208072] {CVE-2017-16536}
- net: cdc_ether: fix divide by 0 on bad descriptors (Bjørn Mork)
[Orabug: 27215201] {CVE-2017-16649}
- x86/microcode/intel: Extend BDW late-loading with a revision check
(Jia Zhang) [Orabug: 27343577]
- x86/microcode/intel: Disable late loading on model 79 (Borislav
Petkov) [Orabug: 27343577]
- Bluetooth: bnep: bnep_add_connection() should verify that it's dealing
with l2cap socket (Al Viro) [Orabug: 27344793] {CVE-2017-15868}
- Bluetooth: hidp: verify l2cap sockets (David Herrmann) [Orabug:
27344793] {CVE-2017-15868}
- ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser) [Orabug:
27344843] {CVE-2017-0861} {CVE-2017-0861}
- ptrace: use fsuid, fsgid, effective creds for fs access checks (Jann
Horn) [Orabug: 27364691] {CVE-2017-14140}
- sctp: do not peel off an assoc from one netns to another one (Xin
Long) [Orabug: 27387001] {CVE-2017-15115}
- Revert "x86/spec_ctrl: Add 'nolfence' knob to disable fallback for
spectre_v2 mitigation" (Ankur Arora) [Orabug: 27601787] {CVE-2017-5715}
- Revert "x86/spec: Add 'lfence_enabled' in sysfs" (Ankur Arora)
[Orabug: 27601787] {CVE-2017-5715}
- Revert "x86/mitigation/spectre_v2: Add reporting of 'lfence'" (Ankur
Arora) [Orabug: 27601787] {CVE-2017-5715}
- x86/mitigation/spectre_v2: Add reporting of 'lfence' (Konrad Rzeszutek
Wilk) {CVE-2017-5715}
- x86/spec: Add 'lfence_enabled' in sysfs (Konrad Rzeszutek Wilk)
{CVE-2017-5715}
- x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2
mitigation (Konrad Rzeszutek Wilk) {CVE-2017-5715}
- x86/spectre: bring spec_ctrl management logic closer to UEK4 (Ankur
Arora) [Orabug: 27516512] {CVE-2017-5715}
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags (David
Woodhouse) [Orabug: 27516357] {CVE-2017-5715}
- x86/spectre_v2: Remove 0xc2 from spectre_bad_microcodes (Darren Kenny)
[Orabug: 27516419] {CVE-2017-5715}
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2
microcodes (David Woodhouse) [Orabug: 27516419] {CVE-2017-5715}
- x86: intel-family.h: Add GEMINI_LAKE SOC (Len Brown) [Orabug: 27516419]
- x86/cpu/intel: Introduce macros for Intel family numbers (Dave Hansen)
[Orabug: 27516419]
- x86/spectre: expose 'stibp' (Konrad Rzeszutek Wilk) [Orabug:
27516419] {CVE-2017-5715}
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier)
support (David Woodhouse) [Orabug: 27516379] {CVE-2017-5715}
- x86/speculation: Use Indirect Branch Prediction Barrier in context
switch (Tim Chen) [Orabug: 27516379] {CVE-2017-5715}
- x86/spectre: fix spectre_v1 mitigation indicators (Ankur Arora)
[Orabug: 27509932] {CVE-2017-5715}
- x86/ia32/syscall: Clear extended registers %r8-%r15 (Ankur Arora)
[Orabug: 27452028] {CVE-2017-5715}
- x86/ia32/syscall: Save full stack frame throughout the entry code
(Ankur Arora) [Orabug: 27452028] {CVE-2017-5715}
- x86/ia32/syscall: cleanup trailing whitespace (Ankur Arora) [Orabug:
27452028] {CVE-2017-5715}
- x86/syscall: Clear callee saved registers (%r12-%r15, %rbp, %rbx)
(Ankur Arora) [Orabug: 27452028] {CVE-2017-5715}
- x86/syscall: Save callee saved registers on syscall entrance (Ankur
Arora) [Orabug: 27452028] {CVE-2017-5715}

ELSA-2018-4089 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2018-4089

http://linux.oracle.com/errata/ELSA-2018-4089.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-firmware-3.8.13-118.20.6.el7uek.noarch.rpm
kernel-uek-doc-3.8.13-118.20.6.el7uek.noarch.rpm
kernel-uek-3.8.13-118.20.6.el7uek.x86_64.rpm
kernel-uek-devel-3.8.13-118.20.6.el7uek.x86_64.rpm
kernel-uek-debug-devel-3.8.13-118.20.6.el7uek.x86_64.rpm
kernel-uek-debug-3.8.13-118.20.6.el7uek.x86_64.rpm
dtrace-modules-3.8.13-118.20.6.el7uek-0.4.5-3.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-3.8.13-118.20.6.el7uek.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/dtrace-modules-3.8.13-118.20.6.el7uek-0.4.5-3.el7.src.rpm



Description of changes:

kernel-uek
[3.8.13-118.20.6.el7uek]
- perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus
Torvalds) [Orabug: 27947608] {CVE-2018-100199}

[3.8.13-118.20.5.el7uek]
- x86/microcode: probe CPU features on microcode update (Ankur Arora)
[Orabug: 27806667]
- x86/microcode: microcode_write() should not reference boot_cpu_data
(Ankur Arora) [Orabug: 27806667]
- x86/cpufeatures: use cpu_data in init_scattered_cpuid_flags() (Ankur
Arora) [Orabug: 27806667]

[3.8.13-118.20.4.el7uek]
- Drivers: hv: fcopy: set .owner reference for file operations (Joe Jin)
[Orabug: 21191022]
- ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug:
27148281] {CVE-2017-16527}
- HID: usbhid: fix out-of-bounds bug (Jaejoong Kim) [Orabug: 27207929]
{CVE-2017-16533}
- [media] cx231xx-cards: fix NULL-deref on missing association
descriptor (Johan Hovold) [Orabug: 27208072] {CVE-2017-16536}
- net: cdc_ether: fix divide by 0 on bad descriptors (Bjørn Mork)
[Orabug: 27215201] {CVE-2017-16649}
- x86/microcode/intel: Extend BDW late-loading with a revision check
(Jia Zhang) [Orabug: 27343577]
- x86/microcode/intel: Disable late loading on model 79 (Borislav
Petkov) [Orabug: 27343577]
- Bluetooth: bnep: bnep_add_connection() should verify that it's dealing
with l2cap socket (Al Viro) [Orabug: 27344793] {CVE-2017-15868}
- Bluetooth: hidp: verify l2cap sockets (David Herrmann) [Orabug:
27344793] {CVE-2017-15868}
- ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser) [Orabug:
27344843] {CVE-2017-0861} {CVE-2017-0861}
- ptrace: use fsuid, fsgid, effective creds for fs access checks (Jann
Horn) [Orabug: 27364691] {CVE-2017-14140}
- sctp: do not peel off an assoc from one netns to another one (Xin
Long) [Orabug: 27387001] {CVE-2017-15115}
- Revert "x86/spec_ctrl: Add 'nolfence' knob to disable fallback for
spectre_v2 mitigation" (Ankur Arora) [Orabug: 27601787] {CVE-2017-5715}
- Revert "x86/spec: Add 'lfence_enabled' in sysfs" (Ankur Arora)
[Orabug: 27601787] {CVE-2017-5715}
- Revert "x86/mitigation/spectre_v2: Add reporting of 'lfence'" (Ankur
Arora) [Orabug: 27601787] {CVE-2017-5715}
- x86/mitigation/spectre_v2: Add reporting of 'lfence' (Konrad Rzeszutek
Wilk) {CVE-2017-5715}
- x86/spec: Add 'lfence_enabled' in sysfs (Konrad Rzeszutek Wilk)
{CVE-2017-5715}
- x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2
mitigation (Konrad Rzeszutek Wilk) {CVE-2017-5715}
- x86/spectre: bring spec_ctrl management logic closer to UEK4 (Ankur
Arora) [Orabug: 27516512] {CVE-2017-5715}
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags (David
Woodhouse) [Orabug: 27516357] {CVE-2017-5715}
- x86/spectre_v2: Remove 0xc2 from spectre_bad_microcodes (Darren Kenny)
[Orabug: 27516419] {CVE-2017-5715}
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2
microcodes (David Woodhouse) [Orabug: 27516419] {CVE-2017-5715}
- x86: intel-family.h: Add GEMINI_LAKE SOC (Len Brown) [Orabug: 27516419]
- x86/cpu/intel: Introduce macros for Intel family numbers (Dave Hansen)
[Orabug: 27516419]
- x86/spectre: expose 'stibp' (Konrad Rzeszutek Wilk) [Orabug:
27516419] {CVE-2017-5715}
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier)
support (David Woodhouse) [Orabug: 27516379] {CVE-2017-5715}
- x86/speculation: Use Indirect Branch Prediction Barrier in context
switch (Tim Chen) [Orabug: 27516379] {CVE-2017-5715}
- x86/spectre: fix spectre_v1 mitigation indicators (Ankur Arora)
[Orabug: 27509932] {CVE-2017-5715}
- x86/ia32/syscall: Clear extended registers %r8-%r15 (Ankur Arora)
[Orabug: 27452028] {CVE-2017-5715}
- x86/ia32/syscall: Save full stack frame throughout the entry code
(Ankur Arora) [Orabug: 27452028] {CVE-2017-5715}
- x86/ia32/syscall: cleanup trailing whitespace (Ankur Arora) [Orabug:
27452028] {CVE-2017-5715}
- x86/syscall: Clear callee saved registers (%r12-%r15, %rbp, %rbx)
(Ankur Arora) [Orabug: 27452028] {CVE-2017-5715}
- x86/syscall: Save callee saved registers on syscall entrance (Ankur
Arora) [Orabug: 27452028] {CVE-2017-5715}

New Ksplice updates for UEKR2 2.6.39 on OL5 and OL6 (ELSA-2018-4088)

Synopsis: ELSA-2018-4088 can now be patched using Ksplice
CVEs: CVE-2017-0861 CVE-2017-15868 CVE-2017-16526 CVE-2017-16527 CVE-2017-16536 CVE-2017-16649 CVE-2018-1000199

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4088.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR2 2.6.39 on
OL5 and OL6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-0861: Use-after-free in ALSA sound subsystem.

A race condition when closing an ALSA device descriptor could cause a
use-after-free, potentially allowing an attacker to write to protected
memory and cause a privilege escalation.

Orabug: 27344840


* CVE-2017-15868: Privilege escalation in the Bluetooth stack when adding connections.

Multiple missing checks that a socket belongs to the L2CAP layer leads to
type confusion and kernel crash. A local user with the ability to create a
BNEP (Bluetooth Network Encapsulation Protocol), Human Interface Device
Protocol (HIDP) or a CAPI Message Transport Protocol (CMTP) connection
could use this flaw to escalate privileges.

Orabug: 27344787


* CVE-2017-16649: Divide by zero when binding a network USB device.

A logic error when binding a network USB device could lead to a divide
by zero error. A local attacker could use this flaw to cause a
denial-of-service.

Orabug: 27215206


* CVE-2017-16536: NULL pointer dereference when registering a Conexant cx231xx USB video device.

A missing check when probing a Conexant cx231xx USB video device could
lead to a NULL pointer dereference. A local attacker could use a crafted
USB device to cause a denial-of-service.

Orabug: 27208080


* Out-of-bounds access during parsing of Human Interface Device information.

A failure to validate information supplied by a USB device can result in
a out-of-bounds memory write, leading to undefined behaviour.

Orabug: 27207935


* CVE-2017-16526: Denial-of-service in failed launch of UWB daemon.

A failure to handle an error case when launching the UWB management
daemon can result in an invalid pointer dereference leading to a kernel
crash.

Orabug: 27206900


* CVE-2017-16527: Use-after-free when creating mixer for USB Audio device.

A missing free in error path when creating mixer for USB Audio device
could lead to a use-after-free. A local attacker could use a crafted USB
Audio device to cause a denial-of-service.

Orabug: 27148283


* System crash in Broadwell microcode updates.

A microcode bug in specific Broadwell microcode revisions could result
in a system crash and reboot when applying microcode updates. For these
revisions, only a BIOS based microcode update is supported.

Orabug: 27343579


* Missing Spectre V2 protections on AMD systems.

A difference in capability reporting between AMD and Intel based X86
systems could result in failure to apply IBRS protections on AMD
systems.

Orabug: 27649706


* Spectre v2 hardening on context switch.

Additional speculation barriers on context switch add protection for
sensitive processes to prevent leaking of sensitive data across
privilege boundaries.

Orabug: 2751637


* CVE-2018-1000199: Denial-of-service in hardware breakpoints.

Incorrect validation of a ptrace hardware breakpoint could result in
corrupted kernel state. A local, unprivileged user could use this flaw
to crash the system or potentially, escalate privileges.

Orabug: 27947612


* Improved vulnerability reporting for Spectre v2.

Incorrect vulnerability reporting for Spectre v2 could report the system
as being vulnerable when it was actually protected.

Orabug: 27519083


* Connectivity loss with Xen virtualized network driver.

Incorrect handling of integer overflow could result in missing
notifications and network stalls after receiving a large number of
frames.

Orabug: 25053376

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.

New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2018-4084)

Synopsis: ELSA-2018-4084 can now be patched using Ksplice
CVEs: CVE-2017-12146 CVE-2017-16643 CVE-2017-16645 CVE-2017-17558 CVE-2018-1093

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4084.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-12146: Privilege escalation using a sysfs entry from platform driver.

Incorrect locking when using 'driver_override' entry of platform driver
sysfs could lead to a race condition. A local attacker could use this
flaw to escalate privilege.

Orabug: 27897874


* CVE-2017-17558: Buffer overrun in USB core via integer overflow.

Failing to sanitize the bNumInterfaces field in a USB device descriptor
could allow a malicious device to induce a buffer overrun, potentially
causing a denial-of-service.

Orabug: 27895909


* CVE-2017-16645: Out-of-bounds access when using IMS Passenger Control Unit
Devices.

A missing check when using IMS Passenger Control Unit Devices could
lead to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.

Orabug: 27870333


* CVE-2017-16643: Out-of-bounds access in GTCO CalComp/InterWrite USB tablet HID
parsing.

A validation failure when parsing a HID report from a GTCO
CalComp/InterWrite USB tablet can result in an out-of-bounds memory
access. A user with physical access to a system could use this flaw to
cause undefined behaviour or potentially escalate privileges.

Orabug: 27869844


* CVE-2018-1093: Denial-of-service in ext4 bitmap block validity check.

A failure to correctly validate bitmap information from an ext4
filesystem can result in an out-of-bounds read, leading to a Kernel
crash. A local user with the ability to mount an ext4 filesystem could
use this flaw to cause a denial-of-service.

Orabug: 27854373


* Failure to initialize USB3 storage devices.

A logic error when initializing USB devices can result in USB3 storage
devices being unmountable.

Orabug: 27908746

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.