Oracle Linux 6268 Published by

The following updates has been released for Oracle Linux:

ELBA-2018-0007-1 Oracle Linux 7 kernel bug fix update
ELEA-2017-2540 Oracle Linux 5 Extended Lifecycle Support (ELS) bind enhancement update
ELSA-2018-0007 Important: Oracle Linux 7 kernel security update
ELSA-2018-0008 Important: Oracle Linux 6 kernel security update
ELSA-2018-0012 Important: Oracle Linux 7 microcode_ctl security update
ELSA-2018-0013 Important: Oracle Linux 6 microcode_ctl security update



ELBA-2018-0007-1 Oracle Linux 7 kernel bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-0007-1

http://linux.oracle.com/errata/ELBA-2018-0007-1.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-3.10.0-693.11.6.0.1.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-693.11.6.0.1.el7.noarch.rpm
kernel-debug-3.10.0-693.11.6.0.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.11.6.0.1.el7.x86_64.rpm
kernel-devel-3.10.0-693.11.6.0.1.el7.x86_64.rpm
kernel-doc-3.10.0-693.11.6.0.1.el7.noarch.rpm
kernel-headers-3.10.0-693.11.6.0.1.el7.x86_64.rpm
kernel-tools-3.10.0-693.11.6.0.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.11.6.0.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.11.6.0.1.el7.x86_64.rpm
perf-3.10.0-693.11.6.0.1.el7.x86_64.rpm
python-perf-3.10.0-693.11.6.0.1.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-693.11.6.0.1.el7.src.rpm



Description of changes:

[3.10.0-693.11.6.0.1.el7.OL7]
- x86/xen: don't copy bogus duplicate entries into kernel page tables
(joe.jin) [orabug 27095041]
- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug
22552377]

ELEA-2017-2540 Oracle Linux 5 Extended Lifecycle Support (ELS) bind enhancement update

Oracle Linux Enhancement Advisory ELEA-2017-2540

http://linux.oracle.com/errata/ELEA-2017-2540.html

The following updated rpms for Oracle Linux 5 Extended Lifecycle Support
(ELS) have been uploaded to the Unbreakable Linux Network:

i386:
bind97-9.7.0-21.P2.0.1.el5_11.10.i386.rpm
bind97-devel-9.7.0-21.P2.0.1.el5_11.10.x86_64.rpm
bind97-libs-9.7.0-21.P2.0.1.el5_11.10.i386.rpm
bind97-chroot-9.7.0-21.P2.0.1.el5_11.10.i386.rpm
bind97-utils-9.7.0-21.P2.0.1.el5_11.10.i386.rpm

x86_64:
bind97-9.7.0-21.P2.0.1.el5_11.10.x86_64.rpm
bind97-chroot-9.7.0-21.P2.0.1.el5_11.10.x86_64.rpm
bind97-devel-9.7.0-21.P2.0.1.el5_11.10.i386.rpm
bind97-devel-9.7.0-21.P2.0.1.el5_11.10.x86_64.rpm
bind97-libs-9.7.0-21.P2.0.1.el5_11.10.i386.rpm
bind97-libs-9.7.0-21.P2.0.1.el5_11.10.x86_64.rpm
bind97-utils-9.7.0-21.P2.0.1.el5_11.10.x86_64.rpm

ia64:
bind97-9.7.0-21.P2.0.1.el5_11.10.src.rpm
bind97-utils-9.7.0-21.P2.0.1.el5_11.10.ia64.rpm
bind97-libs-9.7.0-21.P2.0.1.el5_11.10.ia64.rpm
bind97-9.7.0-21.P2.0.1.el5_11.10.ia64.rpm
bind97-devel-9.7.0-21.P2.0.1.el5_11.10.ia64.rpm
bind97-chroot-9.7.0-21.P2.0.1.el5_11.10.ia64.rpm




Description of changes:

[32:9.7.0-21.P2.0.1.el5_11.10]
- Updated named.root.key

ELSA-2018-0007 Important: Oracle Linux 7 kernel security update

Oracle Linux Security Advisory ELSA-2018-0007

http://linux.oracle.com/errata/ELSA-2018-0007.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-3.10.0-693.11.6.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-693.11.6.el7.noarch.rpm
kernel-debug-3.10.0-693.11.6.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.11.6.el7.x86_64.rpm
kernel-devel-3.10.0-693.11.6.el7.x86_64.rpm
kernel-doc-3.10.0-693.11.6.el7.noarch.rpm
kernel-headers-3.10.0-693.11.6.el7.x86_64.rpm
kernel-tools-3.10.0-693.11.6.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.11.6.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.11.6.el7.x86_64.rpm
perf-3.10.0-693.11.6.el7.x86_64.rpm
python-perf-3.10.0-693.11.6.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-693.11.6.el7.src.rpm



Description of changes:

[3.10.0-693.11.6.el7.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel
(olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [bug 24817676]

[3.10.0-693.11.6.el7]
- [x86] spec_ctrl: Eliminate redundant FEATURE Not Present messages
(Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
- [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED
per-cpu section (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas
functional (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
- [x86] kaiser/mm: skip IBRS/CR3 restore when paranoid exception returns
to userland (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
- [x86] kaiser/mm: consider the init_mm.pgd a kaiser pgd (Andrea
Arcangeli) [1519795 1519798] {CVE-2017-5715}

[3.10.0-693.11.5.el7]
- [x86] kaiser/mm: convert userland visible "kpti" name to "pti" (Andrea
Arcangeli) [1519795 1519798]
- Revert "x86/entry: Use retpoline for syscall's indirect calls" (Andrea
Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2
(Andrea Arcangeli) [1519795 1519798]
- [x86] kaiser/mm: __load_cr3 in resume from RAM after kernel gs has
been restored (Andrea Arcangeli) [1519795 1519798]

[3.10.0-693.11.4.el7]
- [x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and
IBPB_SUPPORT are missing (Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: Documentation spec_ctrl.txt (Andrea Arcangeli)
[1519795 1519798]
- [x86] spec_ctrl: remove irqs_disabled() check from intel_idle()
(Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled (Andrea
Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: undo speculation barrier for ibrs_enabled and
noibrs_cmdline (Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS
(Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB (Andrea Arcangeli)
[1519795 1519798]
- [x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs
(Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2
(Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: use IBRS_ENABLED instead of 1 (Andrea Arcangeli)
[1519795 1519798]
- [x86] spec_ctrl: allow the IBP disable feature to be toggled at
runtime (Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: always initialize save_reg in
ENABLE_IBRS_SAVE_AND_CLOBBER (Andrea Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: ibrs_enabled() is expected to return > 1 (Andrea
Arcangeli) [1519795 1519798]
- [x86] spec_ctrl: issue a __spec_ctrl_ibpb if a credential check isn't
possible (Andrea Arcangeli) [1519795 1519798]
- [x86] mm/kaiser: disable global pages by default with KAISER (Andrea
Arcangeli) [1519795 1519798]
- Revert "x86/mm/kaiser: Disable global pages by default with KAISER"
(Andrea Arcangeli) [1519795 1519798]
- ibpb: don't optimize spec_cntrl_ibpb on PREEMPT_RCU (Andrea Arcangeli)
[1519795 1519798]
- [x86] spec_ctrl: clear registers after 32bit syscall stackframe is
setup (Andrea Arcangeli) [1519800 1519801]
- [x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths
(Andrea Arcangeli) [1519800 1519801]
- [x86] kaiser/mm: fix pgd freeing in error path (Andrea Arcangeli)
[1519800 1519801]

[3.10.0-693.11.3.el7]
- [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Josh
Poimboeuf) [1519795 1519798] {CVE-2017-5715 CVE-2017-5754}
- [x86] entry: Remove trampoline check from paranoid entry path (Josh
Poimboeuf) [1519795 1519798] {CVE-2017-5715 CVE-2017-5754}
- [x86] entry: Fix paranoid_exit() trampoline clobber (Josh Poimboeuf)
[1519795 1519798] {CVE-2017-5715 CVE-2017-5754}
- [x86] entry: Simplify trampoline stack restore code (Josh Poimboeuf)
[1519795 1519798] {CVE-2017-5715 CVE-2017-5754}
- [x86] dumpstack: Remove raw stack dump (Josh Poimboeuf) [1519795 1519798]
- [x86] spec_ctrl: remove SPEC_CTRL_DEBUG code (Josh Poimboeuf) [1519795
1519798] {CVE-2017-5715}
- [x86] spec_ctrl: add noibrs noibpb boot options (Josh Poimboeuf)
[1519795 1519798] {CVE-2017-5715}
- [x86] entry: Use retpoline for syscall's indirect calls (Josh
Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] syscall: Clear unused extra registers on 32-bit compatible
syscall entrance (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: cleanup unnecessary ptregscall_common function (Josh
Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: CLEAR_EXTRA_REGS and extra regs save/restore (Josh
Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] syscall: Clear unused extra registers on syscall entrance (Josh
Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: rescan cpuid after a late microcode update (Josh
Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled (Josh
Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: consolidate the spec control boot detection (Josh
Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland (Josh
Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: add debug aid to test the entry code without
microcode (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: move stuff_RSB in spec_ctrl.h (Josh Poimboeuf)
[1519795 1519798] {CVE-2017-5715}
- [x86] entry: Stuff RSB for entry to kernel for non-SMEP platform (Josh
Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] mm: Only set IBPB when the new thread cannot ptrace current
thread (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] mm: Set IBPB upon context switch (Josh Poimboeuf) [1519795
1519798] {CVE-2017-5715}
- [x86] idle: Disable IBRS when offlining cpu and re-enable on wakeup
(Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] idle: Disable IBRS entering idle and enable it on wakeup (Josh
Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: implement spec ctrl C methods (Josh Poimboeuf)
[1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI (Josh
Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] enter: Use IBRS on syscall and interrupts (Josh Poimboeuf)
[1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: swap rdx with rsi for nmi nesting detection (Josh
Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: spec_ctrl_pcp and kaiser_enabled_pcp in same cachline
(Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and
ibrs (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] enter: MACROS to set/clear IBRS and set IBPB (Josh Poimboeuf)
[1519795 1519798] {CVE-2017-5715}
- [kvm] x86: add SPEC_CTRL to MSR and CPUID lists (Josh Poimboeuf)
[1519795 1519798] {CVE-2017-5715}
- [kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Josh
Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] svm: Set IBPB when running a different VCPU (Josh Poimboeuf)
[1519795 1519798] {CVE-2017-5715}
- [kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Josh
Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [kvm] vmx: Set IBPB when running a different VCPU (Josh Poimboeuf)
[1519795 1519798] {CVE-2017-5715}
- [kvm] x86: clear registers on VM exit (Josh Poimboeuf) [1519795
1519798] {CVE-2017-5715}
- [x86] kvm: pad RSB on VM transition (Josh Poimboeuf) [1519795 1519798]
{CVE-2017-5715}
- [x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not
available (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] feature: Report presence of IBPB and IBRS control (Josh
Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [x86] feature: Enable the x86 feature to control Speculation (Josh
Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [tools] objtool: Don't print 'call dest' warnings for ignored
functions (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715}
- [misc] locking/barriers: prevent speculative execution based on
Coverity scan results (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}
- [fs] udf: prevent speculative execution (Josh Poimboeuf) [1519788
1519786] {CVE-2017-5753}
- [fs] prevent speculative execution (Josh Poimboeuf) [1519788 1519786]
{CVE-2017-5753}
- [kernel] userns: prevent speculative execution (Josh Poimboeuf)
[1519788 1519786] {CVE-2017-5753}
- [scsi] qla2xxx: prevent speculative execution (Josh Poimboeuf)
[1519788 1519786] {CVE-2017-5753}
- [netdrv] p54: prevent speculative execution (Josh Poimboeuf) [1519788
1519786] {CVE-2017-5753}
- [netdrv] carl9170: prevent speculative execution (Josh Poimboeuf)
[1519788 1519786] {CVE-2017-5753}
- [media] uvcvideo: prevent speculative execution (Josh Poimboeuf)
[1519788 1519786] {CVE-2017-5753}
- [x86] cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
(Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}
- [x86] cpu/AMD: Make the LFENCE instruction serialized (Josh Poimboeuf)
[1519788 1519786] {CVE-2017-5753}
- [misc] locking/barriers: introduce new memory barrier gmb() (Josh
Poimboeuf) [1519788 1519786] {CVE-2017-5753}
- [x86] mm/kaiser: Replace kaiser with kpti to sync with upstream (Josh
Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: add "kaiser" and "nokaiser" boot options (Josh
Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: map the trace idt tables in userland shadow pgd (Josh
Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: fix RESTORE_CR3 crash in kaiser_stop_machine (Josh
Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: use stop_machine for enable/disable knob (Josh
Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: use atomic ops to poison/unpoison user pagetables
(Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD (Josh
Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: use two PCID ASIDs optimize the TLB during enter/exit
kernel (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: stop patching flush_tlb_single (Josh Poimboeuf)
[1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: use PCID feature to make user and kernel switches
faster (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm: If INVPCID is available, use it to flush global mappings
(Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/64: Fix reboot interaction with CR4.PCIDE (Josh Poimboeuf)
[1519800 1519801] {CVE-2017-5754}
- [x86] mm/64: Initialize CR4.PCIDE early (Josh Poimboeuf) [1519800
1519801] {CVE-2017-5754}
- [x86] mm: Add a 'noinvpcid' boot option to turn off INVPCID (Josh
Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm: Add the 'nopcid' boot option to turn off PCID (Josh
Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: validate trampoline stack (Josh Poimboeuf) [1519800
1519801] {CVE-2017-5754}
- [x86] entry: Move SYSENTER_stack to the beginning of struct tss_struct
(Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: isolate the user mapped per cpu areas (Josh
Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: enable kaiser in build (Josh Poimboeuf) [1519800
1519801] {CVE-2017-5754}
- [x86] mm/kaiser: selective boot time defaults (Josh Poimboeuf)
[1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: handle call to xen_pv_domain() on PREEMPT_RT (Josh
Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser/xen: Dynamically disable KAISER when running under Xen
PV (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: add Kconfig (Josh Poimboeuf) [1519800 1519801]
{CVE-2017-5754}
- [x86] mm/kaiser: avoid false positives during non-kaiser pgd updates
(Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: Respect disabled CPU features (Josh Poimboeuf)
[1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: trampoline stack comments (Josh Poimboeuf) [1519800
1519801] {CVE-2017-5754}
- [x86] mm/kaiser: stack trampoline (Josh Poimboeuf) [1519800 1519801]
{CVE-2017-5754}
- [x86] mm/kaiser: remove paravirt clock warning (Josh Poimboeuf)
[1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: re-enable vsyscalls (Josh Poimboeuf) [1519800
1519801] {CVE-2017-5754}
- [x86] mm/kaiser: allow to build KAISER with KASRL (Josh Poimboeuf)
[1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: allow KAISER to be enabled/disabled at runtime (Josh
Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: un-poison PGDs at runtime (Josh Poimboeuf) [1519800
1519801] {CVE-2017-5754}
- [x86] mm/kaiser: add a function to check for KAISER being enabled
(Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: add debugfs file to turn KAISER on/off at runtime
(Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: disable native VSYSCALL (Josh Poimboeuf) [1519800
1519801] {CVE-2017-5754}
- [x86] mm/kaiser: map virtually-addressed performance monitoring
buffers (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: map debug IDT tables (Josh Poimboeuf) [1519800
1519801] {CVE-2017-5754}
- [x86] mm/kaiser: add kprobes text section (Josh Poimboeuf) [1519800
1519801] {CVE-2017-5754}
- [x86] mm/kaiser: map trace interrupt entry (Josh Poimboeuf) [1519800
1519801] {CVE-2017-5754}
- [x86] mm/kaiser: map entry stack per-cpu areas (Josh Poimboeuf)
[1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: map dynamically-allocated LDTs (Josh Poimboeuf)
[1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: make sure static PGDs are 8k in size (Josh Poimboeuf)
[1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: allow NX poison to be set in p4d/pgd (Josh Poimboeuf)
[1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: unmap kernel from userspace page tables (core patch)
(Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: mark per-cpu data structures required for entry/exit
(Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: introduce user-mapped per-cpu areas (Josh Poimboeuf)
[1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: add cr3 switches to entry code (Josh Poimboeuf)
[1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: remove scratch registers (Josh Poimboeuf) [1519800
1519801] {CVE-2017-5754}
- [x86] mm/kaiser: prepare assembly for entry/exit CR3 switching (Josh
Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm/kaiser: Disable global pages by default with KAISER (Josh
Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] mm: Document X86_CR4_PGE toggling behavior (Josh Poimboeuf)
[1519800 1519801] {CVE-2017-5754}
- [x86] mm/tlb: Make CR4-based TLB flushes more robust (Josh Poimboeuf)
[1519800 1519801] {CVE-2017-5754}
- [x86] mm: Do not set _PAGE_USER for init_mm page tables (Josh
Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [x86] increase robusteness of bad_iret fixup handler (Josh Poimboeuf)
[1519800 1519801] {CVE-2017-5754}
- [perf] x86/intel/uncore: Fix memory leaks on allocation failures (Josh
Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [mm] userfaultfd: hugetlbfs: prevent UFFDIO_COPY to fill beyond the
end of i_size (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [fs] userfaultfd: non-cooperative: fix fork use after free (Josh
Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [mm] userfaultfd: hugetlbfs: remove superfluous page unlock in
VM_SHARED case (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754}
- [mm] fix bad rss-counter if remap_file_pages raced migration (Josh
Poimboeuf) [1519800 1519801] {CVE-2017-5754}

ELSA-2018-0008 Important: Oracle Linux 6 kernel security update

Oracle Linux Security Advisory ELSA-2018-0008

http://linux.oracle.com/errata/ELSA-2018-0008.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
kernel-2.6.32-696.18.7.el6.i686.rpm
kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm
kernel-debug-2.6.32-696.18.7.el6.i686.rpm
kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm
kernel-devel-2.6.32-696.18.7.el6.i686.rpm
kernel-doc-2.6.32-696.18.7.el6.noarch.rpm
kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm
kernel-headers-2.6.32-696.18.7.el6.i686.rpm
perf-2.6.32-696.18.7.el6.i686.rpm

x86_64:
kernel-2.6.32-696.18.7.el6.x86_64.rpm
kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm
kernel-debug-2.6.32-696.18.7.el6.x86_64.rpm
kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm
kernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm
kernel-devel-2.6.32-696.18.7.el6.x86_64.rpm
kernel-doc-2.6.32-696.18.7.el6.noarch.rpm
kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm
kernel-headers-2.6.32-696.18.7.el6.x86_64.rpm
perf-2.6.32-696.18.7.el6.x86_64.rpm
python-perf-2.6.32-696.18.7.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-2.6.32-696.18.7.el6.src.rpm



Description of changes:

[2.6.32-696.18.7.el6.OL6]
- Update genkey [bug 25599697]

[2.6.32-696.18.7.el6]
- [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas
functional (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: enable IBRS and stuff_RSB before calling NMI C code
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: skip CAP_SYS_PTRACE check to skip audit (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: disable ibrs while in intel_idle() (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: skip IBRS/CR3 restore when paranoid exception returns
to userland (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- Revert "x86/entry: Use retpoline for syscall's indirect calls" (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm/dump_pagetables: Allow dumping current pagetables (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/dump_pagetables: Add a pgd argument to walk_pgd_level()
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/dump_pagetables: Add page table directory (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] entry: Remove unneeded nmi_userspace code (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] entry: Fix nmi exit code with CONFIG_TRACE_IRQFLAGS (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED
per-cpu section (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: Clear kdump pgd page to prevent incorrect behavior
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: consider the init_mm.pgd a kaiser pgd (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: convert userland visible "kpti" name to "pti" (Waiman
Long) [1519799 1519802] {CVE-2017-5754}

[2.6.32-696.18.6.el6]
- [x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm/kaiser: __load_cr3 in resume from RAM after kernel %gs has
been restored (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm/kaiser: Revert the __GFP_COMP flag change (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] entry: Fix paranoid_exit() trampoline clobber (Waiman Long)
[1519799 1519802] {CVE-2017-5754}

[2.6.32-696.18.5.el6]
- [x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and
IBPB_SUPPORT are missing (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: Documentation spec_ctrl.txt (Waiman Long) [1519797
1519796] {CVE-2017-5715}
- [x86] spec_ctrl: remove irqs_disabled() check from intel_idle()
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: undo speculation barrier for ibrs_enabled and
noibrs_cmdline (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: use IBRS_ENABLED instead of 1 (Waiman Long) [1519797
1519796] {CVE-2017-5715}
- [x86] spec_ctrl: allow the IBP disable feature to be toggled at
runtime (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: always initialize save_reg in
ENABLE_IBRS_SAVE_AND_CLOBBER (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: ibrs_enabled() is expected to return > 1 (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: CLEAR_EXTRA_REGS and extra regs save/restore (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] syscall: Clear unused extra registers on syscall (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] entry: Add back STUFF_RSB to interrupt and error paths (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm/kaiser: make is_kaiser_pgd reliable (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm/kaiser: disable global pages by default with KAISER (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] revert: mm/kaiser: Disable global pages by default with KAISER
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] kaiser/mm: fix pgd freeing in error path (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] entry: Fix 32-bit program crash with 64-bit kernel on AMD boxes
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: add noibrs noibpb boot options (Waiman Long) [1519797
1519796] {CVE-2017-5715}
- [x86] entry: Use retpoline for syscall's indirect calls (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] syscall: Clear unused extra registers on 32-bit compatible
syscall entrance (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: rescan cpuid after a late microcode update (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: consolidate the spec control boot detection (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] Remove __cpuinitdata from some data & function (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: move stuff_RSB in spec_ctrl.h (Waiman Long) [1519797
1519796] {CVE-2017-5715}
- [x86] entry: Remove STUFF_RSB in error and interrupt code (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] entry: Stuff RSB for entry to kernel for non-SMEP platform
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm: Only set IBPB when the new thread cannot ptrace (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm: Set IBPB upon context switch (Waiman Long) [1519797 1519796]
{CVE-2017-5715}
- [x86] idle: Disable IBRS when offlining cpu and re-enable (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] idle: Disable IBRS entering idle and enable it on wakeup (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: implement spec ctrl C methods (Waiman Long) [1519797
1519796] {CVE-2017-5715}
- [x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] enter: Use IBRS on syscall and interrupts (Waiman Long) [1519797
1519796] {CVE-2017-5715}
- [x86] spec_ctrl: swap rdx with rsi for nmi nesting detection (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: spec_ctrl_pcp and kaiser_enabled_pcp in same cachline
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and
ibrs (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] enter: MACROS to set/clear IBRS and set IBPB (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [kvm] x86: add SPEC_CTRL to MSR and CPUID lists (Waiman Long) [1519797
1519796] {CVE-2017-5715}
- [kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] svm: Set IBPB when running a different VCPU (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [kvm] vmx: Set IBPB when running a different VCPU (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [kvm] x86: clear registers on VM exit (Waiman Long) [1519797 1519796]
{CVE-2017-5715}
- [x86] [kvm] Pad RSB on VM transition (Waiman Long) [1519797 1519796]
{CVE-2017-5715}
- [security] Add SPEC_CTRL Kconfig option (Waiman Long) [1519797
1519796] {CVE-2017-5715}
- [x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not
available (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] feature: Report presence of IBPB and IBRS control (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] feature: Enable the x86 feature to control Speculation (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] cpuid: Provide get_scattered_cpuid_leaf() (Waiman Long) [1519797
1519796] {CVE-2017-5715}
- [x86] cpuid: Cleanup cpuid_regs definitions (Waiman Long) [1519797
1519796] {CVE-2017-5715}
- [x86] microcode: Share native MSR accessing variants (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] nop: Make the ASM_NOP* macros work from assembly (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] cpu: Clean up and unify the NOP selection infrastructure (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] entry: Further simplify the paranoid_exit code (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] entry: Remove trampoline check from paranoid entry path (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Don't switch to trampoline stack in paranoid_exit (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Simplify trampoline stack restore code (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [misc] locking/barriers: prevent speculative execution based on
Coverity scan results (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [fs] udf: prevent speculative execution (Waiman Long) [1519787
1519789] {CVE-2017-5753}
- [fs] prevent speculative execution (Waiman Long) [1519787 1519789]
{CVE-2017-5753}
- [scsi] qla2xxx: prevent speculative execution (Waiman Long) [1519787
1519789] {CVE-2017-5753}
- [netdrv] p54: prevent speculative execution (Waiman Long) [1519787
1519789] {CVE-2017-5753}
- [netdrv] carl9170: prevent speculative execution (Waiman Long)
[1519787 1519789] {CVE-2017-5753}
- [media] uvcvideo: prevent speculative execution (Waiman Long) [1519787
1519789] {CVE-2017-5753}
- [x86] cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
(Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [x86] cpu/AMD: Make the LFENCE instruction serialized (Waiman Long)
[1519787 1519789] {CVE-2017-5753}
- [kernel] locking/barriers: introduce new memory barrier gmb() (Waiman
Long) [1519787 1519789] {CVE-2017-5753}
- [x86] Fix typo preventing msr_set/clear_bit from having an effect
(Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [x86] Add another set of MSR accessor functions (Waiman Long) [1519787
1519789] {CVE-2017-5753}
- [x86] mm/kaiser: Replace kaiser with kpti to sync with upstream
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map the trace idt tables in userland shadow pgd
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add "kaiser" and "nokaiser" boot options (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] kaiser/mm: fix RESTORE_CR3 crash in kaiser_stop_machine (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use stop_machine for enable/disable knob (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] kaiser/mm: use atomic ops to poison/unpoison user pagetables
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use two PCID ASIDs optimize the TLB during enter/exit
kernel (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: stop patching flush_tlb_single (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm: If INVPCID is available, use it to flush global mappings
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use PCID feature to make user and kernel switches
faster (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/64: Initialize CR4.PCIDE early (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm: Add a 'noinvpcid' boot option to turn off INVPCID (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm: Add the 'nopcid' boot option to turn off PCID (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: validate trampoline stack (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] entry: Move SYSENTER_stack to the beginning of struct tss_struct
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: isolate the user mapped per cpu areas (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: selective boot time defaults (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm/kaiser/xen: Dynamically disable KAISER when running under Xen
PV (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add Kconfig (Waiman Long) [1519799 1519802]
{CVE-2017-5754}
- [x86] mm/kaiser: avoid false positives during non-kaiser pgd updates
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: Respect disabled CPU features (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] kaiser/mm: trampoline stack comments (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm/kaiser: stack trampoline (Waiman Long) [1519799 1519802]
{CVE-2017-5754}
- [x86] mm/kaiser: re-enable vsyscalls (Waiman Long) [1519799 1519802]
{CVE-2017-5754}
- [x86] mm/kaiser: allow to build KAISER with KASRL (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: allow KAISER to be enabled/disabled at runtime
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: un-poison PGDs at runtime (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add a function to check for KAISER being enabled
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add debugfs file to turn KAISER on/off at runtime
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: disable native VSYSCALL (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map virtually-addressed performance monitoring
buffers (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add kprobes text section (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map trace interrupt entry (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map entry stack per-cpu areas (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map dynamically-allocated LDTs (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm/kaiser: make sure static PGDs are 8k in size (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: allow NX poison to be set in p4d/pgd (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: unmap kernel from userspace page tables (core patch)
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: mark per-cpu data structures required for entry/exit
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: introduce user-mapped per-cpu areas (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add cr3 switches to entry code (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm/kaiser: remove scratch registers (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm/kaiser: prepare assembly for entry/exit CR3 switching (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: Disable global pages by default with KAISER (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm: Document X86_CR4_PGE toggling behavior (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] mm/tlb: Make CR4-based TLB flushes more robust (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] mm: Do not set _PAGE_USER for init_mm page tables (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] increase robusteness of bad_iret fixup handler (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] mm: Check if PUD is large when validating a kernel address
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] Separate out entry text section (Waiman Long) [1519799 1519802]
{CVE-2017-5754}
- [include] linux/const.h: Add _BITUL() and _BITULL() (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [include] linux/mmdebug.h: add VM_WARN_ON() and VM_WARN_ON_ONCE()
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [include] stddef.h: Move offsetofend() from vfio.h to a generic kernel
header (Waiman Long) [1519799 1519802] {CVE-2017-5754}

[2.6.32-696.18.1.el6]
- [s390] s390/qdio: clear DSCI prior to scanning multiple input queues
(Hendrik Brueckner) [1513314 1467962]
- [net] sctp: do not loose window information if in rwnd_over (Marcelo
Leitner) [1514443 1492220]
- [net] sctp: fix recovering from 0 win with small data chunks (Marcelo
Leitner) [1514443 1492220]
- [s390] zfcp: fix erp_action use-before-initialize in REC action trace
(Hendrik Brueckner) [1512425 1497000]
- [hv] vmbus: Fix error code returned by vmbus_post_msg() (Vitaly
Kuznetsov) [1506145 1491846]
- [hv] vmbus: Increase the time between retries in vmbus_post_msg()
(Vitaly Kuznetsov) [1506145 1491846]
- [hv] vmbus: Raise retry/wait limits in vmbus_post_msg() (Vitaly
Kuznetsov) [1506145 1491846]
- [hv] vmbus: Reduce the delay between retries in vmbus_post_msg()
(Vitaly Kuznetsov) [1506145 1491846]
- [scsi] be2iscsi: fix bad extern declaration (Maurizio Lombardi)
[1507512 1497152]
- [kernel] mqueue: fix a use-after-free in sys_mq_notify() (Davide
Caratti) [1476122 1476124] {CVE-2017-11176}
- [net] ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()
(Matteo Croce) [1477008 1477006] {CVE-2017-7542}
- [net] ipv6: avoid overflow of offset in ip6_find_1stfragopt (Matteo
Croce) [1477008 1477006] {CVE-2017-7542}
- [net] ipv6: Fix leak in ipv6_gso_segment() (Sabrina Dubroca) [1502417
1459951] {CVE-2017-9074}
- [net] gre: fix a possible skb leak (Sabrina Dubroca) [1502417 1459951]
{CVE-2017-9074}
- [net] ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt()
(Sabrina Dubroca) [1502417 1459951] {CVE-2017-9074}
- [net] ipv6: Check ip6_find_1stfragopt() return value properly (Sabrina
Dubroca) [1502417 1459951] {CVE-2017-9074}
- [net] ipv6: Prevent overrun when parsing v6 header options (Sabrina
Dubroca) [1502417 1459951] {CVE-2017-9074}

[2.6.32-696.17.1.el6]
- [fs] nfsd: reorder nfsd_cache_match to check more powerful
discriminators first (Thiago Becker) [1509876 1435787]
- [fs] nfsd: split DRC global spinlock into per-bucket locks (Thiago
Becker) [1509876 1435787]
- [fs] nfsd: convert num_drc_entries to an atomic_t (Thiago Becker)
[1509876 1435787]
- [fs] nfsd: remove the cache_hash list (Thiago Becker) [1509876 1435787]
- [fs] nfsd: convert the lru list into a per-bucket thing (Thiago
Becker) [1509876 1435787]
- [fs] nfsd: clean up drc cache in preparation for global spinlock
elimination (Thiago Becker) [1509876 1435787]

ELSA-2018-0012 Important: Oracle Linux 7 microcode_ctl security update

Oracle Linux Security Advisory ELSA-2018-0012

http://linux.oracle.com/errata/ELSA-2018-0012.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
microcode_ctl-2.1-22.2.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/microcode_ctl-2.1-22.2.el7.src.rpm



Description of changes:

[2.1-22.2]
- Update Intel CPU microde for 06-3f-02, 06-4f-01, and 06-55-04
- Resolves: #1527358

[2.1-22.1]
- Update to upstream 2.1-13. Intel CPU microcode update to 20170707.
- Resolves: #1474844


ELSA-2018-0013 Important: Oracle Linux 6 microcode_ctl security update

Oracle Linux Security Advisory ELSA-2018-0013

http://linux.oracle.com/errata/ELSA-2018-0013.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
microcode_ctl-1.17-25.2.el6_9.i686.rpm

x86_64:
microcode_ctl-1.17-25.2.el6_9.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/microcode_ctl-1.17-25.2.el6_9.src.rpm



Description of changes:

[1:1.17-25.2]
- Update Intel CPU microde for 06-3f-02, 06-4f-01, and 06-55-04
- Add amd microcode_amd_fam17h.bin data file
- Resolves: #1527357

[1:1.17-25.1]
- Update microcode data file to 20170707 revision.
- Resolves: #1465143