Oracle Linux 6266 Published by

The following updates has been released for Oracle Linux:

ELEA-2018-1580 Oracle Linux 6 microcode_ctl bug fix and enhancement update
New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2018-4109)



ELEA-2018-1580 Oracle Linux 6 microcode_ctl bug fix and enhancement update

Oracle Linux Enhancement Advisory ELEA-2018-1580

http://linux.oracle.com/errata/ELEA-2018-1580.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
microcode_ctl-1.17-25.6.0.1.el6_9.i686.rpm

x86_64:
microcode_ctl-1.17-25.6.0.1.el6_9.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/microcode_ctl-1.17-25.6.0.1.el6_9.src.rpm



Description of changes:

[1:1.17-25.6.0.1]
- Remove upstream disclaimer file. (todd.vierling@oracle.com)
- Update 106a5 (06-1a-05) to rev 0x1c. (todd.vierling@oracle.com)
- Update 206c2 (06-2c-02) to rev 0x1e. (todd.vierling@oracle.com)
- Update 206e6 (06-2e-06) to rev 0xc. (todd.vierling@oracle.com)
- Update 206f2 (06-2f-02) to rev 0x3a. (todd.vierling@oracle.com)
- Update 206d7 (06-2d-07) to rev 0x713. (todd.vierling@oracle.com)
- Update 306e4 (06-3e-04) to rev 0x42c. (todd.vierling@oracle.com)
- Update 306e7 (06-3e-07) to rev 0x713. (todd.vierling@oracle.com)
- Update 306f4 (06-3f-04) to rev 0x11. (todd.vierling@oracle.com)
- Enable early microcode load to allow updating Broadwell model 79
(todd.vierling@oracle.com)
- Make sure "modprobe microcode" is not executed on Broadwell model 79
(todd.vierling@oracle.com)
- Run dracut upon microcode update (todd.vierling@oracle.com)
- Update 306f2 (06-3f-02) to rev 0x3c. (todd.vierling@oracle.com)
- Update 406f1 (06-4f-01) to rev 0xb00002a. (todd.vierling@oracle.com)
- Update 50654 (06-55-04) to rev 0x2000043. (todd.vierling@oracle.com)
- Revert: early microcode load to allow updating Broadwell model 79
(keshav.sharma@oracle.com)
- Revert: Make sure "modprobe microcode" is not executed on Broadwell
model 79 (keshav.sharma@oracle.com)
- Revert: Run dracut upon microcode update (keshav.sharma@oracle.com)
- Revert updated Intel 20180108 microcode for CPUIDs: {CVE-2017-5715}
(keshav.sharma@oracle.com)
306c3 (06-3c-03 rev 0x23, Haswell);
306d4 (06-3d-04 rev 0x28, Broadwell);
306f2 (06-3f-02 rev 0x3b, Haswell);
306f4 (06-3f-04 rev 0x10, Haswell);
306e4 (06-3e-04 rev 0x42a, Ivy Bridge);
40651 (06-45-01 rev 0x21, Haswell);
40661 (06-46-01 rev 0x18, Haswell);
40671 (06-47-01 rev 0x1b, Broadwell);
406e3 (06-4e-03 rev 0xc2, Skylake);
406f1 (06-4f-01 rev 0xb000025, Broadwell);
50654 (06-55-04 rev 0x200003c, Skylake);
50662 (06-56-02 rev 0x14, Broadwell);
50663 (06-56-03 rev 0x7000011, Broadwell);
506e3 (06-5e-03 rev 0xc2, Skylake);
706a1 (06-7a-01 rev 0x22);
806e9 (06-8e-09 rev 0x80, Kaby Lake);
806ea (06-8e-0a rev 0x80);
906e9 (06-9e-09 rev 0x80, Kaby Lake)
906ea (06-9e-0a rev 0x80);
906eb (06-9e-0b rev 0x80)
- Enable early microcode load to allow updating Broadwell model 79
(todd.vierling@oracle.com)
- Make sure "modprobe microcode" is not executed on Broadwell model 79
(todd.vierling@oracle.com)
- Run dracut upon microcode update (todd.vierling@oracle.com)
- Add updated Intel 20180108 microcode for CPUIDs: {CVE-2017-5715}
(todd.vierling@oracle.com)
306c3 (06-3c-03 rev 0x23, Haswell);
306d4 (06-3d-04 rev 0x28, Broadwell);
306f2 (06-3f-02 rev 0x3b, Haswell);
306f4 (06-3f-04 rev 0x10, Haswell);
306e4 (06-3e-04 rev 0x42a, Ivy Bridge);
40651 (06-45-01 rev 0x21, Haswell);
40661 (06-46-01 rev 0x18, Haswell);
40671 (06-47-01 rev 0x1b, Broadwell);
406e3 (06-4e-03 rev 0xc2, Skylake);
406f1 (06-4f-01 rev 0xb000025, Broadwell);
50654 (06-55-04 rev 0x200003c, Skylake);
50662 (06-56-02 rev 0x14, Broadwell);
50663 (06-56-03 rev 0x7000011, Broadwell);
506e3 (06-5e-03 rev 0xc2, Skylake);
706a1 (06-7a-01 rev 0x22);
806e9 (06-8e-09 rev 0x80, Kaby Lake);
806ea (06-8e-0a rev 0x80);
906e9 (06-9e-09 rev 0x80, Kaby Lake)
906ea (06-9e-0a rev 0x80);
906eb (06-9e-0b rev 0x80)

[1:1.17-25.6]
- Update disclaimer text
- Resolves: #1575563

[1:1.17-25.5]
- Intel CPU microcode update to 20180425.
- Resolves: #1575563


New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2018-4109)

Synopsis: ELSA-2018-4109 can now be patched using Ksplice
CVEs: CVE-2017-15299 CVE-2017-16532 CVE-2017-16537 CVE-2017-17448 CVE-2017-17558 CVE-2018-1068 CVE-2018-1093 CVE-2018-5332

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4109.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR3 3.8.13 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2018-5332: Out-of-bounds write when sending messages through Reliable Datagram Sockets.

A missing check when sending messages through Reliable Datagram Sockets
could lead to an out-of-bounds write in the heap. A local attacker could
use this flaw to cause a denial-of-service.

Orabug: 27934073


* CVE-2017-15299: Denial-of-service in uninstantiated key configuration.

A failure to check whether or not a key is instantiated before
performing operations on it can result in a NULL pointer dereference,
leading to a kernel crash. A local user could use this flaw to cause a
denial-of-service.

Orabug: 27913332


* CVE-2017-17448: Unprivileged access to netlink namespace creation.

net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4
does not require the CAP_NET_ADMIN capability for new, get, and del
operations, which allows local users to bypass intended access
restrictions because the nfnl_cthelper_list data structure is shared
across all net namespaces.

Orabug: 27898167


* CVE-2017-17558: Buffer overrun in USB core via integer overflow.

Failing to sanitize the bNumInterfaces field in a USB device descriptor
could allow a malicious device to induce a buffer overrun, potentially
causing a denial-of-service.

Orabug: 27898074


* CVE-2018-1093: Denial-of-service in ext4 bitmap block validity check.

A failure to correctly validate bitmap information from an ext4
filesystem can result in an out-of-bounds read, leading to a Kernel
crash. A local user with the ability to mount an ext4 filesystem could
use this flaw to cause a denial-of-service.

Orabug: 27854376


* NULL pointer dereference when using bind system call on RDS over Infiniband socket.

A logic error when using bind system call on RDS over Infiniband
instance could lead to a NULL pointer dereference. A local attacker
could use this flaw to cause a denial-of-service.

Orabug: 27843171


* CVE-2018-1068: Privilege escalation in bridging interface.

Lack of userspace parameter sanitization in the 32-bit syscall interface
for bridging allows a user with limited privilege to write into kernel
memory. This flaw could be exploited to escalate privilege.

Orabug: 27774015


* CVE-2017-16532: NULL pointer dereference when running USB tests with a crafted USB device.

A missing check when running USB tests with a USB device exposing
invalid endpoints configuration could lead to a NULL pointer dereference.
A local attacker could use this flaw to cause a denial-of-service.

Orabug: 27602324


* Out-of-bounds access in GTCO CalComp/InterWrite USB tablet HID parsing.

A validation failure when parsing a HID report from a GTCO
CalComp/InterWrite USB tablet can result in an out-of-bounds memory
access. A user with physical access to a system could use this flaw to
cause undefined behaviour or potentially escalate privileges.

Orabug: 27215090


* CVE-2017-16537: NULL pointer dereference when registering SoundGraph iMON Receiver and Display driver.

A missing check when registering SoundGraph iMON Receiver and Display
driver could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.

Orabug: 27208380


* Improved fix to Spectre v2 hardening on context switch.

A missing NULL pointer check could result in a kernel crash when
removing a CPU from the system.

Orabug: 27699611


* IO stalls with FUSE filesystem lock contention.

Incorrect lock ordering in FUSE filesystems could result in a deadlock
and IO stalls or a system hang.

Orabug: 27760268


* Task hang in block device journalling layer fsync.

A transaction ID wraparound could cause a task hang when performing a
sync() operation on a filesystem using the JBD journalling layer under
IO load.

Orabug: 27842289

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.