The following updates has been released for Oracle Linux:
ELBA-2018-4243 Oracle Linux 7 cups-filters bug fix update
ELSA-2018-4242 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2018-4242 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)
ELSA-2018-4244 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2018-4244 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2018-4245 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2018-4245 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELBA-2018-4243 Oracle Linux 7 cups-filters bug fix update
ELSA-2018-4242 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2018-4242 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)
ELSA-2018-4244 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2018-4244 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2018-4245 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2018-4245 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELBA-2018-4243 Oracle Linux 7 cups-filters bug fix update
Oracle Linux Bug Fix Advisory ELBA-2018-4243
http://linux.oracle.com/errata/ELBA-2018-4243.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
cups-filters-1.0.35-22.0.1.el7.x86_64.rpm
cups-filters-libs-1.0.35-22.0.1.el7.i686.rpm
cups-filters-libs-1.0.35-22.0.1.el7.x86_64.rpm
cups-filters-devel-1.0.35-22.0.1.el7.i686.rpm
cups-filters-devel-1.0.35-22.0.1.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/cups-filters-1.0.35-22.0.1.el7.src.rpm
Description of changes:
[1.0.35-22.0.1]
- 28265099 - header/footer not being printed in banner page
ELSA-2018-4242 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2018-4242
http://linux.oracle.com/errata/ELSA-2018-4242.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-4.14.35-1818.3.3.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-1818.3.3.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-1818.3.3.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-1818.3.3.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-1818.3.3.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-1818.3.3.el7uek.noarch.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1818.3.3.el7uek.src.rpm
Description of changes:
[4.14.35-1818.3.3.el7uek]
- net: net_failover: fix typo in net_failover_slave_register() (Liran
Alon) [Orabug: 28122110]
- virtio_net: Extend virtio to use VF datapath when available (Sridhar
Samudrala) [Orabug: 28122110]
- virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit (Sridhar
Samudrala) [Orabug: 28122110]
- net: Introduce net_failover driver (Sridhar Samudrala) [Orabug:
28122110]
- net: Introduce generic failover module (Sridhar Samudrala) [Orabug:
28122110]
- IB/ipoib: Improve filtering log message (Yuval Shaia) [Orabug: 28655435]
- IB/ipoib: Fix wrong update of arp_blocked counter (Yuval Shaia)
[Orabug: 28655435]
- IB/ipoib: Update RX counters after ACL filtering (Yuval Shaia)
[Orabug: 28655435]
- IB/ipoib: Filter RX packets before adding pseudo header (Yuval Shaia)
[Orabug: 28655435]
- dm crypt: add middle-endian variant of plain64 IV (Konrad Rzeszutek
Wilk) [Orabug: 28604629]
- uek-rpm: Disable deprecated CONFIG_ACPI_PROCFS_POWER (Victor
Erminpour) [Orabug: 28644322]
- net/rds: Fix call to sleeping function in a non-sleeping context
(Håkon Bugge) [Orabug: 28657397]
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott
Bauer) [Orabug: 28664499] {CVE-2018-16658}
- ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
(Seunghun Han) [Orabug: 28664576] {CVE-2017-13695}
- usb: xhci: do not create and register shared_hcd when USB3.0 is
disabled (Tung Nguyen) [Orabug: 28677854]
ELSA-2018-4242 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)
Oracle Linux Security Advisory ELSA-2018-4242
http://linux.oracle.com/errata/ELSA-2018-4242.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
aarch64:
kernel-uek-4.14.35-1818.3.3.el7uek.aarch64.rpm
kernel-uek-debug-4.14.35-1818.3.3.el7uek.aarch64.rpm
kernel-uek-debug-devel-4.14.35-1818.3.3.el7uek.aarch64.rpm
kernel-uek-devel-4.14.35-1818.3.3.el7uek.aarch64.rpm
kernel-uek-tools-4.14.35-1818.3.3.el7uek.aarch64.rpm
kernel-uek-tools-libs-4.14.35-1818.3.3.el7uek.aarch64.rpm
kernel-uek-tools-libs-devel-4.14.35-1818.3.3.el7uek.aarch64.rpm
perf-4.14.35-1818.3.3.el7uek.aarch64.rpm
python-perf-4.14.35-1818.3.3.el7uek.aarch64.rpm
kernel-uek-headers-4.14.35-1818.3.3.el7uek.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1818.3.3.el7uek.src.rpm
Description of changes:
[4.14.35-1818.3.3.el7uek]
- net: net_failover: fix typo in net_failover_slave_register() (Liran
Alon) [Orabug: 28122110]
- virtio_net: Extend virtio to use VF datapath when available (Sridhar
Samudrala) [Orabug: 28122110]
- virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit (Sridhar
Samudrala) [Orabug: 28122110]
- net: Introduce net_failover driver (Sridhar Samudrala) [Orabug:
28122110]
- net: Introduce generic failover module (Sridhar Samudrala) [Orabug:
28122110]
- IB/ipoib: Improve filtering log message (Yuval Shaia) [Orabug: 28655435]
- IB/ipoib: Fix wrong update of arp_blocked counter (Yuval Shaia)
[Orabug: 28655435]
- IB/ipoib: Update RX counters after ACL filtering (Yuval Shaia)
[Orabug: 28655435]
- IB/ipoib: Filter RX packets before adding pseudo header (Yuval Shaia)
[Orabug: 28655435]
- dm crypt: add middle-endian variant of plain64 IV (Konrad Rzeszutek
Wilk) [Orabug: 28604629]
- uek-rpm: Disable deprecated CONFIG_ACPI_PROCFS_POWER (Victor
Erminpour) [Orabug: 28644322]
- net/rds: Fix call to sleeping function in a non-sleeping context
(Håkon Bugge) [Orabug: 28657397]
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott
Bauer) [Orabug: 28664499] {CVE-2018-16658}
- ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
(Seunghun Han) [Orabug: 28664576] {CVE-2017-13695}
- usb: xhci: do not create and register shared_hcd when USB3.0 is
disabled (Tung Nguyen) [Orabug: 28677854]
ELSA-2018-4244 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2018-4244
http://linux.oracle.com/errata/ELSA-2018-4244.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-doc-4.1.12-124.20.1.el6uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.20.1.el6uek.noarch.rpm
kernel-uek-4.1.12-124.20.1.el6uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.20.1.el6uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.20.1.el6uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.20.1.el6uek.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-4.1.12-124.20.1.el6uek.src.rpm
Description of changes:
[4.1.12-124.20.1.el6uek]
- bnxt_en: xdp: don't make drivers report attachment mode (partial
backport) (Somasundaram Krishnasamy) [Orabug: 27988326]
- bpf: make bnxt compatible w/ bpf_xdp_adjust_tail (Nikita V. Shirokov)
[Orabug: 27988326]
- bnxt_en: add meta pointer for direct access (partial backport)
(Somasundaram Krishnasamy) [Orabug: 27988326]
- bnxt_en: Fix bug in ethtool -L. (Michael Chan) [Orabug: 27988326]
- bpf: bnxt: Report bpf_prog ID during XDP_QUERY_PROG (Martin KaFai Lau)
[Orabug: 27988326]
- bnxt_en: Optimize doorbell write operations for newer chips (reapply).
(Michael Chan) [Orabug: 27988326]
- bnxt_en: Use short TX BDs for the XDP TX ring. (Michael Chan)
[Orabug: 27988326]
- bnxt_en: Add ethtool mac loopback self test (reapply). (Michael Chan)
[Orabug: 27988326]
- bnxt_en: Add support for XDP_TX action. (Michael Chan) [Orabug:
27988326]
- bnxt_en: Add basic XDP support. (Michael Chan) [Orabug: 27988326]
- x86/ia32: Restore r8 correctly in 32bit SYSCALL instruction entry.
(Gayatri Vasudevan) [Orabug: 28529706]
- net: enable RPS on vlan devices (Shannon Nelson) [Orabug: 28645929]
- xen-blkback: hold write vbd-lock while swapping the vbd (Ankur Arora)
[Orabug: 28651655]
- xen-blkback: implement swapping of active vbd (Ankur Arora) [Orabug:
28651655]
- xen-blkback: emit active physical device to xenstore (Ankur Arora)
[Orabug: 28651655]
- xen-blkback: refactor backend_changed() (Ankur Arora) [Orabug: 28651655]
- xen-blkback: pull out blkif grant features from vbd (Ankur Arora)
[Orabug: 28651655]
- mm: get rid of vmacache_flush_all() entirely (Linus Torvalds)
[Orabug: 28701016] {CVE-2018-17182}
[4.1.12-124.19.9.el6uek]
- rds: crash at rds_ib_inc_copy_to_user+104 due to NULL ptr reference
(Venkat Venkatsubra) [Orabug: 28506569]
[4.1.12-124.19.8.el6uek]
- IB/core: For multicast functions, verify that LIDs are multicast LIDs
(Michael J. Ruhl) [Orabug: 28700490]
ELSA-2018-4244 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2018-4244
http://linux.oracle.com/errata/ELSA-2018-4244.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-doc-4.1.12-124.20.1.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.20.1.el7uek.noarch.rpm
kernel-uek-4.1.12-124.20.1.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.20.1.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.20.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.20.1.el7uek.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.1.12-124.20.1.el7uek.src.rpm
Description of changes:
[4.1.12-124.20.1.el7uek]
- bnxt_en: xdp: don't make drivers report attachment mode (partial
backport) (Somasundaram Krishnasamy) [Orabug: 27988326]
- bpf: make bnxt compatible w/ bpf_xdp_adjust_tail (Nikita V. Shirokov)
[Orabug: 27988326]
- bnxt_en: add meta pointer for direct access (partial backport)
(Somasundaram Krishnasamy) [Orabug: 27988326]
- bnxt_en: Fix bug in ethtool -L. (Michael Chan) [Orabug: 27988326]
- bpf: bnxt: Report bpf_prog ID during XDP_QUERY_PROG (Martin KaFai Lau)
[Orabug: 27988326]
- bnxt_en: Optimize doorbell write operations for newer chips (reapply).
(Michael Chan) [Orabug: 27988326]
- bnxt_en: Use short TX BDs for the XDP TX ring. (Michael Chan)
[Orabug: 27988326]
- bnxt_en: Add ethtool mac loopback self test (reapply). (Michael Chan)
[Orabug: 27988326]
- bnxt_en: Add support for XDP_TX action. (Michael Chan) [Orabug:
27988326]
- bnxt_en: Add basic XDP support. (Michael Chan) [Orabug: 27988326]
- x86/ia32: Restore r8 correctly in 32bit SYSCALL instruction entry.
(Gayatri Vasudevan) [Orabug: 28529706]
- net: enable RPS on vlan devices (Shannon Nelson) [Orabug: 28645929]
- xen-blkback: hold write vbd-lock while swapping the vbd (Ankur Arora)
[Orabug: 28651655]
- xen-blkback: implement swapping of active vbd (Ankur Arora) [Orabug:
28651655]
- xen-blkback: emit active physical device to xenstore (Ankur Arora)
[Orabug: 28651655]
- xen-blkback: refactor backend_changed() (Ankur Arora) [Orabug: 28651655]
- xen-blkback: pull out blkif grant features from vbd (Ankur Arora)
[Orabug: 28651655]
- mm: get rid of vmacache_flush_all() entirely (Linus Torvalds)
[Orabug: 28701016] {CVE-2018-17182}
[4.1.12-124.19.9.el7uek]
- rds: crash at rds_ib_inc_copy_to_user+104 due to NULL ptr reference
(Venkat Venkatsubra) [Orabug: 28506569]
[4.1.12-124.19.8.el7uek]
- IB/core: For multicast functions, verify that LIDs are multicast LIDs
(Michael J. Ruhl) [Orabug: 28700490]
ELSA-2018-4245 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2018-4245
http://linux.oracle.com/errata/ELSA-2018-4245.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-firmware-3.8.13-118.25.1.el6uek.noarch.rpm
kernel-uek-doc-3.8.13-118.25.1.el6uek.noarch.rpm
kernel-uek-3.8.13-118.25.1.el6uek.x86_64.rpm
kernel-uek-devel-3.8.13-118.25.1.el6uek.x86_64.rpm
kernel-uek-debug-devel-3.8.13-118.25.1.el6uek.x86_64.rpm
kernel-uek-debug-3.8.13-118.25.1.el6uek.x86_64.rpm
dtrace-modules-3.8.13-118.25.1.el6uek-0.4.5-3.el6.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-3.8.13-118.25.1.el6uek.src.rpm
http://oss.oracle.com/ol6/SRPMS-updates/dtrace-modules-3.8.13-118.25.1.el6uek-0.4.5-3.el6.src.rpm
Description of changes:
kernel-uek
[3.8.13-118.25.1.el6uek]
- x86/spectre_v2: Don't check microcode versions when running under
hypervisors (Konrad Rzeszutek Wilk) [Orabug: 27959785]
- rds: CVE-2018-7492: Fix NULL pointer dereference in __rds_rdma_map
(Håkon Bugge) [Orabug: 28552792] {CVE-2018-7492}
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott
Bauer) [Orabug: 28664530] {CVE-2018-16658}
- ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
(Seunghun Han) [Orabug: 28664579] {CVE-2017-13695}
- uek-rpm: Disable deprecated CONFIG_ACPI_PROCFS_POWER (Victor
Erminpour) [Orabug: 28680238]
- exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook) [Orabug:
28710010] {CVE-2018-14634}
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
(Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil
Babka) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil
Babka) [Orabug: 28505476] {CVE-2018-3620}
- mm, fremap: mitigate L1TF in remap_file_pages (Daniel Jordan)
[Orabug: 28505476] {CVE-2018-3620}
- x86/speculation: Don't mark cpu_no_l1tf __initconst (Boris Ostrovsky)
[Orabug: 28505476] {CVE-2018-3620}
- x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen)
[Orabug: 28505476] {CVE-2018-3620}
- x86/mm/pat: Make set_memory_np() L1TF safe (Andi Kleen) [Orabug:
28505476] {CVE-2018-3620}
- x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (Matt
Fleming) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen)
[Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean
Christopherson) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Invert all not present mappings (Andi Kleen)
[Orabug: 28505476] {CVE-2018-3620}
- x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad
Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Kleen)
[Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE
mappings (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- mm/pagewalk.c: prevent positive return value of walk_page_test() from
being passed to callers (Naoya Horiguchi) [Orabug: 28505476]
{CVE-2018-3620}
- pagewalk: improve vma handling (Naoya Horiguchi) [Orabug: 28505476]
{CVE-2018-3620}
- mm/pagewalk: remove pgd_entry() and pud_entry() (Naoya Horiguchi)
[Orabug: 28505476] {CVE-2018-3620}
- mm/pagewalk.c: fix walk_page_range() access of wrong PTEs (Chen LinX)
[Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Kleen)
[Orabug: 28505476] {CVE-2018-3620}
- x86/cpu/intel: Add Knights Mill to Intel family (Piotr Luc) [Orabug:
28505476] {CVE-2018-3620}
- x86/bugs: Concentrate bug reporting into a separate function (Konrad
Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/bugs: Concentrate bug detection into a separate function (Konrad
Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and
X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 28505476]
{CVE-2018-3620}
- x86/speculation/l1tf: Make sure the first page is always reserved
(Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal
Hocko) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi
Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Protect swap entries against L1TF (Linus
Torvalds) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Change order of offset/type in swap entry (Linus
Torvalds) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm: Fix swap entry comment and macro (Dave Hansen) [Orabug:
28505476] {CVE-2018-3620}
- x86/mm: Move swap offset/type up in PTE to work around erratum (Dave
Hansen) [Orabug: 28505476] {CVE-2018-3620}
- mm: x86 pgtable: drop unneeded preprocessor ifdef (Cyrill Gorcunov)
[Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi
Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm: Fix regression with huge pages on PAE (Kirill A. Shutemov)
[Orabug: 28505476] {CVE-2018-3620}
- x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Toshi Kani)
[Orabug: 28505476] {CVE-2018-3620}
- x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Toshi
Kani) [Orabug: 28505476] {CVE-2018-3620}
- x86/asm: Move PUD_PAGE macros to page_types.h (Toshi Kani) [Orabug:
28505476] {CVE-2018-3620}
- x86/speculation: sort X86_BUG_* with X86_FEATURE_* (Daniel Jordan)
[Orabug: 28505476] {CVE-2018-3620}
- Disable kaiser if the cpu is not vulnerable to X86_BUG_CPU_MELTDOWN
(Kanth Ghatraju) [Orabug: 27958074]
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to
Meltdown (David Woodhouse) [Orabug: 27958074]
- x86/msr: Add definitions for IA32_ARCH_CAPABILITIES MSR (Kanth
Ghatraju) [Orabug: 27958074]
- x86/cpufeatures: Add Intel feature bit for IA32_ARCH_CAPABILITIES
supported (Kanth Ghatraju) [Orabug: 27958074]
ELSA-2018-4245 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2018-4245
http://linux.oracle.com/errata/ELSA-2018-4245.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-firmware-3.8.13-118.25.1.el7uek.noarch.rpm
kernel-uek-doc-3.8.13-118.25.1.el7uek.noarch.rpm
kernel-uek-3.8.13-118.25.1.el7uek.x86_64.rpm
kernel-uek-devel-3.8.13-118.25.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-3.8.13-118.25.1.el7uek.x86_64.rpm
kernel-uek-debug-3.8.13-118.25.1.el7uek.x86_64.rpm
dtrace-modules-3.8.13-118.25.1.el7uek-0.4.5-3.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-3.8.13-118.25.1.el7uek.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/dtrace-modules-3.8.13-118.25.1.el7uek-0.4.5-3.el7.src.rpm
Description of changes:
kernel-uek
[3.8.13-118.25.1.el7uek]
- x86/spectre_v2: Don't check microcode versions when running under
hypervisors (Konrad Rzeszutek Wilk) [Orabug: 27959785]
- rds: CVE-2018-7492: Fix NULL pointer dereference in __rds_rdma_map
(Håkon Bugge) [Orabug: 28552792] {CVE-2018-7492}
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott
Bauer) [Orabug: 28664530] {CVE-2018-16658}
- ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
(Seunghun Han) [Orabug: 28664579] {CVE-2017-13695}
- uek-rpm: Disable deprecated CONFIG_ACPI_PROCFS_POWER (Victor
Erminpour) [Orabug: 28680238]
- exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook) [Orabug:
28710010] {CVE-2018-14634}
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
(Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil
Babka) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil
Babka) [Orabug: 28505476] {CVE-2018-3620}
- mm, fremap: mitigate L1TF in remap_file_pages (Daniel Jordan)
[Orabug: 28505476] {CVE-2018-3620}
- x86/speculation: Don't mark cpu_no_l1tf __initconst (Boris Ostrovsky)
[Orabug: 28505476] {CVE-2018-3620}
- x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen)
[Orabug: 28505476] {CVE-2018-3620}
- x86/mm/pat: Make set_memory_np() L1TF safe (Andi Kleen) [Orabug:
28505476] {CVE-2018-3620}
- x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (Matt
Fleming) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen)
[Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean
Christopherson) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Invert all not present mappings (Andi Kleen)
[Orabug: 28505476] {CVE-2018-3620}
- x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad
Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Kleen)
[Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE
mappings (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- mm/pagewalk.c: prevent positive return value of walk_page_test() from
being passed to callers (Naoya Horiguchi) [Orabug: 28505476]
{CVE-2018-3620}
- pagewalk: improve vma handling (Naoya Horiguchi) [Orabug: 28505476]
{CVE-2018-3620}
- mm/pagewalk: remove pgd_entry() and pud_entry() (Naoya Horiguchi)
[Orabug: 28505476] {CVE-2018-3620}
- mm/pagewalk.c: fix walk_page_range() access of wrong PTEs (Chen LinX)
[Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Kleen)
[Orabug: 28505476] {CVE-2018-3620}
- x86/cpu/intel: Add Knights Mill to Intel family (Piotr Luc) [Orabug:
28505476] {CVE-2018-3620}
- x86/bugs: Concentrate bug reporting into a separate function (Konrad
Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/bugs: Concentrate bug detection into a separate function (Konrad
Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and
X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 28505476]
{CVE-2018-3620}
- x86/speculation/l1tf: Make sure the first page is always reserved
(Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal
Hocko) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi
Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Protect swap entries against L1TF (Linus
Torvalds) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Change order of offset/type in swap entry (Linus
Torvalds) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm: Fix swap entry comment and macro (Dave Hansen) [Orabug:
28505476] {CVE-2018-3620}
- x86/mm: Move swap offset/type up in PTE to work around erratum (Dave
Hansen) [Orabug: 28505476] {CVE-2018-3620}
- mm: x86 pgtable: drop unneeded preprocessor ifdef (Cyrill Gorcunov)
[Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi
Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm: Fix regression with huge pages on PAE (Kirill A. Shutemov)
[Orabug: 28505476] {CVE-2018-3620}
- x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Toshi Kani)
[Orabug: 28505476] {CVE-2018-3620}
- x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Toshi
Kani) [Orabug: 28505476] {CVE-2018-3620}
- x86/asm: Move PUD_PAGE macros to page_types.h (Toshi Kani) [Orabug:
28505476] {CVE-2018-3620}
- x86/speculation: sort X86_BUG_* with X86_FEATURE_* (Daniel Jordan)
[Orabug: 28505476] {CVE-2018-3620}
- Disable kaiser if the cpu is not vulnerable to X86_BUG_CPU_MELTDOWN
(Kanth Ghatraju) [Orabug: 27958074]
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to
Meltdown (David Woodhouse) [Orabug: 27958074]
- x86/msr: Add definitions for IA32_ARCH_CAPABILITIES MSR (Kanth
Ghatraju) [Orabug: 27958074]
- x86/cpufeatures: Add Intel feature bit for IA32_ARCH_CAPABILITIES
supported (Kanth Ghatraju) [Orabug: 27958074]