Oracle Linux 6277 Published by

The following updates has been released for Oracle Linux:

ELBA-2018-2163 Oracle Linux 6 dhcp bug fix update
ELBA-2018-4160 Oracle Linux 7 Unbreakable Enterprise kernel bug fix update (aarch64)
ELSA-2018-2162 Important: Oracle Linux 6 qemu-kvm security update
ELSA-2018-2164 Important: Oracle Linux 6 kernel security and bug fix update
ELSA-2018-4161 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2018-4161 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2018-4164 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2018-4164 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update



ELBA-2018-2163 Oracle Linux 6 dhcp bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-2163

http://linux.oracle.com/errata/ELBA-2018-2163.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
dhclient-4.1.1-61.P1.0.1.el6_10.i686.rpm
dhcp-4.1.1-61.P1.0.1.el6_10.i686.rpm
dhcp-common-4.1.1-61.P1.0.1.el6_10.i686.rpm
dhcp-devel-4.1.1-61.P1.0.1.el6_10.i686.rpm

x86_64:
dhclient-4.1.1-61.P1.0.1.el6_10.x86_64.rpm
dhcp-4.1.1-61.P1.0.1.el6_10.x86_64.rpm
dhcp-common-4.1.1-61.P1.0.1.el6_10.x86_64.rpm
dhcp-devel-4.1.1-61.P1.0.1.el6_10.i686.rpm
dhcp-devel-4.1.1-61.P1.0.1.el6_10.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/dhcp-4.1.1-61.P1.0.1.el6_10.src.rpm



Description of changes:

[12:4.1.1-61.P1.0.1]
- Added oracle-errwarn-message.patch

[12:4.1.1-61.P1.el6_10]
- Resolves: #1595412 - Replace route in case of conflict

ELBA-2018-4160 Oracle Linux 7 Unbreakable Enterprise kernel bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-4160

http://linux.oracle.com/errata/ELBA-2018-4160.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
kernel-uek-4.14.35-1818.0.10.el7uek.aarch64.rpm
kernel-uek-debug-4.14.35-1818.0.10.el7uek.aarch64.rpm
kernel-uek-debug-devel-4.14.35-1818.0.10.el7uek.aarch64.rpm
kernel-uek-devel-4.14.35-1818.0.10.el7uek.aarch64.rpm
kernel-uek-headers-4.14.35-1818.0.10.el7uek.aarch64.rpm
kernel-uek-tools-4.14.35-1818.0.10.el7uek.aarch64.rpm
kernel-uek-tools-libs-4.14.35-1818.0.10.el7uek.aarch64.rpm
kernel-uek-tools-libs-devel-4.14.35-1818.0.10.el7uek.aarch64.rpm
perf-4.14.35-1818.0.10.el7uek.aarch64.rpm
python-perf-4.14.35-1818.0.10.el7uek.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1818.0.10.el7uek.src.rpm



Description of changes:

[4.14.35-1818.0.10.el7uek]
- RDMA/i40iw: Avoid panic when objects are being created and destroyed
(Andrew Boyer) [Orabug: 28002611]
- RDMA/i40iw: Avoid reference leaks when processing the AEQ (Andrew
Boyer) [Orabug: 28002611]
- RDMA/i40iw: Avoid panic when reading back the IRQ affinity hint
(Andrew Boyer) [Orabug: 28002611]
- ext4: fix bitmap position validation (Lukas Czerner) [Orabug: 28078155]
- rpi: MMC fails to find DMA channel and falls back to PIO (Vijay Kumar)
[Orabug: 28075064]
- rds: tcp: compute m_ack_seq as offset from ->write_seq (Sowmini
Varadhan) [Orabug: 28085194]
- RPI: Fix serial console for RPI 3B and B+ (Vijay Kumar) [Orabug:
28181668]
- IB/rdmaip: Fix bug in failover_group parsing (Håkon Bugge) [Orabug:
28198745]
- xhci: Fix USB3 NULL pointer dereference at logical disconnect.
(Mathias Nyman) [Orabug: 28171827]

ELSA-2018-2162 Important: Oracle Linux 6 qemu-kvm security update

Oracle Linux Security Advisory ELSA-2018-2162

http://linux.oracle.com/errata/ELSA-2018-2162.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
qemu-guest-agent-0.12.1.2-2.506.el6_10.1.i686.rpm

x86_64:
qemu-guest-agent-0.12.1.2-2.506.el6_10.1.x86_64.rpm
qemu-img-0.12.1.2-2.506.el6_10.1.x86_64.rpm
qemu-kvm-0.12.1.2-2.506.el6_10.1.x86_64.rpm
qemu-kvm-tools-0.12.1.2-2.506.el6_10.1.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/qemu-kvm-0.12.1.2-2.506.el6_10.1.src.rpm



Description of changes:

[0.12.1.2-2.506.el6_10.1]
- qemu-kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch
[bz#1574074]
- qemu-kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch
[bz#1574074]
- qemu-kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch
[bz#1574074]
- Resolves: bz#1574074
(CVE-2018-3639 qemu-kvm: hw: cpu: speculative store bypass [rhel-6.10.z])

[0.12.1.2-2.506.el6]
- kvm-vga-add-share_surface-flag.patch [bz#1553674]
- kvm-vga-add-sanity-checks.patch [bz#1553674]
- Resolves: bz#1553674
(CVE-2018-7858 qemu-kvm: Qemu: cirrus: OOB access when updating vga
display [rhel-6])

[0.12.1.2-2.505.el6]
- kvm-target-i386-add-support-for-SPEC_CTRL-MSR.patch [bz#1525939
bz#1528024]
- kvm-target-i386-cpu-add-new-CPUID-bits-for-indirect-bran.patch
[bz#1525939 bz#1528024]
- kvm-target-i386-cpu-add-new-CPU-models-for-indirect-bran.patch
[bz#1525939 bz#1528024]
- kvm-cirrus-fix-oob-access-in-mode4and5-write-functions.patch [bz#1501298]
- kvm-vga-stop-passing-pointers-to-vga_draw_line-functions.patch
[bz#1486641]
- kvm-vga-check-the-validation-of-memory-addr-when-draw-te.patch
[bz#1534692]
- Resolves: bz#1486641
(CVE-2017-13672 qemu-kvm-rhev: Qemu: vga: OOB read access during
display update [rhel-6.10])
- Resolves: bz#1501298
(CVE-2017-15289 qemu-kvm: Qemu: cirrus: OOB access issue in
mode4and5 write functions [rhel-6.10])
- Resolves: bz#1525939
(CVE-2017-5715 qemu-kvm: hw: cpu: speculative execution branch target
injection [rhel-6.10])
- Resolves: bz#1528024
(CVE-2017-5715 qemu-kvm-rhev: hw: cpu: speculative execution branch
target injection [rhel-6.10])
- Resolves: bz#1534692
(CVE-2018-5683 qemu-kvm: Qemu: Out-of-bounds read in vga_draw_text
routine [rhel-6.10])
- Resolves: bz#1549152
(qemu-kvm-rhev: remove unused patch file [rhel-6.10])

[0.12.1.2-2.504.el6]
- kvm-vns-tls-don-t-use-depricated-gnutls-functions.patch [bz#1428750]
- kvm-vnc-apply-display-size-limits.patch [bz#1430616 bz#1430617]
- kvm-fix-cirrus_vga-fix-OOB-read-case-qemu-Segmentation-f.patch
[bz#1443448 bz#1443450]
- kvm-cirrus-vnc-zap-bitblit-support-from-console-code.patch [bz#1443448
bz#1443450 bz#1447542 bz#1447545]
- kvm-cirrus-avoid-write-only-variables.patch [bz#1444378 bz#1444380]
- kvm-cirrus-stop-passing-around-dst-pointers-in-the-blitt.patch
[bz#1444378 bz#1444380]
- kvm-cirrus-stop-passing-around-src-pointers-in-the-blitt.patch
[bz#1444378 bz#1444380]
- kvm-cirrus-fix-off-by-one-in-cirrus_bitblt_rop_bkwd_tran.patch
[bz#1444378 bz#1444380]
- kvm-cirrus-fix-PUTPIXEL-macro.patch [bz#1444378 bz#1444380]
- Resolves: bz#1428750
(Fails to build in brew)
- Resolves: bz#1430616
(CVE-2017-2633 qemu-kvm: Qemu: VNC: memory corruption due to
unchecked resolution limit [rhel-6.10])
- Resolves: bz#1430617
(CVE-2017-2633 qemu-kvm-rhev: Qemu: VNC: memory corruption due to
unchecked resolution limit [rhel-6.10])
- Resolves: bz#1443448
(CVE-2017-7718 qemu-kvm: Qemu: display: cirrus: OOB read access issue
[rhel-6.10])
- Resolves: bz#1443450
(CVE-2017-7718 qemu-kvm-rhev: Qemu: display: cirrus: OOB read access
issue [rhel-6.10])
- Resolves: bz#1444378
(CVE-2017-7980 qemu-kvm: Qemu: display: cirrus: OOB r/w access issues
in bitblt routines [rhel-6.10])
- Resolves: bz#1444380
(CVE-2017-7980 qemu-kvm-rhev: Qemu: display: cirrus: OOB r/w access
issues in bitblt routines [rhel-6.10])
- Resolves: bz#1447542
(CVE-2016-9603 qemu-kvm: Qemu: cirrus: heap buffer overflow via vnc
connection [rhel-6.10])
- Resolves: bz#1447545
(CVE-2016-9603 qemu-kvm-rhev: Qemu: cirrus: heap buffer overflow via
vnc connection [rhel-6.10])

ELSA-2018-2164 Important: Oracle Linux 6 kernel security and bug fix update

Oracle Linux Security Advisory ELSA-2018-2164

http://linux.oracle.com/errata/ELSA-2018-2164.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
kernel-2.6.32-754.2.1.el6.i686.rpm
kernel-abi-whitelists-2.6.32-754.2.1.el6.noarch.rpm
kernel-debug-2.6.32-754.2.1.el6.i686.rpm
kernel-debug-devel-2.6.32-754.2.1.el6.i686.rpm
kernel-devel-2.6.32-754.2.1.el6.i686.rpm
kernel-doc-2.6.32-754.2.1.el6.noarch.rpm
kernel-firmware-2.6.32-754.2.1.el6.noarch.rpm
kernel-headers-2.6.32-754.2.1.el6.i686.rpm
perf-2.6.32-754.2.1.el6.i686.rpm
python-perf-2.6.32-754.2.1.el6.i686.rpm

x86_64:
kernel-2.6.32-754.2.1.el6.x86_64.rpm
kernel-abi-whitelists-2.6.32-754.2.1.el6.noarch.rpm
kernel-debug-2.6.32-754.2.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.2.1.el6.i686.rpm
kernel-debug-devel-2.6.32-754.2.1.el6.x86_64.rpm
kernel-devel-2.6.32-754.2.1.el6.x86_64.rpm
kernel-doc-2.6.32-754.2.1.el6.noarch.rpm
kernel-firmware-2.6.32-754.2.1.el6.noarch.rpm
kernel-headers-2.6.32-754.2.1.el6.x86_64.rpm
perf-2.6.32-754.2.1.el6.x86_64.rpm
python-perf-2.6.32-754.2.1.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-2.6.32-754.2.1.el6.src.rpm



Description of changes:

[2.6.32-754.2.1.el6.OL6]
- Update genkey [bug 25599697]

[2.6.32-754.2.1.el6]
- [x86] entry/64: Don't use IST entry for #BP stack (Waiman Long)
[1596113] {CVE-2018-10872}
- [fs] gfs2: Flush delayed work earlier in gfs2_inode_lookup (Andreas
Grunbacher) [1506281]
- [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto
Caringi) [1576757] {CVE-2018-10675}
- [mm] Fix NULL pointer dereference in dequeue_hwpoisoned_huge_page()
(Larry Woodman) [1381653]
- [fs] NFSv4.1: Fix up replays of interrupted requests (Benjamin
Coddington) [1553423]
- [fs] NFSv4.1: Simplify struct nfs4_sequence_args too (Benjamin
Coddington) [1553423]
- [fs] NFSv4.1: Label each entry in the session slot tables with its
slot number (Benjamin Coddington) [1553423]
- [fs] NFSv4.1: Shrink struct nfs4_sequence_res by moving the session
pointer (Benjamin Coddington) [1553423]
- [fs] NFSv4.1: nfs4_alloc_slots doesn't need zeroing (Benjamin
Coddington) [1553423]
- [fs] NFSv4.1: clean up nfs4_recall_slot to use nfs4_alloc_slots
(Benjamin Coddington) [1553423]
- [fs] NFSv4.1: Fix a NFSv4.1 session initialisation regression
(Benjamin Coddington) [1553423]
- [scsi] ipr: Fix sync scsi scan (Gustavo Duarte) [1572310]
- [scsi] ipr: Wait to do async scan until scsi host is initialized
(Gustavo Duarte) [1572310]

[2.6.32-754.1.1.el6]
- [x86] microcode: Fix CPU synchronization routine (Prarit Bhargava)
[1574592]
- [x86] microcode: Synchronize late microcode loading (Prarit Bhargava)
[1574592]
- [x86] microcode: Request microcode on the BSP (Prarit Bhargava) [1574592]
- [x86] microcode: Sanitize per-cpu microcode reloading interface
(Prarit Bhargava) [1574592]
- [x86] virt_spec_ctrl: Set correct host SSDB value for AMD (Waiman
Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Eliminate TIF_SSBD checks in IBRS on/off functions
(Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Disable SSBD update from scheduler if not user
settable (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Make ssbd_enabled writtable (Waiman Long) [1584356]
{CVE-2018-3639}
- [x86] spec_ctrl: Remove thread_info check in __wrmsr_on_cpu() (Waiman
Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Write per-thread SSBD state to spec_ctrl_pcp (Waiman
Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Add a read-only ssbd_enabled debugfs file (Waiman
Long) [1584356] {CVE-2018-3639}
- [x86] bugs: Switch the selection of mitigation from CPU vendor to CPU
features (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs: Add AMD's SPEC_CTRL MSR usage (Waiman Long) [1584356]
{CVE-2018-3639}
- [x86] bugs: Add AMD's variant of SSB_NO (Waiman Long) [1584356]
{CVE-2018-3639}
- [x86] bugs/intel: Set proper CPU features and setup RDS (Waiman Long)
[1584356] {CVE-2018-3639}
- [x86] KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES (Waiman Long)
[1584356] {CVE-2018-3639}
- [x86] KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD (Waiman
Long) [1584356] {CVE-2018-3639}
- [x86] speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
(Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs: Rework spec_ctrl base and mask logic (Waiman Long)
[1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Rework SPEC_CTRL update after late microcode loading
(Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Make sync_all_cpus_ibrs() write spec_ctrl_pcp value
(Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs: Unify x86_spec_ctrl_{set_guest, restore_host} (Waiman
Long) [1584356] {CVE-2018-3639}
- [x86] speculation: Rework speculative_store_bypass_update() (Waiman
Long) [1584356] {CVE-2018-3639}
- [x86] speculation: Add virtualized speculative store bypass disable
support (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL (Waiman
Long) [1584356] {CVE-2018-3639}
- [x86] KVM: Rename KVM SPEC_CTRL MSR functions to match upstream
(Waiman Long) [1584356] {CVE-2018-3639}
- [x86] speculation: Handle HT correctly on AMD (Waiman Long) [1584356]
{CVE-2018-3639}
- [x86] cpufeatures: Add FEATURE_ZEN (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] cpufeatures: Disentangle SSBD enumeration (Waiman Long)
[1584356] {CVE-2018-3639}
- [x86] cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
(Waiman Long) [1584356] {CVE-2018-3639}
- [x86] speculation: Use synthetic bits for IBRS/IBPB/STIBP (Waiman
Long) [1584356] {CVE-2018-3639}
- [x86] bugs: Fix missing void (Waiman Long) [1584356] {CVE-2018-3639}
- [documentation] spec_ctrl: Do some minor cleanups (Waiman Long)
[1584356] {CVE-2018-3639}
- [x86] speculation: Make "seccomp" the default mode for Speculative
Store Bypass (Waiman Long) [1584356] {CVE-2018-3639}
- [kernel] seccomp: Move speculation migitation control to arch code
(Waiman Long) [1584356] {CVE-2018-3639}
- [kernel] seccomp: Use PR_SPEC_FORCE_DISABLE (Waiman Long) [1584356]
{CVE-2018-3639}
- [uapi] prctl: Add force disable speculation (Waiman Long) [1584356]
{CVE-2018-3639}
- [kernel] seccomp: Enable speculation flaw mitigations (Waiman Long)
[1584356] {CVE-2018-3639}
- [fs] proc: Provide details on speculation flaw mitigations (Waiman
Long) [1584356] {CVE-2018-3639}
- [x86] nospec: Allow getting/setting on non-current task (Waiman Long)
[1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Show IBPB in the Spectre_v2 sysfs file (Waiman Long)
[1584356] {CVE-2018-3639}
- [x86] pti: Check MSR_IA32_ARCH_CAPABILITIES for Meltdown
vulnearability (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Sync up naming of SPEC_CTRL MSR bits with upstream
(Waiman Long) [1584356] {CVE-2018-3639}
- [x86] pti: Fix kexec warning on debug kernel (Waiman Long) [1584356]
{CVE-2018-3639}
- [x86] kvm/fpu: Enable eager FPU restore (Paolo Bonzini) [1589047]
{CVE-2018-3665}
- [x86] always enable eager FPU by default (Paolo Bonzini) [1589047]
{CVE-2018-3665}
- [x86] fpu: Load xsave pointer *after* initialization (Paolo Bonzini)
[1589047] {CVE-2018-3665}
- [x86] fpu: Fix 32-bit signal frame handling (Paolo Bonzini) [1589047]
{CVE-2018-3665}
- [x86] fpu: Always restore_xinit_state() when use_eager_cpu() (Paolo
Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Rename drop_init_fpu() to fpu_reset_state() (Paolo Bonzini)
[1589047] {CVE-2018-3665}
- [x86] fpu: Fix math_state_restore() race with kernel_fpu_begin()
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Fold __drop_fpu() into its sole user (Paolo Bonzini)
[1589047] {CVE-2018-3665}
- [x86] fpu: Don't abuse drop_init_fpu() in flush_thread() (Paolo
Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Introduce restore_init_xstate() (Paolo Bonzini) [1589047]
{CVE-2018-3665}
- [x86] fpu: Document user_fpu_begin() (Paolo Bonzini) [1589047]
{CVE-2018-3665}
- [x86] fpu: Factor out memset(xstate, 0) in fpu_finit() paths (Paolo
Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Change xstateregs_get()/set() to use ->xsave.i387 rather
than ->fxsave (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Always allow FPU in interrupt if use_eager_fpu() (Paolo
Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Don't abuse has_fpu in __kernel_fpu_begin/end() (Paolo
Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Introduce per-cpu in_kernel_fpu state (Paolo Bonzini)
[1589047] {CVE-2018-3665}
- [x86] fpu: Check tsk_used_math() in kernel_fpu_end() for eager FPU
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Change math_error() to use unlazy_fpu(), kill (now) unused
save_init_fpu() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] Merge simd_math_error() into math_error() (Paolo Bonzini)
[1589047] {CVE-2018-3665}
- [x86] fpu: Don't do __thread_fpu_end() if use_eager_fpu() (Paolo
Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Don't reset thread.fpu_counter (Paolo Bonzini) [1589047]
{CVE-2018-3665}
- [x86] fpu: shift drop_init_fpu() from save_xstate_sig() to
handle_signal() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] Allow FPU to be used at interrupt time even with eagerfpu (Paolo
Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387.c: Initialize thread xstate only on CPU0 only once (Paolo
Bonzini) [1589047] {CVE-2018-3665}
- [x86] kvm: fix kvm's usage of kernel_fpu_begin/end() (Paolo Bonzini)
[1589047] {CVE-2018-3665}
- [x86] rhel: initialize scattered CPUID features early (Paolo Bonzini)
[1589047] {CVE-2018-3665}
- [x86] fpu: make eagerfpu= boot param tri-state (Paolo Bonzini)
[1589047] {CVE-2018-3665}
- [x86] fpu: enable eagerfpu by default for xsaveopt (Paolo Bonzini)
[1589047] {CVE-2018-3665}
- [x86] fpu: decouple non-lazy/eager fpu restore from xsave (Paolo
Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: use non-lazy fpu restore for processors supporting xsave
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: remove unnecessary user_fpu_end() in save_xstate_sig()
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: drop_fpu() before restoring new state from sigframe (Paolo
Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Unify signal handling code paths for x86 and x86_64 kernels
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: drop the fpu state during thread exit (Paolo Bonzini)
[1589047] {CVE-2018-3665}
- [x86] signals: ia32_signal.c: add __user casts to fix sparse warnings
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Consolidate inline asm routines for saving/restoring fpu
state (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] signal: Cleanup ifdefs and is_ia32, is_x32 (Paolo Bonzini)
[1589047] {CVE-2018-3665}
- [x86] fpu/xsave: Keep __user annotation in casts (Paolo Bonzini)
[1589047] {CVE-2018-3665}
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] extable: Remove open-coded exception table entries in
arch/x86/include/asm/xsave.h (Paolo Bonzini) [1589047] {CVE-2018-3665}
into exported and internal interfaces (Paolo Bonzini) [1589047]
{CVE-2018-3665}
- [x86] i387: Uninline the generic FP helpers that we expose to kernel
modules (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: (DON'T ACTUALLY) support lazy restore of FPU state (Paolo
Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: use 'restore_fpu_checking()' directly in task switching
code (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: fix up some fpu_counter confusion (Paolo Bonzini)
[1589047] {CVE-2018-3665}
- [x86] i387: re-introduce FPU state preloading at context switch time
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: move TS_USEDFPU flag from thread_info to task_struct
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: move AMD K7/K8 fpu fxsave/fxrstor workaround from save to
restore (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: do not preload FPU state at task switch time (Paolo
Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: don't ever touch TS_USEDFPU directly, use helper functions
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: move TS_USEDFPU clearing out of __save_init_fpu and into
callers (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: fix x86-64 preemption-unsafe user stack save/restore
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: math_state_restore() isn't called from asm (Paolo Bonzini)
[1589047] {CVE-2018-3665}
- [x86] fix potentially dangerous trailing '; ' in #defined
values/expressions (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] x86-32, fpu: Fix FPU exception handling on non-SSE systems
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] Fix common misspellings (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] kvm: Initialize fpu state in preemptible context (Paolo Bonzini)
[1589047] {CVE-2018-3665}
- [x86] fpu: Merge fpu_save_init() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] x86-32, fpu: Rewrite fpu_save_init() (Paolo Bonzini) [1589047]
{CVE-2018-3665}
- [x86] fpu: Remove PSHUFB_XMM5_* macros (Paolo Bonzini) [1589047]
{CVE-2018-3665}
- [x86] fpu: Remove unnecessary ifdefs from i387 code. (Paolo Bonzini)
[1589047] {CVE-2018-3665}
- [x86] x86-64, fpu: Simplify constraints for fxsave/fxtstor (Paolo
Bonzini) [1589047] {CVE-2018-3665}
- [x86] x86-64, fpu: Fix cs value in convert_from_fxsr() (Paolo Bonzini)
[1589047] {CVE-2018-3665}
- [x86] x86-64, fpu: Disable preemption when using TS_USEDFPU (Paolo
Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Merge __save_init_fpu() (Paolo Bonzini) [1589047]
{CVE-2018-3665}
- [x86] fpu: Merge tolerant_fwait() (Paolo Bonzini) [1589047]
{CVE-2018-3665}
- [x86] fpu: Merge fpu_init() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Disable xsave in i387 emulation mode (Paolo Bonzini)
[1589047] {CVE-2018-3665}
- [x86] xsave: Make xstate_enable_boot_cpu() __init, protect on CPU 0
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Add __init attribute to setup_xstate_features() (Paolo
Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Make init_xstate_buf static (Paolo Bonzini) [1589047]
{CVE-2018-3665}
- [x86] xsave: Check cpuid level for XSTATE_CPUID (0x0d) (Paolo Bonzini)
[1589047] {CVE-2018-3665}
- [x86] xsave: Introduce xstate enable functions (Paolo Bonzini)
[1589047] {CVE-2018-3665}
- [x86] xsave: Do not include asm/i387.h in asm/xsave.h (Paolo Bonzini)
[1589047] {CVE-2018-3665}
- [x86] Avoid unnecessary __clear_user() and xrstor in signal handling
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Cleanup return codes in check_for_xstate() (Paolo
Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Separate fpu and xsave initialization (Paolo Bonzini)
[1589047] {CVE-2018-3665}
- [x86] xsave: Move boot cpu initialization to xsave_init() (Paolo
Bonzini) [1589047] {CVE-2018-3665}
- [x86] Revert "[x86] fpu: change save_i387_xstate() to rely on
unlazy_fpu()" (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] Revert "[x86] fpu: shift clear_used_math() from
save_i387_xstate() to handle_signal()" (Paolo Bonzini) [1589047]
{CVE-2018-3665}


ELSA-2018-4161 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2018-4161

http://linux.oracle.com/errata/ELSA-2018-4161.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.17.1.el6uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.17.1.el6uek.noarch.rpm
kernel-uek-4.1.12-124.17.1.el6uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.17.1.el6uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.17.1.el6uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.17.1.el6uek.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-4.1.12-124.17.1.el6uek.src.rpm



Description of changes:

[4.1.12-124.17.1.el6uek]
- block: update integrity interval after queue limits change (Ritika
Srivastava) [Orabug: 27586756]
- dccp: check sk for closed state in dccp_sendmsg() (Alexey Kodanev)
[Orabug: 28001529] {CVE-2017-8824} {CVE-2018-1130}
- net/rds: Implement ARP flushing correctly (Håkon Bugge) [Orabug:
28219857]
- net/rds: Fix incorrect bigger vs. smaller IP address check (Håkon
Bugge) [Orabug: 28236599]
- ocfs2: Fix locking for res->tracking and dlm->tracking_list (Ashish
Samant) [Orabug: 28256391]
- xfrm: policy: check policy direction value (Vladis Dronov) [Orabug:
28256487] {CVE-2017-11600} {CVE-2017-11600}

[4.1.12-124.16.6.el6uek]
- add kernel param to pre-allocate NICs (Brian Maly) [Orabug: 27870400]
- mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris
Salls) [Orabug: 28242475] {CVE-2017-7616}
- xhci: Fix USB3 NULL pointer dereference at logical disconnect.
(Mathias Nyman) [Orabug: 27426023]
- mlx4_core: restore optimal ICM memory allocation (Eric Dumazet)
[Orabug: 27718303]
- mlx4_core: allocate ICM memory in page size chunks (Qing Huang)
[Orabug: 27718303]
- kernel/signal.c: avoid undefined behaviour in kill_something_info When
running kill(72057458746458112, 0) in userspace I hit the following
issue. (mridula shastry) [Orabug: 28078687] {CVE-2018-10124}
- rds: tcp: compute m_ack_seq as offset from ->write_seq (Sowmini
Varadhan) [Orabug: 28085214]
- ext4: fix bitmap position validation (Lukas Czerner) [Orabug: 28167032]
- net/rds: Fix bug in failover_group parsing (Håkon Bugge) [Orabug:
28198749]
- sctp: verify size of a new chunk in _sctp_make_chunk() (Alexey
Kodanev) [Orabug: 28240074] {CVE-2018-5803}

[4.1.12-124.16.5.el6uek]
- netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Eric
Dumazet) [Orabug: 27896802] {CVE-2017-18017}
- kernel/exit.c: avoid undefined behaviour when calling wait4()
wait4(-2147483648, 0x20, 0, 0xdd0000) triggers: UBSAN: Undefined
behaviour in kernel/exit.c:1651:9 (mridula shastry) [Orabug: 28049778]
{CVE-2018-10087}
- x86/bugs/module: Provide retpoline_modules_only parameter to fail
non-retpoline modules (Konrad Rzeszutek Wilk) [Orabug: 28071992]

ELSA-2018-4161 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2018-4161

http://linux.oracle.com/errata/ELSA-2018-4161.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.17.1.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.17.1.el7uek.noarch.rpm
kernel-uek-4.1.12-124.17.1.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.17.1.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.17.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.17.1.el7uek.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.1.12-124.17.1.el7uek.src.rpm



Description of changes:

[4.1.12-124.17.1.el7uek]
- block: update integrity interval after queue limits change (Ritika
Srivastava) [Orabug: 27586756]
- dccp: check sk for closed state in dccp_sendmsg() (Alexey Kodanev)
[Orabug: 28001529] {CVE-2017-8824} {CVE-2018-1130}
- net/rds: Implement ARP flushing correctly (Håkon Bugge) [Orabug:
28219857]
- net/rds: Fix incorrect bigger vs. smaller IP address check (Håkon
Bugge) [Orabug: 28236599]
- ocfs2: Fix locking for res->tracking and dlm->tracking_list (Ashish
Samant) [Orabug: 28256391]
- xfrm: policy: check policy direction value (Vladis Dronov) [Orabug:
28256487] {CVE-2017-11600} {CVE-2017-11600}

[4.1.12-124.16.6.el7uek]
- add kernel param to pre-allocate NICs (Brian Maly) [Orabug: 27870400]
- mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris
Salls) [Orabug: 28242475] {CVE-2017-7616}
- xhci: Fix USB3 NULL pointer dereference at logical disconnect.
(Mathias Nyman) [Orabug: 27426023]
- mlx4_core: restore optimal ICM memory allocation (Eric Dumazet)
[Orabug: 27718303]
- mlx4_core: allocate ICM memory in page size chunks (Qing Huang)
[Orabug: 27718303]
- kernel/signal.c: avoid undefined behaviour in kill_something_info When
running kill(72057458746458112, 0) in userspace I hit the following
issue. (mridula shastry) [Orabug: 28078687] {CVE-2018-10124}
- rds: tcp: compute m_ack_seq as offset from ->write_seq (Sowmini
Varadhan) [Orabug: 28085214]
- ext4: fix bitmap position validation (Lukas Czerner) [Orabug: 28167032]
- net/rds: Fix bug in failover_group parsing (Håkon Bugge) [Orabug:
28198749]
- sctp: verify size of a new chunk in _sctp_make_chunk() (Alexey
Kodanev) [Orabug: 28240074] {CVE-2018-5803}

[4.1.12-124.16.5.el7uek]
- netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Eric
Dumazet) [Orabug: 27896802] {CVE-2017-18017}
- kernel/exit.c: avoid undefined behaviour when calling wait4()
wait4(-2147483648, 0x20, 0, 0xdd0000) triggers: UBSAN: Undefined
behaviour in kernel/exit.c:1651:9 (mridula shastry) [Orabug: 28049778]
{CVE-2018-10087}
- x86/bugs/module: Provide retpoline_modules_only parameter to fail
non-retpoline modules (Konrad Rzeszutek Wilk) [Orabug: 28071992]

ELSA-2018-4164 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2018-4164

http://linux.oracle.com/errata/ELSA-2018-4164.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-firmware-3.8.13-118.22.1.el6uek.noarch.rpm
kernel-uek-doc-3.8.13-118.22.1.el6uek.noarch.rpm
kernel-uek-3.8.13-118.22.1.el6uek.x86_64.rpm
kernel-uek-devel-3.8.13-118.22.1.el6uek.x86_64.rpm
kernel-uek-debug-devel-3.8.13-118.22.1.el6uek.x86_64.rpm
kernel-uek-debug-3.8.13-118.22.1.el6uek.x86_64.rpm
dtrace-modules-3.8.13-118.22.1.el6uek-0.4.5-3.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-3.8.13-118.22.1.el6uek.src.rpm
http://oss.oracle.com/ol6/SRPMS-updates/dtrace-modules-3.8.13-118.22.1.el6uek-0.4.5-3.el6.src.rpm



Description of changes:

kernel-uek
[3.8.13-118.22.1.el6uek]
- dm: fix race between dm_get_from_kobject() and __dm_destroy() (Hou
Tao) {CVE-2017-18203}
- drm: udl: Properly check framebuffer mmap offsets (Greg Kroah-Hartman)
[Orabug: 27986407] {CVE-2018-8781}
- kernel/exit.c: avoid undefined behaviour when calling wait4()
wait4(-2147483648, 0x20, 0, 0xdd0000) triggers: UBSAN: Undefined
behaviour in kernel/exit.c:1651:9 (mridula shastry) [Orabug: 27875488]
{CVE-2018-10087}
- kernel/signal.c: avoid undefined behaviour in kill_something_info When
running kill(72057458746458112, 0) in userspace I hit the following
issue. (mridula shastry) {CVE-2018-10124}
- bluetooth: Validate socket address length in sco_sock_bind().
(mlevatic) [Orabug: 28130293] {CVE-2015-8575}
- dccp: check sk for closed state in dccp_sendmsg() (Alexey Kodanev)
[Orabug: 28220402] {CVE-2017-8824} {CVE-2018-1130}
- sctp: verify size of a new chunk in _sctp_make_chunk() (Alexey
Kodanev) [Orabug: 28240075] {CVE-2018-5803}
- mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris
Salls) [Orabug: 28242478] {CVE-2017-7616}
- xfrm: policy: check policy direction value (Vladis Dronov) [Orabug:
28264121] {CVE-2017-11600} {CVE-2017-11600}
- x86/fpu: Make eager FPU default (Mihai Carabas) [Orabug: 28156176]
{CVE-2018-3665}
- KVM: Fix stack-out-of-bounds read in write_mmio (Wanpeng Li) [Orabug:
27951287] {CVE-2017-17741} {CVE-2017-17741}
- xfs: set format back to extents if xfs_bmap_extents_to_btree (Eric
Sandeen) [Orabug: 27989498] {CVE-2018-10323}
- Bluetooth: Prevent stack info leak from the EFS element. (Ben Seri)
[Orabug: 28030520] {CVE-2017-1000410} {CVE-2017-1000410}
- ALSA: hrtimer: Fix stall by hrtimer_cancel() (Takashi Iwai) [Orabug:
28058229] {CVE-2016-2549}
- ALSA: timer: Harden slave timer list handling (Takashi Iwai) [Orabug:
28058229] {CVE-2016-2547} {CVE-2016-2548}
- ALSA: timer: Fix double unlink of active_list (Takashi Iwai) [Orabug:
28058229] {CVE-2016-2545}
- ALSA: seq: Fix missing NULL check at remove_events ioctl (Takashi
Iwai) [Orabug: 28058229] {CVE-2016-2543}
- ALSA: seq: Fix race at timer setup and close (Takashi Iwai) [Orabug:
28058229] {CVE-2016-2544}
- ALSA: usb-audio: avoid freeing umidi object twice (Andrey Konovalov)
[Orabug: 28058229] {CVE-2016-2384}
- perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus
Torvalds) [Orabug: 27947608] {CVE-2018-1000199}
- Revert "perf/hwbp: Simplify the perf-hwbp code, fix documentation"
(Brian Maly) [Orabug: 27947608]

ELSA-2018-4164 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2018-4164

http://linux.oracle.com/errata/ELSA-2018-4164.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-firmware-3.8.13-118.22.1.el7uek.noarch.rpm
kernel-uek-doc-3.8.13-118.22.1.el7uek.noarch.rpm
kernel-uek-3.8.13-118.22.1.el7uek.x86_64.rpm
kernel-uek-devel-3.8.13-118.22.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-3.8.13-118.22.1.el7uek.x86_64.rpm
kernel-uek-debug-3.8.13-118.22.1.el7uek.x86_64.rpm
dtrace-modules-3.8.13-118.22.1.el7uek-0.4.5-3.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-3.8.13-118.22.1.el7uek.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/dtrace-modules-3.8.13-118.22.1.el7uek-0.4.5-3.el7.src.rpm



Description of changes:

kernel-uek
kernel-uek
[3.8.13-118.22.1.el7uek]
- dm: fix race between dm_get_from_kobject() and __dm_destroy() (Hou
Tao) {CVE-2017-18203}
- drm: udl: Properly check framebuffer mmap offsets (Greg Kroah-Hartman)
[Orabug: 27986407] {CVE-2018-8781}
- kernel/exit.c: avoid undefined behaviour when calling wait4()
wait4(-2147483648, 0x20, 0, 0xdd0000) triggers: UBSAN: Undefined
behaviour in kernel/exit.c:1651:9 (mridula shastry) [Orabug: 27875488]
{CVE-2018-10087}
- kernel/signal.c: avoid undefined behaviour in kill_something_info When
running kill(72057458746458112, 0) in userspace I hit the following
issue. (mridula shastry) {CVE-2018-10124}
- bluetooth: Validate socket address length in sco_sock_bind().
(mlevatic) [Orabug: 28130293] {CVE-2015-8575}
- dccp: check sk for closed state in dccp_sendmsg() (Alexey Kodanev)
[Orabug: 28220402] {CVE-2017-8824} {CVE-2018-1130}
- sctp: verify size of a new chunk in _sctp_make_chunk() (Alexey
Kodanev) [Orabug: 28240075] {CVE-2018-5803}
- mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris
Salls) [Orabug: 28242478] {CVE-2017-7616}
- xfrm: policy: check policy direction value (Vladis Dronov) [Orabug:
28264121] {CVE-2017-11600} {CVE-2017-11600}
- x86/fpu: Make eager FPU default (Mihai Carabas) [Orabug: 28156176]
{CVE-2018-3665}
- KVM: Fix stack-out-of-bounds read in write_mmio (Wanpeng Li) [Orabug:
27951287] {CVE-2017-17741} {CVE-2017-17741}
- xfs: set format back to extents if xfs_bmap_extents_to_btree (Eric
Sandeen) [Orabug: 27989498] {CVE-2018-10323}
- Bluetooth: Prevent stack info leak from the EFS element. (Ben Seri)
[Orabug: 28030520] {CVE-2017-1000410} {CVE-2017-1000410}
- ALSA: hrtimer: Fix stall by hrtimer_cancel() (Takashi Iwai) [Orabug:
28058229] {CVE-2016-2549}
- ALSA: timer: Harden slave timer list handling (Takashi Iwai) [Orabug:
28058229] {CVE-2016-2547} {CVE-2016-2548}
- ALSA: timer: Fix double unlink of active_list (Takashi Iwai) [Orabug:
28058229] {CVE-2016-2545}
- ALSA: seq: Fix missing NULL check at remove_events ioctl (Takashi
Iwai) [Orabug: 28058229] {CVE-2016-2543}
- ALSA: seq: Fix race at timer setup and close (Takashi Iwai) [Orabug:
28058229] {CVE-2016-2544}
- ALSA: usb-audio: avoid freeing umidi object twice (Andrey Konovalov)
[Orabug: 28058229] {CVE-2016-2384}
- perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus
Torvalds) [Orabug: 27947608] {CVE-2018-1000199}
- Revert "perf/hwbp: Simplify the perf-hwbp code, fix documentation"
(Brian Maly) [Orabug: 27947608]