The following updates has been released for Oracle Linux:
ELSA-2018-2692 Critical: Oracle Linux 7 firefox security update (aarch64)
ELSA-2018-4215 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2018-4215 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2018-4211)
ELSA-2018-2692 Critical: Oracle Linux 7 firefox security update (aarch64)
ELSA-2018-4215 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2018-4215 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2018-4211)
ELSA-2018-2692 Critical: Oracle Linux 7 firefox security update (aarch64)
Oracle Linux Security Advisory ELSA-2018-2692
http://linux.oracle.com/errata/ELSA-2018-2692.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
aarch64:
firefox-60.2.0-1.0.1.el7_5.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/firefox-60.2.0-1.0.1.el7_5.src.rpm
Description of changes:
[60.2.0-1.0.1]
- Add firefox-oracle-default-prefs.js and remove the corresponding Red
Hat file
[60.2.0-1]
- Update to 60.2.0 ESR
[60.1.0-9]
- Do not set user agent (rhbz#1608065)
- GTK dialogs are localized now (rhbz#1619373)
- JNLP association works again (rhbz#1607457)
[60.1.0-8]
- Fixed homepage and bookmarks (rhbz#1606778)
- Fixed missing file associations in RHEL6 (rhbz#1613565)
[60.1.0-7]
- Run at-spi-bus if not running already (for the bundled gtk3)
[60.1.0-6]
- Fix for missing schemes for bundled gtk3
[60.1.0-5]
- Added mesa-libEGL dependency to gtk3/rhel6
ELSA-2018-4215 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2018-4215
http://linux.oracle.com/errata/ELSA-2018-4215.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-firmware-3.8.13-118.24.2.el6uek.noarch.rpm
kernel-uek-doc-3.8.13-118.24.2.el6uek.noarch.rpm
kernel-uek-3.8.13-118.24.2.el6uek.x86_64.rpm
kernel-uek-devel-3.8.13-118.24.2.el6uek.x86_64.rpm
kernel-uek-debug-devel-3.8.13-118.24.2.el6uek.x86_64.rpm
kernel-uek-debug-3.8.13-118.24.2.el6uek.x86_64.rpm
dtrace-modules-3.8.13-118.24.2.el6uek-0.4.5-3.el6.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-3.8.13-118.24.2.el6uek.src.rpm
http://oss.oracle.com/ol6/SRPMS-updates/dtrace-modules-3.8.13-118.24.2.el6uek-0.4.5-3.el6.src.rpm
Description of changes:
kernel-uek
[3.8.13-118.24.2.el6uek]
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
(Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil
Babka) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil
Babka) [Orabug: 28505476] {CVE-2018-3620}
- mm, fremap: mitigate L1TF in remap_file_pages (Daniel Jordan)
[Orabug: 28505476] {CVE-2018-3620}
- x86/speculation: Don't mark cpu_no_l1tf __initconst (Boris Ostrovsky)
[Orabug: 28505476] {CVE-2018-3620}
- x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen)
[Orabug: 28505476] {CVE-2018-3620}
- x86/mm/pat: Make set_memory_np() L1TF safe (Andi Kleen) [Orabug:
28505476] {CVE-2018-3620}
- x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (Matt
Fleming) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen)
[Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean
Christopherson) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Invert all not present mappings (Andi Kleen)
[Orabug: 28505476] {CVE-2018-3620}
- x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad
Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Kleen)
[Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE
mappings (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- mm/pagewalk.c: prevent positive return value of walk_page_test() from
being passed to callers (Naoya Horiguchi) [Orabug: 28505476]
{CVE-2018-3620}
- pagewalk: improve vma handling (Naoya Horiguchi) [Orabug: 28505476]
{CVE-2018-3620}
- mm/pagewalk: remove pgd_entry() and pud_entry() (Naoya Horiguchi)
[Orabug: 28505476] {CVE-2018-3620}
- mm/pagewalk.c: fix walk_page_range() access of wrong PTEs (Chen LinX)
[Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Kleen)
[Orabug: 28505476] {CVE-2018-3620}
- x86/cpu/intel: Add Knights Mill to Intel family (Piotr Luc) [Orabug:
28505476] {CVE-2018-3620}
- x86/bugs: Concentrate bug reporting into a separate function (Konrad
Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/bugs: Concentrate bug detection into a separate function (Konrad
Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and
X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 28505476]
{CVE-2018-3620}
- x86/speculation/l1tf: Make sure the first page is always reserved
(Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal
Hocko) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi
Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Protect swap entries against L1TF (Linus
Torvalds) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Change order of offset/type in swap entry (Linus
Torvalds) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm: Fix swap entry comment and macro (Dave Hansen) [Orabug:
28505476] {CVE-2018-3620}
- x86/mm: Move swap offset/type up in PTE to work around erratum (Dave
Hansen) [Orabug: 28505476] {CVE-2018-3620}
- mm: x86 pgtable: drop unneeded preprocessor ifdef (Cyrill Gorcunov)
[Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi
Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm: Fix regression with huge pages on PAE (Kirill A. Shutemov)
[Orabug: 28505476] {CVE-2018-3620}
- x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Toshi Kani)
[Orabug: 28505476] {CVE-2018-3620}
- x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Toshi
Kani) [Orabug: 28505476] {CVE-2018-3620}
- x86/asm: Move PUD_PAGE macros to page_types.h (Toshi Kani) [Orabug:
28505476] {CVE-2018-3620}
- x86/speculation: sort X86_BUG_* with X86_FEATURE_* (Daniel Jordan)
[Orabug: 28505476] {CVE-2018-3620}
- Disable kaiser if the cpu is not vulnerable to X86_BUG_CPU_MELTDOWN
(Kanth Ghatraju) [Orabug: 27958074]
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to
Meltdown (David Woodhouse) [Orabug: 27958074]
- x86/msr: Add definitions for IA32_ARCH_CAPABILITIES MSR (Kanth
Ghatraju) [Orabug: 27958074]
- x86/cpufeatures: Add Intel feature bit for IA32_ARCH_CAPABILITIES
supported (Kanth Ghatraju) [Orabug: 27958074]
_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
ELSA-2018-4215 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2018-4215
http://linux.oracle.com/errata/ELSA-2018-4215.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-firmware-3.8.13-118.24.2.el7uek.noarch.rpm
kernel-uek-doc-3.8.13-118.24.2.el7uek.noarch.rpm
kernel-uek-3.8.13-118.24.2.el7uek.x86_64.rpm
kernel-uek-devel-3.8.13-118.24.2.el7uek.x86_64.rpm
kernel-uek-debug-devel-3.8.13-118.24.2.el7uek.x86_64.rpm
kernel-uek-debug-3.8.13-118.24.2.el7uek.x86_64.rpm
dtrace-modules-3.8.13-118.24.2.el7uek-0.4.5-3.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-3.8.13-118.24.2.el7uek.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/dtrace-modules-3.8.13-118.24.2.el7uek-0.4.5-3.el7.src.rpm
Description of changes:
kernel-uek
[3.8.13-118.24.2.el7uek]
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
(Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil
Babka) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil
Babka) [Orabug: 28505476] {CVE-2018-3620}
- mm, fremap: mitigate L1TF in remap_file_pages (Daniel Jordan)
[Orabug: 28505476] {CVE-2018-3620}
- x86/speculation: Don't mark cpu_no_l1tf __initconst (Boris Ostrovsky)
[Orabug: 28505476] {CVE-2018-3620}
- x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen)
[Orabug: 28505476] {CVE-2018-3620}
- x86/mm/pat: Make set_memory_np() L1TF safe (Andi Kleen) [Orabug:
28505476] {CVE-2018-3620}
- x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (Matt
Fleming) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen)
[Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean
Christopherson) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Invert all not present mappings (Andi Kleen)
[Orabug: 28505476] {CVE-2018-3620}
- x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad
Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Kleen)
[Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE
mappings (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- mm/pagewalk.c: prevent positive return value of walk_page_test() from
being passed to callers (Naoya Horiguchi) [Orabug: 28505476]
{CVE-2018-3620}
- pagewalk: improve vma handling (Naoya Horiguchi) [Orabug: 28505476]
{CVE-2018-3620}
- mm/pagewalk: remove pgd_entry() and pud_entry() (Naoya Horiguchi)
[Orabug: 28505476] {CVE-2018-3620}
- mm/pagewalk.c: fix walk_page_range() access of wrong PTEs (Chen LinX)
[Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Kleen)
[Orabug: 28505476] {CVE-2018-3620}
- x86/cpu/intel: Add Knights Mill to Intel family (Piotr Luc) [Orabug:
28505476] {CVE-2018-3620}
- x86/bugs: Concentrate bug reporting into a separate function (Konrad
Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/bugs: Concentrate bug detection into a separate function (Konrad
Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and
X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 28505476]
{CVE-2018-3620}
- x86/speculation/l1tf: Make sure the first page is always reserved
(Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal
Hocko) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi
Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Protect swap entries against L1TF (Linus
Torvalds) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Change order of offset/type in swap entry (Linus
Torvalds) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm: Fix swap entry comment and macro (Dave Hansen) [Orabug:
28505476] {CVE-2018-3620}
- x86/mm: Move swap offset/type up in PTE to work around erratum (Dave
Hansen) [Orabug: 28505476] {CVE-2018-3620}
- mm: x86 pgtable: drop unneeded preprocessor ifdef (Cyrill Gorcunov)
[Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi
Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm: Fix regression with huge pages on PAE (Kirill A. Shutemov)
[Orabug: 28505476] {CVE-2018-3620}
- x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Toshi Kani)
[Orabug: 28505476] {CVE-2018-3620}
- x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Toshi
Kani) [Orabug: 28505476] {CVE-2018-3620}
- x86/asm: Move PUD_PAGE macros to page_types.h (Toshi Kani) [Orabug:
28505476] {CVE-2018-3620}
- x86/speculation: sort X86_BUG_* with X86_FEATURE_* (Daniel Jordan)
[Orabug: 28505476] {CVE-2018-3620}
- Disable kaiser if the cpu is not vulnerable to X86_BUG_CPU_MELTDOWN
(Kanth Ghatraju) [Orabug: 27958074]
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to
Meltdown (David Woodhouse) [Orabug: 27958074]
- x86/msr: Add definitions for IA32_ARCH_CAPABILITIES MSR (Kanth
Ghatraju) [Orabug: 27958074]
- x86/cpufeatures: Add Intel feature bit for IA32_ARCH_CAPABILITIES
supported (Kanth Ghatraju) [Orabug: 27958074]
New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2018-4211)
Synopsis: ELSA-2018-4211 can now be patched using Ksplice
CVEs: CVE-2017-18344 CVE-2018-10675 CVE-2018-13405 CVE-2018-7566
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4211.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR3 3.8.13 on
OL6 and OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2017-18344: Information disclosure in POSIX timers.
Incorrect validation of POSIX timers could allow a local, unprivileged
user to leak the contents of arbitrary memory through /proc/$PID/timers.
Orabug: 28481409
* CVE-2018-7566: Denial-of-service when initializing ALSA sequence pool.
A race condition when initializing ALSA sequence pool leads to
use-after-free and out-of-bound memory access. An attacker can exploit
this to cause denial-of-service.
Orabug: 28459729
* CVE-2018-13405: Permissions bypass when creating file in SGID directory.
Creating an executable file in an SGID directory can result in the file
having the group ownership of the directory. This can be exploited to
elevate privileges if the file is created in a directory owned by a
privileged group.
Orabug: 28459478
* CVE-2018-10675: Use-after-free in get_mempolicy due to incorrect reference counting.
A reference count error in the get_mempolicy ioctl implementation can
result in a use-after-free. A local user could use this flaw to
escalate privileges.
Orabug: 28022108
SUPPORT
Ksplice support is available at ksplice-support_ww@oracle.com.