Oracle Linux 6277 Published by

The following kernel updates has been released for Oracle Linux:

ELSA-2018-4214 Important: Oracle Linux 5 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update
ELSA-2018-4214 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2018-4216 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2018-4216 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update



ELSA-2018-4214 Important: Oracle Linux 5 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2018-4214

http://linux.oracle.com/errata/ELSA-2018-4214.html

The following updated rpms for Oracle Linux 5 Extended Lifecycle Support
(ELS) have been uploaded to the Unbreakable Linux Network:

i386:
kernel-uek-2.6.39-400.301.1.el5uek.i686.rpm
kernel-uek-debug-2.6.39-400.301.1.el5uek.i686.rpm
kernel-uek-debug-devel-2.6.39-400.301.1.el5uek.i686.rpm
kernel-uek-devel-2.6.39-400.301.1.el5uek.i686.rpm
kernel-uek-doc-2.6.39-400.301.1.el5uek.noarch.rpm
kernel-uek-firmware-2.6.39-400.301.1.el5uek.noarch.rpm

x86_64:
kernel-uek-firmware-2.6.39-400.301.1.el5uek.noarch.rpm
kernel-uek-doc-2.6.39-400.301.1.el5uek.noarch.rpm
kernel-uek-2.6.39-400.301.1.el5uek.x86_64.rpm
kernel-uek-devel-2.6.39-400.301.1.el5uek.x86_64.rpm
kernel-uek-debug-devel-2.6.39-400.301.1.el5uek.x86_64.rpm
kernel-uek-debug-2.6.39-400.301.1.el5uek.x86_64.rpm




Description of changes:

[2.6.39-400.301.1.el5uek]
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
(Vlastimil Babka) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean
Christopherson) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil
Babka) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil
Babka) [Orabug: 28505519] {CVE-2018-3620}
- mm, fremap: mitigate L1TF in remap_file_pages (Daniel Jordan)
[Orabug: 28505519] {CVE-2018-3620}
- x86/speculation: Don't mark cpu_no_l1tf __initconst (Boris Ostrovsky)
[Orabug: 28505519] {CVE-2018-3620}
- x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen)
[Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen)
[Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Invert all not present mappings (Andi Kleen)
[Orabug: 28505519] {CVE-2018-3620}
- x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad
Rzeszutek Wilk) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Kleen)
[Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE
mappings (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620}
- mm/pagewalk.c: prevent positive return value of walk_page_test() from
being passed to callers (Naoya Horiguchi) [Orabug: 28505519]
{CVE-2018-3620}
- mm: pagewalk: fix misbehavior of walk_page_range for vma(VM_PFNMAP)
(Naoya Horiguchi) [Orabug: 28505519] {CVE-2018-3620}
- pagewalk: improve vma handling (Naoya Horiguchi) [Orabug: 28505519]
{CVE-2018-3620}
- mm/pagewalk: remove pgd_entry() and pud_entry() (Naoya Horiguchi)
[Orabug: 28505519] {CVE-2018-3620}
- mm/pagewalk.c: fix walk_page_range() access of wrong PTEs (Chen LinX)
[Orabug: 28505519] {CVE-2018-3620}
- mm/pagewalk.c: walk_page_range should avoid VM_PFNMAP areas (Cliff
Wickman) [Orabug: 28505519] {CVE-2018-3620}
- pagewalk: don't look up vma if walk->hugetlb_entry is unused (KOSAKI
Motohiro) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Kleen)
[Orabug: 28505519] {CVE-2018-3620}
- x86/bugs: Concentrate bug reporting into a separate function (Konrad
Rzeszutek Wilk) [Orabug: 28505519] {CVE-2018-3620}
- x86/bugs: Concentrate bug detection into a separate function (Konrad
Rzeszutek Wilk) [Orabug: 28505519] {CVE-2018-3620}
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and
X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 28505519]
{CVE-2018-3620}
- x86/speculation/l1tf: Make sure the first page is always reserved
(Andi Kleen) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal
Hocko) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi
Kleen) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Protect swap entries against L1TF (Linus
Torvalds) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Change order of offset/type in swap entry (Linus
Torvalds) [Orabug: 28505519] {CVE-2018-3620}
- x86/mm: Fix swap entry comment and macro (Dave Hansen) [Orabug:
28505519] {CVE-2018-3620}
- x86/mm: Move swap offset/type up in PTE to work around erratum (Dave
Hansen) [Orabug: 28505519] {CVE-2018-3620}
- mm: x86 pgtable: drop unneeded preprocessor ifdef (Cyrill Gorcunov)
[Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi
Kleen) [Orabug: 28505519] {CVE-2018-3620}
- x86/mm: Fix regression with huge pages on PAE (Kirill A. Shutemov)
[Orabug: 28505519] {CVE-2018-3620}
- x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Toshi Kani)
[Orabug: 28505519] {CVE-2018-3620}
- x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Toshi
Kani) [Orabug: 28505519] {CVE-2018-3620}
- x86/asm: Move PUD_PAGE macros to page_types.h (Toshi Kani) [Orabug:
28505519] {CVE-2018-3620}
- x86/cpufeature: uniquely define *IA32_ARCH_CAPS and *IBRS_ATT (Daniel
Jordan) [Orabug: 28505519] {CVE-2018-3620}
- Disable kaiser if the cpu is not vulnerable to X86_BUG_CPU_MELTDOWN
(Kanth Ghatraju) [Orabug: 28001909]
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to
Meltdown (David Woodhouse) [Orabug: 28001909]
- x86/msr: Add definitions for IA32_ARCH_CAPABILITIES MSR (David
Woodhouse) [Orabug: 28001909]
- Add driver auto probing for x86 features v4 (Andi Kleen) [Orabug:
28001909]
- mm/mempolicy: fix use after free when calling get_mempolicy (zhong
jiang) [Orabug: 28022110] {CVE-2018-10675}
- xen-netback: do not requeue skb if xenvif is already disconnected
(Dongli Zhang) [Orabug: 28247698]
- posix-timer: Properly check sigevent->sigev_notify (Thomas Gleixner)
[Orabug: 28481397] {CVE-2017-18344}

ELSA-2018-4214 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2018-4214

http://linux.oracle.com/errata/ELSA-2018-4214.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
kernel-uek-2.6.39-400.301.1.el6uek.i686.rpm
kernel-uek-debug-2.6.39-400.301.1.el6uek.i686.rpm
kernel-uek-debug-devel-2.6.39-400.301.1.el6uek.i686.rpm
kernel-uek-devel-2.6.39-400.301.1.el6uek.i686.rpm
kernel-uek-doc-2.6.39-400.301.1.el6uek.noarch.rpm
kernel-uek-firmware-2.6.39-400.301.1.el6uek.noarch.rpm

x86_64:
kernel-uek-firmware-2.6.39-400.301.1.el6uek.noarch.rpm
kernel-uek-doc-2.6.39-400.301.1.el6uek.noarch.rpm
kernel-uek-2.6.39-400.301.1.el6uek.x86_64.rpm
kernel-uek-devel-2.6.39-400.301.1.el6uek.x86_64.rpm
kernel-uek-debug-devel-2.6.39-400.301.1.el6uek.x86_64.rpm
kernel-uek-debug-2.6.39-400.301.1.el6uek.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-2.6.39-400.301.1.el6uek.src.rpm



Description of changes:

[2.6.39-400.301.1.el6uek]
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
(Vlastimil Babka) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean
Christopherson) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil
Babka) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil
Babka) [Orabug: 28505519] {CVE-2018-3620}
- mm, fremap: mitigate L1TF in remap_file_pages (Daniel Jordan)
[Orabug: 28505519] {CVE-2018-3620}
- x86/speculation: Don't mark cpu_no_l1tf __initconst (Boris Ostrovsky)
[Orabug: 28505519] {CVE-2018-3620}
- x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen)
[Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen)
[Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Invert all not present mappings (Andi Kleen)
[Orabug: 28505519] {CVE-2018-3620}
- x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad
Rzeszutek Wilk) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Kleen)
[Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE
mappings (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620}
- mm/pagewalk.c: prevent positive return value of walk_page_test() from
being passed to callers (Naoya Horiguchi) [Orabug: 28505519]
{CVE-2018-3620}
- mm: pagewalk: fix misbehavior of walk_page_range for vma(VM_PFNMAP)
(Naoya Horiguchi) [Orabug: 28505519] {CVE-2018-3620}
- pagewalk: improve vma handling (Naoya Horiguchi) [Orabug: 28505519]
{CVE-2018-3620}
- mm/pagewalk: remove pgd_entry() and pud_entry() (Naoya Horiguchi)
[Orabug: 28505519] {CVE-2018-3620}
- mm/pagewalk.c: fix walk_page_range() access of wrong PTEs (Chen LinX)
[Orabug: 28505519] {CVE-2018-3620}
- mm/pagewalk.c: walk_page_range should avoid VM_PFNMAP areas (Cliff
Wickman) [Orabug: 28505519] {CVE-2018-3620}
- pagewalk: don't look up vma if walk->hugetlb_entry is unused (KOSAKI
Motohiro) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Kleen)
[Orabug: 28505519] {CVE-2018-3620}
- x86/bugs: Concentrate bug reporting into a separate function (Konrad
Rzeszutek Wilk) [Orabug: 28505519] {CVE-2018-3620}
- x86/bugs: Concentrate bug detection into a separate function (Konrad
Rzeszutek Wilk) [Orabug: 28505519] {CVE-2018-3620}
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and
X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 28505519]
{CVE-2018-3620}
- x86/speculation/l1tf: Make sure the first page is always reserved
(Andi Kleen) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal
Hocko) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi
Kleen) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Protect swap entries against L1TF (Linus
Torvalds) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Change order of offset/type in swap entry (Linus
Torvalds) [Orabug: 28505519] {CVE-2018-3620}
- x86/mm: Fix swap entry comment and macro (Dave Hansen) [Orabug:
28505519] {CVE-2018-3620}
- x86/mm: Move swap offset/type up in PTE to work around erratum (Dave
Hansen) [Orabug: 28505519] {CVE-2018-3620}
- mm: x86 pgtable: drop unneeded preprocessor ifdef (Cyrill Gorcunov)
[Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi
Kleen) [Orabug: 28505519] {CVE-2018-3620}
- x86/mm: Fix regression with huge pages on PAE (Kirill A. Shutemov)
[Orabug: 28505519] {CVE-2018-3620}
- x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Toshi Kani)
[Orabug: 28505519] {CVE-2018-3620}
- x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Toshi
Kani) [Orabug: 28505519] {CVE-2018-3620}
- x86/asm: Move PUD_PAGE macros to page_types.h (Toshi Kani) [Orabug:
28505519] {CVE-2018-3620}
- x86/cpufeature: uniquely define *IA32_ARCH_CAPS and *IBRS_ATT (Daniel
Jordan) [Orabug: 28505519] {CVE-2018-3620}
- Disable kaiser if the cpu is not vulnerable to X86_BUG_CPU_MELTDOWN
(Kanth Ghatraju) [Orabug: 28001909]
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to
Meltdown (David Woodhouse) [Orabug: 28001909]
- x86/msr: Add definitions for IA32_ARCH_CAPABILITIES MSR (David
Woodhouse) [Orabug: 28001909]
- Add driver auto probing for x86 features v4 (Andi Kleen) [Orabug:
28001909]
- mm/mempolicy: fix use after free when calling get_mempolicy (zhong
jiang) [Orabug: 28022110] {CVE-2018-10675}
- xen-netback: do not requeue skb if xenvif is already disconnected
(Dongli Zhang) [Orabug: 28247698]
- posix-timer: Properly check sigevent->sigev_notify (Thomas Gleixner)
[Orabug: 28481397] {CVE-2017-18344}

ELSA-2018-4216 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2018-4216

http://linux.oracle.com/errata/ELSA-2018-4216.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.19.2.el6uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.19.2.el6uek.noarch.rpm
kernel-uek-4.1.12-124.19.2.el6uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.19.2.el6uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.19.2.el6uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.19.2.el6uek.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-4.1.12-124.19.2.el6uek.src.rpm



Description of changes:

[4.1.12-124.19.2.el6uek]
- tcp: add tcp_ooo_try_coalesce() helper (Eric Dumazet) [Orabug:
28639707] {CVE-2018-5390}
- tcp: call tcp_drop() from tcp_data_queue_ofo() (Eric Dumazet)
[Orabug: 28639707] {CVE-2018-5390}
- tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Eric
Dumazet) [Orabug: 28639707] {CVE-2018-5390}
- tcp: avoid collapses in tcp_prune_queue() if possible (Eric Dumazet)
[Orabug: 28639707] {CVE-2018-5390}
- tcp: free batches of packets in tcp_prune_ofo_queue() (Eric Dumazet)
[Orabug: 28639707] {CVE-2018-5390}
- tcp: use an RB tree for ooo receive queue (Yaogong Wang) [Orabug:
28639707] {CVE-2018-5390}
- tcp: refine tcp_prune_ofo_queue() to not drop all packets (Eric
Dumazet) [Orabug: 28639707] {CVE-2018-5390}
- tcp: introduce tcp_under_memory_pressure() (Eric Dumazet) [Orabug:
28639707] {CVE-2018-5390}
- tcp: increment sk_drops for dropped rx packets (Eric Dumazet)
[Orabug: 28639707] {CVE-2018-5390}

ELSA-2018-4216 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2018-4216

http://linux.oracle.com/errata/ELSA-2018-4216.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.19.2.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.19.2.el7uek.noarch.rpm
kernel-uek-4.1.12-124.19.2.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.19.2.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.19.2.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.19.2.el7uek.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.1.12-124.19.2.el7uek.src.rpm



Description of changes:

[4.1.12-124.19.2.el7uek]
- tcp: add tcp_ooo_try_coalesce() helper (Eric Dumazet) [Orabug:
28639707] {CVE-2018-5390}
- tcp: call tcp_drop() from tcp_data_queue_ofo() (Eric Dumazet)
[Orabug: 28639707] {CVE-2018-5390}
- tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Eric
Dumazet) [Orabug: 28639707] {CVE-2018-5390}
- tcp: avoid collapses in tcp_prune_queue() if possible (Eric Dumazet)
[Orabug: 28639707] {CVE-2018-5390}
- tcp: free batches of packets in tcp_prune_ofo_queue() (Eric Dumazet)
[Orabug: 28639707] {CVE-2018-5390}
- tcp: use an RB tree for ooo receive queue (Yaogong Wang) [Orabug:
28639707] {CVE-2018-5390}
- tcp: refine tcp_prune_ofo_queue() to not drop all packets (Eric
Dumazet) [Orabug: 28639707] {CVE-2018-5390}
- tcp: introduce tcp_under_memory_pressure() (Eric Dumazet) [Orabug:
28639707] {CVE-2018-5390}
- tcp: increment sk_drops for dropped rx packets (Eric Dumazet)
[Orabug: 28639707] {CVE-2018-5390}