Oracle Linux 6266 Published by

The following kernel updates has been released for Oracle Linux:

ELSA-2018-4304 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2018-4304 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)
ELSA-2018-4307 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2018-4307 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update



ELSA-2018-4304 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2018-4304

http://linux.oracle.com/errata/ELSA-2018-4304.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-4.14.35-1818.5.4.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-1818.5.4.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-1818.5.4.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-1818.5.4.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-1818.5.4.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-1818.5.4.el7uek.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1818.5.4.el7uek.src.rpm



Description of changes:

[4.14.35-1818.5.4.el7uek]
- RDS: null pointer dereference in rds_atomic_free_op (Mohamed Ghannam) [Orabug: 28020694] {CVE-2018-5333}
- x86/speculation: Make enhanced IBRS the default spectre v2 mitigation (Alejandro Jimenez) [Orabug: 28474853]
- x86/speculation: Enable enhanced IBRS usage (Alejandro Jimenez) [Orabug: 28474853]
- x86/speculation: functions for supporting enhanced IBRS (Alejandro Jimenez) [Orabug: 28474853]
- KVM: x86: Expose CLDEMOTE CPU feature to guest VM (Jingqi Liu) [Orabug: 28938290]
- x86/cpufeatures: Enumerate cldemote instruction (Fenghua Yu) [Orabug: 28938290]
- libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset (Fred Herard) [Orabug: 28946206]
- wil6210: missing length check in wmi_set_ie (Lior David) [Orabug: 28951267] {CVE-2018-5848}
- floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (Andy Whitcroft) [Orabug: 28956546] {CVE-2018-7755} {CVE-2018-7755}

[4.14.35-1818.5.3.el7uek]
- hugetlbfs: use truncate mutex to prevent pmd sharing race (Mike Kravetz) [Orabug: 28896279]
- xfs: enhance dinode verifier (Eric Sandeen) [Orabug: 28943579] {CVE-2018-10322}
- xfs: move inode fork verifiers to xfs_dinode_verify (Darrick J. Wong) [Orabug: 28943579] {CVE-2018-10322}

[4.14.35-1818.5.2.el7uek]
- rds: crash at rds_ib_inc_copy_to_user+104 due to NULL ptr reference (Venkat Venkatsubra) [Orabug: 28748049]
- kdump/vmcore: support encrypted old memory with SME enabled (Lianbo Jiang) [Orabug: 28796835]
- amd_iommu: remap the device table of IOMMU with the memory encryption mask for kdump (Lianbo Jiang) [Orabug: 28796835]
- kexec: allocate unencrypted control pages for kdump in case SME is enabled (Lianbo Jiang) [Orabug: 28796835]
- x86/ioremap: add a function ioremap_encrypted() to remap kdump old memory (Lianbo Jiang) [Orabug: 28796835]
- net/rds: Fix endless RNR situation (Venkat Venkatsubra) [Orabug: 28857013]
- Btrfs: fix xattr loss after power failure (Filipe Manana) [Orabug: 28893942]
- xen/balloon: Support xend-based toolstack (Boris Ostrovsky) [Orabug: 28901032]
- Btrfs: fix file data corruption after cloning a range and fsync (Filipe Manana) [Orabug: 28905635]
- xen-blkfront: fix kernel panic with negotiate_mq error path (Manjunath Patil)
- cdrom: fix improper type cast, which can leat to information leak. (Young_X) [Orabug: 28929755] {CVE-2018-16658} {CVE-2018-10940} {CVE-2018-18710}
- sched/fair: Use a recently used CPU as an idle candidate and the basis for SIS (Mel Gorman) [Orabug: 28940633]
- sched/fair: Move select_task_rq_fair() slow-path into its own function (Brendan Jackman) [Orabug: 28940633]
- certs: Add Oracle's new X509 cert into .builtin_trusted_keys (Eric Snowberg) [Orabug: 28926200]
- net: Allow pernet_operations to be executed in parallel (Kirill Tkhai) [Orabug: 28924205]
- net: Move mutex_unlock() in cleanup_net() up (Kirill Tkhai) [Orabug: 28924205]
- locking/arch, x86: Add __down_read_killable() (Kirill Tkhai) [Orabug: 28924205]
- locking/x86: Use named operands in rwsem.h (Miguel Bernal Marin) [Orabug: 28924205]
- locking/rwsem: Add down_read_killable() (Kirill Tkhai) [Orabug: 28924205]
- net: Introduce net_sem for protection of pernet_list (Kirill Tkhai) [Orabug: 28924205]
- net: Assign net to net_namespace_list in setup_net() (Kirill Tkhai) [Orabug: 28924205]
- net: Cleanup in copy_net_ns() (Kirill Tkhai) [Orabug: 28924205]

[4.14.35-1818.5.1.el7uek]
- Revert "aarch64: remove duplicate dtb in kernel rpm" (Jack Vogel)

[4.14.35-1818.5.0.el7uek]
- oracleasm: Implement support for QUERY HANDLE operation (Martin K. Petersen) [Orabug: 28887237]
- oracleasm: Honor ASM_IFLAG_FORMAT_NOCHECK flag (Martin K. Petersen) [Orabug: 28887237]
- bpf: 32-bit RSH verification must truncate input before the ALU op (Jann Horn) [Orabug: 28861785] {CVE-2018-18445}
- aarch64: remove duplicate dtb in kernel rpm (Eric Saint-Etienne) [Orabug: 28672035]
- scsi: lpfc: Correct MDS diag and nvmet configuration (James Smart) [Orabug: 28432993]
- uek-rpm: Run 'make olddefconfig' to get latest x86 config values (Victor Erminpour) [Orabug: 28845157]
- hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:447! (Mike Kravetz) [Orabug: 28886647]
- ext4: update i_disksize if direct write past ondisk size (Eryu Guan) [Orabug: 28869428]
- ext4: protect i_disksize update by i_data_sem in direct write path (Eryu Guan) [Orabug: 28869428]
- config: disable xfs online scrub in uek5 (Darrick J. Wong) [Orabug: 28890254]
- scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (Alexander Potapenko) [Orabug: 28884433] {CVE-2018-1000204}
- random: fix crng_ready() test (Theodore Ts'o) [Orabug: 28863713] {CVE-2018-1108} {CVE-2018-1108}
- proc: do not access cmdline nor environ from file-backed areas (Willy Tarreau) [Orabug: 28863722] {CVE-2018-1120} {CVE-2018-1120}
- vhost: correctly check the iova range when waking virtqueue (Jason Wang) [Orabug: 28892623] {CVE-2018-1118}
- xfs: don't call xfs_da_shrink_inode with NULL bp (Eric Sandeen) [Orabug: 28893785] {CVE-2018-13094}
- ALSA: rawmidi: Change resized buffers atomically (Takashi Iwai) [Orabug: 28893798] {CVE-2018-10902}
- mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (Andrea Arcangeli) [Orabug: 28899818]

ELSA-2018-4304 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)

Oracle Linux Security Advisory ELSA-2018-4304

http://linux.oracle.com/errata/ELSA-2018-4304.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
kernel-uek-4.14.35-1818.5.4.el7uek.aarch64.rpm
kernel-uek-debug-4.14.35-1818.5.4.el7uek.aarch64.rpm
kernel-uek-debug-devel-4.14.35-1818.5.4.el7uek.aarch64.rpm
kernel-uek-devel-4.14.35-1818.5.4.el7uek.aarch64.rpm
kernel-uek-tools-4.14.35-1818.5.4.el7uek.aarch64.rpm
kernel-uek-tools-libs-4.14.35-1818.5.4.el7uek.aarch64.rpm
kernel-uek-tools-libs-devel-4.14.35-1818.5.4.el7uek.aarch64.rpm
perf-4.14.35-1818.5.4.el7uek.aarch64.rpm
python-perf-4.14.35-1818.5.4.el7uek.aarch64.rpm
kernel-uek-headers-4.14.35-1818.5.4.el7uek.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1818.5.4.el7uek.src.rpm



Description of changes:

[4.14.35-1818.5.4.el7uek]
- RDS: null pointer dereference in rds_atomic_free_op (Mohamed Ghannam) [Orabug: 28020694] {CVE-2018-5333}
- x86/speculation: Make enhanced IBRS the default spectre v2 mitigation (Alejandro Jimenez) [Orabug: 28474853]
- x86/speculation: Enable enhanced IBRS usage (Alejandro Jimenez) [Orabug: 28474853]
- x86/speculation: functions for supporting enhanced IBRS (Alejandro Jimenez) [Orabug: 28474853]
- KVM: x86: Expose CLDEMOTE CPU feature to guest VM (Jingqi Liu) [Orabug: 28938290]
- x86/cpufeatures: Enumerate cldemote instruction (Fenghua Yu) [Orabug: 28938290]
- libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset (Fred Herard) [Orabug: 28946206]
- wil6210: missing length check in wmi_set_ie (Lior David) [Orabug: 28951267] {CVE-2018-5848}
- floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (Andy Whitcroft) [Orabug: 28956546] {CVE-2018-7755} {CVE-2018-7755}

[4.14.35-1818.5.3.el7uek]
- hugetlbfs: use truncate mutex to prevent pmd sharing race (Mike Kravetz) [Orabug: 28896279]
- xfs: enhance dinode verifier (Eric Sandeen) [Orabug: 28943579] {CVE-2018-10322}
- xfs: move inode fork verifiers to xfs_dinode_verify (Darrick J. Wong) [Orabug: 28943579] {CVE-2018-10322}

[4.14.35-1818.5.2.el7uek]
- rds: crash at rds_ib_inc_copy_to_user+104 due to NULL ptr reference (Venkat Venkatsubra) [Orabug: 28748049]
- kdump/vmcore: support encrypted old memory with SME enabled (Lianbo Jiang) [Orabug: 28796835]
- amd_iommu: remap the device table of IOMMU with the memory encryption mask for kdump (Lianbo Jiang) [Orabug: 28796835]
- kexec: allocate unencrypted control pages for kdump in case SME is enabled (Lianbo Jiang) [Orabug: 28796835]
- x86/ioremap: add a function ioremap_encrypted() to remap kdump old memory (Lianbo Jiang) [Orabug: 28796835]
- net/rds: Fix endless RNR situation (Venkat Venkatsubra) [Orabug: 28857013]
- Btrfs: fix xattr loss after power failure (Filipe Manana) [Orabug: 28893942]
- xen/balloon: Support xend-based toolstack (Boris Ostrovsky) [Orabug: 28901032]
- Btrfs: fix file data corruption after cloning a range and fsync (Filipe Manana) [Orabug: 28905635]
- xen-blkfront: fix kernel panic with negotiate_mq error path (Manjunath Patil)
- cdrom: fix improper type cast, which can leat to information leak. (Young_X) [Orabug: 28929755] {CVE-2018-16658} {CVE-2018-10940} {CVE-2018-18710}
- sched/fair: Use a recently used CPU as an idle candidate and the basis for SIS (Mel Gorman) [Orabug: 28940633]
- sched/fair: Move select_task_rq_fair() slow-path into its own function (Brendan Jackman) [Orabug: 28940633]
- certs: Add Oracle's new X509 cert into .builtin_trusted_keys (Eric Snowberg) [Orabug: 28926200]
- net: Allow pernet_operations to be executed in parallel (Kirill Tkhai) [Orabug: 28924205]
- net: Move mutex_unlock() in cleanup_net() up (Kirill Tkhai) [Orabug: 28924205]
- locking/arch, x86: Add __down_read_killable() (Kirill Tkhai) [Orabug: 28924205]
- locking/x86: Use named operands in rwsem.h (Miguel Bernal Marin) [Orabug: 28924205]
- locking/rwsem: Add down_read_killable() (Kirill Tkhai) [Orabug: 28924205]
- net: Introduce net_sem for protection of pernet_list (Kirill Tkhai) [Orabug: 28924205]
- net: Assign net to net_namespace_list in setup_net() (Kirill Tkhai) [Orabug: 28924205]
- net: Cleanup in copy_net_ns() (Kirill Tkhai) [Orabug: 28924205]

[4.14.35-1818.5.1.el7uek]
- Revert "aarch64: remove duplicate dtb in kernel rpm" (Jack Vogel)

[4.14.35-1818.5.0.el7uek]
- oracleasm: Implement support for QUERY HANDLE operation (Martin K. Petersen) [Orabug: 28887237]
- oracleasm: Honor ASM_IFLAG_FORMAT_NOCHECK flag (Martin K. Petersen) [Orabug: 28887237]
- bpf: 32-bit RSH verification must truncate input before the ALU op (Jann Horn) [Orabug: 28861785] {CVE-2018-18445}
- aarch64: remove duplicate dtb in kernel rpm (Eric Saint-Etienne) [Orabug: 28672035]
- scsi: lpfc: Correct MDS diag and nvmet configuration (James Smart) [Orabug: 28432993]
- uek-rpm: Run 'make olddefconfig' to get latest x86 config values (Victor Erminpour) [Orabug: 28845157]
- hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:447! (Mike Kravetz) [Orabug: 28886647]
- ext4: update i_disksize if direct write past ondisk size (Eryu Guan) [Orabug: 28869428]
- ext4: protect i_disksize update by i_data_sem in direct write path (Eryu Guan) [Orabug: 28869428]
- config: disable xfs online scrub in uek5 (Darrick J. Wong) [Orabug: 28890254]
- scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (Alexander Potapenko) [Orabug: 28884433] {CVE-2018-1000204}
- random: fix crng_ready() test (Theodore Ts'o) [Orabug: 28863713] {CVE-2018-1108} {CVE-2018-1108}
- proc: do not access cmdline nor environ from file-backed areas (Willy Tarreau) [Orabug: 28863722] {CVE-2018-1120} {CVE-2018-1120}
- vhost: correctly check the iova range when waking virtqueue (Jason Wang) [Orabug: 28892623] {CVE-2018-1118}
- xfs: don't call xfs_da_shrink_inode with NULL bp (Eric Sandeen) [Orabug: 28893785] {CVE-2018-13094}
- ALSA: rawmidi: Change resized buffers atomically (Takashi Iwai) [Orabug: 28893798] {CVE-2018-10902}
- mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (Andrea Arcangeli) [Orabug: 28899818]

ELSA-2018-4307 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2018-4307

http://linux.oracle.com/errata/ELSA-2018-4307.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.23.2.el6uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.23.2.el6uek.noarch.rpm
kernel-uek-4.1.12-124.23.2.el6uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.23.2.el6uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.23.2.el6uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.23.2.el6uek.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-4.1.12-124.23.2.el6uek.src.rpm



Description of changes:

[4.1.12-124.23.2.el6uek]
- n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) (Linus Torvalds) [Orabug: 28855335] {CVE-2018-18386}
- nfs: Don't take a reference on fl->fl_file for LOCK operation (Benjamin Coddington) [Orabug: 28887442]
- x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations (Samuel Neves) [Orabug: 28933009]
- ALSA: seq: Fix regression by incorrect ioctl_mutex usages (Takashi Iwai) [Orabug: 29005188] {CVE-2018-1000004}
- net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe() (Wei Yongjun) [Orabug: 29012346] {CVE-2018-8043}

ELSA-2018-4307 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2018-4307

http://linux.oracle.com/errata/ELSA-2018-4307.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.23.2.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.23.2.el7uek.noarch.rpm
kernel-uek-4.1.12-124.23.2.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.23.2.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.23.2.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.23.2.el7uek.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.1.12-124.23.2.el7uek.src.rpm



Description of changes:

[4.1.12-124.23.2.el7uek]
- n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) (Linus Torvalds) [Orabug: 28855335] {CVE-2018-18386}
- nfs: Don't take a reference on fl->fl_file for LOCK operation (Benjamin Coddington) [Orabug: 28887442]
- x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations (Samuel Neves) [Orabug: 28933009]
- ALSA: seq: Fix regression by incorrect ioctl_mutex usages (Takashi Iwai) [Orabug: 29005188] {CVE-2018-1000004}
- net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe() (Wei Yongjun) [Orabug: 29012346] {CVE-2018-8043}