ELBA-2018-2198

ELBA-2018-2198 - kernel bug fix update

Type:BUG
Severity:NA
Release Date:2018-07-16

Description


[3.10.0-862.9.1.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [bug 24817676]

[3.10.0-862.9.1]
- [iscsi-target] Fix iscsi_np reset hung task during parallel delete (Maurizio Lombardi) [1583593 1579217]

[3.10.0-862.8.1]
- [x86] always enable eager FPU by default on non-AMD processors (Paolo Bonzini) [1589051 1589048] {CVE-2018-3665}
- [net] nf_reset: also clear nfctinfo bits (Florian Westphal) [1588458 1572983]
- [x86] bugs: Switch the selection of mitigation from CPU vendor to CPU features (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] bugs: Add AMD's SPEC_CTRL MSR usage (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] bugs: Add AMD's variant of SSB_NO (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Fix VM guest SSBD problems (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Eliminate TIF_SSBD checks in IBRS on/off functions (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Disable SSBD update from scheduler if not user settable (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Make ssbd_enabled writtable (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Remove thread_info check in __wrmsr_on_cpu() (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Write per-thread SSBD state to spec_ctrl_pcp (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Add a read-only ssbd_enabled debugfs file (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] bugs/intel: Set proper CPU features and setup RDS (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] kvm: vmx: Emulate MSR_IA32_ARCH_CAPABILITIES (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] kvm: svm: Implement VIRT_SPEC_CTRL support for SSBD (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] bugs: Rework spec_ctrl base and mask logic (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Rework SPEC_CTRL update after late microcode loading (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Make sync_all_cpus_ibrs() write spec_ctrl_pcp value (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] bugs: Unify x86_spec_ctrl_{set_guest, restore_host} (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] speculation: Rework speculative_store_bypass_update() (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] speculation: Add virtualized speculative store bypass disable support (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] KVM: Rename KVM SPEC_CTRL MSR functions to match upstream (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] speculation: Handle HT correctly on AMD (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] cpufeatures: Add FEATURE_ZEN (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] cpufeatures: Disentangle SSBD enumeration (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] speculation: Use synthetic bits for IBRS/IBPB/STIBP (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [documentation] spec_ctrl: Do some minor cleanups (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] speculation: Make 'seccomp' the default mode for Speculative Store Bypass (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] seccomp: Move speculation migitation control to arch code (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [kernel] seccomp: Add filter flag to opt-out of SSB mitigation (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [kernel] seccomp: Use PR_SPEC_FORCE_DISABLE (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] prctl: Add force disable speculation (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spectre_v2: No mitigation if CPU not affected and no command override (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] bug: Add X86_BUG_CPU_MELTDOWN and X86_BUG_SPECTRE_V[12] (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] pti: Rename CONFIG_KAISER to CONFIG_PAGE_TABLE_ISOLATION (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Sync up naming of SPEC_CTRL MSR bits with upstream (Waiman Long) [1584323 1584569] {CVE-2018-3639}
- [x86] spec_ctrl: Sync up SSBD changes with upstream (Waiman Long) [1584323 1584569] {CVE-2018-3639}

[3.10.0-862.7.1]
- [linux] fsnotify: Fix fsnotify_mark_connector race (Miklos Szeredi) [1584684 1569921]




Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete