ELSA-2018-0151

ELSA-2018-0151 - kernel security and bug fix update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2018-01-25

Description

- [3.10.0-693.17.1.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [bug 24817676]

[3.10.0-693.17.1]
- [s390] locking/barriers: remove old gmb() macro definition (Denys Vlasenko) [1519788 1519786]

[3.10.0-693.16.1]
- [x86] smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (Prarit Bhargava) [1533022 1519503]
- [x86] topology: Add topology_max_smt_threads() (Prarit Bhargava) [1533022 1519503]
- [powerpc] spinlock: add gmb memory barrier (Jon Masters) [1519788 1519786] {CVE-2017-5753}
- [powerpc] Prevent Meltdown attack with L1-D$ flush (Jon Masters) [1519800 1519801] {CVE-2017-5754}
- [s390] add ppa to system call and program check path (Jon Masters) [1519795 1519798] {CVE-2017-5715}
- [s390] spinlock: add gmb memory barrier (Jon Masters) [1519788 1519786] {CVE-2017-5753}
- [s390] introduce CPU alternatives (Jon Masters) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: move vmexit rmb in the last branch before IBRS (Andrea Arcangeli) [1533373 1533250]
- [x86] spec_ctrl: satisfy the barrier like semantics of IBRS (Andrea Arcangeli) [1533373 1533250]
- [fs] userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (Andrea Arcangeli) [1533372 1531287]
- [x86] kaiser/efi: unbreak tboot (Andrea Arcangeli) [1519795 1532989 1519798 1531559] {CVE-2017-5715}
- [x86] spec_ctrl: don't call ptrace_has_cap in the IBPB ctx switch optimization (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
- [x86] kaiser/efi: unbreak EFI old_memmap (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
- [x86] cpuidle_idle_call: fix double local_irq_enable() (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
- [x86] entry: Invoke TRACE_IRQS_IRETQ in paranoid_userspace_restore_all (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
- [x86] cpu: fix get_scattered_cpu_leaf sorting part #2 (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
- [x86] spec_ctrl: show added cpuid flags in /proc/cpuinfo after late microcode update (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
- [x86] cpu: fix get_scattered_cpu_leaf for IBPB feature (Paolo Bonzini) [1519795 1519798]

Related CVEs

CVE-2017-12192

CVE-2017-15649

CVE-2017-12193

CVE-2015-8539

CVE-2017-7472

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle Linux 7 (x86_64)	kernel-3.10.0-693.17.1.el7.src.rpm	0466913d50c98676d5a8bbb42c86547f	ELBA-2021-1397-1
	kernel-3.10.0-693.17.1.el7.x86_64.rpm	dc79e0d409d6e2fe50fc6aeeb9cb02f0	ELBA-2021-1397-1
	kernel-abi-whitelists-3.10.0-693.17.1.el7.noarch.rpm	128288615e3cbfc63f10c9cd51418d94	ELBA-2021-1397-1
	kernel-debug-3.10.0-693.17.1.el7.x86_64.rpm	fb4e3f8babf418e7ab0cfd35ef91fd5a	ELBA-2021-1397-1
	kernel-debug-devel-3.10.0-693.17.1.el7.x86_64.rpm	95da34405c919bc9fb1cc766f9797831	ELBA-2021-1397-1
	kernel-devel-3.10.0-693.17.1.el7.x86_64.rpm	2d6b43efd3b8db873f0e35dacad7eb72	ELBA-2021-1397-1
	kernel-doc-3.10.0-693.17.1.el7.noarch.rpm	fe9c6271563ab00a909e43d45e94a57d	ELBA-2021-1397-1
	kernel-headers-3.10.0-693.17.1.el7.x86_64.rpm	b13972f7abf810be7f8d194fc5f25f65	ELBA-2021-1397-1
	kernel-tools-3.10.0-693.17.1.el7.x86_64.rpm	bba02aedeea172714ba1ee8e52ffe6b8	ELBA-2021-1397-1
	kernel-tools-libs-3.10.0-693.17.1.el7.x86_64.rpm	cfb360fa28a086d5392e482f8899daaa	ELBA-2021-1397-1
	kernel-tools-libs-devel-3.10.0-693.17.1.el7.x86_64.rpm	0f3f6bbd8e2704b683495130103699f0	ELBA-2021-1397-1
	perf-3.10.0-693.17.1.el7.x86_64.rpm	f2ecdd0f76d9de7885674278f8dbc333	ELSA-2021-9220
	python-perf-3.10.0-693.17.1.el7.x86_64.rpm	b5f655c8603f542b74469e334ca3675f	ELSA-2021-9220

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team