ELSA-2018-1319

ELSA-2018-1319 - kernel security and bug fix update

Type:SECURITY
Severity:IMPORTANT
Release Date:2018-05-08

Description


[2.6.32-696.28.1.OL6]
- Update genkey [bug 25599697]

[2.6.32-696.28.1]
- [x86] entry/64: Don't use IST entry for #BP stack (Waiman Long) [1567078 1567079] {CVE-2018-8897}
- [x86] xen: do not use xen_info on HVM, set pv_info name to 'Xen HVM' (Vitaly Kuznetsov) [1569141 1568241]

[2.6.32-696.27.1]
- [mm] account skipped entries to avoid looping in find_get_pages (Dave Wysochanski) [1565989 1559386]
- [x86] pti/32: Don't use trampoline stack on Xen PV (Waiman Long) [1568327 1562725]
- [x86] pti: Use boot_cpu_has(X86_FEATURE_PTI_SUPPORT) for early call sites (Waiman Long) [1568327 1562725]
- [x86] pti: Set X86_FEATURE_PTI_SUPPORT early (Waiman Long) [1568327 1562725]
- [x86] pti: Rename X86_FEATURE_NOPTI to X86_FEATURE_PTI_SUPPORT (Waiman Long) [1568327 1562725]
- [x86] pti/32: Fix setup_trampoline_page_table() bug (Waiman Long) [1568327 1562725]
- [x86] entry: Remove extra argument in call instruction (Waiman Long) [1568332 1562552]
- [x86] syscall: Fix ia32_ptregs handling bug in 64-bit kernel (Waiman Long) [1568332 1562552]
- [x86] efi/64: Align efi_pgd on even page boundary (Waiman Long) [1568535 1558845]
- [x86] pgtable/pae: Revert 'Use separate kernel PMDs for user page-table' (Waiman Long) [1568535 1558845]
- [x86] pgtable/pae: Revert 'Unshare kernel PMDs when PTI is enabled' (Waiman Long) [1568535 1558845]
- [x86] mm: Dump both kernel & user page tables at fault (Waiman Long) [1568535 1558845]
- [x86] entry/32: Fix typo in PARANOID_EXIT_TO_KERNEL_MODE (Waiman Long) [1568535 1558845]

[2.6.32-696.26.1]
- [s390] qeth: check not more than 16 SBALEs on the completion queue (Hendrik Brueckner) [1557477 1520860]
- [x86] pti: Disable kaiser_add_mapping if X86_FEATURE_NOPTI (Waiman Long) [1561441 1557562] {CVE-2017-5754}
- [x86] irq/ioapic: Check for valid irq_cfg pointer in smp_irq_move_cleanup_interrupt (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] kexec/64: Clear control page after PGD init (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] efi/64: Fix potential PTI data corruption problem (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pti/mm: Fix machine check with PTI on old AMD CPUs (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pti/mm: Enable PAGE_GLOBAL if not affected by Meltdown (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] retpoline: Avoid retpolines for built-in __init functions (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] kexec/32: Allocate 8k PGD for PTI (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] spec_ctrl: Patch out lfence on old 32-bit CPUs (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] spec_ctrl/32: Enable IBRS processing on kernel entries & exits (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] spec_ctrl/32: Stuff RSB on kernel entry (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32 (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pti/32: Add a PAE specific version of __pti_set_user_pgd (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] mm/dump_pagetables: Support PAE page table dumping (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pgtable/pae: Use separate kernel PMDs for user page-table (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] mm/pae: Populate valid user PGD entries (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pti: Enable x86-32 for kaiser.c (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pti: Disable PCID handling in x86-32 TLB flushing code (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pgtable: Disable user PGD poisoning for PAE (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pgtable: Move more PTI functions out of pgtable_64.h (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pgtable: Move pgdp kernel/user conversion functions to pgtable.h (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pgtable/32: Allocate 8k page-tables when PTI is enabled (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pgtable/pae: Unshare kernel PMDs when PTI is enabled (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Handle debug exception similar to NMI (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Add PTI cr3 switch to non-NMI entry/exit points (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Add PTI cr3 switches to NMI handler code (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Enable the use of trampoline stack (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Change INT80 to be an interrupt gate (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Handle Entry from Kernel-Mode on Entry-Stack (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Leave the kernel via trampoline stack (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Enter the kernel via trampoline stack (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Restore segments before int registers (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Split off return-to-kernel path (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Unshare NMI return path (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Put ESPFIX code into a macro (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Rename TSS_sysenter_sp0 to TSS_entry_stack (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pti: Add X86_FEATURE_NOPTI to permanently disable PTI (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Simplify and fix up the SYSENTER stack #DB/NMI fixup (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] doublefault: Set the right gs register for doublefault (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] syscall: int80 must not clobber r12-15 (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] syscall: change ia32_syscall() to create the full register frame in ia32_do_call() (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] cve: Make all Meltdown/Spectre percpu variables available to x86-32 (Waiman Long) [1553283 1550599] {CVE-2017-5754}

[2.6.32-696.25.1]
- [net] packet: Allow packets with only a header (but no payload) (Lorenzo Bianconi) [1557896 1535024]
- [net] packet: make packet too small warning match condition (Lorenzo Bianconi) [1557896 1535024]
- [net] packet: bail out of packet_snd() if L2 header creation fails (Lorenzo Bianconi) [1557896 1535024]
- [net] packet: make packet_snd fail on len smaller than l2 header (Lorenzo Bianconi) [1557896 1535024]
- [net] dccp: use-after-free in DCCP code (Stefano Brivio) [1520818 1520817] {CVE-2017-8824}
- [fs] nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [1447640 1447641] {CVE-2017-7645}
- [netdrv] be2net: Fix UE detection logic for BE3 (Ivan Vecera) [1552706 1437991]
- [x86] skip check for spurious faults for non-present faults (Daniel Vacek) [1551471 1495167]
- [x86] mm: Fix boot crash caused by incorrect loop count calculation in sync_global_pgds() (Daniel Vacek) [1551471 1495167]
- [scsi] lpfc: Null pointer dereference when log_verbose is set to 0xffffffff (Dick Kennedy) [1540481 1538340]
- [mm] prevent concurrent unmap_mapping_range() on the same inode (Miklos Szeredi) [1538654 1408108]
- [s390] fix transactional execution control register handling (Hendrik Brueckner) [1538591 1520862]
- [netdrv] bnx2x: prevent crash when accessing PTP with interface down (Michal Schmidt) [1538586 1518669]
- [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic fixup (Jarod Wilson) [1548429 1548432] {CVE-2017-13166}
- [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic (Jarod Wilson) [1548429 1548432] {CVE-2017-13166}
- [net] netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Florian Westphal) [1543089 1543091] {CVE-2017-18017}
- [net] netfilter: xt_TCPMSS: fix handling of malformed TCP header and options (Florian Westphal) [1543089 1543091] {CVE-2017-18017}
- [net] netfilter: xt_TCPMSS: SYN packets are allowed to contain data (Florian Westphal) [1543089 1543091] {CVE-2017-18017}
- [net] bluetooth: Prevent uninitialized data (Gopal Tiwari) [1519627 1519626] {CVE-2017-1000410}

[2.6.32-696.24.1]
- [kernel] sched/core: Rework rq->clock update skips (Lauro Ramos Venancio) [1551475 1212959]
- [kernel] sched: Remove useless code in yield_to() (Lauro Ramos Venancio) [1551475 1212959]
- [kernel] sched: Set skip_clock_update in yield_task_fair() (Lauro Ramos Venancio) [1551475 1212959]
- [kernel] sched, rt: Update rq clock when unthrottling of an otherwise idle CPU (Lauro Ramos Venancio) [1551475 1212959]
- [kernel] lockdep: Fix lock_is_held() on recursion (Lauro Ramos Venancio) [1551475 1212959]
- [net] bonding: discard lowest hash bit for 802.3ad layer3+4 (Hangbin Liu) [1550103 1532167]


Related CVEs


CVE-2017-8824
CVE-2017-1000410
CVE-2017-13166
CVE-2017-18017
CVE-2018-8897
CVE-2017-7645

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 6 (i386) kernel-2.6.32-696.28.1.el6.src.rpmadbf2eb9f608c6efc32c6d9b83399ee2-
kernel-2.6.32-696.28.1.el6.i686.rpm9ad386c5f1e63b4a806a251cf06ab744-
kernel-abi-whitelists-2.6.32-696.28.1.el6.noarch.rpm7ff980abfbb2b19b4f22a8676f78a1b0-
kernel-debug-2.6.32-696.28.1.el6.i686.rpm39a73482da43c7e1e3b1542514b868c6-
kernel-debug-devel-2.6.32-696.28.1.el6.i686.rpmf53e2003cf0ed06f3b0df55d8ba6e792-
kernel-devel-2.6.32-696.28.1.el6.i686.rpmf86352bedbcc8b2d28868bff06dee382-
kernel-doc-2.6.32-696.28.1.el6.noarch.rpm30488c41a06e81cb1069c1d2d4ebb893-
kernel-firmware-2.6.32-696.28.1.el6.noarch.rpm5cfdf4812961a10f7861f725d6582670-
kernel-headers-2.6.32-696.28.1.el6.i686.rpm91498491cf163418be9110322a41f3e1-
perf-2.6.32-696.28.1.el6.i686.rpm6a003f761944759f50e82fe30a10d87e-
python-perf-2.6.32-696.28.1.el6.i686.rpm928dee973f7e8f676607b36ad12562ac-
Oracle Linux 6 (x86_64) kernel-2.6.32-696.28.1.el6.src.rpmadbf2eb9f608c6efc32c6d9b83399ee2-
kernel-2.6.32-696.28.1.el6.x86_64.rpm3b95521cc4f150f1b06a9d825850fe15-
kernel-abi-whitelists-2.6.32-696.28.1.el6.noarch.rpm7ff980abfbb2b19b4f22a8676f78a1b0-
kernel-debug-2.6.32-696.28.1.el6.x86_64.rpme174139258bb62cfc1766a6c5fa71402-
kernel-debug-devel-2.6.32-696.28.1.el6.i686.rpmf53e2003cf0ed06f3b0df55d8ba6e792-
kernel-debug-devel-2.6.32-696.28.1.el6.x86_64.rpm5a27aa69c7176311752e45a326ddaa94-
kernel-devel-2.6.32-696.28.1.el6.x86_64.rpm04f028789e71f4a9d1549c153b5edb28-
kernel-doc-2.6.32-696.28.1.el6.noarch.rpm30488c41a06e81cb1069c1d2d4ebb893-
kernel-firmware-2.6.32-696.28.1.el6.noarch.rpm5cfdf4812961a10f7861f725d6582670-
kernel-headers-2.6.32-696.28.1.el6.x86_64.rpmc2e52a36bf2ce2dcec5251533bd6ecfe-
perf-2.6.32-696.28.1.el6.x86_64.rpm7710f843aaa6a10acf15cef32c8bf85a-
python-perf-2.6.32-696.28.1.el6.x86_64.rpm1a06db3efa06f9442bdb4732791ca572-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete