ELSA-2018-1629

ELSA-2018-1629 - kernel security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2018-05-22

Description

[3.10.0-862.3.2.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [bug 24817676]

[3.10.0-862.3.2]
- [x86] spec_ctrl: Fix late microcode problem with AMD (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] entry: Add missing '$' in IBRS macros (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] spec_ctrl: Clean up entry code & remove unused APIs (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] spec_ctrl: Mask off SPEC_CTRL MSR bits that are managed by kernel (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [fs] proc: Use CamelCase for SSBD (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] bugs: Rename _RDS to _SSBD (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [kernel] seccomp: Enable speculation flaw mitigations (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [fs] proc: Provide details on speculation flaw mitigations (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] nospec: Allow getting/setting on non-current task (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] speculation: Add prctl for Speculative Store Bypass mitigation (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] process: Allow runtime control of Speculative Store Bypass (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [uapi] prctl: Add speculation control prctls (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] kvm/vmx: Expose SPEC_CTRL Bit(2) to the guest (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] bugs/amd: Add support to disable RDS on Fam[15, 16, 17]h if requested (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] spec_ctrl: Sync up RDS setting with IBRS code (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] bugs: Expose /sys/../spec_store_bypass (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] bugs: Read SPEC_CTRL MSR during boot and re-use (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit (Waiman Long) [1566904 1566905] {CVE-2018-3639}
- [x86] cpufeatures: Make CPU bugs sticky (Waiman Long) [1566904 1566905] {CVE-2018-3639}

[3.10.0-862.3.1]
- [x86] kpti/kexec: fix wrong page address in clear_page (Dave Young) [1573173 1571162]
- [x86] kvm: fix icebp instruction handling (Paolo Bonzini) [1566849 1566845] {CVE-2018-1087}
- [x86] entry/64: Don't use IST entry for #BP stack (Paolo Bonzini) [1567084 1567083] {CVE-2018-8897}
- [kernel] perf/hwbp: Simplify the perf-hwbp code, fix documentation (Eugene Syromiatnikov) [1569878 1569874] {CVE-2018-1000199}

Related CVEs

CVE-2018-3639

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 7 (x86_64)	kernel-3.10.0-862.3.2.el7.src.rpm	0985bed9baed1b337c508400072b899d427cc833852413ee4e21c0aeb0b3c171	ELSA-2025-1281	ol7_x86_64_latest_archive
	kernel-3.10.0-862.3.2.el7.src.rpm	0985bed9baed1b337c508400072b899d427cc833852413ee4e21c0aeb0b3c171	ELSA-2025-1281	ol7_x86_64_optional_archive
	kernel-3.10.0-862.3.2.el7.src.rpm	0985bed9baed1b337c508400072b899d427cc833852413ee4e21c0aeb0b3c171	ELSA-2025-1281	ol7_x86_64_u5_patch
	kernel-3.10.0-862.3.2.el7.x86_64.rpm	10944646fc90075ccd0ce133bacffbd5ddbd4f1f3eb241abae6d5c2cfa064502	ELSA-2025-1281	ol7_x86_64_latest_archive
	kernel-3.10.0-862.3.2.el7.x86_64.rpm	10944646fc90075ccd0ce133bacffbd5ddbd4f1f3eb241abae6d5c2cfa064502	ELSA-2025-1281	ol7_x86_64_u5_patch
	kernel-abi-whitelists-3.10.0-862.3.2.el7.noarch.rpm	764cd52ee2af22b21f0492968da06c1ea0d0a7fe663508e9621377a83b0b915a	ELSA-2025-1281	ol7_x86_64_latest_archive
	kernel-abi-whitelists-3.10.0-862.3.2.el7.noarch.rpm	764cd52ee2af22b21f0492968da06c1ea0d0a7fe663508e9621377a83b0b915a	ELSA-2025-1281	ol7_x86_64_u5_patch
	kernel-debug-3.10.0-862.3.2.el7.x86_64.rpm	33ad1b70238299aec48554e92104498791c0d16739882181e256ef7b4e97db40	ELSA-2025-1281	ol7_x86_64_latest_archive
	kernel-debug-3.10.0-862.3.2.el7.x86_64.rpm	33ad1b70238299aec48554e92104498791c0d16739882181e256ef7b4e97db40	ELSA-2025-1281	ol7_x86_64_u5_patch
	kernel-debug-devel-3.10.0-862.3.2.el7.x86_64.rpm	713f0bc7bb567caca29907f6252de499888fb8a9fd3a6fa8dbf699d4a797fd58	ELSA-2025-1281	ol7_x86_64_latest_archive
	kernel-debug-devel-3.10.0-862.3.2.el7.x86_64.rpm	713f0bc7bb567caca29907f6252de499888fb8a9fd3a6fa8dbf699d4a797fd58	ELSA-2025-1281	ol7_x86_64_u5_patch
	kernel-devel-3.10.0-862.3.2.el7.x86_64.rpm	6a4c23183176c89b28b39dc27fa7d93c9c3a315d39f6c19e07cb7387802414b8	ELSA-2025-1281	ol7_x86_64_latest_archive
	kernel-devel-3.10.0-862.3.2.el7.x86_64.rpm	6a4c23183176c89b28b39dc27fa7d93c9c3a315d39f6c19e07cb7387802414b8	ELSA-2025-1281	ol7_x86_64_u5_patch
	kernel-doc-3.10.0-862.3.2.el7.noarch.rpm	8ec337000a0cf608c500ab4f39b3f87a99140cbe74d118424c042039222326da	ELSA-2025-1281	ol7_x86_64_latest_archive
	kernel-doc-3.10.0-862.3.2.el7.noarch.rpm	8ec337000a0cf608c500ab4f39b3f87a99140cbe74d118424c042039222326da	ELSA-2025-1281	ol7_x86_64_u5_patch
	kernel-headers-3.10.0-862.3.2.el7.x86_64.rpm	c9e00282930279137e1722b448b07fc970c5e325af8689bf06b7d7ca929cc4f1	ELSA-2025-1281	ol7_x86_64_latest_archive
	kernel-headers-3.10.0-862.3.2.el7.x86_64.rpm	c9e00282930279137e1722b448b07fc970c5e325af8689bf06b7d7ca929cc4f1	ELSA-2025-1281	ol7_x86_64_u5_patch
	kernel-tools-3.10.0-862.3.2.el7.x86_64.rpm	498ca05ffb107ddac0d9a36c04848ebc0a3dc7415e7992582e2194e933083032	ELSA-2025-1281	ol7_x86_64_latest_archive
	kernel-tools-3.10.0-862.3.2.el7.x86_64.rpm	498ca05ffb107ddac0d9a36c04848ebc0a3dc7415e7992582e2194e933083032	ELSA-2025-1281	ol7_x86_64_u5_patch
	kernel-tools-libs-3.10.0-862.3.2.el7.x86_64.rpm	7877dfa8108b8ca62bbf377e42def650cac97d861fecd5ba11927d6e345d8186	ELSA-2025-1281	ol7_x86_64_latest_archive
	kernel-tools-libs-3.10.0-862.3.2.el7.x86_64.rpm	7877dfa8108b8ca62bbf377e42def650cac97d861fecd5ba11927d6e345d8186	ELSA-2025-1281	ol7_x86_64_u5_patch
	kernel-tools-libs-devel-3.10.0-862.3.2.el7.x86_64.rpm	418b3147e962f2b39bdea383f9626c4eb888254a3e32899a9bb1823565ef890a	ELSA-2025-1281	ol7_x86_64_optional_archive
	perf-3.10.0-862.3.2.el7.x86_64.rpm	331d1b7f1c29198fd25e07a155892202d23df2685e38fac9678c60997ee70c3a	ELSA-2025-20019	ol7_x86_64_latest_archive
	perf-3.10.0-862.3.2.el7.x86_64.rpm	331d1b7f1c29198fd25e07a155892202d23df2685e38fac9678c60997ee70c3a	ELSA-2025-20019	ol7_x86_64_u5_patch
	python-perf-3.10.0-862.3.2.el7.x86_64.rpm	9710ff763e8a1f1514850a793df17e1c79da6dcbc6ea4b822db0adb343e3da77	ELSA-2025-20019	ol7_x86_64_latest_archive
	python-perf-3.10.0-862.3.2.el7.x86_64.rpm	9710ff763e8a1f1514850a793df17e1c79da6dcbc6ea4b822db0adb343e3da77	ELSA-2025-20019	ol7_x86_64_u5_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team