ELSA-2018-4088

ELSA-2018-4088 - Unbreakable Enterprise kernel security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2018-05-01

Description


[2.6.39-400.298.6]
- perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947612] {CVE-2018-100199}

[2.6.39-400.298.5]
- xen-netfront: fix rx stall when req_prod_pvt goes back to more than zero again (Dongli Zhang) [Orabug: 25053376]
- x86/IBRS: Remove support for IBRS_ENABLED_USER mode (Boris Ostrovsky) [Orabug: 27430615]
- x86/microcode/intel: Disable late loading on model 79 (Borislav Petkov) [Orabug: 27343579]

[2.6.39-400.298.4]
- ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148283] {CVE-2017-16527}
- uwb: properly check kthread_run return value (Andrey Konovalov) [Orabug: 27206900] {CVE-2017-16526}
- HID: usbhid: fix out-of-bounds bug (Jaejoong Kim) [Orabug: 27207935] {CVE-2017-16533}
- cx231xx-cards: fix NULL-deref on missing association descriptor (Johan Hovold) [Orabug: 27208080] {CVE-2017-16536}
- net: cdc_ether: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27215206] {CVE-2017-16649}
- Bluetooth: bnep: bnep_add_connection() should verify that its dealing with l2cap socket (Al Viro) [Orabug: 27344787] {CVE-2017-15868}
- Bluetooth: hidp: verify l2cap sockets (David Herrmann) [Orabug: 27344787] {CVE-2017-15868}
- ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser) [Orabug: 27344840] {CVE-2017-0861} {CVE-2017-0861}
- Addendum: x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516441]
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (David Woodhouse) [Orabug: 27649498] {CVE-2017-5715}
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags (David Woodhouse) [Orabug: 27649510] {CVE-2017-5715}
- x86/spectre: Now that we expose 'stbibp' make sure it is correct. (Konrad Rzeszutek Wilk) [Orabug: 27649631] {CVE-2017-5715}
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (KarimAllah Ahmed) [Orabug: 27649640] {CVE-2017-5715}
- x86: Add STIBP feature enumeration (David Woodhouse) [Orabug: 27649693] {CVE-2017-5715}
- x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27649706] {CVE-2017-5715}
- x86/spectre_v2: Dont spam the console with these: (Konrad Rzeszutek Wilk) [Orabug: 27649723] {CVE-2017-5715}
- x86/spectre_v2: Remove 0xc2 from spectre_bad_microcodes (Darren Kenny) [Orabug: 27600848]
- Revert 'x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation' (Konrad Rzeszutek Wilk) [Orabug: 27601773]
- x86/syscall: run syscall exit code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176]
- x86/syscall: run syscall-specific code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176]
- x86/syscall: run syscall entry code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176]
- x86/spectre: Drop the warning about ibrs being obsolete (Konrad Rzeszutek Wilk) [Orabug: 27518974]
- x86: Include linux/device.h in bugs_64.c (Boris Ostrovsky) [Orabug: 27519044]
- x86: fix mitigation details of UEK2 spectre v1 (Konrad Rzeszutek Wilk) [Orabug: 27509909]
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516441] {CVE-2017-5715}
- x86, intel: Output microcode revision in /proc/cpuinfo (Andi Kleen) [Orabug: 27516441]
- x86: intel-family.h: Add GEMINI_LAKE SOC (Len Brown) [Orabug: 27516441]
- x86/cpu/intel: Introduce macros for Intel family numbers (Dave Hansen) [Orabug: 27516441]
- x86/mitigation/spectre_v2: Add reporting of 'lfence' (Konrad Rzeszutek Wilk) [Orabug: 27525958]
- x86/spec: Add 'lfence_enabled' in sysfs (Konrad Rzeszutek Wilk) [Orabug: 27525954]
- x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation (Konrad Rzeszutek Wilk) [Orabug: 27525923]
- x86/spec: Also print IBRS if IBPB is disabled (Konrad Rzeszutek Wilk) [Orabug: 27519083]
- x86: Use Indirect Branch Prediction Barrier in context switch (Tim Chen) [Orabug: 27516378]


Related CVEs


CVE-2018-100199

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 5 (i386) kernel-uek-2.6.39-400.298.6.el5uek.src.rpmc3edffe4728c5d8302f0cd37f61c73fd-
kernel-uek-2.6.39-400.298.6.el5uek.i686.rpm28871e71776fd6f7e9483f7e0331a839-
kernel-uek-debug-2.6.39-400.298.6.el5uek.i686.rpm8e497d8056ad0a95307df1a76c6ccde2-
kernel-uek-debug-devel-2.6.39-400.298.6.el5uek.i686.rpm2f0145b4b9f18b4368728f590e1d3488-
kernel-uek-devel-2.6.39-400.298.6.el5uek.i686.rpm3289c5672ffabc416935546bdb20665c-
kernel-uek-doc-2.6.39-400.298.6.el5uek.noarch.rpm2de7d2dd676b368966cf2d7e6e820833-
kernel-uek-firmware-2.6.39-400.298.6.el5uek.noarch.rpmc8dec66bf54c8855aadd3924c500e49e-
Oracle Linux 5 (x86_64) kernel-uek-2.6.39-400.298.6.el5uek.src.rpmc3edffe4728c5d8302f0cd37f61c73fd-
kernel-uek-2.6.39-400.298.6.el5uek.x86_64.rpm76d85ebd4e6cf5fd4c7504f7824aa124-
kernel-uek-debug-2.6.39-400.298.6.el5uek.x86_64.rpmbdcfeb6a039a0c0a31a5faf4ab080149-
kernel-uek-debug-devel-2.6.39-400.298.6.el5uek.x86_64.rpm5e725a7be12682f6f3ca60d6fc80a2d6-
kernel-uek-devel-2.6.39-400.298.6.el5uek.x86_64.rpm4f0882a32535192def960a2b8e2b0eac-
kernel-uek-doc-2.6.39-400.298.6.el5uek.noarch.rpm2de7d2dd676b368966cf2d7e6e820833-
kernel-uek-firmware-2.6.39-400.298.6.el5uek.noarch.rpmc8dec66bf54c8855aadd3924c500e49e-
Oracle Linux 6 (i386) kernel-uek-2.6.39-400.298.6.el6uek.src.rpm4c3733793ac988e315d27ad1c359bf56-
kernel-uek-2.6.39-400.298.6.el6uek.i686.rpmf974190365f991a6323952a894aa5e0e-
kernel-uek-debug-2.6.39-400.298.6.el6uek.i686.rpm8b7371cab621f9f0d9745ea37ae06580-
kernel-uek-debug-devel-2.6.39-400.298.6.el6uek.i686.rpmc81ee925dee495a894cf3f3471e2eaac-
kernel-uek-devel-2.6.39-400.298.6.el6uek.i686.rpm5acfde246ac8149dbbbaf3f8fc7f6dca-
kernel-uek-doc-2.6.39-400.298.6.el6uek.noarch.rpm600962fed06429087f1b7eafcd5be5b0-
kernel-uek-firmware-2.6.39-400.298.6.el6uek.noarch.rpm64d9746b0111e7d95288713d9a8ebc45-
Oracle Linux 6 (x86_64) kernel-uek-2.6.39-400.298.6.el6uek.src.rpm4c3733793ac988e315d27ad1c359bf56-
kernel-uek-2.6.39-400.298.6.el6uek.x86_64.rpm0ce0e3b3bd94deb7a72f874c4266fea8-
kernel-uek-debug-2.6.39-400.298.6.el6uek.x86_64.rpm1b242c92f4641bdf02158ddf432fb634-
kernel-uek-debug-devel-2.6.39-400.298.6.el6uek.x86_64.rpme11cb65bb7da355bbce97be7ab2a7fe4-
kernel-uek-devel-2.6.39-400.298.6.el6uek.x86_64.rpmb860a59ea4112fb70d9c7d307aadb236-
kernel-uek-doc-2.6.39-400.298.6.el6uek.noarch.rpm600962fed06429087f1b7eafcd5be5b0-
kernel-uek-firmware-2.6.39-400.298.6.el6uek.noarch.rpm64d9746b0111e7d95288713d9a8ebc45-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete