ELSA-2018-4235

ELSA-2018-4235 - kernel security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2018-10-01

Description


kernel
[2.6.18-419.0.0.0.12]
- [x86] mm/dump_pagetables: Add a check_l1tf debugfs file (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] cpu: Make flush_l1d visible in /proc/cpuinfo (Chris von Recklinghausen) [1593378]
- [x86] cpufeatures: Add detection of L1D cache flush support. (Chris von Recklinghausen) [1593378]
- [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Extend 64bit swap file size limit (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] bugs: Move the l1tf function and define pr_fmt properly (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Limit swap file size to MAX_PA/2 (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Add sysfs reporting for l1tf (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Protect PROT_NONE PTEs against speculation (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Protect swap entries against L1TF (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Change order of offset/type in swap entry (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] cpu: Fix incorrect vulnerabilities files function prototypes (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] bugs: Export the internal __cpu_bugs variable (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] intel-family.h: Add GEMINI_LAKE SOC (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] mm: Fix swap entry comment and macro (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] mm: Move swap offset/type up in PTE to work around erratum (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] cpufeatures: Resolve X86_FEATURE_SMEP definition conflict (Radomir Vrbovsky) [1570474]
- [x86] fix kexec load warnings with PTI enabled (Rafael Aquini) [1576191]
- [x86] ia32entry: make target ia32_ret_from_sys_call the common exit point to long-mode (Rafael Aquini) [1570474] {CVE-2009-2910}
- [x86] spec_ctrl: only perform RSB stuffing on SMEP capable CPUs (Rafael Aquini) [1570474] {CVE-2009-2910}
- [net] tcp: fix 0 divide in __tcp_select_window (Davide Caratti) [1488343] {CVE-2017-14106}
- [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide Caratti) [1488343] {CVE-2017-14106}
- [x86] adjust / fix LDT handling for PTI (Rafael Aquini) [1584622]
- [x86] Fix up /proc/cpuinfo entries (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [kernel] spec_ctrl: work around broken microcode (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] Only expose PR_{GET, SET}_SPECULATION_CTRL if CONFIG_SPEC_CTRL is defined (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] misc changes to fix i386 builds (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] amd: Disable AMD SSBD mitigation in a VM (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs: Rename _RDS to _SSBD (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] speculation: Add prctl for Speculative Store Bypass mitigation (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] process: Allow runtime control of Speculative Store Bypass (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] 64: add skeletonized version of __switch_to_xtra (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [kernel] prctl: Add speculation control prctls (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs/AMD: Add support to disable RDS on Fam[15, 16, 17]h if requested (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] spec_ctrl: Sync up RDS setting with IBRS code (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs: Expose the /sys/../spec_store_bypass and X86_BUG_SPEC_STORE_BYPASS (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] include: add latest intel-family.h from RHEL6 (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpuid: Fix up IBRS/IBPB/STIBP feature bits on Intel (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpufeatures: Clean up Spectre v2 related CPUID flags (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpufeatures: Add AMD feature bits for Speculation Control (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpufeatures: Add Intel feature bits for Speculation (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpu: Add driver auto probing for x86 features (Chris von Recklinghausen) [1566896] {CVE-2018-3639}


Related CVEs


CVE-2009-2910
CVE-2018-3639
CVE-2018-3620
CVE-2017-14106

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 5 (i386) kernel-2.6.18-419.0.0.0.12.el5.src.rpm52a2093c0fd36fefef7f64f6d3fa0f3a-
ocfs2-2.6.18-419.0.0.0.12.el5-1.4.11-1.el5.src.rpmbc6048398f28118bb8efac6d9c72fa65-
oracleasm-2.6.18-419.0.0.0.12.el5-2.0.5-2.el5.src.rpm1e7e3a73f4107ffda5bfea80f01db1e1-
kernel-2.6.18-419.0.0.0.12.el5.i686.rpmdc66e3b20082c77188d50dce3bd3c692-
kernel-PAE-2.6.18-419.0.0.0.12.el5.i686.rpm1b6faa09cf986c1142861cc7f91da3f2-
kernel-PAE-devel-2.6.18-419.0.0.0.12.el5.i686.rpm77e9680fffed000f240679df7d9b3ca0-
kernel-debug-2.6.18-419.0.0.0.12.el5.i686.rpm685fc40363b02d48cf9b559a6fe58150-
kernel-debug-devel-2.6.18-419.0.0.0.12.el5.i686.rpm2971b8db3bbb9bbc2c171252985043a0-
kernel-devel-2.6.18-419.0.0.0.12.el5.i686.rpmbe44253ff8f7769f27e1f8a67390dbca-
kernel-doc-2.6.18-419.0.0.0.12.el5.noarch.rpm3adf2a18f3356dfdb39037e42a39d889-
kernel-headers-2.6.18-419.0.0.0.12.el5.i386.rpmd232c268468139d9dbd9d416f646ddb8-
kernel-xen-2.6.18-419.0.0.0.12.el5.i686.rpm48c61b059e33f015c853f79ee3d9dfa3-
kernel-xen-devel-2.6.18-419.0.0.0.12.el5.i686.rpme5fefb6768702f117ca9e5ec33048d0d-
ocfs2-2.6.18-419.0.0.0.12.el5-1.4.11-1.el5.i686.rpm29dc2d99f17743cb0664103a3217332e-
ocfs2-2.6.18-419.0.0.0.12.el5PAE-1.4.11-1.el5.i686.rpm46bb29cc6674fdee8c62907671bbd119-
ocfs2-2.6.18-419.0.0.0.12.el5debug-1.4.11-1.el5.i686.rpmc9c4eb5e887b1ee2cc695c5117ccc11e-
ocfs2-2.6.18-419.0.0.0.12.el5xen-1.4.11-1.el5.i686.rpmbeae7956fc31a94be00e350c43f13700-
oracleasm-2.6.18-419.0.0.0.12.el5-2.0.5-2.el5.i686.rpm39bb0d5d2bd3b99a6916c64fa45f311f-
oracleasm-2.6.18-419.0.0.0.12.el5PAE-2.0.5-2.el5.i686.rpmb19bf003aa26de76b071038be86c7cd0-
oracleasm-2.6.18-419.0.0.0.12.el5debug-2.0.5-2.el5.i686.rpm3a0a681133709201431cac4f8c3c2d24-
oracleasm-2.6.18-419.0.0.0.12.el5xen-2.0.5-2.el5.i686.rpmfa110202deac75ba7988e596b2517d78-
Oracle Linux 5 (ia64) kernel-2.6.18-419.0.0.0.12.el5.src.rpm52a2093c0fd36fefef7f64f6d3fa0f3a-
ocfs2-2.6.18-419.0.0.0.12.el5-1.4.11-1.el5.src.rpmbc6048398f28118bb8efac6d9c72fa65-
oracleasm-2.6.18-419.0.0.0.12.el5-2.0.5-2.el5.src.rpm1e7e3a73f4107ffda5bfea80f01db1e1-
kernel-2.6.18-419.0.0.0.12.el5.ia64.rpm6fa9d1fdc5bc4cd3d96459cf84ac70dd-
kernel-debug-2.6.18-419.0.0.0.12.el5.ia64.rpmf337d11b497f4847f95961498bd1e25d-
kernel-debug-devel-2.6.18-419.0.0.0.12.el5.ia64.rpmc49e9778dc254968439e7759902dcb23-
kernel-devel-2.6.18-419.0.0.0.12.el5.ia64.rpm7c157b3125b0f23c2fd4011ed74f313d-
kernel-doc-2.6.18-419.0.0.0.12.el5.noarch.rpm3adf2a18f3356dfdb39037e42a39d889-
kernel-headers-2.6.18-419.0.0.0.12.el5.ia64.rpm4ff36290a0db9913c8a23ec9d31ee959-
kernel-xen-2.6.18-419.0.0.0.12.el5.ia64.rpm28377da574b5bde6bc94bb0043c8fced-
kernel-xen-devel-2.6.18-419.0.0.0.12.el5.ia64.rpm053f8bb395591fd92bbeeb22abd76984-
ocfs2-2.6.18-419.0.0.0.12.el5-1.4.11-1.el5.ia64.rpm78f0ab4880c8b178c5ec8f3173488d06-
ocfs2-2.6.18-419.0.0.0.12.el5debug-1.4.11-1.el5.ia64.rpm584be07f653e58e12c035ea798d702b9-
ocfs2-2.6.18-419.0.0.0.12.el5xen-1.4.11-1.el5.ia64.rpme1556d79f6be8f8c27bdc42dde2d632c-
Oracle Linux 5 (x86_64) kernel-2.6.18-419.0.0.0.12.el5.src.rpm52a2093c0fd36fefef7f64f6d3fa0f3a-
ocfs2-2.6.18-419.0.0.0.12.el5-1.4.11-1.el5.src.rpmbc6048398f28118bb8efac6d9c72fa65-
oracleasm-2.6.18-419.0.0.0.12.el5-2.0.5-2.el5.src.rpm1e7e3a73f4107ffda5bfea80f01db1e1-
kernel-2.6.18-419.0.0.0.12.el5.x86_64.rpm6bf8d020bc0d6d5e78c65cffd790a77c-
kernel-debug-2.6.18-419.0.0.0.12.el5.x86_64.rpm096a9599f13e5b17a57108b0bd4907ac-
kernel-debug-devel-2.6.18-419.0.0.0.12.el5.x86_64.rpm94b04bdbf880f90941b82efc84419b9b-
kernel-devel-2.6.18-419.0.0.0.12.el5.x86_64.rpm748437818c328c2ebf3625887aae8c06-
kernel-doc-2.6.18-419.0.0.0.12.el5.noarch.rpm3adf2a18f3356dfdb39037e42a39d889-
kernel-headers-2.6.18-419.0.0.0.12.el5.x86_64.rpm95bdeb47a3e2c0342d2724945537dd0d-
kernel-xen-2.6.18-419.0.0.0.12.el5.x86_64.rpm93d74df13a3c4eb4692a5225188dadf2-
kernel-xen-devel-2.6.18-419.0.0.0.12.el5.x86_64.rpmae098feea30f03c19463e16f4fc767b6-
ocfs2-2.6.18-419.0.0.0.12.el5-1.4.11-1.el5.x86_64.rpm2b1b31f26098d02adf5110983cf3dfba-
ocfs2-2.6.18-419.0.0.0.12.el5debug-1.4.11-1.el5.x86_64.rpmef3676f973a8a85f5d7b56d96773f639-
ocfs2-2.6.18-419.0.0.0.12.el5xen-1.4.11-1.el5.x86_64.rpm1b28d11314e1f572918e4137f9efc95c-
oracleasm-2.6.18-419.0.0.0.12.el5-2.0.5-2.el5.x86_64.rpm211c1743558d122765ae9e3eeb28ac21-
oracleasm-2.6.18-419.0.0.0.12.el5debug-2.0.5-2.el5.x86_64.rpm477384fd7660bc2eb9958ced19a9d8da-
oracleasm-2.6.18-419.0.0.0.12.el5xen-2.0.5-2.el5.x86_64.rpme01fede3d9afaac32c863e9c4e2a43e1-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete