ELSA-2019-1167

ULN >
Oracle Linux Errata repository >
ELSA-2019-1167

ELSA-2019-1167 - kernel security and bug fix update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2019-07-30

Description

[4.18.0-80.1.2_0.OL8]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]

[4.18.0-80.1.2_0]
- [arm64] arm64/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [s390] s390/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [powerpc] powerpc/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [powerpc] powerpc/64: Disable the speculation barrier from the command line (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add 'mitigations=' support for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [kernel] cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Fix comment (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add mds=full, nosmt cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [documentation] Documentation: Add MDS vulnerability documentation (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [documentation] Documentation: Move L1TF to separate directory (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add sysfs reporting for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add mitigation control for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation: Consolidate CPU whitelists (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/msr-index: Cleanup bit defines (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation: Cast ~SPEC_CTRL_STIBP atomic value to int (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
file (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [tools] tools include: Adopt linux/bits.h (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}

[4.18.0-80.1.1_0]
- [zstream] switch to zstream (Frantisek Hrbata)

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	kernel-4.18.0-80.1.2.el8_0.src.rpm	6fb0b2b59b29403f832ecdbde82abb259d53c15a494c5e70f05c74504ad59c16	-	ol8_aarch64_codeready_builder
	kernel-tools-libs-devel-4.18.0-80.1.2.el8_0.aarch64.rpm	8fbd4de530f2d0373f32296409e4ca578433491794ffce729a13df802cf85752	-	ol8_aarch64_codeready_builder

Oracle Linux 8 (x86_64)	kernel-4.18.0-80.1.2.el8_0.src.rpm	6fb0b2b59b29403f832ecdbde82abb259d53c15a494c5e70f05c74504ad59c16	-	ol8_x86_64_baseos_latest
	kernel-4.18.0-80.1.2.el8_0.src.rpm	6fb0b2b59b29403f832ecdbde82abb259d53c15a494c5e70f05c74504ad59c16	-	ol8_x86_64_codeready_builder
	kernel-4.18.0-80.1.2.el8_0.src.rpm	6fb0b2b59b29403f832ecdbde82abb259d53c15a494c5e70f05c74504ad59c16	-	ol8_x86_64_u0_baseos_patch
	bpftool-4.18.0-80.1.2.el8_0.x86_64.rpm	9fa55885837d07ac0f237857aac97a4cc010d0f857589c2f37b6a5bb9d2da491	-	ol8_x86_64_baseos_latest
	bpftool-4.18.0-80.1.2.el8_0.x86_64.rpm	9fa55885837d07ac0f237857aac97a4cc010d0f857589c2f37b6a5bb9d2da491	-	ol8_x86_64_u0_baseos_patch
	kernel-4.18.0-80.1.2.el8_0.x86_64.rpm	97f122dbd5d7de7e4da9b7be5cf0ed586db62569ca8825ebf6c5f52db8777543	-	ol8_x86_64_baseos_latest
	kernel-4.18.0-80.1.2.el8_0.x86_64.rpm	97f122dbd5d7de7e4da9b7be5cf0ed586db62569ca8825ebf6c5f52db8777543	-	ol8_x86_64_u0_baseos_patch
	kernel-abi-whitelists-4.18.0-80.1.2.el8_0.noarch.rpm	da314eed358fdfc5f78436896399dfcc00aea356159d62a99e504e26786e2573	-	ol8_x86_64_baseos_latest
	kernel-abi-whitelists-4.18.0-80.1.2.el8_0.noarch.rpm	da314eed358fdfc5f78436896399dfcc00aea356159d62a99e504e26786e2573	-	ol8_x86_64_u0_baseos_patch
	kernel-core-4.18.0-80.1.2.el8_0.x86_64.rpm	a7179e3da8933ef147cc06aa6ae9576b624dac04df7d9446aa3f5b429e9ee469	-	ol8_x86_64_baseos_latest
	kernel-core-4.18.0-80.1.2.el8_0.x86_64.rpm	a7179e3da8933ef147cc06aa6ae9576b624dac04df7d9446aa3f5b429e9ee469	-	ol8_x86_64_u0_baseos_patch
	kernel-cross-headers-4.18.0-80.1.2.el8_0.x86_64.rpm	0301c5c1eacb9f15e0019a1e7ad41b74fd2bfe2089be84ee512a444745cec223	-	ol8_x86_64_baseos_latest
	kernel-cross-headers-4.18.0-80.1.2.el8_0.x86_64.rpm	0301c5c1eacb9f15e0019a1e7ad41b74fd2bfe2089be84ee512a444745cec223	-	ol8_x86_64_u0_baseos_patch
	kernel-debug-4.18.0-80.1.2.el8_0.x86_64.rpm	4d7f74a7933f240f3d0cdd6d761c67a534cb322918d0d1d0c935e1ddada0fd80	-	ol8_x86_64_baseos_latest
	kernel-debug-4.18.0-80.1.2.el8_0.x86_64.rpm	4d7f74a7933f240f3d0cdd6d761c67a534cb322918d0d1d0c935e1ddada0fd80	-	ol8_x86_64_u0_baseos_patch
	kernel-debug-core-4.18.0-80.1.2.el8_0.x86_64.rpm	361eb8cc6c481d727373dce5751dfea2a89cbe8e6d2086fd4e32c2c17e0b4fb4	-	ol8_x86_64_baseos_latest
	kernel-debug-core-4.18.0-80.1.2.el8_0.x86_64.rpm	361eb8cc6c481d727373dce5751dfea2a89cbe8e6d2086fd4e32c2c17e0b4fb4	-	ol8_x86_64_u0_baseos_patch
	kernel-debug-devel-4.18.0-80.1.2.el8_0.x86_64.rpm	a3c4b9d521e1dbb391d245eabcd08b6e2c8755292127cd8dcdfa5e2dee68d8b2	-	ol8_x86_64_baseos_latest
	kernel-debug-devel-4.18.0-80.1.2.el8_0.x86_64.rpm	a3c4b9d521e1dbb391d245eabcd08b6e2c8755292127cd8dcdfa5e2dee68d8b2	-	ol8_x86_64_u0_baseos_patch
	kernel-debug-modules-4.18.0-80.1.2.el8_0.x86_64.rpm	715e29aa6b6fb5ec460d4954fb916e0111e520911409d37d364483b67778f11a	-	ol8_x86_64_baseos_latest
	kernel-debug-modules-4.18.0-80.1.2.el8_0.x86_64.rpm	715e29aa6b6fb5ec460d4954fb916e0111e520911409d37d364483b67778f11a	-	ol8_x86_64_u0_baseos_patch
	kernel-debug-modules-extra-4.18.0-80.1.2.el8_0.x86_64.rpm	3d810039e54dc41efb08ceef106b5d202bf9a55223beef1c6c4ccb6e0030a105	-	ol8_x86_64_baseos_latest
	kernel-debug-modules-extra-4.18.0-80.1.2.el8_0.x86_64.rpm	3d810039e54dc41efb08ceef106b5d202bf9a55223beef1c6c4ccb6e0030a105	-	ol8_x86_64_u0_baseos_patch
	kernel-devel-4.18.0-80.1.2.el8_0.x86_64.rpm	cce09b0e1d0868577fb813904d875ce28c8145d31486c3c4bca9035d84258f6c	-	ol8_x86_64_baseos_latest
	kernel-devel-4.18.0-80.1.2.el8_0.x86_64.rpm	cce09b0e1d0868577fb813904d875ce28c8145d31486c3c4bca9035d84258f6c	-	ol8_x86_64_u0_baseos_patch
	kernel-doc-4.18.0-80.1.2.el8_0.noarch.rpm	e80a768270f7912d3f11349f88af4d4f676652de290097987c81210b06d8ae6d	-	ol8_x86_64_baseos_latest
	kernel-doc-4.18.0-80.1.2.el8_0.noarch.rpm	e80a768270f7912d3f11349f88af4d4f676652de290097987c81210b06d8ae6d	-	ol8_x86_64_u0_baseos_patch
	kernel-headers-4.18.0-80.1.2.el8_0.x86_64.rpm	c308fc01f83694d7db91770047e8ae025eef9e5c7438e2a539ef954f8cd195b1	-	ol8_x86_64_baseos_latest
	kernel-headers-4.18.0-80.1.2.el8_0.x86_64.rpm	c308fc01f83694d7db91770047e8ae025eef9e5c7438e2a539ef954f8cd195b1	-	ol8_x86_64_u0_baseos_patch
	kernel-modules-4.18.0-80.1.2.el8_0.x86_64.rpm	80385f8826dbadf255c9314438bb26025bc9b25d67bc444841762eb97be79d41	-	ol8_x86_64_baseos_latest
	kernel-modules-4.18.0-80.1.2.el8_0.x86_64.rpm	80385f8826dbadf255c9314438bb26025bc9b25d67bc444841762eb97be79d41	-	ol8_x86_64_u0_baseos_patch
	kernel-modules-extra-4.18.0-80.1.2.el8_0.x86_64.rpm	cf178be26772b6fd540a049628b93ce8f9e5d9763fd1ea362a1a81b2b3c4b048	-	ol8_x86_64_baseos_latest
	kernel-modules-extra-4.18.0-80.1.2.el8_0.x86_64.rpm	cf178be26772b6fd540a049628b93ce8f9e5d9763fd1ea362a1a81b2b3c4b048	-	ol8_x86_64_u0_baseos_patch
	kernel-tools-4.18.0-80.1.2.el8_0.x86_64.rpm	b8c82ab6413471aed89e03e4da667b45004c4f134241028a803df3c55fabe95c	-	ol8_x86_64_baseos_latest
	kernel-tools-4.18.0-80.1.2.el8_0.x86_64.rpm	b8c82ab6413471aed89e03e4da667b45004c4f134241028a803df3c55fabe95c	-	ol8_x86_64_u0_baseos_patch
	kernel-tools-libs-4.18.0-80.1.2.el8_0.x86_64.rpm	02d140b24c0250f6eba491712092778adea62a0efbbf1cd6f9026272b71e870d	-	ol8_x86_64_baseos_latest
	kernel-tools-libs-4.18.0-80.1.2.el8_0.x86_64.rpm	02d140b24c0250f6eba491712092778adea62a0efbbf1cd6f9026272b71e870d	-	ol8_x86_64_u0_baseos_patch
	kernel-tools-libs-devel-4.18.0-80.1.2.el8_0.x86_64.rpm	d55197fed56b385d1d865f179ff94170ff2bd5b3d56dffeec888bfd20f998a1b	-	ol8_x86_64_codeready_builder
	perf-4.18.0-80.1.2.el8_0.x86_64.rpm	12ce02d6ab99f6bf6ad7a7f70054e14a21771d25e46847f5068c94c6f25ba4da	-	ol8_x86_64_baseos_latest
	perf-4.18.0-80.1.2.el8_0.x86_64.rpm	12ce02d6ab99f6bf6ad7a7f70054e14a21771d25e46847f5068c94c6f25ba4da	-	ol8_x86_64_u0_baseos_patch
	python3-perf-4.18.0-80.1.2.el8_0.x86_64.rpm	3da299083e95b68e83a1f0cf6795e25f260e6c2775cea66e151e649e00ac7794	-	ol8_x86_64_baseos_latest
	python3-perf-4.18.0-80.1.2.el8_0.x86_64.rpm	3da299083e95b68e83a1f0cf6795e25f260e6c2775cea66e151e649e00ac7794	-	ol8_x86_64_u0_baseos_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691