ELSA-2019-1479
- ULN >
- Oracle Linux Errata repository >
- ELSA-2019-1479
ELSA-2019-1479 - kernel security and bug fix update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2019-07-30 |
Description
[4.18.0-80.4.2_0.OL8]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
[4.18.0-80.4.2_0]
- [net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Florian Westphal) [1719922 1719923] {CVE-2019-11479}
- [net] tcp: add tcp_min_snd_mss sysctl (Florian Westphal) [1719922 1719923] {CVE-2019-11479}
- [net] tcp: tcp_fragment() should apply sane memory limits (Florian Westphal) [1719857 1719858] {CVE-2019-11478}
- [net] tcp: limit payload size of sacked skbs (Florian Westphal) [1719602 1719603] {CVE-2019-11477}
[4.18.0-80.4.1_0]
- [netdrv] ice: Do autoneg based on VSI state (Jonathan Toppins) [1709433 1687903]
- [arm64] arm64: apply workaround on A64FX v1r0 (Mark Langsdorf) [1700901 1692306]
- [arm64] arm64/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [s390] s390/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [powerpc] powerpc/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [powerpc] powerpc/64: Disable the speculation barrier from the command line (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add 'mitigations=' support for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [kernel] cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Fix comment (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add mds=full, nosmt cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [documentation] Documentation: Add MDS vulnerability documentation (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [documentation] Documentation: Move L1TF to separate directory (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add sysfs reporting for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add mitigation control for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation: Consolidate CPU whitelists (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/msr-index: Cleanup bit defines (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation: Cast ~SPEC_CTRL_STIBP atomic value to int (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
file (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [tools] tools include: Adopt linux/bits.h (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
[4.18.0-80.3.1_0]
- [mm] mm: enforce min addr even if capable() in expand_downwards() (Rafael Aquini) [1708829 1687667] {CVE-2019-9213}
- [powerpc] powerpc/radix: Fix kernel crash with mremap() (Steve Best) [1708617 1674186]
- [powerpc] powerpc/security: Fix spectre_v2 reporting (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc/powernv: Query firmware for count cache flush settings (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc/pseries: Query hypervisor for count cache flush settings (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc/64s: Add support for software count cache flush (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc/64s: Add new security feature flags for count cache flush (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc/asm: Add a patch_site macro & helpers for patching instructions (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc/64: Call setup_barrier_nospec() from setup_arch() (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (Gustavo Duarte) [1708112 1694456]
- [of] of: __of_detach_node() - remove node from phandle cache (Steve Best) [1708102 1669198]
- [of] of: of_node_get()/of_node_put() nodes held in phandle cache (Steve Best) [1708102 1669198]
- [fs] debugfs: Fix EPERM regression from kernel lockdown check (Lenny Szubowicz) [1708100 1686755]
- [block] nvme: lock NS list changes while handling command effects (David Milburn) [1701140 1672759]
[4.18.0-80.2.1_0]
- [netdrv] qed: Fix qed_mcp_halt|resume() (Manish Chopra) [1704184 1697310]
- [cpufreq] cpufreq: intel_pstate: Also use CPPC nominal_perf for base_frequency (Prarit Bhargava) [1706739 1696131]
- [acpi] ACPI / CPPC: Fix guaranteed performance handling (Prarit Bhargava) [1706739 1696131]
- [arm64] arm64: Add workaround for Fujitsu A64FX erratum 010001 (Mark Langsdorf) [1700902 1666951]
- [s390] vfio_ap: link the vfio_ap devices to the vfio_ap bus subsystem (Cornelia Huck) [1700290 1686044]
- [netdrv] net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames (Alaa Hleihel) [1700289 1651509]
- [netdrv] net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames (Alaa Hleihel) [1700289 1651509]
- [pci] PCI: pciehp: Fix re-enabling the slot marked for safe removal (Myron Stowe) [1700288 1695922]
Related CVEs
| CVE-2019-9213 |
| CVE-2019-11479 |
| CVE-2019-11477 |
| CVE-2019-11478 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 8 (aarch64) | kernel-4.18.0-80.4.2.el8_0.src.rpm | 368ea4076bdd5f0b84f40f58b8736e3c68e19de7d9092c865b0d3908515f210d | - | ol8_aarch64_codeready_builder |
| kernel-tools-libs-devel-4.18.0-80.4.2.el8_0.aarch64.rpm | 7124390e19a20f3f3bdbdd06e6452376f32c30d2ba2ea8755a0808c8ad8da81a | - | ol8_aarch64_codeready_builder | |
| Oracle Linux 8 (x86_64) | kernel-4.18.0-80.4.2.el8_0.src.rpm | 368ea4076bdd5f0b84f40f58b8736e3c68e19de7d9092c865b0d3908515f210d | - | ol8_x86_64_baseos_latest |
| kernel-4.18.0-80.4.2.el8_0.src.rpm | 368ea4076bdd5f0b84f40f58b8736e3c68e19de7d9092c865b0d3908515f210d | - | ol8_x86_64_codeready_builder | |
| kernel-4.18.0-80.4.2.el8_0.src.rpm | 368ea4076bdd5f0b84f40f58b8736e3c68e19de7d9092c865b0d3908515f210d | - | ol8_x86_64_u0_baseos_patch | |
| bpftool-4.18.0-80.4.2.el8_0.x86_64.rpm | 8638eaf26e93efcb2a2551dc15ca6d520088ef443d5f18192a28e65332cc6e76 | - | ol8_x86_64_baseos_latest | |
| bpftool-4.18.0-80.4.2.el8_0.x86_64.rpm | 8638eaf26e93efcb2a2551dc15ca6d520088ef443d5f18192a28e65332cc6e76 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-4.18.0-80.4.2.el8_0.x86_64.rpm | 250220c96d34eb9e864273e7bf9b3da1bc3e65b4042b331b238b4f63bcfd918b | - | ol8_x86_64_baseos_latest | |
| kernel-4.18.0-80.4.2.el8_0.x86_64.rpm | 250220c96d34eb9e864273e7bf9b3da1bc3e65b4042b331b238b4f63bcfd918b | - | ol8_x86_64_u0_baseos_patch | |
| kernel-abi-whitelists-4.18.0-80.4.2.el8_0.noarch.rpm | 5a3987ae985f2c8dc734c3fc7fc8f53fd5c10faa36d29a99ee8ac07cc684de68 | - | ol8_x86_64_baseos_latest | |
| kernel-abi-whitelists-4.18.0-80.4.2.el8_0.noarch.rpm | 5a3987ae985f2c8dc734c3fc7fc8f53fd5c10faa36d29a99ee8ac07cc684de68 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-core-4.18.0-80.4.2.el8_0.x86_64.rpm | 6ba1882447d98a20ccce50c7d82f647c66c21730cfa2c2cc6b9cc444cfe8e907 | - | ol8_x86_64_baseos_latest | |
| kernel-core-4.18.0-80.4.2.el8_0.x86_64.rpm | 6ba1882447d98a20ccce50c7d82f647c66c21730cfa2c2cc6b9cc444cfe8e907 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-cross-headers-4.18.0-80.4.2.el8_0.x86_64.rpm | fbcf67e16e30ae495d0997eb39fa9b1c0c1bbc4ea115cf1846f26e63cb749e08 | - | ol8_x86_64_baseos_latest | |
| kernel-cross-headers-4.18.0-80.4.2.el8_0.x86_64.rpm | fbcf67e16e30ae495d0997eb39fa9b1c0c1bbc4ea115cf1846f26e63cb749e08 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-debug-4.18.0-80.4.2.el8_0.x86_64.rpm | 87e2c933156c85e01c4c0c2bcd1f1f592f567c65f7e9c86748f94d6937c07900 | - | ol8_x86_64_baseos_latest | |
| kernel-debug-4.18.0-80.4.2.el8_0.x86_64.rpm | 87e2c933156c85e01c4c0c2bcd1f1f592f567c65f7e9c86748f94d6937c07900 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-debug-core-4.18.0-80.4.2.el8_0.x86_64.rpm | 9f12d61f81c8618c914a0a91970855c1dfcfbbeaf80b779248dd162de3e97a14 | - | ol8_x86_64_baseos_latest | |
| kernel-debug-core-4.18.0-80.4.2.el8_0.x86_64.rpm | 9f12d61f81c8618c914a0a91970855c1dfcfbbeaf80b779248dd162de3e97a14 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-debug-devel-4.18.0-80.4.2.el8_0.x86_64.rpm | f3a3b3d8b9ec92b7e052200c8046d3a87033eaa1b4e9769e2b43a1264725f465 | - | ol8_x86_64_baseos_latest | |
| kernel-debug-devel-4.18.0-80.4.2.el8_0.x86_64.rpm | f3a3b3d8b9ec92b7e052200c8046d3a87033eaa1b4e9769e2b43a1264725f465 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-debug-modules-4.18.0-80.4.2.el8_0.x86_64.rpm | 834c2e606296c7cfda9f8f8677dc4aa1a8c5e9fdbcc745f3656157a727294299 | - | ol8_x86_64_baseos_latest | |
| kernel-debug-modules-4.18.0-80.4.2.el8_0.x86_64.rpm | 834c2e606296c7cfda9f8f8677dc4aa1a8c5e9fdbcc745f3656157a727294299 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-debug-modules-extra-4.18.0-80.4.2.el8_0.x86_64.rpm | 2cb252511a58b79106625a023abd45c910f32941b9ec9ee6b89aa25e89721ce6 | - | ol8_x86_64_baseos_latest | |
| kernel-debug-modules-extra-4.18.0-80.4.2.el8_0.x86_64.rpm | 2cb252511a58b79106625a023abd45c910f32941b9ec9ee6b89aa25e89721ce6 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-devel-4.18.0-80.4.2.el8_0.x86_64.rpm | 484b1119734f30295a89eb7dd226e10d2e7ecf092d22660e0be7be56e3e36848 | - | ol8_x86_64_baseos_latest | |
| kernel-devel-4.18.0-80.4.2.el8_0.x86_64.rpm | 484b1119734f30295a89eb7dd226e10d2e7ecf092d22660e0be7be56e3e36848 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-doc-4.18.0-80.4.2.el8_0.noarch.rpm | 89f17107f872462872e8cbc2163b0de5f9cf0371845f633bdadc5231d6c71150 | - | ol8_x86_64_baseos_latest | |
| kernel-doc-4.18.0-80.4.2.el8_0.noarch.rpm | 89f17107f872462872e8cbc2163b0de5f9cf0371845f633bdadc5231d6c71150 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-headers-4.18.0-80.4.2.el8_0.x86_64.rpm | 536b58266a90deb29f5d8516a510527a70ea5d48a8bd456064749d4b891a922c | - | ol8_x86_64_baseos_latest | |
| kernel-headers-4.18.0-80.4.2.el8_0.x86_64.rpm | 536b58266a90deb29f5d8516a510527a70ea5d48a8bd456064749d4b891a922c | - | ol8_x86_64_u0_baseos_patch | |
| kernel-modules-4.18.0-80.4.2.el8_0.x86_64.rpm | 0a54629077a584803ecc145cf9b7b4125a332722c4c88892257de3d3c7a9715b | - | ol8_x86_64_baseos_latest | |
| kernel-modules-4.18.0-80.4.2.el8_0.x86_64.rpm | 0a54629077a584803ecc145cf9b7b4125a332722c4c88892257de3d3c7a9715b | - | ol8_x86_64_u0_baseos_patch | |
| kernel-modules-extra-4.18.0-80.4.2.el8_0.x86_64.rpm | 04e8d5299f1a0c8393eb4a2e691f76347ed71e1443d461c77ce1e958677a867a | - | ol8_x86_64_baseos_latest | |
| kernel-modules-extra-4.18.0-80.4.2.el8_0.x86_64.rpm | 04e8d5299f1a0c8393eb4a2e691f76347ed71e1443d461c77ce1e958677a867a | - | ol8_x86_64_u0_baseos_patch | |
| kernel-tools-4.18.0-80.4.2.el8_0.x86_64.rpm | f08680ef862090bb9ddfbfde2fb29f224496a8cf4411e5e4471cafaf05d54feb | - | ol8_x86_64_baseos_latest | |
| kernel-tools-4.18.0-80.4.2.el8_0.x86_64.rpm | f08680ef862090bb9ddfbfde2fb29f224496a8cf4411e5e4471cafaf05d54feb | - | ol8_x86_64_u0_baseos_patch | |
| kernel-tools-libs-4.18.0-80.4.2.el8_0.x86_64.rpm | 09383ec67408c4a6aa99095fdcbe8b0f82284ef2da6c41c69a582c428c9d9f1a | - | ol8_x86_64_baseos_latest | |
| kernel-tools-libs-4.18.0-80.4.2.el8_0.x86_64.rpm | 09383ec67408c4a6aa99095fdcbe8b0f82284ef2da6c41c69a582c428c9d9f1a | - | ol8_x86_64_u0_baseos_patch | |
| kernel-tools-libs-devel-4.18.0-80.4.2.el8_0.x86_64.rpm | 0e907b7f589fbc9d51122ea759591f705db3948c8708cace4176405eb5ea2e12 | - | ol8_x86_64_codeready_builder | |
| perf-4.18.0-80.4.2.el8_0.x86_64.rpm | 778ec2ae946451d8bc71db4ac0b008b26937863b0913ff97074498220e137298 | - | ol8_x86_64_baseos_latest | |
| perf-4.18.0-80.4.2.el8_0.x86_64.rpm | 778ec2ae946451d8bc71db4ac0b008b26937863b0913ff97074498220e137298 | - | ol8_x86_64_u0_baseos_patch | |
| python3-perf-4.18.0-80.4.2.el8_0.x86_64.rpm | 8423c0d7dfdd481cdfe751ab4f643c2a3e9740b3259a9e1dc52416a97018ca5a | - | ol8_x86_64_baseos_latest | |
| python3-perf-4.18.0-80.4.2.el8_0.x86_64.rpm | 8423c0d7dfdd481cdfe751ab4f643c2a3e9740b3259a9e1dc52416a97018ca5a | - | ol8_x86_64_u0_baseos_patch | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
