ELSA-2019-2703
- ULN >
- Oracle Linux Errata repository >
- ELSA-2019-2703
ELSA-2019-2703 - kernel security and bug fix update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2019-09-12 |
Description
- [4.18.0-80.11.1_0.OL8]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
[4.18.0-80.11.1_0]
- [wireless] mwifiex: Don't abort on small, spec-compliant vendor IEs (Jarod Wilson) [1714475 1728992]
- [wireless] mwifiex: fix 802.11n/WPA detection (Jarod Wilson) [1714475 1714476] {CVE-2019-3846}
[4.18.0-80.10.1_0]
- [x86] x86/entry/64: Use JMP instead of JMPQ (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125}
- [x86] x86/speculation: Enable Spectre v1 swapgs mitigations (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125}
- [x86] x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125}
- [x86] x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125}
- [x86] x86/cpufeatures: Carve out CQM features retrieval (Josh Poimboeuf) [1724500 1724501] {CVE-2019-1125}
[4.18.0-80.9.1_0]
- [netdrv] thunderx: eliminate extra calls to put_page() for pages held for recycling (Dean Nelson) [1726354 1644011]
- [netdrv] thunderx: enable page recycling for non-XDP case (Dean Nelson) [1726354 1644011]
- [arm64] arm64: kaslr: ensure randomized quantities are clean also when kaslr is off (Mark Salter) [1726357 1673068]
- [arm64] arm64: kaslr: ensure randomized quantities are clean to the PoC (Mark Salter) [1726357 1673068]
- [mm] powerpc/mm/64s/hash: Reallocate context ids on fork (Gustavo Duarte) [1734689 1723808] {CVE-2019-12817}
- [powerpc] powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (Steve Best) [1733282 1720929]
- [powerpc] powerpc/pseries/mobility: prevent cpu hotplug during DT update (Steve Best) [1733282 1720929]
- [powerpc] powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (Steve Best) [1733282 1720929]
- [powerpc] powerpc/watchpoint: Restore NV GPRs while returning from exception (Steve Best) [1733281 1728557]
- [hid] HID: i2c-hid: Don't reset device upon system resume (Perry Yuan) [1727098 1715385]
- [netdrv] net/mlx5e: RX, Verify MPWQE stride size is in range (Alaa Hleihel) [1726372 1683589]
- [sound] ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c (Jaroslav Kysela) [1726371 1658924] {CVE-2018-19824}
- [sound] ALSA: hda - Enable runtime PM only for discrete GPU (Jaroslav Kysela) [1726361 1714817]
- [cpufreq] cpufreq: intel_pstate: Ignore turbo active ratio in HWP (David Arcari) [1726360 1711970]
- [infiniband] usnic_verbs: fix deadlock (Govindarajulu Varadarajan) [1726358 1688505]
- [infiniband] IB/usnic: Fix locking when unregistering (Govindarajulu Varadarajan) [1726358 1688505]
- [infiniband] IB/usnic: Fix potential deadlock (Govindarajulu Varadarajan) [1726358 1688505]
- [netdrv] igb: shorten maximum PHC timecounter update interval (Corinna Vinschen) [1726352 1637098]
- [netdrv] igb: shorten maximum PHC timecounter update interval (Corinna Vinschen) [1726352 1637098]
- [x86] x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (Frank Ramsay) [1724534 1677695]
- [security] selinux: overhaul sidtab to fix bug and improve performance (Ondrej Mosnacek) [1717780 1656787]
- [security] selinux: use separate table for initial SID lookup (Ondrej Mosnacek) [1717780 1656787]
- [security] selinux: refactor sidtab conversion (Ondrej Mosnacek) [1717780 1656787]
- [security] selinux: Cleanup printk logging in sidtab (Ondrej Mosnacek) [1717780 1656787]
- [security] selinux: Cleanup printk logging in services (Ondrej Mosnacek) [1717780 1656787]
- [security] selinux: Cleanup printk logging in policydb (Ondrej Mosnacek) [1717780 1656787]
- [crypto] crypto: authenc - fix parsing key with misaligned rta_len (Herbert Xu) [1715335 1707546]
- [mm] mm, page_alloc: fix has_unmovable_pages for HugePages (David Gibson) [1714758 1688114]
- [wireless] mwifiex: Abort at too short BSS descriptor element (Jarod Wilson) [1714475 1714476] {CVE-2019-3846}
- [wireless] mwifiex: Fix possible buffer overflows at parsing bss descriptor (Jarod Wilson) [1714475 1714476] {CVE-2019-3846}
- [nvme] nvme-pci: add missing unlock for reset error (Gopal Tiwari) [1712261 1703201]
- [nvme] nvme-pci: fix rapid add remove sequence (Gopal Tiwari) [1712261 1703201]
- [wireless] brcmfmac: add subtype check for event handling in data path (Stanislaw Gruszka) [1733895 1704684] {CVE-2019-9503}
- [wireless] brcmfmac: assure SSID length from firmware is limited (Stanislaw Gruszka) [1705385 1705386] {CVE-2019-9500}
- [include] fs: fix kABI for struct pipe_buf_operations (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487}
- [fs] fs: prevent page refcount overflow in pipe_buf_get (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487}
- [mm] mm: prevent get_user_pages() from overflowing page refcount (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487}
- [include] mm: add 'try_get_page()' helper function (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487}
- [include] mm: make page ref count overflow check tighter and more explicit (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487}
- [fs] fuse: call pipe_buf_release() under pipe lock (Miklos Szeredi) [1705006 1705007] {CVE-2019-11487}
- [kvm] KVM: x86: nVMX: fix x2APIC VTPR read intercept (Vitaly Kuznetsov) [1697198 1697199]
- [kvm] KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887) (Vitaly Kuznetsov) [1697198 1697199]
[4.18.0-80.8.1_0]
- [documentation] Documentation: Add ARM64 to kernel-parameters.rst (Jeremy Linton) [1726353 1640855]
- [arm64] arm64/speculation: Support 'mitigations=' cmdline option (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: ssbs: Don't treat CPUs with SSBS as unaffected by SSB (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: enable generic CPU vulnerabilites support (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: add sysfs vulnerability show for speculative store bypass (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: Always enable ssb vulnerability detection (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: add sysfs vulnerability show for spectre-v2 (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: Always enable spectre-v2 vulnerability detection (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: Advertise mitigation of Spectre-v2, or lack thereof (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: add sysfs vulnerability show for meltdown (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: Add sysfs vulnerability show for spectre-v1 (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: Provide a command line to disable spectre_v2 mitigation (Jeremy Linton) [1726353 1640855]
- [documentation] powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg (Jeremy Linton) [1726353 1640855]
- [documentation] Documentation: Document arm64 kpti control (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: Add MIDR encoding for HiSilicon Taishan CPUs (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: kpti: Whitelist Cortex-A CPUs that don't implement the CSV3 field (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: capabilities: Merge duplicate Cavium erratum entries (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: Use a raw spinlock in __install_bp_hardening_cb() (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: fix SSBS sanitization (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: don't zero DIT on signal return (Jeremy Linton) [1726353 1640855]
- [kvm] KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3 (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: ssbd: Drop #ifdefs for PR_SPEC_STORE_BYPASS (Jeremy Linton) [1726353 1640855]
- [arm64] arm64: cpufeature: Detect SSBS and advertise to userspace (Jeremy Linton) [1726353 1640855]
(Jeremy Linton) [1726353 1640855]
- Revert: [arm64] arm64/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1726353 1640855] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [kernel] ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (Aristeu Rozanski) [1730958 1730959] {CVE-2019-13272}
Related CVEs
| CVE-2019-3887 |
| CVE-2019-9500 |
| CVE-2018-19824 |
| CVE-2019-11487 |
| CVE-2019-12817 |
| CVE-2019-9503 |
| CVE-2019-3846 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 8 (aarch64) | kernel-4.18.0-80.11.1.el8_0.src.rpm | 589b79f10d48a7c613df9c09d916cfc79fa14200e120717b85c9c40480f6fe9e | - | ol8_aarch64_codeready_builder |
| kernel-tools-libs-devel-4.18.0-80.11.1.el8_0.aarch64.rpm | ff648f0a1dafcd50a4aa2b43f866e2438aeab4b1648ea4e8e6cf40ca72c708e3 | - | ol8_aarch64_codeready_builder | |
| Oracle Linux 8 (x86_64) | kernel-4.18.0-80.11.1.el8_0.src.rpm | 589b79f10d48a7c613df9c09d916cfc79fa14200e120717b85c9c40480f6fe9e | - | ol8_x86_64_baseos_latest |
| kernel-4.18.0-80.11.1.el8_0.src.rpm | 589b79f10d48a7c613df9c09d916cfc79fa14200e120717b85c9c40480f6fe9e | - | ol8_x86_64_codeready_builder | |
| kernel-4.18.0-80.11.1.el8_0.src.rpm | 589b79f10d48a7c613df9c09d916cfc79fa14200e120717b85c9c40480f6fe9e | - | ol8_x86_64_u0_baseos_patch | |
| bpftool-4.18.0-80.11.1.el8_0.x86_64.rpm | 4d0ceb05c3d96da98e7f557d925b7e2e8d4d002439bf0ce2e9962f2a741bdd28 | - | ol8_x86_64_baseos_latest | |
| bpftool-4.18.0-80.11.1.el8_0.x86_64.rpm | 4d0ceb05c3d96da98e7f557d925b7e2e8d4d002439bf0ce2e9962f2a741bdd28 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-4.18.0-80.11.1.el8_0.x86_64.rpm | b7fd5651eb82b558903064f8774973de94c2187604004b08ac4726c38800f412 | - | ol8_x86_64_baseos_latest | |
| kernel-4.18.0-80.11.1.el8_0.x86_64.rpm | b7fd5651eb82b558903064f8774973de94c2187604004b08ac4726c38800f412 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-abi-whitelists-4.18.0-80.11.1.el8_0.noarch.rpm | bdce50c53851de757d140a0b491399dfbb1f7b2c9a32e55cde2f99d35734bbdf | - | ol8_x86_64_baseos_latest | |
| kernel-abi-whitelists-4.18.0-80.11.1.el8_0.noarch.rpm | bdce50c53851de757d140a0b491399dfbb1f7b2c9a32e55cde2f99d35734bbdf | - | ol8_x86_64_u0_baseos_patch | |
| kernel-core-4.18.0-80.11.1.el8_0.x86_64.rpm | d8135462be85e195c406fb7d5504795ffe18aa152b907c3666f3a262218b4dec | - | ol8_x86_64_baseos_latest | |
| kernel-core-4.18.0-80.11.1.el8_0.x86_64.rpm | d8135462be85e195c406fb7d5504795ffe18aa152b907c3666f3a262218b4dec | - | ol8_x86_64_u0_baseos_patch | |
| kernel-cross-headers-4.18.0-80.11.1.el8_0.x86_64.rpm | a8864fbcb89868bdf4773947271467caf7bc3cfc4eccf5dde9619ee7a2eb9129 | - | ol8_x86_64_baseos_latest | |
| kernel-cross-headers-4.18.0-80.11.1.el8_0.x86_64.rpm | a8864fbcb89868bdf4773947271467caf7bc3cfc4eccf5dde9619ee7a2eb9129 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-debug-4.18.0-80.11.1.el8_0.x86_64.rpm | 1f88e81eb4870e5e7c2b037c0407e9f03454c271d54a02e3b48847c30041ce26 | - | ol8_x86_64_baseos_latest | |
| kernel-debug-4.18.0-80.11.1.el8_0.x86_64.rpm | 1f88e81eb4870e5e7c2b037c0407e9f03454c271d54a02e3b48847c30041ce26 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-debug-core-4.18.0-80.11.1.el8_0.x86_64.rpm | b4189dc4e711a242b339de7382209948922a8f1cac7c9ff70e7bee798828d841 | - | ol8_x86_64_baseos_latest | |
| kernel-debug-core-4.18.0-80.11.1.el8_0.x86_64.rpm | b4189dc4e711a242b339de7382209948922a8f1cac7c9ff70e7bee798828d841 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-debug-devel-4.18.0-80.11.1.el8_0.x86_64.rpm | 6a205b0811d47714fec1fb6aee4b78cced73b81a2b153e085c900822956cffd6 | - | ol8_x86_64_baseos_latest | |
| kernel-debug-devel-4.18.0-80.11.1.el8_0.x86_64.rpm | 6a205b0811d47714fec1fb6aee4b78cced73b81a2b153e085c900822956cffd6 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-debug-modules-4.18.0-80.11.1.el8_0.x86_64.rpm | 2af2eccfa174aee44a999209a7b72bed18e7412974be8532ad88ceed6721c2fa | - | ol8_x86_64_baseos_latest | |
| kernel-debug-modules-4.18.0-80.11.1.el8_0.x86_64.rpm | 2af2eccfa174aee44a999209a7b72bed18e7412974be8532ad88ceed6721c2fa | - | ol8_x86_64_u0_baseos_patch | |
| kernel-debug-modules-extra-4.18.0-80.11.1.el8_0.x86_64.rpm | d05bcebf696f25e0b14f074e16c8bb831a886fe1b4770652093b638260d01e94 | - | ol8_x86_64_baseos_latest | |
| kernel-debug-modules-extra-4.18.0-80.11.1.el8_0.x86_64.rpm | d05bcebf696f25e0b14f074e16c8bb831a886fe1b4770652093b638260d01e94 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-devel-4.18.0-80.11.1.el8_0.x86_64.rpm | a63eb7ed58f38912838096a1d5f0bd46ce7c12ae7d1f4644b70b7f87681adbdc | - | ol8_x86_64_baseos_latest | |
| kernel-devel-4.18.0-80.11.1.el8_0.x86_64.rpm | a63eb7ed58f38912838096a1d5f0bd46ce7c12ae7d1f4644b70b7f87681adbdc | - | ol8_x86_64_u0_baseos_patch | |
| kernel-doc-4.18.0-80.11.1.el8_0.noarch.rpm | 39ba16eb032e5b4345e0729d238a7a23f56d558963e61853df668ab000ae864b | - | ol8_x86_64_baseos_latest | |
| kernel-doc-4.18.0-80.11.1.el8_0.noarch.rpm | 39ba16eb032e5b4345e0729d238a7a23f56d558963e61853df668ab000ae864b | - | ol8_x86_64_u0_baseos_patch | |
| kernel-headers-4.18.0-80.11.1.el8_0.x86_64.rpm | 6c4e924847187c18e25df843306dccd289796a70c07aabbeb009c9a8160c7981 | - | ol8_x86_64_baseos_latest | |
| kernel-headers-4.18.0-80.11.1.el8_0.x86_64.rpm | 6c4e924847187c18e25df843306dccd289796a70c07aabbeb009c9a8160c7981 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-modules-4.18.0-80.11.1.el8_0.x86_64.rpm | 2c11c525e540be57ebde8494febffe817a9a382cc4c110b474680700e62ed1c8 | - | ol8_x86_64_baseos_latest | |
| kernel-modules-4.18.0-80.11.1.el8_0.x86_64.rpm | 2c11c525e540be57ebde8494febffe817a9a382cc4c110b474680700e62ed1c8 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-modules-extra-4.18.0-80.11.1.el8_0.x86_64.rpm | a4cb69e013c695c38f2c1cdcec8491dc545fb6e9e38205d53a8457647917c5b4 | - | ol8_x86_64_baseos_latest | |
| kernel-modules-extra-4.18.0-80.11.1.el8_0.x86_64.rpm | a4cb69e013c695c38f2c1cdcec8491dc545fb6e9e38205d53a8457647917c5b4 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-tools-4.18.0-80.11.1.el8_0.x86_64.rpm | b15123c3d1eebc97328194c078c1b7c6f38f39946d81d4a8e96b00ac88e42a58 | - | ol8_x86_64_baseos_latest | |
| kernel-tools-4.18.0-80.11.1.el8_0.x86_64.rpm | b15123c3d1eebc97328194c078c1b7c6f38f39946d81d4a8e96b00ac88e42a58 | - | ol8_x86_64_u0_baseos_patch | |
| kernel-tools-libs-4.18.0-80.11.1.el8_0.x86_64.rpm | 54e9b19399d8f68ee61bcb9943df3a591e3601edc3ffd4019415b70ed490f6ec | - | ol8_x86_64_baseos_latest | |
| kernel-tools-libs-4.18.0-80.11.1.el8_0.x86_64.rpm | 54e9b19399d8f68ee61bcb9943df3a591e3601edc3ffd4019415b70ed490f6ec | - | ol8_x86_64_u0_baseos_patch | |
| kernel-tools-libs-devel-4.18.0-80.11.1.el8_0.x86_64.rpm | c1dd9094a3106298245259663f208d6b4b1f7bfb9cc658286810d898356db19b | - | ol8_x86_64_codeready_builder | |
| perf-4.18.0-80.11.1.el8_0.x86_64.rpm | b32f97d786a778d8a18dcced97db481b7cddce83464209e10a02934abbb31b8f | - | ol8_x86_64_baseos_latest | |
| perf-4.18.0-80.11.1.el8_0.x86_64.rpm | b32f97d786a778d8a18dcced97db481b7cddce83464209e10a02934abbb31b8f | - | ol8_x86_64_u0_baseos_patch | |
| python3-perf-4.18.0-80.11.1.el8_0.x86_64.rpm | abd7814b3145e8edd49e668f1c58e66e5082b1574bcc0fc6ee16a0b73e6a4535 | - | ol8_x86_64_baseos_latest | |
| python3-perf-4.18.0-80.11.1.el8_0.x86_64.rpm | abd7814b3145e8edd49e668f1c58e66e5082b1574bcc0fc6ee16a0b73e6a4535 | - | ol8_x86_64_u0_baseos_patch | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
