ELSA-2019-4570
- ULN >
- Oracle Linux Errata repository >
- ELSA-2019-4570
ELSA-2019-4570 - Unbreakable Enterprise kernel security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2019-03-12 |
Description
[4.14.35-1844.3.2]
- uek-rpm: Remove hardcoded 'kernel_git_commit' macro from specfile (Victor Erminpour) [Orabug: 29357695]
- mm: cleancache: fix corruption on missed inode invalidation (Pavel Tikhomirov) [Orabug: 29364665] {CVE-2018-16862}
- l2tp: fix reading optional fields of L2TPv3 (Jacob Wen) [Orabug: 29368046]
[4.14.35-1844.3.1]
- x86/speculation: Add support for STIBP always-on preferred mode (Thomas Lendacky) [Orabug: 29344486]
- x86/speculation: Provide IBPB always command line options (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Add seccomp Spectre v2 user space protection mode (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Enable prctl mode for spectre_v2_user (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Add prctl() control for indirect branch speculation (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Prepare arch_smt_update() for PRCTL mode (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Prevent stale SPEC_CTRL msr content (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Split out TIF update (Thomas Gleixner) [Orabug: 29344486]
- ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Remove static key ibpb_enabled_key (Anjali Kulkarni) [Orabug: 29344486]
- x86/speculation: Prepare for conditional IBPB in switch_mm() (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Avoid __switch_to_xtra() calls (Thomas Gleixner) [Orabug: 29344486]
- x86/process: Consolidate and simplify switch_to_xtra() code (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Prepare for per task indirect branch speculation control (Tim Chen) [Orabug: 29344486]
- x86/speculation: Add command line control for indirect branch speculation (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Unify conditional spectre v2 print functions (Thomas Gleixner) [Orabug: 29344486]
- x86/speculataion: Mark command line parser data __initdata (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Mark string arrays const correctly (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Reorder the spec_v2 code (Thomas Gleixner) [Orabug: 29344486]
- x86/l1tf: Show actual SMT state (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Rework SMT state change (Thomas Gleixner) [Orabug: 29344486]
- sched/smt: Expose sched_smt_present static key (Thomas Gleixner) [Orabug: 29344486]
- x86/Kconfig: Select SCHED_SMT if SMP enabled (Thomas Gleixner) [Orabug: 29344486]
- sched/smt: Make sched_smt_present track topology (Peter Zijlstra (Intel)) [Orabug: 29344486]
- x86/speculation: Reorganize speculation control MSRs update (Tim Chen) [Orabug: 29344486]
- x86/speculation: Rename SSBD update functions (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Disable STIBP when enhanced IBRS is in use (Tim Chen) [Orabug: 29344486]
- x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (Tim Chen) [Orabug: 29344486]
- x86/speculation: Remove unnecessary ret variable in cpu_show_common() (Tim Chen) [Orabug: 29344486]
- x86/speculation: Clean up spectre_v2_parse_cmdline() (Tim Chen) [Orabug: 29344486]
- x86/speculation: Update the TIF_SSBD comment (Tim Chen) [Orabug: 29344486]
- sched/core: Fix cpu.max vs. cpuhotplug deadlock (Peter Zijlstra) [Orabug: 29344486]
- x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (Jiri Kosina) [Orabug: 29344486]
- x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (Jiri Kosina) [Orabug: 29344486]
- netfilter: nf_tables: deactivate expressions in rule replecement routine (Taehee Yoo) [Orabug: 29355502]
- btrfs: Verify that every chunk has corresponding block group at mount time (Qu Wenruo) [Orabug: 29355254] {CVE-2018-14612}
- mlx4_ib: Distribute completion vectors when zero is supplied (Hakon Bugge) [Orabug: 29324328]
- x86/speculation: Clean up retpoline code in bugs.c (Alejandro Jimenez) [Orabug: 29211613]
- x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (WANG Chao) [Orabug: 29211613]
- x86/build: Fix compiler support check for CONFIG_RETPOLINE (Masahiro Yamada) [Orabug: 29211613]
- x86/retpoline: Remove minimal retpoline support (Zhenzhong Duan) [Orabug: 29211613]
- uek-rpm: Enable device-mapper era driver (Dave Aldridge) [Orabug: 29283140]
- uek-rpm: use multi-threaded xz compression for rpms (Alexander Burmashev) [Orabug: 29322860]
- uek-rpm: optimize find-requires usage (Alexander Burmashev) [Orabug: 29322860]
- find-debuginfo.sh: backport parallel files procession (Alexander Burmashev) [Orabug: 29322860]
[4.14.35-1844.3.0]
- xfs: refactor short form directory structure verifier function (Darrick J. Wong) [Orabug: 29301204]
- xfs: provide a centralized method for verifying inline fork data (Darrick J. Wong) [Orabug: 29301204]
- xfs: create structure verifier function for short form symlinks (Darrick J. Wong) [Orabug: 29301204]
- xfs: create structure verifier function for shortform xattrs (Darrick J. Wong) [Orabug: 29301204]
- btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (Qu Wenruo) [Orabug: 29301101] {CVE-2018-14609}
- iommu/amd: Fix IOMMU page flush when detach device from a domain (Suravee Suthikulpanit) [Orabug: 29297191]
- x86/apic: Switch all APICs to Fixed delivery mode (Thomas Gleixner) [Orabug: 29262403]
- kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (Eduardo Habkost) [Orabug: 29229728]
- bnx2x: disable GSO where gso_size is too big for hardware (Daniel Axtens) [Orabug: 29125104] {CVE-2018-1000026}
- net: create skb_gso_validate_mac_len() (Daniel Axtens) [Orabug: 29125104] {CVE-2018-1000026}
- slub: make ->cpu_partial unsigned (Alexey Dobriyan) [Orabug: 28973025]
Related CVEs
| CVE-2018-14609 |
| CVE-2018-1000026 |
| CVE-2018-14612 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 7 (aarch64) | kernel-uek-4.14.35-1844.3.2.el7uek.src.rpm | 82b92d404bd81739d7de6fcf90427ab83a387ce74407e1e68bff4b49064d0b84 | ELSA-2025-20190 | ol7_aarch64_latest |
| kernel-uek-4.14.35-1844.3.2.el7uek.aarch64.rpm | 9d97338e612b3b6a88ec5ed0963b4ca66b2212bc7be89854f61a462a5e9f0ab9 | ELSA-2025-20190 | ol7_aarch64_latest | |
| kernel-uek-debug-4.14.35-1844.3.2.el7uek.aarch64.rpm | 296462186e90329b7cc20f92f92bd57aef2219cef21ed609c87b739a6f0d509c | ELSA-2025-20190 | ol7_aarch64_latest | |
| kernel-uek-debug-devel-4.14.35-1844.3.2.el7uek.aarch64.rpm | 0ffaee701dbaa79722e20f9f78ade0943233eace48e177fed423b57b56e8494d | ELSA-2025-20190 | ol7_aarch64_latest | |
| kernel-uek-devel-4.14.35-1844.3.2.el7uek.aarch64.rpm | 3f05309cfead7b7f88c7e63dd4c51c7fab146de843d2f675b53fb4f145281b39 | ELSA-2025-20190 | ol7_aarch64_latest | |
| kernel-uek-headers-4.14.35-1844.3.2.el7uek.aarch64.rpm | d00d1b9e55329d5eb82bbaf23e6f41fe3015c0cf27e79399ffc30a7a1918eb85 | ELBA-2025-20014 | ol7_aarch64_latest | |
| kernel-uek-tools-4.14.35-1844.3.2.el7uek.aarch64.rpm | 97dbbdfe80229a1b5005a9fc75658ab95041b7b29fcc4ab8b4cfa5e53986c4c9 | ELSA-2025-20190 | ol7_aarch64_latest | |
| kernel-uek-tools-libs-4.14.35-1844.3.2.el7uek.aarch64.rpm | f140345e072107f48cec4ed61f104f0e7981defbaa7ad50778799a2f819719ae | ELSA-2025-20019 | ol7_aarch64_latest | |
| kernel-uek-tools-libs-devel-4.14.35-1844.3.2.el7uek.aarch64.rpm | 9a0bdb83870aed431f97c2134cb9dec92fddb73e995d2e8addd49b08dc3d1c1c | ELBA-2025-20014 | ol7_aarch64_latest | |
| perf-4.14.35-1844.3.2.el7uek.aarch64.rpm | e7ca0146e7fb5290929e750289ef306292569bd88bf33c7d2937e4d46c2206b3 | ELSA-2025-20019 | ol7_aarch64_latest | |
| python-perf-4.14.35-1844.3.2.el7uek.aarch64.rpm | e9d8fdba53fa519fd5b5085142e5c71541c654ecb20f01693609dfcfbb6f1fd7 | ELSA-2025-20019 | ol7_aarch64_latest | |
| Oracle Linux 7 (x86_64) | kernel-uek-4.14.35-1844.3.2.el7uek.src.rpm | 82b92d404bd81739d7de6fcf90427ab83a387ce74407e1e68bff4b49064d0b84 | ELSA-2025-20190 | ol7_x86_64_UEKR5_archive |
| kernel-uek-4.14.35-1844.3.2.el7uek.x86_64.rpm | cb9ab0df2501505ba9f8f0abcf38badef4437ea26ec0ace5a634178bb8248bd7 | ELSA-2025-20190 | ol7_x86_64_UEKR5_archive | |
| kernel-uek-debug-4.14.35-1844.3.2.el7uek.x86_64.rpm | 3064c99dba195ab353a342b0a5ff5961432a959a3d3de7b087695d66a60c7dfc | ELSA-2025-20190 | ol7_x86_64_UEKR5_archive | |
| kernel-uek-debug-devel-4.14.35-1844.3.2.el7uek.x86_64.rpm | dd57bc33ade37f9d288aea2df599958b7bde3102262982a058e788a41f632286 | ELSA-2025-20190 | ol7_x86_64_UEKR5_archive | |
| kernel-uek-devel-4.14.35-1844.3.2.el7uek.x86_64.rpm | dc40b7ce40dfa8cedd52a790145d77ae2a7d42d4b570f348ee31431f47134bf8 | ELSA-2025-20190 | ol7_x86_64_UEKR5_archive | |
| kernel-uek-doc-4.14.35-1844.3.2.el7uek.noarch.rpm | 00add5bb7c26d3587a8c341335f394c9d19d245d2fb66c023049856427cbd9b6 | ELSA-2025-20190 | ol7_x86_64_UEKR5_archive | |
| kernel-uek-tools-4.14.35-1844.3.2.el7uek.x86_64.rpm | 77bbad2609b6948242409497f67021013c500dbd5b777fd274f22b50d71ac0bf | ELSA-2025-20190 | ol7_x86_64_UEKR5_archive | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
