ELSA-2019-4636

ELSA-2019-4636 - Unbreakable Enterprise kernel security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2019-05-14

Description


kernel-uek
[3.8.13-118.33.2]
- x86/speculation/mds: Make cpu_matches() __cpuinit (Patrick Colp) [Orabug: 29751729] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Only worry about firmware loaded microcode (Patrick Colp) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}

[3.8.13-118.33.1]
- x86/mds: Add empty commit for CVE-2019-11091 (Patrick Colp) [Orabug: 29721936] {CVE-2019-11091}
- x86/speculation/mds: Fix comment (Boris Ostrovsky) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Allow runtime checking of CPU features (Patrick Colp) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Improve coverage for MDS vulnerability (Boris Ostrovsky) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Clear CPU buffers on exit to user (Thomas Gleixner) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation: Consolidate CPU whitelists (Thomas Gleixner) [Orabug: 29641784] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}


Related CVEs


CVE-2018-12126
CVE-2018-12130
CVE-2018-12127
CVE-2019-11091

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 6 (x86_64) dtrace-modules-3.8.13-118.33.2.el6uek-0.4.5-3.el6.src.rpm6b6e1b70b8fd960c3d476e07d02a843e-
kernel-uek-3.8.13-118.33.2.el6uek.src.rpma093b0ba2515dd05176dc2e97abd3e8f-
dtrace-modules-3.8.13-118.33.2.el6uek-0.4.5-3.el6.x86_64.rpm6249228e3ec4156d2b961b85a4ccdef4-
kernel-uek-3.8.13-118.33.2.el6uek.x86_64.rpm005e80e5a0546aa55dc7a1fd2f684eea-
kernel-uek-debug-3.8.13-118.33.2.el6uek.x86_64.rpme5998981d6a574917c4c65daef6531e3-
kernel-uek-debug-devel-3.8.13-118.33.2.el6uek.x86_64.rpmbcac03eb0040c20af088a8a946d80099-
kernel-uek-devel-3.8.13-118.33.2.el6uek.x86_64.rpmd83e941619e15575eee4e9a434a08b27-
kernel-uek-doc-3.8.13-118.33.2.el6uek.noarch.rpm8d556fda405a78bf54c0026678b8c60d-
kernel-uek-firmware-3.8.13-118.33.2.el6uek.noarch.rpm2e9e795dced478deec9b32c83a732394-
Oracle Linux 7 (x86_64) dtrace-modules-3.8.13-118.33.2.el7uek-0.4.5-3.el7.src.rpmb099bacf407c5e1d3e6479367d563dce-
kernel-uek-3.8.13-118.33.2.el7uek.src.rpm45a83d390ed39e691c030d007961d1de-
dtrace-modules-3.8.13-118.33.2.el7uek-0.4.5-3.el7.x86_64.rpm869d36dc656730c559b9a9ce03bb5a5b-
kernel-uek-3.8.13-118.33.2.el7uek.x86_64.rpm968d5d2bbaeef949581badafd37e6e7e-
kernel-uek-debug-3.8.13-118.33.2.el7uek.x86_64.rpm02ab270fa67adf82142f2020ef48cbbf-
kernel-uek-debug-devel-3.8.13-118.33.2.el7uek.x86_64.rpm2f44da0c4f246076bdc7f8b005afdb82-
kernel-uek-devel-3.8.13-118.33.2.el7uek.x86_64.rpm3c1718b352677cd99ca0bb65e9de53e5-
kernel-uek-doc-3.8.13-118.33.2.el7uek.noarch.rpm67fc4eebc15d15cc7142c7f41bceaf5d-
kernel-uek-firmware-3.8.13-118.33.2.el7uek.noarch.rpmc7c5322cab2c3cbed4f52ce7709878ed-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete