ELSA-2019-4702

ELSA-2019-4702 - kernel security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2019-08-04

Description


kernel
- 2.6.18-419.0.0.0.13
- x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Call VERW on NMI path when returning to user (Patrick Colp) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Fix verw usage to use memory operand (Patrick Colp) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Make cpu_matches() __cpuinit (Patrick Colp) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Improve coverage for MDS vulnerability (Boris Ostrovsky) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Clear CPU buffers on exit to user (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation: Consolidate CPU whitelists (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}

- 2.6.18-419.0.0.0.12
- [x86] mm/dump_pagetables: Add a check_l1tf debugfs file (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] cpu: Make flush_l1d visible in /proc/cpuinfo (Chris von Recklinghausen) [1593378]
- [x86] cpufeatures: Add detection of L1D cache flush support. (Chris von Recklinghausen) [1593378]
- [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Extend 64bit swap file size limit (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] bugs: Move the l1tf function and define pr_fmt properly (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Limit swap file size to MAX_PA/2 (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Add sysfs reporting for l1tf (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Protect PROT_NONE PTEs against speculation (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Protect swap entries against L1TF (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Change order of offset/type in swap entry (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] cpu: Fix incorrect vulnerabilities files function prototypes (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] bugs: Export the internal __cpu_bugs variable (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] intel-family.h: Add GEMINI_LAKE SOC (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] mm: Fix swap entry comment and macro (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] mm: Move swap offset/type up in PTE to work around erratum (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] cpufeatures: Resolve X86_FEATURE_SMEP definition conflict (Radomir Vrbovsky) [1570474]
- [x86] fix kexec load warnings with PTI enabled (Rafael Aquini) [1576191]
- [x86] ia32entry: make target ia32_ret_from_sys_call the common exit point to long-mode (Rafael Aquini) [1570474] {CVE-2009-2910}
- [x86] spec_ctrl: only perform RSB stuffing on SMEP capable CPUs (Rafael Aquini) [1570474] {CVE-2009-2910}
- [net] tcp: fix 0 divide in __tcp_select_window (Davide Caratti) [1488343] {CVE-2017-14106}
- [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide Caratti) [1488343] {CVE-2017-14106}
- [x86] adjust / fix LDT handling for PTI (Rafael Aquini) [1584622]
- [x86] Fix up /proc/cpuinfo entries (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [kernel] spec_ctrl: work around broken microcode (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] Only expose PR_{GET, SET}_SPECULATION_CTRL if CONFIG_SPEC_CTRL is defined (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] misc changes to fix i386 builds (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] amd: Disable AMD SSBD mitigation in a VM (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs: Rename _RDS to _SSBD (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] speculation: Add prctl for Speculative Store Bypass mitigation (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] process: Allow runtime control of Speculative Store Bypass (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] 64: add skeletonized version of __switch_to_xtra (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [kernel] prctl: Add speculation control prctls (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs/AMD: Add support to disable RDS on Fam[15, 16, 17]h if requested (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] spec_ctrl: Sync up RDS setting with IBRS code (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs: Expose the /sys/../spec_store_bypass and X86_BUG_SPEC_STORE_BYPASS (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] include: add latest intel-family.h from RHEL6 (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpuid: Fix up IBRS/IBPB/STIBP feature bits on Intel (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpufeatures: Clean up Spectre v2 related CPUID flags (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpufeatures: Add AMD feature bits for Speculation Control (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpufeatures: Add Intel feature bits for Speculation (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpu: Add driver auto probing for x86 features (Chris von Recklinghausen) [1566896] {CVE-2018-3639}

- 2.6.18-419.0.0.0.11
- x86_64/entry: Don't use IST entry for #BP stack [orabug 28452062] {CVE-2018-8897}

- 2.6.18-419.0.0.0.10
- Backport CVE-2017-5715 to RHCK/OL5 [orabug 27787723]

- 2.6.18-419.0.0.0.9
- rebuild with retpoline compiler

- 2.6.18-419.0.0.0.8
- Backport CVEs to RHCK/OL5 [orabug 27547712] {CVE-2017-5753} {CVE-2017-5754}

- 2.6.18-419.0.0.0.5
- [fs] fix kernel panic on boot on ia64 guests (Honglei Wang) [orabug 26934100]

- 2.6.18-419.0.0.0.4
- [fs] fix bug in loading of PIE binaries (Michael Davidson) [orabug 26916951] {CVE-2017-1000253}

- 2.6.18-419.0.0.0.3
- nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [orabug 26586706] {CVE-2017-7895}


Related CVEs


CVE-2018-12126
CVE-2018-12130
CVE-2018-12127
CVE-2019-11091

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 5 (i386) kernel-2.6.18-419.0.0.0.13.el5.src.rpm62c1b93dc6dcbc2444ebdc08c374fb3bELSA-2019-4732
ocfs2-2.6.18-419.0.0.0.13.el5-1.4.11-1.el5.src.rpm6c6039ed236c678cf4c76f00c54c6c88-
oracleasm-2.6.18-419.0.0.0.13.el5-2.0.5-2.el5.src.rpmcb92f67eca48ce170bf5de6dc7c41dea-
kernel-2.6.18-419.0.0.0.13.el5.i686.rpm1f153303cbc05a1c059c124c601a4199ELSA-2019-4732
kernel-PAE-2.6.18-419.0.0.0.13.el5.i686.rpm8621a54110dcff5f4783a0ca5b59120aELSA-2019-4732
kernel-PAE-devel-2.6.18-419.0.0.0.13.el5.i686.rpm3549191791431d5ed7c0ccb23f8964beELSA-2019-4732
kernel-debug-2.6.18-419.0.0.0.13.el5.i686.rpm90484e9cb361b0dbc3489893c0b72518ELSA-2019-4732
kernel-debug-devel-2.6.18-419.0.0.0.13.el5.i686.rpmc49c1835d8445a22edd924cba52d17bcELSA-2019-4732
kernel-devel-2.6.18-419.0.0.0.13.el5.i686.rpm474173179e8dab7c28bc313ccf905054ELSA-2019-4732
kernel-doc-2.6.18-419.0.0.0.13.el5.noarch.rpmd3c1564b9c6c495a557e2fa2b4107fa2ELSA-2019-4732
kernel-headers-2.6.18-419.0.0.0.13.el5.i386.rpm9fbb5aacfd31072d43891e6ff3336be9ELSA-2019-4732
kernel-xen-2.6.18-419.0.0.0.13.el5.i686.rpm9af45830cd6e36690d9c91a68b3a1d39ELSA-2019-4732
kernel-xen-devel-2.6.18-419.0.0.0.13.el5.i686.rpmb5048badd33994c064e7a4fa4b10fb23ELSA-2019-4732
ocfs2-2.6.18-419.0.0.0.13.el5-1.4.11-1.el5.i686.rpm9a4c30a9993d62d41f4580b42ad50929-
ocfs2-2.6.18-419.0.0.0.13.el5PAE-1.4.11-1.el5.i686.rpm1533cc6d833cd0c91528a7254da19e08-
ocfs2-2.6.18-419.0.0.0.13.el5debug-1.4.11-1.el5.i686.rpm04ac9291ea2a99d4297cc65d2143dbf7-
ocfs2-2.6.18-419.0.0.0.13.el5xen-1.4.11-1.el5.i686.rpm11cf1c01cf275ee4b20326bf9acdb6bf-
oracleasm-2.6.18-419.0.0.0.13.el5-2.0.5-2.el5.i686.rpm66f806922241bd308e61f9b5df836fcd-
oracleasm-2.6.18-419.0.0.0.13.el5PAE-2.0.5-2.el5.i686.rpmb2ca9ce33a01ecf996c052dcff28e778-
oracleasm-2.6.18-419.0.0.0.13.el5debug-2.0.5-2.el5.i686.rpm2fc283fddeb0c3d60d97d2e291ba6aeb-
oracleasm-2.6.18-419.0.0.0.13.el5xen-2.0.5-2.el5.i686.rpme9571c901cd8ed70aec4ab416f760869-
Oracle Linux 5 (ia64) kernel-2.6.18-419.0.0.0.13.el5.src.rpm62c1b93dc6dcbc2444ebdc08c374fb3bELSA-2019-4732
ocfs2-2.6.18-419.0.0.0.13.el5-1.4.11-1.el5.src.rpm6c6039ed236c678cf4c76f00c54c6c88-
oracleasm-2.6.18-419.0.0.0.13.el5-2.0.5-2.el5.src.rpmcb92f67eca48ce170bf5de6dc7c41dea-
kernel-2.6.18-419.0.0.0.13.el5.ia64.rpm6fb72a61db50acd10c112c5b0a659f49ELSA-2019-4732
kernel-debug-2.6.18-419.0.0.0.13.el5.ia64.rpm0aec977d645169286d9c3a9ae6efb7a9ELSA-2019-4732
kernel-debug-devel-2.6.18-419.0.0.0.13.el5.ia64.rpm32ad653029c1ff8ec58d42e17344cd65ELSA-2019-4732
kernel-devel-2.6.18-419.0.0.0.13.el5.ia64.rpm18fcbb641a00a181b74a9e94ba348f49ELSA-2019-4732
kernel-doc-2.6.18-419.0.0.0.13.el5.noarch.rpmd3c1564b9c6c495a557e2fa2b4107fa2ELSA-2019-4732
kernel-headers-2.6.18-419.0.0.0.13.el5.ia64.rpm2f57bcfa785e076ef039806029693c39ELSA-2019-4732
kernel-xen-2.6.18-419.0.0.0.13.el5.ia64.rpme093d1643fa8d175c4438c780d46c94aELSA-2019-4732
kernel-xen-devel-2.6.18-419.0.0.0.13.el5.ia64.rpmd88ab814cb923ea5bb447d4e3fec5926ELSA-2019-4732
ocfs2-2.6.18-419.0.0.0.13.el5-1.4.11-1.el5.ia64.rpm02aa6c16368e15363c2e027849a49a96-
ocfs2-2.6.18-419.0.0.0.13.el5debug-1.4.11-1.el5.ia64.rpmaca5bc704bdecbe8ef3f4b24d2be8aba-
ocfs2-2.6.18-419.0.0.0.13.el5xen-1.4.11-1.el5.ia64.rpm3140df7cd2551755ebaf0684deef98d3-
oracleasm-2.6.18-419.0.0.0.13.el5-2.0.5-2.el5.ia64.rpm7d1698145836625907d5f994caa1ddd9-
oracleasm-2.6.18-419.0.0.0.13.el5debug-2.0.5-2.el5.ia64.rpm6cbf4ee99f68e9298abb04f59a11f399-
oracleasm-2.6.18-419.0.0.0.13.el5xen-2.0.5-2.el5.ia64.rpm28a47c26fd1ee366a0144c0bb475a693-
Oracle Linux 5 (x86_64) kernel-2.6.18-419.0.0.0.13.el5.src.rpm62c1b93dc6dcbc2444ebdc08c374fb3bELSA-2019-4732
ocfs2-2.6.18-419.0.0.0.13.el5-1.4.11-1.el5.src.rpm6c6039ed236c678cf4c76f00c54c6c88-
oracleasm-2.6.18-419.0.0.0.13.el5-2.0.5-2.el5.src.rpmcb92f67eca48ce170bf5de6dc7c41dea-
kernel-2.6.18-419.0.0.0.13.el5.x86_64.rpm9b0782d593f42dedf2ad50b7caa06005ELSA-2019-4732
kernel-debug-2.6.18-419.0.0.0.13.el5.x86_64.rpmec9715d0725017441e410029c2972696ELSA-2019-4732
kernel-debug-devel-2.6.18-419.0.0.0.13.el5.x86_64.rpm7ad493da63ca853fa4de0774d81e8f19ELSA-2019-4732
kernel-devel-2.6.18-419.0.0.0.13.el5.x86_64.rpm32c664ea6b448f6ab92bf06404bfb474ELSA-2019-4732
kernel-doc-2.6.18-419.0.0.0.13.el5.noarch.rpmd3c1564b9c6c495a557e2fa2b4107fa2ELSA-2019-4732
kernel-headers-2.6.18-419.0.0.0.13.el5.x86_64.rpm011223bffa9f06b7e802e45ccf07499fELSA-2019-4732
kernel-xen-2.6.18-419.0.0.0.13.el5.x86_64.rpmd830bb72718420b5fab3979d7a2e1a77ELSA-2019-4732
kernel-xen-devel-2.6.18-419.0.0.0.13.el5.x86_64.rpm2a91d0267c3038b38c3515f509bd4eccELSA-2019-4732
ocfs2-2.6.18-419.0.0.0.13.el5-1.4.11-1.el5.x86_64.rpmfdab914573f482e6e5ec6668014f288a-
ocfs2-2.6.18-419.0.0.0.13.el5debug-1.4.11-1.el5.x86_64.rpmd6ee98d0193061e3b5198f5f755dd03c-
ocfs2-2.6.18-419.0.0.0.13.el5xen-1.4.11-1.el5.x86_64.rpm1ef6aacf2a3793f2b1efc3bda28134e8-
oracleasm-2.6.18-419.0.0.0.13.el5-2.0.5-2.el5.x86_64.rpm8e5ba5988999b10faa55a2ab20c8c7b0-
oracleasm-2.6.18-419.0.0.0.13.el5debug-2.0.5-2.el5.x86_64.rpm04642e79e46987b845bfecd684ecf7da-
oracleasm-2.6.18-419.0.0.0.13.el5xen-2.0.5-2.el5.x86_64.rpm48f44c0cb809124613e65902b3eb96f1-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete