ELSA-2019-4732
- ULN >
- Oracle Linux Errata repository >
- ELSA-2019-4732
ELSA-2019-4732 - kernel security update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2019-08-04 |
Description
kernel
- 2.6.18-419.0.0.0.14
- x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Call VERW on NMI path when returning to user (Patrick Colp) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Fix verw usage to use memory operand (Patrick Colp) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Make cpu_matches() __cpuinit (Patrick Colp) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Improve coverage for MDS vulnerability (Boris Ostrovsky) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Clear CPU buffers on exit to user (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- x86/speculation/mds: Consolidate CPU whitelists (Thomas Gleixner) [orabug 29821515] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2019-11091}
- 2.6.18-419.0.0.0.12
- [x86] mm/dump_pagetables: Add a check_l1tf debugfs file (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] cpu: Make flush_l1d visible in /proc/cpuinfo (Chris von Recklinghausen) [1593378]
- [x86] cpufeatures: Add detection of L1D cache flush support. (Chris von Recklinghausen) [1593378]
- [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Extend 64bit swap file size limit (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] bugs: Move the l1tf function and define pr_fmt properly (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Limit swap file size to MAX_PA/2 (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Add sysfs reporting for l1tf (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Protect PROT_NONE PTEs against speculation (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Protect swap entries against L1TF (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Change order of offset/type in swap entry (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] cpu: Fix incorrect vulnerabilities files function prototypes (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] bugs: Export the internal __cpu_bugs variable (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] intel-family.h: Add GEMINI_LAKE SOC (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] mm: Fix swap entry comment and macro (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] mm: Move swap offset/type up in PTE to work around erratum (Chris von Recklinghausen) [1593378] {CVE-2018-3620}
- [x86] cpufeatures: Resolve X86_FEATURE_SMEP definition conflict (Radomir Vrbovsky) [1570474]
- [x86] fix kexec load warnings with PTI enabled (Rafael Aquini) [1576191]
- [x86] ia32entry: make target ia32_ret_from_sys_call the common exit point to long-mode (Rafael Aquini) [1570474] {CVE-2009-2910}
- [x86] spec_ctrl: only perform RSB stuffing on SMEP capable CPUs (Rafael Aquini) [1570474] {CVE-2009-2910}
- [net] tcp: fix 0 divide in __tcp_select_window (Davide Caratti) [1488343] {CVE-2017-14106}
- [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide Caratti) [1488343] {CVE-2017-14106}
- [x86] adjust / fix LDT handling for PTI (Rafael Aquini) [1584622]
- [x86] Fix up /proc/cpuinfo entries (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [kernel] spec_ctrl: work around broken microcode (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] Only expose PR_{GET, SET}_SPECULATION_CTRL if CONFIG_SPEC_CTRL is defined (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] misc changes to fix i386 builds (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] amd: Disable AMD SSBD mitigation in a VM (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs: Rename _RDS to _SSBD (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] speculation: Add prctl for Speculative Store Bypass mitigation (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] process: Allow runtime control of Speculative Store Bypass (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] 64: add skeletonized version of __switch_to_xtra (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [kernel] prctl: Add speculation control prctls (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs/AMD: Add support to disable RDS on Fam[15, 16, 17]h if requested (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] spec_ctrl: Sync up RDS setting with IBRS code (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs: Expose the /sys/../spec_store_bypass and X86_BUG_SPEC_STORE_BYPASS (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] include: add latest intel-family.h from RHEL6 (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpuid: Fix up IBRS/IBPB/STIBP feature bits on Intel (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpufeatures: Clean up Spectre v2 related CPUID flags (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpufeatures: Add AMD feature bits for Speculation Control (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpufeatures: Add Intel feature bits for Speculation (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- [x86] cpu: Add driver auto probing for x86 features (Chris von Recklinghausen) [1566896] {CVE-2018-3639}
- 2.6.18-419.0.0.0.11
- x86_64/entry: Don't use IST entry for #BP stack [orabug 28452062] {CVE-2018-8897}
- 2.6.18-419.0.0.0.10
- Backport CVE-2017-5715 to RHCK/OL5 [orabug 27787723]
- 2.6.18-419.0.0.0.9
- rebuild with retpoline compiler
- 2.6.18-419.0.0.0.8
- Backport CVEs to RHCK/OL5 [orabug 27547712] {CVE-2017-5753} {CVE-2017-5754}
- 2.6.18-419.0.0.0.5
- [fs] fix kernel panic on boot on ia64 guests (Honglei Wang) [orabug 26934100]
- 2.6.18-419.0.0.0.4
- [fs] fix bug in loading of PIE binaries (Michael Davidson) [orabug 26916951] {CVE-2017-1000253}
- 2.6.18-419.0.0.0.3
- nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [orabug 26586706] {CVE-2017-7895}
Related CVEs
| CVE-2018-12126 |
| CVE-2018-12130 |
| CVE-2018-12127 |
| CVE-2019-11091 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 5 (i386) | kernel-2.6.18-419.0.0.0.14.el5.src.rpm | 4586c5003d76b01a75fecce82fc74064 | - |
| ocfs2-2.6.18-419.0.0.0.14.el5-1.4.11-1.el5.src.rpm | da8c00bdaf2ac6c463a6f82c78a45b99 | - | |
| oracleasm-2.6.18-419.0.0.0.14.el5-2.0.5-2.el5.src.rpm | 7cc60e64d92d0e4cfc2a3610ccf69e08 | - | |
| kernel-2.6.18-419.0.0.0.14.el5.i686.rpm | 323e3118a259903a4e91a6aea0d9472c | - | |
| kernel-PAE-2.6.18-419.0.0.0.14.el5.i686.rpm | 08e828fc3db2835f35ebbb353758a676 | - | |
| kernel-PAE-devel-2.6.18-419.0.0.0.14.el5.i686.rpm | 7f756f4d4c47884c810baf48e2f05c93 | - | |
| kernel-debug-2.6.18-419.0.0.0.14.el5.i686.rpm | ff6f5909d021e34c402811eb684b84c4 | - | |
| kernel-debug-devel-2.6.18-419.0.0.0.14.el5.i686.rpm | 74691298fb6968a2565c6f1980af01c5 | - | |
| kernel-devel-2.6.18-419.0.0.0.14.el5.i686.rpm | 36d9c0d6c3028c3786fbbd62cb1e7a9c | - | |
| kernel-doc-2.6.18-419.0.0.0.14.el5.noarch.rpm | 61c24314dce3dce95e265ffc7ba8972c | - | |
| kernel-headers-2.6.18-419.0.0.0.14.el5.i386.rpm | bcb6bcf3eb6a32529001fa4f67e9c51a | - | |
| kernel-xen-2.6.18-419.0.0.0.14.el5.i686.rpm | 2c94c2cdb32a1f51fe44b1763e4a4c4a | - | |
| kernel-xen-devel-2.6.18-419.0.0.0.14.el5.i686.rpm | 5def8750ee5096141cf0723c8dabaee0 | - | |
| ocfs2-2.6.18-419.0.0.0.14.el5-1.4.11-1.el5.i686.rpm | a07c897ea1b779f0434f5201a19c7e34 | - | |
| ocfs2-2.6.18-419.0.0.0.14.el5PAE-1.4.11-1.el5.i686.rpm | ff139c7fa45d79d7e0ee830c1e2f07bb | - | |
| ocfs2-2.6.18-419.0.0.0.14.el5debug-1.4.11-1.el5.i686.rpm | beaaab38a6e39b3c1d960fe69f34ff6d | - | |
| ocfs2-2.6.18-419.0.0.0.14.el5xen-1.4.11-1.el5.i686.rpm | 620f896b4f749c8cb84ff0a48229e8d7 | - | |
| oracleasm-2.6.18-419.0.0.0.14.el5-2.0.5-2.el5.i686.rpm | 3515d1ad4335ec19b1e056bfd4744570 | - | |
| oracleasm-2.6.18-419.0.0.0.14.el5PAE-2.0.5-2.el5.i686.rpm | ae36eaa97d8f1a98fa693a981c7739c6 | - | |
| oracleasm-2.6.18-419.0.0.0.14.el5debug-2.0.5-2.el5.i686.rpm | e945511744edb6caada7d95cc8d1d927 | - | |
| oracleasm-2.6.18-419.0.0.0.14.el5xen-2.0.5-2.el5.i686.rpm | 033a1f30d07af16a432f03d110cef601 | - | |
| Oracle Linux 5 (ia64) | kernel-2.6.18-419.0.0.0.14.el5.src.rpm | 4586c5003d76b01a75fecce82fc74064 | - |
| ocfs2-2.6.18-419.0.0.0.14.el5-1.4.11-1.el5.src.rpm | da8c00bdaf2ac6c463a6f82c78a45b99 | - | |
| oracleasm-2.6.18-419.0.0.0.14.el5-2.0.5-2.el5.src.rpm | 7cc60e64d92d0e4cfc2a3610ccf69e08 | - | |
| kernel-2.6.18-419.0.0.0.14.el5.ia64.rpm | c02042772c0fc0deb401c46f9a4437eb | - | |
| kernel-debug-2.6.18-419.0.0.0.14.el5.ia64.rpm | 1e12c8d9cef8b4ff16054a93c20501df | - | |
| kernel-debug-devel-2.6.18-419.0.0.0.14.el5.ia64.rpm | 1fc9b314c3e8ea30f6bbe3c6d0acc9b5 | - | |
| kernel-devel-2.6.18-419.0.0.0.14.el5.ia64.rpm | 9a5a60ec63a23a32d5a3d9da3e26902c | - | |
| kernel-doc-2.6.18-419.0.0.0.14.el5.noarch.rpm | 61c24314dce3dce95e265ffc7ba8972c | - | |
| kernel-headers-2.6.18-419.0.0.0.14.el5.ia64.rpm | cefe0b1097f4c55f52e9feb177df91bc | - | |
| kernel-xen-2.6.18-419.0.0.0.14.el5.ia64.rpm | 5c940d30dde6f596f4ac76c1f05317fc | - | |
| kernel-xen-devel-2.6.18-419.0.0.0.14.el5.ia64.rpm | a65d6976bebf61fed5273b5662b6c39d | - | |
| ocfs2-2.6.18-419.0.0.0.14.el5-1.4.11-1.el5.ia64.rpm | a91fa5b70f7e8c1dbd371040f08dfd16 | - | |
| ocfs2-2.6.18-419.0.0.0.14.el5debug-1.4.11-1.el5.ia64.rpm | 8b5f1302610518da18eb2054ed25f765 | - | |
| ocfs2-2.6.18-419.0.0.0.14.el5xen-1.4.11-1.el5.ia64.rpm | 5bce7762bb3624d78e8c66824fe492fb | - | |
| oracleasm-2.6.18-419.0.0.0.14.el5-2.0.5-2.el5.ia64.rpm | 65376b635ef080d5be5d7d39eabca89f | - | |
| oracleasm-2.6.18-419.0.0.0.14.el5debug-2.0.5-2.el5.ia64.rpm | 16e5323dd1fb66e69403732f28786364 | - | |
| oracleasm-2.6.18-419.0.0.0.14.el5xen-2.0.5-2.el5.ia64.rpm | 26d2620ba5987a72f4ff657567e9de98 | - | |
| Oracle Linux 5 (x86_64) | kernel-2.6.18-419.0.0.0.14.el5.src.rpm | 4586c5003d76b01a75fecce82fc74064 | - |
| ocfs2-2.6.18-419.0.0.0.14.el5-1.4.11-1.el5.src.rpm | da8c00bdaf2ac6c463a6f82c78a45b99 | - | |
| oracleasm-2.6.18-419.0.0.0.14.el5-2.0.5-2.el5.src.rpm | 7cc60e64d92d0e4cfc2a3610ccf69e08 | - | |
| kernel-2.6.18-419.0.0.0.14.el5.x86_64.rpm | 5113e8347b76784890de9878d285066d | - | |
| kernel-debug-2.6.18-419.0.0.0.14.el5.x86_64.rpm | 2dc5ba4fb09f8979b9237eb5d9ef54a1 | - | |
| kernel-debug-devel-2.6.18-419.0.0.0.14.el5.x86_64.rpm | 7fe6abdc5c0bd35baacc827030e2b0e6 | - | |
| kernel-devel-2.6.18-419.0.0.0.14.el5.x86_64.rpm | cc1204f8027f7f2b8d2d8eb538bb5f50 | - | |
| kernel-doc-2.6.18-419.0.0.0.14.el5.noarch.rpm | 61c24314dce3dce95e265ffc7ba8972c | - | |
| kernel-headers-2.6.18-419.0.0.0.14.el5.x86_64.rpm | d573a0cb2cb04db98f1cbbade3b4c03d | - | |
| kernel-xen-2.6.18-419.0.0.0.14.el5.x86_64.rpm | 076265f8990b17388770a20ea6810922 | - | |
| kernel-xen-devel-2.6.18-419.0.0.0.14.el5.x86_64.rpm | 152342f6bc3b383c4f409c7f7f5c0a66 | - | |
| ocfs2-2.6.18-419.0.0.0.14.el5-1.4.11-1.el5.x86_64.rpm | a83dcd39de460d8561192f7ed70cd54d | - | |
| ocfs2-2.6.18-419.0.0.0.14.el5debug-1.4.11-1.el5.x86_64.rpm | 18153c30e53465639784b755d0144d34 | - | |
| ocfs2-2.6.18-419.0.0.0.14.el5xen-1.4.11-1.el5.x86_64.rpm | 8ddec81d53ca10706ffcf4f7e8c241ad | - | |
| oracleasm-2.6.18-419.0.0.0.14.el5-2.0.5-2.el5.x86_64.rpm | 6c0ec38882bcdbb7b9af5142fd3a2ed8 | - | |
| oracleasm-2.6.18-419.0.0.0.14.el5debug-2.0.5-2.el5.x86_64.rpm | 05ea9f7fc3f3ce4e27e607ec9efc29e2 | - | |
| oracleasm-2.6.18-419.0.0.0.14.el5xen-2.0.5-2.el5.x86_64.rpm | c9a9e9b634c5c310d8ca931cee859878 | - | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
