OVMSA-2018-0228 - Unbreakable Enterprise kernel security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2018-06-13 |
Description
[4.1.12-124.16.2]
- netlink: add a start callback for starting a netlink dump (Tom Herbert) [Orabug: 27169581] {CVE-2017-16939}
- ipsec: Fix aborted xfrm policy dump crash (Herbert Xu) [Orabug: 27169581] {CVE-2017-16939}
[4.1.12-124.16.1]
- net/rds: prevent RDS connections using stale ARP entries (Wei Lin Guay) [Orabug: 28149101]
- net/rds: Avoid stalled connection due to CM REQ retries (Wei Lin Guay) [Orabug: 28068627]
- net/rds: use one sided reconnection during a race (Wei Lin Guay) [Orabug: 28068627]
- Revert 'Revert 'net/rds: Revert 'RDS: add reconnect retry scheme for stalled' (Hakon Bugge) [Orabug: 28068627]
- xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (Joe Jin) [Orabug: 22910685]
- net/rds: Assign the correct service level (Wei Lin Guay) [Orabug: 27607213]
- target: Re-add missing SCF_ACK_KREF assignment in v4.1.y (Nicholas Bellinger) [Orabug: 27781132]
- target: Fix LUN_RESET active I/O handling for ACK_KREF (Nicholas Bellinger) [Orabug: 27781132]
- target: Invoke release_cmd() callback without holding a spinlock (Bart Van Assche) [Orabug: 27781132]
- x86/bugs: Remove the Disabling Spectre v2 mitigation retpoline (Konrad Rzeszutek Wilk) [Orabug: 27897282]
- x86/bugs: Report properly retpoline+IBRS (Konrad Rzeszutek Wilk)
- x86/bugs: Dont lie when fallback retpoline is engaged (Konrad Rzeszutek Wilk)
- fs: aio: fix the increment of aio-nr and counting against aio-max-nr (Mauricio Faria de Oliveira) [Orabug: 28079082]
- qla2xxx: Enable buffer boundary check when DIF bundling is on. (Rajan Shanmugavelu) [Orabug: 28130589]
- kernel: sys.c: missing break for prctl spec ctrl (Mihai Carabas) [Orabug: 28144775]
[4.1.12-124.15.4]
- x86/bugs/IBRS: Keep SSBD mitigation in effect if spectre_v2=ibrs is selected (Mihai Carabas)
- fs/pstore: update the backend parameter in pstore module (Wang Long) [Orabug: 27994372]
- kvm: vmx: Reinstate support for CPUs without virtual NMI (Paolo Bonzini) [Orabug: 28041210]
- dm crypt: add big-endian variant of plain64 IV (Milan Broz) [Orabug: 28043932]
- x86/bugs: Rename SSBD_NO to SSB_NO (Konrad Rzeszutek Wilk) [Orabug: 28063992] {CVE-2018-3639}
- KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD (Tom Lendacky) [Orabug: 28063992] [Orabug: 28069548] {CVE-2018-3639}
- x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/bugs: Rework spec_ctrl base and mask logic (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/bugs: Expose x86_spec_ctrl_base directly (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} (Borislav Petkov) [Orabug: 28063992] {CVE-2018-3639}
- x86/speculation: Rework speculative_store_bypass_update() (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/speculation: Add virtualized speculative store bypass disable support (Tom Lendacky) [Orabug: 28063992] {CVE-2018-3639}
- x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/speculation: Handle HT correctly on AMD (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/cpufeatures: Add FEATURE_ZEN (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/cpu/AMD: Fix erratum 1076 (CPB bit) (Borislav Petkov) [Orabug: 28063992] {CVE-2018-3639}
[4.1.12-124.15.3]
- perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947602] {CVE-2018-1000199}
- Revert 'perf/hwbp: Simplify the perf-hwbp code, fix documentation' (Brian Maly) [Orabug: 27947602]
Related CVEs
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
|
| Oracle VM 3.4 (x86_64) | kernel-uek-4.1.12-124.16.2.el6uek.src.rpm | 2b4f641cce17b42e95f6698c821d57e3360d068b1dd1649a5f9456e44628b2fc | OVMSA-2025-0001 | ovm34_x86_64_latest |
| kernel-uek-4.1.12-124.16.2.el6uek.x86_64.rpm | aee40a1ab2affe452fbe074668c77840b87981a4faa63de8fc687670f9f7194e | OVMSA-2025-0001 | ovm34_x86_64_latest |
| kernel-uek-firmware-4.1.12-124.16.2.el6uek.noarch.rpm | 3712694e61ad56c565554ceb6a2ce7ccf00ff9f5e0b42d1e2e3dc90edaf600e7 | OVMSA-2025-0001 | ovm34_x86_64_latest |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
