OVMSA-2018-0228 - Unbreakable Enterprise kernel security update

Release Date:2018-06-13


- netlink: add a start callback for starting a netlink dump (Tom Herbert) [Orabug: 27169581] {CVE-2017-16939}
- ipsec: Fix aborted xfrm policy dump crash (Herbert Xu) [Orabug: 27169581] {CVE-2017-16939}

- net/rds: prevent RDS connections using stale ARP entries (Wei Lin Guay) [Orabug: 28149101]
- net/rds: Avoid stalled connection due to CM REQ retries (Wei Lin Guay) [Orabug: 28068627]
- net/rds: use one sided reconnection during a race (Wei Lin Guay) [Orabug: 28068627]
- Revert 'Revert 'net/rds: Revert 'RDS: add reconnect retry scheme for stalled' (Hakon Bugge) [Orabug: 28068627]
- xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent (Joe Jin) [Orabug: 22910685]
- net/rds: Assign the correct service level (Wei Lin Guay) [Orabug: 27607213]
- target: Re-add missing SCF_ACK_KREF assignment in v4.1.y (Nicholas Bellinger) [Orabug: 27781132]
- target: Fix LUN_RESET active I/O handling for ACK_KREF (Nicholas Bellinger) [Orabug: 27781132]
- target: Invoke release_cmd() callback without holding a spinlock (Bart Van Assche) [Orabug: 27781132]
- x86/bugs: Remove the Disabling Spectre v2 mitigation retpoline (Konrad Rzeszutek Wilk) [Orabug: 27897282]
- x86/bugs: Report properly retpoline+IBRS (Konrad Rzeszutek Wilk)
- x86/bugs: Dont lie when fallback retpoline is engaged (Konrad Rzeszutek Wilk)
- fs: aio: fix the increment of aio-nr and counting against aio-max-nr (Mauricio Faria de Oliveira) [Orabug: 28079082]
- qla2xxx: Enable buffer boundary check when DIF bundling is on. (Rajan Shanmugavelu) [Orabug: 28130589]
- kernel: sys.c: missing break for prctl spec ctrl (Mihai Carabas) [Orabug: 28144775]

- x86/bugs/IBRS: Keep SSBD mitigation in effect if spectre_v2=ibrs is selected (Mihai Carabas)
- fs/pstore: update the backend parameter in pstore module (Wang Long) [Orabug: 27994372]
- kvm: vmx: Reinstate support for CPUs without virtual NMI (Paolo Bonzini) [Orabug: 28041210]
- dm crypt: add big-endian variant of plain64 IV (Milan Broz) [Orabug: 28043932]
- x86/bugs: Rename SSBD_NO to SSB_NO (Konrad Rzeszutek Wilk) [Orabug: 28063992] {CVE-2018-3639}
- KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD (Tom Lendacky) [Orabug: 28063992] [Orabug: 28069548] {CVE-2018-3639}
- x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/bugs: Rework spec_ctrl base and mask logic (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/bugs: Expose x86_spec_ctrl_base directly (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} (Borislav Petkov) [Orabug: 28063992] {CVE-2018-3639}
- x86/speculation: Rework speculative_store_bypass_update() (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/speculation: Add virtualized speculative store bypass disable support (Tom Lendacky) [Orabug: 28063992] {CVE-2018-3639}
- x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/speculation: Handle HT correctly on AMD (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/cpufeatures: Add FEATURE_ZEN (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/cpu/AMD: Fix erratum 1076 (CPB bit) (Borislav Petkov) [Orabug: 28063992] {CVE-2018-3639}

- perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947602] {CVE-2018-1000199}
- Revert 'perf/hwbp: Simplify the perf-hwbp code, fix documentation' (Brian Maly) [Orabug: 27947602]

Related CVEs


Updated Packages

Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle VM 3.4 (x86_64) kernel-uek-4.1.12-124.16.2.el6uek.src.rpm689a7366834ac789f068eba65364dbe0OVMSA-2021-0016

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team