Oracle Errata System Oracle Linux 5.11 2024-09-21T18:59:50 Oracle Linux 7 - [3.10.0-693.11.6.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-693.11.6] - [x86] spec_ctrl: Eliminate redundant FEATURE Not Present messages (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715} - [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED per-cpu section (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715} - [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715} - [x86] kaiser/mm: skip IBRS/CR3 restore when paranoid exception returns to userland (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715} - [x86] kaiser/mm: consider the init_mm.pgd a kaiser pgd (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715} [3.10.0-693.11.5] - [x86] kaiser/mm: convert userland visible 'kpti' name to 'pti' (Andrea Arcangeli) [1519795 1519798] - Revert 'x86/entry: Use retpoline for syscall's indirect calls' (Andrea Arcangeli) [1519795 1519798] - [x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2 (Andrea Arcangeli) [1519795 1519798] - [x86] kaiser/mm: __load_cr3 in resume from RAM after kernel gs has been restored (Andrea Arcangeli) [1519795 1519798] [3.10.0-693.11.4] - [x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and IBPB_SUPPORT are missing (Andrea Arcangeli) [1519795 1519798] - [x86] spec_ctrl: Documentation spec_ctrl.txt (Andrea Arcangeli) [1519795 1519798] - [x86] spec_ctrl: remove irqs_disabled() check from intel_idle() (Andrea Arcangeli) [1519795 1519798] - [x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled (Andrea Arcangeli) [1519795 1519798] - [x86] spec_ctrl: undo speculation barrier for ibrs_enabled and noibrs_cmdline (Andrea Arcangeli) [1519795 1519798] - [x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS (Andrea Arcangeli) [1519795 1519798] - [x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB (Andrea Arcangeli) [1519795 1519798] - [x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs (Andrea Arcangeli) [1519795 1519798] - [x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2 (Andrea Arcangeli) [1519795 1519798] - [x86] spec_ctrl: use IBRS_ENABLED instead of 1 (Andrea Arcangeli) [1519795 1519798] - [x86] spec_ctrl: allow the IBP disable feature to be toggled at runtime (Andrea Arcangeli) [1519795 1519798] - [x86] spec_ctrl: always initialize save_reg in ENABLE_IBRS_SAVE_AND_CLOBBER (Andrea Arcangeli) [1519795 1519798] - [x86] spec_ctrl: ibrs_enabled() is expected to return > 1 (Andrea Arcangeli) [1519795 1519798] - [x86] spec_ctrl: issue a __spec_ctrl_ibpb if a credential check isn't possible (Andrea Arcangeli) [1519795 1519798] - [x86] mm/kaiser: disable global pages by default with KAISER (Andrea Arcangeli) [1519795 1519798] - Revert 'x86/mm/kaiser: Disable global pages by default with KAISER' (Andrea Arcangeli) [1519795 1519798] - ibpb: don't optimize spec_cntrl_ibpb on PREEMPT_RCU (Andrea Arcangeli) [1519795 1519798] - [x86] spec_ctrl: clear registers after 32bit syscall stackframe is setup (Andrea Arcangeli) [1519800 1519801] - [x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths (Andrea Arcangeli) [1519800 1519801] - [x86] kaiser/mm: fix pgd freeing in error path (Andrea Arcangeli) [1519800 1519801] [3.10.0-693.11.3] - [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715 CVE-2017-5754} - [x86] entry: Remove trampoline check from paranoid entry path (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715 CVE-2017-5754} - [x86] entry: Fix paranoid_exit() trampoline clobber (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715 CVE-2017-5754} - [x86] entry: Simplify trampoline stack restore code (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715 CVE-2017-5754} - [x86] dumpstack: Remove raw stack dump (Josh Poimboeuf) [1519795 1519798] - [x86] spec_ctrl: remove SPEC_CTRL_DEBUG code (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] spec_ctrl: add noibrs noibpb boot options (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] entry: Use retpoline for syscall's indirect calls (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] syscall: Clear unused extra registers on 32-bit compatible syscall entrance (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] spec_ctrl: cleanup unnecessary ptregscall_common function (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] spec_ctrl: CLEAR_EXTRA_REGS and extra regs save/restore (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] syscall: Clear unused extra registers on syscall entrance (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] spec_ctrl: rescan cpuid after a late microcode update (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] spec_ctrl: consolidate the spec control boot detection (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] spec_ctrl: add debug aid to test the entry code without microcode (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] spec_ctrl: move stuff_RSB in spec_ctrl.h (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] entry: Stuff RSB for entry to kernel for non-SMEP platform (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] mm: Only set IBPB when the new thread cannot ptrace current thread (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] mm: Set IBPB upon context switch (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] idle: Disable IBRS when offlining cpu and re-enable on wakeup (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] idle: Disable IBRS entering idle and enable it on wakeup (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] spec_ctrl: implement spec ctrl C methods (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] enter: Use IBRS on syscall and interrupts (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] spec_ctrl: swap rdx with rsi for nmi nesting detection (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] spec_ctrl: spec_ctrl_pcp and kaiser_enabled_pcp in same cachline (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and ibrs (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] enter: MACROS to set/clear IBRS and set IBPB (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [kvm] x86: add SPEC_CTRL to MSR and CPUID lists (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] svm: Set IBPB when running a different VCPU (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [kvm] vmx: Set IBPB when running a different VCPU (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [kvm] x86: clear registers on VM exit (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] kvm: pad RSB on VM transition (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not available (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] feature: Report presence of IBPB and IBRS control (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [x86] feature: Enable the x86 feature to control Speculation (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [tools] objtool: Don't print 'call dest' warnings for ignored functions (Josh Poimboeuf) [1519795 1519798] {CVE-2017-5715} - [misc] locking/barriers: prevent speculative execution based on Coverity scan results (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753} - [fs] udf: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753} - [fs] prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753} - [kernel] userns: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753} - [scsi] qla2xxx: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753} - [netdrv] p54: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753} - [netdrv] carl9170: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753} - [media] uvcvideo: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753} - [x86] cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753} - [x86] cpu/AMD: Make the LFENCE instruction serialized (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753} - [misc] locking/barriers: introduce new memory barrier gmb() (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753} - [x86] mm/kaiser: Replace kaiser with kpti to sync with upstream (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: add 'kaiser' and 'nokaiser' boot options (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: map the trace idt tables in userland shadow pgd (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: fix RESTORE_CR3 crash in kaiser_stop_machine (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: use stop_machine for enable/disable knob (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: use atomic ops to poison/unpoison user pagetables (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: use two PCID ASIDs optimize the TLB during enter/exit kernel (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: stop patching flush_tlb_single (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: use PCID feature to make user and kernel switches faster (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm: If INVPCID is available, use it to flush global mappings (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/64: Fix reboot interaction with CR4.PCIDE (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/64: Initialize CR4.PCIDE early (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm: Add a 'noinvpcid' boot option to turn off INVPCID (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm: Add the 'nopcid' boot option to turn off PCID (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: validate trampoline stack (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] entry: Move SYSENTER_stack to the beginning of struct tss_struct (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: isolate the user mapped per cpu areas (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: enable kaiser in build (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: selective boot time defaults (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: handle call to xen_pv_domain() on PREEMPT_RT (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser/xen: Dynamically disable KAISER when running under Xen PV (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: add Kconfig (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: avoid false positives during non-kaiser pgd updates (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: Respect disabled CPU features (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: trampoline stack comments (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: stack trampoline (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: remove paravirt clock warning (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: re-enable vsyscalls (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: allow to build KAISER with KASRL (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: allow KAISER to be enabled/disabled at runtime (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: un-poison PGDs at runtime (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: add a function to check for KAISER being enabled (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: add debugfs file to turn KAISER on/off at runtime (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: disable native VSYSCALL (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: map virtually-addressed performance monitoring buffers (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: map debug IDT tables (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: add kprobes text section (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: map trace interrupt entry (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: map entry stack per-cpu areas (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: map dynamically-allocated LDTs (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: make sure static PGDs are 8k in size (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: allow NX poison to be set in p4d/pgd (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: unmap kernel from userspace page tables (core patch) (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: mark per-cpu data structures required for entry/exit (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: introduce user-mapped per-cpu areas (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: add cr3 switches to entry code (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: remove scratch registers (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: prepare assembly for entry/exit CR3 switching (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/kaiser: Disable global pages by default with KAISER (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm: Document X86_CR4_PGE toggling behavior (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm/tlb: Make CR4-based TLB flushes more robust (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] mm: Do not set _PAGE_USER for init_mm page tables (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [x86] increase robusteness of bad_iret fixup handler (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [perf] x86/intel/uncore: Fix memory leaks on allocation failures (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [mm] userfaultfd: hugetlbfs: prevent UFFDIO_COPY to fill beyond the end of i_size (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [fs] userfaultfd: non-cooperative: fix fork use after free (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [mm] userfaultfd: hugetlbfs: remove superfluous page unlock in VM_SHARED case (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} - [mm] fix bad rss-counter if remap_file_pages raced migration (Josh Poimboeuf) [1519800 1519801] {CVE-2017-5754} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-5753 CVE-2017-5754 CVE-2017-5715 cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [2.6.32-696.18.7.OL6] - Update genkey [bug 25599697] [2.6.32-696.18.7] - [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: enable IBRS and stuff_RSB before calling NMI C code (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: skip CAP_SYS_PTRACE check to skip audit (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: disable ibrs while in intel_idle() (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: skip IBRS/CR3 restore when paranoid exception returns to userland (Waiman Long) [1519797 1519796] {CVE-2017-5715} - Revert 'x86/entry: Use retpoline for syscall's indirect calls' (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm/dump_pagetables: Allow dumping current pagetables (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/dump_pagetables: Add a pgd argument to walk_pgd_level() (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/dump_pagetables: Add page table directory (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Remove unneeded nmi_userspace code (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Fix nmi exit code with CONFIG_TRACE_IRQFLAGS (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED per-cpu section (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: Clear kdump pgd page to prevent incorrect behavior (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: consider the init_mm.pgd a kaiser pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: convert userland visible 'kpti' name to 'pti' (Waiman Long) [1519799 1519802] {CVE-2017-5754} [2.6.32-696.18.6] - [x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2 (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm/kaiser: __load_cr3 in resume from RAM after kernel %gs has been restored (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm/kaiser: Revert the __GFP_COMP flag change (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Fix paranoid_exit() trampoline clobber (Waiman Long) [1519799 1519802] {CVE-2017-5754} [2.6.32-696.18.5] - [x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and IBPB_SUPPORT are missing (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: Documentation spec_ctrl.txt (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: remove irqs_disabled() check from intel_idle() (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: undo speculation barrier for ibrs_enabled and noibrs_cmdline (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2 (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: use IBRS_ENABLED instead of 1 (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: allow the IBP disable feature to be toggled at runtime (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: always initialize save_reg in ENABLE_IBRS_SAVE_AND_CLOBBER (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: ibrs_enabled() is expected to return > 1 (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: CLEAR_EXTRA_REGS and extra regs save/restore (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] syscall: Clear unused extra registers on syscall (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Add back STUFF_RSB to interrupt and error paths (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm/kaiser: make is_kaiser_pgd reliable (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] revert: mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] kaiser/mm: fix pgd freeing in error path (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Fix 32-bit program crash with 64-bit kernel on AMD boxes (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: add noibrs noibpb boot options (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Use retpoline for syscall's indirect calls (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] syscall: Clear unused extra registers on 32-bit compatible syscall entrance (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: rescan cpuid after a late microcode update (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: consolidate the spec control boot detection (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] Remove __cpuinitdata from some data & function (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: move stuff_RSB in spec_ctrl.h (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Remove STUFF_RSB in error and interrupt code (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Stuff RSB for entry to kernel for non-SMEP platform (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm: Only set IBPB when the new thread cannot ptrace (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm: Set IBPB upon context switch (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] idle: Disable IBRS when offlining cpu and re-enable (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] idle: Disable IBRS entering idle and enable it on wakeup (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: implement spec ctrl C methods (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] enter: Use IBRS on syscall and interrupts (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: swap rdx with rsi for nmi nesting detection (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: spec_ctrl_pcp and kaiser_enabled_pcp in same cachline (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and ibrs (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] enter: MACROS to set/clear IBRS and set IBPB (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] x86: add SPEC_CTRL to MSR and CPUID lists (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] svm: Set IBPB when running a different VCPU (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] vmx: Set IBPB when running a different VCPU (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] x86: clear registers on VM exit (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] [kvm] Pad RSB on VM transition (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [security] Add SPEC_CTRL Kconfig option (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not available (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] feature: Report presence of IBPB and IBRS control (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] feature: Enable the x86 feature to control Speculation (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] cpuid: Provide get_scattered_cpuid_leaf() (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] cpuid: Cleanup cpuid_regs definitions (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] microcode: Share native MSR accessing variants (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] nop: Make the ASM_NOP* macros work from assembly (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] cpu: Clean up and unify the NOP selection infrastructure (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Further simplify the paranoid_exit code (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Remove trampoline check from paranoid entry path (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Don't switch to trampoline stack in paranoid_exit (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Simplify trampoline stack restore code (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [misc] locking/barriers: prevent speculative execution based on Coverity scan results (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [fs] udf: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [fs] prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [scsi] qla2xxx: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [netdrv] p54: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [netdrv] carl9170: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [media] uvcvideo: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] cpu/AMD: Make the LFENCE instruction serialized (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [kernel] locking/barriers: introduce new memory barrier gmb() (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] Fix typo preventing msr_set/clear_bit from having an effect (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] Add another set of MSR accessor functions (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] mm/kaiser: Replace kaiser with kpti to sync with upstream (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map the trace idt tables in userland shadow pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add 'kaiser' and 'nokaiser' boot options (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] kaiser/mm: fix RESTORE_CR3 crash in kaiser_stop_machine (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: use stop_machine for enable/disable knob (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] kaiser/mm: use atomic ops to poison/unpoison user pagetables (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: use two PCID ASIDs optimize the TLB during enter/exit kernel (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: stop patching flush_tlb_single (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: If INVPCID is available, use it to flush global mappings (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: use PCID feature to make user and kernel switches faster (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/64: Initialize CR4.PCIDE early (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Add a 'noinvpcid' boot option to turn off INVPCID (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Add the 'nopcid' boot option to turn off PCID (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: validate trampoline stack (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Move SYSENTER_stack to the beginning of struct tss_struct (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: isolate the user mapped per cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: selective boot time defaults (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser/xen: Dynamically disable KAISER when running under Xen PV (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add Kconfig (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: avoid false positives during non-kaiser pgd updates (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: Respect disabled CPU features (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] kaiser/mm: trampoline stack comments (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: stack trampoline (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: re-enable vsyscalls (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow to build KAISER with KASRL (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow KAISER to be enabled/disabled at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: un-poison PGDs at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add a function to check for KAISER being enabled (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add debugfs file to turn KAISER on/off at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: disable native VSYSCALL (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map virtually-addressed performance monitoring buffers (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add kprobes text section (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map trace interrupt entry (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map entry stack per-cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map dynamically-allocated LDTs (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: make sure static PGDs are 8k in size (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow NX poison to be set in p4d/pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: unmap kernel from userspace page tables (core patch) (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: mark per-cpu data structures required for entry/exit (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: introduce user-mapped per-cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add cr3 switches to entry code (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: remove scratch registers (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: prepare assembly for entry/exit CR3 switching (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Document X86_CR4_PGE toggling behavior (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/tlb: Make CR4-based TLB flushes more robust (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Do not set _PAGE_USER for init_mm page tables (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] increase robusteness of bad_iret fixup handler (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Check if PUD is large when validating a kernel address (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] Separate out entry text section (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [include] linux/const.h: Add _BITUL() and _BITULL() (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [include] linux/mmdebug.h: add VM_WARN_ON() and VM_WARN_ON_ONCE() (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [include] stddef.h: Move offsetofend() from vfio.h to a generic kernel header (Waiman Long) [1519799 1519802] {CVE-2017-5754} [2.6.32-696.18.1] - [s390] s390/qdio: clear DSCI prior to scanning multiple input queues (Hendrik Brueckner) [1513314 1467962] - [net] sctp: do not loose window information if in rwnd_over (Marcelo Leitner) [1514443 1492220] - [net] sctp: fix recovering from 0 win with small data chunks (Marcelo Leitner) [1514443 1492220] - [s390] zfcp: fix erp_action use-before-initialize in REC action trace (Hendrik Brueckner) [1512425 1497000] - [hv] vmbus: Fix error code returned by vmbus_post_msg() (Vitaly Kuznetsov) [1506145 1491846] - [hv] vmbus: Increase the time between retries in vmbus_post_msg() (Vitaly Kuznetsov) [1506145 1491846] - [hv] vmbus: Raise retry/wait limits in vmbus_post_msg() (Vitaly Kuznetsov) [1506145 1491846] - [hv] vmbus: Reduce the delay between retries in vmbus_post_msg() (Vitaly Kuznetsov) [1506145 1491846] - [scsi] be2iscsi: fix bad extern declaration (Maurizio Lombardi) [1507512 1497152] - [kernel] mqueue: fix a use-after-free in sys_mq_notify() (Davide Caratti) [1476122 1476124] {CVE-2017-11176} - [net] ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() (Matteo Croce) [1477008 1477006] {CVE-2017-7542} - [net] ipv6: avoid overflow of offset in ip6_find_1stfragopt (Matteo Croce) [1477008 1477006] {CVE-2017-7542} - [net] ipv6: Fix leak in ipv6_gso_segment() (Sabrina Dubroca) [1502417 1459951] {CVE-2017-9074} - [net] gre: fix a possible skb leak (Sabrina Dubroca) [1502417 1459951] {CVE-2017-9074} - [net] ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Sabrina Dubroca) [1502417 1459951] {CVE-2017-9074} - [net] ipv6: Check ip6_find_1stfragopt() return value properly (Sabrina Dubroca) [1502417 1459951] {CVE-2017-9074} - [net] ipv6: Prevent overrun when parsing v6 header options (Sabrina Dubroca) [1502417 1459951] {CVE-2017-9074} [2.6.32-696.17.1] - [fs] nfsd: reorder nfsd_cache_match to check more powerful discriminators first (Thiago Becker) [1509876 1435787] - [fs] nfsd: split DRC global spinlock into per-bucket locks (Thiago Becker) [1509876 1435787] - [fs] nfsd: convert num_drc_entries to an atomic_t (Thiago Becker) [1509876 1435787] - [fs] nfsd: remove the cache_hash list (Thiago Becker) [1509876 1435787] - [fs] nfsd: convert the lru list into a per-bucket thing (Thiago Becker) [1509876 1435787] - [fs] nfsd: clean up drc cache in preparation for global spinlock elimination (Thiago Becker) [1509876 1435787] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-5754 CVE-2017-5753 CVE-2017-5715 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 7 [2.1-22.2] - Update Intel CPU microde for 06-3f-02, 06-4f-01, and 06-55-04 - Resolves: #1527358 [2.1-22.1] - Update to upstream 2.1-13. Intel CPU microcode update to 20170707. - Resolves: #1474844 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-5715 cpe:/a:oracle:linux:7::latest_internal Oracle Linux 7 [1.5.3-141.el7_4.6] - Fix CVE-2017-5715 [1.5.3-141.el7_4.5] - kvm-vfio-pci-Only-mmap-TARGET_PAGE_SIZE-regions.patch [bz#1515110] - Resolves: bz#1515110 (Regression in QEMU handling for sub-page MMIO BARs for vfio-pci devices [rhel-7.4.z]) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-5715 cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [0.12.1.2-2.503.el6_9.4] - Fix CVE-2017-5715 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-5715 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 7 [3.2.0-14.0.1.el7_4.7] - bump release and rebuild [3.2.0-14.el7_4.7] - qemu: Properly store microcode version in QEMU caps cache (CVE-2017-5715) [3.2.0-14.el7_4.6] - util: add virFileReadHeaderQuiet wrapper around virFileReadHeaderFD (CVE-2017-5715) - util: introduce virHostCPUGetMicrocodeVersion (CVE-2017-5715) - cpu_x86: Rename virCPUx86MapInitialize (CVE-2017-5715) - conf: include x86 microcode version in virsh capabiltiies (CVE-2017-5715) - qemu: capabilities: force update if the microcode version does not match (CVE-2017-5715) - cpu: add CPU features and model for indirect branch prediction protection (CVE-2017-5715) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-5715 cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [0.10.2-62.0.1.el6_9.1] - Replace docs/et.png in tarball with blank image [0.10.2-62.el6_9.1] - util: Implement virFileReadHeaderFD (CVE-2017-5715) - util: add virFileReadHeaderQuiet wrapper around virFileReadHeaderFD (CVE-2017-5715) - util: introduce virHostCPUGetMicrocodeVersion (CVE-2017-5715) - conf: include x86 microcode version in virsh capabiltiies (CVE-2017-5715) - cpu: add CPU features and model for indirect branch prediction protection (CVE-2017-5715) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-5715 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 Oracle Linux 7 [52.5.2-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.5.2-1] - Update to 52.5.2 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-7846 CVE-2017-7829 CVE-2017-7847 CVE-2017-7848 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [1:1.17-25.4.0.1] - Enable early microcode load to allow updating Broadwell model 79 - Make sure 'modprobe microcode' is not executed on Broadwell model 79 - Run dracut upon microcode update - Add updated Intel 20180108 microcode for CPUIDs: {CVE-2017-5715} 306c3 (06-3c-03 rev 0x23, Haswell); 306d4 (06-3d-04 rev 0x28, Broadwell); 306f2 (06-3f-02 rev 0x3b, Haswell); 306f4 (06-3f-04 rev 0x10, Haswell); 306e4 (06-3e-04 rev 0x42a, Ivy Bridge); 40651 (06-45-01 rev 0x21, Haswell); 40661 (06-46-01 rev 0x18, Haswell); 40671 (06-47-01 rev 0x1b, Broadwell); 406e3 (06-4e-03 rev 0xc2, Skylake); 406f1 (06-4f-01 rev 0xb000025, Broadwell); 50654 (06-55-04 rev 0x200003c, Skylake); 50662 (06-56-02 rev 0x14, Broadwell); 50663 (06-56-03 rev 0x7000011, Broadwell); 506e3 (06-5e-03 rev 0xc2, Skylake); 706a1 (06-7a-01 rev 0x22); 806e9 (06-8e-09 rev 0x80, Kaby Lake); 806ea (06-8e-0a rev 0x80); 906e9 (06-9e-09 rev 0x80, Kaby Lake) 906ea (06-9e-0a rev 0x80); 906eb (06-9e-0b rev 0x80) [1:1.17-25.4] - Use right upstream source for revert - Resolves: #1533978 [1:1.17-25.3] - Revert Microcode from Intel and AMD for Side Channel attack - Resolves: #1533978 IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:7::latest_internal Oracle Linux 7 Oracle Linux 6 [1:1.8.0.161-0.b14] - Update to b14 with updated Zero fix for 8174962 (S8194828) - Resolves: rhbz#1528233 [1:1.8.0.161-0.b13] - Update to b13 including Zero fix for 8174962 (S8194739) and restoring tzdata2017c update - Resolves: rhbz#1528233 [1:1.8.0.161-0.b12] - Add new file cmsalpha.c to %{name}-remove-intree-libraries.sh - Resolves: rhbz#1528233 [1:1.8.0.161-0.b12] - Replace tarballs with version including AArch64 fix for 8174962 (S8194686) - Resolves: rhbz#1528233 [1:1.8.0.161-0.b12] - Switch bootstrap back to java-1.7.0-openjdk on all architectures, depending on RH1482244 fix - Resolves: rhbz#1528233 [1:1.8.0.161-0.b12] - Update to aarch64-jdk8u161-b12 and aarch64-shenandoah-jdk8u161-b12 (mbalao) - Drop upstreamed patches for 8075484 (RH1490713), 8153711 (RH1284948), 8162384 (RH1358661), 8164293 (RH1459641), 8173941, 8175813 (RH1448880), 8175887 and 8180048 (RH1449870).(mbalao) - Resolves: rhbz#1528233 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-2629 CVE-2018-2634 CVE-2018-2641 CVE-2018-2588 CVE-2018-2633 CVE-2018-2579 CVE-2018-2663 CVE-2018-2582 CVE-2018-2637 CVE-2018-2678 CVE-2018-2603 CVE-2018-2602 CVE-2018-2618 CVE-2018-2599 CVE-2018-2677 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [32:9.8.2-0.62.rc1.5] - Fix CVE-2017-3145 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-3145 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 Oracle Linux 7 [32:9.9.4-51.2] - Fix CVE-2017-3145 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-3145 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::optional_latest Oracle Linux 6 Oracle Linux 7 [52.6.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [52.6.0-1] - Update to 52.6.0 ESR CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-5095 CVE-2018-5104 CVE-2018-5089 CVE-2018-5091 CVE-2018-5097 CVE-2018-5102 CVE-2018-5103 CVE-2018-5117 CVE-2018-5096 CVE-2018-5098 CVE-2018-5099 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 - [3.10.0-693.17.1.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-693.17.1] - [s390] locking/barriers: remove old gmb() macro definition (Denys Vlasenko) [1519788 1519786] [3.10.0-693.16.1] - [x86] smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (Prarit Bhargava) [1533022 1519503] - [x86] topology: Add topology_max_smt_threads() (Prarit Bhargava) [1533022 1519503] - [powerpc] spinlock: add gmb memory barrier (Jon Masters) [1519788 1519786] {CVE-2017-5753} - [powerpc] Prevent Meltdown attack with L1-D$ flush (Jon Masters) [1519800 1519801] {CVE-2017-5754} - [s390] add ppa to system call and program check path (Jon Masters) [1519795 1519798] {CVE-2017-5715} - [s390] spinlock: add gmb memory barrier (Jon Masters) [1519788 1519786] {CVE-2017-5753} - [s390] introduce CPU alternatives (Jon Masters) [1519795 1519798] {CVE-2017-5715} - [x86] spec_ctrl: move vmexit rmb in the last branch before IBRS (Andrea Arcangeli) [1533373 1533250] - [x86] spec_ctrl: satisfy the barrier like semantics of IBRS (Andrea Arcangeli) [1533373 1533250] - [fs] userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (Andrea Arcangeli) [1533372 1531287] - [x86] kaiser/efi: unbreak tboot (Andrea Arcangeli) [1519795 1532989 1519798 1531559] {CVE-2017-5715} - [x86] spec_ctrl: don't call ptrace_has_cap in the IBPB ctx switch optimization (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715} - [x86] kaiser/efi: unbreak EFI old_memmap (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715} - [x86] cpuidle_idle_call: fix double local_irq_enable() (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715} - [x86] entry: Invoke TRACE_IRQS_IRETQ in paranoid_userspace_restore_all (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715} - [x86] cpu: fix get_scattered_cpu_leaf sorting part #2 (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715} - [x86] spec_ctrl: show added cpuid flags in /proc/cpuinfo after late microcode update (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715} - [x86] cpu: fix get_scattered_cpu_leaf for IBPB feature (Paolo Bonzini) [1519795 1519798] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-12193 CVE-2017-12192 CVE-2015-8539 CVE-2017-7472 CVE-2017-15649 cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [12:4.2.5-58.0.1.1] - Added oracle-errwarn-message.patch [12:4.2.5-58.1] - Resolves: #1523475 - Fix omapi socket descriptors leak MODERATE Copyright 2018 Oracle, Inc. CVE-2017-3144 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1.3.6.1-26] - Bump version to 1.3.6.1-25 - Resolves: Bug 1534430 - crash in slapi_filter_sprintf [1.3.6.1-25] - Bump version to 1.3.6.1-25 - Resolves: Bug 1526928 - search with CoS attribute is getting slower after modifying/adding CosTemplate - Resolves: Bug 1523505 - opened connection are hanging, no longer poll - Resolves: Bug 1523507 - IPA server replication broken, after DS stop-start, due to changelog reset IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-15134 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::optional_latest Oracle Linux 6 [2.6.32-696.20.1.OL6] - Update genkey [bug 25599697] [2.6.32-696.20.1] - [x86] kaiser/efi: unbreak tboot (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] pti/mm: Fix trampoline stack problem with XEN PV (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] pti/mm: Fix XEN PV boot failure (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Invoke TRACE_IRQS_IRETQ in paranoid_userspace_restore_all (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] spec_ctrl: show added cpuid flags in /proc/cpuinfo after late microcode update (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: enable IBRS and stuff_RSB before calling NMI C code (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: skip CAP_SYS_PTRACE check to skip audit (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: disable ibrs while in intel_idle() (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: skip IBRS/CR3 restore when paranoid exception returns to userland (Waiman Long) [1519797 1519796] {CVE-2017-5715} - Revert 'x86/entry: Use retpoline for syscall's indirect calls' (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm/dump_pagetables: Allow dumping current pagetables (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/dump_pagetables: Add a pgd argument to walk_pgd_level() (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/dump_pagetables: Add page table directory (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Remove unneeded nmi_userspace code (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Fix nmi exit code with CONFIG_TRACE_IRQFLAGS (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED per-cpu section (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: Clear kdump pgd page to prevent incorrect behavior (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: consider the init_mm.pgd a kaiser pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: convert userland visible 'kpti' name to 'pti' (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2 (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm/kaiser: __load_cr3 in resume from RAM after kernel %gs has been restored (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm/kaiser: Revert the __GFP_COMP flag change (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Fix paranoid_exit() trampoline clobber (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and IBPB_SUPPORT are missing (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: Documentation spec_ctrl.txt (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: remove irqs_disabled() check from intel_idle() (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: undo speculation barrier for ibrs_enabled and noibrs_cmdline (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2 (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: use IBRS_ENABLED instead of 1 (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: allow the IBP disable feature to be toggled at runtime (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: always initialize save_reg in ENABLE_IBRS_SAVE_AND_CLOBBER (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: ibrs_enabled() is expected to return > 1 (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: CLEAR_EXTRA_REGS and extra regs save/restore (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] syscall: Clear unused extra registers on syscall (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Add back STUFF_RSB to interrupt and error paths (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm/kaiser: make is_kaiser_pgd reliable (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] revert: mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] kaiser/mm: fix pgd freeing in error path (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Fix 32-bit program crash with 64-bit kernel on AMD boxes (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: add noibrs noibpb boot options (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Use retpoline for syscall's indirect calls (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] syscall: Clear unused extra registers on 32-bit compatible syscall entrance (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: rescan cpuid after a late microcode update (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: consolidate the spec control boot detection (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] Remove __cpuinitdata from some data & function (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: move stuff_RSB in spec_ctrl.h (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Remove STUFF_RSB in error and interrupt code (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Stuff RSB for entry to kernel for non-SMEP platform (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm: Only set IBPB when the new thread cannot ptrace (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm: Set IBPB upon context switch (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] idle: Disable IBRS when offlining cpu and re-enable (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] idle: Disable IBRS entering idle and enable it on wakeup (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: implement spec ctrl C methods (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] enter: Use IBRS on syscall and interrupts (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: swap rdx with rsi for nmi nesting detection (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: spec_ctrl_pcp and kaiser_enabled_pcp in same cachline (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and ibrs (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] enter: MACROS to set/clear IBRS and set IBPB (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] x86: add SPEC_CTRL to MSR and CPUID lists (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] svm: Set IBPB when running a different VCPU (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] vmx: Set IBPB when running a different VCPU (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] x86: clear registers on VM exit (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] [kvm] Pad RSB on VM transition (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [security] Add SPEC_CTRL Kconfig option (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not available (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] feature: Report presence of IBPB and IBRS control (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] feature: Enable the x86 feature to control Speculation (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] cpuid: Provide get_scattered_cpuid_leaf() (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] cpuid: Cleanup cpuid_regs definitions (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] microcode: Share native MSR accessing variants (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] nop: Make the ASM_NOP* macros work from assembly (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] cpu: Clean up and unify the NOP selection infrastructure (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Further simplify the paranoid_exit code (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Remove trampoline check from paranoid entry path (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Don't switch to trampoline stack in paranoid_exit (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Simplify trampoline stack restore code (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [misc] locking/barriers: prevent speculative execution based on Coverity scan results (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [fs] udf: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [fs] prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [scsi] qla2xxx: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [netdrv] p54: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [netdrv] carl9170: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [media] uvcvideo: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] cpu/AMD: Make the LFENCE instruction serialized (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [kernel] locking/barriers: introduce new memory barrier gmb() (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] Fix typo preventing msr_set/clear_bit from having an effect (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] Add another set of MSR accessor functions (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] mm/kaiser: Replace kaiser with kpti to sync with upstream (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map the trace idt tables in userland shadow pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add 'kaiser' and 'nokaiser' boot options (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] kaiser/mm: fix RESTORE_CR3 crash in kaiser_stop_machine (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: use stop_machine for enable/disable knob (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] kaiser/mm: use atomic ops to poison/unpoison user pagetables (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: use two PCID ASIDs optimize the TLB during enter/exit kernel (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: stop patching flush_tlb_single (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: If INVPCID is available, use it to flush global mappings (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: use PCID feature to make user and kernel switches faster (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/64: Initialize CR4.PCIDE early (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Add a 'noinvpcid' boot option to turn off INVPCID (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Add the 'nopcid' boot option to turn off PCID (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: validate trampoline stack (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Move SYSENTER_stack to the beginning of struct tss_struct (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: isolate the user mapped per cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: selective boot time defaults (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser/xen: Dynamically disable KAISER when running under Xen PV (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add Kconfig (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: avoid false positives during non-kaiser pgd updates (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: Respect disabled CPU features (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] kaiser/mm: trampoline stack comments (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: stack trampoline (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: re-enable vsyscalls (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow to build KAISER with KASRL (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow KAISER to be enabled/disabled at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: un-poison PGDs at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add a function to check for KAISER being enabled (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add debugfs file to turn KAISER on/off at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: disable native VSYSCALL (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map virtually-addressed performance monitoring buffers (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add kprobes text section (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map trace interrupt entry (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map entry stack per-cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map dynamically-allocated LDTs (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: make sure static PGDs are 8k in size (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow NX poison to be set in p4d/pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: unmap kernel from userspace page tables (core patch) (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: mark per-cpu data structures required for entry/exit (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: introduce user-mapped per-cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add cr3 switches to entry code (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: remove scratch registers (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: prepare assembly for entry/exit CR3 switching (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Document X86_CR4_PGE toggling behavior (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/tlb: Make CR4-based TLB flushes more robust (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Do not set _PAGE_USER for init_mm page tables (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] increase robusteness of bad_iret fixup handler (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Check if PUD is large when validating a kernel address (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] Separate out entry text section (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [include] linux/const.h: Add _BITUL() and _BITULL() (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [include] linux/mmdebug.h: add VM_WARN_ON() and VM_WARN_ON_ONCE() (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [include] stddef.h: Move offsetofend() from vfio.h to a generic kernel header (Waiman Long) [1519799 1519802] {CVE-2017-5754} [2.6.32-696.19.1] - [scsi] bnx2fc: Fix hung task messages when a cleanup response is not received during abort (Chad Dupuis) [1523783 1504260] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-9074 CVE-2017-11176 CVE-2017-7542 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 7 [3.22.3-4] - Fix desktop files security issue (upstream bugzilla.gnome.org/777991) Resolves: #1490949 MODERATE Copyright 2018 Oracle, Inc. CVE-2017-14604 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [219-42.0.2.7] - fix _netdev is missing for iscsi entry in /etc/fstab [Orabug: 25897792] (tony.l.lam@oracle.com) - set 'RemoveIPC=no' in logind.conf as default for OL7.2 [22224874] - allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] - add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475] [219-42.7] - automount: ack automount requests even when already mounted (#1535135) MODERATE Copyright 2018 Oracle, Inc. CVE-2018-1049 cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [52.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.6.0-1] - Update to 52.6.0 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5099 CVE-2018-5095 CVE-2018-5104 CVE-2018-5117 CVE-2018-5096 CVE-2018-5098 CVE-2018-5103 CVE-2018-5102 CVE-2018-5097 CVE-2018-5089 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 - 2.6.18-419.0.0.0.8 - Backport CVEs to RHCK/OL5 [orabug 27547712] {CVE-2017-5753} {CVE-2017-5754} - 2.6.18-419.0.0.0.5 - [fs] fix kernel panic on boot on ia64 guests (Honglei Wang) [orabug 26934100] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-5753 CVE-2017-5754 cpe:/a:oracle:linux:5::ELS Oracle Linux 6 Oracle Linux 7 [1:1.7.0.171-2.6.13.0.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.171-2.6.13.0] - Bump to 2.6.13 and u171b01. - Update java-1.7.0-openjdk-java-access-bridge-security.patch to apply after 8186080 - Update RC4 patch (8076221/PR2809) to apply after 8148108 (DH lower limit increase) - Fix file path in rh1022017.patch. - Resolves: rhbz#1528233 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-2637 CVE-2018-2677 CVE-2018-2663 CVE-2018-2599 CVE-2018-2634 CVE-2018-2678 CVE-2018-2588 CVE-2018-2603 CVE-2018-2633 CVE-2018-2579 CVE-2018-2618 CVE-2018-2641 CVE-2018-2602 CVE-2018-2629 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [0.7-4] - Fixes the security issue known as CVE-2018-5345 - Resolves: #1533174 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5345 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 7 [0.99.22.4-5] - Fixed CVE-2018-5379 - Double free vulnerability in bgpd when processing certain forms of UPDATE message allowing to crash or potentially execute arbitrary code - Resolves: rhbz#1546015 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5379 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 7 [2.0.0.648-33] - Fix always passing WEBrick test. [2.0.0.648-32] - Add Psych.safe_load * ruby-2.1.0-there-should-be-only-one-exception.patch * ruby-2.1.0-Adding-Psych.safe_load.patch Related: CVE-2017-0903 - Disable Tokyo TZ tests broken by recen tzdata update. * ruby-2.5.0-Disable-Tokyo-TZ-tests.patch Related: CVE-2017-0903 [2.0.0.648-31] - Fix unsafe object deserialization in RubyGems (CVE-2017-0903). * ruby-2.4.3-CVE-2017-0903-Fix-unsafe-object-deserialization -vulnerability.patch Resolves: CVE-2017-0903 - Fix an ANSI escape sequence vulnerability (CVE-2017-0899). Resolves: CVE-2017-0899 - Fix a DOS vulernerability in the query command (CVE-2017-0900). Resolves: CVE-2017-0900 - Fix a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files (CVE-2017-0901). Resolves: CVE-2017-0901 - Fix a DNS request hijacking vulnerability (CVE-2017-0902). * ruby-2.2.8-lib-rubygems-fix-several-vulnerabilities-in-RubyGems.patch Resolves: CVE-2017-0902 - Fix buffer underrun vulnerability in Kernel.sprintf (CVE-2017-0898). * ruby-2.2.8-Buffer-underrun-vulnerability-in-Kernel.sprintf.patch Resolves: CVE-2017-0898 - Escape sequence injection vulnerability in the Basic authentication of WEBrick (CVE-2017-10784). * ruby-2.2.8-sanitize-any-type-of-logs.patch Resolves: CVE-2017-10784 - Arbitrary heap exposure during a JSON.generate call (CVE-2017-14064). * ruby-2.2.8-Fix-arbitrary-heap-exposure-during-a-JSON.generate-call.patch Resolves: CVE-2017-14064 - Command injection vulnerability in Net::FTP (CVE-2017-17405). * ruby-2.2.9-Fix-a-command-injection-vulnerability-in-Net-FTP.patch Resolves: CVE-2017-17405 - Buffer underrun in OpenSSL ASN1 decode (CVE-2017-14033). * ruby-2.2.8-asn1-fix-out-of-bounds-read-in-decoding-constructed-objects.patch Resolves: CVE-2017-14033 - Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution(CVE-2017-17790). * ruby-2.5.0-Fixed-command-Injection.patch Resolves: CVE-2017-17790 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-0903 CVE-2017-17405 CVE-2017-0900 CVE-2017-0901 CVE-2017-14033 CVE-2017-14064 CVE-2017-0898 CVE-2017-0902 CVE-2017-0899 CVE-2017-10784 CVE-2017-17790 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 7 - [3.10.0-693.21.1.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-693.21.1] - [x86] platform/uv: Mark tsc_check_sync as an init function (Frank Ramsay) [1547870 1526066] - [x86] platform/uv: Add check of TSC state set by UV BIOS (Frank Ramsay) [1547870 1526066] - [x86] tsc: Provide a means to disable TSC ART (Frank Ramsay) [1547870 1526066] - [x86] tsc: Drastically reduce the number of firmware bug warnings (Frank Ramsay) [1547870 1526066] - [x86] tsc: Skip TSC test and error messages if already unstable (Frank Ramsay) [1547870 1526066] - [x86] tsc: Add option that TSC on Socket 0 being non-zero is valid (Frank Ramsay) [1547870 1526066] - [x86] tsc: Remove the TSC_ADJUST clamp (Frank Ramsay) [1547870 1526066] [3.10.0-693.20.1] - [x86] locking/qspinlock: Fix kabi problem in a non-KVM/XEN VM (Waiman Long) [1539797 1533529] [3.10.0-693.19.1] - [watchdog] hpwdt: remove indirect call in drivers/watchdog/hpwdt.c (Josh Poimboeuf) [1539649 1535644] - [kernel] x86/spec_ctrl: cleanup __ptrace_may_access (Josh Poimboeuf) [1539649 1535644] - [x86] bugs: Drop one 'mitigation' from dmesg (Josh Poimboeuf) [1539649 1535644] - [x86] kvm: vmx: Make indirect call speculation safe (Josh Poimboeuf) [1539649 1535644] - [x86] kvm: x86: Make indirect calls in emulator speculation safe (Josh Poimboeuf) [1539649 1535644] - [x86] retpoline: Optimize inline assembler for vmexit_fill_RSB (Josh Poimboeuf) [1539649 1535644] - [x86] mce: Make machine check speculation protected (Josh Poimboeuf) [1539649 1535644] - [x86] spec_ctrl: fix ptrace IBPB optimization (Josh Poimboeuf) [1539649 1535644] - [x86] spec_ctrl: Avoid returns in IBRS-disabled regions (Josh Poimboeuf) [1539649 1535644] - [x86] spectre/meltdown: avoid the vulnerability directory to weaken kernel security (Josh Poimboeuf) [1539649 1535644] - [x86] spec_ctrl: Document retpolines and ibrs_enabled=3 (Josh Poimboeuf) [1539649 1535644] - [x86] spec_ctrl: upgrade GCC retpoline warning to an error (Josh Poimboeuf) [1539649 1535644] - [x86] Use IBRS for firmware update path (Josh Poimboeuf) [1539649 1535644] - [x86] spec_ctrl: stuff RSB on context switch with SMEP enabled (Josh Poimboeuf) [1539649 1535644] - [x86] spec_ctrl: enforce sane combinations of IBRS and retpoline (Josh Poimboeuf) [1539649 1535644] - [x86] spec_ctrl: use upstream RSB stuffing function (Josh Poimboeuf) [1539649 1535644] - [x86] spec_ctrl: add ibrs_enabled=3 (ibrs_user) (Josh Poimboeuf) [1539649 1535644] - [kernel] x86/jump_label: warn on failed jump label patch (Josh Poimboeuf) [1539649 1535644] - [x86] spec_ctrl: detect unretpolined modules (Josh Poimboeuf) [1539649 1535644] - [x86] retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (Josh Poimboeuf) [1539649 1535644] - [x86] retpoline: Fill return stack buffer on vmexit (Josh Poimboeuf) [1539649 1535644] - [x86] retpoline/xen: Convert Xen hypercall indirect jumps (Josh Poimboeuf) [1539649 1535644] - [x86] retpoline/hyperv: Convert assembler indirect jumps (Josh Poimboeuf) [1539649 1535644] - [x86] retpoline/ftrace: Convert ftrace assembler indirect jumps (Josh Poimboeuf) [1539649 1535644] - [x86] retpoline/entry: Convert entry assembler indirect jumps (Josh Poimboeuf) [1539649 1535644] - [x86] retpoline/crypto: Convert crypto assembler indirect jumps (Josh Poimboeuf) [1539649 1535644] - [x86] retpoline: Add initial retpoline support (Josh Poimboeuf) [1539649 1535644] - [x86] jump_label: add asm support for static keys (Josh Poimboeuf) [1539649 1535644] - [x86] asm: Make asm/alternative.h safe from assembly (Josh Poimboeuf) [1539649 1535644] - [tools] objtool: Support new GCC 6 switch jump table pattern (Josh Poimboeuf) [1539649 1535644] - [tools] objtool: Detect jumps to retpoline thunks (Josh Poimboeuf) [1539649 1535644] - [x86] spectre: Add boot time option to select Spectre v2 mitigation (Josh Poimboeuf) [1539649 1535644] - [x86] spec_ctrl: print features changed by microcode loading (Josh Poimboeuf) [1539649 1535644] - [x86] spec_ctrl: refactor the init and microcode loading paths (Josh Poimboeuf) [1539649 1535644] - [x86] spec_ctrl: move initialization of X86_FEATURE_IBPB_SUPPORT (Josh Poimboeuf) [1539649 1535644] - [x86] spec_ctrl: remove SPEC_CTRL_PCP_IBPB bit (Josh Poimboeuf) [1539649 1535644] - [x86] spec_ctrl: remove ibrs_enabled variable (Josh Poimboeuf) [1539649 1535644] - [x86] spec_ctrl: add ibp_disabled variable (Josh Poimboeuf) [1539649 1535644] - [x86] spec_ctrl: add X86_FEATURE_IBP_DISABLE (Josh Poimboeuf) [1539649 1535644] - [x86] spec_ctrl: remove IBP disable for AMD model 0x16 (Josh Poimboeuf) [1539649 1535644] - [x86] spec_ctrl: remove performance measurements from documentation (Josh Poimboeuf) [1539649 1535644] - [x86] spec_ctrl: make ipbp_enabled read-only (Josh Poimboeuf) [1539649 1535644] - [x86] spec_ctrl: remove ibpb_enabled=2 mode (Josh Poimboeuf) [1539649 1535644] - [x86] cpu: Implement CPU vulnerabilites sysfs functions (Josh Poimboeuf) [1539649 1535644] - [base] sysfs/cpu: Add vulnerability folder (Josh Poimboeuf) [1539649 1535644] - [x86] cpu: Merge bugs.c and bugs_64.c (Josh Poimboeuf) [1539649 1535644] - [x86] syscall: int80 must not clobber r12-15 (Josh Poimboeuf) [1539649 1535644] - [x86] syscall: change ia32_syscall() to create the full register frame in ia32_do_call() (Josh Poimboeuf) [1539649 1535644] - [x86] boot: Add early cmdline parsing for options with arguments (Josh Poimboeuf) [1539649 1535644] - [x86] boot: Pass in size to early cmdline parsing (Josh Poimboeuf) [1539649 1535644] - [x86] boot: Simplify early command line parsing (Josh Poimboeuf) [1539649 1535644] - [x86] boot: Fix early command-line parsing when partial word matches (Josh Poimboeuf) [1539649 1535644] - [x86] boot: Fix early command-line parsing when matching at end (Josh Poimboeuf) [1539649 1535644] - [scsi] storvsc: Fix scsi_cmd error assignments in storvsc_handle_error (Cathy Avery) [1536978 1502601] - [fs] nfs: RPC_MAX_AUTH_SIZE is in bytes ('J. Bruce Fields') [1533378 1495321] - [fs] nfsd: give out fewer session slots as limit approaches (Dave Wysochanski) [1533377 1492234] - [fs] nfsd: increase DRC cache limit (Dave Wysochanski) [1533377 1492234] - [x86] kvm: x86: fix RSM when PCID is non-zero (Paolo Bonzini) [1531662 1530711] - [x86] iommu/amd: Reduce delay waiting for command buffer space (Suravee Suthikulpanit) [1531456 1508644] - [x86] iommu/amd: Reduce amount of MMIO when submitting commands (Suravee Suthikulpanit) [1531456 1508644] - [x86] amd: Remove cmd_buf_size and evt_buf_size from struct amd_iommu (Suravee Suthikulpanit) [1531456 1508644] - [x86] amd: Fix the left value check of cmd buffer (Suravee Suthikulpanit) [1531456 1508644] - [x86] amd: Don't put completion-wait semaphore on stack (Suravee Suthikulpanit) [1531456 1508644] - [x86] kvm: svm: obey guest PAT (Suravee Suthikulpanit) [1530976 1478185] - [tty] serial: 8250_pci: Add Amazon PCI serial device ID (Vitaly Kuznetsov) [1530137 1527545] - [ata] libata: sata_down_spd_limit should return if driver has not recorded sstatus speed (David Milburn) [1530136 1457140] - [fs] nfs: fix a deadlock in nfs client initialization (Scott Mayhew) [1530135 1506382] - [fs] nfsv4.0: Fix a lock leak in nfs40_walk_client_list (Scott Mayhew) [1530135 1506382] - [fs] nfs: Create a common nfs4_match_client() function (Scott Mayhew) [1530135 1506382] - [fs] autofs - revert: take more care to not update last_used on path walk (Ian Kent) [1525994 1489542] - [vhost] vhost_net: correctly check tx avail during rx busy polling (Jason Wang) [1523784 1487551] - [crypto] shash - Fix has_key setting (Herbert Xu) [1522932 1505817] - [block] Fix a race between blk_cleanup_queue() and timeout handling (Ming Lei) [1522698 1513725] - [x86] tsc: Force TSC_ADJUST register to value >= zero (Prarit Bhargava) [1519850 1497055] - [x86] tsc: Validate cpumask pointer before accessing it (Prarit Bhargava) [1519850 1497055] - [x86] tsc: Try to adjust TSC if sync test fails (Prarit Bhargava) [1519850 1497055] - [x86] tsc: Prepare warp test for TSC adjustment (Prarit Bhargava) [1519850 1497055] - [x86] tsc: Move sync cleanup to a safe place (Prarit Bhargava) [1519850 1497055] - [x86] tsc: Sync test only for the first cpu in a package (Prarit Bhargava) [1519850 1497055] - [x86] tsc: Verify TSC_ADJUST from idle (Prarit Bhargava) [1519850 1497055] - [x86] tsc: Store and check TSC ADJUST MSR (Prarit Bhargava) [1519850 1497055] - [x86] tsc: Detect random warps (Prarit Bhargava) [1519850 1497055] - [x86] kvm: mmu: always terminate page walks at level 1 (Paolo Bonzini) [1500382 1500381] {CVE-2017-12188} - [x86] kvm: nVMX: update last_nonleaf_level when initializing nested EPT (Denys Vlasenko) [1500382 1500381] {CVE-2017-12188} - [x86] kvm: fix singlestepping over syscall (Paolo Bonzini) [1464480 1464481] {CVE-2017-7518} [3.10.0-693.18.1] - [md] raid5: fix a race condition in stripe batch (Nigel Croxon) [1535883 1496836] - [security] selinux: fix double free in selinux_parse_opts_str() (Paul Moore) [1532288 1456843] - [fs] nfs: revert 'nfs: Move the flock open mode check into nfs_flock()' (Benjamin Coddington) [1531095 1497225] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-7518 CVE-2017-12188 cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [5.4.16-43.1] - gd: fix buffer over-read into uninitialized memory CVE-2017-7890 MODERATE Copyright 2018 Oracle, Inc. CVE-2017-7890 cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [1.3.6.1-28] - Bump version to 1.3.6.1-28 - Resolves: Bug 1540105 - CVE-2018-1054 - remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 [1.3.6.1-27] - Bump version to 1.3.6.1-27 - Resolves: Bug 1536343 - Indexing of internationalized matching rules is failing - Resolves: Bug 1535539 - CVE-2017-15135 - Authentication bypass due to lack of size check in slapi_ct_memcmp function - Resolves: Bug 1540105 - CVE-2018-1054 - remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1054 CVE-2017-15135 cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [1:5.0.6.2-15.0.1] - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile - Build with --with-vendor='Oracle America, Inc.' [1:5.0.6.2-15] - Resolves: rhbz#1545034 - CVE-2018-1055 CVE-2018-6871 [1:5.0.6.2-14] - Resolves: rhbz#1454693 segv on interrupting tiled rendering [1:5.0.6.2-13] - Related: rhbz#1444437 remove timer if document closed before it fires [1:5.0.6.2-12] - Resolves: rhbz#1454598 crash on selecting bullet from toolbar [1:5.0.6.2-11] - Related: rhbz#1444437 restart second instance cleanly [1:5.0.6.2-10] - Resolves: rhbz#1444437 segv in gnome-documents integration [1:5.0.6.2-9] - Resolves: rhbz#1445635 CVE-2017-7870 Heap-buffer-overflow in tools::Polygon::Insert [1:5.0.6.2-8] - Resolves: rhbz#1437537 fix csv a11y [1:5.0.6.2-7] - Resolves: rhbz#1431539 gnome-documents needs libreofficekit - Resolves: rhbz#1435535 CVE-2017-3157 Arbitrary file disclosure in Calc and Writer [1:5.0.6.2-6] - Resolves: rhbz#1401082 gnome hangs opening certain docx - Resolves: rhbz#1421726 drop use of CAIRO_OPERATOR_DIFFERENCE MODERATE Copyright 2018 Oracle, Inc. CVE-2018-6871 cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [12:4.1.1-53.P1.0.1.3] - Added oracle-errwarn-message.patch [12:4.1.1-53.P1.3] - Resolves: #1550085 - CVE-2018-5733 Avoid reference overflow <[12:4.1.1-53.P1.2 - Resolves: #1550083 - CVE-2018-5732 Avoid options buffer overflow IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5733 CVE-2018-5732 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 7 [12:4.2.5-58.0.1] - Added oracle-errwarn-message.patch [12:4.2.5-68] - Resolves: #1550000 - CVE-2018-5733 Avoid buffer overflow reference counter [12:4.2.5-58.2] - Resolves: #1549979 - CVE-2018-5732 Avoid buffer overflow in options parser IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5733 CVE-2018-5732 cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [3:2.1.12-26.3] - Related: #1545967 - Add missed import [3:2.1.12-26.2] - Resolves: #1545967 - Fix XSS vulnerability in web UI. Add sanitizer [3:2.1.12-26.1] - Resolves: #1545967 - Fix XSS vulnerability in web UI MODERATE Copyright 2018 Oracle, Inc. CVE-2018-5950 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 7 [3:2.1.15-26.1] - Related: #1545974 - Add import regular expression module [3:2.1.15-26] - Related: #1545974 - Bump release to make it higher than 7.5 [3:2.1.15-24.2] - Resolves: #1545974 - Add sanitizer to mitigate XSS injection [3:2.1.15-24.1] - Resolves: #1545974 - Fix XSS vulnerability in web UI MODERATE Copyright 2018 Oracle, Inc. CVE-2018-5950 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 6 [2.6.32-696.23.1.OL6] - Update genkey [bug 25599697] [2.6.32-696.23.1] - [scsi] avoid a permanent stop of the scsi device's request queue (Ewan Milne) [1519857 1513455] - [x86] retpoline/hyperv: Convert assembler indirect jumps (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Upgrade GCC retpoline warning to an error for brew builds (Waiman Long) [1543022 1535645] - [x86] retpoline: Don't use kernel indirect thunks in vsyscalls (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Add a read-only retp_enabled debugfs knob (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: detect unretpolined modules (Waiman Long) [1543022 1535645] - [x86] retpoline/ACPI: Convert indirect jump in wakeup code (Waiman Long) [1543022 1535645] - [x86] retpoline/efi: Convert stub indirect calls & jumps (Waiman Long) [1543022 1535645] - [watchdog] hpwdt: remove indirect call in drivers/watchdog/hpwdt.c (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: cleanup __ptrace_may_access (Waiman Long) [1543022 1535645] - [x86] bugs: Drop one 'mitigation' from dmesg (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: fix ptrace IBPB optimization (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Avoid returns in IBRS-disabled regions (Waiman Long) [1543022 1535645] - [x86] spectre/meltdown: avoid the vulnerability directory to weaken kernel security (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Update spec_ctrl.txt and kernel-parameters.txt (Waiman Long) [1543022 1535645] - [x86] Use IBRS for firmware update path (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: stuff RSB on context switch with SMEP enabled (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: use upstream RSB stuffing function (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: add ibrs_enabled=3 (ibrs_user) (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Integrate IBRS with retpoline (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: print features changed by microcode loading (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: refactor the init and microcode loading paths (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: move initialization of X86_FEATURE_IBPB_SUPPORT (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: remove SPEC_CTRL_PCP_IBPB bit (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: remove ibrs_enabled variable (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: add ibp_disabled variable (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: add X86_FEATURE_IBP_DISABLE (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: remove IBP disable for AMD model 0x16 (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: remove performance measurements from documentation (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: make ipbp_enabled read-only (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: remove ibpb_enabled=2 mode (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Enable spec_ctrl functions for x86-32 (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: move vmexit rmb in the last branch before IBRS (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: satisfy the barrier like semantics of IBRS (Waiman Long) [1543022 1535645] - [x86] spectre_v1: Mark it as mitigated (Waiman Long) [1543022 1535645] - [x86] pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (Waiman Long) [1543022 1535645] - [x86] mce: Make machine check speculation protected (Waiman Long) [1543022 1535645] - [x86] retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (Waiman Long) [1543022 1535645] - [x86] retpoline: Fill return stack buffer on vmexit (Waiman Long) [1543022 1535645] - [x86] retpoline/irq32: Convert assembler indirect jumps (Waiman Long) [1543022 1535645] - [x86] retpoline/checksum32: Convert assembler indirect jumps (Waiman Long) [1543022 1535645] - [x86] retpoline/entry: Convert entry assembler indirect (Waiman Long) [1543022 1535645] - [x86] retpoline/crypto: Convert crypto assembler indirect jumps (Waiman Long) [1543022 1535645] - [x86] spectre: Add boot time option to select Spectre v2 mitigation (Waiman Long) [1543022 1535645] - [x86] retpoline: Add initial retpoline support (Waiman Long) [1543022 1535645] - [x86] cpu: Implement CPU vulnerabilites sysfs functions (Waiman Long) [1543022 1535645] - [base] sysfs/cpu: Add vulnerability folder (Waiman Long) [1543022 1535645] - [x86] cpufeatures: Add X86_BUG_SPECTRE_V[12] (Waiman Long) [1543022 1535645] - [x86] pti: Add the pti= cmdline option and documentation (Waiman Long) [1543022 1535645] - [x86] cpufeatures: Add X86_BUG_CPU_MELTDOWN (Waiman Long) [1543022 1535645] - [x86] pti: Rename CONFIG_KAISER to CONFIG_PAGE_TABLE_ISOLATION (Waiman Long) [1543022 1535645] - [x86] cpu: Expand cpufeature facility to include cpu bugs (Waiman Long) [1543022 1535645] - [x86] cpu: Merge bugs.c and bugs_64.c (Waiman Long) [1543022 1535645] - [x86] cpu/intel: Introduce macros for Intel family numbers (Waiman Long) [1543022 1535645] - [x86] alternatives: Add missing '\n' at end of ALTERNATIVE inline asm (Waiman Long) [1543022 1535645] - [x86] alternatives: Fix alt_max_short macro to really be a max() (Waiman Long) [1543022 1535645] - [x86] asm: Make asm/alternative.h safe from assembly (Waiman Long) [1543022 1535645] - [x86] alternatives: Document macros (Waiman Long) [1543022 1535645] - [x86] alternatives: Fix ALTERNATIVE_2 padding generation properly (Waiman Long) [1543022 1535645] - [x86] alternatives: Add instruction padding (Waiman Long) [1543022 1535645] (Waiman Long) [1543022 1535645] - [x86] alternative: Use .pushsection/.popsection (Waiman Long) [1543022 1535645] - [x86] copy_user_generic: Optimize copy_user_generic with CPU erms feature (Waiman Long) [1543022 1535645] - [x86] Make .altinstructions bit size neutral (Waiman Long) [1543022 1535645] - [x86] pti: Rework the trampoline stack switching code (Waiman Long) [1543022 1535645] - [x86] pti: Disable interrupt before trampoline stack switching (Waiman Long) [1543022 1535645] [2.6.32-696.22.1] - [mm] add cpu_relax() to 'dont return 0 too early' patch (Ian Kent) [1527811 988988] - [mm] don't return 0 too early from find_get_pages() (Ian Kent) [1527811 988988] - [crypto] cryptd: Add cryptd_max_cpu_qlen module parameter (Jon Maxwell) [1527802 1503322] - [powerpc] spinlock: add gmb memory barrier (Mauricio Oliveira) [1531720 1538543] - [powerpc] Prevent Meltdown attack with L1-D$ flush (Mauricio Oliveira) [1531720 1538543] - [s390] vtime: turn BP on when going idle (Hendrik Brueckner) [1532733 1538542] - [s390] cpuinfo: show facilities as reported by stfle (Hendrik Brueckner) [1532733 1538542] - [s390] kconfigs: turn off SHARED_KERNEL support for s390 (Hendrik Brueckner) [1532733 1538542] - [s390] add ppa to system call and program check path (Hendrik Brueckner) [1532733 1538542] - [s390] spinlock: add gmb memory barrier (Hendrik Brueckner) [1532733 1538542] - [s390] introduce CPU alternatives (Hendrik Brueckner) [1532733 1538542] [2.6.32-696.21.1] - [fs] sunrpc: Revert 'sunrpc: always treat the invalid cache as unexpired' (Thiago Becker) [1535938 1532786] IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 Oracle Linux 6 [1.2.11-15-94] - Release 1.2.11.15-94 - Resolves: Bug 1544415 - CVE-2017-15135 389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c (fix cherry-pick error) [1.2.11-15-93] - Release 1.2.11.15-93 - Resolves: Bug 1544415 - CVE-2017-15135 389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c - Resolves: Bug 1543798 - EMBARGOED CVE-2018-1054 389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c [1.2.11-15-92] - Release 1.2.11.15-92 - Resolves: Bug 1543798 - EMBARGOED CVE-2018-1054 389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1054 CVE-2017-15135 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 [0.12.1.2-2.503.el6_9.5] - kvm-cirrus-fix-oob-access-in-mode4and5-write-functions.patch [bz#1501296] - Resolves: bz#1501296 (CVE-2017-15289 qemu-kvm: Qemu: cirrus: OOB access issue in mode4and5 write functions [rhel-6.9.z]) MODERATE Copyright 2018 Oracle, Inc. CVE-2017-15289 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 Oracle Linux 6 [1:4.3.7.2-2.0.1.2] - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile (jingdong.lu@oracle.com) - Build with --with-vendor='Oracle America, Inc.' (jingdong.lu@oracle.com) [1:4.3.7.2-2.2] - Resolves: rhbz#1545033 CVE-2018-6871 MODERATE Copyright 2018 Oracle, Inc. CVE-2018-6871 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 [52.7.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [52.7.0-1] - Update to 52.7.0 ESR CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-5131 CVE-2018-5145 CVE-2018-5129 CVE-2018-5125 CVE-2018-5144 CVE-2018-5127 CVE-2018-5130 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 7 [52.7.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [52.7.0-1] - Update to 52.7.0 ESR CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-5130 CVE-2018-5144 CVE-2018-5127 CVE-2018-5129 CVE-2018-5125 CVE-2018-5145 CVE-2018-5131 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 6 Oracle Linux 7 [52.7.2-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [52.7.2-1] - Update to 52.7.2 ESR CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-5146 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [0:1.7.4-4] - Disallow EventData deserialization by default (CVE-2018-8088) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-8088 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:8:beta Oracle Linux 6 [52.7.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.7.0-1] - Update to 52.7.0 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5125 CVE-2018-5129 CVE-2018-5145 CVE-2018-5127 CVE-2018-5146 CVE-2018-5144 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [52.7.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.7.0-1] - Update to 52.7.0 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [1.2.3-5.1] - Backport fix for CVE-2018-5146 [1.2.3-5] - fix CVE-2012-0444 (#787077) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5146 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 7 [1.15.1-18] - Expose context errors in pkinit_server_plugin_init - Resolves: #1460089 [1.15.1-17] - Drop certauth test changes that prevented runnig it - Resolves: #1498767 [1.15.1-16] - Drop irrelevant DIR trigger logic - Resolves: #1431198 [1.15.1-15] - Fix CVE-2017-7562 (certauth eku bypass) - Resolves: #1498767 [1.15.1-14] - Fix CVE-2017-11368 (s4u2 request assertion failures) - Resolves: #1498768 [1.15.1-13] - Force-add /etc/krb5.conf.d so we can guarantee it exists - Resolves: #1431198 [1.15.1-12] - Add krb5 policy plugin interface - Remove soname downgrade - Resolves: #1462982 [1.15.1-11] - Make t_certauth.py runnable - Resolves: #1443388 [1.15.1-10] - Add context SSF query support - Resolves: #1472956 [1.15.1-9] - Remove incomplete PKINIT OCSP support - Resolves: #1460089 MODERATE Copyright 2018 Oracle, Inc. CVE-2017-7562 CVE-2017-11368 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 7 [2.17-222] - Restore internal GLIBC_PRIVATE symbols for use during upgrades (#1523119) [2.17-221] - CVE-2018-1000001: Fix realpath() buffer underflow (#1534635) - i386: Fix unwinding for 32-bit C++ application (#1529982) - Reduce thread and dynamic loader stack usage (#1527904) - x86-64: Use XSAVE/XSAVEC more often during lazy symbol binding (#1528418) [2.17-220] - Update HWCAP bits for IBM POWER9 DD2.1 (#1503854) [2.17-219] - Rebuild with newer gcc for aarch64 stack probing fixes (#1500475) [2.17-218] - Improve memcpy performance for POWER9 DD2.1 (#1498925) [2.17-217] - Update Linux system call list to kernel 4.13 (#1508895) [2.17-216] - x86-64: Use XSAVE/XSAVEC in the ld.so trampoline (#1504969) [2.17-215] - CVE-2017-15670: glob: Fix one-byte overflow with GLOB_TILDE (#1504809) - CVE-2017-15804: glob: Fix buffer overflow in GLOB_TILDE unescaping (#1504809) [2.17-214] - Fix check-localplt test failure. - Include ld.so in check-localplt test. (#1440250) [2.17-213] - Fix build warning in locarchive.c (#1349964) [2.17-212] - Hide reference to mktemp in libpthread (#1349962) [2.17-211] - Implement fopencookie hardening (#1372305) [2.17-210] - x86-64: Support __tls_get_addr with an unaligned stack (#1468807) [2.17-209] - Define CLOCK_TAI in <time.h> (#1448822) [2.17-208] - Compile glibc with -fstack-clash-protection (#1500475) [2.17-207] - aarch64: Avoid invalid relocations in the startup code (#1500908) [2.17-206] - Fix timezone test failures on large parallel builds. (#1234449, #1378329) [2.17-205] - Handle DSOs with no PLT (#1445781) [2.17-204] - libio: Implement vtable verification (#1398413) [2.17-203] - Fix socket system call selection on s390x (#1498566). - Use different construct for protected visibility in IFUNC tests (#1445644) [2.17-202] - Rebase the DNS stub resolver and getaddrinfo to the glibc 2.26 version - Support an arbitrary number of search domains in the stub resolver (#677316) - Detect and apply /etc/resolv.conf changes in libresolv (#1432085) - CVE-2017-1213: Fragmentation attacks possible when ENDS0 is enabled (#1487063) - CVE-2016-3706: Stack (frame) overflow in getaddrinfo when called with AF_INET, AF_INET6 (#1329674) - CVE-2015-5180: resolv: Fix crash with internal QTYPE (#1497131) - CVE-2014-9402: denial of service in getnetbyname function (#1497132) - Fix getaddrinfo to handle certain long lines in /etc/hosts (#1452034) - Make RES_ROTATE start with a random name server (#1257639) - Stricter IPv6 address parser (#1484034) - Remove noip6dotint support from the stub resolver (#1482988) - Remove partial bitstring label support from the stub resolver - Remove unsupported resolver hook functions from the API - Remove outdated RR type classification macros from the API - hesiod: Always use TLS resolver state - hesiod: Avoid non-trust-boundary crossing heap overflow in get_txt_records [2.17.201] - Fix hang in nscd cache prune thread (#1435615) [2.17-200] - Add binary timezone test data files (#1234449, #1378329) [2.17.198] - Add support for new IBM z14 (s390x) instructions (#1375235) [2.17-197] - Fix compile warnings in malloc (#1347277) - Fix occasional tst-malloc-usable failures (#1348000) - Additional chunk hardening in malloc (#1447556) - Pointer alignment fix in nss group merge (#1463692) - Fix SIGSEGV when LD_LIBRARY_PATH only has non-existing paths (#1443236) MODERATE Copyright 2018 Oracle, Inc. CVE-2014-9402 CVE-2015-5180 CVE-2017-12132 CVE-2017-15670 CVE-2017-15804 CVE-2018-1000001 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:5:base Oracle Linux 7 [1.5.3-156.el7] - kvm-vnc-Fix-qemu-crashed-when-vnc-client-disconnect-sudd.patch [bz#1527405] - kvm-fix-full-frame-updates-for-VNC-clients.patch [bz#1527405] - kvm-vnc-update-fix.patch [bz#1527405] - kvm-vnc-return-directly-if-no-vnc-client-connected.patch [bz#1527405] - kvm-buffer-add-buffer_move_empty.patch [bz#1527405] - kvm-buffer-add-buffer_move.patch [bz#1527405] - kvm-vnc-kill-jobs-queue-buffer.patch [bz#1527405] - kvm-vnc-jobs-move-buffer-reset-use-new-buffer-move.patch [bz#1527405] - kvm-vnc-zap-dead-code.patch [bz#1527405] - kvm-vnc-add-vnc_width-vnc_height-helpers.patch [bz#1527405] - kvm-vnc-factor-out-vnc_update_server_surface.patch [bz#1527405] - kvm-vnc-use-vnc_-width-height-in-vnc_set_area_dirty.patch [bz#1527405] - kvm-vnc-only-alloc-server-surface-with-clients-connected.patch [bz#1527405] - kvm-ui-fix-refresh-of-VNC-server-surface.patch [bz#1527405] - kvm-ui-move-disconnecting-check-to-start-of-vnc_update_c.patch [bz#1527405] - kvm-ui-remove-redundant-indentation-in-vnc_client_update.patch [bz#1527405] - kvm-ui-avoid-pointless-VNC-updates-if-framebuffer-isn-t-.patch [bz#1527405] - kvm-ui-track-how-much-decoded-data-we-consumed-when-doin.patch [bz#1527405] - kvm-ui-introduce-enum-to-track-VNC-client-framebuffer-up.patch [bz#1527405] - kvm-ui-correctly-reset-framebuffer-update-state-after-pr.patch [bz#1527405] - kvm-ui-refactor-code-for-determining-if-an-update-should.patch [bz#1527405] - kvm-ui-fix-VNC-client-throttling-when-audio-capture-is-a.patch [bz#1527405] - kvm-ui-fix-VNC-client-throttling-when-forced-update-is-r.patch [bz#1527405] - kvm-ui-place-a-hard-cap-on-VNC-server-output-buffer-size.patch [bz#1527405] - kvm-ui-avoid-sign-extension-using-client-width-height.patch [bz#1527405] - kvm-ui-correctly-advance-output-buffer-when-writing-SASL.patch [bz#1527405] - kvm-io-skip-updates-to-client-if-websocket-output-buffer.patch [bz#1518711] - Resolves: bz#1518711 (CVE-2017-15268 qemu-kvm: Qemu: I/O: potential memory exhaustion via websock connection to VNC [rhel-7.5]) - Resolves: bz#1527405 (CVE-2017-15124 qemu-kvm: Qemu: memory exhaustion through framebuffer update request message in VNC server [rhel-7.5]) [1.5.3-155.el7] - kvm-qdev-Fix-assert-in-PCI-address-property-when-used-by.patch [bz#1538866] - kvm-vga-check-the-validation-of-memory-addr-when-draw-te.patch [bz#1534691] - kvm-savevm-Improve-error-message-for-blocked-migration.patch [bz#1536883] - kvm-savevm-fail-if-migration-blockers-are-present.patch [bz#1536883] - Resolves: bz#1534691 (CVE-2018-5683 qemu-kvm: Qemu: Out-of-bounds read in vga_draw_text routine [rhel-7.5]) - Resolves: bz#1536883 ([abrt] [faf] qemu-kvm: unknown function(): /usr/libexec/qemu-kvm killed by 6) - Resolves: bz#1538866 (qemu will coredump after executing info qtree) [1.5.3-154.el7] - kvm-virtio-net-validate-backend-queue-numbers-against-bu.patch [bz#1460872] - kvm-dump-guest-memory.py-fix-python-2-support.patch [bz#1411490] - kvm-qxl-add-migration-blocker-to-avoid-pre-save-assert.patch [bz#1536883] - Resolves: bz#1411490 ([RFE] Kernel address space layout randomization [KASLR] support (qemu-kvm)) - Resolves: bz#1460872 (Aborted(core dumped) when booting guest with '-netdev tap....vhost=on,queues=32') - Resolves: bz#1536883 ([abrt] [faf] qemu-kvm: unknown function(): /usr/libexec/qemu-kvm killed by 6) [1.5.3-153.el7] - kvm-i386-update-ssdt-misc.hex.generated.patch [bz#1411490] - kvm-main-loop-Acquire-main_context-lock-around-os_host_m.patch [bz#1435432 bz#1473536] - Resolves: bz#1411490 ([RFE] Kernel address space layout randomization [KASLR] support (qemu-kvm)) - Resolves: bz#1435432 (Emulated ISA serial port hangs randomly when sending lots of data from guest -> host) - Resolves: bz#1473536 (Hangs in serial console under qemu) [1.5.3-152.el7] - kvm-target-i386-cpu-add-new-CPUID-bits-for-indirect-bran.patch [CVE-2017-5715] - kvm-target-i386-add-support-for-SPEC_CTRL-MSR.patch [CVE-2017-5715] - kvm-target-i386-cpu-add-new-CPU-models-for-indirect-bran.patch [CVE-2017-5715] [1.5.3-151.el7] - kvm-fw_cfg-remove-support-for-guest-side-data-writes.patch [bz#1411490] - kvm-fw_cfg-prevent-selector-key-conflict.patch [bz#1411490] - kvm-fw_cfg-prohibit-insertion-of-duplicate-fw_cfg-file-n.patch [bz#1411490] - kvm-fw_cfg-factor-out-initialization-of-FW_CFG_ID-rev.-n.patch [bz#1411490] - kvm-Implement-fw_cfg-DMA-interface.patch [bz#1411490] - kvm-fw_cfg-avoid-calculating-invalid-current-entry-point.patch [bz#1411490] - kvm-fw-cfg-support-writeable-blobs.patch [bz#1411490] - kvm-Enable-fw_cfg-DMA-interface-for-x86.patch [bz#1411490] - kvm-fw_cfg-unbreak-migration-compatibility.patch [bz#1411490] - kvm-i386-expose-fw_cfg-QEMU0002-in-SSDT.patch [bz#1411490] - kvm-fw_cfg-add-write-callback.patch [bz#1411490] - kvm-hw-misc-add-vmcoreinfo-device.patch [bz#1411490] - kvm-vmcoreinfo-put-it-in-the-misc-device-category.patch [bz#1411490] - kvm-fw_cfg-enable-DMA-if-device-vmcoreinfo.patch [bz#1411490] - kvm-build-sys-restrict-vmcoreinfo-to-fw_cfg-dma-capable-.patch [bz#1411490] - kvm-dump-Make-DumpState-and-endian-conversion-routines-a.patch [bz#1411490] - kvm-dump.c-Fix-memory-leak-issue-in-cleanup-processing-f.patch [bz#1411490] - kvm-dump-Propagate-errors-into-qmp_dump_guest_memory.patch [bz#1411490] - kvm-dump-Turn-some-functions-to-void-to-make-code-cleane.patch [bz#1411490] - kvm-dump-Fix-dump-guest-memory-termination-and-use-after.patch [bz#1411490] - kvm-dump-allow-target-to-set-the-page-size.patch [bz#1411490] - kvm-dump-allow-target-to-set-the-physical-base.patch [bz#1411490] - kvm-dump-guest-memory-cleanup-removing-dump_-error-clean.patch [bz#1411490] - kvm-dump-guest-memory-using-static-DumpState-add-DumpSta.patch [bz#1411490] - kvm-dump-guest-memory-add-dump_in_progress-helper-functi.patch [bz#1411490] - kvm-dump-guest-memory-introduce-dump_process-helper-func.patch [bz#1411490] - kvm-dump-guest-memory-disable-dump-when-in-INMIGRATE-sta.patch [bz#1411490] - kvm-DumpState-adding-total_size-and-written_size-fields.patch [bz#1411490] - kvm-dump-do-not-dump-non-existent-guest-memory.patch [bz#1411490] - kvm-dump-add-guest-ELF-note.patch [bz#1411490] - kvm-dump-update-phys_base-header-field-based-on-VMCOREIN.patch [bz#1411490] - kvm-kdump-set-vmcoreinfo-location.patch [bz#1411490] - kvm-scripts-dump-guest-memory.py-Move-constants-to-the-t.patch [bz#1411490] - kvm-scripts-dump-guest-memory.py-Make-methods-functions.patch [bz#1411490] - kvm-scripts-dump-guest-memory.py-Improve-python-3-compat.patch [bz#1411490] - kvm-scripts-dump-guest-memory.py-Cleanup-functions.patch [bz#1411490] - kvm-scripts-dump-guest-memory.py-Introduce-multi-arch-su.patch [bz#1411490] - kvm-Fix-typo-in-variable-name-found-and-fixed-by-codespe.patch [bz#1411490] - kvm-scripts-dump-guest-memory.py-add-vmcoreinfo.patch [bz#1411490] - kvm-dump-guest-memory.py-fix-No-symbol-vmcoreinfo_find.patch [bz#1411490] - kvm-dump-guest-memory.py-fix-You-can-t-do-that-without-a.patch [bz#1411490] - Resolves: bz#1411490 ([RFE] Kernel address space layout randomization [KASLR] support (qemu-kvm)) [1.5.3-150.el7] - kvm-Build-only-x86_64-packages.patch [bz#1520793] - Resolves: bz#1520793 (Do not build non-x86_64 subpackages) [1.5.3-149.el7] - kvm-block-linux-aio-fix-memory-and-fd-leak.patch [bz#1491434] - kvm-linux-aio-Fix-laio-resource-leak.patch [bz#1491434] - kvm-slirp-cleanup-leftovers-from-misc.h.patch [bz#1508745] - kvm-Avoid-embedding-struct-mbuf-in-other-structures.patch [bz#1508745] - kvm-slirp-Fix-access-to-freed-memory.patch [bz#1508745] - kvm-slirp-fix-clearing-ifq_so-from-pending-packets.patch [bz#1508745] - kvm-qcow2-Prevent-backing-file-names-longer-than-1023.patch [bz#1459714] - kvm-qemu-img-Use-strerror-for-generic-resize-error.patch [bz#1459725] - kvm-qcow2-Avoid-making-the-L1-table-too-big.patch [bz#1459725] - Resolves: bz#1459714 (Throw error if qemu-img rebasing backing file is too long or provide way to fix a 'too long' backing file.) - Resolves: bz#1459725 (Prevent qemu-img resize from causing 'Active L1 table too large') - Resolves: bz#1491434 (KVM leaks file descriptors when attaching and detaching virtio-scsi block devices) - Resolves: bz#1508745 (CVE-2017-13711 qemu-kvm: Qemu: Slirp: use-after-free when sending response [rhel-7.5]) [1.5.3-148.el7] - kvm-multiboot-validate-multiboot-header-address-values.patch [bz#1501121] - kvm-qemu-option-reject-empty-number-value.patch [bz#1417864] - Resolves: bz#1417864 (Qemu-kvm starts with unspecified port) - Resolves: bz#1501121 (CVE-2017-14167 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.5]) [1.5.3-147.el7] - kvm-vga-drop-line_offset-variable.patch [bz#1501295] - kvm-vga-Add-mechanism-to-force-the-use-of-a-shadow-surfa.patch [bz#1501295] - kvm-vga-handle-cirrus-vbe-mode-wraparounds.patch [bz#1501295] - kvm-cirrus-fix-oob-access-in-mode4and5-write-functions.patch [bz#1501295] - kvm-i6300esb-Fix-signed-integer-overflow.patch [bz#1470244] - kvm-i6300esb-fix-timer-overflow.patch [bz#1470244] - kvm-i6300esb-remove-muldiv64.patch [bz#1470244] - Resolves: bz#1470244 (reboot leads to shutoff of qemu-kvm-vm if i6300esb-watchdog set to poweroff) - Resolves: bz#1501295 (CVE-2017-15289 qemu-kvm: Qemu: cirrus: OOB access issue in mode4and5 write functions [rhel-7.5]) [1.5.3-146.el7] - kvm-vfio-pass-device-to-vfio_mmap_bar-and-use-it-to-set-.patch [bz#1494181] - kvm-hw-vfio-pci-Rename-VFIODevice-into-VFIOPCIDevice.patch [bz#1494181] - kvm-hw-vfio-pci-generalize-mask-unmask-to-any-IRQ-index.patch [bz#1494181] - kvm-hw-vfio-pci-introduce-minimalist-VFIODevice-with-fd.patch [bz#1494181] - kvm-hw-vfio-pci-add-type-name-and-group-fields-in-VFIODe.patch [bz#1494181] - kvm-hw-vfio-pci-handle-reset-at-VFIODevice.patch [bz#1494181] - kvm-hw-vfio-pci-Introduce-VFIORegion.patch [bz#1494181] - kvm-hw-vfio-pci-use-name-field-in-format-strings.patch [bz#1494181] - kvm-vfio-Add-sysfsdev-property-for-pci-platform.patch [bz#1494181] - kvm-vfio-remove-bootindex-property-from-qdev-to-qom.patch [bz#1494181] - kvm-vfio-pci-Handle-host-oversight.patch [bz#1494181] - kvm-vfio-pci-Fix-incorrect-error-message.patch [bz#1494181] - kvm-vfio-Wrap-VFIO_DEVICE_GET_REGION_INFO.patch [bz#1494181] - kvm-vfio-Generalize-region-support.patch [bz#1494181] - kvm-vfio-Enable-sparse-mmap-capability.patch [bz#1494181] - kvm-vfio-Handle-zero-length-sparse-mmap-ranges.patch [bz#1494181] - kvm-bswap.h-Remove-cpu_to_32wu.patch [bz#1486642] - kvm-hw-use-ld_p-st_p-instead-of-ld_raw-st_raw.patch [bz#1486642] - kvm-vga-Start-cutting-out-non-32bpp-conversion-support.patch [bz#1486642] - kvm-vga-Remove-remainder-of-old-conversion-cruft.patch [bz#1486642] - kvm-vga-Separate-LE-and-BE-conversion-functions.patch [bz#1486642] - kvm-vga-Rename-vga_template.h-to-vga-helpers.h.patch [bz#1486642] - kvm-vga-stop-passing-pointers-to-vga_draw_line-functions.patch [bz#1486642] - kvm-target-i386-Add-Intel-SHA_NI-instruction-support.patch [bz#1450396] - kvm-target-i386-cpu-Add-new-EPYC-CPU-model.patch [bz#1450396] - kvm-target-i386-Enable-clflushopt-clwb-pcommit-instructi.patch [bz#1501510] - kvm-i386-add-Skylake-Server-cpu-model.patch [bz#1501510] - Resolves: bz#1450396 (Add support for AMD EPYC processors) - Resolves: bz#1486642 (CVE-2017-13672 qemu-kvm: Qemu: vga: OOB read access during display update [rhel-7.5]) - Resolves: bz#1494181 (Backport vGPU support to qemu-kvm) - Resolves: bz#1501510 (Add Skylake-Server CPU model (qemu-kvm)) [1.5.3-145.el7] - kvm-qemu-char-add-Czech-characters-to-VNC-keysyms.patch [bz#1476641] - kvm-qemu-char-add-missing-characters-used-in-keymaps.patch [bz#1476641] - kvm-qemu-char-add-cyrillic-characters-numerosign-to-VNC-.patch [bz#1476641] - kvm-block-ssh-Use-QemuOpts-for-runtime-options.patch [bz#1461672] - Resolves: bz#1461672 (qemu-img core dumped when create external snapshot through ssh protocol without specifying image size) - Resolves: bz#1476641 (ui/vnc_keysym.h is very out of date and does not correctly support many Eastern European keyboards) [1.5.3-144.el7] - kvm-qemu-nbd-Ignore-SIGPIPE.patch [bz#1466463] - Resolves: bz#1466463 (CVE-2017-10664 qemu-kvm: Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort [rhel-7.5]) [1.5.3-143.el7] - kvm-block-Limit-multiwrite-merge-downstream-only.patch [bz#1492559] - Resolves: bz#1492559 (virtio-blk mutiwrite merge causes too big IO) [1.5.3-142.el7] - kvm-vnc-allow-to-connect-with-add_client-when-vnc-none.patch [bz#1435352] - kvm-virtio-net-dynamic-network-offloads-configuration.patch [bz#1480428] - kvm-Workaround-rhel6-ctrl_guest_offloads-machine-type-mi.patch [bz#1480428] - kvm-target-i386-Add-PKU-and-and-OSPKE-support.patch [bz#1387648] - Resolves: bz#1387648 ([Intel 7.5 FEAT] Memory Protection Keys for qemu-kvm) - Resolves: bz#1435352 (qemu started with '-vnc none,...' doesn't support any VNC authentication) - Resolves: bz#1480428 (KVM: windows guest migration from EL6 to EL7 fails.) LOW Copyright 2018 Oracle, Inc. CVE-2017-15268 CVE-2018-5683 CVE-2017-13711 CVE-2017-13672 CVE-2017-15124 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:5:base Oracle Linux 7 [0.15-5] - Start using autostart mechanism instead of xinitrc.d script Resolves: #1412762 LOW Copyright 2018 Oracle, Inc. CVE-2017-15131 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 7 [4.8.5-28.0.1] - [Orabug: 27557686] (Egeyar Bagcioglu) - Introduce 'oracle_release' into .spec file. Echo it to gcc/DEV-PHASE. [4.8.5-28] - Minor testsuite fixes to clean up test results (#1469697) - retpoline support for spectre mitigation (#1535655) [4.8.5-27] - bump for rebuild with RELRO enabled even for ppc64/ppc64le [4.8.5-26] - Avoid red zone probing for zero residual dynamic allocation (#1469697) - Avoid bogus CFIs for probes in noreturn fucntions on x86/x86_64 (#1469697) [4.8.5-25] - Avoid red zone probe on aarch64 (#1469697) [4.8.5-24] - Sync gcc48-rh1469697-13 patch to upstream (#1469697) - Avoid probing in the red zone for noreturn functions (#1507980, #1469697) - Avoid infinite loop if probing interval is less than guard size (#1469697) - Fix debug information for large probing interval on aarch64 (#1469697) - Fix ICE on ppc port with large probing interval (#1469697) - rebuild to remove static relocations not known to older linkers (#1508968) [4.8.5-23] - rebuild to remove static relocations not known to older linkers (#1508968) [4.8.5-22] - fix gcc.c-torture/execute/pr80692.x - fix divmod expansion (PR middle-end/78416) [4.8.5-21] - fix 27_io/basic_fstream/53984.cc - fix for classes with bases with mutable members (PR c++/77375) - fix handling side-effects of parameters (PR c/77767) - fix combine's make_extraction (PR rtl-optimization/78378) - fix gimplification of const var initialization from COND_EXPR (PR c++/80129) - fix -A / -B to A / B folding (PR middle-end/80362) - fix comparison of decimal float zeroes (PR middle-end/80692) - fix __mulv[dt]i3 and expand_mul_overflow (PR target/82274) [4.8.5-20] - handle exceptions in basic_istream::sentry (#1469384) - don't run pr63354.c on ppc (#1468546) - ensure proxy privatization safety (#1491395) - fix incorrect codegen from rdseed intrinsic use (#1482762, CVE-2017-11671) - on aarch64, remove libatomic.so (#1465510) [4.8.5-19] - Backport stack clash protection from upstream (#1469697) [4.8.5-18] - backport several -mprofile-kernel fixes (#1468546) [4.8.5-17] - fix -mcpu=power8 atomic expansion (#1437220, PR target/69644) - fix .toc alignment (#1487434) LOW Copyright 2018 Oracle, Inc. CVE-2017-11671 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 7 [4.2.6p5-28.0.1] - Bump release to avoid ULN conflict with Oracle modified errata. [4.2.6p5-28] - fix buffer overflow in datum refclock driver (CVE-2017-6462) - fix crash with invalid unpeer command (CVE-2017-6463) - fix potential crash with invalid server command (CVE-2017-6464) - add Spectracom TSYNC driver (#1491797) - fix initialization of system clock status (#1493452) - fix typos in ntpd man page (#1420453) - use SHA1 request key by default (#1442083) - use network-online target in ntpdate and sntp services (#1466947) [4.2.6p5-27] - fix CVE-2016-7429 patch to work correctly on multicast client (#1422944) [4.2.6p5-26] - don't limit rate of packets from sources (CVE-2016-7426) - don't change interface from received packets (CVE-2016-7429) - fix calculation of root distance again (CVE-2016-7433) - require authentication for trap commands (CVE-2016-9310) - fix crash when reporting peer event to trappers (CVE-2016-9311) MODERATE Copyright 2018 Oracle, Inc. CVE-2017-6462 CVE-2017-6464 CVE-2017-6463 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 7 [2.5-22.0.1] - Lazy unmount private, shared entry (Joe Jin) [orabug 12560705] [2.5-22] - semanage: Fix fcontext help message (#1499259) - semanage: Improve semanage-user.8 man page (#1079946) - semodule: Improve man page (#1337192) [2.5-21] - Update translations [2.5-20] - setfiles: Mention customizable types in restorecon man page (#1260238) - sepolicy: do not fail when file_contexts.local or .subs do not exist (#1512590) - semanage: Fix export of ibendport entries (#1471809) [2.5-19] - semanage: Call semanage_set_reload only if -N is used (#1421160) [2.5-18] - semanage: Enable listing file_contexts.homedirs - semanage: Fix manpage author for ibpkey and ibendport pages. - semanage: Update man pages for infiniband - semanage: Update semanage to allow runtime labeling of ibendports - semanage: Update semanage to allow runtime labeling of Infiniband Pkeys - semanage: Improve semanage-port man page - fixfiles: do not dereference link files in tmp LOW Copyright 2018 Oracle, Inc. CVE-2018-1063 cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 7 [7.4p1-16 + 0.10.3-2] - Fix for CVE-2017-15906 (#1517226) [7.4p1-15 + 0.10.3-2] - Do not hang if SSH AuthorizedKeysCommand output is too large (#1496467) - Do not segfault pam_ssh_agent_auth if keyfile is missing (#1494268) - Do not segfault in audit code during cleanup (#1488083) - Add WinSCP 5.10+ compatibility (#1496808) - Clatch between ClientAlive and rekeying timeouts (#1480510) - Exclude dsa and ed25519 from default proposed keys in FIPS mode (#1456853) - Add enablement for openssl-ibmca and openssl-ibmpkcs11 (#1478035) [7.4p1-14 + 0.10.3-2] - Rebuilt for RHEL-7.5 LOW Copyright 2018 Oracle, Inc. CVE-2017-15906 cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:linux:7:5:base cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ol7 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ol7 Oracle Linux 7 [1.0.2k-12.0.1] - sha256 is used for the RSA pairwise consistency test instead of sha1 [1.0.2k-12] - fix CVE-2017-3737 - incorrect handling of fatal error state - fix CVE-2017-3738 - AVX2 Montgomery multiplication bug with 1024 bit modulus [1.0.2k-11] - fix deadlock in RNG in the FIPS mode in mariadb [1.0.2k-9] - fix CVE-2017-3736 - carry propagation bug in Montgomery multiplication MODERATE Copyright 2018 Oracle, Inc. CVE-2017-3738 CVE-2017-3737 CVE-2017-3736 cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 7 [0.9.9-12] - Fix CVE-2018-7225 (improper client cut text length sanitization) (bug #1548440) MODERATE Copyright 2018 Oracle, Inc. CVE-2018-7225 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 7 [1.3.3-8.1] - Backport fix for CVE-2018-5146 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5146 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 7 [0.9.162-5.0.3.el7_5.1] - Unlike RHEL we DO have corosync/pacemaker for aarch64 on EL7 - replace logo pcsd/public/favicon.ico in tarball - remove Source1 HAM-logo.png [0.9.162-5.el7_5.1] - Fixed CVE-2018-1086 pcs: Debug parameter removal bypass, allowing information disclosure - Fixed CVE-2018-1079 pcs: Privilege escalation via authorized user malicious REST call - Fixed CVE-2018-1000119 rack-protection: Timing attack in authenticity_token.rb - Resolves: rhbz#1557253 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1000119 CVE-2018-1086 CVE-2018-1079 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:5:patch Oracle Linux 7 - [3.10.0-862.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-862] - [netdrv] i40e: Fix attach VF to VM issue (Stefan Assmann) [1528123] - [netdrv] ixgbevf: Add check for ixgbe_mbox_api_13 to ixgbevf_probe when setting max_mtu (Ken Cox) [1556696] - [md] dm btree: fix serious bug in btree_split_beneath() (Mike Snitzer) [1557849] - [x86] pti: Disable PTI user page table update in EFI virtual mode (Waiman Long) [1540061] [3.10.0-861] - [netdrv] tg3: prevent scheduling while atomic splat (Jonathan Toppins) [1554590] - [nvme] validate admin queue before unquiesce (David Milburn) [1549733] [3.10.0-860] - [acpi] sbshc: remove raw pointer from printk() message (Baoquan He) [1547009] {CVE-2018-5750} - [fs] gfs2: fixes to 'implement iomap for block_map' (Andreas Grunbacher) [1542594] - [x86] kvm: svm: disable virtual GIF and VMLOAD/VMSAVE (Paolo Bonzini) [1552090] [3.10.0-859] - [media] v4l2-compat-ioctl32.c: refactor compat ioctl32 logic fixup (Jarod Wilson) [1548430] {CVE-2017-13166} - [kernel] futex: Prevent overflow by strengthen input validation (Joe Lawrence) [1547585] {CVE-2018-6927} - [fs] Revert dcache_readdir back to ->readdir() ('Eric W. Biederman') [1525541] - [md] dm-raid: fix incorrect sync_ratio when degraded (Mike Snitzer) [1547979] - [mm] page_alloc: fix memmap_init_zone pageblock alignment (Daniel Vacek) [1525121] - [mm] revert kvmalloc: stress the vmalloc path in the debugging kernel (Jeff Moyer) [1550094] - [powerpc] 64s: Allow control of RFI flush via debugfs (Mauricio Oliveira) [1543067] - [powerpc] 64s: Improve RFI L1-D cache flush fallback (Mauricio Oliveira) [1543067] - [powerpc] 64s: Wire up cpu_show_meltdown() (Mauricio Oliveira) [1543067] - [x86] kvm: vmx: Cache IA32_DEBUGCTL in memory (Paolo Bonzini) [1537379] - [x86] spec_ctrl: avoid rmb() on full retpoline kernels (Paolo Bonzini) [1537379] - [x86] spec_ctrl: replace boot_cpu_has with a static key for IBRS checks (Paolo Bonzini) [1537379] - [x86] spec_ctrl: actually use static key for retpolines (Paolo Bonzini) [1537379] - [x86] kvm: vmx: optimize IBRS handling at vmenter/vmexit (Paolo Bonzini) [1537379] - [x86] kvm: vmx: mark RDMSR path as unlikely (Paolo Bonzini) [1537379] - [x86] kvm: use native_read_msr to read SPEC_CTRL (Paolo Bonzini) [1537379] - [x86] kvm/nvmx: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap (Paolo Bonzini) [1537379] - [x86] nvmx: Properly set spec_ctrl and pred_cmd before merging MSRs (Paolo Bonzini) [1537379] - [x86] kvm/vmx: Allow direct access to MSR_IA32_SPEC_CTRL (Paolo Bonzini) [1537379] - [x86] kvm: Add IBPB support (Paolo Bonzini) [1537379] - [x86] kvm: vmx: make MSR bitmaps per-VCPU (Paolo Bonzini) [1537379] - [x86] kvm: vmx: Do not disable intercepts for BNDCFGS (Paolo Bonzini) [1537379] - [x86] kvm: vmx: introduce alloc_loaded_vmcs (Paolo Bonzini) [1537379] - [x86] kvm: nvmx: Eliminate vmcs02 pool (Paolo Bonzini) [1537379] - [x86] kvm: nvmx: single function for switching between vmcs (Paolo Bonzini) [1537379] - [x86] kvm: Update the reverse_cpuid list to include CPUID_7_EDX (Paolo Bonzini) [1537379] - [x86] cpuid: Fix up 'virtual' IBRS/IBPB/STIBP feature bits on Intel (Paolo Bonzini) [1537379] - [x86] cpufeatures: Clean up Spectre v2 related CPUID flags (Paolo Bonzini) [1537379] - [x86] cpufeatures: Add Intel feature bits for Speculation Control (Paolo Bonzini) [1537379] - [x86] cpufeatures: Add AMD feature bits for Speculation Control (Paolo Bonzini) [1537379] - [x86] cpufeatures: Add CPUID_7_EDX CPUID leaf (Paolo Bonzini) [1537379] - [x86] cpu: Fill in feature word 13, CPUID_8000_0008_EBX (Paolo Bonzini) [1537379] [3.10.0-858] - [tools] revert perf: Fix swap for samples with raw data (Jiri Olsa) [1458228] - [netdrv] ibmvnic: Fix early release of login buffer (Desnes Augusto Nunes do Rosario) [1545578] - [netdrv] ibmvnic: Clean RX pool buffers during device close (Desnes Augusto Nunes do Rosario) [1545578] - [netdrv] ibmvnic: Free RX socket buffer in case of adapter error (Desnes Augusto Nunes do Rosario) [1545578] - [netdrv] ibmvnic: Fix NAPI structures memory leak (Desnes Augusto Nunes do Rosario) [1545578] - [netdrv] ibmvnic: Fix login buffer memory leaks (Desnes Augusto Nunes do Rosario) [1545578] - [netdrv] ibmvnic: Wait until reset is complete to set carrier on (Desnes Augusto Nunes do Rosario) [1545578] - [block] disable runtime-pm for blk-mq (Ming Lei) [1548269] - [mm] revert memcontrol: fix cgroup creation failure after many small jobs (Aristeu Rozanski) [1548593 1517028] - [mm] revert cgroup: kill css_id (Aristeu Rozanski) [1548593 1517028] [3.10.0-857] - [media] v4l2-compat-ioctl32.c: refactor compat ioctl32 logic (Jarod Wilson) [1548430] {CVE-2017-13166} - [sound] alsa: seq: Fix use-after-free at creating a port (CVE-2017-15265) (Jaroslav Kysela) [1503381] {CVE-2017-15265} - [gpu] drm/radeon: insist on 32-bit DMA for Cedar on PPC64/PPC64LE (Rob Clark) [1546022] - [edac] disable only ghes_edac by default (Aristeu Rozanski) [1543078] - [edac] ghes: Model a single, logical memory controller (Aristeu Rozanski) [1543078] - [fs] cifs: release cifs root_cred after exit_cifs (Leif Sahlberg) [1525874] - [fs] gfs2: Fix fallocate chunk size (Andreas Grunbacher) [1545329] - [fs] gfs2: Fixes to 'Implement iomap for block_map' (Andreas Grunbacher) [1542594] - [fs] gfs2: Clean up (lookup,fillup)_metapath (Andreas Grunbacher) [1542594] - [fs] iomap: warn on zero-length mappings (Andreas Grunbacher) [1542594] - [md] raid0: remove blank line printk from dump_zones() (John Pittman) [1534272] - [md] dm: use blkdev_get rather than bdgrab when issuing pass-through ioctl (Mike Snitzer) [1513037] - [mm] kvmalloc: stress the vmalloc path in the debugging kernel (Mikulas Patocka) [1523567] - [mm] fs: rework do_invalidatepage (Eric Sandeen) [1546079] - [net] netfilter: fix NULL ptr dereference in nf_send_reset() (Paolo Abeni) [1546148] [3.10.0-856] - [infiniband] ipoib: Add ipoib_enhanced module parameter (Slava Shwartsman) [1533013] - [netdrv] ibmvnic: Remove skb->protocol checks in ibmvnic_xmit (Desnes Augusto Nunes do Rosario) [1544356] - [netdrv] ibmvnic: Reset long term map ID counter (Desnes Augusto Nunes do Rosario) [1544356] - [netdrv] ibmvnic: queue reset when CRQ gets closed during reset (Desnes Augusto Nunes do Rosario) [1544356] - [netdrv] ibmvnic: Ensure that buffers are NULL after free (Desnes Augusto Nunes do Rosario) [1544356] - [netdrv] ibmvnic: Fix rx queue cleanup for non-fatal resets (Desnes Augusto Nunes do Rosario) [1544356] - [netdrv] ibmvnic: fix empty firmware version and errors cleanup (Desnes Augusto Nunes do Rosario) [1544356] - [netdrv] ibmvnic: fix firmware version when no firmware level has been provided by the VIOS server (Desnes Augusto Nunes do Rosario) [1544356] - [netdrv] mlx5e: Fix offloading of E-Switch TC pedit actions (Slava Shwartsman) [1545640] - [netdrv] qed: Correct setting the number of completion queues for FCoE functions (Chad Dupuis) [1542188] - [netdrv] ixgbe: fix crash in build_skb Rx code path (Ken Cox) [1520428] - [netdrv] tg3: APE heartbeat changes (Jonathan Toppins) [1546217] - [powerpc] pseries/vio: Dispose of virq mapping on vdevice unregister (Gustavo Duarte) [1544009] - [s390] qeth: fix underestimated count of buffer elements (Hendrik Brueckner) [1544698] - [x86] kvm: fix singlestepping over syscall (Paolo Bonzini) [1464481] {CVE-2017-7518} - [x86] paravirt: fix kabi breakage in pv_mmu_ops (Jeff Moyer) [1546027] - [x86] uaccess: introduce copy_from_iter_flushcache for pmem / cache-bypass operations (Jeff Moyer) [1471678] [3.10.0-855] - [crypto] algif_skcipher: Remove custom release parent function (Bruno Eduardo de Oliveira Meneguele) [1529441] - [crypto] algif_hash: Remove custom release parent function (Bruno Eduardo de Oliveira Meneguele) [1537376] - [mailbox] pcc: Drop uninformative output during boot (Kazuhito Hagio) [1515571] - [edac] skx_edac: Fix detection of single-rank DIMMs (Aristeu Rozanski) [1482248] - [md] free unused memory after bitmap resize (Nigel Croxon) [1532767] - [fs] sunrpc: ensure correct error is reported by xs_tcp_setup_socket() (Steve Dickson) [1536582] - [fs] Revert 'fixing infinite OPEN loop in 4.0 stateid recovery' (Steve Dickson) [1542191] - [scsi] use 'scsi_device_from_queue()' for scsi_dh (Mike Snitzer) [1546212] - [scsi] dh: add a common helper to get a scsi_device from a request_queue (Mike Snitzer) [1546212] - [scsi] qedi: Drop cqe response during connection recovery (Chad Dupuis) [1543503] - [scsi] qedi: Fix a possible sleep-in-atomic bug in qedi_process_tmf_resp (Chad Dupuis) [1543503] - [scsi] qla4xxx: skip error recovery in case of register disconnect (Himanshu Madhani) [1541766] - [x86] spectre: fix the kernel build without CONFIG_RETPOLINE (Josh Poimboeuf) [1543939] [3.10.0-854] - [tools] perf: Fix swap for samples with raw data (Jiri Olsa) [1458228] - [alsa] hda/realtek: Enable Thinkpad Dock device for ALC298 platform (Jaroslav Kysela) [1469623] - [crypto] rng: prevent entry into drbg test path from algif_rng (Bruno Eduardo de Oliveira Meneguele) [1485815] - [net] macvtap: add namespace support to the sysfs device class (Davide Caratti) [1544499] - [net] sched: cls_u32: fix cls_u32 on filter replace (Ivan Vecera) [1542013] - [net] netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Florian Westphal) [1543088] {CVE-2017-18017} [3.10.0-853] - [sound] alsa: seq: Make ioctls race-free (CVE-2018-1000004) (Jaroslav Kysela) [1537203] {CVE-2018-1000004} - [gpu] drm/i915/gvt: move write protect handler out of mmio emulation function (Paul Lai) [1525419] - [gpu] drm/i915/gvt: Factor intel_vgpu_page_track (Paul Lai) [1525419] - [fs] xfs: eliminate duplicate icreate tx reservation functions (Brian Foster) [1397653] - [fs] xfs: refactor inode chunk alloc/free tx reservation (Brian Foster) [1397653] - [fs] xfs: include an allocfree res for inobt modifications (Brian Foster) [1397653] - [fs] xfs: truncate transaction does not modify the inobt (Brian Foster) [1397653] - [fs] xfs: fix up agi unlinked list reservations (Brian Foster) [1397653] - [fs] xfs: include inobt buffers in ifree tx log reservation (Brian Foster) [1397653] - [fs] xfs: print transaction log reservation on overrun (Brian Foster) [1397653] - [fs] xfs: dump transaction usage details on log reservation overrun (Brian Foster) [1397653] - [fs] xfs: refactor xlog_cil_insert_items() to facilitate transaction dump (Brian Foster) [1397653] - [fs] xfs: separate shutdown from ticket reservation print helper (Brian Foster) [1397653] - [s390] gs: add compat regset for the guarded storage broadcast control block (Hendrik Brueckner) [1537067] - [x86] intel_rdt/cqm: avoid negative static key counts (Joe Lawrence) [1524901] - [x86] efi: Fix boot crash by always mapping boot service regions into new EFI page tables (Lenny Szubowicz) [1535243] [3.10.0-852] - [netdrv] bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine (Jonathan Toppins) [1532863] - [netdrv] bnxt_en: Fix population of flow_type in bnxt_hwrm_cfa_flow_alloc() (Jonathan Toppins) [1532863] - [netdrv] bnxt_en: Fix sources of spurious netpoll warnings (Jonathan Toppins) [1532863] - [mm] memcg, slab: do not destroy children caches if parent has aliases (Aristeu Rozanski) [1502818] - [mm] memcg, slab: fix races in per-memcg cache creation/destruction (Aristeu Rozanski) [1502818] - [mm] memcg, slab: clean up memcg cache initialization/destruction (Aristeu Rozanski) [1502818] - [mm] memcg, slab: kmem_cache_create_memcg(): fix memleak on fail path (Aristeu Rozanski) [1502818] - [block] Invalidate cache on discard v2 (Ming Lei) [1515920] - [x86] mm: Fix use-after-free of ldt_struct (Oleg Nesterov) [1543352] {CVE-2017-17053} [3.10.0-851] - [kernel] acct.c: fix the acct->needcheck check in check_free_space() (Oleg Nesterov) [1520791] - [mm] pm/hibernate: touch NMI watchdog when creating snapshot (Aristeu Rozanski) [1487022] - [mm] userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (Andrea Arcangeli) [1531285] - [block] blk-mq: Take tagset lock when updating hw queues (Ming Lei) [1528644] - [kernel] genirq/affinity: avoid deadlock in pci_alloc_irq_vectors_affinity (Ming Lei) [1528644] - [block] blk-mq: avoid IO hang during CPU hotplug by freezing queues in order (Ming Lei) [1528644] - [nvme] kick requeue list when requeueing a request instead of when starting the queues (Ming Lei) [1528644] - [scsi] dual scan thread bug fix (Ewan Milne) [1509331] - [scsi] fix our current target reap infrastructure (Ewan Milne) [1509331] - [s390] crypto: fix aes/paes Kconfig dependeny (Hendrik Brueckner) [1538139] - [s390] mm: fix BUG_ON in crst_table_upgrade (Hendrik Brueckner) [1500580] - [x86] paravirt: Remove 'noreplace-paravirt' cmdline option (Josh Poimboeuf) [1538911] - [x86] microcode/amd: Add support for fam17h microcode loading (Suravee Suthikulpanit) [1540104] - [x86] Use __nostackprotect for sme_encrypt_kernel (Suravee Suthikulpanit) [1540104] - [x86] mm: Encrypt the initrd earlier for BSP microcode update (Suravee Suthikulpanit) [1540104] - [x86] mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption (Suravee Suthikulpanit) [1540104] - [x86] mm: Centralize PMD flags in sme_encrypt_kernel() (Suravee Suthikulpanit) [1540104] - [x86] mm: Use a struct to reduce parameters for SME PGD mapping (Suravee Suthikulpanit) [1540104] - [x86] mm: Clean up register saving in the __enc_copy() assembly code (Suravee Suthikulpanit) [1540104] [3.10.0-850] - [crypto] chelsio - Check error code with IS_ERR macro (Arjun Vynipadath) [1542351] - [crypto] chelsio - Use x8_ble gf multiplication to calculate IV (Arjun Vynipadath) [1542351] - [crypto] gf128mul - The x8_ble multiplication functions (Arjun Vynipadath) [1542351] - [crypto] gf128mul - rename the byte overflow tables (Arjun Vynipadath) [1542351] - [crypto] gf128mul - remove xx() macro (Arjun Vynipadath) [1542351] - [crypto] chelsio - Fix memory leak (Arjun Vynipadath) [1542351] - [scsi] libcxgbi: use GFP_ATOMIC in cxgbi_conn_alloc_pdu() (Arjun Vynipadath) [1541085] - [infiniband] iw_cxgb4: remove the stid on listen create failure (Arjun Vynipadath) [1541085] - [infiniband] iw_cxgb4: when flushing, complete all wrs in a chain (Arjun Vynipadath) [1541085] - [infiniband] iw_cxgb4: reflect the original WR opcode in drain cqes (Arjun Vynipadath) [1541085] - [infiniband] iw_cxgb4: Only validate the MSN for successful completions (Arjun Vynipadath) [1541085] - [infiniband] iw_cxgb4: only insert drain cqes if wq is flushed (Arjun Vynipadath) [1541085] - [infiniband] iw_cxgb4: put ep reference in pass_accept_req() (Arjun Vynipadath) [1541085] - [netdrv] be2net: restore properly promisc mode after queues reconfiguration (Ivan Vecera) [1535897] - [netdrv] ixgbe: Set DMA attributes individually (Ken Cox) [1536455] - [netdrv] iwlwifi: mvm: fix security bug in PN checking (Stanislaw Gruszka) [1538028] - [netdrv] ibmvnic: Wait for device response when changing MAC (Desnes Augusto Nunes do Rosario) [1540838] - [netdrv] ibmvnic: Dont handle RX interrupts when not up (Desnes Augusto Nunes do Rosario) [1532345] - [netdrv] ibmvnic: Fix pending MAC address changes (Desnes Augusto Nunes do Rosario) [1535368] - [netdrv] ibmvnic: Include header descriptor support for ARP packets (Desnes Augusto Nunes do Rosario) [1529748] - [netdrv] ibmvnic: Increase maximum number of RX/TX queues (Desnes Augusto Nunes do Rosario) [1529748] - [netdrv] ibmvnic: Rename IBMVNIC_MAX_TX_QUEUES to IBMVNIC_MAX_QUEUES (Desnes Augusto Nunes do Rosario) [1529748] - [net] cls_u32: fix use after free in u32_destroy_key() (Paolo Abeni) [1540821] - [net] properly release sk_frag.page (Lorenzo Bianconi) [1535775] - [net] netlink: Add netns check on taps (William Townsend) [1538738] {CVE-2017-17449} - [net] netfilter: xt_osf: Add missing permission checks (Florian Westphal) [1539230] {CVE-2017-17448} - [net] netfilter: nfnetlink_cthelper: Add missing permission checks (Florian Westphal) [1539230] {CVE-2017-17448} [3.10.0-849] - [tools] perf vendor events powerpc: Remove duplicate events (Mauricio Oliveira) [1521091] - [tools] perf vendor events powerpc: Update POWER9 events (Mauricio Oliveira) [1521091] - [thermal] doc change updates expected cur_state behavior (Brad Peters) [1211434] - [hid] Add PCI ID for Cannon Lake and Coffee Lake (Brad Peters) [1530141] - [edac] sb_edac: Fix missing DIMM sysfs entries with KNL SNC2/SNC4 mode (Aristeu Rozanski) [1536995] - [fs] sysfs: Use only return value from is_visible for the file mode (Jeff Moyer) [1533361] - [fs] nfsd: auth: Fix gid sorting when rootsquash enabled (Thiago Becker) [1516978] - [block] silently forbid sending any ioctl to a partition (Paolo Bonzini) [1438809] - [mm] fix collision between DAX PMD and PTEs (Jeff Moyer) [1528957] - [mm] always enable thp for dax mappings (Jeff Moyer) [1472025] - [mm] improve readability of transparent_hugepage_enabled() (Jeff Moyer) [1472025] - [acpi] acpi, nfit: validate commands against the device type (Al Stone) [1471819] - [acpi] acpi, nfit: add support for the _LSI, _LSR, and _LSW label methods (Al Stone) [1471819] [3.10.0-848] - [kernel] lockdep: Increase MAX_STACK_TRACE_ENTRIES for debug kernel (Waiman Long) [1532959] - [kernel] make groups_sort calling a responsibility group_info allocators (Thiago Becker) [1516978] - [kernel] watchdog: Prevent false positives with turbo modes (Jiri Olsa) [1493859] - [netdrv] xen-netfront: enable device after manual module load (Eduardo Otubo) [1472220] - [netdrv] ibmvnic: Fix IPv6 packet descriptors (Gustavo Duarte) [1536746] - [netdrv] ibmvnic: Fix IP offload control buffer (Gustavo Duarte) [1536746] - [netdrv] bnxt_en: Dont print Link speed -1 no longer supported messages (Jonathan Toppins) [1522743] - [netdrv] bnxt_en: Uninitialized variable in bnxt_tc_parse_actions() (Jonathan Toppins) [1522743] - [netdrv] bnxt_en: Need to unconditionally shut down RoCE in bnxt_shutdown (Jonathan Toppins) [1522743] - [netdrv] bnxt_en: wildcard smac while creating tunnel decap filter (Jonathan Toppins) [1522743] - [netdrv] bnxt_en: fix dst/src fid for vxlan encap/decap actions (Jonathan Toppins) [1522743] - [netdrv] bnxt_en: Fix a variable scoping in bnxt_hwrm_do_send_msg() (Jonathan Toppins) [1522743] - [netdrv] bnxt_en: Add ETH_RESET_AP support (Jonathan Toppins) [1522743] - [netdrv] net: ethtool: add support for reset of AP inside NIC interface (Jonathan Toppins) [1522743] - [netdrv] bnxt_en: Fix an error handling path in 'bnxt_get_module_eeprom()' (Jonathan Toppins) [1522743] - [powerpc] kvm: book3s: Provide information about hardware/firmware CVE workarounds (Serhii Popovych) [1532077] {CVE-2017-5754} - [powerpc] powernv/pci: Enable 64-bit devices to access >4GB DMA space (Mauricio Oliveira) [1506259] - [powerpc] powernv/pci: Add helper to check if a PE has a single vendor (Mauricio Oliveira) [1506259] - [x86] kvm: svm: Fix up enable_smi_window due to out-of-order backport (Suravee Suthikulpanit) [1135003] - [x86] kvm: svm: Enable Virtual GIF feature (Suravee Suthikulpanit) [1135003] - [x86] kvm: svm: Add Virtual GIF feature definition (Suravee Suthikulpanit) [1135003] - [x86] cpufeature,kvm/svm: Rename (shorten) the new virtualized VMSAVE/VMLOAD CPUID flag (Suravee Suthikulpanit) [1135003] - [x86] kvm: svm: Enable Virtual VMLOAD VMSAVE feature (Suravee Suthikulpanit) [1135003] - [x86] kvm: svm: Add Virtual VMLOAD VMSAVE feature definition (Suravee Suthikulpanit) [1135003] - [x86] kvm: svm: Rename lbr_ctl field in the vmcb control area (Suravee Suthikulpanit) [1135003] - [x86] kvm: svm: Prepare for new bit definition in lbr_ctl (Suravee Suthikulpanit) [1135003] - [x86] fpu: Use early_param() for clearcpuid (Scott Wood) [1539423] [3.10.0-847] - [dma-buf] fix reservation_object_wait_timeout_rcu once more v2 (Lyude Paul) [1535631] - [fs] nfsd: fix panic in posix_unblock_lock called from nfs4_laundromat (Dave Wysochanski) [1539866] - [fs] xfs: validate sb_logsunit is a multiple of the fs blocksize (Bill O Donnell) [1538495] - [fs] nfsv4: always set NFS_LOCK_LOST when a lock is lost (Steve Dickson) [1540324] - [scsi] qla2xxx: Update driver version (Himanshu Madhani) [1524717] - [scsi] qla2xxx: Fix memory corruption during hba reset test (Himanshu Madhani) [1524717] - [scsi] qla2xxx: Fix logo flag for qlt_free_session_done() (Himanshu Madhani) [1524717] - [scsi] qla2xxx: Reset the logo flag, after target re-login (Himanshu Madhani) [1524717] - [block] dm: fix incomplete request_queue initialization (Mike Snitzer) [1517771] - [block] allow gendisks request_queue registration to be deferred (Mike Snitzer) [1517771] - [block] Protect less code with sysfs_lock in blk_(un,) register_queue() (Mike Snitzer) [1517771] - [block] properly protect the 'queue' kobj in blk_unregister_queue (Mike Snitzer) [1517771] [3.10.0-846] - [infiniband] iser-target: avoid reinitializing rdma contexts for isert commands (Don Dutile) [1540434] - [netdrv] nfp: implement ethtool FEC mode settings (John Linville) [1519199] - [netdrv] nfp: add helpers for FEC support (John Linville) [1519199] - [netdrv] nfp: add get/set link settings ndos to representors (John Linville) [1519199] - [netdrv] nfp: resync repr state when port table sync (John Linville) [1519199] - [netdrv] nfp: refactor nfp_app_reprs_set (John Linville) [1519199] - [netdrv] nfp: dont depend on compiler constant propagation (John Linville) [1519199] - [netdrv] vmxnet3: repair memory leak (Neil Horman) [1525354] - [cpufreq] governor: Serialize governor callbacks (David Arcari) [1538572] - [cpufreq] governor: split cpufreq_governor_dbs() (David Arcari) [1538572] - [cpufreq] governor: register notifier from cs_init() (David Arcari) [1538572] - [cpufreq] intel_pstate: Remove use of get_target_pstate_use_cpu_load(() (Prarit Bhargava) [1537502] - [cpufreq] revert intel_pstate: Use load-based P-state selection more widely (Prarit Bhargava) [1537502] - [cpufreq] Fix intel_pstate driver (Prarit Bhargava) [1537502] - [x86] fpu: Fix get_xsave_addr() behavior under virtualization ('Dr. David Alan Gilbert') [1534309] - [x86] kvm: fix usage of uninit spinlock in avic_vm_destroy() (Wei Huang) [1537402] - [x86] KVM: Fix CPUID function for word 6 (80000001_ECX) (Wei Huang) [1533358] - [kernel] print kdump kernel loaded status in stack dump (Lianbo Jiang) [1535754] - [kernel] kexec: add a kexec_crash_loaded() function (Lianbo Jiang) [1535754] [3.10.0-845] - [watchdog] hpwdt: remove indirect call in watchdog/hpwdt.c (Josh Poimboeuf) [1535644] - [kernel] x86/spec_ctrl: cleanup __ptrace_may_access (Josh Poimboeuf) [1535644] - [x86] bugs: Drop one 'mitigation' from dmesg (Josh Poimboeuf) [1535644] - [x86] kvm: vmx: Make indirect call speculation safe (Josh Poimboeuf) [1535644] - [x86] kvm: x86: Make indirect calls in emulator speculation safe (Josh Poimboeuf) [1535644] - [x86] retpoline: Optimize inline assembler for vmexit_fill_RSB (Josh Poimboeuf) [1535644] - [x86] mce: Make machine check speculation protected (Josh Poimboeuf) [1535644] - [x86] spec_ctrl: fix ptrace IBPB optimization (Josh Poimboeuf) [1535644] - [x86] spec_ctrl: Avoid returns in IBRS-disabled regions (Josh Poimboeuf) [1535644] - [x86] spectre/meltdown: avoid the vulnerability directory to weaken kernel security (Josh Poimboeuf) [1535644] - [x86] unwind: fix livepatch regression with CALL_NOSPEC macro (Josh Poimboeuf) [1535644] - [x86] spec_ctrl: Document retpolines and ibrs_enabled=3 (Josh Poimboeuf) [1535644] - [x86] spec_ctrl: upgrade GCC retpoline warning to an error (Josh Poimboeuf) [1535644] - [x86] Use IBRS for firmware update path (Josh Poimboeuf) [1535644] - [x86] spec_ctrl: stuff RSB on context switch with SMEP enabled (Josh Poimboeuf) [1535644] - [x86] spec_ctrl: enforce sane combinations of IBRS and retpoline (Josh Poimboeuf) [1535644] - [x86] spec_ctrl: use upstream RSB stuffing function (Josh Poimboeuf) [1535644] - [x86] spec_ctrl: add ibrs_enabled=3 (ibrs_user) (Josh Poimboeuf) [1535644] - [kernel] x86/jump_label: warn on failed jump label patch (Josh Poimboeuf) [1535644] - [x86] spec_ctrl: detect unretpolined modules (Josh Poimboeuf) [1535644] - [x86] retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (Josh Poimboeuf) [1535644] - [x86] retpoline: Fill return stack buffer on vmexit (Josh Poimboeuf) [1535644] - [x86] retpoline/xen: Convert Xen hypercall indirect jumps (Josh Poimboeuf) [1535644] - [x86] retpoline/hyperv: Convert assembler indirect jumps (Josh Poimboeuf) [1535644] - [x86] retpoline/ftrace: Convert ftrace assembler indirect jumps (Josh Poimboeuf) [1535644] - [x86] retpoline/entry: Convert entry assembler indirect jumps (Josh Poimboeuf) [1535644] - [x86] retpoline/crypto: Convert crypto assembler indirect jumps (Josh Poimboeuf) [1535644] - [x86] retpoline: Add initial retpoline support (Josh Poimboeuf) [1535644] - [x86] jump_label: add asm support for static keys (Josh Poimboeuf) [1535644] - [x86] asm: Make asm/alternative.h safe from assembly (Josh Poimboeuf) [1535644] - [tools] objtool: Support new GCC 6 switch jump table pattern (Josh Poimboeuf) [1535644] - [tools] objtool: Detect jumps to retpoline thunks (Josh Poimboeuf) [1535644] - [x86] spectre: Add boot time option to select Spectre v2 mitigation (Josh Poimboeuf) [1535644] - [x86] spec_ctrl: print features changed by microcode loading (Josh Poimboeuf) [1535644] - [x86] spec_ctrl: refactor the init and microcode loading paths (Josh Poimboeuf) [1535644] - [x86] spec_ctrl: move initialization of X86_FEATURE_IBPB_SUPPORT (Josh Poimboeuf) [1535644] - [x86] spec_ctrl: remove SPEC_CTRL_PCP_IBPB bit (Josh Poimboeuf) [1535644] - [x86] spec_ctrl: remove ibrs_enabled variable (Josh Poimboeuf) [1535644] - [x86] spec_ctrl: add ibp_disabled variable (Josh Poimboeuf) [1535644] - [x86] spec_ctrl: add X86_FEATURE_IBP_DISABLE (Josh Poimboeuf) [1535644] - [x86] spec_ctrl: remove IBP disable for AMD model 0x16 (Josh Poimboeuf) [1535644] - [x86] spec_ctrl: remove performance measurements from documentation (Josh Poimboeuf) [1535644] - [x86] spec_ctrl: make ipbp_enabled read-only (Josh Poimboeuf) [1535644] - [x86] spec_ctrl: remove ibpb_enabled=2 mode (Josh Poimboeuf) [1535644] - [x86] cpu: Implement CPU vulnerabilites sysfs functions (Josh Poimboeuf) [1535644] - [base] sysfs/cpu: Add vulnerability folder (Josh Poimboeuf) [1535644] - [x86] cpu: Merge bugs.c and bugs_64.c (Josh Poimboeuf) [1535644] [3.10.0-844] - [tools] perf record: Fix wrong size in perf_record_mmap for last kernel module (Jiri Olsa) [1509073] - [testmgr] disable ECDH and DH in FIPS mode (Bruno Eduardo de Oliveira Meneguele) [1523357] - [kernel] cpumask: Fix cpumask leak in partition_sched_domains() (Joe Lawrence) [1534918] - [kernel] pm / hibernate: Restore processor state before using per-CPU variables (Prarit Bhargava) [1418896] - [x86] power/64: Fix hibernation return address corruption (Prarit Bhargava) [1418896] - [x86] pti/mm: Fix trampoline stack problem with XEN PV (Andrea Arcangeli) [1533542] - [x86] mm: Rework wbinvd, hlt operation in stop_this_cpu() (Suravee Suthikulpanit) [1522676] - [mm] swap: zswap: maybe_preload & refactoring (Jerome Marchand) [1532517] - [mm] ksm: add cond_resched() to the rmap_walks (Rafael Aquini) [1519517] - [mm] mprotect: add a cond_resched() inside change_pmd_range() (Rafael Aquini) [1519517] - [infiniband] rdma/bnxt_re: Fix the RoCE firmware version reported (Selvin Xavier) [1538406] - [netdrv] cxgb4: fix possible deadlock (Arjun Vynipadath) [1439204] - [netdrv] hv_netvsc: Fix the receive buffer size limit (Vitaly Kuznetsov) [1532169] - [netdrv] nfp: flower: vxlan: ensure no sleep in atomic context (John Linville) [1537927] - [netdrv] nfp: flower: prioritize stats updates (John Linville) [1537141] - [net] Fix double free and memory corruption in get_net_ns_by_id() (Aristeu Rozanski) [1531551] {CVE-2017-15129} [3.10.0-843] - [media] xc2028: avoid use after free (Torez Smith) [1402893] {CVE-2016-7913} - [kernel] module: avoid ifdefs for sig_enforce declaration (Bruno Eduardo de Oliveira Meneguele) [1531454] - [fs] sysfs: Do not warn about missing kernfs_node if kobj is not active (Vivek Goyal) [1534568] - [md] not clear ->safemode for external metadata array (Xiao Ni) [1526283] - [md] always clear ->safemode when md_check_recovery gets the mddev lock (Xiao Ni) [1526283] - [block] blk-mq: dont allow write on attributes of .seq_ops (Ming Lei) [1535949] - [scsi] lpfc: Fix SCSI io host reset causing kernel crash (Dick Kennedy) [1530120] - [scsi] lpfc: FLOGI failures are reported when connected to a private loop (Dick Kennedy) [1532307] - [scsi] qla2xxx: Fix NULL pointer crash due to probe failure (Himanshu Madhani) [1525810] - [scsi] core: check for device state in __scsi_remove_target() (Ewan Milne) [1537459] - [scsi] fixup kernel warning during rmmod() (Ewan Milne) [1537459] - [nvme] rdma: fix concurrent reset and reconnect (David Milburn) [1517602] - [nvdimm] btt: fix uninitialized err_lock (Jeff Moyer) [1524775] - [tools] testing/nvdimm: fix nfit_test buffer overflow (Jeff Moyer) [1375501] - [tools] testing/nvdimm: fix nfit_test shutdown crash (Jeff Moyer) [1375501] - [tools] testing/nvdimm: make iset cookie predictable (Jeff Moyer) [1375501] - [tools] testing/nvdimm: support for sub-dividing a pmem region (Jeff Moyer) [1375501] - [tools] testing/nvdimm: fix allocation range for mock flush hint tables (Jeff Moyer) [1375501] [3.10.0-842] - [crypto] aesni: add wrapper for generic gcm(aes) (Sabrina Dubroca) [1525527] - [crypto] aesni: fix typo in generic_gcmaes_decrypt (Sabrina Dubroca) [1525527] - [infiniband] iser-target: Fix possible use-after-free in connection establishment error (Don Dutile) [1519131] - [netdrv] hv_netvsc: Change GPADL teardown order according to Hyper-V version (Mohammed Gamal) [1529436] - [netdrv] hv_netvsc: Split netvsc_revoke_buf() and netvsc_teardown_gpadl() (Mohammed Gamal) [1529436] - [netdrv] cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages (Arjun Vynipadath) [1538425] - [netdrv] bnxt_en: export a common switchdev PARENT_ID for all reps of an adapter (Jonathan Toppins) [1536308] - [netdrv] ibmvnic: Allocate and request vpd in init_resources (Gustavo Duarte) [1537433] - [netdrv] ibmvnic: Revert to previous mtu when unsupported value requested (Gustavo Duarte) [1537433] - [netdrv] ibmvnic: Modify buffer size and number of queues on failover (Gustavo Duarte) [1537433] - [netdrv] revert mlx5: Expose command polling interface (Don Dutile) [1533670] - [netdrv] revert mlx5: Add fast unload support in shutdown flow (Don Dutile) [1533670] - [net] ipv4: fib: Fix metrics match when deleting a route (Phil Sutter) [1526442] - [net] sched: fix use-after-free in tcf_block_put_ext (Ivan Vecera) [1533034] - [net] sched: get rid of rcu_barrier() in tcf_block_put_ext() (Ivan Vecera) [1533034] - [net] use for_each_netdev_safe() in rtnl_group_changelink() (Lorenzo Bianconi) [1523618] - [net] openvswitch: Fix pop_vlan action for double tagged frames (Eric Garver) [1522739] - [net] openvswitch: fix list corruption on force commit (Eric Garver) [1531680] - [net] tcp: Split BUG_ON() in tcp_tso_should_defer() into two assertions (Stefano Brivio) [1532373] - [net] ethtool: add support for forward error correction modes (Ivan Vecera) [1530634] - [net] vxlan: restore dev->mtu setting based on lower device (Stefano Brivio) [1520310] - [net] xfrm: add UDP encapsulation port in migrate message (Bruno Eduardo de Oliveira Meneguele) [1460790] - [net] xfrm: extend MIGRATE with UDP encapsulation port (Bruno Eduardo de Oliveira Meneguele) [1460790] - [net] xfrm: fix state migration copy replay sequence numbers (Bruno Eduardo de Oliveira Meneguele) [1460790] - [net] xfrm: Cleanup error handling of xfrm_state_clone (Bruno Eduardo de Oliveira Meneguele) [1460790] - [net] xfrm: checkpatch errors with foo * bar (Bruno Eduardo de Oliveira Meneguele) [1460790] [3.10.0-841] - [gpu] drm/vmwgfx: fix memory corruption with legacy/sou connectors (Rob Clark) [1525872] - [gpu] drm/nouveau/disp/gf119: add missing drive vfunc ptr (Rob Clark) [1532388] - [gpu] drm/i915: Apply Display WA #1183 on skl, kbl, and cfl (Rob Clark) [1532388] - [gpu] drm/i915: Disable DC states around GMBUS on GLK (Rob Clark) [1532388] - [gpu] drm/i915/skl+: debugfs entry to control IPC (Rob Clark) [1532388] - [gpu] drm/i915/bxt+: Enable IPC support (Rob Clark) [1532388] - [gpu] drm/i915/gen9+: Add has_ipc flag in device info structure (Rob Clark) [1532388] - [gpu] drm/i915/gen10: Calculate and enable transition WM (Rob Clark) [1532388] - [gpu] drm/i915/skl+: Optimize WM calculation (Rob Clark) [1532388] - [gpu] drm/i915: Fixed point fixed16 wrapper cleanup (Rob Clark) [1532388] - [gpu] drm/i915: Flush pending GTT writes before unbinding (Rob Clark) [1532388] - [gpu] drm: Add retries for lspcon mode detection (Rob Clark) [1532388] - [gpu] drm/amdgpu: bypass lru touch for KIQ ring submission (Rob Clark) [1532388] - [gpu] drm/i915: Fix vblank timestamp/frame counter jumps on gen2 (Rob Clark) [1532388] - [gpu] drm/amdgpu: Use unsigned ring indices in amdgpu_queue_mgr_map (Rob Clark) [1532388] - [gpu] drm/i915: Prevent zero length 'index' write (Rob Clark) [1532388] - [gpu] drm/i915: Dont try indexed reads to alternate slave addresses (Rob Clark) [1532388] - [gpu] drm/i915/gvt: Correct ADDR_4K/2M/1G_MASK definition (Rob Clark) [1532388] - [gpu] drm/i915/fbdev: Serialise early hotplug events with async fbdev config (Rob Clark) [1532388] - [gpu] drm/i915: Re-register PMIC bus access notifier on runtime resume (Rob Clark) [1532388] - [gpu] drm/i915: Fix false-positive assert_rpm_wakelock_held in i915_pmic_bus_access_notifier v2 (Rob Clark) [1532388] - [gpu] drm/amdgpu: Set adev->vcn.irq.num_types for VCN (Rob Clark) [1532388] - [gpu] drm/amdgpu: move UVD/VCE and VCN structure out from union (Rob Clark) [1532388] - [gpu] drm/edid: Dont send non-zero YQ in AVI infoframe for HDMI 1.x sinks (Rob Clark) [1532388] - [gpu] drm/fb_helper: Disable all crtcs when initial setup fails (Rob Clark) [1532388] - [gpu] drm/amd/pp: fix typecast error in powerplay (Rob Clark) [1532388] - [gpu] drm/ttm: once more fix ttm_buffer_object_transfer (Rob Clark) [1532388] - [gpu] drm/radeon: fix atombios on big endian (Rob Clark) [1532388] - [gpu] drm/vblank: Tune drm_crtc_accurate_vblank_count() WARN down to a debug (Rob Clark) [1532388] - [gpu] drm/vblank: Fix flip event vblank count (Rob Clark) [1532388] - [gpu] drm/amdgpu: Remove check which is not valid for certain VBIOS (Rob Clark) [1532388] - [gpu] drm/amdgpu: Properly allocate VM invalidate eng v2 (Rob Clark) [1532388] - [gpu] drm/amdgpu: fix error handling in amdgpu_bo_do_create (Rob Clark) [1532388] - [gpu] drm/amdgpu: correct reference clock value on vega10 (Rob Clark) [1532388] - [gpu] drm/amdgpu: Potential uninitialized variable in amdgpu_vm_update_directories() (Rob Clark) [1532388] - [gpu] drm/amdgpu: potential uninitialized variable in amdgpu_vce_ring_parse_cs() (Rob Clark) [1532388] - [gpu] revert 'drm/radeon: dont switch vt on suspend' (Rob Clark) [1532388] - [x86] gpu: add CFL to early quirks (Rob Clark) [1532388] - [x86] gpu: CNL uses the same GMS values as SKL (Rob Clark) [1532388] - [x86] gpu: GLK uses the same GMS values as SKL (Rob Clark) [1532388] [3.10.0-840] - [i2c] designware: Find bus speed from ACPI (Gopal Tiwari) [1456705] - [i2c] core: Add function for finding the bus speed from ACPI, take 2 (Gopal Tiwari) [1456705] - [i2c] core: Cleanup I2C ACPI namespace, take 2 (Gopal Tiwari) [1456705] - [i2c] designware: Enable high speed mode (Gopal Tiwari) [1456705] - [i2c] designware: set the common config before the if else (Gopal Tiwari) [1456705] - [i2c] designware: Enable fast mode plus (Gopal Tiwari) [1456705] - [i2c] designware: get fast plus and high speed *CNT configuration (Gopal Tiwari) [1456705] - [i2c] designware: Move clk_freq into struct dw_i2c_dev (Gopal Tiwari) [1456705] - [i2c] i2c / acpi: add support for ACPI reconfigure notifications (Gopal Tiwari) [1456705] - [acpi] add support for ACPI reconfiguration notifiers (Gopal Tiwari) [1456705] - [acpi] scan: fix enumeration (visited) flags for bus rescans (Gopal Tiwari) [1456705] - [i2c] use pr_fmt in the core (Gopal Tiwari) [1456705] - [i2c] print more info when acpi_i2c_space_handler() fails (Gopal Tiwari) [1456705] - [i2c] add error message when obtaining idr fails (Gopal Tiwari) [1456705] - [i2c] improve error messages in i2c_register_adapter() (Gopal Tiwari) [1456705] - [i2c] cleanup i2c_register_adapter() by refactoring recovery init (Gopal Tiwari) [1456705] - [i2c] free idr when sanity checks in i2c_register_adapter() fail (Gopal Tiwari) [1456705] - [i2c] designware-pci: Make bus number allocation robust (Gopal Tiwari) [1456705] - [i2c] only check scl functions when using generic recovery (Gopal Tiwari) [1456705] - [i2c] let I2C masters ignore their children for PM (Gopal Tiwari) [1456705] - [i2c] core: use new 8 bit address helper function (Gopal Tiwari) [1456705] - [kernel] i2c: introduce helper function to get 8 bit address from a message (Gopal Tiwari) [1456705] - [i2c] immediately mark ourselves as registered (Gopal Tiwari) [1456705] - [i2c] do not use internal data from driver core (Gopal Tiwari) [1456705] - [i2c] Add generic support passing secondary devices addresses (Gopal Tiwari) [1456705] - [i2c] always enable RuntimePM for the adapter device (Gopal Tiwari) [1456705] - [i2c] i2c / acpi: Rework I2C device scanning (Gopal Tiwari) [1456705] - [i2c] core: Add support for best effort block read emulation (Gopal Tiwari) [1456705] - [i2c] doc: dt: describe generic bindings (Gopal Tiwari) [1456705] - [i2c] slave: print warning if slave flag not set (Gopal Tiwari) [1456705] - [i2c] support 10 bit and slave (Gopal Tiwari) [1456705] - [i2c] core: add and export of_get_i2c_adapter_by_node() interface (Gopal Tiwari) [1456705] - [i2c] core: manage i2c bus device refcount in i2c_get/put_adapter (Gopal Tiwari) [1456705] - [i2c] fix leaked device refcount on of_find_i2c_* error path (Gopal Tiwari) [1456705] - [i2c] take address space into account when checking for used addresses (Gopal Tiwari) [1456705] - [i2c] make address check indpendent from client struct (Gopal Tiwari) [1456705] - [i2c] rename address check functions (Gopal Tiwari) [1456705] - [i2c] core: only use set_scl for bus recovery after calling prepare_recovery (Gopal Tiwari) [1456705] - [i2c] core: Reduce stack size of acpi_i2c_space_handler() (Gopal Tiwari) [1456705] - [i2c] check for proper length of the reg property (Gopal Tiwari) [1456705] - [i2c] core: fix typo in comment (Gopal Tiwari) [1456705] - [i2c] apply address offset for slaves, too (Gopal Tiwari) [1456705] - [kernel] i2c: add a flag to mark clients as slaves (Gopal Tiwari) [1456705] - [i2c] slave: add error messages to slave core (Gopal Tiwari) [1456705] - [i2c] Mark adapter devices with pm_runtime_no_callbacks (Gopal Tiwari) [1456705] - [i2c] core: Export bus recovery functions (Gopal Tiwari) [1456705] - [i2c] change input parameter to i2c_adapter for prepare/unprepare_recovery (Gopal Tiwari) [1456705] - [i2c] documentation: i2c: describe the new slave mode (Gopal Tiwari) [1456705] - [i2c] clarify comments about the dev_released completion (Gopal Tiwari) [1456705] - [i2c] Only include slave support if selected (Gopal Tiwari) [1456705] - [i2c] designware: Do not calculate SCL timing parameters needlessly (Gopal Tiwari) [1456705] - [i2c] simplify boilerplate code for attribute groups (Gopal Tiwari) [1456705] - [i2c] do not try to load modules for of-registered devices (Gopal Tiwari) [1456705] - [i2c] acpi: Pick the first address if device has multiple (Gopal Tiwari) [1456705] - [i2c] Remove support for legacy PM (Gopal Tiwari) [1456705] - [i2c] core changes for slave support (Gopal Tiwari) [1456705] - [i2c] acpi: remove unneeded variable initialization (Gopal Tiwari) [1456705] - [i2c] acpi: Fix NULL Pointer dereference (Gopal Tiwari) [1456705] - [i2c] move acpi code back into the core (Gopal Tiwari) [1456705] - [i2c] add debug info when class instantiation was dropped (Gopal Tiwari) [1456705] - [i2c] acpi: Clean up I2C ACPI code and Add CONFIG_I2C_ACPI config (Gopal Tiwari) [1456705] - [i2c] acpi: Add i2c ACPI operation region support (Gopal Tiwari) [1456705] - [i2c] Add message transfer tracepoints for SMBUS (ver 2) (Gopal Tiwari) [1456705] - [i2c] Add message transfer tracepoints for I2C (Gopal Tiwari) [1456705] - [i2c] add deprecation warning for class based instantiation (Gopal Tiwari) [1456705] - [i2c] Use stable dev_name for ACPI enumerated I2C slaves (Gopal Tiwari) [1456705] - [i2c] attach/detach I2C client device to the ACPI power domain (Gopal Tiwari) [1456705] - [acpi] pm: allow child devices to ignore parent power state (Gopal Tiwari) [1456705] - [i2c] Not all adapters have a parent (Gopal Tiwari) [1456705] - [i2c] Remove redundant 'driver' field from the i2c_client struct (Gopal Tiwari) [1456705] - [media] core: Dont use i2c_client->driver (Gopal Tiwari) [1456705] - [acpi] pm: Make messages in acpi_device_set_power() print device names (Gopal Tiwari) [1456705] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-15265 CVE-2017-17449 CVE-2017-8824 CVE-2017-9725 CVE-2017-14140 CVE-2017-15121 CVE-2017-1000252 CVE-2017-1000407 CVE-2017-1000410 CVE-2017-15126 CVE-2017-17448 CVE-2017-12190 CVE-2017-17558 CVE-2017-7294 CVE-2017-15129 CVE-2018-5750 CVE-2017-12154 CVE-2016-3672 CVE-2017-18203 CVE-2018-1000004 CVE-2017-18017 CVE-2016-8633 CVE-2016-7913 CVE-2017-13166 CVE-2017-15116 CVE-2017-15127 CVE-2018-6927 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 6 [52.7.3-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [52.7.3-1] - Update to 52.7.3 ESR IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5148 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [52.7.3-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [52.7.3-1] - Update to 52.7.3 ESR IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5148 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [1.7.5-4] - Fix and enable tests (%check). - Backport a change which makes tests exit with nonzero status when they fail. - Add a fix for upstream tests for CVE-2018-7750 (broken in previous). [1.7.5-3] - Fix a security flaw (CVE-2018-7750) in Paramiko's server mode (emphasis on **server** mode; this does **not** impact *client* use!) Backported from 1.10: https://gist.github.com/stevebeattie/0eb190004e10ba0926ad8782f89676ad Resolves #1557140 CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-7750 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 7 [2.4.3-2.1] - Resolves: rhbz#1560467 - totemcrypto: Check length of the packet IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1084 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:5:patch Oracle Linux 6 [1:1.8.0.171-3.b10] - Cleanup from previous commit. - Resolves: rhbz#1559766 [1:1.8.0.171-2.b10] - Backported from fedora: aarch64BuildFailure.patch, rhbz_1536622-JDK8197429-jdk8.patch, rhbz_1540242.patch - Resolves: rhbz#1559766 [1:1.8.0.171-0.b10] - Update to aarch64-jdk8u171-b10. - Resolves: rhbz#1559766 [1:1.8.0.162-0.b12] - Update to aarch64-jdk8u162-b12. - Resolves: rhbz#1559766 CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-2795 CVE-2018-2799 CVE-2018-2794 CVE-2018-2798 CVE-2018-2814 CVE-2018-2797 CVE-2018-2800 CVE-2018-2790 CVE-2018-2796 CVE-2018-2815 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [1:1.8.0.171-7.b10] - Bump release number to be greater than RHEL 7.6 package to allow build with .el7 suffix - Resolves: rhbz#1559766 [1:1.8.0.171-4.b10] - Rebuilding due to bad nss-softokn brew-root build override - Resolves: rhbz#1559766 [1:1.8.0.171-3.b10] - Fix jconsole.desktop.in subcategory, replacing 'Monitor' with 'Profiling' (PR3550) - Resolves: rhbz#1559766 [1:1.8.0.171-3.b10] - Fix invalid license 'LGPL+' (should be LGPLv2+ for ECC code) and add misisng ones - Resolves: rhbz#1559766 [1:1.8.0.171-2.b10] - Add fix for TCK crash on Shenandoah. - Resolves: rhbz#1559766 [1:1.8.0.171-1.b10] - Cleanup from previous commit. - Remove unused upstream patch 8167200.hotspotAarch64.patch. - Resolves: rhbz#1559766 [1:1.8.0.171-1.b10] - Backported from fedora: aarch64BuildFailure.patch, rhbz_1536622-JDK8197429-jdk8.patch, rhbz_1540242.patch - Resolves: rhbz#1559766 [1:1.8.0.171-0.b10] - Update to aarch64-jdk8u171-b10 and aarch64-shenandoah-jdk8u171-b10. - Resolves: rhbz#1559766 [1:1.8.0.162-0.b12] - Update to aarch64-jdk8u162-b12 and aarch64-shenandoah-jdk8u162-b12. - Remove upstreamed patches for 8181055/PR3394/RH1448880, - 8181419/PR3413/RH1463144, 8145913/PR3466/RH1498309, - 8168318/PR3466/RH1498320, 8170328/PR3466/RR1498321 and - 8181810/PR3466/RH1498319. - Resolves: rhbz#1559766 CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 CVE-2018-2790 CVE-2018-2794 CVE-2018-2799 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 kernel [2.6.18-419.0.0.0.10] - Backport CVE-2017-5715 to RHCK/OL5 [orabug 27787723] [2.6.18-419.0.0.0.9] - rebuild with retpoline compiler IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-5715 cpe:/a:oracle:linux:5::ELS Oracle Linux 6 [2.6-8] - Fixed year overflow detected in rpmdiff [2.6-7] - Fixed CVE-2018-1000156 - Malicious patch files cause ed to execute arbitrary commands IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1000156 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 Oracle Linux 7 [2.7.1-10] - Fixed Coverity reported issues [2.7.1-9] - Fixed CVE-2018-1000156 - Malicious patch files cause ed to execute arbitrary commands IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1000156 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 7 [1.2.12-1.1] - fixed bad NVR - resolves rhbz#1561232 [1.2.12-2] - fixed CVE-2018-1000140 - resolves rhbz#1561232 CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-1000140 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 7 [1.1.5-2.0.1] - remove PackageKit-0.3.8-Fedora-Vendor.conf.patch [1.1.5-2] - Fixes CVE-2018-1106 - Resolves: rhbz#1566425 MODERATE Copyright 2018 Oracle, Inc. CVE-2018-1106 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 6 [1.2.7-3.1] - fixed CVE-2018-1000140 - resolved: rhbz#1561230 CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-1000140 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [1:1.7.0.181-2.6.14.1.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.181-2.6.14.1] - Fix invalid license 'LGPL+' (should be LGPLv2+ for ECC code) and add missing ones - Resolves: rhbz#1559766 [1:1.7.0.181-2.6.14.0] - Bump to 2.6.14 and u181b00. - Drop 8197981 Zero 32-bit patch now applied upstream. - Update RC4 patch (8076221/PR2809) to apply after 8175075 (disable 3DES) - Resolves: rhbz#1559766 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-2790 CVE-2018-2814 CVE-2018-2798 CVE-2018-2799 CVE-2018-2796 CVE-2018-2800 CVE-2018-2797 CVE-2018-2815 CVE-2018-2794 CVE-2018-2795 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [1:1.7.0.181-2.6.14.5.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.181-2.6.14.5] - added depndence on latest c-j-c who do not have the incorrect jre-abrt handling - Resolves: rhbz#1559766 [1:1.7.0.181-2.6.14.3] - Bump release number to an unused one as rhel-7.5-z-java-unsafe-candidate wrongly using .el7 - Resolves: rhbz#1559766 [1:1.7.0.181-2.6.14.1] - Fix invalid license 'LGPL+' (should be LGPLv2+ for ECC code) and add missing ones - Resolves: rhbz#1559766 [1:1.7.0.181-2.6.14.0] - Bump to 2.6.14 and u181b00. - Drop 8197981 Zero 32-bit patch now applied upstream. - Update RC4 patch (8076221/PR2809) to apply after 8175075 (disable 3DES) - Resolves: rhbz#1559766 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-2794 CVE-2018-2795 CVE-2018-2815 CVE-2018-2800 CVE-2018-2797 CVE-2018-2799 CVE-2018-2814 CVE-2018-2790 CVE-2018-2798 CVE-2018-2796 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [3.10.0-862.2.3.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-862.2.3] - [x86] kvm: fix icebp instruction handling (Paolo Bonzini) [1566849 1566845] {CVE-2018-1087} - [x86] entry/64: Don't use IST entry for #BP stack (Paolo Bonzini) [1567084 1567083] {CVE-2018-8897} [3.10.0-862.2.2] - [kernel] perf/hwbp: Simplify the perf-hwbp code, fix documentation (Eugene Syromiatnikov) [1569878 1569874] {CVE-2018-1000199} [3.10.0-862.2.1] - [md] dm: fix dropped return code from dm_get_bdev_for_ioctl (Mike Snitzer) [1567746 1562962] - [crypto] aesni: Add support for 192 & 256 bit keys to AESNI RFC4106 (Bruno Eduardo de Oliveira Meneguele) [1570537 1568167] [3.10.0-862.1.1] - [x86] kexec/64: Clear control page after PGD init (Waiman Long) [1565700 1540061] - [x86] pti: Rework the UEFI data corruption fix (Waiman Long) [1565700 1540061] - [powerpc] tm: Flush TM only if CPU has TM feature (David Gibson) [1563773 1544676] {CVE-2018-1091} - [gpu] drm/i915/glk: IPC linetime watermark workaround for GLK (Lyude Paul) [1563711 1548651] - [x86] apic: Remove the (now) unused disable_IO_APIC() function (Baoquan He) [1563108 1521003] - [x86] apic: Fix restoring boot IRQ mode in reboot and kexec/kdump (Baoquan He) [1563108 1521003] - [x86] apic: Split disable_IO_APIC() into two functions to fix CONFIG_KEXEC_JUMP=y (Baoquan He) [1563108 1521003] - [x86] apic: Split out restore_boot_irq_mode() from disable_IO_APIC() (Baoquan He) [1563108 1521003] - [netdrv] i40e: Close client on suspend and restore client MSIx on resume (Stefan Assmann) [1563106 1538847] - [fs] nfs: Fix unstable write completion (Scott Mayhew) [1563103 1544647] - [x86] kvm: Fix device passthrough when SME is active (Suravee Suthikulpanit) [1563098 1557911] - [powerpc] powernv: Support firmware disable of RFI flush (Mauricio Oliveira) [1563096 1553927] - [powerpc] pseries: Support firmware disable of RFI flush (Mauricio Oliveira) [1563096 1553927] - [powerpc] pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper (Mauricio Oliveira) [1563096 1553927] - [nvme] fixup nvme_sysfs_delete() (David Milburn) [1563092 1543716] - [x86] smpboot: Fix uncore_pci_remove() indexing bug when hot-removing a physical CPU (Prarit Bhargava) [1563091 1527731] - [x86] tsc: Fix erroneous TSC rate on Skylake Xeon (Prarit Bhargava) [1563088 1466058] - [x86] tsc: Print tsc_khz, when it differs from cpu_khz (Prarit Bhargava) [1563088 1466058] - [x86] tsc: Future-proof native_calibrate_tsc() (Prarit Bhargava) [1563088 1466058] - [scsi] csiostor: add support for 32 bit port capabilities (Arjun Vynipadath) [1561906 1526163] - [netdrv] cxgb4/cxgbvf: Handle 32-bit fw port capabilities (Arjun Vynipadath) [1561906 1526163] - [netdrv] cxgb4vf: define get_fecparam ethtool callback (Arjun Vynipadath) [1561906 1526163] - [netdrv] cxgb4: ethtool forward error correction management support (Arjun Vynipadath) [1561906 1526163] - [netdrv] cxgb4: core hardware/firmware support for Forward Error Correction on a link (Arjun Vynipadath) [1561906 1526163] - [iscsi-target] Fix panic when adding second TCP connection to iSCSI session (Maurizio Lombardi) [1561900 1544670] - [crypto] chelsio: Fix src buffer dma length (Arjun Vynipadath) [1561899 1548047] - [crypto] chelsio: Move DMA un/mapping to chcr from lld cxgb4 driver (Arjun Vynipadath) [1561899 1548047] - [crypto] chelsio: Remove unused parameter (Arjun Vynipadath) [1561899 1548047] - [crypto] chelsio: Remove allocation of sg list to implement 2K limit of dsgl header (Arjun Vynipadath) [1561899 1548047] - [crypto] chelsio: introduce __skb_put_zero() (Arjun Vynipadath) [1561899 1548047] - [crypto] chelsio: make skb_put & friends return void pointers (Arjun Vynipadath) [1561899 1548047] - [gpu] drm/i915/cfl: Remove alpha support protection (Rob Clark) [1561897 1464911] - [gpu] drm/i915/cnl: Map VBT DDC Pin to BSpec DDC Pin (Rob Clark) [1561897 1464911] - [gpu] drm/i915: Add retries for LSPCON detection (Rob Clark) [1561897 1464911] - [gpu] drm/i915: Don't give up waiting on INVALID_MODE (Rob Clark) [1561897 1464911] - [nvme] pci: Fix EEH failure on ppc (Mauricio Oliveira) [1561894 1558499] - [net] netfilter: ebtables: fix erroneous reject of last rule (Florian Westphal) [1552366 1552370] {CVE-2018-1068} - [net] netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets (Florian Westphal) [1552366 1552370] {CVE-2018-1068} - [net] netfilter: bridge: ebt_among: add more missing match size checks (Florian Westphal) [1552366 1552370] {CVE-2018-1068} - [net] netfilter: bridge: ebt_among: add missing match size checks (Florian Westphal) [1552366 1552370] {CVE-2018-1068} - [net] ipsec: Fix aborted xfrm policy dump crash (Bruno Eduardo de Oliveira Meneguele) [1517292 1517290] {CVE-2017-16939} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-8897 CVE-2018-1000199 CVE-2018-1087 CVE-2018-1091 CVE-2017-16939 CVE-2018-1068 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [2.6.32-696.28.1.OL6] - Update genkey [bug 25599697] [2.6.32-696.28.1] - [x86] entry/64: Don't use IST entry for #BP stack (Waiman Long) [1567078 1567079] {CVE-2018-8897} - [x86] xen: do not use xen_info on HVM, set pv_info name to 'Xen HVM' (Vitaly Kuznetsov) [1569141 1568241] [2.6.32-696.27.1] - [mm] account skipped entries to avoid looping in find_get_pages (Dave Wysochanski) [1565989 1559386] - [x86] pti/32: Don't use trampoline stack on Xen PV (Waiman Long) [1568327 1562725] - [x86] pti: Use boot_cpu_has(X86_FEATURE_PTI_SUPPORT) for early call sites (Waiman Long) [1568327 1562725] - [x86] pti: Set X86_FEATURE_PTI_SUPPORT early (Waiman Long) [1568327 1562725] - [x86] pti: Rename X86_FEATURE_NOPTI to X86_FEATURE_PTI_SUPPORT (Waiman Long) [1568327 1562725] - [x86] pti/32: Fix setup_trampoline_page_table() bug (Waiman Long) [1568327 1562725] - [x86] entry: Remove extra argument in call instruction (Waiman Long) [1568332 1562552] - [x86] syscall: Fix ia32_ptregs handling bug in 64-bit kernel (Waiman Long) [1568332 1562552] - [x86] efi/64: Align efi_pgd on even page boundary (Waiman Long) [1568535 1558845] - [x86] pgtable/pae: Revert 'Use separate kernel PMDs for user page-table' (Waiman Long) [1568535 1558845] - [x86] pgtable/pae: Revert 'Unshare kernel PMDs when PTI is enabled' (Waiman Long) [1568535 1558845] - [x86] mm: Dump both kernel & user page tables at fault (Waiman Long) [1568535 1558845] - [x86] entry/32: Fix typo in PARANOID_EXIT_TO_KERNEL_MODE (Waiman Long) [1568535 1558845] [2.6.32-696.26.1] - [s390] qeth: check not more than 16 SBALEs on the completion queue (Hendrik Brueckner) [1557477 1520860] - [x86] pti: Disable kaiser_add_mapping if X86_FEATURE_NOPTI (Waiman Long) [1561441 1557562] {CVE-2017-5754} - [x86] irq/ioapic: Check for valid irq_cfg pointer in smp_irq_move_cleanup_interrupt (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] kexec/64: Clear control page after PGD init (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] efi/64: Fix potential PTI data corruption problem (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pti/mm: Fix machine check with PTI on old AMD CPUs (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pti/mm: Enable PAGE_GLOBAL if not affected by Meltdown (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] retpoline: Avoid retpolines for built-in __init functions (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] kexec/32: Allocate 8k PGD for PTI (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] spec_ctrl: Patch out lfence on old 32-bit CPUs (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] spec_ctrl/32: Enable IBRS processing on kernel entries & exits (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] spec_ctrl/32: Stuff RSB on kernel entry (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32 (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pti/32: Add a PAE specific version of __pti_set_user_pgd (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] mm/dump_pagetables: Support PAE page table dumping (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pgtable/pae: Use separate kernel PMDs for user page-table (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] mm/pae: Populate valid user PGD entries (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pti: Enable x86-32 for kaiser.c (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pti: Disable PCID handling in x86-32 TLB flushing code (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pgtable: Disable user PGD poisoning for PAE (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pgtable: Move more PTI functions out of pgtable_64.h (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pgtable: Move pgdp kernel/user conversion functions to pgtable.h (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pgtable/32: Allocate 8k page-tables when PTI is enabled (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pgtable/pae: Unshare kernel PMDs when PTI is enabled (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Handle debug exception similar to NMI (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Add PTI cr3 switch to non-NMI entry/exit points (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Add PTI cr3 switches to NMI handler code (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Enable the use of trampoline stack (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Change INT80 to be an interrupt gate (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Handle Entry from Kernel-Mode on Entry-Stack (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Leave the kernel via trampoline stack (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Enter the kernel via trampoline stack (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Restore segments before int registers (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Split off return-to-kernel path (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Unshare NMI return path (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Put ESPFIX code into a macro (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Rename TSS_sysenter_sp0 to TSS_entry_stack (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] pti: Add X86_FEATURE_NOPTI to permanently disable PTI (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] entry/32: Simplify and fix up the SYSENTER stack #DB/NMI fixup (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] doublefault: Set the right gs register for doublefault (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] syscall: int80 must not clobber r12-15 (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] syscall: change ia32_syscall() to create the full register frame in ia32_do_call() (Waiman Long) [1553283 1550599] {CVE-2017-5754} - [x86] cve: Make all Meltdown/Spectre percpu variables available to x86-32 (Waiman Long) [1553283 1550599] {CVE-2017-5754} [2.6.32-696.25.1] - [net] packet: Allow packets with only a header (but no payload) (Lorenzo Bianconi) [1557896 1535024] - [net] packet: make packet too small warning match condition (Lorenzo Bianconi) [1557896 1535024] - [net] packet: bail out of packet_snd() if L2 header creation fails (Lorenzo Bianconi) [1557896 1535024] - [net] packet: make packet_snd fail on len smaller than l2 header (Lorenzo Bianconi) [1557896 1535024] - [net] dccp: use-after-free in DCCP code (Stefano Brivio) [1520818 1520817] {CVE-2017-8824} - [fs] nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [1447640 1447641] {CVE-2017-7645} - [netdrv] be2net: Fix UE detection logic for BE3 (Ivan Vecera) [1552706 1437991] - [x86] skip check for spurious faults for non-present faults (Daniel Vacek) [1551471 1495167] - [x86] mm: Fix boot crash caused by incorrect loop count calculation in sync_global_pgds() (Daniel Vacek) [1551471 1495167] - [scsi] lpfc: Null pointer dereference when log_verbose is set to 0xffffffff (Dick Kennedy) [1540481 1538340] - [mm] prevent concurrent unmap_mapping_range() on the same inode (Miklos Szeredi) [1538654 1408108] - [s390] fix transactional execution control register handling (Hendrik Brueckner) [1538591 1520862] - [netdrv] bnx2x: prevent crash when accessing PTP with interface down (Michal Schmidt) [1538586 1518669] - [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic fixup (Jarod Wilson) [1548429 1548432] {CVE-2017-13166} - [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic (Jarod Wilson) [1548429 1548432] {CVE-2017-13166} - [net] netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Florian Westphal) [1543089 1543091] {CVE-2017-18017} - [net] netfilter: xt_TCPMSS: fix handling of malformed TCP header and options (Florian Westphal) [1543089 1543091] {CVE-2017-18017} - [net] netfilter: xt_TCPMSS: SYN packets are allowed to contain data (Florian Westphal) [1543089 1543091] {CVE-2017-18017} - [net] bluetooth: Prevent uninitialized data (Gopal Tiwari) [1519627 1519626] {CVE-2017-1000410} [2.6.32-696.24.1] - [kernel] sched/core: Rework rq->clock update skips (Lauro Ramos Venancio) [1551475 1212959] - [kernel] sched: Remove useless code in yield_to() (Lauro Ramos Venancio) [1551475 1212959] - [kernel] sched: Set skip_clock_update in yield_task_fair() (Lauro Ramos Venancio) [1551475 1212959] - [kernel] sched, rt: Update rq clock when unthrottling of an otherwise idle CPU (Lauro Ramos Venancio) [1551475 1212959] - [kernel] lockdep: Fix lock_is_held() on recursion (Lauro Ramos Venancio) [1551475 1212959] - [net] bonding: discard lowest hash bit for 802.3ad layer3+4 (Hangbin Liu) [1550103 1532167] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-7645 CVE-2017-13166 CVE-2017-1000410 CVE-2017-18017 CVE-2018-8897 CVE-2017-8824 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 Oracle Linux 6 [1.2.11.15-95] - Bump version to 1.2.11-15-95 - Resolves: Bug 1562152 - EMBARGOED CVE-2018-1089 389-ds-base: ns-slapd crash via large filter value in ldapsearch IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1089 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 7 [1.3.7.5-21] - Bump version to 1.3.7.5-21 - Resolves: Bug 1559818 - EMBARGOED CVE-2018-1089 389-ds-base: ns-slapd crash via large filter value in ldapsearch [1.3.7.5-20] - Bump version to 1.3.7.5-20 - Resolves: Bug 1563079 - adjustment of csn_generator can fail so next generated csn can be equal to the most recent one received - Resolves: Bug 1559764 - memberof fails if group is moved into scope - Resolves: Bug 1554720 - 'Truncated search results' pop-up appears in user details in WebUI - Resolves: Bug 1553605 - ipa-server-install fails with Error: Upgrade failed with no such entry - Resolves: Bug 1559760 - ds-replcheck: add -W option to ask for the password from stdin instead of passing it on command line - Resolves: Bug 1559464 - replica_write_ruv log a failure even when it succeeds IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1089 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 7 [3.9.0-14.el7_5.4] - lxc: Drop useless check in live device update (rhbz#1557922) - Pass oldDev to virDomainDefCompatibleDevice on device update (rhbz#1557922) - qemu: Fix updating device with boot order (rhbz#1557922) - conf: Fix crash in virDomainDefCompatibleDevice (rhbz#1557922) - vmx: check for present/enabled devices earlier (rhbz#1566524) - vmx: allocate space for network interfaces if needed (rhbz#1566524) - internal: add STRCASEPREFIX (rhbz#1566524) - vmx: convert any amount of NICs (rhbz#1566524) - qemu: Use dynamic buffer for storing PTY aliases (rhbz#1566525) - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) (CVE-2018-1064) [3.9.0-14.el7_5.3] - qemu_cgroup: Fix 'rc' argument on virDomainAuditCgroupPath() calls (rhbz#1564996) - util: Introduce virStringListMerge (rhbz#1564996) - util: Introduce virDevMapperGetTargets (rhbz#1564996) - qemu_cgroup: Handle device mapper targets properly (rhbz#1564996) LOW Copyright 2018 Oracle, Inc. CVE-2018-1064 CVE-2018-5748 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest Oracle Linux 6 [52.8.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [52.8.0-1] - Update to 52.8.0 ESR CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-5158 CVE-2018-5178 CVE-2018-5155 CVE-2018-5157 CVE-2018-5154 CVE-2018-5159 CVE-2018-5183 CVE-2018-5150 CVE-2018-5168 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 7 [52.8.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [52.8.0-1] - Update to 52.8.0 ESR CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-5158 CVE-2018-5168 CVE-2018-5150 CVE-2018-5154 CVE-2018-5183 CVE-2018-5159 CVE-2018-5155 CVE-2018-5157 CVE-2018-5178 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 7 [1.5.3-156.el7_5.1] - kvm-vga-add-ram_addr_t-cast.patch [bz#1567913] - kvm-vga-fix-region-calculation.patch [bz#1567913] - Resolves: bz#1567913 (CVE-2018-7858 qemu-kvm: Qemu: cirrus: OOB access when updating vga display [rhel-7] [rhel-7.5.z]) MODERATE Copyright 2018 Oracle, Inc. CVE-2018-7858 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:5:patch Oracle Linux 7 [12:4.2.5-68.0.1.1] - Direct users to Oracle Linux support site. [12:4.2.5-68.1] - Resolves: #1570898 - Fix CVE-2018-1111: Do not parse backslash as escape character CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-1111 cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:linux:7:5:base cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ol7 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ol7 Oracle Linux 6 [12:4.1.1-53.P1.0.1.4] - Added oracle-errwarn-message.patch [12:4.1.1-53.P1.el6_9.4] - Resolves: #1570897 - Fix comamnd execution in NM script (CVE-2018-1111) CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-1111 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [3.10.0-862.3.2.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-862.3.2] - [x86] spec_ctrl: Fix late microcode problem with AMD (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] entry: Add missing '$' in IBRS macros (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] spec_ctrl: Clean up entry code & remove unused APIs (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] spec_ctrl: Mask off SPEC_CTRL MSR bits that are managed by kernel (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [fs] proc: Use CamelCase for SSBD (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] bugs: Rename _RDS to _SSBD (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [kernel] seccomp: Enable speculation flaw mitigations (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [fs] proc: Provide details on speculation flaw mitigations (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] nospec: Allow getting/setting on non-current task (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] speculation: Add prctl for Speculative Store Bypass mitigation (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] process: Allow runtime control of Speculative Store Bypass (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [uapi] prctl: Add speculation control prctls (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] kvm/vmx: Expose SPEC_CTRL Bit(2) to the guest (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] bugs/amd: Add support to disable RDS on Fam[15, 16, 17]h if requested (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] spec_ctrl: Sync up RDS setting with IBRS code (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] bugs: Expose /sys/../spec_store_bypass (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] bugs: Read SPEC_CTRL MSR during boot and re-use (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] cpufeatures: Make CPU bugs sticky (Waiman Long) [1566904 1566905] {CVE-2018-3639} [3.10.0-862.3.1] - [x86] kpti/kexec: fix wrong page address in clear_page (Dave Young) [1573173 1571162] - [x86] kvm: fix icebp instruction handling (Paolo Bonzini) [1566849 1566845] {CVE-2018-1087} - [x86] entry/64: Don't use IST entry for #BP stack (Paolo Bonzini) [1567084 1567083] {CVE-2018-8897} - [kernel] perf/hwbp: Simplify the perf-hwbp code, fix documentation (Eugene Syromiatnikov) [1569878 1569874] {CVE-2018-1000199} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3639 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [3.9.0-14.el7_5.5] - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3639 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1.5.3-156.el7_5.2] - kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch [bz#1574075] - Resolves: bz#1574075 (EMBARGOED CVE-2018-3639 qemu-kvm: Kernel: omega-4 [rhel-7.5.z]) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3639 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:5:patch Oracle Linux 6 [1:1.7.0.181-2.6.14.8.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.181-2.6.14.8] - added and applied 1566890_embargoed20180521.patch - Resolves: rhbz#1578550 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3639 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [1:1.7.0.181-2.6.14.8.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.181-2.6.14.8] - added and applied 1566890_embargoed20180521.patch - Resolves: rhbz#1578560 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3639 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 7 [1:1.8.0.171-8.b10] - added and applied 1566890_embargoed20180521.patch - Resolves: rhbz#1578555 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3639 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 6 [1:1.8.0.171-8.b10] - added and applied 1566890_embargoed20180521.patch - Resolves: rhbz#1578545 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3639 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [2.6.32-696.30.1.OL6] - Update genkey [bug 25599697] [2.6.32-696.30.1] - [x86] x86/kvm: fix CPUID_7_EDX (word 18) mask (Jan Stancek) [1566893 1566899] {CVE-2018-3639} [2.6.32-696.29.1] - [x86] x86/spec_ctrl: Fix late microcode problem with AMD (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/spec_ctrl: Clean up entry code & remove unused APIs (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/spec_ctrl: Mask off SPEC_CTRL MSR bits that are managed by kernel (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/bugs: Rename _RDS to _SSBD (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/speculation: Add prctl for Speculative Store Bypass mitigation (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/process: Allow runtime control of Speculative Store Bypass (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [kernel] prctl: Add speculation control prctls (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/kvm: Expose the RDS bit to the guest (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/bugs/AMD: Add support to disable RDS on Fam[15, 16, 17]h if requested (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/spec_ctrl: Sync up RDS setting with IBRS code (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/bugs: Expose the /sys/../spec_store_bypass and X86_BUG_SPEC_STORE_BYPASS (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/spec_ctrl: Use separate PCP variables for IBRS entry and exit (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] cpu/intel: Knight Mill and Moorefield update to intel-family.h (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/speculation: Update Speculation Control microcode blacklist (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/cpuid: Fix up 'virtual' IBRS/IBPB/STIBP feature bits on Intel (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/cpufeatures: Clean up Spectre v2 related CPUID flags (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/cpufeatures: Add AMD feature bits for Speculation Control (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/cpufeatures: Add Intel feature bits for Speculation (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/cpufeatures: Add CPUID_7_EDX CPUID leaf (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] x86/cpu: Fill in feature word 13, CPUID_8000_0008_EBX (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] Extend RH cpuinfo to 10 extra words (Waiman Long) [1566893 1566899] {CVE-2018-3639} - [x86] kpti/kexec: fix wrong page address in clear_page (Dave Young) [1573176 1572487] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3639 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 6 [0.12.1.2-2.503.el6_9.6] - qemu-kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch [bz#1574067] - Resolves: bz#1574067 (EMBARGOED CVE-2018-3639 qemu-kvm: Kernel: omega-4 [rhel-6.9.z]) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3639 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [0.10.2-62.0.1.el6_9.2] - Replace docs/et.png in tarball with blank image [0.10.2-62.el6_9.2] - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3639 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [3.3.10-17.el7_5.2] - check for truncation after calling snprintf() - Related: CVE-2018-1124 [3.3.10-17.el7_5.1] - fix integer overflows leading to heap overflow in file2strvec() - Resolves: CVE-2018-1124 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1124 CVE-2018-1126 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 7 [52.8.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.8.0-1] - Update to 52.8.0 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5161 CVE-2018-5168 CVE-2018-5184 CVE-2018-5185 CVE-2018-5154 CVE-2018-5159 CVE-2018-5183 CVE-2018-5170 CVE-2018-5178 CVE-2018-5155 CVE-2018-5162 CVE-2018-5150 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest Oracle Linux 6 [52.8.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.8.0-2] - Update to 52.8.0 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5150 CVE-2018-5178 CVE-2018-5161 CVE-2018-5162 CVE-2018-5155 CVE-2018-5168 CVE-2018-5170 CVE-2018-5159 CVE-2018-5184 CVE-2018-5185 CVE-2018-5154 CVE-2018-5183 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [3.2.8-45.0.1.el6_9.3 ] - vmstat: fix invalid CPU utilization stats after vCPU hot-plug/unplug (Konrad Rzeszutek Wilk) [bug 18011019] [3.2.8-45.el6_9.3] - drop leftover assignment in fix for CVE-2018-1124 causing a severe regression - Resolves: CVE-2018-1124 [3.2.8-45.el6_9.2] - fix integer overflows leading to heap overflow in file2strvec() - Resolves: CVE-2018-1124 CVE-2018-1126 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1124 CVE-2018-1126 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [3.0-4.17] - Rebase patch to avoid orig files in source JAR - Related: CVE-2016-5003 [3.0-4.16] - Disallow deserialization of <ex:serializable> tags by default - Resolves: CVE-2016-5003 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2016-5003 cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [1:3.1.3-9] - Disallow deserialization of <ex:serializable> tags by default - Resolves: CVE-2016-5003 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2016-5003 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_developer Oracle Linux 7 [0:2.4.2-5] - Fix arbitrary file write vulnerability - Resolves: CVE-2018-1002200 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1002200 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_developer Oracle Linux 7 [3.10.0-862.3.3.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-862.3.3] - [x86] always enable eager FPU by default on non-AMD processors (Paolo Bonzini) [1589051 1589048] {CVE-2018-3665} MODERATE Copyright 2018 Oracle, Inc. CVE-2018-3665 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [2.6.32-754.OL6] - Update genkey [bug 25599697] [2.6.32-754] - [powerpc] 64s: Add support for a store forwarding barrier at kernel entry/exit (Mauricio Oliveira) [1581053] {CVE-2018-3639} - [x86] amd: Disable AMD SSBD mitigation in a VM (Waiman Long) [1580360] - [x86] spec_ctrl: Fix late microcode problem with AMD (Waiman Long) [1566899] {CVE-2018-3639} - [x86] spec_ctrl: Clean up entry code & remove unused APIs (Waiman Long) [1566899] {CVE-2018-3639} - [x86] spec_ctrl: Mask off SPEC_CTRL MSR bits that are managed by kernel (Waiman Long) [1566899] {CVE-2018-3639} - [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Waiman Long) [1566899] {CVE-2018-3639} - [x86] bugs: Rename _RDS to _SSBD (Waiman Long) [1566899] {CVE-2018-3639} - [x86] speculation: Add prctl for Speculative Store Bypass mitigation (Waiman Long) [1566899] {CVE-2018-3639} - [x86] process: Allow runtime control of Speculative Store Bypass (Waiman Long) [1566899] {CVE-2018-3639} - [kernel] prctl: Add speculation control prctls (Waiman Long) [1566899] {CVE-2018-3639} - [x86] kvm: Expose the RDS bit to the guest (Waiman Long) [1566899] {CVE-2018-3639} - [x86] bugs/AMD: Add support to disable RDS on Fam(15, 16, 17)h if requested (Waiman Long) [1566899] {CVE-2018-3639} - [x86] spec_ctrl: Sync up RDS setting with IBRS code (Waiman Long) [1566899] {CVE-2018-3639} - [x86] bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Waiman Long) [1566899] {CVE-2018-3639} - [x86] bugs: Expose the /sys/../spec_store_bypass and X86_BUG_SPEC_STORE_BYPASS (Waiman Long) [1566899] {CVE-2018-3639} - [x86] bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Waiman Long) [1566899] {CVE-2018-3639} - [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpu/intel: Knight Mill and Moorefield update to intel-family.h (Waiman Long) [1566899] {CVE-2018-3639} - [x86] speculation: Update Speculation Control microcode blacklist (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpuid: Fix up 'virtual' IBRS/IBPB/STIBP feature bits on Intel (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpufeatures: Clean up Spectre v2 related CPUID flags (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpufeatures: Add AMD feature bits for Speculation Control (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpufeatures: Add Intel feature bits for Speculation (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpufeatures: Add CPUID_7_EDX CPUID leaf (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpu: Fill in feature word 13, CPUID_8000_0008_EBX (Waiman Long) [1566899] {CVE-2018-3639} - [x86] Extend RH cpuinfo to 10 extra words (Waiman Long) [1566899] {CVE-2018-3639} - [x86] invpcid: Enable 'noinvpcid' boot parameter for X86_32 (Waiman Long) [1560494] - [x86] dumpstack_32: Fix kernel panic in dump_trace (Waiman Long) [1577351] - [fs] gfs2: For fs_freeze, do a log flush and flush the ail1 list (Robert S Peterson) [1569148] - [net] dccp: check sk for closed state in dccp_sendmsg() (Stefano Brivio) [1576586] {CVE-2018-1130} - [net] ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped (Stefano Brivio) [1576586] {CVE-2018-1130} [2.6.32-753] - [x86] vm86-32: Properly set up vm86-32 stack for task switching (Waiman Long) [1572865] - [x86] spec_ctrl: Enable IBRS and RSB stuffing in 32-bit interrupts (Waiman Long) [1571362] - [x86] entry/32: Fix regressions in 32-bit debug exception (Waiman Long) [1571362] [2.6.32-752] - [x86] kpti/kexec: fix wrong page address in clear_page (Dave Young) [1572487] - [fs] fix WARNING in rmdir() (Miklos Szeredi) [1282117] - [net] sctp: label accepted/peeled off sockets (Marcelo Leitner) [1571357] - [net] security: export security_sk_clone (Marcelo Leitner) [1571357] [2.6.32-751] - [md] dm thin: fix regression that caused discards to be disabled if passdown was (Mike Snitzer) [1569377] - [s390] configs: enable auto expoline support (Hendrik Brueckner) [1554959] - [s390] correct nospec auto detection init order (Hendrik Brueckner) [1554959] - [s390] add sysfs attributes for spectre (Hendrik Brueckner) [1554959] - [s390] report spectre mitigation via syslog (Hendrik Brueckner) [1554959] - [s390] add automatic detection of the spectre defense (Hendrik Brueckner) [1554959] - [s390] move nobp parameter functions to nospec-branch.c (Hendrik Brueckner) [1554959] - [s390] do not bypass BPENTER for interrupt system calls (Hendrik Brueckner) [1554959] - [s390] Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*) (Hendrik Brueckner) [1554959] - [s390] introduce execute-trampolines for branches (Hendrik Brueckner) [1554959] - [s390] run user space and KVM guests with modified branch prediction (Hendrik Brueckner) [1554959] - [s390] add optimized array_index_mask_nospec (Hendrik Brueckner) [1554959] - [s390] scrub registers on kernel entry and KVM exit (Hendrik Brueckner) [1554959] - [s390] align and prepare spectre mitigation for upstream commits (Hendrik Brueckner) [1554959] - [x86] xen: do not use xen_info on HVM, set pv_info name to 'Xen HVM' (Vitaly Kuznetsov) [1568241] - [net] sctp: verify size of a new chunk in _sctp_make_chunk() (Stefano Brivio) [1551908] {CVE-2018-5803} [2.6.32-750] - [fs] fuse: fix punching hole with unaligned end (Miklos Szeredi) [1387473] {CVE-2017-15121} - [documentation] kdump: fix documentation about panic_on_warn to match r (Pingfan Liu) [1555196] - [fs] Provide sane values for nlink (Leif Sahlberg) [1554342] [2.6.32-749] - [powerpc] pseries: Restore default security feature flags on setup (Mauricio Oliveira) [1561788] - [powerpc] Move default security feature flags (Mauricio Oliveira) [1561788] - [powerpc] pseries: Fix clearing of security feature flags (Mauricio Oliveira) [1561788] - [powerpc] 64s: Wire up cpu_show_spectre_v2() (Mauricio Oliveira) [1561788] - [powerpc] 64s: Wire up cpu_show_spectre_v1() (Mauricio Oliveira) [1561788] - [powerpc] pseries: Use the security flags in pseries_setup_rfi_flush() (Mauricio Oliveira) [1561788] - [powerpc] 64s: Enhance the information in cpu_show_meltdown() (Mauricio Oliveira) [1561788] - [powerpc] 64s: Move cpu_show_meltdown() (Mauricio Oliveira) [1561788] - [powerpc] pseries: Set or clear security feature flags (Mauricio Oliveira) [1561788] - [powerpc] Add security feature flags for Spectre/Meltdown (Mauricio Oliveira) [1561788] - [powerpc] pseries: Add new H_GET_CPU_CHARACTERISTICS flags (Mauricio Oliveira) [1561788] - [lib] seq: Add seq_buf_printf() (Mauricio Oliveira) [1561788] - [powerpc] rfi-flush: Call setup_rfi_flush() after LPM migration (Mauricio Oliveira) [1561786] - [powerpc] rfi-flush: Differentiate enabled and patched flush types (Mauricio Oliveira) [1561786] - [powerpc] rfi-flush: Always enable fallback flush on pseries (Mauricio Oliveira) [1561786] - [powerpc] rfi-flush: Make it possible to call setup_rfi_flush() again (Mauricio Oliveira) [1561786] - [powerpc] rfi-flush: Move the logic to avoid a redo into the debugfs code (Mauricio Oliveira) [1561786] - [x86] pti/32: Dont use trampoline stack on Xen PV (Waiman Long) [1562725] - [x86] pti: Use boot_cpu_has(X86_FEATURE_PTI_SUPPORT) for early call sites (Waiman Long) [1562725] - [x86] pti: Set X86_FEATURE_PTI_SUPPORT early (Waiman Long) [1562725] - [x86] pti: Rename X86_FEATURE_NOPTI to X86_FEATURE_PTI_SUPPORT (Waiman Long) [1562725] - [x86] pti/32: Fix setup_trampoline_page_table() bug (Waiman Long) [1562725] - [x86] entry: Remove extra argument in call instruction (Waiman Long) [1562552] - [x86] syscall: Fix ia32_ptregs handling bug in 64-bit kernel (Waiman Long) [1557562 1562552] - [x86] efi/64: Align efi_pgd on even page boundary (Waiman Long) [1558845] - [x86] pgtable/pae: Revert 'Use separate kernel PMDs for user page-table' (Waiman Long) [1558845] - [x86] pgtable/pae: Revert 'Unshare kernel PMDs when PTI is enabled' (Waiman Long) [1558845] - [x86] mm: Dump both kernel & user page tables at fault (Waiman Long) [1558845] - [x86] entry/32: Fix typo in PARANOID_EXIT_TO_KERNEL_MODE (Waiman Long) [1558845] [2.6.32-748] - [mm] fold arch_randomize_brk into ARCH_HAS_ELF_RANDOMIZE (Bhupesh Sharma) [1494380] - [mm] brk: fix min_brk lower bound computation for COMPAT_BRK (Bhupesh Sharma) [1494380] - [mm] split ET_DYN ASLR from mmap ASLR (Bhupesh Sharma) [1494380] - [s390] redefine randomize_et_dyn for ELF_ET_DYN_BASE (Bhupesh Sharma) [1494380] - [mm] expose arch_mmap_rnd when available (Bhupesh Sharma) [1494380] - [s390] standardize mmap_rnd() usage (Bhupesh Sharma) [1494380] - [s390] mmap: randomize mmap base for bottom up direction (Bhupesh Sharma) [1494380] - [powerpc] standardize mmap_rnd() usage (Bhupesh Sharma) [1494380] - [x86] standardize mmap_rnd() usage (Bhupesh Sharma) [1494380] - [fs] binfmt_elf: create Kconfig variable for PIE randomization (Bhupesh Sharma) [1494380] - [fs] binfmt_elf: PIE: make PF_RANDOMIZE check comment more accurate (Bhupesh Sharma) [1494380] - [fs] binfmt_elf: fix PIE execution with randomization disabled (Bhupesh Sharma) [1494380] - [acpi] acpica: Support calling _REG methods within ACPI interpreter (Lenny Szubowicz) [1522849] - [acpi] acpica: Function to test if ACPI interpreter already entered (Lenny Szubowicz) [1522849] - [acpi] acpica: Function to test if ACPI mutex held by this thread (Lenny Szubowicz) [1522849] [2.6.32-747] - [fs] gfs2: Check for the end of metadata in trunc_dealloc (Robert S Peterson) [1559928] - [fs] gfs2: clear journal live bit in gfs2_log_flush (Robert S Peterson) [1559928] - [netdrv] vmxnet3: fix tx data ring copy for variable size (Neil Horman) [1530378] - [mm] account skipped entries to avoid looping in find_get_pages (Dave Wysochanski) [1559386] - [powerpc] pseries: Support firmware disable of RFI flush (Mauricio Oliveira) [1554631] - [powerpc] pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper (Mauricio Oliveira) [1554631] - [powerpc] 64s: Allow control of RFI flush via debugfs (Mauricio Oliveira) [1554630] - [powerpc] 64s: Improve RFI L1-D cache flush fallback (Mauricio Oliveira) [1554630] - [powerpc] 64s: Wire up cpu_show_meltdown() (Mauricio Oliveira) [1554630] [2.6.32-746] - [dm] fix race between dm_get_from_kobject() and __dm_destroy() (Mike Snitzer) [1551999] {CVE-2017-18203} - [x86] pti: Disable kaiser_add_mapping if X86_FEATURE_NOPTI (Waiman Long) [1557562] - [x86] irq/ioapic: Check for valid irq_cfg pointer in smp_irq_move_cleanup_interrupt (Waiman Long) [1550599] {CVE-2017-5754} - [x86] kexec/64: Clear control page after PGD init (Waiman Long) [1550599] {CVE-2017-5754} - [x86] efi/64: Fix potential PTI data corruption problem (Waiman Long) [1550599] {CVE-2017-5754} - [ipmi] pick up slave address from SMBIOS on an ACPI device (Tony Camuso) [1484525] - [ipmi] fix watchdog timeout set on reboot (Tony Camuso) [1484525] - [ipmi] fix watchdog hang on panic waiting for ipmi response (Tony Camuso) [1484525] - [ipmi] use smi_num for init_name (Tony Camuso) [1484525] - [ipmi] move platform device creation earlier in the initialization (Tony Camuso) [1484525] - [ipmi] clean up printks (Tony Camuso) [1484525] - [ipmi] cleanup error return (Tony Camuso) [1484525] - [md] raid0: apply base queue limits *before* disk_stack_limits (Xiao Ni) [1417294] - [md] raid0: update queue parameter in a safer location (Xiao Ni) [1417294] - [md] raid0: conditional mddev->queue access to suit dm-raid (Xiao Ni) [1417294] - [md] raid0: access mddev->queue (request queue member) conditionally because it is not set when accessed from dm-raid (Xiao Ni) [1417294] [2.6.32-745] - [x86] pti/mm: Fix machine check with PTI on old AMD CPUs (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pti/mm: Enable PAGE_GLOBAL if not affected by Meltdown (Waiman Long) [1550599] {CVE-2017-5754} - [x86] retpoline: Avoid retpolines for built-in __init functions (Waiman Long) [1550599] {CVE-2017-5754} - [x86] kexec/32: Allocate 8k PGD for PTI (Waiman Long) [1550599] {CVE-2017-5754} - [x86] spec_ctrl: Patch out lfence on old 32-bit CPUs (Waiman Long) [1550599] {CVE-2017-5754} - [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic fixup (Jarod Wilson) [1548432] {CVE-2017-13166} - [scsi] lpfc: Fix crash from memory alloc at interrupt level with GFP_KERNEL set (Dick Kennedy) [1540706] [2.6.32-744] - [dm] io: fix duplicate bio completion due to missing ref count (Mikulas Patocka) [1334224] - [fs] gfs2: Reduce contention on gfs2_log_lock (Robert S Peterson) [1399822] - [fs] gfs2: Inline function meta_lo_add (Robert S Peterson) [1399822] - [fs] gfs2: Switch tr_touched to flag in transaction (Robert S Peterson) [1399822] [2.6.32-743] - [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic (Jarod Wilson) [1548432] {CVE-2017-13166} - [kernel] cgroup: initialize xattr before calling d_instantiate() (Aristeu Rozanski) [1533523] - [fs] ext*: Dont clear SGID when inheriting ACLs (Andreas Grunbacher) [1473482] - [fs] gfs2: writeout truncated pages (Robert S Peterson) [1331076] - [fs] export __block_write_full_page (Robert S Peterson) [1331076] - [scsi] mark queue as PREEMPT_ONLY before setting quiesce (Ming Lei) [1462959] - [block] call blk_queue_enter() before allocating request (Ming Lei) [1462959] - [block] introduce blk_queue_enter() (Ming Lei) [1462959] - [mm] shmem: replace_page must flush_dcache and others (Waiman Long) [1412337] - [mm] shmem: replace page if mapping excludes its zone (Waiman Long) [1412337] - [x86] cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (Waiman Long) [1550599] {CVE-2017-5754} - [x86] spec_ctrl/32: Enable IBRS processing on kernel entries & exits (Waiman Long) [1550599] {CVE-2017-5754} - [x86] spec_ctrl/32: Stuff RSB on kernel entry (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32 (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pti/32: Add a PAE specific version of __pti_set_user_pgd (Waiman Long) [1550599] {CVE-2017-5754} - [x86] mm/dump_pagetables: Support PAE page table dumping (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pgtable/pae: Use separate kernel PMDs for user page-table (Waiman Long) [1550599] {CVE-2017-5754} - [x86] mm/pae: Populate valid user PGD entries (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pti: Enable x86-32 for kaiser.c (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pti: Disable PCID handling in x86-32 TLB flushing code (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pgtable: Disable user PGD poisoning for PAE (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pgtable: Move more PTI functions out of pgtable_64.h (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pgtable: Move pgdp kernel/user conversion functions to pgtable.h (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pgtable/32: Allocate 8k page-tables when PTI is enabled (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pgtable/pae: Unshare kernel PMDs when PTI is enabled (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Handle debug exception similar to NMI (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Add PTI cr3 switch to non-NMI entry/exit points (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Add PTI cr3 switches to NMI handler code (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Enable the use of trampoline stack (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Change INT80 to be an interrupt gate (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Handle Entry from Kernel-Mode on Entry-Stack (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Leave the kernel via trampoline stack (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Enter the kernel via trampoline stack (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Restore segments before int registers (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Split off return-to-kernel path (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Unshare NMI return path (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Put ESPFIX code into a macro (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Rename TSS_sysenter_sp0 to TSS_entry_stack (Waiman Long) [1550599] {CVE-2017-5754} - [x86] pti: Add X86_FEATURE_NOPTI to permanently disable PTI (Waiman Long) [1550599] {CVE-2017-5754} - [x86] entry/32: Simplify and fix up the SYSENTER stack #DB/NMI fixup (Waiman Long) [1550599] {CVE-2017-5754} - [x86] doublefault: Set the right gs register for doublefault (Waiman Long) [1550599] {CVE-2017-5754} - [x86] syscall: int80 must not clobber r12-15 (Waiman Long) [1550599] {CVE-2017-5754} - [x86] syscall: change ia32_syscall() to create the full register frame in ia32_do_call() (Waiman Long) [1550599] {CVE-2017-5754} - [x86] cve: Make all Meltdown/Spectre percpu variables available to x86-32 (Waiman Long) [1550599] {CVE-2017-5754} [2.6.32-742] - [mm] prevent /proc/sys/vm/percpu_pagelist_fraction divide-by-zero (Dave Anderson) [1405879] - [fs] proc: Resolve performance issues with multiple /proc/stat reads (Prarit Bhargava) [1544565] - [fs] nfs: fix pnfs direct write memory leak (Scott Mayhew) [1536900] - [fs] dcache: prevent multiple shrink_dcache_parent() on the same dentry (Miklos Szeredi) [1269288] - [fs] fifo: do not restart open() if it already found a partner (Miklos Szeredi) [1482983] - [audit] reinstate check for failed execve (Denys Vlasenko) [1488822] - [perf] x86/intel/uncore: Make PCI and MSR uncore independent (Jiri Olsa) [1427324] - [perf] fix perf_event_comm() vs. exec() assumption (Jiri Olsa) [1478980] - [lib] prevent BUG in kfree() due to memory exhaustion in __sg_alloc_table() (Larry Woodman) [1454453] - [kernel] sched/core: Rework rq->clock update skips (Lauro Ramos Venancio) [1212959] - [kernel] sched: Remove useless code in yield_to() (Lauro Ramos Venancio) [1212959] - [kernel] sched: Set skip_clock_update in yield_task_fair() (Lauro Ramos Venancio) [1212959] - [kernel] sched, rt: Update rq clock when unthrottling of an otherwise idle CPU (Lauro Ramos Venancio) [1212959] - [kernel] lockdep: Fix lock_is_held() on recursion (Lauro Ramos Venancio) [1212959] - [x86] skip check for spurious faults for non-present faults (Daniel Vacek) [1495167] - [x86] mm: Fix boot crash caused by incorrect loop count calculation in sync_global_pgds() (Daniel Vacek) [1495167] - [fs] gfs2: Defer deleting inodes under memory pressure (Andreas Grunbacher) [1255872] - [fs] gfs2: gfs2_clear_inode, gfs2_delete_inode: Put glocks asynchronously (Andreas Grunbacher) [1255872] - [fs] gfs2: Get rid of gfs2_set_nlink (Andreas Grunbacher) [1255872] - [fs] add set_nlink() (Andreas Grunbacher) [1255872] - [fs] gfs2: gfs2_glock_get: Wait on freeing glocks (Andreas Grunbacher) [1255872] - [fs] gfs2: gfs2_create_inode: Keep glock across iput (Andreas Grunbacher) [1255872] - [fs] gfs2: Clean up glock work enqueuing (Andreas Grunbacher) [1255872] - [fs] gfs2: Protect gl->gl_object by spin lock (Andreas Grunbacher) [1255872] - [fs] gfs2: Get rid of flush_delayed_work in gfs2_clear_inode (Andreas Grunbacher) [1255872] - [fs] revert 'gfs2: Wait for iopen glock dequeues' (Andreas Grunbacher) [1255872] - [fs] gfs2: Fixup to 'Clear gl_object if gfs2_create_inode fails' (Andreas Grunbacher) [1506281] - [scsi] dual scan thread bug fix (Ewan Milne) [1508512] - [scsi] fix our current target reap infrastructure (Ewan Milne) [1508512] - [scsi] bnx2fc: Fix check in SCSI completion handler for timed out request (Chad Dupuis) [1538168] [2.6.32-741] - [net] netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Florian Westphal) [1543091] {CVE-2017-18017} - [net] netfilter: xt_TCPMSS: fix handling of malformed TCP header and options (Florian Westphal) [1543091] {CVE-2017-18017} - [net] netfilter: xt_TCPMSS: SYN packets are allowed to contain data (Florian Westphal) [1543091] {CVE-2017-18017} - [net] sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf (Hangbin Liu) [1470559] - [net] sctp: use the right sk after waking up from wait_buf sleep (Hangbin Liu) [1470559] - [net] sctp: do not free asoc when it is already dead in sctp_sendmsg (Hangbin Liu) [1470559] - [net] packet: Allow packets with only a header (but no payload) (Lorenzo Bianconi) [1535024] - [net] packet: make packet too small warning match condition (Lorenzo Bianconi) [1535024] - [net] packet: bail out of packet_snd() if L2 header creation fails (Lorenzo Bianconi) [1535024] - [net] packet: make packet_snd fail on len smaller than l2 header (Lorenzo Bianconi) [1535024] - [net] bonding: discard lowest hash bit for 802.3ad layer3+4 (Hangbin Liu) [1532167] - [net] revert 'net: use lib/percpu_counter API for fragmentation mem accounting' (Jesper Brouer) [1508504] - [scsi] lpfc: fix pci hot plug crash in list_add call (Dick Kennedy) [1542773] - [scsi] hpsa: update driver version (Joseph Szczypek) [1541517] - [scsi] hpsa: correct resets on retried commands (Joseph Szczypek) [1541517] - [scsi] hpsa: rescan later if reset in progress (Joseph Szczypek) [1541517] [2.6.32-740] - [x86] retpoline/hyperv: Convert assembler indirect jumps (Waiman Long) [1535645] - [x86] spec_ctrl: Upgrade GCC retpoline warning to an error for brew builds (Waiman Long) [1535645] - [x86] retpoline: Dont use kernel indirect thunks in vsyscalls (Waiman Long) [1535645] - [x86] spec_ctrl: Add a read-only retp_enabled debugfs knob (Waiman Long) [1535645] - [x86] spec_ctrl: detect unretpolined modules (Waiman Long) [1535645] - [x86] retpoline/ACPI: Convert indirect jump in wakeup code (Waiman Long) [1535645] - [x86] retpoline/efi: Convert stub indirect calls & jumps (Waiman Long) [1535645] - [watchdog] hpwdt: remove indirect call in drivers/watchdog/hpwdt.c (Waiman Long) [1535645] - [x86] spec_ctrl: cleanup __ptrace_may_access (Waiman Long) [1535645] - [x86] bugs: Drop one 'mitigation' from dmesg (Waiman Long) [1535645] - [x86] spec_ctrl: fix ptrace IBPB optimization (Waiman Long) [1535645] - [x86] spec_ctrl: Avoid returns in IBRS-disabled regions (Waiman Long) [1535645] - [x86] spectre/meltdown: avoid the vulnerability directory to weaken kernel security (Waiman Long) [1535645] - [x86] spec_ctrl: Update spec_ctrl.txt and kernel-parameters.txt (Waiman Long) [1535645] - [x86] Use IBRS for firmware update path (Waiman Long) [1535645] - [x86] spec_ctrl: stuff RSB on context switch with SMEP enabled (Waiman Long) [1535645] - [x86] spec_ctrl: use upstream RSB stuffing function (Waiman Long) [1535645] - [x86] spec_ctrl: add ibrs_enabled=3 (ibrs_user) (Waiman Long) [1535645] - [x86] spec_ctrl: Integrate IBRS with retpoline (Waiman Long) [1535645] - [x86] spec_ctrl: print features changed by microcode loading (Waiman Long) [1535645] - [x86] spec_ctrl: refactor the init and microcode loading paths (Waiman Long) [1535645] - [x86] spec_ctrl: move initialization of X86_FEATURE_IBPB_SUPPORT (Waiman Long) [1535645] - [x86] spec_ctrl: remove SPEC_CTRL_PCP_IBPB bit (Waiman Long) [1535645] - [x86] spec_ctrl: remove ibrs_enabled variable (Waiman Long) [1535645] - [x86] spec_ctrl: add ibp_disabled variable (Waiman Long) [1535645] - [x86] spec_ctrl: add X86_FEATURE_IBP_DISABLE (Waiman Long) [1535645] - [x86] spec_ctrl: remove IBP disable for AMD model 0x16 (Waiman Long) [1535645] - [x86] spec_ctrl: remove performance measurements from documentation (Waiman Long) [1535645] - [x86] spec_ctrl: make ipbp_enabled read-only (Waiman Long) [1535645] - [x86] spec_ctrl: remove ibpb_enabled=2 mode (Waiman Long) [1535645] - [x86] spec_ctrl: Enable spec_ctrl functions for x86-32 (Waiman Long) [1535645] - [x86] spec_ctrl: move vmexit rmb in the last branch before IBRS (Waiman Long) [1535645] - [x86] spec_ctrl: satisfy the barrier like semantics of IBRS (Waiman Long) [1535645] - [x86] spectre_v1: Mark it as mitigated (Waiman Long) [1535645] - [x86] pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (Waiman Long) [1535645] - [x86] mce: Make machine check speculation protected (Waiman Long) [1535645] - [x86] retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (Waiman Long) [1535645] - [x86] retpoline: Fill return stack buffer on vmexit (Waiman Long) [1535645] - [x86] retpoline/irq32: Convert assembler indirect jumps (Waiman Long) [1535645] - [x86] retpoline/checksum32: Convert assembler indirect jumps (Waiman Long) [1535645] - [x86] retpoline/entry: Convert entry assembler indirect (Waiman Long) [1535645] - [x86] retpoline/crypto: Convert crypto assembler indirect jumps (Waiman Long) [1535645] - [x86] spectre: Add boot time option to select Spectre v2 mitigation (Waiman Long) [1535645] - [x86] retpoline: Add initial retpoline support (Waiman Long) [1535645] - [x86] cpu: Implement CPU vulnerabilites sysfs functions (Waiman Long) [1535645] - [base] sysfs/cpu: Add vulnerability folder (Waiman Long) [1535645] - [x86] cpufeatures: Add X86_BUG_SPECTRE_V(12) (Waiman Long) [1535645] - [x86] pti: Add the pti= cmdline option and documentation (Waiman Long) [1535645] - [x86] cpufeatures: Add X86_BUG_CPU_MELTDOWN (Waiman Long) [1535645] - [x86] pti: Rename CONFIG_KAISER to CONFIG_PAGE_TABLE_ISOLATION (Waiman Long) [1535645] - [x86] cpu: Expand cpufeature facility to include cpu bugs (Waiman Long) [1535645] - [x86] cpu: Merge bugs.c and bugs_64.c (Waiman Long) [1535645] - [x86] cpu/intel: Introduce macros for Intel family numbers (Waiman Long) [1535645] - [x86] alternatives: Add missing 'n' at end of ALTERNATIVE inline asm (Waiman Long) [1535645] - [x86] alternatives: Fix alt_max_short macro to really be a max() (Waiman Long) [1535645] - [x86] asm: Make asm/alternative.h safe from assembly (Waiman Long) [1535645] - [x86] alternatives: Document macros (Waiman Long) [1535645] - [x86] alternatives: Fix ALTERNATIVE_2 padding generation properly (Waiman Long) [1535645] - [x86] alternatives: Add instruction padding (Waiman Long) [1535645] - [x86] alternative: Add header guards to asm/alternative-asm.h (Waiman Long) [1535645] - [x86] alternative: Use .pushsection/.popsection (Waiman Long) [1535645] - [x86] copy_user_generic: Optimize copy_user_generic with CPU erms feature (Waiman Long) [1535645] - [x86] Make .altinstructions bit size neutral (Waiman Long) [1535645] [2.6.32-739] - [powerpc] spinlock: add gmb memory barrier (Mauricio Oliveira) [1538543] - [powerpc] prevent Meltdown attack with L1-D$ flush (Mauricio Oliveira) [1538543] - [s390] vtime: turn BP on when going idle (Hendrik Brueckner) [1538542] - [s390] cpuinfo: show facilities as reported by stfle (Hendrik Brueckner) [1538542] - [s390] kconfigs: turn off SHARED_KERNEL support for s390 (Hendrik Brueckner) [1538542] - [s390] add ppa to system call and program check path (Hendrik Brueckner) [1538542] - [s390] spinlock: add gmb memory barrier (Hendrik Brueckner) [1538542] - [s390] introduce CPU alternatives (Hendrik Brueckner) [1538542] [2.6.32-738] - [x86] pti: Rework the trampoline stack switching code (Waiman Long) [1519802] {CVE-2017-5754} - [x86] pti: Disable interrupt before trampoline stack switching (Waiman Long) [1519802] {CVE-2017-5754} - [x86] pti/mm: Fix trampoline stack problem with XEN PV (Waiman Long) [1519802] {CVE-2017-5754} - [x86] kaiser/efi: unbreak tboot (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: Fix XEN PV boot failure (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Invoke TRACE_IRQS_IRETQ in paranoid_userspace_restore_all (Waiman Long) [1519802] {CVE-2017-5754} - [x86] spec_ctrl: show added cpuid flags in /proc/cpuinfo after late microcode update (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: enable IBRS and stuff_RSB before calling NMI C code (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: skip CAP_SYS_PTRACE check to skip audit (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: disable ibrs while in intel_idle() (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: skip IBRS/CR3 restore when paranoid exception returns to userland (Waiman Long) [1519796] {CVE-2017-5715} - [x86] Revert 'entry: Use retpoline for syscalls indirect calls' (Waiman Long) [1519796] {CVE-2017-5715} - [x86] mm/dump_pagetables: Allow dumping current pagetables (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/dump_pagetables: Add a pgd argument to walk_pgd_level() (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/dump_pagetables: Add page table directory (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Remove unneeded nmi_userspace code (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Fix nmi exit code with CONFIG_TRACE_IRQFLAGS (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED per-cpu section (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: Clear kdump pgd page to prevent incorrect behavior (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: consider the init_mm.pgd a kaiser pgd (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: convert userland visible 'kpti' name to 'pti' (Waiman Long) [1519802] {CVE-2017-5754} - [x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2 (Waiman Long) [1519796] {CVE-2017-5715} - [x86] mm/kaiser: __load_cr3 in resume from RAM after kernel gs has been restored (Waiman Long) [1519796] {CVE-2017-5715} - [x86] mm/kaiser: Revert the __GFP_COMP flag change (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Fix paranoid_exit() trampoline clobber (Waiman Long) [1519802] {CVE-2017-5754} - [x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and IBPB_SUPPORT are missing (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: Documentation spec_ctrl.txt (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: remove irqs_disabled() check from intel_idle() (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: undo speculation barrier for ibrs_enabled and noibrs_cmdline (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2 (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: use IBRS_ENABLED instead of 1 (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: allow the IBP disable feature to be toggled at runtime (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: always initialize save_reg in ENABLE_IBRS_SAVE_AND_CLOBBER (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: ibrs_enabled() is expected to return > 1 (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: CLEAR_EXTRA_REGS and extra regs save/restore (Waiman Long) [1519796] {CVE-2017-5715} - [x86] syscall: Clear unused extra registers on syscall (Waiman Long) [1519796] {CVE-2017-5715} - [x86] entry: Add back STUFF_RSB to interrupt and error paths (Waiman Long) [1519796] {CVE-2017-5715} - [x86] mm/kaiser: make is_kaiser_pgd reliable (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: disable global pages by default with KAISER (Waiman Long) [1519802] {CVE-2017-5754} - [x86] Revert 'mm/kaiser: Disable global pages by default with KAISER' (Waiman Long) [1519802] {CVE-2017-5754} - [x86] kaiser/mm: fix pgd freeing in error path (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Fix 32-bit program crash with 64-bit kernel on AMD boxes (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: add noibrs noibpb boot options (Waiman Long) [1519796] {CVE-2017-5715} - [x86] entry: Use retpoline for syscalls indirect calls (Waiman Long) [1519796] {CVE-2017-5715} - [x86] syscall: Clear unused extra registers on 32-bit compatible syscall entrance (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: rescan cpuid after a late microcode update (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: consolidate the spec control boot detection (Waiman Long) [1519796] {CVE-2017-5715} - [x86] Remove __cpuinitdata from some data & function (Waiman Long) [1519796] {CVE-2017-5715} - [x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: move stuff_RSB in spec_ctrl.h (Waiman Long) [1519796] {CVE-2017-5715} - [x86] entry: Remove STUFF_RSB in error and interrupt code (Waiman Long) [1519796] {CVE-2017-5715} - [x86] entry: Stuff RSB for entry to kernel for non-SMEP platform (Waiman Long) [1519796] {CVE-2017-5715} - [x86] mm: Only set IBPB when the new thread cannot ptrace (Waiman Long) [1519796] {CVE-2017-5715} - [x86] mm: Set IBPB upon context switch (Waiman Long) [1519796] {CVE-2017-5715} - [x86] idle: Disable IBRS when offlining cpu and re-enable (Waiman Long) [1519796] {CVE-2017-5715} - [x86] idle: Disable IBRS entering idle and enable it on wakeup (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: implement spec ctrl C methods (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI (Waiman Long) [1519796] {CVE-2017-5715} - [x86] enter: Use IBRS on syscall and interrupts (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: swap rdx with rsi for nmi nesting detection (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: spec_ctrl_pcp and kaiser_enabled_pcp in same cachline (Waiman Long) [1519796] {CVE-2017-5715} - [x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and ibrs (Waiman Long) [1519796] {CVE-2017-5715} - [x86] enter: MACROS to set/clear IBRS and set IBPB (Waiman Long) [1519796] {CVE-2017-5715} - [kvm] x86: add SPEC_CTRL to MSR and CPUID lists (Waiman Long) [1519796] {CVE-2017-5715} - [kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519796] {CVE-2017-5715} - [x86] svm: Set IBPB when running a different VCPU (Waiman Long) [1519796] {CVE-2017-5715} - [kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519796] {CVE-2017-5715} - [kvm] vmx: Set IBPB when running a different VCPU (Waiman Long) [1519796] {CVE-2017-5715} - [kvm] x86: clear registers on VM exit (Waiman Long) [1519796] {CVE-2017-5715} - [x86] kvm: Pad RSB on VM transition (Waiman Long) [1519796] {CVE-2017-5715} - [security] Add SPEC_CTRL Kconfig option (Waiman Long) [1519796] {CVE-2017-5715} - [x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not available (Waiman Long) [1519796] {CVE-2017-5715} - [x86] feature: Report presence of IBPB and IBRS control (Waiman Long) [1519796] {CVE-2017-5715} - [x86] feature: Enable the x86 feature to control Speculation (Waiman Long) [1519796] {CVE-2017-5715} - [x86] cpuid: Provide get_scattered_cpuid_leaf() (Waiman Long) [1519796] {CVE-2017-5715} - [x86] cpuid: Cleanup cpuid_regs definitions (Waiman Long) [1519796] {CVE-2017-5715} - [x86] microcode: Share native MSR accessing variants (Waiman Long) [1519796] {CVE-2017-5715} - [x86] nop: Make the ASM_NOP* macros work from assembly (Waiman Long) [1519796] {CVE-2017-5715} - [x86] cpu: Clean up and unify the NOP selection infrastructure (Waiman Long) [1519796] {CVE-2017-5715} - [x86] entry: Further simplify the paranoid_exit code (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Remove trampoline check from paranoid entry path (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Dont switch to trampoline stack in paranoid_exit (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Simplify trampoline stack restore code (Waiman Long) [1519802] {CVE-2017-5754} - [misc] locking/barriers: prevent speculative execution based on Coverity scan results (Waiman Long) [1519789] {CVE-2017-5753} - [fs] udf: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753} - [fs] prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753} - [scsi] qla2xxx: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753} - [netdrv] p54: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753} - [netdrv] carl9170: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753} - [media] uvcvideo: prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753} - [x86] cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Waiman Long) [1519789] {CVE-2017-5753} - [x86] cpu/AMD: Make the LFENCE instruction serialized (Waiman Long) [1519789] {CVE-2017-5753} - [kernel] locking/barriers: introduce new memory barrier gmb() (Waiman Long) [1519789] {CVE-2017-5753} - [x86] Fix typo preventing msr_set/clear_bit from having an effect (Waiman Long) [1519789] {CVE-2017-5753} - [x86] Add another set of MSR accessor functions (Waiman Long) [1519789] {CVE-2017-5753} - [x86] mm/kaiser: Replace kaiser with kpti to sync with upstream (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: map the trace idt tables in userland shadow pgd (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: add 'kaiser' and 'nokaiser' boot options (Waiman Long) [1519802] {CVE-2017-5754} - [x86] kaiser/mm: fix RESTORE_CR3 crash in kaiser_stop_machine (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: use stop_machine for enable/disable knob (Waiman Long) [1519802] {CVE-2017-5754} - [x86] kaiser/mm: use atomic ops to poison/unpoison user pagetables (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: use two PCID ASIDs optimize the TLB during enter/exit kernel (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: stop patching flush_tlb_single (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm: If INVPCID is available, use it to flush global mappings (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: use PCID feature to make user and kernel switches faster (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/64: Initialize CR4.PCIDE early (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm: Add a 'noinvpcid' boot option to turn off INVPCID (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm: Add the 'nopcid' boot option to turn off PCID (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: validate trampoline stack (Waiman Long) [1519802] {CVE-2017-5754} - [x86] entry: Move SYSENTER_stack to the beginning of struct tss_struct (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: isolate the user mapped per cpu areas (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: enable kaiser in build (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: selective boot time defaults (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser/xen: Dynamically disable KAISER when running under Xen PV (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: add Kconfig (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: avoid false positives during non-kaiser pgd updates (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: Respect disabled CPU features (Waiman Long) [1519802] {CVE-2017-5754} - [x86] kaiser/mm: trampoline stack comments (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: stack trampoline (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: re-enable vsyscalls (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow to build KAISER with KASRL (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow KAISER to be enabled/disabled at runtime (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: un-poison PGDs at runtime (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: add a function to check for KAISER being enabled (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: add debugfs file to turn KAISER on/off at runtime (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: disable native VSYSCALL (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: map virtually-addressed performance monitoring buffers (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: add kprobes text section (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: map trace interrupt entry (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: map entry stack per-cpu areas (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: map dynamically-allocated LDTs (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: make sure static PGDs are 8k in size (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow NX poison to be set in p4d/pgd (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: unmap kernel from userspace page tables (core patch) (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: mark per-cpu data structures required for entry/exit (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: introduce user-mapped per-cpu areas (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: add cr3 switches to entry code (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: remove scratch registers (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: prepare assembly for entry/exit CR3 switching (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm: Document X86_CR4_PGE toggling behavior (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm/tlb: Make CR4-based TLB flushes more robust (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm: Do not set _PAGE_USER for init_mm page tables (Waiman Long) [1519802] {CVE-2017-5754} - [x86] increase robusteness of bad_iret fixup handler (Waiman Long) [1519802] {CVE-2017-5754} - [x86] mm: Check if PUD is large when validating a kernel address (Waiman Long) [1519802] {CVE-2017-5754} - [x86] Separate out entry text section (Waiman Long) [1519802] {CVE-2017-5754} - [include] linux/const.h: Add _BITUL() and _BITULL() (Waiman Long) [1519802] {CVE-2017-5754} - [include] linux/mmdebug.h: add VM_WARN_ON() and VM_WARN_ON_ONCE() (Waiman Long) [1519802] {CVE-2017-5754} - [include] stddef.h: Move offsetofend() from vfio.h to a generic kernel header (Waiman Long) [1519802] {CVE-2017-5754} [2.6.32-737] - [hv] netvsc: get rid of completion timeouts (Vitaly Kuznetsov) [1538592] - [fs] gfs2: Special case the rindex in gfs2_write_alloc_required() (Andrew Price) [1384184] - [scsi] scsi_dh_alua: fix race condition that causes multipath to hang (Mike Snitzer) [1500192] - [virtio] virtio-pci: fix leaks of msix_affinity_masks (Jason Wang) [1281754] - [fs] sunrpc: avoid warning in gss_key_timeout (J. Bruce Fields) [1456594] - [fs] sunrpc: fix RCU handling of gc_ctx field (J. Bruce Fields) [1456594] [2.6.32-736] - [drm] nouveau/disp/nv50-: execute supervisor on its own workqueue (Ben Skeggs) [1468825] - [net] bluetooth: Prevent uninitialized data (Gopal Tiwari) [1519626] {CVE-2017-1000410} - [scsi] storvsc: do not assume SG list is continuous when doing bounce buffers (for 4.1 and prior) (Cathy Avery) [1533175] [2.6.32-735] - [x86] tighten /dev/mem with zeroing reads (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889} - [char] /dev/mem: make size_inside_page() logic straight (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889} - [char] /dev/mem: cleanup unxlate_dev_mem_ptr() calls (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889} - [char] /dev/mem: introduce size_inside_page() (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889} - [char] /dev/mem: remove redundant test on len (Bruno Eduardo de Oliveira Meneguele) [1449676] {CVE-2017-7889} - [scsi] lpfc: Null pointer dereference when log_verbose is set to 0xffffffff (Dick Kennedy) [1538340] [2.6.32-734] - [netdrv] bnx2x: prevent crash when accessing PTP with interface down (Michal Schmidt) [1518669] - [hv] vss: Operation timeouts should match host expectation (Mohammed Gamal) [1511431] - [hv] utils: reduce HV_UTIL_NEGO_TIMEOUT timeout (Mohammed Gamal) [1511431] - [hv] utils: Check VSS daemon is listening before a hot backup (Mohammed Gamal) [1511431] - [hv] utils: Continue to poll VSS channel after handling requests (Mohammed Gamal) [1511431] - [md] dm: clear all discard attributes in queue_limits when discards are disabled (Mike Snitzer) [1433297] - [md] dm: discard support requires all targets in a table support discards (Mike Snitzer) [1433297] - [net] dccp: use-after-free in DCCP code (Stefano Brivio) [1520817] {CVE-2017-8824} - [net] tcp: fix tcp_trim_head() (Paolo Abeni) [1274139] - [net] sctp: fix src address selection if using secondary addresses for ipv6 (Xin Long) [1445919] - [net] sctp: deny peeloff operation on asocs with threads sleeping on it (Hangbin Liu) [1470559] - [net] sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Hangbin Liu) [1470559] - [net] tcp: fix race during timewait sk creation (Florian Westphal) [1205025] [2.6.32-733] - [fs] sunrpc: Revert 'sunrpc: always treat the invalid cache as unexpired' (Thiago Becker) [1532786] - [net] dma: fix memory leak in dma_pin_iocvec_pages (Sabrina Dubroca) [1459263] - [s390] qeth: check not more than 16 SBALEs on the completion queue (Hendrik Brueckner) [1520860] - [s390] fix transactional execution control register handling (Hendrik Brueckner) [1520862] - [mm] prevent concurrent unmap_mapping_range() on the same inode (Miklos Szeredi) [1408108] [2.6.32-732] - [mm] add cpu_relax() to 'dont return 0 too early' patch (Ian Kent) [988988] - [mm] dont return 0 too early from find_get_pages() (Ian Kent) [988988] - [crypto] cryptd: Add cryptd_max_cpu_qlen module parameter (Jon Maxwell) [1503322] - [s390] cpcmd,vmcp: avoid GFP_DMA allocations (Hendrik Brueckner) [1496105] - [fs] gfs2: Withdraw for IO errors writing to the journal or statfs (Robert S Peterson) [1505956] - [netdrv] ixgbe: Fix incorrect bitwise operations of PTP Rx timestamp flags (Ken Cox) [1523856] [2.6.32-731] - [kernel] fix __wait_on_atomic_t() to call the action func if the counter != 0 (David Howells) [1418631] - [fs] fscache: fix dead object requeue (David Howells) [1333592 1418631] - [fs] fscache: clear outstanding writes when disabling a cookie (David Howells) [1418631] - [fs] fscache: initialise stores_lock in netfs cookie (David Howells) [1418631] - [fs] cachefiles: fix attempt to read i_blocks after deleting file (David Howells) [1418631] - [fs] cachefiles: fix race between inactivating and culling a cache object (David Howells) [1418631] - [fs] fscache: make check_consistency callback return int (David Howells) [1418631] - [fs] fscache: wake write waiter after invalidating writes (David Howells) [1418631] - [fs] cachefiles: provide read-and-reset release counters for cachefilesd (David Howells) [1418631] - [s390] disassembler: increase show_code buffer size (Hendrik Brueckner) [1516654] - [fs] sunrpc: remove BUG_ONs checking RPC_IS_QUEUED (Dave Wysochanski) [1424630] - [fs] nfsv4.1: nfs4_fl_prepare_ds must be careful about reporting success (Scott Mayhew) [1205448] - [fs] cifs: add ratelimit for the log entry that causes a lockup (Leif Sahlberg) [1494999] - [fs] nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [1447168] [2.6.32-730] - [scsi] avoid a permanent stop of the scsi devices request queue (Ewan Milne) [1513455] - [fs] bio: more bio_map_user_iov() leak fixes (Ming Lei) [1503590] {CVE-2017-12190} - [fs] bio: fix unbalanced page refcounting in bio_map_user_iov (Ming Lei) [1503590] {CVE-2017-12190} [2.6.32-729] - [scsi] bnx2fc: Fix hung task messages when a cleanup response is not received during abort (Chad Dupuis) [1504260] [2.6.32-728] - [mm] introduce dedicated WQ_MEM_RECLAIM workqueue to do lru_add_drain_all (Waiman Long) [1463754] - [netdrv] cxgb4: Clear On FLASH config file after a FW upgrade (Arjun Vynipadath) [1446952] - [netdrv] chelsio : Fixes the issue seen on initiator while stopping the target (Sai Vemuri) [1442097] - [netdrv] be2net: Fix UE detection logic for BE3 (Ivan Vecera) [1437991] - [netdrv] cxgb4vf: dont offload Rx checksums for IPv6 fragments (Davide Caratti) [1427036] - [scsi] qla2xxx: Get mutex lock before checking optrom_state (Himanshu Madhani) [1408549] [2.6.32-727] - [net] sctp: do not loose window information if in rwnd_over (Marcelo Leitner) [1492220] - [net] sctp: fix recovering from 0 win with small data chunks (Marcelo Leitner) [1492220] [2.6.32-726] - [s390] qdio: clear DSCI prior to scanning multiple input queues (Hendrik Brueckner) [1467962] [2.6.32-725] - [s390] zfcp: fix erp_action use-before-initialize in REC action trace (Hendrik Brueckner) [1497000] - [ipmi] create hardware-independent softdep for ipmi_devintf (Tony Camuso) [1457915] [2.6.32-724] - [fs] nfsd: reorder nfsd_cache_match to check more powerful discriminators first (Thiago Becker) [1435787] - [fs] nfsd: split DRC global spinlock into per-bucket locks (Thiago Becker) [1435787] - [fs] nfsd: convert num_drc_entries to an atomic_t (Thiago Becker) [1435787] - [fs] nfsd: remove the cache_hash list (Thiago Becker) [1435787] - [fs] nfsd: convert the lru list into a per-bucket thing (Thiago Becker) [1435787] - [fs] nfsd: clean up drc cache in preparation for global spinlock elimination (Thiago Becker) [1435787] [2.6.32-723] - [hv] vmbus: Fix error code returned by vmbus_post_msg() (Vitaly Kuznetsov) [1491846] - [hv] vmbus: Increase the time between retries in vmbus_post_msg() (Vitaly Kuznetsov) [1491846] - [hv] vmbus: Raise retry/wait limits in vmbus_post_msg() (Vitaly Kuznetsov) [1491846] - [hv] vmbus: Reduce the delay between retries in vmbus_post_msg() (Vitaly Kuznetsov) [1491846] [2.6.32-722] - [scsi] be2iscsi: fix bad extern declaration (Maurizio Lombardi) [1497152] - [kernel] mqueue: fix a use-after-free in sys_mq_notify() (Davide Caratti) [1476124] {CVE-2017-11176} [2.6.32-721] - [char] ipmi: use rcu lock around call to intf->handlers->sender() (Tony Camuso) [1466034] - [net] packet: fix tp_reserve race in packet_set_ring (Stefano Brivio) [1481943] {CVE-2017-1000111} - [net] packet: fix overflow in check for tp_frame_nr (Stefano Brivio) [1484946] {CVE-2017-7308} - [net] packet: fix overflow in check for tp_reserve (Stefano Brivio) [1484946] {CVE-2017-7308} - [fs] binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings (Petr Matousek) [1492961] {CVE-2017-1000253} - [fs] binfmt_elf.c: fix bug in loading of PIE binaries (Petr Matousek) [1492961] {CVE-2017-1000253} [2.6.32-720] - [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide Caratti) [1488340] {CVE-2017-14106} - [net] tcp: fix 0 divide in __tcp_select_window() (Davide Caratti) [1488340] {CVE-2017-14106} - [net] ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() (Matteo Croce) [1477006] {CVE-2017-7542} - [net] ipv6: avoid overflow of offset in ip6_find_1stfragopt (Matteo Croce) [1477006] {CVE-2017-7542} - [net] udp: consistently apply ufo or fragmentation (Davide Caratti) [1481529] {CVE-2017-1000112} - [net] ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output (Davide Caratti) [1481529] {CVE-2017-1000112} - [net] ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (Davide Caratti) [1481529] {CVE-2017-1000112} [2.6.32-719] - [fs] nfs: dont disconnect open-owner on NFS4ERR_BAD_SEQID (Dave Wysochanski) [1459636] - [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil Horman) [1490062] {CVE-2017-1000251} [2.6.32-718] - [fs] sunrpc: always treat the invalid cache as unexpired (Thiago Becker) [1477288] - [fs] sunrpc: xpt_auth_cache should be ignored when expired (Thiago Becker) [1477288] [2.6.32-717] - [video] efifb: allow user to disable write combined mapping (Dave Airlie) [1465097] [2.6.32-716] - [netdrv] sfc: tx ring can only have 2048 entries for all EF10 NICs (Jarod Wilson) [1441773] - [netdrv] brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Stanislaw Gruszka) [1474782] {CVE-2017-7541} - [scsi] lpfc: fix 'integer constant too large' error on 32bit archs (Maurizio Lombardi) [1441169] - [scsi] lpfc: version 11.0.1.6 is 11.0.0.6 with no_hba_reset patches (Maurizio Lombardi) [1441169] - [scsi] lpfc: Vport creation is failing with 'Link Down' error (Maurizio Lombardi) [1441169] - [scsi] lpfc: Fix panic on BFS configuration (Maurizio Lombardi) [1441169] - [scsi] lpfc: Fix eh_deadline setting for sli3 adapters (Maurizio Lombardi) [1441169] - [scsi] lpfc: Correct panics with eh_timeout and eh_deadline (Maurizio Lombardi) [1441169] [2.6.32-715] - [x86] fix /proc/mtrr with base/size more than 44bits (Jerome Marchand) [1466530] [2.6.32-714] - [fs] gfs2: clear gl_object when deleting an inode in gfs2_delete_inode (Robert S Peterson) [1464541] - [fs] gfs2: clear gl_object if gfs2_create_inode fails (Robert S Peterson) [1464541] - [fs] gfs2: set gl_object in inode lookup only after block type check (Robert S Peterson) [1464541] - [fs] gfs2: introduce helpers for setting and clearing gl_object (Robert S Peterson) [1464541] [2.6.32-713] - [net] ipv6: Fix leak in ipv6_gso_segment() (Sabrina Dubroca) [1459951] {CVE-2017-9074} - [net] gre: fix a possible skb leak (Sabrina Dubroca) [1459951] {CVE-2017-9074} - [net] ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Sabrina Dubroca) [1459951] {CVE-2017-9074} - [net] ipv6: Check ip6_find_1stfragopt() return value properly (Sabrina Dubroca) [1459951] {CVE-2017-9074} - [net] ipv6: Prevent overrun when parsing v6 header options (Sabrina Dubroca) [1459951] {CVE-2017-9074} [2.6.32-712] - [mm] backport upstream large stack guard patch to RHEL6 (Larry Woodman) [1464237 1452730] {CVE-2017-1000364} - [mm] revert 'enlarge stack guard gap' (Larry Woodman) [1452730] {CVE-2017-1000364} - [mm] revert 'allow JVM to implement its own stack guard pages' (Larry Woodman) [1464237] [2.6.32-711] - [fs] sunrpc: Handle EADDRNOTAVAIL on connection failures (Dave Wysochanski) [1459978] - [scsi] Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan Milne) [1452358] [2.6.32-710] - [mm] allow JVM to implement its own stack guard pages (Larry Woodman) [1464237] - [mm] enlarge stack guard gap (Larry Woodman) [1452730] {CVE-2017-1000364} [2.6.32-709] - [netdrv] bnxt_en: Update to firmware interface spec 1.5.1 (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Added support for Secure Firmware Update (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Add support for firmware updates for additional processors (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Update firmware spec. to 1.3.0 (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Add support for updating flash more securely (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Request firmware reset after successful firwmare update (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Add hwrm_send_message_silent() (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Add installed-package firmware version reporting via Ethtool GDRVINFO (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Reset embedded processor after applying firmware upgrade (Jonathan Toppins) [1439450] - [netdrv] bnxt_en: Add support for upgrading APE/NC-SI firmware via Ethtool FLASHDEV (Jonathan Toppins) [1439450] - [net] sctp: do not inherit ipv6_(mc|ac|fl)_list from parent (Florian Westphal) [1455612] {CVE-2017-9075} - [net] ipv6/dccp: do not inherit ipv6_mc_list from parent (Florian Westphal) [1455612] {CVE-2017-9076 CVE-2017-9077} - [net] dccp/tcp: do not inherit mc_list from parent (Florian Westphal) [1455612] {CVE-2017-8890} - [net] ipv6: nullify ipv6_ac_list and ipv6_fl_list when creating new socket (Florian Westphal) [1455612] [2.6.32-708] - [fs] sunrpc: Enable the keepalive option for TCP sockets (Dave Wysochanski) [1458421] - [mm] mempolicy.c: fix error handling in set_mempolicy and mbind (Bruno E. O. Meneguele) [1443539] {CVE-2017-7616} - [s390] zfcp: fix use-after-'free' in FC ingress path after TMF (Hendrik Brueckner) [1421762] - [scsi] scsi_transport_srp: Fix a race condition (Don Dutile) [1417305] - [scsi] scsi_transport_srp: Introduce srp_wait_for_queuecommand() (Don Dutile) [1417305] - [block] make blk_cleanup_queue() wait until request_fn finished (Don Dutile) [1417305] [2.6.32-707] - [kernel] audit: acquire creds selectively to reduce atomic op overhead (Paul Moore) [1454847] - [s390] kernel: initial cr0 bits (Hendrik Brueckner) [1445326] - [s390] zfcp: do not trace pure benign residual HBA responses at default level (Hendrik Brueckner) [1421760] - [s390] zfcp: fix rport unblock race with LUN recovery (Hendrik Brueckner) [1421761] [2.6.32-706] - [netdrv] ixgbe: fix setup_fc for x550em (Ken Cox) [1442030] - [scsi] bnx2fc: fix race condition in bnx2fc_get_host_stats() (Maurizio Lombardi) [1393672] [2.6.32-705] - [fs] nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [1446755] {CVE-2017-7895} - [fs] nfsd4: minor NFSv2/v3 write decoding cleanup (J. Bruce Fields) [1446755] {CVE-2017-7895} - [perf] fix concurrent sys_perf_event_open() vs move_group race (Jiri Olsa) [1434751] {CVE-2017-6001} - [perf] remove confusing comment and move put_ctx() (Jiri Olsa) [1434751] {CVE-2017-6001} - [perf] restructure perf syscall point of no return (Jiri Olsa) [1434751] {CVE-2017-6001} - [perf] fix move_group() order (Jiri Olsa) [1434751] {CVE-2017-6001} - [perf] generalize event->group_flags (Jiri Olsa) [1434751] {CVE-2017-6001} - [scsi] libfc: quarantine timed out xids (Chris Leech) [1431440] [2.6.32-704] - [fs] sunrpc: Ensure that we wait for connections to complete before retrying (Dave Wysochanski) [1448170] - [net] ipv6: check raw payload size correctly in ioctl (Jamie Bainbridge) [1441909] [2.6.32-703] - [fs] nfsv4: fix getacl ERANGE for some ACL buffer sizes (J. Bruce Fields) [869942] - [fs] nfsv4: fix getacl head length estimation (J. Bruce Fields) [869942] [2.6.32-702] - [fs] xfs: handle array index overrun in xfs_dir2_leaf_readbuf() (Carlos Maiolino) [1440361] - [net] ping: implement proper locking (Jakub Sitnicki) [1438999] {CVE-2017-2671} - [net] tcp: avoid infinite loop in tcp_splice_read() (Davide Caratti) [1430578] {CVE-2017-6214} - [net] ipv6: ip6_fragment: fix headroom tests and skb leak (Hannes Frederic Sowa) [1412331] [2.6.32-701] - [x86] vmalloc_sync: avoid syncing vmalloc area on crashing cpu (Pingfan Liu) [1146727] - [kernel] audit: plug cred memory leak in audit_filter_rules (Richard Guy Briggs) [1434560] [2.6.32-700] - [mm] hugetlb: check for pte NULL pointer in page_check_address() (Herton R. Krzesinski) [1431508] - [netdrv] be2net: Fix endian issue in logical link config command (Ivan Vecera) [1436527] - [crypto] mpi: Fix NULL ptr dereference in mpi_powm() (Mateusz Guzik) [1398456] {CVE-2016-8650} - [fs] aio: properly check iovec sizes (Mateusz Guzik) [1337517] {CVE-2015-8830} - [fs] vfs: make AIO use the proper rw_verify_area() area helpers (Mateusz Guzik) [1337535] {CVE-2012-6701} [2.6.32-699] - [scsi] lpfc: update for r 11.0.0.6 (Maurizio Lombardi) [1429881] - [scsi] lpfc: The lpfc driver does not issue RFF_ID and RFT_ID in the correct sequence (Maurizio Lombardi) [1429881] [2.6.32-698] - [sched] fair: Rework throttle_count sync (Jiri Olsa) [1250762] - [sched] fair: Reorder cgroup creation code (Jiri Olsa) [1250762] - [sched] fair: Initialize throttle_count for new task-groups lazily (Jiri Olsa) [1250762] - [sched] fair: Do not announce throttled next buddy in dequeue_task_fair() (Jiri Olsa) [1250762] [2.6.32-697] - [block] fix use-after-free in seq file (Denys Vlasenko) [1418549] {CVE-2016-7910} - [firmware] Replacing the chelsio firmware (t4,t5)fw-1.15.37.0 (Sai Vemuri) [1425749] - [kernel] genirq: Avoid taking sparse_irq_lock for non-existent irqs (Dave Wysochanski) [1360930] - [tty] n_hdlc: get rid of racy n_hdlc.tbuf (Herton R. Krzesinski) [1429918] {CVE-2017-2636} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2015-8830 CVE-2016-8650 CVE-2017-6001 CVE-2017-9077 CVE-2017-7616 CVE-2018-1130 CVE-2018-3639 CVE-2012-6701 CVE-2017-7308 CVE-2017-9076 CVE-2017-18203 CVE-2018-5803 CVE-2017-2671 CVE-2017-12190 CVE-2017-15121 CVE-2017-7889 CVE-2017-8890 CVE-2017-9075 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [3.6.23-51.0.1] - Remove use-after-free talloc_tos() inlined function problem (John Haxby) [orabug 18253258] [3.6.24-51] - resolves: #1513877 - Fix memory leak in winbind [3.6.24-50] - resolves: #1553018 - Fix CVE-2018-1050 [3.6.24-49] - resolves: #1536053 - Fix regression with non-wide symlinks to directories [3.6.24-48] - resolves: #1519884 - Fix segfault in winbind when querying groups [3.6.24-47] - resolves: #1413484 - Fix guest login with signing required [3.6.24-46] - resolves: #1509455 - Fix regression of CVE-2017-2619 [3.6.24-45] - resolves: #1491211 - CVE-2017-2619 CVE-2017-12150 CVE-2017-12163 [3.6.24-44] - resolves: #1451105 - Fix trusted domain handling in winbind - resolves: #1431000 - Fix crash while trying to authenticate with a disabled account - resolves: #1467395 - Add 'winbind request timeout' option [3.6.23-43] - resolves: #1450783 - Fix CVE-2017-7494 [3.6.23-42] - resolves: #1391256 - Performance issues with vfs_dirsort and extended attributes [3.6.23-41] - resolves: #1413672 - Auth regression after secret changed [3.6.23-40] - resolves: #1405356 - CVE-2016-2125 CVE-2016-2126 [3.6.23-39] - resolves: #1297805 - Fix issues with printer unpublishing from AD [3.6.23-38] - resolves: #1347843 - Fix RPC queryUserList returning NO_MEMORY for empty list [3.6.23-37] - resolves: #1380151 - Fix memory leak in idmap_ad module - resolves: #1333561 - Fix smbclient connection issues to DFS shares - resolves: #1372611 - Allow ntlmsssp session key setup without signing (Workaround for broken NetApp and EMC NAS) [3.6.23-35] - resolves: #1282289 - Fix winbind memory leak with each cached creds login [3.6.23-34] - resolves: #1327697 - Fix netlogon credential checks - resolves: #1327746 - Fix dcerpc trailer verificaton [3.6.23-33] - related: #1322687 - Update CVE patchset [3.6.23-32] - related: #1322687 - Update manpages [3.6.23-31] - related: #1322687 - Update CVE patchset [3.6.23-30] - related: #1322687 - Update CVE patchset [3.6.23-29] - resolves: #1322687 - Fix CVE-2015-5370 - resolves: #1322687 - Fix CVE-2016-2110 - resolves: #1322687 - Fix CVE-2016-2111 - resolves: #1322687 - Fix CVE-2016-2112 - resolves: #1322687 - Fix CVE-2016-2115 - resolves: #1322687 - Fix CVE-2016-2118 (Known as Badlock) [3.6.23-28] - resolves: #1305870 - Fix symlink verification [3.6.23-27] - resolves: #1314671 - Fix CVE-2015-7560 [3.6.23-26] - resolves: #1211744 - Fix DFS client access with Windows Server 2008 [3.6.23-25] - resolves: #1242614 - Fix unmappable S-1-18-1 sid truncates group lookups [3.6.23-24] - resolves: #1271763 - Fix segfault in NTLMv2_generate_names_blob() - resolves: #1261265 - Add '--no-dns-updates' option for 'net ads join' [3.6.23-23] - resolves: #1290707 - CVE-2015-5299 - related: #1290707 - CVE-2015-5296 - related: #1290707 - CVE-2015-5252 - related: #1290707 - CVE-2015-5330 [3.6.23-22] - resolves: #1232021 - Do not overwrite smb.conf manpage - resolves: #1216060 - Document netbios name length limitations - resolves: #1234249 - Fix 'map to guest = Bad Uid' option - resolves: #1219570 - Fix 'secuirtiy = server' (obsolete) share access - resolves: #1211657 - Fix stale cache entries if a printer gets renamed [3.6.23-21] - resolves: #1252180 - Fix 'force group' with 'winbind use default domain'. - resolves: #1250100 - Fix segfault in pam_winbind if option parsing fails - resolves: #1222985 - Fix segfault with 'mangling method = hash' option [3.6.23-20] - resolves: #1164269 - Fix rpcclient timeout command. [3.6.23-19] - resolves: #1201611 - Fix 'force user' with 'winbind use default domain'. [3.6.23-18] - resolves: #1194549 - Fix winbind caching issue and support SID compression. [3.6.23-17] - resolves: #1192211 - Fix restoring shadow copy snapshot with SMB2. [3.6.23-16] - resolves: #1117059 - Fix nss group enumeration with unresolved groups. [3.6.23-15] - resolves: #1165750 - Fix guid retrieval for published printers. - resolves: #1163383 - Fix 'net ads join -k' with existing keytab entries. - resolves: #1195456 - Fix starting daemons on read only filesystems. - resolves: #1138552 - Fix CPU utilization when re-reading the printcap info. - resolves: #1144916 - Fix smbclient NTLMv2 authentication. - resolves: #1164336 - Document 'sharesec' command for 'access based share enum' option. [3.6.23-14] - related: #1191339 - Update patchset for CVE-2015-0240. [3.6.23-13] - resolves: #1191339 - CVE-2015-0240: RCE in netlogon. [3.6.23-12] - resolves: #1127723 - Fix samlogon secure channel recovery. [3.6.23-11] - resolves: #1129006 - Add config variables to set spoolss os version. [3.6.23-10] - resolves: #1124835 - Fix dropbox share. [3.6.23-9] - related: #1053886 - Fix receiving the gecos field with winbind. [3.6.23-8] - resolves: #1110733 - Fix write operations as guest with 'security = share'. - resolves: #1053886 - Fix receiving the gecos field with winbind. [3.6.23-7] - resolves: #1107777 - Fix SMB2 with 'case sensitive = True' [3.6.23-6] - resolves: #1105500 - CVE-2014-0244: DoS in nmbd. - resolves: #1108841 - CVE-2014-3493: DoS in smbd with unicode path names. [3.6.23-5] - related: #1061301 - Only link glusterfs libraries to vfs module. [3.6.23-4] - resolves: #1051656 - Fix gecos field copy debug warning. - resolves: #1061301 - Add glusterfs vfs module. - resolves: #1087472 - Fix libsmbclient crash when HOME variable isnt set. - resolves: #1099443 - 'net ads testjoin' fails with IPv6. - resolves: #1100670 - Fix 'force user' with 'security = ads'. - resolves: #1096522 - Fix enabling SMB2 causes file operations to fail. [3.6.23-3] - resolves: #1081539 - Add timeout option to smbclient. [3.6.23-2] - resolves: #1022534 - Do not build Samba with fam support. - resolves: #1059301 - Fix nbt query with many components. - resolves: #1057332 - Fix force user with guest account. - resolves: #1021706 - Fix %G substitution in 'template homedir'. - resolves: #1040472 - Fix group expansion in service path. - resolves: #1069570 - Fix memory leak reading printer list. - resolves: #1067607 - Fix wbinfo -i with one-way trusts. - resolves: #1050887 - Fix 100% CPU utilization in winbindd when trying to free memory in winbindd_reinit_after_fork. - resolves: #1029000 - Fix 'force user' with 'security = ads'. [3.6.23-1] - resolves: #1073356 - Fix CVE-2013-4496, CVE-2012-6150 and CVE-2013-6442. - resolves: #1018038 - Fix CVE-2013-4408. [3.6.22-1] - resolves: #1003921 - Rebase Samba to 3.6.22. - resolves: #1035332 - Fix force user with 'security = user'. LOW Copyright 2018 Oracle, Inc. CVE-2018-1050 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 ding-libs [0.4.0-13] - Resolves: rhbz#1538061 - sssd/libini_config cannot parse configuration file with line longer than 5102 [0.4.0-12] - Related: rhbz#1377213 - ding-libs dont parse lines without an equal sign sssd [1.13.3-60.0.1] - Orabug 26746822 - revert patch 0118 to fix LDAP netgroup lookup problem <isaac.chen@oracle.com> [1.13.3-60] - Related: rhbz#1442703 - Smart Cards: Certificate in the ID View - Related: rhbz# 1401546 - Please back-port fast failover from sssd 1.14 on RHEL 7 into sssd 1.13 on RHEL 6 [1.13.3-59] - Resolves: rhbz#1326007 - Memory cache corruption when rsync and/or tar to copy owner and group info from LDAP - Resolves: rhbz#1442703 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1507435 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-6.10] - Resolves: rhbz#1487040 - sssd does not evaluate AD UPN suffixes which results in failed user logins MODERATE Copyright 2018 Oracle, Inc. CVE-2017-12173 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [2.12-1.212.0.1] - backport rh patch 1047983 from OL7, Orabug 25407655 [2.12-1.212] - CVE-2017-15670: glob: Fix one-byte overflow with GLOB_TILDE (#1504810) - CVE-2017-15804: glob: Fix buffer overflow in GLOB_TILDE unescaping (#1504810) [2.12-1.211] - Avoid large allocas in the dynamic linker (#1452717) [2.12-1.210] - Fix thread cancellation issues for setmntent() and others (#1437147). MODERATE Copyright 2018 Oracle, Inc. CVE-2017-15670 CVE-2017-15804 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 Oracle Linux 6 [4.2.10-15] - resolves: #1552005 - Fix CVE-2018-1050 [4.2.10-14] - resolves: #1492780 - Do not build with -Wl,-z,now on ppc64 LOW Copyright 2018 Oracle, Inc. CVE-2018-1050 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 [0.10.2-64.0.1] - Replace docs/et.png in tarball with blank image [0.10.2-64] - cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) [0.10.2-63] - qemu: avoid denial of service reading from QEMU monitor (CVE-2018-5748) - qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064) LOW Copyright 2018 Oracle, Inc. CVE-2018-5748 CVE-2018-1064 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [4.3.11-8] - fix defects detected by Coverity related to CVE-2017-18206 and CVE-2018-1083 [4.3.11-7] - fix stack-based buffer overflow in utils.c:checkmailpath() (CVE-2018-1100) - fix stack-based buffer overflow in gen_matches_files() (CVE-2018-1083) - fix buffer overrun in xsymlinks (CVE-2017-18206) - fix buffer overflow when scanning very long path for symlinks (CVE-2014-10072) [4.3.11-6] - signal-handling related fixes collected from upstream (#1311166) [4.3.11-5] - fix malloc() signal leak in lexsave() (#1267903) MODERATE Copyright 2018 Oracle, Inc. CVE-2018-1083 CVE-2014-10072 CVE-2017-18206 CVE-2018-1100 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 7 [1.8.3.1-14] - Backport fix for CVE-2018-1123 - Thanks to Jonathan Nieder <jrnieder@gmail.com> for backporting to 2.1.x and to Steve Beattie <sbeattie@ubuntu.com> for backporting to 1.9.1 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-11235 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [3.10.0-862.6.3.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-862.6.3] - [x86] always enable eager FPU by default on non-AMD processors (Paolo Bonzini) [1589051 1589048] {CVE-2018-3665} - [x86] bugs: Switch the selection of mitigation from CPU vendor to CPU features (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] bugs: Add AMD's SPEC_CTRL MSR usage (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] bugs: Add AMD's variant of SSB_NO (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Fix VM guest SSBD problems (Waiman Long) [1584323 1584569] {CVE-2018-3639} [3.10.0-862.6.2] - [x86] spec_ctrl: Eliminate TIF_SSBD checks in IBRS on/off functions (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Disable SSBD update from scheduler if not user settable (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Make ssbd_enabled writtable (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Remove thread_info check in __wrmsr_on_cpu() (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Write per-thread SSBD state to spec_ctrl_pcp (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Add a read-only ssbd_enabled debugfs file (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] bugs/intel: Set proper CPU features and setup RDS (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] kvm: vmx: Emulate MSR_IA32_ARCH_CAPABILITIES (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] kvm: svm: Implement VIRT_SPEC_CTRL support for SSBD (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] bugs: Rework spec_ctrl base and mask logic (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Rework SPEC_CTRL update after late microcode loading (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Make sync_all_cpus_ibrs() write spec_ctrl_pcp value (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] bugs: Unify x86_spec_ctrl_{set_guest, restore_host} (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] speculation: Rework speculative_store_bypass_update() (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] speculation: Add virtualized speculative store bypass disable support (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] KVM: Rename KVM SPEC_CTRL MSR functions to match upstream (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] speculation: Handle HT correctly on AMD (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] cpufeatures: Add FEATURE_ZEN (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] cpufeatures: Disentangle SSBD enumeration (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] speculation: Use synthetic bits for IBRS/IBPB/STIBP (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [documentation] spec_ctrl: Do some minor cleanups (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] speculation: Make 'seccomp' the default mode for Speculative Store Bypass (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] seccomp: Move speculation migitation control to arch code (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [kernel] seccomp: Add filter flag to opt-out of SSB mitigation (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [kernel] seccomp: Use PR_SPEC_FORCE_DISABLE (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] prctl: Add force disable speculation (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] spectre_v2: No mitigation if CPU not affected and no command override (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] bug: Add X86_BUG_CPU_MELTDOWN and X86_BUG_SPECTRE_V[12] (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] pti: Rename CONFIG_KAISER to CONFIG_PAGE_TABLE_ISOLATION (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Sync up naming of SPEC_CTRL MSR bits with upstream (Waiman Long) [1584323 1584569] {CVE-2018-3639} - [x86] spec_ctrl: Sync up SSBD changes with upstream (Waiman Long) [1584323 1584569] {CVE-2018-3639} [3.10.0-862.6.1] - [x86] microcode: Load microcode on all cpus (Prarit Bhargava) [1578047 1568249] - [x86] microcode: Fix CPU synchronization routine (Prarit Bhargava) [1578047 1568249] - [x86] microcode: Attempt late loading only when new microcode is present (Prarit Bhargava) [1578047 1568249] - [x86] microcode: Synchronize late microcode loading (Prarit Bhargava) [1578047 1568249] - [x86] microcode: Request microcode on the BSP (Prarit Bhargava) [1578047 1568249] - [x86] microcode: Do not upload microcode if CPUs are offline (Prarit Bhargava) [1578047 1568249] - [x86] microcode/intel: Writeback and invalidate caches before updating microcode (Prarit Bhargava) [1578047 1568249] - [x86] microcode/intel: Check microcode revision before updating sibling threads (Prarit Bhargava) [1578047 1568249] - [x86] microcode: Get rid of struct apply_microcode_ctx (Prarit Bhargava) [1578047 1568249] - [x86] cpu: Add a microcode loader callback (Prarit Bhargava) [1578047 1568249] - [x86] microcode: Propagate return value from updating functions (Prarit Bhargava) [1578047 1568249] - [x86] microcode/amd: Change load_microcode_amd()'s param to bool to fix preemptibility bug (Prarit Bhargava) [1578047 1568249] - [x86] microcode/intel: Add a helper which gives the microcode revision (Prarit Bhargava) [1578047 1568249] - [x86] cpu: Add native CPUID variants returning a single datum (Prarit Bhargava) [1578047 1568249] - [x86] microcode/amd: Move private inlines to .c and mark local functions static (Prarit Bhargava) [1578047 1568249] - [x86] microcode/intel: Simplify generic_load_microcode() (Prarit Bhargava) [1578047 1568249] - [x86] microcode/intel: Do not issue microcode updates messages on each CPU (Prarit Bhargava) [1578047 1568249] - [kernel] pidns: Don't have unshare(CLONE_NEWPID) imply CLONE_THREAD (Oleg Nesterov) [1578997 1577745] - [powerpc] 64s: Add support for a store forwarding barrier at kernel entry/exit (Mauricio Oliveira) [1581045 1581036] {CVE-2018-3639} - [powerpc] 64s: Move the data access exception out-of-line (Mauricio Oliveira) [1581045 1581036] {CVE-2018-3639} [3.10.0-862.5.1] - [netdrv] vmxnet3: use correct flag to indicate LRO feature (Neil Horman) [1567771 1558685] - [netdrv] vmxnet3: avoid xmit reset due to a race in vmxnet3 (Neil Horman) [1567771 1558685] - [kernel] ib/mlx5: Respect new UMR capabilities (Alaa Hleihel) [1579847 1573661] - [infiniband] ib/mlx5: Enable ECN capable bits for UD RoCE v2 QPs (Alaa Hleihel) [1579847 1573661] - [scsi] cdrom: do not call check_disk_change() inside cdrom_open() (Maurizio Lombardi) [1579834 1538362] - [hid] wacom: Fix reporting of touch toggle (WACOM_HID_WD_MUTE_DEVICE) events (Benjamin Tissoires) [1579192 1551776] - [hid] wacom: generic: Recognize WACOM_HID_WD_PEN as a type of pen collection (Benjamin Tissoires) [1579192 1551776] - [hid] wacom: generic: Send BTN_STYLUS3 when both barrel switches are set (Benjamin Tissoires) [1579191 1551783] - [fs] eventpoll: fix uninitialized variable in epoll_ctl (Paul Moore) [1578734 1553256] - [fs] nfs41: do not return ENOMEM on LAYOUTUNAVAILABLE (Scott Mayhew) [1578458 1574002] - [net] sock_diag: request _diag module only when the family or proto has been registered (Xin Long) [1578272 1544898] - [target] Re-add missing SCF_ACK_KREF assignment in (Mike Christie) [1578048 1561851] - [gpu] drm/nouveau: Fix deadlock in nv50_mstm_register_connector() (Lyude Paul) [1577792 1571927] - [netdrv] vmxnet3: segCnt can be 1 for LRO packets (Neil Horman) [1577790 1426680] - [s390] correct nospec auto detection init order (Hendrik Brueckner) [1577767 1558325] - [s390] add sysfs attributes for spectre (Hendrik Brueckner) [1577767 1558325] - [s390] report spectre mitigation via syslog (Hendrik Brueckner) [1577767 1558325] - [s390] add automatic detection of the spectre defense (Hendrik Brueckner) [1577767 1558325] - [s390] move nobp parameter functions to nospec-branch.c (Hendrik Brueckner) [1577767 1558325] - [s390] do not bypass BPENTER for interrupt system calls (Hendrik Brueckner) [1577767 1558325] - [s390] Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*) (Hendrik Brueckner) [1577767 1558325] - [s390] introduce execute-trampolines for branches (Hendrik Brueckner) [1577767 1558325] - [s390] run user space and KVM guests with modified branch prediction (Hendrik Brueckner) [1577767 1558325] - [s390] add optimized array_index_mask_nospec (Hendrik Brueckner) [1577767 1558325] - [s390] entry.s: fix spurious zeroing of r0 (Hendrik Brueckner) [1577767 1558325] - [s390] scrub registers on kernel entry and KVM exit (Hendrik Brueckner) [1577767 1558325] - [s390] align and prepare spectre mitigation for upstream commits (Hendrik Brueckner) [1577767 1558325] - [s390] alternative: use a copy of the facility bit mask (Hendrik Brueckner) [1577767 1558325] - [gpu] drm/amdgpu: Fix deadlock on runtime suspend (Lyude Paul) [1577760 1563957] - [gpu] drm/radeon: Fix deadlock on runtime suspend (Lyude Paul) [1577760 1563957] - [gpu] drm/nouveau: Fix deadlock on runtime suspend (Lyude Paul) [1577760 1563957] - [gpu] drm: Allow determining if current task is output poll worker (Lyude Paul) [1577760 1563957] - [gpu] workqueue: Allow retrieval of current task's work struct (1/5) (Lyude Paul) [1577760 1563957] - [md] dm: remove fmode_t argument from .prepare_ioctl hook (Mike Snitzer) [1576508 1562960] - [md] dm: hold DM table for duration of ioctl rather than use blkdev_get (Mike Snitzer) [1576508 1562960] - [scsi] iscsi: respond to netlink with unicast when appropriate (Chris Leech) [1576293 1330865] - [netdrv] i40e: fix incorrect UP-TC mapping (Stefan Assmann) [1574371 1558159] - [powerpc] System reset avoid interleaving oops using die synchronisation (Mauricio Oliveira) [1574366 1564126] - [powerpc] Do not send system reset request through the oops path (Mauricio Oliveira) [1574366 1564126] - [powerpc] crash: Remove the test for cpu_online in the IPI callback (Mauricio Oliveira) [1574366 1564126] - [sound] hda: Fix a wrong FIXUP for alc289 on Dell machines (Jaroslav Kysela) [1571581 1548969] - [sound] hda: Fix headset mic detection problem for two Dell machines (Jaroslav Kysela) [1571581 1548969] - [firmware] fw_cfg: write vmcoreinfo details (Marc-Andre Lureau) [1571369 1533367] - [kernel] crash: export paddr_vmcoreinfo_note() (Marc-Andre Lureau) [1571369 1533367] - [firmware] fw_cfg: add DMA register (Marc-Andre Lureau) [1571369 1533367] - [firmware] fw_cfg: add a public uapi header (Marc-Andre Lureau) [1571369 1533367] - [firmware] fw_cfg: handle fw_cfg_read_blob() error (Marc-Andre Lureau) [1571369 1533367] - [firmware] fw_cfg: remove inline from fw_cfg_read_blob() (Marc-Andre Lureau) [1571369 1533367] - [firmware] fw_cfg: fix sparse warnings around FW_CFG_FILE_DIR read (Marc-Andre Lureau) [1571369 1533367] - [firmware] fw_cfg: fix sparse warning reading FW_CFG_ID (Marc-Andre Lureau) [1571369 1533367] - [firmware] fw_cfg: fix sparse warnings with fw_cfg_file (Marc-Andre Lureau) [1571369 1533367] - [firmware] fw_cfg: fix sparse warnings in fw_cfg_sel_endianness() (Marc-Andre Lureau) [1571369 1533367] - [firmware] revert 'fw_cfg: add DMA register' (Marc-Andre Lureau) [1571369 1533367] - [firmware] revert 'fw_cfg: do DMA read operation' (Marc-Andre Lureau) [1571369 1533367] - [firmware] revert 'fw_cfg: write vmcoreinfo details' (Marc-Andre Lureau) [1571369 1533367] - [infiniband] mlx5: Set the default active rate and width to QDR and 4X (Honggang Li) [1570536 1554535] - [x86] spec_ctrl: disable IBRS in idle, part 2 (Josh Poimboeuf) [1570532 1558668] - [x86] platform/uv: Fix critical UV MMR address error (Frank Ramsay) [1570520 1562945] - [powerpc] pseries: Restore default security feature flags on setup (Mauricio Oliveira) [1570518 1561787] - [powerpc] Move default security feature flags (Mauricio Oliveira) [1570518 1561787] - [powerpc] pseries: Fix clearing of security feature flags (Mauricio Oliveira) [1570518 1561787] - [powerpc] 64s: Wire up cpu_show_spectre_v2() (Mauricio Oliveira) [1570518 1561787] - [powerpc] 64s: Wire up cpu_show_spectre_v1() (Mauricio Oliveira) [1570518 1561787] - [powerpc] pseries: Use the security flags in pseries_setup_rfi_flush() (Mauricio Oliveira) [1570518 1561787] - [powerpc] powernv: Use the security flags in pnv_setup_rfi_flush() (Mauricio Oliveira) [1570518 1561787] - [powerpc] 64s: Enhance the information in cpu_show_meltdown() (Mauricio Oliveira) [1570518 1561787] - [powerpc] 64s: Move cpu_show_meltdown() (Mauricio Oliveira) [1570518 1561787] - [powerpc] powernv: Set or clear security feature flags (Mauricio Oliveira) [1570518 1561787] - [powerpc] pseries: Set or clear security feature flags (Mauricio Oliveira) [1570518 1561787] - [powerpc] Add security feature flags for Spectre/Meltdown (Mauricio Oliveira) [1570518 1561787] - [powerpc] pseries: Add new H_GET_CPU_CHARACTERISTICS flags (Mauricio Oliveira) [1570518 1561787] - [powerpc] lib: seq: Add seq_buf_printf() (Mauricio Oliveira) [1570518 1561787] - [powerpc] rfi-flush: Call setup_rfi_flush() after LPM migration (Mauricio Oliveira) [1570509 1561785] - [powerpc] rfi-flush: Differentiate enabled and patched flush types (Mauricio Oliveira) [1570509 1561785] - [powerpc] rfi-flush: Always enable fallback flush on pseries (Mauricio Oliveira) [1570509 1561785] - [powerpc] rfi-flush: Make it possible to call setup_rfi_flush() again (Mauricio Oliveira) [1570509 1561785] - [powerpc] rfi-flush: Move the logic to avoid a redo into the debugfs code (Mauricio Oliveira) [1570509 1561785] - [fs] vfs: Remove incorrect debugging WARN in prepend_path (Frank Sorenson) [1568322 1481732] - [fs] xfs: fix transaction allocation deadlock in IO path (Eric Sandeen) [1568320 1551111] - [md] support to split big bio (Ming Lei) [1568070 1557434] - [block] introduce bio_split2() and bio_pair2_release() (Ming Lei) [1568070 1557434] - [netdrv] qed: Free reserved MR tid (Harish Patil) [1568069 1554217] - [netdrv] qed: Free RoCE ILT Memory on rmmod qedr (Harish Patil) [1568069 1554217] - [net] sctp: use right member as the param of list_for_each_entry (Xin Long) [1565983 1483445] - [net] sctp: reset owner sk for data chunks on out queues when migrating a sock (Xin Long) [1565983 1483445] - [net] xfrm: policy: check policy direction value (Bruno Eduardo de Oliveira Meneguele) [1479419 1479421] {CVE-2017-11600} - [x86] spec_ctrl: Fix late microcode problem with AMD (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] entry: Add missing '$' in IBRS macros (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] spec_ctrl: Clean up entry code & remove unused APIs (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] spec_ctrl: Mask off SPEC_CTRL MSR bits that are managed by kernel (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [fs] proc: Use CamelCase for SSBD (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] bugs: Rename _RDS to _SSBD (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [kernel] seccomp: Enable speculation flaw mitigations (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [fs] proc: Provide details on speculation flaw mitigations (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] nospec: Allow getting/setting on non-current task (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] speculation: Add prctl for Speculative Store Bypass mitigation (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] process: Allow runtime control of Speculative Store Bypass (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [uapi] prctl: Add speculation control prctls (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] kvm/vmx: Expose SPEC_CTRL Bit(2) to the guest (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] bugs/amd: Add support to disable RDS on Fam[15, 16, 17]h if requested (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] spec_ctrl: Sync up RDS setting with IBRS code (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] bugs: Expose /sys/../spec_store_bypass (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] bugs: Read SPEC_CTRL MSR during boot and re-use (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit (Waiman Long) [1566904 1566905] {CVE-2018-3639} - [x86] cpufeatures: Make CPU bugs sticky (Waiman Long) [1566904 1566905] {CVE-2018-3639} [3.10.0-862.4.1] - [powerpc] msi: Fix race condition in tearing down MSI interrupts (David Milburn) [1570511 1549680] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-11600 CVE-2018-3639 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [10.5.1-13.1] - Rebuild due to build system database problem [10.5.1-13] - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1585945 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC [rhel-7.5.z] (cfu) - Bugzilla Bug #1587826 - ExternalCA: Installation failed during csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor) - Bugzilla Bug #1588944 - Cert validation for installation with external CA cert [rhel-7.5.z] (edewata) - Bugzilla Bug #1588945 - CRMFPopClient tool - should allow option to do no key archival (cfu) - Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access [rhel-7.5.z] (ftweedal, cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, [10.5.1-12] - Updated 'jss' build and runtime requirements (mharmsen) - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu) - Bugzilla Bug #1572548 - IPA install with external-CA is failing when FIPS mode enabled. [rhel-7.5.z] (edewata) - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE [rhel-7.5.z] (cfu) - Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu) - Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs improvement [rhel-7.5.z] (jmagne) - Bugzilla Bug #1581135 - SAN in internal SSL server certificate in pkispawn configuration step [rhel-7.5.z] (cfu) - Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong input class_id [rhel-7.5.z] (cfu) - Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System 9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, [10.5.1-11] - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz [10.5.1-10] - ########################################################################## - # RHEL 7.5: - ########################################################################## - Bugzilla Bug #1550581 - CMCAuth throws org.mozilla.jss.crypto.TokenException: Unable to insert certificate into temporary database [rhel-7.5.z] (cfu) - Bugzilla Bug #1551067 - [MAN] Add --skip-configuration and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata) - Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers [rhel-7.5.z] (cheimes, mharmsen) - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a certifcate [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for standard conformance [rhel-7.5.z] (cfu) - Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu) - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu) - Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal) - Bugzilla Bug #1558919 - Not able to generate certificate request with ECC using pki client-cert-request [rhel-7.5.z] (akahat) - ########################################################################## - # RHCS 9.3: - ########################################################################## - # Bugzilla Bug #1560233 - libtps does not directly depend on libz MODERATE Copyright 2018 Oracle, Inc. CVE-2018-1080 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [3.9.0-14.el7_5.6] - logging: Don't inhibit shutdown in system daemon (rhbz#1573268) - util: don't check for parallel iteration in hash-related functions (rhbz#1581364) - cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639) - virNumaGetHugePageInfo: Return page_avail and page_free as ULL (rhbz#1582418) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3639 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1.5.3-156.el7_5.3] - kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch [bz#1584363] - kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch [bz#1584363] - Resolves: bz#1584363 (CVE-2018-3639 qemu-kvm: hw: cpu: AMD: speculative store bypass [rhel-7.5.z]) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3639 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:5:patch Oracle Linux 7 [60.1.0-4.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR [52.7.0-1] - Update to 52.7.0 ESR [52.6.0-2] - Build Firefox for desktop arches only (x86_64 and ppc64le) [52.6.0-1] - Update to 52.6.0 ESR [52.5.0-1] - Update to 52.5.0 ESR [52.4.0-1] - Update to 52.4.0 ESR [52.3.0-3] - Update to 52.3.0 ESR (b2) - Require correct nss version [52.2.0-1] - Update to 52.2.0 ESR [52.1.2-1] - Update to 52.1.2 ESR [52.0-7] - Added fix for accept language (rhbz#1454322) [52.0-6] - Removing patch required for older NSS from RHEL 7.3 - Added patch for rhbz#1414564 [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-12365 CVE-2018-12362 CVE-2017-7762 CVE-2018-12366 CVE-2018-5188 CVE-2018-12364 CVE-2018-12359 CVE-2018-12363 CVE-2018-5156 CVE-2018-6126 CVE-2018-12360 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [2.7.5-69.0.1] - Add Oracle Linux distribution in platform.py [orabug 20812544] [2.7.5-70] - Remove 3DS cipher to mitigate CVE-2016-2183 (sweet32). Resolves: rhbz#1584545 MODERATE Copyright 2018 Oracle, Inc. CVE-2016-2183 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [0.12.1.2-2.506.el6_10.1] - qemu-kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch [bz#1574074] - qemu-kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch [bz#1574074] - qemu-kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch [bz#1574074] - Resolves: bz#1574074 (CVE-2018-3639 qemu-kvm: hw: cpu: speculative store bypass [rhel-6.10.z]) [0.12.1.2-2.506.el6] - kvm-vga-add-share_surface-flag.patch [bz#1553674] - kvm-vga-add-sanity-checks.patch [bz#1553674] - Resolves: bz#1553674 (CVE-2018-7858 qemu-kvm: Qemu: cirrus: OOB access when updating vga display [rhel-6]) [0.12.1.2-2.505.el6] - kvm-target-i386-add-support-for-SPEC_CTRL-MSR.patch [bz#1525939 bz#1528024] - kvm-target-i386-cpu-add-new-CPUID-bits-for-indirect-bran.patch [bz#1525939 bz#1528024] - kvm-target-i386-cpu-add-new-CPU-models-for-indirect-bran.patch [bz#1525939 bz#1528024] - kvm-cirrus-fix-oob-access-in-mode4and5-write-functions.patch [bz#1501298] - kvm-vga-stop-passing-pointers-to-vga_draw_line-functions.patch [bz#1486641] - kvm-vga-check-the-validation-of-memory-addr-when-draw-te.patch [bz#1534692] - Resolves: bz#1486641 (CVE-2017-13672 qemu-kvm-rhev: Qemu: vga: OOB read access during display update [rhel-6.10]) - Resolves: bz#1501298 (CVE-2017-15289 qemu-kvm: Qemu: cirrus: OOB access issue in mode4and5 write functions [rhel-6.10]) - Resolves: bz#1525939 (CVE-2017-5715 qemu-kvm: hw: cpu: speculative execution branch target injection [rhel-6.10]) - Resolves: bz#1528024 (CVE-2017-5715 qemu-kvm-rhev: hw: cpu: speculative execution branch target injection [rhel-6.10]) - Resolves: bz#1534692 (CVE-2018-5683 qemu-kvm: Qemu: Out-of-bounds read in vga_draw_text routine [rhel-6.10]) - Resolves: bz#1549152 (qemu-kvm-rhev: remove unused patch file [rhel-6.10]) [0.12.1.2-2.504.el6] - kvm-vnc-apply-display-size-limits.patch [bz#1430616 bz#1430617] - kvm-fix-cirrus_vga-fix-OOB-read-case-qemu-Segmentation-f.patch [bz#1443448 bz#1443450] - kvm-cirrus-vnc-zap-bitblit-support-from-console-code.patch [bz#1443448 bz#1443450 bz#1447542 bz#1447545] - kvm-cirrus-avoid-write-only-variables.patch [bz#1444378 bz#1444380] - kvm-cirrus-stop-passing-around-dst-pointers-in-the-blitt.patch [bz#1444378 bz#1444380] - kvm-cirrus-stop-passing-around-src-pointers-in-the-blitt.patch [bz#1444378 bz#1444380] - kvm-cirrus-fix-off-by-one-in-cirrus_bitblt_rop_bkwd_tran.patch [bz#1444378 bz#1444380] - kvm-cirrus-fix-PUTPIXEL-macro.patch [bz#1444378 bz#1444380] - Resolves: bz#1430616 (CVE-2017-2633 qemu-kvm: Qemu: VNC: memory corruption due to unchecked resolution limit [rhel-6.10]) - Resolves: bz#1430617 (CVE-2017-2633 qemu-kvm-rhev: Qemu: VNC: memory corruption due to unchecked resolution limit [rhel-6.10]) - Resolves: bz#1443448 (CVE-2017-7718 qemu-kvm: Qemu: display: cirrus: OOB read access issue [rhel-6.10]) - Resolves: bz#1443450 (CVE-2017-7718 qemu-kvm-rhev: Qemu: display: cirrus: OOB read access issue [rhel-6.10]) - Resolves: bz#1444378 (CVE-2017-7980 qemu-kvm: Qemu: display: cirrus: OOB r/w access issues in bitblt routines [rhel-6.10]) - Resolves: bz#1444380 (CVE-2017-7980 qemu-kvm-rhev: Qemu: display: cirrus: OOB r/w access issues in bitblt routines [rhel-6.10]) - Resolves: bz#1447542 (CVE-2016-9603 qemu-kvm: Qemu: cirrus: heap buffer overflow via vnc connection [rhel-6.10]) - Resolves: bz#1447545 (CVE-2016-9603 qemu-kvm-rhev: Qemu: cirrus: heap buffer overflow via vnc connection [rhel-6.10]) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-7858 CVE-2017-13672 CVE-2018-3639 CVE-2018-5683 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 Oracle Linux 6 [2.6.32-754.2.1.OL6] - Update genkey [bug 25599697] [2.6.32-754.2.1] - [x86] entry/64: Don't use IST entry for #BP stack (Waiman Long) [1596113] {CVE-2018-10872} - [fs] gfs2: Flush delayed work earlier in gfs2_inode_lookup (Andreas Grunbacher) [1506281] - [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1576757] {CVE-2018-10675} - [mm] Fix NULL pointer dereference in dequeue_hwpoisoned_huge_page() (Larry Woodman) [1381653] - [fs] NFSv4.1: Fix up replays of interrupted requests (Benjamin Coddington) [1553423] - [fs] NFSv4.1: Simplify struct nfs4_sequence_args too (Benjamin Coddington) [1553423] - [fs] NFSv4.1: Label each entry in the session slot tables with its slot number (Benjamin Coddington) [1553423] - [fs] NFSv4.1: Shrink struct nfs4_sequence_res by moving the session pointer (Benjamin Coddington) [1553423] - [fs] NFSv4.1: nfs4_alloc_slots doesn't need zeroing (Benjamin Coddington) [1553423] - [fs] NFSv4.1: clean up nfs4_recall_slot to use nfs4_alloc_slots (Benjamin Coddington) [1553423] - [fs] NFSv4.1: Fix a NFSv4.1 session initialisation regression (Benjamin Coddington) [1553423] - [scsi] ipr: Fix sync scsi scan (Gustavo Duarte) [1572310] - [scsi] ipr: Wait to do async scan until scsi host is initialized (Gustavo Duarte) [1572310] [2.6.32-754.1.1] - [x86] microcode: Fix CPU synchronization routine (Prarit Bhargava) [1574592] - [x86] microcode: Synchronize late microcode loading (Prarit Bhargava) [1574592] - [x86] microcode: Request microcode on the BSP (Prarit Bhargava) [1574592] - [x86] microcode: Sanitize per-cpu microcode reloading interface (Prarit Bhargava) [1574592] - [x86] virt_spec_ctrl: Set correct host SSDB value for AMD (Waiman Long) [1584356] {CVE-2018-3639} - [x86] spec_ctrl: Eliminate TIF_SSBD checks in IBRS on/off functions (Waiman Long) [1584356] {CVE-2018-3639} - [x86] spec_ctrl: Disable SSBD update from scheduler if not user settable (Waiman Long) [1584356] {CVE-2018-3639} - [x86] spec_ctrl: Make ssbd_enabled writtable (Waiman Long) [1584356] {CVE-2018-3639} - [x86] spec_ctrl: Remove thread_info check in __wrmsr_on_cpu() (Waiman Long) [1584356] {CVE-2018-3639} - [x86] spec_ctrl: Write per-thread SSBD state to spec_ctrl_pcp (Waiman Long) [1584356] {CVE-2018-3639} - [x86] spec_ctrl: Add a read-only ssbd_enabled debugfs file (Waiman Long) [1584356] {CVE-2018-3639} - [x86] bugs: Switch the selection of mitigation from CPU vendor to CPU features (Waiman Long) [1584356] {CVE-2018-3639} - [x86] bugs: Add AMD's SPEC_CTRL MSR usage (Waiman Long) [1584356] {CVE-2018-3639} - [x86] bugs: Add AMD's variant of SSB_NO (Waiman Long) [1584356] {CVE-2018-3639} - [x86] bugs/intel: Set proper CPU features and setup RDS (Waiman Long) [1584356] {CVE-2018-3639} - [x86] KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES (Waiman Long) [1584356] {CVE-2018-3639} - [x86] KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD (Waiman Long) [1584356] {CVE-2018-3639} - [x86] speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG (Waiman Long) [1584356] {CVE-2018-3639} - [x86] bugs: Rework spec_ctrl base and mask logic (Waiman Long) [1584356] {CVE-2018-3639} - [x86] spec_ctrl: Rework SPEC_CTRL update after late microcode loading (Waiman Long) [1584356] {CVE-2018-3639} - [x86] spec_ctrl: Make sync_all_cpus_ibrs() write spec_ctrl_pcp value (Waiman Long) [1584356] {CVE-2018-3639} - [x86] bugs: Unify x86_spec_ctrl_{set_guest, restore_host} (Waiman Long) [1584356] {CVE-2018-3639} - [x86] speculation: Rework speculative_store_bypass_update() (Waiman Long) [1584356] {CVE-2018-3639} - [x86] speculation: Add virtualized speculative store bypass disable support (Waiman Long) [1584356] {CVE-2018-3639} - [x86] bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL (Waiman Long) [1584356] {CVE-2018-3639} - [x86] KVM: Rename KVM SPEC_CTRL MSR functions to match upstream (Waiman Long) [1584356] {CVE-2018-3639} - [x86] speculation: Handle HT correctly on AMD (Waiman Long) [1584356] {CVE-2018-3639} - [x86] cpufeatures: Add FEATURE_ZEN (Waiman Long) [1584356] {CVE-2018-3639} - [x86] cpufeatures: Disentangle SSBD enumeration (Waiman Long) [1584356] {CVE-2018-3639} - [x86] cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS (Waiman Long) [1584356] {CVE-2018-3639} - [x86] speculation: Use synthetic bits for IBRS/IBPB/STIBP (Waiman Long) [1584356] {CVE-2018-3639} - [x86] bugs: Fix missing void (Waiman Long) [1584356] {CVE-2018-3639} - [documentation] spec_ctrl: Do some minor cleanups (Waiman Long) [1584356] {CVE-2018-3639} - [x86] speculation: Make 'seccomp' the default mode for Speculative Store Bypass (Waiman Long) [1584356] {CVE-2018-3639} - [kernel] seccomp: Move speculation migitation control to arch code (Waiman Long) [1584356] {CVE-2018-3639} - [kernel] seccomp: Use PR_SPEC_FORCE_DISABLE (Waiman Long) [1584356] {CVE-2018-3639} - [uapi] prctl: Add force disable speculation (Waiman Long) [1584356] {CVE-2018-3639} - [kernel] seccomp: Enable speculation flaw mitigations (Waiman Long) [1584356] {CVE-2018-3639} - [fs] proc: Provide details on speculation flaw mitigations (Waiman Long) [1584356] {CVE-2018-3639} - [x86] nospec: Allow getting/setting on non-current task (Waiman Long) [1584356] {CVE-2018-3639} - [x86] spec_ctrl: Show IBPB in the Spectre_v2 sysfs file (Waiman Long) [1584356] {CVE-2018-3639} - [x86] pti: Check MSR_IA32_ARCH_CAPABILITIES for Meltdown vulnearability (Waiman Long) [1584356] {CVE-2018-3639} - [x86] spec_ctrl: Sync up naming of SPEC_CTRL MSR bits with upstream (Waiman Long) [1584356] {CVE-2018-3639} - [x86] pti: Fix kexec warning on debug kernel (Waiman Long) [1584356] {CVE-2018-3639} - [x86] kvm/fpu: Enable eager FPU restore (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] always enable eager FPU by default (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Load xsave pointer *after* initialization (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Fix 32-bit signal frame handling (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Always restore_xinit_state() when use_eager_cpu() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Rename drop_init_fpu() to fpu_reset_state() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Fix math_state_restore() race with kernel_fpu_begin() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Fold __drop_fpu() into its sole user (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Don't abuse drop_init_fpu() in flush_thread() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Introduce restore_init_xstate() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Document user_fpu_begin() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Factor out memset(xstate, 0) in fpu_finit() paths (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Change xstateregs_get()/set() to use ->xsave.i387 rather than ->fxsave (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Always allow FPU in interrupt if use_eager_fpu() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Don't abuse has_fpu in __kernel_fpu_begin/end() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Introduce per-cpu in_kernel_fpu state (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Check tsk_used_math() in kernel_fpu_end() for eager FPU (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Change math_error() to use unlazy_fpu(), kill (now) unused save_init_fpu() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] Merge simd_math_error() into math_error() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Don't do __thread_fpu_end() if use_eager_fpu() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Don't reset thread.fpu_counter (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: shift drop_init_fpu() from save_xstate_sig() to handle_signal() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] Allow FPU to be used at interrupt time even with eagerfpu (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387.c: Initialize thread xstate only on CPU0 only once (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] kvm: fix kvm's usage of kernel_fpu_begin/end() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] rhel: initialize scattered CPUID features early (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: make eagerfpu= boot param tri-state (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: enable eagerfpu by default for xsaveopt (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: decouple non-lazy/eager fpu restore from xsave (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: use non-lazy fpu restore for processors supporting xsave (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: remove unnecessary user_fpu_end() in save_xstate_sig() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: drop_fpu() before restoring new state from sigframe (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Unify signal handling code paths for x86 and x86_64 kernels (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: drop the fpu state during thread exit (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] signals: ia32_signal.c: add __user casts to fix sparse warnings (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Consolidate inline asm routines for saving/restoring fpu state (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] signal: Cleanup ifdefs and is_ia32, is_x32 (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu/xsave: Keep __user annotation in casts (Paolo Bonzini) [1589047] {CVE-2018-3665} (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] extable: Remove open-coded exception table entries in arch/x86/include/asm/xsave.h (Paolo Bonzini) [1589047] {CVE-2018-3665} into exported and internal interfaces (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: Uninline the generic FP helpers that we expose to kernel modules (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: (DON'T ACTUALLY) support lazy restore of FPU state (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: use 'restore_fpu_checking()' directly in task switching code (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: fix up some fpu_counter confusion (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: re-introduce FPU state preloading at context switch time (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: move TS_USEDFPU flag from thread_info to task_struct (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: move AMD K7/K8 fpu fxsave/fxrstor workaround from save to restore (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: do not preload FPU state at task switch time (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: don't ever touch TS_USEDFPU directly, use helper functions (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: move TS_USEDFPU clearing out of __save_init_fpu and into callers (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: fix x86-64 preemption-unsafe user stack save/restore (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] i387: math_state_restore() isn't called from asm (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fix potentially dangerous trailing '; ' in #defined values/expressions (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] x86-32, fpu: Fix FPU exception handling on non-SSE systems (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] Fix common misspellings (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] kvm: Initialize fpu state in preemptible context (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Merge fpu_save_init() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] x86-32, fpu: Rewrite fpu_save_init() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Remove PSHUFB_XMM5_* macros (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Remove unnecessary ifdefs from i387 code. (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] x86-64, fpu: Simplify constraints for fxsave/fxtstor (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] x86-64, fpu: Fix cs value in convert_from_fxsr() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] x86-64, fpu: Disable preemption when using TS_USEDFPU (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Merge __save_init_fpu() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Merge tolerant_fwait() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] fpu: Merge fpu_init() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] xsave: Disable xsave in i387 emulation mode (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] xsave: Make xstate_enable_boot_cpu() __init, protect on CPU 0 (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] xsave: Add __init attribute to setup_xstate_features() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] xsave: Make init_xstate_buf static (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] xsave: Check cpuid level for XSTATE_CPUID (0x0d) (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] xsave: Introduce xstate enable functions (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] xsave: Do not include asm/i387.h in asm/xsave.h (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] Avoid unnecessary __clear_user() and xrstor in signal handling (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] xsave: Cleanup return codes in check_for_xstate() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] xsave: Separate fpu and xsave initialization (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] xsave: Move boot cpu initialization to xsave_init() (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] Revert '[x86] fpu: change save_i387_xstate() to rely on unlazy_fpu()' (Paolo Bonzini) [1589047] {CVE-2018-3665} - [x86] Revert '[x86] fpu: shift clear_used_math() from save_i387_xstate() to handle_signal()' (Paolo Bonzini) [1589047] {CVE-2018-3665} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-10675 CVE-2018-3665 CVE-2018-10872 CVE-2018-3639 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.0.14-9] - fix CVE-2018-12020 - missing sanitization of original filename IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-12020 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 7 [2.0.22-5] - fix CVE-2018-12020 - missing sanitization of original filename IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-12020 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:linux:7::beta cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ol7 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ol7 Oracle Linux 7 [1:2.0.0-7] - Fix possible heap memory corruption, CVE-2017-17833 Resolves: #1575698 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-17833 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:7:base Oracle Linux 6 [1:1.8.0.181-7.b13] - Update to aarch64-jdk8u181-b13. - Remove 8187577/PR3578 now applied upstream. - Resolves: rhbz#1594249 [1:1.8.0.181-3.b04] - Fix hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 [1:1.8.0.181-3.b04] - Fix requires/provides filters for internal libs. See RHBZ#1590796 - Resolves: rhbz#1594249 [1:1.8.0.181-2.b04] - Add '8206406, PR3610, RH1597825: StubCodeDesc constructor publishes partially-constructed objects on StubCodeDesc::_list' - Resolves: rhbz#1594249 [1:1.8.0.181-1.b04] - Add hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 [1:1.8.0.181-1.b04] - Mark bugs that have been pushed to 8u upstream and are scheduled for a release. - Resolves: rhbz#1594249 [1:1.8.0.181-1.b04] - Update to aarch64-jdk8u181-b04 and aarch64-shenandoah-jdk8u181-b04. - Resolves: rhbz#1594249 [1:1.8.0.181-0.b03] - Update to aarch64-jdk8u181-b03 and aarch64-shenandoah-jdk8u181-b03. - Remove AArch64 patch for PR3458/RH1540242 as applied upstream. - Resolves: rhbz#1594249 [1:1.8.0.172-2.b11] - Remove build flags exemption for aarch64 now the platform is more mature and can bootstrap OpenJDK with these flags. - Resolves: rhbz#1594249 [1:1.8.0.172-2.b11] - Fix a number of bad bug identifiers (PR3546 should be PR3578, PR3456 should be PR3546) - Resolves: rhbz#1594249 [1:1.8.0.172-2.b11] - Split PR3458/RH1540242 fix into AArch64 & Zero sections, as their upstream trajectories differ. - Enable patch570 missed in last changeset. - Resolves: rhbz#1594249 [1:1.8.0.172-1.b11] - Sync with IcedTea 3.8.0. - Label architecture-specific fixes with architecture concerned - x86: S8199936, PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations (-mstackrealign workaround) - PR3539, RH1548475: Pass EXTRA_LDFLAGS to HotSpot build - 8171000, PR3542, RH1402819: Robot.createScreenCapture() crashes in wayland mode - 8197546, PR3542, RH1402819: Fix for 8171000 breaks Solaris + Linux builds - 8185723, PR3553: Zero: segfaults on Power PC 32-bit - 8186461, PR3557: Zero's atomic_copy64() should use SPE instructions on linux-powerpcspe - PR3559: Use ldrexd for atomic reads on ARMv7. - 8187577, PR3578: JVM crash during gc doing concurrent marking - 8201509, PR3579: Zero: S390 31bit atomic_copy64 inline assembler is wrong - 8165489, PR3589: Missing G1 barrier in Unsafe_GetObjectVolatile - PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code - 8184309, PR3596: Build warnings from GCC 7.1 on Fedora 26 - Resolves: rhbz#1594249 [1:1.8.0.172-0.b11] - Update to aarch64-jdk8u172-b11 and aarch64-shenandoah-jdk8u172-b11. - Resolves: rhbz#1594249 [1:1.8.0.171-11.b12] - Update to aarch64-jdk8u171-b12 and aarch64-shenandoah-jdk8u171-b12. - Remove patch for 8200556/PR3566 as applied upstream. - Resolves: rhbz#1594249 [1:1.8.0.171-11.b10] - Fix jconsole.desktop.in subcategory, replacing 'Monitor' with 'Profiling' (PR3550) - Resolves: rhbz#1594249 [1:1.8.0.171-11.b10] - Fix invalid license 'LGPL+' (should be LGPLv2+ for ECC code) and add missing ones - Resolves: rhbz#1594249 [1:1.8.0.171-10.b03] - added missing hooks for c-j-c - Resolves: rhbz#1594249 [1:1.8.0.171-9.b10] - added and applied 1566890_embargoed20180521.patch - Resolves: rhbz#1578548 MODERATE Copyright 2018 Oracle, Inc. CVE-2018-2952 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [1:1.8.0.181-7.b13] - Update to aarch64-jdk8u181-b13 and aarch64-shenandoah-jdk8u181-b13. - Remove 8187577/PR3578 now applied upstream. - Resolves: rhbz#1594249 [1:1.8.0.181-3.b04] - Fix hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 [1:1.8.0.181-3.b04] - Fix requires/provides filters for internal libs. See RHBZ#1590796 - Resolves: rhbz#1594249 [1:1.8.0.181-3.b04] - Update bug status and add missing bug IDs - Resolves: rhbz#1594249 [1:1.8.0.181-2.b04] - Add '8206406, PR3610, RH1597825: StubCodeDesc constructor publishes partially-constructed objects on StubCodeDesc::_list' - Resolves: rhbz#1594249 [1:1.8.0.181-1.b04] - Add hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 [1:1.8.0.181-1.b04] - Mark bugs that have been pushed to 8u upstream and are scheduled for a release. - Resolves: rhbz#1594249 [1:1.8.0.181-1.b04] - Update to aarch64-jdk8u181-b04 and aarch64-shenandoah-jdk8u181-b04. - Resolves: rhbz#1594249 [1:1.8.0.181-0.b03] - Update to aarch64-jdk8u181-b03 and aarch64-shenandoah-jdk8u181-b03. - Remove AArch64 patch for PR3458/RH1540242 as applied upstream. - Resolves: rhbz#1594249 [1:1.8.0.172-4.b11] - Read jssecacerts file prior to trying either cacerts file (system or local) (PR3575) - Resolves: rhbz#1593737 [1:1.8.0.172-3.b11] - Update Shenandoah tarball to fix TCK overflow failure. - Resolves: rhbz#1588364 [11:1.8.0.172-3.b11] - jsa files changed to 444 to pass rpm verification - Fix reg-ex for filtering private libraries' provides/requires. - Resolves: rhbz#1588364 [1:1.8.0.172-2.b11] - Remove build flags exemption for aarch64 now the platform is more mature and can bootstrap OpenJDK with these flags. - Remove duplicate -fstack-protector-strong; it is provided by the RHEL cflags. - Resolves: rhbz#1588364 [1:1.8.0.172-1.b11] - Fix a number of bad bug identifiers (PR3546 should be PR3578, PR3456 should be PR3546) - Resolves: rhbz#1588364 [1:1.8.0.172-1.b11] - Update Shenandoah tarball to include 2018-05-15 merge. - Split PR3458/RH1540242 fix into AArch64 & Zero sections, so former can be skipped on Shenandoah builds. - Drop PR3573 patch applied upstream. - Restrict 8187577 fix to non-Shenandoah builds, as it's included in the new tarball. - Resolves: rhbz#1588364 [1:1.8.0.172-1.b11] - Sync with IcedTea 3.8.0. - Label architecture-specific fixes with architecture concerned - x86: S8199936, PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations (-mstackrealign workaround) - PR3539, RH1548475: Pass EXTRA_LDFLAGS to HotSpot build - 8171000, PR3542, RH1402819: Robot.createScreenCapture() crashes in wayland mode - 8197546, PR3542, RH1402819: Fix for 8171000 breaks Solaris + Linux builds - 8185723, PR3553: Zero: segfaults on Power PC 32-bit - 8186461, PR3557: Zero's atomic_copy64() should use SPE instructions on linux-powerpcspe - PR3559: Use ldrexd for atomic reads on ARMv7. - 8187577, PR3578: JVM crash during gc doing concurrent marking - 8201509, PR3579: Zero: S390 31bit atomic_copy64 inline assembler is wrong - 8165489, PR3589: Missing G1 barrier in Unsafe_GetObjectVolatile - PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code - 8184309, PR3596: Build warnings from GCC 7.1 on Fedora 26 - Resolves: rhbz#1588364 [1:1.8.0.172-0.b11] - Update to aarch64-jdk8u172-b11 and aarch64-shenandoah-jdk8u172-b11. - Resolves: rhbz#1588364 [1:1.8.0.171-9.b12] - Update to aarch64-jdk8u171-b12 and aarch64-shenandoah-jdk8u171-b12. - Remove patch for 8200556/PR3566 as applied upstream. - Resolves: rhbz#1588364 MODERATE Copyright 2018 Oracle, Inc. CVE-2018-2952 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [52.9.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.9.1-1] - Update to 52.9.1 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-12365 CVE-2018-12360 CVE-2018-5188 CVE-2018-12359 CVE-2018-12362 CVE-2018-12363 CVE-2018-12366 CVE-2018-12373 CVE-2018-12374 CVE-2018-12364 CVE-2018-12372 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [52.9.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.9.1-1] - Update to 52.9.1 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-12364 CVE-2018-12360 CVE-2018-12365 CVE-2018-12372 CVE-2018-12373 CVE-2018-12363 CVE-2018-12366 CVE-2018-12374 CVE-2018-12362 CVE-2018-5188 CVE-2018-12359 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [1:1.7.0.191-2.6.15.4.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.191-2.6.15.4] - Bump to revised 2.6.15 tarball with PR3616 -notimestamp javadoc fix - Resolves: rhbz#1594249 [1:1.7.0.191-2.6.15.3] - Bump to revised 2.6.15 tarball with jdk7u191-b01 - Resolves: rhbz#1594249 [1:1.7.0.191-2.6.15.2] - Fix hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 [1:1.7.0.191-2.6.15.2] - Fix requires/provides filters for internal libs. See RHBZ#1590796 - Resolves: rhbz#1594249 [1:1.7.0.191-2.6.15.1] - Bump to revised 2.6.15 tarball with PR3604 - Resolves: rhbz#1594249 [1:1.7.0.191-2.6.15.0] - Bump to 2.6.15 and u191b00. - Drop PR3608/RH1566890/CVE-2018-3639 patch now applied upstream. - Resolves: rhbz#1594249 [1:1.7.0.181-2.6.14.12] - Add hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 [1:1.7.0.181-2.6.14.12] - Introduce stapinstall variable to set SystemTap arch directory correctly (e.g. arm64 on aarch64) - ABS_JAVA_HOME_DIR is no longer used in the latest tapsets - Resolves: rhbz#1594249 [1:1.7.0.181-2.6.14.12] - Cleanup RH1566890 patch and differentiate from java-1.8.0-openjdk version. - Resolves: rhbz#1594249 [1:1.7.0.181-2.6.14.12] - jsa files changed to 444 to pass rpm verification - Add reg-ex for filtering private libraries' provides/requires. - Resolves: rhbz#1594249 [1:1.7.0.181-2.6.14.11] - Fix patch files to appease git apply --stat - Resolves: rhbz#1578551 MODERATE Copyright 2018 Oracle, Inc. CVE-2018-2952 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1.1.30-42.0.1] - add dependency btrfs-progs for yum-plugin-fs-snapshot (guangyu.sun@oracle.com) [bug 16285176] - use unified btrfs binary instead of btrfsctl (guangyu.sun@oracle.com) [bug 16285176] [-1.1.30-42] - reposync: prevent path traversal. - Resolves: bug#1600619 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-10897 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 7 [1.1.31-46.0.1] - needs-restarting not checking kernel-uek for reboot message [Orabug 27189714] - add bug27596617.patch to remove upstream URL reference [1.1.31-46] - reposync: prevent path traversal. - Resolves: bug#1600617 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-10897 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [1:1.7.0.191-2.6.15.4.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.191-2.6.15.4] - Bump to revised 2.6.15 tarball with PR3616 -notimestamp javadoc fix - Resolves: rhbz#1594249 [1:1.7.0.191-2.6.15.3] - Bump to revised 2.6.15 tarball with jdk7u191-b01 - Resolves: rhbz#1594249 [1:1.7.0.191-2.6.15.2] - Fix hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 [1:1.7.0.191-2.6.15.2] - Fix requires/provides filters for internal libs. See RHBZ#1590796 - Resolves: rhbz#1594249 [1:1.7.0.191-2.6.15.1] - Bump to revised 2.6.15 tarball with PR3604 - Resolves: rhbz#1594249 [1:1.7.0.191-2.6.15.0] - Bump to 2.6.15 and u191b00. - Drop PR3608/RH1566890/CVE-2018-3639 patch now applied upstream. - Resolves: rhbz#1594249 [1:1.7.0.181-2.6.14.10] - Add hook to show hs_err*.log files on failures. - Resolves: rhbz#1594249 [1:1.7.0.181-2.6.14.10] - Cleanup RH1566890 patch and differentiate from java-1.8.0-openjdk version. - Resolves: rhbz#1594249 [1:1.7.0.181-2.6.14.10] - jsa files changed to 444 to pass rpm verification - Add reg-ex for filtering private libraries' provides/requires. - Resolves: rhbz#1594249 [1:1.7.0.181-2.6.14.9] - Fix patch files to appease git apply --stat - Resolves: rhbz#1578560 [1:1.7.0.181-2.6.14.8] - added and applied 1566890_embargoed20180521.patch - Resolves: rhbz#1578560 [1:1.7.0.181-2.6.14.5] - added depndence on latest c-j-c who do not have the incorrect jre-abrt handling - Resolves: rhbz#1559766 [1:1.7.0.181-2.6.14.3] MODERATE Copyright 2018 Oracle, Inc. CVE-2018-2952 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [2.0.0-3] - Fix possible heap memory corruption, CVE-2017-17833 Resolves: #1575699 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-17833 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [3.10.0-862.11.6.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-862.11.6] - [kernel] cpu/hotplug: Fix 'online' sysfs entry with 'nosmt' (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} [3.10.0-862.11.5] - [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} [3.10.0-862.11.4] - [net] ipv6: fix nospec-related regression in ipv6_addr_prefix() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3693} [3.10.0-862.11.3] - [net] tcp: add tcp_ooo_try_coalesce() helper (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: call tcp_drop() from tcp_data_queue_ofo() (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: avoid collapses in tcp_prune_queue() if possible (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] net: add rb_to_skb() and other rb tree helpers (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: fix a stale ooo_last_skb after a replace (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: use an RB tree for ooo receive queue (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: increment sk_drops for dropped rx packets (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [x86] x86/syscall: Fix regression when using the last syscall (pkey_free) (Lauro Ramos Venancio) [1589033 1589035] {CVE-2018-3693} [3.10.0-862.11.2] - [kernel] cpu: hotplug: detect SMT disabled by BIOS (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [documentation] l1tf: Fix typos (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Remove extra newline in vmentry_l1d_flush sysfs file (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Initialize the vmx_l1d_flush_pages' content (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] speculation: l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [documentation] Add section about CPU vulnerabilities (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] bugs, kvm: introduce boot-time control of L1TF mitigations (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu: hotplug: Set CPU_SMT_NOT_SUPPORTED early (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu: hotplug: Expose SMT control init function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Allow runtime control of L1D flush (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Serialize L1D flush parameter setter (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Add static key for flush always (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Move l1tf setup function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Handle EPT disabled state proper (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Drop L1TF MSR list approach (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] litf: Introduce vmx status variable (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] bugs: Make cpu_show_common() static (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] bugs: Concentrate bug reporting into a separate function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu: hotplug: Online siblings when SMT control is turned on (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Use MSR save list for IA32_FLUSH_CMD if required (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Separate the VMX AUTOLOAD guest/host number accounting (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Add find_msr() helper function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Split the VMX MSR LOAD structures to have an host/guest numbers (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: mitigation for L1 cache terminal fault vulnerabilities, part 3 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu: hotplug: Boot HT siblings at least once, part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] speculation/l1tf: fix typo in l1tf mitigation string (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: mitigation for L1 cache terminal fault vulnerabilities, part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - Revert 'x86/apic: Ignore secondary threads if nosmt=force' (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] speculation/l1tf: Protect PAE swap entries against L1TF (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] speculation/l1tf: Extend 64bit swap file size limit (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu/AMD: Remove the pointless detect_ht() call (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] bugs: Move the l1tf function and define pr_fmt properly (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT, part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] topology: Provide topology_smt_supported() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] smp: Provide topology_is_primary_thread(), part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] apic: Ignore secondary threads if nosmt=force (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu/AMD: Evaluate smp_num_siblings early (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] CPU/AMD: Do not check CPUID max ext level before parsing SMP info (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu/intel: Evaluate smp_num_siblings early (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu/topology: Provide detect_extended_topology_early() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu/common: Provide detect_ht_early() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu: Remove the pointless CPU printout (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Split do_cpu_down() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] smp: Provide topology_is_primary_thread() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] CPU: Modify detect_extended_topology() to return result (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: fix build for CONFIG_NUMA_BALANCING=n (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: sync with latest L1TF patches (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_NUMA PTEs and PMDs against speculation (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [mm] l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Report if too much memory for L1TF workaround (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Limit swap file size to MAX_PA/2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Add sysfs reporting for l1tf (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Make sure the first page is always reserved (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Protect PROT_NONE PTEs against speculation (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Protect swap entries against L1TF (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Increase 32bit PAE __PHYSICAL_PAGE_MASK (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] mm: Fix swap entry comment and macro (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] add support for L1D flush MSR (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: mitigation for L1 cache terminal fault vulnerabilities (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} [3.10.0-862.11.1] - [tcmu] allow userspace to reset ring (Xiubo Li) [1599669 1562587] - [tcmu] remove commands_lock (Xiubo Li) [1599669 1562587] - [tcmu] move expired command completion to unmap thread (Xiubo Li) [1599669 1562587] - [tcmu] add cmd timeout handling wq (Xiubo Li) [1599669 1562587] - [tcmu] don't block submitting context for block waits (Xiubo Li) [1599669 1562587] - [tcmu] fix double se_cmd completion (Xiubo Li) [1599669 1562587] - [tcmu] replace spin lock with mutex (Xiubo Li) [1599669 1562587] - [target] add SAM_STAT_BUSY sense reason (Xiubo Li) [1599669 1562587] - [target] core: add device action configfs files (Xiubo Li) [1599669 1562587] - [target] Avoid mappedlun symlink creation during lun shutdown (Xiubo Li) [1599656 1585081] - [spectre] update Spectre v1 mitigation string (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [spectre] fix hiddev nospec issues (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] syscall: clarify clobbered registers in entry code (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [powerpc] add missing barrier_nospec() in __get_user64_nocheck() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [spectre] fix gadgets found by smatch scanner (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] rme9652: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] hdspm: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] asihpi: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] opl3: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] hda: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] seq: oss: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] seq: oss: Fix unbalanced use lock for synth MIDI device (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [net] atm: Fix potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [kernel] time: Protect posix clock array access against speculation (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [kernel] sys.c: fix potential Spectre v1 issue (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [sched] autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [perf] core: Fix possible Spectre-v1 indexing for ->aux_pages[] (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [sysvipc] sem: mitigate semnum index against spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [alsa] control: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [usbip] vhci_sysfs: fix potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [media] dvb_ca_en50221: prevent using slot_info for Spectre attacs (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [media] dvb_ca_en50221: sanity check slot number from userspace (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [atm] zatm: Fix potential Spectre v1 (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] kvm: Update spectre-v1 mitigation (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] kvm: Add memory barrier on vmcs field lookup (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] perf/msr: Fix possible Spectre-v1 indexing in the MSR driver (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] perf: Fix possible Spectre-v1 indexing for x86_pmu::event_map() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] perf: Fix possible Spectre-v1 indexing for hw_perf_event cache_* (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [net] nl80211: Sanitize array index in parse_txq_params (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [include] vfs, fdtable: Prevent bounds-check bypass via speculative execution (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] syscall: Sanitize syscall table de-references under speculation (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [powerpc] Use barrier_nospec in copy_from_user() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [include] nospec: Introduce barrier_nospec for other arches (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] Introduce barrier_nospec (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] spectre_v1: Disable compiler optimizations over array_index_mask_nospec() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] Implement array_index_mask_nospec (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [documentation] Document array_index_nospec (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} dependency (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [include] nospec: Allow index argument to have const-qualified type (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [include] nospec: Kill array_index_nospec_mask_check() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [include] nospec: Move array_index_nospec() parameter checking into separate macro (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [include] array_index_nospec: Sanitize speculative array de-references (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] get_user: Use pointer masking to limit speculation (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] Introduce __uaccess_begin_nospec() and uaccess_try_nospec (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] usercopy: Replace open coded stac/clac with __uaccess_{begin, end} (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] reorganize SMAP handling in user space accesses (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] uaccess: Tell the compiler that uaccess is unlikely to fault (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} - [x86] uaccess: fix sparse errors (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3690} [3.10.0-862.10.1] - [x86] add _TIF_UPROBE to _TIF_DO_NOTIFY_MASK (Oleg Nesterov) [1595155 1579521] - [x86] spec_ctrl: Always clear SPEC_CTRL MSRs when disabling IBRS (Radomir Vrbovsky) [1586150 1574730] - [sound] alsa: hda/realtek - Add headset mode support for Dell laptop (Jaroslav Kysela) [1588946 1528587] - [sound] alsa: hda/realtek - Support headset mode for ALC215/ALC285/ALC289 (Jaroslav Kysela) [1593586 1535427] - [mm] compaction: release zone irqlock in isolate_freepages_block (Andrea Arcangeli) [1596283 1582793] - [mm] compaction: change the timing to check to drop the spinlock (Andrea Arcangeli) [1596283 1582793] - [fs] dcache.c: add cond_resched() in shrink_dentry_list() (Aaron Tomlin) [1596184 1584693] - [misc] vmware balloon: Treat init like reset (Cathy Avery) [1595601 1540110] - [netdrv] qede: Fix ref-cnt usage count (Chad Dupuis) [1594700 1574847] - [x86] kvm: fix LAPIC timer drift when guest uses periodic mode ('Dr. David Alan Gilbert') [1594292 1584775] - [x86] kvm: remove APIC Timer periodic/oneshot spikes ('Dr. David Alan Gilbert') [1594292 1584775] - [netdrv] mlx4_en: Increase number of default RX rings (Erez Alfasi) [1594127 1520295] - [netdrv] mlx4_en: Limit the number of RX rings (Erez Alfasi) [1594127 1520295] - [netdrv] mlx4_en: Limit the number of TX rings (Erez Alfasi) [1594127 1520295] - [fs] ceph: don't set read_ahead_kb to 0 by default (Ilya Dryomov) [1590825 1579539] - [scsi] qla2xxx: Remove stale debug value for login_retry flag (Himanshu Madhani) [1588937 1578880] - [x86] topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations (Prarit Bhargava) [1588563 1582023] - [acpi] osi: Add OEM _OSI strings to disable NVidia RTD3 (Jaroslav Kysela) [1584685 1581391] - [hv] vmbus: Fix a rescind issue (Eduardo Otubo) [1582124 1518498] - [linux] libata: enable host-wide tags (Ewan Milne) [1581728 1491014] - [ata] libata: remove ATA_FLAG_LOWTAG (Ewan Milne) [1581728 1491014] - [ata] Add a new flag to destinguish sas controller (Ewan Milne) [1581728 1491014] - [ata] libata: make sata_sil24 use fifo tag allocator (Ewan Milne) [1581728 1491014] - [ata] libata: move sas ata tag allocation to libata-scsi.c (Ewan Milne) [1581728 1491014] - [ata] libata: use blk taging (Ewan Milne) [1581728 1491014] - [nvme] rdma: Use mr pool (David Milburn) [1581347 1547273] - [nvme] rdma: Check remotely invalidated rkey matches our expected rkey (David Milburn) [1581347 1547273] - [nvme] rdma: wait for local invalidation before completing a request (David Milburn) [1581347 1547273] - [nvme] rdma: don't complete requests before a send work request has completed (David Milburn) [1581347 1547273] - [nvme] rdma: don't suppress send completions (David Milburn) [1581347 1547273] - [x86] kvm: Fix loss of pending INIT due to race (Radim Krcmar) [1580467 1569473] - [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1576759 1576755] {CVE-2018-10675} - [sound] alsa: seq: Fix racy pool initializations (Jaroslav Kysela) [1550171 1593586 1550169 1535427] {CVE-2018-7566} - [crypto] algif_skcipher: Load TX SG list after waiting (Bruno Eduardo de Oliveira Meneguele) [1541870 1541875] {CVE-2017-13215} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3620 CVE-2017-13215 CVE-2018-5390 CVE-2018-3646 CVE-2018-3693 CVE-2018-7566 CVE-2018-10675 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ol7 Oracle Linux 6 [2.6.32-754.3.5.OL6] - Update genkey [bug 25599697] [2.6.32-754.3.5] - [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Frantisek Hrbata) [1593376] {CVE-2018-3620} [2.6.32-754.3.4] - [x86] x86/mm: Simplify p[g4um]d_page() macros (Josh Poimboeuf) [1593376] {CVE-2018-3620} - [x86] x86/mm: Fix regression with huge pages on PAE (Josh Poimboeuf) [1593376] {CVE-2018-3620} - [x86] x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Josh Poimboeuf) [1593376] {CVE-2018-3620} - [x86] x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Josh Poimboeuf) [1593376] {CVE-2018-3620} - [x86] x86/asm: Move PUD_PAGE macros to page_types.h (Josh Poimboeuf) [1593376] {CVE-2018-3620} - [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Florian Westphal) [1611376] {CVE-2018-5390} - [net] tcp: avoid collapses in tcp_prune_queue() if possible (Florian Westphal) [1611376] {CVE-2018-5390} - [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Florian Westphal) [1611376] {CVE-2018-5390} - [net] add rb_to_skb() and other rb tree helpers (Florian Westphal) [1611376] {CVE-2018-5390} - [net] tcp: fix a stale ooo_last_skb after a replace (Florian Westphal) [1611376] {CVE-2018-5390} - [net] tcp: use an RB tree for ooo receive queue (Florian Westphal) [1611376] {CVE-2018-5390} - [net] add rbnode to struct sk_buff (Florian Westphal) [1611376] {CVE-2018-5390} - [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Florian Westphal) [1611376] {CVE-2018-5390} [2.6.32-754.3.3] - [x86] syscall: Fix regression when using the last syscall (process_vm_writev) (Lauro Ramos Venancio) [1589032] {CVE-2018-3693} - [x86] syscall: Fix regression on strace and stap (Lauro Ramos Venancio) [1589032] {CVE-2018-3693} [2.6.32-754.3.2] - [kvm] VMX: Fix host GDT.LIMIT corruption (CVE-2018-10301) (Paolo Bonzini) [1601851] {CVE-2018-10901} - [x86] Initialize __max_smt_threads to 1 (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: detect SMT disabled by BIOS (Waiman Long) [1593376] {CVE-2018-3620} - [x86] topology: Add topology_max_smt_threads() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Fix incorrect error return code in vm_insert_pfn() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Initialize the vmx_l1d_flush_pages' content (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Don't flush L1D cache if VMENTER_L1D_FLUSH_NEVER (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Take out the unused nosmt module parameter (Waiman Long) [1593376] {CVE-2018-3620} - [x86] mm/dump_pagetables: Add a check_l1tf debugfs file (Waiman Long) [1593376] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_FILE PTEs against speculation for 32-bit PAE (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Protect swap entries aganst L1TF for 32-bit PAE (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu: Make flush_l1d visible in /proc/cpuinfo (Waiman Long) [1593376] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Waiman Long) [1593376] {CVE-2018-3620} - [Documentation] Add section about CPU vulnerabilities (Waiman Long) [1593376] {CVE-2018-3620} - [x86] bugs, kvm: Introduce boot-time control of L1TF mitigations (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Expose SMT control init function (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Allow runtime control of L1D flush (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Serialize L1D flush parameter setter (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Move l1tf setup function (Waiman Long) [1593376] {CVE-2018-3620} - [x86] l1tf: Handle EPT disabled state proper (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Drop L1TF MSR list approach (Waiman Long) [1593376] {CVE-2018-3620} - [x86] litf: Introduce vmx status variable (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Online siblings when SMT control is turned on (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Add find_msr() helper function (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Add L1D flush logic (Waiman Long) [1593376] {CVE-2018-3620} - [kvm] VMX: Make indirect call speculation safe (Waiman Long) [1593376] {CVE-2018-3620} - [kvm] VMX: Enable acknowledge interupt on vmexit (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Add L1D MSR based flush (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Add L1D flush algorithm (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Add module argument for L1TF mitigation (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Waiman Long) [1593376] {CVE-2018-3620} - [kvm] x86: Introducing kvm_x86_ops VM init/destroy hooks (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once (Waiman Long) [1593376] {CVE-2018-3620} - [x86] Revert 'x86/apic: Ignore secondary threads if nosmt=force' (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Waiman Long) [1593376] {CVE-2018-3620} - [x86] CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpufeatures: Add detection of L1D cache flush support. (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Extend 64bit swap file size limit (Waiman Long) [1593376] {CVE-2018-3620} - [x86] apic: Ignore secondary threads if nosmt=force (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu/AMD: Evaluate smp_num_siblings early (Waiman Long) [1593376] {CVE-2018-3620} - [x86] CPU/AMD: Do not check CPUID max ext level before parsing SMP info (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu/intel: Evaluate smp_num_siblings early (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu/topology: Provide detect_extended_topology_early() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu/common: Provide detect_ht_early() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu/AMD: Remove the pointless detect_ht() call (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu: Remove the pointless CPU printout (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Split do_cpu_down() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] topology: Provide topology_smt_supported() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] smp: Provide topology_is_primary_thread() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] bugs: Move the l1tf function and define pr_fmt properly (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Limit swap file size to MAX_PA/2 (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Add sysfs reporting for l1tf (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Protect PROT_NONE PTEs against speculation (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Protect swap entries against L1TF (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Change order of offset/type in swap entry (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu: Fix incorrect vulnerabilities files function prototypes (Waiman Long) [1593376] {CVE-2018-3620} - [x86] bugs: Export the internal __cpu_bugs variable (Waiman Long) [1593376] {CVE-2018-3620} - [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] intel-family.h: Add GEMINI_LAKE SOC (Waiman Long) [1593376] {CVE-2018-3620} - [x86] mm: Fix swap entry comment and macro (Waiman Long) [1593376] {CVE-2018-3620} - [x86] mm: Move swap offset/type up in PTE to work around erratum (Waiman Long) [1593376] {CVE-2018-3620} [2.6.32-754.3.1] - [infiniband] ib/iser: Rewrite bounce buffer code path (Don Dutile) [1585312] - [sound] alsa: pcm: prevent UAF in snd_pcm_info (CVE-2017-0861) (Jaroslav Kysela) [1565188] {CVE-2017-0861} - [sound] alsa: seq: Fix racy pool initializations (Jaroslav Kysela) [1550176] {CVE-2018-7566} - [sound] alsa: seq: Fix use-after-free at creating a port (Jaroslav Kysela) [1503383] {CVE-2017-15265} - [sound] alsa: seq: Make ioctls race-free (Jaroslav Kysela) [1537452] {CVE-2018-1000004} - [mm] reduce total RAM held in per-CPU pvecs by flushing them on compound/THP page arrival (Larry Woodman) [1575819] - [usb] acm: fix the computation of the number of data bits (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [misc] spectre: fix gadgets found by smatch scanner, part 2 (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] kvm/vmx: Remove barrier_nospec() in slot_largepage_idx() (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [kvm] Remove memory alias support (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [misc] spectre: fix gadgets found by smatch scanner (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [sound] alsa: rme9652: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [sound] alsa: opl3: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [sound] alsa: hda: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [sound] alsa: seq: oss: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [sound] alsa: seq: oss: Fix unbalanced use lock for synth MIDI device (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [net] atm: Fix potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [kernel] posix-timers: Protect posix clock array access against speculation (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [kernel] sys.c: fix potential Spectre v1 issue (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [kernel] sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [kernel] perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [ipc] sysvipc/sem: mitigate semnum index against spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [sound] alsa: control: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [media] dvb_ca_en50221: prevent using slot_info for Spectre attacs (Josh Poimboeuf) [1589032] {CVE-2018-3693} - media] dvb_ca_en50221: sanity check slot number from userspace (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [atm] zatm: Fix potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] perf: Fix possible Spectre-v1 indexing for x86_pmu::event_map() (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] perf: Fix possible Spectre-v1 indexing for hw_perf_event cache_* (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [net] nl80211: Sanitize array index in parse_txq_params (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [include] vfs, fdtable: Prevent bounds-check bypass via speculative execution (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] syscall: Sanitize syscall table de-references under speculation (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [powerpc] Use barrier_nospec in copy_from_user() (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [include] nospec: Introduce barrier_nospec for other arches (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] Introduce barrier_nospec (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] spectre_v1: Disable compiler optimizations over array_index_mask_nospec() (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] Implement array_index_mask_nospec (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [documentation] Document array_index_nospec (Josh Poimboeuf) [1589032] {CVE-2018-3693} dependency (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [include] nospec: Allow index argument to have const-qualified type (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [include] nospec: Kill array_index_nospec_mask_check() (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [include] nospec: Move array_index_nospec() parameter checking into separate macro (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [include] array_index_nospec: Sanitize speculative array de-references (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] get_user: Use pointer masking to limit speculation (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] Introduce __uaccess_begin_nospec() and uaccess_try_nospec (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] reorganize SMAP handling in user space accesses (Josh Poimboeuf) [1589032] {CVE-2018-3693} - [x86] uaccess: Tell the compiler that uaccess is unlikely to fault (Josh Poimboeuf) [1589032] {CVE-2018-3693} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-0861 CVE-2018-3693 CVE-2018-3620 CVE-2018-10901 CVE-2018-3646 CVE-2018-5390 CVE-2018-7566 CVE-2018-1000004 CVE-2017-15265 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 Oracle Linux 7 [1:5.5.60-1] - Rebase to 5.5.60 - CVE's fixed: #1558256, #1558260, #1559060 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2017-10379 CVE-2017-10384 CVE-2017-10378 CVE-2017-10268 CVE-2018-2562 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2819 CVE-2018-2817 CVE-2018-2761 CVE-2018-2781 CVE-2018-2771 CVE-2018-2813 - Resolves: #1535217, #1491833, #1511982, #1145455, #1461692 MODERATE Copyright 2018 Oracle, Inc. CVE-2017-10268 CVE-2018-2622 CVE-2018-2640 CVE-2017-3636 CVE-2017-10378 CVE-2018-2562 CVE-2017-10384 CVE-2018-2755 CVE-2017-10379 CVE-2018-2781 CVE-2018-2813 CVE-2017-3653 CVE-2018-2819 CVE-2017-3641 CVE-2017-3651 CVE-2018-2665 CVE-2018-2761 CVE-2018-2668 CVE-2018-2767 CVE-2018-2817 CVE-2018-2771 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ol7 Oracle Linux 7 [1.5.3-156.el7_5.5] - kvm-multiboot-bss_end_addr-can-be-zero.patch [bz#1549824] - kvm-multiboot-Remove-unused-variables-from-multiboot.c.patch [bz#1549824] - kvm-multiboot-Use-header-names-when-displaying-fields.patch [bz#1549824] - kvm-multiboot-fprintf-stderr.-error_report.patch [bz#1549824] - kvm-multiboot-Reject-kernels-exceeding-the-address-space.patch [bz#1549824] - kvm-multiboot-Check-validity-of-mh_header_addr.patch [bz#1549824] - kvm-slirp-remove-mbuf-m_hdr-m_dat-indirection.patch [bz#1586248] - kvm-slirp-correct-size-computation-while-concatenating-m.patch [bz#1586248] - Resolves: bz#1549824 (CVE-2018-7550 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.5.z]) - Resolves: bz#1586248 (CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-7.5.z]) [1.5.3-156.el7_5.4] - kvm-target-i386-introduce-kvm_put_one_msr.patch [bz#1596302] - kvm-apic-fix-2.2-2.1-migration.patch [bz#1596302] - kvm-x86-lapic-Load-LAPIC-state-at-post_load.patch [bz#1596302] - kvm-apic-drop-debugging.patch [bz#1596302] - kvm-apic-set-APIC-base-as-part-of-kvm_apic_put.patch [bz#1596302] - Resolves: bz#1596302 (Windows 2012 Guest hangs after live migration with RTC clock stopped. [rhel-7.5.z]) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-7550 CVE-2018-11806 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:5:patch Oracle Linux 6 Oracle Linux 7 [5:1.5.21-28] - Resolves: CVE-2018-14354 CVE-2018-14357 CVE-2018-14362 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-14362 CVE-2018-14357 CVE-2018-14354 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [9.2.24-1] - update to the latest 9.2 release - fix CVE-2018-10915 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-10915 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [32:9.9.4-61.1] - Fix CVE-2018-5740 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5740 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [32:9.8.2-0.68.rc1.1] - Fix CVE-2018-5740 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5740 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 Oracle Linux 7 [60.2.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 CRITICAL Copyright 2018 Oracle, Inc. CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12379 CVE-2018-12378 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 spice [0.14.0-2.0.2] - add arm suppport [0.14.0-2.5] - Fix flexible array buffer overflow Resolves: rhbz#1596008 spice-gtk [0.34-3.2] - Fix flexible array buffer overflow Resolves: rhbz#1596008 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-10873 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 spice-gtk [0.26-8.1] - Fix flexible array buffer overflow Resolves: rhbz#1596008 spice-server [0.12.4-16.1] - Fix flexible array buffer overflow Resolves: rhbz#1596008 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-10873 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [2.0.4-12] - Fix CVE-2011-2767 (arbitrary Perl code execution in the context of the user account via a user-owned .htaccess) (bug #1626272) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2011-2767 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [3.10.0-862.14.4.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-862.14.4] - [scsi] Revert: lpfc: Fix port initialization failure (Radomir Vrbovsky) [1605235 1584377] - [scsi] Revert: qla2xxx: Fix NULL pointer access for fcport structure (Radomir Vrbovsky) [1597546 1547714] [3.10.0-862.14.3] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634} [3.10.0-862.14.2] - [uio] fix possible circular locking dependency (Xiubo Li) [1608677 1560418] - [scsi] tcmu: Don't pass KERN_ERR to pr_err (Xiubo Li) [1608677 1560418] - [scsi] tcmu: add module wide block/reset_netlink support (Xiubo Li) [1608677 1560418] - [scsi] tcmu: simplify nl interface (Xiubo Li) [1608677 1560418] - [scsi] tcmu: track nl commands (Xiubo Li) [1608677 1560418] - [scsi] tcmu: delete unused __wait (Xiubo Li) [1608677 1560418] - [uio] fix crash after the device is unregistered (Xiubo Li) [1608677 1560418] - [uio] change to use the mutex lock instead of the spin lock (Xiubo Li) [1608677 1560418] - [uio] Prevent device destruction while fds are open (Xiubo Li) [1608677 1560418] - [uio] Reduce return paths from uio_write() (Xiubo Li) [1608677 1560418] - [uio] fix incorrect memory leak cleanup (Xiubo Li) [1608677 1560418] - [uio] add missing error codes (Xiubo Li) [1608677 1560418] - [uio] fix false positive __might_sleep warning splat (Xiubo Li) [1608677 1560418] - [uio] Destroy uio_idr on module exit (Xiubo Li) [1608677 1560418] - [uio] don't free irq that was not requested (Xiubo Li) [1608677 1560418] - [uio] support memory sizes larger than 32 bits (Xiubo Li) [1608677 1560418] - [uio] we cannot mmap unaligned page contents (Xiubo Li) [1608677 1560418] - [uio] Pass pointers to virt_to_page(), not integers (Xiubo Li) [1608677 1560418] - [uio] fix memory leak (Xiubo Li) [1608677 1560418] - [uio] Request/free irq separate from dev lifecycle (Xiubo Li) [1608677 1560418] - [uio] Simplify uio error path by using devres functions (Xiubo Li) [1608677 1560418] [3.10.0-862.14.1] - [x86] microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [1619622 1614515] - [infiniband] core: Fix nospec regression (Josh Poimboeuf) [1619624 1616346] - [x86] microcode/amd: Do not load when running on a hypervisor (Vitaly Kuznetsov) [1618390 1607899] [3.10.0-862.13.1] - [infiniband] ib/ipoib: Fix race condition in neigh creation (Don Dutile) [1616164 1520300] - [gpu] qxl: hook monitors_config updates into crtc, not encoder (Gerd Hoffmann) [1614349 1544322] - [gpu] qxl: move qxl_send_monitors_config() (Gerd Hoffmann) [1614349 1544322] - [gpu] qxl: remove qxl_io_log() (Gerd Hoffmann) [1614349 1544322] - [kernel] locking: Introduce smp_mb__after_spinlock() (Steve Best) [1613814 1496574] - [scsi] ibmvfc: Avoid unnecessary port relogin (Steve Best) [1613202 1605080] - [powerpc] stf-barrier: update (rfi_)enabled_flush_types as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: update debugfs as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: update handle_ssbd() as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: update stf_barrier_enable() as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: add cpu_show_spec_store_bypass() as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: add comment as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: move code from setup_64.c to security.c as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: move code from setup.h to security_features.h as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: update fallback routine as in upstream (Gustavo Duarte) [1612353 1585297] - [powerpc] stf-barrier: update entry barrier slot as in upstream (Gustavo Duarte) [1612353 1585297] - [nvmet-fc] move tech preview warning to nvmet_fc_register_targetport call (Ewan Milne) [1610381 1608947] - [nvme-fc] move tech preview warning to nvme_fc_register_localport call (Ewan Milne) [1610381 1608947] - [block] blk-throttle: check stats_cpu before reading it from sysfs (Ming Lei) [1608228 1567748] - [powerpc] signals: Discard transaction state from signal frames (Steve Best) [1608227 1586153] - [ipc] shm.c: add split function to shm_vm_ops (Desnes Augusto Nunes do Rosario) [1608225 1586152] - [scsi] lpfc: Fix port initialization failure (Dick Kennedy) [1605235 1584377] - [vmbus] fix the missed signaling in hv_signal_on_read() (Vitaly Kuznetsov) [1605089 1591976] - [infiniband] ib/ipoib: Fix for potential no-carrier state (Donald Dutile) [1601935 1548474] - [vmwgfx] refuse to hibernate if we have any resources. (v2) (Dave Airlie) [1601516 1595136] - [netdrv] sfc: stop the TX queue before pushing new buffers (Xin Long) [1601353 1445576] - [lib] rhashtable: Fix rhlist duplicates insertion (Xin Long) [1601009 1559106] - [kernel] hrtimer: Allow concurrent hrtimer_start() for self restarting timers (Oleksandr Natalenko) [1600911 1574387] - [iommu] amd: Add NULL sanity check for struct irq_2_irte.ir_data (Suravee Suthikulpanit) [1600661 1542697] - [hid] wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large (Benjamin Tissoires) [1600660 1591499] - [md] avoid NULL dereference to queue pointer (Ming Lei) [1600056 1581845] - [scsi] qla2xxx: Fix NULL pointer access for fcport structure (Himanshu Madhani) [1597546 1547714] - [scsi] csiostor: Add a soft dep on cxgb4 driver (Arjun Vynipadath) [1597529 1584003] - [mm] initialize pages on demand during boot (Masayoshi Mizuma) [1588366 1496330] - [mm] split deferred_init_range into initializing and freeing parts (Masayoshi Mizuma) [1588366 1496330] - [kernel] cpu/hotplug: Fix 'online' sysfs entry with 'nosmt' (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [net] ipv6: fix nospec-related regression in ipv6_addr_prefix() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3693} - [net] tcp: add tcp_ooo_try_coalesce() helper (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: call tcp_drop() from tcp_data_queue_ofo() (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: avoid collapses in tcp_prune_queue() if possible (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] add rb_to_skb() and other rb tree helpers (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: fix a stale ooo_last_skb after a replace (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: use an RB tree for ooo receive queue (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [net] tcp: increment sk_drops for dropped rx packets (Paolo Abeni) [1611368 1611369] {CVE-2018-5390} - [x86] x86/syscall: Fix regression when using the last syscall (pkey_free) (Lauro Ramos Venancio) [1589033 1589035] {CVE-2018-3693} - [kernel] cpu: hotplug: detect SMT disabled by BIOS (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [documentation] l1tf: Fix typos (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Remove extra newline in vmentry_l1d_flush sysfs file (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Initialize the vmx_l1d_flush_pages' content (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] speculation: l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [documentation] Add section about CPU vulnerabilities (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] bugs, kvm: introduce boot-time control of L1TF mitigations (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu: hotplug: Set CPU_SMT_NOT_SUPPORTED early (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu: hotplug: Expose SMT control init function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Allow runtime control of L1D flush (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Serialize L1D flush parameter setter (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Add static key for flush always (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Move l1tf setup function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Handle EPT disabled state proper (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Drop L1TF MSR list approach (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] litf: Introduce vmx status variable (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] bugs: Make cpu_show_common() static (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] bugs: Concentrate bug reporting into a separate function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu: hotplug: Online siblings when SMT control is turned on (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Use MSR save list for IA32_FLUSH_CMD if required (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Separate the VMX AUTOLOAD guest/host number accounting (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Add find_msr() helper function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: vmx: Split the VMX MSR LOAD structures to have an host/guest numbers (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: mitigation for L1 cache terminal fault vulnerabilities, part 3 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu: hotplug: Boot HT siblings at least once, part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] speculation/l1tf: fix typo in l1tf mitigation string (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: mitigation for L1 cache terminal fault vulnerabilities, part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - Revert 'x86/apic: Ignore secondary threads if nosmt=force' (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] speculation/l1tf: Protect PAE swap entries against L1TF (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] speculation/l1tf: Extend 64bit swap file size limit (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu/AMD: Remove the pointless detect_ht() call (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] bugs: Move the l1tf function and define pr_fmt properly (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT, part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] topology: Provide topology_smt_supported() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] smp: Provide topology_is_primary_thread(), part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] apic: Ignore secondary threads if nosmt=force (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu/AMD: Evaluate smp_num_siblings early (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] CPU/AMD: Do not check CPUID max ext level before parsing SMP info (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu/intel: Evaluate smp_num_siblings early (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu/topology: Provide detect_extended_topology_early() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu/common: Provide detect_ht_early() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] cpu: Remove the pointless CPU printout (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [kernel] cpu/hotplug: Split do_cpu_down() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] smp: Provide topology_is_primary_thread() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] CPU: Modify detect_extended_topology() to return result (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: fix build for CONFIG_NUMA_BALANCING=n (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: sync with latest L1TF patches (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_NUMA PTEs and PMDs against speculation (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [mm] l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Report if too much memory for L1TF workaround (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Limit swap file size to MAX_PA/2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Add sysfs reporting for l1tf (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Make sure the first page is always reserved (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Protect PROT_NONE PTEs against speculation (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Protect swap entries against L1TF (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] l1tf: Increase 32bit PAE __PHYSICAL_PAGE_MASK (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] mm: Fix swap entry comment and macro (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] add support for L1D flush MSR (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} - [x86] kvm: mitigation for L1 cache terminal fault vulnerabilities (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620} [3.10.0-862.12.1] - [fs] CIFS: Fix NULL pointer deref on SMB2_tcon() failure (Leif Sahlberg) [1609159 1591092] - [net] multicast: do not restore deleted record source filter mode to new one (Hangbin Liu) [1610380 1586321] - [net] multicast: remove useless parameter for group add (Hangbin Liu) [1610380 1586321] - [net] ipv6/mcast: init as INCLUDE when join SSM INCLUDE group (Hangbin Liu) [1610380 1586321] - [net] ipv4/igmp: init group mode as INCLUDE when join source group (Hangbin Liu) [1610380 1586321] - [net] ipv6: mcast: fix unsolicited report interval after receiving querys (Hangbin Liu) [1610380 1586321] - [net] ipv6: refactor ipv6_dev_mc_inc() (Hangbin Liu) [1610380 1586321] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-14634 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [1.3.7.5-28] - Bump version to 1.3.7.5-28 - Resolves: Bug 1628676 - 389-ds-base: race condition on reference counter leads to DoS using persistent search - Resolves: Bug 1628677 - Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly [1.3.7.5-27] - Bump version to 1.3.7.5-27 - Resolves: Bug 1623247 - Crash in vslapd_log_emergency_error [1.3.7.5-26] - Bump version to 1.3.7.5-26 - Resolves: Bug 1615924 - Fine grained password policy can impact search performance - Resolves: Bug 1614836 - Disable nunc-stans by default - Resolves: Bug 1614861 - ldapsearch with server side sort crashes the ldap server MODERATE Copyright 2018 Oracle, Inc. CVE-2018-10935 CVE-2018-14638 CVE-2018-10850 CVE-2018-14624 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [0.8.8-4] - Add patch for CVE-2018-6560 (#1547376) MODERATE Copyright 2018 Oracle, Inc. CVE-2018-6560 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [3.36.0-7] - Backport upstream fix for CVE-2018-12384 - Remove nss-lockcert-api-change.patch, which turned out to be a mistake (the symbol was not exported from libnss) [3.36.0-6] - Exercise SSL tests which only run under non-FIPS setting MODERATE Copyright 2018 Oracle, Inc. CVE-2018-12384 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [60.2.1-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [60.2.1-1] - Update to 60.2.1 ESR MODERATE Copyright 2018 Oracle, Inc. CVE-2018-12383 CVE-2018-12385 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [2.6.32-754.6.3.OL6] - Update genkey [bug 25599697] [2.6.32-754.6.3] - [kvm] VMX: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1628796] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1628796] - [x86] KVM: VMX: skip L1TF flush on VM-entry if EPT is disabled (Marcelo Tosatti) [1616397] [2.6.32-754.6.2] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625976] {CVE-2018-14634} - [fs] exec.c: account for argv/envp pointers (Yauheni Kaliuta) [1625976] {CVE-2018-14634} [2.6.32-754.6.1] - [x86] set __max_smt_threads for 1 core systems (Prarit Bhargava) [1623255] - [md] dm rq: fix a race condition in rq_completed() (Ming Lei) [1574568] - [scsi] scsi_transport_fc: Hold queue lock while calling blk_run_queue_async() (Ming Lei) [1574568] - [block] Avoid scheduling delayed work on a dead queue (Ming Lei) [1574568] - [block] Avoid that request_fn is invoked on a dead queue (Ming Lei) [1574568] - [block] Let blk_drain_queue() caller obtain the queue lock (Ming Lei) [1574568] - [block] Rename queue dead flag (Ming Lei) [1574568] [2.6.32-754.5.1] - [s390] dasd: fix IO error for newly defined devices (Hendrik Brueckner) [1574448] - [s390] dasd: fix failing path verification (Hendrik Brueckner) [1581684] - [s390] qeth: on channel error, reject further cmd requests (Hendrik Brueckner) [1562009] - [s390] qdio: fix access to uninitialized qdio_q fields (Hendrik Brueckner) [1581685] - [powerpc] stf-barrier: update (rfi_)enabled_flush_types as in upstream (Gustavo Duarte) [1585299] - [powerpc] stf-barrier: update debugfs as in upstream (Gustavo Duarte) [1585299] - [powerpc] stf-barrier: update handle_ssbd() as in upstream (Gustavo Duarte) [1585299] - [powerpc] stf-barrier: update stf_barrier_enable() as in upstream (Gustavo Duarte) [1585299] - [powerpc] stf-barrier: add cpu_show_spec_store_bypass() as in upstream (Gustavo Duarte) [1585299] - [powerpc] stf-barrier: add comment as in upstream (Gustavo Duarte) [1585299] - [powerpc] stf-barrier: move code from setup_64.c to security.c as in upstream (Gustavo Duarte) [1585299] - [powerpc] stf-barrier: move code from setup.h to security_features.h as in upstream (Gustavo Duarte) [1585299] - [powerpc] stf-barrier: update fallback routine as in upstream (Gustavo Duarte) [1585299] - [powerpc] stf-barrier: update entry barrier slot as in upstream (Gustavo Duarte) [1585299] - [x86] Add host_initiated check in reading MSR_AMD64_VIRT_SPEC_CTRL (Wei Huang) [1608576] - [x86] KVM: pass host_initiated to functions that read MSRs (Wei Huang) [1608576] - [fs] gfs2: Special-case rindex for gfs2_grow (Robert S Peterson) [1384184] - [fs] Revert '[fs] gfs2: Special case the rindex in gfs2_write_alloc_required()' (Robert S Peterson) [1384184] - [net] ip: process in-order fragments efficiently (Stefano Brivio) [1613925] {CVE-2018-5391} - [net] ip: add helpers to process in-order fragments faster. (Stefano Brivio) [1613925] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Stefano Brivio) [1613925] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue. (Stefano Brivio) [1613925] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments. (Stefano Brivio) [1613925] {CVE-2018-5391} - [net] net: modify skb_rbtree_purge to return the truesize of all purged skbs. (Stefano Brivio) [1613925] {CVE-2018-5391} - [net] net: speed up skb_rbtree_purge() (Stefano Brivio) [1613925] {CVE-2018-5391} - [net] skbuff: Rename RHEL6 version of skb_tree_purge() to skb_tree_purge_sk() (Stefano Brivio) [1613925] {CVE-2018-5391} [2.6.32-754.4.1] - [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Frantisek Hrbata) [1593376] {CVE-2018-3620} - [x86] x86/mm: Simplify p[g4um]d_page() macros (Josh Poimboeuf) [1593376] {CVE-2018-3620} - [x86] x86/mm: Fix regression with huge pages on PAE (Josh Poimboeuf) [1593376] {CVE-2018-3620} - [x86] x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Josh Poimboeuf) [1593376] {CVE-2018-3620} - [x86] x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Josh Poimboeuf) [1593376] {CVE-2018-3620} - [x86] x86/asm: Move PUD_PAGE macros to page_types.h (Josh Poimboeuf) [1593376] {CVE-2018-3620} - [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Florian Westphal) [1611376] {CVE-2018-5390} - [net] tcp: avoid collapses in tcp_prune_queue() if possible (Florian Westphal) [1611376] {CVE-2018-5390} - [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Florian Westphal) [1611376] {CVE-2018-5390} - [net] add rb_to_skb() and other rb tree helpers (Florian Westphal) [1611376] {CVE-2018-5390} - [net] tcp: fix a stale ooo_last_skb after a replace (Florian Westphal) [1611376] {CVE-2018-5390} - [net] tcp: use an RB tree for ooo receive queue (Florian Westphal) [1611376] {CVE-2018-5390} - [net] add rbnode to struct sk_buff (Florian Westphal) [1611376] {CVE-2018-5390} - [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Florian Westphal) [1611376] {CVE-2018-5390} - [x86] syscall: Fix regression when using the last syscall (process_vm_writev) (Lauro Ramos Venancio) [1589032] {CVE-2018-3693} - [x86] syscall: Fix regression on strace and stap (Lauro Ramos Venancio) [1589032] {CVE-2018-3693} - [kvm] VMX: Fix host GDT.LIMIT corruption (CVE-2018-10301) (Paolo Bonzini) [1601851] {CVE-2018-10901} - [x86] Initialize __max_smt_threads to 1 (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: detect SMT disabled by BIOS (Waiman Long) [1593376] {CVE-2018-3620} - [x86] topology: Add topology_max_smt_threads() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Fix incorrect error return code in vm_insert_pfn() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Initialize the vmx_l1d_flush_pages' content (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Don't flush L1D cache if VMENTER_L1D_FLUSH_NEVER (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Take out the unused nosmt module parameter (Waiman Long) [1593376] {CVE-2018-3620} - [x86] mm/dump_pagetables: Add a check_l1tf debugfs file (Waiman Long) [1593376] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_FILE PTEs against speculation for 32-bit PAE (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Protect swap entries aganst L1TF for 32-bit PAE (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu: Make flush_l1d visible in /proc/cpuinfo (Waiman Long) [1593376] {CVE-2018-3620} - [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Waiman Long) [1593376] {CVE-2018-3620} - [Documentation] Add section about CPU vulnerabilities (Waiman Long) [1593376] {CVE-2018-3620} - [x86] bugs, kvm: Introduce boot-time control of L1TF mitigations (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Expose SMT control init function (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Allow runtime control of L1D flush (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Serialize L1D flush parameter setter (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Move l1tf setup function (Waiman Long) [1593376] {CVE-2018-3620} - [x86] l1tf: Handle EPT disabled state proper (Waiman Long) [1593376] {CVE-2018-3620} - [x86] kvm: Drop L1TF MSR list approach (Waiman Long) [1593376] {CVE-2018-3620} - [x86] litf: Introduce vmx status variable (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Online siblings when SMT control is turned on (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Add find_msr() helper function (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Add L1D flush logic (Waiman Long) [1593376] {CVE-2018-3620} - [kvm] VMX: Make indirect call speculation safe (Waiman Long) [1593376] {CVE-2018-3620} - [kvm] VMX: Enable acknowledge interupt on vmexit (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Add L1D MSR based flush (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Add L1D flush algorithm (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM/VMX: Add module argument for L1TF mitigation (Waiman Long) [1593376] {CVE-2018-3620} - [x86] KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Waiman Long) [1593376] {CVE-2018-3620} - [kvm] x86: Introducing kvm_x86_ops VM init/destroy hooks (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Boot HT siblings at least once (Waiman Long) [1593376] {CVE-2018-3620} - [x86] Revert 'x86/apic: Ignore secondary threads if nosmt=force' (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Waiman Long) [1593376] {CVE-2018-3620} - [x86] CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpufeatures: Add detection of L1D cache flush support. (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Extend 64bit swap file size limit (Waiman Long) [1593376] {CVE-2018-3620} - [x86] apic: Ignore secondary threads if nosmt=force (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu/AMD: Evaluate smp_num_siblings early (Waiman Long) [1593376] {CVE-2018-3620} - [x86] CPU/AMD: Do not check CPUID max ext level before parsing SMP info (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu/intel: Evaluate smp_num_siblings early (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu/topology: Provide detect_extended_topology_early() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu/common: Provide detect_ht_early() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu/AMD: Remove the pointless detect_ht() call (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu: Remove the pointless CPU printout (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Provide knobs to control SMT (Waiman Long) [1593376] {CVE-2018-3620} - [kernel] cpu/hotplug: Split do_cpu_down() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] topology: Provide topology_smt_supported() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] smp: Provide topology_is_primary_thread() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] bugs: Move the l1tf function and define pr_fmt properly (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Limit swap file size to MAX_PA/2 (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Add sysfs reporting for l1tf (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Protect PROT_NONE PTEs against speculation (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Protect swap entries against L1TF (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Change order of offset/type in swap entry (Waiman Long) [1593376] {CVE-2018-3620} - [x86] speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Waiman Long) [1593376] {CVE-2018-3620} - [x86] cpu: Fix incorrect vulnerabilities files function prototypes (Waiman Long) [1593376] {CVE-2018-3620} - [x86] bugs: Export the internal __cpu_bugs variable (Waiman Long) [1593376] {CVE-2018-3620} - [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Waiman Long) [1593376] {CVE-2018-3620} - [x86] intel-family.h: Add GEMINI_LAKE SOC (Waiman Long) [1593376] {CVE-2018-3620} - [x86] mm: Fix swap entry comment and macro (Waiman Long) [1593376] {CVE-2018-3620} - [x86] mm: Move swap offset/type up in PTE to work around erratum (Waiman Long) [1593376] {CVE-2018-3620} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5391 CVE-2018-14634 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 Oracle Linux 7 [60.2.2-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [60.2.2-1] - Update to 60.2.2 ESR CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-12386 CVE-2018-12387 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [3.12.2-18] - fixes bugs bz#1524336 bz#1622029 bz#1622452 [3.12.2-17] - fixes bugs bz#1615578 bz#1619416 bz#1619538 bz#1620469 bz#1620765 [3.12.2-16] - fixes bugs bz#1569657 bz#1608352 bz#1609163 bz#1609724 bz#1610825 bz#1611151 bz#1612098 bz#1615338 bz#1615440 [3.12.2-15] - fixes bugs bz#1589279 bz#1598384 bz#1599362 bz#1599998 bz#1600790 bz#1601331 bz#1603103 [3.12.2-14] - fixes bugs bz#1547903 bz#1566336 bz#1568896 bz#1578716 bz#1581047 bz#1581231 bz#1582066 bz#1593865 bz#1597506 bz#1597511 bz#1597654 bz#1597768 bz#1598105 bz#1598356 bz#1599037 bz#1599823 bz#1600057 bz#1601314 [3.12.2-13] - fixes bugs bz#1493085 bz#1518710 bz#1554255 bz#1558948 bz#1558989 bz#1559452 bz#1567001 bz#1569312 bz#1569951 bz#1575539 bz#1575557 bz#1577051 bz#1580120 bz#1581184 bz#1581553 bz#1581647 bz#1582119 bz#1582129 bz#1582417 bz#1583047 bz#1588408 bz#1592666 bz#1594658 [3.12.2-12] - fixes bugs bz#1558989 bz#1580344 bz#1581057 bz#1581219 [3.12.2-11] - fixes bugs bz#1558989 bz#1575555 bz#1578647 [3.12.2-10] - fixes bugs bz#1488120 bz#1565577 bz#1568297 bz#1570586 bz#1572043 bz#1572075 bz#1575840 bz#1575877 [3.12.2-9] - fixes bugs bz#1546717 bz#1557551 bz#1558948 bz#1561999 bz#1563804 bz#1565015 bz#1565119 bz#1565399 bz#1565577 bz#1567100 bz#1567899 bz#1568374 bz#1568969 bz#1569490 bz#1570514 bz#1570541 bz#1570582 bz#1571645 bz#1572087 bz#1572585 bz#1575895 [3.12.2-8] - fixes bugs bz#1466129 bz#1475779 bz#1523216 bz#1535281 bz#1546941 bz#1550315 bz#1550991 bz#1553677 bz#1554291 bz#1559452 bz#1560955 bz#1562744 bz#1563692 bz#1565962 bz#1567110 bz#1569457 [3.12.2-7] - fixes bugs bz#958062 bz#1186664 bz#1226874 bz#1446046 bz#1529451 bz#1550315 bz#1557365 bz#1559884 bz#1561733 [3.12.2-6] - fixes bugs bz#1491785 bz#1518710 bz#1523599 bz#1528733 bz#1550474 bz#1550982 bz#1551186 bz#1552360 bz#1552414 bz#1552425 bz#1554255 bz#1554905 bz#1555261 bz#1556895 bz#1557297 bz#1559084 bz#1559788 [3.12.2-5] - fixes bugs bz#1378371 bz#1384983 bz#1472445 bz#1493085 bz#1508999 bz#1516638 bz#1518260 bz#1529072 bz#1530519 bz#1537357 bz#1540908 bz#1541122 bz#1541932 bz#1543068 bz#1544382 bz#1544852 bz#1545570 bz#1546075 bz#1546945 bz#1546960 bz#1547012 bz#1549497 [3.12.2-4] - fixes bugs bz#1446125 bz#1467536 bz#1530146 bz#1540600 bz#1540664 bz#1540961 bz#1541830 bz#1543296 [3.12.2-3] - fixes bugs bz#1446125 bz#1463592 bz#1516249 bz#1517463 bz#1527309 bz#1530325 bz#1531041 bz#1539699 bz#1540011 [3.12.2-2] - fixes bugs bz#1264911 bz#1277924 bz#1286820 bz#1360331 bz#1401969 bz#1410719 bz#1419438 bz#1426042 bz#1444820 bz#1459101 bz#1464150 bz#1464350 bz#1466122 bz#1466129 bz#1467903 bz#1468972 bz#1476876 bz#1484446 bz#1492591 bz#1498391 bz#1498730 bz#1499865 bz#1500704 bz#1501345 bz#1505570 bz#1507361 bz#1507394 bz#1509102 bz#1509191 bz#1509810 bz#1509833 bz#1511766 bz#1512470 bz#1512496 bz#1512963 bz#1515051 bz#1519076 bz#1519740 bz#1534253 bz#1534530 [3.12.2-1] - rebase to upstream glusterfs at v3.12.2 - fixes bugs bz#1442983 bz#1474745 bz#1503244 bz#1505363 bz#1509102 MODERATE Copyright 2018 Oracle, Inc. CVE-2018-10911 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 Oracle Linux 6 [3.36.0-9.0.1] - Added nss-vendor.patch to change vendor - Temporarily disable some tests until expired PayPalEE.cert is renewed [3.36.0-9] - Backport upstream fix for CVE-2018-12384 - Remove nss-lockcert-api-change.patch, which turned out to be a mistake (the symbol was not exported from libnss) MODERATE Copyright 2018 Oracle, Inc. CVE-2018-12384 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 Oracle Linux 7 [3.4.0-4] - Add missing Requires for perl(XSLoader) and perl(ExtUtils::MakeMaker), - which are no longer auto-generated due to a (expected) change in rpm-build - Related: rhbz#1632998 [3.4.0-3] - Fix CVE-2018-11781 - Local user code injection in the meta rule syntax - Fix CVE-2017-15705 - Certain unclosed tags in crafted emails allow for - scan timeouts and resulting denial of service - Resolves: rhbz#1632998 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-15705 CVE-2018-11781 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [9.07-29.el7_5.2] - Fix MediaPosition, ManualFeed and MediaType with pxl devices (bug #1629842) [9.07-29.el7_5.1] - Added security fixes for: - CVE-2018-16509 (bug #1621156) - CVE-2018-15910 (bug #1621157) - CVE-2018-16542 (bug #1621380) [9.07-29] - Fix rare Segmentation fault when converting PDF to PNG (bug #1473337) - Raise the default VMThreshold from 1Mb to 8Mb (bug #1479852) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-15910 CVE-2018-10194 CVE-2018-16509 CVE-2018-16542 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [0:7.0.76-8] - Resolves: rhbz#1608608 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1336 cpe:/a:oracle:linux:7:6:patch cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [1:1.8.0.191.b12-0] - Update to aarch64-shenandoah-jdk8u191-b12. - Resolves: rhbz#1633817 [1:1.8.0.191.b10-0] - Update to aarch64-shenandoah-jdk8u191-b10. - Drop 8146115/PR3508/RH1463098 applied upstream. - Resolves: rhbz#1633817 [1:1.8.0.181.b16-0] - Add new Shenandoah patch PR3634 as upstream still fails on s390. - Resolves: rhbz#1633817 [1:1.8.0.181.b16-0] - Update to aarch64-shenandoah-jdk8u181-b16. - Drop PR3619 & PR3620 Shenandoah patches which should now be fixed upstream. - Resolves: rhbz#1633817 [1:1.8.0.181.b15-0] - Move to single OpenJDK tarball build, based on aarch64/shenandoah-jdk8u. - Update to aarch64-shenandoah-jdk8u181-b15. - Drop 8165489-pr3589.patch which was only applied to aarch64/jdk8u builds. - Move buildver to where it should be in the OpenJDK version. - Split ppc64 Shenandoah fix into separate patch file with its own bug ID (PR3620). - Update pr3539-rh1548475.patch to apply after 8187045. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Remove unneeded functions from ppc shenandoahBarrierSet. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Add missing shenandoahBarrierSet implementation for ppc64{be,le}. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Fix wrong format specifiers in Shenandoah code. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Avoid changing variable types to fix size_t, at least for now. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - More size_t fixes for Shenandoah. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Add additional s390 size_t case for Shenandoah. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Actually add the patch... - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Attempt to fix Shenandoah build issues on s390. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Use the Shenandoah HotSpot on all architectures. - Resolves: rhbz#1633817 CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-3136 CVE-2018-3183 CVE-2018-3139 CVE-2018-3149 CVE-2018-3180 CVE-2018-3169 CVE-2018-3214 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [1:1.8.0.191.b12-0] - Update to aarch64-shenandoah-jdk8u191-b12. - Resolves: rhbz#1633817 [1:1.8.0.191.b10-0] - Update to aarch64-shenandoah-jdk8u191-b10. - Drop 8146115/PR3508/RH1463098 applied upstream. - Resolves: rhbz#1633817 [1:1.8.0.181.b16-0] - Add new Shenandoah patch PR3634 as upstream still fails on s390. - Resolves: rhbz#1633817 [1:1.8.0.181.b16-0] - Update to aarch64-shenandoah-jdk8u181-b16. - Drop PR3619 & PR3620 Shenandoah patches which should now be fixed upstream. - Drop Shenandoah signedness fix as it appears in the new upstream tarball. - Resolves: rhbz#1633817 [1:1.8.0.181.b15-0] - Move to single OpenJDK tarball build, based on aarch64/shenandoah-jdk8u. - Update to aarch64-shenandoah-jdk8u181-b15. - Drop 8165489-pr3589.patch which was only applied to aarch64/jdk8u builds. - Move buildver to where it should be in the OpenJDK version. - Split ppc64 Shenandoah fix into separate patch file with its own bug ID (PR3620). - Update pr3539-rh1548475.patch to apply after 8187045. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Fix signedness build failure in shenandoahHeapRegion.cpp (upstream patch from mvala) - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Remove unneeded functions from ppc shenandoahBarrierSet. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Add missing shenandoahBarrierSet implementation for ppc64{be,le}. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Fix wrong format specifiers in Shenandoah code. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Avoid changing variable types to fix size_t, at least for now. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - More size_t fixes for Shenandoah. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Add additional s390 size_t case for Shenandoah. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Actually add the patch... - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Attempt to fix Shenandoah build issues on s390. - Resolves: rhbz#1633817 [1:1.8.0.181-4.b13] - Use the Shenandoah HotSpot on all architectures (aarch64-shenandoah-jdk8u181-b13). - Resolves: rhbz#1633817 CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-3149 CVE-2018-3180 CVE-2018-3139 CVE-2018-3169 CVE-2018-3183 CVE-2018-3214 CVE-2018-3136 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [60.3.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-12392 CVE-2018-12393 CVE-2018-12396 CVE-2018-12397 CVE-2018-12390 CVE-2018-12389 CVE-2018-12395 cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [60.3.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [60.3.0-1] - Update to 60.3.0 ESR [60.2.2-2] - Added patch for rhbz#1633932 [60.2.2-1] - Update to 60.2.2 ESR [60.2.1-1] - Update to 60.2.1 ESR [60.2.0-1] - Update to 60.2.0 ESR [60.1.0-9] - Do not set user agent (rhbz#1608065) - GTK dialogs are localized now (rhbz#1619373) - JNLP association works again (rhbz#1607457) [60.1.0-8] - Fixed homepage and bookmarks (rhbz#1606778) - Fixed missing file associations in RHEL6 (rhbz#1613565) [60.1.0-7] - Run at-spi-bus if not running already (for the bundled gtk3) [60.1.0-6] - Fix for missing schemes for bundled gtk3 [60.1.0-5] - Added mesa-libEGL dependency to gtk3/rhel6 [60.1.0-4] - Disabled jemalloc on all second arches [60.1.0-3] - Updated to 60.1.0 ESR build2 [60.1.0-2] - Disabled jemalloc on second arches [60.1.0-1] - Updated to 60.1.0 ESR [60.0-12] - Fixing bundled libffi issues - Readded some requirements [60.0-10] - Added fix for mozilla BZ#1436242 - IPC crashes. [60.0-9] - Bundling libffi for the sec-arches - Added openssl-devel for the Python - Fixing bundled gtk3 [60.0-8] - Added fix for mozilla BZ#1458492 [60.0-7] - Added patch from rhbz#1498561 to fix ppc64(le) crashes. [60.0-6] - Disabled jemalloc on second arches [60.0-4] - Update to 60.0 ESR CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12395 CVE-2018-12386 CVE-2018-12396 CVE-2018-12397 CVE-2017-16541 CVE-2018-12376 CVE-2018-12393 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12387 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [2.27-34.base.0.1] - Backport of upstream commit a5def14f1ca70e14d9433cb229c9369fa3051598 Add a test for R_386_GOT32/R_386_GOT32X IFUNC reloc error [Orabug 27930573] [2.27-34.base] - Fix seg-fault parsing corrupt AOUT format files. (#1579799) - Fix seg-fault parsing corrupt DWARF2 debug information. (#1579802) - Fix seg-fault parsing corrupt ELF format files. (#1579801) [2.27-33.base] - Fix seg-fault parsing ELF files. (#1578979) - Fix seg-fault parsing DWARF-2 information. (#1579065) - Fix seg-fault parsing DWARF-2 information. (#1579051) - Fix seg-fault parsing a PE format file. (#1579019) [2.27-32.base] - Fix seg-fault parsing DWARF-1 information. (#1569580) - Fix seg-fault parsing DWARF-2 information. (#1569891) - Fix seg-fault parsing COFF files. (#1571917) [2.27-31.base] - Allow 'lea foo@GOT, %reg' in PIC mode on the x86. (#1573872) [2.27-30.base] - Version bump in order to allow a rebuild, in order to work around a transient problem with the compose database. [2.27-29.base] - Add support for the GLOBALAUDIT dynamic linker tag. (#1439351) LOW Copyright 2018 Oracle, Inc. CVE-2018-10373 CVE-2018-7568 CVE-2018-7569 CVE-2018-7642 CVE-2018-10535 CVE-2018-13033 CVE-2018-10534 CVE-2018-8945 CVE-2018-7208 CVE-2018-10372 CVE-2018-7643 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ol7 cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 Oracle Linux 7 [2.7.5-76.0.1] - Add Oracle Linux distribution in platform.py [orabug 20812544] [2.7.5-76] - Remove an unversioned obsoletes tag Resolves: rhbz#1627059 [2.7.5-75] - Provide the /usr/libexec/platform-python symlink to the main binary Resolves: rhbz#1599159 [2.7.5-74] - Fix OSERROR 17 due to _multiprocessing/semaphore.c assuming a one-to-one Pid -> process mapping Resolves: rhbz#1579432 [2.7.5-73] - Remove 3DS cipher to mitigate CVE-2016-2183 (sweet32). Resolves: rhbz#1581901 [2.7.5-72] - Fix CVE-2018-1060 and CVE-2018-1061 Resolves: rhbz#1563454 and rhbz#1549192 - Provide python2-libs from the python-libs subpackage Resolves: rhbz#1557460 [2.7.5-71] - Limit the number of CPU cores when building the package on power architectures Resolves: rhbz#1568974 [2.7.5-70] - Do not send IP addresses in SNI TLS extension Resolves: rhbz#1555314 MODERATE Copyright 2018 Oracle, Inc. CVE-2018-1060 CVE-2018-1061 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 Oracle Linux 7 [3.3.29-8.0.1] - Include ECDSA KAT into selftests for FIPS140-2 compliance [Orabug 27484156] [3.3.29-8] - Backported --sni-hostname option which allows overriding the hostname advertised to the peer (#1444792) - Improved counter-measures in TLS CBC record padding for lucky13 attack (CVE-2018-10844, #1589704, CVE-2018-10845, #1589707) - Added counter-measures for 'Just in Time' PRIME + PROBE cache-based attack (CVE-2018-10846, #1589708) - Address p11tool issue in object deletion in batch mode (#1375307) - Backport PKCS#11 tests from master branch. Some tests were disabled due to unsupported features in 3.3.x (--load-pubkey and --test-sign options, ECC key generation without login, and certificates do not inherit ID from the private key) - p11tool explicitly marks certificates and public keys as NOT private objects and private keys as private objects - Enlarge buffer size to support resumption with large keys (#1542461) - Legacy HMAC-SHA384 cipher suites were disabled by default - Added DSA key generation to p11tool (#1464896) - Address session renegotiation issue using client certificate (#1434091) - Address issue when importing private keys into Atos HSM (#1460125) MODERATE Copyright 2018 Oracle, Inc. CVE-2018-10846 CVE-2018-10844 CVE-2018-10845 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 Oracle Linux 7 [1.14-18] - Fix CVE-2018-0494 (#1576106) [1.14-17] - Fix segfault when Digest Authentication header is missing 'qop' part (#1545310) [1.14-16] - Fixed various security flaws (CVE-2017-13089, CVE-2017-13090) MODERATE Copyright 2018 Oracle, Inc. CVE-2018-0494 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:6:base Oracle Linux 7 [4.8.3-4] - resolves: #1614132 - Fix delete-on-close after smb2_find - resolves: #1614265 - Fix CVE-2018-1139 - resolves: #1614269 - Fix CVE-2018-10858 [4.8.3-3] - resolves: #1581016 - Add smbclient quiet argument [4.8.3-2] - related: #1538743 - Fix local user account lookup with winbind [4.8.3-1] - related: #1558560 - Rebase to Samba version 4.8.3 - resolves: #1579398 - Add winbind localauth krb5 plugin [4.8.2-2] - resolves: #1540457 - Fixed support for authenticaton on on way trusts [4.8.2-1] - related: #1558560 - Rebase to newer Samba version [4.8.1-4] - resolves: #1582541 - Fix anonymous auth with SMB2/3 [4.8.1-3] - resolves: #1575205 - Fix segfault when updating DNS with 'net ads join' - resolves: #1525511 - Fix idmap_rid dependency on trusted domain list [4.8.1-2] - resolves: #1538743 - Fix UPN handling in winbind [4.8.1-1] - related: #1558560 - Rebase to newer Samba version - resolves: #1567896 - Fix possible crash if secrets db is emtpy - resolves: #1570020 - Fix a crash in smbd when dfsgetinfo is called [4.8.0-1] - resolves: #1558560 - Rebase to newer Samba version - resolves: #1558943 - Fix winbind requests getting stuck on a child - resolves: #1532618 - Fix segfault with NT1 connections in smbd MODERATE Copyright 2018 Oracle, Inc. CVE-2018-1139 CVE-2018-10858 CVE-2018-1050 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ol7 cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 Oracle Linux 7 freeglut [3.0.0-8] - HTTPS URLs - Pin soname to libglut.so.3 in the %files glob [3.0.0-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [3.0.0-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [3.0.0-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [3.0.0-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [3.0.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [3.0.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [3.0.0-1] - New upstream version [2.8.1-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [2.8.1-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild libX11 [1.6.5-2] - Rebuild to pick up new xproto keysyms (#1600147) libXcursor [1.1.15-1] - libXcursor 1.1.15 libXfont [1.5.4-1] - libXfont 1.5.4. libXfont2 [2.0.3-1] - libXfont 2.0.3 libXres [1.2.0-1] - libXres 1.2.0 libdrm [2.4.91-3] - Add WHL, AML, etc PCI IDs [2.4.91-2] - libdrm 2.4.91 libepoxy [1.5.2-1] - epoxy 1.5.2 libglvnd [1.0.1-0.8.git5baa1e5] - rename fallback from fedora to system [1.0.1-0.7.git5baa1e5] - Add another fallback GLX library name [1.0.1-0.6.git5baa1e5] - Enable %check for all but ppc64 and s390x, which has known but low-impact failures - Simplify %release [1.0.1-0.5.20180327git5baa1e5] - Go back to Requires: mesa-*, the fallout is too great (#1568881 etc) [1:1.0.1-0.4.20180327git5baa1e5] - Update snapshot to 20180327 [1.0.1-0.3.20180226gitb029c24] - Use Recommends: mesa-* not Requires. - (Trivially) switch the build to python3 [1:1.0.1-0.2.20180226gitb029c24] - Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) [1:1.0.1-0.1.20180226gitb029c24] - Update snapshot to 20180226 - Update scriptlets libinput [1.10.7-2] - Correct the automake version number to 1.10.7 (#1564642) [1.10.7-1] - libinput 1.10.7 (#1564642) libwacom [0.30-1] - libwacom 0.30 (#1564606) libxcb [1.13-1] - libxcb 1.13 mesa [18.0.5-3] - rename fedora to system in glvnd fallback [18.0.5-2] - Fix timeout overflow warnings (backport from upstream + virgl) [18.0.5-1] - Mesa 18.0.5 [18.0.4-1.20180530] - rebase to 18.0.4 - backport shm put/get image for improved sw renderers (esp under qxl) [18.0.3-5.20180508] - Fix gl.pc when using glvnd - Fix subpackage dependencies for glvnd [18.0.3-2.20180508] - Use glvnd [18.0.3-1.20180508] - rebase to 18.0.3 mesa-demos [8.3.0-10] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [8.3.0-9] - New git snapshot [8.3.0-8] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [8.3.0-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [8.3.0-6] - Fix xdriinfo not working with libglvnd (rhbz#1429894) [8.3.0-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [8.3.0-4] - Rebuild for glew 2.0.0 [8.3.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [8.3.0-2] - Rebuild for glew 1.13 [8.3.0-1] - 8.3.0 [8.2.0-5] - New git snap - Add EGL/GLES buildreqs and egl-utils subpackage [8.2.0-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild tigervnc [1.8.0-13] - Add one remaining option to Xvnc manpage Resolves: bz#1601880 [1.8.0-12] - Add missing options to Xvnc manpage Resolves: bz#1601880 [1.8.0-11] - Properly kill session after user logs out Resolves: bz#1259757 [1.8.0-10] - Check endianness when constructing platform pixel buffer Resolves: bz#1613264 [1.8.0-9] - Use current server time for XUngrabPointer and XUngrabKeyboard Resolves: bz#1605325 [1.8.0-8] - Ignore fake focus events from XGrabKeyboard() Resolves: bz#1602855 [1.8.0-7] Properly support Xorg 1.20 Resolves: bz#1564061 [1.8.0-6] - Kill session after user logs out Resolves: bz#1259757 Build against Xorg 1.20 Resolves: bz#1564061 vulkan [1.1.73.0-1] - Update to 1.1.73.0 release - fixup spec for spirv-tools etc xcb-proto [1.13-1] - xcb-proto 1.13 [1.12-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [1.12-5] - Add a build-time dependency on python2-devel [1.12-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1.12-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild xkeyboard-config [2.24-1] - xkeyboard-config 2.24 (#1564615) - Revert the high-keycode patches to avoid conflicts with xkbcomp < 1.4 [2.23.1-1] - xkeyboard-config 2.23.1 (#1564615) xorg-x11-drv-ati [18.0.1-1] - ati 18.0.1 xorg-x11-drv-dummy [0.3.7-1.1] - Rebuild for xserver 1.20 xorg-x11-drv-evdev [2.10.6-1] - evdev 2.10.6 (#1564618) xorg-x11-drv-fbdev [0.5.0-1] - fbdev 0.5.0 [0.4.3-25.1] - Rebuild for xserver 1.20 xorg-x11-drv-intel [2.99.917-28] - Today's git snapshot (commit 35947721) xorg-x11-drv-libinput [0.27.1-2] - Fix invalid-sized memset() in the draglock code [0.27.1-1] - libinput 0.27.1 (#1564643) xorg-x11-drv-mouse [1.9.2-2] - Avoid use of xf86GetOS (#1592607) xorg-x11-drv-nouveau [1.0.15-1] - nouveau 1.0.15 [1:1.0.13-3.1] - Rebuild for xserver 1.20 xorg-x11-drv-openchrome [0.5.0-3.1] - Rebuild for xserver 1.20 xorg-x11-drv-qxl [0.1.5-4.1] - Rebuild for xserver 1.20 [0.1.5-4] - Fix crash when multiple QXL devices are in use Resolves: rhbz#1428340 xorg-x11-drv-synaptics [1.9.0-2] - Fix infinite log spam in case of read errors (#1564624). xorg-x11-drv-v4l [0.2.0-49] - Remove call to LoaderGetOS - Patch wasn't applied (#1601960) [0.2.0-48] - Remove call to LoaderGetOS (#1601960) xorg-x11-drv-vesa [2.4.0-1] - vesa 2.4.0 [2.3.2-25.1.1] - Rebuild for xserver 1.20 xorg-x11-drv-vmmouse [13.1.0-1.1] - Rebuild for xserver 1.20 xorg-x11-drv-vmware [13.2.1-1.1] - Rebuild for xserver 1.20 xorg-x11-drv-void [1.4.1-2.1] - Rebuild for xserver 1.20 xorg-x11-drv-wacom [0.36.1-1] - wacom 0.36.1 (#1564630) xorg-x11-font-utils [1:7.5-21] - Rebase to F28 (#1564630) xorg-x11-proto-devel [2018.4-1] - xorgproto 2018.4 [2018.3-1] - xorgproto 2018.3 [2018.2-1] - xorgproto 2018.2 [2018.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [2018.1-1] - Switch to merged protocol headers - Drop evie headers - Pre-F18 changelog trim [7.7-24] - Drop bootstrap hack (that had been enabled for like nine years anyway) - Use https URLs [7.7-23] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [7.7-22] - Add xproto patches from upstream adding XF86Keyboard and XF86RFKill keysyms [7.7-21] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild xorg-x11-server [1.20.1-3] - Try harder to come up with an initial spanning configuration [1.20.1-2] - Make platform device probe a bit less fragile - Disable glamor on llvmpipe [1.20.1-1] - xserver 1.20.1 - Enable backing store's Always mode [1.20.0-2] - Fix glx vendor hash table key size - Fix memory corruption during PanoramiX setup (#1601742) [1.20.0-1] - Fix 16bpp with modesetting driver [1.20.0-0.3] - Add patches for bz1591978 [1.20.0-0.2] - Add patches for bz1585252 [1.20.0-0.1] - Initial 1.20 rebuild xorg-x11-utils [7.5-23] - xlsclients 1.1.4 - xlsfonts 1.0.6 - xprop 1.2.3 - HTTPS URLs xorg-x11-xkb-utils [7.7-14] - xkbcomp 1.4.2 (#1564634) [7.7-13] - Sync with F28 (#1564634) - setxkbmap 1.3.1 - xkbcomp 1.4.1 - xkbevd 1.1.4 - xkbprint 1.0.4 LOW Copyright 2018 Oracle, Inc. CVE-2015-9262 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:linux:7::beta cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ol7 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ol7 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ol7 Oracle Linux 7 [4.10.5-5] - Resolves: #1557171, #1557189, #1558954 use the system LibRaw MODERATE Copyright 2018 Oracle, Inc. CVE-2018-5802 CVE-2018-5800 CVE-2018-5801 CVE-2018-5805 CVE-2018-5806 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:6:base Oracle Linux 7 [1.15.1-34] - In FIPS mode, add plaintext fallback for RC4 usages and taint - Resolves: #1570600 [1.15.1-33] - Use SHA-256 instead of MD5 for audit ticket IDs - Resolves: #1570600 [1.15.1-32] - Include preauth name in trace output if possible - Update cert generation scripts to work on modern openssl - Fix per-request preauth scoping - Add test case for PKINIT DH renegotiation - Echo KDC cookies in preauth tryagain - Fall back to other preauth mechanisms after failures - Resolves: #1540130 [1.15.1-31] - Add German translation - Resolves: #1497301 [1.15.1-30] - Add default pkinit_anchors value to krb5.conf - Resolves: #1508081 [1.15.1-29] - Process profile includedir in sorted order - Also, ignore dotfiles in included directories - Resolves: #1539824 [1.15.1-28] - Exit with status 0 from kadmind - Resolves: #1373909 [1.15.1-27] - Continue after KRB5_CC_END in KCM cache iteration - Resolves: #1563166 [1.15.1-26] - Merge duplicate subsections in profile library - Resolves: #1519625 [1.15.1-25] - Fix service dependencies on network state - Resolves: #1525232 [1.15.1-24] - Explicitly use openssl rather than builtin crypto - Resolves: #1570600 [1.15.1-23] - Fix flaws in LDAP DN checking (CVE-2018-5729, CVE-2018-5730) - Resolves: #1562684 - Resolves: #1562679 [1.15.1-22] - Fix segfault in finish_dispatch() - Resolves: #1568970 [1.15.1-21] - Unparse SANs with NO_REALM - Resolves: #1482457 [1.15.1-20] - Fix hex conversion of PKINIT certid strings - Resolves: #1538491 LOW Copyright 2018 Oracle, Inc. CVE-2018-5729 CVE-2018-5730 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 Oracle Linux 7 [5.0.2-31] - fix defects detected by Coverity related to CVE-2017-18206 and CVE-2018-1083 [5.0.2-30] - fix stack-based buffer overflow in utils.c:checkmailpath() (CVE-2018-1100) - fix stack-based buffer overflow in gen_matches_files() (CVE-2018-1083) - fix stack-based buffer overflow in exec.c:hashcmd() (CVE-2018-1071) - avoid crash when copying empty hash table (CVE-2018-7549) - fix buffer overrun in xsymlinks (CVE-2017-18206) - fix NULL dereference in cd (CVE-2017-18205) - fix buffer overflow when scanning very long path for symlinks (CVE-2014-10072) - fix buffer overflow for very long fds in >& fd syntax (CVE-2014-10071) [5.0.2-29] - fix crash while inputting long multi-line strings (#1492595) MODERATE Copyright 2018 Oracle, Inc. CVE-2017-18206 CVE-2018-1083 CVE-2018-1100 CVE-2014-10071 CVE-2017-18205 CVE-2018-1071 CVE-2018-7549 CVE-2014-10072 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [3.10.0-957] - [mm] mlock: avoid increase mm->locked_vm on mlock() when already mlock2(, MLOCK_ONFAULT) (Rafael Aquini) [1633059] [3.10.0-956] - [block] blk-mq: fix hctx debugfs entry related race between update hw queues and cpu hotplug (Ming Lei) [1619988] - [nvme] nvme-pci: unquiesce dead controller queues (Ming Lei) [1632424] [3.10.0-955] - [netdrv] net/mlx5e: IPoIB, Set the netdevice sw mtu in ipoib enhanced flow (Alaa Hleihel) [1633652] - [netdrv] net/mlx5e: Fix traffic between VF and representor (Alaa Hleihel) [1633652] - [mm] vmscan: do not loop on too_many_isolated for ever (Waiman Long) [1632050] [3.10.0-954] - [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625991] {CVE-2018-14634} - [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625991] {CVE-2018-14634} - [kernel] revert 'sched/topology: Introduce NUMA identity node sched domain' (Gustavo Duarte) [1620031] - [powerpc] revert 'powernv: Add a virtual irqchip for opal events' (Gustavo Duarte) [1617966] - [powerpc] revert 'powernv: Reorder OPAL subsystem initialisation' (Gustavo Duarte) [1617966] - [char] revert 'ipmi/powernv: Convert to irq event interface' (Gustavo Duarte) [1617966] - [tty] revert 'hvc: Convert to using interrupts instead of opal events' (Gustavo Duarte) [1617966] - [powerpc] revert 'powernv/eeh: Update the EEH code to use the opal irq domain' (Gustavo Duarte) [1617966] - [powerpc] revert 'powernv/opal: Convert opal message events to opal irq domain' (Gustavo Duarte) [1617966] - [powerpc] revert 'powernv/elog: Convert elog to opal irq domain' (Gustavo Duarte) [1617966] - [powerpc] revert 'powernv/opal-dump: Convert to irq domain' (Gustavo Duarte) [1617966] - [powerpc] revert 'opal: Remove events notifier' (Gustavo Duarte) [1617966] - [powerpc] revert 'powernv: Increase opal-irqchip initcall priority' (Gustavo Duarte) [1617966] - [powerpc] revert 'opal-irqchip: Fix double endian conversion' (Gustavo Duarte) [1617966] - [powerpc] revert 'opal-irqchip: Fix deadlock introduced by 'Fix double endian conversion'' (Gustavo Duarte) [1617966] - [sound] alsa: hda/realtek - two more lenovo models need fixup of MIC_LOCATION (Jaroslav Kysela) [1611958] - [sound] alsa: hda/realtek - Fix the problem of two front mics on more machines (Jaroslav Kysela) [1611958] - [sound] alsa: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs (Jaroslav Kysela) [1611958] [3.10.0-953] - [cdrom] information leak in cdrom_ioctl_media_changed() (Sanskriti Sharma) [1578207] {CVE-2018-10940} - [mm] mlock: remove lru_add_drain_all() (Oleksandr Natalenko) [1624765] - [block] blk-mq: fix race between updating nr_hw_queues and switching io sched (Ming Lei) [1619988] - [block] blk-mq: avoid to map CPU into stale hw queue (Ming Lei) [1619988] - [block] blk-mq: fix sysfs inflight counter (Ming Lei) [1548261] - [block] blk-mq: count allocated but not started requests in iostats inflight (Ming Lei) [1548261] - [block] fix a crash caused by wrong API (Ming Lei) [1548261] - [block] blk-mq: enable checking two part inflight counts at the same time (Ming Lei) [1548261] - [block] blk-mq: provide internal in-flight variant (Ming Lei) [1548261] - [block] make part_in_flight() take an array of two ints (Ming Lei) [1548261] - [block] pass in queue to inflight accounting (Ming Lei) [1548261] - [x86] Mark Intel Cascade Lake supported (Steve Best) [1584343] [3.10.0-952] - [netdrv] mlx5e: IPoIB, Use priv stats in completion rx flow (Alaa Hleihel) [1618609] - [netdrv] mlx5e: IPoIB, Add ndo stats support for IPoIB child devices (Alaa Hleihel) [1618609] - [netdrv] mlx5e: IPoIB, Add ndo stats support for IPoIB netdevices (Alaa Hleihel) [1618609] - [netdrv] mlx5e: IPoIB, Initialize max_opened_tc in mlx5i_init flow (Alaa Hleihel) [1618609] - [netdrv] mlx5e: Present SW stats when state is not opened (Alaa Hleihel) [1618609] - [netdrv] mlx5e: Avoid reset netdev stats on configuration changes (Alaa Hleihel) [1618609] - [netdrv] mlx5e: Use bool as return type for mlx5e_xdp_handle (Alaa Hleihel) [1618609] - [netdrv] net: aquantia: memory corruption on jumbo frames (Igor Russkikh) [1628238] - [kernel] revert 'platform/uv: Add adjustable set memory block size function' (Baoquan He) [1625143] - [x86] revert 'mm: probe memory block size for generic x86 64bit' (Baoquan He) [1625143] - [x86] revert 'mm: Use 2GB memory block size on large-memory x86-64 systems' (Baoquan He) [1625143] - [x86] revert 'mm: Streamline and restore probe_memory_block_size()' (Baoquan He) [1625143] - [x86] revert 'mm/memory_hotplug: determine block size based on the end of boot memory' (Baoquan He) [1625143] - [mm] revert 'memory_hotplug: do not fail offlining too early' (Baoquan He) [1625143] - [mm] revert 'memory_hotplug: remove timeout from __offline_memory' (Baoquan He) [1625143] - [kernel] revert 'x86/platform/uv: Add adjustable set memory block size function' (Baoquan He) [1625143] [3.10.0-951] - [fs] fanotify: fix logic of events on child (Miklos Szeredi) [1597738] - [fs] cifs: add a check for session expiry (Leif Sahlberg) [1626358] - [fs] xfs: completely disable per-inode DAX behavior (Eric Sandeen) [1623150] - [fs] fs: get_rock_ridge_filename(): handle malformed NM entries (Bill O'Donnell) [1340778] {CVE-2016-4913} - [md] fix 'allow faster resync only on non-rotational media' underneath dm (Nigel Croxon) [1561162] - [md] Revert 'allow faster resync only on non-rotational media' (Nigel Croxon) [1561162] - [mm] madvise: fix madvise() infinite loop under special circumstances (Rafael Aquini) [1552982] {CVE-2017-18208} - [infiniband] srpt: Support HCAs with more than two ports (Don Dutile) [1616192] - [infiniband] overflow.h: Add allocation size calculation helpers (Don Dutile) [1616192] - [net] ip_tunnel: clean the GSO bits properly (Flavio Leitner) [1607907] - [kernel] revert cpuset: fix a warning when clearing configured masks in old hierarchy (Aristeu Rozanski) [1626943] - [s390] sclp: Change SCLP console default buffer-full behavior (Hendrik Brueckner) [1625350] - [x86] kvm: Take out __exit annotation in vmx_exit() (Waiman Long) [1626560] - [x86] mark coffeelake-s 8+2 as supported (David Arcari) [1575457] - [x86] kvm: vmx: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1619602] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1619602] [3.10.0-950] - [kernel] posix-timer: Properly check sigevent->sigev_notify (Phil Auld) [1613711] {CVE-2017-18344} - [sound] alsa: rawmidi: Change resized buffers atomically (Denys Vlasenko) [1593087] {CVE-2018-10902} - [fs] Fix up non-directory creation in SGID directories (Miklos Szeredi) [1600953] {CVE-2018-13405} - [fs] pnfs: Layoutreturn must free the layout after the layout-private data (Scott Mayhew) [1625517] - [fs] sunrpc: Ensure we always close the socket after a connection shuts down (Steve Dickson) [1614950] - [fs] xfs: remove filestream item xfs_inode reference (Brian Foster) [1518623] - [mm] set IORESOURCE_SYSTEM_RAM to system RAM to fix memory hot-add failure (Larry Woodman) [1628349] - [firmware] efivars: Protect DataSize and Data in efivar_entry.var (Lenny Szubowicz) [1597868] [3.10.0-949] - [scsi] libsas: fix memory leak in sas_smp_get_phy_events() (Tomas Henzl) [1558582] {CVE-2018-7757} - [vhost] fix info leak due to uninitialized memory (Jason Wang) [1573705] {CVE-2018-1118} - [pci] Fix calculation of bridge window's size and alignment (Myron Stowe) [1623800] - [md] dm thin metadata: try to avoid ever aborting transactions (Mike Snitzer) [1614151] - [crypto] api: fix finding algorithm currently being tested (Herbert Xu) [1618701] - [sound] alsa: hda/realtek: Fix HP Headset Mic can't record (Jaroslav Kysela) [1622721] - [sound] alsa: hda/realtek - Fixup for HP x360 laptops with B&O speakers (Jaroslav Kysela) [1622721] - [sound] alsa: hda/realtek - Fixup mute led on HP Spectre x360 (Jaroslav Kysela) [1622721] - [target] scsi: tcmu: use u64 for dev_size (Xiubo Li) [1603363] - [target] scsi: tcmu: use match_int for dev params (Xiubo Li) [1603363] - [target] scsi: tcmu: do not set max_blocks if data_bitmap has been setup (Xiubo Li) [1603363] - [target] scsi: tcmu: unmap if dev is configured (Xiubo Li) [1603363] - [target] scsi: tcmu: check if dev is configured before block/reset (Xiubo Li) [1603363] - [target] scsi: tcmu: use lio core se_device configuration helper (Xiubo Li) [1603363] - [target] scsi: target: add helper to check if dev is configured (Xiubo Li) [1603363] - [target] scsi: tcmu: initialize list head (Xiubo Li) [1603363] - [target] scsi: target_core_user: fix double unlock (Xiubo Li) [1603363] - [s390] arch: Set IORESOURCE_SYSTEM_RAM flag for resources (Gary Hook) [1627889] - [x86] efi-bgrt: Switch all pr_err() to pr_notice() for invalid BGRT (Lenny Szubowicz) [1464241] - [x86] efi/bgrt: Don't ignore the BGRT if the 'valid' bit is 0 (Lenny Szubowicz) [1464241] - [x86] efi: Preface all print statements with efi* tag (Lenny Szubowicz) [1464241] - [x86] efi-bgrt: Switch pr_err() to pr_debug() for invalid BGRT (Lenny Szubowicz) [1464241] - [x86] efi-bgrt: Add error handling; inform the user when ignoring the BGRT (Lenny Szubowicz) [1464241] - [x86] efi: Check status field to validate BGRT header (Lenny Szubowicz) [1464241] [3.10.0-948] - [gpu] drm/nouveau/drm/nouveau: Don't forget to cancel hpd_work on suspend/unload (Lyude Paul) [1597881 1571927] - [gpu] drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early (Lyude Paul) [1597881 1571927] - [gpu] drm/nouveau: Fix deadlocks in nouveau_connector_detect() (Lyude Paul) [1597881 1571927] - [gpu] drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() (Lyude Paul) [1597881 1571927] - [gpu] drm/nouveau/drm/nouveau: Fix deadlock with fb_helper with async RPM requests (Lyude Paul) [1597881 1571927] - [gpu] drm/nouveau: Remove duplicate poll_enable() in pmops_runtime_suspend() (Lyude Paul) [1597881 1571927] - [gpu] drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement (Lyude Paul) [1597881 1571927] - [gpu] drm/nouveau: Reset MST branching unit before enabling (Lyude Paul) [1597881 1571927] - [gpu] drm/nouveau: Only write DP_MSTM_CTRL when needed (Lyude Paul) [1597881 1571927] - [gpu] drm/nouveau/kms/nv50-: ensure window updates are submitted when flushing mst disables (Lyude Paul) [1597881 1571927] - [vfio] vfio-pci: Disable binding to PFs with SR-IOV enabled (Alex Williamson) [1583487] - [mm] partially revert: remove per-zone hashtable of bitlock waitqueues (Jeff Moyer) [1623980] - [security] selinux: mark unsupported policy capabilities as reserved (Paul Moore) [1600850] - [x86] intel_rdt: Fix MBA resource initialization (Prarit Bhargava) [1610239] [3.10.0-947] - [net] ip: process in-order fragments efficiently (Sabrina Dubroca) [1613924] {CVE-2018-5391} - [net] ipv6: defrag: drop non-last frags smaller than min mtu (Sabrina Dubroca) [1613924] {CVE-2018-5391} - [net] ip: use rb trees for IP frag queue (Sabrina Dubroca) [1613924] {CVE-2018-5391} - [net] revert ipv4: use skb coalescing in defragmentation (Sabrina Dubroca) [1613924] {CVE-2018-5391} - [net] modify skb_rbtree_purge to return the truesize of all purged skbs (Sabrina Dubroca) [1613924] {CVE-2018-5391} - [net] ip: discard IPv4 datagrams with overlapping segments (Sabrina Dubroca) [1613924] {CVE-2018-5391} - [net] speed up skb_rbtree_purge() (Sabrina Dubroca) [1613924] {CVE-2018-5391} - [net] avoid skb_warn_bad_offload on IS_ERR (Andrea Claudi) [1624702] - [net] ipv4: fix incorrectly registered callback for sysctl_fib_multipath_hash_policy (Ivan Vecera) [1624356] - [net] ipset: list:set: Decrease refcount synchronously on deletion and replace (Stefano Brivio) [1593732] - [netdrv] cfg80211: let's wmm_rule be part of reg_rule structure (Stanislaw Gruszka) [1620108] - [netdrv] nl80211: Add wmm rule attribute to NL80211_CMD_GET_WIPHY dump command (Stanislaw Gruszka) [1620108] - [netdrv] iwlwifi: mvm: remove division by size of sizeof(struct ieee80211_wmm_rule) (Stanislaw Gruszka) [1620108] - [hv] vmbus: don't return values for uninitalized channels (Vitaly Kuznetsov) [1615500] - [md] dm raid: bump target version, update comments and documentation (Mike Snitzer) [1573988] - [md] dm raid: fix RAID leg rebuild errors (Mike Snitzer) [1573988] - [md] dm raid: fix rebuild of specific devices by updating superblock (Mike Snitzer) [1626094] - [md] dm raid: fix stripe adding reshape deadlock (Mike Snitzer) [1613039 1514539] - [md] dm raid: fix reshape race on small devices (Mike Snitzer) [1573988 1586123] - [acpi] acpica: reference counts: increase max to 0x4000 for large servers (Frank Ramsay) [1618758] - [gpu] drm/i915/cfl: Add a new CFL PCI ID (Rob Clark) [1533336] - [gpu] drm/i915/aml: Introducing Amber Lake platform (Rob Clark) [1533336] - [gpu] drm/i915/whl: Introducing Whiskey Lake platform (Rob Clark) [1533336] - [gpu] drm/nouveau/kms/nv50-: allocate push buffers in vidmem on pascal (Ben Skeggs) [1584963] - [gpu] drm/nouveau/fb/gp100-: disable address remapper (Ben Skeggs) [1584963] - [mm] kernel error swap_info_get: Bad swap offset entry (Mikulas Patocka) [1622747] - [s390] detect etoken facility (Hendrik Brueckner) [1625349] - [s390] lib: use expoline for all bcr instructions (Hendrik Brueckner) [1625349] - [x86] spec_ctrl: Don't turn off IBRS on idle with enhanced IBRS (Waiman Long) [1614143] - [x86] speculation: Support Enhanced IBRS on future CPUs (Waiman Long) [1614143] [3.10.0-946] - [netdrv] qed: Add new TLV to request PF to update MAC in bulletin board (Harish Patil) [1460150] - [netdrv] qed: use trust mode to allow VF to override forced MAC (Harish Patil) [1460150] - [netdrv] hv_netvsc: Fix napi reschedule while receive completion is busy (Mohammed Gamal) [1614503] - [netdrv] hv_netvsc: remove unneeded netvsc_napi_complete_done() (Mohammed Gamal) [1614503] - [scsi] qedi: Add the CRC size within iSCSI NVM image (Chad Dupuis) [1611573] - [char] ipmi: Move BT capabilities detection to the detect call (Frank Ramsay) [1618778] - [x86] kvm: update master clock before computing kvmclock_offset (Marcelo Tosatti) [1594034] [3.10.0-945] - [samples] bpf: Additional changes (Jiri Olsa) [1619721] - [samples] bpf: Add v4.16 sources (Jiri Olsa) [1619721] - [tools] perf python: Fix pyrf_evlist__read_on_cpu() interface (Jiri Olsa) [1620774] - [tools] perf mmap: Store real cpu number in 'struct perf_mmap' (Jiri Olsa) [1620774] - [netdrv] cxgb4: update 1.20.8.0 as the latest firmware supported (Arjun Vynipadath) [1622551] - [netdrv] cxgb4: update latest firmware version supported (Arjun Vynipadath) [1622551] - [netdrv] mlx5e: Fix null pointer access when setting MTU of vport representor (Erez Alfasi) [1625195] - [netdrv] mlx5e: Support configurable MTU for vport representors (Erez Alfasi) [1625195] - [netdrv] mlx5e: Save MTU in channels params (Erez Alfasi) [1625195] - [netdrv] be2net: Fix memory leak in be_cmd_get_profile_config() (Petr Oros) [1625703] - [netdrv] virtio-net: set netdevice mtu correctly (Mohammed Gamal) [1610416] - [netdrv] i40e: Prevent deleting MAC address from VF when set by PF (Stefan Assmann) [1614161] - [netdrv] i40evf: cancel workqueue sync for adminq when a VF is removed (Stefan Assmann) [1615829] - [netdrv] i40e: Fix for Tx timeouts when interface is brought up if DCB is enabled (Stefan Assmann) [1616149] - [netdrv] i40e: fix condition of WARN_ONCE for stat strings (Stefan Assmann) [1609173] - [uio] Revert 'use request_threaded_irq instead' (Xiubo Li) [1560418] - [fs] seq_file: fix out-of-bounds read (Paolo Abeni) [1620002] - [md] RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (Nigel Croxon) [1530776] - [md] allow faster resync only on non-rotational media (Nigel Croxon) [1561162] - [nvdimm] libnvdimm: fix ars_status output length calculation (Jeff Moyer) [1616304] - [cpufreq] Fix possible circular locking dependency (Waiman Long) [1529668] - [mm] memcg: delay memcg id freeing (Aristeu Rozanski) [1607249] - [mm] mlock: fix mlock accounting (Rafael Aquini) [1610652] - [mm] page-writeback: check-before-clear PageReclaim (Rafael Aquini) [1588002] - [mm] migrate: check-before-clear PageSwapCache (Rafael Aquini) [1588002] - [mm] mempolicy: fix crashes from mbind() merging vmas (Rafael Aquini) [1588002] - [x86] apic: Future-proof the TSC_DEADLINE quirk for SKX (Steve Best) [1624090] [3.10.0-944] - [net] ipvs: Fix panic due to non-linear skb (Davide Caratti) [1623088] - [net] ipv4: remove BUG_ON() from fib_compute_spec_dst (Lorenzo Bianconi) [1496779] - [net] ipv6: fix cleanup ordering for ip6_mr failure (Xin Long) [1622218] - [net] ipv6: reorder icmpv6_init() and ip6_mr_init() (Xin Long) [1622218] - [x86] subject: x86/efi: Access EFI MMIO data as unencrypted when SEV is active (Gary Hook) [1361286] - [x86] boot: Fix boot failure when SMP MP-table is based at 0 (Gary Hook) [1361286] - [x86] resource: Fix resource_size.cocci warnings (Gary Hook) [1361286] - [x86] kvm: Clear encryption attribute when SEV is active (Gary Hook) [1361286] - [x86] kvm: Decrypt shared per-cpu variables when SEV is active (Gary Hook) [1361286] - [kernel] percpu: Introduce DEFINE_PER_CPU_DECRYPTED (Gary Hook) [1361286] - [x86] Add support for changing memory encryption attribute in early boot (Gary Hook) [1361286] - [x86] io: Unroll string I/O when SEV is active (Gary Hook) [1361286] - [x86] boot: Add early boot support when running with SEV active (Gary Hook) [1361286] - [x86] mm: Add DMA support for SEV memory encryption (Gary Hook) [1361286] - [x86] mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages (Gary Hook) [1361286] - [kernel] resource: Provide resource struct in resource walk callback (Gary Hook) [1361286] - [kernel] resource: Consolidate resource walking code (Gary Hook) [1361286] - [x86] efi: Access EFI data as encrypted when SEV is active (Gary Hook) [1361286] - [x86] mm: Include SEV for encryption memory attribute changes (Gary Hook) [1361286] - [x86] mm: Use encrypted access of boot related data with SEV (Gary Hook) [1361286] - [x86] mm: Add Secure Encrypted Virtualization (SEV) support (Gary Hook) [1361286] - [documentation] x86: Add AMD Secure Encrypted Virtualization (SEV) description (Gary Hook) [1361286] - [x86] mm: Remove unnecessary TLB flush for SME in-place encryption (Gary Hook) [1361286] - [x86] kexec: Remove walk_iomem_res() call with GART type (Gary Hook) [1361286] - [kernel] resource: Change walk_system_ram() to use System RAM type (Gary Hook) [1361286] - [kernel] kexec: Set IORESOURCE_SYSTEM_RAM for System RAM (Gary Hook) [1361286] - [x86] arch: Set IORESOURCE_SYSTEM_RAM flag for System RAM (Gary Hook) [1361286] - [x86] Set System RAM type and descriptor (Gary Hook) [1361286] - [kernel] resource: Handle resource flags properly (Gary Hook) [1361286] - [kernel] resource: Add System RAM resource type (Gary Hook) [1361286] [3.10.0-943] - [fs] timerfd: Protect the might cancel mechanism proper (Bill O'Donnell) [1485407] {CVE-2017-10661} - [fs] exec.c: Add missing 'audit_bprm()' call in 'exec_binprm()' (Bhupesh Sharma) [1496408] - [fs] gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated (Robert S Peterson) [1600142] - [fs] gfs2: improve debug information when lvb mismatches are found (Robert S Peterson) [1600142] - [fs] gfs2: fix memory leak in rgrp lvbs (Robert S Peterson) [1600142] - [fs] gfs2: cleanup: call gfs2_rgrp_ondisk2lvb from gfs2_rgrp_out (Robert S Peterson) [1600142] - [fs] gfs2: Fix MAGIC check in LVBs (Robert S Peterson) [1600142] - [fs] gfs2: Do not reset flags on active reservations (Robert S Peterson) [1600142] - [fs] cifs: Fix stack out-of-bounds in smb(2, 3)_create_lease_buf() (Leif Sahlberg) [1598755] - [fs] cifs: store the leaseKey in the fid on SMB2_open (Leif Sahlberg) [1598755] - [fs] nfsd: further refinement of content of /proc/fs/nfsd/versions (Steve Dickson) [1614603] - [fs] nfsd: fix configuration of supported minor versions (Steve Dickson) [1614603] - [fs] nfsd: Fix display of the version string (Steve Dickson) [1614603] - [fs] nfsd: correctly range-check v4.x minor version when setting versions (Steve Dickson) [1614603] - [fs] ext4: Close race between direct IO and ext4_break_layouts() (Eric Sandeen) [1616301] - [fs] xfs: Close race between direct IO and xfs_break_layouts() (Eric Sandeen) [1616301] - [fs] ext4: handle layout changes to pinned DAX mappings (Eric Sandeen) [1614153] - [fs] dax: dax_layout_busy_page() warn on !exceptional (Eric Sandeen) [1614153] - [gpu] makefile: bump drm backport version (Rob Clark) [1600569] - [gpu] drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() (Rob Clark) [1600569] - [gpu] amd/dc/dce100: On dce100, set clocks to 0 on suspend (Rob Clark) [1600569] - [gpu] drm/amdgpu: fix swapped emit_ib_size in vce3 (Rob Clark) [1600569] - [gpu] drm/amd/powerplay: correct vega12 thermal support as true (Rob Clark) [1600569] - [gpu] drm/atomic: Initialize variables in drm_atomic_helper_async_check() to make gcc happy (Rob Clark) [1600569] - [gpu] drm/atomic: Check old_plane_state->crtc in drm_atomic_helper_async_check() (Rob Clark) [1600569] - [gpu] drm/amdgpu: Avoid reclaim while holding locks taken in MMU notifier (Rob Clark) [1600569] - [gpu] drm/dp/mst: Fix off-by-one typo when dump payload table (Rob Clark) [1600569] - [gpu] drm/atomic-helper: Drop plane->fb references only for drm_atomic_helper_shutdown() (Rob Clark) [1600569] - [gpu] drm/gma500: fix psb_intel_lvds_mode_valid()'s return type (Rob Clark) [1600569] - [gpu] drm/atomic: Handling the case when setting old crtc for plane (Rob Clark) [1600569] - [gpu] drm/amd/display: Fix dim display on DCE11 (Rob Clark) [1600569] - [gpu] drm/amdgpu: Remove VRAM from shared bo domains (Rob Clark) [1600569] - [gpu] drm/radeon: fix mode_valid's return type (Rob Clark) [1600569] - [gpu] drm/amd/display: remove need of modeset flag for overlay planes (V2) (Rob Clark) [1600569] - [gpu] drm/amd/display: Do not program interrupt status on disabled crtc (Rob Clark) [1600569] - [gpu] drm/amd/powerplay: Set higher SCLK&MCLK frequency than dpm7 in OD (v2) (Rob Clark) [1600569] - [gpu] drm/i915/glk: Add Quirk for GLK NUC HDMI port issues (Rob Clark) [1600569] - [gpu] drm/nouveau: Set DRIVER_ATOMIC cap earlier to fix debugfs (Rob Clark) [1600569] - [gpu] drm/nouveau/drm/nouveau: Fix runtime PM leak in nv50_disp_atomic_commit() (Rob Clark) [1600569] - [gpu] drm/nouveau: Avoid looping through fake MST connectors (Rob Clark) [1600569] - [gpu] drm/nouveau: Use drm_connector_list_iter_* for iterating connectors (Rob Clark) [1600569] - [gpu] drm/nouveau: Remove bogus crtc check in pmops_runtime_idle (Rob Clark) [1600569] - [gpu] revert 'drm/amd/display: Don't return ddc result and read_bytes in same return value' (Rob Clark) [1600569] - [gpu] drm/i915: Fix hotplug irq ack on i965/g4x (Rob Clark) [1600569] - [gpu] drm/amdgpu: Reserve VM root shared fence slot for command submission (v3) (Rob Clark) [1600569] - [x86] unwind: Ensure stack grows down (Josh Poimboeuf) [1609717] [3.10.0-942] - [mm] fix devmem_is_allowed() for sub-page System RAM intersections (Joe Lawrence) [1524322] - [pci] Delay after FLR of Intel DC P3700 NVMe (Alex Williamson) [1592654] - [pci] Disable Samsung SM961/PM961 NVMe before FLR (Alex Williamson) [1542494] - [pci] Export pcie_has_flr() (Alex Williamson) [1592654 1542494] - [nvdimm] libnvdimm: Export max available extent (Jeff Moyer) [1611761] - [nvdimm] libnvdimm: Use max contiguous area for namespace size (Jeff Moyer) [1611761] - [mm] ipc/shm.c add ->pagesize function to shm_vm_ops (Jeff Moyer) [1609834] - [kernel] mm: disallow mappings that conflict for devm_memremap_pages() (Jeff Moyer) [1616044] - [kernel] memremap: fix softlockup reports at teardown (Jeff Moyer) [1616187] - [kernel] memremap: add scheduling point to devm_memremap_pages (Jeff Moyer) [1616187] - [mm] page_alloc: add scheduling point to memmap_init_zone (Jeff Moyer) [1616187] - [mm] memory_hotplug: add scheduling point to __add_pages (Jeff Moyer) [1616187] - [acpi] nfit: Fix scrub idle detection (Jeff Moyer) [1616041] - [x86] asm/memcpy_mcsafe: Fix copy_to_user_mcsafe() exception handling (Jeff Moyer) [1608674] - [nvdimm] libnvdimm, pmem: Fix memcpy_mcsafe() return code handling in nsio_rw_bytes() (Jeff Moyer) [1608674] - [tools] testing/nvdimm: advertise a write cache for nfit_test (Jeff Moyer) [1608674] - [tools] x86, nfit_test: Add unit test for memcpy_mcsafe() (Jeff Moyer) [1608674] - [tools] testing/nvdimm: fix missing newline in nfit_test_dimm 'handle' attribute (Jeff Moyer) [1608674] - [tools] testing/nvdimm: support nfit_test_dimm attributes under nfit_test.1 (Jeff Moyer) [1608674] - [tools] testing/nvdimm: allow custom error code injection (Jeff Moyer) [1608674] - [tools] libnvdimm, testing: update the default smart ctrl_temperature (Jeff Moyer) [1608674] - [tools] libnvdimm, testing: Add emulation for smart injection commands (Jeff Moyer) [1608674] - [tools] nfit_test: prevent parsing error of nfit_test.0 (Jeff Moyer) [1608674] - [tools] nfit_test: fix buffer overrun, add sanity check (Jeff Moyer) [1608674] - [tools] nfit_test: improve structure offset handling (Jeff Moyer) [1608674] - [tools] testing/nvdimm: force nfit_test to depend on instrumented modules (Jeff Moyer) [1608674] - [tools] libnvdimm/nfit_test: adding support for unit testing enable LSS status (Jeff Moyer) [1612421] - [tools] libnvdimm/nfit_test: add firmware download emulation (Jeff Moyer) [1612420] - [kernel] jiffies: add time comparison functions for 64 bit jiffies (Jeff Moyer) [1612420] - [tools] testing/nvdimm: smart alarm/threshold control (Jeff Moyer) [1608674] - [tools] testing/nvdimm: unit test clear-error commands (Jeff Moyer) [1608674] - [tools] testing/nvdimm: stricter bounds checking for error injection commands (Jeff Moyer) [1608674] - [tools] nfit_test: when clearing poison, also remove badrange entries (Jeff Moyer) [1608674] - [tools] nfit_test: add error injection DSMs (Jeff Moyer) [1612417] - [nvdimm] pmem: Switch to copy_to_iter_mcsafe() (Jeff Moyer) [1608674] - [fs] dax: Report bytes remaining in dax_iomap_actor() (Jeff Moyer) [1608674] - [lib] uio, lib: Fix CONFIG_ARCH_HAS_UACCESS_MCSAFE compilation (Jeff Moyer) [1608674] - [net] x86/asm/memcpy_mcsafe: Define copy_to_iter_mcsafe() (Jeff Moyer) [1608674] - [x86] asm/memcpy_mcsafe: Add write-protection-fault handling (Jeff Moyer) [1608674] - [x86] asm/memcpy_mcsafe: Return bytes remaining (Jeff Moyer) [1608674] - [x86] asm/memcpy_mcsafe: Add labels for __memcpy_mcsafe() write fault handling (Jeff Moyer) [1608674] - [x86] asm/memcpy_mcsafe: Remove loop unrolling (Jeff Moyer) [1608674] - [net] dax: Introduce a ->copy_to_iter dax operation (Jeff Moyer) [1608674] - [kernel] dax: remove default copy_from_iter fallback (Jeff Moyer) [1539264] - [fs] filesystem-dax: convert to dax_copy_from_iter() (Jeff Moyer) [1608674] - [md] dm log writes: record metadata flag for better flags record (Jeff Moyer) [1539264] - [md] dax, dm: allow device-mapper to operate without dax support (Jeff Moyer) [1539264] - [md] dm log writes: fix max length used for kstrndup (Jeff Moyer) [1539264] - [md] dm log writes: add support for DAX (Jeff Moyer) [1539264] - [md] dm log writes: add support for inline data buffers (Jeff Moyer) [1539264] - [md] dm log writes: fix >512b sectorsize support (Jeff Moyer) [1539264] - [md] dm log writes: don't use all the cpu while waiting to log blocks (Jeff Moyer) [1539264] - [md] dm log writes: fix check of kthread_run() return value (Jeff Moyer) [1539264] - [md] dm log writes: fix bug with too large bios (Jeff Moyer) [1539264] - [md] dm log writes: move IO accounting earlier to fix error path (Jeff Moyer) [1539264] - [md] dm log writes: use ULL suffix for 64-bit constants (Jeff Moyer) [1539264] - [md] dm: add log writes target (Jeff Moyer) [1539264] - [md] dm: add ->copy_from_iter() dax operation support (Jeff Moyer) [1539264] - [powerpc] fadump: cleanup crash memory ranges support (Gustavo Duarte) [1621969] - [powerpc] fadump: merge adjacent memory ranges to reduce PT_LOAD segements (Gustavo Duarte) [1621969] - [powerpc] fadump: handle crash memory ranges array index overflow (Gustavo Duarte) [1621969] - [powerpc] fadump: Unregister fadump on kexec down path (Gustavo Duarte) [1621969] - [powerpc] fadump: Return error when fadump registration fails (Gustavo Duarte) [1621969] - [powerpc] iommu: Do not call PageTransHuge() on tail pages (David Gibson) [1594347] - [powerpc] kvm: book3s hv: Migrate pinned pages out of CMA (David Gibson) [1594347] [3.10.0-941] - [tools] power turbostat: Allow for broken ACPI LPIT tables (Prarit Bhargava) [1614083] - [base] pm/runtime: Avoid false-positive warnings from might_sleep_if() (Paul Lai) [1615223] - [md] dm thin: stop no_space_timeout worker when switching to write-mode (Mike Snitzer) [1620251] - [netdrv] mlx5e: Only allow offloading decap egress (egdev) flows (Erez Alfasi) [1619641] - [netdrv] mlx5-core: Mark unsupported devices (Don Dutile) [1621824 1621810] - [netdrv] bnx2x: disable GSO where gso_size is too big for hardware (Jonathan Toppins) [1546760] {CVE-2018-1000026} - [net] create skb_gso_validate_mac_len() (Jonathan Toppins) [1546760] {CVE-2018-1000026} - [scsi] target: iscsi: cxgbit: fix max iso npdu calculation (Arjun Vynipadath) [1613307] - [scsi] csiostor: update csio_get_flash_params() (Arjun Vynipadath) [1613307] - [scsi] lpfc: Correct MDS diag and nvmet configuration (Dick Kennedy) [1616104] - [qla2xxx] Mark NVMe/FC initiator mode usage as technology preview (Ewan Milne) [1620258] - [nvme-fc] Take NVMe/FC initiator out of technology preview (Ewan Milne) [1620258] - [mm] inode: avoid softlockup in prune_icache_sb (Andrea Arcangeli) [1610560] - [mm] compaction: reschedule immediately if need_resched() is set (Andrea Arcangeli) [1610560] - [mm] compaction: properly signal and act upon lock and need_sched() contention (Andrea Arcangeli) [1610560] - [mm] compaction: cleanup isolate_freepages() (Andrea Arcangeli) [1610560] - [mm] compaction: encapsulate defer reset logic (Andrea Arcangeli) [1610560] - [mm] compaction.c: periodically schedule when freeing pages (Andrea Arcangeli) [1610560] - [powerpc] powernv/pci: Work around races in PCI bridge enabling (Gustavo Duarte) [1620041] - [powerpc] kdump: Handle crashkernel memory reservation failure (Pingfan Liu) [1621945] - [powerpc] ftrace: Match dot symbols when searching functions on ppc64 (Jerome Marchand) [1613136] - [x86] entry/64: Restore TRACE_IRQS_IRETQ in paranoid_exit (Scott Wood) [1561777] [3.10.0-940] - [net] sched: Fix missing res info when create new tc_index filter (Hangbin Liu) [1607687] - [net] sched: fix NULL pointer dereference when delete tcindex filter (Hangbin Liu) [1607687] - [net] dev: advertise the new ifindex when the netns iface changes (Michael Cambria) [1584287] - [net] dev: always advertise the new nsid when the netns iface changes (Michael Cambria) [1584287] - [net] Zero ifla_vf_info in rtnl_fill_vfinfo() (Hangbin Liu) [1614178] - [net] udpv6: Fix the checksum computation when HW checksum does not apply (Xin Long) [1619793] - [net] tc: ensure that offloading callback is called for MQPRIO qdisc (Ivan Vecera) [1618579] - [thunderbolt] move tb3 to full support status (Jarod Wilson) [1620372] - [kernel] x86/platform/uv: Add adjustable set memory block size function (Baoquan He) [1601867] - [mm] memory_hotplug: remove timeout from __offline_memory (Baoquan He) [1601867] - [mm] memory_hotplug: do not fail offlining too early (Baoquan He) [1601867] - [x86] mm/memory_hotplug: determine block size based on the end of boot memory (Baoquan He) [1601867] - [x86] mm: Streamline and restore probe_memory_block_size() (Baoquan He) [1601867] - [x86] mm: Use 2GB memory block size on large-memory x86-64 systems (Baoquan He) [1601867] - [x86] mm: probe memory block size for generic x86 64bit (Baoquan He) [1601867] - [x86] revert platform/uv: Add adjustable set memory block size function (Baoquan He) [1601867] [3.10.0-939] - [nvme] rdma: Fix command completion race at error recovery (David Milburn) [1610641] - [infiniband] revert vmw_pvrdma: Call ib_umem_release on destroy QP path (Don Dutile) [1618625] - [infiniband] iw_cxgb4: correctly enforce the max reg_mr depth (Arjun Vynipadath) [1613317] - [netdrv] net: aquantia: Fix IFF_ALLMULTI flag functionality (Igor Russkikh) [1608762] - [uio] fix possible circular locking dependency (Xiubo Li) [1613195] - [tools] power turbostat: Fix logical node enumeration to allow for non-sequential physical nodes (Prarit Bhargava) [1612902] - [tools] bpf selftest: Disable unsupported verifier tests (Jiri Olsa) [1615222] - [tools] bpf: fix panic due to oob in bpf_prog_test_run_skb (Jiri Olsa) [1615222] - [net] bpf: Align packet data properly in program testing framework (Jiri Olsa) [1615222] - [net] bpf: Do not dereference user pointer in bpf_test_finish() (Jiri Olsa) [1615222] - [tools] bpf: migrate ebpf ld_abs/ld_ind tests to test_verifier (Jiri Olsa) [1615222] - [tools] bpf: add verifier tests for accesses to map values (Jiri Olsa) [1615222] - [kernel] bpf: allow map helpers access to map values directly (Jiri Olsa) [1615222] - [kernel] cpuset: fix a warning when clearing configured masks in old hierarchy (Aristeu Rozanski) [1613248] - [kernel] percpu_ref: Update doc to dissuade users from depending on internal RCU grace periods (Prarit Bhargava) [1603603] - [kernel] percpu: READ_ONCE() now implies smp_read_barrier_depends() (Prarit Bhargava) [1603603] - [kernel] locking/barriers: Add implicit smp_read_barrier_depends() to READ_ONCE() (Prarit Bhargava) [1603603] - [kernel] compiler, atomics, kasan: Provide READ_ONCE_NOCHECK() (Prarit Bhargava) [1603603] - [kernel] percpu-refcount: init ->confirm_switch member properly (Prarit Bhargava) [1603603] - [kernel] percpu, locking: revert ('percpu: Replace smp_read_barrier_depends() with lockless_dereference()') (Prarit Bhargava) [1603603] - [x86] microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [1614515] - [x86] intel_rdt: Enable CMT and MBM on new Skylake stepping (Jiri Olsa) [1517736] [3.10.0-938] - [netdrv] mlx5e: Properly check if hairpin is possible between two functions (Alaa Hleihel) [1611567] - [netdrv] bnx2x: Fix invalid memory access in rss hash config path (Jonathan Toppins) [1615290] - [netdrv] iwlwifi: pcie: compare with number of IRQs requested for, not number of CPUs (Stanislaw Gruszka) [1616290] - [netdrv] ibmvnic: Update firmware error reporting with cause string (Steve Best) [1614652] - [netdrv] ibmvnic: Remove code to request error information (Steve Best) [1614652] - [scsi] fcoe: hold disc_mutex when traversing rport lists (Chris Leech) [1608481] - [scsi] libfc: hold disc_mutex in fc_disc_stop_rports() (Chris Leech) [1608481] - [scsi] libfc: fixup lockdep annotations (Chris Leech) [1608481] - [scsi] libfc: fixup 'sleeping function called from invalid context' (Chris Leech) [1608481] - [scsi] libfc: Add lockdep annotations (Chris Leech) [1608481] - [scsi] libiscsi: fix possible NULL pointer dereference in case of TMF (Chris Leech) [1613262] - [scsi] qla2xxx: Fix memory leak for allocating abort IOCB (Himanshu Madhani) [1609890] - [scsi] hpsa: correct enclosure sas address (Joseph Szczypek) [1613021] - [scsi] lpfc: Remove lpfc_enable_pbde as module parameter (Dick Kennedy) [1613975] - [scsi] lpfc: Fix list corruption on the completion queue (Dick Kennedy) [1554777] - [scsi] lpfc: Fix driver crash when re-registering NVME rports (Dick Kennedy) [1613955] - [scsi] lpfc: Correct LCB ACCept payload (Dick Kennedy) [1613959] - [x86] boot/kaslr: Skip specified number of 1GB huge pages when doing physical randomization (KASLR) (Baoquan He) [1451428] - [x86] boot/kaslr: Add two new functions for 1GB huge pages handling (Baoquan He) [1451428] - [x86] platform/uv: Add kernel parameter to set memory block size (Frank Ramsay) [1595892] - [x86] platform/uv: Use new set memory block size function (Frank Ramsay) [1595892] - [x86] platform/uv: Add adjustable set memory block size function (Frank Ramsay) [1595892] [3.10.0-937] - [fs] dax: use __pagevec_lookup in dax_layout_busy_page (Eric Sandeen) [1505291] - [fs] cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting (Leif Sahlberg) [1598765] - [fs] libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() (Ilya Dryomov) [1614858] - [fs] libceph: check authorizer reply/challenge length before reading (Ilya Dryomov) [1614858] - [fs] libceph: implement CEPHX_V2 calculation mode (Ilya Dryomov) [1614858] - [fs] libceph: add authorizer challenge (Ilya Dryomov) [1614858] - [fs] libceph: factor out encrypt_authorizer() (Ilya Dryomov) [1614858] - [fs] libceph: factor out __ceph_x_decrypt() (Ilya Dryomov) [1614858] - [fs] libceph: factor out __prepare_write_connect() (Ilya Dryomov) [1614858] - [fs] libceph: store ceph_auth_handshake pointer in ceph_connection (Ilya Dryomov) [1614858] - [fs] nfsv4.0: Remove transport protocol name from non-UCS client ID (Steve Dickson) [1592911] - [fs] nfsv4.0: Remove cl_ipaddr from non-UCS client ID (Steve Dickson) [1592911] - [fs] aio: properly check iovec sizes (Jeff Moyer) [1337518] {CVE-2015-8830} - [fs] cifs: fix up section mismatch (Jeff Moyer) [1609877] - [fs] skip LAYOUTRETURN if layout is invalid (Steve Dickson) [1589995] - [fs] gfs2: Special-case rindex for gfs2_grow (Andreas Grunbacher) [1608687] - [fs] ext4: Fix WARN_ON_ONCE in ext4_commit_super() (Lukas Czerner) [1596766] - [fs] cachefiles: Wait rather than BUG'ing on Unexpected object collision (David Howells) [1356390] - [fs] cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag (David Howells) [1356390] - [fs] fscache: Fix reference overput in fscache_attach_object() error handling (David Howells) [1356390] - [fs] cachefiles: Fix refcounting bug in backing-file read monitoring (David Howells) [1356390] - [fs] fscache: Allow cancelled operations to be enqueued (David Howells) [1356390] - [fs] ext4: avoid running out of journal credits when appending to an inline file (Lukas Czerner) [1609759] {CVE-2018-10883} - [fs] jbd2: don't mark block as modified if the handle is out of credits (Lukas Czerner) [1609759] {CVE-2018-10883} - [fs] ext4: check for allocation block validity with block group locked (Lukas Czerner) [1597702] - [fs] ext4: fix check to prevent initializing reserved inodes (Lukas Czerner) [1597702] - [fs] ext4: fix false negatives *and* false positives in ext4_check_descriptors() (Lukas Czerner) [1597702] - [fs] ext4: add more mount time checks of the superblock (Lukas Czerner) [1597702] - [fs] ext4: fix bitmap position validation (Lukas Czerner) [1597702] - [fs] ext4: add more inode number paranoia checks (Lukas Czerner) [1597702] - [fs] ext4: clear i_data in ext4_inode_info when removing inline data (Lukas Czerner) [1597702] - [fs] ext4: include the illegal physical block in the bad map ext4_error msg (Lukas Czerner) [1597702] - [fs] ext4: verify the depth of extent tree in ext4_find_extent() (Lukas Czerner) [1597702] - [fs] ext4: only look at the bg_flags field if it is valid (Lukas Czerner) [1597702] - [fs] ext4: don't update checksum of new initialized bitmaps (Lukas Czerner) [1597702] - [fs] ext4: add validity checks for bitmap block numbers (Lukas Czerner) [1597702] - [fs] ext4: make sure bitmaps and the inode table don't overlap with bg descriptors (Lukas Czerner) [1597702] - [fs] ext4: always check block group bounds in ext4_init_block_bitmap() (Lukas Czerner) [1597702] - [fs] ext4: always verify the magic number in xattr blocks (Lukas Czerner) [1597702] - [fs] ext4: add corruption check in ext4_xattr_set_entry() (Lukas Czerner) [1597702] - [net] netlink: make sure -EBUSY won't escape from netlink_insert (Davide Caratti) [1608701] - [net] netfilter: nf_conntrack: don't resize NULL or freed hashtable (Davide Caratti) [1601662] - [net] ethtool: Ensure new ring parameters are within bounds during SRINGPARAM (Ivan Vecera) [1608318] - [net] ipv6: make DAD fail with enhanced DAD when nonce length differs (Jarod Wilson) [1608002] - [net] ipv6: allow userspace to add IFA_F_OPTIMISTIC addresses (Jarod Wilson) [1608002] - [net] ipv6: send unsolicited NA after DAD (Jarod Wilson) [1608002] - [net] ipv6: display hw address of source machine during ipv6 DAD failure (Jarod Wilson) [1608002] - [net] ipv6: send NS for DAD when link operationally up (Jarod Wilson) [1608002] - [net] ipv6: avoid dad-failures for addresses with NODAD (Jarod Wilson) [1608002] - [net] ipv6: send unsolicited NA if enabled for all interfaces (Jarod Wilson) [1608002] - [net] ipv6: send unsolicited NA on admin up (Jarod Wilson) [1608002] - [net] ipv6: addrconf: fix generation of new temporary addresses (Jarod Wilson) [1608002] - [net] ipv6: addrconf: Implemented enhanced DAD (RFC7527) (Jarod Wilson) [1608002] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2016-4913 CVE-2017-10661 CVE-2018-1118 CVE-2018-1130 CVE-2018-8781 CVE-2018-10883 CVE-2018-10940 CVE-2018-5391 CVE-2018-7740 CVE-2018-1092 CVE-2018-5344 CVE-2018-10881 CVE-2018-7757 CVE-2018-10322 CVE-2018-13405 CVE-2015-8830 CVE-2017-17805 CVE-2017-18208 CVE-2018-10879 CVE-2018-1000026 CVE-2017-18232 CVE-2017-18344 CVE-2018-1120 CVE-2018-5803 CVE-2017-0861 CVE-2018-10902 CVE-2018-5848 CVE-2018-1094 CVE-2018-10878 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:6:base Oracle Linux 7 [20180508-3.gitee3198e672e2.el7] - ovmf-redhat-provide-virtual-bundled-OpenSSL-in-OVMF.patch [bz#1607792] - Resolves: bz#1607792 (add 'Provides: bundled(openssl) = 1.1.0h' to the spec file) [20180508-2.gitee3198e672e2] - OvmfPkg/PlatformBootManagerLib: connect consoles unconditionally [bz#1577546] - build OVMF varstore template with SB enabled / certs enrolled [bz#1561128] - connect Virtio RNG devices again [bz#1579518] - Resolves: bz#1577546 (no input consoles connected under certain circumstances) - Resolves: bz#1561128 (OVMF Secure boot enablement (enrollment of default keys)) - Resolves: bz#1579518 (EFI_RNG_PROTOCOL no longer produced for virtio-rng) [20180508-1.gitee3198e672e2] - Rebase to [bz#1559542] - Resolves: bz#1559542 (Rebase OVMF for RHEL-7.6) MODERATE Copyright 2018 Oracle, Inc. CVE-2018-0739 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:6:base Oracle Linux 7 [2.17-260.0.9] - Regenerate plural.c - OraBug 28806294. - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [2.17-260.0.7] - intl: Port to Bison 3.0 - Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9 - OraBug 28806294. - Reviewed-by: Patrick McGehearty <patrick.mcgehearty@oracle.com> [2.17-260.0.5] - Fix dbl-64/wordsize-64 remquo (bug 17569). - Backport of upstream d9afe48d55a412e76b0dcb28335fd4b390fe07ae - OraBug 19570749. - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [2.17-260.0.3] - libio: Disable vtable validation in case of interposition. - Backport of upstream c402355dfa7807b8e0adb27c009135a7e2b9f1b0. - OraBug 28641867. - Reviewed-by: Egeyar Bagcioglu <egeyar.bagcioglu@oracle.com> [2.17-260.0.1] - Include-linux-falloc.h-in-bits-fcntl-linux.h - Defines FALLOC_FL_PUNSH_HOLE, FALLOC_FL_KEEP_SIZE, FALLOC_FL_COLLAPSE_RANGE, and FALLOC_FL_ZERO_RANGE - OraBug 28483336 - Add MAP_SHARED_VALIDATE and MAP_SYNC flags to - sysdeps/unix/sysv/linux/x86/bits/mman.h - OraBug 28389572 [2.17-260.0.1] - Update bits/siginfo.h with Linux hwpoison SIGBUS changes. - Adds new SIGBUS error codes for hardware poison signals, syncing with the current kernel headers (v3.9). - It also adds si_trapno field for alpha. - New values: BUS_MCEERR_AR, BUS_MCEERR_AO - OraBug 28124569 [2.17-260] - Update glibc-rh1560641.patch to initialize pad outside the conditional eliminating an uninitialized byte warning from valgrind. (#1560641) [2.17-259] - Correctly set errno when send() fails on i686 (#1550080) [2.17-258] - Fix dynamic string token substitution in DT_RPATH etc. (#1447808, #1540480) - Additional robust mutex fixes (#1401665) [2.17-257] - Improve process-shared robust mutex support (#1401665) [2.17-256] - CVE-2017-16997: Correctly handle DT_RPATH (#1540480). - Correctly process '' element in DT_RPATH or DT_NEEDED (#1447808). [2.17-255] - Make transition from legacy nss_db easier (#1408964) [2.17-254] - nptl: Avoid expected SIGALRM in most tests (#1372304) [2.17-253] - Add support for el_GR@euro locale. Update el_GR, ur_IN and wal_ET locales. (#1448107) [2.17-252] - Do not scale NPTL tests with available number of CPUs (#1526193) [2.17-251] - Correctly set errno when send() fails on s390 and s390x (#1550080) [2.17-250] - Initialize pad field in sem_open. (#1560641) [2.17-249] - getlogin_r: Return early when process has no associated login UID (#1563046) [2.17-248] - Return static array, not local array from transliteration function (#1505500) [2.17-247] - Re-write multi-statement strftime_l macros using better style (#1505477) [2.17-246] - Fix pthread_barrier_init typo (#1505451) [2.17-245] - CVE-2018-11237: AVX-512 mempcpy for KNL buffer overflow (#1579809) [2.17-244] - resolv: Fix crash after memory allocation failure (#1579727) [2.17-243] - CVE-2018-11236: Path length overflow in realpath (#1579742) [2.17-242] - S390: fix sys/ptrace.h to make it includible again after asm/ptrace.h (#1457479) [2.17-241] - x86: setcontext, makecontext alignment issues (#1531168) [2.17-240] - Remove abort() warning in manual (#1577333) [2.17-239] - Add Open File Description (OFL) locks. (#1461231) [2.17-238] - Properly handle more invalid --install-langs arguments. (#1349982) [2.17-237] - Add O_TMPFILE macro (#1471405) - Update syscall names list to kernel 4.16 (#1563747) - Include <linux/falloc.h> in bits/fcntl-linux.h. (#1476120) - Fix netgroup cache keys. (#1505647) - Update ptrace constants. (#1457479) [2.17-236] - Fix strfmon_l so that it groups digits (#1307241) [2.17-235] - CVE-2018-6485: Integer overflow in posix_memalign in memalign (#1548002) [2.17-234] - Adjust spec file for compiler warnings cleanup (#1505492) - Drop ports add-on - Do not attempt to disable warnings-as-errors on s390x [2.17-233] - Compiler warnings cleanup, phase 7 (#1505492) [2.17-232] - Compiler warnings cleanup, phase 6 (#1505492) [2.17-231] - Compiler warnings cleanup, phase 5 (#1505492) [2.17-230] - Compiler warnings cleanup, phase 4 (#1505492) [2.17-229] - Compiler warnings cleanup, phase 3 (#1505492) [2.17-228] - Compiler warnings cleanup, phase 2 (#1505492) [2.17-227] - Fix downstream-specific compiler warnings (#1505492) [2.17-226] - rtkaio: Do not define IN_MODULE (#1349967) [2.17-225] - Fix K&R function definitions in libio (#1566623) [2.17-224] - Fix type errors in string tests (#1564638) [2.17-223] - Make nscd build reproducible for verification (#1505492) MODERATE Copyright 2018 Oracle, Inc. CVE-2017-16997 CVE-2018-11236 CVE-2018-6485 CVE-2018-11237 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 Oracle Linux 7 [1:2.6-12] - Ignore unauthenticated encrypted EAPOL-Key data (CVE-2018-14526) [1:2.6-11] - Better handling of /run/wpa_supplicant (rh #1507919) [1:2.6-10] - Fix memory leak when macsec MKA/PSK is used (rh #1500442) - Fix authentication failure when the MAC is updated externally (rh #1490885) - Let the kernel discard EAPOL if packet type is PACKET_OTHERHOST (rh #1434434) - Dont restart wpa_supplicant.service on package upgrade (rh #1505404) - Dont own a directory in /run/ (rh #1507919) MODERATE Copyright 2018 Oracle, Inc. CVE-2018-14526 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::beta Oracle Linux 7 [4.5.0-10] - conf: correct false boot order error during domain parse (rhbz#1601318) [4.5.0-9] - virDomainDefCompatibleDevice: Relax alias change check (rhbz#1621910) - virDomainDetachDeviceFlags: Clarify update semantics (rhbz#1621910) - virDomainNetDefCheckABIStability: Check for MTU change too (rhbz#1623157) [4.5.0-8] - storage: Add --shrink to qemu-img command when shrinking vol (rhbz#1613746) - access: Fix nwfilter-binding ACL access API name generation (rhbz#1611320) - qemu: mdev: Use vfio-pci 'display' property only with vfio-pci mdevs (rhbz#1624735) [4.5.0-7] - qemu_migration: Avoid writing to freed memory (rhbz#1593137) - qemu: hotplug: Fix asynchronous unplug of 'shmem' (rhbz#1618622) - tests: rename hugepages to hugepages-default (rhbz#1591235) - tests: extract hugepages-numa-default-dimm out of hugepages-numa (rhbz#1591235) - tests: rename hugepages-numa into hugepages-numa-default (rhbz#1591235) - tests: remove unnecessary XML elements from hugepages-numa-default (rhbz#1591235) - tests: extract pages-discard out of hugepages-pages (rhbz#1591235) - tests: rename hugepages-pages into hugepages-numa-nodeset (rhbz#1591235) - tests: rename hugepages-pages2 into hugepages-numa-default-2M (rhbz#1591235) - tests: extract pages-discard-hugepages out of hugepages-pages3 (rhbz#1591235) - tests: rename hugepages-pages3 into hugepages-numa-nodeset-part (rhbz#1591235) - tests: rename hugepages-pages4 into hugepages-numa-nodeset-nonexist (rhbz#1591235) - tests: rename hugepages-pages5 into hugepages-default-2M (rhbz#1591235) - tests: rename hugepages-pages6 into hugepages-default-system-size (rhbz#1591235) - tests: rename hugepages-pages7 into pages-dimm-discard (rhbz#1591235) - tests: rename hugepages-pages8 into hugepages-nodeset-nonexist (rhbz#1591235) - tests: introduce hugepages-default-1G-nodeset-2M (rhbz#1591235) - tests: introduce hugepages-nodeset (rhbz#1591235) - conf: Move hugepage XML validation check out of qemu_command (rhbz#1591235) - conf: Move hugepages validation out of XML parser (rhbz#1591235) - conf: Introduce virDomainDefPostParseMemtune (rhbz#1591235) - tests: sev: Test launch-security with specific QEMU version (rhbz#1612009) - qemu: Fix probing of AMD SEV support (rhbz#1612009) - qemu: caps: Format SEV platform data into qemuCaps cache (rhbz#1612009) [4.5.0-6] - qemu: Exempt video model 'none' from getting a PCI address on Q35 (rhbz#1609087) - conf: Fix a error msg typo in virDomainVideoDefValidate (rhbz#1607825) [4.5.0-5] - esx storage: Fix typo lsilogic -> lsiLogic (rhbz#1571759) - networkGetDHCPLeases: Dont always report error if unable to read leases file (rhbz#1600468) - nwfilter: Resolve SEGV for NWFilter Snoop processing (rhbz#1599973) - qemu: Remove unused bypassSecurityDriver from qemuOpenFileAs (rhbz#1589115) - qemuDomainSaveMemory: Dont enforce dynamicOwnership (rhbz#1589115) - domain_nwfilter: Return early if net has no name in virDomainConfNWFilterTeardownImpl (rhbz#1607831) - examples: Add clean-traffic-gateway into nwfilters (rhbz#1603115) [4.5.0-4] - qemu: hotplug: dont overwrite error message in qemuDomainAttachNetDevice (rhbz#1598311) - qemu: hotplug: report error when changing rom enabled attr for net iface (rhbz#1599513) - qemu: Fix setting global_period cputune element (rhbz#1600427) - tests: qemucaps: Add test data for upcoming qemu 3.0.0 (rhbz#1475770) - qemu: capabilities: Add capability for werror/rerror for 'usb-device' frontend (rhbz#1475770) - qemu: command: Move graphics iteration to its own function (rhbz#1475770) - qemu: address: Handle all the video devices within a single loop (rhbz#1475770) - conf: Introduce virDomainVideoDefClear helper (rhbz#1475770) - conf: Introduce virDomainDefPostParseVideo helper (rhbz#1475770) - qemu: validate: Enforce compile time switch type checking for videos (rhbz#1475770) - tests: Add capabilities data for QEMU 2.11 x86_64 (rhbz#1475770) - tests: Update capabilities data for QEMU 3.0.0 x86_64 (rhbz#1475770) - qemu: qemuBuildHostdevCommandLine: Use a helper variable mdevsrc (rhbz#1475770) - qemu: caps: Introduce a capability for egl-headless (rhbz#1475770) - qemu: Introduce a new graphics display type 'headless' (rhbz#1475770) - qemu: caps: Add vfio-pci.display capability (rhbz#1475770) - conf: Introduce virDomainGraphicsDefHasOpenGL helper (rhbz#1475770) - conf: Replace 'error' with 'cleanup' in virDomainHostdevDefParseXMLSubsys (rhbz#1475770) - conf: Introduce new <hostdev> attribute 'display' (rhbz#1475770) - qemu: command: Enable formatting vfio-pci.display option onto cmdline (rhbz#1475770) - docs: Rephrase the mediated devices hostdev section a bit (rhbz#1475770) - conf: Introduce new video type 'none' (rhbz#1475770) - virt-xml-validate: Add schema for nwfilterbinding (rhbz#1600330) - tools: Fix typo generating adapter_wwpn field (rhbz#1601377) - src: Fix memory leak in virNWFilterBindingDispose (rhbz#1603025) [4.5.0-3] - qemu: hotplug: Do not try to add secret object for TLS if it does not exist (rhbz#1598015) - qemu: monitor: Make qemuMonitorAddObject more robust against programming errors (rhbz#1598015) - spec: Explicitly require matching libvirt-libs (rhbz#1600122) - virDomainConfNWFilterInstantiate: initialize @xml to avoid random crash (rhbz#1599545) - qemuProcessStartPRDaemonHook: Try to set NS iff domain was started with one (rhbz#1470007) - qemuDomainValidateStorageSource: Relax PR validation (rhbz#1470007) - virStoragePRDefFormat: Suppress path formatting for migratable XML (rhbz#1470007) - qemu: Wire up PR_MANAGER_STATUS_CHANGED event (rhbz#1470007) - qemu_monitor: Introduce qemuMonitorJSONGetPRManagerInfo (rhbz#1470007) - qemu: Fetch pr-helper process info on reconnect (rhbz#1470007) - qemu: Fix ATTRIBUTE_NONNULL for qemuMonitorAddObject (rhbz#1598015) - virsh.pod: Fix a command name typo in nwfilter-binding-undefine (rhbz#1600329) - docs: schema: Add missing <alias> to vsock device (rhbz#1600345) - virnetdevtap: Dont crash on !ifname in virNetDevTapInterfaceStats (rhbz#1595184) [4.5.0-2] - qemu: Add capability for the HTM pSeries feature (rhbz#1525599) - conf: Parse and format the HTM pSeries feature (rhbz#1525599) - qemu: Format the HTM pSeries feature (rhbz#1525599) - qemu: hotplug: Dont access srcPriv when its not allocated (rhbz#1597550) - qemuDomainNestedJobAllowed: Allow QEMU_JOB_NONE (rhbz#1598084) - src: Mention DEVICE_REMOVAL_FAILED event in virDomainDetachDeviceAlias docs (rhbz#1598087) - virsh.pod: Drop --persistent for detach-device-alias (rhbz#1598087) - qemu: dont use chardev FD passing with standalone args (rhbz#1598281) - qemu: remove chardevStdioLogd param from vhostuser code path (rhbz#1597940) - qemu: consolidate parameters of qemuBuildChrChardevStr into flags (rhbz#1597940) - qemu: dont use chardev FD passing for vhostuser backend (rhbz#1597940) - qemu: fix UNIX socket chardevs operating in client mode (rhbz#1598440) - qemuDomainDeviceDefValidateNetwork: Check for range only if IP prefix set (rhbz#1515533) [4.5.0-1] - Rebased to libvirt-4.5.0 (rhbz#1563169) - The rebase also fixes the following bugs: rhbz#1291851, rhbz#1393106, rhbz#1468422, rhbz#1469338, rhbz#1526382 rhbz#1529059, rhbz#1541921, rhbz#1544869, rhbz#1552092, rhbz#1568407 rhbz#1583623, rhbz#1584091, rhbz#1585108, rhbz#1586027, rhbz#1588295 rhbz#1588336, rhbz#1589730, rhbz#1590214, rhbz#1591017, rhbz#1591561 rhbz#1591628, rhbz#1591645, rhbz#1593549 [4.4.0-2] - build: Dont install sysconfig files as scripts (rhbz#1563169) [4.4.0-1] - Rebased to libvirt-4.4.0 (rhbz#1563169) - The rebase also fixes the following bugs: rhbz#1149445, rhbz#1291851, rhbz#1300772, rhbz#1400475, rhbz#1456165 rhbz#1470007, rhbz#1480668, rhbz#1534418, rhbz#1549531, rhbz#1559284 rhbz#1559835, rhbz#1560946, rhbz#1566416, rhbz#1569861, rhbz#1572491 rhbz#1574089, rhbz#1576916, rhbz#1583484, rhbz#1583927, rhbz#1584071 rhbz#1584073 [4.3.0-1] - Rebased to libvirt-4.3.0 (rhbz#1563169) - The rebase also fixes the following bugs: rhbz#1509870, rhbz#1530451, rhbz#1577920, rhbz#1283700, rhbz#1425757 rhbz#1448149, rhbz#1454709, rhbz#1502754, rhbz#1507737, rhbz#1519130 rhbz#1519146, rhbz#1522706, rhbz#1523564, rhbz#1524399, rhbz#1525496 rhbz#1527740, rhbz#1550980, rhbz#916061, rhbz#1494454, rhbz#1515533 rhbz#1532542, rhbz#1538570, rhbz#1544325, rhbz#1544659, rhbz#1546971 rhbz#1347550, rhbz#1367238, rhbz#1483816, rhbz#1543775, rhbz#1551000 rhbz#1552127, rhbz#1553075, rhbz#1553085, rhbz#1554876, rhbz#1556828 rhbz#1558317, rhbz#1425058, rhbz#1490158, rhbz#1492597, rhbz#1520821 rhbz#1529256, rhbz#1547250, rhbz#1557769, rhbz#1560917, rhbz#1560976 rhbz#1568148, rhbz#1569678, rhbz#1576464 MODERATE Copyright 2018 Oracle, Inc. CVE-2018-6764 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1.3.8.4-15] - Bump version to 1.3.8.4-15 - Resolves: Bug 1624004 - Fix regression in last patch [1.3.8.4-14] - Bump version to 1.3.8.4-14 - Resolves: Bug 1624004 - potential denial of service attack [1.3.8.4-13] - Bump version to 1.3.8.4-13 - Resolves: Bug 1623949 - Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly [1.3.8.4-12] - Bump version to 1.3.8.4-12 - Resolves: Bug 1616412 - filter optimization fix causes regression(fix reverted) [1.3.8.4-11] - Bump version to 1.3.8.4-11 - Resolves: Bug 1614820 - Server crash through modify command with large DN [1.3.8.4-10] - Bump verison to 1.3.8.4-10 - Resolves: Bug 1614501 - Disable nunc-stans by default - Resolves: Bug 1607078 - ldapsearch with server side sort crashes the ldap server [1.3.8.4-9] - Bump version to 1.3.8.4-9 - Resolves: Bug 1594484 - setup-ds.pl not able to handle/create the user 'dirsrv' if there is an already existing user with the UID/GID 389 on the machine. [1.3.8.4-8] - Bump version to 1.3.8.4-8 - Resolves: Bug 1594484 - setup-ds.pl not able to handle/create the user 'dirsrv' if there is an already existing user with the UID/GID 389 on the machine. [1.3.8.4-7] - Bump version to 1.3.8.4-7 - Resolves: Bug 1595766 - backout this fix for now because it breaks FreeIPA (removed patch file all together) [1.3.8.4-6] - Bump version to 1.3.8.4-6 - Resolves: Bug 1595766 - backout this fix for now because it breaks FreeIPA [1.3.8.4-5] - Bump version to 1.3.8.4-5 - Resolves: Bug 1595766 - CVE-2018-10871 389-ds-base: replication and the Retro Changelog plugin store plaintext password by default [1.3.8.4-4] - Bump version to 1.3.8.4-4 - Resolves: Bug 1597384 - Async operations can hang when the server is running nunc-stans - Resolves: Bug 1598186 - A search with the scope 'one' returns a non-matching entry - Resolves: Bug 1598718 - import fails if backend name is 'default' - Resolves: Bug 1598478 - If a replica is created with a bindDNGroup, this group is taken into account only after bindDNGroupCheckInterval seconds - Resolves: Bug 1525256 - Invalid SNMP MIB for 389 DS - Resolves: Bug 1597518 - ds-replcheck command returns traceback errors against ldif files having garbage content when run in offline mode [1.3.8.4-3] - Bump version to 1.3.8.4-3 - Resolves: Bug 1594484 - setup-ds.pl not able to handle/create the user 'dirsrv' if there is an already existing user with the UID/GID 389 on the machine. [1.3.8.4-2] - Bump version to 1.3.8.4-2 - Resolves: Bug 1594484 - setup-ds.pl not able to handle/create the user 'dirsrv' if there is an already existing user with the UID/GID 389 on the machine. [1.3.8.4-1] - Bump version to 1.3.8.4-1 - Resolves: Bug 1560653 - Rebase 389-ds-base in RHEL 7.6 to 1.3.8 [1.3.8.2-1] - Bump version to 1.3.8.2-1 - Resolves: Bug 1560653 - Rebase 389-ds-base in RHEL 7.6 to 1.3.8 MODERATE Copyright 2018 Oracle, Inc. CVE-2018-14648 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 PackageKit [1.1.10-1.0.1] - remove PackageKit-0.3.8-Fedora-Vendor.conf.patch [1.1.10-1] - New upstream release - Resolves: #1576494 accountsservice [0.6.50-2] - Fix user switching Resolves: #1597350 [0.6.50-1] - Update to 0.6.50 Related: #1576538 Related: 1596735 Related: 1602918 [0.6.49-1] - Update to 0.6.49 Resolves: #1576538 adwaita-icon-theme [3.28.0-1] - Update to 3.28.0 - Resolves: #1567131 appstream-data [7-20180614] - Regenerate the RHEL metadata using rhel-7.6-candidate - Resolves: RHBZ#1570031 at-spi2-atk [2.26.2-1] - Update to 2.26.2 - Resolves: #1567135 at-spi2-core [2.28.0-1] - Update to 2.28.0 - Resolves: #1567145 atk [2.28.1-1] - Update to 2.28.1 - Resolves: #1567158 baobab [3.28.0-2] - Install also 24x24 icons - Fix gschema translations - Resolves: #1567161 [3.28.0-1] - Update to 3.28.0 - Fix setting GNOMELOCALEDIR - Resolves: #1567161 bolt [0.4-3] - Include patch to tighten sandbox by restricting capabilities - Resolves: #1559611 [0.4-2] - bolt 0.4 upstream release - Resolves: #1559611 brasero [3.12.2-5] - Update to 3.12.2 - Resolves: #1569810 cairo [1.15.12-3] - Rebuild against new freetype - Resolves: #1625906 [1.15.12-1] - Update to 1.15.12 - Resolves: #1576535 cheese [2:3.28.0-1] - Update to 3.28.0 - Resolves: #1567170 clutter-gst3 [3.0.26-1] - Update to 3.0.26 - Resolves: #1569811 compat-exiv2-023 [0.23-2] - Remove Windows binaries from the tarball Resolves: bz#1568618 [0.23-1] - Spec file based on exiv2 package to provide old libraries before API change Resolves: bz#1568618 control-center [3.28.1-4] - Backport two additional upstream patches for thunderbolt panel - Resolves: #1594880 [3.28.1-3] - Remove outdated soft hyphens from Japanese translation - Resolves: #1519109 [3.28.1-2] - Include thunderbolt panel - Resolves: #1567179 [3.28.1-1] - Update to 3.28.1 - Resolves: #1567179 dconf [0.28.0-3] - Check mtimes of files in /etc/dconf/db/*.d/ directories - when running 'dconf update' - Resolves: #1570569 [0.28.0-2] - Return dconf-dbus-1 library (without devel files) - Related: #1567184 [0.28.0-1] - Update to 0.28.0 - Resolves: #1567184 dconf-editor [3.28.0-1] - Update to 3.28.0 - Resolves: #1569718 devhelp [1:3.28.1-1] - Update to 3.28.1 - Resolves: #1569719 ekiga [4.0.1-8] - Rebuild against newer evolution-data-server [4.0.1-7] - Rebuild against newer evolution-data-server [4.0.1-5] - Rebuild against newer evolution-data-server [4.0.1-4] - Mass rebuild 2014-01-24 [4.0.1-3] - Mass rebuild 2013-12-27 [4.0.1-2] - Update translations - Resolves: #1030323 [4.0.1-1.2] - Rebuild for cyrus-sasl [4.0.1-1] - Ekiga 4.0.1 stable release - Changelog http://ftp.gnome.org/pub/gnome/sources/ekiga/4.0/ekiga-4.0.1.news [4.0.0-3] - Rebuild for Boost-1.53.0 [4.0.0-2] - Rebuild for libcamel soname bump [4.0.0-1] - Ekiga 4.0.0 stable release - Changelog http://ftp.gnome.org/pub/gnome/sources/ekiga/4.0/ekiga-4.0.0.news [3.9.90-3] - Rebuild against newer evolution-data-server [3.9.90-2] - Rebuild against newer evolution-data-server [3.9.90-1] - Ekiga 3.9.90 devel - Changelog ftp://ftp.gnome.org/pub/gnome/sources/ekiga/3.9/ekiga-3.9.90.news [3.3.2-8] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [3.3.2-7] - Fix build with gcc 4.7 [3.3.2-6] - Rebuilt for c++ ABI breakage [3.3.2-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [3.3.2-4] - Rebuild for boost 1.48 [3.3.2-3] - Rebuild against newer evolution-data-server [3.3.2-2] - Rebuild against newer evolution-data-server [3.3.2-1] - Ekiga 3.3.2 devel - Changelog ftp://ftp.gnome.org/pub/gnome/sources/ekiga/3.3/ekiga-3.3.2.news [3.3.1-3] - Rebuild against newer evolution-data-server [3.3.1-2] - Rebuild for new boost and evolution-data-server [3.3.1-1] - Ekiga 3.3.1 devel - Changelog ftp://ftp.gnome.org/pub/gnome/sources/ekiga/3.3/ekiga-3.3.1.news [3.3.0-10] - Rebuild against newer evolution-data-server [3.3.0-9] - Rebuilt for libcamel soname bump [3.3.0-8] - rebuild again for new boost [3.3.0-7] - rebuild for new boost [3.3.0-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [3.3.0-5] - rebuild for new boost [3.3.0-4] - Rebuild against newer evolution-data-server [3.3.0-3] - Rebuild against newer evolution-data-server [3.3.0-2] - fix build on non-x86 64-bit architectures (ax_boost_base.m4 is wrong) [3.3.0-1] - Ekiga 3.3.0 devel - Changelog http://mail.gnome.org/archives/ekiga-devel-list/2010-December/msg00036.html [3.2.7-5] - Rebuild against libnotify 0.7.0 [3.2.7-4] - add gtk flags to notify plugin to rebuild [3.2.7-3] - rebuild against new evolution-data-server [3.2.7-2] - rebuild against new evolution-data-server [3.2.7-1] - Ekiga 3.2.7 stable - Changelog ftp://ftp.gnome.org/pub/gnome/sources/ekiga/3.2/ekiga-3.2.7.news [3.2.6-4] - Bump build for new evolution [3.2.6-3] - Rebuild for new evolution [3.2.6-2] - Add patch to fix DSO linking. Bug 564828 [3.2.6-1] - Ekiga 3.2.6 stable - Changelog ftp://ftp.gnome.org/pub/gnome/sources/ekiga/3.2/ekiga-3.2.6.news [3.2.5-4] - rebuilt with new openssl [3.2.5-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [3.2.5-2] - Shrink GConf schemas [3.2.5-1] - Ekiga 3.2.5 stable - Changelog ftp://ftp.gnome.org/pub/gnome/sources/ekiga/3.2/ekiga-3.2.5.news [3.2.4-1] - Ekiga 3.2.4 stable - Changelog http://mail.gnome.org/archives/ekiga-devel-list/2009-May/msg00062.html http://mail.gnome.org/archives/ekiga-devel-list/2009-May/msg00064.html [3.2.1-1] - Ekiga 3.2.1 stable - Changelog http://mail.gnome.org/archives/ekiga-devel-list/2009-May/msg00054.html [3.2.0-3] - Rebuild against newer GConf/intltool [3.2.0-2] - Add a couple of upstream patches from 3.2.1 [3.2.0-1] - Ekiga 3.2.0 stable [3.1.2-4] - Remove CELT until the bitstream is stable and can hence intercommunicate between versions [3.1.2-3] - Remove autoconf bits [3.1.2-2] - Disable xcap for the moment so ekiga builds [3.1.2-1] - Upgrade to the 3.1.2 beta release, enable celt codec, reinstate proper desktop file now its fixed [3.1.0-11] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [3.1.0-10] - rebuild with new openssl - add libtoolize call to replace libtool with current version [3.1.0-9] - Add other buildreq for Makefile regen [3.1.0-8] - Regen Makefile.in using autoreconf due to patch [3.1.0-7] - Another fix [3.1.0-6] - And SDL too [3.1.0-5] - Add expat-devel, why not everything else wants it [3.1.0-4] - Disable gstreamer support until there's a new gst-plugins-base [3.1.0-3] - Proper fix from upstream for desktop file [3.1.0-2] - Fix issues with the desktop file [3.1.0-1] - Upgrade to the 3.1.0 devel release, enable gstreamer and xcap, remove libgnome [3.0.1-4] - Fix spec file error [3.0.1-3] - Patch to fix libnotify's breakage of its api [3.0.1-2] - Fix dependency issue [3.0.1-1] - Update to 3.0.1 [3.0.0-5] - Remove gnomemeeting obsolete, package review updates [3.0.0-4] - Save some space [3.0.0-3] - require dbus [3.0.0-2] - add libnotify-devel as a build dep [3.0.0-1] - Ekiga 3 final release [2.9.90-3] - more rawhide build fixes [2.9.90-2] - rawhide build fixes [2.9.90-1] - First beta of ekiga 3 [2.0.12-2] - Rebuild against new opal (#441202) [2.0.12-1.fc9] - Upgrade to ekiga-2.0.12 [2.0.11-4] - rebuild after applying some fo the cleanups of #160727 [2.0.11-3] - Autorebuild for GCC 4.3 [2.0.11-2] - compile with the D-Bus support - Making rpmlint silent. [2.0.11-1] - Upgrade to ekiga-2.0.11 [2.0.9-1] - Upgrade to ekiga-2.0.9 [2.0.7-1] - Upgrade to ekiga-2.0.7 [2.0.5-2] - rebuild [2.0.5-1] - Upgrade to ekiga-2.0.5 [2.0.4-1] - Upgrade to ekiga-2.0.4 [2.0.3-3] - Resolves: rhbz#201535 - fixes build-requires for opal-devel and pwlib-devel [2.0.3-2] - Rebuild against evolution-data-server 1.9 [2.0.3-1] - Update to 2.0.3 [2.0.2-7] - Make the status icon work in transparent panels [2.0.2-6] - Fix translator credits (197871) [2.0.2-5] - Rebuild against evolution-data-server-1.7.91 [2.0.2-4] - rebuild against new e-d-s [2.0.2-3] - rebuilt for #200960 [2.0.2-1.1] - rebuild [2.0.2-1] - new release of ekiga 2.0.2 - activating Zeroconf support though avahi [2.0.1-3] - Fix BuildRequires and Requires(post), Requires(postun) [2.0.1-2] - run 'ekiga-config-tool --install-schemas' in %post, c.f. #178929 [2.0.1-1] - last minute bug rerelease 2.0.1 - Resolves: #1569812 eog [3.28.3-1] - Update to 3.28.3 - Resolves: #1567185 [3.28.2-1] - Update to 3.28.2 - Resolves: #1567185 evince [3.28.2-5] - Set application-id for evince - Resolves: #1593244 [3.28.2-4] - Change requires as requested by RPMDiff - Check returned size for negative value (CovScan) - Resolves: #1567186 [3.28.2-3] - Fix patch fixing crash in EvMediaPlayerKeys - Fix building of comics backend with libarchive 3.1.2 - Resolves: #1567186 [3.28.2-2] - Fix crash in EvMediaPlayerKeys - Resolves: #1359507 [3.28.2-1] - Update to 3.28.2 - Resolves: #1567186 evolution [3.28.5-2] - Add patch for RH bug #1613813 (Crash under config_lookup_thread() at e-config-lookup.c:179) [3.28.5-1] - Update to 3.28.5 [3.28.4-1] - Update to 3.28.4 - Remove patch for GNOME bug #796174 (fixed upstream) [3.28.3-2] - Add patch for GNOME bug #796174 (strcat() considered unsafe for buffer overflow) [3.28.3-1] - Update to 3.28.3 [3.28.2-1] - Update to 3.28.2 - Resolves: #1504129 evolution-data-server [3.28.5-1] - Update to 3.28.5 [3.28.4-1] - Update to 3.28.4 - Remove patch for GNOME bug #796174 (fixed upstream) [3.28.3-2] - Add patch for GNOME bug #796174 (strcat() considered unsafe for buffer overflow) [3.28.3-1] - Update to 3.28.3 - Remove patch for GNOME bug #795997 (fixed upstream) [3.28.2-1] - Update to 3.28.2 - Add patch for GNOME bug #795997 (Fails to parse Google OAuth2 authorization code) - Resolves: #1575495 evolution-ews [3.28.5-1] - Update to 3.28.5 [3.28.4-1] - Update to 3.28.4 - Remove patch for GNOME bug #796297 (fixed upstream) [3.28.3-2] - Add patch for GNOME bug #796297 (Cannot modify existing meeting after fix for this bug) [3.28.3-1] - Update to 3.28.3 [3.28.2-1] - Update to 3.28.2 - Resolves: #1575499 evolution-mapi [3.28.3-2] - Add missing Obsoletes for evolution-mapi-devel subpackage (RH bug #1633828) [3.28.3-1] - Update to 3.28.3 [3.28.2-1] - Update to 3.28.2 - Resolves: #1575500 file-roller [3.28.1-2] - Put back the nautilus compress support [3.28.1-1] - Update to 3.28.1 - Resolves: #1567187 [3.28.0-1] - Update to 3.28.0 - Resolves: #1567187 flatpak [1.0.2-2] - Update to 1.0.2 (#1570030) folks [1:0.11.4-1] - Update to 0.11.4 - Disable tests on PPC64 to avoid timeouts - Resolves: #1569814 fontconfig [2.13.0-4.3] - Add 30-urw-aliases.conf back. [2.13.0-4.2] - Drop more new syntax in config. [2.13.0-4.1] - Rebase to 2.13.0 (#1576501) - Rename fc-cache binary to fc-cache-{32,64} for multilib. (#1568968) - backport some fixes related to Flatpak. - Drop new syntax in config for compatibility. - Requires dejavu-sans-fonts instead of font(:lang=en) (#1484094) fribidi [1.0.2-1] - Resolves: rhbz#1574858 latest version, --disable-docs because there's no c2man fwupd [1.0.8-4] - Build with full hardening enabled - Resolves: #1616185 [1.0.8-3] - Backport a fix to allow properly running on older systemd versions. - Resolves: #1601550 [1.0.8-2] - Build against the new libfwupdate - Resolves: #1570028 [1.0.8-1] - New upstream release - Resolves: #1570028 fwupdate [12-5.0.1] - New secure boot signing key - Use redhat as efidir to maintain compatibility with RedHat [12-5] - Make sure fwup_version() gets exported correctly. Related: rhbz#1570032 [12-4] - Fix permissions on /boot/efi/... Related: rhbz#1496952 [12-3] - Fix some more covscan nits. Related: rhbz#1570032 [12-2] - Fix some covscan nits. Related: rhbz#1570032 [12-1] - Update to fwupdate-12 Resolves: rhbz#1570032 gcr [3.28.0-1] - Update to 3.28.0 - Resolves: #1567199 gdk-pixbuf2 [2.36.12-3] - One more crack at generating man pages Related: #1569815 [2.36.12-2] - Generate man page Related: #1569815 [2.36.12-1] - Update to 2.36.12 - Resolves: #1569815 gdm [3.28.2-9] - fast user switching fix Related: #1597339 [3.28.2-8] - Clear utmp entries properly Resolves: #1600079 [3.28.2-7] - Another crack at the blank login screen problem Resolves: #1489977 [3.28.2-6] - add gdm-pam-extension provides to fix upgrades Resolves: #1601598 [3.28.2-5] - Fix double free Related: #1489977 Resolves: 1594814 [3.28.2-4] - Fix blank login screen problem Resolves: #1489977 [3.28.2-3] - Make udev script more friendly to RHEL 7 udev Resolves: #1593356 [1:3.28.2-2] - Drop reference to gconf Resolves: #1542702 [1:3.28.2-1] - Update to 3.28.2 - Resolves: #1567200 gedit [2:3.28.1-1] - Update to 3.28.1 Resolves: #1567311 gedit-plugins [3.28.1-1] - Rebase to 3.28.1 Resolves: #1569721 geoclue2 [2.4.8-1] - Update to 2.4.8 - Resolves: #1576541 geocode-glib [3.26.0-2] + geocode-glib-3.26.0-2 - Work-around multilib gtk-doc bug - Resolves: #1624451 [3.26.0-1] + geocode-glib-3.26.0-1 - Update to 3.26.0 - Resolves: #1567313 [3.25.4.1-1] - Update to 3.25.4.1 - Switch to the meson build system - Resolves: #1567313 gjs [1.52.3-1] - Update to 1.52.3 - Switch to building against system mozjs52 - Resolves: #1567325 glade [3.22.1-1] - Update to 3.22.1 - Resolves: #1569723 glib-networking [2.56.1-1] - Update to 2.56.1 - Resolves: #1567374 glib2 [2.56.1-2] - Add --disable-silent-rules [2.56.1-1] - Update to 2.56.1 - Resolves #1567375 glibmm24 [2.56.0-1] - Update to 2.56.0 Resolves: #1567380 gnome-backgrounds [3.28.0-1] - Update to 3.28.0 - Resolves: #1569727 [3.22.1-1] - Rebase to 3.22.1 Resolves: rhbz#1386877 [3.14.1-2] - Update translations - Resolves: #1304293 [3.14.1-1] - Update to 3.14.1 - Resolves: #1174385 gnome-bluetooth [1:3.28.2-1] - Update to 3.28.2 - Resolves: #1567381 [1:3.28.1-1] + gnome-bluetooth-3.28.1-1 - Work-around bluez bug that would leave adapters on Discoverable when exiting - Resolves: #1567381 [1:3.28.0-1] - Update to 3.28.0 - Resolves: #1567381 gnome-boxes [3.28.5-2] - Revert using VIRTIO video adapter by default for new VMs - Resolves: #1595754 [3.28.5-1] - Update to 3.28.5 - Fix the libgovirt requirement - Revert to using Python 2 and Tracker 1.0 - Resolves: #1567399 gnome-calculator [3.28.2-1] - Update to 3.28.2 - Resolves: #1567475 [3.28.1-1] - Update to 3.28.1 - Switch to the meson build system - Resolves: #1567475 gnome-clocks [3.28.0-1] - Update to 3.28.0 - Resolves: #1567476 gnome-color-manager [3.28.0-1] - Update to 3.28.0 - Resolves: #1567477 gnome-contacts [3.28.2-1] - Update to 3.28.2 - Resolves: #1567478 gnome-desktop3 [3.28.2-2] + gnome-desktop3-3.28.2-2 - Bump release to build with flatpak's bwrap - Related: #1567479 [3.28.2-1] - Update to 3.28.2 - Resolves: #1567479 gnome-devel-docs [3.28.0-1] - Update to 3.28.0 - Resolves: #1569728 [3.22.1-1] - Update to 3.22.1 - Resolves: #1386888 [3.14.4-1] - Update to 3.14.4 - Resolves: #1174427 gnome-dictionary [3.26.1-1] - Update to 3.26.1 - Resolves: #1568169 gnome-disk-utility [3.28.3-1] - Update to 3.28.3 - Resolves: #1568170 [3.28.2-1] - Update to 3.28.2 - Resolves: #1568170 gnome-documents [3.28.2-1] - Update to 3.28.2 - Rebased downstream patches - Fix crash on right-click on local collection Resolves: #1611565 [3.28.1-2] - Stop the garbage collector from complaining during shutdown Resolves: #1608936 [3.28.1-1] - Update to 3.28.1 - Rebased downstream patches - Revert to using Python 2 and Tracker 1.0 - Resolves: #1568171 gnome-font-viewer [3.28.0-1] - Update to 3.28.0 - Resolves: #1568172 gnome-getting-started-docs [3.28.2-1] - Update to 3.28.2 - Resolves: #1568174 gnome-initial-setup [3.28.0-1] - Update to 3.28.0 - Resolves: #1568175 gnome-keyring [3.28.2-1] - Update to 3.28.2 - Resolves: #1568176 gnome-online-accounts [3.28.0-1] - Update to 3.28.0 - Resolves: #1568177 gnome-online-miners [3.26.0-1] - Update to 3.26.0 - Resolves: #1568229 gnome-packagekit [3.28.0-1] - Update to 3.28.0 - Resolves: #1568232 gnome-screenshot [3.26.0-1] - Update to 3.26.0 - Resolves: #1568233 gnome-session [3.28.1-5] - Fix gnome-disk-utility timeout at startup Resolves: #1593215 - add back session properties icons Related: #1568620 [3.28.1-4] - Fix pot file generation Resolves: #1371019 [3.28.1-3] - Make sure gnome-session-custom-session is only shipped in its subpackage Resolves: #1600560 [3.28.1-2] - Add back GNOME on Wayland session Resolves: #1591614 [3.28.1-1] - Update to 3.28.1 - Resolves: #1568620 gnome-settings-daemon [3.28.1-2] - Fix account schema Resolves: #1597353 [3.28.1-1] - Update to 3.28.1 - Resolves: #1568621 gnome-shell [3.28.3-6] - Track IBus focus for X11 OSK - Resolves: #1625700 [3.28.3-5] - Require xdg-desktop-portal-gtk - Related: #1570030 [3.28.3-4] - Remove gnome-shell-browser-plugin subpackage - Resolves: #1626104 [3.28.3-3] - Obsolete caribou - Resolves: #1625882 [3.28.3-2] - keyboard: Handle no-window case in FocusTracker - Resolves: #1612983 [3.28.3-1] - Update to 3.28.3 - Resolves: #1568624 [3.28.2-2] - Update rebased downstream patches Related: #1568624 - Revert port to python3 of some utility tools Resolves: #1493526 - Add tooltips to app names in overview Resolves: #1541180 [3.28.2-1] - Update to 3.28.2 - Resolves: #1568624 gnome-shell-extensions [3.28.1-5] - Get rid of weird drop shadow next to app menu Resolves: #1599841 [3.28.1-4] - Make icons on desktop default in classic session again Resolves: #1610477 [3.28.1-3] - Fix a couple of regressions from the rebase: - add back classic overview style - update dash-to-dock to a compatible version Related: #1569717 [3.28.1-2] - Import updated styles from gnome-shell Related: #1569717 [3.28.1-1] - Rebase to 3.28.1 Resolves: #1569717 gnome-software [3.28.2-3] - Obsolete gnome-shell-browser-plugin - Resolves: #1626104 [3.28.2-2] - Set the repo provenance properly, showing the source line where required. - Resolves: #1592809 [3.28.2-1] - Update to 3.28.2 - Resolves: #1568625 gnome-system-monitor [3.28.2-1] - Update to 3.28.2 - Resolves: #1568626 gnome-terminal [3.28.2-2] - Backport fix for client-side memory error (GNOME/gnome-terminal#1) - Bump BuildRequires versions - Drop the dark theme override - Rebase and restore the scroll speed patches - Rebase and restore the patch to allow old ISO 8895 charsets - Restore the GConf migration tool - Resolves: #1568632 [3.28.2-1] - Update to 3.28.2 - Resolves: #1568632 gnome-themes-standard [3.28-2] - Requires google-noto-emoji-color-fonts - Resolves: #1595172 [3.28-1] - Update to 3.28 - Resolves: #1568633 gnome-tweak-tool [3.28.1-2] - Port to python2 - Resolves: #1590848 [3.28.1-1] - Update to 3.28.1 - Resolves: #1568638 gnome-user-docs [3.28.2-1] - Update to 3.28.2 - Resolves: #1569268 gnote [3.28.0-1] - Update to 3.28.0 - Resolves: #1569730 gobject-introspection [1.56.1-1] - Update to 1.56.1 - Resolves: #1569272 gom [0.3.3-1] + gom-0.3.3-1 - Update to 0.3.3 - Resolves: #1569961 google-noto-emoji-fonts [20180508-4] - Resolves: RHBZ#1582547 [20180508-3] - Only build emoji color font since Fedora 26 [20180508-2] - Use GraphicsMagick instead of ImageMagick [20180508-1] - Update to upstream snapshot tarball (color emoji font version 2.011) - Add patch to build all country flags (Resolves: rhbz#1574195) grilo [0.3.6-1] - Update to 0.3.6 - Resolves: #1569962 [0.3.4-1] + grilo-0.3.4-1 - Update to 0.3.4 - Resolves: #1569962 grilo-plugins [0.3.7-1] - Update to 0.3.7 - Resolves: #1569963 [0.3.5-1] - Update to 0.3.5 - Resolves: #1569963 gsettings-desktop-schemas [3.28.0-2] - Fix lock screen background to show up - Resolves: #1597764 [3.28.0-1] - Update to 3.28.0 - Resolves: #1569273 gspell [1.6.1-1] - Update to 1.6.1 - Resolves: #1569277 gssdp [1.0.2-1] + gssdp-1.0.2-1 - Update to 1.0.2 - Resolves: #1569965 gstreamer1-plugins-base [1.10.4-2] - Add Conflicts: for plugin moved into this package - Resolves: #1451211 gtk-doc [1.28-2] - Fix a couple of crasher bugs encountered by halfline (BGO#79601{1,2)) [1.28-1] - Update to 1.28 - Resolves: #1569971 gtk3 [3.22.30-3] - Don't hide GdkWindow on grab failure - Resolves: #1571422 [3.22.30-2] - Get hard margins for current paper size when printing - Resolves: #1507113 [3.22.30-1] - Update to 3.22.30 - Resolves: #1569975 gtksourceview3 [3.24.8-1] - Update to 3.24.8 - Resolves: #1569278 [3.24.7-1] - Update to 3.24.7 - Resolves: #1569278 gucharmap [10.0.4-1] - Update to 10.0.4 - Resolves: #1569279 gupnp [1.0.2-5] + Update to latest upstream version - Resolves: #1569980 gupnp-igd [0.2.5-2] - Update to 0.2.5 - Resolves: #1569988 gvfs [1.36.2-1] - Update to 1.36.2 - Resolves: #1569268 harfbuzz [1.7.5-2] - Simply rebuild - Resolves: #1576536 [1.7.5-1] - Update to 1.7.5 - Resolves: #1576536 json-glib [1.4.2-2] - Fix multilib -devel installs - Resolves: #1624842 [1.4.2-1] - Update to 1.4.2 - Resolves: #1569284 libappstream-glib [0.7.8-2] - Build with full hardening enabled - Resolves: #1616185 [0.7.8-1] - New upstream release - Resolves: #1570025 libchamplain [0.12.16-2] - Update to 0.12.16 - Resolves: #1569989 libcroco [0.6.12-4] - Update to 0.6.12 - Resolves: #1569991 libgdata [0.17.9-1] - Update to 0.17.9 - Resolves: #1570004 libgee [0.20.1-1] - Update to 0.20.1 - Resolves: #1569285 libgepub [0.6.0-1] - Update to 0.6.0 - Resolves: #1569288 [0.4-1] - Update to 0.4 [0.3-0.1.git395779e] - Initial Fedora build libgexiv2 [0.10.8-1] - Update to 0.10.8 - Resolves: #1570008 libgnomekbd [3.26.0-1] - Update to 3.26.0 - Resolves: #1569289 libgovirt [0.3.4-1] - Rebase to latest 0.3.4 upstream release. Still quite a few patches as there was no 0.3.5 release yet Resolves: rhbz#1584266 libgtop2 [2.38.0-3] - Update to 2.38.0 - Resolves: #1569294 libgweather [3.28.2-2] - Fix dangling symbolic link to README.md - Resolves: #1569295 [3.28.2-1] - Update to 3.28.2 - Resolves: #1569295 [3.28.1-2] - Backport a patch to fix a gnome-shell crash - Related: #1569295 [3.28.1-1] - Update to 3.28.1 - Resolves: #1569295 libgxps [0.3.0-4] - Fix integer overflow in png decoder - Resolves: #1591133 [0.3.0-3] - Fix crash in loading of png image - Resolves: #1575188 [0.3.0-2] - Ensure gxps_archive_read_entry() fills the GError in case of failure - Handle errors returned by archive_read_data() - Resolves: #1574844 [0.3.0-1] - Update to 0.3.0 - Resolves: #1569731 libical [3.0.3-2] - Update Requires of libical-glib-devel [3.0.3-1] - Update to 3.0.3 and build compat-libical1 subpackage - Resolves: #1584655 libjpeg-turbo [1.2.90-6] - Add pkgconfig scripts (#1581687) libmediaart [1.9.4-1] - Update to 1.9.4 - Resolves: #1570009 libosinfo [1.1.0-2] - New upstream release 1.1.0 - Resolves: #1584263 libpeas [1.22.0-1] - Update to 1.22.0 - Resolves: #1569732 librsvg2 [2.40.20-1] - Update to 2.40.20 - Resolves: #1569733 libsecret [0.18.6-1] - Update to 0.18.6 - Resolves: #1570013 libsoup [2.62.2-2] - Backport upstream patch for CVE-2018-12910 - Crash in soup_cookie_jar.c: get_cookies() on empty hostnames - Resolves: #1598838 [2.62.2-1] - Update to 2.62.2 - Resolves: #1569734 [2.62.1-1] - Update to 2.62.1 - Resolves: #1569734 libwnck3 [3.24.1-2] - Update to 3.24.1 - Resolves: #1569735 mozjs52 [52.9.0-1.0.1] - Use bugzilla.oracle.com as bug reporting URL. [52.9.0-1] - Update to 52.9.0 - Resolves: #1563708 mutter [3.28.3-4] - Fix crasher introduced in the previous build Related: #1497303 1618632 [3.28.3-3] - ensure monitor hotplugged after start up is activated Resolves: #1497303 1618632 [3.28.3-2] - Fix non-lowercase letters on virtual key devices - Resolves: #1521077 [3.28.3-1] - Update to 3.28.3 - Apply HW cursor on-demand patches - Apply monitor transform regression patch - Resolves: #1569736 [3.28.2-5] - Fix crash when modal closes during drag Resolves: #1581454 [3.28.2-4] - rebuild against correct gnome-desktop Related: #1593782 [3.28.2-3] - Fix support for external monitor configurations - Resolves: #1585230 [3.28.2-2] - Update scroll axes only in slave devices - Resolves: #1423374 [3.28.2-1] - Update to 3.28.2 - Resolves: #1569736 nautilus [3.26.3.1-2] - Rework autoar patch and remove the trusted patch, as it's included - Resolves: #1569738 [3.26.3.1-1] - Update to 3.26.3.1 - Resolves: #1569738 nautilus-sendto-3.8.6-1 - Update to 3.8.6 - Resolves: #1570015 openchange [2.3-3] - Add patch to build against libical 3.0 - Rebuild against rebased samba [2.3-2] - Add patch to fix connection string [2.3-1] - Rebase to 2.3 release osinfo-db [20180531-1.0.1] - add ol7.6 os info - add ol5 ol6 ol7 os type [orabug 27932947] - add win2016 support in 'osinfo-query os' [bug 27210429] - osinfo-query command error with OL7U5 [bug 27700001] - Update OL7U5 osinfo-db to add OL7U5 release support [bug 27700063] - add ol7.4 os info [bug 27175558] - Update Oracle Linux OS info [bug 26135475] - Add Oracle Linux OS info [bug 18501468] - Pack ol.xml into tarball [bug 20410527] - Update libosinfo to add all Oracle linux OS release/updates information [bug 26135475] [20180531-1] - Rebase to 20180531 - Add RHEL 7.6 - Resolves: rhbz#1559001, rhbz#1576376 pango [1.42.4-1] - Update to 1.42.4 - Security fix for CVE-2018-15120 - Resolves: #1624192 [1.42.3-1] - Update to 1.42.3 - Resolves: #1569748 [1.42.1-2] - Provide empty pango-querymodules link to /usr/bin/true - Resolves: #1443937 [1.42.1-1] - Update to 1.42.1 - Resolves: #1569748 poppler [0.26.5-20] - Fix crash when Object has negative number (CVE-2018-13988) - Resolves: #1609036 [0.26.5-19] - Fix infinite recursion on malformed documents (CVE-2017-18267) - Resolves: #1579180 [0.26.5-18] - Fix crash inn AnnotInk::draw() (CVE-2018-10768) - Resolves: #1588610 pyatspi [2.26.0-3] - Require python-gobject instead of python2-gobject Related: #1569757 [2.26.0-2] - Update to 2.26.0 - Resolves: #1569757 oracle-logos [70.0.3-4.0.9] - Remove orcl_linux_em12c_750x120.png as it has been replaced with generic image [bug 27681288] - Regenerate backgrounds/*.jpg from backgrounds/default.png to remove black dot [bug 21375206] [70.0.3-4.0.8] - Update Oracle banner images. rest [0.8.1-2] - Restore fix for the XML test Resolves: #1570023 [0.8.1-1] - Update to 0.8.1 Resolves: #1570023 rhythmbox [3.4.2-2] + rhythmbox-3.4.2-2 - Fix a number of bugs - Resolves: #1570024 [3.4.2-1] - Update to 3.4.2 - Resolves: #1570024 seahorse-nautilus [3.11.92-11] - Update to 3.11.92 - Resolves: #1569784 shotwell [0.28.4-1] - Update to 0.28.4 - Resolves: #1569785 [0.28.3-2] - Fix the Turkish translation - Resolves: #1569785 [0.28.3-1] - Update to 0.28.3 - Resolves: #1569785 sushi [3.28.3-1] - Update to 3.28.3 - Resolves: #1569786 totem [1:3.26.2-1] - Update to 3.26.2 - Resolves: #1569787 [3.26.1-1] + totem-3.26.1-1 - Update to 3.26.1 - Resolves: #1569787 [1:3.26.0-1] - Update to 3.26.0 - Resolves: #1569787 totem-pl-parser [3.26.1-1] + totem-pl-parser-3.26.1-1 - Update to 3.26.1 - Resolves: #1569789 [3.26.0-1] + totem-pl-parser-3.26.0-1 - Update to 3.26.0 - Resolves: #1569789 upower [0.99.7-1] - Update to 0.99.7 - Add Bluetooth LE battery support - Fix critical action after resume from hibernate Resolves: #1584245 vala [0.40.8-1] - Update to 0.40.8 - Resolves: #1569794 [0.40.6-1] - Update to 0.40.6 - Resolves: #1569794 vino [3.22.0-7] - Prevent monitoring all interfaces after change of other props - Resolves: #1580577 [3.22.0-6] - Do not restart service after unclean exit code - Do not listen all if invalid interface is provided - Resolves: #1546043, #1580577 [3.22.0-5] - Return error if X11 is not detected - Resolves: #1546043 [3.22.0-4] - Add missing parameter for systemd scriptlets - Resolves: #1507892 vte291 [0.52.2-2] - Fix race between gnome-pty-helper and VteTerminal Resolves: #1569801, #1590537 [0.52.2-1] - Update to 0.52.2 Resolves: #1569801 wayland [1.15.0-1] - Update to 1.15.0 - Resolves: #1576489 wayland-protocols [1.14-1] - Update to 1.14 - Resolves: #1554439 webkitgtk4 [2.20.5-1] - Update to 2.20.5 - technically it was not necessary as the only difference between 2.20.4 and .5 was the revert of one change, that we already reverted while building 2.20.4. But it's better to stay with upstream. - Update the labels patch with the version that was pushed upstream. - Resolves: rhbz#1576544 [2.20.4-2] - webkitgtk4: Crash on Google login page when a11y is active - Resolves: rhbz#1503624 - Revert patch causing rendering glitches [2.20.4-1] - Update to 2.20.4 - Resolves: rhbz#1576544 - WebKitWebProcess crashes when a11y is active - Resolves: rhbz#1591638 xdg-desktop-portal [1.0.2-1] - Rebase to 1.0.2 (#1570030) xdg-desktop-portal-gtk [1.0.2-1] - Update to 1.0.2 (#1570030) yelp [2:3.28.1-1] - Update to 3.28.1 - Resolves: #1569802 yelp-tools [3.28.0-1] - Update to 3.28.0 - Resolves: #1569805 yelp-xsl [3.28.0-1] - Update to 3.28.0 - Resolves: #1569806 zenity [3.28.1-1] - Update to 3.28.1 - Resolves: #1569809 MODERATE Copyright 2018 Oracle, Inc. CVE-2018-10767 CVE-2018-10768 CVE-2018-12910 CVE-2018-10733 CVE-2018-13988 CVE-2017-18267 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:23.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ol7 cpe:/a:oracle:linux:7::beta cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.9.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:exadata_dbserver:22.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.3.0.0::ovs3 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ovs3 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ol7 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.16.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 Oracle Linux 7 curl [7.29.0-51] - require a new enough version of nss-pem to avoid regression in yum (#1610998) [7.29.0-50] - remove dead code, detected by Coverity Analysis - remove unused variable, detected by GCC and Clang [7.29.0-49] - make curl --speed-limit work with TFTP (#1584750) [7.29.0-48] - fix RTSP bad headers buffer over-read (CVE-2018-1000301) - fix FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120) - fix LDAP NULL pointer dereference (CVE-2018-1000121) - fix RTSP RTP buffer over-read (CVE-2018-1000122) - http: prevent custom Authorization headers in redirects (CVE-2018-1000007) - doc: --tlsauthtype works only if built with TLS-SRP support (#1542256) - update certificates in the test-suite because they expire soon (#1572723) [7.29.0-47] - make NSS deallocate PKCS #11 objects early enough (#1510247) nss-pem [1.0.3-5] - update object ID while reusing a certificate (#1610998) MODERATE Copyright 2018 Oracle, Inc. CVE-2018-1000120 CVE-2018-1000122 CVE-2018-1000007 CVE-2018-1000121 CVE-2018-1000301 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 Oracle Linux 7 [1.16.2-13] - Resolves: rhbz#1593756 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing [1.16.2-12] - Resolves: rhbz#1610667 - sssd_ssh leaks file descriptors when more than one certificate is converted into an SSH key - Resolves: rhbz#1583360 - The IPA selinux provider can return an error if SELinux is completely disabled [1.16.2-11] - Resolves: rhbz#1602781 - Local users failed to login with same password [1.16.2-10] - Resolves: rhbz#1586127 - Spurious check in the sssd nss memcache can cause the memory cache to be skipped [1.16.2-9] - Resolves: rhbz#1522928 - sssd doesnt allow user with expired password [1.16.2-8] - Resolves: rhbz#1607313 - When sssd is running as non-root user, the sudo pipe is created as sssd:sssd but then the private pipe ownership fails [1.16.2-7] - Resolves: rhbz#1600822 - SSSD bails out saving desktop profiles in case an invalid profile is found [1.16.2-6] - Resolves: rhbz#1582975 - The search filter for detecting POSIX attributes in global catalog is too broad and can cause a high load on the servers [1.16.2-5] - Resolves: rhbz#1583725 - SSSD AD uses LDAP filter to detect POSIX attributes stored in AD GC also for regular AD DC queries - Resolves: rhbz#1416528 - sssd in cross realm trust configuration should be able to use AD KDCs from a client site defined in sssd.conf or a snippet - Resolves: rhbz#1592964 - Groups go missing with PAC enabled in sssd [1.16.2-4] - Resolves: rhbz#1590603 - EMBARGOED CVE-2018-10852 sssd: information leak from the sssd-sudo responder [rhel-7] - Resolves: rhbz#1450778 - Full information regarding priority of lookup of principal in keytab not in man page [1.16.2-3] - Resolves: rhbz#1494690 - kdcinfo files are not created for subdomains of a directly joined AD client - Resolves: rhbz#1583343 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 - Resolves: rhbz#1527662 - Handle conflicting e-mail addresses more gracefully - Resolves: rhbz#1509691 - Document how to change the regular expression for SSSD so that group names with an @-sign can be parsed [1.16.2-2] - Related: rhbz#1558498 - Rebase sssd to the latests upstream release of the 1.16 branch [1.16.2-1] - Resolves: rhbz#1558498 - Rebase sssd to the latests upstream release of the 1.16 branch - Resolves: rhbz#1523019 - Reset password with two factor authentication fails - Resolves: rhbz#1534749 - Requesting an AD users private group and then the user itself returns an emty homedir - Resolves: rhbz#1537272 - SSH public key authentication keeps working after keys are removed from ID view - Resolves: rhbz#1537279 - Certificate is not removed from cache when its removed from the override - Resolves: rhbz#1562025 - externalUser sudo attribute must be fully-qualified - Resolves: rhbz#1577335 - /usr/libexec/sssd/sssd_autofs SIGABRT crash daily - Resolves: rhbz#1508530 - How should sudo behave without sudoHost attribute? - Resolves: rhbz#1546754 - The man page of sss_ssh_authorizedkeys can be enhanced to better explain how the keys are retrieved and how X.509 certificates can be used - Resolves: rhbz#1572790 - getgrgid/getpwuid fails in setups with multiple domains if the first domain uses mid_id/max_id - Resolves: rhbz#1561562 - sssd not honoring dyndns_server if the DNS update process is terminated with a signal - Resolves: rhbz#1583251 - home dir disappear in sssd cache on the IPA master for AD users - Resolves: rhbz#1514061 - ID override GID from Default Trust View is not properly resolved in case domain resolution order is set - Resolves: rhbz#1571466 - Utilizing domain_resolution_order in sssd.conf breaks SELinux user map - Resolves: rhbz#1571526 - SSSD with ID provider 'ad' should give a warning in case the ldap schema is manually changed to something different than 'ad'. [1.16.0-25] - Resolves: rhbz#1547782 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [1.16.0-24] - Related: rhbz#1578291 - Samba can not register sss idmap module because its using an outdated SMB_IDMAP_INTERFACE_VERSION [1.16.0-23] - Resolves: rhbz#1578291 - Samba can not register sss idmap module because its using an outdated SMB_IDMAP_INTERFACE_VERSION [1.16.0-22] - Resolves: rhbz#1516266 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1503802 - Smartcard authentication fails if SSSD is offline and 'krb5_store_password_if_offline = True' - Resolves: rhbz#1385665 - Incorrect error code returned from krb5_child (updated) - Resolves: rhbz#1547234 - SSSDs GPO code ignores ad_site option - Resolves: rhbz#1459348 - extend sss-certmap man page regarding priority processing - Resolves: rhbz#1220767 - Group renaming issue when 'id_provider = ldap' is set - Resolves: rhbz#1538555 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [1.16.0-21] - Resolves: rhbz#1565774 - After updating to RHEL 7.5 failing to clear the sssd cache [1.16.0-20] - Resolves: rhbz#1566782 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash LOW Copyright 2018 Oracle, Inc. CVE-2018-10852 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 Oracle Linux 7 [1.0.2k-16.0.1] - sha256 is used for the RSA pairwise consistency test instead of sha1 [1.0.2k-16] - fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA - fix incorrect error message on FIPS DSA parameter generation (#1603597) [1.0.2k-14] - ppc64le is not multilib architecture (#1585004) [1.0.2k-13] - add S390x assembler updates - make CA name list comparison function case sensitive (#1548401) - fix CVE-2017-3735 - possible one byte overread with X.509 IPAdressFamily - fix CVE-2018-0732 - large prime DH DoS of TLS client - fix CVE-2018-0737 - RSA key generation cache timing vulnerability - fix CVE-2018-0739 - stack overflow parsing recursive ASN.1 structure MODERATE Copyright 2018 Oracle, Inc. CVE-2018-0495 CVE-2018-0732 CVE-2017-3735 CVE-2018-0737 CVE-2018-0739 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 Oracle Linux 7 [0.13.62-9] - Fix covscan warning - 'Variable 'file' going out of scope leaks the storage it points to.' has been introduced by the original version of 0001-fix-CVE-2018-7725.patch - Related: 1558596 [0.13.62-8] - Fix CVE-2018-7727 - Resolves: 1558891 [0.13.62-7] - Fix CVE-2018-7726 - Resolves: 1558623 [0.13.62-6] - Fix CVE-2018-7725 - Resolves: 1558596 LOW Copyright 2018 Oracle, Inc. CVE-2018-7727 CVE-2018-7725 CVE-2018-7726 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [3.12.2-18] - fixes bugs bz#1524336 bz#1622029 bz#1622452 [3.12.2-17] - fixes bugs bz#1615578 bz#1619416 bz#1619538 bz#1620469 bz#1620765 [3.12.2-16] - fixes bugs bz#1569657 bz#1608352 bz#1609163 bz#1609724 bz#1610825 bz#1611151 bz#1612098 bz#1615338 bz#1615440 [3.12.2-15] - fixes bugs bz#1589279 bz#1598384 bz#1599362 bz#1599998 bz#1600790 bz#1601331 bz#1603103 [3.12.2-14] - fixes bugs bz#1547903 bz#1566336 bz#1568896 bz#1578716 bz#1581047 bz#1581231 bz#1582066 bz#1593865 bz#1597506 bz#1597511 bz#1597654 bz#1597768 bz#1598105 bz#1598356 bz#1599037 bz#1599823 bz#1600057 bz#1601314 [3.12.2-13] - fixes bugs bz#1493085 bz#1518710 bz#1554255 bz#1558948 bz#1558989 bz#1559452 bz#1567001 bz#1569312 bz#1569951 bz#1575539 bz#1575557 bz#1577051 bz#1580120 bz#1581184 bz#1581553 bz#1581647 bz#1582119 bz#1582129 bz#1582417 bz#1583047 bz#1588408 bz#1592666 bz#1594658 [3.12.2-12] - fixes bugs bz#1558989 bz#1580344 bz#1581057 bz#1581219 [3.12.2-11] - fixes bugs bz#1558989 bz#1575555 bz#1578647 [3.12.2-10] - fixes bugs bz#1488120 bz#1565577 bz#1568297 bz#1570586 bz#1572043 bz#1572075 bz#1575840 bz#1575877 [3.12.2-9] - fixes bugs bz#1546717 bz#1557551 bz#1558948 bz#1561999 bz#1563804 bz#1565015 bz#1565119 bz#1565399 bz#1565577 bz#1567100 bz#1567899 bz#1568374 bz#1568969 bz#1569490 bz#1570514 bz#1570541 bz#1570582 bz#1571645 bz#1572087 bz#1572585 bz#1575895 [3.12.2-8] - fixes bugs bz#1466129 bz#1475779 bz#1523216 bz#1535281 bz#1546941 bz#1550315 bz#1550991 bz#1553677 bz#1554291 bz#1559452 bz#1560955 bz#1562744 bz#1563692 bz#1565962 bz#1567110 bz#1569457 [3.12.2-7] - fixes bugs bz#958062 bz#1186664 bz#1226874 bz#1446046 bz#1529451 bz#1550315 bz#1557365 bz#1559884 bz#1561733 [3.12.2-6] - fixes bugs bz#1491785 bz#1518710 bz#1523599 bz#1528733 bz#1550474 bz#1550982 bz#1551186 bz#1552360 bz#1552414 bz#1552425 bz#1554255 bz#1554905 bz#1555261 bz#1556895 bz#1557297 bz#1559084 bz#1559788 [3.12.2-5] - fixes bugs bz#1378371 bz#1384983 bz#1472445 bz#1493085 bz#1508999 bz#1516638 bz#1518260 bz#1529072 bz#1530519 bz#1537357 bz#1540908 bz#1541122 bz#1541932 bz#1543068 bz#1544382 bz#1544852 bz#1545570 bz#1546075 bz#1546945 bz#1546960 bz#1547012 bz#1549497 [3.12.2-4] - fixes bugs bz#1446125 bz#1467536 bz#1530146 bz#1540600 bz#1540664 bz#1540961 bz#1541830 bz#1543296 [3.12.2-3] - fixes bugs bz#1446125 bz#1463592 bz#1516249 bz#1517463 bz#1527309 bz#1530325 bz#1531041 bz#1539699 bz#1540011 [3.12.2-2] - fixes bugs bz#1264911 bz#1277924 bz#1286820 bz#1360331 bz#1401969 bz#1410719 bz#1419438 bz#1426042 bz#1444820 bz#1459101 bz#1464150 bz#1464350 bz#1466122 bz#1466129 bz#1467903 bz#1468972 bz#1476876 bz#1484446 bz#1492591 bz#1498391 bz#1498730 bz#1499865 bz#1500704 bz#1501345 bz#1505570 bz#1507361 bz#1507394 bz#1509102 bz#1509191 bz#1509810 bz#1509833 bz#1511766 bz#1512470 bz#1512496 bz#1512963 bz#1515051 bz#1519076 bz#1519740 bz#1534253 bz#1534530 [3.12.2-1] - rebase to upstream glusterfs at v3.12.2 - fixes bugs bz#1442983 bz#1474745 bz#1503244 bz#1505363 bz#1509102 MODERATE Copyright 2018 Oracle, Inc. CVE-2018-10911 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [0.92-3] - fix CVE-2017-18198 and CVE-2017-18199 - Resolves: rhbz#1553769 - Resolves: rhbz#1553604 [0.92-2] - fix CVE-2017-18201 - Resolves: rhbz#1553621 LOW Copyright 2018 Oracle, Inc. CVE-2017-18198 CVE-2017-18199 CVE-2017-18201 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7:8:beta Oracle Linux 7 [2.8.71-10] - fix crudp name in /etc/protocols (#1566469) - do not list /sbin/nologin and /usr/sbin/nologin in /etc/shells (#1571104) LOW Copyright 2018 Oracle, Inc. CVE-2018-1113 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ol7 cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ol7 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 Oracle Linux 7 [1.900.1-33] - remove implicit declaration of jas_eprintf (#1585830) [1.900.1-32] - Fix CVE-2016-9396 (#1583721) - Fix CVE-2017-1000050 (#1585830) LOW Copyright 2018 Oracle, Inc. CVE-2016-9396 CVE-2017-1000050 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7:8:beta Oracle Linux 7 [0.5-0.6.alpha] - Fixes for CVE-2018-14679 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 - resolves: rhbz#1611550 rhbz#1611551 rhbz#1611552 rhbz#1611553 LOW Copyright 2018 Oracle, Inc. CVE-2018-14681 CVE-2018-14679 CVE-2018-14680 CVE-2018-14682 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [3.1.1-9] - Fix CVE-2016-4463 - Resolves: #1534481 MODERATE Copyright 2018 Oracle, Inc. CVE-2016-4463 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [2.1.1-9] - Fix a security flaw (CVE-2018-1000805) in Paramiko's server mode (does not effect client mode). Backported from 2.1.6 Resolves rhbz#1637366 CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-1000805 cpe:/a:oracle:linux:7:6:patch cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::u6_patch Oracle Linux 7 [1:1.7.0.201-2.6.16.1.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.201-2.6.16.1] - Bump to 2.6.16 and u201b00. - Update 8076221/PR2809 (disable RC4) to apply after 8208350 (disable DES) - Resolves: rhbz#1633817 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3136 CVE-2018-3139 CVE-2018-3180 CVE-2018-3169 CVE-2018-3149 CVE-2018-3214 cpe:/a:oracle:linux:7:6:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::u6_patch Oracle Linux 6 [60.2.1-5.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [60.2.1-5] - Fixing minor issues [60.2.1-3] - Reverting deleting of key3db [60.2.1-2] - Update to 60.2.1 - Added fix for rhbz#1546988 [60.0-1] - Rebase to version 60 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-12378 CVE-2018-12385 CVE-2018-12383 CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12379 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [1.7.5-5] - Split handler tables for server and client side - Fix CVE-2018-1000805 - Resolves: rhbz#1637365 CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-1000805 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [1.8.3.1-20] - Fix CVE-2018-17456: arbitrary code execution via .gitmodules Thanks to Jonathan Nieder <jrnieder@gmail.com> for backporting to 2.1.x and to Steve Beattie <sbeattie@ubuntu.com> for backporting to 1.9.1 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-17456 cpe:/a:oracle:linux:7:6:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::u6_patch Oracle Linux 6 [1:1.7.0.201-2.6.16.0.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.201-2.6.16.0] - Bump to 2.6.16 and u201b00. - Update 8076221/PR2809 (disable RC4) to apply after 8208350 (disable DES) - Resolves: rhbz#1633817 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3169 CVE-2018-3180 CVE-2018-3139 CVE-2018-3149 CVE-2018-3214 CVE-2018-3136 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [1.20.1-5.1] - CVE-2018-14665: Disable -logfile and -modulepath when running with elevated privileges [1.20.1-5] - Call LeaveVT from xf86CrtcCloseScreen [1.20.1-4] - Hide the modesetting driver's atomic ioctl support behind Option 'Atomic' IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-14665 cpe:/a:oracle:linux:7:6:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::u6_patch Oracle Linux 7 [60.2.1-4.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [60.2.1-4] - Fixing minor issues [60.2.1-3] - Reverting deleting of key3db [60.2.1-2] - Update to 60.2.1 - Added fix for rhbz#1546988 [60.0-1] - Rebase to version 60 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-16541 CVE-2018-12379 CVE-2018-12378 CVE-2018-12385 CVE-2018-12376 CVE-2018-12377 CVE-2018-12383 cpe:/a:oracle:linux:7:6:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::u6_patch Oracle Linux 7 [1:11.0.1.13-3.0.1] - link atomic for ix86 build [1:11.0.1.13-3] - Bump release for rebuild. [1:11.0.1.13-2] - Use LTS designator in version output for RHEL. [1:11.0.1.13-1] - Update to October 2018 CPU release, 11.0.1+13. [1:11.0.0.28-2] - Use --with-vendor-version-string=18.9 so as to show original GA date for the JDK. [1:11.0.0.28-1] - Identify as GA version and no longer as early access (EA). - JDK 11 has been released for GA on 2018-09-25. [1:11.0.ea.28-9] - Rework changes from 1:11.0.ea.22-6. RHBZ#1632174 supercedes RHBZ-1624122. - Add patch, JDK-8210416-RHBZ-1632174-fdlibm-opt-fix.patch, so as to optimize compilation of fdlibm library. - Add patch, JDK-8210425-RHBZ-1632174-sharedRuntimeTrig-opt-fix.patch, so as to optimize compilation of sharedRuntime{Trig,Trans}.cpp - Add patch, JDK-8210647-RHBZ-1632174-libsaproc-opt-fix.patch, so as to optimize compilation of libsaproc (extra c flags won't override optimization). - Add patch, JDK-8210761-RHBZ-1632174-libjsig-opt-fix.patch, so as to optimize compilation of libjsig. - Add patch, JDK-8210703-RHBZ-1632174-vmStructs-opt-fix.patch, so as to optimize compilation of vmStructs.cpp (part of libjvm.so). - Reinstate filtering of opt flags coming from redhat-rpm-config. [1:11.0.ea.28-8] - removed version less provides - javadocdir moved to arched dir as it is no longer noarch - Resolves: rhbz#1570856 CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-3136 CVE-2018-3150 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3139 CVE-2018-3149 cpe:/a:oracle:linux:7:6:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::u6_patch Oracle Linux 6 [0.12.4-16.2] - Prevent potential buffer/integer overflows with invalid MonitorsConfig messages sent from an authenticated client Resolves: CVE-2017-7506 [0.12.4-16.1] - Fix flexible array buffer overflow Resolves: rhbz#1596008 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-7506 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 6 [60.3.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [60.3.0-1] - Update to 60.3.0 [60.2.1-6] - Fixed missing calendar langpacks IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-12390 CVE-2018-12392 CVE-2018-12389 CVE-2018-12393 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [60.3.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [60.3.0-1] - Update to 60.3.0 [60.2.1-6] - Fixed missing calendar langpacks [60.2.1-5] - Fixing minor issues IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-12392 CVE-2018-12389 CVE-2018-12393 CVE-2018-12390 cpe:/a:oracle:linux:7:6:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::u6_patch Oracle Linux 7 [9.07-31.el7_6.1] - Remove as many non-standard operators as possible to make the codebase closer to upstream for later CVEs - Resolves: #1621383 - CVE-2018-16511 ghostscript: missing type check in type checker (699659) - Resolves: #1621159 - CVE-2018-15908 ghostscript: .tempfile file permission issues (699657) - Resolves: #1621381 - CVE-2018-15909 ghostscript: shading_param incomplete type checking (699660) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-15909 CVE-2018-16511 CVE-2018-15908 CVE-2018-16539 cpe:/a:oracle:linux:7:6:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::u6_patch Oracle Linux 7 [3.10.0-957.1.3.el7.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_ key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-957.1.3.el7] - [x86] Mark Intel Cascade Lake supported (Steve Best) [1650213 1639980] [3.10.0-957.1.2.el7] - [net] rtnetlink: give a user socket to get_target_net() (Jiri Benc) [1639635 1630694] {CVE-2018-14646} - [net] Add variants of capable for use on on sockets (Jiri Benc) [1639635 1630694] {CVE-2018-14646} [3.10.0-957.1.1.el7] - [x86] boot: Fix kexec booting failure in the SEV bit detection code (Kairui Song) [1644990 1628828] - [net] 8021q: create device with all possible features in wanted_features (Davide Caratti) [1644675 1640645] - [mm] memcontrol: fix high scheduling latency source in mem_cgroup_reparent_charges (Andrea Arcangeli) [1644673 1632898] - [kernel] cpuset: use trialcs->mems_allowed as a temp variable (Aristeu Rozanski) [1644236 1613248] - [kernel] cpuset: fix a warning when clearing configured masks in old hierarchy (Aristeu Rozanski) [1644236 1613248] - [kernel] cpuset: initialize effective masks when clone_children is enabled (Aristeu Rozanski) [1644236 1613248] - [x86] efi: Only load initrd above 4g on second try (Lenny Szubowicz) [1643359 1608955] - [x86] efi: Support initrd loaded above 4G (Lenny Szubowicz) [1643359 1608955] - [x86] efi: Generalize handle_ramdisks() and rename to handle_cmdline_files() (Lenny Szubowicz) [1643359 1608955] - [kernel] sched/fair: Fix throttle_list starvation with low CFS quota (Phil Auld) [1640675 1601153] - [target] scsi: iscsi: Use bin2hex instead of a re-implementation (Maurizio Lombardi) [1634711 1627034] {CVE-2018-14633} - [target] scsi: iscsi: Use hex2bin instead of a re-implementation (Maurizio Lombardi) [1634711 1627034] {CVE-2018-14633} MODERATE Copyright 2018 Oracle, Inc. CVE-2018-14633 CVE-2018-14646 cpe:/a:oracle:linux:7:6:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [1.5-3.0.1] - To recognize OL system[OraBug 28807430] - import os module to detect /etc/redhat-release [OraBug 28740046] [1.5-3] - Resolve race condition in cluster profile loading - Quote all options globally - RHBZ#1633515 - RHBZ#1647955 [1.5-2] - Fix cluster option reporting [1.5-1] - Update to version 1.5 - Resolves CVE-2018-14650 MODERATE Copyright 2018 Oracle, Inc. CVE-2018-14650 cpe:/a:oracle:linux:7:6:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::u6_patch Oracle Linux 7 [1:1.12.0-8] - dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin (CVE-2018-15688) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-15688 cpe:/a:oracle:linux:7:6:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::u6_patch Oracle Linux 7 [2.0.0.648-34] - CVE-2018-16395: Fix OpenSSL::X509::Name equality check does not work. Resolves: CVE-2018-16395 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-16395 cpe:/a:oracle:linux:7:6:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::u6_patch Oracle Linux 6 [8.70-24.el6_10.2] - It was found that the fix for CVE-2018-16509 was not complete, the missing pieces added into ghostscript-CVE-2018-16509.patch [8.70-24.el6_10.1] - Resolves: #1641124 - CVE-2018-16509 ghostscript: /invalidaccess bypass after failed restore [8.70-24] - Added security fix for CVE-2017-8291 (bug #1446063) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-16509 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 7 [9.07-31.el7_6.3] - Resolves: #1654290 ghostscript update breaks xdvi (gs: Error: /undefined in flushpage) [9.07-31.el7_6.2] - Resolves: #1652901 - CVE-2018-16863 ghostscript: incomplete fix for CVE-2018-16509 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-16863 cpe:/a:oracle:linux:7:6:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::u6_patch Oracle Linux 6 [60.4.0-1.0.1] - fix LD_LIBRARY_PATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-12405 CVE-2018-18492 CVE-2018-17466 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [60.4.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [60.4.0-1] - Update to 60.4.0 ESR [60.3.0-2] - Added firefox-gnome-shell-extension [60.3.0-1] - Update to 60.3.0 ESR CRITICAL Copyright 2018 Oracle, Inc. CVE-2018-12405 CVE-2018-17466 CVE-2018-18494 CVE-2018-18492 CVE-2018-18498 CVE-2018-18493 cpe:/a:oracle:linux:7:6:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::u6_patch Oracle Linux 7 [9.07-31.el7_6.6] - Resolves: #1657822 - ghostscript: Regression: Warning: Dropping incorrect smooth shading object (Error: /rangecheck in --run--) [9.07-31.el7_6.5] - Resolves: #1654621 - CVE-2018-16541 ghostscript: incorrect free logic in pagedevice replacement (699664) - Resolves: #1650210 - CVE-2018-17183 ghostscript: User-writable error exception table - Resolves: #1645516 - CVE-2018-18073 ghostscript: saved execution stacks can leak operator arrays - Resolves: #1648891 - CVE-2018-17961 ghostscript: saved execution stacks can leak operator arrays (incomplete fix for CVE-2018-17183) - Resolves: #1643115 - CVE-2018-18284 ghostscript: 1Policy operator allows a sandbox protection bypass - Resolves: #1655937 - CVE-2018-19134 ghostscript: Type confusion in setpattern (700141) [9.07-31.el7_6.4] - Resolves: #1651149 - CVE-2018-15911 ghostscript: uninitialized memory access in the aesdecode operator (699665) - Resolves: #1650060 - CVE-2018-16802 ghostscript: Incorrect 'restoration of privilege' checking when running out of stack during exception handling - Resolves: #1652935 - CVE-2018-19409 ghostscript: Improperly implemented security check in zsetdevice function in psi/zdevice.c IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-15911 CVE-2018-18073 CVE-2018-18284 CVE-2018-17183 CVE-2018-16541 CVE-2018-16802 CVE-2018-19134 CVE-2018-19409 CVE-2018-17961 cpe:/a:oracle:linux:7:6:patch cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::u6_patch Oracle Linux 6 [4.2.6p5-15.0.1] - add disable monitor to default ntp.conf [CVE-2013-5211] [4.2.6p5-15] - fix buffer overflow in parsing of address in ntpq and ntpdc (CVE-2018-12327) [4.2.6p5-14] - fix CVE-2016-7429 patch to work correctly on multicast client (#1422973) [4.2.6p5-13] - fix buffer overflow in datum refclock driver (CVE-2017-6462) - fix crash with invalid unpeer command (CVE-2017-6463) - fix potential crash with invalid server command (CVE-2017-6464) LOW Copyright 2018 Oracle, Inc. CVE-2018-12327 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 Oracle Linux 7 [4.1.12-112.14.2] - fuse: Call end_queued_requests() after releasing fc->lock in fuse_dev_release() (Ashish Samant) [Orabug: 26431550] - rds: Fix inaccurate accounting of unsignaled wrs in rds_ib_xmit_rdma (Hakon Bugge) [Orabug: 27097105] - rds: Fix inaccurate accounting of unsignaled wrs (Hakon Bugge) [Orabug: 27097105] - rds: ib: Fix NULL pointer dereference in debug code (Hakon Bugge) [Orabug: 27116566] - bnx2x: fix slowpath null crash (Zhu Yanjun) [Orabug: 27133587] - rds: System panic if RDS netfilter is enabled and RDS/TCP is used (Ka-Cheong Poon) [Orabug: 27150029] - USB: serial: console: fix use-after-free after failed setup (Johan Hovold) [Orabug: 27206830] {CVE-2017-16525} - mlx4: Subscribe to PXM notifier (Konrad Rzeszutek Wilk) - xen/pci: Add PXM node notifier for PXM (NUMA) changes. (Konrad Rzeszutek Wilk) - xen/pcifront: Walk the PCI bus after XenStore notification (Konrad Rzeszutek Wilk) - uwb: properly check kthread_run return value (Andrey Konovalov) [Orabug: 27206880] {CVE-2017-16526} - ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor (Takashi Iwai) [Orabug: 27206923] {CVE-2017-16529} - USB: uas: fix bug in handling of alternate settings (Alan Stern) [Orabug: 27206999] {CVE-2017-16530} - USB: fix out-of-bounds in usb_set_configuration (Greg Kroah-Hartman) [Orabug: 27207224] {CVE-2017-16531} - HID: usbhid: fix out-of-bounds bug (Jaejoong Kim) [Orabug: 27207918] {CVE-2017-16533} - USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor() (Alan Stern) [Orabug: 27207970] {CVE-2017-16535} - [media] cx231xx-cards: fix NULL-deref on missing association descriptor (Johan Hovold) [Orabug: 27208047] {CVE-2017-16536} - Replace max_t() with sub_positive() in dequeue_entity_load_avg() (Gayatri Vasudevan) [Orabug: 27222316] - sched/fair: Fix cfs_rq avg tracking underflow (Gayatri Vasudevan) [Orabug: 27222316] - KVM: nVMX: Fix vmx_check_nested_events() return value in case an event was reinjected to L2 (Liran Alon) [Orabug: 27250111] - KVM: VMX: use kvm_event_needs_reinjection (Wanpeng Li) [Orabug: 27250111] - KVM: nVMX: Fix pending events injection (Wanpeng Li) [Orabug: 27250111] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-16530 CVE-2017-16525 CVE-2017-16536 CVE-2017-16533 CVE-2017-16529 CVE-2017-16531 CVE-2017-16535 CVE-2017-16526 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-112.14.5] - x86/ibrs: Remove 'ibrs_dump' and remove the pr_debug (Konrad Rzeszutek Wilk) [Orabug: 27350825] [4.1.12-112.14.4] - kABI: Revert kABI: Make the boot_cpu_data look normal (Konrad Rzeszutek Wilk) {CVE-2017-5715} [4.1.12-112.14.3] - userns: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - udf: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - net: mpls: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - fs: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - ipv6: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - ipv4: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - Thermal/int340x: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - cw1200: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - p54: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - bpf: prevent speculative execution in eBPF interpreter (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753} - kABI: Make the boot_cpu_data look normal. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - kernel.spec: Require the new microcode_ctl. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} {CVE-2017-5715} - x86/microcode/AMD: Add support for fam17h microcode loading (Tom Lendacky) [Orabug: 27339995] {CVE-2017-5715} - x86/spec_ctrl: Disable if running as Xen PV guest. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - Set IBPB when running a different VCPU (Dave Hansen) [Orabug: 27339995] {CVE-2017-5715} - Clear the host registers after setbe (Jun Nakajima) [Orabug: 27339995] {CVE-2017-5715} - Use the ibpb_inuse variable. (Jun Nakajima) [Orabug: 27339995] {CVE-2017-5715} - KVM: x86: add SPEC_CTRL to MSR and CPUID lists (Andrea Arcangeli) [Orabug: 27339995] {CVE-2017-5715} - kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Paolo Bonzini) [Orabug: 27339995] {CVE-2017-5715} - Use the 'ibrs_inuse' variable. (Jun Nakajima) [Orabug: 27339995] {CVE-2017-5715} - kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Andrea Arcangeli) [Orabug: 27339995] {CVE-2017-5715} - x86/svm: Set IBPB when running a different VCPU (Paolo Bonzini) [Orabug: 27339995] {CVE-2017-5715} - x86/kvm: Pad RSB on VM transition (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27339995] {CVE-2017-5715} - x86/microcode: Recheck IBRS and IBPB feature on microcode reload (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86: Move IBRS/IBPB feature detection to scattered.c (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/kvm: clear registers on VM exit (Tom Lendacky) [Orabug: 27339995] {CVE-2017-5715} - x86/kvm: Set IBPB when switching VM (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - *INCOMPLETE* x86/syscall: Clear unused extra registers on syscall entrance (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/mm: Set IBPB upon context switch (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/spec_ctrl: save IBRS MSR value in paranoid_entry (Andrea Arcangeli) [Orabug: 27339995] {CVE-2017-5715} - *Scaffolding* x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86: Add macro that does not save rax, rcx, rdx on stack to disable IBRS (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/enter: MACROS to set/clear IBRS and set IBP (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86/feature: Report presence of IBPB and IBRS control (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} - x86: Add STIBP feature enumeration (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/feature: Enable the x86 feature to control (Tim Chen) [Orabug: 27339995] {CVE-2017-5715} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-5715 CVE-2017-5753 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-112.14.10] - x86/ia32: save and clear registers on syscall. (Jamie Iles) [Orabug: 27355759] {CVE-2017-5754} - x86/IBRS: Save current status of MSR_IA32_SPEC_CTRL (Boris Ostrovsky) [Orabug: 27355887] - pti: Rename X86_FEATURE_KAISER to X86_FEATURE_PTI (Pavel Tatashin) [Orabug: 27352353] {CVE-2017-5754} - usb/core: usb_alloc_dev(): fix setting of ->portnum (Nicolai Stange) [Orabug: 27356522] - x86/spec_ctrl: Add missing IBRS_DISABLE (Konrad Rzeszutek Wilk) - Make use of ibrs_inuse consistent. (Jun Nakajima) [4.1.12-112.14.8] - x86/kvm: Set IBRS on VMEXIT if guest disabled it. (Konrad Rzeszutek Wilk) [4.1.12-112.14.7] - Re-introduce clearing of r12-15, rbp, rbx (Kris Van Hees) [Orabug: 27352353] {CVE-2017-5754} - x86: more ibrs/pti fixes (Pavel Tatashin) [Orabug: 27352353] {CVE-2017-5754} - x86/spec: Actually do the check for in_use on ENABLE_IBRS (Konrad Rzeszutek Wilk) {CVE-2017-5715} - kvm: svm: Expose the CPUID.0x80000008 ebx flag. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spec_ctrl: Provide the sysfs version of the ibrs_enabled (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86: Use better #define for FEATURE_ENABLE_IBRS and 0 (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86: Instead of 0x2, 0x4, and 0x1 use #defines. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - kpti: Disable when running under Xen PV (Konrad Rzeszutek Wilk) [Orabug: 27352353] {CVE-2017-5754} - x86: Don't ENABLE_IBRS in nmi when we are still running on user cr3 (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/enter: Use IBRS on syscall and interrupts - fix ia32 path (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86: Fix spectre/kpti integration (Konrad Rzeszutek Wilk) [Orabug: 27352353] {CVE-2017-5754} - PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27352353] {CVE-2017-5754} - KAISER KABI tweaks. (Martin K. Petersen) [Orabug: 27352353] {CVE-2017-5754} - x86/ldt: fix crash in ldt freeing. (Jamie Iles) [Orabug: 27352353] {CVE-2017-5754} - x86/entry: Define 'cpu_current_top_of_stack' for 64-bit code (Denys Vlasenko) [Orabug: 27352353] {CVE-2017-5754} - x86/entry: Remove unused 'kernel_stack' per-cpu variable (Denys Vlasenko) [Orabug: 27352353] {CVE-2017-5754} - x86/entry: Stop using PER_CPU_VAR(kernel_stack) (Denys Vlasenko) [Orabug: 27352353] {CVE-2017-5754} - kaiser: Set _PAGE_NX only if supported (Guenter Roeck) [Orabug: 27352353] {CVE-2017-5754} - x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - KPTI: Report when enabled (Kees Cook) [Orabug: 27352353] {CVE-2017-5754} - KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27352353] {CVE-2017-5754} - x86/kaiser: Move feature detection up (Borislav Petkov) [Orabug: 27352353] {CVE-2017-5754} - x86/kaiser: Reenable PARAVIRT (Borislav Petkov) [Orabug: 27352353] {CVE-2017-5754} - x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner) [Orabug: 27352353] {CVE-2017-5754} - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: drop is_atomic arg to kaiser_pagetable_walk() (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - x86/kaiser: Check boottime cmdline params (Borislav Petkov) [Orabug: 27352353] {CVE-2017-5754} - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27352353] {CVE-2017-5754} - kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: fix unlikely error in alloc_ldt_struct() (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: paranoid_entry pass cr3 need to paranoid_exit (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: PCID 0 for kernel and 128 for user (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: enhanced by kernel and user PCIDs (Dave Hansen) [Orabug: 27352353] {CVE-2017-5754} - kaiser: vmstat show NR_KAISERTABLE as nr_overhead (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: delete KAISER_REAL_SWITCH option (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: cleanups while trying for gold link (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: kaiser_remove_mapping() move along the pgd (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: tidied up kaiser_add/remove_mapping slightly (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: tidied up asm/kaiser.h somewhat (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: ENOMEM if kaiser_pagetable_walk() NULL (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: fix perf crashes (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: KAISER depends on SMP (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: fix build and FIXME in alloc_ldt_struct() (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: do not set _PAGE_NX on pgd_none (Hugh Dickins) [Orabug: 27352353] {CVE-2017-5754} - kaiser: merged update (Dave Hansen) [Orabug: 27352353] {CVE-2017-5754} - KAISER: Kernel Address Isolation (Richard Fellner) [Orabug: 27352353] {CVE-2017-5754} - x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27352353] {CVE-2017-5754} - x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: Make flush_tlb_mm_range() more predictable (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: Remove flush_tlb() and flush_tlb_current_task() (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/irq: Do not substract irq_tlb_count from irq_call_count (Aaron Lu) [Orabug: 27352353] {CVE-2017-5754} - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - ARM: Hide finish_arch_post_lock_switch() from modules (Steven Rostedt) [Orabug: 27352353] {CVE-2017-5754} - x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27352353] {CVE-2017-5754} - x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27352353] {CVE-2017-5754} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-5754 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-112.14.11] - x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27363926] [Orabug: 27352353] {CVE-2017-5754} - x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT (redux) (Konrad Rzeszutek Wilk) [Orabug: 27369994] - x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27362581] - x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27363792] - x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/entry_64: TRACE_IRQS_OFF before re-enabling. (Jamie Iles) [Orabug: 27339995] {CVE-2017-5715} - ptrace: remove unlocked RCU dereference. (Jamie Iles) [Orabug: 27339995] {CVE-2017-5715} - x86/ia32: Adds code hygiene for 32bit SYSCALL instruction entry. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/ia32: don't save registers on audit call (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} - x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT. (Konrad Rzeszutek Wilk) [Orabug: 27365544] {CVE-2017-5715} IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-94.7.8] - x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27378087] [Orabug: 27352353] {CVE-2017-5754} - x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT (redux) (Konrad Rzeszutek Wilk) [Orabug: 27378074] - x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27378063] - x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27378035] - x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported. (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - x86/entry_64: TRACE_IRQS_OFF before re-enabling. (Jamie Iles) [Orabug: 27345388] {CVE-2017-5715} - ptrace: remove unlocked RCU dereference. (Jamie Iles) [Orabug: 27345388] {CVE-2017-5715} - x86/ia32: Adds code hygiene for 32bit SYSCALL instruction entry. (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - x86/ia32: dont save registers on audit call (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} [4.1.12-94.7.7] - x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT. (Konrad Rzeszutek Wilk) [Orabug: 27365568] {CVE-2017-5715} - x86/ia32: save and clear registers on syscall. (Jamie Iles) [Orabug: 27364707] {CVE-2017-5754} - x86/IBRS: Save current status of MSR_IA32_SPEC_CTRL (Boris Ostrovsky) [Orabug: 27364720] - pti: Rename X86_FEATURE_KAISER to X86_FEATURE_PTI (Pavel Tatashin) [Orabug: 27358615] {CVE-2017-5754} - x86/spec_ctrl: Add missing IBRS_DISABLE (Konrad Rzeszutek Wilk) - Make use of ibrs_inuse consistent. (Jun Nakajima) - x86/kvm: Set IBRS on VMEXIT if guest disabled it. (Konrad Rzeszutek Wilk) - Re-introduce clearing of r12-15, rbp, rbx (Kris Van Hees) [Orabug: 27345388] {CVE-2017-5715} - x86: more ibrs/pti fixes (Pavel Tatashin) [Orabug: 27358615] {CVE-2017-5754} - x86/spec: Actually do the check for in_use on ENABLE_IBRS (Konrad Rzeszutek Wilk) {CVE-2017-5715} - kvm: svm: Expose the CPUID.0x80000008 ebx flag. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spec_ctrl: Provide the sysfs version of the ibrs_enabled (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86: Use better #define for FEATURE_ENABLE_IBRS and 0 (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86: Instead of 0x2, 0x4, and 0x1 use #defines. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - kpti: Disable when running under Xen PV (Konrad Rzeszutek Wilk) [Orabug: 27358615] {CVE-2017-5754} - x86: Dont ENABLE_IBRS in nmi when we are still running on user cr3 (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/enter: Use IBRS on syscall and interrupts - fix ia32 path (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86: Fix spectre/kpti integration (Konrad Rzeszutek Wilk) [Orabug: 27358615] {CVE-2017-5754} - PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27358615] {CVE-2017-5754} - KAISER KABI tweaks. (Martin K. Petersen) [Orabug: 27358615] {CVE-2017-5754} - x86/ldt: fix crash in ldt freeing. (Jamie Iles) [Orabug: 27358615] {CVE-2017-5754} - x86/entry: Define 'cpu_current_top_of_stack' for 64-bit code (Denys Vlasenko) [Orabug: 27358615] {CVE-2017-5754} - x86/entry: Remove unused 'kernel_stack' per-cpu variable (Denys Vlasenko) [Orabug: 27358615] {CVE-2017-5754} - x86/entry: Stop using PER_CPU_VAR(kernel_stack) (Denys Vlasenko) [Orabug: 27358615] {CVE-2017-5754} - kaiser: Set _PAGE_NX only if supported (Guenter Roeck) [Orabug: 27358615] {CVE-2017-5754} - x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - KPTI: Report when enabled (Kees Cook) [Orabug: 27358615] {CVE-2017-5754} - KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27358615] {CVE-2017-5754} - x86/kaiser: Move feature detection up (Borislav Petkov) [Orabug: 27358615] {CVE-2017-5754} - x86/kaiser: Reenable PARAVIRT (Borislav Petkov) [Orabug: 27358615] {CVE-2017-5754} - x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner) [Orabug: 27358615] {CVE-2017-5754} - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: drop is_atomic arg to kaiser_pagetable_walk() (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - x86/kaiser: Check boottime cmdline params (Borislav Petkov) [Orabug: 27358615] {CVE-2017-5754} - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27358615] {CVE-2017-5754} - kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: fix unlikely error in alloc_ldt_struct() (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: paranoid_entry pass cr3 need to paranoid_exit (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: PCID 0 for kernel and 128 for user (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: enhanced by kernel and user PCIDs (Dave Hansen) [Orabug: 27358615] {CVE-2017-5754} - kaiser: vmstat show NR_KAISERTABLE as nr_overhead (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: delete KAISER_REAL_SWITCH option (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: cleanups while trying for gold link (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: kaiser_remove_mapping() move along the pgd (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: tidied up kaiser_add/remove_mapping slightly (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: tidied up asm/kaiser.h somewhat (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: ENOMEM if kaiser_pagetable_walk() NULL (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: fix perf crashes (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: KAISER depends on SMP (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: fix build and FIXME in alloc_ldt_struct() (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: do not set _PAGE_NX on pgd_none (Hugh Dickins) [Orabug: 27358615] {CVE-2017-5754} - kaiser: merged update (Dave Hansen) [Orabug: 27358615] {CVE-2017-5754} - KAISER: Kernel Address Isolation (Richard Fellner) [Orabug: 27358615] {CVE-2017-5754} - x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27358615] {CVE-2017-5754} - x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: Make flush_tlb_mm_range() more predictable (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: Remove flush_tlb() and flush_tlb_current_task() (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/irq: Do not substract irq_tlb_count from irq_call_count (Aaron Lu) [Orabug: 27358615] {CVE-2017-5754} - sched/core: Idle_task_exit() shouldnt use switch_mm_irqs_off() (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - ARM: Hide finish_arch_post_lock_switch() from modules (Steven Rostedt) [Orabug: 27358615] {CVE-2017-5754} - x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27358615] {CVE-2017-5754} - x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27358615] {CVE-2017-5754} [4.1.12-94.7.6] - x86/ibrs: Remove 'ibrs_dump' and remove the pr_debug (Konrad Rzeszutek Wilk) [Orabug: 27351275] - kABI: Revert kABI: Make the boot_cpu_data look normal (Konrad Rzeszutek Wilk) {CVE-2017-5715} [4.1.12-94.7.5] - userns: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - udf: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - net: mpls: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - fs: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - ipv6: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - ipv4: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - Thermal/int340x: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - cw1200: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - p54: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - bpf: prevent speculative execution in eBPF interpreter (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27345402] {CVE-2017-5753} - kABI: Make the boot_cpu_data look normal. (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - kernel.spec: Require the new microcode_ctl. (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} {CVE-2017-5715} - x86/microcode/AMD: Add support for fam17h microcode loading (Tom Lendacky) [Orabug: 27345388] {CVE-2017-5715} - x86/spec_ctrl: Disable if running as Xen PV guest. (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - Set IBPB when running a different VCPU (Dave Hansen) [Orabug: 27345388] {CVE-2017-5715} - Clear the host registers after setbe (Jun Nakajima) [Orabug: 27345388] {CVE-2017-5715} - Use the ibpb_inuse variable. (Jun Nakajima) [Orabug: 27345388] {CVE-2017-5715} - KVM: x86: add SPEC_CTRL to MSR and CPUID lists (Andrea Arcangeli) [Orabug: 27345388] {CVE-2017-5715} - kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Paolo Bonzini) [Orabug: 27345388] {CVE-2017-5715} - Use the 'ibrs_inuse' variable. (Jun Nakajima) [Orabug: 27345388] {CVE-2017-5715} - kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Andrea Arcangeli) [Orabug: 27345388] {CVE-2017-5715} - x86/svm: Set IBPB when running a different VCPU (Paolo Bonzini) [Orabug: 27345388] {CVE-2017-5715} - x86/kvm: Pad RSB on VM transition (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27345388] {CVE-2017-5715} - x86/microcode: Recheck IBRS and IBPB feature on microcode reload (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86: Move IBRS/IBPB feature detection to scattered.c (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - x86/kvm: clear registers on VM exit (Tom Lendacky) [Orabug: 27345388] {CVE-2017-5715} - x86/kvm: Set IBPB when switching VM (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - *INCOMPLETE* x86/syscall: Clear unused extra registers on syscall entrance (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - x86/mm: Set IBPB upon context switch (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86/spec_ctrl: save IBRS MSR value in paranoid_entry (Andrea Arcangeli) [Orabug: 27345388] {CVE-2017-5715} - *Scaffolding* x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86: Add macro that does not save rax, rcx, rdx on stack to disable IBRS (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86/enter: MACROS to set/clear IBRS and set IBP (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86/feature: Report presence of IBPB and IBRS control (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} - x86: Add STIBP feature enumeration (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 27345388] {CVE-2017-5715} - x86/feature: Enable the x86 feature to control (Tim Chen) [Orabug: 27345388] {CVE-2017-5715} [4.1.12-94.7.4] - KVM: nVMX: Fix loss of L2s NMI blocking state (Wanpeng Li) [Orabug: 27062526] - KVM: nVMX: track NMI blocking state separately for each VMCS (Paolo Bonzini) [Orabug: 27062526] - KVM: VMX: require virtual NMI support (Paolo Bonzini) [Orabug: 27062526] - KVM: nVMX: Fix the NMI IDT-vectoring handling (Wanpeng Li) [Orabug: 27062526] - netlink: allow to listen 'all' netns (Nicolas Dichtel) [Orabug: 27098332] - netlink: rename private flags and states (Nicolas Dichtel) [Orabug: 27098332] - netns: use a spin_lock to protect nsid management (Nicolas Dichtel) [Orabug: 27098332] - netns: notify new nsid outside __peernet2id() (Nicolas Dichtel) [Orabug: 27098332] - netns: rename peernet2id() to peernet2id_alloc() (Nicolas Dichtel) [Orabug: 27098332] - netns: always provide the id to rtnl_net_fill() (Nicolas Dichtel) [Orabug: 27098332] - netns: returns always an id in __peernet2id() (Nicolas Dichtel) [Orabug: 27098332] IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-112.14.13] - Revert 'kernel.spec: Require the new microcode_ctl.' (Brian Maly) [4.1.12-112.14.12] - xen-blkback: add pending_req allocation stats (Ankur Arora) [Orabug: 27386890] - xen-blkback: move indirect req allocation out-of-line (Ankur Arora) [Orabug: 27386890] - xen-blkback: pull nseg validation out in a function (Ankur Arora) [Orabug: 27386890] - xen-blkback: make struct pending_req less monolithic (Ankur Arora) [Orabug: 27386890] - x86: Clean up IBRS functionality resident in common code (Kanth Ghatraju) [Orabug: 27403317] - x86: Display correct settings for the SPECTRE_V2 bug (Kanth Ghatraju) [Orabug: 27403317] - Set CONFIG_GENERIC_CPU_VULNERABILITIES flag (Kanth Ghatraju) [Orabug: 27403317] - x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27403317] - sysfs/cpu: Fix typos in vulnerability documentation (David Woodhouse) [Orabug: 27403317] - sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27403317] - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (David Woodhouse) [Orabug: 27403317] - x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27403317] - KVM: x86: Add memory barrier on vmcs field lookup (Andrew Honig) {CVE-2017-5753} - KVM: VMX: remove I/O port 0x80 bypass on Intel hosts (Andrew Honig) [Orabug: 27402301] {CVE-2017-1000407} {CVE-2017-1000407} - xfs: give all workqueues rescuer threads (Chris Mason) [Orabug: 27397568] - ixgbevf: handle mbox_api_13 in ixgbevf_change_mtu (Joao Martins) [Orabug: 27397001] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-1000407 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 7 [2.1-22.5.0.3] - Revert Intel 20180108 microcode for CPUIDs: {CVE-2017-5715} 306c3 (06-3c-03 rev 0x23, Haswell); 306d4 (06-3d-04 rev 0x28, Broadwell); 306f2 (06-3f-02 rev 0x3b, Haswell); 306f4 (06-3f-04 rev 0x10, Haswell); 306e4 (06-3e-04 rev 0x42a, Ivy Bridge); 40651 (06-45-01 rev 0x21, Haswell); 40661 (06-46-01 rev 0x18, Haswell); 40671 (06-47-01 rev 0x1b, Broadwell); 406e3 (06-4e-03 rev 0xc2, Skylake); 406f1 (06-4f-01 rev 0xb000025, Broadwell); 50654 (06-55-04 rev 0x200003c, Skylake); 50662 (06-56-02 rev 0x14, Broadwell); 50663 (06-56-03 rev 0x7000011, Broadwell); 506e3 (06-5e-03 rev 0xc2, Skylake); 706a1 (06-7a-01 rev 0x22); 806e9 (06-8e-09 rev 0x80, Kaby Lake); 806ea (06-8e-0a rev 0x80); 906e9 (06-9e-09 rev 0x80, Kaby Lake) 906ea (06-9e-0a rev 0x80); 906eb (06-9e-0b rev 0x80) IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:7:4:patch cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [1:1.17-25.4.0.2] - Revert: early microcode load to allow updating Broadwell model 79 - Revert: Make sure 'modprobe microcode' is not executed on Broadwell model 79 - Revert: Run dracut upon microcode update - Revert updated Intel 20180108 microcode for CPUIDs: {CVE-2017-5715} 306c3 (06-3c-03 rev 0x23, Haswell); 306d4 (06-3d-04 rev 0x28, Broadwell); 306f2 (06-3f-02 rev 0x3b, Haswell); 306f4 (06-3f-04 rev 0x10, Haswell); 306e4 (06-3e-04 rev 0x42a, Ivy Bridge); 40651 (06-45-01 rev 0x21, Haswell); 40661 (06-46-01 rev 0x18, Haswell); 40671 (06-47-01 rev 0x1b, Broadwell); 406e3 (06-4e-03 rev 0xc2, Skylake); 406f1 (06-4f-01 rev 0xb000025, Broadwell); 50654 (06-55-04 rev 0x200003c, Skylake); 50662 (06-56-02 rev 0x14, Broadwell); 50663 (06-56-03 rev 0x7000011, Broadwell); 506e3 (06-5e-03 rev 0xc2, Skylake); 706a1 (06-7a-01 rev 0x22); 806e9 (06-8e-09 rev 0x80, Kaby Lake); 806ea (06-8e-0a rev 0x80); 906e9 (06-9e-09 rev 0x80, Kaby Lake) 906ea (06-9e-0a rev 0x80); 906eb (06-9e-0b rev 0x80) IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:6:9:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest Oracle Linux 5 Oracle Linux 6 [2.6.39-400.298.2] - x86: Use PRED_CMD MSR when ibpb is enabled (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/spec: Dont print the Missing arguments for option spectre_v2 (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Move ENABLE_IBRS in the interrupt macro (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - Add set_ibrs_disabled and set_ibpb_disabled (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86, boot: Carve out early cmdline parsing function (Borislav Petkov) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Fix kABI build breakage (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Add command-line options 'spectre_v2' and 'nospectre_v2' (Kanth Ghatraju) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/mm: Set IBPB upon context switch (Brian Maly) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Display correct settings for the SPECTRE_V2 bug (Kanth Ghatraju) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - Set CONFIG_GENERIC_CPU_VULNERABILITIES flag (Kanth Ghatraju) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - sysfs/cpu: Fix typos in vulnerability documentation (David Woodhouse) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86, cpu: Expand cpufeature facility to include cpu bugs (Borislav Petkov) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (David Woodhouse) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/spec: STUFF_RSB _before_ ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Move STUFF_RSB in to the idt macro (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Use IBRS for firmware update path (David Woodhouse) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/spec_ctrl: Disable if running as Xen PV guest (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/microcode: Recheck IBRS features on microcode reload (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/enter: MACROS to set/clear IBRS and set IBPB (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/feature: Detect the x86 IBRS feature to control Speculation (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: fix build breakage (Brian Maly) [Orabug: 27346425] {CVE-2017-5753} - kaiser: rename X86_FEATURE_KAISER to X86_FEATURE_PTI to match upstream (Mike Kravetz) {CVE-2017-5754} - x86/kaiser: Check boottime cmdline params (Mike Kravetz) [Orabug: 27333761] {CVE-2017-5754} - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27333761] {CVE-2017-5754} - KPTI: Report when enabled (Mike Kravetz) [Orabug: 27333761] {CVE-2017-5754} - PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27333761] [Orabug: 27333760] {CVE-2017-5754} - kaiser: Set _PAGE_NX only if supported (Guenter Roeck) [Orabug: 27333761] [Orabug: 27333760] {CVE-2017-5754} - KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27333761] {CVE-2017-5754} - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - x86/alternatives: add asm ALTERNATIVE macro (Mike Kravetz) [Orabug: 27333761] {CVE-2017-5754} - x86/kaiser: Reenable PARAVIRT, dynamically disable KAISER if PARAVIRT (Borislav Petkov) [Orabug: 27333761] {CVE-2017-5754} - kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - x86-32: Fix boot with CONFIG_X86_INVD_BUG (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - kaiser: alloc_ldt_struct() use get_zeroed_page() (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - kaiser: user_map __kprobes_text too (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - x86/mm/kaiser: re-enable vsyscalls (Andrea Arcangeli) [Orabug: 27333761] {CVE-2017-5754} - KAISER: Kernel Address Isolation (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: fix bad backport to disable PCID on Xen (Borislav Petkov) [Orabug: 27333761] {CVE-2017-5754} - x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - sched/core: Idle_task_exit() shouldnt use switch_mm_irqs_off() (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86, cpufeature: Add CPU features from Intel document 319433-012A (H. Peter Anvin) [Orabug: 27333761] {CVE-2017-5754} - x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner) [Orabug: 27333761] {CVE-2017-5754} - x86-64: Map the HPET NX (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/ldt: Make modify_ldt synchronous (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} {CVE-2015-5157} - x86, cpu: Add cpufeature flag for PCIDs (Arun Thomas) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Disable preemption during CR3 read+write (Sebastian Andrzej Siewior) [Orabug: 27333761] {CVE-2017-5754} - locking/barriers: fix compile issue (Brian Maly) [Orabug: 27346425] {CVE-2017-5753} - x86: Add another set of MSR accessor functions (Borislav Petkov) [Orabug: 27346425] {CVE-2017-5753} - udf: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - fs: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - p54: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-5753 CVE-2017-5754 CVE-2017-5715 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-61.63.1] - Revert 'kernel.spec: Require the new microcode_ctl.' (Brian Maly) - x86: Clean up IBRS functionality resident in common code (Kanth Ghatraju) [Orabug: 27439198] - x86: Display correct settings for the SPECTRE_V2 bug (Kanth Ghatraju) [Orabug: 27439198] - Set CONFIG_GENERIC_CPU_VULNERABILITIES flag (Kanth Ghatraju) [Orabug: 27439198] - x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27439198] - sysfs/cpu: Fix typos in vulnerability documentation (David Woodhouse) [Orabug: 27439198] - sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27439198] - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (David Woodhouse) [Orabug: 27439198] - x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27439198] - KVM: x86: Add memory barrier on vmcs field lookup (Andrew Honig) {CVE-2017-5753} - KVM: VMX: remove I/O port 0x80 bypass on Intel hosts (Andrew Honig) [Orabug: 27439182] {CVE-2017-1000407} {CVE-2017-1000407} [4.1.12-61.62.1] - xen-blkback: add pending_req allocation stats (Ankur Arora) [Orabug: 27386891] - xen-blkback: move indirect req allocation out-of-line (Ankur Arora) [Orabug: 27386891] - xen-blkback: pull nseg validation out in a function (Ankur Arora) [Orabug: 27386891] - xen-blkback: make struct pending_req less monolithic (Ankur Arora) [Orabug: 27386891] [4.1.12-61.61.1] - x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27378519] [Orabug: 27352353] {CVE-2017-5754} - x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT (redux) (Konrad Rzeszutek Wilk) [Orabug: 27378474] - x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27378115] - x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27382622] - x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported. (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - x86/entry_64: TRACE_IRQS_OFF before re-enabling. (Jamie Iles) [Orabug: 27345850] {CVE-2017-5715} - ptrace: remove unlocked RCU dereference. (Jamie Iles) [Orabug: 27345850] {CVE-2017-5715} - x86/ia32: Adds code hygiene for 32bit SYSCALL instruction entry. (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - x86/ia32: dont save registers on audit call (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT. (Konrad Rzeszutek Wilk) [Orabug: 27365614] {CVE-2017-5715} - x86/ia32: save and clear registers on syscall. (Jamie Iles) [Orabug: 27371760] {CVE-2017-5754} - x86/IBRS: Save current status of MSR_IA32_SPEC_CTRL (Boris Ostrovsky) [Orabug: 27371757] - pti: Rename X86_FEATURE_KAISER to X86_FEATURE_PTI (Pavel Tatashin) [Orabug: 27371653] {CVE-2017-5754} - x86/spec_ctrl: Add missing IBRS_DISABLE (Konrad Rzeszutek Wilk) - Make use of ibrs_inuse consistent. (Jun Nakajima) - x86/kvm: Set IBRS on VMEXIT if guest disabled it. (Konrad Rzeszutek Wilk) - Re-introduce clearing of r12-15, rbp, rbx (Kris Van Hees) [Orabug: 27345850] {CVE-2017-5715} - x86: more ibrs/pti fixes (Pavel Tatashin) [Orabug: 27371653] {CVE-2017-5754} - x86/spec: Actually do the check for in_use on ENABLE_IBRS (Konrad Rzeszutek Wilk) {CVE-2017-5715} - kvm: svm: Expose the CPUID.0x80000008 ebx flag. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spec_ctrl: Provide the sysfs version of the ibrs_enabled (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86: Use better #define for FEATURE_ENABLE_IBRS and 0 (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86: Instead of 0x2, 0x4, and 0x1 use #defines. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - kpti: Disable when running under Xen PV (Konrad Rzeszutek Wilk) [Orabug: 27371653] {CVE-2017-5754} - x86: Dont ENABLE_IBRS in nmi when we are still running on user cr3 (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/enter: Use IBRS on syscall and interrupts - fix ia32 path (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86: Fix spectre/kpti integration (Konrad Rzeszutek Wilk) [Orabug: 27371653] {CVE-2017-5754} - PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27371653] {CVE-2017-5754} - KAISER KABI tweaks. (Martin K. Petersen) [Orabug: 27371653] {CVE-2017-5754} - x86/ldt: fix crash in ldt freeing. (Jamie Iles) [Orabug: 27371653] {CVE-2017-5754} - x86/entry: Define 'cpu_current_top_of_stack' for 64-bit code (Denys Vlasenko) [Orabug: 27371653] {CVE-2017-5754} - x86/entry: Remove unused 'kernel_stack' per-cpu variable (Denys Vlasenko) [Orabug: 27371653] {CVE-2017-5754} - x86/entry: Stop using PER_CPU_VAR(kernel_stack) (Denys Vlasenko) [Orabug: 27371653] {CVE-2017-5754} - kaiser: Set _PAGE_NX only if supported (Guenter Roeck) [Orabug: 27371653] {CVE-2017-5754} - x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - KPTI: Report when enabled (Kees Cook) [Orabug: 27371653] {CVE-2017-5754} - KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27371653] {CVE-2017-5754} - x86/kaiser: Move feature detection up (Borislav Petkov) [Orabug: 27371653] {CVE-2017-5754} - x86/kaiser: Reenable PARAVIRT (Borislav Petkov) [Orabug: 27371653] {CVE-2017-5754} - x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner) [Orabug: 27371653] {CVE-2017-5754} - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: drop is_atomic arg to kaiser_pagetable_walk() (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - x86/kaiser: Check boottime cmdline params (Borislav Petkov) [Orabug: 27371653] {CVE-2017-5754} - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27371653] {CVE-2017-5754} - kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: fix unlikely error in alloc_ldt_struct() (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: paranoid_entry pass cr3 need to paranoid_exit (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: PCID 0 for kernel and 128 for user (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: enhanced by kernel and user PCIDs (Dave Hansen) [Orabug: 27371653] {CVE-2017-5754} - kaiser: vmstat show NR_KAISERTABLE as nr_overhead (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: delete KAISER_REAL_SWITCH option (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: cleanups while trying for gold link (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: kaiser_remove_mapping() move along the pgd (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: tidied up kaiser_add/remove_mapping slightly (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: tidied up asm/kaiser.h somewhat (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: ENOMEM if kaiser_pagetable_walk() NULL (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: fix perf crashes (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: KAISER depends on SMP (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: fix build and FIXME in alloc_ldt_struct() (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: do not set _PAGE_NX on pgd_none (Hugh Dickins) [Orabug: 27371653] {CVE-2017-5754} - kaiser: merged update (Dave Hansen) [Orabug: 27371653] {CVE-2017-5754} - KAISER: Kernel Address Isolation (Richard Fellner) [Orabug: 27371653] {CVE-2017-5754} - x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27371653] {CVE-2017-5754} - x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: Make flush_tlb_mm_range() more predictable (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: Remove flush_tlb() and flush_tlb_current_task() (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/irq: Do not substract irq_tlb_count from irq_call_count (Aaron Lu) [Orabug: 27371653] {CVE-2017-5754} - sched/core: Idle_task_exit() shouldnt use switch_mm_irqs_off() (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - ARM: Hide finish_arch_post_lock_switch() from modules (Steven Rostedt) [Orabug: 27371653] {CVE-2017-5754} - x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27371653] {CVE-2017-5754} - x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27371653] {CVE-2017-5754} - x86/ibrs: Remove 'ibrs_dump' and remove the pr_debug (Konrad Rzeszutek Wilk) [Orabug: 27351388] - kABI: Revert kABI: Make the boot_cpu_data look normal (Konrad Rzeszutek Wilk) {CVE-2017-5715} [4.1.12-61.60.1] - userns: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - udf: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - net: mpls: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - fs: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - ipv6: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - ipv4: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - Thermal/int340x: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - cw1200: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - p54: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - bpf: prevent speculative execution in eBPF interpreter (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27345857] {CVE-2017-5753} - kABI: Make the boot_cpu_data look normal. (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - kernel.spec: Require the new microcode_ctl. (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} {CVE-2017-5715} - x86/microcode/AMD: Add support for fam17h microcode loading (Tom Lendacky) [Orabug: 27345850] {CVE-2017-5715} - x86/spec_ctrl: Disable if running as Xen PV guest. (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - Set IBPB when running a different VCPU (Dave Hansen) [Orabug: 27345850] {CVE-2017-5715} - Clear the host registers after setbe (Jun Nakajima) [Orabug: 27345850] {CVE-2017-5715} - Use the ibpb_inuse variable. (Jun Nakajima) [Orabug: 27345850] {CVE-2017-5715} - KVM: x86: add SPEC_CTRL to MSR and CPUID lists (Andrea Arcangeli) [Orabug: 27345850] {CVE-2017-5715} - kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Paolo Bonzini) [Orabug: 27345850] {CVE-2017-5715} - Use the 'ibrs_inuse' variable. (Jun Nakajima) [Orabug: 27345850] {CVE-2017-5715} - kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Andrea Arcangeli) [Orabug: 27345850] {CVE-2017-5715} - x86/svm: Set IBPB when running a different VCPU (Paolo Bonzini) [Orabug: 27345850] {CVE-2017-5715} - x86/kvm: Pad RSB on VM transition (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27345850] {CVE-2017-5715} - x86/microcode: Recheck IBRS and IBPB feature on microcode reload (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86: Move IBRS/IBPB feature detection to scattered.c (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - x86/kvm: clear registers on VM exit (Tom Lendacky) [Orabug: 27345850] {CVE-2017-5715} - x86/kvm: Set IBPB when switching VM (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - *INCOMPLETE* x86/syscall: Clear unused extra registers on syscall entrance (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - x86/mm: Set IBPB upon context switch (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86/spec_ctrl: save IBRS MSR value in paranoid_entry (Andrea Arcangeli) [Orabug: 27345850] {CVE-2017-5715} - *Scaffolding* x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86: Add macro that does not save rax, rcx, rdx on stack to disable IBRS (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86/enter: MACROS to set/clear IBRS and set IBP (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86/feature: Report presence of IBPB and IBRS control (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} - x86: Add STIBP feature enumeration (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 27345850] {CVE-2017-5715} - x86/feature: Enable the x86 feature to control (Tim Chen) [Orabug: 27345850] {CVE-2017-5715} [4.1.12-61.59.1] - nvme: merge probe_work and reset_work (Christoph Hellwig) [Orabug: 26984819] - nvme: only ignore hardware errors in nvme_create_io_queues (Christoph Hellwig) [Orabug: 26984819] - nvme: add NVME_SC_CANCELLED (Christoph Hellwig) [Orabug: 26984819] [4.1.12-61.58.1] - netlink: allow to listen 'all' netns (Nicolas Dichtel) [Orabug: 27098331] - netlink: rename private flags and states (Nicolas Dichtel) [Orabug: 27098331] - netns: use a spin_lock to protect nsid management (Nicolas Dichtel) [Orabug: 27098331] - netns: notify new nsid outside __peernet2id() (Nicolas Dichtel) [Orabug: 27098331] - netns: rename peernet2id() to peernet2id_alloc() (Nicolas Dichtel) [Orabug: 27098331] - netns: always provide the id to rtnl_net_fill() (Nicolas Dichtel) [Orabug: 27098331] - netns: returns always an id in __peernet2id() (Nicolas Dichtel) [Orabug: 27098331] - mm: fix new crash in unmapped_area_topdown() (Hugh Dickins) [Orabug: 26338222] {CVE-2017-1000364} - mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: 26338222] {CVE-2017-1000364} - Revert 'SUNRPC: Refactor svc_set_num_threads()' (Kirtikar Kashyap) [Orabug: 26981903] - Revert 'NFSv4: Fix callback server shutdown' (Kirtikar Kashyap) [Orabug: 26981903] [4.1.12-61.57.1] - packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) [Orabug: 26681157] {CVE-2017-1000111} - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650879] {CVE-2017-9075} - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643642] {CVE-2017-11473} - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643594] {CVE-2016-10044} - mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug: 26643552] {CVE-2017-11176} - ping: implement proper locking (Eric Dumazet) [Orabug: 26540282] {CVE-2017-2671} - nfsd: encoders mustnt use unitialized values in error cases (J. Bruce Fields) [Orabug: 26572912] {CVE-2017-8797} - nfsd: fix undefined behavior in nfsd4_layout_verify (Ari Kauppi) [Orabug: 26572912] {CVE-2017-8797} - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643594] {CVE-2016-10044} - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643594] {CVE-2016-10044} - fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26403981] {CVE-2017-1000365} {CVE-2017-1000365} - NFSv4: Fix callback server shutdown (Trond Myklebust) [Orabug: 26403981] {CVE-2017-9059} - SUNRPC: Refactor svc_set_num_threads() (Trond Myklebust) [Orabug: 26403981] {CVE-2017-9059} [4.1.12-61.56.1] - mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin Guay) [Orabug: 26867347] - xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26867347] [4.1.12-61.55.1] - Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796420] {CVE-2017-1000251} - blk-mq: avoid re-initialize request which is failed in direct dispatch (Shaohua Li) [Orabug: 26752510] - xen-blkfront: fix mq start/stop race (Junxiao Bi) [Orabug: 26739166] [Orabug: 26739166] - Added IB diag counters from UEK2 (Chris Gray) [Orabug: 26088233] [4.1.12-61.54.1] - xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26669479] [Orabug: 26645497] {CVE-2017-12134} [4.1.12-61.53.1] - dentry name snapshots (Al Viro) [Orabug: 26630810] {CVE-2017-7533} [4.1.12-61.52.1] - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26585991] {CVE-2016-9604} {CVE-2016-9604} - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26586044] {CVE-2016-10200} - mnt: Add a per mount namespace limit on the number of mounts (Eric W. Biederman) [Orabug: 26585947] {CVE-2016-6213} {CVE-2016-6213} - ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26578193] {CVE-2017-9242} IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.20.2] - x86: Add another set of MSR accessor functions (Borislav Petkov) [Orabug: 27444923] {CVE-2017-5753} - userns: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - udf: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - fs: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - p54: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - x86/rsb: add comment specifying why we skip STUFF_RSB (Ankur Arora) [Orabug: 27451658] {CVE-2017-5715} - x86/rsb: make STUFF_RSB jmp labels more robust (Ankur Arora) [Orabug: 27451658] {CVE-2017-5715} - x86/spec: Also print IBRS if IBPB is disabled. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spectre: Drop the warning about ibrs being obsolete. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - Add set_ibrs_disabled and set_ibpb_disabled (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/spec: Don't print the Missing arguments for option spectre_v2 (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27376697] {CVE-2017-5715} - x86, boot: Carve out early cmdline parsing function (Borislav Petkov) [Orabug: 27376697] - x86: Add command-line options 'spectre_v2' and 'nospectre_v2' (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5715} - x86: Fix kABI build breakage (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86: Use PRED_CMD MSR when ibpb is enabled (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/mm: Set IBPB upon context switch (Brian Maly) [Orabug: 27376697] {CVE-2017-5715} - x86: Display correct settings for the SPECTRE_V[12] bug (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5715} {CVE-2017-5753} - x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27376697] {CVE-2017-5715} {CVE-2017-5753} - x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27376697] {CVE-2017-5715} - x86/spec_ctrl: Disable if running as Xen PV guest (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27376697] {CVE-2017-5715} {CVE-2017-5754} - x86, cpu: Expand cpufeature facility to include cpu bugs (Borislav Petkov) [Orabug: 27376697] {CVE-2017-5715} - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5715} - x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5754} - x86/entry: STUFF_RSB only after switching to kernel CR3 (Ankur Arora) [Orabug: 27376697] {CVE-2017-5715} - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27376697] {CVE-2017-5715} - x86: Use IBRS for firmware update path (David Woodhouse) [Orabug: 27376697] {CVE-2017-5715} - x86/microcode: Recheck IBRS features on microcode reload (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/enter: MACROS to set/clear IBRS (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/feature: Detect the x86 IBRS feature to control Speculation (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27333764] {CVE-2017-5754} - PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27333764] [Orabug: 27333760] {CVE-2017-5754} {CVE-2017-5754} - kaiser: Set _PAGE_NX only if supported (Lepton Wu) [Orabug: 27333764] {CVE-2017-5754} - kaiser: rename X86_FEATURE_KAISER to X86_FEATURE_PTI (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27333764] {CVE-2017-5754} - x86/kaiser: Check boottime cmdline params (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - kaiser: x86: Fix NMI handling (Jiri Kosina) [Orabug: 27333764] {CVE-2017-5754} - kaiser: move paravirt clock vsyscall mapping out of kaiser_init (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - kaiser: disable if xen PARAVIRT (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - x86/kaiser: Reenable PARAVIRT (Borislav Petkov) [Orabug: 27333764] {CVE-2017-5754} - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27333764] {CVE-2017-5754} - kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - x86/alternatives: add asm ALTERNATIVE macro (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - kaiser: alloc_ldt_struct() use get_zeroed_page() (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - x86: kvmclock: Disable use from vDSO if KPTI is enabled (Ben Hutchings) [Orabug: 27333764] {CVE-2017-5754} - kaiser: Fix build with CONFIG_FUNCTION_GRAPH_TRACER (Kees Cook) [Orabug: 27333764] {CVE-2017-5754} - x86/mm/kaiser: re-enable vsyscalls (Andrea Arcangeli) [Orabug: 27333764] {CVE-2017-5754} - KAISER: Kernel Address Isolation (Richard Fellner) [Orabug: 27333764] {CVE-2017-5754} - kprobes: Prohibit probing on .entry.text code (Masami Hiramatsu) [Orabug: 27333764] {CVE-2017-5754} - x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Fix flush_tlb_page() on Xen (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Disable preemption during CR3 read+write (Sebastian Andrzej Siewior) [Orabug: 27333764] {CVE-2017-5754} - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86: Clean up cr4 manipulation (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner) [Orabug: 27333764] {CVE-2017-5754} - x86/ldt: Make modify_ldt synchronous (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} {CVE-2015-5157} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-112.14.14] - drivers/char/mem.c: deny access in open operation when securelevel is set (Ethan Zhao) [Orabug: 27234850] [Orabug: 27234850] - hugetlb: fix nr_pmds accounting with shared page tables (Kirill A. Shutemov) [Orabug: 26988581] - x86/IBRS: Drop unnecessary WRITE_ONCE (Boris Ostrovsky) [Orabug: 27416198] - x86/IBRS: Dont try to change IBRS mode if IBRS is not available (Boris Ostrovsky) [Orabug: 27416198] - x86/IBRS: Remove support for IBRS_ENABLED_USER mode (Boris Ostrovsky) [Orabug: 27416198] - x86: Include linux/device.h in bugs_64.c (Boris Ostrovsky) [Orabug: 27418896] - x86/spectre: Drop the warning about ibrs being obsolete. (Konrad Rzeszutek Wilk) - x86/spec: Dont print the Missing arguments for option spectre_v2. (Konrad Rzeszutek Wilk) - x86/spec: Also print IBRS if IBPB is disabled. (Konrad Rzeszutek Wilk) - x86/IBPB: Provide debugfs interface for changing IBPB mode (Boris Ostrovsky) [Orabug: 27449065] - xen: Make PV Dom0 Linux kernel NUMA aware (Elena Ufimtseva) - net/rds: Fix incorrect error handling (Hakon Bugge) [Orabug: 26848729] - net/rds: use multiple sge than buddy allocation in congestion code (Wei Lin Guay) [Orabug: 26848729] - Revert RDS: fix the sg allocation based on actual message size (Wei Lin Guay) [Orabug: 26848729] - Revert RDS: avoid large pages for sg allocation for TCP transport (Wei Lin Guay) [Orabug: 26848729] - Revert net/rds: Reduce memory footprint in rds_sendmsg (Wei Lin Guay) [Orabug: 26848729] - net/rds: reduce memory footprint during ib_post_recv in IB transport (Wei Lin Guay) [Orabug: 26848729] - net/rds: reduce memory footprint during rds_sendmsg with IB transport (Wei Lin Guay) [Orabug: 26848729] - net/rds: set the rds_ib_init_frag based on supported sge (Wei Lin Guay) [Orabug: 26848729] - bnxt_en: Fix possible corrupted NVRAM parameters from firmware response. (Michael Chan) [Orabug: 27199588] - x86, kasan: Fix build failure on KASAN=y && KMEMCHECK=y kernels (Andrey Ryabinin) [Orabug: 27255122] - x86, efi, kasan: Fix build failure on !KASAN && KMEMCHECK=y kernels (Andrey Ryabinin) [Orabug: 27255122] - x86, efi, kasan: #undef memset/memcpy/memmove per arch (Andrey Ryabinin) [Orabug: 27255122] - Revert Makefile: Build with -Werror=date-time if the compiler supports it (Gayatri Vasudevan) [Orabug: 27255122] - dccp: CVE-2017-8824: use-after-free in DCCP code (Mohamed Ghannam) [Orabug: 27290300] {CVE-2017-8824} - x86/efi: Initialize and display UEFI secure boot state a bit later during init (Daniel Kiper) [Orabug: 27309477] - x86/espfix: Init espfix on the boot CPU side (Zhu Guihua) [Orabug: 27344552] - x86/espfix: Add cpu parameter to init_espfix_ap() (Zhu Guihua) [Orabug: 27344552] - ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser) [Orabug: 27344841] {CVE-2017-0861} {CVE-2017-0861} - fs/ocfs2: remove page cache for converted direct write (Wengang Wang) - Revert ocfs2: code clean up for direct io (Wengang Wang) - assoc_array: Fix a buggy node-splitting case (David Howells) [Orabug: 27364592] {CVE-2017-12193} {CVE-2017-12193} - Sanitize move_pages() permission checks (Linus Torvalds) [Orabug: 27364690] {CVE-2017-14140} - pti: compile fix for when PTI is disabled (Pavel Tatashin) [Orabug: 27383147] {CVE-2017-5754} - sctp: do not peel off an assoc from one netns to another one (Xin Long) [Orabug: 27386999] {CVE-2017-15115} - net: ipv4: fix for a race condition in raw_sendmsg (Mohamed Ghannam) [Orabug: 27390682] {CVE-2017-17712} - mlx4: add mstflint secure boot access kernel support (Qing Huang) [Orabug: 27404202] - x86: Move STUFF_RSB in to the idt macro (Konrad Rzeszutek Wilk) - x86/spec: STUFF_RSB _before_ ENABLE_IBRS (Konrad Rzeszutek Wilk) - x86: Move ENABLE_IBRS in the interrupt macro. (Konrad Rzeszutek Wilk) [Orabug: 27449045] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-14140 CVE-2017-5754 CVE-2017-12193 CVE-2017-8824 CVE-2017-17712 CVE-2017-0861 CVE-2017-15115 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 5 kernel [2.6.18-419.0.0.0.5] - [fs] fix kernel panic on boot on ia64 guests (Honglei Wang) [orabug 26934100] [2.6.18-419.0.0.0.4] - [fs] fix bug in loading of PIE binaries (Michael Davidson) [orabug 26916951] {CVE-2017-1000253} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-1000253 cpe:/a:oracle:linux:5::ELS Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.20.3] - gre: fix a possible skb leak (Eric Dumazet) [Orabug: 26403972] {CVE-2017-9074} - ipv6: Fix leak in ipv6_gso_segment(). (David S. Miller) [Orabug: 26403972] {CVE-2017-9074} - ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403972] {CVE-2017-9074} - ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403972] {CVE-2017-9074} - ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403972] {CVE-2017-9074} - tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Wei Wang) [Orabug: 26813390] {CVE-2017-14106} - rxrpc: Fix several cases where a padded len isn't checked in ticket decode (David Howells) [Orabug: 26880517] {CVE-2017-7482} {CVE-2017-7482} - xen/mmu: Call xen_cleanhighmap() with 4MB aligned for page tables mapping (Zhenzhong Duan) [Orabug: 26883322] - KVM: x86: fix deadlock in clock-in-progress request handling (Marcelo Tosatti) [Orabug: 27065995] - ocfs2: fstrim: Fix start offset of first cluster group during fstrim (Ashish Samant) [Orabug: 27099835] - USB: serial: console: fix use-after-free after failed setup (Johan Hovold) [Orabug: 27206837] {CVE-2017-16525} - uwb: properly check kthread_run return value (Andrey Konovalov) [Orabug: 27206897] {CVE-2017-16526} - ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor (Takashi Iwai) [Orabug: 27206928] {CVE-2017-16529} - USB: fix out-of-bounds in usb_set_configuration (Greg Kroah-Hartman) [Orabug: 27207240] {CVE-2017-16531} - USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor() (Alan Stern) [Orabug: 27207983] {CVE-2017-16535} - dccp: CVE-2017-8824: use-after-free in DCCP code (Mohamed Ghannam) [Orabug: 27290301] {CVE-2017-8824} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-16535 CVE-2017-9074 CVE-2017-16526 CVE-2017-16529 CVE-2017-16531 CVE-2017-7482 CVE-2017-8824 CVE-2017-14106 CVE-2017-16525 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.298.3] - ext4: limit group search loop for non-extent files (Lachlan McIlroy) [Orabug: 17488415] - ext4: fixup 64-bit divides in 3.0-stable backport of upstream fix (Todd Poynor) [Orabug: 17488415] - ext4: use atomic64_t for the per-flexbg free_clusters count (Theodore Ts'o) [Orabug: 17488415] - ext4: init pagevec in ext4_da_block_invalidatepages (Eric Sandeen) [Orabug: 17488415] - ext4: do not try to write superblock on ro remount w/o journal (Michael Tokarev) [Orabug: 17488415] - xen-netback: fix grant_copy_op array size (Niranjan Patil) [Orabug: 25653941] - xen-netback: explicitly check max_slots_needed against meta_prod counter (Niranjan Patil) [Orabug: 25653941] - xen-netback: Fix handling of skbs requiring too many slots (Zoltan Kiss) [Orabug: 25653941] - xen-netback: worse-case estimate in xenvif_rx_action is underestimating (Paul Durrant) [Orabug: 25653941] - xen-netback: Add worse-case estimates of max_slots_needed in netbk_rx_action (Niranjan Patil) [Orabug: 25653941] - KEYS: Remove key_type::match in favour of overriding default by match_preparse (Tim Tianyang Chen) [Orabug: 25757946] {CVE-2017-6951} - xen/mmu: Call xen_cleanhighmap() with 4MB aligned for page tables mapping (Zhenzhong Duan) [Orabug: 26737475] - tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Wei Wang) [Orabug: 26813391] {CVE-2017-14106} - rxrpc: Fix several cases where a padded len isn't checked in ticket decode (David Howells) [Orabug: 26880520] {CVE-2017-7482} {CVE-2017-7482} - ocfs2: fstrim: Fix start offset of first cluster group during fstrim (Ashish Samant) [Orabug: 27099836] - Check validity of cl_rpcclient in nfs_server_list_show (Malahal Naineni) [Orabug: 27112186] - USB: serial: console: fix use-after-free after failed setup (Johan Hovold) [Orabug: 27206839] {CVE-2017-16525} - ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor (Takashi Iwai) [Orabug: 27206934] {CVE-2017-16529} - USB: fix out-of-bounds in usb_set_configuration (Greg Kroah-Hartman) [Orabug: 27207243] {CVE-2017-16531} - dccp: CVE-2017-8824: use-after-free in DCCP code (Mohamed Ghannam) [Orabug: 27290308] {CVE-2017-8824} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-16531 CVE-2017-8824 CVE-2017-16525 CVE-2017-6951 CVE-2017-7482 CVE-2017-14106 CVE-2017-16529 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 7 [1.9.1-2.1.5] - Production built 1.9.1-2.1.5 - Fix the upgrade version check - Remove w/a from [Orabug 27125915] [1.9.1-2.1.4.dev] - Make sure worker node upgrade properly - [Orabug 27649898] [1.9.1-2.1.3.dev] - Ensure that the runtime mounts RO volumes read-only [CVE-2017-1002102] - Update Dashboard version to v1.8.3 [CVE-2017-1002102] - Fix nested volume mounts for read-only API data volumes [CVE-2017-1002102] - Fixed kubeadm-setup.sh and kubeadm-registry.sh - Add feature gate for subpath [CVE-2017-1002101] - Add subpath e2e tests [CVE-2017-1002101] - Lock subPath volumes [CVE-2017-1002101] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-1002101 CVE-2017-1002102 cpe:/a:oracle:linux:7::addons Oracle Linux 6 Oracle Linux 7 [4.1.12-112.16.7] - mlx4: change the ICM table allocations to lowest needed size (Daniel Jurgens) [Orabug: 27718305] - autofs: use dentry flags to block walks during expire (Ian Kent) [Orabug: 26032471] [Orabug: 27766149] - autofs races (Al Viro) [Orabug: 27766149] [Orabug: 27766149] - crypto: FIPS - allow tests to be disabled in FIPS mode (Stephan Mueller) [Orabug: 26182706] - crypto: rng - Zero seed in crypto_rng_reset (Herbert Xu) [Orabug: 26182706] - crypto: xts - consolidate sanity check for keys (Stephan Mueller) [Orabug: 26182706] [4.1.12-112.16.6] - fork: fix incorrect fput of ->exe_file causing use-after-free (Eric Biggers) [Orabug: 27290198] {CVE-2017-17052} - negotiate_mq should happen in all cases of a new VBD being discovered by xen-blkfront, whether called through _probe() or a hot-attached new VBD from dom-0 via xenstore. Otherwise, hot-attached new VBDs are left configured without multi-queue. (Patrick Colp) [Orabug: 27383895] - rds: Fix NULL pointer dereference in __rds_rdma_map (Hakon Bugge) [Orabug: 27477007] - nvme: fix uninitialized prp2 value on small transfers (Jan H. Schonherr) [Orabug: 27581008] - xen-netfront: Improve error handling during initialization (Ross Lagerwall) [Orabug: 27655820] - RDS: IB: Fix null pointer issue (Guanglei Li) [Orabug: 27636704] - mstflint: update Makefile and Kconfig (Qing Huang) [Orabug: 27656465] - target: add inquiry_product module param to override LIO default (Kyle Fortin) [Orabug: 27679482] - target: add inquiry_vendor module param to override LIO-ORG (Kyle Fortin) [Orabug: 27679482] - net/rds: Avoid copy overhead if send buff is full (Gerd Rausch) [Orabug: 27747176] [4.1.12-112.16.5] - IB/core: Avoid calling ib_query_device (Or Gerlitz) [Orabug: 27687710] - IB/core: Save the device attributes on the device structure (Ira Weiny) [Orabug: 27687710] - KVM: x86: fix singlestepping over syscall (Paolo Bonzini) [Orabug: 27669907] {CVE-2017-7518} {CVE-2017-7518} - xen/acpi: upload _PSD info for non-dom0 CPUs too (Joao Martins) [Orabug: 27655757] - Revert RDS: dont commit to queue till transport connection is up (Santosh Shilimkar) IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-7518 CVE-2017-17052 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.14.1] - ctf: drop the run-as-root error (Nick Alcock) [Orabug: 27852654] - rds: Node crashes when trace buffer is opened (Ka-Cheong Poon) [Orabug: 27846191] - xfs: fix accidental reversion of aa6a6227435cb (Darrick J. Wong) [Orabug: 27845869] [4.1.12-124.13.1] - net: cdc_ether: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27841392] {CVE-2017-16649} - sysctl: Drop reference added by grab_header in proc_sys_readdir (Zhou Chengming) [Orabug: 27841944] {CVE-2016-9191} {CVE-2016-9191} {CVE-2016-9191} - Revert 'sysctl: Drop reference added by grab_header in proc_sys_readdir' (Jack Vogel) [4.1.12-124.12.1] - xfs: remove 'no-allocation' reservations for file creations (Darrick J. Wong) [Orabug: 27609439] - xfs: dont print warnings when xfs_log_force fails (Christoph Hellwig) [Orabug: 27609404] - xfs: Properly retry failed dquot items in case of error during buffer writeback (Carlos Maiolino) [Orabug: 27609404] - xfs: Properly retry failed inode items in case of error during buffer writeback (Carlos Maiolino) [Orabug: 27609404] - xfs: Add infrastructure needed for error propagation during buffer IO failure (Carlos Maiolino) [Orabug: 27609404] - xfs: remove xfs_trans_ail_delete_bulk (Christoph Hellwig) [Orabug: 27609404] - xfs: fix and streamline error handling in xfs_end_io (Darrick J. Wong) [Orabug: 27609404] - xfs: dont leave EFIs on AIL on mount failure (Brian Foster) [Orabug: 27609404] - xfs: use EFI refcount consistently in log recovery (Brian Foster) [Orabug: 27609404] - xfs: ensure EFD trans aborts on log recovery extent free failure (Brian Foster) [Orabug: 27609404] - xfs: fix efi/efd error handling to avoid fs shutdown hangs (Brian Foster) [Orabug: 27609404] - xfs: return committed status from xfs_trans_roll() (Brian Foster) [Orabug: 27609404] - xfs: disentagle EFI release from the extent count (Brian Foster) [Orabug: 27609404] [4.1.12-124.11.1] - netfilter: ebtables: CONFIG_COMPAT: dont trust userland offsets (Florian Westphal) [Orabug: 27774012] {CVE-2018-1068} - ACPI / PAD: dont register acpi_pad driver if running as Xen dom0 (Juergen Gross) [Orabug: 27796473] - sched/fair: Fix typo in sync_throttle() (Xunlei Pang) [Orabug: 27787518] - sched/fair: Do not announce throttled next buddy in dequeue_task_fair() (Konstantin Khlebnikov) [Orabug: 27787518] - sched/fair: Initialize and rework throttle_count for new task-groups (Peter Zijlstra) [Orabug: 27787518] - perf tools: Move syscall number fallbacks from perf-sys.h to tools/arch/x86/include/asm/ (Arnaldo Carvalho de Melo) [Orabug: 27240053] - crypto: FIPS - allow tests to be disabled in FIPS mode (Stephan Mueller) [Orabug: 27809271] - crypto: xts - consolidate sanity check for keys (Stephan Mueller) [Orabug: 27809271] - crypto: rng - Zero seed in crypto_rng_reset (Herbert Xu) [Orabug: 27809271] - enic: set IG desc cache flag in open (Govindarajulu Varadarajan) [Orabug: 27587345] [4.1.12-124.10.1] - Drivers: hv: utils: fix crash when device is removed from host side (Vitaly Kuznetsov) [Orabug: 27426102] - Drivers: hv: utils: introduce HVUTIL_TRANSPORT_DESTROY mode (Vitaly Kuznetsov) [Orabug: 27426102] - Drivers: hv: utils: rename outmsg_lock (Vitaly Kuznetsov) [Orabug: 27426102] - Drivers: hv: utils: fix memory leak on on_msg() failure (Vitaly Kuznetsov) [Orabug: 27426102] - Drivers: hv: utils: use memdup_user in hvt_op_write (Olaf Hering) [Orabug: 27426102] - hv: util: checking the wrong variable (Dan Carpenter) [Orabug: 27426102] - net/rds: Avoid copy overhead if send buff is full (Gerd Rausch) [Orabug: 27747165] - ext4: fix ->put_link panic (Junxiao Bi) [Orabug: 27498770] - KVM/VMX: Clear spec_ctrl status when resetting vcpu (Patrick Colp) - mlx4: change the ICM table allocations to lowest needed size (Daniel Jurgens) [Orabug: 27718303] - Revert 'Drivers: hv: utils: fix a race on userspace daemons registration' (Jack Vogel) [Orabug: 27673755] [4.1.12-124.9.1] - crypto: af_alg - Avoid sock_graft call warning (Herbert Xu) [Orabug: 26895616] - iscsi-target: Fix initial login PDU asynchronous socket close OOPs (Nicholas Bellinger) [Orabug: 27701211] - target/iscsi: Fix indentation in iscsi_target_start_negotiation() (Bart Van Assche) [Orabug: 27701211] - iscsi-target: Fix early sk_data_ready LOGIN_FLAGS_READY race (Nicholas Bellinger) [Orabug: 27701211] - iscsi-target: Fix rx_login_comp hang after login failure (Nicholas Bellinger) [Orabug: 27701211] - KVM: x86: fix singlestepping over syscall (Paolo Bonzini) [Orabug: 27669904] {CVE-2017-7518} {CVE-2017-7518} - nfs: system crashes after NFS4ERR_MOVED recovery (Bill.Baker@oracle.com) [Orabug: 27679350] - NFS: Clean up nfs4_set_client() (Anna Schumaker) [Orabug: 27679350] - NFS4: Avoid migration loops (Benjamin Coddington) [Orabug: 27679350] - mstflint: update Makefile and Kconfig (Qing Huang) [Orabug: 27707445] - target: add inquiry_product module param to override LIO default (Kyle Fortin) [Orabug: 27679431] - target: add inquiry_vendor module param to override LIO-ORG (Kyle Fortin) [Orabug: 27679431] - IB/core: Avoid calling ib_query_device (Or Gerlitz) [Orabug: 27687711] - IB/core: Save the device attributes on the device structure (Ira Weiny) [Orabug: 27687711] [4.1.12-124.8.1] - nvme: fix uninitialized prp2 value on small transfers (Jan H. Schonherr) [Orabug: 27624149] - bnxt_en: initialize bnxt_pf_wq (Brian Maly) [Orabug: 27674029] - x86/spectre_v2: Fix cpu offlining with IPBP. (Konrad Rzeszutek Wilk) [4.1.12-124.7.1] - retpoline: selectively disable IBRS in disable_ibrs_and_friends() (Chuck Anderson) [Orabug: 27665263] [4.1.12-124.6.1] - bnxt_en: Add cache line size setting to optimize performance. (Michael Chan) [Orabug: 27648355] - bnxt_en: Forward VF MAC address to the PF. (Vasundhara Volam) [Orabug: 27648355] - bnxt_en: Add BCM5745X NPAR device IDs (Vasundhara Volam) [Orabug: 27648355] - bnxt_en: Expand bnxt_check_rings() to check all resources. (Michael Chan) [Orabug: 27648355] - bnxt_en: Implement new method for the PF to assign SRIOV resources. (Michael Chan) [Orabug: 27648355] - bnxt_en: Reserve resources for RFS. (Michael Chan) [Orabug: 27648355] - bnxt_en: Implement new method to reserve rings. (Michael Chan) [Orabug: 27648355] - bnxt_en: Set initial default RX and TX ring numbers the same in combined mode. (Michael Chan) [Orabug: 27648355] - bnxt_en: Add the new firmware API to query hardware resources. (Michael Chan) [Orabug: 27648355] - bnxt_en: Refactor hardware resource data structures. (Michael Chan) [Orabug: 27648355] - bnxt_en: Restore MSIX after disabling SRIOV. (Michael Chan) [Orabug: 27648355] - bnxt_en: Refactor bnxt_close_nic(). (Michael Chan) [Orabug: 27648355] - bnxt_en: Update firmware interface to 1.9.0. (Michael Chan) [Orabug: 27648355] - bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine. (Venkat Duvvuru) [Orabug: 27648355] - bnxt_en: Fix sources of spurious netpoll warnings (Calvin Owens) [Orabug: 27648355] - bnxt_en: Dont print 'Link speed -1 no longer supported' messages. (Michael Chan) [Orabug: 27648355] - bnxt_en: Fix a variable scoping in bnxt_hwrm_do_send_msg() (Vasundhara Volam) [Orabug: 27648355] - bnxt_en: Need to unconditionally shut down RoCE in bnxt_shutdown (Ray Jui) [Orabug: 27648355] - bnxt_en: Fix an error handling path in 'bnxt_get_module_eeprom()' (Christophe JAILLET) [Orabug: 27648355] - bnxt: fix bnxt_hwrm_fw_set_time for y2038 (Arnd Bergmann) [Orabug: 27648355] - bnxt_en: Fix IRQ coalescing regression. (Michael Chan) [Orabug: 27648355] - bnxt_en: fix typo in bnxt_set_coalesce (Andy Gospodarek) [Orabug: 27648355] - bnxt_en: Refactor and simplify coalescing code. (Michael Chan) [Orabug: 27648355] - bnxt_en: Reorganize the coalescing parameters. (Michael Chan) [Orabug: 27648355] - bnxt_en: Add ethtool reset method (Vasundhara Volam) [Orabug: 27648355] - bnxt_en: Optimize .ndo_set_mac_address() for VFs. (Michael Chan) [Orabug: 27648355] - bnxt_en: Get firmware package version one time. (Michael Chan) [Orabug: 27648355] - bnxt_en: Check for zero length value in bnxt_get_nvram_item(). (Michael Chan) [Orabug: 27648355] - bnxt_en: adding PCI ID for SMARTNIC VF support (Rob Miller) [Orabug: 27648355] - bnxt_en: Add PCIe device ID for bcm58804 (Ray Jui) [Orabug: 27648355] - bnxt_en: Update firmware interface to 1.8.3.1 (Michael Chan) [Orabug: 27648355] - bnxt_en: Fix possible corruption in DCB parameters from firmware. (Sankar Patchineelam) [Orabug: 27648355] - bnxt_en: Fix VF resource checking. (Michael Chan) [Orabug: 27648355] - bnxt_en: Fix VF PCIe link speed and width logic. (Vasundhara Volam) [Orabug: 27648355] - bnxt_en: Dont use rtnl lock to protect link change logic in workqueue. (Michael Chan) [Orabug: 27648355] - bnxt_en: Improve VF/PF link change logic. (Michael Chan) [Orabug: 27648355] - bnxt_en: Remove redundant unlikely() (Tobias Klauser) [Orabug: 27648355] - drivers: net: bnxt: use setup_timer() helper. (Allen Pais) [Orabug: 27648355] - bnxt_en: Reduce default rings on multi-port cards. (Michael Chan) [Orabug: 27648355] - bnxt_en: Improve -ENOMEM logic in NAPI poll loop. (Michael Chan) [Orabug: 27648355] - bnxt: initialize board_info values with proper enums (Scott Branden) [Orabug: 27648355] - bnxt: Add PCIe device IDs for bcm58802/bcm58808 (Ray Jui) [Orabug: 27648355] - bnxt_en: assign CPU affinity hints to bnxt_en IRQs (Vasundhara Volam) [Orabug: 27648355] - bnxt_en: Improve tx ring reservation logic. (Michael Chan) [Orabug: 27648355] - bnxt_en: Update firmware interface spec. to 1.8.1.4. (Michael Chan) [Orabug: 27648355] - bnxt_en: Do not setup MAC address in bnxt_hwrm_func_qcaps(). (Michael Chan) [Orabug: 27648355] - bnxt_en: Free MSIX vectors when unregistering the device from bnxt_re. (Michael Chan) [Orabug: 27648355] - bnxt_en: Fix .ndo_setup_tc() to include XDP rings. (Michael Chan) [Orabug: 27648355] - bnxt: fix unused variable warnings (stephen hemminger) [Orabug: 27648355] - bnxt: fix unsigned comparsion with 0 (stephen hemminger) [Orabug: 27648355] - bnxt_en: Use SWITCHDEV_SET_OPS(). (David S. Miller) [Orabug: 27648355] - bnxt_en: Set ETS min_bw parameter for older firmware. (Michael Chan) [Orabug: 27648355] - dccp/tcp: fix routing redirect race (Jon Maxwell) [Orabug: 27661864] - Revert 'RDS: dont commit to queue till transport connection is up' (Santosh Shilimkar) [Orabug: 27606911] - be2net: locking/atomics: COCCINELLE/treewide: Convert trivial ACCESS_ONCE() patterns to READ_ONCE()/WRITE_ONCE() (Mark Rutland) [Orabug: 27615319] - be2net: Handle transmit completion errors in Lancer (Suresh Reddy) [Orabug: 27615319] - be2net: Fix HW stall issue in Lancer (Suresh Reddy) [Orabug: 27615319] - be2net: remove redundant initialization of 'head' and pointer txq (Colin Ian King) [Orabug: 27615319] - be2net: networking block comments dont use an empty /* line (Rohit Visavalia) [Orabug: 27615319] - be2net: restore properly promisc mode after queues reconfiguration (Ivan Vecera) [Orabug: 27615319] - be2net: use ARRAY_SIZE for array sizing calculation on array cmd_priv_map (Colin Ian King) [Orabug: 27615319] - RDS: IB: Fix null pointer issue (Guanglei Li) [Orabug: 27636711] - xen/acpi: upload _PSD info for non-dom0 CPUs too (Joao Martins) [Orabug: 27655759] - scsi: lpfc: Update 11.4.0.7 modified files for 2018 Copyright (James Smart) [Orabug: 27631736] - scsi: lpfc: update driver version to 11.4.0.7 (James Smart) [Orabug: 27631736] - scsi: lpfc: Treat SCSI Write operation Underruns as an error (James Smart) [Orabug: 27631736] - scsi: lpfc: Fix SCSI io host reset causing kernel crash (James Smart) [Orabug: 27631736] - scsi: lpfc: Fix issue_lip if link is disabled (James Smart) [Orabug: 27631736] - scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing (James Smart) [Orabug: 27631736] - scsi: lpfc: Allow set of maximum outstanding SCSI cmd limit for a target (James Smart) [Orabug: 27631736] - scsi: lpfc: Fix PRLI handling when topology type changes (James Smart) [Orabug: 27631736] - scsi: lpfc: fix a couple of minor indentation issues (Colin Ian King) [Orabug: 27631736] - scsi: lpfc: update driver version to 11.4.0.6 (James Smart) [Orabug: 27631736] - scsi: lpfc: update driver version to 11.4.0.5 (James Smart) [Orabug: 27631736] - scsi: lpfc: FLOGI failures are reported when connected to a private loop. (James Smart) [Orabug: 27631736] - scsi: lpfc: Fix ndlp ref count for pt2pt mode issue RSCN (James Smart) [Orabug: 27631736] - scsi: lpfc: Linux LPFC driver does not process all RSCNs (James Smart) [Orabug: 27631736] - scsi: lpfc: Driver fails to detect direct attach storage array (James Smart) [Orabug: 27631736] - scsi: lpfc: Fix crash after bad bar setup on driver attachment (James Smart) [Orabug: 27631736] - scsi: lpfc: Fix hard lock up NMI in els timeout handling. (Dick Kennedy) [Orabug: 27631736] - scsi: lpfc: change version to 11.4.0.4 (Dick Kennedy) [Orabug: 27631736] - scsi: lpfc: Extend RDP support (Dick Kennedy) [Orabug: 27631736] - scsi: lpfc: Fix secure firmware updates (Dick Kennedy) [Orabug: 27631736] - scsi: lpfc: PLOGI failures during NPIV testing (Dick Kennedy) [Orabug: 27631736] - scsi: lpfc: Fix crash receiving ELS while detaching driver (Dick Kennedy) [Orabug: 27631736] - scsi: lpfc: fix pci hot plug crash in list_add call (Dick Kennedy) [Orabug: 27631736] - scsi: lpfc: fix pci hot plug crash in timer management routines (Dick Kennedy) [Orabug: 27631736] - scsi: lpfc: remove redundant null check on eqe (Colin Ian King) [Orabug: 27631736] - scsi: lpfc: lpfc version bump 11.4.0.3 (Dick Kennedy) [Orabug: 27631736] - scsi: lpfc: fix 'integer constant too large' error on 32bit archs (Maurizio Lombardi) [Orabug: 27631736] - scsi: lpfc: Add Buffer to Buffer credit recovery support (James Smart) [Orabug: 27631736] - scsi: lpfc: Correct issues with FAWWN and FDISCs (Dick Kennedy) [Orabug: 27631736] - scsi: lpfc: Fix rediscovery on switch blade pull (Dick Kennedy) [Orabug: 27631736] - scsi: lpfc: remove useless code in lpfc_sli4_bsg_link_diag_test (Gustavo A. R. Silva) [Orabug: 27631736] - scsi: lpfc: Fix plogi collision that causes illegal state transition (Dick Kennedy) [Orabug: 27631736] - lpfc: Fix Express lane queue creation (Maurizio Lombardi) [Orabug: 27631736] - Cosmetic updates to arch/x86/kernel/cpu/microcode/xen.c to pass checkpatch.pl and match UEK5 code. (Aaron Young) [Orabug: 27640697] - Incorporate arch/x86/kernel/cpu/microcode/xen.c into cpu microcode driver. (Aaron Young) [Orabug: 27640697] - 1. Move arch/x86/kernel/microcode_xen.c file to proper cpu microcode driver location and rename to arch/x86/kernel/cpu/microcode/xen.c. (Aaron Young) [Orabug: 27640697] - fork: fix incorrect fput of ->exe_file causing use-after-free (Eric Biggers) [Orabug: 27648200] {CVE-2017-17052} - scsi: megaraid_sas: Do not use 32-bit atomic request descriptor for Ventura controllers (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: NVMe passthrough command support (Shivasharan S) [Orabug: 27625001] - scsi: megaraid: use ktime_get_real for firmware time (Arnd Bergmann) [Orabug: 27625001] - scsi: megaraid_sas: driver version upgrade (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: re-work DCMD refire code (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Expose fw_cmds_outstanding through sysfs (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Selectively apply stream detection based on IO type (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Update LD map after populating drv_map driver map copy (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Use megasas_wait_for_adapter_operational to detect controller state in IOCTL path (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Avoid firing DCMDs while OCR is in progress (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: unload flag should be set after scsi_remove_host is called (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Error handling for invalid ldcount provided by firmware in RAID map (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Reset ldio_outstanding in megasas_resume (Sumit Saxena) [Orabug: 27625001] - scsi: megaraid_sas: Return the DCMD status from megasas_get_seq_num (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: memset IOC INIT frame using correct size (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: zero out IOC INIT and stream detection memory (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: fix spelling mistake: 'thershold' -> 'threshold' (Colin Ian King) [Orabug: 27625001] - scsi: megaraid: Remove redundant code in megasas_alloc_cmds (Yisheng Xie) [Orabug: 27625001] - License cleanup: add SPDX GPL-2.0 license identifier to files with no license (Greg Kroah-Hartman) [Orabug: 27625001] - scsi: megaraid_sas: driver version upgrade (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Add support for 64bit consistent DMA (Sumit Saxena) [Orabug: 27625001] - scsi: megaraid_sas: Do not limit queue_depth to 1k in non-RDPQ mode (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Retry with reduced queue depth when alloc fails for higher QD (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Incorrect processing of IOCTL frames for SMP/STP commands (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Resize MFA frame used for IOC INIT to 4k (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Update current host time to FW during IOC Init (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Move controller memory allocations and DMA mask settings from probe to megasas_init_fw (Sumit Saxena) [Orabug: 27625001] - scsi: megaraid_sas: Move initialization of instance parameters inside newly created function megasas_init_ctrl_params (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: remove instance->ctrl_info (Sumit Saxena) [Orabug: 27625001] - scsi: megaraid_sas: Pre-allocate frequently used DMA buffers (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Create separate functions for allocating and freeing controller DMA buffers (Sumit Saxena) [Orabug: 27625001] - scsi: megaraid_sas: Create separate functions to allocate ctrl memory (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: reduce size of fusion_context and use kmalloc for allocation (Sumit Saxena) [Orabug: 27625001] - scsi: megaraid_sas: replace is_ventura with adapter_type checks (Sumit Saxena) [Orabug: 27625001] - scsi: megaraid_sas: Remove redundant checks for ctrl_context (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: replace instance->ctrl_context checks with instance->adapter_type (Sumit Saxena) [Orabug: 27625001] - scsi: megaraid_sas: Add support for Crusader controllers (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: use adapter_type for all gen controllers (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: driver version upgrade (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: call megasas_dump_frame with correct IO frame size (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: modified few prints in OCR and IOC INIT path (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: replace internal FALSE/TRUE definitions with false/true (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Return pended IOCTLs with cmd_status MFI_STAT_WRONG_STATE in case adapter is dead (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: use vmalloc for crash dump buffers and drivers local RAID map (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Use SMID for Task abort case only (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Check valid aen class range to avoid kernel panic (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Fix endianness issues in DCMD handling (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Do not re-fire shutdown DCMD after OCR (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Call megasas_complete_cmd_dpc_fusion every 1 second while there are pending commands (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: Use synchronize_irq in target reset case (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: set minimum value of resetwaittime to be 1 secs (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: mismatch of allocated MFI frame size and length exposed in MFI MPT pass through command (Shivasharan S) [Orabug: 27625001] - scsi: megaraid_sas: fix error handle in megasas_probe_one (weiping zhang) [Orabug: 27625001] - scsi: megaraid_sas: fix allocate instance->pd_info twice (weiping) [Orabug: 27625001] - scsi: remove DRIVER_ATTR() usage (Greg Kroah-Hartman) [Orabug: 27625001] - scsi: megaraid: Replace PCI pool old API (Romain Perier) [Orabug: 27625001] - scsi: megaraid_sas: fix memleak in megasas_alloc_cmdlist_fusion (Shu Wang) [Orabug: 27625001] - scsi: megaraid: Fix a sleep-in-atomic bug (Jia-Ju Bai) [Orabug: 27625001] - drivers/scsi/megaraid: remove expensive inline from megasas_return_cmd (Andi Kleen) [Orabug: 27625001] - megaraid_sas: remove redundant code initialzing *pDevHandle with MR_DEVHANDLE_INVALID (Sumit Saxena) [Orabug: 27625001] - usb: usbtest: fix NULL pointer dereference (Alan Stern) [Orabug: 27602322] {CVE-2017-16532} - rds: Incorrect reference counting in TCP socket creation (Ka-Cheong Poon) [Orabug: 27602824] - enic: enable rq before updating rq descriptors (Govindarajulu Varadarajan) [Orabug: 27587345] - enic: add sw timestamp support (Govindarajulu Varadarajan) [Orabug: 27587345] - enic: add wq clean up budget (Govindarajulu Varadarajan) [Orabug: 27587345] - enic: Add support for 'ethtool -g/-G' (Parvi Kaustubhi) [Orabug: 27587345] - enic: reset fetch index (Parvi Kaustubhi) [Orabug: 27587345] - drivers: net: enic: use setup_timer() helper. (Allen Pais) [Orabug: 27587345] - drivers: net: enic: use setup_timer() helper. (Allen Pais) [Orabug: 27587345] - enic: update enic maintainers (Govindarajulu Varadarajan) [Orabug: 27587345] - cisco: enic: Fic an error handling path in 'vnic_dev_init_devcmd2()' (Christophe Jaillet) [Orabug: 27587345] - enic: Fix format truncation warning (Govindarajulu Varadarajan) [Orabug: 27587345] - enic: add devcmds for vxlan offload (Govindarajulu Varadarajan) [Orabug: 27587345] - enic: increment devcmd2 result ring in case of timeout (Sandeep Pillai) [Orabug: 27587345] - scsi: fnic: use kzalloc in fnic_fcoe_process_vlan_resp (Rasmus Villemoes) [Orabug: 27587343] - scsi: fnic: add a space after %p in printf format (Nicolas Iooss) [Orabug: 27587343] - scsi: fnic: Fix coccinelle warnings (Vasyl Gomonovych) [Orabug: 27587343] - scsi: fnic: do not call host reset from command abort (Hannes Reinecke) [Orabug: 27587343] - scsi: fnic: fix format string overflow warning (Arnd Bergmann) [Orabug: 27587343] - scsi: fnic: correct speed display and add support for 25,40 and 100G (Satish Kharat) [Orabug: 27587343] - scsi: fnic: added timestamp reporting in fnic debug stats (Satish Kharat) [Orabug: 27587343] - scsi: fnic: Zero io_cmpl_skip on fw reset completion (Satish Kharat) [Orabug: 27587343] - scsi: fnic: Ratelimit printks to avoid flooding when vlan is not set by the switch.i (Satish Kharat) [Orabug: 27587343] - scsi: fnic: use kernels '%pM' format option to print MAC (Andy Shevchenko) [Orabug: 27587343] - fnic: pci_dma_mapping_error() doesnt return an error code (Dan Carpenter) [Orabug: 27587343] - fnic: move printk()s outside of the critical code section. (Maurizio Lombardi) [Orabug: 27587343] - fnic: check pci_map_single() return value (Maurizio Lombardi) [Orabug: 27587343] - retpoline: move setting of sysctl_ibrs_enabled and sysctl_ibpb_enabled to where SPEC_CTRL_IBRS_INUSE and SPEC_CTRL_IBPB_INUSE are set (Chuck Anderson) [Orabug: 27625404] - retpoline: set IBRS and IBPB in use only on the boot CPU call to init_scattered_cpuid_features() (Chuck Anderson) [Orabug: 27625404] - retpoline: display IBPB feature status along with IBRS status (Chuck Anderson) [Orabug: 27625404] - retpoline: move lock/unlock of spec_ctrl_mutex to check_modinfo() (Chuck Anderson) [Orabug: 27625404] - retpoline: call clear_retpoline_fallback() with boot parm spectre_v2_heuristics=off (Chuck Anderson) [Orabug: 27625404] - retpoline: add brackets to check_ibrs_inuse() and clear_ibpb_inuse() (Chuck Anderson) [Orabug: 27625404] - retpoline/module: do not enable IBRS/IPBP if SPEC_CTRL_IBRS_ADMIN_DISABLED/SPEC_CTRL_IBPB_ADMIN_DISABLED is set (Chuck Anderson) [Orabug: 27625353] - retpoline: microcode incorrectly reported as broken during early boot (Chuck Anderson) [Orabug: 27625404] - retpoline: move lock/unlock of spec_ctrl_mutex into init_scattered_cpuid_features() (Chuck Anderson) [Orabug: 27625404] - retpoline/module: fall back to another spectre mitigation when disabling retpoline (Chuck Anderson) [Orabug: 27457549] - retpoline/module: add bit defs for use_ibpb (Chuck Anderson) [Orabug: 27457549] - x86/spectre_v2: Fix the documentation to say the right thing. (Konrad Rzeszutek Wilk) - x86/spectre_v2: Dont check bad microcode versions when running under hypervisors. (Konrad Rzeszutek Wilk) [Orabug: 27601736] - x86/speculation: Use IBRS if available before calling into firmware (David Woodhouse) [Orabug: 27516477] - Revert 'x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation' (Konrad Rzeszutek Wilk) [Orabug: 27601789] - Revert 'x86/spec: Add 'lfence_enabled' in sysfs' (Konrad Rzeszutek Wilk) - KVM: Disable irq while unregistering user notifier (Ignacio Alvarado) - dtrace: increase instruction limit for FBT entry probe detection (Kris Van Hees) [Orabug: 27410742] [4.1.12-124.5.1] - trace: declare blk_add_trace_rq non-static on OL6 (Todd Vierling) [Orabug: 27578618] - x86/ia32/syscall: RESTORE_EXTRA_REGS when returning from syscall (Ankur Arora) [Orabug: 27461990] {CVE-2017-5715} - x86/ia32/syscall: dont do RESTORE_EXTRA_REGS prematurely (Ankur Arora) [Orabug: 27461990] {CVE-2017-5715} - firmware: dmi_scan: add SBMIOS entry and DMI tables (Ivan Khoronzhuk) [Orabug: 27586223] - uek-rpm: enable USERFAULTFD in debug kernels (UEK4 QU7) (Mike Kravetz) [Orabug: 27579702] - vmxnet3: repair memory leak (Neil Horman) [Orabug: 27479086] - bonding: attempt to better support longer hw addresses (Jarod Wilson) [Orabug: 27542370] - scsi: Make __scsi_remove_device go straight from BLOCKED to DEL (Bart Van Assche) [Orabug: 27546768] - scsi: Protect SCSI device state changes with a mutex (Bart Van Assche) [Orabug: 27546768] - scsi: Introduce scsi_start_queue() (Bart Van Assche) [Orabug: 27546768] - scsi: avoid a permanent stop of the scsi devices request queue (Wei Fang) [Orabug: 27546768] - IB/ipoib: ioctls IPOIBACLNADD and IPOIBACLNGET do not work correctly (Ka-Cheong Poon) [Orabug: 27533123] - x86/spectre: move microcode check before kernel ibrs flags are set (Daniel Jordan) [Orabug: 27542331] {CVE-2017-5715} [4.1.12-124.4.1] - x86: make HAVE_FENTRY dependent on !SIMULATE_GCC44_KABI (Todd Vierling) [Orabug: 27540463] - x86/spectre_v2: Only use IBRS when ibrs_inuse tells us to (Konrad Rzeszutek Wilk) - kernel: on OL6 only, simulate the gcc 4.4 kABI for __stack_chk_fail() (Todd Vierling) [Orabug: 27509351] - uek-rpm: configs: Dont set HAVE_FENTRY on OL6 builds. (Todd Vierling) [Orabug: 27509351] - KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL (KarimAllah Ahmed) [Orabug: 27525575] - x86/spectre_v2: Disable IBRS if spectre_v2=off (Konrad Rzeszutek Wilk) - xenbus: track caller request id (Joao Martins) [Orabug: 27472576] - x86/spectre_v2: Remove 0xc2 from spectre_bad_microcodes (Darren Kenny) [Orabug: 27523393] - x86/speculation: Use Indirect Branch Prediction Barrier in context switch (Tim Chen) [Orabug: 27524608] - Fix typo IBRS_ATT, which should be IBRS_ALL (redux) (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre_v2: Add spectre_v2_heuristics= (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre_v2: Do not disable IBPB when disabling IBRS (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/scattered: Fix the order. (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre: Favor IBRS on Skylake over retpoline (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL (Darren Kenny) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre: Now that we expose 'stbibp' make sure it is correct. (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/cpufeatures: Clean up Spectre v2 related CPUID flags (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/bugs: Drop one 'mitigation' from dmesg (Borislav Petkov) [Orabug: 27477743] {CVE-2017-5715} - x86/nospec: Fix header guards names (Borislav Petkov) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre_v2: Dont spam the console with these: (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/cpu: Keep model defines sorted by model number (Andy Shevchenko) [Orabug: 27477743] {CVE-2017-5715} - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/msr: Add definitions for new speculation control MSRs (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/cpufeatures: Add AMD feature bits for Speculation Control (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre_v2: Print what options are available. (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre_v2: Add VMEXIT_FILL_RSB instead of RETPOLINE (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre: If IBRS is enabled disable 'Filling RSB on context switch' (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre_v2: Dont allow {ibrs,ipbp,lfence}_enabled to be toggled if retpoline (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre: Fix retpoline_enabled (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre: Update sysctl values if toggled only by set_{ibrs,ibpb}_disabled (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - retpoline/module: Taint kernel for missing retpoline in module (Andi Kleen) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline: Fill RSB on context switch for affected CPUs (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB (Andi Kleen) [Orabug: 27477743] {CVE-2017-5715} - kprobes/x86: Disable optimizing on the function jumps to indirect thunk (Masami Hiramatsu) [Orabug: 27477743] {CVE-2017-5715} - kprobes/x86: Blacklist indirect thunk functions for kprobes (Masami Hiramatsu) [Orabug: 27477743] {CVE-2017-5715} - retpoline: Introduce start/end markers of indirect thunk (Masami Hiramatsu) [Orabug: 27477743] {CVE-2017-5715} - x86/mce: Make machine check speculation protected (Thomas Gleixner) [Orabug: 27477743] {CVE-2017-5715} - kbuild: modversions for EXPORT_SYMBOL() for asm (Nicholas Piggin) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (Tom Lendacky) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline: Remove compile time warning (Thomas Gleixner) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline: Fill return stack buffer on vmexit (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline/irq32: Convert assembler indirect jumps (Andi Kleen) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline/checksum32: Convert assembler indirect jumps (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline/xen: Convert Xen hypercall indirect jumps (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline/hyperv: Convert assembler indirect jumps (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline/ftrace: Convert ftrace assembler indirect jumps (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline/entry: Convert entry assembler indirect jumps (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline/crypto: Convert crypto assembler indirect jumps (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre_v2: Add disable_ibrs_and_friends (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre_v2: Figure out if STUFF_RSB macro needs to be used. (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre_v2: Figure out when to use IBRS. (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre: Add IBRS option. (Konrad Rzeszutek Wilk) [Orabug: 27477743] {CVE-2017-5715} - x86/spectre: Add boot time option to select Spectre v2 mitigation (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/retpoline: Add initial retpoline support (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - kconfig.h: use __is_defined() to check if MODULE is defined (Masahiro Yamada) [Orabug: 27477743] {CVE-2017-5715} - EXPORT_SYMBOL() for asm (Al Viro) [Orabug: 27477743] {CVE-2017-5715} - x86/asm: Make asm/alternative.h safe from assembly (Andy Lutomirski) [Orabug: 27477743] {CVE-2017-5715} - x86/kbuild: enable modversions for symbols exported from asm (Adam Borowski) [Orabug: 27477743] {CVE-2017-5715} - x86/asm: Use register variable to get stack pointer value (Andrey Ryabinin) [Orabug: 27477743] {CVE-2017-5715} - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier (Andy Lutomirski) [Orabug: 27477743] {CVE-2017-5715} - x86/alternatives: Add missing ' ' at end of ALTERNATIVE inline asm (David Woodhouse) [Orabug: 27477743] {CVE-2017-5715} - x86/alternatives: Fix optimize_nops() checking (Borislav Petkov) [Orabug: 27477743] {CVE-2017-5715} - block: Check for gaps on front and back merges (Jens Axboe) [Orabug: 27484719] - block: Copy a user iovec if it includes gaps (Sagi Grimberg) [Orabug: 27484719] - block: Replace SG_GAPS with new queue limits mask (Keith Busch) [Orabug: 27484719] - Revert 'block: Copy a user iovec if it includes gaps' (Ashok Vairavan) [Orabug: 27484719] - Revert 'block: Check for gaps on front and back merges' (Ashok Vairavan) [Orabug: 27484719] - Revert 'blk: [Partial] Replace SG_GAPGS with new queue limits mask' (Ashok Vairavan) [Orabug: 27484719] - qlcnic: fix deadlock bug (Junxiao Bi) [Orabug: 27496907] - x86/entry: RESTORE_IBRS needs to be done under kernel CR3 (Ankur Arora) [Orabug: 27501734] [4.1.12-124.3.1] - rds: Fix NULL pointer dereference in __rds_rdma_map (Hakon Bugge) [Orabug: 27477010] - Btrfs: fix unexpected EEXIST from btrfs_get_extent (Liu Bo) [Orabug: 27446668] - Btrfs: fix incorrect block_len in merge_extent_mapping (Liu Bo) [Orabug: 27446668] - Btrfs: add WARN_ONCE to detect unexpected error from merge_extent_mapping (Liu Bo) [Orabug: 27446668] - Btrfs: deal with existing encompassing extent map in btrfs_get_extent() (Omar Sandoval) [Orabug: 27446668] - Btrfs: deal with duplciates during extent_map insertion in btrfs_get_extent (Chris Mason) [Orabug: 27446668] - x86/spec: Fix spectre_v1 bug and mitigation indicators (John Haxby) [Orabug: 27470687] - Drivers: hv: util: Backup: Fix a rescind processing issue (K. Y. Srinivasan) [Orabug: 27426063] - Drivers: hv: vss: Operation timeouts should match host expectation (Alex Ng) [Orabug: 27426063] - Drivers: hv: vss: Improve log messages. (Alex Ng) [Orabug: 27426063] - Drivers: hv: utils: Check VSS daemon is listening before a hot backup (Alex Ng) [Orabug: 27426063] - Drivers: hv: utils: Continue to poll VSS channel after handling requests. (Alex Ng) [Orabug: 27426063] - Drivers: hv: utils: fix a race on userspace daemons registration (Vitaly Kuznetsov) [Orabug: 27426063] - Drivers: hv: util: catch allocation errors (Olaf Hering) [Orabug: 27426063] - Drivers: hv: vss: run only on supported host versions (Olaf Hering) [Orabug: 27426063] - Drivers: hv: utils: unify driver registration reporting (Vitaly Kuznetsov) [Orabug: 27426063] - drivers/char/mem.c: deny access in open operation when securelevel is set (Ethan Zhao) [Orabug: 26943864] [Orabug: 27465736] - rds: Calling getsockname() on unbounded socket generates seg fault (Ka-Cheong Poon) [Orabug: 27463484] - rds: Second bind() can overwrite the first bind() (Ka-Cheong Poon) [Orabug: 27463500] - rds: Un-connected socket sendmsg() with a NULL destination does not fail (Ka-Cheong Poon) [Orabug: 27463507] - x86/mitigation/spectre_v2: Add reporting of 'lfence' (Konrad Rzeszutek Wilk) - x86/spec: Add 'lfence_enabled' in sysfs (Konrad Rzeszutek Wilk) - x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation (Konrad Rzeszutek Wilk) - x86: Fix compile issues if CONFIG_XEN not defined (Konrad Rzeszutek Wilk) - hugetlb: fix nr_pmds accounting with shared page tables (Kirill A. Shutemov) [Orabug: 27451809] - net/mlx4_core: allow QPs with enable_smi_admin enabled (Zhu Yanjun) [Orabug: 27452072] - net/rds: Fix incorrect error handling (Hakon Bugge) [Orabug: 27469760] [4.1.12-124.2.1] - x86: Move STUFF_RSB in to the idt macro (Konrad Rzeszutek Wilk) - x86/spectre: Drop the warning about ibrs being obsolete. (Konrad Rzeszutek Wilk) - x86/spec: STUFF_RSB _before_ ENABLE_IBRS (Konrad Rzeszutek Wilk) - x86/spec: Dont print the Missing arguments for option spectre_v2. (Konrad Rzeszutek Wilk) - x86: Move ENABLE_IBRS in the interrupt macro. (Konrad Rzeszutek Wilk) - x86/IBRS: Dont try to change IBRS mode if IBRS is not available (Boris Ostrovsky) [Orabug: 27448280] - x86/IBRS: Remove support for IBRS_ENABLED_USER mode (Boris Ostrovsky) [Orabug: 27448280] - x86: Use PRED_CMD MSR when ibpb is enabled (Konrad Rzeszutek Wilk) - x86/IBRS: Drop unnecessary WRITE_ONCE (Boris Ostrovsky) [Orabug: 27448280] - x86/IBRS/IBPB: Remove procfs interface to ibrs/ibpb_enable (Boris Ostrovsky) [Orabug: 27448280] - x86/IBPB: Provide debugfs interface for changing IBPB mode (Boris Ostrovsky) [Orabug: 27448313] - x86/spec: Also print IBRS if IBPB is disabled. (Konrad Rzeszutek Wilk) - x86: Include linux/device.h in bugs_64.c (Boris Ostrovsky) [Orabug: 27448330] - fs/ocfs2: remove page cache for converted direct write (Wengang Wang) - Revert 'ocfs2: code clean up for direct io' (Wengang Wang) - mlx4: add mstflint secure boot access kernel support (Qing Huang) [Orabug: 27424392] - x86/microcode/intel: Extend BDW late-loading with a revision check (Jia Zhang) [Orabug: 27343609] - x86/microcode/intel: Disable late loading on model 79 (Borislav Petkov) [Orabug: 27343609] - autofs: use dentry flags to block walks during expire (Ian Kent) [Orabug: 26032471] - autofs races (Al Viro) [Orabug: 26032471] - Revert 'kernel.spec: Require the new microcode_ctl.' (Brian Maly) [4.1.12-124.1.1] - dtrace: revive dtrace_gethrtime() (Tomas Jedlicka) [Orabug: 27409933] [4.1.12-124] - x86: Clean up IBRS functionality resident in common code (Kanth Ghatraju) [Orabug: 27353383] - x86: Display correct settings for the SPECTRE_V2 bug (Kanth Ghatraju) [Orabug: 27353383] - Set CONFIG_GENERIC_CPU_VULNERABILITIES flag (Kanth Ghatraju) [Orabug: 27353383] - x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27353383] - sysfs/cpu: Fix typos in vulnerability documentation (David Woodhouse) [Orabug: 27353383] - sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27353383] - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (David Woodhouse) [Orabug: 27353383] - x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27353383] - KVM: x86: Add memory barrier on vmcs field lookup (Andrew Honig) {CVE-2017-5753} - KVM: VMX: remove I/O port 0x80 bypass on Intel hosts (Andrew Honig) [Orabug: 27206805] {CVE-2017-1000407} {CVE-2017-1000407} - ixgbevf: handle mbox_api_13 in ixgbevf_change_mtu (Joao Martins) [Orabug: 27397028] - xen-blkback: add pending_req allocation stats (Ankur Arora) [Orabug: 26670475] - xen-blkback: move indirect req allocation out-of-line (Ankur Arora) [Orabug: 26670475] - xen-blkback: pull nseg validation out in a function (Ankur Arora) [Orabug: 26670475] - xen-blkback: make struct pending_req less monolithic (Ankur Arora) [Orabug: 26670475] - x86/fpu: Dont let userspace set bogus xcomp_bv (Tim Tianyang Chen) [Orabug: 27050688] {CVE-2017-15537} - sctp: do not peel off an assoc from one netns to another one (Xin Long) [Orabug: 27386997] {CVE-2017-15115} - media: dib0700: fix invalid dvb_detach argument (Andrey Konovalov) [Orabug: 27215141] {CVE-2017-16646} - Sanitize 'move_pages()' permission checks (Linus Torvalds) [Orabug: 27364683] {CVE-2017-14140} - assoc_array: Fix a buggy node-splitting case (David Howells) [Orabug: 27364588] {CVE-2017-12193} {CVE-2017-12193} - net: ipv4: fix for a race condition in raw_sendmsg (Mohamed Ghannam) [Orabug: 27390679] {CVE-2017-17712} [4.1.12-123] - x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27378516] [Orabug: 27333760] {CVE-2017-5754} - x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT (redux) (Konrad Rzeszutek Wilk) [Orabug: 27378451] - x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27378102] - x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27382723] - x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported. (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/entry_64: TRACE_IRQS_OFF before re-enabling. (Jamie Iles) [Orabug: 27344012] {CVE-2017-5715} - ptrace: remove unlocked RCU dereference. (Jamie Iles) [Orabug: 27344012] {CVE-2017-5715} - x86/ia32: Adds code hygiene for 32bit SYSCALL instruction entry. (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/ia32: dont save registers on audit call (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT. (Konrad Rzeszutek Wilk) [Orabug: 27365575] {CVE-2017-5715} - x86/ia32: save and clear registers on syscall. (Jamie Iles) [Orabug: 27365431] {CVE-2017-5754} - x86/IBRS: Save current status of MSR_IA32_SPEC_CTRL (Boris Ostrovsky) [Orabug: 27365419] - pti: Rename X86_FEATURE_KAISER to X86_FEATURE_PTI (Pavel Tatashin) [Orabug: 27333760] {CVE-2017-5754} - x86/spec_ctrl: Add missing IBRS_DISABLE (Konrad Rzeszutek Wilk) [Orabug: 27365403] - Make use of ibrs_inuse consistent. (Jun Nakajima) [Orabug: 27365390] - x86/kvm: Set IBRS on VMEXIT if guest disabled it. (Konrad Rzeszutek Wilk) [Orabug: 27364900] - Re-introduce clearing of r12-15, rbp, rbx (Kris Van Hees) [Orabug: 27344012] {CVE-2017-5715} - x86: more ibrs/pti fixes (Pavel Tatashin) [Orabug: 27333760] {CVE-2017-5754} - x86/spec: Actually do the check for in_use on ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - kvm: svm: Expose the CPUID.0x80000008 ebx flag. (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/spec_ctrl: Provide the sysfs version of the ibrs_enabled (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86: Use better #define for FEATURE_ENABLE_IBRS and 0 (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86: Instead of 0x2, 0x4, and 0x1 use #defines. (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - kpti: Disable when running under Xen PV (Konrad Rzeszutek Wilk) [Orabug: 27333760] {CVE-2017-5754} - x86: Dont ENABLE_IBRS in nmi when we are still running on user cr3 (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/enter: Use IBRS on syscall and interrupts - fix ia32 path (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86: Fix spectre/kpti integration (Konrad Rzeszutek Wilk) [Orabug: 27333760] {CVE-2017-5754} - PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27333760] {CVE-2017-5754} - KAISER KABI tweaks. (Martin K. Petersen) [Orabug: 27333760] {CVE-2017-5754} - x86/ldt: fix crash in ldt freeing. (Jamie Iles) [Orabug: 27333760] {CVE-2017-5754} - x86/entry: Define 'cpu_current_top_of_stack' for 64-bit code (Denys Vlasenko) [Orabug: 27333760] {CVE-2017-5754} - x86/entry: Remove unused 'kernel_stack' per-cpu variable (Denys Vlasenko) [Orabug: 27333760] {CVE-2017-5754} - x86/entry: Stop using PER_CPU_VAR(kernel_stack) (Denys Vlasenko) [Orabug: 27333760] {CVE-2017-5754} - kaiser: Set _PAGE_NX only if supported (Guenter Roeck) [Orabug: 27333760] {CVE-2017-5754} - x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - KPTI: Report when enabled (Kees Cook) [Orabug: 27333760] {CVE-2017-5754} - KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27333760] {CVE-2017-5754} - x86/kaiser: Move feature detection up (Borislav Petkov) [Orabug: 27333760] {CVE-2017-5754} - x86/kaiser: Reenable PARAVIRT (Borislav Petkov) [Orabug: 27333760] {CVE-2017-5754} - x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner) [Orabug: 27333760] {CVE-2017-5754} - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: drop is_atomic arg to kaiser_pagetable_walk() (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - x86/kaiser: Check boottime cmdline params (Borislav Petkov) [Orabug: 27333760] {CVE-2017-5754} - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27333760] {CVE-2017-5754} - kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: fix unlikely error in alloc_ldt_struct() (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: paranoid_entry pass cr3 need to paranoid_exit (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: PCID 0 for kernel and 128 for user (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: enhanced by kernel and user PCIDs (Dave Hansen) [Orabug: 27333760] {CVE-2017-5754} - kaiser: vmstat show NR_KAISERTABLE as nr_overhead (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: delete KAISER_REAL_SWITCH option (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: cleanups while trying for gold link (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: kaiser_remove_mapping() move along the pgd (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: tidied up kaiser_add/remove_mapping slightly (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: tidied up asm/kaiser.h somewhat (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: ENOMEM if kaiser_pagetable_walk() NULL (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: fix perf crashes (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: KAISER depends on SMP (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: fix build and FIXME in alloc_ldt_struct() (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: do not set _PAGE_NX on pgd_none (Hugh Dickins) [Orabug: 27333760] {CVE-2017-5754} - kaiser: merged update (Dave Hansen) [Orabug: 27333760] {CVE-2017-5754} - KAISER: Kernel Address Isolation (Richard Fellner) [Orabug: 27333760] {CVE-2017-5754} - x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27333760] {CVE-2017-5754} - x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: Make flush_tlb_mm_range() more predictable (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: Remove flush_tlb() and flush_tlb_current_task() (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/irq: Do not substract irq_tlb_count from irq_call_count (Aaron Lu) [Orabug: 27333760] {CVE-2017-5754} - sched/core: Idle_task_exit() shouldnt use switch_mm_irqs_off() (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - ARM: Hide finish_arch_post_lock_switch() from modules (Steven Rostedt) [Orabug: 27333760] {CVE-2017-5754} - x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27333760] {CVE-2017-5754} - x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27333760] {CVE-2017-5754} - x86/ibrs: Remove 'ibrs_dump' and remove the pr_debug (Konrad Rzeszutek Wilk) [Orabug: 27351274] - kABI: Revert kABI: Make the boot_cpu_data look normal (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - userns: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - udf: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - net: mpls: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - fs: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - ipv6: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - ipv4: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - Thermal/int340x: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - cw1200: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - p54: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - bpf: prevent speculative execution in eBPF interpreter (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27340445] {CVE-2017-5753} - kABI: Make the boot_cpu_data look normal. (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - kernel.spec: Require the new microcode_ctl. (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} {CVE-2017-5715} - x86/microcode/AMD: Add support for fam17h microcode loading (Tom Lendacky) [Orabug: 27344012] {CVE-2017-5715} - x86/spec_ctrl: Disable if running as Xen PV guest. (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - Set IBPB when running a different VCPU (Dave Hansen) [Orabug: 27344012] {CVE-2017-5715} - Clear the host registers after setbe (Jun Nakajima) [Orabug: 27344012] {CVE-2017-5715} - Use the ibpb_inuse variable. (Jun Nakajima) [Orabug: 27344012] {CVE-2017-5715} - KVM: x86: add SPEC_CTRL to MSR and CPUID lists (Andrea Arcangeli) [Orabug: 27344012] {CVE-2017-5715} - kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Paolo Bonzini) [Orabug: 27344012] {CVE-2017-5715} - Use the 'ibrs_inuse' variable. (Jun Nakajima) [Orabug: 27344012] {CVE-2017-5715} - kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Andrea Arcangeli) [Orabug: 27344012] {CVE-2017-5715} - x86/svm: Set IBPB when running a different VCPU (Paolo Bonzini) [Orabug: 27344012] {CVE-2017-5715} - x86/kvm: Pad RSB on VM transition (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27344012] {CVE-2017-5715} - x86/microcode: Recheck IBRS and IBPB feature on microcode reload (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86: Move IBRS/IBPB feature detection to scattered.c (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/kvm: clear registers on VM exit (Tom Lendacky) [Orabug: 27344012] {CVE-2017-5715} - x86/kvm: Set IBPB when switching VM (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - *INCOMPLETE* x86/syscall: Clear unused extra registers on syscall entrance (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/mm: Set IBPB upon context switch (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86/spec_ctrl: save IBRS MSR value in paranoid_entry (Andrea Arcangeli) [Orabug: 27344012] {CVE-2017-5715} - *Scaffolding* x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86: Add macro that does not save rax, rcx, rdx on stack to disable IBRS (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86/enter: MACROS to set/clear IBRS and set IBP (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86/feature: Report presence of IBPB and IBRS control (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - x86: Add STIBP feature enumeration (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 27344012] {CVE-2017-5715} - x86/feature: Enable the x86 feature to control (Tim Chen) [Orabug: 27344012] {CVE-2017-5715} - dccp: CVE-2017-8824: use-after-free in DCCP code (Mohamed Ghannam) [Orabug: 27290292] {CVE-2017-8824} - negotiate_mq should happen in all cases of a new VBD being discovered by xen-blkfront, whether called through _probe() or a hot-attached new VBD from dom-0 via xenstore. Otherwise, hot-attached new VBDs are left configured without multi-queue. (Patrick Colp) [Orabug: 27180421] - e1000: avoid null pointer dereference on invalid stat type (Colin Ian King) [Orabug: 27069012] - e1000: fix race condition between e1000_down() and e1000_watchdog (Vincenzo Maffione) [Orabug: 27069012] - e1000e: Be drop monitor friendly (Florian Fainelli) [Orabug: 27069012] - e1000e: apply burst mode settings only on default (Willem de Bruijn) [Orabug: 27069012] - e1000e: fix buffer overrun while the I219 is processing DMA transactions (Sasha Neftin) [Orabug: 27069012] - e1000e: Avoid receiver overrun interrupt bursts (Benjamin Poirier) [Orabug: 27069012] - e1000e: Separate signaling for link check/link up (Benjamin Poirier) [Orabug: 27069012] - e1000e: Fix return value test (Benjamin Poirier) [Orabug: 27069012] - e1000e: Fix wrong comment related to link detection (Benjamin Poirier) [Orabug: 27069012] - e1000e: Fix error path in link detection (Benjamin Poirier) [Orabug: 27069012] - drivers: net: e1000e: use setup_timer() helper. (Allen Pais) [Orabug: 27069012] - e1000e: Initial Support for IceLake (Sasha Neftin) [Orabug: 27069012] - e1000e: add check on e1e_wphy() return value (Gustavo A R Silva) [Orabug: 27069012] - e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails (Chris Wilson) [Orabug: 27069012] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-16646 CVE-2017-16532 CVE-2017-15537 CVE-2018-1068 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 7 [1.0.2k-12.0.1] - sha256 is used for the RSA pairwise consistency test instead of sha1 [1.0.2k-12] - fix CVE-2017-3737 - incorrect handling of fatal error state - fix CVE-2017-3738 - AVX2 Montgomery multiplication bug with 1024 bit modulus [1.0.2k-11] - fix deadlock in RNG in the FIPS mode in mariadb [1.0.2k-9] - fix CVE-2017-3736 - carry propagation bug in Montgomery multiplication IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:7::userspace_ksplice Oracle Linux 7 [2.17-222] - Restore internal GLIBC_PRIVATE symbols for use during upgrades (#1523119) [2.17-221] - CVE-2018-1000001: Fix realpath() buffer underflow (#1534635) - i386: Fix unwinding for 32-bit C++ application (#1529982) - Reduce thread and dynamic loader stack usage (#1527904) - x86-64: Use XSAVE/XSAVEC more often during lazy symbol binding (#1528418) [2.17-220] - Update HWCAP bits for IBM POWER9 DD2.1 (#1503854) [2.17-219] - Rebuild with newer gcc for aarch64 stack probing fixes (#1500475) [2.17-218] - Improve memcpy performance for POWER9 DD2.1 (#1498925) [2.17-217] - Update Linux system call list to kernel 4.13 (#1508895) [2.17-216] - x86-64: Use XSAVE/XSAVEC in the ld.so trampoline (#1504969) [2.17-215] - CVE-2017-15670: glob: Fix one-byte overflow with GLOB_TILDE (#1504809) - CVE-2017-15804: glob: Fix buffer overflow in GLOB_TILDE unescaping (#1504809) [2.17-214] - Fix check-localplt test failure. - Include ld.so in check-localplt test. (#1440250) [2.17-213] - Fix build warning in locarchive.c (#1349964) [2.17-212] - Hide reference to mktemp in libpthread (#1349962) [2.17-211] - Implement fopencookie hardening (#1372305) [2.17-210] - x86-64: Support __tls_get_addr with an unaligned stack (#1468807) [2.17-209] - Define CLOCK_TAI in <time.h> (#1448822) [2.17-208] - Compile glibc with -fstack-clash-protection (#1500475) [2.17-207] - aarch64: Avoid invalid relocations in the startup code (#1500908) [2.17-206] - Fix timezone test failures on large parallel builds. (#1234449, #1378329) [2.17-205] - Handle DSOs with no PLT (#1445781) [2.17-204] - libio: Implement vtable verification (#1398413) [2.17-203] - Fix socket system call selection on s390x (#1498566). - Use different construct for protected visibility in IFUNC tests (#1445644) [2.17-202] - Rebase the DNS stub resolver and getaddrinfo to the glibc 2.26 version - Support an arbitrary number of search domains in the stub resolver (#677316) - Detect and apply /etc/resolv.conf changes in libresolv (#1432085) - CVE-2017-1213: Fragmentation attacks possible when ENDS0 is enabled (#1487063) - CVE-2016-3706: Stack (frame) overflow in getaddrinfo when called with AF_INET, AF_INET6 (#1329674) - CVE-2015-5180: resolv: Fix crash with internal QTYPE (#1497131) - CVE-2014-9402: denial of service in getnetbyname function (#1497132) - Fix getaddrinfo to handle certain long lines in /etc/hosts (#1452034) - Make RES_ROTATE start with a random name server (#1257639) - Stricter IPv6 address parser (#1484034) - Remove noip6dotint support from the stub resolver (#1482988) - Remove partial bitstring label support from the stub resolver - Remove unsupported resolver hook functions from the API - Remove outdated RR type classification macros from the API - hesiod: Always use TLS resolver state - hesiod: Avoid non-trust-boundary crossing heap overflow in get_txt_records [2.17.201] - Fix hang in nscd cache prune thread (#1435615) [2.17-200] - Add binary timezone test data files (#1234449, #1378329) [2.17.198] - Add support for new IBM z14 (s390x) instructions (#1375235) [2.17-197] - Fix compile warnings in malloc (#1347277) - Fix occasional tst-malloc-usable failures (#1348000) - Additional chunk hardening in malloc (#1447556) - Pointer alignment fix in nss group merge (#1463692) - Fix SIGSEGV when LD_LIBRARY_PATH only has non-existing paths (#1443236) IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:7::userspace_ksplice Oracle Linux 6 Oracle Linux 7 [4.1.12-124.14.2] - scsi: iscsi_tcp: set BDI_CAP_STABLE_WRITES when data digest enabled (Jianchao Wang) [Orabug: 27726302] - block: fix bio_will_gap() for first bvec with offset (Ming Lei) [Orabug: 27775588] - block: relax check on sg gap (Ming Lei) [Orabug: 27775588] - block: don't optimize for non-cloned bio in bio_get_last_bvec() (Ming Lei) [Orabug: 27775588] - block: merge: get the 1st and last bvec via helpers (Ming Lei) [Orabug: 27775588] - block: get the 1st and last bvec via helpers (Ming Lei) [Orabug: 27775588] - block: check virt boundary in bio_will_gap() (Ming Lei) [Orabug: 27775588] - block: bio: introduce helpers to get the 1st and last bvec (Ming Lei) [Orabug: 27775588] - Failing to send a CLOSE if file is opened WRONLY and server reboots on a 4.x mount (Olga Kornievskaia) [Orabug: 27848303] - ext4: add validity checks for bitmap block numbers (Theodore Ts'o) [Orabug: 27854373] {CVE-2018-1093} {CVE-2018-1093} - ocfs2: Take inode cluster lock before moving reflinked inode from orphan dir (Ashish Samant) [Orabug: 27869411] - Input: gtco - fix potential out-of-bound access (Dmitry Torokhov) [Orabug: 27869844] {CVE-2017-16643} - Input: ims-psu - check if CDC union descriptor is sane (Dmitry Torokhov) [Orabug: 27870333] {CVE-2017-16645} - vfio/pci: Virtualize Maximum Payload Size (Alex Williamson) - vfio-pci: Virtualize PCIe & AF FLR (Alex Williamson) - uek-rpm: Disable DMA CMA (Jianchao Wang) [Orabug: 27892359] - nvme-pci: fix multiple ctrl removal scheduling (Rakesh Pandit) [Orabug: 27892359] - nvme-pci: Fix nvme queue cleanup if IRQ setup fails (Jianchao Wang) [Orabug: 27892359] - nvme/pci: Fix stuck nvme reset (Keith Busch) [Orabug: 27892359] - nvme: don't schedule multiple resets (Keith Busch) [Orabug: 27892359] - blk-mq: fix use-after-free in blk_mq_free_tag_set() (Junichi Nomura) [Orabug: 27892359] - USB: core: prevent malicious bNumInterfaces overflow (Alan Stern) [Orabug: 27895909] - driver core: platform: fix race condition with driver_override (Adrian Salido) [Orabug: 27897874] {CVE-2017-12146} - usb/core: usb_alloc_dev(): fix setting of ->portnum (Nicolai Stange) [Orabug: 27908746] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-12146 CVE-2017-16643 CVE-2018-1093 CVE-2017-16645 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.14.3] - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947602] {CVE-2018-100199} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-100199 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.298.6] - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947612] {CVE-2018-100199} [2.6.39-400.298.5] - xen-netfront: fix rx stall when req_prod_pvt goes back to more than zero again (Dongli Zhang) [Orabug: 25053376] - x86/IBRS: Remove support for IBRS_ENABLED_USER mode (Boris Ostrovsky) [Orabug: 27430615] - x86/microcode/intel: Disable late loading on model 79 (Borislav Petkov) [Orabug: 27343579] [2.6.39-400.298.4] - ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148283] {CVE-2017-16527} - uwb: properly check kthread_run return value (Andrey Konovalov) [Orabug: 27206900] {CVE-2017-16526} - HID: usbhid: fix out-of-bounds bug (Jaejoong Kim) [Orabug: 27207935] {CVE-2017-16533} - cx231xx-cards: fix NULL-deref on missing association descriptor (Johan Hovold) [Orabug: 27208080] {CVE-2017-16536} - net: cdc_ether: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27215206] {CVE-2017-16649} - Bluetooth: bnep: bnep_add_connection() should verify that its dealing with l2cap socket (Al Viro) [Orabug: 27344787] {CVE-2017-15868} - Bluetooth: hidp: verify l2cap sockets (David Herrmann) [Orabug: 27344787] {CVE-2017-15868} - ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser) [Orabug: 27344840] {CVE-2017-0861} {CVE-2017-0861} - Addendum: x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516441] - x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (David Woodhouse) [Orabug: 27649498] {CVE-2017-5715} - x86/cpufeatures: Clean up Spectre v2 related CPUID flags (David Woodhouse) [Orabug: 27649510] {CVE-2017-5715} - x86/spectre: Now that we expose 'stbibp' make sure it is correct. (Konrad Rzeszutek Wilk) [Orabug: 27649631] {CVE-2017-5715} - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (KarimAllah Ahmed) [Orabug: 27649640] {CVE-2017-5715} - x86: Add STIBP feature enumeration (David Woodhouse) [Orabug: 27649693] {CVE-2017-5715} - x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27649706] {CVE-2017-5715} - x86/spectre_v2: Dont spam the console with these: (Konrad Rzeszutek Wilk) [Orabug: 27649723] {CVE-2017-5715} - x86/spectre_v2: Remove 0xc2 from spectre_bad_microcodes (Darren Kenny) [Orabug: 27600848] - Revert 'x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation' (Konrad Rzeszutek Wilk) [Orabug: 27601773] - x86/syscall: run syscall exit code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176] - x86/syscall: run syscall-specific code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176] - x86/syscall: run syscall entry code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176] - x86/spectre: Drop the warning about ibrs being obsolete (Konrad Rzeszutek Wilk) [Orabug: 27518974] - x86: Include linux/device.h in bugs_64.c (Boris Ostrovsky) [Orabug: 27519044] - x86: fix mitigation details of UEK2 spectre v1 (Konrad Rzeszutek Wilk) [Orabug: 27509909] - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516441] {CVE-2017-5715} - x86, intel: Output microcode revision in /proc/cpuinfo (Andi Kleen) [Orabug: 27516441] - x86: intel-family.h: Add GEMINI_LAKE SOC (Len Brown) [Orabug: 27516441] - x86/cpu/intel: Introduce macros for Intel family numbers (Dave Hansen) [Orabug: 27516441] - x86/mitigation/spectre_v2: Add reporting of 'lfence' (Konrad Rzeszutek Wilk) [Orabug: 27525958] - x86/spec: Add 'lfence_enabled' in sysfs (Konrad Rzeszutek Wilk) [Orabug: 27525954] - x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation (Konrad Rzeszutek Wilk) [Orabug: 27525923] - x86/spec: Also print IBRS if IBPB is disabled (Konrad Rzeszutek Wilk) [Orabug: 27519083] - x86: Use Indirect Branch Prediction Barrier in context switch (Tim Chen) [Orabug: 27516378] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-100199 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.20.6] - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947608] {CVE-2018-100199} [3.8.13-118.20.5] - x86/microcode: probe CPU features on microcode update (Ankur Arora) [Orabug: 27806667] - x86/microcode: microcode_write() should not reference boot_cpu_data (Ankur Arora) [Orabug: 27806667] - x86/cpufeatures: use cpu_data in init_scattered_cpuid_flags() (Ankur Arora) [Orabug: 27806667] [3.8.13-118.20.4] - Drivers: hv: fcopy: set .owner reference for file operations (Joe Jin) [Orabug: 21191022] - ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148281] {CVE-2017-16527} - HID: usbhid: fix out-of-bounds bug (Jaejoong Kim) [Orabug: 27207929] {CVE-2017-16533} - [media] cx231xx-cards: fix NULL-deref on missing association descriptor (Johan Hovold) [Orabug: 27208072] {CVE-2017-16536} - net: cdc_ether: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27215201] {CVE-2017-16649} - x86/microcode/intel: Extend BDW late-loading with a revision check (Jia Zhang) [Orabug: 27343577] - x86/microcode/intel: Disable late loading on model 79 (Borislav Petkov) [Orabug: 27343577] - Bluetooth: bnep: bnep_add_connection() should verify that its dealing with l2cap socket (Al Viro) [Orabug: 27344793] {CVE-2017-15868} - Bluetooth: hidp: verify l2cap sockets (David Herrmann) [Orabug: 27344793] {CVE-2017-15868} - ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser) [Orabug: 27344843] {CVE-2017-0861} {CVE-2017-0861} - ptrace: use fsuid, fsgid, effective creds for fs access checks (Jann Horn) [Orabug: 27364691] {CVE-2017-14140} - sctp: do not peel off an assoc from one netns to another one (Xin Long) [Orabug: 27387001] {CVE-2017-15115} - Revert 'x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation' (Ankur Arora) [Orabug: 27601787] {CVE-2017-5715} - Revert 'x86/spec: Add 'lfence_enabled' in sysfs' (Ankur Arora) [Orabug: 27601787] {CVE-2017-5715} - Revert 'x86/mitigation/spectre_v2: Add reporting of 'lfence'' (Ankur Arora) [Orabug: 27601787] {CVE-2017-5715} - x86/mitigation/spectre_v2: Add reporting of 'lfence' (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spec: Add 'lfence_enabled' in sysfs (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spectre: bring spec_ctrl management logic closer to UEK4 (Ankur Arora) [Orabug: 27516512] {CVE-2017-5715} - x86/cpufeatures: Clean up Spectre v2 related CPUID flags (David Woodhouse) [Orabug: 27516357] {CVE-2017-5715} - x86/spectre_v2: Remove 0xc2 from spectre_bad_microcodes (Darren Kenny) [Orabug: 27516419] {CVE-2017-5715} - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516419] {CVE-2017-5715} - x86: intel-family.h: Add GEMINI_LAKE SOC (Len Brown) [Orabug: 27516419] - x86/cpu/intel: Introduce macros for Intel family numbers (Dave Hansen) [Orabug: 27516419] - x86/spectre: expose 'stibp' (Konrad Rzeszutek Wilk) [Orabug: 27516419] {CVE-2017-5715} - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (David Woodhouse) [Orabug: 27516379] {CVE-2017-5715} - x86/speculation: Use Indirect Branch Prediction Barrier in context switch (Tim Chen) [Orabug: 27516379] {CVE-2017-5715} - x86/spectre: fix spectre_v1 mitigation indicators (Ankur Arora) [Orabug: 27509932] {CVE-2017-5715} - x86/ia32/syscall: Clear extended registers %r8-%r15 (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715} - x86/ia32/syscall: Save full stack frame throughout the entry code (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715} - x86/ia32/syscall: cleanup trailing whitespace (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715} - x86/syscall: Clear callee saved registers (%r12-%r15, %rbp, %rbx) (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715} - x86/syscall: Save callee saved registers on syscall entrance (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-100199 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.14.5] - vhost/scsi: fix reuse of &vq->iov[out] in response (Benjamin Coddington) [Orabug: 27928330] [4.1.12-124.14.4] - kernel.spec: add requires system-release for OL7 (Brian Maly) [Orabug: 27955380] - x86/kernel/traps.c: fix trace_die_notifier return value (Kris Van Hees) {CVE-2018-8897} - x86/entry/64: Dont use IST entry for #BP stack (Andy Lutomirski) {CVE-2018-8897} - kvm/x86: fix icebp instruction handling (gregkh@linuxfoundation.org) {CVE-2018-1087} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1087 CVE-2018-8897 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.298.7] - net/rds: Fix endless RNR situation (Hakon Bugge) [Orabug: 27645402] - x86/entry/64: Dont use IST entry for #BP stack (Andy Lutomirski) {CVE-2018-8897} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-8897 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.20.7] - x86/entry/64: Dont use IST entry for #BP stack (Andy Lutomirski) {CVE-2018-8897} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-8897 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.15.1] - netfilter: nfnetlink_cthelper: Add missing permission checks (Kevin Cernekee) [Orabug: 27260771] {CVE-2017-17448} - netlink: Add netns check on taps (Kevin Cernekee) [Orabug: 27260799] {CVE-2017-17449} - KVM: Fix stack-out-of-bounds read in write_mmio (Wanpeng Li) [Orabug: 27290606] {CVE-2017-17741} {CVE-2017-17741} - xprtrdma: Detect unreachable NFS/RDMA servers more reliably (Chuck Lever) [Orabug: 27587008] - sunrpc: Export xprt_force_disconnect() (Chuck Lever) [Orabug: 27587008] - sunrpc: Allow xprt->ops->timer method to sleep (Chuck Lever) [Orabug: 27587008] - KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit (Haozhong Zhang) [Orabug: 27720128] - x86/microcode: probe CPU features on microcode update (Ankur Arora) [Orabug: 27878230] - x86/microcode: microcode_write() should not reference boot_cpu_data (Ankur Arora) [Orabug: 27878230] - x86/cpufeatures: use cpu_data in init_scattered_cpuid_flags() (Ankur Arora) [Orabug: 27878230] - mm/pagewalk.c: report holes in hugetlb ranges (Jann Horn) [Orabug: 27913118] {CVE-2017-16994} - KEYS: dont let add_key() update an uninstantiated key (David Howells) [Orabug: 27913330] {CVE-2017-15299} - drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl() (Murray McAllister) [Orabug: 27913367] {CVE-2017-7294} - vmscan: Support multiple kswapd threads per node (Buddy Lumpkin) [Orabug: 27913411] - tcp: dont use F-RTO on non-recurring timeouts (Yuchung Cheng) [Orabug: 27901860] - net/rds: ib: Release correct number of frags (Hakon Bugge) [Orabug: 27924161] - crypto: rng - Remove old low-level rng interface (Herbert Xu) [Orabug: 27926676] {CVE-2017-15116} - crypto: drbg - Convert to new rng interface (Herbert Xu) [Orabug: 27926676] {CVE-2017-15116} - crypto: ansi_cprng - Convert to new rng interface (Herbert Xu) [Orabug: 27926676] {CVE-2017-15116} - crypto: krng - Convert to new rng interface (Herbert Xu) [Orabug: 27926676] {CVE-2017-15116} - RDS: Heap OOB write in rds_message_alloc_sgs() (Mohamed Ghannam) [Orabug: 27934066] {CVE-2018-5332} - net: Fix double free and memory corruption in get_net_ns_by_id() (Eric W. Biederman) [Orabug: 27934789] {CVE-2017-15129} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5332 CVE-2017-7294 CVE-2017-16994 CVE-2017-15129 CVE-2017-17448 CVE-2017-15299 CVE-2017-15116 CVE-2017-17741 CVE-2017-17449 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.21.1] - media: imon: Fix null-ptr-deref in imon_probe (Arvind Yadav) [Orabug: 27208380] {CVE-2017-16537} - Input: gtco - fix potential out-of-bound access (Dmitry Torokhov) [Orabug: 27215090] {CVE-2017-16643} - usb: usbtest: fix NULL pointer dereference (Alan Stern) [Orabug: 27602324] {CVE-2017-16532} - x86/spectre_v2: Fix cpu offlining with IPBP. (Konrad Rzeszutek Wilk) - fuse: fix deadlock caused by wrong locking order (Junxiao Bi) [Orabug: 27760268] - jbd: dont wait (forever) for stale tid caused by wraparound (Jan Kara) [Orabug: 27842289] - netfilter: ebtables: CONFIG_COMPAT: dont trust userland offsets (Florian Westphal) [Orabug: 27774015] {CVE-2018-1068} - RDS: IB: Fix null pointer issue (hui.han) [Orabug: 27843171] - ext4: add validity checks for bitmap block numbers (Theodore Tso) [Orabug: 27854376] {CVE-2018-1093} {CVE-2018-1093} - USB: core: prevent malicious bNumInterfaces overflow (Alan Stern) [Orabug: 27898074] {CVE-2017-17558} - netfilter: nfnetlink_cthelper: Add missing permission checks (Kevin Cernekee) [Orabug: 27898167] {CVE-2017-17448} - KEYS: dont let add_key() update an uninstantiated key (David Howells) [Orabug: 27913332] {CVE-2017-15299} - RDS: Heap OOB write in rds_message_alloc_sgs() (Mohamed Ghannam) [Orabug: 27934073] {CVE-2018-5332} - x86/entry/64: Dont use IST entry for #BP stack (Andy Lutomirski) {CVE-2018-8897} - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947608] {CVE-2018-100199} - x86/microcode: probe CPU features on microcode update (Ankur Arora) [Orabug: 27806667] - x86/microcode: microcode_write() should not reference boot_cpu_data (Ankur Arora) [Orabug: 27806667] - x86/cpufeatures: use cpu_data in init_scattered_cpuid_flags() (Ankur Arora) [Orabug: 27806667] - Drivers: hv: fcopy: set .owner reference for file operations (Joe Jin) [Orabug: 21191022] - ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148281] {CVE-2017-16527} - HID: usbhid: fix out-of-bounds bug (Jaejoong Kim) [Orabug: 27207929] {CVE-2017-16533} - [media] cx231xx-cards: fix NULL-deref on missing association descriptor (Johan Hovold) [Orabug: 27208072] {CVE-2017-16536} - net: cdc_ether: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27215201] {CVE-2017-16649} - x86/microcode/intel: Extend BDW late-loading with a revision check (Jia Zhang) [Orabug: 27343577] - x86/microcode/intel: Disable late loading on model 79 (Borislav Petkov) [Orabug: 27343577] - Bluetooth: bnep: bnep_add_connection() should verify that its dealing with l2cap socket (Al Viro) [Orabug: 27344793] {CVE-2017-15868} - Bluetooth: hidp: verify l2cap sockets (David Herrmann) [Orabug: 27344793] {CVE-2017-15868} - ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser) [Orabug: 27344843] {CVE-2017-0861} {CVE-2017-0861} - ptrace: use fsuid, fsgid, effective creds for fs access checks (Jann Horn) [Orabug: 27364691] {CVE-2017-14140} - sctp: do not peel off an assoc from one netns to another one (Xin Long) [Orabug: 27387001] {CVE-2017-15115} - Revert 'x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation' (Ankur Arora) [Orabug: 27601787] {CVE-2017-5715} - Revert 'x86/spec: Add 'lfence_enabled' in sysfs' (Ankur Arora) [Orabug: 27601787] {CVE-2017-5715} - Revert 'x86/mitigation/spectre_v2: Add reporting of 'lfence'' (Ankur Arora) [Orabug: 27601787] {CVE-2017-5715} - x86/mitigation/spectre_v2: Add reporting of 'lfence' (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spec: Add 'lfence_enabled' in sysfs (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spectre: bring spec_ctrl management logic closer to UEK4 (Ankur Arora) [Orabug: 27516512] {CVE-2017-5715} - x86/cpufeatures: Clean up Spectre v2 related CPUID flags (David Woodhouse) [Orabug: 27516357] {CVE-2017-5715} - x86/spectre_v2: Remove 0xc2 from spectre_bad_microcodes (Darren Kenny) [Orabug: 27516419] {CVE-2017-5715} - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516419] {CVE-2017-5715} - x86: intel-family.h: Add GEMINI_LAKE SOC (Len Brown) [Orabug: 27516419] - x86/cpu/intel: Introduce macros for Intel family numbers (Dave Hansen) [Orabug: 27516419] - x86/spectre: expose 'stibp' (Konrad Rzeszutek Wilk) [Orabug: 27516419] {CVE-2017-5715} - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (David Woodhouse) [Orabug: 27516379] {CVE-2017-5715} - x86/speculation: Use Indirect Branch Prediction Barrier in context switch (Tim Chen) [Orabug: 27516379] {CVE-2017-5715} - x86/spectre: fix spectre_v1 mitigation indicators (Ankur Arora) [Orabug: 27509932] {CVE-2017-5715} - x86/ia32/syscall: Clear extended registers %r8-%r15 (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715} - x86/ia32/syscall: Save full stack frame throughout the entry code (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715} - x86/ia32/syscall: cleanup trailing whitespace (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715} - x86/syscall: Clear callee saved registers (%r12-%r15, %rbp, %rbx) (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715} - x86/syscall: Save callee saved registers on syscall entrance (Ankur Arora) [Orabug: 27452028] {CVE-2017-5715} - gre: fix a possible skb leak (Eric Dumazet) [Orabug: 26403972] {CVE-2017-9074} - ipv6: Fix leak in ipv6_gso_segment(). (David S. Miller) [Orabug: 26403972] {CVE-2017-9074} - ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403972] {CVE-2017-9074} - ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403972] {CVE-2017-9074} - ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403972] {CVE-2017-9074} - tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Wei Wang) [Orabug: 26813390] {CVE-2017-14106} - rxrpc: Fix several cases where a padded len isnt checked in ticket decode (David Howells) [Orabug: 26880517] {CVE-2017-7482} {CVE-2017-7482} - xen/mmu: Call xen_cleanhighmap() with 4MB aligned for page tables mapping (Zhenzhong Duan) [Orabug: 26883322] - KVM: x86: fix deadlock in clock-in-progress request handling (Marcelo Tosatti) [Orabug: 27065995] - ocfs2: fstrim: Fix start offset of first cluster group during fstrim (Ashish Samant) [Orabug: 27099835] - USB: serial: console: fix use-after-free after failed setup (Johan Hovold) [Orabug: 27206837] {CVE-2017-16525} - uwb: properly check kthread_run return value (Andrey Konovalov) [Orabug: 27206897] {CVE-2017-16526} - ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor (Takashi Iwai) [Orabug: 27206928] {CVE-2017-16529} - USB: fix out-of-bounds in usb_set_configuration (Greg Kroah-Hartman) [Orabug: 27207240] {CVE-2017-16531} - USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor() (Alan Stern) [Orabug: 27207983] {CVE-2017-16535} - dccp: CVE-2017-8824: use-after-free in DCCP code (Mohamed Ghannam) [Orabug: 27290301] {CVE-2017-8824} - x86: Add another set of MSR accessor functions (Borislav Petkov) [Orabug: 27444923] {CVE-2017-5753} - userns: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - udf: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - fs: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - p54: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27444923] {CVE-2017-5753} - x86/rsb: add comment specifying why we skip STUFF_RSB (Ankur Arora) [Orabug: 27451658] {CVE-2017-5715} - x86/rsb: make STUFF_RSB jmp labels more robust (Ankur Arora) [Orabug: 27451658] {CVE-2017-5715} - x86/spec: Also print IBRS if IBPB is disabled. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - x86/spectre: Drop the warning about ibrs being obsolete. (Konrad Rzeszutek Wilk) {CVE-2017-5715} - Add set_ibrs_disabled and set_ibpb_disabled (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/spec: Dont print the Missing arguments for option spectre_v2 (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27376697] {CVE-2017-5715} - x86, boot: Carve out early cmdline parsing function (Borislav Petkov) [Orabug: 27376697] - x86: Add command-line options 'spectre_v2' and 'nospectre_v2' (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5715} - x86: Fix kABI build breakage (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86: Use PRED_CMD MSR when ibpb is enabled (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - x86/mm: Set IBPB upon context switch (Brian Maly) [Orabug: 27376697] {CVE-2017-5715} - x86: Display correct settings for the SPECTRE_V[12] bug (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5715} {CVE-2017-5753} - x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27376697] {CVE-2017-5715} {CVE-2017-5753} - x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27376697] {CVE-2017-5715} - x86/spec_ctrl: Disable if running as Xen PV guest (Konrad Rzeszutek Wilk) [Orabug: 27376697] {CVE-2017-5715} - sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27376697] {CVE-2017-5715} {CVE-2017-5754} - x86, cpu: Expand cpufeature facility to include cpu bugs (Borislav Petkov) [Orabug: 27376697] {CVE-2017-5715} - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5715} - x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27376697] {CVE-2017-5754} - x86/entry: STUFF_RSB only after switching to kernel CR3 (Ankur Arora) [Orabug: 27376697] {CVE-2017-5715} - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27376697] {CVE-2017-5715} - x86: Use IBRS for firmware update path (David Woodhouse) [Orabug: 27376697] {CVE-2017-5715} - x86/microcode: Recheck IBRS features on microcode reload (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/enter: MACROS to set/clear IBRS (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/feature: Detect the x86 IBRS feature to control Speculation (Tim Chen) [Orabug: 27376697] {CVE-2017-5715} - x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27333764] {CVE-2017-5754} - PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27333764] [Orabug: 27333760] {CVE-2017-5754} {CVE-2017-5754} - kaiser: Set _PAGE_NX only if supported (Lepton Wu) [Orabug: 27333764] {CVE-2017-5754} - kaiser: rename X86_FEATURE_KAISER to X86_FEATURE_PTI (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27333764] {CVE-2017-5754} - x86/kaiser: Check boottime cmdline params (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - kaiser: x86: Fix NMI handling (Jiri Kosina) [Orabug: 27333764] {CVE-2017-5754} - kaiser: move paravirt clock vsyscall mapping out of kaiser_init (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - kaiser: disable if xen PARAVIRT (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - x86/kaiser: Reenable PARAVIRT (Borislav Petkov) [Orabug: 27333764] {CVE-2017-5754} - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27333764] {CVE-2017-5754} - kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - x86/alternatives: add asm ALTERNATIVE macro (Mike Kravetz) [Orabug: 27333764] {CVE-2017-5754} - kaiser: alloc_ldt_struct() use get_zeroed_page() (Hugh Dickins) [Orabug: 27333764] {CVE-2017-5754} - x86: kvmclock: Disable use from vDSO if KPTI is enabled (Ben Hutchings) [Orabug: 27333764] {CVE-2017-5754} - kaiser: Fix build with CONFIG_FUNCTION_GRAPH_TRACER (Kees Cook) [Orabug: 27333764] {CVE-2017-5754} - x86/mm/kaiser: re-enable vsyscalls (Andrea Arcangeli) [Orabug: 27333764] {CVE-2017-5754} - KAISER: Kernel Address Isolation (Richard Fellner) [Orabug: 27333764] {CVE-2017-5754} - kprobes: Prohibit probing on .entry.text code (Masami Hiramatsu) [Orabug: 27333764] {CVE-2017-5754} - x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Fix flush_tlb_page() on Xen (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Disable preemption during CR3 read+write (Sebastian Andrzej Siewior) [Orabug: 27333764] {CVE-2017-5754} - sched/core: Idle_task_exit() shouldnt use switch_mm_irqs_off() (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27333764] {CVE-2017-5754} - x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86: Clean up cr4 manipulation (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} - x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner) [Orabug: 27333764] {CVE-2017-5754} - x86/ldt: Make modify_ldt synchronous (Andy Lutomirski) [Orabug: 27333764] {CVE-2017-5754} {CVE-2015-5157} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1068 CVE-2017-17558 CVE-2018-1093 CVE-2018-5332 CVE-2017-16643 CVE-2017-16537 CVE-2017-17448 CVE-2017-15299 CVE-2017-16532 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.299.1] - ext4/jbd2: dont wait (forever) for stale tid caused by wraparound (Theodore Tso) [Orabug: 26424268] - jbd2: dont wake kjournald unnecessarily (Eric Sandeen) [Orabug: 26424268] - ext4: fix data corruption in inodes with journalled data (Jan Kara) [Orabug: 26424268] - media: imon: Fix null-ptr-deref in imon_probe (Arvind Yadav) [Orabug: 27208383] {CVE-2017-16537} - Input: gtco - fix potential out-of-bound access (Dmitry Torokhov) [Orabug: 27215095] {CVE-2017-16643} - RDS: IB: Fix null pointer issue (Guanglei Li) [Orabug: 27241654] - usb: usbtest: fix NULL pointer dereference (Alan Stern) [Orabug: 27602321] {CVE-2017-16532} - vfs,proc: guarantee unique inodes in /proc (Linus Torvalds) [Orabug: 27637293] - vfs: dont chain pipe/anon/socket on superblock s_inodes list (Eric Dumazet) [Orabug: 27637293] - fuse: fix deadlock caused by wrong locking order (Junxiao Bi) [Orabug: 27719848] - jbd: dont wait (forever) for stale tid caused by wraparound (Jan Kara) [Orabug: 27734012] - netfilter: ebtables: CONFIG_COMPAT: dont trust userland offsets (Florian Westphal) [Orabug: 27774010] {CVE-2018-1068} - x86/spec: set_ibrs[ibpb]_disabled() should disable ibrs[ibpb]_admin_disabled (Krish Sadhukhan) [Orabug: 27788624] - x86/spec: Fix wrong output from sysfs (Krish Sadhukhan) [Orabug: 27795350] - x86/spec: Fix spectre_v1 bug and mitigation indicators (John Haxby) [Orabug: 27811437] - ext4: add validity checks for bitmap block numbers (Theodore Tso) [Orabug: 27854370] {CVE-2018-1093} {CVE-2018-1093} - x86/microcode: probe CPU features on microcode update (Ankur Arora) [Orabug: 27878228] - x86/microcode: microcode_write() should not reference boot_cpu_data (Ankur Arora) [Orabug: 27878228] - x86/cpufeatures: use cpu_data in scan_spec_ctrl_features and rescan_spec_ctrl_features (Ankur Arora) [Orabug: 27878228] - USB: core: prevent malicious bNumInterfaces overflow (Alan Stern) [Orabug: 27898064] {CVE-2017-17558} - retpoline: microcode incorrectly reported as broken during early boot (Chuck Anderson) [Orabug: 27915293] - x86/spec: scan_spec_ctrl_feature should be executed only for cpu_index 0 (Krish Sadhukhan) [Orabug: 27915355] - RDS: Heap OOB write in rds_message_alloc_sgs() (Mohamed Ghannam) [Orabug: 27934081] {CVE-2018-5332} - xfs: set format back to extents if xfs_bmap_extents_to_btree (Eric Sandeen) [Orabug: 27989490] {CVE-2018-10323} - net/rds: Fix endless RNR situation (Hakon Bugge) [Orabug: 27645402] - x86/entry/64: Dont use IST entry for #BP stack (Andy Lutomirski) {CVE-2018-8897} - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947612] {CVE-2018-100199} - xen-netfront: fix rx stall when req_prod_pvt goes back to more than zero again (Dongli Zhang) [Orabug: 25053376] - x86/IBRS: Remove support for IBRS_ENABLED_USER mode (Boris Ostrovsky) [Orabug: 27430615] - x86/microcode/intel: Disable late loading on model 79 (Borislav Petkov) [Orabug: 27343579] - ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148283] {CVE-2017-16527} - uwb: properly check kthread_run return value (Andrey Konovalov) [Orabug: 27206900] {CVE-2017-16526} - HID: usbhid: fix out-of-bounds bug (Jaejoong Kim) [Orabug: 27207935] {CVE-2017-16533} - cx231xx-cards: fix NULL-deref on missing association descriptor (Johan Hovold) [Orabug: 27208080] {CVE-2017-16536} - net: cdc_ether: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27215206] {CVE-2017-16649} - Bluetooth: bnep: bnep_add_connection() should verify that its dealing with l2cap socket (Al Viro) [Orabug: 27344787] {CVE-2017-15868} - Bluetooth: hidp: verify l2cap sockets (David Herrmann) [Orabug: 27344787] {CVE-2017-15868} - ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser) [Orabug: 27344840] {CVE-2017-0861} {CVE-2017-0861} - Addendum: x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516441] - x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (David Woodhouse) [Orabug: 27649498] {CVE-2017-5715} - x86/cpufeatures: Clean up Spectre v2 related CPUID flags (David Woodhouse) [Orabug: 27649510] {CVE-2017-5715} - x86/spectre: Now that we expose 'stbibp' make sure it is correct. (Konrad Rzeszutek Wilk) [Orabug: 27649631] {CVE-2017-5715} - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (KarimAllah Ahmed) [Orabug: 27649640] {CVE-2017-5715} - x86: Add STIBP feature enumeration (David Woodhouse) [Orabug: 27649693] {CVE-2017-5715} - x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27649706] {CVE-2017-5715} - x86/spectre_v2: Dont spam the console with these: (Konrad Rzeszutek Wilk) [Orabug: 27649723] {CVE-2017-5715} - x86/spectre_v2: Remove 0xc2 from spectre_bad_microcodes (Darren Kenny) [Orabug: 27600848] - Revert 'x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation' (Konrad Rzeszutek Wilk) [Orabug: 27601773] - x86/syscall: run syscall exit code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176] - x86/syscall: run syscall-specific code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176] - x86/syscall: run syscall entry code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176] - x86/spectre: Drop the warning about ibrs being obsolete (Konrad Rzeszutek Wilk) [Orabug: 27518974] - x86: Include linux/device.h in bugs_64.c (Boris Ostrovsky) [Orabug: 27519044] - x86: fix mitigation details of UEK2 spectre v1 (Konrad Rzeszutek Wilk) [Orabug: 27509909] - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516441] {CVE-2017-5715} - x86, intel: Output microcode revision in /proc/cpuinfo (Andi Kleen) [Orabug: 27516441] - x86: intel-family.h: Add GEMINI_LAKE SOC (Len Brown) [Orabug: 27516441] - x86/cpu/intel: Introduce macros for Intel family numbers (Dave Hansen) [Orabug: 27516441] - x86/mitigation/spectre_v2: Add reporting of 'lfence' (Konrad Rzeszutek Wilk) [Orabug: 27525958] - x86/spec: Add 'lfence_enabled' in sysfs (Konrad Rzeszutek Wilk) [Orabug: 27525954] - x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation (Konrad Rzeszutek Wilk) [Orabug: 27525923] - x86/spec: Also print IBRS if IBPB is disabled (Konrad Rzeszutek Wilk) [Orabug: 27519083] - x86: Use Indirect Branch Prediction Barrier in context switch (Tim Chen) [Orabug: 27516378] - ext4: limit group search loop for non-extent files (Lachlan McIlroy) [Orabug: 17488415] - ext4: fixup 64-bit divides in 3.0-stable backport of upstream fix (Todd Poynor) [Orabug: 17488415] - ext4: use atomic64_t for the per-flexbg free_clusters count (Theodore Tso) [Orabug: 17488415] - ext4: init pagevec in ext4_da_block_invalidatepages (Eric Sandeen) [Orabug: 17488415] - ext4: do not try to write superblock on ro remount w/o journal (Michael Tokarev) [Orabug: 17488415] - xen-netback: fix grant_copy_op array size (Niranjan Patil) [Orabug: 25653941] - xen-netback: explicitly check max_slots_needed against meta_prod counter (Niranjan Patil) [Orabug: 25653941] - xen-netback: Fix handling of skbs requiring too many slots (Zoltan Kiss) [Orabug: 25653941] - xen-netback: worse-case estimate in xenvif_rx_action is underestimating (Paul Durrant) [Orabug: 25653941] - xen-netback: Add worse-case estimates of max_slots_needed in netbk_rx_action (Niranjan Patil) [Orabug: 25653941] - KEYS: Remove key_type::match in favour of overriding default by match_preparse (Tim Tianyang Chen) [Orabug: 25757946] {CVE-2017-6951} - xen/mmu: Call xen_cleanhighmap() with 4MB aligned for page tables mapping (Zhenzhong Duan) [Orabug: 26737475] - tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Wei Wang) [Orabug: 26813391] {CVE-2017-14106} - rxrpc: Fix several cases where a padded len isnt checked in ticket decode (David Howells) [Orabug: 26880520] {CVE-2017-7482} {CVE-2017-7482} - ocfs2: fstrim: Fix start offset of first cluster group during fstrim (Ashish Samant) [Orabug: 27099836] - Check validity of cl_rpcclient in nfs_server_list_show (Malahal Naineni) [Orabug: 27112186] - USB: serial: console: fix use-after-free after failed setup (Johan Hovold) [Orabug: 27206839] {CVE-2017-16525} - ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor (Takashi Iwai) [Orabug: 27206934] {CVE-2017-16529} - USB: fix out-of-bounds in usb_set_configuration (Greg Kroah-Hartman) [Orabug: 27207243] {CVE-2017-16531} - dccp: CVE-2017-8824: use-after-free in DCCP code (Mohamed Ghannam) [Orabug: 27290308] {CVE-2017-8824} - x86: Use PRED_CMD MSR when ibpb is enabled (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/spec: Dont print the Missing arguments for option spectre_v2 (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Move ENABLE_IBRS in the interrupt macro (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - Add set_ibrs_disabled and set_ibpb_disabled (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/boot: Add early cmdline parsing for options with arguments (Tom Lendacky) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86, boot: Carve out early cmdline parsing function (Borislav Petkov) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Fix kABI build breakage (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Add command-line options 'spectre_v2' and 'nospectre_v2' (Kanth Ghatraju) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/mm: Set IBPB upon context switch (Brian Maly) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Display correct settings for the SPECTRE_V2 bug (Kanth Ghatraju) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - Set CONFIG_GENERIC_CPU_VULNERABILITIES flag (Kanth Ghatraju) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - sysfs/cpu: Fix typos in vulnerability documentation (David Woodhouse) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86, cpu: Expand cpufeature facility to include cpu bugs (Borislav Petkov) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (David Woodhouse) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/spec: STUFF_RSB _before_ ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Move STUFF_RSB in to the idt macro (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: Use IBRS for firmware update path (David Woodhouse) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/spec_ctrl: Disable if running as Xen PV guest (Konrad Rzeszutek Wilk) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/microcode: Recheck IBRS features on microcode reload (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/enter: MACROS to set/clear IBRS and set IBPB (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86/feature: Detect the x86 IBRS feature to control Speculation (Tim Chen) [Orabug: 27369777] {CVE-2017-5715} {CVE-2017-5753} - x86: fix build breakage (Brian Maly) [Orabug: 27346425] {CVE-2017-5753} - kaiser: rename X86_FEATURE_KAISER to X86_FEATURE_PTI to match upstream (Mike Kravetz) {CVE-2017-5754} - x86/kaiser: Check boottime cmdline params (Mike Kravetz) [Orabug: 27333761] {CVE-2017-5754} - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling (Borislav Petkov) [Orabug: 27333761] {CVE-2017-5754} - KPTI: Report when enabled (Mike Kravetz) [Orabug: 27333761] {CVE-2017-5754} - PTI: unbreak EFI old_memmap (Jiri Kosina) [Orabug: 27333761] [Orabug: 27333760] {CVE-2017-5754} - kaiser: Set _PAGE_NX only if supported (Guenter Roeck) [Orabug: 27333761] [Orabug: 27333760] {CVE-2017-5754} - KPTI: Rename to PAGE_TABLE_ISOLATION (Kees Cook) [Orabug: 27333761] {CVE-2017-5754} - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - kaiser: asm/tlbflush.h handle noPGE at lower level (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - x86/alternatives: add asm ALTERNATIVE macro (Mike Kravetz) [Orabug: 27333761] {CVE-2017-5754} - x86/kaiser: Reenable PARAVIRT, dynamically disable KAISER if PARAVIRT (Borislav Petkov) [Orabug: 27333761] {CVE-2017-5754} - kaiser: add 'nokaiser' boot option, using ALTERNATIVE (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - x86-32: Fix boot with CONFIG_X86_INVD_BUG (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - kaiser: alloc_ldt_struct() use get_zeroed_page() (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - kaiser: user_map __kprobes_text too (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - x86/mm/kaiser: re-enable vsyscalls (Andrea Arcangeli) [Orabug: 27333761] {CVE-2017-5754} - KAISER: Kernel Address Isolation (Hugh Dickins) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: fix bad backport to disable PCID on Xen (Borislav Petkov) [Orabug: 27333761] {CVE-2017-5754} - x86/mm/64: Fix reboot interaction with CR4.PCIDE (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Enable CR4.PCIDE on supported systems (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Add the 'nopcid' boot option to turn off PCID (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Disable PCID on 32-bit kernels (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - sched/core: Idle_task_exit() shouldnt use switch_mm_irqs_off() (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm, sched/core: Turn off IRQs in switch_mm() (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm, sched/core: Uninline switch_mm() (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Build arch/x86/mm/tlb.c even on !SMP (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - sched/core: Add switch_mm_irqs_off() and use it in the scheduler (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - mm/mmu_context, sched/core: Fix mmu_context.h assumption (Ingo Molnar) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: If INVPCID is available, use it to flush global mappings (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Fix INVPCID asm constraint (Borislav Petkov) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Add INVPCID helpers (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86, cpufeature: Add CPU features from Intel document 319433-012A (H. Peter Anvin) [Orabug: 27333761] {CVE-2017-5754} - x86/paravirt: Dont patch flush_tlb_single (Thomas Gleixner) [Orabug: 27333761] {CVE-2017-5754} - x86-64: Map the HPET NX (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} - x86/ldt: Make modify_ldt synchronous (Andy Lutomirski) [Orabug: 27333761] {CVE-2017-5754} {CVE-2015-5157} - x86, cpu: Add cpufeature flag for PCIDs (Arun Thomas) [Orabug: 27333761] {CVE-2017-5754} - x86/mm: Disable preemption during CR3 read+write (Sebastian Andrzej Siewior) [Orabug: 27333761] {CVE-2017-5754} - locking/barriers: fix compile issue (Brian Maly) [Orabug: 27346425] {CVE-2017-5753} - x86: Add another set of MSR accessor functions (Borislav Petkov) [Orabug: 27346425] {CVE-2017-5753} - udf: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - fs: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - p54: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} - x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27346425] {CVE-2017-5753} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1093 CVE-2017-16532 CVE-2017-16643 CVE-2018-5332 CVE-2017-16537 CVE-2017-17558 CVE-2017-15299 CVE-2018-1068 CVE-2017-17448 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.15.2] - KVM: SVM: Move spec control call after restore of GS (Thomas Gleixner) {CVE-2018-3639} - x86/bugs: Fix the parameters alignment and missing void (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Make cpu_show_common() static (Jiri Kosina) {CVE-2018-3639} - x86/bugs: Fix __ssb_select_mitigation() return type (Jiri Kosina) {CVE-2018-3639} - Documentation/spec_ctrl: Do some minor cleanups (Borislav Petkov) {CVE-2018-3639} - proc: Use underscores for SSBD in 'status' (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Rename _RDS to _SSBD (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/speculation: Make 'seccomp' the default mode for Speculative Store Bypass (Kees Cook) {CVE-2018-3639} - seccomp: Move speculation migitation control to arch code (Thomas Gleixner) {CVE-2018-3639} - seccomp: Add filter flag to opt-out of SSB mitigation (Kees Cook) {CVE-2018-3639} - seccomp: Use PR_SPEC_FORCE_DISABLE (Thomas Gleixner) {CVE-2018-3639} - prctl: Add force disable speculation (Konrad Rzeszutek Wilk) {CVE-2018-3639} - seccomp: Enable speculation flaw mitigations (Kees Cook) {CVE-2018-3639} - proc: Provide details on speculation flaw mitigations (Kees Cook) {CVE-2018-3639} - nospec: Allow getting/setting on non-current task (Kees Cook) {CVE-2018-3639} - x86/bugs/IBRS: Disable SSB (RDS) if IBRS is sslected for spectre_v2. (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/speculation: Add prctl for Speculative Store Bypass mitigation (Thomas Gleixner) {CVE-2018-3639} - x86: thread_info.h: move RDS from index 5 to 23 (Mihai Carabas) {CVE-2018-3639} - x86/process: Allow runtime control of Speculative Store Bypass (Thomas Gleixner) {CVE-2018-3639} - prctl: Add speculation control prctls (Thomas Gleixner) {CVE-2018-3639} - x86/speculation: Create spec-ctrl.h to avoid include hell (Thomas Gleixner) {CVE-2018-3639} - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Whitelist allowed SPEC_CTRL MSR values (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs/intel: Set proper CPU features and setup RDS (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/cpufeatures: Add X86_FEATURE_RDS (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Expose /sys/../spec_store_bypass (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/cpu/intel: Add Knights Mill to Intel family (Piotr Luc) {CVE-2018-3639} - x86/cpu: Rename Merrifield2 to Moorefield (Andy Shevchenko) {CVE-2018-3639} - x86/bugs, KVM: Support the combination of guest and host IBRS (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs/IBRS: Warn if IBRS is enabled during boot. (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs/IBRS: Use variable instead of defines for enabling IBRS (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Concentrate bug reporting into a separate function (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs: Concentrate bug detection into a separate function (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/bugs/IBRS: Turn on IBRS in spectre_v2_select_mitigation (Konrad Rzeszutek Wilk) {CVE-2018-3639} - x86/msr: Add SPEC_CTRL_IBRS.. (Konrad Rzeszutek Wilk) {CVE-2018-3639} - scsi: libfc: Revisit kref handling (Hannes Reinecke) - scsi: libfc: reset exchange manager during LOGO handling (Hannes Reinecke) - scsi: libfc: send LOGO for PLOGI failure (Hannes Reinecke) - scsi: libfc: Issue PRLI after a PRLO has been received (Hannes Reinecke) - libfc: Update rport reference counting (Hannes Reinecke) - amd/kvm: do not intercept new MSRs for spectre v2 mitigation (Elena Ufimtseva) - RDS: null pointer dereference in rds_atomic_free_op (Mohamed Ghannam) [Orabug: 27422832] {CVE-2018-5333} - ACPI: sbshc: remove raw pointer from printk() message (Greg Kroah-Hartman) [Orabug: 27501257] {CVE-2018-5750} - futex: Prevent overflow by strengthen input validation (Li Jinyue) [Orabug: 27539548] {CVE-2018-6927} - net: ipv4: add support for ECMP hash policy choice (Venkat Venkatsubra) [Orabug: 27547114] - net: ipv4: Consider failed nexthops in multipath routes (David Ahern) [Orabug: 27547114] - ipv4: L3 hash-based multipath (Peter Norlund) [Orabug: 27547114] - dm: fix race between dm_get_from_kobject() and __dm_destroy() (Hou Tao) [Orabug: 27677556] {CVE-2017-18203} - NFS: only invalidate dentrys that are clearly invalid. (NeilBrown) [Orabug: 27870824] - net: Improve handling of failures on link and route dumps (David Ahern) [Orabug: 27959177] - mm/mempolicy: fix use after free when calling get_mempolicy (zhong jiang) [Orabug: 27963519] {CVE-2018-10675} - drm: udl: Properly check framebuffer mmap offsets (Greg Kroah-Hartman) [Orabug: 27963530] {CVE-2018-8781} - xfs: set format back to extents if xfs_bmap_extents_to_btree (Eric Sandeen) [Orabug: 27963576] {CVE-2018-10323} - Revert 'mlx4: change the ICM table allocations to lowest needed size' (Hakon Bugge) [Orabug: 27980030] - Bluetooth: Prevent stack info leak from the EFS element. (Ben Seri) [Orabug: 28030514] {CVE-2017-1000410} {CVE-2017-1000410} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5750 CVE-2017-1000410 CVE-2018-10323 CVE-2017-18203 CVE-2018-10675 CVE-2018-3639 CVE-2018-6927 CVE-2018-5333 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.15.4] - x86/bugs/IBRS: Keep SSBD mitigation in effect if spectre_v2=ibrs is selected (Mihai Carabas) - fs/pstore: update the backend parameter in pstore module (Wang Long) [Orabug: 27994372] - kvm: vmx: Reinstate support for CPUs without virtual NMI (Paolo Bonzini) [Orabug: 28041210] - dm crypt: add big-endian variant of plain64 IV (Milan Broz) [Orabug: 28043932] - x86/bugs: Rename SSBD_NO to SSB_NO (Konrad Rzeszutek Wilk) [Orabug: 28063992] {CVE-2018-3639} - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD (Tom Lendacky) [Orabug: 28063992] [Orabug: 28069548] {CVE-2018-3639} - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639} - x86/bugs: Rework spec_ctrl base and mask logic (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639} - x86/bugs: Expose x86_spec_ctrl_base directly (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639} - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} (Borislav Petkov) [Orabug: 28063992] {CVE-2018-3639} - x86/speculation: Rework speculative_store_bypass_update() (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639} - x86/speculation: Add virtualized speculative store bypass disable support (Tom Lendacky) [Orabug: 28063992] {CVE-2018-3639} - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639} - x86/speculation: Handle HT correctly on AMD (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639} - x86/cpufeatures: Add FEATURE_ZEN (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639} - x86/cpu/AMD: Fix erratum 1076 (CPB bit) (Borislav Petkov) [Orabug: 28063992] {CVE-2018-3639} [4.1.12-124.15.3] - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947602] {CVE-2018-1000199} - Revert 'perf/hwbp: Simplify the perf-hwbp code, fix documentation' (Brian Maly) [Orabug: 27947602] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1000199 CVE-2018-3639 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.16.2] - netlink: add a start callback for starting a netlink dump (Tom Herbert) [Orabug: 27169581] {CVE-2017-16939} - ipsec: Fix aborted xfrm policy dump crash (Herbert Xu) [Orabug: 27169581] {CVE-2017-16939} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-16939 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.21.4] - x86/fpu: Make eager FPU default (Mihai Carabas) [Orabug: 28156176] {CVE-2018-3665} [3.8.13-118.21.3] - KVM: Fix stack-out-of-bounds read in write_mmio (Wanpeng Li) [Orabug: 27951287] {CVE-2017-17741} {CVE-2017-17741} - xfs: set format back to extents if xfs_bmap_extents_to_btree (Eric Sandeen) [Orabug: 27989498] {CVE-2018-10323} - Bluetooth: Prevent stack info leak from the EFS element. (Ben Seri) [Orabug: 28030520] {CVE-2017-1000410} {CVE-2017-1000410} - ALSA: hrtimer: Fix stall by hrtimer_cancel() (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2549} - ALSA: timer: Harden slave timer list handling (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2547} {CVE-2016-2548} - ALSA: timer: Fix double unlink of active_list (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2545} - ALSA: seq: Fix missing NULL check at remove_events ioctl (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2543} - ALSA: seq: Fix race at timer setup and close (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2544} - ALSA: usb-audio: avoid freeing umidi object twice (Andrey Konovalov) [Orabug: 28058229] {CVE-2016-2384} [3.8.13-118.21.2] - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947608] {CVE-2018-1000199} - Revert 'perf/hwbp: Simplify the perf-hwbp code, fix documentation' (Brian Maly) [Orabug: 27947608] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2016-2543 CVE-2016-2544 CVE-2017-1000410 CVE-2017-17741 CVE-2018-1000199 CVE-2018-10323 CVE-2016-2549 CVE-2016-2545 CVE-2016-2548 CVE-2018-3665 CVE-2016-2384 CVE-2016-2547 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.16.4] - x86/fpu: Make eager FPU default (Mihai Carabas) [Orabug: 28135099] {CVE-2018-3665} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3665 cpe:/a:oracle:linux:7::security_validation cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.299.3] - x86/fpu: Make eager FPU default (Mihai Carabas) [Orabug: 28156175] {CVE-2018-3665} - ALSA: hrtimer: Fix stall by hrtimer_cancel() (Takashi Iwai) [Orabug: 22876528] {CVE-2016-2549} - ALSA: timer: Harden slave timer list handling (Takashi Iwai) [Orabug: 22876528] {CVE-2016-2547} {CVE-2016-2548} - ALSA: timer: Fix double unlink of active_list (Takashi Iwai) [Orabug: 22876528] {CVE-2016-2545} - ALSA: seq: Fix missing NULL check at remove_events ioctl (Takashi Iwai) [Orabug: 22876528] {CVE-2016-2543} - ALSA: seq: Fix race at timer setup and close (Takashi Iwai) [Orabug: 22876528] {CVE-2016-2544} - ALSA: usb-audio: avoid freeing umidi object twice (Andrey Konovalov) [Orabug: 22876528] {CVE-2016-2384} - mlx4_ib: DREQ silently dropped by PF passive side (Venkat Venkatsubra) [Orabug: 25090540] - net: tcpdump fails with EFAULT (Venkat Venkatsubra) [Orabug: 25209691] - x86/spec: Remove rescan_spec_ctrl_feature as it's not needed anymore (Krish Sadhukhan) [Orabug: 27934121] [2.6.39-400.299.2] - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947612] {CVE-2018-1000199} - Revert 'perf/hwbp: Simplify the perf-hwbp code, fix documentation' (Brian Maly) [Orabug: 27947612] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2016-2543 CVE-2016-2548 CVE-2016-2549 CVE-2016-2545 CVE-2016-2544 CVE-2018-1000199 CVE-2018-3665 CVE-2016-2547 CVE-2016-2384 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 [2.12-1.212.0.1] - backport rh patch 1047983 from OL7, Orabug 25407655 [2.12-1.212] - CVE-2017-15670: glob: Fix one-byte overflow with GLOB_TILDE (#1504810) - CVE-2017-15804: glob: Fix buffer overflow in GLOB_TILDE unescaping (#1504810) [2.12-1.211] - Avoid large allocas in the dynamic linker (#1452717) [2.12-1.210] - Fix thread cancellation issues for setmntent() and others (#1437147). IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:6::userspace_ksplice Oracle Linux 6 Oracle Linux 7 [4.1.12-124.17.1] - block: update integrity interval after queue limits change (Ritika Srivastava) [Orabug: 27586756] - dccp: check sk for closed state in dccp_sendmsg() (Alexey Kodanev) [Orabug: 28001529] {CVE-2017-8824} {CVE-2018-1130} - net/rds: Implement ARP flushing correctly (Hakon Bugge) [Orabug: 28219857] - net/rds: Fix incorrect bigger vs. smaller IP address check (Hakon Bugge) [Orabug: 28236599] - ocfs2: Fix locking for res->tracking and dlm->tracking_list (Ashish Samant) [Orabug: 28256391] - xfrm: policy: check policy direction value (Vladis Dronov) [Orabug: 28256487] {CVE-2017-11600} {CVE-2017-11600} [4.1.12-124.16.6] - add kernel param to pre-allocate NICs (Brian Maly) [Orabug: 27870400] - mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris Salls) [Orabug: 28242475] {CVE-2017-7616} - xhci: Fix USB3 NULL pointer dereference at logical disconnect. (Mathias Nyman) [Orabug: 27426023] - mlx4_core: restore optimal ICM memory allocation (Eric Dumazet) [Orabug: 27718303] - mlx4_core: allocate ICM memory in page size chunks (Qing Huang) [Orabug: 27718303] - kernel/signal.c: avoid undefined behaviour in kill_something_info When running kill(72057458746458112, 0) in userspace I hit the following issue. (mridula shastry) [Orabug: 28078687] {CVE-2018-10124} - rds: tcp: compute m_ack_seq as offset from ->write_seq (Sowmini Varadhan) [Orabug: 28085214] - ext4: fix bitmap position validation (Lukas Czerner) [Orabug: 28167032] - net/rds: Fix bug in failover_group parsing (Hakon Bugge) [Orabug: 28198749] - sctp: verify size of a new chunk in _sctp_make_chunk() (Alexey Kodanev) [Orabug: 28240074] {CVE-2018-5803} [4.1.12-124.16.5] - netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Eric Dumazet) [Orabug: 27896802] {CVE-2017-18017} - kernel/exit.c: avoid undefined behaviour when calling wait4() wait4(-2147483648, 0x20, 0, 0xdd0000) triggers: UBSAN: Undefined behaviour in kernel/exit.c:1651:9 (mridula shastry) [Orabug: 28049778] {CVE-2018-10087} - x86/bugs/module: Provide retpoline_modules_only parameter to fail non-retpoline modules (Konrad Rzeszutek Wilk) [Orabug: 28071992] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-10087 CVE-2018-10124 CVE-2018-1130 CVE-2017-7616 CVE-2017-18017 CVE-2018-5803 CVE-2017-11600 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.22.1] - dm: fix race between dm_get_from_kobject() and __dm_destroy() (Hou Tao) {CVE-2017-18203} - drm: udl: Properly check framebuffer mmap offsets (Greg Kroah-Hartman) [Orabug: 27986407] {CVE-2018-8781} - kernel/exit.c: avoid undefined behaviour when calling wait4() wait4(-2147483648, 0x20, 0, 0xdd0000) triggers: UBSAN: Undefined behaviour in kernel/exit.c:1651:9 (mridula shastry) [Orabug: 27875488] {CVE-2018-10087} - kernel/signal.c: avoid undefined behaviour in kill_something_info When running kill(72057458746458112, 0) in userspace I hit the following issue. (mridula shastry) {CVE-2018-10124} - bluetooth: Validate socket address length in sco_sock_bind(). (mlevatic) [Orabug: 28130293] {CVE-2015-8575} - dccp: check sk for closed state in dccp_sendmsg() (Alexey Kodanev) [Orabug: 28220402] {CVE-2017-8824} {CVE-2018-1130} - sctp: verify size of a new chunk in _sctp_make_chunk() (Alexey Kodanev) [Orabug: 28240075] {CVE-2018-5803} - mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris Salls) [Orabug: 28242478] {CVE-2017-7616} - xfrm: policy: check policy direction value (Vladis Dronov) [Orabug: 28264121] {CVE-2017-11600} {CVE-2017-11600} - x86/fpu: Make eager FPU default (Mihai Carabas) [Orabug: 28156176] {CVE-2018-3665} - KVM: Fix stack-out-of-bounds read in write_mmio (Wanpeng Li) [Orabug: 27951287] {CVE-2017-17741} {CVE-2017-17741} - xfs: set format back to extents if xfs_bmap_extents_to_btree (Eric Sandeen) [Orabug: 27989498] {CVE-2018-10323} - Bluetooth: Prevent stack info leak from the EFS element. (Ben Seri) [Orabug: 28030520] {CVE-2017-1000410} {CVE-2017-1000410} - ALSA: hrtimer: Fix stall by hrtimer_cancel() (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2549} - ALSA: timer: Harden slave timer list handling (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2547} {CVE-2016-2548} - ALSA: timer: Fix double unlink of active_list (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2545} - ALSA: seq: Fix missing NULL check at remove_events ioctl (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2543} - ALSA: seq: Fix race at timer setup and close (Takashi Iwai) [Orabug: 28058229] {CVE-2016-2544} - ALSA: usb-audio: avoid freeing umidi object twice (Andrey Konovalov) [Orabug: 28058229] {CVE-2016-2384} - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947608] {CVE-2018-1000199} - Revert 'perf/hwbp: Simplify the perf-hwbp code, fix documentation' (Brian Maly) [Orabug: 27947608] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-18203 CVE-2018-1130 CVE-2017-11600 CVE-2015-8575 CVE-2018-5803 CVE-2018-8781 CVE-2017-7616 CVE-2018-10124 CVE-2018-10087 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.300.2] - Revert 'RDS: don't commit to queue till transport connection is up' (Santosh Shilimkar) [Orabug: 27619034] - KVM: Fix stack-out-of-bounds read in write_mmio (Wanpeng Li) [Orabug: 27951293] {CVE-2017-17741} {CVE-2017-17741} - kernel/exit.c: avoid undefined behaviour when calling wait4() wait4(-2147483648, 0x20, 0, 0xdd0000) triggers: UBSAN: Undefined behaviour in kernel/exit.c:1651:9 (mridula shastry) [Orabug: 28049790] {CVE-2018-10087} - kernel/signal.c: avoid undefined behaviour in kill_something_info When running kill(72057458746458112, 0) in userspace I hit the following issue. (mridula shastry) [Orabug: 28082989] {CVE-2018-10124} - bluetooth: Validate socket address length in sco_sock_bind(). (mlevatic) [Orabug: 28130291] {CVE-2015-8575} - x86/bug: Fix typo's from commit b2d2b5b2 (x86/fpu: Make eager FPU default) (Mihai Carabas) [Orabug: 28194606] - dccp: check sk for closed state in dccp_sendmsg() (Alexey Kodanev) [Orabug: 28220512] {CVE-2017-8824} {CVE-2018-1130} - mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris Salls) [Orabug: 28242479] {CVE-2017-7616} - xfrm: policy: check policy direction value (Vladis Dronov) [Orabug: 28264531] {CVE-2017-11600} {CVE-2017-11600} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-7616 CVE-2018-10087 CVE-2015-8575 CVE-2017-17741 CVE-2017-11600 CVE-2018-10124 CVE-2018-1130 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 [1.0.1e-57.0.3] - Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-3735 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:linux:6:10:base Oracle Linux 7 [4.14.35-1818.0.14] - tcp: add tcp_ooo_try_coalesce() helper (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390} - tcp: call tcp_drop() from tcp_data_queue_ofo() (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390} - tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390} - tcp: avoid collapses in tcp_prune_queue() if possible (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390} - tcp: free batches of packets in tcp_prune_ofo_queue() (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5390 cpe:/a:oracle:linux:7::UEKR5_archive Oracle Linux 7 [4.14.35-1818.0.15] - tcp: add tcp_ooo_try_coalesce() helper (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390} - tcp: call tcp_drop() from tcp_data_queue_ofo() (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390} - tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390} - tcp: avoid collapses in tcp_prune_queue() if possible (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390} - tcp: free batches of packets in tcp_prune_ofo_queue() (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5390 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.23.1] - xen/blkback: free requests on disconnection (Dongli Zhang) [Orabug: 22111941] - RDS: null pointer dereference in rds_atomic_free_op (Mohamed Ghannam) [Orabug: 27986376] {CVE-2018-5333} - ACPI: sbshc: remove raw pointer from printk() message (Greg Kroah-Hartman) [Orabug: 27986392] {CVE-2018-5750} - futex: Prevent overflow by strengthen input validation (Li Jinyue) [Orabug: 27986395] {CVE-2018-6927} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5750 CVE-2018-6927 CVE-2018-5333 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 7 [4.14.35-1818.1.6] - ipv4: frags: handle possible skb truesize change (Eric Dumazet) [Orabug: 28481663] {CVE-2018-5391} [4.14.35-1818.1.5] - inet: frag: enforce memory limits earlier (Eric Dumazet) [Orabug: 28481663] {CVE-2018-5391} - init/main.c: reorder boot_cpu_state_init/smp_prepare_boot_cpu (Mihai Carabas) [Orabug: 28491890] [4.14.35-1818.1.4] - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (Prarit Bhargava) [Orabug: 28390134] - x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen) [Orabug: 28442418] {CVE-2018-3620} - x86/mm/pat: Make set_memory_np() L1TF safe (Andi Kleen) [Orabug: 28442418] {CVE-2018-3620} - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen) [Orabug: 28442418] {CVE-2018-3620} - x86/speculation/l1tf: Invert all not present mappings (Andi Kleen) [Orabug: 28442418] {CVE-2018-3620} - cpu/hotplug: Fix SMT supported evaluation (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620} - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry (Paolo Bonzini) [Orabug: 28442418] {CVE-2018-3646} - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Paolo Bonzini) [Orabug: 28442418] {CVE-2018-3620} - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Paolo Bonzini) [Orabug: 28442418] {CVE-2018-3620} - Documentation/l1tf: Remove Yonah processors from not vulnerable list (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620} - x86/KVM/VMX: Dont set l1tf_flush_l1d from vmx_handle_external_intr() (Nicolai Stange) [Orabug: 28442418] {CVE-2018-3646} - x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d (Nicolai Stange) [Orabug: 28442418] {CVE-2018-3646} - x86: Dont include linux/irq.h from asm/hardirq.h (Nicolai Stange) [Orabug: 28442418] {CVE-2018-3620} - x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d (Nicolai Stange) [Orabug: 28442418] {CVE-2018-3646} - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() (Nicolai Stange) [Orabug: 28442418] {CVE-2018-3646} - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' (Nicolai Stange) [Orabug: 28442418] {CVE-2018-3646} - x86/KVM/VMX: Dont set l1tf_flush_l1d to true from vmx_l1d_flush() (Nicolai Stange) [Orabug: 28442418] {CVE-2018-3646} - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (Paolo Bonzini) [Orabug: 28442418] {CVE-2018-3646} - cpu/hotplug: detect SMT disabled by BIOS (Josh Poimboeuf) [Orabug: 28442418] {CVE-2018-3620} - Documentation/l1tf: Fix typos (Tony Luck) [Orabug: 28442418] {CVE-2018-3620} - x86/KVM/VMX: Initialize the vmx_l1d_flush_pages content (Nicolai Stange) [Orabug: 28442418] {CVE-2018-3646} - x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Jiri Kosina) [Orabug: 28442418] {CVE-2018-3620} - Documentation: Add section about CPU vulnerabilities (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620} - x86/bugs, kvm: Introduce boot-time control of L1TF mitigations (Jiri Kosina) [Orabug: 28442418] {CVE-2018-3646} - cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620} - cpu/hotplug: Expose SMT control init function (Jiri Kosina) [Orabug: 28442418] {CVE-2018-3620} - x86/kvm: Allow runtime control of L1D flush (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3646} - x86/kvm: Serialize L1D flush parameter setter (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3646} - x86/kvm: Add static key for flush always (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3646} - x86/kvm: Move l1tf setup function (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3646} - x86/l1tf: Handle EPT disabled state proper (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620} - x86/kvm: Drop L1TF MSR list approach (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3646} - x86/litf: Introduce vmx status variable (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620} - cpu/hotplug: Online siblings when SMT control is turned on (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620} - x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Konrad Rzeszutek Wilk) [Orabug: 28442418] {CVE-2018-3646} - x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Konrad Rzeszutek Wilk) [Orabug: 28442418] {CVE-2018-3646} - x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Konrad Rzeszutek Wilk) [Orabug: 28442418] {CVE-2018-3646} - x86/KVM/VMX: Add find_msr() helper function (Konrad Rzeszutek Wilk) [Orabug: 28442418] {CVE-2018-3646} - x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Konrad Rzeszutek Wilk) [Orabug: 28442418] {CVE-2018-3646} - x86/KVM/VMX: Add L1D flush logic (Paolo Bonzini) [Orabug: 28442418] {CVE-2018-3646} - x86/KVM/VMX: Add L1D MSR based flush (Paolo Bonzini) [Orabug: 28442418] {CVE-2018-3646} - x86/KVM/VMX: Add L1D flush algorithm (Paolo Bonzini) [Orabug: 28442418] {CVE-2018-3646} - x86/KVM/VMX: Add module argument for L1TF mitigation (Konrad Rzeszutek Wilk) [Orabug: 28442418] {CVE-2018-3646} {CVE-2018-3646} - x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Konrad Rzeszutek Wilk) [Orabug: 28442418] {CVE-2018-3646} - KVM: X86: Provide a capability to disable PAUSE intercepts (Wanpeng Li) [Orabug: 28442418] {CVE-2018-3646} - KVM: X86: Provide a capability to disable HLT intercepts (Wanpeng Li) [Orabug: 28442418] {CVE-2018-3646} - KVM: X86: Provide a capability to disable MWAIT intercepts (Wanpeng Li) [Orabug: 28442418] {CVE-2018-3646} - cpu/hotplug: Boot HT siblings at least once (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620} - Revert 'x86/apic: Ignore secondary threads if nosmt=force' (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620} - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal Hocko) [Orabug: 28442418] {CVE-2018-3620} - x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil Babka) [Orabug: 28442418] {CVE-2018-3620} - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Borislav Petkov) [Orabug: 28442418] {CVE-2018-3620} - x86/cpufeatures: Add detection of L1D cache flush support. (Konrad Rzeszutek Wilk) [Orabug: 28442418] {CVE-2018-3620} - x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil Babka) [Orabug: 28442418] {CVE-2018-3620} - x86/apic: Ignore secondary threads if nosmt=force (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620} - x86/cpu/AMD: Evaluate smp_num_siblings early (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620} - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (Borislav Petkov) [Orabug: 28442418] {CVE-2018-3620} - x86/cpu/intel: Evaluate smp_num_siblings early (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620} - x86/cpu/topology: Provide detect_extended_topology_early() (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620} - x86/cpu/common: Provide detect_ht_early() (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620} - x86/cpu/AMD: Remove the pointless detect_ht() call (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620} - x86/cpu: Remove the pointless CPU printout (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620} - cpu/hotplug: Provide knobs to control SMT (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620} - cpu/hotplug: Split do_cpu_down() (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620} - cpu/hotplug: Make bringup/teardown of smp threads symmetric (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620} - x86/topology: Provide topology_smt_supported() (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620} - x86/smp: Provide topology_is_primary_thread() (Thomas Gleixner) [Orabug: 28442418] {CVE-2018-3620} - sched/smt: Update sched_smt_present at runtime (Peter Zijlstra) [Orabug: 28442418] {CVE-2018-3620} - x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad Rzeszutek Wilk) [Orabug: 28442418] {CVE-2018-3620} - x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Klein) [Orabug: 28442418] {CVE-2018-3620} - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Andi Kleen) [Orabug: 28442418] {CVE-2018-3620} - x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Klein) [Orabug: 28442418] {CVE-2018-3620} - x86/speculation/l1tf: Make sure the first page is always reserved (Andi Klein) [Orabug: 28442418] {CVE-2018-3620} - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi Klein) [Orabug: 28442418] {CVE-2018-3620} - x86/speculation/l1tf: Protect swap entries against L1TF (Linus Torvalds) [Orabug: 28442418] {CVE-2018-3620} - x86/speculation/l1tf: Change order of offset/type in swap entry (Linus Torvalds) [Orabug: 28442418] {CVE-2018-3620} - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi Klein) [Orabug: 28442418] {CVE-2018-3620} - x86/mm: Limit mmap() of /dev/mem to valid physical addresses (Craig Bergstrom) [Orabug: 28442418] {CVE-2018-3620} {CVE-2018-3620} - x86/mm: Prevent non-MAP_FIXED mapping across DEFAULT_MAP_WINDOW border (Kirill A. Shutemov) [Orabug: 28442418] {CVE-2018-3620} {CVE-2018-3620} [4.14.35-1818.1.3] - tcp: add tcp_ooo_try_coalesce() helper (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390} - tcp: call tcp_drop() from tcp_data_queue_ofo() (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390} - tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390} - tcp: avoid collapses in tcp_prune_queue() if possible (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390} - tcp: free batches of packets in tcp_prune_ofo_queue() (Eric Dumazet) [Orabug: 28453849] {CVE-2018-5390} [4.14.35-1818.1.2] - net/rds: Fix incorrect bigger vs. smaller IP address check (Hakon Bugge) [Orabug: 28239459] - IB/mad: Use IDR for agent IDs (willy@infradead.org) [Orabug: 28340849] - IB/mad: Agent registration is process context only (Matthew Wilcox) [Orabug: 28340849] - IB/core: Make ib_mad_client_id atomic (Hakon Bugge) [Orabug: 28340849] - scsi: lpfc: Revise copyright for new company language (James Smart) [Orabug: 28361789] - scsi: lpfc: update driver version to 12.0.0.5 (James Smart) [Orabug: 28361789] - scsi: lpfc: devloss timeout race condition caused null pointer reference (James Smart) [Orabug: 28361789] - scsi: lpfc: Fix NVME Target crash in defer rcv logic (James Smart) [Orabug: 28361789] - scsi: lpfc: Support duration field in Link Cable Beacon V1 command (James Smart) [Orabug: 28361789] - scsi: lpfc: Make PBDE optimizations configurable (James Smart) [Orabug: 28361789] - scsi: lpfc: Fix abort error path for NVMET (James Smart) [Orabug: 28361789] - scsi: lpfc: Fix panic if driver unloaded when port is offline (James Smart) [Orabug: 28361789] - scsi: lpfc: Fix driver not setting dpp bits correctly in doorbell word (James Smart) [Orabug: 28361789] - scsi: lpfc: Add Buffer overflow check, when nvme_info larger than PAGE_SIZE (James Smart) [Orabug: 28361789] - scsi: lpfc: use monotonic timestamps for statistics (Arnd Bergmann) [Orabug: 28361789] - scsi: lpfc: update driver version to 12.0.0.4 (James Smart) [Orabug: 28361789] - scsi: lpfc: Fix port initialization failure. (James Smart) [Orabug: 28361789] - scsi: lpfc: Fix 16gb hbas failing cq create. (James Smart) [Orabug: 28361789] - scsi: lpfc: Fix crash in blk_mq layer when executing modprobe -r lpfc (James Smart) [Orabug: 28361789] - scsi: lpfc: correct oversubscription of nvme io requests for an adapter (James Smart) [Orabug: 28361789] - scsi: lpfc: Fix MDS diagnostics failure (Rx < Tx) (James Smart) [Orabug: 28361789] - scsi: lpfc: fix spelling mistakes: 'mabilbox' and 'maibox' (Colin Ian King) [Orabug: 28361789] - scsi: lpfc: Comment cleanup regarding Broadcom copyright header (James Smart) [Orabug: 28361789] - scsi: lpfc: update driver version to 12.0.0.3 (James Smart) [Orabug: 28361789] - scsi: lpfc: Enhance log messages when reporting CQE errors (James Smart) [Orabug: 28361789] - scsi: lpfc: Fix up log messages and stats counters in IO submit code path (James Smart) [Orabug: 28361789] - scsi: lpfc: Driver NVME load fails when CPU cnt > WQ resource cnt (James Smart) [Orabug: 28361789] - scsi: lpfc: Handle new link fault code returned by adapter firmware. (James Smart) [Orabug: 28361789] - scsi: lpfc: Correct fw download error message (James Smart) [Orabug: 28361789] - scsi: lpfc: enhance LE data structure copies to hardware (James Smart) [Orabug: 28361789] - scsi: lpfc: Change IO submit return to EBUSY if remote port is recovering (James Smart) [Orabug: 28361789] - uek-rpm: aarch64 Set CONFIG_BPF_STREAM_PARSER (Henry Willard) [Orabug: 28380994] - uek-rpm: Enable net_failover.ko in nano_modules file (Victor Erminpour) [Orabug: 28401935] - uek-rpm: config: Disable CONFIG_SECURITY_DMESG_RESTRICT (Victor Erminpour) [Orabug: 28401946] [4.14.35-1818.1.1] - net/rds: Implement ARP flushing correctly (Hakon Bugge) [Orabug: 28219851] - scsi: smartpqi: bump driver version to 1.1.4-130 (Don Brace) - scsi: smartpqi: fix critical ARM issue reading PQI index registers (Kevin Barnett) - scsi: smartpqi: add inspur advantech ids (Kevin Barnett) - scsi: smartpqi: improve error checking for sync requests (Kevin Barnett) - scsi: smartpqi: improve handling for sync requests (Kevin Barnett) - blk-mq: Allow PCI vector offset for mapping queues (Keith Busch) - scsi: smartpqi: update driver version (Don Brace) - scsi: smartpqi: workaround fw bug for oq deletion (Kevin Barnett) - scsi: smartpqi: add in new supported controllers (Kevin Barnett) - scsi: smartpqi: Convert timers to use timer_setup() (Kees Cook) - uek-rpm: Enable ovmapi.ko in nano_module (Victor Erminpour) [Orabug: 28142947] - rdmaip: fix returned value not set error (Zhu Yanjun) - IB: RDMAIP: avoid migration to a port that is down (Zhu Yanjun) - net/rds: prevent RDS connections using stale ARP entries (Wei Lin Guay) [Orabug: 28149099] - net/rds: Fix kernel panic caused by a race between setup/teardown (Hans Westgaard Ry) [Orabug: 28341723] - net/rds: Avoid stalled connection due to CM REQ retries (Wei Lin Guay) [Orabug: 28068633] - net/rds: use one sided reconnection during a race (Wei Lin Guay) [Orabug: 28068633] - Revert 'Revert 'net/rds: Revert 'RDS: add reconnect retry scheme for stalled' (Hakon Bugge) [Orabug: 28068633] - socket: close race condition between sock_close() and sockfs_setattr() (Cong Wang) [Orabug: 28312496] {CVE-2018-12232} - jfs: Fix inconsistency between memory allocation and ea_buf->max_size (Shankara Pailoor) [Orabug: 28312514] {CVE-2018-12233} - x86/speculation: Support per-process SSBD with IBRS (Alexandre Chartre) [Orabug: 28354046] - x86/speculation: Implement per-cpu IBRS control (Alexandre Chartre) [Orabug: 28064083] [4.14.35-1818.1.0] - ipmi: Remove ACPI SPMI probing from the SSIF (I2C) driver (Corey Minyard) [Orabug: 27628285] - rds: tcp: cancel all worker threads before shutting down socket (Sowmini Varadhan) [Orabug: 28350092] - scsi: megaraid_sas: fix selection of reply queue (Ming Lei) [Orabug: 28353250] - genirq/affinity: assign vectors to all possible CPUs (Christoph Hellwig) [Orabug: 28353250] - rds: signedness bug (Dan Carpenter) [Orabug: 28319158] - proc/kcore: dont bounds check against address 0 (Laura Abbott) [Orabug: 28321870] - mm/gup.c: teach get_user_pages_unlocked to handle FOLL_NOWAIT (Andrea Arcangeli) [Orabug: 28322517] - ocfs2: Fix locking for res->tracking and dlm->tracking_list (Ashish Samant) [Orabug: 28256389] - add kernel param to pre-allocate NICs (Brian Maly) [Orabug: 28257071] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3620 CVE-2018-5391 CVE-2018-3646 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5_archive cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.18.5] - inet: frag: enforce memory limits earlier (Eric Dumazet) [Orabug: 28450977] - x86/mm/pageattr.c: fix page prot mask (Mihai Carabas) [Orabug: 28492122] - x86/pgtable.h: fix PMD/PUD mask (Mihai Carabas) [Orabug: 28492122] - x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28492122] [4.1.12-124.18.4] - kvm/vmx: Dont mark vmx_exit() __exit (Boris Ostrovsky) [Orabug: 28491688] - x86/speculation: Dont mark cpu_no_l1tf __initconst (Boris Ostrovsky) [Orabug: 28491688] - x86/speculation: parse l1tf boot parameter early (Boris Ostrovsky) [Orabug: 28491688] [4.1.12-124.18.3] - posix-timer: Properly check sigevent->sigev_notify (Thomas Gleixner) [Orabug: 28481412] {CVE-2017-18344} [4.1.12-124.18.2] - x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen) [Orabug: 28220674] {CVE-2018-3620} - x86/mm/pat: Make set_memory_np() L1TF safe (Andi Kleen) [Orabug: 28220674] {CVE-2018-3620} - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (Matt Fleming) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Invert all not present mappings (Andi Kleen) [Orabug: 28220674] {CVE-2018-3620} - cpu/hotplug: Fix SMT supported evaluation (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3646} - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3620} - KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES (KarimAllah Ahmed) [Orabug: 28220674] {CVE-2018-3646} - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3620} - Documentation/l1tf: Remove Yonah processors from not vulnerable list (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/KVM/VMX: Dont set l1tf_flush_l1d from vmx_handle_external_intr() (Nicolai Stange) [Orabug: 28220674] {CVE-2018-3646} - x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d (Nicolai Stange) [Orabug: 28220674] {CVE-2018-3646} - x86: Dont include linux/irq.h from asm/hardirq.h (Nicolai Stange) [Orabug: 28220625] {CVE-2018-3620} - x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d (Nicolai Stange) [Orabug: 28220625] {CVE-2018-3646} - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() (Nicolai Stange) [Orabug: 28220625] {CVE-2018-3646} - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' (Nicolai Stange) [Orabug: 28220625] {CVE-2018-3646} - x86/KVM/VMX: Dont set l1tf_flush_l1d to true from vmx_l1d_flush() (Nicolai Stange) [Orabug: 28220625] {CVE-2018-3646} - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (Paolo Bonzini) [Orabug: 28220625] {CVE-2018-3646} - KVM: X86: Introduce kvm_get_msr_feature() (Wanpeng Li) [Orabug: 28220674] {CVE-2018-3646} - KVM: x86: Add a framework for supporting MSR-based features (Tom Lendacky) [Orabug: 28220674] {CVE-2018-3646} - cpu/hotplug: detect SMT disabled by BIOS (Josh Poimboeuf) [Orabug: 28220674] {CVE-2018-3620} - Documentation/l1tf: Fix typos (Tony Luck) [Orabug: 28220674] {CVE-2018-3620} - x86/KVM/VMX: Initialize the vmx_l1d_flush_pages content (Nicolai Stange) [Orabug: 28220674] {CVE-2018-3646} - x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Jiri Kosina) [Orabug: 28220674] {CVE-2018-3620} - Documentation: Add section about CPU vulnerabilities (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/bugs, kvm: Introduce boot-time control of L1TF mitigations (Jiri Kosina) [Orabug: 28220674] {CVE-2018-3646} - cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - cpu/hotplug: Expose SMT control init function (Jiri Kosina) [Orabug: 28220674] {CVE-2018-3620} - x86/kvm: Allow runtime control of L1D flush (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3646} - x86/kvm: Serialize L1D flush parameter setter (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3646} - x86/kvm: Add static key for flush always (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3646} - x86/kvm: Move l1tf setup function (Thomas Gleixner) [Orabug: 28220625] {CVE-2018-3646} - x86/l1tf: Handle EPT disabled state proper (Thomas Gleixner) [Orabug: 28220625] {CVE-2018-3620} - x86/kvm: Drop L1TF MSR list approach (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3646} - x86/litf: Introduce vmx status variable (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - cpu/hotplug: Online siblings when SMT control is turned on (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646} - x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646} - x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646} - x86/KVM/VMX: Add find_msr() helper function (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646} - x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646} - x86/KVM/VMX: Add L1D flush logic (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3646} - x86/KVM/VMX: Add L1D MSR based flush (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3646} - x86/KVM/VMX: Add L1D flush algorithm (Paolo Bonzini) [Orabug: 28220674] {CVE-2018-3646} - x86/KVM/VMX: Add module argument for L1TF mitigation (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646} {CVE-2018-3646} - locking/static_keys: Add static_key_{en,dis}able() helpers (Peter Zijlstra) [Orabug: 28220674] {CVE-2018-3620} - x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3646} - KVM: x86: Introducing kvm_x86_ops VM init/destroy hooks (Suravee Suthikulpanit) [Orabug: 28220674] {CVE-2018-3646} - cpu/hotplug: Boot HT siblings at least once (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - Revert 'x86/apic: Ignore secondary threads if nosmt=force' (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal Hocko) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil Babka) [Orabug: 28220674] {CVE-2018-3620} - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Borislav Petkov) [Orabug: 28220674] {CVE-2018-3620} - x86/cpufeatures: Add detection of L1D cache flush support. (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil Babka) [Orabug: 28220674] {CVE-2018-3620} - x86/apic: Ignore secondary threads if nosmt=force (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/cpu/AMD: Evaluate smp_num_siblings early (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (Borislav Petkov) [Orabug: 28220674] {CVE-2018-3620} - x86/cpu/intel: Evaluate smp_num_siblings early (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/cpu/topology: Provide detect_extended_topology_early() (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/cpu/common: Provide detect_ht_early() (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/cpu/AMD: Remove the pointless detect_ht() call (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/cpu: Remove the pointless CPU printout (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - cpu/hotplug: Provide knobs to control SMT (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/topology: Add topology_max_smt_threads() (Andi Kleen) [Orabug: 28220674] {CVE-2018-3620} - cpu/hotplug: Split do_cpu_down() (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/topology: Provide topology_smt_supported() (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/smp: Provide topology_is_primary_thread() (Thomas Gleixner) [Orabug: 28220674] {CVE-2018-3620} - x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad Rzeszutek Wilk) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Klein) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Andi Klein) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Klein) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Make sure the first page is always reserved (Andi Klein) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi Klein) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Protect swap entries against L1TF (Linus Torvalds) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Change order of offset/type in swap entry (Linus Torvalds) [Orabug: 28220674] {CVE-2018-3620} - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi Klein) [Orabug: 28220674] {CVE-2018-3620} - x86/mm: Limit mmap() of /dev/mem to valid physical addresses (Craig Bergstrom) [Orabug: 28220674] {CVE-2018-3620} - x86/mm: Prevent non-MAP_FIXED mapping across DEFAULT_MAP_WINDOW border (Kirill A. Shutemov) [Orabug: 28220674] {CVE-2018-3620} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-18344 CVE-2018-5391 CVE-2018-3620 CVE-2018-3646 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 7 [12:2.9.0-11.1.el7] - i386: Define the Virt SSBD MSR and handling of it (CVE-2018-3639) (Konrad Rzeszutek Wilk) [Orabug: 28110449] {CVE-2018-3639} - i386: define the AMD 'virt-ssbd' CPUID feature bit (CVE-2018-3639) (Konrad Rzeszutek Wilk) [Orabug: 28110449] {CVE-2018-3639} - i386: define the 'ssbd' CPUID feature bit (CVE-2018-3639) (Daniel P. Berrange) [Orabug: 28110449] {CVE-2018-3639} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3639 cpe:/a:oracle:linux:7::kvm_utils Oracle Linux 6 Oracle Linux 7 [4.1.12-124.18.6] - qla2xxx: Update the version to 9.00.00.00.41.0-k1. (Giridhar Malavali) [Orabug: 28172611] - qla2xxx: Utilize complete local DMA buffer for DIF PI inforamtion. (Giridhar Malavali) [Orabug: 28172611] - qla2xxx: Correction to total data segment count when local DMA buffers used for DIF PI. (Giridhar Malavali) - scsi: megaraid_sas: fix the wrong way to get irq number (Jianchao Wang) [Orabug: 28436426] - ALSA: seq: Make ioctls race-free (Takashi Iwai) [Orabug: 28459728] {CVE-2018-7566} - ALSA: seq: Fix racy pool initializations (Takashi Iwai) [Orabug: 28459728] {CVE-2018-7566} - oracleasm: Fix use after free for request processing timer (Martin K. Petersen) [Orabug: 28506080] - oracleasm: Fix incorrectly set flag (Martin K. Petersen) [Orabug: 28506080] - oracleasm: Fix memory leak (Martin K. Petersen) [Orabug: 28506080] - oracleasm: Add ENXIO handling (Martin K. Petersen) [Orabug: 28506080] - oracleasm: Add missing tracepoint (Martin K. Petersen) [Orabug: 28506080] - oracleasm: Don't assume bip was allocated by oracleasm (Martin K. Petersen) [Orabug: 28506080] - oracleasm: fix asmfs_dir_operations compiler error (Tom Saeger) [Orabug: 28506080] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-7566 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.18.9] - rebuild bumping release [4.1.12-124.18.8] - Cipso: cipso_v4_optptr enter infinite loop (yujuan.qi) [Orabug: 28563992] {CVE-2018-10938} - Btrfs: fix list_add corruption and soft lockups in fsync (Liu Bo) [Orabug: 28119834] - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (Peter Zijlstra) [Orabug: 28474643] {CVE-2018-15594} - sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() in sym_hipd.c (George Kennedy) [Orabug: 28481893] - md/raid1: Avoid raid1 resync getting stuck (Jes Sorensen) [Orabug: 28529228] - x86/spectrev2: Don't set mode to SPECTRE_V2_NONE when retpoline is available. (Boris Ostrovsky) [Orabug: 28540376] [4.1.12-124.18.7] - ext4: avoid deadlock when expanding inode size (Jan Kara) [Orabug: 25718971] - ext4: properly align shifted xattrs when expanding inodes (Jan Kara) [Orabug: 25718971] - ext4: fix xattr shifting when expanding inodes part 2 (Jan Kara) [Orabug: 25718971] - ext4: fix xattr shifting when expanding inodes (Jan Kara) [Orabug: 25718971] - uek-rpm: Enable perf stripped binary (Victor Erminpour) [Orabug: 27801171] - nfsd: give out fewer session slots as limit approaches (J. Bruce Fields) [Orabug: 28023821] - nfsd: increase DRC cache limit (J. Bruce Fields) [Orabug: 28023821] - uek-rpm: config-debug: Turn off torture testing by default (Knut Omang) [Orabug: 28261886] - ipmi: Remove smi_msg from waiting_rcv_msgs list before handle_one_recv_msg() (Junichi Nomura) - x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs (Yazen Ghannam) [Orabug: 28416303] - Fix up non-directory creation in SGID directories (Linus Torvalds) [Orabug: 28459477] {CVE-2018-13405} - scsi: libsas: defer ata device eh commands to libata (Jason Yan) [Orabug: 28459685] {CVE-2018-10021} - PCI: Allocate ATS struct during enumeration (Bjorn Helgaas) [Orabug: 28460092] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-15594 CVE-2018-10938 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.19.1] - x86/entry/64: Ensure %ebx handling correct in xen_failsafe_callback (George Kennedy) [Orabug: 28402927] {CVE-2018-14678} - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (Andi Kleen) [Orabug: 28488808] {CVE-2018-3620} - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (Vlastimil Babka) [Orabug: 28488808] {CVE-2018-3620} - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (Vlastimil Babka) [Orabug: 28488808] {CVE-2018-3620} - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Vlastimil Babka) [Orabug: 28488808] {CVE-2018-3620} - x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean Christopherson) [Orabug: 28488808] {CVE-2018-3620} - x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled (Guenter Roeck) [Orabug: 28488808] {CVE-2018-3620} - x86/spectre: Add missing family 6 check to microcode check (Andi Kleen) [Orabug: 28488808] {CVE-2018-3620} - KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled (Thomas Gleixner) [Orabug: 28488808] {CVE-2018-3646} - x86/microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [Orabug: 28488808] {CVE-2018-3620} - x86/microcode: Do not upload microcode if CPUs are offline (Ashok Raj) [Orabug: 28488808] {CVE-2018-3620} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-14678 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.24.1] - mm/mempolicy: fix use after free when calling get_mempolicy (zhong jiang) [Orabug: 28022108] {CVE-2018-10675} - Fix up non-directory creation in SGID directories (Linus Torvalds) [Orabug: 28459478] {CVE-2018-13405} - ALSA: seq: Make ioctls race-free (Takashi Iwai) [Orabug: 28459729] {CVE-2018-7566} - ALSA: seq: Fix racy pool initializations (Takashi Iwai) [Orabug: 28459729] {CVE-2018-7566} - posix-timer: Properly check sigevent->sigev_notify (Thomas Gleixner) [Orabug: 28481409] {CVE-2017-18344} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-7566 CVE-2017-18344 CVE-2018-10675 CVE-2018-13405 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.301.1] - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Vlastimil Babka) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean Christopherson) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil Babka) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil Babka) [Orabug: 28505519] {CVE-2018-3620} - mm, fremap: mitigate L1TF in remap_file_pages (Daniel Jordan) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation: Don't mark cpu_no_l1tf __initconst (Boris Ostrovsky) [Orabug: 28505519] {CVE-2018-3620} - x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Invert all not present mappings (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620} - x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad Rzeszutek Wilk) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620} - mm/pagewalk.c: prevent positive return value of walk_page_test() from being passed to callers (Naoya Horiguchi) [Orabug: 28505519] {CVE-2018-3620} - mm: pagewalk: fix misbehavior of walk_page_range for vma(VM_PFNMAP) (Naoya Horiguchi) [Orabug: 28505519] {CVE-2018-3620} - pagewalk: improve vma handling (Naoya Horiguchi) [Orabug: 28505519] {CVE-2018-3620} - mm/pagewalk: remove pgd_entry() and pud_entry() (Naoya Horiguchi) [Orabug: 28505519] {CVE-2018-3620} - mm/pagewalk.c: fix walk_page_range() access of wrong PTEs (Chen LinX) [Orabug: 28505519] {CVE-2018-3620} - mm/pagewalk.c: walk_page_range should avoid VM_PFNMAP areas (Cliff Wickman) [Orabug: 28505519] {CVE-2018-3620} - pagewalk: don't look up vma if walk->hugetlb_entry is unused (KOSAKI Motohiro) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620} - x86/bugs: Concentrate bug reporting into a separate function (Konrad Rzeszutek Wilk) [Orabug: 28505519] {CVE-2018-3620} - x86/bugs: Concentrate bug detection into a separate function (Konrad Rzeszutek Wilk) [Orabug: 28505519] {CVE-2018-3620} - x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Make sure the first page is always reserved (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal Hocko) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Protect swap entries against L1TF (Linus Torvalds) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Change order of offset/type in swap entry (Linus Torvalds) [Orabug: 28505519] {CVE-2018-3620} - x86/mm: Fix swap entry comment and macro (Dave Hansen) [Orabug: 28505519] {CVE-2018-3620} - x86/mm: Move swap offset/type up in PTE to work around erratum (Dave Hansen) [Orabug: 28505519] {CVE-2018-3620} - mm: x86 pgtable: drop unneeded preprocessor ifdef (Cyrill Gorcunov) [Orabug: 28505519] {CVE-2018-3620} - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620} - x86/mm: Fix regression with huge pages on PAE (Kirill A. Shutemov) [Orabug: 28505519] {CVE-2018-3620} - x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28505519] {CVE-2018-3620} - x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28505519] {CVE-2018-3620} - x86/asm: Move PUD_PAGE macros to page_types.h (Toshi Kani) [Orabug: 28505519] {CVE-2018-3620} - x86/cpufeature: uniquely define *IA32_ARCH_CAPS and *IBRS_ATT (Daniel Jordan) [Orabug: 28505519] {CVE-2018-3620} - Disable kaiser if the cpu is not vulnerable to X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 28001909] - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (David Woodhouse) [Orabug: 28001909] - x86/msr: Add definitions for IA32_ARCH_CAPABILITIES MSR (David Woodhouse) [Orabug: 28001909] - Add driver auto probing for x86 features v4 (Andi Kleen) [Orabug: 28001909] - mm/mempolicy: fix use after free when calling get_mempolicy (zhong jiang) [Orabug: 28022110] {CVE-2018-10675} - xen-netback: do not requeue skb if xenvif is already disconnected (Dongli Zhang) [Orabug: 28247698] - posix-timer: Properly check sigevent->sigev_notify (Thomas Gleixner) [Orabug: 28481397] {CVE-2017-18344} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-10675 CVE-2018-3620 CVE-2017-18344 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.24.2] - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620} - mm, fremap: mitigate L1TF in remap_file_pages (Daniel Jordan) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation: Don't mark cpu_no_l1tf __initconst (Boris Ostrovsky) [Orabug: 28505476] {CVE-2018-3620} - x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/mm/pat: Make set_memory_np() L1TF safe (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (Matt Fleming) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean Christopherson) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Invert all not present mappings (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - mm/pagewalk.c: prevent positive return value of walk_page_test() from being passed to callers (Naoya Horiguchi) [Orabug: 28505476] {CVE-2018-3620} - pagewalk: improve vma handling (Naoya Horiguchi) [Orabug: 28505476] {CVE-2018-3620} - mm/pagewalk: remove pgd_entry() and pud_entry() (Naoya Horiguchi) [Orabug: 28505476] {CVE-2018-3620} - mm/pagewalk.c: fix walk_page_range() access of wrong PTEs (Chen LinX) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/cpu/intel: Add Knights Mill to Intel family (Piotr Luc) [Orabug: 28505476] {CVE-2018-3620} - x86/bugs: Concentrate bug reporting into a separate function (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620} - x86/bugs: Concentrate bug detection into a separate function (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620} - x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Make sure the first page is always reserved (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal Hocko) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Protect swap entries against L1TF (Linus Torvalds) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Change order of offset/type in swap entry (Linus Torvalds) [Orabug: 28505476] {CVE-2018-3620} - x86/mm: Fix swap entry comment and macro (Dave Hansen) [Orabug: 28505476] {CVE-2018-3620} - x86/mm: Move swap offset/type up in PTE to work around erratum (Dave Hansen) [Orabug: 28505476] {CVE-2018-3620} - mm: x86 pgtable: drop unneeded preprocessor ifdef (Cyrill Gorcunov) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/mm: Fix regression with huge pages on PAE (Kirill A. Shutemov) [Orabug: 28505476] {CVE-2018-3620} - x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28505476] {CVE-2018-3620} - x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28505476] {CVE-2018-3620} - x86/asm: Move PUD_PAGE macros to page_types.h (Toshi Kani) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation: sort X86_BUG_* with X86_FEATURE_* (Daniel Jordan) [Orabug: 28505476] {CVE-2018-3620} - Disable kaiser if the cpu is not vulnerable to X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27958074] - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (David Woodhouse) [Orabug: 27958074] - x86/msr: Add definitions for IA32_ARCH_CAPABILITIES MSR (Kanth Ghatraju) [Orabug: 27958074] - x86/cpufeatures: Add Intel feature bit for IA32_ARCH_CAPABILITIES supported (Kanth Ghatraju) [Orabug: 27958074] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-3620 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.19.2] - tcp: add tcp_ooo_try_coalesce() helper (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390} - tcp: call tcp_drop() from tcp_data_queue_ofo() (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390} - tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390} - tcp: avoid collapses in tcp_prune_queue() if possible (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390} - tcp: free batches of packets in tcp_prune_ofo_queue() (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390} - tcp: use an RB tree for ooo receive queue (Yaogong Wang) [Orabug: 28639707] {CVE-2018-5390} - tcp: refine tcp_prune_ofo_queue() to not drop all packets (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390} - tcp: introduce tcp_under_memory_pressure() (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390} - tcp: increment sk_drops for dropped rx packets (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-5390 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 5 [2.6.18-419.0.0.0.11] - x86_64/entry: Don't use IST entry for #BP stack [orabug 28452062] {CVE-2018-8897} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-8897 cpe:/a:oracle:linux:5::ELS Oracle Linux 6 Oracle Linux 7 [4.1.12-124.19.5] - nsfs: mark dentry with DCACHE_RCUACCESS (Cong Wang) [Orabug: 28576290] {CVE-2018-5873} - dm crypt: add middle-endian variant of plain64 IV (Konrad Rzeszutek Wilk) [Orabug: 28604628] - IB/ipoib: Improve filtering log message (Yuval Shaia) [Orabug: 28655409] - IB/ipoib: Fix wrong update of arp_blocked counter (Yuval Shaia) [Orabug: 28655409] - IB/ipoib: Update RX counters after ACL filtering (Yuval Shaia) [Orabug: 28655409] - IB/ipoib: Filter RX packets before adding pseudo header (Yuval Shaia) [Orabug: 28655409] - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott Bauer) [Orabug: 28664501] {CVE-2018-16658} - ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (Seunghun Han) [Orabug: 28664577] {CVE-2017-13695} - uek-rpm: Disable deprecated CONFIG_ACPI_PROCFS_POWER (Victor Erminpour) [Orabug: 28680213] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-13695 CVE-2018-16658 CVE-2018-5873 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 [1.0.1e-57.0.5] - Merge upstream patch to fix CVE-2018-0739 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-0739 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 Oracle Linux 6 [1.0.1e-57.0.5] - Merge upstream patch to fix CVE-2018-0739 [1.0.1e-57.0.3] - Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:6::userspace_ksplice Oracle Linux 6 Oracle Linux 7 [4.1.12-124.19.6] - exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook) [Orabug: 28709994] {CVE-2018-14634} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-14634 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.24.3] - exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook) [Orabug: 28710010] {CVE-2018-14634} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-14634 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.301.2] - exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook) [Orabug: 28710024] {CVE-2018-14634} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-14634 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 5 kernel [2.6.18-419.0.0.0.12] - [x86] mm/dump_pagetables: Add a check_l1tf debugfs file (Chris von Recklinghausen) [1593378] {CVE-2018-3620} - [x86] cpu: Make flush_l1d visible in /proc/cpuinfo (Chris von Recklinghausen) [1593378] - [x86] cpufeatures: Add detection of L1D cache flush support. (Chris von Recklinghausen) [1593378] - [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Chris von Recklinghausen) [1593378] {CVE-2018-3620} - [x86] speculation/l1tf: Extend 64bit swap file size limit (Chris von Recklinghausen) [1593378] {CVE-2018-3620} - [x86] bugs: Move the l1tf function and define pr_fmt properly (Chris von Recklinghausen) [1593378] {CVE-2018-3620} - [x86] speculation/l1tf: Limit swap file size to MAX_PA/2 (Chris von Recklinghausen) [1593378] {CVE-2018-3620} - [x86] speculation/l1tf: Add sysfs reporting for l1tf (Chris von Recklinghausen) [1593378] {CVE-2018-3620} - [x86] speculation/l1tf: Protect PROT_NONE PTEs against speculation (Chris von Recklinghausen) [1593378] {CVE-2018-3620} - [x86] speculation/l1tf: Protect swap entries against L1TF (Chris von Recklinghausen) [1593378] {CVE-2018-3620} - [x86] speculation/l1tf: Change order of offset/type in swap entry (Chris von Recklinghausen) [1593378] {CVE-2018-3620} - [x86] speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Chris von Recklinghausen) [1593378] {CVE-2018-3620} - [x86] cpu: Fix incorrect vulnerabilities files function prototypes (Chris von Recklinghausen) [1593378] {CVE-2018-3620} - [x86] bugs: Export the internal __cpu_bugs variable (Chris von Recklinghausen) [1593378] {CVE-2018-3620} - [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Chris von Recklinghausen) [1593378] {CVE-2018-3620} - [x86] intel-family.h: Add GEMINI_LAKE SOC (Chris von Recklinghausen) [1593378] {CVE-2018-3620} - [x86] mm: Fix swap entry comment and macro (Chris von Recklinghausen) [1593378] {CVE-2018-3620} - [x86] mm: Move swap offset/type up in PTE to work around erratum (Chris von Recklinghausen) [1593378] {CVE-2018-3620} - [x86] cpufeatures: Resolve X86_FEATURE_SMEP definition conflict (Radomir Vrbovsky) [1570474] - [x86] fix kexec load warnings with PTI enabled (Rafael Aquini) [1576191] - [x86] ia32entry: make target ia32_ret_from_sys_call the common exit point to long-mode (Rafael Aquini) [1570474] {CVE-2009-2910} - [x86] spec_ctrl: only perform RSB stuffing on SMEP capable CPUs (Rafael Aquini) [1570474] {CVE-2009-2910} - [net] tcp: fix 0 divide in __tcp_select_window (Davide Caratti) [1488343] {CVE-2017-14106} - [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide Caratti) [1488343] {CVE-2017-14106} - [x86] adjust / fix LDT handling for PTI (Rafael Aquini) [1584622] - [x86] Fix up /proc/cpuinfo entries (Chris von Recklinghausen) [1566896] {CVE-2018-3639} - [kernel] spec_ctrl: work around broken microcode (Chris von Recklinghausen) [1566896] {CVE-2018-3639} - [x86] Only expose PR_{GET, SET}_SPECULATION_CTRL if CONFIG_SPEC_CTRL is defined (Chris von Recklinghausen) [1566896] {CVE-2018-3639} - [x86] misc changes to fix i386 builds (Chris von Recklinghausen) [1566896] {CVE-2018-3639} - [x86] amd: Disable AMD SSBD mitigation in a VM (Chris von Recklinghausen) [1566896] {CVE-2018-3639} - [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Chris von Recklinghausen) [1566896] {CVE-2018-3639} - [x86] bugs: Rename _RDS to _SSBD (Chris von Recklinghausen) [1566896] {CVE-2018-3639} - [x86] speculation: Add prctl for Speculative Store Bypass mitigation (Chris von Recklinghausen) [1566896] {CVE-2018-3639} - [x86] process: Allow runtime control of Speculative Store Bypass (Chris von Recklinghausen) [1566896] {CVE-2018-3639} - [x86] 64: add skeletonized version of __switch_to_xtra (Chris von Recklinghausen) [1566896] {CVE-2018-3639} - [kernel] prctl: Add speculation control prctls (Chris von Recklinghausen) [1566896] {CVE-2018-3639} - [x86] bugs/AMD: Add support to disable RDS on Fam[15, 16, 17]h if requested (Chris von Recklinghausen) [1566896] {CVE-2018-3639} - [x86] spec_ctrl: Sync up RDS setting with IBRS code (Chris von Recklinghausen) [1566896] {CVE-2018-3639} - [x86] bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Chris von Recklinghausen) [1566896] {CVE-2018-3639} - [x86] bugs: Expose the /sys/../spec_store_bypass and X86_BUG_SPEC_STORE_BYPASS (Chris von Recklinghausen) [1566896] {CVE-2018-3639} - [x86] include: add latest intel-family.h from RHEL6 (Chris von Recklinghausen) [1566896] {CVE-2018-3639} - [x86] bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Chris von Recklinghausen) [1566896] {CVE-2018-3639} - [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit (Chris von Recklinghausen) [1566896] {CVE-2018-3639} - [x86] cpuid: Fix up IBRS/IBPB/STIBP feature bits on Intel (Chris von Recklinghausen) [1566896] {CVE-2018-3639} - [x86] cpufeatures: Clean up Spectre v2 related CPUID flags (Chris von Recklinghausen) [1566896] {CVE-2018-3639} - [x86] cpufeatures: Add AMD feature bits for Speculation Control (Chris von Recklinghausen) [1566896] {CVE-2018-3639} - [x86] cpufeatures: Add Intel feature bits for Speculation (Chris von Recklinghausen) [1566896] {CVE-2018-3639} - [x86] cpu: Add driver auto probing for x86 features (Chris von Recklinghausen) [1566896] {CVE-2018-3639} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2009-2910 CVE-2018-3639 CVE-2018-3620 CVE-2017-14106 cpe:/a:oracle:linux:5::ELS Oracle Linux 7 [4.14.35-1818.3.3] - net: net_failover: fix typo in net_failover_slave_register() (Liran Alon) [Orabug: 28122110] - virtio_net: Extend virtio to use VF datapath when available (Sridhar Samudrala) [Orabug: 28122110] - virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit (Sridhar Samudrala) [Orabug: 28122110] - net: Introduce net_failover driver (Sridhar Samudrala) [Orabug: 28122110] - net: Introduce generic failover module (Sridhar Samudrala) [Orabug: 28122110] - IB/ipoib: Improve filtering log message (Yuval Shaia) [Orabug: 28655435] - IB/ipoib: Fix wrong update of arp_blocked counter (Yuval Shaia) [Orabug: 28655435] - IB/ipoib: Update RX counters after ACL filtering (Yuval Shaia) [Orabug: 28655435] - IB/ipoib: Filter RX packets before adding pseudo header (Yuval Shaia) [Orabug: 28655435] - dm crypt: add middle-endian variant of plain64 IV (Konrad Rzeszutek Wilk) [Orabug: 28604629] - uek-rpm: Disable deprecated CONFIG_ACPI_PROCFS_POWER (Victor Erminpour) [Orabug: 28644322] - net/rds: Fix call to sleeping function in a non-sleeping context (Hakon Bugge) [Orabug: 28657397] - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott Bauer) [Orabug: 28664499] {CVE-2018-16658} - ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (Seunghun Han) [Orabug: 28664576] {CVE-2017-13695} - usb: xhci: do not create and register shared_hcd when USB3.0 is disabled (Tung Nguyen) [Orabug: 28677854] [4.14.35-1818.3.2] - hwmon: (k10temp) Display both Tctl and Tdie (Guenter Roeck) [Orabug: 28143470] - hwmon: (k10temp) Use API function to access System Management Network (Guenter Roeck) [Orabug: 28143470] - hwmon: (k10temp) Fix reading critical temperature register (Guenter Roeck) [Orabug: 28143470] - hwmon: (k10temp) Add temperature offset for Ryzen 2700X (Guenter Roeck) [Orabug: 28143470] - hwmon: (k10temp) Add support for temperature offsets (Guenter Roeck) [Orabug: 28143470] - hwmon: (k10temp) Add support for family 17h (Guenter Roeck) [Orabug: 28143470] - hwmon: (k10temp) Move chip specific code into probe function (Guenter Roeck) [Orabug: 28143470] - net/rds: make the source code clean (Zhu Yanjun) [Orabug: 28607913] - net/rds: Use rdma_read_gids to get connection SGID/DGID in IPv6 (Zhu Yanjun) [Orabug: 28607913] - net/rds: Use rdma_read_gids to read connection GIDs (Parav Pandit) [Orabug: 28607913] - posix-timers: Sanitize overrun handling (Thomas Gleixner) [Orabug: 28642970] {CVE-2018-12896} - crypto: ccp - Add support for new CCP/PSP device ID (Tom Lendacky) [Orabug: 28584386] - crypto: ccp - Support register differences between PSP devices (Tom Lendacky) [Orabug: 28584386] - crypto: ccp - Remove unused #defines (Tom Lendacky) [Orabug: 28584386] - crypto: ccp - Add psp enabled message when initialization succeeds (Tom Lendacky) [Orabug: 28584386] - crypto: ccp - Fix command completion detection race (Tom Lendacky) [Orabug: 28584386] - iommu/amd: Add support for IOMMU XT mode (Suravee Suthikulpanit) [Orabug: 28584386] - iommu/amd: Add support for higher 64-bit IOMMU Control Register (Suravee Suthikulpanit) [Orabug: 28584386] - x86: irq_remapping: Move irq remapping mode enum (Suravee Suthikulpanit) [Orabug: 28584386] - x86/CPU/AMD: Fix LLC ID bit-shift calculation (Suravee Suthikulpanit) [Orabug: 28584386] - x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available (Suravee Suthikulpanit) [Orabug: 28584386] - x86/CPU/AMD: Calculate last level cache ID from number of sharing threads (Suravee Suthikulpanit) [Orabug: 28584386] - x86/CPU: Rename intel_cacheinfo.c to cacheinfo.c (Borislav Petkov) [Orabug: 28584386] - perf/events/amd/uncore: Fix amd_uncore_llc ID to use pre-defined cpu_llc_id (Suravee Suthikulpanit) [Orabug: 28584386] - x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present (Borislav Petkov) [Orabug: 28584386] [4.14.35-1818.3.1] - arm64: vdso: fix clock_getres for 4GiB-aligned res (Mark Rutland) [Orabug: 28603375] - locking/qrwlock: Prevent slowpath writers getting held up by fastpath (Will Deacon) [Orabug: 28605196] - locking/qrwlock, arm64: Move rwlock implementation over to qrwlocks (Will Deacon) [Orabug: 28605196] - locking/qrwlock: Use atomic_cond_read_acquire() when spinning in qrwlock (Will Deacon) [Orabug: 28605196] - locking/atomic: Add atomic_cond_read_acquire() (Will Deacon) [Orabug: 28605196] - rds: CVE-2018-7492: Fix NULL pointer dereference in __rds_rdma_map (Hakon Bugge) [Orabug: 28565429] {CVE-2018-7492} - irqchip/irq-bcm2836: Add support for DT interrupt polarity (Stefan Wahren) [Orabug: 28596168] - dt-bindings/bcm2836-l1-intc: Add interrupt polarity support (Stefan Wahren) [Orabug: 28596168] - dt-bindings/bcm283x: Define polarity of per-cpu interrupts (Stefan Wahren) [Orabug: 28596168] - x86/spec_ctrl: Only set SPEC_CTRL_IBRS_FIRMWARE if IBRS is actually in use (Patrick Colp) [Orabug: 28610695] [4.14.35-1818.2.2] - x86/xen: Calculate __max_logical_packages on PV domains (Prarit Bhargava) [Orabug: 28476586] - x86/entry/64: Remove %ebx handling from error_entry/exit (Andy Lutomirski) [Orabug: 28402921] {CVE-2018-14678} - x86/pti: Don't report XenPV as vulnerable (Jiri Kosina) [Orabug: 28476680] - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (Andi Kleen) [Orabug: 28488807] {CVE-2018-3620} - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (Vlastimil Babka) [Orabug: 28488807] {CVE-2018-3620} - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (Vlastimil Babka) [Orabug: 28488807] {CVE-2018-3620} - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Vlastimil Babka) [Orabug: 28488807] {CVE-2018-3620} - x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean Christopherson) [Orabug: 28488807] {CVE-2018-3620} - x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled (Guenter Roeck) [Orabug: 28488807] {CVE-2018-3620} - x86/spectre: Add missing family 6 check to microcode check (Andi Kleen) [Orabug: 28488807] {CVE-2018-3620} - KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled (Thomas Gleixner) [Orabug: 28488807] {CVE-2018-3646} - x86/microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [Orabug: 28488807] {CVE-2018-3620} - PCI: Add ACS quirk for Ampere root ports (Feng Kan) [Orabug: 28525940] - xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE (Darrick J. Wong) [Orabug: 28573020] - uek-rpm: Disable F2FS in the UEK5 config (Victor Erminpour) [Orabug: 28577123] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-14678 CVE-2018-7492 CVE-2018-12896 CVE-2017-13695 CVE-2018-16658 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5_archive cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:6:base Oracle Linux 6 Oracle Linux 7 [4.1.12-124.20.1] - bnxt_en: xdp: don't make drivers report attachment mode (partial backport) (Somasundaram Krishnasamy) [Orabug: 27988326] - bpf: make bnxt compatible w/ bpf_xdp_adjust_tail (Nikita V. Shirokov) [Orabug: 27988326] - bnxt_en: add meta pointer for direct access (partial backport) (Somasundaram Krishnasamy) [Orabug: 27988326] - bnxt_en: Fix bug in ethtool -L. (Michael Chan) [Orabug: 27988326] - bpf: bnxt: Report bpf_prog ID during XDP_QUERY_PROG (Martin KaFai Lau) [Orabug: 27988326] - bnxt_en: Optimize doorbell write operations for newer chips (reapply). (Michael Chan) [Orabug: 27988326] - bnxt_en: Use short TX BDs for the XDP TX ring. (Michael Chan) [Orabug: 27988326] - bnxt_en: Add ethtool mac loopback self test (reapply). (Michael Chan) [Orabug: 27988326] - bnxt_en: Add support for XDP_TX action. (Michael Chan) [Orabug: 27988326] - bnxt_en: Add basic XDP support. (Michael Chan) [Orabug: 27988326] - x86/ia32: Restore r8 correctly in 32bit SYSCALL instruction entry. (Gayatri Vasudevan) [Orabug: 28529706] - net: enable RPS on vlan devices (Shannon Nelson) [Orabug: 28645929] - xen-blkback: hold write vbd-lock while swapping the vbd (Ankur Arora) [Orabug: 28651655] - xen-blkback: implement swapping of active vbd (Ankur Arora) [Orabug: 28651655] - xen-blkback: emit active physical device to xenstore (Ankur Arora) [Orabug: 28651655] - xen-blkback: refactor backend_changed() (Ankur Arora) [Orabug: 28651655] - xen-blkback: pull out blkif grant features from vbd (Ankur Arora) [Orabug: 28651655] - mm: get rid of vmacache_flush_all() entirely (Linus Torvalds) [Orabug: 28701016] {CVE-2018-17182} [4.1.12-124.19.9] - rds: crash at rds_ib_inc_copy_to_user+104 due to NULL ptr reference (Venkat Venkatsubra) [Orabug: 28506569] [4.1.12-124.19.8] - IB/core: For multicast functions, verify that LIDs are multicast LIDs (Michael J. Ruhl) [Orabug: 28700490] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-17182 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.25.1] - x86/spectre_v2: Don't check microcode versions when running under hypervisors (Konrad Rzeszutek Wilk) [Orabug: 27959785] - rds: CVE-2018-7492: Fix NULL pointer dereference in __rds_rdma_map (Hakon Bugge) [Orabug: 28552792] {CVE-2018-7492} - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott Bauer) [Orabug: 28664530] {CVE-2018-16658} - ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (Seunghun Han) [Orabug: 28664579] {CVE-2017-13695} - uek-rpm: Disable deprecated CONFIG_ACPI_PROCFS_POWER (Victor Erminpour) [Orabug: 28680238] - exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook) [Orabug: 28710010] {CVE-2018-14634} - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620} - mm, fremap: mitigate L1TF in remap_file_pages (Daniel Jordan) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation: Don't mark cpu_no_l1tf __initconst (Boris Ostrovsky) [Orabug: 28505476] {CVE-2018-3620} - x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/mm/pat: Make set_memory_np() L1TF safe (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (Matt Fleming) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean Christopherson) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Invert all not present mappings (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - mm/pagewalk.c: prevent positive return value of walk_page_test() from being passed to callers (Naoya Horiguchi) [Orabug: 28505476] {CVE-2018-3620} - pagewalk: improve vma handling (Naoya Horiguchi) [Orabug: 28505476] {CVE-2018-3620} - mm/pagewalk: remove pgd_entry() and pud_entry() (Naoya Horiguchi) [Orabug: 28505476] {CVE-2018-3620} - mm/pagewalk.c: fix walk_page_range() access of wrong PTEs (Chen LinX) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/cpu/intel: Add Knights Mill to Intel family (Piotr Luc) [Orabug: 28505476] {CVE-2018-3620} - x86/bugs: Concentrate bug reporting into a separate function (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620} - x86/bugs: Concentrate bug detection into a separate function (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620} - x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Make sure the first page is always reserved (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal Hocko) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Protect swap entries against L1TF (Linus Torvalds) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Change order of offset/type in swap entry (Linus Torvalds) [Orabug: 28505476] {CVE-2018-3620} - x86/mm: Fix swap entry comment and macro (Dave Hansen) [Orabug: 28505476] {CVE-2018-3620} - x86/mm: Move swap offset/type up in PTE to work around erratum (Dave Hansen) [Orabug: 28505476] {CVE-2018-3620} - mm: x86 pgtable: drop unneeded preprocessor ifdef (Cyrill Gorcunov) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620} - x86/mm: Fix regression with huge pages on PAE (Kirill A. Shutemov) [Orabug: 28505476] {CVE-2018-3620} - x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28505476] {CVE-2018-3620} - x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28505476] {CVE-2018-3620} - x86/asm: Move PUD_PAGE macros to page_types.h (Toshi Kani) [Orabug: 28505476] {CVE-2018-3620} - x86/speculation: sort X86_BUG_* with X86_FEATURE_* (Daniel Jordan) [Orabug: 28505476] {CVE-2018-3620} - Disable kaiser if the cpu is not vulnerable to X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27958074] - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (David Woodhouse) [Orabug: 27958074] - x86/msr: Add definitions for IA32_ARCH_CAPABILITIES MSR (Kanth Ghatraju) [Orabug: 27958074] - x86/cpufeatures: Add Intel feature bit for IA32_ARCH_CAPABILITIES supported (Kanth Ghatraju) [Orabug: 27958074] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-7492 CVE-2017-13695 CVE-2018-16658 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 [2.6.39-400.302.1] - Fix up non-directory creation in SGID directories (Linus Torvalds) [Orabug: 28459479] {CVE-2018-13405} - ALSA: seq: Make ioctls race-free (Takashi Iwai) [Orabug: 28459730] {CVE-2018-7566} - rds: CVE-2018-7492: Fix NULL pointer dereference in __rds_rdma_map (Hakon Bugge) [Orabug: 28539910] {CVE-2018-7492} - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott Bauer) [Orabug: 28664549] {CVE-2018-16658} - ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (Seunghun Han) [Orabug: 28664580] {CVE-2017-13695} - exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook) [Orabug: 28710024] {CVE-2018-14634} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-7566 CVE-2017-13695 CVE-2018-16658 CVE-2018-7492 cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 6 [1.0.1e-57.0.6] - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-0737 CVE-2018-0732 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:linux:6:10:patch cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 Oracle Linux 7 [1.0.2k-12.0.3] - Oracle bug 28672370: backport CVE-2018-0732 - Oracle bug 28672351: backport CVE-2018-0737 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-0732 CVE-2018-0737 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:5:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 6 [2.6.39-400.302.2] - Revert 'Fix up non-directory creation in SGID directories' (Brian Maly) [Orabug: 28781234] [2.6.39-400.302.1] - Fix up non-directory creation in SGID directories (Linus Torvalds) [Orabug: 28459479] {CVE-2018-13405} - ALSA: seq: Make ioctls race-free (Takashi Iwai) [Orabug: 28459730] {CVE-2018-7566} - rds: CVE-2018-7492: Fix NULL pointer dereference in __rds_rdma_map (Hakon Bugge) [Orabug: 28539910] {CVE-2018-7492} - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott Bauer) [Orabug: 28664549] {CVE-2018-16658} - ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (Seunghun Han) [Orabug: 28664580] {CVE-2017-13695} - exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook) [Orabug: 28710024] {CVE-2018-14634} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-7492 CVE-2018-7566 CVE-2017-13695 CVE-2018-16658 cpe:/a:oracle:linux:6::UEK_latest Oracle Linux 7 [1.0.2k-12.0.3] - Oracle bug 28672370: backport CVE-2018-0732 - Oracle bug 28672351: backport CVE-2018-0737 IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:7::userspace_ksplice Oracle Linux 6 [1.0.1e-57.0.6] - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:6::userspace_ksplice Oracle Linux 6 Oracle Linux 7 [4.1.12-124.20.7] - Revert 'rds: RDS (tcp) hangs on sendto() to unresponding address' (Brian Maly) [Orabug: 28837953] [4.1.12-124.20.6] - x86/speculation: Retpoline should always be available on Skylake (Alexandre Chartre) [Orabug: 28801831] [4.1.12-124.20.5] - x86/speculation: Add sysfs entry to enable/disable retpoline (Alexandre Chartre) [Orabug: 28607548] - x86/speculation: Switch to IBRS when loading a non-retpoline module (Alexandre Chartre) [Orabug: 28607548] - x86/speculation: Remove unnecessary retpoline alternatives (Alexandre Chartre) [Orabug: 28607548] - x86/speculation: Use static key to enable/disable retpoline (Alexandre Chartre) [Orabug: 28607548] - locking/static_keys: Provide DECLARE and well as DEFINE macros (Tony Luck) [Orabug: 28607548] - jump_label: remove bug.h, atomic.h dependencies for HAVE_JUMP_LABEL (Jason Baron) [Orabug: 28607548] - locking/static_key: Fix concurrent static_key_slow_inc() (Paolo Bonzini) [Orabug: 28607548] - jump_label: make static_key_enabled() work on static_key_true/false types too (Tejun Heo) [Orabug: 28607548] - locking/static_keys: Fix up the static keys documentation (Jonathan Corbet) [Orabug: 28607548] - locking/static_keys: Fix a silly typo (Jonathan Corbet) [Orabug: 28607548] - jump label, locking/static_keys: Update docs (Jason Baron) [Orabug: 28607548] - x86/asm: Add asm macros for static keys/jump labels (Andy Lutomirski) [Orabug: 28607548] - x86/asm: Error out if asm/jump_label.h is included inappropriately (Andy Lutomirski) [Orabug: 28607548] - jump_label/x86: Work around asm build bug on older/backported GCCs (Peter Zijlstra) [Orabug: 28607548] - locking/static_keys: Add a new static_key interface (Peter Zijlstra) [Orabug: 28607548] - locking/static_keys: Rework update logic (Peter Zijlstra) [Orabug: 28607548] - jump_label: Add jump_entry_key() helper (Peter Zijlstra) [Orabug: 28607548] - jump_label, locking/static_keys: Rename JUMP_LABEL_TYPE_* and related helpers to the static_key* pattern (Peter Zijlstra) [Orabug: 28607548] - jump_label: Rename JUMP_LABEL_{EN,DIS}ABLE to JUMP_LABEL_{JMP,NOP} (Peter Zijlstra) [Orabug: 28607548] - module, jump_label: Fix module locking (Peter Zijlstra) [Orabug: 28607548] - x86/speculation: Protect against userspace-userspace spectreRSB (Jiri Kosina) [Orabug: 28631590] {CVE-2018-15572} - x86/spectre_v2: Remove remaining references to lfence mitigation (Alejandro Jimenez) [Orabug: 28631590] {CVE-2018-15572} - Revert 'md: allow a partially recovered device to be hot-added to an array.' (NeilBrown) [Orabug: 28702623] - x86/bugs: ssbd_ibrs_selected called prematurely (Daniel Jordan) [Orabug: 28788839] - net/mlx4_core: print firmware version during driver loading (Qing Huang) [Orabug: 28809377] - mm: numa: Do not trap faults on shared data section pages. (Henry Willard) [Orabug: 28814880] - hugetlbfs: dirty pages as they are added to pagecache (Mike Kravetz) [Orabug: 28813968] [4.1.12-124.20.4] - rds: RDS (tcp) hangs on sendto() to unresponding address (Ka-Cheong Poon) [Orabug: 28762608] - nfs: fix a deadlock in nfs client initialization (Scott Mayhew) [Orabug: 28486463] - infiniband: fix a possible use-after-free bug (Cong Wang) [Orabug: 28774517] {CVE-2018-14734} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-14734 CVE-2018-15572 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 7 [12:2.9.0-17.el7] - i386: Remove generic SMT thread check (Babu Moger) [Orabug: 28676425] - pc: Fix typo on PC_COMPAT_2_12 (Eduardo Habkost) [Orabug: 28676425] - i386: Enable TOPOEXT feature on AMD EPYC CPU (Babu Moger) [Orabug: 28676425] - net: ignore packet size greater than INT_MAX (Jason Wang) [Orabug: 28762625] {CVE-2018-17963} - pcnet: fix possible buffer overflow (Jason Wang) [Orabug: 28762617] {CVE-2018-17962} - rtl8139: fix possible out of bound access (Jason Wang) [Orabug: 28762613] {CVE-2018-17958} - ne2000: fix possible out of bound access in ne2000_receive (Jason Wang) [Orabug: 28733338] {CVE-2018-10839} - seccomp: set the seccomp filter to all threads (Marc-Andre Lureau) [Orabug: 28576303] {CVE-2018-15746} - virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit to virtio_net (Venu Busireddy) [Orabug: 28497003] - virtio-net: use 64-bit values for feature flags (Jason Baron) [Orabug: 28497003] - qga: check bytes count read by guest-file-read (Prasad J Pandit) [Orabug: 28312939] {CVE-2018-12617} - CVE-2017-2630: Qemu: nbd: oob stack write in client routine drop_sync (Mark Kanda) [Orabug: 28424694] {CVE-2017-2630} - CVE-2017-2633: Qemu: VNC: memory corruption due to unchecked resolution limit (Mark Kanda) [Orabug: 28424697] {CVE-2017-2633} - CVE-2017-7471: Qemu: 9p: virtfs allows guest to change filesystem attributes (Mark Kanda) [Orabug: 28407849] {CVE-2017-7471} - slirp: correct size computation while concatenating mbuf (Prasad J Pandit) [Orabug: 28263244] {CVE-2018-11806} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-2633 CVE-2018-15746 CVE-2018-17963 CVE-2017-2630 CVE-2017-7471 CVE-2018-17958 CVE-2018-10839 CVE-2018-11806 CVE-2018-12617 CVE-2018-17962 cpe:/a:oracle:linux:7::kvm_utils Oracle Linux 6 Oracle Linux 7 [4.1.12-124.21.1] - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:447! (Mike Kravetz) [Orabug: 28839992] - scsi: libsas: fix memory leak in sas_smp_get_phy_events() (Jason Yan) [Orabug: 27927687] {CVE-2018-7757} - KVM: vmx: shadow more fields that are read/written on every vmexits (Paolo Bonzini) [Orabug: 28581045] - vhost/scsi: Use common handling code in request queue handler (Bijan Mottahedeh) [Orabug: 28775573] - vhost/scsi: Extract common handling code from control queue handler (Bijan Mottahedeh) [Orabug: 28775573] - vhost/scsi: Respond to control queue operations (Bijan Mottahedeh) [Orabug: 28775573] [4.1.12-124.20.8] - scsi: lpfc: devloss timeout race condition caused null pointer reference (James Smart) [Orabug: 27994179] - scsi: qla2xxx: Fix race condition between iocb timeout and initialisation (Ben Hutchings) [Orabug: 28013813] - i40e: Add programming descriptors to cleaned_count (Alexander Duyck) [Orabug: 28228724] - i40e: Fix memory leak related filter programming status (Alexander Duyck) [Orabug: 28228724] - xen-swiotlb: use actually allocated size on check physical continuous (Joe Jin) [Orabug: 28258102] - Revert 'Revert 'xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent'' (Dongli Zhang) [Orabug: 28258102] - net/mlx4_en: fix potential use-after-free with dma_unmap_page (Sarah Newman) [Orabug: 28376051] - ocfs2: fix ocfs2 read block panic (Junxiao Bi) [Orabug: 28580543] - block: fix bdi vs gendisk lifetime mismatch (Dan Williams) [Orabug: 28645416] - e1000e: Fix link check race condition (Benjamin Poirier) [Orabug: 28716958] - Revert 'e1000e: Separate signaling for link check/link up' (Benjamin Poirier) [Orabug: 28716958] - e1000e: Avoid missed interrupts following ICR read (Benjamin Poirier) [Orabug: 28716958] - e1000e: Fix queue interrupt re-raising in Other interrupt (Benjamin Poirier) [Orabug: 28716958] - Partial revert 'e1000e: Avoid receiver overrun interrupt bursts' (Benjamin Poirier) [Orabug: 28716958] - e1000e: Remove Other from EIAC (Benjamin Poirier) [Orabug: 28716958] - Fix error code in nfs_lookup_verify_inode() (Lance Shelton) [Orabug: 28789030] - workqueue: Allow modifying low level unbound workqueue cpumask (Lai Jiangshan) [Orabug: 28813166] - workqueue: Create low-level unbound workqueues cpumask (Frederic Weisbecker) [Orabug: 28813166] - scsi: sg: mitigate read/write abuse (Jann Horn) [Orabug: 28824718] {CVE-2017-13168} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-7757 CVE-2017-13168 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 7 [2.17-260.0.9] - Regenerate plural.c - OraBug 28806294. - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [2.17-260.0.7] - intl: Port to Bison 3.0 - Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9 - OraBug 28806294. - Reviewed-by: Patrick McGehearty <patrick.mcgehearty@oracle.com> [2.17-260.0.5] - Fix dbl-64/wordsize-64 remquo (bug 17569). - Backport of upstream d9afe48d55a412e76b0dcb28335fd4b390fe07ae - OraBug 19570749. - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [2.17-260.0.3] - libio: Disable vtable validation in case of interposition. - Backport of upstream c402355dfa7807b8e0adb27c009135a7e2b9f1b0. - OraBug 28641867. - Reviewed-by: Egeyar Bagcioglu <egeyar.bagcioglu@oracle.com> [2.17-260.0.1] - Include-linux-falloc.h-in-bits-fcntl-linux.h - Defines FALLOC_FL_PUNSH_HOLE, FALLOC_FL_KEEP_SIZE, FALLOC_FL_COLLAPSE_RANGE, and FALLOC_FL_ZERO_RANGE - OraBug 28483336 - Add MAP_SHARED_VALIDATE and MAP_SYNC flags to - sysdeps/unix/sysv/linux/x86/bits/mman.h - OraBug 28389572 [2.17-260.0.1] - Update bits/siginfo.h with Linux hwpoison SIGBUS changes. - Adds new SIGBUS error codes for hardware poison signals, syncing with the current kernel headers (v3.9). - It also adds si_trapno field for alpha. - New values: BUS_MCEERR_AR, BUS_MCEERR_AO - OraBug 28124569 [2.17-260] - Update glibc-rh1560641.patch to initialize pad outside the conditional eliminating an uninitialized byte warning from valgrind. (#1560641) [2.17-259] - Correctly set errno when send() fails on i686 (#1550080) [2.17-258] - Fix dynamic string token substitution in DT_RPATH etc. (#1447808, #1540480) - Additional robust mutex fixes (#1401665) [2.17-257] - Improve process-shared robust mutex support (#1401665) [2.17-256] - CVE-2017-16997: Correctly handle DT_RPATH (#1540480). - Correctly process '' element in DT_RPATH or DT_NEEDED (#1447808). [2.17-255] - Make transition from legacy nss_db easier (#1408964) [2.17-254] - nptl: Avoid expected SIGALRM in most tests (#1372304) [2.17-253] - Add support for el_GR@euro locale. Update el_GR, ur_IN and wal_ET locales. (#1448107) [2.17-252] - Do not scale NPTL tests with available number of CPUs (#1526193) [2.17-251] - Correctly set errno when send() fails on s390 and s390x (#1550080) [2.17-250] - Initialize pad field in sem_open. (#1560641) [2.17-249] - getlogin_r: Return early when process has no associated login UID (#1563046) [2.17-248] - Return static array, not local array from transliteration function (#1505500) [2.17-247] - Re-write multi-statement strftime_l macros using better style (#1505477) [2.17-246] - Fix pthread_barrier_init typo (#1505451) [2.17-245] - CVE-2018-11237: AVX-512 mempcpy for KNL buffer overflow (#1579809) [2.17-244] - resolv: Fix crash after memory allocation failure (#1579727) [2.17-243] - CVE-2018-11236: Path length overflow in realpath (#1579742) [2.17-242] - S390: fix sys/ptrace.h to make it includible again after asm/ptrace.h (#1457479) [2.17-241] - x86: setcontext, makecontext alignment issues (#1531168) [2.17-240] - Remove abort() warning in manual (#1577333) [2.17-239] - Add Open File Description (OFL) locks. (#1461231) [2.17-238] - Properly handle more invalid --install-langs arguments. (#1349982) [2.17-237] - Add O_TMPFILE macro (#1471405) - Update syscall names list to kernel 4.16 (#1563747) - Include <linux/falloc.h> in bits/fcntl-linux.h. (#1476120) - Fix netgroup cache keys. (#1505647) - Update ptrace constants. (#1457479) [2.17-236] - Fix strfmon_l so that it groups digits (#1307241) [2.17-235] - CVE-2018-6485: Integer overflow in posix_memalign in memalign (#1548002) [2.17-234] - Adjust spec file for compiler warnings cleanup (#1505492) - Drop ports add-on - Do not attempt to disable warnings-as-errors on s390x [2.17-233] - Compiler warnings cleanup, phase 7 (#1505492) [2.17-232] - Compiler warnings cleanup, phase 6 (#1505492) [2.17-231] - Compiler warnings cleanup, phase 5 (#1505492) [2.17-230] - Compiler warnings cleanup, phase 4 (#1505492) [2.17-229] - Compiler warnings cleanup, phase 3 (#1505492) [2.17-228] - Compiler warnings cleanup, phase 2 (#1505492) [2.17-227] - Fix downstream-specific compiler warnings (#1505492) [2.17-226] - rtkaio: Do not define IN_MODULE (#1349967) [2.17-225] - Fix K&R function definitions in libio (#1566623) [2.17-224] - Fix type errors in string tests (#1564638) [2.17-223] - Make nscd build reproducible for verification (#1505492) IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:7::userspace_ksplice Oracle Linux 7 [1.0.2k-16.0.1] - sha256 is used for the RSA pairwise consistency test instead of sha1 [1.0.2k-16] - fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA - fix incorrect error message on FIPS DSA parameter generation (#1603597) [1.0.2k-14] - ppc64le is not multilib architecture (#1585004) [1.0.2k-13] - add S390x assembler updates - make CA name list comparison function case sensitive (#1548401) - fix CVE-2017-3735 - possible one byte overread with X.509 IPAdressFamily - fix CVE-2018-0732 - large prime DH DoS of TLS client - fix CVE-2018-0737 - RSA key generation cache timing vulnerability - fix CVE-2018-0739 - stack overflow parsing recursive ASN.1 structure IMPORTANT Copyright 2018 Oracle, Inc. cpe:/a:oracle:linux:7::userspace_ksplice Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.26.1] - netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Eric Dumazet) [Orabug: 27896807] {CVE-2017-18017} - scsi: libsas: fix memory leak in sas_smp_get_phy_events() (Jason Yan) [Orabug: 27927692] {CVE-2018-7757} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-18017 CVE-2018-7757 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.303.1] - scsi: libsas: fix memory leak in sas_smp_get_phy_events() (Jason Yan) [Orabug: 27927686] {CVE-2018-7757} - Revert 'Fix up non-directory creation in SGID directories' (Brian Maly) [Orabug: 28781234] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-7757 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 7 [4.14.35-1818.4.5] - x86/intel/spectre_v2: Remove unnecessary retp_compiler() test (Boris Ostrovsky) [Orabug: 28814574] - x86/intel/spectre_v4: Deprecate spec_store_bypass_disable=userspace (Boris Ostrovsky) [Orabug: 28814574] - x86/speculation: x86_spec_ctrl_set needs to be called unconditionally (Boris Ostrovsky) [Orabug: 28814574] - x86/speculation: Drop unused DISABLE_IBRS_CLOBBER macro (Boris Ostrovsky) [Orabug: 28814574] - x86/intel/spectre_v4: Keep SPEC_CTRL_SSBD when IBRS is in use (Boris Ostrovsky) [Orabug: 28814574] [4.14.35-1818.4.4] - ocfs2: fix ocfs2 read block panic (Junxiao Bi) [Orabug: 28821391] - scsi: sg: mitigate read/write abuse (Jann Horn) [Orabug: 28824731] {CVE-2017-13168} - hugetlbfs: introduce truncation/fault mutex to avoid races (Mike Kravetz) [Orabug: 28776542] - rds: MPRDS messages delivered out of order (Ka-Cheong Poon) [Orabug: 28838051] - x86/bugs: rework x86_spec_ctrl_set to make its changes explicit (Daniel Jordan) [Orabug: 28270952] - x86/bugs: rename ssbd_ibrs_selected to ssbd_userspace_selected (Daniel Jordan) [Orabug: 28270952] - x86/bugs: x86_spec_ctrl_set may not disable IBRS on kernel idle (Daniel Jordan) [Orabug: 28270952] - x86/bugs: always use x86_spec_ctrl_base or _priv when setting spec ctrl MSR (Daniel Jordan) [Orabug: 28270952] - iommu: turn on iommu=pt by default (Tushar Dave) [Orabug: 28111039] - vhost/scsi: Use common handling code in request queue handler (Bijan Mottahedeh) [Orabug: 28775556] - vhost/scsi: Extract common handling code from control queue handler (Bijan Mottahedeh) [Orabug: 28775556] - vhost/scsi: Respond to control queue operations (Bijan Mottahedeh) [Orabug: 28775556] [4.14.35-1818.4.3] - Fix error code in nfs_lookup_verify_inode() (Lance Shelton) [Orabug: 28807515] - x86/speculation: Retpoline should always be available on Skylake (Alexandre Chartre) [Orabug: 28801830] - x86/bugs: ssbd_ibrs_selected called prematurely (Daniel Jordan) [Orabug: 28802799] - net/mlx4_core: print firmware version during driver loading (Qing Huang) [Orabug: 28809382] - hugetlbfs: dirty pages as they are added to pagecache (Mike Kravetz) [Orabug: 28813999] [4.14.35-1818.4.2] - infiniband: fix a possible use-after-free bug (Cong Wang) [Orabug: 28774511] {CVE-2018-14734} - nfs: fix a deadlock in nfs client initialization (Scott Mayhew) [Orabug: 28775910] - x86/speculation: Unconditionally fill RSB on context switch (Alejandro Jimenez) [Orabug: 28631576] {CVE-2018-15572} - bnxt_re: Implement the shutdown hook of the L2-RoCE driver interface (Somnath Kotur) [Orabug: 28539344] - rds: RDS (tcp) hangs on sendto() to unresponding address (Ka-Cheong Poon) [Orabug: 28762597] - uek-rpm: aarch64 some XGENE drivers must be be modules (Tom Saeger) [Orabug: 28769119] - arm64: KVM: Sanitize PSTATE.M when being set from userspace (Marc Zyngier) [Orabug: 28762424] {CVE-2018-18021} - arm64: KVM: Tighten guest core register access from userspace (Dave Martin) [Orabug: 28762424] {CVE-2018-18021} - iommu/amd: Clear memory encryption mask from physical address (Singh, Brijesh) [Orabug: 28770185] [4.14.35-1818.4.1] - mm: get rid of vmacache_flush_all() entirely (Linus Torvalds) [Orabug: 28700955] {CVE-2018-17182} - Btrfs: fix log replay failure after unlink and link combination (Filipe Manana) [Orabug: 27941939] - x86/speculation: Add sysfs entry to enable/disable retpoline (Alexandre Chartre) [Orabug: 28753851] - x86/speculation: Allow IBRS firmware to be enabled when IBRS is disabled (Alexandre Chartre) [Orabug: 28753851] - x86/speculation: Remove unnecessary retpoline alternatives (Alexandre Chartre) [Orabug: 28753851] - x86/speculation: Use static key to enable/disable retpoline (Alexandre Chartre) [Orabug: 28753851] - bnxt_en: Fix memory fault in bnxt_ethtool_init() (Vasundhara Volam) [Orabug: 28632641] - IB/core: Initialize relaxed_pd properly (Yuval Shaia) [Orabug: 28197305] [4.14.35-1818.4.0] - e1000e: Fix link check race condition (Benjamin Poirier) [Orabug: 28489384] - Revert 'e1000e: Separate signaling for link check/link up' (Benjamin Poirier) [Orabug: 28489384] - e1000e: Avoid missed interrupts following ICR read (Benjamin Poirier) [Orabug: 28489384] - e1000e: Fix queue interrupt re-raising in Other interrupt (Benjamin Poirier) [Orabug: 28489384] - Partial revert 'e1000e: Avoid receiver overrun interrupt bursts' (Benjamin Poirier) [Orabug: 28489384] - e1000e: Remove Other from EIAC (Benjamin Poirier) [Orabug: 28489384] - btrfs: validate type when reading a chunk (Gu Jinxiang) [Orabug: 28700851] {CVE-2018-14611} - btrfs: Check that each block group has corresponding chunk at mount time (Qu Wenruo) [Orabug: 28700872] {CVE-2018-14610} - net: rds: Use address family to designate IPv4 or IPv6 addresses (Hakon Bugge) [Orabug: 28720069] - net: rds: Fix blank at eol in af_rds.c (Hakon Bugge) [Orabug: 28720069] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-13168 CVE-2018-17182 CVE-2018-14734 CVE-2018-14610 CVE-2018-18021 CVE-2018-15572 CVE-2018-14611 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5_archive cpe:/a:oracle:linux:7::u6_patch cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [15:3.0.0-1.el7] - net: ignore packet size greater than INT_MAX (Jason Wang) [Orabug: 28763782] {CVE-2018-17963} - pcnet: fix possible buffer overflow (Jason Wang) [Orabug: 28763774] {CVE-2018-17962} - rtl8139: fix possible out of bound access (Jason Wang) [Orabug: 28763765] {CVE-2018-17958} - ne2000: fix possible out of bound access in ne2000_receive (Jason Wang) [Orabug: 28763758] {CVE-2018-10839} - seccomp: set the seccomp filter to all threads (Marc-Andre Lureau) [Orabug: 28763748] {CVE-2018-15746} - virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit to virtio_net (Sridhar Samudrala) [Orabug: 28763724] - kvm: add call to qemu_add_opts() for -overcommit option (Prasad Singamsetty) - Document various CVEs as fixed (Mark Kanda) [Orabug: 28763710] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-18043} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858} - qemu.spec: Initial qemu.spec (Mark Kanda) - virtio-pci: Set subsystem vendor ID to Oracle (Mark Kanda) - qemu_regdump.py: Initial qemu_regdump.py (Mark Kanda) - qmp-regdump: Initial qmp-regdump (Mark Kanda) - bridge.conf: Initial bridge.conf (Mark Kanda) - kvm.conf: Initial kvm.conf (Mark Kanda) - 80-kvm.rules: Initial 80-kvm.rules (Mark Kanda) - Update version for v3.0.0 release (Peter Maydell) - Update version for v3.0.0-rc4 release (Peter Maydell) - virtio-gpu: fix crashes upon warm reboot with vga mode (Marc-Andre Lureau) - slirp: Correct size check in m_inc() (Peter Maydell) - target/xtensa/cpu: Set owner of memory region in xtensa_cpu_initfn (Thomas Huth) - hw/intc/arm_gicv3_common: Move gicd shift bug handling to gicv3_post_load (Peter Maydell) - hw/intc/arm_gicv3_common: Move post_load hooks to top-level VMSD (Peter Maydell) - target/arm: Add dummy needed functions to M profile vmstate subsections (Peter Maydell) - hw/intc/arm_gicv3_common: Combine duplicate .subsections in vmstate_gicv3_cpu (Peter Maydell) - hw/intc/arm_gicv3_common: Give no-migration-shift-bug subsection a needed function (Peter Maydell) - tcg/optimize: Do not skip default processing of dup_vec (Richard Henderson) - tests/acpi: update tables after memory hotplug changes (Michael S. Tsirkin) - pc: acpi: fix memory hotplug regression by reducing stub SRAT entry size (Igor Mammedov) - tests/acpi-test: update ACPI tables test blobs (Dou Liyang) - hw/acpi-build: Add a check for memory-less NUMA nodes (Dou Liyang) - vhost: check region type before casting (Tiwei Bie) - sam460ex: Fix PCI interrupts with multiple devices (BALATON Zoltan) - hw/misc/macio: Fix device introspection problems in macio devices (Thomas Huth) - Update version for v3.0.0-rc3 release (Peter Maydell) - monitor: temporary fix for dead-lock on event recursion (Marc-Andre Lureau) - linux-user: ppc64: dont use volatile register during safe_syscall (Shivaprasad G Bhat) - tests: add check_invalid_maps to test-mmap (Alex Bennee) - linux-user/mmap.c: handle invalid len maps correctly (Alex Bennee) - s390x/sclp: fix maxram calculation (Christian Borntraeger) - target/arm: Remove duplicate 'host' entry in '-cpu ?' output (Philippe Mathieu-Daude) - hw/misc/tz-mpc: Zero the LUT on initialization, not just reset (Peter Maydell) - hw/arm/iotkit: Fix IRQ number for timer1 (Peter Maydell) - armv7m_nvic: Fix m-security subsection name (Peter Maydell) - hw/arm/sysbus-fdt: Fix assertion in copy_properties_from_host() (Geert Uytterhoeven) - arm/smmuv3: Fix missing VMSD terminator (Dr. David Alan Gilbert) - qemu-iotests: Test query-blockstats with -drive and -blockdev (Kevin Wolf) - block/qapi: Include anonymous BBs in query-blockstats (Kevin Wolf) - block/qapi: Add 'qdev' field to query-blockstats result (Kevin Wolf) - file-posix: Fix write_zeroes with unmap on block devices (Kevin Wolf) - block: Fix documentation for BDRV_REQ_MAY_UNMAP (Kevin Wolf) - iotests: Add test for 'qemu-img convert -C' compatibility (Fam Zheng) - qemu-img: Add -C option for convert with copy offloading (Fam Zheng) - Revert 'qemu-img: Document copy offloading implications with -S and -c' (Fam Zheng) - iotests: Dont lock /dev/null in 226 (Fam Zheng) - docs: Describe using images in writing iotests (Fam Zheng) - file-posix: Handle EINTR in preallocation=full write (Fam Zheng) - qcow2: A grammar fix in conflicting cache sizing error message (Leonid Bloch) - qcow: fix a reference leak (KONRAD Frederic) - backends/cryptodev: remove dead code (Jay Zhou) - timer: remove replay clock probe in deadline calculation (Pavel Dovgalyuk) - i386: implement MSR_SMI_COUNT for TCG (Paolo Bonzini) - i386: do not migrate MSR_SMI_COUNT on machine types <2.12 (Paolo Bonzini) - qstring: Move qstring_from_substr()s @end one to the right (Markus Armbruster) - qstring: Assert size calculations dont overflow (Markus Armbruster) - qstring: Fix qstring_from_substr() not to provoke int overflow (liujunjie) - Update version for v3.0.0-rc2 release (Peter Maydell) - tests: fix TLS handshake failure with TLS 1.3 (Daniel P. Berrange) - tests: use error_abort in places expecting errors (Daniel P. Berrange) - tests: dont silence error reporting for all tests (Daniel P. Berrange) - tests: call qcrypto_init instead of gnutls_global_init (Daniel P. Berrange) - migration: fix duplicate initialization for expected_downtime and cleanup_bh (Lidong Chen) - tests: only update last_byte when at the edge (Peter Xu) - migration: disallow recovery for release-ram (Peter Xu) - migration: update recv bitmap only on dest vm (Peter Xu) - audio/hda: Fix migration (Dr. David Alan Gilbert) - migrate: Fix cancelling state warning (Dr. David Alan Gilbert) - migration: fix potential overflow in multifd send (Peter Xu) - block/file-posix: add bdrv_attach_aio_context callback for host dev and cdrom (Nishanth Aravamudan) - tests/tcg: remove runcom test (Alex Bennee) - docker: perform basic binfmt_misc validation in docker.py (Alex Bennee) - docker: ignore distro versioning of debootstrap (Alex Bennee) - docker: add commentary to debian-bootstrap.docker (Alex Bennee) - docker: Update debootstrap script after Debian migration from Alioth to Salsa (Philippe Mathieu-Daude) - docker: report hint when docker.py check fails (Alex Bennee) - docker: drop QEMU_TARGET check, fallback in EXECUTABLE not set (Alex Bennee) - docker: add expansion for docker-test-FOO to Makefile.include (Alex Bennee) - docker: add test-unit runner (Alex Bennee) - docker: Makefile.include dont include partial images (Alex Bennee) - docker: gracefully skip check_qemu (Alex Bennee) - docker: move make check into check_qemu helper (Alex Bennee) - docker: split configure_qemu from build_qemu (Alex Bennee) - docker: fail more gracefully on docker.py check (Alex Bennee) - docker: par down QEMU_CONFIGURE_OPTS in debian-tricore-cross (Alex Bennee) - docker: base debian-tricore on qemu:debian9 (Alex Bennee) - tests/.gitignore: dont ignore docker tests (Alex Bennee) - target/arm: Escalate to correct HardFault when AIRCR.BFHFNMINS is set (Peter Maydell) - hw/intc/arm_gicv3: Check correct HCR_EL2 bit when routing IRQ (Peter Maydell) - ui/cocoa.m: prevent stuck command key when going into full screen mode (John Arbuckle) - qga: process_event() simplification and leak fix (Marc-Andre Lureau) - qga-win: Handle fstrim for OSes lower than Win8 (Sameeh Jubran) - tcg/i386: Mark xmm registers call-clobbered (Richard Henderson) - i386: Rename enum CacheType members (Eduardo Habkost) - block/vvfat: Disable debug message by default (Thomas Huth) - iotests: Disallow compat=0.10 in 223 (Max Reitz) - iotest: Fix filtering order in 226 (Max Reitz) - iotests: remove LUKS support from test 226 (John Snow) - qemu-img: avoid overflow of min_sparse parameter (Peter Lieven) - block: Fix typos in comments (found by codespell) (Stefan Weil) - qemu-iotests: Use host_device instead of file in 149 (Kevin Wolf) - hw/intc/exynos4210_gic: Turn instance_init into realize function (Thomas Huth) - hw/arm/spitz: Move problematic nand_init() code to realize function (Thomas Huth) - target/arm: Correctly handle overlapping small MPU regions (Peter Maydell) - hw/sd/bcm2835_sdhost: Fix PIO mode writes (Guenter Roeck) - hw/microblaze/xlnx-zynqmp-pmu: Fix introspection problem in 'xlnx, zynqmp-pmu-soc' (Thomas Huth) - monitor: Fix unsafe sharing of @cur_mon among threads (Peter Xu) - qapi: Make 'allow-oob' optional in SchemaInfoCommand (Markus Armbruster) - po: Dont include comments with location (Stefan Weil) - linux-user/ppc: Implement swapcontext syscall (Richard Henderson) - linux-user: fix ELF load alignment error (Laurent Vivier) - tap: fix memory leak on success to create a tap device (Yunjian Wang) - e1000e: Prevent MSI/MSI-X storms (Jan Kiszka) - tcg/aarch64: limit mul_vec size (Alex Bennee) - spike: Fix crash when introspecting the device (Alistair Francis) - riscv_hart: Fix crash when introspecting the device (Alistair Francis) - virt: Fix crash when introspecting the device (Alistair Francis) - sifive_u: Fix crash when introspecting the device (Alistair Francis) - sifive_e: Fix crash when introspecting the device (Alistair Francis) - tracing: Use double-dash spelling for trace option (Yaowei Bai) - throttle-groups: fix hang when group member leaves (Stefan Hajnoczi) - s390x/cpumodel: fix segmentation fault when baselining models (David Hildenbrand) - Update version for v3.0.0-rc1 release (Peter Maydell) - Document command line options with single dash (BALATON Zoltan) - opts: remove redundant check for NULL parameter (Daniel P. Berrange) - i386: only parse the initrd_filename once for multiboot modules (Daniel P. Berrange) - i386: fix regression parsing multiboot initrd modules (Daniel P. Berrange) - hw/arm/xlnx-zynqmp: Fix crash when introspecting the 'xlnx, zynqmp' device (Thomas Huth) - hw/display/xlnx_dp: Move problematic code from instance_init to realize (Paolo Bonzini) - hw/arm/stm32f205_soc: Fix introspection problem with 'stm32f205-soc' device (Thomas Huth) - hw/arm/allwinner-a10: Fix introspection problem with 'allwinner-a10' (Thomas Huth) - hw/*/realview: Fix introspection problem with 'realview_mpcore' & 'realview_gic' (Thomas Huth) - hw/cpu/arm11mpcore: Fix introspection problem with 'arm11mpcore_priv' (Thomas Huth) - hw/arm/fsl-imx31: Fix introspection problem with the 'fsl, imx31' device (Thomas Huth) - hw/arm/fsl-imx25: Fix introspection problem with the 'fsl, imx25' device (Thomas Huth) - hw/arm/fsl-imx7: Fix introspection problems with the 'fsl, imx7' device (Thomas Huth) - hw/arm/fsl-imx6: Fix introspection problems with the 'fsl, imx6' device (Thomas Huth) - hw/cpu/a9mpcore: Fix introspection problems with the 'a9mpcore_priv' device (Thomas Huth) - hw/arm/msf2-soc: Fix introspection problem with the 'msf2-soc' device (Thomas Huth) - hw/cpu/a15mpcore: Fix introspection problem with the a15mpcore_priv device (Thomas Huth) - hw/arm/armv7: Fix crash when introspecting the 'iotkit' device (Thomas Huth) - hw/arm/bcm2836: Fix crash with device_add bcm2837 on unsupported machines (Thomas Huth) - hw/core/sysbus: Add a function for creating and attaching an object (Thomas Huth) - qom/object: Add a new function object_initialize_child() (Thomas Huth) - qga: fix file descriptor leak (Paolo Bonzini) - qga: fix 'driver' leak in guest-get-fsinfo (Marc-Andre Lureau) - accel/tcg: Assert that tlb fill gave us a valid TLB entry (Peter Maydell) - accel/tcg: Use correct test when looking in victim TLB for code (Peter Maydell) - bcm2835_aux: Swap RX and TX interrupt assignments (Guenter Roeck) - hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false (Thomas Huth) - hw/intc/arm_gic: Fix handling of GICD_ITARGETSR (Peter Maydell) - hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq() (Peter Maydell) - aspeed: Implement write-1-{set, clear} for AST2500 strapping (Andrew Jeffery) - target/arm: Fix LD1W and LDFF1W (scalar plus vector) (Richard Henderson) - virtio-scsi: fix hotplug ->reset() vs event race (Stefan Hajnoczi) - qdev: add HotplugHandler->post_plug() callback (Stefan Hajnoczi) - hw/char/serial: retry write if EAGAIN (Marc-Andre Lureau) - PC Chipset: Improve serial divisor calculation (Calvin Lee) - vhost-user-test: added proper TestServer *dest initialization in test_migrate() (Emanuele Giuseppe Esposito) - hyperv: ensure VP index equal to QEMU cpu_index (Roman Kagan) - hyperv: rename vcpu_id to vp_index (Roman Kagan) - accel: Fix typo and grammar in comment (Stefan Weil) - dump: add kernel_gs_base to QEMU CPU state (Viktor Prutyanov) - monitor: Fix tracepoint crash on JSON syntax error (Markus Armbruster) - MAINTAINERS: New section 'Incompatible changes', copy libvir-list (Markus Armbruster) - qemu-doc: Move appendix 'Deprecated features' to its own file (Markus Armbruster) - cli qmp: Mark --preconfig, exit-preconfig experimental (Markus Armbruster) - qapi: Do not expose 'allow-preconfig' in query-qmp-schema (Markus Armbruster) - sm501: Fix warning about unreachable code (BALATON Zoltan) - sam460ex: Correct use after free error (BALATON Zoltan) - etsec: fix IRQ (un)masking (Michael Davidsaver) - ppc/xics: fix ICP reset path (Greg Kurz) - spapr: Correct inverted test in spapr_pc_dimm_node() (David Gibson) - sm501: Update screen on frame buffer address change (BALATON Zoltan) - Zero out the hosts 'msg_control' buffer (Jonas Schievink) - linux-user: fix mmap_find_vma_reserved() (Laurent Vivier) - linux-user: convert remaining fcntl() to safe_fcntl() (Laurent Vivier) - linux-user: ppc64: use the correct values for F_*LK64s (Shivaprasad G Bhat) - docs: Grammar and spelling fixes (Ville Skytte) - qemu-img: align result of is_allocated_sectors (Peter Lieven) - scsi-disk: Block Device Characteristics emulation fix (Daniel Henrique Barboza) - iotests: add test 226 for file driver types (John Snow) - file-posix: specify expected filetypes (John Snow) - iotests: nbd: Stop qemu-nbd before remaking image (Fam Zheng) - iotests: 153: Fix dead code (Fam Zheng) - ui/cocoa.m: replace scrollingDeltaY with deltaY (John Arbuckle) - seccomp: allow sched_setscheduler() with SCHED_IDLE policy (Marc-Andre Lureau) - vfio/pci: do not set the PCIDevice 'has_rom' attribute (Cedric Le Goater) - monitor: fix double-free of request error (Marc-Andre Lureau) - error: Remove NULL checks on error_propagate() calls (Philippe Mathieu-Daude) - s390x/storage attributes: fix CMMA_BLOCK_SIZE usage (Claudio Imbrenda) [12:2.11.1-2.el7] - hw/acpi-build: build SRAT memory affinity structures for DIMM devices (Haozhong Zhang) [Orabug: 27509753] - qmp: distinguish PC-DIMM and NVDIMM in MemoryDeviceInfoList (Haozhong Zhang) [Orabug: 27509753] - pc-dimm: make qmp_pc_dimm_device_list() sort devices by address (Haozhong Zhang) [Orabug: 27509753] - nvdimm: add a macro for property 'label-size' (Haozhong Zhang) [Orabug: 27509753] - nvdimm: add 'unarmed' option (Haozhong Zhang) [Orabug: 27509753] - block: Fix NULL dereference on empty drive error (Kevin Wolf) [Orabug: 27832106] - Revert 'IDE: Do not flush empty CDROM drives' (Stefan Hajnoczi) [Orabug: 27832106] - block: test blk_aio_flush() with blk->root == NULL (Kevin Wolf) [Orabug: 27832106] - block: add BlockBackend->in_flight counter (Stefan Hajnoczi) [Orabug: 27832106] - block: extract AIO_WAIT_WHILE() from BlockDriverState (Stefan Hajnoczi) [Orabug: 27832106] - aio: rename aio_context_in_iothread() to in_aio_context_home_thread() (Stefan Hajnoczi) [Orabug: 27832106] - qemu.spec: Add dependency for libiscsi 1.9.0-8 (Mark Kanda) [Orabug: 27832300] - multiboot.c: Document as fixed against CVE-2018-7550 (Jack Schwartz) [Orabug: 27832332] {CVE-2018-7550} - CVE-2017-18030: cirrus_invalidate_region() lets priv guest user cause DoS (Mark Kanda) [Orabug: 27832319] {CVE-2017-18030} - vga: fix region calculation (Gerd Hoffmann) [Orabug: 27832309] {CVE-2018-7858} - keymap: use glib hash for kbd_layout_t (Gerd Hoffmann) [Orabug: 27663795] - qemu.spec: Enable coroutine pool and vhost-vsock (Karl Heubaum) [Orabug: 27832337] [12:2.11.1-1.el7] - BUILDINFO: commit=9fc0f70c83d6de5667c45cd1e420a080e75c7d04 - Update qemu.spec version for 2.11.1 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-12617 CVE-2018-17963 CVE-2017-11334 CVE-2017-14167 CVE-2017-15038 CVE-2017-15119 CVE-2017-15124 CVE-2017-18030 CVE-2017-8380 CVE-2017-9503 CVE-2018-15746 CVE-2018-17958 CVE-2018-7550 CVE-2017-8379 CVE-2017-15268 CVE-2017-5753 CVE-2017-10806 CVE-2017-2633 CVE-2017-5715 CVE-2018-5683 CVE-2018-7858 CVE-2017-12809 CVE-2017-13711 CVE-2017-17381 CVE-2017-5754 CVE-2017-8112 CVE-2018-10839 CVE-2018-11806 CVE-2018-17962 CVE-2018-3639 CVE-2017-13672 CVE-2017-15289 CVE-2017-16845 CVE-2017-18043 CVE-2017-2630 CVE-2017-7471 CVE-2017-7493 CVE-2017-8309 CVE-2017-13673 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::u6_patch cpe:/a:oracle:linux:7::kvm_utils Oracle Linux 6 Oracle Linux 7 [4.1.12-124.22.4] - Revert commit 8bd274934987 ('block: fix bdi vs gendisk lifetime mismatch') (Ashish Samant) [Orabug: 28968102] - KVM/x86: Add IBPB support (Ashok Raj) [Orabug: 28703712] - x86/intel/spectre_v2: Remove unnecessary retp_compiler() test (Boris Ostrovsky) [Orabug: 28814570] - x86/intel/spectre_v4: Deprecate spec_store_bypass_disable=userspace (Boris Ostrovsky) [Orabug: 28814570] - x86/speculation: x86_spec_ctrl_set needs to be called unconditionally (Boris Ostrovsky) [Orabug: 28814570] - x86/speculation: Drop unused DISABLE_IBRS_CLOBBER macro (Boris Ostrovsky) [Orabug: 28814570] - x86/intel/spectre_v4: Keep SPEC_CTRL_SSBD when IBRS is in use (Boris Ostrovsky) [Orabug: 28814570] [4.1.12-124.22.3] - net: net_failover: fix typo in net_failover_slave_register() (Liran Alon) [Orabug: 28122104] - virtio_net: Extend virtio to use VF datapath when available (Sridhar Samudrala) [Orabug: 28122104] - virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit (Sridhar Samudrala) [Orabug: 28122104] - net: Introduce net_failover driver (Sridhar Samudrala) [Orabug: 28122104] - net: Introduce generic failover module (Sridhar Samudrala) [Orabug: 28122104] - net: introduce lower state changed info structure for LAG lowers (Jiri Pirko) [Orabug: 28122104] - net: introduce change lower state notifier (Jiri Pirko) [Orabug: 28122104] - net: add info struct for LAG changeupper (Jiri Pirko) [Orabug: 28122104] - net: add possibility to pass information about upper device via notifier (Jiri Pirko) [Orabug: 28122104] - net: Check CHANGEUPPER notifier return value (Ido Schimmel) [Orabug: 28122104] - net: introduce change upper device notifier change info (Jiri Pirko) [Orabug: 28122104] - x86/bugs: rework x86_spec_ctrl_set to make its changes explicit (Daniel Jordan) [Orabug: 28271063] - x86/bugs: rename ssbd_ibrs_selected to ssbd_userspace_selected (Daniel Jordan) [Orabug: 28271063] - x86/bugs: always use x86_spec_ctrl_base or _priv when setting spec ctrl MSR (Daniel Jordan) [Orabug: 28271063] - xen-blkfront: fix kernel panic with negotiate_mq error path (Manjunath Patil) [Orabug: 28798861] - scsi: lpfc: Correct MDS diag and nvmet configuration (James Smart) [Orabug: 28855939] - scsi: virtio_scsi: let host do exception handling (Paolo Bonzini) [Orabug: 28856913] - net/rds: Fix endless RNR situation (Venkat Venkatsubra) [Orabug: 28857027] - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (Alexander Potapenko) [Orabug: 28892656] {CVE-2018-1000204} - cdrom: fix improper type cast, which can leat to information leak. (Young_X) [Orabug: 28929767] {CVE-2018-16658} {CVE-2018-10940} {CVE-2018-18710} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-18710 CVE-2018-1000204 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 7 [15:3.0.0-1.el7] - net: ignore packet size greater than INT_MAX (Jason Wang) [Orabug: 28763782] {CVE-2018-17963} - pcnet: fix possible buffer overflow (Jason Wang) [Orabug: 28763774] {CVE-2018-17962} - rtl8139: fix possible out of bound access (Jason Wang) [Orabug: 28763765] {CVE-2018-17958} - ne2000: fix possible out of bound access in ne2000_receive (Jason Wang) [Orabug: 28763758] {CVE-2018-10839} - seccomp: set the seccomp filter to all threads (Marc-Andre Lureau) [Orabug: 28763748] {CVE-2018-15746} - virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit to virtio_net (Sridhar Samudrala) [Orabug: 28763724] - kvm: add call to qemu_add_opts() for -overcommit option (Prasad Singamsetty) - Document various CVEs as fixed (Mark Kanda) [Orabug: 28763710] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-18043} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858} - qemu.spec: Initial qemu.spec (Mark Kanda) - virtio-pci: Set subsystem vendor ID to Oracle (Mark Kanda) - qemu_regdump.py: Initial qemu_regdump.py (Mark Kanda) - qmp-regdump: Initial qmp-regdump (Mark Kanda) - bridge.conf: Initial bridge.conf (Mark Kanda) - kvm.conf: Initial kvm.conf (Mark Kanda) - 80-kvm.rules: Initial 80-kvm.rules (Mark Kanda) - Update version for v3.0.0 release (Peter Maydell) - Update version for v3.0.0-rc4 release (Peter Maydell) - virtio-gpu: fix crashes upon warm reboot with vga mode (Marc-Andre Lureau) - slirp: Correct size check in m_inc() (Peter Maydell) - target/xtensa/cpu: Set owner of memory region in xtensa_cpu_initfn (Thomas Huth) - hw/intc/arm_gicv3_common: Move gicd shift bug handling to gicv3_post_load (Peter Maydell) - hw/intc/arm_gicv3_common: Move post_load hooks to top-level VMSD (Peter Maydell) - target/arm: Add dummy needed functions to M profile vmstate subsections (Peter Maydell) - hw/intc/arm_gicv3_common: Combine duplicate .subsections in vmstate_gicv3_cpu (Peter Maydell) - hw/intc/arm_gicv3_common: Give no-migration-shift-bug subsection a needed function (Peter Maydell) - tcg/optimize: Do not skip default processing of dup_vec (Richard Henderson) - tests/acpi: update tables after memory hotplug changes (Michael S. Tsirkin) - pc: acpi: fix memory hotplug regression by reducing stub SRAT entry size (Igor Mammedov) - tests/acpi-test: update ACPI tables test blobs (Dou Liyang) - hw/acpi-build: Add a check for memory-less NUMA nodes (Dou Liyang) - vhost: check region type before casting (Tiwei Bie) - sam460ex: Fix PCI interrupts with multiple devices (BALATON Zoltan) - hw/misc/macio: Fix device introspection problems in macio devices (Thomas Huth) - Update version for v3.0.0-rc3 release (Peter Maydell) - monitor: temporary fix for dead-lock on event recursion (Marc-Andre Lureau) - linux-user: ppc64: dont use volatile register during safe_syscall (Shivaprasad G Bhat) - tests: add check_invalid_maps to test-mmap (Alex Bennee) - linux-user/mmap.c: handle invalid len maps correctly (Alex Bennee) - s390x/sclp: fix maxram calculation (Christian Borntraeger) - target/arm: Remove duplicate 'host' entry in '-cpu ?' output (Philippe Mathieu-Daude) - hw/misc/tz-mpc: Zero the LUT on initialization, not just reset (Peter Maydell) - hw/arm/iotkit: Fix IRQ number for timer1 (Peter Maydell) - armv7m_nvic: Fix m-security subsection name (Peter Maydell) - hw/arm/sysbus-fdt: Fix assertion in copy_properties_from_host() (Geert Uytterhoeven) - arm/smmuv3: Fix missing VMSD terminator (Dr. David Alan Gilbert) - qemu-iotests: Test query-blockstats with -drive and -blockdev (Kevin Wolf) - block/qapi: Include anonymous BBs in query-blockstats (Kevin Wolf) - block/qapi: Add 'qdev' field to query-blockstats result (Kevin Wolf) - file-posix: Fix write_zeroes with unmap on block devices (Kevin Wolf) - block: Fix documentation for BDRV_REQ_MAY_UNMAP (Kevin Wolf) - iotests: Add test for 'qemu-img convert -C' compatibility (Fam Zheng) - qemu-img: Add -C option for convert with copy offloading (Fam Zheng) - Revert 'qemu-img: Document copy offloading implications with -S and -c' (Fam Zheng) - iotests: Dont lock /dev/null in 226 (Fam Zheng) - docs: Describe using images in writing iotests (Fam Zheng) - file-posix: Handle EINTR in preallocation=full write (Fam Zheng) - qcow2: A grammar fix in conflicting cache sizing error message (Leonid Bloch) - qcow: fix a reference leak (KONRAD Frederic) - backends/cryptodev: remove dead code (Jay Zhou) - timer: remove replay clock probe in deadline calculation (Pavel Dovgalyuk) - i386: implement MSR_SMI_COUNT for TCG (Paolo Bonzini) - i386: do not migrate MSR_SMI_COUNT on machine types <2.12 (Paolo Bonzini) - qstring: Move qstring_from_substr()s @end one to the right (Markus Armbruster) - qstring: Assert size calculations dont overflow (Markus Armbruster) - qstring: Fix qstring_from_substr() not to provoke int overflow (liujunjie) - Update version for v3.0.0-rc2 release (Peter Maydell) - tests: fix TLS handshake failure with TLS 1.3 (Daniel P. Berrange) - tests: use error_abort in places expecting errors (Daniel P. Berrange) - tests: dont silence error reporting for all tests (Daniel P. Berrange) - tests: call qcrypto_init instead of gnutls_global_init (Daniel P. Berrange) - migration: fix duplicate initialization for expected_downtime and cleanup_bh (Lidong Chen) - tests: only update last_byte when at the edge (Peter Xu) - migration: disallow recovery for release-ram (Peter Xu) - migration: update recv bitmap only on dest vm (Peter Xu) - audio/hda: Fix migration (Dr. David Alan Gilbert) - migrate: Fix cancelling state warning (Dr. David Alan Gilbert) - migration: fix potential overflow in multifd send (Peter Xu) - block/file-posix: add bdrv_attach_aio_context callback for host dev and cdrom (Nishanth Aravamudan) - tests/tcg: remove runcom test (Alex Bennee) - docker: perform basic binfmt_misc validation in docker.py (Alex Bennee) - docker: ignore distro versioning of debootstrap (Alex Bennee) - docker: add commentary to debian-bootstrap.docker (Alex Bennee) - docker: Update debootstrap script after Debian migration from Alioth to Salsa (Philippe Mathieu-Daude) - docker: report hint when docker.py check fails (Alex Bennee) - docker: drop QEMU_TARGET check, fallback in EXECUTABLE not set (Alex Bennee) - docker: add expansion for docker-test-FOO to Makefile.include (Alex Bennee) - docker: add test-unit runner (Alex Bennee) - docker: Makefile.include dont include partial images (Alex Bennee) - docker: gracefully skip check_qemu (Alex Bennee) - docker: move make check into check_qemu helper (Alex Bennee) - docker: split configure_qemu from build_qemu (Alex Bennee) - docker: fail more gracefully on docker.py check (Alex Bennee) - docker: par down QEMU_CONFIGURE_OPTS in debian-tricore-cross (Alex Bennee) - docker: base debian-tricore on qemu:debian9 (Alex Bennee) - tests/.gitignore: dont ignore docker tests (Alex Bennee) - target/arm: Escalate to correct HardFault when AIRCR.BFHFNMINS is set (Peter Maydell) - hw/intc/arm_gicv3: Check correct HCR_EL2 bit when routing IRQ (Peter Maydell) - ui/cocoa.m: prevent stuck command key when going into full screen mode (John Arbuckle) - qga: process_event() simplification and leak fix (Marc-Andre Lureau) - qga-win: Handle fstrim for OSes lower than Win8 (Sameeh Jubran) - tcg/i386: Mark xmm registers call-clobbered (Richard Henderson) - i386: Rename enum CacheType members (Eduardo Habkost) - block/vvfat: Disable debug message by default (Thomas Huth) - iotests: Disallow compat=0.10 in 223 (Max Reitz) - iotest: Fix filtering order in 226 (Max Reitz) - iotests: remove LUKS support from test 226 (John Snow) - qemu-img: avoid overflow of min_sparse parameter (Peter Lieven) - block: Fix typos in comments (found by codespell) (Stefan Weil) - qemu-iotests: Use host_device instead of file in 149 (Kevin Wolf) - hw/intc/exynos4210_gic: Turn instance_init into realize function (Thomas Huth) - hw/arm/spitz: Move problematic nand_init() code to realize function (Thomas Huth) - target/arm: Correctly handle overlapping small MPU regions (Peter Maydell) - hw/sd/bcm2835_sdhost: Fix PIO mode writes (Guenter Roeck) - hw/microblaze/xlnx-zynqmp-pmu: Fix introspection problem in 'xlnx, zynqmp-pmu-soc' (Thomas Huth) - monitor: Fix unsafe sharing of @cur_mon among threads (Peter Xu) - qapi: Make 'allow-oob' optional in SchemaInfoCommand (Markus Armbruster) - po: Dont include comments with location (Stefan Weil) - linux-user/ppc: Implement swapcontext syscall (Richard Henderson) - linux-user: fix ELF load alignment error (Laurent Vivier) - tap: fix memory leak on success to create a tap device (Yunjian Wang) - e1000e: Prevent MSI/MSI-X storms (Jan Kiszka) - tcg/aarch64: limit mul_vec size (Alex Bennee) - spike: Fix crash when introspecting the device (Alistair Francis) - riscv_hart: Fix crash when introspecting the device (Alistair Francis) - virt: Fix crash when introspecting the device (Alistair Francis) - sifive_u: Fix crash when introspecting the device (Alistair Francis) - sifive_e: Fix crash when introspecting the device (Alistair Francis) - tracing: Use double-dash spelling for trace option (Yaowei Bai) - throttle-groups: fix hang when group member leaves (Stefan Hajnoczi) - s390x/cpumodel: fix segmentation fault when baselining models (David Hildenbrand) - Update version for v3.0.0-rc1 release (Peter Maydell) - Document command line options with single dash (BALATON Zoltan) - opts: remove redundant check for NULL parameter (Daniel P. Berrange) - i386: only parse the initrd_filename once for multiboot modules (Daniel P. Berrange) - i386: fix regression parsing multiboot initrd modules (Daniel P. Berrange) - hw/arm/xlnx-zynqmp: Fix crash when introspecting the 'xlnx, zynqmp' device (Thomas Huth) - hw/display/xlnx_dp: Move problematic code from instance_init to realize (Paolo Bonzini) - hw/arm/stm32f205_soc: Fix introspection problem with 'stm32f205-soc' device (Thomas Huth) - hw/arm/allwinner-a10: Fix introspection problem with 'allwinner-a10' (Thomas Huth) - hw/*/realview: Fix introspection problem with 'realview_mpcore' & 'realview_gic' (Thomas Huth) - hw/cpu/arm11mpcore: Fix introspection problem with 'arm11mpcore_priv' (Thomas Huth) - hw/arm/fsl-imx31: Fix introspection problem with the 'fsl, imx31' device (Thomas Huth) - hw/arm/fsl-imx25: Fix introspection problem with the 'fsl, imx25' device (Thomas Huth) - hw/arm/fsl-imx7: Fix introspection problems with the 'fsl, imx7' device (Thomas Huth) - hw/arm/fsl-imx6: Fix introspection problems with the 'fsl, imx6' device (Thomas Huth) - hw/cpu/a9mpcore: Fix introspection problems with the 'a9mpcore_priv' device (Thomas Huth) - hw/arm/msf2-soc: Fix introspection problem with the 'msf2-soc' device (Thomas Huth) - hw/cpu/a15mpcore: Fix introspection problem with the a15mpcore_priv device (Thomas Huth) - hw/arm/armv7: Fix crash when introspecting the 'iotkit' device (Thomas Huth) - hw/arm/bcm2836: Fix crash with device_add bcm2837 on unsupported machines (Thomas Huth) - hw/core/sysbus: Add a function for creating and attaching an object (Thomas Huth) - qom/object: Add a new function object_initialize_child() (Thomas Huth) - qga: fix file descriptor leak (Paolo Bonzini) - qga: fix 'driver' leak in guest-get-fsinfo (Marc-Andre Lureau) - accel/tcg: Assert that tlb fill gave us a valid TLB entry (Peter Maydell) - accel/tcg: Use correct test when looking in victim TLB for code (Peter Maydell) - bcm2835_aux: Swap RX and TX interrupt assignments (Guenter Roeck) - hw/arm/bcm2836: Mark the bcm2836 / bcm2837 devices with user_creatable = false (Thomas Huth) - hw/intc/arm_gic: Fix handling of GICD_ITARGETSR (Peter Maydell) - hw/intc/arm_gic: Check interrupt number in gic_deactivate_irq() (Peter Maydell) - aspeed: Implement write-1-{set, clear} for AST2500 strapping (Andrew Jeffery) - target/arm: Fix LD1W and LDFF1W (scalar plus vector) (Richard Henderson) - virtio-scsi: fix hotplug ->reset() vs event race (Stefan Hajnoczi) - qdev: add HotplugHandler->post_plug() callback (Stefan Hajnoczi) - hw/char/serial: retry write if EAGAIN (Marc-Andre Lureau) - PC Chipset: Improve serial divisor calculation (Calvin Lee) - vhost-user-test: added proper TestServer *dest initialization in test_migrate() (Emanuele Giuseppe Esposito) - hyperv: ensure VP index equal to QEMU cpu_index (Roman Kagan) - hyperv: rename vcpu_id to vp_index (Roman Kagan) - accel: Fix typo and grammar in comment (Stefan Weil) - dump: add kernel_gs_base to QEMU CPU state (Viktor Prutyanov) - monitor: Fix tracepoint crash on JSON syntax error (Markus Armbruster) - MAINTAINERS: New section 'Incompatible changes', copy libvir-list (Markus Armbruster) - qemu-doc: Move appendix 'Deprecated features' to its own file (Markus Armbruster) - cli qmp: Mark --preconfig, exit-preconfig experimental (Markus Armbruster) - qapi: Do not expose 'allow-preconfig' in query-qmp-schema (Markus Armbruster) - sm501: Fix warning about unreachable code (BALATON Zoltan) - sam460ex: Correct use after free error (BALATON Zoltan) - etsec: fix IRQ (un)masking (Michael Davidsaver) - ppc/xics: fix ICP reset path (Greg Kurz) - spapr: Correct inverted test in spapr_pc_dimm_node() (David Gibson) - sm501: Update screen on frame buffer address change (BALATON Zoltan) - Zero out the hosts 'msg_control' buffer (Jonas Schievink) - linux-user: fix mmap_find_vma_reserved() (Laurent Vivier) - linux-user: convert remaining fcntl() to safe_fcntl() (Laurent Vivier) - linux-user: ppc64: use the correct values for F_*LK64s (Shivaprasad G Bhat) - docs: Grammar and spelling fixes (Ville Skytte) - qemu-img: align result of is_allocated_sectors (Peter Lieven) - scsi-disk: Block Device Characteristics emulation fix (Daniel Henrique Barboza) - iotests: add test 226 for file driver types (John Snow) - file-posix: specify expected filetypes (John Snow) - iotests: nbd: Stop qemu-nbd before remaking image (Fam Zheng) - iotests: 153: Fix dead code (Fam Zheng) - ui/cocoa.m: replace scrollingDeltaY with deltaY (John Arbuckle) - seccomp: allow sched_setscheduler() with SCHED_IDLE policy (Marc-Andre Lureau) - vfio/pci: do not set the PCIDevice 'has_rom' attribute (Cedric Le Goater) - monitor: fix double-free of request error (Marc-Andre Lureau) - error: Remove NULL checks on error_propagate() calls (Philippe Mathieu-Daude) - s390x/storage attributes: fix CMMA_BLOCK_SIZE usage (Claudio Imbrenda) [12:2.11.1-2.el7] - hw/acpi-build: build SRAT memory affinity structures for DIMM devices (Haozhong Zhang) [Orabug: 27509753] - qmp: distinguish PC-DIMM and NVDIMM in MemoryDeviceInfoList (Haozhong Zhang) [Orabug: 27509753] - pc-dimm: make qmp_pc_dimm_device_list() sort devices by address (Haozhong Zhang) [Orabug: 27509753] - nvdimm: add a macro for property 'label-size' (Haozhong Zhang) [Orabug: 27509753] - nvdimm: add 'unarmed' option (Haozhong Zhang) [Orabug: 27509753] - block: Fix NULL dereference on empty drive error (Kevin Wolf) [Orabug: 27832106] - Revert 'IDE: Do not flush empty CDROM drives' (Stefan Hajnoczi) [Orabug: 27832106] - block: test blk_aio_flush() with blk->root == NULL (Kevin Wolf) [Orabug: 27832106] - block: add BlockBackend->in_flight counter (Stefan Hajnoczi) [Orabug: 27832106] - block: extract AIO_WAIT_WHILE() from BlockDriverState (Stefan Hajnoczi) [Orabug: 27832106] - aio: rename aio_context_in_iothread() to in_aio_context_home_thread() (Stefan Hajnoczi) [Orabug: 27832106] - qemu.spec: Add dependency for libiscsi 1.9.0-8 (Mark Kanda) [Orabug: 27832300] - multiboot.c: Document as fixed against CVE-2018-7550 (Jack Schwartz) [Orabug: 27832332] {CVE-2018-7550} - CVE-2017-18030: cirrus_invalidate_region() lets priv guest user cause DoS (Mark Kanda) [Orabug: 27832319] {CVE-2017-18030} - vga: fix region calculation (Gerd Hoffmann) [Orabug: 27832309] {CVE-2018-7858} - keymap: use glib hash for kbd_layout_t (Gerd Hoffmann) [Orabug: 27663795] - qemu.spec: Enable coroutine pool and vhost-vsock (Karl Heubaum) [Orabug: 27832337] [12:2.11.1-1.el7] - BUILDINFO: commit=9fc0f70c83d6de5667c45cd1e420a080e75c7d04 - Update qemu.spec version for 2.11.1 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-2633 CVE-2017-5753 CVE-2017-5715 CVE-2017-8380 CVE-2017-9503 CVE-2017-10806 CVE-2017-13672 CVE-2017-15119 CVE-2017-15124 CVE-2018-5683 CVE-2018-7550 CVE-2017-2630 CVE-2017-18030 CVE-2018-7858 CVE-2018-12617 CVE-2017-8112 CVE-2017-8309 CVE-2017-15038 CVE-2017-16845 CVE-2017-13673 CVE-2017-8379 CVE-2017-12809 CVE-2017-13711 CVE-2018-3639 CVE-2018-11806 CVE-2017-11334 CVE-2017-17381 CVE-2017-18043 CVE-2017-14167 CVE-2017-5754 CVE-2017-7471 CVE-2017-15268 CVE-2017-15289 CVE-2017-7493 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::u6_patch cpe:/a:oracle:linux:7::kvm_utils Oracle Linux 6 Oracle Linux 7 [4.1.12-124.23.1] - xfs: don't call xfs_da_shrink_inode with NULL bp (Eric Sandeen) [Orabug: 28898616] {CVE-2018-13094} - ALSA: rawmidi: Change resized buffers atomically (Takashi Iwai) [Orabug: 28898636] {CVE-2018-10902} - md/raid5: fix a race condition in stripe batch (Shaohua Li) [Orabug: 28917012] - xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE (Darrick J. Wong) [Orabug: 28924091] {CVE-2018-18690} - certs: Add Oracle's new X509 cert into the kernel keyring (Eric Snowberg) [Orabug: 28926203] - block: fix bdi vs gendisk lifetime mismatch (Shan Hai) [Orabug: 28945039] - Add the following entries to 'uek-rpm/ol[67]/nano_modules.list': kernel/drivers/net/net_failover.ko kernel/net/core/failover.ko Fixes: b3bc7c163fc9 ('net: Introduce generic failover module') (Vijay Balakrishna) [Orabug: 28953351] - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (Andy Whitcroft) [Orabug: 28956547] {CVE-2018-7755} {CVE-2018-7755} - iov_iter: don't revert iov buffer if csum error (Ding Tianhong) [Orabug: 28960296] - crypto: salsa20 - fix blkcipher_walk API usage (Eric Biggers) [Orabug: 28976583] {CVE-2017-17805} - crypto: hmac - require that the underlying hash algorithm is unkeyed (Eric Biggers) [Orabug: 28976653] {CVE-2017-17806} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-17805 CVE-2018-10902 CVE-2018-13094 CVE-2018-7755 CVE-2017-17806 CVE-2018-18690 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.28.1] - udf: Check component length before reading it (Jan Kara) [Orabug: 21193696] {CVE-2014-9728} - udf: Verify i_size when loading inode (Shan Hai) [Orabug: 21193696] {CVE-2014-9728} - intel_pstate: Fix overflow in busy_scaled due to long delay (mridula shastry) [Orabug: 28005134] - scsi: libsas: defer ata device eh commands to libata (Jason Yan) [Orabug: 28459689] {CVE-2018-10021} - nfsd: silence sparse warning about accessing credentials (Jeff Layton) [Orabug: 28824742] {CVE-2017-13168} - scsi: sg: mitigate read/write abuse (Jann Horn) [Orabug: 28824742] {CVE-2017-13168} - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (Alexander Potapenko) [Orabug: 28892683] {CVE-2018-1000204} - ALSA: rawmidi: Change resized buffers atomically (Takashi Iwai) [Orabug: 28898650] {CVE-2018-10902} - KVM: MTRR: remove MSR 0x2f8 (Andy Honig) [Orabug: 28901657] {CVE-2016-3713} {CVE-2016-3713} - cdrom: fix improper type cast, which can leat to information leak. (Young_X) [Orabug: 28929777] {CVE-2018-16658} {CVE-2018-10940} {CVE-2018-18710} - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (Andy Whitcroft) {CVE-2018-7755} {CVE-2018-7755} - crypto: salsa20 - fix blkcipher_walk API usage (Eric Biggers) [Orabug: 28976585] {CVE-2017-17805} - crypto: hmac - require that the underlying hash algorithm is unkeyed (Eric Biggers) [Orabug: 28976654] {CVE-2017-17806} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2017-13168 CVE-2017-17806 CVE-2018-1000204 CVE-2014-9728 CVE-2016-3713 CVE-2018-10021 CVE-2018-10902 CVE-2018-7755 CVE-2017-17805 CVE-2018-18710 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.304.1] - mnt: Prevent pivot_root from creating a loop in the mount tree (Eric W. Biederman) [Orabug: 26575709] {CVE-2014-7970} {CVE-2014-7970} - vfs: more mnt_parent cleanups (Al Viro) [Orabug: 26575709] {CVE-2014-7970} - vfs: new internal helper: mnt_has_parent(mnt) (Al Viro) [Orabug: 26575709] {CVE-2014-7970} - ALSA: seq: Fix racy pool initializations (Takashi Iwai) [Orabug: 28459730] {CVE-2018-7566} - xen-netback: calculate full_coalesce before the pre-estimation of ring buffer slots to consume (Dongli Zhang) [Orabug: 28818690] - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (Alexander Potapenko) [Orabug: 28892695] {CVE-2018-1000204} - KVM: MTRR: remove MSR 0x2f8 (Andy Honig) [Orabug: 28901711] {CVE-2016-3713} {CVE-2016-3713} - cdrom: fix improper type cast, which can leat to information leak. (Young_X) [Orabug: 28929788] {CVE-2018-16658} {CVE-2018-10940} {CVE-2018-18710} - udf: Check component length before reading it (Jan Kara) [Orabug: 28941923] {CVE-2014-9728} - udf: Verify symlink size before loading it (Shan Hai) [Orabug: 28941923] {CVE-2014-9728} - udf: Verify i_size when loading inode (Shan Hai) [Orabug: 28941923] {CVE-2014-9728} - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (Andy Whitcroft) [Orabug: 28956549] {CVE-2018-7755} {CVE-2018-7755} - crypto: salsa20 - fix blkcipher_walk API usage (Eric Biggers) [Orabug: 28976586] {CVE-2017-17805} - crypto: hmac - require that the underlying hash algorithm is unkeyed (Eric Biggers) [Orabug: 28976655] {CVE-2017-17806} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2014-7970 CVE-2014-9728 CVE-2017-17806 CVE-2018-7755 CVE-2016-3713 CVE-2018-1000204 CVE-2017-17805 CVE-2018-18710 CVE-2018-7566 cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_ELS Oracle Linux 7 [1.9.11-2.1.1] - Fix kubeadm-registry.sh - Use golang 1.9.3 - [CVE-2018-1002105] Handle error responses from backends - Bump to v1.9.11 IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-1002105 cpe:/a:oracle:linux:7::addons Oracle Linux 7 [4.14.35-1818.5.4] - RDS: null pointer dereference in rds_atomic_free_op (Mohamed Ghannam) [Orabug: 28020694] {CVE-2018-5333} - x86/speculation: Make enhanced IBRS the default spectre v2 mitigation (Alejandro Jimenez) [Orabug: 28474853] - x86/speculation: Enable enhanced IBRS usage (Alejandro Jimenez) [Orabug: 28474853] - x86/speculation: functions for supporting enhanced IBRS (Alejandro Jimenez) [Orabug: 28474853] - KVM: x86: Expose CLDEMOTE CPU feature to guest VM (Jingqi Liu) [Orabug: 28938290] - x86/cpufeatures: Enumerate cldemote instruction (Fenghua Yu) [Orabug: 28938290] - libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset (Fred Herard) [Orabug: 28946206] - wil6210: missing length check in wmi_set_ie (Lior David) [Orabug: 28951267] {CVE-2018-5848} - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (Andy Whitcroft) [Orabug: 28956546] {CVE-2018-7755} {CVE-2018-7755} [4.14.35-1818.5.3] - hugetlbfs: use truncate mutex to prevent pmd sharing race (Mike Kravetz) [Orabug: 28896279] - xfs: enhance dinode verifier (Eric Sandeen) [Orabug: 28943579] {CVE-2018-10322} - xfs: move inode fork verifiers to xfs_dinode_verify (Darrick J. Wong) [Orabug: 28943579] {CVE-2018-10322} [4.14.35-1818.5.2] - rds: crash at rds_ib_inc_copy_to_user+104 due to NULL ptr reference (Venkat Venkatsubra) [Orabug: 28748049] - kdump/vmcore: support encrypted old memory with SME enabled (Lianbo Jiang) [Orabug: 28796835] - amd_iommu: remap the device table of IOMMU with the memory encryption mask for kdump (Lianbo Jiang) [Orabug: 28796835] - kexec: allocate unencrypted control pages for kdump in case SME is enabled (Lianbo Jiang) [Orabug: 28796835] - x86/ioremap: add a function ioremap_encrypted() to remap kdump old memory (Lianbo Jiang) [Orabug: 28796835] - net/rds: Fix endless RNR situation (Venkat Venkatsubra) [Orabug: 28857013] - Btrfs: fix xattr loss after power failure (Filipe Manana) [Orabug: 28893942] - xen/balloon: Support xend-based toolstack (Boris Ostrovsky) [Orabug: 28901032] - Btrfs: fix file data corruption after cloning a range and fsync (Filipe Manana) [Orabug: 28905635] - xen-blkfront: fix kernel panic with negotiate_mq error path (Manjunath Patil) - cdrom: fix improper type cast, which can leat to information leak. (Young_X) [Orabug: 28929755] {CVE-2018-16658} {CVE-2018-10940} {CVE-2018-18710} - sched/fair: Use a recently used CPU as an idle candidate and the basis for SIS (Mel Gorman) [Orabug: 28940633] - sched/fair: Move select_task_rq_fair() slow-path into its own function (Brendan Jackman) [Orabug: 28940633] - certs: Add Oracle's new X509 cert into .builtin_trusted_keys (Eric Snowberg) [Orabug: 28926200] - net: Allow pernet_operations to be executed in parallel (Kirill Tkhai) [Orabug: 28924205] - net: Move mutex_unlock() in cleanup_net() up (Kirill Tkhai) [Orabug: 28924205] - locking/arch, x86: Add __down_read_killable() (Kirill Tkhai) [Orabug: 28924205] - locking/x86: Use named operands in rwsem.h (Miguel Bernal Marin) [Orabug: 28924205] - locking/rwsem: Add down_read_killable() (Kirill Tkhai) [Orabug: 28924205] - net: Introduce net_sem for protection of pernet_list (Kirill Tkhai) [Orabug: 28924205] - net: Assign net to net_namespace_list in setup_net() (Kirill Tkhai) [Orabug: 28924205] - net: Cleanup in copy_net_ns() (Kirill Tkhai) [Orabug: 28924205] [4.14.35-1818.5.1] - Revert 'aarch64: remove duplicate dtb in kernel rpm' (Jack Vogel) [4.14.35-1818.5.0] - oracleasm: Implement support for QUERY HANDLE operation (Martin K. Petersen) [Orabug: 28887237] - oracleasm: Honor ASM_IFLAG_FORMAT_NOCHECK flag (Martin K. Petersen) [Orabug: 28887237] - bpf: 32-bit RSH verification must truncate input before the ALU op (Jann Horn) [Orabug: 28861785] {CVE-2018-18445} - aarch64: remove duplicate dtb in kernel rpm (Eric Saint-Etienne) [Orabug: 28672035] - scsi: lpfc: Correct MDS diag and nvmet configuration (James Smart) [Orabug: 28432993] - uek-rpm: Run 'make olddefconfig' to get latest x86 config values (Victor Erminpour) [Orabug: 28845157] - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:447! (Mike Kravetz) [Orabug: 28886647] - ext4: update i_disksize if direct write past ondisk size (Eryu Guan) [Orabug: 28869428] - ext4: protect i_disksize update by i_data_sem in direct write path (Eryu Guan) [Orabug: 28869428] - config: disable xfs online scrub in uek5 (Darrick J. Wong) [Orabug: 28890254] - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (Alexander Potapenko) [Orabug: 28884433] {CVE-2018-1000204} - random: fix crng_ready() test (Theodore Ts'o) [Orabug: 28863713] {CVE-2018-1108} {CVE-2018-1108} - proc: do not access cmdline nor environ from file-backed areas (Willy Tarreau) [Orabug: 28863722] {CVE-2018-1120} {CVE-2018-1120} - vhost: correctly check the iova range when waking virtqueue (Jason Wang) [Orabug: 28892623] {CVE-2018-1118} - xfs: don't call xfs_da_shrink_inode with NULL bp (Eric Sandeen) [Orabug: 28893785] {CVE-2018-13094} - ALSA: rawmidi: Change resized buffers atomically (Takashi Iwai) [Orabug: 28893798] {CVE-2018-10902} - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (Andrea Arcangeli) [Orabug: 28899818] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-7755 CVE-2018-10322 CVE-2018-18710 CVE-2018-8043 CVE-2018-5848 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::UEKR5_archive cpe:/a:oracle:linux:7::u6_patch cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [4.1.12-124.23.2] - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) (Linus Torvalds) [Orabug: 28855335] {CVE-2018-18386} - nfs: Don't take a reference on fl->fl_file for LOCK operation (Benjamin Coddington) [Orabug: 28887442] - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations (Samuel Neves) [Orabug: 28933009] - ALSA: seq: Fix regression by incorrect ioctl_mutex usages (Takashi Iwai) [Orabug: 29005188] {CVE-2018-1000004} - net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe() (Wei Yongjun) [Orabug: 29012346] {CVE-2018-8043} IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-18386 CVE-2018-8043 CVE-2018-1000004 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 7 [15:3.0.0-3.el7] - monitor: guard iothread access by mon->use_io_thread (Wolfgang Bumiller) [Orabug: 29046045] - monitor: delay monitor iothread creation (Wolfgang Bumiller) [Orabug: 29010480] - Revert 'qmp: isolate responses into io thread' (Marc-Andre Lureau) [Orabug: 29010480] - usb-mtp: outlaw slashes in filenames (Gerd Hoffmann) [Orabug: 29037012] {CVE-2018-16867} [15:3.0.0-2.el7] - vfio-pci: emit FAILOVER_PRIMARY_CHANGED event on guest behalf when unrealized (Si-Wei Liu) [Orabug: 29011784] - vfio-pci: add FAILOVER_PRIMARY_CHANGED event to shorten downtime during failover (Si-Wei Liu) [Orabug: 29011776] - virtio_net: Add support for 'Data Path Switching' during Live Migration. (Venu Busireddy) [Orabug: 28732921] - parfait: Run static analysis when --with parfait specified (Liam Merwick) [Orabug: 28625099] - parfait: add buildrpm/parfait-qemu.conf (Liam Merwick) [Orabug: 28625099] - configure: Provide option to explicitly disable AVX2 (Liam Merwick) [Orabug: 28625099] - lsi53c895a: convert to trace-events (Mark Cave-Ayland) [Orabug: 29011792] - lsi: Reselection needed to remove pending commands from queue (George Kennedy) [Orabug: 28626593] - lsi53c895a: check message length value is valid (Prasad J Pandit) [Orabug: 28873239] {CVE-2018-18849} - 9p: fix QEMU crash when renaming files (Greg Kurz) [Orabug: 28971710] {CVE-2018-19489} - 9p: take write lock on fid path updates (CVE-2018-19364) (Greg Kurz) [Orabug: 28957033] {CVE-2018-19364} - nvme: fix out-of-bounds access to the CMB (Paolo Bonzini) [Orabug: 28885521] {CVE-2018-16847} - kvm: x86: Fix kvm_arch_fixup_msi_route for remap-less case (Jan Kiszka) [Orabug: 28891193] - i386: Add new model of Cascadelake-Server (Tao Xu) [Orabug: 28886460] - i386: Add PKU on Skylake-Server CPU model (Tao Xu) [Orabug: 28886461] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-16867 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::u6_patch cpe:/a:oracle:linux:7::kvm_utils Oracle Linux 7 [15:3.0.0-3.el7] - monitor: guard iothread access by mon->use_io_thread (Wolfgang Bumiller) [Orabug: 29046045] - monitor: delay monitor iothread creation (Wolfgang Bumiller) [Orabug: 29010480] - Revert 'qmp: isolate responses into io thread' (Marc-Andre Lureau) [Orabug: 29010480] - usb-mtp: outlaw slashes in filenames (Gerd Hoffmann) [Orabug: 29037012] {CVE-2018-16867} [15:3.0.0-2.el7] - vfio-pci: emit FAILOVER_PRIMARY_CHANGED event on guest behalf when unrealized (Si-Wei Liu) [Orabug: 29011784] - vfio-pci: add FAILOVER_PRIMARY_CHANGED event to shorten downtime during failover (Si-Wei Liu) [Orabug: 29011776] - virtio_net: Add support for 'Data Path Switching' during Live Migration. (Venu Busireddy) [Orabug: 28732921] - parfait: Run static analysis when --with parfait specified (Liam Merwick) [Orabug: 28625099] - parfait: add buildrpm/parfait-qemu.conf (Liam Merwick) [Orabug: 28625099] - configure: Provide option to explicitly disable AVX2 (Liam Merwick) [Orabug: 28625099] - lsi53c895a: convert to trace-events (Mark Cave-Ayland) [Orabug: 29011792] - lsi: Reselection needed to remove pending commands from queue (George Kennedy) [Orabug: 28626593] - lsi53c895a: check message length value is valid (Prasad J Pandit) [Orabug: 28873239] {CVE-2018-18849} - 9p: fix QEMU crash when renaming files (Greg Kurz) [Orabug: 28971710] {CVE-2018-19489} - 9p: take write lock on fid path updates (CVE-2018-19364) (Greg Kurz) [Orabug: 28957033] {CVE-2018-19364} - nvme: fix out-of-bounds access to the CMB (Paolo Bonzini) [Orabug: 28885521] {CVE-2018-16847} - kvm: x86: Fix kvm_arch_fixup_msi_route for remap-less case (Jan Kiszka) [Orabug: 28891193] - i386: Add new model of Cascadelake-Server (Tao Xu) [Orabug: 28886460] - i386: Add PKU on Skylake-Server CPU model (Tao Xu) [Orabug: 28886461] IMPORTANT Copyright 2018 Oracle, Inc. CVE-2018-16867 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::u6_patch cpe:/a:oracle:linux:7::kvm_utils