[ELSA-2018-1318] kernel security, bug fix, and enhancement update

Severity Important
Affected Packages 12
CVEs 6

[3.10.0-862.2.3.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [bug 24817676]

[3.10.0-862.2.3]
- [x86] kvm: fix icebp instruction handling (Paolo Bonzini) [1566849 1566845] {CVE-2018-1087}
- [x86] entry/64: Don't use IST entry for #BP stack (Paolo Bonzini) [1567084 1567083] {CVE-2018-8897}

[3.10.0-862.2.2]
- [kernel] perf/hwbp: Simplify the perf-hwbp code, fix documentation (Eugene Syromiatnikov) [1569878 1569874] {CVE-2018-1000199}

[3.10.0-862.2.1]
- [md] dm: fix dropped return code from dm_get_bdev_for_ioctl (Mike Snitzer) [1567746 1562962]
- [crypto] aesni: Add support for 192 & 256 bit keys to AESNI RFC4106 (Bruno Eduardo de Oliveira Meneguele) [1570537 1568167]

[3.10.0-862.1.1]
- [x86] kexec/64: Clear control page after PGD init (Waiman Long) [1565700 1540061]
- [x86] pti: Rework the UEFI data corruption fix (Waiman Long) [1565700 1540061]
- [powerpc] tm: Flush TM only if CPU has TM feature (David Gibson) [1563773 1544676] {CVE-2018-1091}
- [gpu] drm/i915/glk: IPC linetime watermark workaround for GLK (Lyude Paul) [1563711 1548651]
- [x86] apic: Remove the (now) unused disable_IO_APIC() function (Baoquan He) [1563108 1521003]
- [x86] apic: Fix restoring boot IRQ mode in reboot and kexec/kdump (Baoquan He) [1563108 1521003]
- [x86] apic: Split disable_IO_APIC() into two functions to fix CONFIG_KEXEC_JUMP=y (Baoquan He) [1563108 1521003]
- [x86] apic: Split out restore_boot_irq_mode() from disable_IO_APIC() (Baoquan He) [1563108 1521003]
- [netdrv] i40e: Close client on suspend and restore client MSIx on resume (Stefan Assmann) [1563106 1538847]
- [fs] nfs: Fix unstable write completion (Scott Mayhew) [1563103 1544647]
- [x86] kvm: Fix device passthrough when SME is active (Suravee Suthikulpanit) [1563098 1557911]
- [powerpc] powernv: Support firmware disable of RFI flush (Mauricio Oliveira) [1563096 1553927]
- [powerpc] pseries: Support firmware disable of RFI flush (Mauricio Oliveira) [1563096 1553927]
- [powerpc] pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper (Mauricio Oliveira) [1563096 1553927]
- [nvme] fixup nvme_sysfs_delete() (David Milburn) [1563092 1543716]
- [x86] smpboot: Fix uncore_pci_remove() indexing bug when hot-removing a physical CPU (Prarit Bhargava) [1563091 1527731]
- [x86] tsc: Fix erroneous TSC rate on Skylake Xeon (Prarit Bhargava) [1563088 1466058]
- [x86] tsc: Print tsc_khz, when it differs from cpu_khz (Prarit Bhargava) [1563088 1466058]
- [x86] tsc: Future-proof native_calibrate_tsc() (Prarit Bhargava) [1563088 1466058]
- [scsi] csiostor: add support for 32 bit port capabilities (Arjun Vynipadath) [1561906 1526163]
- [netdrv] cxgb4/cxgbvf: Handle 32-bit fw port capabilities (Arjun Vynipadath) [1561906 1526163]
- [netdrv] cxgb4vf: define get_fecparam ethtool callback (Arjun Vynipadath) [1561906 1526163]
- [netdrv] cxgb4: ethtool forward error correction management support (Arjun Vynipadath) [1561906 1526163]
- [netdrv] cxgb4: core hardware/firmware support for Forward Error Correction on a link (Arjun Vynipadath) [1561906 1526163]
- [iscsi-target] Fix panic when adding second TCP connection to iSCSI session (Maurizio Lombardi) [1561900 1544670]
- [crypto] chelsio: Fix src buffer dma length (Arjun Vynipadath) [1561899 1548047]
- [crypto] chelsio: Move DMA un/mapping to chcr from lld cxgb4 driver (Arjun Vynipadath) [1561899 1548047]
- [crypto] chelsio: Remove unused parameter (Arjun Vynipadath) [1561899 1548047]
- [crypto] chelsio: Remove allocation of sg list to implement 2K limit of dsgl header (Arjun Vynipadath) [1561899 1548047]
- [crypto] chelsio: introduce __skb_put_zero() (Arjun Vynipadath) [1561899 1548047]
- [crypto] chelsio: make skb_put & friends return void pointers (Arjun Vynipadath) [1561899 1548047]
- [gpu] drm/i915/cfl: Remove alpha support protection (Rob Clark) [1561897 1464911]
- [gpu] drm/i915/cnl: Map VBT DDC Pin to BSpec DDC Pin (Rob Clark) [1561897 1464911]
- [gpu] drm/i915: Add retries for LSPCON detection (Rob Clark) [1561897 1464911]
- [gpu] drm/i915: Don't give up waiting on INVALID_MODE (Rob Clark) [1561897 1464911]
- [nvme] pci: Fix EEH failure on ppc (Mauricio Oliveira) [1561894 1558499]
- [net] netfilter: ebtables: fix erroneous reject of last rule (Florian Westphal) [1552366 1552370] {CVE-2018-1068}
- [net] netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets (Florian Westphal) [1552366 1552370] {CVE-2018-1068}
- [net] netfilter: bridge: ebt_among: add more missing match size checks (Florian Westphal) [1552366 1552370] {CVE-2018-1068}
- [net] netfilter: bridge: ebt_among: add missing match size checks (Florian Westphal) [1552366 1552370] {CVE-2018-1068}
- [net] ipsec: Fix aborted xfrm policy dump crash (Bruno Eduardo de Oliveira Meneguele) [1517292 1517290] {CVE-2017-16939}

ID
ELSA-2018-1318
Severity
important
URL
https://linux.oracle.com/errata/ELSA-2018-1318.html
Published
2018-05-09T00:00:00
(6 years ago)
Modified
2018-05-09T00:00:00
(6 years ago)
Rights
Copyright 2018 Oracle, Inc.
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 oraclelinux python-perf < 3.10.0-862.2.3.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 oraclelinux perf < 3.10.0-862.2.3.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel?distro=oraclelinux-7 oraclelinux kernel < 3.10.0-862.2.3.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-7 oraclelinux kernel-tools < 3.10.0-862.2.3.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-7 oraclelinux kernel-tools-libs < 3.10.0-862.2.3.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-7 oraclelinux kernel-tools-libs-devel < 3.10.0-862.2.3.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-7 oraclelinux kernel-headers < 3.10.0-862.2.3.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-7 oraclelinux kernel-doc < 3.10.0-862.2.3.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-7 oraclelinux kernel-devel < 3.10.0-862.2.3.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-7 oraclelinux kernel-debug < 3.10.0-862.2.3.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-7 oraclelinux kernel-debug-devel < 3.10.0-862.2.3.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-7 oraclelinux kernel-abi-whitelists < 3.10.0-862.2.3.el7 oraclelinux-7
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date
Loading...