1. Home
  2. Security Advisories
  3. Oracle Linux
  4. ELSA-2018-4088

[ELSA-2018-4088] Unbreakable Enterprise kernel security update

Severity Important
Affected Packages 12
CVEs 1
Info Packages References Vulnerabilities

[2.6.39-400.298.6]
- perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947612] {CVE-2018-100199}

[2.6.39-400.298.5]
- xen-netfront: fix rx stall when req_prod_pvt goes back to more than zero again (Dongli Zhang) [Orabug: 25053376]
- x86/IBRS: Remove support for IBRS_ENABLED_USER mode (Boris Ostrovsky) [Orabug: 27430615]
- x86/microcode/intel: Disable late loading on model 79 (Borislav Petkov) [Orabug: 27343579]

[2.6.39-400.298.4]
- ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148283] {CVE-2017-16527}
- uwb: properly check kthread_run return value (Andrey Konovalov) [Orabug: 27206900] {CVE-2017-16526}
- HID: usbhid: fix out-of-bounds bug (Jaejoong Kim) [Orabug: 27207935] {CVE-2017-16533}
- cx231xx-cards: fix NULL-deref on missing association descriptor (Johan Hovold) [Orabug: 27208080] {CVE-2017-16536}
- net: cdc_ether: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27215206] {CVE-2017-16649}
- Bluetooth: bnep: bnep_add_connection() should verify that its dealing with l2cap socket (Al Viro) [Orabug: 27344787] {CVE-2017-15868}
- Bluetooth: hidp: verify l2cap sockets (David Herrmann) [Orabug: 27344787] {CVE-2017-15868}
- ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser) [Orabug: 27344840] {CVE-2017-0861} {CVE-2017-0861}
- Addendum: x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516441]
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (David Woodhouse) [Orabug: 27649498] {CVE-2017-5715}
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags (David Woodhouse) [Orabug: 27649510] {CVE-2017-5715}
- x86/spectre: Now that we expose 'stbibp' make sure it is correct. (Konrad Rzeszutek Wilk) [Orabug: 27649631] {CVE-2017-5715}
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (KarimAllah Ahmed) [Orabug: 27649640] {CVE-2017-5715}
- x86: Add STIBP feature enumeration (David Woodhouse) [Orabug: 27649693] {CVE-2017-5715}
- x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27649706] {CVE-2017-5715}
- x86/spectre_v2: Dont spam the console with these: (Konrad Rzeszutek Wilk) [Orabug: 27649723] {CVE-2017-5715}
- x86/spectre_v2: Remove 0xc2 from spectre_bad_microcodes (Darren Kenny) [Orabug: 27600848]
- Revert 'x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation' (Konrad Rzeszutek Wilk) [Orabug: 27601773]
- x86/syscall: run syscall exit code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176]
- x86/syscall: run syscall-specific code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176]
- x86/syscall: run syscall entry code with extra registers cleared (Alexandre Chartre) [Orabug: 27501176]
- x86/spectre: Drop the warning about ibrs being obsolete (Konrad Rzeszutek Wilk) [Orabug: 27518974]
- x86: Include linux/device.h in bugs_64.c (Boris Ostrovsky) [Orabug: 27519044]
- x86: fix mitigation details of UEK2 spectre v1 (Konrad Rzeszutek Wilk) [Orabug: 27509909]
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27516441] {CVE-2017-5715}
- x86, intel: Output microcode revision in /proc/cpuinfo (Andi Kleen) [Orabug: 27516441]
- x86: intel-family.h: Add GEMINI_LAKE SOC (Len Brown) [Orabug: 27516441]
- x86/cpu/intel: Introduce macros for Intel family numbers (Dave Hansen) [Orabug: 27516441]
- x86/mitigation/spectre_v2: Add reporting of 'lfence' (Konrad Rzeszutek Wilk) [Orabug: 27525958]
- x86/spec: Add 'lfence_enabled' in sysfs (Konrad Rzeszutek Wilk) [Orabug: 27525954]
- x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation (Konrad Rzeszutek Wilk) [Orabug: 27525923]
- x86/spec: Also print IBRS if IBPB is disabled (Konrad Rzeszutek Wilk) [Orabug: 27519083]
- x86: Use Indirect Branch Prediction Barrier in context switch (Tim Chen) [Orabug: 27516378]

Package Affected Version
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-6 < 2.6.39-400.298.6.el6uek
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-5 < 2.6.39-400.298.6.el5uek
pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-6 < 2.6.39-400.298.6.el6uek
pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-5 < 2.6.39-400.298.6.el5uek
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-6 < 2.6.39-400.298.6.el6uek
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-5 < 2.6.39-400.298.6.el5uek
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-6 < 2.6.39-400.298.6.el6uek
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-5 < 2.6.39-400.298.6.el5uek
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-6 < 2.6.39-400.298.6.el6uek
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-5 < 2.6.39-400.298.6.el5uek
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-6 < 2.6.39-400.298.6.el6uek
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-5 < 2.6.39-400.298.6.el5uek
ID
ELSA-2018-4088
Severity
important
URL
https://linux.oracle.com/errata/ELSA-2018-4088.html
Published
2018-05-01T00:00:00
(6 years ago)
Modified
2018-05-01T00:00:00
(6 years ago)
Rights
Copyright 2018 Oracle, Inc.
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-6 oraclelinux kernel-uek < 2.6.39-400.298.6.el6uek oraclelinux-6
Affected pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-5 oraclelinux kernel-uek < 2.6.39-400.298.6.el5uek oraclelinux-5
Affected pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-6 oraclelinux kernel-uek-firmware < 2.6.39-400.298.6.el6uek oraclelinux-6
Affected pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-5 oraclelinux kernel-uek-firmware < 2.6.39-400.298.6.el5uek oraclelinux-5
Affected pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-6 oraclelinux kernel-uek-doc < 2.6.39-400.298.6.el6uek oraclelinux-6
Affected pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-5 oraclelinux kernel-uek-doc < 2.6.39-400.298.6.el5uek oraclelinux-5
Affected pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-6 oraclelinux kernel-uek-devel < 2.6.39-400.298.6.el6uek oraclelinux-6
Affected pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-5 oraclelinux kernel-uek-devel < 2.6.39-400.298.6.el5uek oraclelinux-5
Affected pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-6 oraclelinux kernel-uek-debug < 2.6.39-400.298.6.el6uek oraclelinux-6
Affected pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-5 oraclelinux kernel-uek-debug < 2.6.39-400.298.6.el5uek oraclelinux-5
Affected pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-6 oraclelinux kernel-uek-debug-devel < 2.6.39-400.298.6.el6uek oraclelinux-6
Affected pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-5 oraclelinux kernel-uek-debug-devel < 2.6.39-400.298.6.el5uek oraclelinux-5
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date