[ELSA-2018-4242] Unbreakable Enterprise kernel security update
[4.14.35-1818.3.3]
- net: net_failover: fix typo in net_failover_slave_register() (Liran Alon) [Orabug: 28122110]
- virtio_net: Extend virtio to use VF datapath when available (Sridhar Samudrala) [Orabug: 28122110]
- virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit (Sridhar Samudrala) [Orabug: 28122110]
- net: Introduce net_failover driver (Sridhar Samudrala) [Orabug: 28122110]
- net: Introduce generic failover module (Sridhar Samudrala) [Orabug: 28122110]
- IB/ipoib: Improve filtering log message (Yuval Shaia) [Orabug: 28655435]
- IB/ipoib: Fix wrong update of arp_blocked counter (Yuval Shaia) [Orabug: 28655435]
- IB/ipoib: Update RX counters after ACL filtering (Yuval Shaia) [Orabug: 28655435]
- IB/ipoib: Filter RX packets before adding pseudo header (Yuval Shaia) [Orabug: 28655435]
- dm crypt: add middle-endian variant of plain64 IV (Konrad Rzeszutek Wilk) [Orabug: 28604629]
- uek-rpm: Disable deprecated CONFIG_ACPI_PROCFS_POWER (Victor Erminpour) [Orabug: 28644322]
- net/rds: Fix call to sleeping function in a non-sleeping context (Hakon Bugge) [Orabug: 28657397]
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott Bauer) [Orabug: 28664499] {CVE-2018-16658}
- ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (Seunghun Han) [Orabug: 28664576] {CVE-2017-13695}
- usb: xhci: do not create and register shared_hcd when USB3.0 is disabled (Tung Nguyen) [Orabug: 28677854]
[4.14.35-1818.3.2]
- hwmon: (k10temp) Display both Tctl and Tdie (Guenter Roeck) [Orabug: 28143470]
- hwmon: (k10temp) Use API function to access System Management Network (Guenter Roeck) [Orabug: 28143470]
- hwmon: (k10temp) Fix reading critical temperature register (Guenter Roeck) [Orabug: 28143470]
- hwmon: (k10temp) Add temperature offset for Ryzen 2700X (Guenter Roeck) [Orabug: 28143470]
- hwmon: (k10temp) Add support for temperature offsets (Guenter Roeck) [Orabug: 28143470]
- hwmon: (k10temp) Add support for family 17h (Guenter Roeck) [Orabug: 28143470]
- hwmon: (k10temp) Move chip specific code into probe function (Guenter Roeck) [Orabug: 28143470]
- net/rds: make the source code clean (Zhu Yanjun) [Orabug: 28607913]
- net/rds: Use rdma_read_gids to get connection SGID/DGID in IPv6 (Zhu Yanjun) [Orabug: 28607913]
- net/rds: Use rdma_read_gids to read connection GIDs (Parav Pandit) [Orabug: 28607913]
- posix-timers: Sanitize overrun handling (Thomas Gleixner) [Orabug: 28642970] {CVE-2018-12896}
- crypto: ccp - Add support for new CCP/PSP device ID (Tom Lendacky) [Orabug: 28584386]
- crypto: ccp - Support register differences between PSP devices (Tom Lendacky) [Orabug: 28584386]
- crypto: ccp - Remove unused #defines (Tom Lendacky) [Orabug: 28584386]
- crypto: ccp - Add psp enabled message when initialization succeeds (Tom Lendacky) [Orabug: 28584386]
- crypto: ccp - Fix command completion detection race (Tom Lendacky) [Orabug: 28584386]
- iommu/amd: Add support for IOMMU XT mode (Suravee Suthikulpanit) [Orabug: 28584386]
- iommu/amd: Add support for higher 64-bit IOMMU Control Register (Suravee Suthikulpanit) [Orabug: 28584386]
- x86: irq_remapping: Move irq remapping mode enum (Suravee Suthikulpanit) [Orabug: 28584386]
- x86/CPU/AMD: Fix LLC ID bit-shift calculation (Suravee Suthikulpanit) [Orabug: 28584386]
- x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available (Suravee Suthikulpanit) [Orabug: 28584386]
- x86/CPU/AMD: Calculate last level cache ID from number of sharing threads (Suravee Suthikulpanit) [Orabug: 28584386]
- x86/CPU: Rename intel_cacheinfo.c to cacheinfo.c (Borislav Petkov) [Orabug: 28584386]
- perf/events/amd/uncore: Fix amd_uncore_llc ID to use pre-defined cpu_llc_id (Suravee Suthikulpanit) [Orabug: 28584386]
- x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present (Borislav Petkov) [Orabug: 28584386]
[4.14.35-1818.3.1]
- arm64: vdso: fix clock_getres for 4GiB-aligned res (Mark Rutland) [Orabug: 28603375]
- locking/qrwlock: Prevent slowpath writers getting held up by fastpath (Will Deacon) [Orabug: 28605196]
- locking/qrwlock, arm64: Move rwlock implementation over to qrwlocks (Will Deacon) [Orabug: 28605196]
- locking/qrwlock: Use atomic_cond_read_acquire() when spinning in qrwlock (Will Deacon) [Orabug: 28605196]
- locking/atomic: Add atomic_cond_read_acquire() (Will Deacon) [Orabug: 28605196]
- rds: CVE-2018-7492: Fix NULL pointer dereference in __rds_rdma_map (Hakon Bugge) [Orabug: 28565429] {CVE-2018-7492}
- irqchip/irq-bcm2836: Add support for DT interrupt polarity (Stefan Wahren) [Orabug: 28596168]
- dt-bindings/bcm2836-l1-intc: Add interrupt polarity support (Stefan Wahren) [Orabug: 28596168]
- dt-bindings/bcm283x: Define polarity of per-cpu interrupts (Stefan Wahren) [Orabug: 28596168]
- x86/spec_ctrl: Only set SPEC_CTRL_IBRS_FIRMWARE if IBRS is actually in use (Patrick Colp) [Orabug: 28610695]
[4.14.35-1818.2.2]
- x86/xen: Calculate __max_logical_packages on PV domains (Prarit Bhargava) [Orabug: 28476586]
- x86/entry/64: Remove %ebx handling from error_entry/exit (Andy Lutomirski) [Orabug: 28402921] {CVE-2018-14678}
- x86/pti: Don't report XenPV as vulnerable (Jiri Kosina) [Orabug: 28476680]
- x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (Andi Kleen) [Orabug: 28488807] {CVE-2018-3620}
- x86/speculation/l1tf: Suggest what to do on systems with too much RAM (Vlastimil Babka) [Orabug: 28488807] {CVE-2018-3620}
- x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (Vlastimil Babka) [Orabug: 28488807] {CVE-2018-3620}
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Vlastimil Babka) [Orabug: 28488807] {CVE-2018-3620}
- x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean Christopherson) [Orabug: 28488807] {CVE-2018-3620}
- x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled (Guenter Roeck) [Orabug: 28488807] {CVE-2018-3620}
- x86/spectre: Add missing family 6 check to microcode check (Andi Kleen) [Orabug: 28488807] {CVE-2018-3620}
- KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled (Thomas Gleixner) [Orabug: 28488807] {CVE-2018-3646}
- x86/microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [Orabug: 28488807] {CVE-2018-3620}
- PCI: Add ACS quirk for Ampere root ports (Feng Kan) [Orabug: 28525940]
- xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE (Darrick J. Wong) [Orabug: 28573020]
- uek-rpm: Disable F2FS in the UEK5 config (Victor Erminpour) [Orabug: 28577123]
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | < 4.14.35-1818.3.3.el7uek |
pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | < 4.14.35-1818.3.3.el7uek |
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | < 4.14.35-1818.3.3.el7uek |
pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7 | < 4.14.35-1818.3.3.el7uek |
pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7 | < 4.14.35-1818.3.3.el7uek |
pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7 | < 4.14.35-1818.3.3.el7uek |
pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7 | < 4.14.35-1818.3.3.el7uek |
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | < 4.14.35-1818.3.3.el7uek |
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | < 4.14.35-1818.3.3.el7uek |
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | < 4.14.35-1818.3.3.el7uek |
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | < 4.14.35-1818.3.3.el7uek |
- ID
- ELSA-2018-4242
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2018-4242.html
- Published
-
2018-10-10T00:00:00
(6 years ago) - Modified
-
2018-10-10T00:00:00
(6 years ago) - Rights
- Copyright 2018 Oracle, Inc.
- Other Advisories
-
- ALAS-2018-1086
- ALAS2-2018-1086
- DSA-4187-1
- DSA-4308-1
- ELSA-2018-4210
- ELSA-2018-4227
- ELSA-2018-4245
- ELSA-2018-4246
- ELSA-2018-4250
- ELSA-2019-2029
- FEDORA-2017-6764d16965
- FEDORA-2017-a3a8638a60
- FEDORA-2018-0edb45d9db
- FEDORA-2018-1621b2204a
- FEDORA-2018-1c80fea1cd
- FEDORA-2018-2ee3411cb8
- FEDORA-2018-2f6df9abfb
- FEDORA-2018-3857a8b41a
- FEDORA-2018-49bda79bd5
- FEDORA-2018-4ca01704a2
- FEDORA-2018-50075276e8
- FEDORA-2018-59e4747e0f
- FEDORA-2018-6367a17aa3
- FEDORA-2018-6e8c330d50
- FEDORA-2018-79d7c3d2df
- FEDORA-2018-7c2e0a998d
- FEDORA-2018-8422d94975
- FEDORA-2018-8484550fff
- FEDORA-2018-884a105c04
- FEDORA-2018-8d90571cdf
- FEDORA-2018-94315e9a6b
- FEDORA-2018-9f4381d8c4
- FEDORA-2018-a0914af224
- FEDORA-2018-b68776e5b0
- FEDORA-2018-c0a1284064
- FEDORA-2018-ca0e10fc6e
- FEDORA-2018-cc812838fb
- FEDORA-2018-d77cc41f35
- FEDORA-2018-ddbaca855e
- FEDORA-2018-e820fccd83
- FEDORA-2018-f8cba144ae
- FEDORA-2019-16de0047d4
- FEDORA-2019-196ab64d65
- FEDORA-2019-1b986880ea
- FEDORA-2019-20a89ca9af
- FEDORA-2019-337484d88b
- FEDORA-2019-3da64f3e61
- FEDORA-2019-4002b91800
- FEDORA-2019-509c133845
- FEDORA-2019-65c6d11eba
- FEDORA-2019-7d3500d712
- FEDORA-2019-a6cd583a8d
- FEDORA-2019-c36afa818c
- FEDORA-2019-ce2933b003
- RHSA-2019:2029
- RHSA-2019:2043
- SSA:2019-030-01
- SUSE-SU-2018:1366-1
- SUSE-SU-2018:1761-1
- SUSE-SU-2018:1762-1
- SUSE-SU-2018:1816-1
- SUSE-SU-2018:1855-1
- SUSE-SU-2018:1855-2
- SUSE-SU-2018:2092-1
- SUSE-SU-2018:2332-1
- SUSE-SU-2018:2366-1
- SUSE-SU-2018:2637-1
- SUSE-SU-2018:2775-1
- SUSE-SU-2018:2776-1
- SUSE-SU-2018:2858-1
- SUSE-SU-2018:2862-1
- SUSE-SU-2018:2879-1
- SUSE-SU-2018:2907-1
- SUSE-SU-2018:2908-1
- SUSE-SU-2018:2908-2
- SUSE-SU-2018:2980-1
- SUSE-SU-2018:2981-1
- SUSE-SU-2018:3083-1
- SUSE-SU-2018:3084-1
- SUSE-SU-2018:3088-1
- SUSE-SU-2018:3618-1
- SUSE-SU-2018:3961-1
- SUSE-SU-2022:2077-1
- SUSE-SU-2022:2082-1
- SUSE-SU-2022:2103-1
- SUSE-SU-2022:2111-1
- SUSE-SU-2023:0416-1
- USN-3619-1
- USN-3619-2
- USN-3674-1
- USN-3674-2
- USN-3677-1
- USN-3677-2
- USN-3696-1
- USN-3696-2
- USN-3762-1
- USN-3762-2
- USN-3797-1
- USN-3797-2
- USN-3820-1
- USN-3820-2
- USN-3820-3
- USN-3822-1
- USN-3822-2
- USN-3847-1
- USN-3847-2
- USN-3847-3
- USN-3848-1
- USN-3848-2
- USN-3849-1
- USN-3849-2
- USN-3931-1
- USN-3931-2
- XSA-274
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2018-4242 | http://linux.oracle.com/errata/ELSA-2018-4242.html | |
CVE | CVE-2018-14678 | http://linux.oracle.com/cve/CVE-2018-14678.html | |
CVE | CVE-2017-13695 | http://linux.oracle.com/cve/CVE-2017-13695.html | |
CVE | CVE-2018-16658 | http://linux.oracle.com/cve/CVE-2018-16658.html | |
CVE | CVE-2018-7492 | http://linux.oracle.com/cve/CVE-2018-7492.html | |
CVE | CVE-2018-12896 | http://linux.oracle.com/cve/CVE-2018-12896.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux | python-perf | < 4.14.35-1818.3.3.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux | perf | < 4.14.35-1818.3.3.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | oraclelinux | kernel-uek | < 4.14.35-1818.3.3.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools | < 4.14.35-1818.3.3.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools-libs | < 4.14.35-1818.3.3.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools-libs-devel | < 4.14.35-1818.3.3.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7 | oraclelinux | kernel-uek-headers | < 4.14.35-1818.3.3.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | oraclelinux | kernel-uek-doc | < 4.14.35-1818.3.3.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-devel | < 4.14.35-1818.3.3.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug | < 4.14.35-1818.3.3.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug-devel | < 4.14.35-1818.3.3.el7uek | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |