[ELSA-2019-1167] kernel security and bug fix update

Severity Important

Affected Packages 20

CVEs 4

[4.18.0-80.1.2_0.OL8]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]

[4.18.0-80.1.2_0]
- [arm64] arm64/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [s390] s390/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [powerpc] powerpc/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [powerpc] powerpc/64: Disable the speculation barrier from the command line (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add 'mitigations=' support for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [kernel] cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Fix comment (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add mds=full, nosmt cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [documentation] Documentation: Add MDS vulnerability documentation (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [documentation] Documentation: Move L1TF to separate directory (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add sysfs reporting for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add mitigation control for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation: Consolidate CPU whitelists (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/msr-index: Cleanup bit defines (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/speculation: Cast ~SPEC_CTRL_STIBP atomic value to int (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
file (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
- [tools] tools include: Adopt linux/bits.h (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}

[4.18.0-80.1.1_0]
- [zstream] switch to zstream (Frantisek Hrbata)

Package	Affected Version
pkg:rpm/oraclelinux/python3-perf?distro=oraclelinux-8.0	< 4.18.0-80.1.2.el8_0
pkg:rpm/oraclelinux/perf?distro=oraclelinux-8.0	< 4.18.0-80.1.2.el8_0
pkg:rpm/oraclelinux/kernel?distro=oraclelinux-8.0	< 4.18.0-80.1.2.el8_0
pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-8.0	< 4.18.0-80.1.2.el8_0
pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-8.0	< 4.18.0-80.1.2.el8_0
pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-8.0	< 4.18.0-80.1.2.el8_0
pkg:rpm/oraclelinux/kernel-modules?distro=oraclelinux-8.0	< 4.18.0-80.1.2.el8_0
pkg:rpm/oraclelinux/kernel-modules-extra?distro=oraclelinux-8.0	< 4.18.0-80.1.2.el8_0
pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-8.0	< 4.18.0-80.1.2.el8_0
pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-8.0	< 4.18.0-80.1.2.el8_0
pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-8.0	< 4.18.0-80.1.2.el8_0
pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-8.0	< 4.18.0-80.1.2.el8_0
pkg:rpm/oraclelinux/kernel-debug-modules?distro=oraclelinux-8.0	< 4.18.0-80.1.2.el8_0
pkg:rpm/oraclelinux/kernel-debug-modules-extra?distro=oraclelinux-8.0	< 4.18.0-80.1.2.el8_0
pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-8.0	< 4.18.0-80.1.2.el8_0
pkg:rpm/oraclelinux/kernel-debug-core?distro=oraclelinux-8.0	< 4.18.0-80.1.2.el8_0
pkg:rpm/oraclelinux/kernel-cross-headers?distro=oraclelinux-8.0	< 4.18.0-80.1.2.el8_0
pkg:rpm/oraclelinux/kernel-core?distro=oraclelinux-8.0	< 4.18.0-80.1.2.el8_0
pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-8.0	< 4.18.0-80.1.2.el8_0
pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-8.0	< 4.18.0-80.1.2.el8_0

ID

ELSA-2019-1167

Severity

important

URL

https://linux.oracle.com/errata/ELSA-2019-1167.html

Published

2019-07-30T00:00:00
(5 years ago)

Modified

2019-07-30T00:00:00
(5 years ago)

Rights

Other Advisories

Source	# ID	URL
elsa	ELSA-2019-1167	http://linux.oracle.com/errata/ELSA-2019-1167.html
CVE	CVE-2018-12126	http://linux.oracle.com/cve/CVE-2018-12126.html
CVE	CVE-2018-12130	http://linux.oracle.com/cve/CVE-2018-12130.html
CVE	CVE-2018-12127	http://linux.oracle.com/cve/CVE-2018-12127.html
CVE	CVE-2019-11091	http://linux.oracle.com/cve/CVE-2019-11091.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:rpm/oraclelinux/python3-perf?distro=oraclelinux-8.0	oraclelinux	python3-perf	< 4.18.0-80.1.2.el8_0	oraclelinux-8.0
Affected	pkg:rpm/oraclelinux/perf?distro=oraclelinux-8.0	oraclelinux	perf	< 4.18.0-80.1.2.el8_0	oraclelinux-8.0
Affected	pkg:rpm/oraclelinux/kernel?distro=oraclelinux-8.0	oraclelinux	kernel	< 4.18.0-80.1.2.el8_0	oraclelinux-8.0
Affected	pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-8.0	oraclelinux	kernel-tools	< 4.18.0-80.1.2.el8_0	oraclelinux-8.0
Affected	pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-8.0	oraclelinux	kernel-tools-libs	< 4.18.0-80.1.2.el8_0	oraclelinux-8.0
Affected	pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-8.0	oraclelinux	kernel-tools-libs-devel	< 4.18.0-80.1.2.el8_0	oraclelinux-8.0
Affected	pkg:rpm/oraclelinux/kernel-modules?distro=oraclelinux-8.0	oraclelinux	kernel-modules	< 4.18.0-80.1.2.el8_0	oraclelinux-8.0
Affected	pkg:rpm/oraclelinux/kernel-modules-extra?distro=oraclelinux-8.0	oraclelinux	kernel-modules-extra	< 4.18.0-80.1.2.el8_0	oraclelinux-8.0
Affected	pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-8.0	oraclelinux	kernel-headers	< 4.18.0-80.1.2.el8_0	oraclelinux-8.0
Affected	pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-8.0	oraclelinux	kernel-doc	< 4.18.0-80.1.2.el8_0	oraclelinux-8.0
Affected	pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-8.0	oraclelinux	kernel-devel	< 4.18.0-80.1.2.el8_0	oraclelinux-8.0
Affected	pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-8.0	oraclelinux	kernel-debug	< 4.18.0-80.1.2.el8_0	oraclelinux-8.0
Affected	pkg:rpm/oraclelinux/kernel-debug-modules?distro=oraclelinux-8.0	oraclelinux	kernel-debug-modules	< 4.18.0-80.1.2.el8_0	oraclelinux-8.0
Affected	pkg:rpm/oraclelinux/kernel-debug-modules-extra?distro=oraclelinux-8.0	oraclelinux	kernel-debug-modules-extra	< 4.18.0-80.1.2.el8_0	oraclelinux-8.0
Affected	pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-8.0	oraclelinux	kernel-debug-devel	< 4.18.0-80.1.2.el8_0	oraclelinux-8.0
Affected	pkg:rpm/oraclelinux/kernel-debug-core?distro=oraclelinux-8.0	oraclelinux	kernel-debug-core	< 4.18.0-80.1.2.el8_0	oraclelinux-8.0
Affected	pkg:rpm/oraclelinux/kernel-cross-headers?distro=oraclelinux-8.0	oraclelinux	kernel-cross-headers	< 4.18.0-80.1.2.el8_0	oraclelinux-8.0
Affected	pkg:rpm/oraclelinux/kernel-core?distro=oraclelinux-8.0	oraclelinux	kernel-core	< 4.18.0-80.1.2.el8_0	oraclelinux-8.0
Affected	pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-8.0	oraclelinux	kernel-abi-whitelists	< 4.18.0-80.1.2.el8_0	oraclelinux-8.0
Affected	pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-8.0	oraclelinux	bpftool	< 4.18.0-80.1.2.el8_0	oraclelinux-8.0

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date