[ELSA-2019-1479] kernel security and bug fix update
[4.18.0-80.4.2_0.OL8]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
[4.18.0-80.4.2_0]
- [net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Florian Westphal) [1719922 1719923] {CVE-2019-11479}
- [net] tcp: add tcp_min_snd_mss sysctl (Florian Westphal) [1719922 1719923] {CVE-2019-11479}
- [net] tcp: tcp_fragment() should apply sane memory limits (Florian Westphal) [1719857 1719858] {CVE-2019-11478}
- [net] tcp: limit payload size of sacked skbs (Florian Westphal) [1719602 1719603] {CVE-2019-11477}
[4.18.0-80.4.1_0]
- [netdrv] ice: Do autoneg based on VSI state (Jonathan Toppins) [1709433 1687903]
- [arm64] arm64: apply workaround on A64FX v1r0 (Mark Langsdorf) [1700901 1692306]
- [arm64] arm64/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [s390] s390/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [powerpc] powerpc/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [powerpc] powerpc/64: Disable the speculation barrier from the command line (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add 'mitigations=' support for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [kernel] cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Fix comment (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add mds=full, nosmt cmdline option (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [documentation] Documentation: Add MDS vulnerability documentation (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [documentation] Documentation: Move L1TF to separate directory (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add sysfs reporting for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add mitigation control for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation: Consolidate CPU whitelists (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/msr-index: Cleanup bit defines (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/speculation: Cast ~SPEC_CTRL_STIBP atomic value to int (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
file (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
- [tools] tools include: Adopt linux/bits.h (Josh Poimboeuf) [1698809 1698896 1699001 1705836 1690338 1690360 1690351 1705312] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126 CVE-2019-11091}
[4.18.0-80.3.1_0]
- [mm] mm: enforce min addr even if capable() in expand_downwards() (Rafael Aquini) [1708829 1687667] {CVE-2019-9213}
- [powerpc] powerpc/radix: Fix kernel crash with mremap() (Steve Best) [1708617 1674186]
- [powerpc] powerpc/security: Fix spectre_v2 reporting (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc/powernv: Query firmware for count cache flush settings (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc/pseries: Query hypervisor for count cache flush settings (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc/64s: Add support for software count cache flush (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc/64s: Add new security feature flags for count cache flush (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc/asm: Add a patch_site macro & helpers for patching instructions (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc/64: Call setup_barrier_nospec() from setup_arch() (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC (Gustavo Duarte) [1708112 1694456]
- [powerpc] powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (Gustavo Duarte) [1708112 1694456]
- [of] of: __of_detach_node() - remove node from phandle cache (Steve Best) [1708102 1669198]
- [of] of: of_node_get()/of_node_put() nodes held in phandle cache (Steve Best) [1708102 1669198]
- [fs] debugfs: Fix EPERM regression from kernel lockdown check (Lenny Szubowicz) [1708100 1686755]
- [block] nvme: lock NS list changes while handling command effects (David Milburn) [1701140 1672759]
[4.18.0-80.2.1_0]
- [netdrv] qed: Fix qed_mcp_halt|resume() (Manish Chopra) [1704184 1697310]
- [cpufreq] cpufreq: intel_pstate: Also use CPPC nominal_perf for base_frequency (Prarit Bhargava) [1706739 1696131]
- [acpi] ACPI / CPPC: Fix guaranteed performance handling (Prarit Bhargava) [1706739 1696131]
- [arm64] arm64: Add workaround for Fujitsu A64FX erratum 010001 (Mark Langsdorf) [1700902 1666951]
- [s390] vfio_ap: link the vfio_ap devices to the vfio_ap bus subsystem (Cornelia Huck) [1700290 1686044]
- [netdrv] net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames (Alaa Hleihel) [1700289 1651509]
- [netdrv] net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames (Alaa Hleihel) [1700289 1651509]
- [pci] PCI: pciehp: Fix re-enabling the slot marked for safe removal (Myron Stowe) [1700288 1695922]
- ID
- ELSA-2019-1479
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2019-1479.html
- Published
-
2019-07-30T00:00:00
(5 years ago) - Modified
-
2019-07-30T00:00:00
(5 years ago) - Rights
- Copyright 2019 Oracle, Inc.
- Other Advisories
-
- ALAS-2019-1179
- ALAS-2019-1222
- ALAS2-2019-1179
- ALAS2-2019-1222
- ASA-201906-12
- ASA-201906-13
- ASA-201906-14
- ASA-201906-15
- DSA-4465-1
- ELSA-2019-1481
- ELSA-2019-1488
- ELSA-2019-4612
- ELSA-2019-4684
- ELSA-2019-4685
- ELSA-2019-4686
- ELSA-2019-4689
- ELSA-2019-4850
- ELSA-2022-9761
- FEDORA-2019-021c968423
- FEDORA-2019-057d691fd4
- FEDORA-2019-124a241044
- FEDORA-2019-15e141c6a7
- FEDORA-2019-1689d3fe07
- FEDORA-2019-196ab64d65
- FEDORA-2019-41e28660ae
- FEDORA-2019-4c91a2f76e
- FEDORA-2019-6817686c4d
- FEDORA-2019-69c132b061
- FEDORA-2019-6bda4c81f4
- FEDORA-2019-6c3d89b3d0
- FEDORA-2019-7a3fc17778
- FEDORA-2019-7aecfe1c4b
- FEDORA-2019-87e7046631
- FEDORA-2019-8846a1a5a2
- FEDORA-2019-914542e05c
- FEDORA-2019-97380355ae
- FEDORA-2019-9d3fe6fd5b
- FEDORA-2019-a570a92d5a
- FEDORA-2019-a95015e60f
- FEDORA-2019-e3010166bd
- FEDORA-2019-e37c348348
- FEDORA-2020-2a5cdd665c
- FEDORA-2020-c2d89d14d0
- FEDORA-2020-fe00e12580
- openSUSE-SU-2019:1193-1
- openSUSE-SU-2019:1571-1
- openSUSE-SU-2019:1579-1
- RHSA-2019:1479
- RHSA-2019:1480
- RHSA-2019:1481
- RHSA-2019:1486
- RHSA-2019:1488
- SSA:2019-169-01
- SUSE-SU-2019:0645-1
- SUSE-SU-2019:0672-1
- SUSE-SU-2019:0683-1
- SUSE-SU-2019:0709-1
- SUSE-SU-2019:0722-1
- SUSE-SU-2019:0726-1
- SUSE-SU-2019:0740-1
- SUSE-SU-2019:0745-1
- SUSE-SU-2019:0754-1
- SUSE-SU-2019:0761-1
- SUSE-SU-2019:0765-1
- SUSE-SU-2019:0767-1
- SUSE-SU-2019:0784-1
- SUSE-SU-2019:0785-1
- SUSE-SU-2019:0801-1
- SUSE-SU-2019:0828-1
- SUSE-SU-2019:0845-1
- SUSE-SU-2019:0901-1
- SUSE-SU-2019:1289-1
- SUSE-SU-2019:1527-1
- SUSE-SU-2019:1529-1
- SUSE-SU-2019:1530-1
- SUSE-SU-2019:1532-1
- SUSE-SU-2019:1533-1
- SUSE-SU-2019:1534-1
- SUSE-SU-2019:1535-1
- SUSE-SU-2019:1536-1
- SUSE-SU-2019:1550-1
- SUSE-SU-2019:1581-1
- SUSE-SU-2019:1588-1
- SUSE-SU-2019:1668-1
- SUSE-SU-2019:1671-1
- SUSE-SU-2019:1674-1
- SUSE-SU-2019:1692-1
- SUSE-SU-2019:1851-1
- SUSE-SU-2019:1855-1
- SUSE-SU-2019:1882-1
- SUSE-SU-2019:1888-1
- SUSE-SU-2019:1889-1
- SUSE-SU-2019:1924-1
- SUSE-SU-2019:1935-1
- SUSE-SU-2019:1948-1
- SUSE-SU-2019:2069-1
- SUSE-SU-2019:2430-1
- SUSE-SU-2019:2450-1
- SUSE-SU-2019:2658-1
- SUSE-SU-2019:2756-1
- SUSE-SU-2019:2821-1
- SUSE-SU-2019:2950-1
- USN-3930-1
- USN-3930-2
- USN-3931-1
- USN-3931-2
- USN-3932-1
- USN-3932-2
- USN-3933-1
- USN-3933-2
- USN-4017-1
- USN-4017-2
- USN-4041-1
- USN-4041-2
- VMSA-2019-0010.3
- VU:905115
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2019-1479 | http://linux.oracle.com/errata/ELSA-2019-1479.html | |
CVE | CVE-2019-9213 | http://linux.oracle.com/cve/CVE-2019-9213.html | |
CVE | CVE-2019-11479 | http://linux.oracle.com/cve/CVE-2019-11479.html | |
CVE | CVE-2019-11477 | http://linux.oracle.com/cve/CVE-2019-11477.html | |
CVE | CVE-2019-11478 | http://linux.oracle.com/cve/CVE-2019-11478.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python3-perf?distro=oraclelinux-8.0 | oraclelinux | python3-perf | < 4.18.0-80.4.2.el8_0 | oraclelinux-8.0 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-8.0 | oraclelinux | perf | < 4.18.0-80.4.2.el8_0 | oraclelinux-8.0 | ||
Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-8.0 | oraclelinux | kernel | < 4.18.0-80.4.2.el8_0 | oraclelinux-8.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-8.0 | oraclelinux | kernel-tools | < 4.18.0-80.4.2.el8_0 | oraclelinux-8.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-8.0 | oraclelinux | kernel-tools-libs | < 4.18.0-80.4.2.el8_0 | oraclelinux-8.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-8.0 | oraclelinux | kernel-tools-libs-devel | < 4.18.0-80.4.2.el8_0 | oraclelinux-8.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-modules?distro=oraclelinux-8.0 | oraclelinux | kernel-modules | < 4.18.0-80.4.2.el8_0 | oraclelinux-8.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-modules-extra?distro=oraclelinux-8.0 | oraclelinux | kernel-modules-extra | < 4.18.0-80.4.2.el8_0 | oraclelinux-8.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-8.0 | oraclelinux | kernel-headers | < 4.18.0-80.4.2.el8_0 | oraclelinux-8.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-8.0 | oraclelinux | kernel-doc | < 4.18.0-80.4.2.el8_0 | oraclelinux-8.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-8.0 | oraclelinux | kernel-devel | < 4.18.0-80.4.2.el8_0 | oraclelinux-8.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-8.0 | oraclelinux | kernel-debug | < 4.18.0-80.4.2.el8_0 | oraclelinux-8.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-modules?distro=oraclelinux-8.0 | oraclelinux | kernel-debug-modules | < 4.18.0-80.4.2.el8_0 | oraclelinux-8.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-modules-extra?distro=oraclelinux-8.0 | oraclelinux | kernel-debug-modules-extra | < 4.18.0-80.4.2.el8_0 | oraclelinux-8.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-8.0 | oraclelinux | kernel-debug-devel | < 4.18.0-80.4.2.el8_0 | oraclelinux-8.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-core?distro=oraclelinux-8.0 | oraclelinux | kernel-debug-core | < 4.18.0-80.4.2.el8_0 | oraclelinux-8.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-cross-headers?distro=oraclelinux-8.0 | oraclelinux | kernel-cross-headers | < 4.18.0-80.4.2.el8_0 | oraclelinux-8.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-core?distro=oraclelinux-8.0 | oraclelinux | kernel-core | < 4.18.0-80.4.2.el8_0 | oraclelinux-8.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-8.0 | oraclelinux | kernel-abi-whitelists | < 4.18.0-80.4.2.el8_0 | oraclelinux-8.0 | ||
Affected | pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-8.0 | oraclelinux | bpftool | < 4.18.0-80.4.2.el8_0 | oraclelinux-8.0 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |