Oracle Linux 6149 Published by

The following updates has been released for Oracle Linux:

ELSA-2018-1700 Important: Oracle Linux 7 procps-ng security update
ELSA-2018-4114 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2018-4114 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update



ELSA-2018-1700 Important: Oracle Linux 7 procps-ng security update

Oracle Linux Security Advisory ELSA-2018-1700

http://linux.oracle.com/errata/ELSA-2018-1700.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
procps-ng-3.3.10-17.el7_5.2.i686.rpm
procps-ng-3.3.10-17.el7_5.2.x86_64.rpm
procps-ng-devel-3.3.10-17.el7_5.2.i686.rpm
procps-ng-devel-3.3.10-17.el7_5.2.x86_64.rpm
procps-ng-i18n-3.3.10-17.el7_5.2.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/procps-ng-3.3.10-17.el7_5.2.src.rpm



Description of changes:

[3.3.10-17.el7_5.2]
- check for truncation after calling snprintf()
- Related: CVE-2018-1124

[3.3.10-17.el7_5.1]
- fix integer overflows leading to heap overflow in file2strvec()
- Resolves: CVE-2018-1124

ELSA-2018-4114 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2018-4114

http://linux.oracle.com/errata/ELSA-2018-4114.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-4.1.12-124.15.2.el6uek.x86_64.rpm
kernel-uek-doc-4.1.12-124.15.2.el6uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.15.2.el6uek.noarch.rpm
kernel-uek-devel-4.1.12-124.15.2.el6uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.15.2.el6uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.15.2.el6uek.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-4.1.12-124.15.2.el6uek.src.rpm



Description of changes:

[4.1.12-124.15.2.el6uek]
- KVM: SVM: Move spec control call after restore of GS (Thomas Gleixner)
{CVE-2018-3639}
- x86/bugs: Fix the parameters alignment and missing void (Konrad
Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Make cpu_show_common() static (Jiri Kosina) {CVE-2018-3639}
- x86/bugs: Fix __ssb_select_mitigation() return type (Jiri Kosina)
{CVE-2018-3639}
- Documentation/spec_ctrl: Do some minor cleanups (Borislav Petkov)
{CVE-2018-3639}
- proc: Use underscores for SSBD in 'status' (Konrad Rzeszutek Wilk)
{CVE-2018-3639}
- x86/bugs: Rename _RDS to _SSBD (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/speculation: Make "seccomp" the default mode for Speculative Store
Bypass (Kees Cook) {CVE-2018-3639}
- seccomp: Move speculation migitation control to arch code (Thomas
Gleixner) {CVE-2018-3639}
- seccomp: Add filter flag to opt-out of SSB mitigation (Kees Cook)
{CVE-2018-3639}
- seccomp: Use PR_SPEC_FORCE_DISABLE (Thomas Gleixner) {CVE-2018-3639}
- prctl: Add force disable speculation (Konrad Rzeszutek Wilk)
{CVE-2018-3639}
- seccomp: Enable speculation flaw mitigations (Kees Cook) {CVE-2018-3639}
- proc: Provide details on speculation flaw mitigations (Kees Cook)
{CVE-2018-3639}
- nospec: Allow getting/setting on non-current task (Kees Cook)
{CVE-2018-3639}
- x86/bugs/IBRS: Disable SSB (RDS) if IBRS is sslected for spectre_v2.
(Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
(Thomas Gleixner) {CVE-2018-3639}
- x86: thread_info.h: move RDS from index 5 to 23 (Mihai Carabas)
{CVE-2018-3639}
- x86/process: Allow runtime control of Speculative Store Bypass (Thomas
Gleixner) {CVE-2018-3639}
- prctl: Add speculation control prctls (Thomas Gleixner) {CVE-2018-3639}
- x86/speculation: Create spec-ctrl.h to avoid include hell (Thomas
Gleixner) {CVE-2018-3639}
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest (Konrad Rzeszutek
Wilk) {CVE-2018-3639}
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
requested (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values (Konrad Rzeszutek
Wilk) {CVE-2018-3639}
- x86/bugs/intel: Set proper CPU features and setup RDS (Konrad
Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
mitigation (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/cpufeatures: Add X86_FEATURE_RDS (Konrad Rzeszutek Wilk)
{CVE-2018-3639}
- x86/bugs: Expose /sys/../spec_store_bypass (Konrad Rzeszutek Wilk)
{CVE-2018-3639}
- x86/cpu/intel: Add Knights Mill to Intel family (Piotr Luc)
{CVE-2018-3639}
- x86/cpu: Rename Merrifield2 to Moorefield (Andy Shevchenko)
{CVE-2018-3639}
- x86/bugs, KVM: Support the combination of guest and host IBRS (Konrad
Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs/IBRS: Warn if IBRS is enabled during boot. (Konrad Rzeszutek
Wilk) {CVE-2018-3639}
- x86/bugs/IBRS: Use variable instead of defines for enabling IBRS
(Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
(Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Concentrate bug reporting into a separate function (Konrad
Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Concentrate bug detection into a separate function (Konrad
Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs/IBRS: Turn on IBRS in spectre_v2_select_mitigation (Konrad
Rzeszutek Wilk) {CVE-2018-3639}
- x86/msr: Add SPEC_CTRL_IBRS.. (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- scsi: libfc: Revisit kref handling (Hannes Reinecke)
- scsi: libfc: reset exchange manager during LOGO handling (Hannes
Reinecke)
- scsi: libfc: send LOGO for PLOGI failure (Hannes Reinecke)
- scsi: libfc: Issue PRLI after a PRLO has been received (Hannes Reinecke)
- libfc: Update rport reference counting (Hannes Reinecke)
- amd/kvm: do not intercept new MSRs for spectre v2 mitigation (Elena
Ufimtseva)
- RDS: null pointer dereference in rds_atomic_free_op (Mohamed Ghannam)
[Orabug: 27422832] {CVE-2018-5333}
- ACPI: sbshc: remove raw pointer from printk() message (Greg
Kroah-Hartman) [Orabug: 27501257] {CVE-2018-5750}
- futex: Prevent overflow by strengthen input validation (Li Jinyue)
[Orabug: 27539548] {CVE-2018-6927}
- net: ipv4: add support for ECMP hash policy choice (Venkat
Venkatsubra) [Orabug: 27547114]
- net: ipv4: Consider failed nexthops in multipath routes (David Ahern)
[Orabug: 27547114]
- ipv4: L3 hash-based multipath (Peter Nørlund) [Orabug: 27547114]
- dm: fix race between dm_get_from_kobject() and __dm_destroy() (Hou
Tao) [Orabug: 27677556] {CVE-2017-18203}
- NFS: only invalidate dentrys that are clearly invalid. (NeilBrown)
[Orabug: 27870824]
- net: Improve handling of failures on link and route dumps (David
Ahern) [Orabug: 27959177]
- mm/mempolicy: fix use after free when calling get_mempolicy (zhong
jiang) [Orabug: 27963519] {CVE-2018-10675}
- drm: udl: Properly check framebuffer mmap offsets (Greg Kroah-Hartman)
[Orabug: 27963530] {CVE-2018-8781}
- xfs: set format back to extents if xfs_bmap_extents_to_btree (Eric
Sandeen) [Orabug: 27963576] {CVE-2018-10323}
- Revert "mlx4: change the ICM table allocations to lowest needed size"
(Håkon Bugge) [Orabug: 27980030]
- Bluetooth: Prevent stack info leak from the EFS element. (Ben Seri)
[Orabug: 28030514] {CVE-2017-1000410} {CVE-2017-1000410}

ELSA-2018-4114 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2018-4114

http://linux.oracle.com/errata/ELSA-2018-4114.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.15.2.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.15.2.el7uek.noarch.rpm
kernel-uek-4.1.12-124.15.2.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.15.2.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.15.2.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.15.2.el7uek.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.1.12-124.15.2.el7uek.src.rpm



Description of changes:
[4.1.12-124.15.2.el7uek]
- KVM: SVM: Move spec control call after restore of GS (Thomas Gleixner)
{CVE-2018-3639}
- x86/bugs: Fix the parameters alignment and missing void (Konrad
Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Make cpu_show_common() static (Jiri Kosina) {CVE-2018-3639}
- x86/bugs: Fix __ssb_select_mitigation() return type (Jiri Kosina)
{CVE-2018-3639}
- Documentation/spec_ctrl: Do some minor cleanups (Borislav Petkov)
{CVE-2018-3639}
- proc: Use underscores for SSBD in 'status' (Konrad Rzeszutek Wilk)
{CVE-2018-3639}
- x86/bugs: Rename _RDS to _SSBD (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/speculation: Make "seccomp" the default mode for Speculative Store
Bypass (Kees Cook) {CVE-2018-3639}
- seccomp: Move speculation migitation control to arch code (Thomas
Gleixner) {CVE-2018-3639}
- seccomp: Add filter flag to opt-out of SSB mitigation (Kees Cook)
{CVE-2018-3639}
- seccomp: Use PR_SPEC_FORCE_DISABLE (Thomas Gleixner) {CVE-2018-3639}
- prctl: Add force disable speculation (Konrad Rzeszutek Wilk)
{CVE-2018-3639}
- seccomp: Enable speculation flaw mitigations (Kees Cook) {CVE-2018-3639}
- proc: Provide details on speculation flaw mitigations (Kees Cook)
{CVE-2018-3639}
- nospec: Allow getting/setting on non-current task (Kees Cook)
{CVE-2018-3639}
- x86/bugs/IBRS: Disable SSB (RDS) if IBRS is sslected for spectre_v2.
(Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
(Thomas Gleixner) {CVE-2018-3639}
- x86: thread_info.h: move RDS from index 5 to 23 (Mihai Carabas)
{CVE-2018-3639}
- x86/process: Allow runtime control of Speculative Store Bypass (Thomas
Gleixner) {CVE-2018-3639}
- prctl: Add speculation control prctls (Thomas Gleixner) {CVE-2018-3639}
- x86/speculation: Create spec-ctrl.h to avoid include hell (Thomas
Gleixner) {CVE-2018-3639}
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest (Konrad Rzeszutek
Wilk) {CVE-2018-3639}
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
requested (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values (Konrad Rzeszutek
Wilk) {CVE-2018-3639}
- x86/bugs/intel: Set proper CPU features and setup RDS (Konrad
Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
mitigation (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/cpufeatures: Add X86_FEATURE_RDS (Konrad Rzeszutek Wilk)
{CVE-2018-3639}
- x86/bugs: Expose /sys/../spec_store_bypass (Konrad Rzeszutek Wilk)
{CVE-2018-3639}
- x86/cpu/intel: Add Knights Mill to Intel family (Piotr Luc)
{CVE-2018-3639}
- x86/cpu: Rename Merrifield2 to Moorefield (Andy Shevchenko)
{CVE-2018-3639}
- x86/bugs, KVM: Support the combination of guest and host IBRS (Konrad
Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs/IBRS: Warn if IBRS is enabled during boot. (Konrad Rzeszutek
Wilk) {CVE-2018-3639}
- x86/bugs/IBRS: Use variable instead of defines for enabling IBRS
(Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
(Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Concentrate bug reporting into a separate function (Konrad
Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Concentrate bug detection into a separate function (Konrad
Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs/IBRS: Turn on IBRS in spectre_v2_select_mitigation (Konrad
Rzeszutek Wilk) {CVE-2018-3639}
- x86/msr: Add SPEC_CTRL_IBRS.. (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- scsi: libfc: Revisit kref handling (Hannes Reinecke)
- scsi: libfc: reset exchange manager during LOGO handling (Hannes
Reinecke)
- scsi: libfc: send LOGO for PLOGI failure (Hannes Reinecke)
- scsi: libfc: Issue PRLI after a PRLO has been received (Hannes Reinecke)
- libfc: Update rport reference counting (Hannes Reinecke)
- amd/kvm: do not intercept new MSRs for spectre v2 mitigation (Elena
Ufimtseva)
- RDS: null pointer dereference in rds_atomic_free_op (Mohamed Ghannam)
[Orabug: 27422832] {CVE-2018-5333}
- ACPI: sbshc: remove raw pointer from printk() message (Greg
Kroah-Hartman) [Orabug: 27501257] {CVE-2018-5750}
- futex: Prevent overflow by strengthen input validation (Li Jinyue)
[Orabug: 27539548] {CVE-2018-6927}
- net: ipv4: add support for ECMP hash policy choice (Venkat
Venkatsubra) [Orabug: 27547114]
- net: ipv4: Consider failed nexthops in multipath routes (David Ahern)
[Orabug: 27547114]
- ipv4: L3 hash-based multipath (Peter Nørlund) [Orabug: 27547114]
- dm: fix race between dm_get_from_kobject() and __dm_destroy() (Hou
Tao) [Orabug: 27677556] {CVE-2017-18203}
- NFS: only invalidate dentrys that are clearly invalid. (NeilBrown)
[Orabug: 27870824]
- net: Improve handling of failures on link and route dumps (David
Ahern) [Orabug: 27959177]
- mm/mempolicy: fix use after free when calling get_mempolicy (zhong
jiang) [Orabug: 27963519] {CVE-2018-10675}
- drm: udl: Properly check framebuffer mmap offsets (Greg Kroah-Hartman)
[Orabug: 27963530] {CVE-2018-8781}
- xfs: set format back to extents if xfs_bmap_extents_to_btree (Eric
Sandeen) [Orabug: 27963576] {CVE-2018-10323}
- Revert "mlx4: change the ICM table allocations to lowest needed size"
(Håkon Bugge) [Orabug: 27980030]
- Bluetooth: Prevent stack info leak from the EFS element. (Ben Seri)
[Orabug: 28030514] {CVE-2017-1000410} {CVE-2017-1000410}