Oracle Linux 6154 Published by

Updated Linux kernels has been released for Oracle Linux:

ELBA-2018-4212 : Oracle Linux 7 Unbreakable Enterprise kernel bug fix update
ELBA-2018-4212 : Oracle Linux 7 Unbreakable Enterprise kernel bug fix update (aarch64)
ELBA-2018-4212 : Oracle Linux 7 Unbreakable Enterprise kernel bug fix update (updated)
ELSA-2018-4211 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2018-4211 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update



ELBA-2018-4212 : Oracle Linux 7 Unbreakable Enterprise kernel bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-4212

http://linux.oracle.com/errata/ELBA-2018-4212.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-4.14.35-1818.2.1.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-1818.2.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-1818.2.1.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-1818.2.1.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-1818.2.1.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-1818.2.1.el7uek.noarch.rpm


SRPMS:
http://oss.oracle.com/el7uek5/SRPMS-updates/kernel-uek-4.14.35-1818.2.1.el7uek.src.rpm



Description of changes:

[4.14.35-1818.2.1.el7uek]
- CVE-2018-15471 XSA-270 Linux netback driver OOB access in hash
handling (Jan Beulich) [Orabug: 28460239] {CVE-2018-15471}
- x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (Peter
Zijlstra) [Orabug: 28474644]
- sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() in
sym_hipd.c (George Kennedy) [Orabug: 28481892]
- xen-netfront: fix warn message as irq device name has '/' (Xiao Liang)
[Orabug: 28515370]
- xen-netfront: fix queue name setting (Vitaly Kuznetsov) [Orabug:
28515370]
- uek-rpm: Enable MPLS suppoprt (Victor Erminpour) [Orabug: 28550407]
- x86/spectrev2: Don't set mode to SPECTRE_V2_NONE when retpoline is
available. (Boris Ostrovsky) [Orabug: 28544532]

[4.14.35-1818.2.0.el7uek]
- uek-rpm: Show UEK Release Number in RPM summary (Victor Erminpour)
[Orabug: 28328975]
- uek-rpm: aarch64: enable building SHA3 algorithms (Henry Willard)
[Orabug: 28067833]
- uek-rpm: config-debug: Turn off torture testing by default (Knut
Omang) [Orabug: 28261889]
- nfsd: give out fewer session slots as limit approaches (J. Bruce
Fields) [Orabug: 28427496]
- nfsd: increase DRC cache limit (J. Bruce Fields) [Orabug: 28427496]
- scsi: libsas: defer ata device eh commands to libata (Jason Yan)
[Orabug: 28459683] {CVE-2018-10021}
- Fix up non-directory creation in SGID directories (Linus Torvalds)
[Orabug: 28459475] {CVE-2018-13405}
- rds: Avoid compiler warning in ib_send.c (Knut Omang) [Orabug: 28465601]
- uek-rpm: Enable perf stripped binary (Victor Erminpour) [Orabug:
28469291]
- qla2xxx: Update the version to 10.00.00.07-k1. (Giridhar Malavali)
[Orabug: 28497114]
- qla2xxx: Utilize complete local DMA buffer for DIF PI inforamtion.
(Giridhar Malavali) [Orabug: 28497114]
- qla2xxx: Correction to total data segment count when local DMA buffers
used for DIF PI. (Giridhar Malavali) [Orabug: 28497114]
- fuse: don't keep dead fuse_conn at fuse_fill_super(). (Tetsuo Handa)
[Orabug: 28434194]
- fuse: fix control dir setup and teardown (Miklos Szeredi) [Orabug:
28434194]
- fuse: fix congested state leak on aborted connections (Tejun Heo)
[Orabug: 28434194]
- fuse: Allow fully unprivileged mounts (Eric W. Biederman) [Orabug:
28434194]
- fuse: Ensure posix acls are translated outside of init_user_ns (Eric
W. Biederman) [Orabug: 28434194]
- fuse: define the filesystem as untrusted (Mimi Zohar) [Orabug: 28434194]
- ima: fail file signature verification on non-init mounted filesystems
(Mimi Zohar) [Orabug: 28434194]
- fuse: add writeback documentation (Miklos Szeredi) [Orabug: 28434194]
- fuse: honor AT_STATX_FORCE_SYNC (Miklos Szeredi) [Orabug: 28434194]
- fuse: honor AT_STATX_DONT_SYNC (Miklos Szeredi) [Orabug: 28434194]
- fuse: Restrict allow_other to the superblock's namespace or a
descendant (Seth Forshee) [Orabug: 28434194]
- fuse: Support fuse filesystems outside of init_user_ns (Eric W.
Biederman) [Orabug: 28434194]
- fuse: Fail all requests with invalid uids or gids (Eric W. Biederman)
[Orabug: 28434194]
- fuse: Remove the buggy retranslation of pids in fuse_dev_do_read (Eric
W. Biederman) [Orabug: 28434194]
- fuse: return -ECONNABORTED on /dev/fuse read after abort (Szymon
Lukasz) [Orabug: 28434194]
- fuse: atomic_o_trunc should truncate pagecache (Miklos Szeredi)
[Orabug: 28434194]
- fs: fuse: account fuse_inode slab memory as reclaimable (Johannes
Weiner) [Orabug: 28434194]

ELBA-2018-4212 : Oracle Linux 7 Unbreakable Enterprise kernel bug fix update (aarch64)

Oracle Linux Bug Fix Advisory ELBA-2018-4212

http://linux.oracle.com/errata/ELBA-2018-4212.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
kernel-uek-4.14.35-1818.2.1.el7uek.aarch64.rpm
kernel-uek-debug-4.14.35-1818.2.1.el7uek.aarch64.rpm
kernel-uek-debug-devel-4.14.35-1818.2.1.el7uek.aarch64.rpm
kernel-uek-devel-4.14.35-1818.2.1.el7uek.aarch64.rpm
kernel-uek-tools-4.14.35-1818.2.1.el7uek.aarch64.rpm
kernel-uek-tools-libs-4.14.35-1818.2.1.el7uek.aarch64.rpm
kernel-uek-tools-libs-devel-4.14.35-1818.2.1.el7uek.aarch64.rpm
perf-4.14.35-1818.2.1.el7uek.aarch64.rpm
python-perf-4.14.35-1818.2.1.el7uek.aarch64.rpm
kernel-uek-headers-4.14.35-1818.2.1.el7uek.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1818.2.1.el7uek.src.rpm



Description of changes:

[4.14.35-1818.2.1.el7uek]
- CVE-2018-15471 XSA-270 Linux netback driver OOB access in hash
handling (Jan Beulich) [Orabug: 28460239] {CVE-2018-15471}
- x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (Peter
Zijlstra) [Orabug: 28474644]
- sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() in
sym_hipd.c (George Kennedy) [Orabug: 28481892]
- xen-netfront: fix warn message as irq device name has '/' (Xiao Liang)
[Orabug: 28515370]
- xen-netfront: fix queue name setting (Vitaly Kuznetsov) [Orabug:
28515370]
- uek-rpm: Enable MPLS suppoprt (Victor Erminpour) [Orabug: 28550407]
- x86/spectrev2: Don't set mode to SPECTRE_V2_NONE when retpoline is
available. (Boris Ostrovsky) [Orabug: 28544532]

[4.14.35-1818.2.0.el7uek]
- uek-rpm: Show UEK Release Number in RPM summary (Victor Erminpour)
[Orabug: 28328975]
- uek-rpm: aarch64: enable building SHA3 algorithms (Henry Willard)
[Orabug: 28067833]
- uek-rpm: config-debug: Turn off torture testing by default (Knut
Omang) [Orabug: 28261889]
- nfsd: give out fewer session slots as limit approaches (J. Bruce
Fields) [Orabug: 28427496]
- nfsd: increase DRC cache limit (J. Bruce Fields) [Orabug: 28427496]
- scsi: libsas: defer ata device eh commands to libata (Jason Yan)
[Orabug: 28459683] {CVE-2018-10021}
- Fix up non-directory creation in SGID directories (Linus Torvalds)
[Orabug: 28459475] {CVE-2018-13405}
- rds: Avoid compiler warning in ib_send.c (Knut Omang) [Orabug: 28465601]
- uek-rpm: Enable perf stripped binary (Victor Erminpour) [Orabug:
28469291]
- qla2xxx: Update the version to 10.00.00.07-k1. (Giridhar Malavali)
[Orabug: 28497114]
- qla2xxx: Utilize complete local DMA buffer for DIF PI inforamtion.
(Giridhar Malavali) [Orabug: 28497114]
- qla2xxx: Correction to total data segment count when local DMA buffers
used for DIF PI. (Giridhar Malavali) [Orabug: 28497114]
- fuse: don't keep dead fuse_conn at fuse_fill_super(). (Tetsuo Handa)
[Orabug: 28434194]
- fuse: fix control dir setup and teardown (Miklos Szeredi) [Orabug:
28434194]
- fuse: fix congested state leak on aborted connections (Tejun Heo)
[Orabug: 28434194]
- fuse: Allow fully unprivileged mounts (Eric W. Biederman) [Orabug:
28434194]
- fuse: Ensure posix acls are translated outside of init_user_ns (Eric
W. Biederman) [Orabug: 28434194]
- fuse: define the filesystem as untrusted (Mimi Zohar) [Orabug: 28434194]
- ima: fail file signature verification on non-init mounted filesystems
(Mimi Zohar) [Orabug: 28434194]
- fuse: add writeback documentation (Miklos Szeredi) [Orabug: 28434194]
- fuse: honor AT_STATX_FORCE_SYNC (Miklos Szeredi) [Orabug: 28434194]
- fuse: honor AT_STATX_DONT_SYNC (Miklos Szeredi) [Orabug: 28434194]
- fuse: Restrict allow_other to the superblock's namespace or a
descendant (Seth Forshee) [Orabug: 28434194]
- fuse: Support fuse filesystems outside of init_user_ns (Eric W.
Biederman) [Orabug: 28434194]
- fuse: Fail all requests with invalid uids or gids (Eric W. Biederman)
[Orabug: 28434194]
- fuse: Remove the buggy retranslation of pids in fuse_dev_do_read (Eric
W. Biederman) [Orabug: 28434194]
- fuse: return -ECONNABORTED on /dev/fuse read after abort (Szymon
Lukasz) [Orabug: 28434194]
- fuse: atomic_o_trunc should truncate pagecache (Miklos Szeredi)
[Orabug: 28434194]
- fs: fuse: account fuse_inode slab memory as reclaimable (Johannes
Weiner) [Orabug: 28434194]


ELBA-2018-4212 : Oracle Linux 7 Unbreakable Enterprise kernel bug fix update (updated)

Oracle Linux Bug Fix Advisory ELBA-2018-4212

http://linux.oracle.com/errata/ELBA-2018-4212.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-4.14.35-1818.2.1.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-1818.2.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-1818.2.1.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-1818.2.1.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-1818.2.1.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-1818.2.1.el7uek.noarch.rpm


SRPMS:
https://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1818.2.1.el7uek.src.rpm



Description of changes:

Description of changes:

[4.14.35-1818.2.1.el7uek]
- CVE-2018-15471 XSA-270 Linux netback driver OOB access in hash
handling (Jan Beulich) [Orabug: 28460239] {CVE-2018-15471}
- x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (Peter
Zijlstra) [Orabug: 28474644]
- sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() in
sym_hipd.c (George Kennedy) [Orabug: 28481892]
- xen-netfront: fix warn message as irq device name has '/' (Xiao Liang)
[Orabug: 28515370]
- xen-netfront: fix queue name setting (Vitaly Kuznetsov) [Orabug:
28515370]
- uek-rpm: Enable MPLS suppoprt (Victor Erminpour) [Orabug: 28550407]
- x86/spectrev2: Don't set mode to SPECTRE_V2_NONE when retpoline is
available. (Boris Ostrovsky) [Orabug: 28544532]

[4.14.35-1818.2.0.el7uek]
- uek-rpm: Show UEK Release Number in RPM summary (Victor Erminpour)
[Orabug: 28328975]
- uek-rpm: aarch64: enable building SHA3 algorithms (Henry Willard)
[Orabug: 28067833]
- uek-rpm: config-debug: Turn off torture testing by default (Knut
Omang) [Orabug: 28261889]
- nfsd: give out fewer session slots as limit approaches (J. Bruce
Fields) [Orabug: 28427496]
- nfsd: increase DRC cache limit (J. Bruce Fields) [Orabug: 28427496]
- scsi: libsas: defer ata device eh commands to libata (Jason Yan)
[Orabug: 28459683] {CVE-2018-10021}
- Fix up non-directory creation in SGID directories (Linus Torvalds)
[Orabug: 28459475] {CVE-2018-13405}
- rds: Avoid compiler warning in ib_send.c (Knut Omang) [Orabug: 28465601]
- uek-rpm: Enable perf stripped binary (Victor Erminpour) [Orabug:
28469291]
- qla2xxx: Update the version to 10.00.00.07-k1. (Giridhar Malavali)
[Orabug: 28497114]
- qla2xxx: Utilize complete local DMA buffer for DIF PI inforamtion.
(Giridhar Malavali) [Orabug: 28497114]
- qla2xxx: Correction to total data segment count when local DMA buffers
used for DIF PI. (Giridhar Malavali) [Orabug: 28497114]
- fuse: don't keep dead fuse_conn at fuse_fill_super(). (Tetsuo Handa)
[Orabug: 28434194]
- fuse: fix control dir setup and teardown (Miklos Szeredi) [Orabug:
28434194]
- fuse: fix congested state leak on aborted connections (Tejun Heo)
[Orabug: 28434194]
- fuse: Allow fully unprivileged mounts (Eric W. Biederman) [Orabug:
28434194]
- fuse: Ensure posix acls are translated outside of init_user_ns (Eric
W. Biederman) [Orabug: 28434194]
- fuse: define the filesystem as untrusted (Mimi Zohar) [Orabug: 28434194]
- ima: fail file signature verification on non-init mounted filesystems
(Mimi Zohar) [Orabug: 28434194]
- fuse: add writeback documentation (Miklos Szeredi) [Orabug: 28434194]
- fuse: honor AT_STATX_FORCE_SYNC (Miklos Szeredi) [Orabug: 28434194]
- fuse: honor AT_STATX_DONT_SYNC (Miklos Szeredi) [Orabug: 28434194]
- fuse: Restrict allow_other to the superblock's namespace or a
descendant (Seth Forshee) [Orabug: 28434194]
- fuse: Support fuse filesystems outside of init_user_ns (Eric W.
Biederman) [Orabug: 28434194]
- fuse: Fail all requests with invalid uids or gids (Eric W. Biederman)
[Orabug: 28434194]
- fuse: Remove the buggy retranslation of pids in fuse_dev_do_read (Eric
W. Biederman) [Orabug: 28434194]
- fuse: return -ECONNABORTED on /dev/fuse read after abort (Szymon
Lukasz) [Orabug: 28434194]
- fuse: atomic_o_trunc should truncate pagecache (Miklos Szeredi)
[Orabug: 28434194]
- fs: fuse: account fuse_inode slab memory as reclaimable (Johannes
Weiner) [Orabug: 28434194]


ELSA-2018-4211 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2018-4211

http://linux.oracle.com/errata/ELSA-2018-4211.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-firmware-3.8.13-118.24.1.el6uek.noarch.rpm
kernel-uek-doc-3.8.13-118.24.1.el6uek.noarch.rpm
kernel-uek-3.8.13-118.24.1.el6uek.x86_64.rpm
kernel-uek-devel-3.8.13-118.24.1.el6uek.x86_64.rpm
kernel-uek-debug-devel-3.8.13-118.24.1.el6uek.x86_64.rpm
kernel-uek-debug-3.8.13-118.24.1.el6uek.x86_64.rpm
dtrace-modules-3.8.13-118.24.1.el6uek-0.4.5-3.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-3.8.13-118.24.1.el6uek.src.rpm
http://oss.oracle.com/ol6/SRPMS-updates/dtrace-modules-3.8.13-118.24.1.el6uek-0.4.5-3.el6.src.rpm



Description of changes:

kernel-uek
[3.8.13-118.24.1.el6uek]
- mm/mempolicy: fix use after free when calling get_mempolicy (zhong
jiang) [Orabug: 28022108] {CVE-2018-10675}
- Fix up non-directory creation in SGID directories (Linus Torvalds)
[Orabug: 28459478] {CVE-2018-13405}
- ALSA: seq: Make ioctls race-free (Takashi Iwai) [Orabug: 28459729]
{CVE-2018-7566}
- ALSA: seq: Fix racy pool initializations (Takashi Iwai) [Orabug:
28459729] {CVE-2018-7566}
- posix-timer: Properly check sigevent->sigev_notify (Thomas Gleixner)
[Orabug: 28481409] {CVE-2017-18344}

ELSA-2018-4211 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2018-4211

http://linux.oracle.com/errata/ELSA-2018-4211.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-firmware-3.8.13-118.24.1.el7uek.noarch.rpm
kernel-uek-doc-3.8.13-118.24.1.el7uek.noarch.rpm
kernel-uek-3.8.13-118.24.1.el7uek.x86_64.rpm
kernel-uek-devel-3.8.13-118.24.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-3.8.13-118.24.1.el7uek.x86_64.rpm
kernel-uek-debug-3.8.13-118.24.1.el7uek.x86_64.rpm
dtrace-modules-3.8.13-118.24.1.el7uek-0.4.5-3.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-3.8.13-118.24.1.el7uek.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/dtrace-modules-3.8.13-118.24.1.el7uek-0.4.5-3.el7.src.rpm



Description of changes:

kernel-uek
[3.8.13-118.24.1.el7uek]
- mm/mempolicy: fix use after free when calling get_mempolicy (zhong
jiang) [Orabug: 28022108] {CVE-2018-10675}
- Fix up non-directory creation in SGID directories (Linus Torvalds)
[Orabug: 28459478] {CVE-2018-13405}
- ALSA: seq: Make ioctls race-free (Takashi Iwai) [Orabug: 28459729]
{CVE-2018-7566}
- ALSA: seq: Fix racy pool initializations (Takashi Iwai) [Orabug:
28459729] {CVE-2018-7566}
- posix-timer: Properly check sigevent->sigev_notify (Thomas Gleixner)
[Orabug: 28481409] {CVE-2017-18344}