Microcode_CTL/Quagga/Ruby/UEKR2 Updates for Oracle Linux

Oracle Linux Bug Fix Advisory ELBA-2018-4046

http://linux.oracle.com/errata/ELBA-2018-4046.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
microcode_ctl-2.1-22.5.0.5.el7_4.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/microcode_ctl-2.1-22.5.0.5.el7_4.src.rpm



Description of changes:

[2.1-22.5.0.5]
- Update 306f2 (06-3f-02) to rev 0x3c.
- Update 406f1 (06-4f-01) to rev 0xb00002a.

[2.1-22.5.0.4]
- Update 50654 (06-55-04) to rev 0x2000043.

[2.1-22.5.0.3]
- Revert Intel 20180108 microcode for CPUIDs: {CVE-2017-5715}
306c3 (06-3c-03 rev 0x23, Haswell);
306d4 (06-3d-04 rev 0x28, Broadwell);
306f2 (06-3f-02 rev 0x3b, Haswell);
306f4 (06-3f-04 rev 0x10, Haswell);
306e4 (06-3e-04 rev 0x42a, Ivy Bridge);
40651 (06-45-01 rev 0x21, Haswell);
40661 (06-46-01 rev 0x18, Haswell);
40671 (06-47-01 rev 0x1b, Broadwell);
406e3 (06-4e-03 rev 0xc2, Skylake);
406f1 (06-4f-01 rev 0xb000025, Broadwell);
50654 (06-55-04 rev 0x200003c, Skylake);
50662 (06-56-02 rev 0x14, Broadwell);
50663 (06-56-03 rev 0x7000011, Broadwell);
506e3 (06-5e-03 rev 0xc2, Skylake);
706a1 (06-7a-01 rev 0x22);
806e9 (06-8e-09 rev 0x80, Kaby Lake);
806ea (06-8e-0a rev 0x80);
906e9 (06-9e-09 rev 0x80, Kaby Lake)
906ea (06-9e-0a rev 0x80);
906eb (06-9e-0b rev 0x80)

[2.1-22.5.0.2]
- Add updated Intel 20180108 microcode for CPUIDs: {CVE-2017-5715}
306c3 (06-3c-03 rev 0x23, Haswell);
306d4 (06-3d-04 rev 0x28, Broadwell);
306f2 (06-3f-02 rev 0x3b, Haswell);
306f4 (06-3f-04 rev 0x10, Haswell);
306e4 (06-3e-04 rev 0x42a, Ivy Bridge);
40651 (06-45-01 rev 0x21, Haswell);
40661 (06-46-01 rev 0x18, Haswell);
40671 (06-47-01 rev 0x1b, Broadwell);
406e3 (06-4e-03 rev 0xc2, Skylake);
406f1 (06-4f-01 rev 0xb000025, Broadwell);
50654 (06-55-04 rev 0x200003c, Skylake);
50662 (06-56-02 rev 0x14, Broadwell);
50663 (06-56-03 rev 0x7000011, Broadwell);
506e3 (06-5e-03 rev 0xc2, Skylake);
706a1 (06-7a-01 rev 0x22);
806e9 (06-8e-09 rev 0x80, Kaby Lake);
806ea (06-8e-0a rev 0x80);
906e9 (06-9e-09 rev 0x80, Kaby Lake)
906ea (06-9e-0a rev 0x80);
906eb (06-9e-0b rev 0x80)

Oracle Linux Bug Fix Advisory ELBA-2018-4047

http://linux.oracle.com/errata/ELBA-2018-4047.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
microcode_ctl-1.17-25.4.0.4.el6_9.i686.rpm

x86_64:
microcode_ctl-1.17-25.4.0.4.el6_9.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/microcode_ctl-1.17-25.4.0.4.el6_9.src.rpm



Description of changes:

[1:1.17-25.4.0.4]
- Enable early microcode load to allow updating Broadwell model 79
- Make sure "modprobe microcode" is not executed on Broadwell model 79
- Run dracut upon microcode update
- Update 306f2 (06-3f-02) to rev 0x3c.
- Update 406f1 (06-4f-01) to rev 0xb00002a.

[1:1.17-25.4.0.3]
- Update 50654 (06-55-04) to rev 0x2000043.

[1:1.17-25.4.0.2]
- Revert: early microcode load to allow updating Broadwell model 79
- Revert: Make sure "modprobe microcode" is not executed on Broadwell
model 79
- Revert: Run dracut upon microcode update
- Revert updated Intel 20180108 microcode for CPUIDs: {CVE-2017-5715}
306c3 (06-3c-03 rev 0x23, Haswell);
306d4 (06-3d-04 rev 0x28, Broadwell);
306f2 (06-3f-02 rev 0x3b, Haswell);
306f4 (06-3f-04 rev 0x10, Haswell);
306e4 (06-3e-04 rev 0x42a, Ivy Bridge);
40651 (06-45-01 rev 0x21, Haswell);
40661 (06-46-01 rev 0x18, Haswell);
40671 (06-47-01 rev 0x1b, Broadwell);
406e3 (06-4e-03 rev 0xc2, Skylake);
406f1 (06-4f-01 rev 0xb000025, Broadwell);
50654 (06-55-04 rev 0x200003c, Skylake);
50662 (06-56-02 rev 0x14, Broadwell);
50663 (06-56-03 rev 0x7000011, Broadwell);
506e3 (06-5e-03 rev 0xc2, Skylake);
706a1 (06-7a-01 rev 0x22);
806e9 (06-8e-09 rev 0x80, Kaby Lake);
806ea (06-8e-0a rev 0x80);
906e9 (06-9e-09 rev 0x80, Kaby Lake)
906ea (06-9e-0a rev 0x80);
906eb (06-9e-0b rev 0x80)

[1:1.17-25.4.0.1]
- Enable early microcode load to allow updating Broadwell model 79
- Make sure "modprobe microcode" is not executed on Broadwell model 79
- Run dracut upon microcode update
- Add updated Intel 20180108 microcode for CPUIDs: {CVE-2017-5715}
306c3 (06-3c-03 rev 0x23, Haswell);
306d4 (06-3d-04 rev 0x28, Broadwell);
306f2 (06-3f-02 rev 0x3b, Haswell);
306f4 (06-3f-04 rev 0x10, Haswell);
306e4 (06-3e-04 rev 0x42a, Ivy Bridge);
40651 (06-45-01 rev 0x21, Haswell);
40661 (06-46-01 rev 0x18, Haswell);
40671 (06-47-01 rev 0x1b, Broadwell);
406e3 (06-4e-03 rev 0xc2, Skylake);
406f1 (06-4f-01 rev 0xb000025, Broadwell);
50654 (06-55-04 rev 0x200003c, Skylake);
50662 (06-56-02 rev 0x14, Broadwell);
50663 (06-56-03 rev 0x7000011, Broadwell);
506e3 (06-5e-03 rev 0xc2, Skylake);
706a1 (06-7a-01 rev 0x22);
806e9 (06-8e-09 rev 0x80, Kaby Lake);
806ea (06-8e-0a rev 0x80);
906e9 (06-9e-09 rev 0x80, Kaby Lake)
906ea (06-9e-0a rev 0x80);
906eb (06-9e-0b rev 0x80)

Oracle Linux Security Advisory ELSA-2018-0377

http://linux.oracle.com/errata/ELSA-2018-0377.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
quagga-0.99.22.4-5.el7_4.i686.rpm
quagga-0.99.22.4-5.el7_4.x86_64.rpm
quagga-contrib-0.99.22.4-5.el7_4.x86_64.rpm
quagga-devel-0.99.22.4-5.el7_4.i686.rpm
quagga-devel-0.99.22.4-5.el7_4.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/quagga-0.99.22.4-5.el7_4.src.rpm



Description of changes:

[0.99.22.4-5]
- Fixed CVE-2018-5379 - Double free vulnerability in bgpd when processing
certain forms of UPDATE message allowing to crash or potentially execute
arbitrary code
- Resolves: rhbz#1546015

Oracle Linux Security Advisory ELSA-2018-0378

http://linux.oracle.com/errata/ELSA-2018-0378.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
ruby-2.0.0.648-33.el7_4.x86_64.rpm
ruby-devel-2.0.0.648-33.el7_4.x86_64.rpm
ruby-doc-2.0.0.648-33.el7_4.noarch.rpm
ruby-irb-2.0.0.648-33.el7_4.noarch.rpm
ruby-libs-2.0.0.648-33.el7_4.i686.rpm
ruby-libs-2.0.0.648-33.el7_4.x86_64.rpm
ruby-tcltk-2.0.0.648-33.el7_4.x86_64.rpm
rubygem-bigdecimal-1.2.0-33.el7_4.x86_64.rpm
rubygem-io-console-0.4.2-33.el7_4.x86_64.rpm
rubygem-json-1.7.7-33.el7_4.x86_64.rpm
rubygem-minitest-4.3.2-33.el7_4.noarch.rpm
rubygem-psych-2.0.0-33.el7_4.x86_64.rpm
rubygem-rake-0.9.6-33.el7_4.noarch.rpm
rubygem-rdoc-4.0.0-33.el7_4.noarch.rpm
rubygems-2.0.14.1-33.el7_4.noarch.rpm
rubygems-devel-2.0.14.1-33.el7_4.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/ruby-2.0.0.648-33.el7_4.src.rpm



Description of changes:

[2.0.0.648-33]
- Fix always passing WEBrick test.

[2.0.0.648-32]
- Add Psych.safe_load
* ruby-2.1.0-there-should-be-only-one-exception.patch
* ruby-2.1.0-Adding-Psych.safe_load.patch
Related: CVE-2017-0903
- Disable Tokyo TZ tests broken by recen tzdata update.
* ruby-2.5.0-Disable-Tokyo-TZ-tests.patch
Related: CVE-2017-0903

[2.0.0.648-31]
- Fix unsafe object deserialization in RubyGems (CVE-2017-0903).
* ruby-2.4.3-CVE-2017-0903-Fix-unsafe-object-deserialization
-vulnerability.patch
Resolves: CVE-2017-0903
- Fix an ANSI escape sequence vulnerability (CVE-2017-0899).
Resolves: CVE-2017-0899
- Fix a DOS vulernerability in the query command (CVE-2017-0900).
Resolves: CVE-2017-0900
- Fix a vulnerability in the gem installer that allowed a malicious gem
to overwrite arbitrary files (CVE-2017-0901).
Resolves: CVE-2017-0901
- Fix a DNS request hijacking vulnerability (CVE-2017-0902).
* ruby-2.2.8-lib-rubygems-fix-several-vulnerabilities-in-RubyGems.patch
Resolves: CVE-2017-0902
- Fix buffer underrun vulnerability in Kernel.sprintf (CVE-2017-0898).
* ruby-2.2.8-Buffer-underrun-vulnerability-in-Kernel.sprintf.patch
Resolves: CVE-2017-0898
- Escape sequence injection vulnerability in the Basic
authentication of WEBrick (CVE-2017-10784).
* ruby-2.2.8-sanitize-any-type-of-logs.patch
Resolves: CVE-2017-10784
- Arbitrary heap exposure during a JSON.generate call (CVE-2017-14064).
*
ruby-2.2.8-Fix-arbitrary-heap-exposure-during-a-JSON.generate-call.patch
Resolves: CVE-2017-14064
- Command injection vulnerability in Net::FTP (CVE-2017-17405).
* ruby-2.2.9-Fix-a-command-injection-vulnerability-in-Net-FTP.patch
Resolves: CVE-2017-17405
- Buffer underrun in OpenSSL ASN1 decode (CVE-2017-14033).
*
ruby-2.2.8-asn1-fix-out-of-bounds-read-in-decoding-constructed-objects.patch
Resolves: CVE-2017-14033
- Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code
execution(CVE-2017-17790).
* ruby-2.5.0-Fixed-command-Injection.patch
Resolves: CVE-2017-17790

Synopsis: ELSA-2018-4041 can now be patched using Ksplice
CVEs: CVE-2017-14106 CVE-2017-16529 CVE-2017-16531 CVE-2017-2647 CVE-2017-7482 CVE-2017-8824

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4041.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR2 2.6.39 on
OL5 and OL6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-8824: Privileges escalation when calling connect() system call on a DCCP socket.

A missing free when calling connect() system call on a DCCP socket while it is
in DCCP_LISTEN state could lead to a use-after-free. A local attacker
could use this flaw to escalate privileges.


* CVE-2017-16531: Out-of-bounds access in USB configuration parsing.

A failure to correctly validate a USB interface association description
can result in an out-of-bounds memory access.


* CVE-2017-16529: Out-of-bounds due to corrupted buffer parsing in USB audio.

A failure to validate buffer descriptors from a USB audio device can
result in an out-of-bounds memory access.


* Use-after-free in USB serial console setup failure.

A failure to handle an error case during USB serial console setup can lead to
a use-after-free.


* NULL pointer dereference when listing connected NFS clients.

When listing connected NFS clients, the RPC client object pointer is
dereferenced without checking the status of the client. If the client is
uninitialized, the pointer may be NULL, causing a NULL pointer
dereference and denial-of-service.


* Data corruption when trimming OCFS2 filesystem.

A bug in the implementation of FITRIM ioctl in OCFS2 could result in
data corruption when trimming the filesystem. The resulting corruption
cannot be fixed using fsck.


* CVE-2017-7482: Memory corruption when decoding Keberos 5 ticket.

A boundary condition error when decoding Keberos 5 tickets using the
RXRPC keys leads to local buffer overflow. This could lead to memory
corruption and possible privilege escalation.


* CVE-2017-14106: Divide-by-zero on TCP disconnect.

A missing initialization of the TCP Maximum Segment Size (MSS) to the
minimum authorized MSS value could lead to a division by zero on TCP
disconnect. A local user could use this flaw to cause a denial-of-service.


* Updated fix for CVE-2017-2647: Denial-of-service when invoking request_key() syscall.

A missing check in request_key() syscall could lead to a NULL pointer
dereference. A local unprivileged user could use this flaw to cause a
denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.