Linux Compatible
  • News
    • Channels
    • Archive
    • Search
    • Submit
  • Articles
    • Categories
  • Knowledgebase
  • Compatibility
    • Search
  • Links
  • Forums
  • Twitter
Advertisement

Latest News
[ Windows | Linux | Apple ]

· Adrenalin Software Edition 19.2.2 Driver Performance Analysis using the Red Devil RX 590 and more
· GNOME 3.32 Beta 2 released
· Ghostscript Regression Update for Ubuntu
· Kmod-redhat-lpfc BugFix Update for CentOS 7
· Kmod Updates for Oracle Linux
· Crucial BX500 960GB SATA SSD Review and more
· Windows 10 Insider Preview Build 18342 released
· GDM Security Update for Ubuntu 18.04/18.10
· Kmod, SystemD, Firefox, Flatpak Updates for CentOS
· ADATA XPG SX8200 PRO 512GB NVMe SSD: Best Performance at Affordable Price and more

Linux Compatibility
· Brother DCP-L2540DN
· Sound Blaster E5
· WD Elements 500GB external hard drive
· Canon D660U Flatbad scanner
· Umax Astra 4500 USB Scanner
· Logitech QuickCam Pro 4000
· Dell Latitude E6420
· Creative Sound Blaster Z
· Photosmart 5520
· TB-5300 Slimline Design Tablet

New Forum Topics
· Dale
by: Dale Blinco
on: 2018-02-05 00:26
1 replies, 4033 views

· modem driver needed
by: jongiffen777
on: 2017-12-13 11:11
1 replies, 5771 views

· Need a decent browser for XP Pro!
by: percy
on: 2017-12-05 11:02
2 replies, 7177 views

· Comodo Time Machine + Faronics Deep Freeze
by: Jabberwocky
on: 2017-11-15 23:17
1 replies, 5696 views

· Linux compatablity
by: ibme
on: 2017-10-04 18:05
1 replies, 7633 views

News Channels
· Drivers
· Guides
· Reviews
· Security
· Software
· Press Release
· Updates
· Interviews
· Linux
· General
· Debian
· Red Hat
· Slackware
· Gentoo
· Mandriva
· White Box
· SUSE
· GNOME
· KDE
· CentOS
· Ubuntu
· MEPIS
· Android
· Oracle Linux
· Arch Linux

What's New
Login to see an overview of all news stories since your last visit.

Welcome to our website

To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.

Linux Compatible » News » February 2018 » Unbreakable Enterprise Kernel Security Update for Oracle Linux

Unbreakable Enterprise Kernel Security Update for Oracle Linux

Posted by Philipp Esselbach on: 02/08/2018 09:49 AM [ Print | 0 comment(s) ]

Oracle has released an updated Kernel for both Oracle Linux 6 and 7:

ELSA-2018-4025 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2018-4025 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update




ELSA-2018-4025 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2018-4025

http://linux.oracle.com/errata/ELSA-2018-4025.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-112.14.14.el6uek.noarch.rpm
kernel-uek-firmware-4.1.12-112.14.14.el6uek.noarch.rpm
kernel-uek-4.1.12-112.14.14.el6uek.x86_64.rpm
kernel-uek-devel-4.1.12-112.14.14.el6uek.x86_64.rpm
kernel-uek-debug-4.1.12-112.14.14.el6uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-112.14.14.el6uek.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-4.1.12-112.14.14.el6uek.src.rpm



Description of changes:

[4.1.12-112.14.14.el6uek]
- drivers/char/mem.c: deny access in open operation when securelevel is
set (Ethan Zhao) [Orabug: 27234850] [Orabug: 27234850]
- hugetlb: fix nr_pmds accounting with shared page tables (Kirill A.
Shutemov) [Orabug: 26988581]
- x86/IBRS: Drop unnecessary WRITE_ONCE (Boris Ostrovsky) [Orabug:
27416198]
- x86/IBRS: Don't try to change IBRS mode if IBRS is not available
(Boris Ostrovsky) [Orabug: 27416198]
- x86/IBRS: Remove support for IBRS_ENABLED_USER mode (Boris Ostrovsky)
[Orabug: 27416198]
- x86: Include linux/device.h in bugs_64.c (Boris Ostrovsky) [Orabug:
27418896]
- x86/spectre: Drop the warning about ibrs being obsolete. (Konrad
Rzeszutek Wilk)
- x86/spec: Don't print the Missing arguments for option spectre_v2.
(Konrad Rzeszutek Wilk)
- x86/spec: Also print IBRS if IBPB is disabled. (Konrad Rzeszutek Wilk)
- x86/IBPB: Provide debugfs interface for changing IBPB mode (Boris
Ostrovsky) [Orabug: 27449065]
- xen: Make PV Dom0 Linux kernel NUMA aware (Elena Ufimtseva)
- net/rds: Fix incorrect error handling (HÃ¥kon Bugge) [Orabug: 26848729]
- net/rds: use multiple sge than buddy allocation in congestion code
(Wei Lin Guay) [Orabug: 26848729]
- Revert "RDS: fix the sg allocation based on actual message size" (Wei
Lin Guay) [Orabug: 26848729]
- Revert "RDS: avoid large pages for sg allocation for TCP transport"
(Wei Lin Guay) [Orabug: 26848729]
- Revert "net/rds: Reduce memory footprint in rds_sendmsg" (Wei Lin
Guay) [Orabug: 26848729]
- net/rds: reduce memory footprint during ib_post_recv in IB transport
(Wei Lin Guay) [Orabug: 26848729]
- net/rds: reduce memory footprint during rds_sendmsg with IB transport
(Wei Lin Guay) [Orabug: 26848729]
- net/rds: set the rds_ib_init_frag based on supported sge (Wei Lin
Guay) [Orabug: 26848729]
- bnxt_en: Fix possible corrupted NVRAM parameters from firmware
response. (Michael Chan) [Orabug: 27199588]
- x86, kasan: Fix build failure on KASAN=y && KMEMCHECK=y kernels
(Andrey Ryabinin) [Orabug: 27255122]
- x86, efi, kasan: Fix build failure on !KASAN && KMEMCHECK=y kernels
(Andrey Ryabinin) [Orabug: 27255122]
- x86, efi, kasan: #undef memset/memcpy/memmove per arch (Andrey
Ryabinin) [Orabug: 27255122]
- Revert "Makefile: Build with -Werror?te-time if the compiler
supports it" (Gayatri Vasudevan) [Orabug: 27255122]
- dccp: CVE-2017-8824: use-after-free in DCCP code (Mohamed Ghannam)
[Orabug: 27290300] {CVE-2017-8824}
- x86/efi: Initialize and display UEFI secure boot state a bit later
during init (Daniel Kiper) [Orabug: 27309477]
- x86/espfix: Init espfix on the boot CPU side (Zhu Guihua) [Orabug:
27344552]
- x86/espfix: Add 'cpu' parameter to init_espfix_ap() (Zhu Guihua)
[Orabug: 27344552]
- ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser) [Orabug:
27344841] {CVE-2017-0861} {CVE-2017-0861}
- fs/ocfs2: remove page cache for converted direct write (Wengang Wang)
- Revert "ocfs2: code clean up for direct io" (Wengang Wang)
- assoc_array: Fix a buggy node-splitting case (David Howells) [Orabug:
27364592] {CVE-2017-12193} {CVE-2017-12193}
- Sanitize 'move_pages()' permission checks (Linus Torvalds) [Orabug:
27364690] {CVE-2017-14140}
- pti: compile fix for when PTI is disabled (Pavel Tatashin) [Orabug:
27383147] {CVE-2017-5754}
- sctp: do not peel off an assoc from one netns to another one (Xin
Long) [Orabug: 27386999] {CVE-2017-15115}
- net: ipv4: fix for a race condition in raw_sendmsg (Mohamed Ghannam)
[Orabug: 27390682] {CVE-2017-17712}
- mlx4: add mstflint secure boot access kernel support (Qing Huang)
[Orabug: 27404202]
- x86: Move STUFF_RSB in to the idt macro (Konrad Rzeszutek Wilk)
- x86/spec: STUFF_RSB _before_ ENABLE_IBRS (Konrad Rzeszutek Wilk)
- x86: Move ENABLE_IBRS in the interrupt macro. (Konrad Rzeszutek Wilk)
[Orabug: 27449045]


ELSA-2018-4025 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2018-4025

http://linux.oracle.com/errata/ELSA-2018-4025.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-112.14.14.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-112.14.14.el7uek.noarch.rpm
kernel-uek-4.1.12-112.14.14.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-112.14.14.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-112.14.14.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-112.14.14.el7uek.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.1.12-112.14.14.el7uek.src.rpm



Description of changes:

[4.1.12-112.14.14.el7uek]
- drivers/char/mem.c: deny access in open operation when securelevel is
set (Ethan Zhao) [Orabug: 27234850] [Orabug: 27234850]
- hugetlb: fix nr_pmds accounting with shared page tables (Kirill A.
Shutemov) [Orabug: 26988581]
- x86/IBRS: Drop unnecessary WRITE_ONCE (Boris Ostrovsky) [Orabug:
27416198]
- x86/IBRS: Don't try to change IBRS mode if IBRS is not available
(Boris Ostrovsky) [Orabug: 27416198]
- x86/IBRS: Remove support for IBRS_ENABLED_USER mode (Boris Ostrovsky)
[Orabug: 27416198]
- x86: Include linux/device.h in bugs_64.c (Boris Ostrovsky) [Orabug:
27418896]
- x86/spectre: Drop the warning about ibrs being obsolete. (Konrad
Rzeszutek Wilk)
- x86/spec: Don't print the Missing arguments for option spectre_v2.
(Konrad Rzeszutek Wilk)
- x86/spec: Also print IBRS if IBPB is disabled. (Konrad Rzeszutek Wilk)
- x86/IBPB: Provide debugfs interface for changing IBPB mode (Boris
Ostrovsky) [Orabug: 27449065]
- xen: Make PV Dom0 Linux kernel NUMA aware (Elena Ufimtseva)
- net/rds: Fix incorrect error handling (HÃ¥kon Bugge) [Orabug: 26848729]
- net/rds: use multiple sge than buddy allocation in congestion code
(Wei Lin Guay) [Orabug: 26848729]
- Revert "RDS: fix the sg allocation based on actual message size" (Wei
Lin Guay) [Orabug: 26848729]
- Revert "RDS: avoid large pages for sg allocation for TCP transport"
(Wei Lin Guay) [Orabug: 26848729]
- Revert "net/rds: Reduce memory footprint in rds_sendmsg" (Wei Lin
Guay) [Orabug: 26848729]
- net/rds: reduce memory footprint during ib_post_recv in IB transport
(Wei Lin Guay) [Orabug: 26848729]
- net/rds: reduce memory footprint during rds_sendmsg with IB transport
(Wei Lin Guay) [Orabug: 26848729]
- net/rds: set the rds_ib_init_frag based on supported sge (Wei Lin
Guay) [Orabug: 26848729]
- bnxt_en: Fix possible corrupted NVRAM parameters from firmware
response. (Michael Chan) [Orabug: 27199588]
- x86, kasan: Fix build failure on KASAN=y && KMEMCHECK=y kernels
(Andrey Ryabinin) [Orabug: 27255122]
- x86, efi, kasan: Fix build failure on !KASAN && KMEMCHECK=y kernels
(Andrey Ryabinin) [Orabug: 27255122]
- x86, efi, kasan: #undef memset/memcpy/memmove per arch (Andrey
Ryabinin) [Orabug: 27255122]
- Revert "Makefile: Build with -Werror?te-time if the compiler
supports it" (Gayatri Vasudevan) [Orabug: 27255122]
- dccp: CVE-2017-8824: use-after-free in DCCP code (Mohamed Ghannam)
[Orabug: 27290300] {CVE-2017-8824}
- x86/efi: Initialize and display UEFI secure boot state a bit later
during init (Daniel Kiper) [Orabug: 27309477]
- x86/espfix: Init espfix on the boot CPU side (Zhu Guihua) [Orabug:
27344552]
- x86/espfix: Add 'cpu' parameter to init_espfix_ap() (Zhu Guihua)
[Orabug: 27344552]
- ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser) [Orabug:
27344841] {CVE-2017-0861} {CVE-2017-0861}
- fs/ocfs2: remove page cache for converted direct write (Wengang Wang)
- Revert "ocfs2: code clean up for direct io" (Wengang Wang)
- assoc_array: Fix a buggy node-splitting case (David Howells) [Orabug:
27364592] {CVE-2017-12193} {CVE-2017-12193}
- Sanitize 'move_pages()' permission checks (Linus Torvalds) [Orabug:
27364690] {CVE-2017-14140}
- pti: compile fix for when PTI is disabled (Pavel Tatashin) [Orabug:
27383147] {CVE-2017-5754}
- sctp: do not peel off an assoc from one netns to another one (Xin
Long) [Orabug: 27386999] {CVE-2017-15115}
- net: ipv4: fix for a race condition in raw_sendmsg (Mohamed Ghannam)
[Orabug: 27390682] {CVE-2017-17712}
- mlx4: add mstflint secure boot access kernel support (Qing Huang)
[Orabug: 27404202]
- x86: Move STUFF_RSB in to the idt macro (Konrad Rzeszutek Wilk)
- x86/spec: STUFF_RSB _before_ ENABLE_IBRS (Konrad Rzeszutek Wilk)
- x86: Move ENABLE_IBRS in the interrupt macro. (Konrad Rzeszutek Wilk)
[Orabug: 27449045]



« KDE Plasma Security Updates · Django-Anymail Security Update for Debian 9 »

Linux Compatible » News » February 2018 » Unbreakable Enterprise Kernel Security Update for Oracle Linux
All products mentioned are registered trademarks or trademarks of their respective owners.
© 2002-2018 Esselbach Internet Solutions - All Rights Reserved. Terms and privacy policy
Powered by Contentteller® Business Edition