ELSA-2018-0151

Опубликовано: 25 янв. 2018

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2018-0151: kernel security and bug fix update (IMPORTANT)

[3.10.0-693.17.1.OL7]
Oracle Linux certificates (Alexey Petrenko)
Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
Update x509.genkey [bug 24817676]

[3.10.0-693.17.1]

[s390] locking/barriers: remove old gmb() macro definition (Denys Vlasenko) [1519788 1519786]

[3.10.0-693.16.1]

[x86] smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (Prarit Bhargava) [1533022 1519503]
[x86] topology: Add topology_max_smt_threads() (Prarit Bhargava) [1533022 1519503]
[powerpc] spinlock: add gmb memory barrier (Jon Masters) [1519788 1519786] {CVE-2017-5753}
[powerpc] Prevent Meltdown attack with L1-D$ flush (Jon Masters) [1519800 1519801] {CVE-2017-5754}
[s390] add ppa to system call and program check path (Jon Masters) [1519795 1519798] {CVE-2017-5715}
[s390] spinlock: add gmb memory barrier (Jon Masters) [1519788 1519786] {CVE-2017-5753}
[s390] introduce CPU alternatives (Jon Masters) [1519795 1519798] {CVE-2017-5715}
[x86] spec_ctrl: move vmexit rmb in the last branch before IBRS (Andrea Arcangeli) [1533373 1533250]
[x86] spec_ctrl: satisfy the barrier like semantics of IBRS (Andrea Arcangeli) [1533373 1533250]
[fs] userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (Andrea Arcangeli) [1533372 1531287]
[x86] kaiser/efi: unbreak tboot (Andrea Arcangeli) [1519795 1532989 1519798 1531559] {CVE-2017-5715}
[x86] spec_ctrl: don't call ptrace_has_cap in the IBPB ctx switch optimization (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
[x86] kaiser/efi: unbreak EFI old_memmap (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
[x86] cpuidle_idle_call: fix double local_irq_enable() (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
[x86] entry: Invoke TRACE_IRQS_IRETQ in paranoid_userspace_restore_all (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
[x86] cpu: fix get_scattered_cpu_leaf sorting part #2 (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
[x86] spec_ctrl: show added cpuid flags in /proc/cpuinfo after late microcode update (Andrea Arcangeli) [1519795 1519798] {CVE-2017-5715}
[x86] cpu: fix get_scattered_cpu_leaf for IBPB feature (Paolo Bonzini) [1519795 1519798]

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

kernel

3.10.0-693.17.1.el7

kernel-abi-whitelists

3.10.0-693.17.1.el7

kernel-debug

3.10.0-693.17.1.el7

kernel-debug-devel

3.10.0-693.17.1.el7

kernel-devel

3.10.0-693.17.1.el7

kernel-doc

3.10.0-693.17.1.el7

kernel-headers

3.10.0-693.17.1.el7

kernel-tools

3.10.0-693.17.1.el7

kernel-tools-libs

3.10.0-693.17.1.el7

kernel-tools-libs-devel

3.10.0-693.17.1.el7

perf

3.10.0-693.17.1.el7

python-perf

3.10.0-693.17.1.el7

Связанные CVE

Ссылки на источники

Связанные уязвимости

CVE-2017-12193

CVSS3: 5.5

ubuntu

больше 7 лет назад

The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations.