ELSA-2018-1629

Опубликовано: 22 мая 2018

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2018-1629: kernel security update (IMPORTANT)

[3.10.0-862.3.2.OL7]

Oracle Linux certificates (Alexey Petrenko)
Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
Update x509.genkey [bug 24817676]

[3.10.0-862.3.2]

[x86] spec_ctrl: Fix late microcode problem with AMD (Waiman Long) [1566904 1566905] {CVE-2018-3639}
[x86] entry: Add missing '$' in IBRS macros (Waiman Long) [1566904 1566905] {CVE-2018-3639}
[x86] spec_ctrl: Clean up entry code & remove unused APIs (Waiman Long) [1566904 1566905] {CVE-2018-3639}
[x86] spec_ctrl: Mask off SPEC_CTRL MSR bits that are managed by kernel (Waiman Long) [1566904 1566905] {CVE-2018-3639}
[x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Waiman Long) [1566904 1566905] {CVE-2018-3639}
[fs] proc: Use CamelCase for SSBD (Waiman Long) [1566904 1566905] {CVE-2018-3639}
[x86] bugs: Rename _RDS to _SSBD (Waiman Long) [1566904 1566905] {CVE-2018-3639}
[kernel] seccomp: Enable speculation flaw mitigations (Waiman Long) [1566904 1566905] {CVE-2018-3639}
[fs] proc: Provide details on speculation flaw mitigations (Waiman Long) [1566904 1566905] {CVE-2018-3639}
[x86] nospec: Allow getting/setting on non-current task (Waiman Long) [1566904 1566905] {CVE-2018-3639}
[x86] speculation: Add prctl for Speculative Store Bypass mitigation (Waiman Long) [1566904 1566905] {CVE-2018-3639}
[x86] process: Allow runtime control of Speculative Store Bypass (Waiman Long) [1566904 1566905] {CVE-2018-3639}
[uapi] prctl: Add speculation control prctls (Waiman Long) [1566904 1566905] {CVE-2018-3639}
[x86] kvm/vmx: Expose SPEC_CTRL Bit(2) to the guest (Waiman Long) [1566904 1566905] {CVE-2018-3639}
[x86] bugs/amd: Add support to disable RDS on Fam[15, 16, 17]h if requested (Waiman Long) [1566904 1566905] {CVE-2018-3639}
[x86] spec_ctrl: Sync up RDS setting with IBRS code (Waiman Long) [1566904 1566905] {CVE-2018-3639}
[x86] bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Waiman Long) [1566904 1566905] {CVE-2018-3639}
[x86] bugs: Expose /sys/../spec_store_bypass (Waiman Long) [1566904 1566905] {CVE-2018-3639}
[x86] bugs: Read SPEC_CTRL MSR during boot and re-use (Waiman Long) [1566904 1566905] {CVE-2018-3639}
[x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit (Waiman Long) [1566904 1566905] {CVE-2018-3639}
[x86] cpufeatures: Make CPU bugs sticky (Waiman Long) [1566904 1566905] {CVE-2018-3639}

[3.10.0-862.3.1]

[x86] kpti/kexec: fix wrong page address in clear_page (Dave Young) [1573173 1571162]
[x86] kvm: fix icebp instruction handling (Paolo Bonzini) [1566849 1566845] {CVE-2018-1087}
[x86] entry/64: Don't use IST entry for #BP stack (Paolo Bonzini) [1567084 1567083] {CVE-2018-8897}
[kernel] perf/hwbp: Simplify the perf-hwbp code, fix documentation (Eugene Syromiatnikov) [1569878 1569874] {CVE-2018-1000199}

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

kernel

3.10.0-862.3.2.el7

kernel-abi-whitelists

3.10.0-862.3.2.el7

kernel-debug

3.10.0-862.3.2.el7

kernel-debug-devel

3.10.0-862.3.2.el7

kernel-devel

3.10.0-862.3.2.el7

kernel-doc

3.10.0-862.3.2.el7

kernel-headers

3.10.0-862.3.2.el7

kernel-tools

3.10.0-862.3.2.el7

kernel-tools-libs

3.10.0-862.3.2.el7

kernel-tools-libs-devel

3.10.0-862.3.2.el7

perf

3.10.0-862.3.2.el7

python-perf

3.10.0-862.3.2.el7

Связанные CVE

CVE-2018-3639

Ссылки на источники

Связанные уязвимости

CVE-2018-3639

CVSS3: 5.5

ubuntu

около 7 лет назад

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.