ELSA-2019-1168

Опубликовано: 15 мая 2019

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2019-1168: kernel security update (IMPORTANT)

[3.10.0-957.12.2.OL7]

Oracle Linux certificates (Alexey Petrenko)
Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
Update x509.genkey [bug 24817676]

[3.10.0-957.12.2]

[x86] x86/speculation/mds: Add SMT warning message (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
[x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
[documentation] x86/speculation/mds: Add mds=full,nosmt cmdline option (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
[kernel] x86/speculation: Remove redundant arch_smt_update() invocation (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
[x86] x86/spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
[x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
[x86] x86/spec_ctrl: Disable automatic enabling of STIBP with SMT on (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
[documentation] Documentation: Add MDS vulnerability documentation (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
[documentation] Documentation: Move L1TF to separate directory (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
[x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
[base] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
[x86] x86/speculation/mds: Add mitigation control for MDS (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
[x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
[kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
[x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
[x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
[kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
[x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
[x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
[x86] x86/speculation: Consolidate CPU whitelists (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
[x86] x86/msr-index: Cleanup bit defines (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
[x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
[x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
[x86] x86/speculation: Rework SMT state change (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
[kernel] sched/smt: Expose sched_smt_present static key (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
[kernel] sched/smt: Make sched_smt_present track topology (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
[x86] x86/speculation: Disable STIBP when enhanced IBRS is in use (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
[x86] x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
[x86] x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
[x86] x86/spectre_v2: Make spectre_v2_mitigation mode available (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
[x86] x86/spec_ctrl: Add X86_FEATURE_USE_IBPB (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
[x86] x86/spec_ctrl: Add casting to fix compilation error (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
[x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}
[x86] x86/cpufeatures: Add Intel PCONFIG cpufeature (Waiman Long) [1692597 1692598 1692599 1690335 1690348 1690358] {CVE-2018-12126 CVE-2018-12130 CVE-2018-12127}

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

bpftool

3.10.0-957.12.2.el7

kernel

3.10.0-957.12.2.el7

kernel-abi-whitelists

3.10.0-957.12.2.el7

kernel-debug

3.10.0-957.12.2.el7

kernel-debug-devel

3.10.0-957.12.2.el7

kernel-devel

3.10.0-957.12.2.el7

kernel-doc

3.10.0-957.12.2.el7

kernel-headers

3.10.0-957.12.2.el7

kernel-tools

3.10.0-957.12.2.el7

kernel-tools-libs

3.10.0-957.12.2.el7

kernel-tools-libs-devel

3.10.0-957.12.2.el7

perf

3.10.0-957.12.2.el7

python-perf

3.10.0-957.12.2.el7

Связанные CVE

Ссылки на источники

Связанные уязвимости

openSUSE-SU-2019:1806-1

suse-cvrf

почти 6 лет назад

Security update for ucode-intel

openSUSE-SU-2019:1805-1

suse-cvrf

почти 6 лет назад

Security update for ucode-intel

openSUSE-SU-2019:1505-1

suse-cvrf

около 6 лет назад

Security update for libvirt

openSUSE-SU-2019:1468-1

suse-cvrf

около 6 лет назад

Security update for ucode-intel

openSUSE-SU-2019:1420-1

suse-cvrf

около 6 лет назад

Security update for qemu