ELSA-2019-4628

Опубликовано: 14 мая 2019

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2019-4628: Unbreakable Enterprise kernel security update (IMPORTANT)

[4.14.35-1844.4.5.2]

x86/mds: Add empty commit for CVE-2019-11091 (Konrad Rzeszutek Wilk) [Orabug: 29721848] {CVE-2019-11091}
x86/speculation/mds: Make mds_mitigation mutable after init (Konrad Rzeszutek Wilk) [Orabug: 29721835] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}

[4.14.35-1844.4.5.1]

x86/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Konrad Rzeszutek Wilk) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
x86/speculation/mds: Fix comment (Boris Ostrovsky) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
x86/speculation/mds: Add debugfs for controlling MDS (Kanth Ghatraju) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
x86/speculation/mds: Add boot option to enable MDS protection only while in idle (Boris Ostrovsky) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
x86/speculation: Move arch_smt_update() call to after mitigation decisions (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
x86/speculation/mds: Add mds=full,nosmt cmdline option (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
Documentation: Add MDS vulnerability documentation (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
Documentation: Move L1TF to separate directory (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
x86/speculation/mds: Clear CPU buffers on exit to user (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Andi Kleen) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
x86/speculation: Consolidate CPU whitelists (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
x86/msr-index: Cleanup bit defines (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} file (Will Deacon) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
x86/cpu: Sanitize FAM6_ATOM naming (Peter Zijlstra) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
Documentation/l1tf: Fix small spelling typo (Salvatore Bonaccorso) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
x86/speculation: Simplify the CPU bug detection logic (Dominik Brodowski) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
tools include: Adopt linux/bits.h (Arnaldo Carvalho de Melo) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

kernel-uek

4.14.35-1844.4.5.2.el7uek

kernel-uek-debug

4.14.35-1844.4.5.2.el7uek

kernel-uek-debug-devel

4.14.35-1844.4.5.2.el7uek

kernel-uek-devel

4.14.35-1844.4.5.2.el7uek

kernel-uek-headers

4.14.35-1844.4.5.2.el7uek

kernel-uek-tools

4.14.35-1844.4.5.2.el7uek

kernel-uek-tools-libs

4.14.35-1844.4.5.2.el7uek

kernel-uek-tools-libs-devel

4.14.35-1844.4.5.2.el7uek

perf

4.14.35-1844.4.5.2.el7uek

python-perf

4.14.35-1844.4.5.2.el7uek

Oracle Linux x86_64

kernel-uek

4.14.35-1844.4.5.2.el7uek

kernel-uek-debug

4.14.35-1844.4.5.2.el7uek

kernel-uek-debug-devel

4.14.35-1844.4.5.2.el7uek

kernel-uek-devel

4.14.35-1844.4.5.2.el7uek

kernel-uek-doc

4.14.35-1844.4.5.2.el7uek

kernel-uek-tools

4.14.35-1844.4.5.2.el7uek

Связанные CVE

Ссылки на источники

Связанные уязвимости

openSUSE-SU-2019:1806-1

suse-cvrf

около 6 лет назад

Security update for ucode-intel

openSUSE-SU-2019:1805-1

suse-cvrf

около 6 лет назад

Security update for ucode-intel

openSUSE-SU-2019:1505-1

suse-cvrf

около 6 лет назад

Security update for libvirt

openSUSE-SU-2019:1468-1

suse-cvrf

около 6 лет назад

Security update for ucode-intel

openSUSE-SU-2019:1420-1

suse-cvrf

около 6 лет назад

Security update for qemu