Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4288)

Medium Nessus Plugin ID 119279

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

[4.1.12-124.22.4.el7uek]
- Revert commit 8bd274934987 ('block: fix bdi vs gendisk lifetime mismatch') (Ashish Samant) [Orabug: 28968102]
- KVM/x86: Add IBPB support (Ashok Raj) [Orabug: 28703712]
- x86/intel/spectre_v2: Remove unnecessary retp_compiler() test (Boris Ostrovsky) [Orabug: 28814570]
- x86/intel/spectre_v4: Deprecate spec_store_bypass_disable=userspace (Boris Ostrovsky) [Orabug: 28814570]
- x86/speculation: x86_spec_ctrl_set needs to be called unconditionally (Boris Ostrovsky) [Orabug: 28814570]
- x86/speculation: Drop unused DISABLE_IBRS_CLOBBER macro (Boris Ostrovsky) [Orabug: 28814570]
- x86/intel/spectre_v4: Keep SPEC_CTRL_SSBD when IBRS is in use (Boris Ostrovsky) [Orabug: 28814570]

[4.1.12-124.22.3.el7uek]
- net: net_failover: fix typo in net_failover_slave_register() (Liran Alon) [Orabug: 28122104]
- virtio_net: Extend virtio to use VF datapath when available (Sridhar Samudrala) [Orabug: 28122104]
- virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit (Sridhar Samudrala) [Orabug: 28122104]
- net: Introduce net_failover driver (Sridhar Samudrala) [Orabug: 28122104]
- net: Introduce generic failover module (Sridhar Samudrala) [Orabug: 28122104]
- net: introduce lower state changed info structure for LAG lowers (Jiri Pirko) [Orabug: 28122104]
- net: introduce change lower state notifier (Jiri Pirko) [Orabug: 28122104]
- net: add info struct for LAG changeupper (Jiri Pirko) [Orabug: 28122104]
- net: add possibility to pass information about upper device via notifier (Jiri Pirko) [Orabug: 28122104]
- net: Check CHANGEUPPER notifier return value (Ido Schimmel) [Orabug: 28122104]
- net: introduce change upper device notifier change info (Jiri Pirko) [Orabug: 28122104]
- x86/bugs: rework x86_spec_ctrl_set to make its changes explicit (Daniel Jordan) [Orabug: 28271063]
- x86/bugs: rename ssbd_ibrs_selected to ssbd_userspace_selected (Daniel Jordan) [Orabug: 28271063]
- x86/bugs: always use x86_spec_ctrl_base or _priv when setting spec ctrl MSR (Daniel Jordan) [Orabug: 28271063]
- xen-blkfront: fix kernel panic with negotiate_mq error path (Manjunath Patil) [Orabug: 28798861]
- scsi: lpfc: Correct MDS diag and nvmet configuration (James Smart) [Orabug: 28855939]
- scsi: virtio_scsi: let host do exception handling (Paolo Bonzini) [Orabug: 28856913]
- net/rds: Fix endless RNR situation (Venkat Venkatsubra) [Orabug: 28857027]
- scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (Alexander Potapenko) [Orabug: 28892656] {CVE-2018-1000204}
- cdrom: fix improper type cast, which can leat to information leak. (Young_X) [Orabug: 28929767] {CVE-2018-16658} {CVE-2018-10940} {CVE-2018-18710}

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2018-November/008310.html

https://oss.oracle.com/pipermail/el-errata/2018-November/008311.html

Plugin Details

Severity: Medium

ID: 119279

File Name: oraclelinux_ELSA-2018-4288.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2018/11/29

Modified: 2018/11/29

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.3

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:N/A:N

CVSS v3.0

Base Score: 6.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, cpe:/o:oracle:linux:6, cpe:/o:oracle:linux:7

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2018/11/28

Reference Information

CVE: CVE-2018-1000204, CVE-2018-10940, CVE-2018-16658, CVE-2018-18710