Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4570)

High Nessus Plugin ID 122802

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

[4.14.35-1844.3.2.el7uek]
- uek-rpm: Remove hardcoded 'kernel_git_commit' macro from specfile (Victor Erminpour) [Orabug: 29357695]
- mm: cleancache: fix corruption on missed inode invalidation (Pavel Tikhomirov) [Orabug: 29364665] {CVE-2018-16862}
- l2tp: fix reading optional fields of L2TPv3 (Jacob Wen) [Orabug: 29368046]

[4.14.35-1844.3.1.el7uek]
- x86/speculation: Add support for STIBP always-on preferred mode (Thomas Lendacky) [Orabug: 29344486]
- x86/speculation: Provide IBPB always command line options (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Add seccomp Spectre v2 user space protection mode (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Enable prctl mode for spectre_v2_user (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Add prctl() control for indirect branch speculation (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Prepare arch_smt_update() for PRCTL mode (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Prevent stale SPEC_CTRL msr content (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Split out TIF update (Thomas Gleixner) [Orabug: 29344486]
- ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Remove static key ibpb_enabled_key (Anjali Kulkarni) [Orabug: 29344486]
- x86/speculation: Prepare for conditional IBPB in switch_mm() (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Avoid __switch_to_xtra() calls (Thomas Gleixner) [Orabug: 29344486]
- x86/process: Consolidate and simplify switch_to_xtra() code (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Prepare for per task indirect branch speculation control (Tim Chen) [Orabug: 29344486]
- x86/speculation: Add command line control for indirect branch speculation (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Unify conditional spectre v2 print functions (Thomas Gleixner) [Orabug: 29344486]
- x86/speculataion: Mark command line parser data __initdata (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Mark string arrays const correctly (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Reorder the spec_v2 code (Thomas Gleixner) [Orabug: 29344486]
- x86/l1tf: Show actual SMT state (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Rework SMT state change (Thomas Gleixner) [Orabug: 29344486]
- sched/smt: Expose sched_smt_present static key (Thomas Gleixner) [Orabug: 29344486]
- x86/Kconfig: Select SCHED_SMT if SMP enabled (Thomas Gleixner) [Orabug: 29344486]
- sched/smt: Make sched_smt_present track topology (Peter Zijlstra (Intel)) [Orabug: 29344486]
- x86/speculation: Reorganize speculation control MSRs update (Tim Chen) [Orabug: 29344486]
- x86/speculation: Rename SSBD update functions (Thomas Gleixner) [Orabug: 29344486]
- x86/speculation: Disable STIBP when enhanced IBRS is in use (Tim Chen) [Orabug: 29344486]
- x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (Tim Chen) [Orabug: 29344486]
- x86/speculation: Remove unnecessary ret variable in cpu_show_common() (Tim Chen) [Orabug: 29344486]
- x86/speculation: Clean up spectre_v2_parse_cmdline() (Tim Chen) [Orabug: 29344486]
- x86/speculation: Update the TIF_SSBD comment (Tim Chen) [Orabug: 29344486]
- sched/core: Fix cpu.max vs. cpuhotplug deadlock (Peter Zijlstra) [Orabug: 29344486]
- x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (Jiri Kosina) [Orabug: 29344486]
- x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (Jiri Kosina) [Orabug: 29344486]
- netfilter: nf_tables: deactivate expressions in rule replecement routine (Taehee Yoo) [Orabug: 29355502]
- btrfs: Verify that every chunk has corresponding block group at mount time (Qu Wenruo) [Orabug: 29355254] {CVE-2018-14612}
- mlx4_ib: Distribute completion vectors when zero is supplied (H&aring kon Bugge) [Orabug: 29324328]
- x86/speculation: Clean up retpoline code in bugs.c (Alejandro Jimenez) [Orabug: 29211613]
- x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE (WANG Chao) [Orabug: 29211613]
- x86/build: Fix compiler support check for CONFIG_RETPOLINE (Masahiro Yamada) [Orabug: 29211613]
- x86/retpoline: Remove minimal retpoline support (Zhenzhong Duan) [Orabug: 29211613]
- uek-rpm: Enable device-mapper era driver (Dave Aldridge) [Orabug: 29283140]
- uek-rpm: use multi-threaded xz compression for rpms (Alexander Burmashev) [Orabug: 29322860]
- uek-rpm: optimize find-requires usage (Alexander Burmashev) [Orabug: 29322860]
- find-debuginfo.sh: backport parallel files procession (Alexander Burmashev) [Orabug: 29322860]

[4.14.35-1844.3.0.el7uek]
- xfs: refactor short form directory structure verifier function (Darrick J. Wong) [Orabug: 29301204]
- xfs: provide a centralized method for verifying inline fork data (Darrick J. Wong) [Orabug: 29301204]
- xfs: create structure verifier function for short form symlinks (Darrick J. Wong) [Orabug: 29301204]
- xfs: create structure verifier function for shortform xattrs (Darrick J. Wong) [Orabug: 29301204]
- btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (Qu Wenruo) [Orabug: 29301101] {CVE-2018-14609}
- iommu/amd: Fix IOMMU page flush when detach device from a domain (Suravee Suthikulpanit) [Orabug: 29297191]
- x86/apic: Switch all APICs to Fixed delivery mode (Thomas Gleixner) [Orabug: 29262403]
- kvm: x86: Report STIBP on GET_SUPPORTED_CPUID (Eduardo Habkost) [Orabug: 29229728]
- bnx2x: disable GSO where gso_size is too big for hardware (Daniel Axtens) [Orabug: 29125104] {CVE-2018-1000026}
- net: create skb_gso_validate_mac_len() (Daniel Axtens) [Orabug: 29125104] {CVE-2018-1000026}
- slub: make ->cpu_partial unsigned (Alexey Dobriyan) [Orabug: 28973025]

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2019-March/008527.html

Plugin Details

Severity: High

ID: 122802

File Name: oraclelinux_ELSA-2019-4570.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2019/03/13

Updated: 2019/03/19

Dependencies: 12634, 122878

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS v3.0

Base Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-tools, cpe:/o:oracle:linux:7

Patch Publication Date: 2019/03/12

Vulnerability Publication Date: 2018/02/09

Reference Information

CVE: CVE-2018-1000026, CVE-2018-14609, CVE-2018-14612, CVE-2018-16862