Wednesday, February 24, 2016

ELSA-2016-3519 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2016-3519

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64: kernel-uek-firmware-3.8.13-118.3.2.el7uek.noarch.rpm
x86_64: kernel-uek-doc-3.8.13-118.3.2.el7uek.noarch.rpm
x86_64: kernel-uek-3.8.13-118.3.2.el7uek.x86_64.rpm
x86_64: kernel-uek-devel-3.8.13-118.3.2.el7uek.x86_64.rpm
x86_64: kernel-uek-debug-devel-3.8.13-118.3.2.el7uek.x86_64.rpm
x86_64: kernel-uek-debug-3.8.13-118.3.2.el7uek.x86_64.rpm
x86_64: dtrace-modules-3.8.13-118.3.2.el7uek-0.4.5-3.el7.x86_64.rpm

Description of changes:

  • [3.8.13-118.3.2.el7uek] 
    • - x86/nmi/64: Use DF to avoid userspace RSP confusing nested NMIdetection (Andy Lutomirski)  [Orabug: 22742507]  {CVE-2015-5157}
    • - x86/nmi/64: Reorder nested NMI checks (Andy Lutomirski)  [Orabug: 22742507]  {CVE-2015-5157}
    • - x86/nmi/64: Improve nested NMI comments (Andy Lutomirski)  [Orabug: 22742507]  {CVE-2015-5157}
    • - x86/nmi/64: Switch stacks on userspace NMI entry (Andy Lutomirski) [Orabug: 22742507]  {CVE-2015-5157}
    • - x86/paravirt: Replace the paravirt nop with a bona fide empty function (Andy Lutomirski)  [Orabug: 22742507]  {CVE-2015-5157}

No comments: