From ecf223e163f2f2bf40ab9b319cec086fde1f0fe7 Mon Sep 17 00:00:00 2001 From: "zhiguo.zhang" Date: Tue, 4 Jun 2019 23:48:11 +0800 Subject: [PATCH] Upgrade kernel patch to CentOS7.6 3.10.0-957.12.2 New set of CVEs was reported against Intel CPUs: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091. For these CVEs there are RH and CentOS updates available. CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/ corporate-information/SA00233-microcode-update-guidance_05132019.pdf CVE-2018-12127: Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/ corporate-information/SA00233-microcode-update-guidance_05132019.pdf CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/ corporate-information/SA00233-microcode-update-guidance_05132019.pdf CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory(MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/ corporate-information/SA00233-microcode-update-guidance_05132019.pdf These are from the http://cve.mitre.org website. These are the MDS security CVEs. Closes-Bug: 1830487 Change-Id: I9c69ca78dc046128521d2a46b520f9c242fe6e56 Signed-off-by: zhiguo.zhang --- centos-mirror-tools/rpms_centos.lst | 6 +++--- centos-mirror-tools/rpms_centos3rdparties.lst | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/centos-mirror-tools/rpms_centos.lst b/centos-mirror-tools/rpms_centos.lst index a48371fc..e292cfab 100644 --- a/centos-mirror-tools/rpms_centos.lst +++ b/centos-mirror-tools/rpms_centos.lst @@ -525,8 +525,8 @@ kbd-1.15.5-15.el7.x86_64.rpm kbd-legacy-1.15.5-15.el7.noarch.rpm kbd-misc-1.15.5-15.el7.noarch.rpm kde-filesystem-4-47.el7.x86_64.rpm -kernel-3.10.0-957.1.3.el7.src.rpm -kernel-headers-3.10.0-957.1.3.el7.x86_64.rpm +kernel-3.10.0-957.12.2.el7.src.rpm +kernel-headers-3.10.0-957.12.2.el7.x86_64.rpm keyutils-1.5.8-3.el7.x86_64.rpm keyutils-libs-1.5.8-3.el7.x86_64.rpm keyutils-libs-devel-1.5.8-3.el7.x86_64.rpm @@ -854,7 +854,7 @@ mesa-libGLU-9.0.0-4.el7.x86_64.rpm mesa-libGLU-devel-9.0.0-4.el7.x86_64.rpm mesa-libwayland-egl-18.0.5-3.el7.x86_64.rpm mesa-libwayland-egl-devel-18.0.5-3.el7.x86_64.rpm -microcode_ctl-2.1-47.el7.x86_64.rpm +microcode_ctl-2.1-47.2.el7_6.x86_64.rpm mod_wsgi-3.4-18.el7.x86_64.rpm moyogo-molengo-fonts-0.10-9.el7.noarch.rpm mozilla-fira-fonts-common-4.202-1.el7.noarch.rpm diff --git a/centos-mirror-tools/rpms_centos3rdparties.lst b/centos-mirror-tools/rpms_centos3rdparties.lst index 320bcd29..44eb710d 100644 --- a/centos-mirror-tools/rpms_centos3rdparties.lst +++ b/centos-mirror-tools/rpms_centos3rdparties.lst @@ -39,7 +39,7 @@ iprutils-2.4.16.1-1.el7.x86_64.rpm java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.191.b12-1.el7_6.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.191.b12-1.el7_6.x86_64.rpm -kernel-rt-3.10.0-957.1.3.rt56.913.el7.src.rpm +kernel-rt-3.10.0-957.12.2.rt56.929.el7.src.rpm kexec-tools-2.0.15-21.el7.x86_64.rpm libblkid-2.23.2-59.el7.x86_64.rpm libcom_err-1.42.9-13.el7.x86_64.rpm