RepoView: Scientific Linux 6.9 i386 Security Errata

Jump to letter: [ 3 A B C D E F G H J K L M N O P Q R S T W X Y Z ]

kernel-debug-devel - Development package for building kernel modules to match the debug kernel

Website:	http://www.kernel.org/
License:	GPLv2
Vendor:	Scientific Linux

Description:

This package provides kernel headers and makefiles sufficient to build modules
against the debug kernel package.

Packages

kernel-debug-devel-2.6.32-754.6.3.el6.i686 [10.8 MiB]	Changelog by Frantisek Hrbata (2018-09-18): - [kvm] VMX: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1628796] - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1628796] - [x86] KVM: VMX: skip L1TF flush on VM-entry if EPT is disabled (Marcelo Tosatti) [1616397]
kernel-debug-devel-2.6.32-754.3.5.el6.i686 [10.8 MiB]	Changelog by Phillip Lougher (2018-08-09): - [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Frantisek Hrbata) [1593376] {CVE-2018-3620}
kernel-debug-devel-2.6.32-754.2.1.el6.i686 [10.8 MiB]	Changelog by Phillip Lougher (2018-07-03): - [x86] entry/64: Don't use IST entry for #BP stack (Waiman Long) [1596113] {CVE-2018-10872} - [fs] gfs2: Flush delayed work earlier in gfs2_inode_lookup (Andreas Grunbacher) [1506281] - [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1576757] {CVE-2018-10675} - [mm] Fix NULL pointer dereference in dequeue_hwpoisoned_huge_page() (Larry Woodman) [1381653] - [fs] NFSv4.1: Fix up replays of interrupted requests (Benjamin Coddington) [1553423] - [fs] NFSv4.1: Simplify struct nfs4_sequence_args too (Benjamin Coddington) [1553423] - [fs] NFSv4.1: Label each entry in the session slot tables with its slot number (Benjamin Coddington) [1553423] - [fs] NFSv4.1: Shrink struct nfs4_sequence_res by moving the session pointer (Benjamin Coddington) [1553423] - [fs] NFSv4.1: nfs4_alloc_slots doesn't need zeroing (Benjamin Coddington) [1553423] - [fs] NFSv4.1: clean up nfs4_recall_slot to use nfs4_alloc_slots (Benjamin Coddington) [1553423] - [fs] NFSv4.1: Fix a NFSv4.1 session initialisation regression (Benjamin Coddington) [1553423] - [scsi] ipr: Fix sync scsi scan (Gustavo Duarte) [1572310] - [scsi] ipr: Wait to do async scan until scsi host is initialized (Gustavo Duarte) [1572310]
kernel-debug-devel-2.6.32-754.el6.i686 [10.8 MiB]	Changelog by Phillip Lougher (2018-05-24): - [powerpc] 64s: Add support for a store forwarding barrier at kernel entry/exit (Mauricio Oliveira) [1581053] {CVE-2018-3639} - [x86] amd: Disable AMD SSBD mitigation in a VM (Waiman Long) [1580360] - [x86] spec_ctrl: Fix late microcode problem with AMD (Waiman Long) [1566899] {CVE-2018-3639} - [x86] spec_ctrl: Clean up entry code & remove unused APIs (Waiman Long) [1566899] {CVE-2018-3639} - [x86] spec_ctrl: Mask off SPEC_CTRL MSR bits that are managed by kernel (Waiman Long) [1566899] {CVE-2018-3639} - [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros (Waiman Long) [1566899] {CVE-2018-3639} - [x86] bugs: Rename _RDS to _SSBD (Waiman Long) [1566899] {CVE-2018-3639} - [x86] speculation: Add prctl for Speculative Store Bypass mitigation (Waiman Long) [1566899] {CVE-2018-3639} - [x86] process: Allow runtime control of Speculative Store Bypass (Waiman Long) [1566899] {CVE-2018-3639} - [kernel] prctl: Add speculation control prctls (Waiman Long) [1566899] {CVE-2018-3639} - [x86] kvm: Expose the RDS bit to the guest (Waiman Long) [1566899] {CVE-2018-3639} - [x86] bugs/AMD: Add support to disable RDS on Fam(15, 16, 17)h if requested (Waiman Long) [1566899] {CVE-2018-3639} - [x86] spec_ctrl: Sync up RDS setting with IBRS code (Waiman Long) [1566899] {CVE-2018-3639} - [x86] bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Waiman Long) [1566899] {CVE-2018-3639} - [x86] bugs: Expose the /sys/../spec_store_bypass and X86_BUG_SPEC_STORE_BYPASS (Waiman Long) [1566899] {CVE-2018-3639} - [x86] bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Waiman Long) [1566899] {CVE-2018-3639} - [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpu/intel: Knight Mill and Moorefield update to intel-family.h (Waiman Long) [1566899] {CVE-2018-3639} - [x86] speculation: Update Speculation Control microcode blacklist (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpufeatures: Clean up Spectre v2 related CPUID flags (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpufeatures: Add AMD feature bits for Speculation Control (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpufeatures: Add Intel feature bits for Speculation (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpufeatures: Add CPUID_7_EDX CPUID leaf (Waiman Long) [1566899] {CVE-2018-3639} - [x86] cpu: Fill in feature word 13, CPUID_8000_0008_EBX (Waiman Long) [1566899] {CVE-2018-3639} - [x86] Extend RH cpuinfo to 10 extra words (Waiman Long) [1566899] {CVE-2018-3639} - [x86] invpcid: Enable 'noinvpcid' boot parameter for X86_32 (Waiman Long) [1560494] - [x86] dumpstack_32: Fix kernel panic in dump_trace (Waiman Long) [1577351] - [fs] gfs2: For fs_freeze, do a log flush and flush the ail1 list (Robert S Peterson) [1569148] - [net] dccp: check sk for closed state in dccp_sendmsg() (Stefano Brivio) [1576586] {CVE-2018-1130} - [net] ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped (Stefano Brivio) [1576586] {CVE-2018-1130}
kernel-debug-devel-2.6.32-696.30.1.el6.i686 [10.8 MiB]	Changelog by Jan Stancek (2018-05-18): - [x86] x86/kvm: fix CPUID_7_EDX (word 18) mask (Jan Stancek) [1566893 1566899] {CVE-2018-3639}
kernel-debug-devel-2.6.32-696.28.1.el6.i686 [10.8 MiB]	Changelog by Jan Stancek (2018-04-26): - [x86] entry/64: Don't use IST entry for #BP stack (Waiman Long) [1567078 1567079] {CVE-2018-8897} - [x86] xen: do not use xen_info on HVM, set pv_info name to "Xen HVM" (Vitaly Kuznetsov) [1569141 1568241]
kernel-debug-devel-2.6.32-696.23.1.el6.i686 [10.7 MiB]	Changelog by Jan Stancek (2018-02-10): - [scsi] avoid a permanent stop of the scsi device's request queue (Ewan Milne) [1519857 1513455] - [x86] retpoline/hyperv: Convert assembler indirect jumps (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Upgrade GCC retpoline warning to an error for brew builds (Waiman Long) [1543022 1535645] - [x86] retpoline: Don't use kernel indirect thunks in vsyscalls (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Add a read-only retp_enabled debugfs knob (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: detect unretpolined modules (Waiman Long) [1543022 1535645] - [x86] retpoline/ACPI: Convert indirect jump in wakeup code (Waiman Long) [1543022 1535645] - [x86] retpoline/efi: Convert stub indirect calls & jumps (Waiman Long) [1543022 1535645] - [watchdog] hpwdt: remove indirect call in drivers/watchdog/hpwdt.c (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: cleanup __ptrace_may_access (Waiman Long) [1543022 1535645] - [x86] bugs: Drop one "mitigation" from dmesg (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: fix ptrace IBPB optimization (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Avoid returns in IBRS-disabled regions (Waiman Long) [1543022 1535645] - [x86] spectre/meltdown: avoid the vulnerability directory to weaken kernel security (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Update spec_ctrl.txt and kernel-parameters.txt (Waiman Long) [1543022 1535645] - [x86] Use IBRS for firmware update path (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: stuff RSB on context switch with SMEP enabled (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: use upstream RSB stuffing function (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: add ibrs_enabled=3 (ibrs_user) (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Integrate IBRS with retpoline (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: print features changed by microcode loading (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: refactor the init and microcode loading paths (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: move initialization of X86_FEATURE_IBPB_SUPPORT (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: remove SPEC_CTRL_PCP_IBPB bit (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: remove ibrs_enabled variable (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: add ibp_disabled variable (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: add X86_FEATURE_IBP_DISABLE (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: remove IBP disable for AMD model 0x16 (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: remove performance measurements from documentation (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: make ipbp_enabled read-only (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: remove ibpb_enabled=2 mode (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: Enable spec_ctrl functions for x86-32 (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: move vmexit rmb in the last branch before IBRS (Waiman Long) [1543022 1535645] - [x86] spec_ctrl: satisfy the barrier like semantics of IBRS (Waiman Long) [1543022 1535645] - [x86] spectre_v1: Mark it as mitigated (Waiman Long) [1543022 1535645] - [x86] pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (Waiman Long) [1543022 1535645] - [x86] mce: Make machine check speculation protected (Waiman Long) [1543022 1535645] - [x86] retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (Waiman Long) [1543022 1535645] - [x86] retpoline: Fill return stack buffer on vmexit (Waiman Long) [1543022 1535645] - [x86] retpoline/irq32: Convert assembler indirect jumps (Waiman Long) [1543022 1535645] - [x86] retpoline/checksum32: Convert assembler indirect jumps (Waiman Long) [1543022 1535645] - [x86] retpoline/entry: Convert entry assembler indirect (Waiman Long) [1543022 1535645] - [x86] retpoline/crypto: Convert crypto assembler indirect jumps (Waiman Long) [1543022 1535645] - [x86] spectre: Add boot time option to select Spectre v2 mitigation (Waiman Long) [1543022 1535645] - [x86] retpoline: Add initial retpoline support (Waiman Long) [1543022 1535645] - [x86] cpu: Implement CPU vulnerabilites sysfs functions (Waiman Long) [1543022 1535645] - [base] sysfs/cpu: Add vulnerability folder (Waiman Long) [1543022 1535645] - [x86] cpufeatures: Add X86_BUG_SPECTRE_V[12] (Waiman Long) [1543022 1535645] - [x86] pti: Add the pti= cmdline option and documentation (Waiman Long) [1543022 1535645] - [x86] cpufeatures: Add X86_BUG_CPU_MELTDOWN (Waiman Long) [1543022 1535645] - [x86] pti: Rename CONFIG_KAISER to CONFIG_PAGE_TABLE_ISOLATION (Waiman Long) [1543022 1535645] - [x86] cpu: Expand cpufeature facility to include cpu bugs (Waiman Long) [1543022 1535645] - [x86] cpu: Merge bugs.c and bugs_64.c (Waiman Long) [1543022 1535645] - [x86] cpu/intel: Introduce macros for Intel family numbers (Waiman Long) [1543022 1535645] - [x86] alternatives: Add missing '\n' at end of ALTERNATIVE inline asm (Waiman Long) [1543022 1535645] - [x86] alternatives: Fix alt_max_short macro to really be a max() (Waiman Long) [1543022 1535645] - [x86] asm: Make asm/alternative.h safe from assembly (Waiman Long) [1543022 1535645] - [x86] alternatives: Document macros (Waiman Long) [1543022 1535645] - [x86] alternatives: Fix ALTERNATIVE_2 padding generation properly (Waiman Long) [1543022 1535645] - [x86] alternatives: Add instruction padding (Waiman Long) [1543022 1535645] - [x86] alternative: Add header guards to <asm/alternative-asm.h> (Waiman Long) [1543022 1535645] - [x86] alternative: Use .pushsection/.popsection (Waiman Long) [1543022 1535645] - [x86] copy_user_generic: Optimize copy_user_generic with CPU erms feature (Waiman Long) [1543022 1535645] - [x86] Make .altinstructions bit size neutral (Waiman Long) [1543022 1535645] - [x86] pti: Rework the trampoline stack switching code (Waiman Long) [1543022 1535645] - [x86] pti: Disable interrupt before trampoline stack switching (Waiman Long) [1543022 1535645]
kernel-debug-devel-2.6.32-696.20.1.el6.i686 [10.7 MiB]	Changelog by Denys Vlasenko (2018-01-12): - [x86] kaiser/efi: unbreak tboot (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] pti/mm: Fix trampoline stack problem with XEN PV (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] pti/mm: Fix XEN PV boot failure (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Invoke TRACE_IRQS_IRETQ in paranoid_userspace_restore_all (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] spec_ctrl: show added cpuid flags in /proc/cpuinfo after late microcode update (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: enable IBRS and stuff_RSB before calling NMI C code (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: skip CAP_SYS_PTRACE check to skip audit (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: disable ibrs while in intel_idle() (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: skip IBRS/CR3 restore when paranoid exception returns to userland (Waiman Long) [1519797 1519796] {CVE-2017-5715} - Revert "x86/entry: Use retpoline for syscall's indirect calls" (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm/dump_pagetables: Allow dumping current pagetables (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/dump_pagetables: Add a pgd argument to walk_pgd_level() (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/dump_pagetables: Add page table directory (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Remove unneeded nmi_userspace code (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Fix nmi exit code with CONFIG_TRACE_IRQFLAGS (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED per-cpu section (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: Clear kdump pgd page to prevent incorrect behavior (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: consider the init_mm.pgd a kaiser pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: convert userland visible "kpti" name to "pti" (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2 (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm/kaiser: __load_cr3 in resume from RAM after kernel %gs has been restored (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm/kaiser: Revert the __GFP_COMP flag change (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Fix paranoid_exit() trampoline clobber (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and IBPB_SUPPORT are missing (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: Documentation spec_ctrl.txt (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: remove irqs_disabled() check from intel_idle() (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: undo speculation barrier for ibrs_enabled and noibrs_cmdline (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2 (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: use IBRS_ENABLED instead of 1 (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: allow the IBP disable feature to be toggled at runtime (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: always initialize save_reg in ENABLE_IBRS_SAVE_AND_CLOBBER (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: ibrs_enabled() is expected to return > 1 (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: CLEAR_EXTRA_REGS and extra regs save/restore (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] syscall: Clear unused extra registers on syscall (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Add back STUFF_RSB to interrupt and error paths (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm/kaiser: make is_kaiser_pgd reliable (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] revert: mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] kaiser/mm: fix pgd freeing in error path (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Fix 32-bit program crash with 64-bit kernel on AMD boxes (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: add noibrs noibpb boot options (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Use retpoline for syscall's indirect calls (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] syscall: Clear unused extra registers on 32-bit compatible syscall entrance (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: rescan cpuid after a late microcode update (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: consolidate the spec control boot detection (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] Remove __cpuinitdata from some data & function (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: move stuff_RSB in spec_ctrl.h (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Remove STUFF_RSB in error and interrupt code (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Stuff RSB for entry to kernel for non-SMEP platform (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm: Only set IBPB when the new thread cannot ptrace (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm: Set IBPB upon context switch (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] idle: Disable IBRS when offlining cpu and re-enable (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] idle: Disable IBRS entering idle and enable it on wakeup (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: implement spec ctrl C methods (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] enter: Use IBRS on syscall and interrupts (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: swap rdx with rsi for nmi nesting detection (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: spec_ctrl_pcp and kaiser_enabled_pcp in same cachline (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and ibrs (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] enter: MACROS to set/clear IBRS and set IBPB (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] x86: add SPEC_CTRL to MSR and CPUID lists (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] svm: Set IBPB when running a different VCPU (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] vmx: Set IBPB when running a different VCPU (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [kvm] x86: clear registers on VM exit (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] [kvm] Pad RSB on VM transition (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [security] Add SPEC_CTRL Kconfig option (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not available (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] feature: Report presence of IBPB and IBRS control (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] feature: Enable the x86 feature to control Speculation (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] cpuid: Provide get_scattered_cpuid_leaf() (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] cpuid: Cleanup cpuid_regs definitions (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] microcode: Share native MSR accessing variants (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] nop: Make the ASM_NOP* macros work from assembly (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] cpu: Clean up and unify the NOP selection infrastructure (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] entry: Further simplify the paranoid_exit code (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Remove trampoline check from paranoid entry path (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Don't switch to trampoline stack in paranoid_exit (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Simplify trampoline stack restore code (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [misc] locking/barriers: prevent speculative execution based on Coverity scan results (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [fs] udf: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [fs] prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [scsi] qla2xxx: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [netdrv] p54: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [netdrv] carl9170: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [media] uvcvideo: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] cpu/AMD: Make the LFENCE instruction serialized (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [kernel] locking/barriers: introduce new memory barrier gmb() (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] Fix typo preventing msr_set/clear_bit from having an effect (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] Add another set of MSR accessor functions (Waiman Long) [1519787 1519789] {CVE-2017-5753} - [x86] mm/kaiser: Replace kaiser with kpti to sync with upstream (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map the trace idt tables in userland shadow pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add "kaiser" and "nokaiser" boot options (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] kaiser/mm: fix RESTORE_CR3 crash in kaiser_stop_machine (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: use stop_machine for enable/disable knob (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] kaiser/mm: use atomic ops to poison/unpoison user pagetables (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: use two PCID ASIDs optimize the TLB during enter/exit kernel (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: stop patching flush_tlb_single (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: If INVPCID is available, use it to flush global mappings (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: use PCID feature to make user and kernel switches faster (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/64: Initialize CR4.PCIDE early (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Add a 'noinvpcid' boot option to turn off INVPCID (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Add the 'nopcid' boot option to turn off PCID (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: validate trampoline stack (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Move SYSENTER_stack to the beginning of struct tss_struct (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: isolate the user mapped per cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: selective boot time defaults (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser/xen: Dynamically disable KAISER when running under Xen PV (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add Kconfig (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: avoid false positives during non-kaiser pgd updates (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: Respect disabled CPU features (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] kaiser/mm: trampoline stack comments (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: stack trampoline (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: re-enable vsyscalls (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow to build KAISER with KASRL (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow KAISER to be enabled/disabled at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: un-poison PGDs at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add a function to check for KAISER being enabled (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add debugfs file to turn KAISER on/off at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: disable native VSYSCALL (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map virtually-addressed performance monitoring buffers (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add kprobes text section (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map trace interrupt entry (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map entry stack per-cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: map dynamically-allocated LDTs (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: make sure static PGDs are 8k in size (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: allow NX poison to be set in p4d/pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: unmap kernel from userspace page tables (core patch) (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: mark per-cpu data structures required for entry/exit (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: introduce user-mapped per-cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: add cr3 switches to entry code (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: remove scratch registers (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: prepare assembly for entry/exit CR3 switching (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Document X86_CR4_PGE toggling behavior (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/tlb: Make CR4-based TLB flushes more robust (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Do not set _PAGE_USER for init_mm page tables (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] increase robusteness of bad_iret fixup handler (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm: Check if PUD is large when validating a kernel address (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] Separate out entry text section (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [include] linux/const.h: Add _BITUL() and _BITULL() (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [include] linux/mmdebug.h: add VM_WARN_ON() and VM_WARN_ON_ONCE() (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [include] stddef.h: Move offsetofend() from vfio.h to a generic kernel header (Waiman Long) [1519799 1519802] {CVE-2017-5754}
kernel-debug-devel-2.6.32-696.18.7.el6.i686 [10.7 MiB]	Changelog by Denys Vlasenko (2017-12-28): - [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: enable IBRS and stuff_RSB before calling NMI C code (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: skip CAP_SYS_PTRACE check to skip audit (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: disable ibrs while in intel_idle() (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] spec_ctrl: skip IBRS/CR3 restore when paranoid exception returns to userland (Waiman Long) [1519797 1519796] {CVE-2017-5715} - Revert "x86/entry: Use retpoline for syscall's indirect calls" (Waiman Long) [1519797 1519796] {CVE-2017-5715} - [x86] mm/dump_pagetables: Allow dumping current pagetables (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/dump_pagetables: Add a pgd argument to walk_pgd_level() (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/dump_pagetables: Add page table directory (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Remove unneeded nmi_userspace code (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] entry: Fix nmi exit code with CONFIG_TRACE_IRQFLAGS (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED per-cpu section (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: Clear kdump pgd page to prevent incorrect behavior (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: consider the init_mm.pgd a kaiser pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754} - [x86] mm/kaiser: convert userland visible "kpti" name to "pti" (Waiman Long) [1519799 1519802] {CVE-2017-5754}
kernel-debug-devel-2.6.32-696.16.1.el6.i686 [10.7 MiB]	Changelog by Denys Vlasenko (2017-10-08): - [net] packet: fix tp_reserve race in packet_set_ring (Stefano Brivio) [1481941 1481943] {CVE-2017-1000111} - [net] packet: fix overflow in check for tp_frame_nr (Stefano Brivio) [1481941 1481943] {CVE-2017-1000111} - [net] packet: fix overflow in check for tp_reserve (Stefano Brivio) [1481941 1481943] {CVE-2017-1000111} - [netdrv] sfc: tx ring can only have 2048 entries for all EF10 NICs (Jarod Wilson) [1498019 1441773] - [fs] sunrpc: always treat the invalid cache as unexpired (Thiago Becker) [1497976 1477288] - [fs] sunrpc: xpt_auth_cache should be ignored when expired (Thiago Becker) [1497976 1477288] - [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide Caratti) [1488344 1488340] {CVE-2017-14106} - [net] tcp: fix 0 divide in __tcp_select_window() (Davide Caratti) [1488344 1488340] {CVE-2017-14106} - [scsi] lpfc: fix "integer constant too large" error on 32bit archs (Maurizio Lombardi) [1487220 1441169] - [scsi] lpfc: version 11.0.1.6 is 11.0.0.6 with no_hba_reset patches (Maurizio Lombardi) [1487220 1441169] - [scsi] lpfc: Vport creation is failing with "Link Down" error (Maurizio Lombardi) [1487220 1441169] - [scsi] lpfc: Fix panic on BFS configuration (Maurizio Lombardi) [1487220 1441169] - [scsi] lpfc: Fix eh_deadline setting for sli3 adapters (Maurizio Lombardi) [1487220 1441169] - [scsi] lpfc: Correct panics with eh_timeout and eh_deadline (Maurizio Lombardi) [1487220 1441169] - [net] udp: consistently apply ufo or fragmentation (Davide Caratti) [1481532 1481529] {CVE-2017-1000112} - [net] ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output (Davide Caratti) [1481532 1481529] {CVE-2017-1000112} - [net] ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (Davide Caratti) [1481532 1481529] {CVE-2017-1000112}
kernel-debug-devel-2.6.32-696.13.2.el6.i686 [10.7 MiB]	Changelog by Denys Vlasenko (2017-09-22): - [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil Horman) [1490060 1490062] {CVE-2017-1000251} - [fs] binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings (Petr Matousek) [1492959 1492961] {CVE-2017-1000253} - [fs] binfmt_elf.c: fix bug in loading of PIE binaries (Petr Matousek) [1492959 1492961] {CVE-2017-1000253}
kernel-debug-devel-2.6.32-696.10.3.el6.i686 [10.7 MiB]	Changelog by Denys Vlasenko (2017-09-21): - [fs] binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings (Petr Matousek) [1492959 1492961] {CVE-2017-1000253} - [fs] binfmt_elf.c: fix bug in loading of PIE binaries (Petr Matousek) [1492959 1492961] {CVE-2017-1000253}
kernel-debug-devel-2.6.32-696.10.2.el6.i686 [10.7 MiB]	Changelog by Frantisek Hrbata (2017-09-10): - [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil Horman) [1490060 1490062] {CVE-2017-1000251}
kernel-debug-devel-2.6.32-696.6.3.el6.i686 [10.7 MiB]	Changelog by Denys Vlasenko (2017-06-30): - [mm] allow JVM to implement its own stack guard pages (Larry Woodman) [1466667 1464237] - [mm] enlarge stack guard gap (Larry Woodman) [1466667 1464237] - Revert: [mm] enlarge stack guard gap (Larry Woodman) [1466667 1464237]
kernel-debug-devel-2.6.32-696.3.2.el6.i686 [10.7 MiB]	Changelog by Denys Vlasenko (2017-06-07): - [mm] enlarge stack guard gap (Larry Woodman) [1452729 1452730] {CVE-2017-1000364 CVE-2017-1000366}
kernel-debug-devel-2.6.32-696.3.1.el6.i686 [10.7 MiB]	Changelog by Denys Vlasenko (2017-04-20): - [netdrv] be2net: Fix endian issue in logical link config command (Ivan Vecera) [1442979 1436527] - [scsi] lpfc: update for rhel6 11.0.0.6 (Maurizio Lombardi) [1439636 1429881] - [scsi] lpfc: The lpfc driver does not issue RFF_ID and RFT_ID in the correct sequence (Maurizio Lombardi) [1439636 1429881] - [x86] vmalloc_sync: avoid syncing vmalloc area on crashing cpu (Pingfan Liu) [1443499 1146727] - [kernel] audit: plug cred memory leak in audit_filter_rules (Richard Guy Briggs) [1443234 1434560] - [net] tcp: avoid infinite loop in tcp_splice_read() (Davide Caratti) [1430577 1430578] {CVE-2017-6214}
kernel-debug-devel-2.6.32-696.1.1.el6.i686 [10.7 MiB]	Changelog by Denys Vlasenko (2017-03-21): - [block] fix use-after-free in seq file (Denys Vlasenko) [1418548 1418549] {CVE-2016-7910} - [firmware] Replacing the chelsio firmware (t4,t5)fw-1.15.37.0 (Sai Vemuri) [1433865 1425749] - [kernel] genirq: Avoid taking sparse_irq_lock for non-existent irqs (Dave Wysochanski) [1428106 1360930] - [tty] n_hdlc: get rid of racy n_hdlc.tbuf (Herton R. Krzesinski) [1429917 1429918] {CVE-2017-2636}

Listing created by Repoview-0.6.6-1.el6