The Unbreakable Enterprise Kernel Release 4 Update 7 uses the 4.1.12-124.14.1 version and includes several new features, added functionality and bug fixes across a range of subsystems.
- KVM security fixes for retpoline support. Security fixes have been implemented to mitigate against kernel or cross-process memory disclosure such as the attack vector used by Spectre V2. A backport was introduced to fix an issue that resulted in the use of a stale model-specific register (MSR) value generated by a previous VM exit where retpoline support is enabled in the host kernel.
- RDS IPv6 support. Support for the use of IPv6 addresses has been added to the kernel RDS and related modules. Existing RDS applications using IPv4 addresses are able to continue to run normally, but applications that require IPv6 addresses can do so by passing the address in struct sockaddr_in6 to bind(), connect() or sendmsg().
- Added DTrace lockstat probes. These probes can be viewed using dtrace -l -P lockstat. DTrace lockstat support allows for dynamic tracing of kernel locking events. For example, these probes can provide information on which locks are most frequently used, which locks exhibit the most contention and which locks are held longest.
For more details on these and other new features and changes, please consult the Release Notes for the UEK R4 Update 7.
Security (CVE) Fixes
A full list of CVEs fixed in this release can be found in the Release Notes for the UEK R4 Update 7.
Supported upgrade path
Customers can upgrade existing Oracle Linux 6 and Oracle Linux 7 servers using the Unbreakable Linux Network or the Oracle Linux yum server.
Oracle Linux can be downloaded, used and distributed free of charge and all updates and errata are freely available. This allows you to decide which of your systems require a support subscription and makes Oracle Linux an ideal choice for your development, testing and production systems. You decide which support coverage is the best for each of your systems individually, while keeping all of your systems up-to-date and secure. For customers with Oracle Linux Premier Support, you also receive access to zero-downtime kernel updates using Oracle Ksplice and support for Oracle OpenStack.
UEK R4 Update 7 is fully compatible with the previous UEK R4 updates. The kernel ABI for UEK R4 will remain unchanged in all subsequent updates to the initial release. In this release, there are changes to the kernel ABI relative to UEK R3 that require recompilation of third-party kernel modules on the system. Before installing UEK R4, verify its support status with your application vendor.
Resources – Oracle Linux
Data Sheets, White Papers, Videos, Training, Support & more
Product Training and Education
Oracle Linux - http://oracle.com/education/linux