[ELSA-2014-1167] kernel security and bug fix update
[2.6.32-431.29.2]
- [kernel] futex: Fix errors in nested key ref-counting (Denys Vlasenko) [1094457 1094458] {CVE-2014-0205}
- [net] vxlan: fix NULL pointer dereference (Jiri Benc) [1114549 1096351] {CVE-2014-3535}
[2.6.32-431.29.1]
- [mm] hugetlb: ensure hugepage access is denied if hugepages are not supported (Gustavo Duarte) [1118782 1086450]
- [security] keys: Increase root_maxkeys and root_maxbytes sizes (Steve Dickson) [1115542 1113607]
- [fs] lockd: Ensure that nlmclnt_block resets block->b_status after a server reboot (Steve Dickson) [1110180 959006]
- [net] filter: add vlan tag access (Jiri Benc) [1108526 1082097]
- [net] filter: add XOR operation (Jiri Benc) [1108526 1082097]
- [net] filter: add SKF_AD_RXHASH and SKF_AD_CPU (Jiri Benc) [1108526 1082097]
- [net] filter: Socket filter ancilliary data access for skb->dev->type (Jiri Benc) [1108526 1082097]
- [net] filter: Add SKF_AD_QUEUE instruction (Jiri Benc) [1108526 1082097]
- [net] filter: ingress socket filter by mark (Jiri Benc) [1108526 1082097]
- [netdrv] bonding: look for bridge IPs in arp monitoring (Veaceslav Falico) [1102794 704190]
- [s390] af_iucv: wrong mapping of sent and confirmed skbs (Hendrik Brueckner) [1112390 1102248]
- [s390] af_iucv: recvmsg problem for SOCK_STREAM sockets (Hendrik Brueckner) [1112390 1102248]
- [s390] af_iucv: fix recvmsg by replacing skb_pull() function (Hendrik Brueckner) [1112390 1102248]
- [s390] kernel: avoid page table walk on user space access (Hendrik Brueckner) [1111194 1099146]
- [s390] qeth: postpone freeing of qdio memory (Hendrik Brueckner) [1112134 1094379]
- [s390] qeth: Fix retry logic in hardsetup (Hendrik Brueckner) [1112134 1094379]
- [s390] qeth: Recognize return codes of ccw_device_set_online (Hendrik Brueckner) [1112134 1094379]
- [s390] qdio: remove API wrappers (Hendrik Brueckner) [1112134 1094379]
- [scsi] Ensure medium access timeout counter resets (David Jeffery) [1117153 1036884]
- [scsi] Fix error handling when no ULD is attached (David Jeffery) [1117153 1036884]
- [scsi] Handle disk devices which can not process medium access commands (David Jeffery) [1117153 1036884]
- [fs] nfs: Fix calls to drop_nlink() (Steve Dickson) [1099607 1093819]
- [mm] swap: do not skip lowest_bit in scan_swap_map() scan loop (Rafael Aquini) [1099728 1060886]
- [mm] swap: fix shmem swapping when more than 8 areas (Rafael Aquini) [1099728 1060886]
- [mm] swap: fix swapon size off-by-one (Rafael Aquini) [1099728 1060886]
- [md] avoid deadlock when dirty buffers during md_stop (Jes Sorensen) [1121541 994724]
- [x86] hyperv: bypass the timer_irq_works() check (Jason Wang) [1112226 1040349]
[2.6.32-431.28.1]
- [kernel] auditsc: audit_krule mask accesses need bounds checking (Denys Vlasenko) [1102704 1102705] {CVE-2014-3917}
- [net] ipv4: fix route cache rebuilds (Jiri Pirko) [1113824 1111631]
- [fs] nfsd: notify_change needs elevated write count (Mateusz Guzik) [1110177 1105057]
- [fs] nfsv4: close needs to handle NFS4ERR_ADMIN_REVOKED (Dave Wysochanski) [1096397 1082127]
- [fs] pipe: skip file_update_time on frozen fs (Eric Sandeen) [1114405 1093077]
- [fs] nfs: Fail the truncate() if the lock/open stateid is invalid (Steve Dickson) [1090613 1075123]
- [fs] nfs: Servers should only check SETATTR stateid open mode on size change (Steve Dickson) [1090613 1075123]
- [fs] nfs: Fail data server I/O if stateid represents a lost lock (Steve Dickson) [1090613 1075123]
- [fs] nfs: Fix the return value of nfs4_select_rw_stateid (Steve Dickson) [1090613 1075123]
- [fs] nfs: Use the open stateid if the delegation has the wrong mode (Steve Dickson) [1090613 1075123]
- [fs] nfs: nfs4_stateid_is_current should return 'true' for an invalid stateid (Steve Dickson) [1090613 1075123]
- [fs] nfs: fix error return in nfs4_select_rw_stateid (Steve Dickson) [1090613 1075123]
- [fs] nfs: Document the recover_lost_locks kernel parameter (Jeff Layton) [1089359 963785]
- [fs] nfs: Don't try to recover NFSv4 locks when they are lost (Jeff Layton) [1089359 963785]
- [fs] nfs: Fix handling of partially delegated locks (Jeff Layton) [1120074 959788]
- [fs] nfs: Convert the nfs4_lock_state->ls_flags to a bit field (Jeff Layton) [1120074 959788]
- [x86] Optimize switch_mm() for multi-threaded workloads (Rik van Riel) [1115821 991518]
- [netdrv] pppol2tp: fail when socket option level is not SOL_PPPOL2TP [1119461 1119462] {CVE-2014-4943}
- [kernel] utrace: force IRET path after utrace_finish_vfork() (Oleg Nesterov) [1115932 1115933] {CVE-2014-4699}
[2.6.32-431.27.1]
- [scsi] fix performance regression due to inverted blk_get_queue return (Mike Snitzer) [1117582 1098658]
- [net] openvswitch: fix use-after-free bug in netns (Flavio Leitner) [1120651 1100127]
[2.6.32-431.26.1]
- [net] gro: fix deliver of trunk packets to VLAN interfaces (Marcelo Ricardo Leitner) [1116231 1112324]
[2.6.32-431.25.1]
- [net] sctp: Fix sk_ack_backlog wrap-around problem (Daniel Borkmann) [1113969 1085932] {CVE-2014-4667}
[2.6.32-431.24.1]
- [alsa] aloop: Close races at restarting the stream (Jaroslav Kysela) [1112492 1078592]
- [alsa] aloop: Export snd_pcm_constraint_mask64() (Jaroslav Kysela) [1112492 1078592]
- [alsa] pcm: Warn when buffer preallocation fails (Jaroslav Kysela) [1112492 1078592]
- [alsa] aloop: Add SNDRV_PCM_STATE_PAUSED case in wait_for_avail function (Jaroslav Kysela) [1112492 1078592]
- [alsa] jack: Unregister input device at disconnection (Jaroslav Kysela) [1112492 1078592]
- [alsa] aloop: Optimize module name check (Jaroslav Kysela) [1112492 1078592]
- [alsa] pcm: Add fallthru comments (Jaroslav Kysela) [1112492 1078592]
- [alsa] aloop: Fix Oops while PM resume (Jaroslav Kysela) [1112492 1078592]
- [alsa] aloop: add locking to timer access (Jaroslav Kysela) [1112492 1078592]
| Package | Affected Version |
|---|---|
 pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-6
|
< 2.6.32-431.29.2.el6 |
|
pkg:rpm/oraclelinux/perf?distro=oraclelinux-6
|
< 2.6.32-431.29.2.el6 |
|
pkg:rpm/oraclelinux/kernel?distro=oraclelinux-6
|
< 2.6.32-431.29.2.el6 |
|
pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-6
|
< 2.6.32-431.29.2.el6 |
|
pkg:rpm/oraclelinux/kernel-firmware?distro=oraclelinux-6
|
< 2.6.32-431.29.2.el6 |
|
pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-6
|
< 2.6.32-431.29.2.el6 |
|
pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-6
|
< 2.6.32-431.29.2.el6 |
|
pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-6
|
< 2.6.32-431.29.2.el6 |
|
pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-6
|
< 2.6.32-431.29.2.el6 |
|
pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-6
|
< 2.6.32-431.29.2.el6 |
- ID
- ELSA-2014-1167
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2014-1167.html
- Published
-
2014-09-09T00:00:00
(10 years ago) - Modified
-
2014-09-09T00:00:00
(10 years ago) - Rights
- Copyright 2014 Oracle, Inc.
- Other Advisories
-
-
DSA-2992-1
-
ELSA-2014-1023
-
ELSA-2014-1143
-
ELSA-2014-1281
-
ELSA-2014-3067
-
ELSA-2014-3068
-
ELSA-2014-3069
-
ELSA-2014-3072
-
ELSA-2014-3073
-
ELSA-2014-3074
-
ELSA-2014-3081
-
ELSA-2014-3086
-
FEDORA-2014-11008
-
FEDORA-2014-11031
-
FEDORA-2014-13020
-
FEDORA-2014-13045
-
FEDORA-2014-13558
-
FEDORA-2014-13773
-
FEDORA-2014-14068
-
FEDORA-2014-15200
-
FEDORA-2014-16632
-
FEDORA-2014-17244
-
FEDORA-2014-17283
-
FEDORA-2014-7033
-
FEDORA-2014-7128
-
FEDORA-2014-7320
-
FEDORA-2014-7426
-
FEDORA-2014-7430
-
FEDORA-2014-7863
-
FEDORA-2014-8171
-
FEDORA-2014-8487
-
FEDORA-2014-8519
-
FEDORA-2014-9010
-
FEDORA-2014-9142
-
FEDORA-2014-9449
-
FEDORA-2014-9466
-
FEDORA-2014-9959
-
FEDORA-2015-0515
-
FEDORA-2015-1672
-
FEDORA-2015-3594
-
FEDORA-2015-5024
-
FEDORA-2015-6294
-
FEDORA-2015-8518
-
RHSA-2014:1023
-
RHSA-2014:1167
-
RHSA-2014:1281
-
SUSE-SU-2015:0481-1
-
SUSE-SU-2015:0581-1
-
SUSE-SU-2015:0652-1
-
SUSE-SU-2015:0736-1
-
SUSE-SU-2015:1174-1
-
SUSE-SU-2015:1376-1
-
USN-1041-1
-
USN-2281-1
-
USN-2282-1
-
USN-2285-1
-
USN-2286-1
-
USN-2287-1
-
USN-2289-1
-
USN-2313-1
-
USN-2314-1
-
USN-2332-1
-
USN-2333-1
-
USN-2334-1
-
USN-2335-1
-
USN-2336-1
-
USN-2337-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| elsa | ELSA-2014-1167 |
|
|
| CVE | CVE-2014-4667 |
|
|
| CVE | CVE-2014-3917 |
|
|
| CVE | CVE-2014-0205 |
|
|
| CVE | CVE-2014-3535 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-6 | oraclelinux |
python-perf
|
< 2.6.32-431.29.2.el6 | oraclelinux-6 | ||
| Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-6 | oraclelinux |
perf
|
< 2.6.32-431.29.2.el6 | oraclelinux-6 | ||
| Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-6 | oraclelinux |
kernel
|
< 2.6.32-431.29.2.el6 | oraclelinux-6 | ||
| Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-6 | oraclelinux |
kernel-headers
|
< 2.6.32-431.29.2.el6 | oraclelinux-6 | ||
| Affected | pkg:rpm/oraclelinux/kernel-firmware?distro=oraclelinux-6 | oraclelinux |
kernel-firmware
|
< 2.6.32-431.29.2.el6 | oraclelinux-6 | ||
| Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-6 | oraclelinux |
kernel-doc
|
< 2.6.32-431.29.2.el6 | oraclelinux-6 | ||
| Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-6 | oraclelinux |
kernel-devel
|
< 2.6.32-431.29.2.el6 | oraclelinux-6 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-6 | oraclelinux |
kernel-debug
|
< 2.6.32-431.29.2.el6 | oraclelinux-6 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-6 | oraclelinux |
kernel-debug-devel
|
< 2.6.32-431.29.2.el6 | oraclelinux-6 | ||
| Affected | pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-6 | oraclelinux |
kernel-abi-whitelists
|
< 2.6.32-431.29.2.el6 | oraclelinux-6 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |