[ELSA-2015-0864] kernel security and bug fix update
[2.6.32-504.16.2]
- [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181173 1179327] {CVE-2014-8159}
[2.6.32-504.16.1]
- [fs] gfs2: Move gfs2_file_splice_write outside of #ifdef (Robert S Peterson) [1198329 1193559]
- [security] keys: close race between key lookup and freeing (Radomir Vrbovsky) [1179849 1179850] {CVE-2014-9529}
- [net] sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [1196587 1135425] {CVE-2015-1421}
- [fs] gfs2: Allocate reservation during splice_write (Robert S Peterson) [1198329 1193559]
- [fs] nfs: Be less aggressive about returning delegations for open files (Steve Dickson) [1196314 1145334]
- [fs] nfs: Avoid PUTROOTFH when managing leases (Benjamin Coddington) [1196313 1143013]
- [crypto] testmgr: mark rfc4106(gcm(aes)) as fips_allowed (Jarod Wilson) [1194983 1185395]
- [crypto] Extending the RFC4106 AES-GCM test vectors (Jarod Wilson) [1194983 1185395]
- [char] raw: Return short read or 0 at end of a raw device, not EIO (Jeff Moyer) [1195747 1142314]
- [scsi] hpsa: Use local workqueues instead of system workqueues - part1 (Tomas Henzl) [1193639 1134115]
- [x86] kvm: vmx: invalid host cr4 handling across vm entries (Jacob Tanenbaum) [1153326 1153327] {CVE-2014-3690}
- [fs] isofs: Fix unchecked printing of ER records (Radomir Vrbovsky) [1180481 1180492] {CVE-2014-9584}
- [fs] bio: fix argument of __bio_add_page() for max_sectors > 0xffff (Fam Zheng) [1198428 1166763]
- [media] ttusb-dec: buffer overflow in ioctl (Alexander Gordeev) [1170971 1167115] {CVE-2014-8884}
- [kernel] trace: insufficient syscall number validation in perf and ftrace subsystems (Jacob Tanenbaum) [1161567 1161568] {CVE-2014-7826 CVE-2014-7825}
- [fs] nfs: Fix a delegation callback race (Dave Wysochanski) [1187639 1149831]
- [fs] nfs: Don't use the delegation->inode in nfs_mark_return_delegation() (Dave Wysochanski) [1187639 1149831]
- [infiniband] ipoib: don't queue a work struct up twice (Doug Ledford) [1187664 1187666 1184072 1159925]
- [infiniband] ipoib: make sure we reap all our ah on shutdown (Doug Ledford) [1187664 1187666 1184072 1159925]
- [infiniband] ipoib: cleanup a couple debug messages (Doug Ledford) [1187664 1187666 1184072 1159925]
- [infiniband] ipoib: flush the ipoib_workqueue on unregister (Doug Ledford) [1187664 1187666 1184072 1159925]
- [infiniband] ipoib: fix ipoib_mcast_restart_task (Doug Ledford) [1187664 1187666 1184072 1159925]
- [infiniband] ipoib: fix race between mcast_dev_flush and mcast_join (Doug Ledford) [1187664 1187666 1184072 1159925]
- [infiniband] ipoib: remove unneeded locks (Doug Ledford) [1187664 1187666 1184072 1159925]
- [infiniband] ipoib: don't restart our thread on ENETRESET (Doug Ledford) [1187664 1187666 1184072 1159925]
- [infiniband] ipoib: Handle -ENETRESET properly in our callback (Doug Ledford) [1187664 1187666 1184072 1159925]
- [infiniband] ipoib: make delayed tasks not hold up everything (Doug Ledford) [1187664 1187666 1184072 1159925]
- [infiniband] ipoib: Add a helper to restart the multicast task (Doug Ledford) [1187664 1187666 1184072 1159925]
- [infiniband] ipoib: fix IPOIB_MCAST_RUN flag usage (Doug Ledford) [1187664 1187666 1184072 1159925]
- [infiniband] ipoib: Remove unnecessary port query (Doug Ledford) [1187664 1187666 1184072 1159925]
- [x86] kvm: Avoid pagefault in kvm_lapic_sync_to_vapic (Paolo Bonzini) [1192055 1116398]
- [s390] kernel: fix cpu target address of directed yield (Hendrik Brueckner) [1188339 1180061]
- [mm] memcg: do not allow task about to OOM kill to bypass the limit (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
- [mm] memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
- [fs] buffer: move allocation failure loop into the allocator (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
- [mm] memcg: handle non-error OOM situations more gracefully (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
- [mm] memcg: do not trap chargers with full callstack on OOM (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
- [mm] memcg: rework and document OOM waiting and wakeup (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
- [mm] memcg: enable memcg OOM killer only for user faults (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
- [x86] mm: finish user fault error path with fatal signal (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
- [mm] pass userspace fault flag to generic fault handler (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
- [s390] mm: do not invoke OOM killer on kernel fault OOM (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
- [powerpc] mm: remove obsolete init OOM protection (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
- [powerpc] mm: invoke oom-killer from remaining unconverted page fault handlers (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
- [security] selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID (Denys Vlasenko) [1104567 1104568] {CVE-2014-3215}
- [security] Add PR_<GET, SET>_NO_NEW_PRIVS to prevent execve from granting privs (Denys Vlasenko) [1104567 1104568] {CVE-2014-3215}
[2.6.32-504.15.1]
- [netdrv] ixgbe: remove CIAA/D register reads from bad VF check (John Greene) [1196312 1156061]
- [pci] Make FLR and AF FLR reset warning messages different (Myron Stowe) [1192365 1184540]
- [pci] Fix unaligned access in AF transaction pending test (Myron Stowe) [1192365 1184540]
- [pci] Merge multi-line quoted strings (Myron Stowe) [1192365 1184540]
- [pci] Wrong register used to check pending traffic (Myron Stowe) [1192365 1184540]
- [pci] Add pci_wait_for_pending() -- refactor pci_wait_for_pending_transaction() (Myron Stowe) [1192365 1184540]
- [pci] Use pci_wait_for_pending_transaction() instead of for loop (Myron Stowe) [1192365 1184540]
- [pci] Add pci_wait_for_pending_transaction() (Myron Stowe) [1192365 1184540]
- [pci] Wait for pending transactions to complete before 82599 FLR (Myron Stowe) [1192365 1184540]
- [scsi] storvsc: fix a bug in storvsc limits (Vitaly Kuznetsov) [1196532 1174168]
[2.6.32-504.14.1]
- [s390] crypto: kernel oops at insmod of the z90crypt device driver (Hendrik Brueckner) [1191916 1172137]
- [sound] alsa: usb-audio: Fix crash at re-preparing the PCM stream (Jerry Snitselaar) [1192105 1167059]
- [usb] ehci: bugfix: urb->hcpriv should not be NULL (Jerry Snitselaar) [1192105 1167059]
- [mm] mmap: uncached vma support with writenotify (Jerry Snitselaar) [1192105 1167059]
- [kernel] futex: Mention key referencing differences between shared and private futexes (Larry Woodman) [1192107 1167405]
- [kernel] futex: Ensure get_futex_key_refs() always implies a barrier (Larry Woodman) [1192107 1167405]
[2.6.32-504.13.1]
- [netdrv] enic: fix rx skb checksum (Stefan Assmann) [1189068 1115505]
- [scsi] Revert 'fix our current target reap infrastructure' (David Milburn) [1188941 1168072]
- [scsi] Revert 'dual scan thread bug fix' (David Milburn) [1188941 1168072]
- [net] tcp: do not copy headers in tcp_collapse() (Alexander Duyck) [1188838 1156289]
- [net] tcp: use tcp_flags in tcp_data_queue() (Alexander Duyck) [1188838 1156289]
- [net] tcp: use TCP_SKB_CB(skb)->tcp_flags in input path (Alexander Duyck) [1188838 1156289]
- [net] tcp: remove unused tcp_fin() parameters (Alexander Duyck) [1188838 1156289]
- [net] tcp: rename tcp_skb_cb flags (Alexander Duyck) [1188838 1156289]
- [net] tcp: unify tcp flag macros (Alexander Duyck) [1188838 1156289]
- [net] tcp: unalias tcp_skb_cb flags and ip_dsfield (Alexander Duyck) [1188838 1156289]
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-6 | < 2.6.32-504.16.2.el6 |
pkg:rpm/oraclelinux/perf?distro=oraclelinux-6 | < 2.6.32-504.16.2.el6 |
pkg:rpm/oraclelinux/kernel?distro=oraclelinux-6 | < 2.6.32-504.16.2.el6 |
pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-6 | < 2.6.32-504.16.2.el6 |
pkg:rpm/oraclelinux/kernel-firmware?distro=oraclelinux-6 | < 2.6.32-504.16.2.el6 |
pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-6 | < 2.6.32-504.16.2.el6 |
pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-6 | < 2.6.32-504.16.2.el6 |
pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-6 | < 2.6.32-504.16.2.el6 |
pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-6 | < 2.6.32-504.16.2.el6 |
pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-6 | < 2.6.32-504.16.2.el6 |
- ID
- ELSA-2015-0864
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2015-0864.html
- Published
-
2015-04-21T00:00:00
(9 years ago) - Modified
-
2015-04-21T00:00:00
(9 years ago) - Rights
- Copyright 2015 Oracle, Inc.
- Other Advisories
-
- ALAS-2015-543
- ALAS-2015-544
- DSA-3060-1
- DSA-3093-1
- DSA-3128-1
- DSA-3170-1
- ELSA-2015-0290
- ELSA-2015-0726
- ELSA-2015-1137
- ELSA-2015-2152
- ELSA-2015-3013
- ELSA-2015-3014
- ELSA-2015-3015
- ELSA-2015-3019
- ELSA-2015-3020
- ELSA-2015-3021
- ELSA-2015-3032
- ELSA-2015-3033
- ELSA-2015-3034
- FEDORA-2014-13558
- FEDORA-2014-13773
- FEDORA-2014-14068
- FEDORA-2014-14126
- FEDORA-2014-15159
- FEDORA-2014-15200
- FEDORA-2014-16632
- FEDORA-2014-17244
- FEDORA-2014-17283
- FEDORA-2015-0515
- FEDORA-2015-0517
- FEDORA-2015-0937
- FEDORA-2015-10678
- FEDORA-2015-12917
- FEDORA-2015-13391
- FEDORA-2015-1657
- FEDORA-2015-1672
- FEDORA-2015-3011
- FEDORA-2015-3594
- FEDORA-2015-4059
- FEDORA-2015-4457
- FEDORA-2015-5024
- FEDORA-2015-6294
- FEDORA-2015-6320
- FEDORA-2015-7736
- FEDORA-2015-8518
- FEDORA-2015-9127
- FEDORA-2015-9704
- GLSA-201412-44
- RHBA-2015:2161
- RHSA-2015:0290
- RHSA-2015:0726
- RHSA-2015:0727
- RHSA-2015:0864
- RHSA-2015:1137
- RHSA-2015:1139
- RHSA-2015:2152
- RHSA-2015:2411
- SUSE-SU-2015:0481-1
- SUSE-SU-2015:0529-1
- SUSE-SU-2015:0581-1
- SUSE-SU-2015:0652-1
- SUSE-SU-2015:0736-1
- SUSE-SU-2015:0832-1
- SUSE-SU-2015:1174-1
- SUSE-SU-2015:1376-1
- SUSE-SU-2015:1478-1
- SUSE-SU-2017:0375-1
- USN-2417-1
- USN-2418-1
- USN-2419-1
- USN-2420-1
- USN-2421-1
- USN-2441-1
- USN-2442-1
- USN-2443-1
- USN-2444-1
- USN-2445-1
- USN-2446-1
- USN-2447-1
- USN-2448-1
- USN-2465-1
- USN-2466-1
- USN-2467-1
- USN-2468-1
- USN-2511-1
- USN-2512-1
- USN-2513-1
- USN-2514-1
- USN-2515-1
- USN-2516-1
- USN-2517-1
- USN-2518-1
- USN-2541-1
- USN-2542-1
- USN-2545-1
- USN-2546-1
- USN-2562-1
- USN-2563-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2015-0864 | http://linux.oracle.com/errata/ELSA-2015-0864.html | |
CVE | CVE-2014-3690 | http://linux.oracle.com/cve/CVE-2014-3690 | |
CVE | CVE-2014-7825 | http://linux.oracle.com/cve/CVE-2014-7825 | |
CVE | CVE-2014-7826 | http://linux.oracle.com/cve/CVE-2014-7826 | |
CVE | CVE-2014-8884 | http://linux.oracle.com/cve/CVE-2014-8884 | |
CVE | CVE-2015-1421 | http://linux.oracle.com/cve/CVE-2015-1421 | |
CVE | CVE-2014-3215 | http://linux.oracle.com/cve/CVE-2014-3215 | |
CVE | CVE-2014-8171 | http://linux.oracle.com/cve/CVE-2014-8171 | |
CVE | CVE-2014-9529 | http://linux.oracle.com/cve/CVE-2014-9529 | |
CVE | CVE-2014-9584 | http://linux.oracle.com/cve/CVE-2014-9584 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-6 | oraclelinux | python-perf | < 2.6.32-504.16.2.el6 | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-6 | oraclelinux | perf | < 2.6.32-504.16.2.el6 | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-6 | oraclelinux | kernel | < 2.6.32-504.16.2.el6 | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-6 | oraclelinux | kernel-headers | < 2.6.32-504.16.2.el6 | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-firmware?distro=oraclelinux-6 | oraclelinux | kernel-firmware | < 2.6.32-504.16.2.el6 | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-6 | oraclelinux | kernel-doc | < 2.6.32-504.16.2.el6 | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-6 | oraclelinux | kernel-devel | < 2.6.32-504.16.2.el6 | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-6 | oraclelinux | kernel-debug | < 2.6.32-504.16.2.el6 | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-6 | oraclelinux | kernel-debug-devel | < 2.6.32-504.16.2.el6 | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-6 | oraclelinux | kernel-abi-whitelists | < 2.6.32-504.16.2.el6 | oraclelinux-6 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |