[ELSA-2015-1221] kernel security, bug fix, and enhancement update

Severity Moderate

Affected Packages 10

CVEs 5

[2.6.32-504.30.3]
- [redhat] spec: Update dracut dependency to pull in drbg module (Frantisek Hrbata) [1241517 1241338]

[2.6.32-504.30.2]
- [crypto] rng: Remove krng (Herbert Xu) [1233512 1226418]
- [crypto] drbg: Add stdrng alias and increase priority (Herbert Xu) [1233512 1226418]
- [crypto] seqiv: Move IV seeding into init function (Herbert Xu) [1233512 1226418]
- [crypto] eseqiv: Move IV seeding into init function (Herbert Xu) [1233512 1226418]
- [crypto] chainiv: Move IV seeding into init function (Herbert Xu) [1233512 1226418]

[2.6.32-504.30.1]
- [net] Fix checksum features handling in netif_skb_features() (Vlad Yasevich) [1231690 1220247]

[2.6.32-504.29.1]
- [net] gso: fix skb_segment for non-offset skb pointers (Jiri Benc) [1229586 1200533]

[2.6.32-504.28.1]
- [fs] pipe: fix pipe corruption and iovec overrun on partial copy (Seth Jennings) [1202860 1185166] {CVE-2015-1805}
- [net] ipv4: Missing sk_nulls_node_init in ping_unhash (Denys Vlasenko) [1218102 1218103] {CVE-2015-3636}
- [net] conntrack: RFC5961 challenge ACK confuse conntrack LAST-ACK transition (Jesper Brouer) [1227467 1227468 1212801 1200541]
- [net] tcp: Restore RFC5961-compliant behavior for SYN packets (Jesper Brouer) [1227467 1227468 1212801 1200541]
- [x86] kernel: ignore NMI IOCK when in kdump kernel (Jerry Snitselaar) [1225054 1196263]
- [x86] asm/entry/64: Remove a bogus 'ret_from_fork' optimization (Mateusz Guzik) [1209232 1209233] {CVE-2015-2830}
- [fs] gfs2: try harder to obtain journal lock during recovery (Abhijith Das) [1222588 1110846]
for core_pmu (Jiri Olsa) [1219149 1188336]
- [x86] mm: Linux stack ASLR implementation (Jacob Tanenbaum) [1195682 1195683] {CVE-2015-1593}
- [fs] xfs: DIO write completion size updates race (Brian Foster) [1218499 1198440]
- [net] ipv6: Don't reduce hop limit for an interface (Denys Vlasenko) [1208492 1208493]
- [net] vlan: more careful checksum features handling (Vlad Yasevich) [1221844 1212384]
- [kernel] tracing: Export tracing clock functions (Jerry Snitselaar) [1217986 1212502]
- [edac] sb_edac: fix corruption/crash on imbalanced Haswell home agents (Seth Jennings) [1213468 1210148]
- [netdrv] tun: Fix csum_start with VLAN acceleration (Jason Wang) [1217189 1036482]
- [netdrv] tun: unbreak truncated packet signalling (Jason Wang) [1217189 1036482]
- [netdrv] tuntap: hardware vlan tx support (Jason Wang) [1217189 1036482]
- [vhost] vhost-net: fix handle_rx buffer size (Jason Wang) [1217189 1036482]
- [netdrv] ixgbe: fix X540 Completion timeout (John Greene) [1215855 1150343]
- [char] tty: drop driver reference in tty_open fail path (Mateusz Guzik) [1201893 1201894]
- [netdrv] macvtap: Fix csum_start when VLAN tags are present (Vlad Yasevich) [1215914 1123697]
- [netdrv] macvtap: signal truncated packets (Vlad Yasevich) [1215914 1123697]
- [netdrv] macvtap: restore vlan header on user read (Vlad Yasevich) [1215914 1123697]
- [netdrv] macvlan: Initialize vlan_features to turn on offload support (Vlad Yasevich) [1215914 1123697]
- [netdrv] macvlan: Add support for 'always_on' offload features (Vlad Yasevich) [1215914 1123697]
- [netdrv] mactap: Fix checksum errors for non-gso packets in bridge mode (Vlad Yasevich) [1215914 1123697]
- [netdrv] revert 'macvlan: fix checksums error when we are in bridge mode' (Vlad Yasevich) [1215914 1123697]
- [net] core: Correctly set segment mac_len in skb_segment() (Vlad Yasevich) [1215914 1123697]
- [net] core: generalize skb_segment() (Vlad Yasevich) [1215914 1123697]
- [net] core: Add skb_headers_offset_update helper function (Vlad Yasevich) [1215914 1123697]
- [netdrv] ixgbe: Correctly disable VLAN filter in promiscuous mode (Vlad Yasevich) [1215914 1123697]
- [netdrv] ixgbe: remove vlan_filter_disable and enable functions (Vlad Yasevich) [1215914 1123697]
- [netdrv] qlge: Fix TSO for non-accelerated vlan traffic (Vlad Yasevich) [1215914 1123697]
- [netdrv] i40evf: Fix TSO and hw checksums for non-accelerated vlan packets (Vlad Yasevich) [1215914 1123697]
- [netdrv] i40e: Fix TSO and hw checksums for non-accelerated vlan packets (Vlad Yasevich) [1215914 1123697]
- [netdrv] ehea: Fix TSO and hw checksums with non-accelerated vlan packets (Vlad Yasevich) [1215914 1123697]
- [netdrv] e1000: Fix TSO for non-accelerated vlan traffic (Vlad Yasevich) [1215914 1123697]
- [kernel] ipc: sysv shared memory limited to 8TiB (George Beshers) [1224301 1171218]
- [mm] hugetlb: improve page-fault scalability (Larry Woodman) [1212300 1120365]
- [netdrv] hyperv: Fix the total_data_buflen in send path (Jason Wang) [1222556 1132918]
- [crypto] drbg: fix maximum value checks on 32 bit systems (Herbert Xu) [1225950 1219907]
- [crypto] drbg: remove configuration of fixed values (Herbert Xu) [1225950 1219907]

[2.6.32-504.27.1]
- [netdrv] mlx4_en: current_mac isn't updated in port up (Amir Vadai) [1224383 1081667]
- [netdrv] mlx4_en: Fix mac_hash database inconsistency (Amir Vadai) [1224383 1081667]
- [netdrv] mlx4_en: Protect MAC address modification with the state_lock mutex (Amir Vadai) [1224383 1081667]
- [netdrv] mlx4_en: Fix errors in MAC address changing when port is down (Amir Vadai) [1224383 1081667]
- [netdrv] mlx4: Verify port number in __mlx4_unregister_mac (Amir Vadai) [1224383 1081667]
- [netdrv] mlx4_en: Adding missing initialization of perm_addr (Amir Vadai) [1225489 1120930]

[2.6.32-504.26.1]
- [kernel] sched: Fix clock_gettime(CLOCK_[PROCESS/THREAD]_CPUTIME_ID) monotonicity (Seth Jennings) [1219501 1140024]
- [kernel] sched: Replace use of entity_key() (Larry Woodman) [1219123 1124603]

[2.6.32-504.25.1]
- [net] ipvs: allow rescheduling of new connections when port reuse is detected (Marcelo Leitner) [1222771 1108514]
- [net] ipvs: Fix reuse connection if real server is dead (Marcelo Leitner) [1222771 1108514]
- [netdrv] bonding: fix locking in enslave failure path (Nikolay Aleksandrov) [1222483 1221856]
- [netdrv] bonding: primary_slave & curr_active_slave are not cleaned on enslave failure (Nikolay Aleksandrov) [1222483 1221856]
- [netdrv] bonding: vlans don't get deleted on enslave failure (Nikolay Aleksandrov) [1222483 1221856]
- [netdrv] bonding: mc addresses don't get deleted on enslave failure (Nikolay Aleksandrov) [1222483 1221856]
- [netdrv] bonding: IFF_BONDING is not stripped on enslave failure (Nikolay Aleksandrov) [1222483 1221856]
- [netdrv] bonding: fix error handling if slave is busy v2 (Nikolay Aleksandrov) [1222483 1221856]

[2.6.32-504.24.1]
- [mm] readahead: get back a sensible upper limit (Rafael Aquini) [1215755 1187940]

Package	Affected Version
pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-6	< 2.6.32-504.30.3.el6
pkg:rpm/oraclelinux/perf?distro=oraclelinux-6	< 2.6.32-504.30.3.el6
pkg:rpm/oraclelinux/kernel?distro=oraclelinux-6	< 2.6.32-504.30.3.el6
pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-6	< 2.6.32-504.30.3.el6
pkg:rpm/oraclelinux/kernel-firmware?distro=oraclelinux-6	< 2.6.32-504.30.3.el6
pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-6	< 2.6.32-504.30.3.el6
pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-6	< 2.6.32-504.30.3.el6
pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-6	< 2.6.32-504.30.3.el6
pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-6	< 2.6.32-504.30.3.el6
pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-6	< 2.6.32-504.30.3.el6

ID

ELSA-2015-1221

Severity

moderate

URL

https://linux.oracle.com/errata/ELSA-2015-1221.html

Published

2015-07-14T00:00:00
(9 years ago)

Modified

2015-07-14T00:00:00
(9 years ago)

Rights

Other Advisories

Source	# ID	URL
elsa	ELSA-2015-1221	http://linux.oracle.com/errata/ELSA-2015-1221.html
CVE	CVE-2015-1593	http://linux.oracle.com/cve/CVE-2015-1593
CVE	CVE-2015-2830	http://linux.oracle.com/cve/CVE-2015-2830
CVE	CVE-2011-5321	http://linux.oracle.com/cve/CVE-2011-5321
CVE	CVE-2015-2922	http://linux.oracle.com/cve/CVE-2015-2922
CVE	CVE-2015-3636	http://linux.oracle.com/cve/CVE-2015-3636

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-6	oraclelinux	python-perf	< 2.6.32-504.30.3.el6	oraclelinux-6
Affected	pkg:rpm/oraclelinux/perf?distro=oraclelinux-6	oraclelinux	perf	< 2.6.32-504.30.3.el6	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel?distro=oraclelinux-6	oraclelinux	kernel	< 2.6.32-504.30.3.el6	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-6	oraclelinux	kernel-headers	< 2.6.32-504.30.3.el6	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-firmware?distro=oraclelinux-6	oraclelinux	kernel-firmware	< 2.6.32-504.30.3.el6	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-6	oraclelinux	kernel-doc	< 2.6.32-504.30.3.el6	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-6	oraclelinux	kernel-devel	< 2.6.32-504.30.3.el6	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-6	oraclelinux	kernel-debug	< 2.6.32-504.30.3.el6	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-6	oraclelinux	kernel-debug-devel	< 2.6.32-504.30.3.el6	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-6	oraclelinux	kernel-abi-whitelists	< 2.6.32-504.30.3.el6	oraclelinux-6

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date