[ELSA-2015-1221] kernel security, bug fix, and enhancement update
[2.6.32-504.30.3]
- [redhat] spec: Update dracut dependency to pull in drbg module (Frantisek Hrbata) [1241517 1241338]
[2.6.32-504.30.2]
- [crypto] rng: Remove krng (Herbert Xu) [1233512 1226418]
- [crypto] drbg: Add stdrng alias and increase priority (Herbert Xu) [1233512 1226418]
- [crypto] seqiv: Move IV seeding into init function (Herbert Xu) [1233512 1226418]
- [crypto] eseqiv: Move IV seeding into init function (Herbert Xu) [1233512 1226418]
- [crypto] chainiv: Move IV seeding into init function (Herbert Xu) [1233512 1226418]
[2.6.32-504.30.1]
- [net] Fix checksum features handling in netif_skb_features() (Vlad Yasevich) [1231690 1220247]
[2.6.32-504.29.1]
- [net] gso: fix skb_segment for non-offset skb pointers (Jiri Benc) [1229586 1200533]
[2.6.32-504.28.1]
- [fs] pipe: fix pipe corruption and iovec overrun on partial copy (Seth Jennings) [1202860 1185166] {CVE-2015-1805}
- [net] ipv4: Missing sk_nulls_node_init in ping_unhash (Denys Vlasenko) [1218102 1218103] {CVE-2015-3636}
- [net] conntrack: RFC5961 challenge ACK confuse conntrack LAST-ACK transition (Jesper Brouer) [1227467 1227468 1212801 1200541]
- [net] tcp: Restore RFC5961-compliant behavior for SYN packets (Jesper Brouer) [1227467 1227468 1212801 1200541]
- [x86] kernel: ignore NMI IOCK when in kdump kernel (Jerry Snitselaar) [1225054 1196263]
- [x86] asm/entry/64: Remove a bogus 'ret_from_fork' optimization (Mateusz Guzik) [1209232 1209233] {CVE-2015-2830}
- [fs] gfs2: try harder to obtain journal lock during recovery (Abhijith Das) [1222588 1110846]
for core_pmu (Jiri Olsa) [1219149 1188336]
- [x86] mm: Linux stack ASLR implementation (Jacob Tanenbaum) [1195682 1195683] {CVE-2015-1593}
- [fs] xfs: DIO write completion size updates race (Brian Foster) [1218499 1198440]
- [net] ipv6: Don't reduce hop limit for an interface (Denys Vlasenko) [1208492 1208493]
- [net] vlan: more careful checksum features handling (Vlad Yasevich) [1221844 1212384]
- [kernel] tracing: Export tracing clock functions (Jerry Snitselaar) [1217986 1212502]
- [edac] sb_edac: fix corruption/crash on imbalanced Haswell home agents (Seth Jennings) [1213468 1210148]
- [netdrv] tun: Fix csum_start with VLAN acceleration (Jason Wang) [1217189 1036482]
- [netdrv] tun: unbreak truncated packet signalling (Jason Wang) [1217189 1036482]
- [netdrv] tuntap: hardware vlan tx support (Jason Wang) [1217189 1036482]
- [vhost] vhost-net: fix handle_rx buffer size (Jason Wang) [1217189 1036482]
- [netdrv] ixgbe: fix X540 Completion timeout (John Greene) [1215855 1150343]
- [char] tty: drop driver reference in tty_open fail path (Mateusz Guzik) [1201893 1201894]
- [netdrv] macvtap: Fix csum_start when VLAN tags are present (Vlad Yasevich) [1215914 1123697]
- [netdrv] macvtap: signal truncated packets (Vlad Yasevich) [1215914 1123697]
- [netdrv] macvtap: restore vlan header on user read (Vlad Yasevich) [1215914 1123697]
- [netdrv] macvlan: Initialize vlan_features to turn on offload support (Vlad Yasevich) [1215914 1123697]
- [netdrv] macvlan: Add support for 'always_on' offload features (Vlad Yasevich) [1215914 1123697]
- [netdrv] mactap: Fix checksum errors for non-gso packets in bridge mode (Vlad Yasevich) [1215914 1123697]
- [netdrv] revert 'macvlan: fix checksums error when we are in bridge mode' (Vlad Yasevich) [1215914 1123697]
- [net] core: Correctly set segment mac_len in skb_segment() (Vlad Yasevich) [1215914 1123697]
- [net] core: generalize skb_segment() (Vlad Yasevich) [1215914 1123697]
- [net] core: Add skb_headers_offset_update helper function (Vlad Yasevich) [1215914 1123697]
- [netdrv] ixgbe: Correctly disable VLAN filter in promiscuous mode (Vlad Yasevich) [1215914 1123697]
- [netdrv] ixgbe: remove vlan_filter_disable and enable functions (Vlad Yasevich) [1215914 1123697]
- [netdrv] qlge: Fix TSO for non-accelerated vlan traffic (Vlad Yasevich) [1215914 1123697]
- [netdrv] i40evf: Fix TSO and hw checksums for non-accelerated vlan packets (Vlad Yasevich) [1215914 1123697]
- [netdrv] i40e: Fix TSO and hw checksums for non-accelerated vlan packets (Vlad Yasevich) [1215914 1123697]
- [netdrv] ehea: Fix TSO and hw checksums with non-accelerated vlan packets (Vlad Yasevich) [1215914 1123697]
- [netdrv] e1000: Fix TSO for non-accelerated vlan traffic (Vlad Yasevich) [1215914 1123697]
- [kernel] ipc: sysv shared memory limited to 8TiB (George Beshers) [1224301 1171218]
- [mm] hugetlb: improve page-fault scalability (Larry Woodman) [1212300 1120365]
- [netdrv] hyperv: Fix the total_data_buflen in send path (Jason Wang) [1222556 1132918]
- [crypto] drbg: fix maximum value checks on 32 bit systems (Herbert Xu) [1225950 1219907]
- [crypto] drbg: remove configuration of fixed values (Herbert Xu) [1225950 1219907]
[2.6.32-504.27.1]
- [netdrv] mlx4_en: current_mac isn't updated in port up (Amir Vadai) [1224383 1081667]
- [netdrv] mlx4_en: Fix mac_hash database inconsistency (Amir Vadai) [1224383 1081667]
- [netdrv] mlx4_en: Protect MAC address modification with the state_lock mutex (Amir Vadai) [1224383 1081667]
- [netdrv] mlx4_en: Fix errors in MAC address changing when port is down (Amir Vadai) [1224383 1081667]
- [netdrv] mlx4: Verify port number in __mlx4_unregister_mac (Amir Vadai) [1224383 1081667]
- [netdrv] mlx4_en: Adding missing initialization of perm_addr (Amir Vadai) [1225489 1120930]
[2.6.32-504.26.1]
- [kernel] sched: Fix clock_gettime(CLOCK_[PROCESS/THREAD]_CPUTIME_ID) monotonicity (Seth Jennings) [1219501 1140024]
- [kernel] sched: Replace use of entity_key() (Larry Woodman) [1219123 1124603]
[2.6.32-504.25.1]
- [net] ipvs: allow rescheduling of new connections when port reuse is detected (Marcelo Leitner) [1222771 1108514]
- [net] ipvs: Fix reuse connection if real server is dead (Marcelo Leitner) [1222771 1108514]
- [netdrv] bonding: fix locking in enslave failure path (Nikolay Aleksandrov) [1222483 1221856]
- [netdrv] bonding: primary_slave & curr_active_slave are not cleaned on enslave failure (Nikolay Aleksandrov) [1222483 1221856]
- [netdrv] bonding: vlans don't get deleted on enslave failure (Nikolay Aleksandrov) [1222483 1221856]
- [netdrv] bonding: mc addresses don't get deleted on enslave failure (Nikolay Aleksandrov) [1222483 1221856]
- [netdrv] bonding: IFF_BONDING is not stripped on enslave failure (Nikolay Aleksandrov) [1222483 1221856]
- [netdrv] bonding: fix error handling if slave is busy v2 (Nikolay Aleksandrov) [1222483 1221856]
[2.6.32-504.24.1]
- [mm] readahead: get back a sensible upper limit (Rafael Aquini) [1215755 1187940]
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-6 | < 2.6.32-504.30.3.el6 |
pkg:rpm/oraclelinux/perf?distro=oraclelinux-6 | < 2.6.32-504.30.3.el6 |
pkg:rpm/oraclelinux/kernel?distro=oraclelinux-6 | < 2.6.32-504.30.3.el6 |
pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-6 | < 2.6.32-504.30.3.el6 |
pkg:rpm/oraclelinux/kernel-firmware?distro=oraclelinux-6 | < 2.6.32-504.30.3.el6 |
pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-6 | < 2.6.32-504.30.3.el6 |
pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-6 | < 2.6.32-504.30.3.el6 |
pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-6 | < 2.6.32-504.30.3.el6 |
pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-6 | < 2.6.32-504.30.3.el6 |
pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-6 | < 2.6.32-504.30.3.el6 |
- ID
- ELSA-2015-1221
- Severity
- moderate
- URL
- https://linux.oracle.com/errata/ELSA-2015-1221.html
- Published
-
2015-07-14T00:00:00
(9 years ago) - Modified
-
2015-07-14T00:00:00
(9 years ago) - Rights
- Copyright 2015 Oracle, Inc.
- Other Advisories
-
- ALAS-2015-491
- ALAS-2015-523
- DSA-3170-1
- DSA-3237-1
- DSA-3290-1
- ELSA-2015-1137
- ELSA-2015-1534
- ELSA-2015-3045
- ELSA-2015-3046
- ELSA-2015-3047
- ELSA-2015-3048
- ELSA-2015-3049
- ELSA-2015-3050
- ELSA-2019-3517
- FEDORA-2015-10678
- FEDORA-2015-12917
- FEDORA-2015-13391
- FEDORA-2015-3011
- FEDORA-2015-3594
- FEDORA-2015-4059
- FEDORA-2015-4457
- FEDORA-2015-5024
- FEDORA-2015-6100
- FEDORA-2015-6294
- FEDORA-2015-6320
- FEDORA-2015-7736
- FEDORA-2015-7784
- FEDORA-2015-8518
- FEDORA-2015-9127
- FEDORA-2015-9704
- RHSA-2015:1137
- RHSA-2015:1139
- RHSA-2015:1221
- RHSA-2015:1534
- RHSA-2015:1565
- RHSA-2019:3517
- SUSE-SU-2015:0581-1
- SUSE-SU-2015:0736-1
- SUSE-SU-2015:1071-1
- SUSE-SU-2015:1174-1
- SUSE-SU-2015:1224-1
- SUSE-SU-2015:1376-1
- SUSE-SU-2015:1478-1
- SUSE-SU-2015:1487-1
- SUSE-SU-2015:1488-1
- SUSE-SU-2015:1489-1
- SUSE-SU-2015:1491-1
- SUSE-SU-2015:1592-1
- SUSE-SU-2015:1611-1
- SUSE-SU-2015:1678-1
- USN-2560-1
- USN-2561-1
- USN-2562-1
- USN-2563-1
- USN-2564-1
- USN-2565-1
- USN-2585-1
- USN-2586-1
- USN-2587-1
- USN-2588-1
- USN-2589-1
- USN-2590-1
- USN-2613-1
- USN-2614-1
- USN-2631-1
- USN-2632-1
- USN-2633-1
- USN-2634-1
- USN-2635-1
- USN-2636-1
- USN-2637-1
- USN-2638-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2015-1221 | http://linux.oracle.com/errata/ELSA-2015-1221.html | |
CVE | CVE-2015-1593 | http://linux.oracle.com/cve/CVE-2015-1593 | |
CVE | CVE-2015-2830 | http://linux.oracle.com/cve/CVE-2015-2830 | |
CVE | CVE-2011-5321 | http://linux.oracle.com/cve/CVE-2011-5321 | |
CVE | CVE-2015-2922 | http://linux.oracle.com/cve/CVE-2015-2922 | |
CVE | CVE-2015-3636 | http://linux.oracle.com/cve/CVE-2015-3636 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-6 | oraclelinux | python-perf | < 2.6.32-504.30.3.el6 | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-6 | oraclelinux | perf | < 2.6.32-504.30.3.el6 | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-6 | oraclelinux | kernel | < 2.6.32-504.30.3.el6 | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-6 | oraclelinux | kernel-headers | < 2.6.32-504.30.3.el6 | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-firmware?distro=oraclelinux-6 | oraclelinux | kernel-firmware | < 2.6.32-504.30.3.el6 | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-6 | oraclelinux | kernel-doc | < 2.6.32-504.30.3.el6 | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-6 | oraclelinux | kernel-devel | < 2.6.32-504.30.3.el6 | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-6 | oraclelinux | kernel-debug | < 2.6.32-504.30.3.el6 | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-6 | oraclelinux | kernel-debug-devel | < 2.6.32-504.30.3.el6 | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-6 | oraclelinux | kernel-abi-whitelists | < 2.6.32-504.30.3.el6 | oraclelinux-6 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |