[ELSA-2017-0086] kernel security, bug fix, and enhancement update
- [3.10.0-514.6.1.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [bug 24817676]
[3.10.0-514.6.1]
- [net] sctp: validate chunk len before actually using it (Hangbin Liu) [1399458 1399459] {CVE-2016-9555}
- [net] sctp: rename WORD_TRUNC/ROUND macros (Hangbin Liu) [1399458 1399459] {CVE-2016-9555}
- [net] sctp: keep fragmentation point aligned to word size (Hangbin Liu) [1399458 1399459] {CVE-2016-9555}
- [x86] Mark Intel Purley supported (Steve Best) [1402824 1371748]
- [acpi] sleep: Do not save NVS for new machines to accelerate S3 (Prarit Bhargava) [1402326 1385527]
- [scsi] megaraid_sas: Send SYNCHRONIZE_CACHE for VD to firmware (Tomas Henzl) [1398179 1380447]
- [scsi] megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices (Tomas Henzl) [1398179 1380447]
- [scsi] megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression (Tomas Henzl) [1398179 1380447]
- [netdrv] net/hyperv: avoid uninitialized variable (Vitaly Kuznetsov) [1395578 1392220]
- [netdrv] netvsc: Remove mistaken udp.h inclusion (Vitaly Kuznetsov) [1395578 1392220]
- [netdrv] netvsc: fix checksum on UDP IPV6 (Vitaly Kuznetsov) [1395578 1392220]
- [netdrv] hv_netvsc: add ethtool statistics for tx packet issues (Vitaly Kuznetsov) [1395578 1392220]
- [netdrv] hv_netvsc: rearrange start_xmit (Vitaly Kuznetsov) [1395578 1392220]
- [fs] Retry operation on EREMOTEIO on an interrupted slot (Steve Dickson) [1394710 1378981]
- [fs] rbd: don't retry watch reregistration if header object is gone (Ilya Dryomov) [1393485 1378186]
- [fs] rbd: don't wait for the lock forever if blacklisted (Ilya Dryomov) [1393485 1378186]
- [fs] rbd: lock_on_read map option (Ilya Dryomov) [1393485 1378186]
- [hv] do not lose pending heartbeat vmbus packets (Vitaly Kuznetsov) [1392035 1378615]
- [netdrv] netvsc: fix incorrect receive checksum offloading (Vitaly Kuznetsov) [1391617 1388702]
- [x86] kvm: lapic: cap __delay at lapic_timer_advance_ns (Marcelo Tosatti) [1391614 1389431]
- [x86] kvm: x86: move nsec_to_cycles from x86.c to x86.h (Marcelo Tosatti) [1391614 1389431]
- [net] tcp: fix use after free in tcp_xmit_retransmit_queue() (Mateusz Guzik) [1379530 1379531] {CVE-2016-6828}
[3.10.0-514.5.1]
- [fs] Fix regression which breaks DFS mounting (Sachin Prabhu) [1400055 1302329]
- [fs] Move check for prefix path to within cifs_get_root() (Sachin Prabhu) [1400055 1302329]
- [fs] Compare prepaths when comparing superblocks (Sachin Prabhu) [1400055 1302329]
- [fs] Fix memory leaks in cifs_do_mount() (Sachin Prabhu) [1400055 1302329]
- [fs] cifs: make share unaccessible at root level mountable (Sachin Prabhu) [1400055 1302329]
- [kernel] sched: Fix possible divide by zero in avg_atom() calculation (Mateusz Guzik) [1398361 1392466]
- [scsi] megaraid_sas: Do not set MPI2_TYPE_CUDA for JBOD FP path for FW which does not support JBOD sequence map (Tomas Henzl) [1398175 1380441]
- [x86] smp: Fix __max_logical_packages value setup (Prarit Bhargava) [1398173 1394239]
- [x86] revert 'smp: Fix __max_logical_packages value setup' (Prarit Bhargava) [1398173 1394239]
- [watchdog] hpwdt: add support for iLO5 (Linda Knippers) [1397747 1382798]
- [x86] kexec: Fix kexec crash in syscall kexec_file_load() (Pingfan Liu) [1395573 1385109]
- [powerpc] ppc64: Fix incorrect return value from __copy_tofrom_user (Steve Best) [1395565 1387244]
- [scsi] megaraid-sas: request irqs later (Tomas Henzl) [1394711 1392978]
- [netdrv] i40e: Fix errors resulted while turning off TSO (Stefan Assmann) [1394708 1378509]
- [fs] ext4: pre-zero allocated blocks for DAX IO (Eric Sandeen) [1394707 1367989]
- [powerpc] pseries: use pci_host_bridge.release_fn() to kfree(phb) (Steve Best) [1393724 1385635]
- [misc] genwqe: Change default access rights for device node (Steve Best) [1393723 1325797]
- [misc] hpilo: Changes to support new security states in iLO5 FW (Nigel Croxon) [1393720 1376576]
- [kernel] sched/core: Fix a race between try_to_wake_up() and a woken up task (Lauro Ramos Venancio) [1393719 1379256]
- [hid] i2c-hid: exit if the IRQ is not valid (David Arcari) [1393717 1376599]
- [x86] Add support for missing Kabylake Sunrise Point PCH (David Arcari) [1392033 1379401]
- [net] sctp: not return ENOMEM err back in sctp_packet_transmit (Xin Long) [1392025 1371362]
- [net] sctp: make sctp_outq_flush/tail/uncork return void (Xin Long) [1392025 1371362]
- [net] sctp: save transmit error to sk_err in sctp_outq_flush (Xin Long) [1392025 1371362]
- [net] sctp: free msg->chunks when sctp_primitive_SEND return err (Xin Long) [1392025 1371362]
- [net] sctp: do not return the transmit err back to sctp_sendmsg (Xin Long) [1392025 1371362]
- [net] sctp: remove the unnecessary state check in sctp_outq_tail (Xin Long) [1392025 1371362]
- [net] netdev, sched/wait: Fix sleeping inside wait event (Paolo Abeni) [1392024 1382175]
- [net] Separate the close_list and the unreg_list (Paolo Abeni) [1392024 1382175]
- [vfio] pci: Fix ordering of eventfd vs virqfd shutdown (Alex Williamson) [1391611 1322026]
- [net] Fix use after free in the recvmmsg exit path (Davide Caratti) [1390806 1390047] {CVE-2016-7117}
- [fs] nfsd: don't return an unhashed lock stateid after taking mutex ('J. Bruce Fields') [1390672 1368577]
- [fs] nfsd: Fix race between FREE_STATEID and LOCK ('J. Bruce Fields') [1390672 1368577]
- [fs] nfsd: Close race between nfsd4_release_lockowner and nfsd4_lock ('J. Bruce Fields') [1390672 1368577]
- [fs] nfsd: Extend the mutex holding region around in nfsd4_process_open2() ('J. Bruce Fields') [1390672 1368577]
- [fs] nfsd: Always lock state exclusively ('J. Bruce Fields') [1390672 1368577]
- [infiniband] ib/ipoib: move back IB LL address into the hard header (Jonathan Toppins) [1390668 1378656]
[3.10.0-514.4.1]
- [net] rtnetlink: fix rtnl_vfinfo_size (Sabrina Dubroca) [1395811 1392128]
- [netdrv] ixgbe: test for trust in macvlan adjustments for vf (Ken Cox) [1395572 1379787]
- [kernel] timekeeping: Copy the shadow-timekeeper over the real timekeeper last (Prarit Bhargava) [1395577 1344747]
[3.10.0-514.3.1]
- [net] team: Fixing a bug in team driver due to incorrect 'unsigned int' to 'int' conversion (Hangbin Liu) [1392023 1382098]
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | < 3.10.0-514.6.1.el7 |
pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | < 3.10.0-514.6.1.el7 |
pkg:rpm/oraclelinux/kernel?distro=oraclelinux-7 | < 3.10.0-514.6.1.el7 |
pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-7 | < 3.10.0-514.6.1.el7 |
pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-7 | < 3.10.0-514.6.1.el7 |
pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-7 | < 3.10.0-514.6.1.el7 |
pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-7 | < 3.10.0-514.6.1.el7 |
pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-7 | < 3.10.0-514.6.1.el7 |
pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-7 | < 3.10.0-514.6.1.el7 |
pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-7 | < 3.10.0-514.6.1.el7 |
pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-7 | < 3.10.0-514.6.1.el7 |
pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-7 | < 3.10.0-514.6.1.el7 |
- ID
- ELSA-2017-0086
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2017-0086.html
- Published
-
2017-01-17T00:00:00
(7 years ago) - Modified
-
2017-01-17T00:00:00
(7 years ago) - Rights
- Copyright 2017 Oracle, Inc.
- Other Advisories
-
- ALAS-2016-694
- ALAS-2016-740
- DSA-3659-1
- ELSA-2016-2962
- ELSA-2016-3648
- ELSA-2016-3651
- ELSA-2016-3652
- ELSA-2016-3655
- ELSA-2016-3656
- ELSA-2016-3657
- ELSA-2017-0036
- ELSA-2017-0307
- ELSA-2017-3508
- ELSA-2017-3509
- ELSA-2017-3510
- FEDORA-2016-2e5ebfed6d
- FEDORA-2016-5e24d8c350
- FEDORA-2016-723350dd75
- FEDORA-2016-f1adaaadc6
- RHSA-2017:0036
- RHSA-2017:0086
- RHSA-2017:0091
- RHSA-2017:0307
- SUSE-SU-2016:2912-1
- SUSE-SU-2016:2976-1
- SUSE-SU-2016:3039-1
- SUSE-SU-2016:3049-1
- SUSE-SU-2016:3063-1
- SUSE-SU-2016:3069-1
- SUSE-SU-2016:3093-1
- SUSE-SU-2016:3094-1
- SUSE-SU-2016:3096-1
- SUSE-SU-2016:3098-1
- SUSE-SU-2016:3100-1
- SUSE-SU-2016:3104-1
- SUSE-SU-2016:3109-1
- SUSE-SU-2016:3111-1
- SUSE-SU-2016:3112-1
- SUSE-SU-2016:3113-1
- SUSE-SU-2016:3116-1
- SUSE-SU-2016:3117-1
- SUSE-SU-2016:3119-1
- SUSE-SU-2016:3169-1
- SUSE-SU-2016:3183-1
- SUSE-SU-2016:3197-1
- SUSE-SU-2016:3205-1
- SUSE-SU-2016:3206-1
- SUSE-SU-2016:3247-1
- SUSE-SU-2016:3249-1
- SUSE-SU-2016:3304-1
- SUSE-SU-2017:0333-1
- SUSE-SU-2017:0407-1
- SUSE-SU-2017:0437-1
- SUSE-SU-2017:0471-1
- SUSE-SU-2017:0494-1
- SUSE-SU-2017:0575-1
- SUSE-SU-2017:1102-1
- SUSE-SU-2017:1247-1
- SUSE-SU-2017:1360-1
- SUSE-SU-2017:1990-1
- SUSE-SU-2017:2342-1
- USN-3097-1
- USN-3097-2
- USN-3098-1
- USN-3098-2
- USN-3099-1
- USN-3099-2
- USN-3099-3
- USN-3099-4
- USN-3126-1
- USN-3126-2
- USN-3161-1
- USN-3161-2
- USN-3161-3
- USN-3161-4
- USN-3162-1
- USN-3162-2
- USN-3187-1
- USN-3187-2
- USN-3188-1
- USN-3188-2
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2017-0086 | http://linux.oracle.com/errata/ELSA-2017-0086.html | |
CVE | CVE-2016-9555 | http://linux.oracle.com/cve/CVE-2016-9555.html | |
CVE | CVE-2016-7117 | http://linux.oracle.com/cve/CVE-2016-7117.html | |
CVE | CVE-2016-6828 | http://linux.oracle.com/cve/CVE-2016-6828.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux | python-perf | < 3.10.0-514.6.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux | perf | < 3.10.0-514.6.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-7 | oraclelinux | kernel | < 3.10.0-514.6.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-7 | oraclelinux | kernel-tools | < 3.10.0-514.6.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-7 | oraclelinux | kernel-tools-libs | < 3.10.0-514.6.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-7 | oraclelinux | kernel-tools-libs-devel | < 3.10.0-514.6.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-7 | oraclelinux | kernel-headers | < 3.10.0-514.6.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-7 | oraclelinux | kernel-doc | < 3.10.0-514.6.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-7 | oraclelinux | kernel-devel | < 3.10.0-514.6.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-7 | oraclelinux | kernel-debug | < 3.10.0-514.6.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-7 | oraclelinux | kernel-debug-devel | < 3.10.0-514.6.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-7 | oraclelinux | kernel-abi-whitelists | < 3.10.0-514.6.1.el7 | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |