[ELSA-2017-0386] kernel security, bug fix, and enhancement update
- [3.10.0-514.10.2.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [bug 24817676]
[3.10.0-514.10.2]
- [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1423462 1423463]
[3.10.0-514.10.1]
- [block] blk-mq: Fix NULL pointer updating nr_requests (David Milburn) [1416133 1384066]
- [scsi] cxlflash: Fix crash in cxlflash_restore_luntable() (Gustavo Duarte) [1415146 1400524]
- [scsi] cxlflash: Improve context_reset() logic (Gustavo Duarte) [1415146 1400524]
- [scsi] cxlflash: Avoid command room violation (Gustavo Duarte) [1415146 1400524]
- [x86] Mark Kaby Lake with Kaby Lake PCH as supported (David Arcari) [1415094 1391219]
- [scsi] be2iscsi: Add checks to validate completions (Maurizio Lombardi) [1414687 1324918]
- [scsi] be2iscsi: Fix bad WRB index error (Maurizio Lombardi) [1414687 1324918]
- [scsi] be2iscsi: Add lock to protect WRB alloc and free (Maurizio Lombardi) [1414687 1324918]
- [mm] meminit: initialise more memory for inode/dentry hash tables in early boot (Yasuaki Ishimatsu) [1413623 1404584]
- [s390] mem_detect: Revert 'add DAT sanity check' (Hendrik Brueckner) [1413600 1391540]
- [cpufreq] intel_pstate: Fix code ordering in intel_pstate_set_policy() (Prarit Bhargava) [1411818 1398072]
- [scsi] cxlflash: Improve EEH recovery time (Steve Best) [1402442 1397588]
- [scsi] cxlflash: Fix to avoid EEH and host reset collisions (Steve Best) [1402442 1397588]
- [scsi] cxlflash: Remove the device cleanly in the system shutdown path (Steve Best) [1402442 1397588]
- [scsi] cxlflash: Scan host only after the port is ready for I/O (Steve Best) [1402442 1397588]
- [x86] kvm: x86: Check memopp before dereference (Mateusz Guzik) [1395805 1395806] {CVE-2016-8630}
- [vfio] pci: Fix integer overflows, bitmask check (Mateusz Guzik) [1394627 1394991 1394628 1394992] {CVE-2016-9083 CVE-2016-9084}
- [acpi] acpi / scan: use platform bus type by default for _HID enumeration (Tony Camuso) [1393727 1383505]
- [acpi] acpi / scan: introduce platform_id device PNP type flag (Tony Camuso) [1393727 1383505]
- [char] ipmi: Convert the IPMI SI ACPI handling to a platform device (Tony Camuso) [1393727 1383505]
- [acpi] acpi / ipmi: Cleanup coding styles (David Arcari) [1393725 1373703]
- [acpi] acpi / ipmi: Cleanup some inclusion codes (David Arcari) [1393725 1373703]
- [acpi] acpi / ipmi: Cleanup some initialization codes (David Arcari) [1393725 1373703]
- [acpi] acpi / ipmi: Cleanup several acpi_ipmi_device members (David Arcari) [1393725 1373703]
- [acpi] acpi / ipmi: Add reference counting for ACPI IPMI transfers (David Arcari) [1393725 1373703]
- [acpi] acpi / ipmi: Use global IPMI operation region handler (David Arcari) [1393725 1373703]
- [acpi] acpi / ipmi: Fix race caused by the unprotected ACPI IPMI user (David Arcari) [1393725 1373703]
- [acpi] acpi / ipmi: Fix race caused by the timed out ACPI IPMI transfers (David Arcari) [1393725 1373703]
- [acpi] acpi / ipmi: Fix race caused by the unprotected ACPI IPMI transfers (David Arcari) [1393725 1373703]
- [acpi] acpi / ipmi: Fix potential response buffer overflow (David Arcari) [1393725 1373703]
[3.10.0-514.9.1]
- [drm] i915/kbl: Remove preliminary_hw_support protection from KBL. (Rob Clark) [1413092 1305702]
- [netdrv] slip: Fix deadlock in write_wakeup (Steve Best) [1412225 1403497]
- [netdrv] slip: fix spinlock variant (Steve Best) [1412225 1403497]
- [kernel] kmod: use system_unbound_wq instead of khelper (Luiz Capitulino) [1411816 1395860]
- [nvme] switch abort to blk_execute_rq_nowait (David Milburn) [1411669 1392923]
- [netdrv] ibmveth: calculate gso_segs for large packets (Gustavo Duarte) [1411382 1361958]
- [netdrv] ibmveth: set correct gso_size and gso_type (Gustavo Duarte) [1411382 1361958]
- [netdrv] allow macvlans to move to net namespace (Jarod Wilson) [1409829 1368830]
- [pci] Set Read Completion Boundary to 128 iff Root Port supports it (_HPX) (Myron Stowe) [1406290 1387674]
- [pci] Export pcie_find_root_port() (Myron Stowe) [1406290 1387674]
- [rtc] cmos: Initialize hpet timer before irq is registered (Pratyush Anand) [1404184 1299001]
- [x86] amd: Fix cpu_llc_id for AMD Fam17h systems (Suravee Suthikulpanit) [1402444 1395399]
- [powerpc] powernv: Fix stale PE primary bus (Steve Best) [1402440 1395275]
- [misc] cxl: Fix coredump generation when cxl_get_fd() is used (Gustavo Duarte) [1402439 1397943]
- [pci] cxl: use pcibios_free_controller_deferred() when removing vPHBs (Gustavo Duarte) [1402438 1395323]
- [scsi] qla2xxx: do not abort all commands in the adapter during EEH recovery (Gustavo Duarte) [1402436 1393254]
- [scsi] qla2xxx: fix invalid DMA access after command aborts in PCI device remove (Gustavo Duarte) [1402436 1393254]
- [scsi] qla2xxx: do not queue commands when unloading (Gustavo Duarte) [1402436 1393254]
- [net] packet: fix race condition in packet_set_ring (Hangbin Liu) [1401852 1401853] {CVE-2016-8655}
[3.10.0-514.8.1]
- [netdrv] i40e: Fix corruption when transferring large files (Stefan Assmann) [1413101 1404060]
[3.10.0-514.7.1]
- [kernel] printk: avoid livelock if another CPU printks continuously (Denys Vlasenko) [1402314 1294066]
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | < 3.10.0-514.10.2.el7 |
pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | < 3.10.0-514.10.2.el7 |
pkg:rpm/oraclelinux/kernel?distro=oraclelinux-7 | < 3.10.0-514.10.2.el7 |
pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-7 | < 3.10.0-514.10.2.el7 |
pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-7 | < 3.10.0-514.10.2.el7 |
pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-7 | < 3.10.0-514.10.2.el7 |
pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-7 | < 3.10.0-514.10.2.el7 |
pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-7 | < 3.10.0-514.10.2.el7 |
pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-7 | < 3.10.0-514.10.2.el7 |
pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-7 | < 3.10.0-514.10.2.el7 |
pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-7 | < 3.10.0-514.10.2.el7 |
pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-7 | < 3.10.0-514.10.2.el7 |
- ID
- ELSA-2017-0386
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2017-0386.html
- Published
-
2017-03-02T00:00:00
(7 years ago) - Modified
-
2017-03-02T00:00:00
(7 years ago) - Rights
- Copyright 2017 Oracle, Inc.
- Other Advisories
-
- ALAS-2016-772
- ASA-201612-6
- ASA-201612-7
- ASA-201612-8
- ELSA-2017-3508
- ELSA-2017-3509
- ELSA-2017-3514
- FEDORA-2016-107f03cc00
- FEDORA-2016-14c4187e3a
- FEDORA-2016-5aff4a6bbc
- FEDORA-2016-5cb5b4082d
- FEDORA-2016-876deae183
- FEDORA-2016-96d276367e
- FEDORA-2016-ee3a114958
- RHSA-2017:0386
- RHSA-2017:0387
- SSA:2016-347-01
- SUSE-SU-2016:3039-1
- SUSE-SU-2016:3049-1
- SUSE-SU-2016:3063-1
- SUSE-SU-2016:3093-1
- SUSE-SU-2016:3094-1
- SUSE-SU-2016:3096-1
- SUSE-SU-2016:3098-1
- SUSE-SU-2016:3100-1
- SUSE-SU-2016:3104-1
- SUSE-SU-2016:3109-1
- SUSE-SU-2016:3111-1
- SUSE-SU-2016:3112-1
- SUSE-SU-2016:3113-1
- SUSE-SU-2016:3116-1
- SUSE-SU-2016:3117-1
- SUSE-SU-2016:3119-1
- SUSE-SU-2016:3169-1
- SUSE-SU-2016:3183-1
- SUSE-SU-2016:3197-1
- SUSE-SU-2016:3205-1
- SUSE-SU-2016:3206-1
- SUSE-SU-2016:3247-1
- SUSE-SU-2016:3249-1
- SUSE-SU-2017:0181-1
- SUSE-SU-2017:0407-1
- SUSE-SU-2017:0464-1
- SUSE-SU-2017:0471-1
- USN-3149-1
- USN-3149-2
- USN-3150-1
- USN-3150-2
- USN-3151-1
- USN-3151-2
- USN-3151-3
- USN-3151-4
- USN-3152-1
- USN-3152-2
- USN-3161-1
- USN-3161-2
- USN-3161-3
- USN-3161-4
- USN-3162-1
- USN-3162-2
- USN-3312-1
- USN-3312-2
- USN-3361-1
- USN-3422-1
- USN-3422-2
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2017-0386 | http://linux.oracle.com/errata/ELSA-2017-0386.html | |
CVE | CVE-2016-8630 | http://linux.oracle.com/cve/CVE-2016-8630.html | |
CVE | CVE-2016-9083 | http://linux.oracle.com/cve/CVE-2016-9083.html | |
CVE | CVE-2016-9084 | http://linux.oracle.com/cve/CVE-2016-9084.html | |
CVE | CVE-2016-8655 | http://linux.oracle.com/cve/CVE-2016-8655.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux | python-perf | < 3.10.0-514.10.2.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux | perf | < 3.10.0-514.10.2.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-7 | oraclelinux | kernel | < 3.10.0-514.10.2.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-7 | oraclelinux | kernel-tools | < 3.10.0-514.10.2.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-7 | oraclelinux | kernel-tools-libs | < 3.10.0-514.10.2.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-7 | oraclelinux | kernel-tools-libs-devel | < 3.10.0-514.10.2.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-7 | oraclelinux | kernel-headers | < 3.10.0-514.10.2.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-7 | oraclelinux | kernel-doc | < 3.10.0-514.10.2.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-7 | oraclelinux | kernel-devel | < 3.10.0-514.10.2.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-7 | oraclelinux | kernel-debug | < 3.10.0-514.10.2.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-7 | oraclelinux | kernel-debug-devel | < 3.10.0-514.10.2.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-7 | oraclelinux | kernel-abi-whitelists | < 3.10.0-514.10.2.el7 | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |