1. Home
  2. Security Advisories
  3. Oracle Linux
  4. ELSA-2017-0386

[ELSA-2017-0386] kernel security, bug fix, and enhancement update

Severity Important
Affected Packages 12
CVEs 4
Info Packages References Vulnerabilities
  • [3.10.0-514.10.2.OL7]
  • Oracle Linux certificates (Alexey Petrenko)
  • Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
  • Update x509.genkey [bug 24817676]

[3.10.0-514.10.2]
- [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1423462 1423463]

[3.10.0-514.10.1]
- [block] blk-mq: Fix NULL pointer updating nr_requests (David Milburn) [1416133 1384066]
- [scsi] cxlflash: Fix crash in cxlflash_restore_luntable() (Gustavo Duarte) [1415146 1400524]
- [scsi] cxlflash: Improve context_reset() logic (Gustavo Duarte) [1415146 1400524]
- [scsi] cxlflash: Avoid command room violation (Gustavo Duarte) [1415146 1400524]
- [x86] Mark Kaby Lake with Kaby Lake PCH as supported (David Arcari) [1415094 1391219]
- [scsi] be2iscsi: Add checks to validate completions (Maurizio Lombardi) [1414687 1324918]
- [scsi] be2iscsi: Fix bad WRB index error (Maurizio Lombardi) [1414687 1324918]
- [scsi] be2iscsi: Add lock to protect WRB alloc and free (Maurizio Lombardi) [1414687 1324918]
- [mm] meminit: initialise more memory for inode/dentry hash tables in early boot (Yasuaki Ishimatsu) [1413623 1404584]
- [s390] mem_detect: Revert 'add DAT sanity check' (Hendrik Brueckner) [1413600 1391540]
- [cpufreq] intel_pstate: Fix code ordering in intel_pstate_set_policy() (Prarit Bhargava) [1411818 1398072]
- [scsi] cxlflash: Improve EEH recovery time (Steve Best) [1402442 1397588]
- [scsi] cxlflash: Fix to avoid EEH and host reset collisions (Steve Best) [1402442 1397588]
- [scsi] cxlflash: Remove the device cleanly in the system shutdown path (Steve Best) [1402442 1397588]
- [scsi] cxlflash: Scan host only after the port is ready for I/O (Steve Best) [1402442 1397588]
- [x86] kvm: x86: Check memopp before dereference (Mateusz Guzik) [1395805 1395806] {CVE-2016-8630}
- [vfio] pci: Fix integer overflows, bitmask check (Mateusz Guzik) [1394627 1394991 1394628 1394992] {CVE-2016-9083 CVE-2016-9084}
- [acpi] acpi / scan: use platform bus type by default for _HID enumeration (Tony Camuso) [1393727 1383505]
- [acpi] acpi / scan: introduce platform_id device PNP type flag (Tony Camuso) [1393727 1383505]
- [char] ipmi: Convert the IPMI SI ACPI handling to a platform device (Tony Camuso) [1393727 1383505]
- [acpi] acpi / ipmi: Cleanup coding styles (David Arcari) [1393725 1373703]
- [acpi] acpi / ipmi: Cleanup some inclusion codes (David Arcari) [1393725 1373703]
- [acpi] acpi / ipmi: Cleanup some initialization codes (David Arcari) [1393725 1373703]
- [acpi] acpi / ipmi: Cleanup several acpi_ipmi_device members (David Arcari) [1393725 1373703]
- [acpi] acpi / ipmi: Add reference counting for ACPI IPMI transfers (David Arcari) [1393725 1373703]
- [acpi] acpi / ipmi: Use global IPMI operation region handler (David Arcari) [1393725 1373703]
- [acpi] acpi / ipmi: Fix race caused by the unprotected ACPI IPMI user (David Arcari) [1393725 1373703]
- [acpi] acpi / ipmi: Fix race caused by the timed out ACPI IPMI transfers (David Arcari) [1393725 1373703]
- [acpi] acpi / ipmi: Fix race caused by the unprotected ACPI IPMI transfers (David Arcari) [1393725 1373703]
- [acpi] acpi / ipmi: Fix potential response buffer overflow (David Arcari) [1393725 1373703]

[3.10.0-514.9.1]
- [drm] i915/kbl: Remove preliminary_hw_support protection from KBL. (Rob Clark) [1413092 1305702]
- [netdrv] slip: Fix deadlock in write_wakeup (Steve Best) [1412225 1403497]
- [netdrv] slip: fix spinlock variant (Steve Best) [1412225 1403497]
- [kernel] kmod: use system_unbound_wq instead of khelper (Luiz Capitulino) [1411816 1395860]
- [nvme] switch abort to blk_execute_rq_nowait (David Milburn) [1411669 1392923]
- [netdrv] ibmveth: calculate gso_segs for large packets (Gustavo Duarte) [1411382 1361958]
- [netdrv] ibmveth: set correct gso_size and gso_type (Gustavo Duarte) [1411382 1361958]
- [netdrv] allow macvlans to move to net namespace (Jarod Wilson) [1409829 1368830]
- [pci] Set Read Completion Boundary to 128 iff Root Port supports it (_HPX) (Myron Stowe) [1406290 1387674]
- [pci] Export pcie_find_root_port() (Myron Stowe) [1406290 1387674]
- [rtc] cmos: Initialize hpet timer before irq is registered (Pratyush Anand) [1404184 1299001]
- [x86] amd: Fix cpu_llc_id for AMD Fam17h systems (Suravee Suthikulpanit) [1402444 1395399]
- [powerpc] powernv: Fix stale PE primary bus (Steve Best) [1402440 1395275]
- [misc] cxl: Fix coredump generation when cxl_get_fd() is used (Gustavo Duarte) [1402439 1397943]
- [pci] cxl: use pcibios_free_controller_deferred() when removing vPHBs (Gustavo Duarte) [1402438 1395323]
- [scsi] qla2xxx: do not abort all commands in the adapter during EEH recovery (Gustavo Duarte) [1402436 1393254]
- [scsi] qla2xxx: fix invalid DMA access after command aborts in PCI device remove (Gustavo Duarte) [1402436 1393254]
- [scsi] qla2xxx: do not queue commands when unloading (Gustavo Duarte) [1402436 1393254]
- [net] packet: fix race condition in packet_set_ring (Hangbin Liu) [1401852 1401853] {CVE-2016-8655}

[3.10.0-514.8.1]
- [netdrv] i40e: Fix corruption when transferring large files (Stefan Assmann) [1413101 1404060]

[3.10.0-514.7.1]
- [kernel] printk: avoid livelock if another CPU printks continuously (Denys Vlasenko) [1402314 1294066]

Package Affected Version
pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 < 3.10.0-514.10.2.el7
pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 < 3.10.0-514.10.2.el7
pkg:rpm/oraclelinux/kernel?distro=oraclelinux-7 < 3.10.0-514.10.2.el7
pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-7 < 3.10.0-514.10.2.el7
pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-7 < 3.10.0-514.10.2.el7
pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-7 < 3.10.0-514.10.2.el7
pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-7 < 3.10.0-514.10.2.el7
pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-7 < 3.10.0-514.10.2.el7
pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-7 < 3.10.0-514.10.2.el7
pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-7 < 3.10.0-514.10.2.el7
pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-7 < 3.10.0-514.10.2.el7
pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-7 < 3.10.0-514.10.2.el7
ID
ELSA-2017-0386
Severity
important
URL
https://linux.oracle.com/errata/ELSA-2017-0386.html
Published
2017-03-02T00:00:00
(7 years ago)
Modified
2017-03-02T00:00:00
(7 years ago)
Rights
Copyright 2017 Oracle, Inc.
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 oraclelinux python-perf < 3.10.0-514.10.2.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 oraclelinux perf < 3.10.0-514.10.2.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel?distro=oraclelinux-7 oraclelinux kernel < 3.10.0-514.10.2.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-7 oraclelinux kernel-tools < 3.10.0-514.10.2.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-7 oraclelinux kernel-tools-libs < 3.10.0-514.10.2.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-7 oraclelinux kernel-tools-libs-devel < 3.10.0-514.10.2.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-7 oraclelinux kernel-headers < 3.10.0-514.10.2.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-7 oraclelinux kernel-doc < 3.10.0-514.10.2.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-7 oraclelinux kernel-devel < 3.10.0-514.10.2.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-7 oraclelinux kernel-debug < 3.10.0-514.10.2.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-7 oraclelinux kernel-debug-devel < 3.10.0-514.10.2.el7 oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-7 oraclelinux kernel-abi-whitelists < 3.10.0-514.10.2.el7 oraclelinux-7
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date