[ELSA-2017-1308] kernel security, bug fix, and enhancement update
- [3.10.0-514.21.1.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [bug 24817676]
[3.10.0-514.21.1]
- [kernel] sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (Gustavo Duarte) [1441547 1423400]
- [drivers] Set dev->device_rh to NULL after free (Prarit Bhargava) [1441544 1414064]
- [security] keys: request_key() should reget expired keys rather than give EKEYEXPIRED (David Howells) [1441287 1408330]
- [security] keys: Simplify KEYRING_SEARCH_{NO, DO}_STATE_CHECK flags (David Howells) [1441287 1408330]
- [net] packet: fix overflow in check for tp_reserve (Hangbin Liu) [1441171 1441172] {CVE-2017-7308}
- [net] packet: fix overflow in check for tp_frame_nr (Hangbin Liu) [1441171 1441172] {CVE-2017-7308}
- [net] packet: fix overflow in check for priv area size (Hangbin Liu) [1441171 1441172] {CVE-2017-7308}
- [powerpc] pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (Steve Best) [1439812 1423396]
- [netdrv] fjes: Fix wrong netdevice feature flags (Yasuaki Ishimatsu) [1439802 1435603]
- [kernel] mlx5e: Implement Fragmented Work Queue (WQ) (Don Dutile) [1439164 1368400]
- [netdrv] mlx5e: Copy all L2 headers into inline segment (Don Dutile) [1439161 1383013]
- [nvdimm] fix PHYS_PFN/PFN_PHYS mixup (Jeff Moyer) [1439160 1428115]
- [s390] scsi: zfcp: fix rport unblock race with LUN recovery (Hendrik Brueckner) [1433413 1421750]
- [fs] gfs2: Avoid alignment hole in struct lm_lockname (Robert S Peterson) [1432554 1425450]
- [fs] gfs2: Add missing rcu locking for glock lookup (Robert S Peterson) [1432554 1425450]
- [fs] ext4: fix fencepost in s_first_meta_bg validation (Lukas Czerner) [1430969 1332503] {CVE-2016-10208}
- [fs] ext4: sanity check the block and cluster size at mount time (Lukas Czerner) [1430969 1332503] {CVE-2016-10208}
- [fs] ext4: validate s_first_meta_bg at mount time (Lukas Czerner) [1430969 1332503] {CVE-2016-10208}
- [net] sctp: deny peeloff operation on asocs with threads sleeping on it (Hangbin Liu) [1429496 1429497] {CVE-2017-5986 CVE-2017-6353}
- [net] sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Hangbin Liu) [1429496 1429497] {CVE-2017-5986 CVE-2017-6353}
- [x86] perf/x86/intel/rapl: Make package handling more robust (Jiri Olsa) [1443902 1418688]
- [x86] perf/x86/intel/rapl: Convert to hotplug state machine (Jiri Olsa) [1443902 1418688]
- [x86] perf/x86: Set pmu->module in Intel PMU modules (Jiri Olsa) [1443902 1418688]
- [kernel] sched/core, x86/topology: Fix NUMA in package topology bug (Jiri Olsa) [1441645 1369832]
- [kernel] sched: Allow hotplug notifiers to be setup early (Jiri Olsa) [1441645 1369832]
- [x86] x86/smpboot: Make logical package management more robust (Prarit Bhargava) [1441643 1414054]
- [x86] x86/cpu: Deal with broken firmware (VMWare/XEN) (Prarit Bhargava) [1441643 1414054]
- [x86] perf/x86/intel/uncore: Fix hardcoded socket 0 assumption in the Haswell init code (Prarit Bhargava) [1426633 1373738]
- [x86] revert 'perf/uncore: Disable uncore on kdump kernel' (Prarit Bhargava) [1426633 1373738]
- [x86] smpboot: Init apic mapping before usage (Prarit Bhargava) [1426633 1373738]
- [x86] smp: Don't try to poke disabled/non-existent APIC (Prarit Bhargava) [1426633 1373738]
- [x86] Handle non enumerated CPU after physical hotplug (Prarit Bhargava) [1426633 1373738]
- [block] fix use-after-free in seq file (Denys Vlasenko) [1418550 1418551] {CVE-2016-7910}
- [crypto] algif_hash - Only export and import on sockets with data (Herbert Xu) [1394101 1387632] {CVE-2016-8646}
- [char] hwrng: core - sleep interruptible in read (Amit Shah) [1443503 1376397]
- [char] hwrng: core - correct error check of kthread_run call (Amit Shah) [1443503 1376397]
- [char] hwrng: core - Move hwrng_init call into set_current_rng (Amit Shah) [1443503 1376397]
- [char] hwrng: core - Drop current rng in set_current_rng (Amit Shah) [1443503 1376397]
- [char] hwrng: core - Do not register device opportunistically (Amit Shah) [1443503 1376397]
- [char] hwrng: core - Fix current_rng init/cleanup race yet again (Amit Shah) [1443503 1376397]
- [char] hwrng: core - Use struct completion for cleanup_done (Amit Shah) [1443503 1376397]
- [char] hwrng: don't init list element we're about to add to list (Amit Shah) [1443503 1376397]
- [char] hwrng: don't double-check old_rng (Amit Shah) [1443503 1376397]
- [char] hwrng: fix unregister race (Amit Shah) [1443503 1376397]
- [char] hwrng: use reference counts on each struct hwrng (Amit Shah) [1443503 1376397]
- [char] hwrng: move some code out mutex_lock for avoiding underlying deadlock (Amit Shah) [1443503 1376397]
- [char] hwrng: place mutex around read functions and buffers (Amit Shah) [1443503 1376397]
- [char] virtio-rng: skip reading when we start to remove the device (Amit Shah) [1443503 1376397]
- [char] virtio-rng: fix stuck of hot-unplugging busy device (Amit Shah) [1443503 1376397]
- [infiniband] ib/mlx5: Resolve soft lock on massive reg MRs (Don Dutile) [1444347 1417285]
[3.10.0-514.20.1]
- [powerpc] fadump: Fix the race in crash_fadump() (Steve Best) [1439810 1420077]
- [kernel] locking/mutex: Explicitly mark task as running after wakeup (Gustavo Duarte) [1439803 1423397]
- [netdrv] ixgbe: Force VLNCTRL.VFE to be set in all VMDq paths (Ken Cox) [1438421 1383524]
- [fs] nfsv4.0: always send mode in SETATTR after EXCLUSIVE4 (Benjamin Coddington) [1437967 1415780]
- [net] fix creation adjacent device symlinks (Adrian Reber) [1436646 1412898]
- [net] prevent of emerging cross-namespace symlinks (Adrian Reber) [1436646 1412898]
- [netdrv] macvlan: unregister net device when netdev_upper_dev_link() fails (Adrian Reber) [1436646 1412898]
- [scsi] vmw_pvscsi: return SUCCESS for successful command aborts (Ewan Milne) [1435764 1394172]
- [infiniband] ib/uverbs: Fix race between uverbs_close and remove_one (Don Dutile) [1435187 1417284]
- [fs] gfs2: Prevent BUG from occurring when normal Withdraws occur (Robert S Peterson) [1433882 1404005]
- [fs] jbd2: fix incorrect unlock on j_list_lock (Lukas Czerner) [1433881 1403346]
- [fs] xfs: don't wrap ID in xfs_dq_get_next_id (Eric Sandeen) [1433415 1418182]
- [net] tcp/dccp: avoid starving bh on connect (Paolo Abeni) [1433320 1401419]
- [fs] xfs: fix up xfs_swap_extent_forks inline extent handling (Eric Sandeen) [1432154 1412945]
- [x86] kvm: vmx: handle PML full VMEXIT that occurs during event delivery (Radim Krcmar) [1431666 1421296]
- [virt] kvm: vmx: ensure VMCS is current while enabling PML (Radim Krcmar) [1431666 1421296]
- [net] ip_tunnel: Create percpu gro_cell (Jiri Benc) [1431197 1424076]
- [x86] kvm: x86: do not save guest-unsupported XSAVE state (Radim Krcmar) [1431150 1401767]
- [scsi] mpt3sas: Force request partial completion alignment (Tomas Henzl) [1430809 1418286]
[3.10.0-514.19.1]
- [fs] gfs2: Wake up io waiters whenever a flush is done (Robert S Peterson) [1437126 1404301]
- [fs] gfs2: Made logd daemon take into account log demand (Robert S Peterson) [1437126 1404301]
- [fs] gfs2: Limit number of transaction blocks requested for truncates (Robert S Peterson) [1437126 1404301]
- [net] ipv6: addrconf: fix dev refcont leak when DAD failed (Hangbin Liu) [1436588 1416105]
[3.10.0-514.18.1]
- [net] ipv6: don't increase size when refragmenting forwarded ipv6 skbs (Florian Westphal) [1434589 1430571]
- [net] bridge: drop netfilter fake rtable unconditionally (Florian Westphal) [1434589 1430571]
- [net] ipv6: avoid write to a possibly cloned skb (Florian Westphal) [1434589 1430571]
- [net] netfilter: bridge: honor frag_max_size when refragmenting (Florian Westphal) [1434589 1430571]
- [net] bridge: Add br_netif_receive_skb remove netif_receive_skb_sk (Ivan Vecera) [1434589 1352289]
[3.10.0-514.17.1]
- [netdrv] i40e: Be much more verbose about what we can and cannot offload (Stefan Assmann) [1433273 1383521]
- [kernel] watchdog: prevent false hardlockup on overloaded system (Don Zickus) [1433267 1399881]
- [net] dccp/tcp: fix routing redirect race (Eric Garver) [1433265 1387485]
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | < 3.10.0-514.21.1.el7 |
pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | < 3.10.0-514.21.1.el7 |
pkg:rpm/oraclelinux/kernel?distro=oraclelinux-7 | < 3.10.0-514.21.1.el7 |
pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-7 | < 3.10.0-514.21.1.el7 |
pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-7 | < 3.10.0-514.21.1.el7 |
pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-7 | < 3.10.0-514.21.1.el7 |
pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-7 | < 3.10.0-514.21.1.el7 |
pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-7 | < 3.10.0-514.21.1.el7 |
pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-7 | < 3.10.0-514.21.1.el7 |
pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-7 | < 3.10.0-514.21.1.el7 |
pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-7 | < 3.10.0-514.21.1.el7 |
pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-7 | < 3.10.0-514.21.1.el7 |
- ID
- ELSA-2017-1308
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2017-1308.html
- Published
-
2017-05-26T00:00:00
(7 years ago) - Modified
-
2017-05-26T00:00:00
(7 years ago) - Rights
- Copyright 2017 Oracle, Inc.
- Other Advisories
-
- ALAS-2017-805
- ALAS-2017-814
- ALAS-2017-828
- ASA-201702-17
- ASA-201702-18
- DSA-3804-1
- ELSA-2017-0892
- ELSA-2017-3514
- ELSA-2017-3515
- ELSA-2017-3516
- ELSA-2017-3537
- ELSA-2017-3538
- ELSA-2017-3539
- ELSA-2017-3566
- ELSA-2017-3567
- ELSA-2017-3579
- ELSA-2017-3580
- ELSA-2017-3637
- ELSA-2018-1854
- FEDORA-2017-26c9ecd7a4
- FEDORA-2017-2e1f3694b2
- FEDORA-2017-387ff46a66
- FEDORA-2017-8e7549fb91
- FEDORA-2017-fb89ca752a
- RHSA-2017:0892
- RHSA-2017:1298
- RHSA-2017:1308
- RHSA-2018:1854
- SUSE-SU-2017:0333-1
- SUSE-SU-2017:0407-1
- SUSE-SU-2017:0437-1
- SUSE-SU-2017:0464-1
- SUSE-SU-2017:0471-1
- SUSE-SU-2017:0494-1
- SUSE-SU-2017:0575-1
- SUSE-SU-2017:1059-1
- SUSE-SU-2017:1060-1
- SUSE-SU-2017:1064-1
- SUSE-SU-2017:1102-1
- SUSE-SU-2017:1183-1
- SUSE-SU-2017:1247-1
- SUSE-SU-2017:1277-1
- SUSE-SU-2017:1278-1
- SUSE-SU-2017:1279-1
- SUSE-SU-2017:1280-1
- SUSE-SU-2017:1281-1
- SUSE-SU-2017:1283-1
- SUSE-SU-2017:1284-1
- SUSE-SU-2017:1285-1
- SUSE-SU-2017:1287-1
- SUSE-SU-2017:1288-1
- SUSE-SU-2017:1289-1
- SUSE-SU-2017:1290-1
- SUSE-SU-2017:1291-1
- SUSE-SU-2017:1293-1
- SUSE-SU-2017:1294-1
- SUSE-SU-2017:1295-1
- SUSE-SU-2017:1297-1
- SUSE-SU-2017:1299-1
- SUSE-SU-2017:1300-1
- SUSE-SU-2017:1301-1
- SUSE-SU-2017:1302-1
- SUSE-SU-2017:1303-1
- SUSE-SU-2017:1308-1
- SUSE-SU-2017:1360-1
- SUSE-SU-2017:1990-1
- SUSE-SU-2017:2342-1
- SUSE-SU-2017:2525-1
- USN-3206-1
- USN-3207-1
- USN-3207-2
- USN-3234-1
- USN-3234-2
- USN-3256-1
- USN-3256-2
- USN-3264-1
- USN-3264-2
- USN-3265-1
- USN-3265-2
- USN-3266-1
- USN-3266-2
- USN-3361-1
- USN-3754-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2017-1308 | http://linux.oracle.com/errata/ELSA-2017-1308.html | |
CVE | CVE-2016-8646 | http://linux.oracle.com/cve/CVE-2016-8646.html | |
CVE | CVE-2016-7910 | http://linux.oracle.com/cve/CVE-2016-7910.html | |
CVE | CVE-2016-10208 | http://linux.oracle.com/cve/CVE-2016-10208.html | |
CVE | CVE-2017-5986 | http://linux.oracle.com/cve/CVE-2017-5986.html | |
CVE | CVE-2017-7308 | http://linux.oracle.com/cve/CVE-2017-7308.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux | python-perf | < 3.10.0-514.21.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux | perf | < 3.10.0-514.21.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-7 | oraclelinux | kernel | < 3.10.0-514.21.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-7 | oraclelinux | kernel-tools | < 3.10.0-514.21.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-7 | oraclelinux | kernel-tools-libs | < 3.10.0-514.21.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-7 | oraclelinux | kernel-tools-libs-devel | < 3.10.0-514.21.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-7 | oraclelinux | kernel-headers | < 3.10.0-514.21.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-7 | oraclelinux | kernel-doc | < 3.10.0-514.21.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-7 | oraclelinux | kernel-devel | < 3.10.0-514.21.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-7 | oraclelinux | kernel-debug | < 3.10.0-514.21.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-7 | oraclelinux | kernel-debug-devel | < 3.10.0-514.21.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-7 | oraclelinux | kernel-abi-whitelists | < 3.10.0-514.21.1.el7 | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |