[ELSA-2017-3533] Unbreakable Enterprise kernel security update
kernel-uek
[4.1.12-61.1.33]
- Revert 'x86/mm: Expand the exception table logic to allow new handling options' (Brian Maly) [Orabug: 25790387] {CVE-2016-9644}
- Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790387] {CVE-2016-9644}
[4.1.12-61.1.32]
- x86/mm: Expand the exception table logic to allow new handling options (Tony Luck) [Orabug: 25790387] {CVE-2016-9644}
[4.1.12-61.1.31]
- rebuild bumping release
[4.1.12-61.1.30]
- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766898] {CVE-2016-8399} {CVE-2016-8399}
- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765436] {CVE-2016-10088}
- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751984] {CVE-2017-7187}
[4.1.12-61.1.29]
- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696677] {CVE-2017-2636}
- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696677] {CVE-2017-2636}
- If Slot Status indicates changes in both Data Link Layer Status and Presence Detect, prioritize the Link status change. (Jack Vogel) [Orabug: 25353783]
- PCI: pciehp: Leave power indicator on when enabling already-enabled slot (Ashok Raj) [Orabug: 25353783]
- firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451520] {CVE-2016-8633}
- usbnet: cleanup after bind() in probe() (Oliver Neukum) [Orabug: 25463898] {CVE-2016-3951}
- cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind (Bjorn Mork) [Orabug: 25463898] {CVE-2016-3951}
- cdc_ncm: Add support for moving NDP to end of NCM frame (Enrico Mioso) [Orabug: 25463898] {CVE-2016-3951}
- x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463918] {CVE-2016-3672}
- kvm: fix page struct leak in handle_vmon (Paolo Bonzini) [Orabug: 25507133] {CVE-2017-2596}
- crypto: mcryptd - Check mcryptd algorithm compatibility (tim) [Orabug: 25507153] {CVE-2016-10147}
- kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) (Jim Mattson) [Orabug: 25507188] {CVE-2016-9588}
- KVM: x86: drop error recovery in em_jmp_far and em_ret_far (Radim Krcmar) [Orabug: 25507213] {CVE-2016-9756}
- tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507226] {CVE-2016-8645}
- rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507226] {CVE-2016-8645}
- tipc: check minimum bearer MTU (Michal Kubecek) [Orabug: 25507239] {CVE-2016-8632} {CVE-2016-8632}
- fix minor infoleak in get_user_ex() (Al Viro) [Orabug: 25507269] {CVE-2016-9178}
- scsi: arcmsr: Simplify user_len checking (Borislav Petkov) [Orabug: 25507319] {CVE-2016-7425}
- scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507319] {CVE-2016-7425}
- tmpfs: clear S_ISGID when setting posix ACLs (Gu Zheng) [Orabug: 25507341] {CVE-2016-7097} {CVE-2016-7097}
- posix_acl: Clear SGID bit when setting file permissions (Jan Kara) [Orabug: 25507341] {CVE-2016-7097} {CVE-2016-7097}
- ext2: convert to mbcache2 (Jan Kara) [Orabug: 25512366] {CVE-2015-8952}
- ext4: convert to mbcache2 (Jan Kara) [Orabug: 25512366] {CVE-2015-8952}
- mbcache2: reimplement mbcache (Jan Kara) [Orabug: 25512366] {CVE-2015-8952}
- USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512466] {CVE-2016-3140}
- net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682419] {CVE-2017-6345}
- net/mlx4_core: Disallow creation of RAW QPs on a VF (Eli Cohen) [Orabug: 25697847]
- ipv4: keep skb->dst around in presence of IP options (Eric Dumazet) [Orabug: 25698300] {CVE-2017-5970}
- perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race (Peter Zijlstra) [Orabug: 25698751] {CVE-2017-6001}
- ip6_gre: fix ip6gre_err() invalid reads (Eric Dumazet) [Orabug: 25699015] {CVE-2017-5897}
- mpt3sas: Dont spam logs if logging level is 0 (Johannes Thumshirn) [Orabug: 25699035]
- xen-netfront: cast grant table reference first to type int (Dongli Zhang)
- xen-netfront: do not cast grant table reference to signed short (Dongli Zhang)
- ID
- ELSA-2017-3533
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2017-3533.html
- Published
-
2017-03-31T00:00:00
(7 years ago) - Modified
-
2017-03-31T00:00:00
(7 years ago) - Rights
- Copyright 2017 Oracle, Inc.
- Other Advisories
-
- ALAS-2016-694
- ALAS-2016-772
- ALAS-2017-782
- ALAS-2017-786
- ALAS-2017-805
- ALAS-2017-828
- ASA-201702-17
- ASA-201702-18
- ASA-201703-13
- ASA-201703-6
- ASA-201703-8
- DSA-3607-1
- DSA-3696-1
- DSA-3791-1
- DSA-3804-1
- ELSA-2017-0817
- ELSA-2017-0892
- ELSA-2017-0933
- ELSA-2017-1842
- ELSA-2017-2930
- ELSA-2017-3534
- ELSA-2017-3535
- ELSA-2017-3596
- ELSA-2018-1062
- ELSA-2018-1854
- FEDORA-2016-02db2f32fd
- FEDORA-2016-29cde72f15
- FEDORA-2016-2b1f91e9bd
- FEDORA-2016-3548475bca
- FEDORA-2016-373c063e79
- FEDORA-2016-5ec2475e3f
- FEDORA-2016-76706f51a7
- FEDORA-2016-7e602c0e5e
- FEDORA-2016-81fd1b03aa
- FEDORA-2016-8e858f96b8
- FEDORA-2016-9c17cb9648
- FEDORA-2016-bbe98c341c
- FEDORA-2016-dd895763ac
- FEDORA-2016-e5b72816d0
- FEDORA-2016-ed5110c4bb
- FEDORA-2016-ee3a114958
- FEDORA-2016-f3d1f79398
- FEDORA-2017-0054c7b1f0
- FEDORA-2017-392b319bb5
- FEDORA-2017-3a9ec92dd6
- FEDORA-2017-472052ebe5
- FEDORA-2017-502cf68d68
- FEDORA-2017-6cc158c193
- FEDORA-2017-787bc0d5b4
- FEDORA-2017-81fbd592d4
- FEDORA-2017-92d84f68cf
- FEDORA-2017-fb89ca752a
- RHSA-2017:0817
- RHSA-2017:0892
- RHSA-2017:0931
- RHSA-2017:0933
- RHSA-2017:1842
- RHSA-2017:2077
- RHSA-2017:2930
- RHSA-2017:2931
- RHSA-2018:0676
- RHSA-2018:1062
- RHSA-2018:1854
- SUSE-SU-2016:1203-1
- SUSE-SU-2016:1672-1
- SUSE-SU-2016:1690-1
- SUSE-SU-2016:1696-1
- SUSE-SU-2016:1707-1
- SUSE-SU-2016:1764-1
- SUSE-SU-2016:1937-1
- SUSE-SU-2016:2074-1
- SUSE-SU-2016:2105-1
- SUSE-SU-2016:2912-1
- SUSE-SU-2016:2976-1
- SUSE-SU-2016:3039-1
- SUSE-SU-2016:3049-1
- SUSE-SU-2016:3063-1
- SUSE-SU-2016:3069-1
- SUSE-SU-2016:3304-1
- SUSE-SU-2017:0181-1
- SUSE-SU-2017:0226-1
- SUSE-SU-2017:0227-1
- SUSE-SU-2017:0228-1
- SUSE-SU-2017:0229-1
- SUSE-SU-2017:0230-1
- SUSE-SU-2017:0231-1
- SUSE-SU-2017:0232-1
- SUSE-SU-2017:0233-1
- SUSE-SU-2017:0234-1
- SUSE-SU-2017:0235-1
- SUSE-SU-2017:0244-1
- SUSE-SU-2017:0245-1
- SUSE-SU-2017:0246-1
- SUSE-SU-2017:0247-1
- SUSE-SU-2017:0248-1
- SUSE-SU-2017:0249-1
- SUSE-SU-2017:0268-1
- SUSE-SU-2017:0278-1
- SUSE-SU-2017:0293-1
- SUSE-SU-2017:0307-1
- SUSE-SU-2017:0333-1
- SUSE-SU-2017:0407-1
- SUSE-SU-2017:0437-1
- SUSE-SU-2017:0464-1
- SUSE-SU-2017:0471-1
- SUSE-SU-2017:0494-1
- SUSE-SU-2017:0517-1
- SUSE-SU-2017:0575-1
- SUSE-SU-2017:0759-1
- SUSE-SU-2017:0760-1
- SUSE-SU-2017:0762-1
- SUSE-SU-2017:0763-1
- SUSE-SU-2017:0764-1
- SUSE-SU-2017:0766-1
- SUSE-SU-2017:0767-1
- SUSE-SU-2017:0768-1
- SUSE-SU-2017:0769-1
- SUSE-SU-2017:0770-1
- SUSE-SU-2017:0771-1
- SUSE-SU-2017:0772-1
- SUSE-SU-2017:0773-1
- SUSE-SU-2017:0774-1
- SUSE-SU-2017:0775-1
- SUSE-SU-2017:0776-1
- SUSE-SU-2017:0777-1
- SUSE-SU-2017:0778-1
- SUSE-SU-2017:0779-1
- SUSE-SU-2017:0780-1
- SUSE-SU-2017:0781-1
- SUSE-SU-2017:0786-1
- SUSE-SU-2017:0864-1
- SUSE-SU-2017:0865-1
- SUSE-SU-2017:0866-1
- SUSE-SU-2017:0912-1
- SUSE-SU-2017:0913-1
- SUSE-SU-2017:1102-1
- SUSE-SU-2017:1183-1
- SUSE-SU-2017:1247-1
- SUSE-SU-2017:1281-1
- SUSE-SU-2017:1301-1
- SUSE-SU-2017:1360-1
- SUSE-SU-2017:1990-1
- SUSE-SU-2017:2043-1
- SUSE-SU-2017:2049-1
- SUSE-SU-2017:2060-1
- SUSE-SU-2017:2061-1
- SUSE-SU-2017:2062-1
- SUSE-SU-2017:2063-1
- SUSE-SU-2017:2065-1
- SUSE-SU-2017:2067-1
- SUSE-SU-2017:2068-1
- SUSE-SU-2017:2072-1
- SUSE-SU-2017:2073-1
- SUSE-SU-2017:2088-1
- SUSE-SU-2017:2092-1
- SUSE-SU-2017:2093-1
- SUSE-SU-2017:2095-1
- SUSE-SU-2017:2096-1
- SUSE-SU-2017:2099-1
- SUSE-SU-2017:2342-1
- SUSE-SU-2017:2525-1
- USN-2965-1
- USN-2965-2
- USN-2965-3
- USN-2965-4
- USN-2968-1
- USN-2968-2
- USN-2970-1
- USN-2971-1
- USN-2971-2
- USN-2971-3
- USN-2989-1
- USN-2996-1
- USN-2997-1
- USN-2998-1
- USN-3000-1
- USN-3001-1
- USN-3002-1
- USN-3003-1
- USN-3004-1
- USN-3021-1
- USN-3021-2
- USN-3144-1
- USN-3144-2
- USN-3145-1
- USN-3145-2
- USN-3146-1
- USN-3146-2
- USN-3147-1
- USN-3161-1
- USN-3161-2
- USN-3161-3
- USN-3161-4
- USN-3162-1
- USN-3162-2
- USN-3167-1
- USN-3167-2
- USN-3168-1
- USN-3168-2
- USN-3169-1
- USN-3169-2
- USN-3170-1
- USN-3189-1
- USN-3189-2
- USN-3190-1
- USN-3190-2
- USN-3208-1
- USN-3208-2
- USN-3209-1
- USN-3218-1
- USN-3219-1
- USN-3219-2
- USN-3220-1
- USN-3220-2
- USN-3220-3
- USN-3221-1
- USN-3221-2
- USN-3265-1
- USN-3265-2
- USN-3290-1
- USN-3291-1
- USN-3291-2
- USN-3291-3
- USN-3293-1
- USN-3312-1
- USN-3312-2
- USN-3360-1
- USN-3360-2
- USN-3361-1
- USN-3422-1
- USN-3422-2
- USN-3445-1
- USN-3445-2
- USN-3470-1
- USN-3470-2
- USN-3582-1
- USN-3582-2
- USN-3754-1
- USN-3822-1
- USN-3822-2
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | oraclelinux | kernel-uek | < 4.1.12-61.1.33.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-6 | oraclelinux | kernel-uek | < 4.1.12-61.1.33.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-7 | oraclelinux | kernel-uek-firmware | < 4.1.12-61.1.33.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-6 | oraclelinux | kernel-uek-firmware | < 4.1.12-61.1.33.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | oraclelinux | kernel-uek-doc | < 4.1.12-61.1.33.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-6 | oraclelinux | kernel-uek-doc | < 4.1.12-61.1.33.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-devel | < 4.1.12-61.1.33.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-6 | oraclelinux | kernel-uek-devel | < 4.1.12-61.1.33.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug | < 4.1.12-61.1.33.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-6 | oraclelinux | kernel-uek-debug | < 4.1.12-61.1.33.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug-devel | < 4.1.12-61.1.33.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-6 | oraclelinux | kernel-uek-debug-devel | < 4.1.12-61.1.33.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/dtrace-modules-4.1.12-61.1.33.el7uek?distro=oraclelinux-7 | oraclelinux | dtrace-modules-4.1.12-61.1.33.el7uek | < 0.5.3-2.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/dtrace-modules-4.1.12-61.1.33.el6uek?distro=oraclelinux-6 | oraclelinux | dtrace-modules-4.1.12-61.1.33.el6uek | < 0.5.3-2.el6 | oraclelinux-6 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |