[El-errata] ELSA-2015-1081 Important: Oracle Linux 6 kernel security, bug fix, and enhancement update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Jun 9 15:50:47 PDT 2015
Oracle Linux Security Advisory ELSA-2015-1081
http://linux.oracle.com/errata/ELSA-2015-1081.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
i386:
kernel-2.6.32-504.23.4.el6.i686.rpm
kernel-abi-whitelists-2.6.32-504.23.4.el6.noarch.rpm
kernel-debug-2.6.32-504.23.4.el6.i686.rpm
kernel-debug-devel-2.6.32-504.23.4.el6.i686.rpm
kernel-devel-2.6.32-504.23.4.el6.i686.rpm
kernel-doc-2.6.32-504.23.4.el6.noarch.rpm
kernel-firmware-2.6.32-504.23.4.el6.noarch.rpm
kernel-headers-2.6.32-504.23.4.el6.i686.rpm
perf-2.6.32-504.23.4.el6.i686.rpm
python-perf-2.6.32-504.23.4.el6.i686.rpm
x86_64:
kernel-2.6.32-504.23.4.el6.x86_64.rpm
kernel-abi-whitelists-2.6.32-504.23.4.el6.noarch.rpm
kernel-debug-2.6.32-504.23.4.el6.x86_64.rpm
kernel-debug-devel-2.6.32-504.23.4.el6.x86_64.rpm
kernel-devel-2.6.32-504.23.4.el6.x86_64.rpm
kernel-doc-2.6.32-504.23.4.el6.noarch.rpm
kernel-firmware-2.6.32-504.23.4.el6.noarch.rpm
kernel-headers-2.6.32-504.23.4.el6.x86_64.rpm
perf-2.6.32-504.23.4.el6.x86_64.rpm
python-perf-2.6.32-504.23.4.el6.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-2.6.32-504.23.4.el6.src.rpm
Description of changes:
[2.6.32-504.23.4.el6]
- [crypto] drbg: fix maximum value checks on 32 bit systems (Herbert Xu)
[1225950 1219907]
- [crypto] drbg: remove configuration of fixed values (Herbert Xu)
[1225950 1219907]
[2.6.32-504.23.3.el6]
- [netdrv] bonding: fix locking in enslave failure path (Nikolay
Aleksandrov) [1222483 1221856]
- [netdrv] bonding: primary_slave & curr_active_slave are not cleaned on
enslave failure (Nikolay Aleksandrov) [1222483 1221856]
- [netdrv] bonding: vlans don't get deleted on enslave failure (Nikolay
Aleksandrov) [1222483 1221856]
- [netdrv] bonding: mc addresses don't get deleted on enslave failure
(Nikolay Aleksandrov) [1222483 1221856]
- [netdrv] bonding: IFF_BONDING is not stripped on enslave failure
(Nikolay Aleksandrov) [1222483 1221856]
- [netdrv] bonding: fix error handling if slave is busy v2 (Nikolay
Aleksandrov) [1222483 1221856]
[2.6.32-504.23.2.el6]
- [fs] pipe: fix pipe corruption and iovec overrun on partial copy (Seth
Jennings) [1202860 1185166] {CVE-2015-1805}
[2.6.32-504.23.1.el6]
- [x86] crypto: sha256_ssse3 - fix stack corruption with SSSE3 and AVX
implementations (Herbert Xu) [1218681 1201490]
- [scsi] storvsc: ring buffer failures may result in I/O freeze (Vitaly
Kuznetsov) [1215754 1171676]
- [scsi] storvsc: get rid of overly verbose warning messages (Vitaly
Kuznetsov) [1215753 1167967]
- [scsi] storvsc: NULL pointer dereference fix (Vitaly Kuznetsov)
[1215753 1167967]
- [netdrv] ixgbe: fix detection of SFP+ capable interfaces (John Greene)
[1213664 1150343]
- [x86] crypto: aesni - fix memory usage in GCM decryption (Kurt
Stutsman) [1213329 1213330] {CVE-2015-3331}
[2.6.32-504.22.1.el6]
- [kernel] hrtimer: Prevent hrtimer_enqueue_reprogram race (Prarit
Bhargava) [1211940 1136958]
- [kernel] hrtimer: Preserve timer state in remove_hrtimer() (Prarit
Bhargava) [1211940 1136958]
- [crypto] testmgr: fix RNG return code enforcement (Herbert Xu)
[1212695 1208804]
- [net] netfilter: xtables: make use of caller family rather than target
family (Florian Westphal) [1212057 1210697]
- [net] dynticks: avoid flow_cache_flush() interrupting every core
(Marcelo Leitner) [1210595 1191559]
- [tools] perf: Fix race in build_id_cache__add_s() (Milos Vyletel)
[1210593 1204102]
- [infiniband] ipath+qib: fix dma settings (Doug Ledford) [1208621 1171803]
- [fs] dcache: return -ESTALE not -EBUSY on distributed fs race (J.
Bruce Fields) [1207815 1061994]
- [net] neigh: Keep neighbour cache entries if number of them is small
enough (Jiri Pirko) [1207352 1199856]
- [x86] crypto: sha256_ssse3 - also test for BMI2 (Herbert Xu) [1204736
1201560]
- [scsi] qla2xxx: fix race in handling rport deletion during recovery
causes panic (Chad Dupuis) [1203544 1102902]
- [redhat] configs: Enable SSSE3 acceleration by default (Herbert Xu)
[1201668 1036216]
- [crypto] sha512: Create module providing optimized SHA512 routines
using SSSE3, AVX or AVX2 instructions (Herbert Xu) [1201668 1036216]
- [crypto] sha512: Optimized SHA512 x86_64 assembly routine using AVX2
RORX instruction (Herbert Xu) [1201668 1036216]
- [crypto] sha512: Optimized SHA512 x86_64 assembly routine using AVX
instructions (Herbert Xu) [1201668 1036216]
- [crypto] sha512: Optimized SHA512 x86_64 assembly routine using
Supplemental SSE3 instructions (Herbert Xu) [1201668 1036216]
- [crypto] sha512: Expose generic sha512 routine to be callable from
other modules (Herbert Xu) [1201668 1036216]
- [crypto] sha256: Create module providing optimized SHA256 routines
using SSSE3, AVX or AVX2 instructions (Herbert Xu) [1201668 1036216]
- [crypto] sha256: Optimized sha256 x86_64 routine using AVX2's RORX
instructions (Herbert Xu) [1201668 1036216]
- [crypto] sha256: Optimized sha256 x86_64 assembly routine with AVX
instructions (Herbert Xu) [1201668 1036216]
- [crypto] sha256: Optimized sha256 x86_64 assembly routine using
Supplemental SSE3 instructions (Herbert Xu) [1201668 1036216]
- [crypto] sha256: Expose SHA256 generic routine to be callable
externally (Herbert Xu) [1201668 1036216]
- [crypto] rng: RNGs must return 0 in success case (Herbert Xu) [1201669
1199230]
- [fs] isofs: infinite loop in CE record entries (Jacob Tanenbaum)
[1175243 1175245] {CVE-2014-9420}
- [x86] vdso: ASLR bruteforce possible for vdso library (Jacob
Tanenbaum) [1184896 1184897] {CVE-2014-9585}
- [kernel] time: ntp: Correct TAI offset during leap second (Prarit
Bhargava) [1201674 1199134]
- [scsi] lpfc: correct device removal deadlock after link bounce (Rob
Evers) [1211910 1194793]
- [scsi] lpfc: Linux lpfc driver doesn't re-establish the link after a
cable pull on LPe12002 (Rob Evers) [1211910 1194793]
- [x86] switch_to(): Load TLS descriptors before switching DS and ES
(Denys Vlasenko) [1177353 1177354] {CVE-2014-9419}
- [net] vlan: Don't propagate flag changes on down interfaces (Jiri
Pirko) [1173501 1135347]
- [net] bridge: register vlan group for br ports (Jiri Pirko) [1173501
1135347]
- [netdrv] tg3: Use new VLAN code (Jiri Pirko) [1173501 1135347]
- [netdrv] be2net: move to new vlan model (Jiri Pirko) [1173501 1135347]
- [net] vlan: mask vlan prio bits (Jiri Pirko) [1173501 1135347]
- [net] vlan: don't deliver frames for unknown vlans to protocols (Jiri
Pirko) [1173501 1135347]
- [net] vlan: allow nested vlan_do_receive() (Jiri Pirko) [1173501 1135347]
- [net] allow vlan traffic to be received under bond (Jiri Pirko)
[1173501 1135347]
- [net] vlan: goto another_round instead of calling __netif_receive_skb
(Jiri Pirko) [1173501 1135347]
- [net] bonding: fix bond_arp_rcv setting and arp validate desync state
(Jiri Pirko) [1173501 1135347]
- [net] bonding: remove packet cloning in recv_probe() (Jiri Pirko)
[1173501 1135347]
- [net] bonding: Fix LACPDU rx_dropped commit (Jiri Pirko) [1173501 1135347]
- [net] bonding: don't increase rx_dropped after processing LACPDUs
(Jiri Pirko) [1173501 1135347]
- [net] bonding: use local function pointer of bond->recv_probe in
bond_handle_frame (Jiri Pirko) [1173501 1135347]
- [net] bonding: move processing of recv handlers into handle_frame()
(Jiri Pirko) [1173501 1135347]
- [netdrv] revert "bonding: fix bond_arp_rcv setting and arp validate
desync state" (Jiri Pirko) [1173501 1135347]
- [netdrv] revert "bonding: check for vlan device in
bond_3ad_lacpdu_recv()" (Jiri Pirko) [1173501 1135347]
- [net] vlan: Always untag vlan-tagged traffic on input (Jiri Pirko)
[1173501 1135347]
- [net] Make skb->skb_iif always track skb->dev (Jiri Pirko) [1173501
1135347]
- [net] vlan: fix a potential memory leak (Jiri Pirko) [1173501 1135347]
- [net] vlan: fix mac_len recomputation in vlan_untag() (Jiri Pirko)
[1173501 1135347]
- [net] vlan: reset headers on accel emulation path (Jiri Pirko)
[1173501 1135347]
- [net] vlan: Fix the ingress VLAN_FLAG_REORDER_HDR check (Jiri Pirko)
[1173501 1135347]
- [net] vlan: make non-hw-accel rx path similar to hw-accel (Jiri Pirko)
[1173501 1135347]
- [net] allow handlers to be processed for orig_dev (Jiri Pirko)
[1173501 1135347]
- [net] bonding: get netdev_rx_handler_unregister out of locks (Jiri
Pirko) [1173501 1135347]
- [net] bonding: fix rx_handler locking (Jiri Pirko) [1173501 1135347]
- [net] introduce rx_handler results and logic around that (Jiri Pirko)
[1173501 1135347]
- [net] bonding: register slave pointer for rx_handler (Jiri Pirko)
[1173501 1135347]
- [net] bonding: COW before overwriting the destination MAC address
(Jiri Pirko) [1173501 1135347]
- [net] bonding: convert bonding to use rx_handler (Jiri Pirko) [1173501
1135347]
- [net] openvswitch: use rx_handler_data pointer to store vport pointer
(Jiri Pirko) [1173501 1135347]
- [net] add a synchronize_net() in netdev_rx_handler_unregister() (Jiri
Pirko) [1173501 1135347]
- [net] add rx_handler data pointer (Jiri Pirko) [1173501 1135347]
- [net] replace hooks in __netif_receive_skb (Jiri Pirko) [1173501 1135347]
- [net] fix conflict between null_or_orig and null_or_bond (Jiri Pirko)
[1173501 1135347]
- [net] remove the unnecessary dance around skb_bond_should_drop (Jiri
Pirko) [1173501 1135347]
- [net] revert "bonding: fix receiving of dups due vlan hwaccel" (Jiri
Pirko) [1173501 1135347]
- [net] uninline skb_bond_should_drop() (Jiri Pirko) [1173501 1135347]
- [net] bridge: Set vlan_features to allow offloads on vlans (Jiri
Pirko) [1173501 1135347]
- [net] bridge: convert br_features_recompute() to ndo_fix_features
(Jiri Pirko) [1173501 1135347]
- [net] revert "bridge: explictly tag vlan-accelerated frames destined
to the host" (Jiri Pirko) [1173501 1135347]
- [net] revert "fix vlan gro path" (Jiri Pirko) [1173501 1135347]
- [net] revert "bridge: do not learn from exact matches" (Jiri Pirko)
[1173501 1135347]
- [net] revert "bridge gets duplicate packets when using vlan over
bonding" (Jiri Pirko) [1173501 1135347]
- [net] llc: remove noisy WARN from llc_mac_hdr_init (Jiri Pirko)
[1173501 1135347]
- [net] bridge: stp: ensure mac header is set (Jiri Pirko) [1173501 1135347]
- [net] vlan: remove reduntant check in ndo_fix_features callback (Jiri
Pirko) [1173501 1135347]
- [net] vlan: enable soft features regardless of underlying device (Jiri
Pirko) [1173501 1135347]
- [net] vlan: don't call ndo_vlan_rx_register on hardware that doesn't
have vlan support (Jiri Pirko) [1173501 1135347]
- [net] vlan: Fix vlan_features propagation (Jiri Pirko) [1173501 1135347]
- [net] vlan: convert VLAN devices to use ndo_fix_features() (Jiri
Pirko) [1173501 1135347]
- [net] revert "vlan: Avoid broken offload configuration when
reorder_hdr is disabled" (Jiri Pirko) [1173501 1135347]
- [net] vlan: vlan device is lockless do not transfer
real_num_<tx|rx>_queues (Jiri Pirko) [1173501 1135347]
- [net] vlan: consolidate 8021q tagging (Jiri Pirko) [1173501 1135347]
- [net] propagate NETIF_F_HIGHDMA to vlans (Jiri Pirko) [1173501 1135347]
- [net] Fix a memmove bug in dev_gro_receive() (Jiri Pirko) [1173501
1135347]
- [net] vlan: remove check for headroom in vlan_dev_create (Jiri Pirko)
[1173501 1135347]
- [net] vlan: set hard_header_len when VLAN offload features are toggled
(Jiri Pirko) [1173501 1135347]
- [net] vlan: Calling vlan_hwaccel_do_receive() is always valid (Jiri
Pirko) [1173501 1135347]
- [net] vlan: Centralize handling of hardware acceleration (Jiri Pirko)
[1173501 1135347]
- [net] vlan: finish removing vlan_find_dev from public header (Jiri
Pirko) [1173501 1135347]
- [net] vlan: make vlan_find_dev private (Jiri Pirko) [1173501 1135347]
- [net] vlan: Avoid hash table lookup to find group (Jiri Pirko)
[1173501 1135347]
- [net] revert "vlan: Add helper functions to manage vlans on bonds and
slaves" (Jiri Pirko) [1173501 1135347]
- [net] revert "bonding: assign slaves their own vlan_groups" (Jiri
Pirko) [1173501 1135347]
- [net] revert "bonding: fix regression on vlan module removal" (Jiri
Pirko) [1173501 1135347]
- [net] revert "bonding: Always add vid to new slave group" (Jiri Pirko)
[1173501 1135347]
- [net] revert "bonding: Fix up refcounting issues with bond/vlan
config" (Jiri Pirko) [1173501 1135347]
- [net] revert "8021q/vlan: filter device events on bonds" (Jiri Pirko)
[1173501 1135347]
- [net] vlan: Use vlan_dev_real_dev in vlan_hwaccel_do_receive (Jiri
Pirko) [1173501 1135347]
- [net] gro: __napi_gro_receive() optimizations (Jiri Pirko) [1173501
1135347]
- [net] vlan: Rename VLAN_GROUP_ARRAY_LEN to VLAN_N_VID (Jiri Pirko)
[1173501 1135347]
- [net] vlan: make vlan_hwaccel_do_receive() return void (Jiri Pirko)
[1173501 1135347]
- [net] vlan: init_vlan should not copy slave or master flags (Jiri
Pirko) [1173501 1135347]
- [net] vlan: updates vlan real_num_tx_queues (Jiri Pirko) [1173501 1135347]
- [net] vlan: adds vlan_dev_select_queue (Jiri Pirko) [1173501 1135347]
- [net] llc: use dev_hard_header (Jiri Pirko) [1173501 1135347]
- [net] vlan: support "loose binding" to the underlying network device
(Jiri Pirko) [1173501 1135347]
- [net] revert "net: don't set VLAN_TAG_PRESENT for VLAN 0 frames" (Jiri
Pirko) [1173501 1135347]
- [net] bridge: Add support for TX vlan offload (Jiri Pirko) [1173562
1146391]
- [net] revert "bridge: Set vlan_features to allow offloads on vlans"
(Vlad Yasevich) [1144442 1121991]
[2.6.32-504.21.1.el6]
- [netdrv] ixgbe: Fix memory leak in ixgbe_free_q_vector, missing rcu
(John Greene) [1210901 1150343]
- [netdrv] ixgbe: Fix tx_packets and tx_bytes stats not updating (John
Greene) [1210901 1150343]
- [netdrv] qlcnic: Fix update of ethtool stats (Chad Dupuis) [1210902
1148019]
[2.6.32-504.20.1.el6]
- [fs] exec: do not abuse ->cred_guard_mutex in threadgroup_lock() (Petr
Oros) [1208620 1169225]
- [kernel] cgroup: always lock threadgroup during migration (Petr Oros)
[1208620 1169225]
- [kernel] threadgroup: extend threadgroup_lock() to cover exit and exec
(Petr Oros) [1208620 1169225]
- [kernel] threadgroup: rename signal->threadgroup_fork_lock to
->group_rwsem (Petr Oros) [1208620 1169225]
[2.6.32-504.19.1.el6]
- [mm] memcg: fix crash in re-entrant cgroup_clear_css_refs() (Johannes
Weiner) [1204626 1168185]
[2.6.32-504.18.1.el6]
- [fs] cifs: Use key_invalidate instead of the rh_key_invalidate()
(Sachin Prabhu) [1203366 885899]
- [fs] KEYS: Add invalidation support (Sachin Prabhu) [1203366 885899]
- [infiniband] core: Prevent integer overflow in ib_umem_get address
arithmetic (Doug Ledford) [1181173 1179327] {CVE-2014-8159}
[2.6.32-504.17.1.el6]
- [x86] fpu: shift clear_used_math() from save_i387_xstate() to
handle_signal() (Oleg Nesterov) [1199900 1196262]
- [x86] fpu: change save_i387_xstate() to rely on unlazy_fpu() (Oleg
Nesterov) [1199900 1196262]
More information about the El-errata
mailing list