[El-errata] ELSA-2014-3081 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Oct 17 21:15:38 PDT 2014


Oracle Linux Security Advisory ELSA-2014-3081

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-uek-firmware-3.8.13-44.1.3.el7uek.noarch.rpm
kernel-uek-doc-3.8.13-44.1.3.el7uek.noarch.rpm
kernel-uek-3.8.13-44.1.3.el7uek.x86_64.rpm
kernel-uek-devel-3.8.13-44.1.3.el7uek.x86_64.rpm
kernel-uek-debug-devel-3.8.13-44.1.3.el7uek.x86_64.rpm
kernel-uek-debug-3.8.13-44.1.3.el7uek.x86_64.rpm
dtrace-modules-3.8.13-44.1.3.el7uek-0.4.3-4.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-3.8.13-44.1.3.el7uek.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/dtrace-modules-3.8.13-44.1.3.el7uek-0.4.3-4.el7.src.rpm



Description of changes:

kernel-uek
[3.8.13-44.1.3.el7uek]
- ALSA: control: Don't access controls outside of protected regions 
(Lars-Peter Clausen)  [Orabug: 19817785]  {CVE-2014-4653} 
{CVE-2014-4654} {CVE-2014-4655}
- ALSA: control: Fix replacing user controls (Lars-Peter Clausen) 
[Orabug: 19817747]  {CVE-2014-4653} {CVE-2014-4654} {CVE-2014-4655}
- kvm: iommu: fix the third parameter of kvm_iommu_put_pages 
(CVE-2014-3601) (Michael S. Tsirkin)  [Orabug: 19817646] {CVE-2014-3601}
- net: sctp: inherit auth_capable on INIT collisions (Daniel Borkmann)  
[Orabug: 19816067]  {CVE-2014-5077}

[3.8.13-44.1.2.el7uek]
- CVE-2014-3535: NULL pointer dereference in VxLAN packet logging. 
(Sasha Levin)  [Orabug: 19613139]





More information about the El-errata mailing list