[El-errata] ELSA-2015-0864 Important: Oracle Linux 6 kernel security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Apr 21 22:33:35 PDT 2015


Oracle Linux Security Advisory ELSA-2015-0864

http://linux.oracle.com/errata/ELSA-2015-0864.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
kernel-2.6.32-504.16.2.el6.i686.rpm
kernel-abi-whitelists-2.6.32-504.16.2.el6.noarch.rpm
kernel-debug-2.6.32-504.16.2.el6.i686.rpm
kernel-debug-devel-2.6.32-504.16.2.el6.i686.rpm
kernel-devel-2.6.32-504.16.2.el6.i686.rpm
kernel-doc-2.6.32-504.16.2.el6.noarch.rpm
kernel-firmware-2.6.32-504.16.2.el6.noarch.rpm
kernel-headers-2.6.32-504.16.2.el6.i686.rpm
perf-2.6.32-504.16.2.el6.i686.rpm
python-perf-2.6.32-504.16.2.el6.i686.rpm

x86_64:
kernel-2.6.32-504.16.2.el6.x86_64.rpm
kernel-abi-whitelists-2.6.32-504.16.2.el6.noarch.rpm
kernel-debug-2.6.32-504.16.2.el6.x86_64.rpm
kernel-debug-devel-2.6.32-504.16.2.el6.x86_64.rpm
kernel-devel-2.6.32-504.16.2.el6.x86_64.rpm
kernel-doc-2.6.32-504.16.2.el6.noarch.rpm
kernel-firmware-2.6.32-504.16.2.el6.noarch.rpm
kernel-headers-2.6.32-504.16.2.el6.x86_64.rpm
perf-2.6.32-504.16.2.el6.x86_64.rpm
python-perf-2.6.32-504.16.2.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-2.6.32-504.16.2.el6.src.rpm

Description of changes:

[2.6.32-504.16.2.el6]
- [infiniband] core: Prevent integer overflow in ib_umem_get address 
arithmetic (Doug Ledford) [1181173 1179327] {CVE-2014-8159}

[2.6.32-504.16.1.el6]
- [fs] gfs2: Move gfs2_file_splice_write outside of #ifdef (Robert S 
Peterson) [1198329 1193559]
- [security] keys: close race between key lookup and freeing (Radomir 
Vrbovsky) [1179849 1179850] {CVE-2014-9529}
- [net] sctp: fix slab corruption from use after free on INIT collisions 
(Daniel Borkmann) [1196587 1135425] {CVE-2015-1421}
- [fs] gfs2: Allocate reservation during splice_write (Robert S 
Peterson) [1198329 1193559]
- [fs] nfs: Be less aggressive about returning delegations for open 
files (Steve Dickson) [1196314 1145334]
- [fs] nfs: Avoid PUTROOTFH when managing leases (Benjamin Coddington) 
[1196313 1143013]
- [crypto] testmgr: mark rfc4106(gcm(aes)) as fips_allowed (Jarod 
Wilson) [1194983 1185395]
- [crypto] Extending the RFC4106 AES-GCM test vectors (Jarod Wilson) 
[1194983 1185395]
- [char] raw: Return short read or 0 at end of a raw device, not EIO 
(Jeff Moyer) [1195747 1142314]
- [scsi] hpsa: Use local workqueues instead of system workqueues - part1 
(Tomas Henzl) [1193639 1134115]
- [x86] kvm: vmx: invalid host cr4 handling across vm entries (Jacob 
Tanenbaum) [1153326 1153327] {CVE-2014-3690}
- [fs] isofs: Fix unchecked printing of ER records (Radomir Vrbovsky) 
[1180481 1180492] {CVE-2014-9584}
- [fs] bio: fix argument of __bio_add_page() for max_sectors > 0xffff 
(Fam Zheng) [1198428 1166763]
- [media] ttusb-dec: buffer overflow in ioctl (Alexander Gordeev) 
[1170971 1167115] {CVE-2014-8884}
- [kernel] trace: insufficient syscall number validation in perf and 
ftrace subsystems (Jacob Tanenbaum) [1161567 1161568] {CVE-2014-7826 
CVE-2014-7825}
- [fs] nfs: Fix a delegation callback race (Dave Wysochanski) [1187639 
1149831]
- [fs] nfs: Don't use the delegation->inode in 
nfs_mark_return_delegation() (Dave Wysochanski) [1187639 1149831]
- [infiniband] ipoib: don't queue a work struct up twice (Doug Ledford) 
[1187664 1187666 1184072 1159925]
- [infiniband] ipoib: make sure we reap all our ah on shutdown (Doug 
Ledford) [1187664 1187666 1184072 1159925]
- [infiniband] ipoib: cleanup a couple debug messages (Doug Ledford) 
[1187664 1187666 1184072 1159925]
- [infiniband] ipoib: flush the ipoib_workqueue on unregister (Doug 
Ledford) [1187664 1187666 1184072 1159925]
- [infiniband] ipoib: fix ipoib_mcast_restart_task (Doug Ledford) 
[1187664 1187666 1184072 1159925]
- [infiniband] ipoib: fix race between mcast_dev_flush and mcast_join 
(Doug Ledford) [1187664 1187666 1184072 1159925]
- [infiniband] ipoib: remove unneeded locks (Doug Ledford) [1187664 
1187666 1184072 1159925]
- [infiniband] ipoib: don't restart our thread on ENETRESET (Doug 
Ledford) [1187664 1187666 1184072 1159925]
- [infiniband] ipoib: Handle -ENETRESET properly in our callback (Doug 
Ledford) [1187664 1187666 1184072 1159925]
- [infiniband] ipoib: make delayed tasks not hold up everything (Doug 
Ledford) [1187664 1187666 1184072 1159925]
- [infiniband] ipoib: Add a helper to restart the multicast task (Doug 
Ledford) [1187664 1187666 1184072 1159925]
- [infiniband] ipoib: fix IPOIB_MCAST_RUN flag usage (Doug Ledford) 
[1187664 1187666 1184072 1159925]
- [infiniband] ipoib: Remove unnecessary port query (Doug Ledford) 
[1187664 1187666 1184072 1159925]
- [x86] kvm: Avoid pagefault in kvm_lapic_sync_to_vapic (Paolo Bonzini) 
[1192055 1116398]
- [s390] kernel: fix cpu target address of directed yield (Hendrik 
Brueckner) [1188339 1180061]
- [mm] memcg: do not allow task about to OOM kill to bypass the limit 
(Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
- [mm] memcg: do not declare OOM from __GFP_NOFAIL allocations (Johannes 
Weiner) [1198110 1088334] {CVE-2014-8171}
- [fs] buffer: move allocation failure loop into the allocator (Johannes 
Weiner) [1198110 1088334] {CVE-2014-8171}
- [mm] memcg: handle non-error OOM situations more gracefully (Johannes 
Weiner) [1198110 1088334] {CVE-2014-8171}
- [mm] memcg: do not trap chargers with full callstack on OOM (Johannes 
Weiner) [1198110 1088334] {CVE-2014-8171}
- [mm] memcg: rework and document OOM waiting and wakeup (Johannes 
Weiner) [1198110 1088334] {CVE-2014-8171}
- [mm] memcg: enable memcg OOM killer only for user faults (Johannes 
Weiner) [1198110 1088334] {CVE-2014-8171}
- [x86] mm: finish user fault error path with fatal signal (Johannes 
Weiner) [1198110 1088334] {CVE-2014-8171}
- [mm] pass userspace fault flag to generic fault handler (Johannes 
Weiner) [1198110 1088334] {CVE-2014-8171}
- [s390] mm: do not invoke OOM killer on kernel fault OOM (Johannes 
Weiner) [1198110 1088334] {CVE-2014-8171}
- [powerpc] mm: remove obsolete init OOM protection (Johannes Weiner) 
[1198110 1088334] {CVE-2014-8171}
- [powerpc] mm: invoke oom-killer from remaining unconverted page fault 
handlers (Johannes Weiner) [1198110 1088334] {CVE-2014-8171}
- [security] selinux: Permit bounded transitions under NO_NEW_PRIVS or 
NOSUID (Denys Vlasenko) [1104567 1104568] {CVE-2014-3215}
- [security] Add PR_<GET, SET>_NO_NEW_PRIVS to prevent execve from 
granting privs (Denys Vlasenko) [1104567 1104568] {CVE-2014-3215}

[2.6.32-504.15.1.el6]
- [netdrv] ixgbe: remove CIAA/D register reads from bad VF check (John 
Greene) [1196312 1156061]
- [pci] Make FLR and AF FLR reset warning messages different (Myron 
Stowe) [1192365 1184540]
- [pci] Fix unaligned access in AF transaction pending test (Myron 
Stowe) [1192365 1184540]
- [pci] Merge multi-line quoted strings (Myron Stowe) [1192365 1184540]
- [pci] Wrong register used to check pending traffic (Myron Stowe) 
[1192365 1184540]
- [pci] Add pci_wait_for_pending() -- refactor 
pci_wait_for_pending_transaction() (Myron Stowe) [1192365 1184540]
- [pci] Use pci_wait_for_pending_transaction() instead of for loop 
(Myron Stowe) [1192365 1184540]
- [pci] Add pci_wait_for_pending_transaction() (Myron Stowe) [1192365 
1184540]
- [pci] Wait for pending transactions to complete before 82599 FLR 
(Myron Stowe) [1192365 1184540]
- [scsi] storvsc: fix a bug in storvsc limits (Vitaly Kuznetsov) 
[1196532 1174168]

[2.6.32-504.14.1.el6]
- [s390] crypto: kernel oops at insmod of the z90crypt device driver 
(Hendrik Brueckner) [1191916 1172137]
- [sound] alsa: usb-audio: Fix crash at re-preparing the PCM stream 
(Jerry Snitselaar) [1192105 1167059]
- [usb] ehci: bugfix: urb->hcpriv should not be NULL (Jerry Snitselaar) 
[1192105 1167059]
- [mm] mmap: uncached vma support with writenotify (Jerry Snitselaar) 
[1192105 1167059]
- [kernel] futex: Mention key referencing differences between shared and 
private futexes (Larry Woodman) [1192107 1167405]
- [kernel] futex: Ensure get_futex_key_refs() always implies a barrier 
(Larry Woodman) [1192107 1167405]

[2.6.32-504.13.1.el6]
- [netdrv] enic: fix rx skb checksum (Stefan Assmann) [1189068 1115505]
- [scsi] Revert "fix our current target reap infrastructure" (David 
Milburn) [1188941 1168072]
- [scsi] Revert "dual scan thread bug fix" (David Milburn) [1188941 1168072]
- [net] tcp: do not copy headers in tcp_collapse() (Alexander Duyck) 
[1188838 1156289]
- [net] tcp: use tcp_flags in tcp_data_queue() (Alexander Duyck) 
[1188838 1156289]
- [net] tcp: use TCP_SKB_CB(skb)->tcp_flags in input path (Alexander 
Duyck) [1188838 1156289]
- [net] tcp: remove unused tcp_fin() parameters (Alexander Duyck) 
[1188838 1156289]
- [net] tcp: rename tcp_skb_cb flags (Alexander Duyck) [1188838 1156289]
- [net] tcp: unify tcp flag macros (Alexander Duyck) [1188838 1156289]
- [net] tcp: unalias tcp_skb_cb flags and ip_dsfield (Alexander Duyck) 
[1188838 1156289]






More information about the El-errata mailing list