[El-errata] ELSA-2017-3539 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Apr 13 19:16:20 PDT 2017 

Oracle Linux Security Advisory ELSA-2017-3539

http://linux.oracle.com/errata/ELSA-2017-3539.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-uek-4.1.12-61.1.34.el6uek.x86_64.rpm
kernel-uek-doc-4.1.12-61.1.34.el6uek.noarch.rpm
kernel-uek-firmware-4.1.12-61.1.34.el6uek.noarch.rpm
kernel-uek-devel-4.1.12-61.1.34.el6uek.x86_64.rpm
kernel-uek-debug-4.1.12-61.1.34.el6uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-61.1.34.el6uek.x86_64.rpm
dtrace-modules-4.1.12-61.1.34.el6uek-0.5.3-2.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-4.1.12-61.1.34.el6uek.src.rpm
http://oss.oracle.com/ol6/SRPMS-updates/dtrace-modules-4.1.12-61.1.34.el6uek-0.5.3-2.el6.src.rpm



Description of changes:

kernel-uek
[4.1.12-61.1.34.el6uek]
- uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles)  [Orabug: 25698171]
- ksplice: add sysctls for determining Ksplice features. (Jamie Iles) 
[Orabug: 25698171]
- signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie 
Iles)  [Orabug: 25698171]
- KVM: x86: fix emulation of "MOV SS, null selector" (Paolo Bonzini) 
[Orabug: 25719659]  {CVE-2017-2583} {CVE-2017-2583}
- ext4: store checksum seed in superblock (Darrick J. Wong)  [Orabug: 
25719728]  {CVE-2016-10208}
- ext4: reserve code points for the project quota feature (Theodore 
Ts'o)  [Orabug: 25719728]  {CVE-2016-10208}
- ext4: validate s_first_meta_bg at mount time (Eryu Guan)  [Orabug: 
25719728]  {CVE-2016-10208}
- ext4: clean up feature test macros with predicate functions (Darrick 
J. Wong)  [Orabug: 25719728]  {CVE-2016-10208}
- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) 
[Orabug: 25719793]  {CVE-2017-5986}
- tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet)  [Orabug: 
25720805]  {CVE-2017-6214}
- ip: fix IP_CHECKSUM handling (Paolo Abeni)  [Orabug: 25720839] 
{CVE-2017-6347}
- udp: fix IP_CHECKSUM handling (Eric Dumazet)  [Orabug: 25720839] 
{CVE-2017-6347}
- udp: do not expect udp headers in recv cmsg IP_CMSG_CHECKSUM (Willem 
de Bruijn)  [Orabug: 25720839]  {CVE-2017-6347}
- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy 
Whitcroft)  [Orabug: 25814641]  {CVE-2017-7184}
- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window 
(Andy Whitcroft)  [Orabug: 25814641]  {CVE-2017-7184}
- block: fix use-after-free in seq file (Vegard Nossum)  [Orabug: 
25877509]  {CVE-2016-7910}

More information about the El-errata mailing list