[El-errata] ELSA-2017-1615-1 Important: Oracle Linux 7 kernel security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Jun 29 06:52:38 PDT 2017 

Oracle Linux Security Advisory ELSA-2017-1615-1

http://linux.oracle.com/errata/ELSA-2017-1615-1.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-3.10.0-514.26.1.0.1.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-514.26.1.0.1.el7.noarch.rpm
kernel-debug-3.10.0-514.26.1.0.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.26.1.0.1.el7.x86_64.rpm
kernel-devel-3.10.0-514.26.1.0.1.el7.x86_64.rpm
kernel-doc-3.10.0-514.26.1.0.1.el7.noarch.rpm
kernel-headers-3.10.0-514.26.1.0.1.el7.x86_64.rpm
kernel-tools-3.10.0-514.26.1.0.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.26.1.0.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.26.1.0.1.el7.x86_64.rpm
perf-3.10.0-514.26.1.0.1.el7.x86_64.rpm
python-perf-3.10.0-514.26.1.0.1.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-514.26.1.0.1.el7.src.rpm



Description of changes:

- [3.10.0-514.26.1.0.1.el7.OL7]
- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug 
22552377]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel 
(olkmod_signing_key.x509)(alexey.petrenko at oracle.com)
- Update x509.genkey [bug 24817676]

[3.10.0-514.26.1.el7]
- [mm] enlarge stack guard gap (Larry Woodman) [1452732 1452733] 
{CVE-2017-1000364}
- Revert: [md] dm mirror: use all available legs on multiple failures 
(Mike Snitzer) [1449176 1383444]

[3.10.0-514.25.1.el7]
- [lib] kobject: grab an extra reference on kobject->sd to allow 
duplicate deletes (Aristeu Rozanski) [1454851 1427252]
- [kernel] module: When modifying a module's text ignore modules which 
are going away too (Aaron Tomlin) [1454684 1386313]
- [kernel] module: Ensure a module's state is set accordingly during 
module coming cleanup code (Aaron Tomlin) [1454684 1386313]
- [net] vxlan: do not output confusing error message (Jiri Benc) 
[1454636 1445054]
- [net] vxlan: correctly handle ipv6.disable module parameter (Jiri 
Benc) [1454636 1445054]
- [iommu] vt-d: fix range computation when making room for large pages 
(Alex Williamson) [1450856 1435612]
- [fs] nfsd: stricter decoding of write-like NFSv2/v3 ops ("J. Bruce 
Fields") [1449282 1443204] {CVE-2017-7895}
- [fs] nfsd4: minor NFSv2/v3 write decoding cleanup ("J. Bruce Fields") 
[1449282 1443204] {CVE-2017-7895}
- [md] dm mirror: use all available legs on multiple failures (Mike 
Snitzer) [1449176 1383444]
- [fs] nfsd: check for oversized NFSv2/v3 arguments ("J. Bruce Fields") 
[1447642 1442407] {CVE-2017-7645}
- [scsi] ses: don't get power status of SES device slot on probe 
(Gustavo Duarte) [1446650 1434768]
- [scsi] ipr: do not set DID_PASSTHROUGH on CHECK CONDITION (Steve Best) 
[1446649 1441747]
- [net] macsec: dynamically allocate space for sglist (Sabrina Dubroca) 
[1445546 1445545] {CVE-2017-7477}
- [net] macsec: avoid heap overflow in skb_to_sgvec (Sabrina Dubroca) 
[1445546 1445545] {CVE-2017-7477}
- [fs] gfs2: Allow glocks to be unlocked after withdraw (Robert S 
Peterson) [1433882 1404005]
- [net] tcp: avoid infinite loop in tcp_splice_read() (Davide Caratti) 
[1430579 1430580] {CVE-2017-6214}
- [mm] vma_merge: correct false positive from 
__vma_unlink->validate_mm_rb (Andrea Arcangeli) [1428840 1374548]
- [mm] vma_merge: fix race vm_page_prot race condition against rmap_walk 
(Andrea Arcangeli) [1428840 1374548]
- [mm] fix use-after-free if memory allocation failed in vma_adjust() 
(Andrea Arcangeli) [1428840 1374548]
- [x86] kvm: x86: fix emulation of "MOV SS, null selector" (Radim 
Krcmar) [1414742 1414743] {CVE-2017-2583}
- [powerpc] prom: Increase minimum RMA size to 512MB (Gustavo Duarte) 
[1450041 1411321]
- [pci] pciehp: Prioritize data-link event over presence detect (Myron 
Stowe) [1450124 1435818]
- [pci] pciehp: Don't re-read Slot Status when queuing hotplug event 
(Myron Stowe) [1450124 1435818]
- [pci] pciehp: Process all hotplug events before looking for new ones 
(Myron Stowe) [1450124 1435818]
- [pci] pciehp: Rename pcie_isr() locals for clarity (Myron Stowe) 
[1450124 1435818]

[3.10.0-514.24.1.el7]
- [scsi] lpfc: Fix panic on BFS configuration (Maurizio Lombardi) 
[1452044 1443116]
- [vfio] type1: Reduce repetitive calls in vfio_pin_pages_remote() (Alex 
Williamson) [1450855 1438403]
- [vfio] type1: Remove locked page accounting workqueue (Alex 
Williamson) [1450855 1438403]
- [fs] nfs: Allow getattr to also report readdirplus cache hits (Dave 
Wysochanski) [1450851 1442068]
- [fs] nfs: Be more targeted about readdirplus use when doing 
lookup/revalidation (Dave Wysochanski) [1450851 1442068]
- [fs] nfs: Fix a performance regression in readdir (Dave Wysochanski) 
[1450851 1442068]
- [x86] xen: do not re-use pirq number cached in pci device msi msg data 
(Vitaly Kuznetsov) [1450037 1433831]
- [powerpc] mm: Add missing global TLB invalidate if cxl is active 
(Steve Best) [1449178 1440776]
- [powerpc] boot: Fix zImage TOC alignment (Gustavo Duarte) [1444343 
1395838]

[3.10.0-514.23.1.el7]
- [scsi] qla2xxx: Defer marking device lost when receiving an RSCN 
(Himanshu Madhani) [1446246 1436940]
- [scsi] qla2xxx: Fix typo in driver (Himanshu Madhani) [1446246 1436940]
- [scsi] qla2xxx: Fix crash in qla2xxx_eh_abort on bad ptr (Himanshu 
Madhani) [1446246 1436940]
- [scsi] qla2xxx: Avoid that issuing a LIP triggers a kernel crash 
(Himanshu Madhani) [1446246 1436940]
- [scsi] qla2xxx: Add fix to read correct register value for ISP82xx 
(Himanshu Madhani) [1446246 1436940]
- [scsi] qla2xxx: Disable the adapter and skip error recovery in case of 
register disconnect (Himanshu Madhani) [1446246 1436940]

[3.10.0-514.22.1.el7]
- [mm] hugetlb: don't use reserved during VM_SHARED mapping cow (Larry 
Woodman) [1445184 1385473]

More information about the El-errata mailing list