[El-errata] ELSA-2017-3635 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Nov 2 15:20:27 PDT 2017 

Oracle Linux Security Advisory ELSA-2017-3635

http://linux.oracle.com/errata/ELSA-2017-3635.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-103.9.2.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-103.9.2.el7uek.noarch.rpm
kernel-uek-4.1.12-103.9.2.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-103.9.2.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-103.9.2.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-103.9.2.el7uek.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.1.12-103.9.2.el7uek.src.rpm



Description of changes:

[4.1.12-103.9.2.el7uek]
- Revert "drivers/char/mem.c: deny access in open operation when 
securelevel is set" (Brian Maly)  [Orabug: 27037811]

[4.1.12-103.9.1.el7uek]
- xfs: use dedicated log worker wq to avoid deadlock with cil wq (Brian 
Foster)  [Orabug: 27013241]
- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't 
parse nlmsg properly (Xin Long)  [Orabug: 26988633]  {CVE-2017-14489}
- nvme: honor RTD3 Entry Latency for shutdowns (Martin K. Petersen) 
[Orabug: 26999097]
- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina 
Dubroca)  [Orabug: 27013220]  {CVE-2017-7542}
- udp: consistently apply ufo or fragmentation (Willem de Bruijn) 
[Orabug: 27013227]  {CVE-2017-1000112}
- drivers/char/mem.c: deny access in open operation when securelevel is 
set (Ethan Zhao)  [Orabug: 26943884]

[4.1.12-103.8.1.el7uek]
- tcp: fix tcp_mark_head_lost to check skb len before fragmenting (Neal 
Cardwell)  [Orabug: 26923675]
- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) 
[Orabug: 26899775]  {CVE-2017-10661}
- kvm: nVMX: Don't allow L2 to access the hardware CR8 (Jim Mattson) 
{CVE-2017-12154} {CVE-2017-12154}
- brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() 
(Tim Tianyang Chen)  [Orabug: 26880590]  {CVE-2017-7541}
- crypto: ahash - Fix EINPROGRESS notification callback (Herbert Xu) 
[Orabug: 26916575]  {CVE-2017-7618}
- ovl: use O_LARGEFILE in ovl_copy_up() (David Howells)  [Orabug: 25953280]
- rxrpc: Fix several cases where a padded len isn't checked in ticket 
decode (David Howells)  [Orabug: 26880508]  {CVE-2017-7482} {CVE-2017-7482}
- tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Wei Wang) 
[Orabug: 26813385]  {CVE-2017-14106}

More information about the El-errata mailing list