[El-errata] ELSA-2017-3315 Important: Oracle Linux 7 kernel security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Nov 30 20:00:30 PST 2017 

Oracle Linux Security Advisory ELSA-2017-3315

http://linux.oracle.com/errata/ELSA-2017-3315.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-3.10.0-693.11.1.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-693.11.1.el7.noarch.rpm
kernel-debug-3.10.0-693.11.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.11.1.el7.x86_64.rpm
kernel-devel-3.10.0-693.11.1.el7.x86_64.rpm
kernel-doc-3.10.0-693.11.1.el7.noarch.rpm
kernel-headers-3.10.0-693.11.1.el7.x86_64.rpm
kernel-tools-3.10.0-693.11.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.11.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.11.1.el7.x86_64.rpm
perf-3.10.0-693.11.1.el7.x86_64.rpm
python-perf-3.10.0-693.11.1.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-693.11.1.el7.src.rpm



Description of changes:

- [3.10.0-693.11.1.el7.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel 
(olkmod_signing_key.x509)(alexey.petrenko at oracle.com)
- Update x509.genkey [bug 24817676]

[3.10.0-693.11.1.el7]
- [powerpc] perf: Fix book3s kernel to userspace backtraces (Gustavo 
Duarte) [1506143 1492669]

[3.10.0-693.10.1.el7]
- [mm] mm, hugetlb: use pte_present() instead of pmd_present() in 
follow_huge_pmd() (Rafael Aquini) [1505164 1472460]
- [mm] fix invalid node in alloc_migrate_target() (Rafael Aquini) 
[1505164 1472460]
- [mm] add !pte_present() check on existing hugetlb_entry callbacks 
(Rafael Aquini) [1505164 1472460]
- [fs] ceph: avoid accessing freeing inode in ceph_check_delayed_caps() 
(Ilya Dryomov) [1505163 1489426]
- [fs] nfsd: Fix general protection fault in release_lock_stateid() (J. 
Bruce Fields) [1505160 1500815]
- [fs] cifs: Reconnect expired SMB sessions (Leif Sahlberg) [1501526 
1477052]
- [fs] cifs: Separate SMB2 header structure (Leif Sahlberg) [1501526 
1429710]

[3.10.0-693.9.1.el7]
- [fs] ext4: fix off-by-one on max nr_pages in 
ext4_find_unwritten_pgoff() (Bill O'Donnell) [1504115 1458728]
- [fs] ext4: fix off-by-in loop termination in 
ext4_find_unwritten_pgoff() (Bill O'Donnell) [1501387 1469363]
- [fs] ext4: fix SEEK_HOLE (Bill O'Donnell) [1501387 1469363]
- [fs] xfs: Move handling of missing page into one place in 
xfs_find_get_desired_pgoff() (Bill O'Donnell) [1498736 1460446]
- [fs] xfs: Fix off-by-in in loop termination in 
xfs_find_get_desired_pgoff() (Bill O'Donnell) [1498736 1460446]
- [fs] xfs: Fix missed holes in SEEK_HOLE implementation (Bill 
O'Donnell) [1498736 1460446]
- [fs] xfs: fix off-by-one on max nr_pages in 
xfs_find_get_desired_pgoff() (Eryu Guan) [1502731 1458997]
- [nvme] Test unit Ready broken for nvme drvices (David Milburn) 
[1502733 1478457]
- [hv] vmbus: Increase the time between retries in vmbus_post_msg() 
(Mohammed Gamal) [1495763 1491843]
- [hv] vmbus: Fix error code returned by vmbus_post_msg() (Mohammed 
Gamal) [1495763 1467258]
- [netdrv] netvsc: propagate MAC address change to VF slave (Vitaly 
Kuznetsov) [1500321 1477784]
- [netdrv] netvsc: delay setup of VF device (Vitaly Kuznetsov) [1500321 
1477784]
- [netdrv] netvsc: make sure and unregister datapath (Vitaly Kuznetsov) 
[1500321 1477784]
- [netdrv] netvsc: fix rtnl deadlock on unregister of vf (Vitaly 
Kuznetsov) [1500321 1477784]
- [netdrv] netvsc: transparent VF management (Vitaly Kuznetsov) [1500321 
1477784]
- [netdrv] hv_netvsc: Fix the carrier state error when data path is off 
(Vitaly Kuznetsov) [1500321 1477784]
- [netdrv] hv_netvsc: Fix the queue index computation in forwarding case 
(Vitaly Kuznetsov) [1500321 1477784]
- [netdrv] netvsc: handle select_queue when device is being removed 
(Vitaly Kuznetsov) [1500321 1477784]
- [netdrv] netvsc: report per-channel stats in ethtool statistics 
(Vitaly Kuznetsov) [1500321 1477784]
- [netdrv] netvsc: account for packets/bytes transmitted after 
completion (Vitaly Kuznetsov) [1500321 1477784]
- [netdrv] netvsc: group all per-channel state together (Vitaly 
Kuznetsov) [1500321 1477784]
- [netdrv] netvsc: enhance transmit select_queue (Vitaly Kuznetsov) 
[1500321 1477784]

[3.10.0-693.8.1.el7]
- [x86] kvm: x86: Fix potential preemption when get the current kvmclock 
timestamp (Marcelo Tosatti) [1503459 1496522]
- [x86] kvm: x86: remove irq disablement around 
KVM_SET_CLOCK/KVM_GET_CLOCK (Marcelo Tosatti) [1503459 1496522]

[3.10.0-693.7.1.el7]
- [mm] page_cgroup: Fix Kernel bug during boot with memory cgroups 
enabled (Larry Woodman) [1491970 1483747]
- Revert: [mm] Fix Kernel bug during boot with memory cgroups enabled 
(Larry Woodman) [1491970 1483747]

[3.10.0-693.6.1.el7]
- [netdrv] mlx5: Avoid using pending command interface slots (Don 
Dutile) [1497604 1463367]
- [x86] amd: Limit cpu_core_id fixup to families older than F17h 
(Suravee Suthikulpanit) [1497603 1477397]
- [x86] cpu/amd: Fix Zen SMT topology (Suravee Suthikulpanit) [1497603 
1477397]
- [x86] cpu/amd: Bring back Compute Unit ID (Suravee Suthikulpanit) 
[1497603 1477397]
- [x86] cpu/amd: Fix Bulldozer topology (Suravee Suthikulpanit) [1497603 
1477397]
- [x86] cpu/amd: Clean up cpu_llc_id assignment per topology feature 
(Suravee Suthikulpanit) [1497603 1477397]
- [x86] cpu: Get rid of compute_unit_id (Suravee Suthikulpanit) [1497603 
1477397]
- [x86] amd: Derive L3 shared_cpu_map from cpu_llc_shared_mask (Suravee 
Suthikulpanit) [1497238 1477399]
- [net] ipv6: only call ip6_route_dev_notify() once for 
NETDEV_UNREGISTER (Matteo Croce) [1497121 1468935]
- [fs] gfs2: Fix debugfs glocks dump (Andreas Grunbacher) [1497078 1493067]
- [fs] gfs2: Replace rhashtable_walk_init with rhashtable_walk_enter 
(Andreas Grunbacher) [1497078 1493067]
- [fs] gfs2: Deduplicate gfs2_{glocks,glstats}_open (Andreas Grunbacher) 
[1497078 1493067]
- [cpufreq] intel_pstate: Fix unsafe HWP MSR access (Steve Best) 
[1497058 1457552]
- [s390] af_iucv: correctly copy SKB data (add missing hunk from 04d0ec) 
(Hendrik Brueckner) [1494354 1459782]
- [sound] alsa: timer: Use common error handling code in 
alsa_timer_init() (Jaroslav Kysela) [1465998 1465999] {CVE-2017-1000380}
- [sound] alsa: timer: Adjust a condition check in 
snd_timer_resolution() (Jaroslav Kysela) [1465998 1465999] 
{CVE-2017-1000380}
- [sound] alsa: timer: Follow standard EXPORT_SYMBOL() declarations 
(Jaroslav Kysela) [1465998 1465999] {CVE-2017-1000380}
- [sound] alsa: timer: Wrap with spinlock for queue access (Jaroslav 
Kysela) [1465998 1465999] {CVE-2017-1000380}
- [sound] alsa: timer: Improve user queue reallocation (Jaroslav Kysela) 
[1465998 1465999] {CVE-2017-1000380}
- [sound] alsa: timer: Fix missing queue indices reset at 
SNDRV_TIMER_IOCTL_SELECT (Jaroslav Kysela) [1465998 1465999] 
{CVE-2017-1000380}
- [sound] alsa: timer: Fix race between read and ioctl (Jaroslav Kysela) 
[1465998 1465999] {CVE-2017-1000380}
- [sound] alsa: timer: Info leak in snd_timer_user_tinterrupt() 
(Jaroslav Kysela) [1465998 1465999] {CVE-2017-1000380}
- [sound] alsa: timer: remove some dead code (Jaroslav Kysela) [1465998 
1465999] {CVE-2017-1000380}
- [sound] alsa: timer: Reject user params with too small ticks (Jaroslav 
Kysela) [1465998 1465999] {CVE-2017-1000380}

More information about the El-errata mailing list