[El-errata] ELSA-2018-0008 Important: Oracle Linux 6 kernel security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu Jan 4 14:54:19 PST 2018
Oracle Linux Security Advisory ELSA-2018-0008
http://linux.oracle.com/errata/ELSA-2018-0008.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
i386:
kernel-2.6.32-696.18.7.el6.i686.rpm
kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm
kernel-debug-2.6.32-696.18.7.el6.i686.rpm
kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm
kernel-devel-2.6.32-696.18.7.el6.i686.rpm
kernel-doc-2.6.32-696.18.7.el6.noarch.rpm
kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm
kernel-headers-2.6.32-696.18.7.el6.i686.rpm
perf-2.6.32-696.18.7.el6.i686.rpm
x86_64:
kernel-2.6.32-696.18.7.el6.x86_64.rpm
kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm
kernel-debug-2.6.32-696.18.7.el6.x86_64.rpm
kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm
kernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm
kernel-devel-2.6.32-696.18.7.el6.x86_64.rpm
kernel-doc-2.6.32-696.18.7.el6.noarch.rpm
kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm
kernel-headers-2.6.32-696.18.7.el6.x86_64.rpm
perf-2.6.32-696.18.7.el6.x86_64.rpm
python-perf-2.6.32-696.18.7.el6.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-2.6.32-696.18.7.el6.src.rpm
Description of changes:
[2.6.32-696.18.7.el6.OL6]
- Update genkey [bug 25599697]
[2.6.32-696.18.7.el6]
- [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas
functional (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: enable IBRS and stuff_RSB before calling NMI C code
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: skip CAP_SYS_PTRACE check to skip audit (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: disable ibrs while in intel_idle() (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: skip IBRS/CR3 restore when paranoid exception returns
to userland (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- Revert "x86/entry: Use retpoline for syscall's indirect calls" (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm/dump_pagetables: Allow dumping current pagetables (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/dump_pagetables: Add a pgd argument to walk_pgd_level()
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/dump_pagetables: Add page table directory (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] entry: Remove unneeded nmi_userspace code (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] entry: Fix nmi exit code with CONFIG_TRACE_IRQFLAGS (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED
per-cpu section (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: Clear kdump pgd page to prevent incorrect behavior
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: consider the init_mm.pgd a kaiser pgd (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: convert userland visible "kpti" name to "pti" (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
[2.6.32-696.18.6.el6]
- [x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm/kaiser: __load_cr3 in resume from RAM after kernel %gs has
been restored (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm/kaiser: Revert the __GFP_COMP flag change (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] entry: Fix paranoid_exit() trampoline clobber (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
[2.6.32-696.18.5.el6]
- [x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and
IBPB_SUPPORT are missing (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: Documentation spec_ctrl.txt (Waiman Long) [1519797
1519796] {CVE-2017-5715}
- [x86] spec_ctrl: remove irqs_disabled() check from intel_idle()
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: undo speculation barrier for ibrs_enabled and
noibrs_cmdline (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: use IBRS_ENABLED instead of 1 (Waiman Long) [1519797
1519796] {CVE-2017-5715}
- [x86] spec_ctrl: allow the IBP disable feature to be toggled at
runtime (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: always initialize save_reg in
ENABLE_IBRS_SAVE_AND_CLOBBER (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: ibrs_enabled() is expected to return > 1 (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: CLEAR_EXTRA_REGS and extra regs save/restore (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] syscall: Clear unused extra registers on syscall (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] entry: Add back STUFF_RSB to interrupt and error paths (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm/kaiser: make is_kaiser_pgd reliable (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm/kaiser: disable global pages by default with KAISER (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] revert: mm/kaiser: Disable global pages by default with KAISER
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] kaiser/mm: fix pgd freeing in error path (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] entry: Fix 32-bit program crash with 64-bit kernel on AMD boxes
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: add noibrs noibpb boot options (Waiman Long) [1519797
1519796] {CVE-2017-5715}
- [x86] entry: Use retpoline for syscall's indirect calls (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] syscall: Clear unused extra registers on 32-bit compatible
syscall entrance (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: rescan cpuid after a late microcode update (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: consolidate the spec control boot detection (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] Remove __cpuinitdata from some data & function (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: move stuff_RSB in spec_ctrl.h (Waiman Long) [1519797
1519796] {CVE-2017-5715}
- [x86] entry: Remove STUFF_RSB in error and interrupt code (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] entry: Stuff RSB for entry to kernel for non-SMEP platform
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm: Only set IBPB when the new thread cannot ptrace (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] mm: Set IBPB upon context switch (Waiman Long) [1519797 1519796]
{CVE-2017-5715}
- [x86] idle: Disable IBRS when offlining cpu and re-enable (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] idle: Disable IBRS entering idle and enable it on wakeup (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: implement spec ctrl C methods (Waiman Long) [1519797
1519796] {CVE-2017-5715}
- [x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] enter: Use IBRS on syscall and interrupts (Waiman Long) [1519797
1519796] {CVE-2017-5715}
- [x86] spec_ctrl: swap rdx with rsi for nmi nesting detection (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: spec_ctrl_pcp and kaiser_enabled_pcp in same cachline
(Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and
ibrs (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] enter: MACROS to set/clear IBRS and set IBPB (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [kvm] x86: add SPEC_CTRL to MSR and CPUID lists (Waiman Long) [1519797
1519796] {CVE-2017-5715}
- [kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] svm: Set IBPB when running a different VCPU (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [kvm] vmx: Set IBPB when running a different VCPU (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [kvm] x86: clear registers on VM exit (Waiman Long) [1519797 1519796]
{CVE-2017-5715}
- [x86] [kvm] Pad RSB on VM transition (Waiman Long) [1519797 1519796]
{CVE-2017-5715}
- [security] Add SPEC_CTRL Kconfig option (Waiman Long) [1519797
1519796] {CVE-2017-5715}
- [x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not
available (Waiman Long) [1519797 1519796] {CVE-2017-5715}
- [x86] feature: Report presence of IBPB and IBRS control (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] feature: Enable the x86 feature to control Speculation (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] cpuid: Provide get_scattered_cpuid_leaf() (Waiman Long) [1519797
1519796] {CVE-2017-5715}
- [x86] cpuid: Cleanup cpuid_regs definitions (Waiman Long) [1519797
1519796] {CVE-2017-5715}
- [x86] microcode: Share native MSR accessing variants (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] nop: Make the ASM_NOP* macros work from assembly (Waiman Long)
[1519797 1519796] {CVE-2017-5715}
- [x86] cpu: Clean up and unify the NOP selection infrastructure (Waiman
Long) [1519797 1519796] {CVE-2017-5715}
- [x86] entry: Further simplify the paranoid_exit code (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] entry: Remove trampoline check from paranoid entry path (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Don't switch to trampoline stack in paranoid_exit (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] entry: Simplify trampoline stack restore code (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [misc] locking/barriers: prevent speculative execution based on
Coverity scan results (Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [fs] udf: prevent speculative execution (Waiman Long) [1519787
1519789] {CVE-2017-5753}
- [fs] prevent speculative execution (Waiman Long) [1519787 1519789]
{CVE-2017-5753}
- [scsi] qla2xxx: prevent speculative execution (Waiman Long) [1519787
1519789] {CVE-2017-5753}
- [netdrv] p54: prevent speculative execution (Waiman Long) [1519787
1519789] {CVE-2017-5753}
- [netdrv] carl9170: prevent speculative execution (Waiman Long)
[1519787 1519789] {CVE-2017-5753}
- [media] uvcvideo: prevent speculative execution (Waiman Long) [1519787
1519789] {CVE-2017-5753}
- [x86] cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
(Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [x86] cpu/AMD: Make the LFENCE instruction serialized (Waiman Long)
[1519787 1519789] {CVE-2017-5753}
- [kernel] locking/barriers: introduce new memory barrier gmb() (Waiman
Long) [1519787 1519789] {CVE-2017-5753}
- [x86] Fix typo preventing msr_set/clear_bit from having an effect
(Waiman Long) [1519787 1519789] {CVE-2017-5753}
- [x86] Add another set of MSR accessor functions (Waiman Long) [1519787
1519789] {CVE-2017-5753}
- [x86] mm/kaiser: Replace kaiser with kpti to sync with upstream
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map the trace idt tables in userland shadow pgd
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add "kaiser" and "nokaiser" boot options (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] kaiser/mm: fix RESTORE_CR3 crash in kaiser_stop_machine (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use stop_machine for enable/disable knob (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] kaiser/mm: use atomic ops to poison/unpoison user pagetables
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use two PCID ASIDs optimize the TLB during enter/exit
kernel (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: stop patching flush_tlb_single (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm: If INVPCID is available, use it to flush global mappings
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use PCID feature to make user and kernel switches
faster (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/64: Initialize CR4.PCIDE early (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm: Add a 'noinvpcid' boot option to turn off INVPCID (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm: Add the 'nopcid' boot option to turn off PCID (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: validate trampoline stack (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] entry: Move SYSENTER_stack to the beginning of struct tss_struct
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: isolate the user mapped per cpu areas (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: selective boot time defaults (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm/kaiser/xen: Dynamically disable KAISER when running under Xen
PV (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add Kconfig (Waiman Long) [1519799 1519802]
{CVE-2017-5754}
- [x86] mm/kaiser: avoid false positives during non-kaiser pgd updates
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: Respect disabled CPU features (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] kaiser/mm: trampoline stack comments (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm/kaiser: stack trampoline (Waiman Long) [1519799 1519802]
{CVE-2017-5754}
- [x86] mm/kaiser: re-enable vsyscalls (Waiman Long) [1519799 1519802]
{CVE-2017-5754}
- [x86] mm/kaiser: allow to build KAISER with KASRL (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: allow KAISER to be enabled/disabled at runtime
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: un-poison PGDs at runtime (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add a function to check for KAISER being enabled
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add debugfs file to turn KAISER on/off at runtime
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: disable native VSYSCALL (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map virtually-addressed performance monitoring
buffers (Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add kprobes text section (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map trace interrupt entry (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map entry stack per-cpu areas (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map dynamically-allocated LDTs (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm/kaiser: make sure static PGDs are 8k in size (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: allow NX poison to be set in p4d/pgd (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: unmap kernel from userspace page tables (core patch)
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: mark per-cpu data structures required for entry/exit
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: introduce user-mapped per-cpu areas (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add cr3 switches to entry code (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm/kaiser: remove scratch registers (Waiman Long) [1519799
1519802] {CVE-2017-5754}
- [x86] mm/kaiser: prepare assembly for entry/exit CR3 switching (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm/kaiser: Disable global pages by default with KAISER (Waiman
Long) [1519799 1519802] {CVE-2017-5754}
- [x86] mm: Document X86_CR4_PGE toggling behavior (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] mm/tlb: Make CR4-based TLB flushes more robust (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] mm: Do not set _PAGE_USER for init_mm page tables (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] increase robusteness of bad_iret fixup handler (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [x86] mm: Check if PUD is large when validating a kernel address
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [x86] Separate out entry text section (Waiman Long) [1519799 1519802]
{CVE-2017-5754}
- [include] linux/const.h: Add _BITUL() and _BITULL() (Waiman Long)
[1519799 1519802] {CVE-2017-5754}
- [include] linux/mmdebug.h: add VM_WARN_ON() and VM_WARN_ON_ONCE()
(Waiman Long) [1519799 1519802] {CVE-2017-5754}
- [include] stddef.h: Move offsetofend() from vfio.h to a generic kernel
header (Waiman Long) [1519799 1519802] {CVE-2017-5754}
[2.6.32-696.18.1.el6]
- [s390] s390/qdio: clear DSCI prior to scanning multiple input queues
(Hendrik Brueckner) [1513314 1467962]
- [net] sctp: do not loose window information if in rwnd_over (Marcelo
Leitner) [1514443 1492220]
- [net] sctp: fix recovering from 0 win with small data chunks (Marcelo
Leitner) [1514443 1492220]
- [s390] zfcp: fix erp_action use-before-initialize in REC action trace
(Hendrik Brueckner) [1512425 1497000]
- [hv] vmbus: Fix error code returned by vmbus_post_msg() (Vitaly
Kuznetsov) [1506145 1491846]
- [hv] vmbus: Increase the time between retries in vmbus_post_msg()
(Vitaly Kuznetsov) [1506145 1491846]
- [hv] vmbus: Raise retry/wait limits in vmbus_post_msg() (Vitaly
Kuznetsov) [1506145 1491846]
- [hv] vmbus: Reduce the delay between retries in vmbus_post_msg()
(Vitaly Kuznetsov) [1506145 1491846]
- [scsi] be2iscsi: fix bad extern declaration (Maurizio Lombardi)
[1507512 1497152]
- [kernel] mqueue: fix a use-after-free in sys_mq_notify() (Davide
Caratti) [1476122 1476124] {CVE-2017-11176}
- [net] ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()
(Matteo Croce) [1477008 1477006] {CVE-2017-7542}
- [net] ipv6: avoid overflow of offset in ip6_find_1stfragopt (Matteo
Croce) [1477008 1477006] {CVE-2017-7542}
- [net] ipv6: Fix leak in ipv6_gso_segment() (Sabrina Dubroca) [1502417
1459951] {CVE-2017-9074}
- [net] gre: fix a possible skb leak (Sabrina Dubroca) [1502417 1459951]
{CVE-2017-9074}
- [net] ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt()
(Sabrina Dubroca) [1502417 1459951] {CVE-2017-9074}
- [net] ipv6: Check ip6_find_1stfragopt() return value properly (Sabrina
Dubroca) [1502417 1459951] {CVE-2017-9074}
- [net] ipv6: Prevent overrun when parsing v6 header options (Sabrina
Dubroca) [1502417 1459951] {CVE-2017-9074}
[2.6.32-696.17.1.el6]
- [fs] nfsd: reorder nfsd_cache_match to check more powerful
discriminators first (Thiago Becker) [1509876 1435787]
- [fs] nfsd: split DRC global spinlock into per-bucket locks (Thiago
Becker) [1509876 1435787]
- [fs] nfsd: convert num_drc_entries to an atomic_t (Thiago Becker)
[1509876 1435787]
- [fs] nfsd: remove the cache_hash list (Thiago Becker) [1509876 1435787]
- [fs] nfsd: convert the lru list into a per-bucket thing (Thiago
Becker) [1509876 1435787]
- [fs] nfsd: clean up drc cache in preparation for global spinlock
elimination (Thiago Becker) [1509876 1435787]
More information about the El-errata
mailing list