[Oraclevm-errata] OVMSA-2016-0037 Important: Oracle VM 3.2 kernel-uek security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Thu Mar 17 12:44:21 PDT 2016
Oracle VM Security Advisory OVMSA-2016-0037
The following updated rpms for Oracle VM 3.2 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-2.6.39-400.277.1.el5uek.x86_64.rpm
kernel-uek-firmware-2.6.39-400.277.1.el5uek.noarch.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.2/SRPMS-updates/kernel-uek-2.6.39-400.277.1.el5uek.src.rpm
Description of changes:
[2.6.39-400.277.1.el5uek]
- Fix double free iocb->private with AIO DIO (Shirley Ma) [Orabug:
18794638]
- xen/xenbus: Avoid synchronous wait on XenBus stalling
shutdown/restart. (Konrad Rzeszutek Wilk) [Orabug: 18932877]
- Increased maximum tape device limit to 1024 in UEK2 (Ritika
Srivastava) [Orabug: 22044668]
- qla2xxx: don't treat initial temperature read failure as an error (Dan
Duval) [Orabug: 22098738]
- Revert "qla2xxx: Display mailbox failure by default." (Dan Duval)
[Orabug: 22098738]
- RDS: Add interface for receive MSG latency trace (Santosh Shilimkar)
[Orabug: 22630078]
- RDS: Add support for per socket SO_TIMESTAMP for incoming messages
(Santosh Shilimkar) [Orabug: 22630078]
- rds: add infrastructure to find more details for reconnect failure
(Ajaykumar Hotchandani) [Orabug: 21799394]
- rds: find connection drop reason (Ajaykumar Hotchandani) [Orabug:
21799394]
[2.6.39-400.276.1.el5uek]
- block: bump BLK_DEF_MAX_SECTORS to 2560 (Joe Jin) [Orabug: 22521844]
- Revert "block: remove artifical max_hw_sectors cap" (Joe Jin)
[Orabug: 22521844]
[2.6.39-400.275.1.el5uek]
- KEYS: Don't permit request_key() to construct a new keyring (David
Howells) [Orabug: 22373449] {CVE-2015-7872}
[2.6.39-400.274.0.el5uek]
- crypto: add missing crypto module aliases (Mathias Krause) [Orabug:
22249656] {CVE-2013-7421} {CVE-2014-9644}
- crypto: include crypto- module prefix in template (Kees Cook)
[Orabug: 22249656] {CVE-2013-7421} {CVE-2014-9644}
- crypto: prefix module autoloading with "crypto-" (Kees Cook) [Orabug:
22249656] {CVE-2013-7421} {CVE-2014-9644}
[2.6.39-400.273.0.el5uek]
- KVM: x86: Don't report guest userspace emulation error to userspace
(Nadav Amit) [Orabug: 22249615] {CVE-2010-5313} {CVE-2014-7842}
[2.6.39-400.272.0.el5uek]
- rds: print rdma_cm_id while establishing connection (Ajaykumar
Hotchandani) [Orabug: 22315028]
- rdma_cm: extend debug for remote mapping (Ajaykumar Hotchandani)
[Orabug: 22315028]
- OFED: indicate consistent vendor error (Ajaykumar Hotchandani)
[Orabug: 22308787]
- mlx4_core: print device details for PORT event (Ajaykumar Hotchandani)
[Orabug: 22113813]
- mlx4_core: enable print for device reset (Ajaykumar Hotchandani)
[Orabug: 22308637]
- mlx4_core: correct fmr_reserve() (Ajaykumar Hotchandani) [Orabug:
22137952]
[2.6.39-400.271.0.el5uek]
- msg_unlock() in wrong spot after applying "Initialize msg/shm IPC
objects before doing ipc_addid()" (Chuck Anderson) [Orabug: 22250044]
{CVE-2015-7613} {CVE-2015-7613}
[2.6.39-400.270.0.el5uek]
- ipc/sem.c: fully initialize sem_array before making it visible
(Manfred Spraul) [Orabug: 22250044] {CVE-2015-7613}
- Initialize msg/shm IPC objects before doing ipc_addid() (Linus
Torvalds) [Orabug: 22250044] {CVE-2015-7613}
[2.6.39-400.269.0.el5uek]
- KVM: svm: unconditionally intercept #DB (Paolo Bonzini) [Orabug:
22333698] {CVE-2015-8104} {CVE-2015-8104}
- KVM: x86: work around infinite loop in microcode when #AC is delivered
(Eric Northup) [Orabug: 22333689] {CVE-2015-5307} {CVE-2015-5307}
[2.6.39-400.268.0.el5uek]
- mm/swap.c: reorganize put_compound_page() (Andrew Morton) [Orabug:
16823432]
- mm/hugetlb.c: simplify PageHeadHuge() and PageHuge() (Andrew Morton)
[Orabug: 16823432]
- mm: document PageHuge somewhat (Andrew Morton) [Orabug: 16823432]
- mm: hugetlbfs: use __compound_tail_refcounted in __get_page_tail too
(Andrea Arcangeli) [Orabug: 16823432]
- mm: tail page refcounting optimization for slab and hugetlbfs (Andrea
Arcangeli) [Orabug: 16823432]
- mm: thp: optimize compound_trans_huge (Andrea Arcangeli) [Orabug:
16823432]
- mm: hugetlbfs: move the put/get_page slab and hugetlbfs optimization
in a faster path (Andrea Arcangeli) [Orabug: 16823432]
- mm: hugetlb: use get_page_foll() in follow_hugetlb_page() (Andrea
Arcangeli) [Orabug: 16823432]
- mm: hugetlbfs: fix hugetlbfs optimization (Andrea Arcangeli) [Orabug:
16823432]
- mm: fix aio performance regression for database caused by THP (Khalid
Aziz) [Orabug: 16823432]
- mm: fix slab->page flags corruption (Pravin B Shelar) [Orabug: 16823432]
- IB/mlx4: Implement IB_QP_CREATE_USE_GFP_NOIO (Jiri Kosina)
- IB: Add a QP creation flag to use GFP_NOIO allocations (Or Gerlitz)
- IB: Return error for unsupported QP creation flags (Or Gerlitz)
[2.6.39-400.267.0.el5uek]
- x86/xen: properly retrieve NMI reason (Jan Beulich) [Orabug: 21892076]
- x86/mrst: Avoid reporting wrong nmi status (Jacob Pan) [Orabug:
21892076]
- xen: Support 64-bit PV guest receiving NMIs (Konrad Rzeszutek Wilk)
[Orabug: 21892076]
- nfsd: fix rare symlink decoding bug (J. Bruce Fields) [Orabug: 18405506]
- ocfs2: __ocfs2_mknod_locked should return error when
ocfs2_create_new_inode_locks() failed (Xue jiufei) [Orabug: 21171285]
- NFSv4: Get rid of unnecessary BUG_ON()s (Trond Myklebust) [Orabug:
21744595]
- IPoIB: serialize changing on tx_outstanding (Wengang Wang) [Orabug:
21861366]
- x86/xen: Do not clip xen_e820_map to xen_e820_map_entries when
sanitizing map (Malcolm Crossley)
- IPoIB: Drop priv->lock before calling ipoib_send() (Wengang Wang)
- IB/mlx4: Use vmalloc for WR buffers when needed (Wengang Wang)
[Orabug: 22025569]
- mm: move kvfree to mm/util (Wengang Wang) [Orabug: 22025569]
- mlx4_core: Introduce restrictions for PD update (Ajaykumar Hotchandani)
- mlx4: Increase SYNC_TPT command timeout (Mukesh Kacker) [Orabug:
21692254]
- IB/ipoib: Calculate csum only when skb->ip_summed is CHECKSUM_PARTIAL
(Yuval Shaia) [Orabug: 20873175]
- virtio-net: drop NETIF_F_FRAGLIST (Jason Wang) [Orabug: 22145599]
{CVE-2015-5156}
[2.6.39-400.266.0.el5uek]
- xen/blkfront: remove redundant flush_op (Vitaly Kuznetsov) [Orabug:
21862750]
- xen/blkfront: improve protection against issuing unsupported REQ_FUA
(Vitaly Kuznetsov) [Orabug: 21862750]
[2.6.39-400.265.0.el5uek]
- intel_idle: Broadwell support (Santosh Shilimkar) [Orabug: 21805197]
- NVMe: Setup max hardware sector count to 512KB (Santosh Shilimkar)
[Orabug: 21818552]
- mlx4_core: Fix integer overflows so 8TBs of memory (Wengang Wang)
- iw/rds: fixed big endianness conversion issue for dp->dp_ack_seq (Qing
Huang) [Orabug: 21107553]
- bonding: change error message to debug message in bond_release
(Wengang Wang)
[2.6.39-400.264.2.el5uek]
- xen-blkfront: introduce blkfront_gather_backend_features() (Bob Liu)
[Orabug: 21795426]
- chmod can cause hang in a cluster (Tariq Saeed) [Orabug: 21496050]
[2.6.39-400.264.1.el5uek]
- mm/hugetlb: Add locking to region_{add,change,truncate,count} when
using shared files with hugepages (Mike Kravetz) [Orabug: 21561820]
[2.6.39-400.263.1.el5uek]
- af_netlink: force credentials passing [CVE-2012-3520] (Eric Dumazet)
[Orabug: 21591166] {CVE-2012-3520}
- xen/pciback: Don't print scary messages when unsupported by
hypervisor. (Konrad Rzeszutek Wilk) [Orabug: 20642069]
- rds_rdma: setup connection before rds_cmsg_send (Wengang Wang)
[Orabug: 20232581]
- megaraid_sas : Firmware crash dump feature support
(Sumit.Saxena at avagotech.com) [Orabug: 21620491]
[2.6.39-400.262.1.el5uek]
- udp: fix behavior of wrong checksums (Eric Dumazet) [Orabug:
21628851] {CVE-2015-5364} {CVE-2015-5366}
- scsi: don't add scsi_device if its already visible (Subhash Jadavani)
[Orabug: 21611207]
- NVMe: Don't write cq doorbell on suspended queues (Keith Busch)
[Orabug: 21591104]
- IB/ipoib: Potential false positive with peer support for
ib-crc-as-csum (Yuval Shaia) [Orabug: 21350399]
- mlx4: indicate memory resource exhaustion (Ajaykumar Hotchandani)
[Orabug: 21097014]
- rds: return EMSGSIZE for oversize requests before processing/queueing
(Mukesh Kacker) [Orabug: 21079258]
[2.6.39-400.261.1.el5uek]
- md: use kzalloc() when bitmap is disabled (Benjamin Randazzo)
[Orabug: 21563042] {CVE-2015-5697}
- netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len (Andrey
Vagin) [Orabug: 21562780] {CVE-2014-9715}
[2.6.39-400.260.1.el5uek]
- block: remove artifical max_hw_sectors cap (Joe Jin) [Orabug: 21455630]
- idr: fix unexpected ID-removal when idr_remove(unallocated_id) (Lai
Jiangshan) [Orabug: 21446790]
- idr: remove WARN_ON_ONCE() on negative IDs (Tejun Heo) [Orabug:
21446790]
- ipc,shm: fix shm_file deletion races (Greg Thelen) [Orabug: 21446790]
- rds: avoid call to flush_mrs() in specific condition (Ajaykumar
Hotchandani) [Orabug: 21379403]
- rds: print vendor error (Wengang Wang) [Orabug: 21361643]
- Xen-netback: Fix issue caused by using gso_type wrongly (Annie Li)
[Orabug: 21358903]
- xen-netback: fix fragments error handling in checksum_setup_ip() (Wei
Yongjun) [Orabug: 21358903]
- xen-netback: make sure skb linear area covers checksum field (Paul
Durrant) [Orabug: 21358903]
- xen-netback: reset network header before passing skb to checksum
funtion (Annie Li) [Orabug: 21358903]
- xen-netback: fix fragment detection in checksum setup (Paul Durrant)
[Orabug: 21358903]
- xen-netback: fix gso_prefix check (Paul Durrant) [Orabug: 21358903]
- xen-netback: include definition of csum_ipv6_magic (Andy Whitcroft)
[Orabug: 21358903]
- xen-netback: enable IPv6 TCP GSO to the guest (Paul Durrant) [Orabug:
21358903]
- xen-netback: handle IPv6 TCP GSO packets from the guest (Paul Durrant)
[Orabug: 21358903]
- xen-netback: Unconditionally set NETIF_F_RXCSUM (Paul Durrant)
[Orabug: 21358903]
- xen-netback: add support for IPv6 checksum offload from guest (Paul
Durrant) [Orabug: 21358903]
- xen-netback: switch to use skb_partial_csum_set() (Jason Wang)
[Orabug: 21358903]
- xen-netback: add support for IPv6 checksum offload to guest (Paul
Durrant) [Orabug: 21358903]
- vfs: allow umount to handle mountpoints without revalidating them
(Jeff Layton) [Orabug: 21321002]
- rds: rds_ib_device.refcount overflow (Wengang Wang) [Orabug: 21288594]
- sched: Optimize task_sched_runtime() (Peter Zijlstra) [Orabug: 20739920]
- IPoIB: Fix ipoib_hard_header() return value (Doug Ledford) [Orabug:
18223954]
[2.6.39-400.259.0.el5uek]
- x86, tls: Interpret an all-zero struct user_desc as "no segment" (Andy
Lutomirski) [Orabug: 21514969]
- x86, tls, ldt: Stop checking lm in LDT_empty (Andy Lutomirski)
[Orabug: 21514969]
[2.6.39-400.258.0.el5uek]
- KVM: x86: SYSENTER emulation is broken (Nadav Amit) [Orabug:
21502740] {CVE-2015-0239} {CVE-2015-0239}
- x86/tls: Validate TLS entries to protect espfix (Andy Lutomirski)
[Orabug: 20223777] {CVE-2014-8133}
- fs: take i_mutex during prepare_binprm for set[ug]id executables (Jann
Horn) [Orabug: 21502255] {CVE-2015-3339}
- eCryptfs: Remove buggy and unnecessary write in file name decode
routine (Michael Halcrow) [Orabug: 21502066] {CVE-2014-9683}
[2.6.39-400.257.0.el5uek]
- ipv6: Don't reduce hop limit for an interface (D.S. Ljungmark)
[Orabug: 21444791] {CVE-2015-2922}
- ipv4: Missing sk_nulls_node_init() in ping_unhash(). (David S. Miller)
[Orabug: 21444688] {CVE-2015-3636}
- x86/asm/entry/64: Remove a bogus 'ret_from_fork' optimization (Andy
Lutomirski) [Orabug: 21308308] {CVE-2015-2830}
- x86, mm/ASLR: Fix stack randomization on 64-bit systems (Hector
Marco-Gisbert) [Orabug: 21307918] {CVE-2015-1593} {CVE-2015-1593}
[2.6.39-400.256.0.el5uek]
- NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock
(Tariq Saeed) [Orabug: 20933419]
- jbd2: fix hung processes in jbd2_journal_lock_updates() (Jan Kara)
- rds: make sure base connection is up on both sides (Ajaykumar
Hotchandani) [Orabug: 20011421]
[2.6.39-400.255.0.el5uek]
- x86_64, vdso: Fix the vdso address randomization algorithm (Andy
Lutomirski) [Orabug: 21226730] {CVE-2014-9585}
- isofs: Fix infinite looping over CE entries (Jan Kara) [Orabug:
21225976] {CVE-2014-9420}
- x86_64, switch_to(): Load TLS descriptors before switching DS and ES
(Andy Lutomirski) [Orabug: 21225938] {CVE-2014-9419}
[2.6.39-400.254.0.el5uek]
- IB/ipoib: Disable TSO in connected mode (Yuval Shaia) [Orabug: 20637991]
[2.6.39-400.253.0.el5uek]
- ib/rds: fixed big endianness conversion issue for dp->dp_ack_seq (Qing
Huang) [Orabug: 21057517]
- ib/rds: fixed crashes caused by incoming requests with wrong
destination (Qing Huang) [Orabug: 20823711]
- af_unix: dont send SCM_CREDENTIALS by default (Eric Dumazet) [Orabug:
20604916]
- scm: Capture the full credentials of the scm sender (Tim Chen)
[Orabug: 20604916]
- af_unix: limit recursion level (Eric Dumazet) [Orabug: 20604916]
- af_unix: Allow credentials to work across user and pid namespaces.
(Eric W. Biederman) [Orabug: 20604916]
- scm: Capture the full credentials of the scm sender. (Eric W.
Biederman) [Orabug: 20604916]
- RDS: Handle RDMA_CM_EVENT_TIMEWAIT_EXIT (Venkat Venkatsubra) [Orabug:
20547505]
- mlx4_ib: Memory leak on Dom0 with SRIOV. (Venkat Venkatsubra)
[Orabug: 20508779]
- BUG_ON(lockres->l_level != DLM_LOCK_EX && !checkpointed) tripped in
ocfs2_ci_checkpointed (Tariq Saeed) [Orabug: 20189959]
- sched: Prevent divide by zero when cpu power calculation is 0 (Todd
Vierling) [Orabug: 17936435]
- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller)
[Orabug: 21077389] {CVE-2015-3331}
[2.6.39-400.252.0.el5uek]
- kexec: export free_huge_page to VMCOREINFO (Atsushi Kumagai) [Orabug:
20313589]
- kexec: save PG_head_mask in VMCOREINFO (Petr Tesarik) [Orabug: 20313589]
[2.6.39-400.251.0.el5uek]
- Revert "Support checksum and gso offload of ipv6 in netback" (Annie
Li) [Orabug: 20492244]
- ocfs2/cluster: Cluster up now includes network connections too (Sunil
Mushran) [Orabug: 19803036]
- oracleasm: Restrict logical block size reporting (Martin K. Petersen)
[Orabug: 19699681]
- oracleasm: Report logical block size (Martin K. Petersen) [Orabug:
19699681]
- ocfs2: dlm: fix lock migration crash (Junxiao Bi) [Orabug: 18317308]
- xfs: fix sgid inheritance for subdirectories inheriting default acls
[V3] (Carlos Maiolino) [Orabug: 17423815]
- RDS/IP: RDS takes 10 seconds to plumb the second IP back (Mukesh
Kacker) [Orabug: 20231857]
- RDS/IB: Tune failover-on-reboot scheduling (Mukesh Kacker) [Orabug:
20063740]
- RDS: mark netdev UP for intfs added post module load (Mukesh Kacker)
[Orabug: 20130536]
- SUNRPC: Prevent an rpc_task wakeup race (Trond Myklebust) [Orabug:
20989265]
- sunrpc: clarify comments on rpc_make_runnable (Jeff Layton) [Orabug:
20989265]
[2.6.39-400.250.1.el5uek]
- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad
Rzeszutek Wilk) [Orabug: 20807440] {CVE-2015-2150}
- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne)
[Orabug: 20727114]
- Revert "qla2xxx: Ramp down queue depth for attached SCSI devices when
driver resources are low." (Chad Dupuis) [Orabug: 20657415]
- x86/xen: allow privcmd hypercalls to be preempted (David Vrabel)
[Orabug: 20618759]
- sched: Expose preempt_schedule_irq() (Thomas Gleixner) [Orabug:
20618759]
- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug:
20930552] {CVE-2014-9584}
- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID.
(Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}
- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs
(Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}
- IB/core: Prevent integer overflow in ib_umem_get address arithmetic
(Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}
- xen-pciback: limit guest control of command register (Jan Beulich)
[Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}
- net: sctp: fix slab corruption from use after free on INIT collisions
(Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}
More information about the Oraclevm-errata
mailing list