[Oraclevm-errata] OVMSA-2017-0062 Important: Oracle VM 3.4 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Thu Apr 13 19:21:21 PDT 2017

Oracle VM Security Advisory OVMSA-2017-0062

The following updated rpms for Oracle VM 3.4 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

- uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles)  [Orabug: 25698171]
- ksplice: add sysctls for determining Ksplice features. (Jamie Iles) 
[Orabug: 25698171]
- signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie 
Iles)  [Orabug: 25698171]
- KVM: x86: fix emulation of "MOV SS, null selector" (Paolo Bonzini) 
[Orabug: 25719659]  {CVE-2017-2583} {CVE-2017-2583}
- ext4: store checksum seed in superblock (Darrick J. Wong)  [Orabug: 
25719728]  {CVE-2016-10208}
- ext4: reserve code points for the project quota feature (Theodore 
Ts'o)  [Orabug: 25719728]  {CVE-2016-10208}
- ext4: validate s_first_meta_bg at mount time (Eryu Guan)  [Orabug: 
25719728]  {CVE-2016-10208}
- ext4: clean up feature test macros with predicate functions (Darrick 
J. Wong)  [Orabug: 25719728]  {CVE-2016-10208}
- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) 
[Orabug: 25719793]  {CVE-2017-5986}
- tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet)  [Orabug: 
25720805]  {CVE-2017-6214}
- ip: fix IP_CHECKSUM handling (Paolo Abeni)  [Orabug: 25720839] 
- udp: fix IP_CHECKSUM handling (Eric Dumazet)  [Orabug: 25720839] 
- udp: do not expect udp headers in recv cmsg IP_CMSG_CHECKSUM (Willem 
de Bruijn)  [Orabug: 25720839]  {CVE-2017-6347}
- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy 
Whitcroft)  [Orabug: 25814641]  {CVE-2017-7184}
- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window 
(Andy Whitcroft)  [Orabug: 25814641]  {CVE-2017-7184}
- block: fix use-after-free in seq file (Vegard Nossum)  [Orabug: 
25877509]  {CVE-2016-7910}

More information about the Oraclevm-errata mailing list