[Oraclevm-errata] OVMSA-2017-0168 Important: Oracle VM 3.3 Unbreakable Enterprise kernel security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Tue Nov 7 06:51:38 PST 2017
Oracle VM Security Advisory OVMSA-2017-0168
The following updated rpms for Oracle VM 3.3 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-3.8.13-118.19.12.el6uek.x86_64.rpm
kernel-uek-firmware-3.8.13-118.19.12.el6uek.noarch.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/kernel-uek-3.8.13-118.19.12.el6uek.src.rpm
Description of changes:
[3.8.13-118.19.12.el6uek]
- nvme: Drop nvmeq->q_lock before dma_pool_alloc(), so as to prevent
hard lockups (Aruna Ramakrishna) [Orabug: 25409587]
[3.8.13-118.19.11.el6uek]
- nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600]
- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau)
[Orabug: 26403940] {CVE-2017-1000363}
- ALSA: timer: Fix missing queue indices reset at
SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403956]
{CVE-2017-1000380}
- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug:
26403956] {CVE-2017-1000380}
- ALSA: timer: fix NULL pointer dereference in read()/ioctl() race
(Vegard Nossum) [Orabug: 26403956] {CVE-2017-1000380}
- ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai)
[Orabug: 26403956] {CVE-2017-1000380}
- ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug:
26403956] {CVE-2017-1000380}
- ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug:
26403956] {CVE-2017-1000380}
- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong)
[Orabug: 26404005] {CVE-2017-9077}
- ocfs2: fix deadlock issue when taking inode lock at vfs entry points
(Eric Ren) [Orabug: 26427126] - ocfs2/dlmglue: prepare tracking logic
to avoid recursive cluster lock (Eric Ren) [Orabug: 26427126] - ping:
implement proper locking (Eric Dumazet) [Orabug: 26540286] {CVE-2017-2671}
- aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643598]
{CVE-2016-10044}
- vfs: Commit to never having exectuables on proc and sysfs. (Eric W.
Biederman) [Orabug: 26643598] {CVE-2016-10044}
- vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun
Heo) [Orabug: 26643598] {CVE-2016-10044}
- x86/acpi: Prevent out of bound access caused by broken ACPI tables
(Seunghun Han) [Orabug: 26643645] {CVE-2017-11473}
- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet)
[Orabug: 26650883] {CVE-2017-9075}
- [media] saa7164: fix double fetch PCIe access condition (Steven Toth)
[Orabug: 26675142] {CVE-2017-8831}
- [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug:
26675142] {CVE-2017-8831}
- fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE
(Abhi Das) [Orabug: 26797306] - timerfd: Protect the might cancel
mechanism proper (Thomas Gleixner) [Orabug: 26899787] {CVE-2017-10661}
- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't
parse nlmsg properly (Xin Long) [Orabug: 26988627] {CVE-2017-14489}
More information about the Oraclevm-errata
mailing list