The following security updates has been released for Oracle Linux:

ELSA-2017-2863 Moderate: Oracle Linux 6 kernel security and bug fix update
New Ksplice updates for Oracle Enhanced RHCK 5 (ELSA-2017-2412)

ELSA-2017-2863 Moderate: Oracle Linux 6 kernel security and bug fix update

Oracle Linux Security Advisory ELSA-2017-2863

http://linux.oracle.com/errata/ELSA-2017-2863.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
kernel-2.6.32-696.13.2.el6.i686.rpm
kernel-abi-whitelists-2.6.32-696.13.2.el6.noarch.rpm
kernel-debug-2.6.32-696.13.2.el6.i686.rpm
kernel-debug-devel-2.6.32-696.13.2.el6.i686.rpm
kernel-devel-2.6.32-696.13.2.el6.i686.rpm
kernel-doc-2.6.32-696.13.2.el6.noarch.rpm
kernel-firmware-2.6.32-696.13.2.el6.noarch.rpm
kernel-headers-2.6.32-696.13.2.el6.i686.rpm
perf-2.6.32-696.13.2.el6.i686.rpm
python-perf-2.6.32-696.13.2.el6.i686.rpm

x86_64:
kernel-2.6.32-696.13.2.el6.x86_64.rpm
kernel-abi-whitelists-2.6.32-696.13.2.el6.noarch.rpm
kernel-debug-2.6.32-696.13.2.el6.x86_64.rpm
kernel-debug-devel-2.6.32-696.13.2.el6.i686.rpm
kernel-debug-devel-2.6.32-696.13.2.el6.x86_64.rpm
kernel-devel-2.6.32-696.13.2.el6.x86_64.rpm
kernel-doc-2.6.32-696.13.2.el6.noarch.rpm
kernel-firmware-2.6.32-696.13.2.el6.noarch.rpm
kernel-headers-2.6.32-696.13.2.el6.x86_64.rpm
perf-2.6.32-696.13.2.el6.x86_64.rpm
python-perf-2.6.32-696.13.2.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-2.6.32-696.13.2.el6.src.rpm



Description of changes:

[2.6.32-696.13.2.el6.OL6]
- Update genkey [bug 25599697]

[2.6.32-696.13.2.el6]
- [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil
Horman) [1490060 1490062] {CVE-2017-1000251}
- [fs] binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length
mappings (Petr Matousek) [1492959 1492961] {CVE-2017-1000253}
- [fs] binfmt_elf.c: fix bug in loading of PIE binaries (Petr Matousek)
[1492959 1492961] {CVE-2017-1000253}

[2.6.32-696.13.1.el6]
- [netdv] brcmfmac: fix possible buffer overflow in
brcmf_cfg80211_mgmt_tx() (Stanislaw Gruszka) [1474783 1474782]
{CVE-2017-7541}
- [x86] fix /proc/mtrr with base/size more than 44bits (Jerome Marchand)
[1482855 1466530]

[2.6.32-696.12.1.el6]
- [fs] gfs2: clear gl_object when deleting an inode in gfs2_delete_inode
(Robert S Peterson) [1479397 1464541]
- [fs] gfs2: clear gl_object if gfs2_create_inode fails (Robert S
Peterson) [1479397 1464541]
- [fs] gfs2: set gl_object in inode lookup only after block type check
(Robert S Peterson) [1479397 1464541]
- [fs] gfs2: introduce helpers for setting and clearing gl_object
(Robert S Peterson) [1479397 1464541]

[2.6.32-696.11.1.el6]
- [scsi] Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan
Milne) [1472127 1452358]

New Ksplice updates for Oracle Enhanced RHCK 5 (ELSA-2017-2412)

Synopsis: ELSA-2017-2412 can now be patched using Ksplice
CVEs: CVE-2017-7895

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2017-2412.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Oracle Enhanced
RHCK 5 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-7895: Remote information leak in kernel NFS server.

Missing bounds checks could result in an out-of-bounds memory access,
allowing a remote attacker to leak the contents of kernel memory.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.