The following security updates has been released for Oracle Linux:
ELSA-2017-2863 Moderate: Oracle Linux 6 kernel security and bug fix update
New Ksplice updates for Oracle Enhanced RHCK 5 (ELSA-2017-2412)
ELSA-2017-2863 Moderate: Oracle Linux 6 kernel security and bug fix update
New Ksplice updates for Oracle Enhanced RHCK 5 (ELSA-2017-2412)
ELSA-2017-2863 Moderate: Oracle Linux 6 kernel security and bug fix update
Oracle Linux Security Advisory ELSA-2017-2863
http://linux.oracle.com/errata/ELSA-2017-2863.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
i386:
kernel-2.6.32-696.13.2.el6.i686.rpm
kernel-abi-whitelists-2.6.32-696.13.2.el6.noarch.rpm
kernel-debug-2.6.32-696.13.2.el6.i686.rpm
kernel-debug-devel-2.6.32-696.13.2.el6.i686.rpm
kernel-devel-2.6.32-696.13.2.el6.i686.rpm
kernel-doc-2.6.32-696.13.2.el6.noarch.rpm
kernel-firmware-2.6.32-696.13.2.el6.noarch.rpm
kernel-headers-2.6.32-696.13.2.el6.i686.rpm
perf-2.6.32-696.13.2.el6.i686.rpm
python-perf-2.6.32-696.13.2.el6.i686.rpm
x86_64:
kernel-2.6.32-696.13.2.el6.x86_64.rpm
kernel-abi-whitelists-2.6.32-696.13.2.el6.noarch.rpm
kernel-debug-2.6.32-696.13.2.el6.x86_64.rpm
kernel-debug-devel-2.6.32-696.13.2.el6.i686.rpm
kernel-debug-devel-2.6.32-696.13.2.el6.x86_64.rpm
kernel-devel-2.6.32-696.13.2.el6.x86_64.rpm
kernel-doc-2.6.32-696.13.2.el6.noarch.rpm
kernel-firmware-2.6.32-696.13.2.el6.noarch.rpm
kernel-headers-2.6.32-696.13.2.el6.x86_64.rpm
perf-2.6.32-696.13.2.el6.x86_64.rpm
python-perf-2.6.32-696.13.2.el6.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-2.6.32-696.13.2.el6.src.rpm
Description of changes:
[2.6.32-696.13.2.el6.OL6]
- Update genkey [bug 25599697]
[2.6.32-696.13.2.el6]
- [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil
Horman) [1490060 1490062] {CVE-2017-1000251}
- [fs] binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length
mappings (Petr Matousek) [1492959 1492961] {CVE-2017-1000253}
- [fs] binfmt_elf.c: fix bug in loading of PIE binaries (Petr Matousek)
[1492959 1492961] {CVE-2017-1000253}
[2.6.32-696.13.1.el6]
- [netdv] brcmfmac: fix possible buffer overflow in
brcmf_cfg80211_mgmt_tx() (Stanislaw Gruszka) [1474783 1474782]
{CVE-2017-7541}
- [x86] fix /proc/mtrr with base/size more than 44bits (Jerome Marchand)
[1482855 1466530]
[2.6.32-696.12.1.el6]
- [fs] gfs2: clear gl_object when deleting an inode in gfs2_delete_inode
(Robert S Peterson) [1479397 1464541]
- [fs] gfs2: clear gl_object if gfs2_create_inode fails (Robert S
Peterson) [1479397 1464541]
- [fs] gfs2: set gl_object in inode lookup only after block type check
(Robert S Peterson) [1479397 1464541]
- [fs] gfs2: introduce helpers for setting and clearing gl_object
(Robert S Peterson) [1479397 1464541]
[2.6.32-696.11.1.el6]
- [scsi] Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan
Milne) [1472127 1452358]
New Ksplice updates for Oracle Enhanced RHCK 5 (ELSA-2017-2412)
Synopsis: ELSA-2017-2412 can now be patched using Ksplice
CVEs: CVE-2017-7895
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2017-2412.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Oracle Enhanced
RHCK 5 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2017-7895: Remote information leak in kernel NFS server.
Missing bounds checks could result in an out-of-bounds memory access,
allowing a remote attacker to leak the contents of kernel memory.
SUPPORT
Ksplice support is available at ksplice-support_ww@oracle.com.