The following updates has been released for Oracle Linux:
ELSA-2017-3402 Moderate: Oracle Linux 7 postgresql security update
ELSA-2017-3651 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2017-3651 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2017-3657 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2017-3657 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2017-3658 Important: Oracle Linux 5 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update
ELSA-2017-3658 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2017-3402 Moderate: Oracle Linux 7 postgresql security update
ELSA-2017-3651 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2017-3651 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2017-3657 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2017-3657 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2017-3658 Important: Oracle Linux 5 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update
ELSA-2017-3658 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
ELSA-2017-3402 Moderate: Oracle Linux 7 postgresql security update
Oracle Linux Security Advisory ELSA-2017-3402
http://linux.oracle.com/errata/ELSA-2017-3402.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
postgresql-9.2.23-3.el7_4.i686.rpm
postgresql-9.2.23-3.el7_4.x86_64.rpm
postgresql-contrib-9.2.23-3.el7_4.x86_64.rpm
postgresql-devel-9.2.23-3.el7_4.i686.rpm
postgresql-devel-9.2.23-3.el7_4.x86_64.rpm
postgresql-docs-9.2.23-3.el7_4.x86_64.rpm
postgresql-libs-9.2.23-3.el7_4.i686.rpm
postgresql-libs-9.2.23-3.el7_4.x86_64.rpm
postgresql-plperl-9.2.23-3.el7_4.x86_64.rpm
postgresql-plpython-9.2.23-3.el7_4.x86_64.rpm
postgresql-pltcl-9.2.23-3.el7_4.x86_64.rpm
postgresql-server-9.2.23-3.el7_4.x86_64.rpm
postgresql-static-9.2.23-3.el7_4.i686.rpm
postgresql-static-9.2.23-3.el7_4.x86_64.rpm
postgresql-test-9.2.23-3.el7_4.x86_64.rpm
postgresql-upgrade-9.2.23-3.el7_4.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/postgresql-9.2.23-3.el7_4.src.rpm
Description of changes:
[9.2.23-3]
- setup: keep PGSETUP_* variables after switching to not-privileged user
[9.2.23-2]
- fix CVE-2017-12172
ELSA-2017-3651 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2017-3651
http://linux.oracle.com/errata/ELSA-2017-3651.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-4.1.12-103.10.1.el6uek.x86_64.rpm
kernel-uek-doc-4.1.12-103.10.1.el6uek.noarch.rpm
kernel-uek-firmware-4.1.12-103.10.1.el6uek.noarch.rpm
kernel-uek-devel-4.1.12-103.10.1.el6uek.x86_64.rpm
kernel-uek-debug-4.1.12-103.10.1.el6uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-103.10.1.el6uek.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-4.1.12-103.10.1.el6uek.src.rpm
Description of changes:
[4.1.12-103.10.1.el6uek]
- mm, thp: Do not make page table dirty unconditionally in
follow_trans_huge_pmd() (Kirill A. Shutemov) [Orabug: 27200879]
{CVE-2017-1000405}
- NFS: Add static NFS I/O tracepoints (Chuck Lever)
- storvsc: don't assume SG list is contiguous (Aruna Ramakrishna)
[Orabug: 27044692]
- fix unbalanced page refcounting in bio_map_user_iov (Vitaly
Mayatskikh) [Orabug: 27069038] {CVE-2017-12190}
- more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069038]
{CVE-2017-12190}
- packet: in packet_do_bind, test fanout with bind_lock held (Willem de
Bruijn) [Orabug: 27069065] {CVE-2017-15649}
- packet: hold bind lock when rebinding to fanout hook (Willem de
Bruijn) [Orabug: 27069065] {CVE-2017-15649}
- net: convert packet_fanout.sk_ref from atomic_t to refcount_t
(Reshetova, Elena) [Orabug: 27069065] {CVE-2017-15649}
- packet: fix races in fanout_add() (Eric Dumazet) [Orabug: 27069065]
{CVE-2017-15649}
- refcount_t: Introduce a special purpose refcount type (Peter Zijlstra)
[Orabug: 27069065] {CVE-2017-15649}
- locking/atomics: Add _{acquire|release|relaxed}() variants of some
atomic operations (Will Deacon) [Orabug: 27069065] {CVE-2017-15649}
- net: qmi_wwan: fix divide by 0 on bad descriptors (Bjørn Mork)
[Orabug: 27215225] {CVE-2017-16650}
- ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug:
27148276] {CVE-2017-16527}
- scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan D.
Milne) [Orabug: 27187217]
- ocfs2: fix posix_acl_create deadlock (Junxiao Bi) [Orabug: 27126129]
- scsi: Don't abort scsi_scan due to unexpected response (John Sobecki)
[Orabug: 27119628]
- ocfs2: code clean up for direct io (Ryan Ding)
- xscore: add dma address check (Zhu Yanjun) [Orabug: 27076919]
- KVM: nVMX: Fix loss of L2's NMI blocking state (Wanpeng Li) [Orabug:
27062498]
- KVM: nVMX: track NMI blocking state separately for each VMCS (Paolo
Bonzini) [Orabug: 27062498]
- KVM: VMX: require virtual NMI support (Paolo Bonzini) [Orabug: 27062498]
- KVM: nVMX: Fix the NMI IDT-vectoring handling (Wanpeng Li) [Orabug:
27062498]
- uek-rpm: disable CONFIG_NUMA_BALANCING_DEFAULT_ENABLED (Fred Herard)
[Orabug: 26798697]
- thp: run vma_adjust_trans_huge() outside i_mmap_rwsem (Kirill A.
Shutemov) [Orabug: 27026180]
- selinux: fix off-by-one in setprocattr (Stephen Smalley) [Orabug:
27001717] {CVE-2017-2618} {CVE-2017-2618} {CVE-2017-2618}
- sysctl: Drop reference added by grab_header in proc_sys_readdir (Zhou
Chengming) [Orabug: 27036903] {CVE-2016-9191} {CVE-2016-9191}
{CVE-2016-9191}
- KEYS: prevent KEYCTL_READ on negative key (Eric Biggers) [Orabug:
27050248] {CVE-2017-12192}
- IB/ipoib: For sendonly join free the multicast group on leave
(Christoph Lameter) [Orabug: 27077718]
- IB/ipoib: increase the max mcast backlog queue (Doug Ledford)
[Orabug: 27077718]
- IB/ipoib: Make sendonly multicast joins create the mcast group (Doug
Ledford) [Orabug: 27077718]
- IB/ipoib: Expire sendonly multicast joins (Christoph Lameter)
[Orabug: 27077718]
- IB/ipoib: Suppress warning for send only join failures (Jason
Gunthorpe) [Orabug: 27077718]
- IB/ipoib: Clean up send-only multicast joins (Doug Ledford) [Orabug:
27077718]
- netlink: allow to listen "all" netns (Nicolas Dichtel) [Orabug:
27077944]
- netlink: rename private flags and states (Nicolas Dichtel) [Orabug:
27077944]
- netns: use a spin_lock to protect nsid management (Nicolas Dichtel)
[Orabug: 27077944]
- netns: notify new nsid outside __peernet2id() (Nicolas Dichtel)
[Orabug: 27077944]
- netns: rename peernet2id() to peernet2id_alloc() (Nicolas Dichtel)
[Orabug: 27077944]
- netns: always provide the id to rtnl_net_fill() (Nicolas Dichtel)
[Orabug: 27077944]
- netns: returns always an id in __peernet2id() (Nicolas Dichtel)
[Orabug: 27077944]
- Hang/soft lockup in d_invalidate with simultaneous calls (Al Viro)
[Orabug: 27052681]
- Revert "drivers/char/mem.c: deny access in open operation when
securelevel is set" (Brian Maly) [Orabug: 27037811]
ELSA-2017-3651 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2017-3651
http://linux.oracle.com/errata/ELSA-2017-3651.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-doc-4.1.12-103.10.1.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-103.10.1.el7uek.noarch.rpm
kernel-uek-4.1.12-103.10.1.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-103.10.1.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-103.10.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-103.10.1.el7uek.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.1.12-103.10.1.el7uek.src.rpm
Description of changes:
[4.1.12-103.10.1.el7uek]
- mm, thp: Do not make page table dirty unconditionally in
follow_trans_huge_pmd() (Kirill A. Shutemov) [Orabug: 27200879]
{CVE-2017-1000405}
- NFS: Add static NFS I/O tracepoints (Chuck Lever)
- storvsc: don't assume SG list is contiguous (Aruna Ramakrishna)
[Orabug: 27044692]
- fix unbalanced page refcounting in bio_map_user_iov (Vitaly
Mayatskikh) [Orabug: 27069038] {CVE-2017-12190}
- more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069038]
{CVE-2017-12190}
- packet: in packet_do_bind, test fanout with bind_lock held (Willem de
Bruijn) [Orabug: 27069065] {CVE-2017-15649}
- packet: hold bind lock when rebinding to fanout hook (Willem de
Bruijn) [Orabug: 27069065] {CVE-2017-15649}
- net: convert packet_fanout.sk_ref from atomic_t to refcount_t
(Reshetova, Elena) [Orabug: 27069065] {CVE-2017-15649}
- packet: fix races in fanout_add() (Eric Dumazet) [Orabug: 27069065]
{CVE-2017-15649}
- refcount_t: Introduce a special purpose refcount type (Peter Zijlstra)
[Orabug: 27069065] {CVE-2017-15649}
- locking/atomics: Add _{acquire|release|relaxed}() variants of some
atomic operations (Will Deacon) [Orabug: 27069065] {CVE-2017-15649}
- net: qmi_wwan: fix divide by 0 on bad descriptors (Bjørn Mork)
[Orabug: 27215225] {CVE-2017-16650}
- ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug:
27148276] {CVE-2017-16527}
- scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan D.
Milne) [Orabug: 27187217]
- ocfs2: fix posix_acl_create deadlock (Junxiao Bi) [Orabug: 27126129]
- scsi: Don't abort scsi_scan due to unexpected response (John Sobecki)
[Orabug: 27119628]
- ocfs2: code clean up for direct io (Ryan Ding)
- xscore: add dma address check (Zhu Yanjun) [Orabug: 27076919]
- KVM: nVMX: Fix loss of L2's NMI blocking state (Wanpeng Li) [Orabug:
27062498]
- KVM: nVMX: track NMI blocking state separately for each VMCS (Paolo
Bonzini) [Orabug: 27062498]
- KVM: VMX: require virtual NMI support (Paolo Bonzini) [Orabug: 27062498]
- KVM: nVMX: Fix the NMI IDT-vectoring handling (Wanpeng Li) [Orabug:
27062498]
- uek-rpm: disable CONFIG_NUMA_BALANCING_DEFAULT_ENABLED (Fred Herard)
[Orabug: 26798697]
- thp: run vma_adjust_trans_huge() outside i_mmap_rwsem (Kirill A.
Shutemov) [Orabug: 27026180]
- selinux: fix off-by-one in setprocattr (Stephen Smalley) [Orabug:
27001717] {CVE-2017-2618} {CVE-2017-2618} {CVE-2017-2618}
- sysctl: Drop reference added by grab_header in proc_sys_readdir (Zhou
Chengming) [Orabug: 27036903] {CVE-2016-9191} {CVE-2016-9191}
{CVE-2016-9191}
- KEYS: prevent KEYCTL_READ on negative key (Eric Biggers) [Orabug:
27050248] {CVE-2017-12192}
- IB/ipoib: For sendonly join free the multicast group on leave
(Christoph Lameter) [Orabug: 27077718]
- IB/ipoib: increase the max mcast backlog queue (Doug Ledford)
[Orabug: 27077718]
- IB/ipoib: Make sendonly multicast joins create the mcast group (Doug
Ledford) [Orabug: 27077718]
- IB/ipoib: Expire sendonly multicast joins (Christoph Lameter)
[Orabug: 27077718]
- IB/ipoib: Suppress warning for send only join failures (Jason
Gunthorpe) [Orabug: 27077718]
- IB/ipoib: Clean up send-only multicast joins (Doug Ledford) [Orabug:
27077718]
- netlink: allow to listen "all" netns (Nicolas Dichtel) [Orabug:
27077944]
- netlink: rename private flags and states (Nicolas Dichtel) [Orabug:
27077944]
- netns: use a spin_lock to protect nsid management (Nicolas Dichtel)
[Orabug: 27077944]
- netns: notify new nsid outside __peernet2id() (Nicolas Dichtel)
[Orabug: 27077944]
- netns: rename peernet2id() to peernet2id_alloc() (Nicolas Dichtel)
[Orabug: 27077944]
- netns: always provide the id to rtnl_net_fill() (Nicolas Dichtel)
[Orabug: 27077944]
- netns: returns always an id in __peernet2id() (Nicolas Dichtel)
[Orabug: 27077944]
- Hang/soft lockup in d_invalidate with simultaneous calls (Al Viro)
[Orabug: 27052681]
- Revert "drivers/char/mem.c: deny access in open operation when
securelevel is set" (Brian Maly) [Orabug: 27037811]
ELSA-2017-3657 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2017-3657
http://linux.oracle.com/errata/ELSA-2017-3657.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-firmware-3.8.13-118.20.1.el6uek.noarch.rpm
kernel-uek-doc-3.8.13-118.20.1.el6uek.noarch.rpm
kernel-uek-3.8.13-118.20.1.el6uek.x86_64.rpm
kernel-uek-devel-3.8.13-118.20.1.el6uek.x86_64.rpm
kernel-uek-debug-devel-3.8.13-118.20.1.el6uek.x86_64.rpm
kernel-uek-debug-3.8.13-118.20.1.el6uek.x86_64.rpm
dtrace-modules-3.8.13-118.20.1.el6uek-0.4.5-3.el6.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-3.8.13-118.20.1.el6uek.src.rpm
http://oss.oracle.com/ol6/SRPMS-updates/dtrace-modules-3.8.13-118.20.1.el6uek-0.4.5-3.el6.src.rpm
Description of changes:
kernel-uek
[3.8.13-118.20.1.el6uek]
- tty: Fix race in pty_write() leading to NULL deref (Todd Vierling)
[Orabug: 25392692]
- ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei)
[Orabug: 26479780]
- KEYS: fix dereferencing NULL payload with nonzero length (Eric
Biggers) [Orabug: 26592025]
- oracleasm: Copy the integrity descriptor (Martin K. Petersen)
[Orabug: 26649818]
- mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug:
26675925] {CVE-2017-7889}
- xscore: add dma address check (Zhu Yanjun) [Orabug: 27058468]
- more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069042]
{CVE-2017-12190}
- fix unbalanced page refcounting in bio_map_user_iov (Vitaly
Mayatskikh) [Orabug: 27069042] {CVE-2017-12190}
- nvme: Drop nvmeq->q_lock before dma_pool_alloc(), so as to prevent
hard lockups (Aruna Ramakrishna) [Orabug: 25409587]
- nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600]
- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau)
[Orabug: 26403940] {CVE-2017-1000363}
- ALSA: timer: Fix missing queue indices reset at
SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403956]
{CVE-2017-1000380}
- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug:
26403956] {CVE-2017-1000380}
- ALSA: timer: fix NULL pointer dereference in read()/ioctl() race
(Vegard Nossum) [Orabug: 26403956] {CVE-2017-1000380}
- ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai)
[Orabug: 26403956] {CVE-2017-1000380}
- ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug:
26403956] {CVE-2017-1000380}
- ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug:
26403956] {CVE-2017-1000380}
- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong)
[Orabug: 26404005] {CVE-2017-9077}
- ocfs2: fix deadlock issue when taking inode lock at vfs entry points
(Eric Ren) [Orabug: 26427126]
- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock
(Eric Ren) [Orabug: 26427126]
- ping: implement proper locking (Eric Dumazet) [Orabug: 26540286]
{CVE-2017-2671}
- aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643598]
{CVE-2016-10044}
- vfs: Commit to never having exectuables on proc and sysfs. (Eric W.
Biederman) [Orabug: 26643598] {CVE-2016-10044}
- vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun
Heo) [Orabug: 26643598] {CVE-2016-10044}
- x86/acpi: Prevent out of bound access caused by broken ACPI tables
(Seunghun Han) [Orabug: 26643645] {CVE-2017-11473}
- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet)
[Orabug: 26650883] {CVE-2017-9075}
- [media] saa7164: fix double fetch PCIe access condition (Steven Toth)
[Orabug: 26675142] {CVE-2017-8831}
- [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug:
26675142] {CVE-2017-8831}
- fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE
(Abhi Das) [Orabug: 26797306]
- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner)
[Orabug: 26899787] {CVE-2017-10661}
- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't
parse nlmsg properly (Xin Long) [Orabug: 26988627] {CVE-2017-14489}
- mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug:
26643556] {CVE-2017-11176}
- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina
Dubroca) [Orabug: 27011273] {CVE-2017-7542}
- packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn)
[Orabug: 27002450] {CVE-2017-1000111}
- mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin
Guay) [Orabug: 26883934]
- xen/x86: Add interface for querying amount of host memory (Boris
Ostrovsky) [Orabug: 26883934]
- Bluetooth: Properly check L2CAP config option output buffer length
(Ben Seri) [Orabug: 26796364] {CVE-2017-1000251}
- xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645550]
{CVE-2017-12134}
- fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug:
26638921] {CVE-2017-1000365} {CVE-2017-1000365}
- l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume
Nault) [Orabug: 26586047] {CVE-2016-10200}
- xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz
Guzik) [Orabug: 26586022] {CVE-2016-9685}
- KEYS: Disallow keyrings beginning with '.' to be joined as session
keyrings (David Howells) [Orabug: 26585994] {CVE-2016-9604}
- ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet)
[Orabug: 26578198] {CVE-2017-9242}
- posix_acl: Clear SGID bit when setting file permissions (Jan Kara)
[Orabug: 25507344] {CVE-2016-7097} {CVE-2016-7097}
- nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields)
[Orabug: 26366022] {CVE-2017-7645}
ELSA-2017-3657 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2017-3657
http://linux.oracle.com/errata/ELSA-2017-3657.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-firmware-3.8.13-118.20.1.el7uek.noarch.rpm
kernel-uek-doc-3.8.13-118.20.1.el7uek.noarch.rpm
kernel-uek-3.8.13-118.20.1.el7uek.x86_64.rpm
kernel-uek-devel-3.8.13-118.20.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-3.8.13-118.20.1.el7uek.x86_64.rpm
kernel-uek-debug-3.8.13-118.20.1.el7uek.x86_64.rpm
dtrace-modules-3.8.13-118.20.1.el7uek-0.4.5-3.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-3.8.13-118.20.1.el7uek.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/dtrace-modules-3.8.13-118.20.1.el7uek-0.4.5-3.el7.src.rpm
Description of changes:
[3.8.13-118.20.1.el7uek]
- tty: Fix race in pty_write() leading to NULL deref (Todd Vierling)
[Orabug: 25392692]
- ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei)
[Orabug: 26479780]
- KEYS: fix dereferencing NULL payload with nonzero length (Eric
Biggers) [Orabug: 26592025]
- oracleasm: Copy the integrity descriptor (Martin K. Petersen)
[Orabug: 26649818]
- mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug:
26675925] {CVE-2017-7889}
- xscore: add dma address check (Zhu Yanjun) [Orabug: 27058468]
- more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069042]
{CVE-2017-12190}
- fix unbalanced page refcounting in bio_map_user_iov (Vitaly
Mayatskikh) [Orabug: 27069042] {CVE-2017-12190}
- nvme: Drop nvmeq->q_lock before dma_pool_alloc(), so as to prevent
hard lockups (Aruna Ramakrishna) [Orabug: 25409587]
- nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600]
- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau)
[Orabug: 26403940] {CVE-2017-1000363}
- ALSA: timer: Fix missing queue indices reset at
SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403956]
{CVE-2017-1000380}
- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug:
26403956] {CVE-2017-1000380}
- ALSA: timer: fix NULL pointer dereference in read()/ioctl() race
(Vegard Nossum) [Orabug: 26403956] {CVE-2017-1000380}
- ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai)
[Orabug: 26403956] {CVE-2017-1000380}
- ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug:
26403956] {CVE-2017-1000380}
- ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug:
26403956] {CVE-2017-1000380}
- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong)
[Orabug: 26404005] {CVE-2017-9077}
- ocfs2: fix deadlock issue when taking inode lock at vfs entry points
(Eric Ren) [Orabug: 26427126]
- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock
(Eric Ren) [Orabug: 26427126]
- ping: implement proper locking (Eric Dumazet) [Orabug: 26540286]
{CVE-2017-2671}
- aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643598]
{CVE-2016-10044}
- vfs: Commit to never having exectuables on proc and sysfs. (Eric W.
Biederman) [Orabug: 26643598] {CVE-2016-10044}
- vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun
Heo) [Orabug: 26643598] {CVE-2016-10044}
- x86/acpi: Prevent out of bound access caused by broken ACPI tables
(Seunghun Han) [Orabug: 26643645] {CVE-2017-11473}
- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet)
[Orabug: 26650883] {CVE-2017-9075}
- [media] saa7164: fix double fetch PCIe access condition (Steven Toth)
[Orabug: 26675142] {CVE-2017-8831}
- [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug:
26675142] {CVE-2017-8831}
- fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE
(Abhi Das) [Orabug: 26797306]
- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner)
[Orabug: 26899787] {CVE-2017-10661}
- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't
parse nlmsg properly (Xin Long) [Orabug: 26988627] {CVE-2017-14489}
- mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug:
26643556] {CVE-2017-11176}
- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina
Dubroca) [Orabug: 27011273] {CVE-2017-7542}
- packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn)
[Orabug: 27002450] {CVE-2017-1000111}
- mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin
Guay) [Orabug: 26883934]
- xen/x86: Add interface for querying amount of host memory (Boris
Ostrovsky) [Orabug: 26883934]
- Bluetooth: Properly check L2CAP config option output buffer length
(Ben Seri) [Orabug: 26796364] {CVE-2017-1000251}
- xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645550]
{CVE-2017-12134}
- fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug:
26638921] {CVE-2017-1000365} {CVE-2017-1000365}
- l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume
Nault) [Orabug: 26586047] {CVE-2016-10200}
- xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz
Guzik) [Orabug: 26586022] {CVE-2016-9685}
- KEYS: Disallow keyrings beginning with '.' to be joined as session
keyrings (David Howells) [Orabug: 26585994] {CVE-2016-9604}
- ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet)
[Orabug: 26578198] {CVE-2017-9242}
- posix_acl: Clear SGID bit when setting file permissions (Jan Kara)
[Orabug: 25507344] {CVE-2016-7097} {CVE-2016-7097}
- nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields)
[Orabug: 26366022] {CVE-2017-7645}
ELSA-2017-3658 Important: Oracle Linux 5 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2017-3658
http://linux.oracle.com/errata/ELSA-2017-3658.html
The following updated rpms for Oracle Linux 5 Extended Lifecycle Support
(ELS) have been uploaded to the Unbreakable Linux Network:
i386:
kernel-uek-2.6.39-400.298.1.el5uek.i686.rpm
kernel-uek-debug-2.6.39-400.298.1.el5uek.i686.rpm
kernel-uek-debug-devel-2.6.39-400.298.1.el5uek.i686.rpm
kernel-uek-devel-2.6.39-400.298.1.el5uek.i686.rpm
kernel-uek-doc-2.6.39-400.298.1.el5uek.noarch.rpm
kernel-uek-firmware-2.6.39-400.298.1.el5uek.noarch.rpm
x86_64:
kernel-uek-firmware-2.6.39-400.298.1.el5uek.noarch.rpm
kernel-uek-doc-2.6.39-400.298.1.el5uek.noarch.rpm
kernel-uek-2.6.39-400.298.1.el5uek.x86_64.rpm
kernel-uek-devel-2.6.39-400.298.1.el5uek.x86_64.rpm
kernel-uek-debug-devel-2.6.39-400.298.1.el5uek.x86_64.rpm
kernel-uek-debug-2.6.39-400.298.1.el5uek.x86_64.rpm
Description of changes:
[2.6.39-400.298.1.el5uek]
- ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei)
[Orabug: 23320090]
- tty: Fix race in pty_write() leading to NULL deref (Todd Vierling)
[Orabug: 24337879]
- xen-netfront: cast grant table reference first to type int (Dongli
Zhang) [Orabug: 25102637]
- xen-netfront: do not cast grant table reference to signed short
(Dongli Zhang) [Orabug: 25102637]
- RDS: Print failed rdma op details if failure is remote access error
(Rama Nichanamatlu) [Orabug: 25440316]
- ping: implement proper locking (Eric Dumazet) [Orabug: 26540288]
{CVE-2017-2671}
- KEYS: fix dereferencing NULL payload with nonzero length (Eric
Biggers) [Orabug: 26592013]
- oracleasm: Copy the integrity descriptor (Martin K. Petersen)
[Orabug: 26650039]
- mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug:
26675934] {CVE-2017-7889}
- fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE
(Abhi Das) [Orabug: 26797307]
- xscore: add dma address check (Zhu Yanjun) [Orabug: 27058559]
- more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069045]
{CVE-2017-12190}
- fix unbalanced page refcounting in bio_map_user_iov (Vitaly
Mayatskikh) [Orabug: 27069045] {CVE-2017-12190}
- xsigo: [backport] Fix race in freeing aged Forwarding tables (Pradeep
Gopanapalli) [Orabug: 24823234]
- ocfs2: fix deadlock issue when taking inode lock at vfs entry points
(Eric Ren) [Orabug: 25671723]
- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock
(Eric Ren) [Orabug: 25671723]
- net/packet: fix overflow in check for tp_reserve (Andrey Konovalov)
[Orabug: 26143563] {CVE-2017-7308}
- net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov)
[Orabug: 26143563] {CVE-2017-7308}
- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau)
[Orabug: 26403941] {CVE-2017-1000363}
- ALSA: timer: Fix missing queue indices reset at
SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403958]
{CVE-2017-1000380}
- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug:
26403958] {CVE-2017-1000380}
- ALSA: timer: fix NULL pointer dereference in read()/ioctl() race
(Vegard Nossum) [Orabug: 26403958] {CVE-2017-1000380}
- ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai)
[Orabug: 26403958] {CVE-2017-1000380}
- ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug:
26403958] {CVE-2017-1000380}
- ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug:
26403958] {CVE-2017-1000380}
- ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben
Hutchings) [Orabug: 26403974] {CVE-2017-9074}
- ipv6: Check ip6_find_1stfragopt() return value properly. (David S.
Miller) [Orabug: 26403974] {CVE-2017-9074}
- ipv6: Prevent overrun when parsing v6 header options (Craig Gallek)
[Orabug: 26403974] {CVE-2017-9074}
- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong)
[Orabug: 26404007] {CVE-2017-9077}
- aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643601]
{CVE-2016-10044}
- vfs: Commit to never having exectuables on proc and sysfs. (Eric W.
Biederman) [Orabug: 26643601] {CVE-2016-10044}
- vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun
Heo) [Orabug: 26643601] {CVE-2016-10044}
- x86/acpi: Prevent out of bound access caused by broken ACPI tables
(Seunghun Han) [Orabug: 26643652] {CVE-2017-11473}
- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet)
[Orabug: 26650889] {CVE-2017-9075}
- saa7164: fix double fetch PCIe access condition (Steven Toth)
[Orabug: 26675148] {CVE-2017-8831}
- saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675148]
{CVE-2017-8831}
- saa7164: get rid of warning: no previous prototype (Mauro Carvalho
Chehab) [Orabug: 26675148] {CVE-2017-8831}
- [scsi] lpfc 8.3.44: Fix kernel panics from corrupted ndlp (James
Smart) [Orabug: 26765341]
- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner)
[Orabug: 26899791] {CVE-2017-10661}
- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't
parse nlmsg properly (Xin Long) [Orabug: 26988628] {CVE-2017-14489}
- mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug:
26643562] {CVE-2017-11176}
- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina
Dubroca) [Orabug: 27011278] {CVE-2017-7542}
- packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn)
[Orabug: 27002453] {CVE-2017-1000111}
- mlx4_core: calculate log_mtt based on total system memory (Wei Lin
Guay) [Orabug: 26867355]
- xen/x86: Add interface for querying amount of host memory (Boris
Ostrovsky) [Orabug: 26867355]
- fs/binfmt_elf.c: fix bug in loading of PIE binaries (Michael Davidson)
[Orabug: 26870958] {CVE-2017-1000253}
- Bluetooth: Properly check L2CAP config option output buffer length
(Ben Seri) [Orabug: 26796428] {CVE-2017-1000251}
- xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645562]
{CVE-2017-12134}
- fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug:
26638926] {CVE-2017-1000365} {CVE-2017-1000365}
- l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume
Nault) [Orabug: 26586050] {CVE-2016-10200}
- xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz
Guzik) [Orabug: 26586024] {CVE-2016-9685}
- KEYS: Disallow keyrings beginning with '.' to be joined as session
keyrings (David Howells) [Orabug: 26586002] {CVE-2016-9604}
- ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet)
[Orabug: 26578202] {CVE-2017-9242}
- selinux: quiet the filesystem labeling behavior message (Paul Moore)
[Orabug: 25721485]
- RDS/IB: active bonding port state fix for intfs added late (Mukesh
Kacker) [Orabug: 25875426]
- HID: hid-cypress: validate length of report (Greg Kroah-Hartman)
[Orabug: 25891914] {CVE-2017-7273}
- udf: Remove repeated loads blocksize (Jan Kara) [Orabug: 25905722]
{CVE-2015-4167}
- udf: Check length of extended attributes and allocation descriptors
(Jan Kara) [Orabug: 25905722] {CVE-2015-4167}
- udf: Verify i_size when loading inode (Jan Kara) [Orabug: 25905722]
{CVE-2015-4167}
- btrfs: drop unused parameter from btrfs_item_nr (Ross Kirk) [Orabug:
25948102] {CVE-2014-9710}
- Btrfs: cleanup of function where fixup_low_keys() is called (Tsutomu
Itoh) [Orabug: 25948102] {CVE-2014-9710}
- Btrfs: remove unused argument of fixup_low_keys() (Tsutomu Itoh)
[Orabug: 25948102] {CVE-2014-9710}
- Btrfs: remove unused argument of btrfs_extend_item() (Tsutomu Itoh)
[Orabug: 25948102] {CVE-2014-9710}
- Btrfs: add support for asserts (Josef Bacik) [Orabug: 25948102]
{CVE-2014-9710}
- Btrfs: make xattr replace operations atomic (Filipe Manana) [Orabug:
25948102] {CVE-2014-9710}
- net: validate the range we feed to iov_iter_init() in
sys_sendto/sys_recvfrom (Al Viro) [Orabug: 25948149] {CVE-2015-2686}
- xsigo: Compute node crash on FC failover (Joe Jin) [Orabug: 25965445]
- PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao) [Orabug:
25975513]
- PCI: Prevent VPD access for buggy devices (Babu Moger) [Orabug:
25975513]
- ipv4: try to cache dst_entries which would cause a redirect (Hannes
Frederic Sowa) [Orabug: 26032377] {CVE-2015-1465}
- mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug:
26326145] {CVE-2017-1000364}
- nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields)
[Orabug: 26366024] {CVE-2017-7645}
- dm mpath: allow ioctls to trigger pg init (Mikulas Patocka) [Orabug:
25645229]
- xen/manage: Always freeze/thaw processes when suspend/resuming (Ross
Lagerwall) [Orabug: 25795530]
- lpfc cannot establish connection with targets that send PRLI under P2P
mode (Joe Jin) [Orabug: 25955028]
ELSA-2017-3658 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2017-3658
http://linux.oracle.com/errata/ELSA-2017-3658.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
i386:
kernel-uek-2.6.39-400.298.1.el6uek.i686.rpm
kernel-uek-debug-2.6.39-400.298.1.el6uek.i686.rpm
kernel-uek-debug-devel-2.6.39-400.298.1.el6uek.i686.rpm
kernel-uek-devel-2.6.39-400.298.1.el6uek.i686.rpm
kernel-uek-doc-2.6.39-400.298.1.el6uek.noarch.rpm
kernel-uek-firmware-2.6.39-400.298.1.el6uek.noarch.rpm
x86_64:
kernel-uek-firmware-2.6.39-400.298.1.el6uek.noarch.rpm
kernel-uek-doc-2.6.39-400.298.1.el6uek.noarch.rpm
kernel-uek-2.6.39-400.298.1.el6uek.x86_64.rpm
kernel-uek-devel-2.6.39-400.298.1.el6uek.x86_64.rpm
kernel-uek-debug-devel-2.6.39-400.298.1.el6uek.x86_64.rpm
kernel-uek-debug-2.6.39-400.298.1.el6uek.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-uek-2.6.39-400.298.1.el6uek.src.rpm
Description of changes:
[2.6.39-400.298.1.el6uek]
- ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei)
[Orabug: 23320090]
- tty: Fix race in pty_write() leading to NULL deref (Todd Vierling)
[Orabug: 24337879]
- xen-netfront: cast grant table reference first to type int (Dongli
Zhang) [Orabug: 25102637]
- xen-netfront: do not cast grant table reference to signed short
(Dongli Zhang) [Orabug: 25102637]
- RDS: Print failed rdma op details if failure is remote access error
(Rama Nichanamatlu) [Orabug: 25440316]
- ping: implement proper locking (Eric Dumazet) [Orabug: 26540288]
{CVE-2017-2671}
- KEYS: fix dereferencing NULL payload with nonzero length (Eric
Biggers) [Orabug: 26592013]
- oracleasm: Copy the integrity descriptor (Martin K. Petersen)
[Orabug: 26650039]
- mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug:
26675934] {CVE-2017-7889}
- fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE
(Abhi Das) [Orabug: 26797307]
- xscore: add dma address check (Zhu Yanjun) [Orabug: 27058559]
- more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069045]
{CVE-2017-12190}
- fix unbalanced page refcounting in bio_map_user_iov (Vitaly
Mayatskikh) [Orabug: 27069045] {CVE-2017-12190}
- xsigo: [backport] Fix race in freeing aged Forwarding tables (Pradeep
Gopanapalli) [Orabug: 24823234]
- ocfs2: fix deadlock issue when taking inode lock at vfs entry points
(Eric Ren) [Orabug: 25671723]
- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock
(Eric Ren) [Orabug: 25671723]
- net/packet: fix overflow in check for tp_reserve (Andrey Konovalov)
[Orabug: 26143563] {CVE-2017-7308}
- net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov)
[Orabug: 26143563] {CVE-2017-7308}
- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau)
[Orabug: 26403941] {CVE-2017-1000363}
- ALSA: timer: Fix missing queue indices reset at
SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403958]
{CVE-2017-1000380}
- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug:
26403958] {CVE-2017-1000380}
- ALSA: timer: fix NULL pointer dereference in read()/ioctl() race
(Vegard Nossum) [Orabug: 26403958] {CVE-2017-1000380}
- ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai)
[Orabug: 26403958] {CVE-2017-1000380}
- ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug:
26403958] {CVE-2017-1000380}
- ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug:
26403958] {CVE-2017-1000380}
- ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben
Hutchings) [Orabug: 26403974] {CVE-2017-9074}
- ipv6: Check ip6_find_1stfragopt() return value properly. (David S.
Miller) [Orabug: 26403974] {CVE-2017-9074}
- ipv6: Prevent overrun when parsing v6 header options (Craig Gallek)
[Orabug: 26403974] {CVE-2017-9074}
- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong)
[Orabug: 26404007] {CVE-2017-9077}
- aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643601]
{CVE-2016-10044}
- vfs: Commit to never having exectuables on proc and sysfs. (Eric W.
Biederman) [Orabug: 26643601] {CVE-2016-10044}
- vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun
Heo) [Orabug: 26643601] {CVE-2016-10044}
- x86/acpi: Prevent out of bound access caused by broken ACPI tables
(Seunghun Han) [Orabug: 26643652] {CVE-2017-11473}
- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet)
[Orabug: 26650889] {CVE-2017-9075}
- saa7164: fix double fetch PCIe access condition (Steven Toth)
[Orabug: 26675148] {CVE-2017-8831}
- saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675148]
{CVE-2017-8831}
- saa7164: get rid of warning: no previous prototype (Mauro Carvalho
Chehab) [Orabug: 26675148] {CVE-2017-8831}
- [scsi] lpfc 8.3.44: Fix kernel panics from corrupted ndlp (James
Smart) [Orabug: 26765341]
- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner)
[Orabug: 26899791] {CVE-2017-10661}
- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't
parse nlmsg properly (Xin Long) [Orabug: 26988628] {CVE-2017-14489}
- mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug:
26643562] {CVE-2017-11176}
- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina
Dubroca) [Orabug: 27011278] {CVE-2017-7542}
- packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn)
[Orabug: 27002453] {CVE-2017-1000111}
- mlx4_core: calculate log_mtt based on total system memory (Wei Lin
Guay) [Orabug: 26867355]
- xen/x86: Add interface for querying amount of host memory (Boris
Ostrovsky) [Orabug: 26867355]
- fs/binfmt_elf.c: fix bug in loading of PIE binaries (Michael Davidson)
[Orabug: 26870958] {CVE-2017-1000253}
- Bluetooth: Properly check L2CAP config option output buffer length
(Ben Seri) [Orabug: 26796428] {CVE-2017-1000251}
- xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645562]
{CVE-2017-12134}
- fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug:
26638926] {CVE-2017-1000365} {CVE-2017-1000365}
- l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume
Nault) [Orabug: 26586050] {CVE-2016-10200}
- xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz
Guzik) [Orabug: 26586024] {CVE-2016-9685}
- KEYS: Disallow keyrings beginning with '.' to be joined as session
keyrings (David Howells) [Orabug: 26586002] {CVE-2016-9604}
- ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet)
[Orabug: 26578202] {CVE-2017-9242}
- selinux: quiet the filesystem labeling behavior message (Paul Moore)
[Orabug: 25721485]
- RDS/IB: active bonding port state fix for intfs added late (Mukesh
Kacker) [Orabug: 25875426]
- HID: hid-cypress: validate length of report (Greg Kroah-Hartman)
[Orabug: 25891914] {CVE-2017-7273}
- udf: Remove repeated loads blocksize (Jan Kara) [Orabug: 25905722]
{CVE-2015-4167}
- udf: Check length of extended attributes and allocation descriptors
(Jan Kara) [Orabug: 25905722] {CVE-2015-4167}
- udf: Verify i_size when loading inode (Jan Kara) [Orabug: 25905722]
{CVE-2015-4167}
- btrfs: drop unused parameter from btrfs_item_nr (Ross Kirk) [Orabug:
25948102] {CVE-2014-9710}
- Btrfs: cleanup of function where fixup_low_keys() is called (Tsutomu
Itoh) [Orabug: 25948102] {CVE-2014-9710}
- Btrfs: remove unused argument of fixup_low_keys() (Tsutomu Itoh)
[Orabug: 25948102] {CVE-2014-9710}
- Btrfs: remove unused argument of btrfs_extend_item() (Tsutomu Itoh)
[Orabug: 25948102] {CVE-2014-9710}
- Btrfs: add support for asserts (Josef Bacik) [Orabug: 25948102]
{CVE-2014-9710}
- Btrfs: make xattr replace operations atomic (Filipe Manana) [Orabug:
25948102] {CVE-2014-9710}
- net: validate the range we feed to iov_iter_init() in
sys_sendto/sys_recvfrom (Al Viro) [Orabug: 25948149] {CVE-2015-2686}
- xsigo: Compute node crash on FC failover (Joe Jin) [Orabug: 25965445]
- PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao) [Orabug:
25975513]
- PCI: Prevent VPD access for buggy devices (Babu Moger) [Orabug:
25975513]
- ipv4: try to cache dst_entries which would cause a redirect (Hannes
Frederic Sowa) [Orabug: 26032377] {CVE-2015-1465}
- mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug:
26326145] {CVE-2017-1000364}
- nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields)
[Orabug: 26366024] {CVE-2017-7645}
- dm mpath: allow ioctls to trigger pg init (Mikulas Patocka) [Orabug:
25645229]
- xen/manage: Always freeze/thaw processes when suspend/resuming (Ross
Lagerwall) [Orabug: 25795530]
- lpfc cannot establish connection with targets that send PRLI under P2P
mode (Joe Jin) [Orabug: 25955028]