ELSA-2017-2930

ULN >
Oracle Linux Errata repository >
ELSA-2017-2930

ELSA-2017-2930 - kernel security and bug fix update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2017-10-19

Description

- [3.10.0-693.5.2.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [bug 24817676]

[3.10.0-693.5.2]
- [mm] page_cgroup: Fix Kernel bug during boot with memory cgroups enabled (Larry Woodman) [1491970 1483747]
- Revert: [mm] Fix Kernel bug during boot with memory cgroups enabled (Larry Woodman) [1491970 1483747]

[3.10.0-693.5.1]
- [netdrv] i40e: point wb_desc at the nvm_wb_desc during i40e_read_nvm_aq (Stefan Assmann) [1491972 1484232]
- [netdrv] i40e: avoid NVM acquire deadlock during NVM update (Stefan Assmann) [1491972 1484232]
- [mm] Fix Kernel bug during boot with memory cgroups enabled (Larry Woodman) [1491970 1483747]
- [fs] nfsv4: Ensure we don't re-test revoked and freed stateids (Dave Wysochanski) [1491969 1459733]
- [netdrv] bonding: commit link status change after propose (Jarod Wilson) [1491121 1469790]
- [mm] page_alloc: ratelimit PFNs busy info message (Jonathan Toppins) [1491120 1383179]
- [netdrv] cxgb4: avoid crash on PCI error recovery path (Gustavo Duarte) [1489872 1456990]
- [scsi] Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan Milne) [1489814 1468727]
- [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide Caratti) [1488341 1487061] {CVE-2017-14106}
- [net] tcp: fix 0 divide in __tcp_select_window() (Davide Caratti) [1488341 1487061] {CVE-2017-14106}
- [net] sctp: Avoid out-of-bounds reads from address storage (Stefano Brivio) [1484356 1484355] {CVE-2017-7558}
- [net] udp: consistently apply ufo or fragmentation (Davide Caratti) [1481530 1481535] {CVE-2017-1000112}
- [net] udp: account for current skb length when deciding about UFO (Davide Caratti) [1481530 1481535] {CVE-2017-1000112}
- [net] ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (Davide Caratti) [1481530 1481535] {CVE-2017-1000112}
- [net] udp: avoid ufo handling on IP payload compression packets (Stefano Brivio) [1490263 1464161]
- [pci] hv: Use vPCI protocol version 1.2 (Vitaly Kuznetsov) [1478256 1459202]
- [pci] hv: Add vPCI version protocol negotiation (Vitaly Kuznetsov) [1478256 1459202]
- [pci] hv: Use page allocation for hbus structure (Vitaly Kuznetsov) [1478256 1459202]
- [pci] hv: Fix comment formatting and use proper integer fields (Vitaly Kuznetsov) [1478256 1459202]
- [net] ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() (Stefano Brivio) [1477007 1477010] {CVE-2017-7542}
- [net] ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [1477007 1477010] {CVE-2017-7542}
- [net] xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Hannes Frederic Sowa) [1435672 1435670] {CVE-2017-7184}
- [net] xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Hannes Frederic Sowa) [1435672 1435670] {CVE-2017-7184}
- [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil Horman) [1489788 1489789] {CVE-2017-1000251}

[3.10.0-693.4.1]
- [fs] nfsv4: Add missing nfs_put_lock_context() (Benjamin Coddington) [1487271 1476826]
- [fs] nfs: discard nfs_lockowner structure (Benjamin Coddington) [1487271 1476826]
- [fs] nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one (Benjamin Coddington) [1487271 1476826]
- [fs] nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner (Benjamin Coddington) [1487271 1476826]
- [fs] nfsv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state (Benjamin Coddington) [1487271 1476826]
- [fs] nfsv4: add flock_owner to open context (Benjamin Coddington) [1487271 1476826]
- [fs] nfs: remove l_pid field from nfs_lockowner (Benjamin Coddington) [1487271 1476826]
- [x86] platform/uv/bau: Disable BAU on single hub configurations (Frank Ramsay) [1487159 1487160 1472455 1473353]
- [x86] platform/uv/bau: Fix congested_response_us not taking effect (Frank Ramsay) [1487159 1472455]
- [fs] cifs: Disable encryption capability for RHEL 7.4 kernel (Sachin Prabhu) [1485445 1485445]
- [fs] sunrpc: Handle EADDRNOTAVAIL on connection failures (Dave Wysochanski) [1484269 1479043]
- [fs] include/linux/printk.h: include pr_fmt in pr_debug_ratelimited (Sachin Prabhu) [1484267 1472823]
- [fs] printk: pr_debug_ratelimited: check state first to reduce 'callbacks suppressed' messages (Sachin Prabhu) [1484267 1472823]
- [net] packet: fix tp_reserve race in packet_set_ring (Stefano Brivio) [1481938 1481940] {CVE-2017-1000111}
- [fs] proc: revert /proc//maps [stack:TID] annotation (Waiman Long) [1481724 1448534]
- [net] ping: check minimum size on ICMP header length (Matteo Croce) [1481578 1481573] {CVE-2016-8399}
- [ipc] mqueue: fix a use-after-free in sys_mq_notify() (Davide Caratti) [1476128 1476126] {CVE-2017-11176}
- [netdrv] brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Stanislaw Gruszka) [1474778 1474784] {CVE-2017-7541}

[3.10.0-693.3.1]
- [block] blk-mq-tag: fix wakeup hang after tag resize (Ming Lei) [1487281 1472434]

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (x86_64)	kernel-3.10.0-693.5.2.el7.src.rpm	b22e5ced34982ff7ee9b0af097b72e6f8bad3b3d29c6624343a51ee63c3be092	ELSA-2025-1281	ol7_x86_64_latest_archive
	kernel-3.10.0-693.5.2.el7.src.rpm	b22e5ced34982ff7ee9b0af097b72e6f8bad3b3d29c6624343a51ee63c3be092	ELSA-2025-1281	ol7_x86_64_optional_archive
	kernel-3.10.0-693.5.2.el7.src.rpm	b22e5ced34982ff7ee9b0af097b72e6f8bad3b3d29c6624343a51ee63c3be092	ELSA-2025-1281	ol7_x86_64_u4_patch
	kernel-3.10.0-693.5.2.el7.x86_64.rpm	713ba83505b3e8319af0f769970af22d122b749cbcfc55b592c86c28d93c50f1	ELSA-2025-1281	ol7_x86_64_latest_archive
	kernel-3.10.0-693.5.2.el7.x86_64.rpm	713ba83505b3e8319af0f769970af22d122b749cbcfc55b592c86c28d93c50f1	ELSA-2025-1281	ol7_x86_64_u4_patch
	kernel-abi-whitelists-3.10.0-693.5.2.el7.noarch.rpm	601126107f133a0be58873d1cd7ca4bc9eea45809724233b3bc6ef7eaa831382	ELSA-2025-1281	ol7_x86_64_latest_archive
	kernel-abi-whitelists-3.10.0-693.5.2.el7.noarch.rpm	601126107f133a0be58873d1cd7ca4bc9eea45809724233b3bc6ef7eaa831382	ELSA-2025-1281	ol7_x86_64_u4_patch
	kernel-debug-3.10.0-693.5.2.el7.x86_64.rpm	155a8915d9be102920d2e9df768ccefb211b8e2bddd03f822c4c0145ff9f339f	ELSA-2025-1281	ol7_x86_64_latest_archive
	kernel-debug-3.10.0-693.5.2.el7.x86_64.rpm	155a8915d9be102920d2e9df768ccefb211b8e2bddd03f822c4c0145ff9f339f	ELSA-2025-1281	ol7_x86_64_u4_patch
	kernel-debug-devel-3.10.0-693.5.2.el7.x86_64.rpm	7ac0db79f0dd18749efef61204e2a6f78608ebf77847de2b2aa76ae88225ac9f	ELSA-2025-1281	ol7_x86_64_latest_archive
	kernel-debug-devel-3.10.0-693.5.2.el7.x86_64.rpm	7ac0db79f0dd18749efef61204e2a6f78608ebf77847de2b2aa76ae88225ac9f	ELSA-2025-1281	ol7_x86_64_u4_patch
	kernel-devel-3.10.0-693.5.2.el7.x86_64.rpm	698f06a50a6c1e0aa26baacebecb0514df0f91117ef5fed005e9263edc7b2c04	ELSA-2025-1281	ol7_x86_64_latest_archive
	kernel-devel-3.10.0-693.5.2.el7.x86_64.rpm	698f06a50a6c1e0aa26baacebecb0514df0f91117ef5fed005e9263edc7b2c04	ELSA-2025-1281	ol7_x86_64_u4_patch
	kernel-doc-3.10.0-693.5.2.el7.noarch.rpm	2eee9c86a129a0782365c64e41dbca7b2318b6b7851002d0227df756adb429b3	ELSA-2025-1281	ol7_x86_64_latest_archive
	kernel-doc-3.10.0-693.5.2.el7.noarch.rpm	2eee9c86a129a0782365c64e41dbca7b2318b6b7851002d0227df756adb429b3	ELSA-2025-1281	ol7_x86_64_u4_patch
	kernel-headers-3.10.0-693.5.2.el7.x86_64.rpm	b65ae820df50a6096554f362b7fac9c1a8b24f514baae3f66198d56903aad610	ELSA-2025-1281	ol7_x86_64_latest_archive
	kernel-headers-3.10.0-693.5.2.el7.x86_64.rpm	b65ae820df50a6096554f362b7fac9c1a8b24f514baae3f66198d56903aad610	ELSA-2025-1281	ol7_x86_64_u4_patch
	kernel-tools-3.10.0-693.5.2.el7.x86_64.rpm	300128a4a9eaf3938f3897c098ada6f983b1f28b9adcc29a7c13d7af8de2205d	ELSA-2025-1281	ol7_x86_64_latest_archive
	kernel-tools-3.10.0-693.5.2.el7.x86_64.rpm	300128a4a9eaf3938f3897c098ada6f983b1f28b9adcc29a7c13d7af8de2205d	ELSA-2025-1281	ol7_x86_64_u4_patch
	kernel-tools-libs-3.10.0-693.5.2.el7.x86_64.rpm	2663fd61de4a774c4026360dd3fedeb89ead2b19fe2fe888586b3869f10bb641	ELSA-2025-1281	ol7_x86_64_latest_archive
	kernel-tools-libs-3.10.0-693.5.2.el7.x86_64.rpm	2663fd61de4a774c4026360dd3fedeb89ead2b19fe2fe888586b3869f10bb641	ELSA-2025-1281	ol7_x86_64_u4_patch
	kernel-tools-libs-devel-3.10.0-693.5.2.el7.x86_64.rpm	d9012e9bfd6645e411ce3cc584e7ff67169fc613849dc07a94368763ef271692	ELSA-2025-1281	ol7_x86_64_optional_archive
	perf-3.10.0-693.5.2.el7.x86_64.rpm	7b970f89d298504580ecbeb0c593387e87b4e92c608e9a1f56ed64fa71f7880b	ELSA-2025-20019	ol7_x86_64_latest_archive
	perf-3.10.0-693.5.2.el7.x86_64.rpm	7b970f89d298504580ecbeb0c593387e87b4e92c608e9a1f56ed64fa71f7880b	ELSA-2025-20019	ol7_x86_64_u4_patch
	python-perf-3.10.0-693.5.2.el7.x86_64.rpm	4a6fcb8fbb5211adfb02c0aeb6a0edd56310dd0ee5aca469f20d551f1fd58f93	ELSA-2025-20019	ol7_x86_64_latest_archive
	python-perf-3.10.0-693.5.2.el7.x86_64.rpm	4a6fcb8fbb5211adfb02c0aeb6a0edd56310dd0ee5aca469f20d551f1fd58f93	ELSA-2025-20019	ol7_x86_64_u4_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691