ELSA-2018-4108

ELSA-2018-4108 - Unbreakable Enterprise kernel security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2018-05-15

Description


[4.1.12-124.15.1]
- netfilter: nfnetlink_cthelper: Add missing permission checks (Kevin Cernekee) [Orabug: 27260771] {CVE-2017-17448}
- netlink: Add netns check on taps (Kevin Cernekee) [Orabug: 27260799] {CVE-2017-17449}
- KVM: Fix stack-out-of-bounds read in write_mmio (Wanpeng Li) [Orabug: 27290606] {CVE-2017-17741} {CVE-2017-17741}
- xprtrdma: Detect unreachable NFS/RDMA servers more reliably (Chuck Lever) [Orabug: 27587008]
- sunrpc: Export xprt_force_disconnect() (Chuck Lever) [Orabug: 27587008]
- sunrpc: Allow xprt->ops->timer method to sleep (Chuck Lever) [Orabug: 27587008]
- KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit (Haozhong Zhang) [Orabug: 27720128]
- x86/microcode: probe CPU features on microcode update (Ankur Arora) [Orabug: 27878230]
- x86/microcode: microcode_write() should not reference boot_cpu_data (Ankur Arora) [Orabug: 27878230]
- x86/cpufeatures: use cpu_data in init_scattered_cpuid_flags() (Ankur Arora) [Orabug: 27878230]
- mm/pagewalk.c: report holes in hugetlb ranges (Jann Horn) [Orabug: 27913118] {CVE-2017-16994}
- KEYS: dont let add_key() update an uninstantiated key (David Howells) [Orabug: 27913330] {CVE-2017-15299}
- drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl() (Murray McAllister) [Orabug: 27913367] {CVE-2017-7294}
- vmscan: Support multiple kswapd threads per node (Buddy Lumpkin) [Orabug: 27913411]
- tcp: dont use F-RTO on non-recurring timeouts (Yuchung Cheng) [Orabug: 27901860]
- net/rds: ib: Release correct number of frags (Hakon Bugge) [Orabug: 27924161]
- crypto: rng - Remove old low-level rng interface (Herbert Xu) [Orabug: 27926676] {CVE-2017-15116}
- crypto: drbg - Convert to new rng interface (Herbert Xu) [Orabug: 27926676] {CVE-2017-15116}
- crypto: ansi_cprng - Convert to new rng interface (Herbert Xu) [Orabug: 27926676] {CVE-2017-15116}
- crypto: krng - Convert to new rng interface (Herbert Xu) [Orabug: 27926676] {CVE-2017-15116}
- RDS: Heap OOB write in rds_message_alloc_sgs() (Mohamed Ghannam) [Orabug: 27934066] {CVE-2018-5332}
- net: Fix double free and memory corruption in get_net_ns_by_id() (Eric W. Biederman) [Orabug: 27934789] {CVE-2017-15129}


Related CVEs


CVE-2017-7294
CVE-2017-15129
CVE-2017-17449
CVE-2017-15116
CVE-2017-17448
CVE-2018-5332
CVE-2017-15299
CVE-2017-16994
CVE-2017-17741

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 6 (x86_64) kernel-uek-4.1.12-124.15.1.el6uek.src.rpm91aac61a6de6a2dbc81d9bbd13ec95f6ELSA-2021-9215
kernel-uek-4.1.12-124.15.1.el6uek.x86_64.rpm814a2c2bf5393ba6066e3421e34e6d76ELSA-2021-9215
kernel-uek-debug-4.1.12-124.15.1.el6uek.x86_64.rpmc81f29ebda46010271020938f7d6baf1ELSA-2021-9215
kernel-uek-debug-devel-4.1.12-124.15.1.el6uek.x86_64.rpm1de688e1c79037c2d5c9b4ee8ea33a8eELSA-2021-9215
kernel-uek-devel-4.1.12-124.15.1.el6uek.x86_64.rpm845ce63db7ac89de175ec8e7db05c4bfELSA-2021-9215
kernel-uek-doc-4.1.12-124.15.1.el6uek.noarch.rpmd8fc1527e74114f7f8cf6c1ca9a4140bELSA-2021-9215
kernel-uek-firmware-4.1.12-124.15.1.el6uek.noarch.rpmcb166bef99dd5ab6eb30f81177f71ca0ELSA-2021-9215
Oracle Linux 7 (x86_64) kernel-uek-4.1.12-124.15.1.el7uek.src.rpmfb2372c6d6c804357c6157a3f199cc34ELSA-2021-9220
kernel-uek-4.1.12-124.15.1.el7uek.x86_64.rpm0aad9f5dc80682ca694baf64e0348023ELSA-2021-9220
kernel-uek-debug-4.1.12-124.15.1.el7uek.x86_64.rpm148828a37611ec493b8586ea3bfddc14ELSA-2021-9220
kernel-uek-debug-devel-4.1.12-124.15.1.el7uek.x86_64.rpmbd992d8e00a882c0653be85780730e13ELSA-2021-9220
kernel-uek-devel-4.1.12-124.15.1.el7uek.x86_64.rpmd60c04b493a191756c0660bce34a57deELSA-2021-9220
kernel-uek-doc-4.1.12-124.15.1.el7uek.noarch.rpmd0db8ca40299fc9a2a38431e84371657ELSA-2021-9220
kernel-uek-firmware-4.1.12-124.15.1.el7uek.noarch.rpm5bec1123d118612875bcb73021c529c2ELSA-2021-9215



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete