ELSA-2014-0786

ELSA-2014-0786 - kernel security, bug fix, and enhancement update

Type:SECURITY
Severity:IMPORTANT
Release Date:2014-07-23

Description


[3.10.0-123.4.2]
- Oracle Linux certificates (Alexey Petrenko)

[3.10.0-123.4.2]
- [fs] aio: fix plug memory disclosure and fix reqs_active accounting backport (Jeff Moyer) [1094604 1094605] {CVE-2014-0206}
- [fs] aio: plug memory disclosure and fix reqs_active accounting (Mateusz Guzik) [1094604 1094605] {CVE-2014-0206}

[3.10.0-123.4.1]
- [kernel] futex: Make lookup_pi_state more robust (Larry Woodman) [1104519 1104520] {CVE-2014-3153}
- [kernel] futex: Always cleanup owner tid in unlock_pi (Larry Woodman) [1104519 1104520] {CVE-2014-3153}
- [kernel] futex: Validate atomic acquisition in futex_lock_pi_atomic() (Larry Woodman) [1104519 1104520] {CVE-2014-3153}
- [kernel] futex: prevent requeue pi on same futex (Larry Woodman) [1104519 1104520] {CVE-2014-3153}
- [ethernet] qlcnic: Fix ethtool statistics length calculation (Michal Schmidt) [1104972 1099634]
- Revert: [kernel] cputime: Default implementation of nsecs -> cputime conversion (Frederic Weisbecker) [1090974 1047732]
- Revert: [kernel] cputime: Bring cputime -> nsecs conversion (Frederic Weisbecker) [1090974 1047732]
- Revert: [kernel] cputime: Fix jiffies based cputime assumption on steal accounting (Frederic Weisbecker) [1090974 1047732]

[3.10.0-123.3.1]
- [kernel] mutexes: Give more informative mutex warning in the !lock->owner case (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922]
- [kernel] mutex: replace CONFIG_HAVE_ARCH_MUTEX_CPU_RELAX with simple ifdef (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922]
- [kernel] locking/mutexes: Introduce cancelable MCS lock for adaptive spinning (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922]
- [kernel] locking/mutexes: Modify the way optimistic spinners are queued (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922]
- [kernel] locking/mutexes: Return false if task need_resched() in mutex_can_spin_on_owner() (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922]
- [kernel] Restructure the MCS lock defines and locking & Move mcs_spinlock.h into kernel/locking/ (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922]
- [misc] arch: Introduce smp_load_acquire(), smp_store_release() (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922]
- [kernel] locking/mutex: Fix debug_mutexes (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922]
- [kernel] locking/mutex: Fix debug checks (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922]
- [kernel] locking/mutexes: Unlock the mutex without the wait_lock (Larry Woodman) [1103629 1087655] [1103630 1087919] [1103631 1087922]

[3.10.0-123.2.1]
- [net] filter: prevent nla extensions to peek beyond the end of the message (Jiri Benc) [1096780 1096781] {CVE-2014-3144 CVE-2014-3145}
- [block] floppy: don't write kernel-only members to FDRAWCMD ioctl output (Denys Vlasenko) [1094316 1094318] {CVE-2014-1737 CVE-2014-1738}
- [block] floppy: ignore kernel-only members in FDRAWCMD ioctl input (Denys Vlasenko) [1094316 1094318] {CVE-2014-1737 CVE-2014-1738}
- [net] core, nfqueue, openvswitch: Orphan frags in skb_zerocopy and handle errors (Jiri Pirko) [1091345 1079014] {CVE-2014-2568}
- [net] ipv4: current group_info should be put after using (Jiri Benc) [1087415 1087416] {CVE-2014-2851}
- [fs] dcache: make prepend_name() work correctly when called with negative *buflen (Mikulas Patocka) [1099048 1092746]
- [fs] dcache: __dentry_path() fixes (Mikulas Patocka) [1099048 1092746]
- [fs] dcache: prepend_path() needs to reinitialize dentry/vfsmount/mnt on restarts (Mikulas Patocka) [1099048 1092746]
- [target] tcm_fc: Fix use-after-free of ft_tpg (Andy Grover) [1088110 1071340]
- [s390] af_iucv: wrong mapping of sent and confirmed skbs (Hendrik Brueckner) [1103064 1098513]
- [s390] kernel: avoid page table walk on user space access (Hendrik Brueckner) [1103062 1097687]
- [s390] crypto: fix aes, des ctr mode concurrency finding (Hendrik Brueckner) [1103060 1097686]
- [net] openvswitch: fix a possible deadlock and lockdep warning (Flavio Leitner) [1103318 1094867]
- [mm] filemap: update find_get_pages_tag() to deal with shadow entries (Johannes Weiner) [1103065 1091795]
- [mm] page-writeback: fix divide by zero in pos_ratio_polynom (Rik van Riel) [1103067 1091784]
- [mm] page-writeback: add strictlimit feature (Rik van Riel) [1103067 1091784]
- [fs] xfs: log vector rounding leaks log space (Brian Foster) [1103059 1091136]
- [fs] xfs: truncate_setsize should be outside transactions (Brian Foster) [1103059 1091136]
- [fs] gfs2: Fix uninitialized VFS inode in gfs2_create_inode (Abhijith Das) [1097407 1087995]
- [kernel] futex: Fix pthread_cond_broadcast() to wake up all threads (Larry Woodman) [1103066 1084757]
- [net] ip: generate unique IP identificator if local fragmentation is allowed (Jiri Pirko) [1090490 1076106]
- [kernel] cputime: Fix jiffies based cputime assumption on steal accounting (Frederic Weisbecker) [1090974 1047732]
- [kernel] cputime: Bring cputime -> nsecs conversion (Frederic Weisbecker) [1090974 1047732]
- [kernel] cputime: Default implementation of nsecs -> cputime conversion (Frederic Weisbecker) [1090974 1047732]
- [x86] irq, pic: Probe for legacy PIC and set legacy_pic appropriately (Vivek Goyal) [1094973 1037957]
- [virt] hyperv/vmbus: Negotiate version 3.0 when running on ws2012r2 hosts (Vivek Goyal) [1094973 1037957]


Related CVEs


CVE-2014-2851
CVE-2014-3153
CVE-2014-1737
CVE-2014-1738
CVE-2014-2568
CVE-2014-3144
CVE-2014-0206
CVE-2014-3145

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) kernel-3.10.0-123.4.2.el7.src.rpm076164e48e137da7530568996078c9e1ELBA-2021-1397-1
kernel-3.10.0-123.4.2.el7.x86_64.rpm15e5a55a25f9df44d4d92279ae580ed8ELBA-2021-1397-1
kernel-abi-whitelists-3.10.0-123.4.2.el7.noarch.rpmea9d74e81e2185f9a684eb074544aa85ELBA-2021-1397-1
kernel-debug-3.10.0-123.4.2.el7.x86_64.rpm91822497e88f071bbd6808e1f5a8bdeaELBA-2021-1397-1
kernel-debug-devel-3.10.0-123.4.2.el7.x86_64.rpmefa0debe25cc0b5d4c8c3dc748e68bd8ELBA-2021-1397-1
kernel-devel-3.10.0-123.4.2.el7.x86_64.rpm2c1c0886bae14435bb71bf7ae77dc07cELBA-2021-1397-1
kernel-doc-3.10.0-123.4.2.el7.noarch.rpm41c42b13a85561f8facc007e6631f86eELBA-2021-1397-1
kernel-headers-3.10.0-123.4.2.el7.x86_64.rpmf541ecd2b89f459a0c6594873af816d4ELBA-2021-1397-1
kernel-tools-3.10.0-123.4.2.el7.x86_64.rpm975e56e6521887782c2310abedff14a3ELBA-2021-1397-1
kernel-tools-libs-3.10.0-123.4.2.el7.x86_64.rpme912e744aea65c9aeed06921324b7261ELBA-2021-1397-1
kernel-tools-libs-devel-3.10.0-123.4.2.el7.x86_64.rpm1201603c1e4f8098bd8f39368c7e3cc6ELBA-2021-1397-1
perf-3.10.0-123.4.2.el7.x86_64.rpme294c2e3e037bb74ac8566fd17e0e844ELSA-2021-9220
python-perf-3.10.0-123.4.2.el7.x86_64.rpm8b044f21db8fa769e777682068121cb5ELSA-2021-9220



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete