ELSA-2014-1971

ELSA-2014-1971 - kernel security and bug fix update

Type:SECURITY
Severity:IMPORTANT
Release Date:2014-12-09

Description


[3.10.0-123.13.1]
- Oracle Linux certificates (Alexey Petrenko)

[3.10.0-123.13.1]
- [powerpc] mm: Make sure a local_irq_disable prevent a parallel THP split (Don Zickus) [1151057 1083296]
- [powerpc] Implement __get_user_pages_fast() (Don Zickus) [1151057 1083296]
- [scsi] vmw_pvscsi: Some improvements in pvscsi driver (Ewan Milne) [1144016 1075090]
- [scsi] vmw_pvscsi: Add support for I/O requests coalescing (Ewan Milne) [1144016 1075090]
- [scsi] vmw_pvscsi: Fix pvscsi_abort() function (Ewan Milne) [1144016 1075090]

[3.10.0-123.12.1]
- [alsa] control: Make sure that id->index does not overflow (Jaroslav Kysela) [1117313 1117314] {CVE-2014-4656}
- [alsa] control: Handle numid overflow (Jaroslav Kysela) [1117313 1117314] {CVE-2014-4656}
- [alsa] control: Protect user controls against concurrent access (Jaroslav Kysela) [1117338 1117339] {CVE-2014-4652}
- [alsa] control: Fix replacing user controls (Jaroslav Kysela) [1117323 1117324] {CVE-2014-4654 CVE-2014-4655}
- [net] sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [1155750 1152755] {CVE-2014-3688}
- [net] sctp: fix panic on duplicate ASCONF chunks (Daniel Borkmann) [1155737 1152755] {CVE-2014-3687}
- [net] sctp: fix skb_over_panic when receiving malformed ASCONF chunks (Daniel Borkmann) [1147856 1152755] {CVE-2014-3673}
- [net] sctp: handle association restarts when the socket is closed (Daniel Borkmann) [1147856 1152755] [1155737 1152755] [1155750 1152755]
- [pci] Add ACS quirk for Intel 10G NICs (Alex Williamson) [1156447 1141399]
- [pci] Add ACS quirk for Solarflare SFC9120 & SFC9140 (Alex Williamson) [1158316 1131552]
- [lib] assoc_array: Fix termination condition in assoc array garbage collection (David Howells) [1155136 1139431] {CVE-2014-3631}
- [block] cfq-iosched: Add comments on update timing of weight (Vivek Goyal) [1152874 1116126]
- [block] cfq-iosched: Fix wrong children_weight calculation (Vivek Goyal) [1152874 1116126]
- [powerpc] mm: Check paca psize is up to date for huge mappings (Gustavo Duarte) [1151927 1107337]
- [x86] perf/intel: ignore CondChgd bit to avoid false NMI handling (Don Zickus) [1146819 1110264]
- [x86] smpboot: initialize secondary CPU only if master CPU will wait for it (Phillip Lougher) [1144295 968147]
- [x86] smpboot: Log error on secondary CPU wakeup failure at ERR level (Igor Mammedov) [1144295 968147]
- [x86] smpboot: Fix list/memory corruption on CPU hotplug (Igor Mammedov) [1144295 968147]
- [acpi] processor: do not mark present at boot but not onlined CPU as onlined (Igor Mammedov) [1144295 968147]
- [fs] udf: Avoid infinite loop when processing indirect ICBs (Jacob Tanenbaum) [1142321 1142322] {CVE-2014-6410}
- [hid] picolcd: fix memory corruption via OOB write (Jacob Tanenbaum) [1141408 1141409] {CVE-2014-3186}
- [usb] serial/whiteheat: fix memory corruption flaw (Jacob Tanenbaum) [1141403 1141404] {CVE-2014-3185}
- [hid] fix off by one error in various _report_fixup routines (Jacob Tanenbaum) [1141393 1141394] {CVE-2014-3184}
- [hid] logitech-dj: fix OOB array access (Jacob Tanenbaum) [1141211 1141212] {CVE-2014-3182}
- [hid] fix OOB write in magicmouse driver (Jacob Tanenbaum) [1141176 1141177] {CVE-2014-3181}
- [acpi] Fix bug when ACPI reset register is implemented in system memory (Nigel Croxon) [1136525 1109971]
- [fs] vfs: fix ref count leak in path_mountpoint() (Ian Kent) [1122481 1122376] {CVE-2014-5045}
- [kernel] ptrace: get_dumpable() incorrect tests (Jacob Tanenbaum) [1111605 1111606] {CVE-2013-2929}
- [media] media-device: fix an information leakage (Jacob Tanenbaum) [1109776 1109777] {CVE-2014-1739}
- [target] rd: Refactor rd_build_device_space + rd_release_device_space (Denys Vlasenko) [1108754 1108755] {CVE-2014-4027}
- [block] blkcg: fix use-after-free in __blkg_release_rcu() by making blkcg_gq refcnt an atomic_t (Vivek Goyal) [1158313 1118436]
- [virt] kvm: fix PIT timer race condition (Petr Matousek) [1144879 1144880] {CVE-2014-3611}
- [virt] kvm/vmx: handle invept and invvpid vm exits gracefully (Petr Matousek) [1145449 1116936] [1144828 1144829] {CVE-2014-3645 CVE-2014-3646}

[3.10.0-123.11.1]
- [net] fix UDP tunnel GSO of frag_list GRO packets (Phillip Lougher) [1149661 1119392]

[3.10.0-123.10.1]
- [pci] hotplug: Prevent NULL dereference during pciehp probe (Myron Stowe) [1142393 1133107]
- [kernel] workqueue: apply __WQ_ORDERED to create_singlethread_workqueue() (Tomas Henzl) [1151314 1131563]


Related CVEs


CVE-2013-2929
CVE-2014-4654
CVE-2014-4655
CVE-2014-5045
CVE-2014-3185
CVE-2014-3181
CVE-2014-3687
CVE-2014-3673
CVE-2014-3184
CVE-2014-1739
CVE-2014-3182
CVE-2014-3186
CVE-2014-3631
CVE-2014-3688
CVE-2014-4027
CVE-2014-4652
CVE-2014-4656
CVE-2014-6410

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) kernel-3.10.0-123.13.1.el7.src.rpmb318b5b95c277fdaa3d0419622290825ELBA-2021-1397-1
kernel-3.10.0-123.13.1.el7.x86_64.rpm0d895cb1c76921e1b5782df477e445afELBA-2021-1397-1
kernel-abi-whitelists-3.10.0-123.13.1.el7.noarch.rpmd208846e149bdc9701bf97256d5c34b2ELBA-2021-1397-1
kernel-debug-3.10.0-123.13.1.el7.x86_64.rpmb5e05887bd2a700b000fec201c820d47ELBA-2021-1397-1
kernel-debug-devel-3.10.0-123.13.1.el7.x86_64.rpm63ef51067e7c7ba5ac78821613c9d72fELBA-2021-1397-1
kernel-devel-3.10.0-123.13.1.el7.x86_64.rpm2cce6e839fd6770ae68e737a1310a614ELBA-2021-1397-1
kernel-doc-3.10.0-123.13.1.el7.noarch.rpm5291bfd855508d1269e4a19ac2148438ELBA-2021-1397-1
kernel-headers-3.10.0-123.13.1.el7.x86_64.rpm5b47786fad0b5ad7a18f024ce7f8de88ELBA-2021-1397-1
kernel-tools-3.10.0-123.13.1.el7.x86_64.rpm3671177a0122f24c89c81bc20e9ef30cELBA-2021-1397-1
kernel-tools-libs-3.10.0-123.13.1.el7.x86_64.rpmaf5c92180d329bedfc53d10771a18611ELBA-2021-1397-1
kernel-tools-libs-devel-3.10.0-123.13.1.el7.x86_64.rpm9ba32b7846963ffe8c68c946e8a5f627ELBA-2021-1397-1
perf-3.10.0-123.13.1.el7.x86_64.rpm6fb5196fae635651d62b1f202e9c34a2ELSA-2021-9220
python-perf-3.10.0-123.13.1.el7.x86_64.rpm3ce117bf73fea20e26f38288772b5237ELSA-2021-9220



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete