Type: | SECURITY |
Severity: | IMPORTANT |
Release Date: | 2015-06-09 |
[2.6.32-504.23.4]
- [crypto] drbg: fix maximum value checks on 32 bit systems (Herbert Xu) [1225950 1219907]
- [crypto] drbg: remove configuration of fixed values (Herbert Xu) [1225950 1219907]
[2.6.32-504.23.3]
- [netdrv] bonding: fix locking in enslave failure path (Nikolay Aleksandrov) [1222483 1221856]
- [netdrv] bonding: primary_slave & curr_active_slave are not cleaned on enslave failure (Nikolay Aleksandrov) [1222483 1221856]
- [netdrv] bonding: vlans don't get deleted on enslave failure (Nikolay Aleksandrov) [1222483 1221856]
- [netdrv] bonding: mc addresses don't get deleted on enslave failure (Nikolay Aleksandrov) [1222483 1221856]
- [netdrv] bonding: IFF_BONDING is not stripped on enslave failure (Nikolay Aleksandrov) [1222483 1221856]
- [netdrv] bonding: fix error handling if slave is busy v2 (Nikolay Aleksandrov) [1222483 1221856]
[2.6.32-504.23.2]
- [fs] pipe: fix pipe corruption and iovec overrun on partial copy (Seth Jennings) [1202860 1185166] {CVE-2015-1805}
[2.6.32-504.23.1]
- [x86] crypto: sha256_ssse3 - fix stack corruption with SSSE3 and AVX implementations (Herbert Xu) [1218681 1201490]
- [scsi] storvsc: ring buffer failures may result in I/O freeze (Vitaly Kuznetsov) [1215754 1171676]
- [scsi] storvsc: get rid of overly verbose warning messages (Vitaly Kuznetsov) [1215753 1167967]
- [scsi] storvsc: NULL pointer dereference fix (Vitaly Kuznetsov) [1215753 1167967]
- [netdrv] ixgbe: fix detection of SFP+ capable interfaces (John Greene) [1213664 1150343]
- [x86] crypto: aesni - fix memory usage in GCM decryption (Kurt Stutsman) [1213329 1213330] {CVE-2015-3331}
[2.6.32-504.22.1]
- [kernel] hrtimer: Prevent hrtimer_enqueue_reprogram race (Prarit Bhargava) [1211940 1136958]
- [kernel] hrtimer: Preserve timer state in remove_hrtimer() (Prarit Bhargava) [1211940 1136958]
- [crypto] testmgr: fix RNG return code enforcement (Herbert Xu) [1212695 1208804]
- [net] netfilter: xtables: make use of caller family rather than target family (Florian Westphal) [1212057 1210697]
- [net] dynticks: avoid flow_cache_flush() interrupting every core (Marcelo Leitner) [1210595 1191559]
- [tools] perf: Fix race in build_id_cache__add_s() (Milos Vyletel) [1210593 1204102]
- [infiniband] ipath+qib: fix dma settings (Doug Ledford) [1208621 1171803]
- [fs] dcache: return -ESTALE not -EBUSY on distributed fs race (J. Bruce Fields) [1207815 1061994]
- [net] neigh: Keep neighbour cache entries if number of them is small enough (Jiri Pirko) [1207352 1199856]
- [x86] crypto: sha256_ssse3 - also test for BMI2 (Herbert Xu) [1204736 1201560]
- [scsi] qla2xxx: fix race in handling rport deletion during recovery causes panic (Chad Dupuis) [1203544 1102902]
- [redhat] configs: Enable SSSE3 acceleration by default (Herbert Xu) [1201668 1036216]
- [crypto] sha512: Create module providing optimized SHA512 routines using SSSE3, AVX or AVX2 instructions (Herbert Xu) [1201668 1036216]
- [crypto] sha512: Optimized SHA512 x86_64 assembly routine using AVX2 RORX instruction (Herbert Xu) [1201668 1036216]
- [crypto] sha512: Optimized SHA512 x86_64 assembly routine using AVX instructions (Herbert Xu) [1201668 1036216]
- [crypto] sha512: Optimized SHA512 x86_64 assembly routine using Supplemental SSE3 instructions (Herbert Xu) [1201668 1036216]
- [crypto] sha512: Expose generic sha512 routine to be callable from other modules (Herbert Xu) [1201668 1036216]
- [crypto] sha256: Create module providing optimized SHA256 routines using SSSE3, AVX or AVX2 instructions (Herbert Xu) [1201668 1036216]
- [crypto] sha256: Optimized sha256 x86_64 routine using AVX2's RORX instructions (Herbert Xu) [1201668 1036216]
- [crypto] sha256: Optimized sha256 x86_64 assembly routine with AVX instructions (Herbert Xu) [1201668 1036216]
- [crypto] sha256: Optimized sha256 x86_64 assembly routine using Supplemental SSE3 instructions (Herbert Xu) [1201668 1036216]
- [crypto] sha256: Expose SHA256 generic routine to be callable externally (Herbert Xu) [1201668 1036216]
- [crypto] rng: RNGs must return 0 in success case (Herbert Xu) [1201669 1199230]
- [fs] isofs: infinite loop in CE record entries (Jacob Tanenbaum) [1175243 1175245] {CVE-2014-9420}
- [x86] vdso: ASLR bruteforce possible for vdso library (Jacob Tanenbaum) [1184896 1184897] {CVE-2014-9585}
- [kernel] time: ntp: Correct TAI offset during leap second (Prarit Bhargava) [1201674 1199134]
- [scsi] lpfc: correct device removal deadlock after link bounce (Rob Evers) [1211910 1194793]
- [scsi] lpfc: Linux lpfc driver doesn't re-establish the link after a cable pull on LPe12002 (Rob Evers) [1211910 1194793]
- [x86] switch_to(): Load TLS descriptors before switching DS and ES (Denys Vlasenko) [1177353 1177354] {CVE-2014-9419}
- [net] vlan: Don't propagate flag changes on down interfaces (Jiri Pirko) [1173501 1135347]
- [net] bridge: register vlan group for br ports (Jiri Pirko) [1173501 1135347]
- [netdrv] tg3: Use new VLAN code (Jiri Pirko) [1173501 1135347]
- [netdrv] be2net: move to new vlan model (Jiri Pirko) [1173501 1135347]
- [net] vlan: mask vlan prio bits (Jiri Pirko) [1173501 1135347]
- [net] vlan: don't deliver frames for unknown vlans to protocols (Jiri Pirko) [1173501 1135347]
- [net] vlan: allow nested vlan_do_receive() (Jiri Pirko) [1173501 1135347]
- [net] allow vlan traffic to be received under bond (Jiri Pirko) [1173501 1135347]
- [net] vlan: goto another_round instead of calling __netif_receive_skb (Jiri Pirko) [1173501 1135347]
- [net] bonding: fix bond_arp_rcv setting and arp validate desync state (Jiri Pirko) [1173501 1135347]
- [net] bonding: remove packet cloning in recv_probe() (Jiri Pirko) [1173501 1135347]
- [net] bonding: Fix LACPDU rx_dropped commit (Jiri Pirko) [1173501 1135347]
- [net] bonding: don't increase rx_dropped after processing LACPDUs (Jiri Pirko) [1173501 1135347]
- [net] bonding: use local function pointer of bond->recv_probe in bond_handle_frame (Jiri Pirko) [1173501 1135347]
- [net] bonding: move processing of recv handlers into handle_frame() (Jiri Pirko) [1173501 1135347]
- [netdrv] revert 'bonding: fix bond_arp_rcv setting and arp validate desync state' (Jiri Pirko) [1173501 1135347]
- [netdrv] revert 'bonding: check for vlan device in bond_3ad_lacpdu_recv()' (Jiri Pirko) [1173501 1135347]
- [net] vlan: Always untag vlan-tagged traffic on input (Jiri Pirko) [1173501 1135347]
- [net] Make skb->skb_iif always track skb->dev (Jiri Pirko) [1173501 1135347]
- [net] vlan: fix a potential memory leak (Jiri Pirko) [1173501 1135347]
- [net] vlan: fix mac_len recomputation in vlan_untag() (Jiri Pirko) [1173501 1135347]
- [net] vlan: reset headers on accel emulation path (Jiri Pirko) [1173501 1135347]
- [net] vlan: Fix the ingress VLAN_FLAG_REORDER_HDR check (Jiri Pirko) [1173501 1135347]
- [net] vlan: make non-hw-accel rx path similar to hw-accel (Jiri Pirko) [1173501 1135347]
- [net] allow handlers to be processed for orig_dev (Jiri Pirko) [1173501 1135347]
- [net] bonding: get netdev_rx_handler_unregister out of locks (Jiri Pirko) [1173501 1135347]
- [net] bonding: fix rx_handler locking (Jiri Pirko) [1173501 1135347]
- [net] introduce rx_handler results and logic around that (Jiri Pirko) [1173501 1135347]
- [net] bonding: register slave pointer for rx_handler (Jiri Pirko) [1173501 1135347]
- [net] bonding: COW before overwriting the destination MAC address (Jiri Pirko) [1173501 1135347]
- [net] bonding: convert bonding to use rx_handler (Jiri Pirko) [1173501 1135347]
- [net] openvswitch: use rx_handler_data pointer to store vport pointer (Jiri Pirko) [1173501 1135347]
- [net] add a synchronize_net() in netdev_rx_handler_unregister() (Jiri Pirko) [1173501 1135347]
- [net] add rx_handler data pointer (Jiri Pirko) [1173501 1135347]
- [net] replace hooks in __netif_receive_skb (Jiri Pirko) [1173501 1135347]
- [net] fix conflict between null_or_orig and null_or_bond (Jiri Pirko) [1173501 1135347]
- [net] remove the unnecessary dance around skb_bond_should_drop (Jiri Pirko) [1173501 1135347]
- [net] revert 'bonding: fix receiving of dups due vlan hwaccel' (Jiri Pirko) [1173501 1135347]
- [net] uninline skb_bond_should_drop() (Jiri Pirko) [1173501 1135347]
- [net] bridge: Set vlan_features to allow offloads on vlans (Jiri Pirko) [1173501 1135347]
- [net] bridge: convert br_features_recompute() to ndo_fix_features (Jiri Pirko) [1173501 1135347]
- [net] revert 'bridge: explictly tag vlan-accelerated frames destined to the host' (Jiri Pirko) [1173501 1135347]
- [net] revert 'fix vlan gro path' (Jiri Pirko) [1173501 1135347]
- [net] revert 'bridge: do not learn from exact matches' (Jiri Pirko) [1173501 1135347]
- [net] revert 'bridge gets duplicate packets when using vlan over bonding' (Jiri Pirko) [1173501 1135347]
- [net] llc: remove noisy WARN from llc_mac_hdr_init (Jiri Pirko) [1173501 1135347]
- [net] bridge: stp: ensure mac header is set (Jiri Pirko) [1173501 1135347]
- [net] vlan: remove reduntant check in ndo_fix_features callback (Jiri Pirko) [1173501 1135347]
- [net] vlan: enable soft features regardless of underlying device (Jiri Pirko) [1173501 1135347]
- [net] vlan: don't call ndo_vlan_rx_register on hardware that doesn't have vlan support (Jiri Pirko) [1173501 1135347]
- [net] vlan: Fix vlan_features propagation (Jiri Pirko) [1173501 1135347]
- [net] vlan: convert VLAN devices to use ndo_fix_features() (Jiri Pirko) [1173501 1135347]
- [net] revert 'vlan: Avoid broken offload configuration when reorder_hdr is disabled' (Jiri Pirko) [1173501 1135347]
- [net] vlan: vlan device is lockless do not transfer real_num_
- [net] vlan: consolidate 8021q tagging (Jiri Pirko) [1173501 1135347]
- [net] propagate NETIF_F_HIGHDMA to vlans (Jiri Pirko) [1173501 1135347]
- [net] Fix a memmove bug in dev_gro_receive() (Jiri Pirko) [1173501 1135347]
- [net] vlan: remove check for headroom in vlan_dev_create (Jiri Pirko) [1173501 1135347]
- [net] vlan: set hard_header_len when VLAN offload features are toggled (Jiri Pirko) [1173501 1135347]
- [net] vlan: Calling vlan_hwaccel_do_receive() is always valid (Jiri Pirko) [1173501 1135347]
- [net] vlan: Centralize handling of hardware acceleration (Jiri Pirko) [1173501 1135347]
- [net] vlan: finish removing vlan_find_dev from public header (Jiri Pirko) [1173501 1135347]
- [net] vlan: make vlan_find_dev private (Jiri Pirko) [1173501 1135347]
- [net] vlan: Avoid hash table lookup to find group (Jiri Pirko) [1173501 1135347]
- [net] revert 'vlan: Add helper functions to manage vlans on bonds and slaves' (Jiri Pirko) [1173501 1135347]
- [net] revert 'bonding: assign slaves their own vlan_groups' (Jiri Pirko) [1173501 1135347]
- [net] revert 'bonding: fix regression on vlan module removal' (Jiri Pirko) [1173501 1135347]
- [net] revert 'bonding: Always add vid to new slave group' (Jiri Pirko) [1173501 1135347]
- [net] revert 'bonding: Fix up refcounting issues with bond/vlan config' (Jiri Pirko) [1173501 1135347]
- [net] revert '8021q/vlan: filter device events on bonds' (Jiri Pirko) [1173501 1135347]
- [net] vlan: Use vlan_dev_real_dev in vlan_hwaccel_do_receive (Jiri Pirko) [1173501 1135347]
- [net] gro: __napi_gro_receive() optimizations (Jiri Pirko) [1173501 1135347]
- [net] vlan: Rename VLAN_GROUP_ARRAY_LEN to VLAN_N_VID (Jiri Pirko) [1173501 1135347]
- [net] vlan: make vlan_hwaccel_do_receive() return void (Jiri Pirko) [1173501 1135347]
- [net] vlan: init_vlan should not copy slave or master flags (Jiri Pirko) [1173501 1135347]
- [net] vlan: updates vlan real_num_tx_queues (Jiri Pirko) [1173501 1135347]
- [net] vlan: adds vlan_dev_select_queue (Jiri Pirko) [1173501 1135347]
- [net] llc: use dev_hard_header (Jiri Pirko) [1173501 1135347]
- [net] vlan: support 'loose binding' to the underlying network device (Jiri Pirko) [1173501 1135347]
- [net] revert 'net: don't set VLAN_TAG_PRESENT for VLAN 0 frames' (Jiri Pirko) [1173501 1135347]
- [net] bridge: Add support for TX vlan offload (Jiri Pirko) [1173562 1146391]
- [net] revert 'bridge: Set vlan_features to allow offloads on vlans' (Vlad Yasevich) [1144442 1121991]
[2.6.32-504.21.1]
- [netdrv] ixgbe: Fix memory leak in ixgbe_free_q_vector, missing rcu (John Greene) [1210901 1150343]
- [netdrv] ixgbe: Fix tx_packets and tx_bytes stats not updating (John Greene) [1210901 1150343]
- [netdrv] qlcnic: Fix update of ethtool stats (Chad Dupuis) [1210902 1148019]
[2.6.32-504.20.1]
- [fs] exec: do not abuse ->cred_guard_mutex in threadgroup_lock() (Petr Oros) [1208620 1169225]
- [kernel] cgroup: always lock threadgroup during migration (Petr Oros) [1208620 1169225]
- [kernel] threadgroup: extend threadgroup_lock() to cover exit and exec (Petr Oros) [1208620 1169225]
- [kernel] threadgroup: rename signal->threadgroup_fork_lock to ->group_rwsem (Petr Oros) [1208620 1169225]
[2.6.32-504.19.1]
- [mm] memcg: fix crash in re-entrant cgroup_clear_css_refs() (Johannes Weiner) [1204626 1168185]
[2.6.32-504.18.1]
- [fs] cifs: Use key_invalidate instead of the rh_key_invalidate() (Sachin Prabhu) [1203366 885899]
- [fs] KEYS: Add invalidation support (Sachin Prabhu) [1203366 885899]
- [infiniband] core: Prevent integer overflow in ib_umem_get address arithmetic (Doug Ledford) [1181173 1179327] {CVE-2014-8159}
[2.6.32-504.17.1]
- [x86] fpu: shift clear_used_math() from save_i387_xstate() to handle_signal() (Oleg Nesterov) [1199900 1196262]
- [x86] fpu: change save_i387_xstate() to rely on unlazy_fpu() (Oleg Nesterov) [1199900 1196262]
CVE-2014-8159 |
CVE-2015-3331 |
CVE-2015-1805 |
CVE-2014-9419 |
CVE-2014-9420 |
CVE-2014-9585 |
Release/Architecture | Filename | MD5sum | Superseded By Advisory |
Oracle Linux 6 (i386) | kernel-2.6.32-504.23.4.el6.src.rpm | 3e843be30858aa6c18bd22985e6bf026 | ELSA-2021-9212 |
kernel-2.6.32-504.23.4.el6.i686.rpm | c1c628efaac9eb720fb4cfd39df11861 | ELSA-2021-9212 | |
kernel-abi-whitelists-2.6.32-504.23.4.el6.noarch.rpm | a64fb1fff0c25a5977af7ff930db5d21 | ELSA-2021-9212 | |
kernel-debug-2.6.32-504.23.4.el6.i686.rpm | 0ab3d97b4bd4790ae9e5ce5631b3c7a7 | ELSA-2021-9212 | |
kernel-debug-devel-2.6.32-504.23.4.el6.i686.rpm | 7e3bd6e5700a3076e03eb1db4a9023cb | ELSA-2021-9212 | |
kernel-devel-2.6.32-504.23.4.el6.i686.rpm | 3d2baae4976ecb3b7b923f25fac2a3ca | ELSA-2021-9212 | |
kernel-doc-2.6.32-504.23.4.el6.noarch.rpm | 8e3f00b2da3666277bf3cd562899987b | ELSA-2021-9212 | |
kernel-firmware-2.6.32-504.23.4.el6.noarch.rpm | 5131e72293dabdfc6ebe815af37ab116 | ELSA-2021-9212 | |
kernel-headers-2.6.32-504.23.4.el6.i686.rpm | 018ce032e8b43fe964083fef97bf29c2 | ELSA-2021-9212 | |
perf-2.6.32-504.23.4.el6.i686.rpm | 6d6ee566aa94e1a10bb9f7ed05c8dc24 | ELSA-2021-9212 | |
python-perf-2.6.32-504.23.4.el6.i686.rpm | a8eac07fdee15e6d10c677e4f5924ee3 | ELSA-2021-9212 | |
Oracle Linux 6 (x86_64) | kernel-2.6.32-504.23.4.el6.src.rpm | 3e843be30858aa6c18bd22985e6bf026 | ELSA-2021-9212 |
kernel-2.6.32-504.23.4.el6.x86_64.rpm | e956d63828dcf708b7b757b47a8e8a0e | ELSA-2021-9212 | |
kernel-abi-whitelists-2.6.32-504.23.4.el6.noarch.rpm | a64fb1fff0c25a5977af7ff930db5d21 | ELSA-2021-9212 | |
kernel-debug-2.6.32-504.23.4.el6.x86_64.rpm | 37c18fd25e5ee1ebc766a60061b47be4 | ELSA-2021-9212 | |
kernel-debug-devel-2.6.32-504.23.4.el6.x86_64.rpm | 2ce0683f3af1e2c68ffcf5f0bd63341f | ELSA-2021-9212 | |
kernel-devel-2.6.32-504.23.4.el6.x86_64.rpm | d2ab8e343ab154f47ddf970188a8bc3a | ELSA-2021-9212 | |
kernel-doc-2.6.32-504.23.4.el6.noarch.rpm | 8e3f00b2da3666277bf3cd562899987b | ELSA-2021-9212 | |
kernel-firmware-2.6.32-504.23.4.el6.noarch.rpm | 5131e72293dabdfc6ebe815af37ab116 | ELSA-2021-9212 | |
kernel-headers-2.6.32-504.23.4.el6.x86_64.rpm | 651b3b88b7fd9de0ee0573eaa83cf573 | ELSA-2021-9212 | |
perf-2.6.32-504.23.4.el6.x86_64.rpm | f77efe8347884ba431549654f643ac40 | ELSA-2021-9212 | |
python-perf-2.6.32-504.23.4.el6.x86_64.rpm | 58dbbf25d079b831b5bab50b0a9c6cb1 | ELSA-2021-9212 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team