ELSA-2015-3064
- ULN >
- Oracle Linux Errata repository >
- ELSA-2015-3064
ELSA-2015-3064 - Unbreakable Enterprise kernel security , bug fix and enhancement update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2015-07-30 |
Description
kernel-uek
[3.8.13-98]
- KVM: x86: SYSENTER emulation is broken (Nadav Amit) [Orabug: 21502729] {CVE-2015-0239} {CVE-2015-0239}
- fs: take i_mutex during prepare_binprm for set[ug]id executables (Jann Horn) [Orabug: 21502159] {CVE-2015-3339}
[3.8.13-97]
- add ql2400, ql2500 firmware versions to prerequisites (Dan Duval) [Orabug: 21474929]
- correct QLogic firmware dependencies in the spec file (Dan Duval) [Orabug: 21474929]
[3.8.13-96]
- xen-blkfront: don't add indirect page to list when !feature_persistent (Bob Liu) [Orabug: 21459266]
[3.8.13-95]
- add firmware dependencies to spec files (Dan Duval) [Orabug: 21417522]
[3.8.13-94]
- ipv6: Don't reduce hop limit for an interface (D.S. Ljungmark) [Orabug: 21444784] {CVE-2015-2922}
- ipv4: Missing sk_nulls_node_init() in ping_unhash(). (David S. Miller) [Orabug: 21444685] {CVE-2015-3636}
[3.8.13-93]
- config: sync up config files to make build clean (Guangyu Sun) [Orabug: 21425838]
- acpi: fix typo in drivers/acpi/osl.c (Guangyu Sun) [Orabug: 21418329]
[3.8.13-92]
- Revert 'i40e: Add support for getlink, setlink ndo ops' (Brian Maly) [Orabug: 21314906]
- x86: Do not try to sync identity map for non-mapped pages (Dave Hansen) [Orabug: 21326516]
[3.8.13-91]
- rds: re-entry of rds_ib_xmit/rds_iw_xmit (Wengang Wang) [Orabug: 21324074]
- drm/mgag200: Reject non-character-cell-aligned mode widths (Adam Jackson) [Orabug: 20868823]
- drm/mgag200: fix typo causing bw limits to be ignored on some chips (Dave Airlie) [Orabug: 20868823]
- drm/mgag200: remove unused driver_private access (David Herrmann) [Orabug: 20868823]
- drm/mgag200: Invalidate page tables when pinning a BO (Egbert Eich) [Orabug: 20868823]
- drm/mgag200: Fix LUT programming for 16bpp (Egbert Eich) [Orabug: 20868823]
- drm/mgag200: Fix framebuffer pitch calculation (Takashi Iwai) [Orabug: 20868823]
- drm/mgag200: Add sysfs support for connectors (Egbert Eich) [Orabug: 20868823]
- drm/mgag200: Add an crtc_disable callback to the crtc helper funcs (Egbert Eich) [Orabug: 20868823]
- drm/mgag200: Fix logic in mgag200_bo_pin() (v2) (Egbert Eich) [Orabug: 20868823]
- drm/mgag200: inline reservations (Maarten Lankhorst) [Orabug: 20868823]
- drm/mgag200: do not attempt to acquire a reservation while in an interrupt handler (Maarten Lankhorst) [Orabug: 20868823]
- drm/mgag200: Added resolution and bandwidth limits for various G200e products. (Julia Lemire) [Orabug: 20868823]
- drm/mgag200: Reject modes that are too big for VRAM (Christopher Harvey) [Orabug: 20868823]
- drm/mgag200: Don't do full cleanup if mgag200_device_init fails (Christopher Harvey) [Orabug: 20868823]
- drm/mgag200: Hardware cursor support (Christopher Harvey) [Orabug: 20868823]
- drm/mgag200: Add missing write to index before accessing data register (Christopher Harvey) [Orabug: 20868823]
- drm/mgag200: Fix framebuffer base address programming (Christopher Harvey) [Orabug: 20868823]
- drm/mgag200: Convert counter delays to jiffies (Christopher Harvey) [Orabug: 20868823]
- drm/mgag200: Fix writes into MGA1064_PIX_CLK_CTL register (Christopher Harvey) [Orabug: 20868823]
- drm/mgag200: Don't change unrelated registers during modeset (Christopher Harvey) [Orabug: 20868823]
- Revert 'lpfc: Fix for lun discovery issue with 8Gig adapter.' (Guru Anbalagane) [Orabug: 21304962]
[3.8.13-90]
- x86/asm/entry/64: Remove a bogus 'ret_from_fork' optimization (Andy Lutomirski) [Orabug: 21308309] {CVE-2015-2830}
- Update patched for lpfc from 10.6.61.0 to 10.6.61.1 for UEK R3 U6 release. (Dick Kennedy)
- lpfc: Change buffer pool empty message to miscellaneous category (Dick Kennedy)
- lpfc: Fix incorrect log message reported for empty FCF record. (Dick Kennedy)
- lpfc: Fix rport leak. (Dick Kennedy)
- lpfc: Correct loss of RSCNs during array takeaway/giveback testing. (Dick Kennedy)
- lpfc: Fix crash in vport_delete. (Dick Kennedy)
- lpfc: Fix to remove IRQF_SHARED flag for MSI/MSI-X vectors. (Dick Kennedy)
- lpfc: Fix discovery issue when changing from Pt2Pt to Fabric. (Dick Kennedy)
- lpfc: Correct reporting of vport state on fdisc command failure. (Dick Kennedy)
- lpfc: Add support for RDP ELS command. (Dick Kennedy)
- lpfc: Fix ABORTs WQ selection in terminate_rport_io (Dick Kennedy)
- lpfc: Correct reference counting of rport (Dick Kennedy)
- lpfc: Add support for ELS LCB. (Dick Kennedy)
- lpfc: Correct loss of target discovery after cable swap. (Dick Kennedy)
- dtrace: sigaltstack is no longer a stub syscall (Kris Van Hees) [Orabug: 21304183]
- hpsa: add in new offline mode (Don Brace) [Orabug: 21289871]
- hpsa: add in new controllers (Don Brace) [Orabug: 21289871]
- hpsa: hpsa decode sense data for io and tmf (Don Brace) [Orabug: 21289871]
- hpsa: enable bus mastering during init (Don Brace) [Orabug: 21289871]
- hpsa: enhance kdump (Don Brace) [Orabug: 21289871]
- hpsa: enhance error checking. (Don Brace) [Orabug: 21289871]
- hpsa: enhance driver output (Don Brace) [Orabug: 21289871]
- hpsa: update pci device table (Don Brace) [Orabug: 21289871]
- vmw_pvscsi: Fix pvscsi_abort() function. (Arvind Kumar) [Orabug: 21266080]
- qla2xxx: Update driver version to 8.07.00.18.39.0-k. (Sawan Chandak) [Orabug: 21241070]
- qla2xxx: Restore physical port WWPN only, when port down detected for FA-WWPN port. (Sawan Chandak) [Orabug: 21241070]
- qla2xxx: Fix virtual port configuration, when switch port is disabled/enabled. (Sawan Chandak) [Orabug: 21241070]
- qla2xxx: Prevent multiple firmware dump collection for ISP27XX. (Himanshu Madhani) [Orabug: 21241070]
- qla2xxx: Disable Interrupt handshake for ISP27XX. (Himanshu Madhani) [Orabug: 21241070]
- qla2xxx: Add debugging info for MBX timeout. (Himanshu Madhani) [Orabug: 21241070]
- qla2xxx: Add serdes read/write support for ISP27XX (Andrew Vasquez) [Orabug: 21241070]
- qla2xxx: Add udev notification to save fw dump for ISP27XX (Himanshu Madhani) [Orabug: 21241070]
- qla2xxx: Add message for sucessful FW dump collected for ISP27XX. (Himanshu Madhani) [Orabug: 21241070]
- qla2xxx: Add support to load firmware from file for ISP 26XX/27XX. (Sawan Chandak) [Orabug: 21241070]
- qla2xxx: Fix beacon blink for ISP27XX. (Nigel Kirkland) [Orabug: 21241070]
- qla2xxx: Increase the wait time for firmware to be ready for P3P. (Chad Dupuis) [Orabug: 21241070]
- qla2xxx: Fix printks in ql_log message (Yannick Guerrini) [Orabug: 21241070]
- qla2xxx: Fix printk in qla25xx_setup_mode (Yannick Guerrini) [Orabug: 21241070]
- bnx2i: update to 2.11.2.0 (Vaughan Cao) [Orabug: 21241055]
- bnx2fc: update to 2.9.3 (Vaughan Cao) [Orabug: 21241055]
- bnx2x: update to 1.712.33 (Vaughan Cao) [Orabug: 21241055]
- cnic: update to 2.5.20h (Vaughan Cao) [Orabug: 21241055]
- bnx2: update to 2.2.5o (Vaughan Cao) [Orabug: 21241055]
- md: use SRCU to improve performance (Mikulas Patocka) [Orabug: 18231164]
- kvm: raise KVM_SOFT_MAX_VCPUS to support more vcpus (Dan Duval) [Orabug: 21144488]
- vsock: Make transport the proto owner (Andy King) [Orabug: 21266075]
- VSOCK: Move af_vsock.h and vsock_addr.h to include/net (Asias He) [Orabug: 21266075]
[3.8.13-89]
- drivers: xen-blkfront: only talk_to_blkback() when in XenbusStateInitialising (Bob Liu)
- xen/block: add multi-page ring support (Bob Liu)
- driver: xen-blkfront: move talk_to_blkback to a more suitable place (Bob Liu)
- drivers: xen-blkback: delay pending_req allocation to connect_ring (Bob Liu)
- xen/grant: introduce func gnttab_unmap_refs_sync() (Bob Liu)
- xen/blkback: safely unmap purge persistent grants (Bob Liu)
- xenbus_client: Extend interface to support multi-page ring (Wei Liu)
- be2net: update the driver version to 10.6.0.2 (Sathya Perla) [Orabug: 21275400]
- be2net: update copyright year to 2015 (Vasundhara Volam) [Orabug: 21275400]
- be2net: use be_virtfn() instead of !be_physfn() (Kalesh AP) [Orabug: 21275400]
- be2net: simplify UFI compatibility checking (Vasundhara Volam) [Orabug: 21275400]
- be2net: post full RXQ on interface enable (Suresh Reddy) [Orabug: 21275400]
- be2net: check for INSUFFICIENT_VLANS error (Kalesh AP) [Orabug: 21275400]
- be2net: receive pkts with L3, L4 errors on VFs (Somnath Kotur) [Orabug: 21275400]
- be2net: log link status (Ivan Vecera) [Orabug: 21275400]
- be2net: Fix a bug in Rx buffer posting (Ajit Khaparde) [Orabug: 21275400]
- be2net: bump up the driver version to 10.6.0.1 (Sathya Perla) [Orabug: 21275400]
- be2net: use PCI MMIO read instead of config read for errors (Suresh Reddy) [Orabug: 21275400]
- be2net: restrict MODIFY_EQ_DELAY cmd to a max of 8 EQs (Suresh Reddy) [Orabug: 21275400]
- be2net: Prevent VFs from enabling VLAN promiscuous mode (Vasundhara Volam) [Orabug: 21275400]
- ethernet: codespell comment spelling fixes (Joe Perches) [Orabug: 21275400]
- be2net: avoid creating the non-RSS default RXQ if FW allows to (Vasundhara Volam) [Orabug: 21275400]
- be2net: use a wrapper to schedule and cancel error detection task (Sathya Perla) [Orabug: 21275400]
- be2net: shorten AMAP_GET/SET_BITS() macro calls (Sathya Perla) [Orabug: 21275400]
- be2net: MODULE_DEVICE_TABLE: fix some callsites (Andrew Morton) [Orabug: 21275400]
- be2net: avoid unncessary swapping of fields in eth_tx_wrb (Sathya Perla) [Orabug: 21275400]
- be2net: process port misconfig async event (Vasundhara Volam) [Orabug: 21275400]
- be2net: refactor be_set_rx_mode() and be_vid_config() for readability (Sathya Perla) [Orabug: 21275400]
- be2net: remove duplicate code in be_cmd_rx_filter() (Sathya Perla) [Orabug: 21275400]
- be2net: use offset based FW flashing for Skyhawk chip (Vasundhara Volam) [Orabug: 21275400]
- be2net: avoid flashing SH-B0 UFI image on SH-P2 chip (Vasundhara Volam) [Orabug: 21275400]
- be2net: refactor code that checks flash file compatibility (Vasundhara Volam) [Orabug: 21275400]
- be2net: replace (1 << x) with BIT(x) (Vasundhara Volam) [Orabug: 21275400]
- be2net: move un-exported routines from be.h to respective src files (Sathya Perla) [Orabug: 21275400]
- bridge: add flags argument to ndo_bridge_setlink and ndo_bridge_dellink (Roopa Prabhu) [Orabug: 21275400]
- be2net: move definitions related to FW cmdsfrom be_hw.h to be_cmds.h (Vasundhara Volam) [Orabug: 21275400]
- be2net: issue function reset cmd in resume path (Kalesh AP) [Orabug: 21275400]
- be2net: add a log message for POST timeout in Lancer (Kalesh AP) [Orabug: 21275400]
- be2net: fix failure case in setting flow control (Kalesh AP) [Orabug: 21275400]
- be2net: move interface create code to a separate routine (Kalesh AP) [Orabug: 21275400]
- VMCI: Guard against overflow in queue pair allocation (Jorgen Hansen) [Orabug: 21266077]
- VMCI: Check userland-provided datagram size (Andy King) [Orabug: 21266077]
- VMCI: Fix two UVA mapping bugs (Jorgen Hansen) [Orabug: 21266077]
- VMCI: integer overflow in vmci_datagram_dispatch() (Dan Carpenter) [Orabug: 21266077]
- VMCI: fix error handling path when registering guest driver (Dmitry Torokhov) [Orabug: 21266077]
- VMCI: Add support for virtual IOMMU (Andy King) [Orabug: 21266077]
- VMCI: Remove non-blocking/pinned queuepair support (Andy King) [Orabug: 21266077]
[3.8.13-88]
- Oracle Linux Kernel Module Signing Key (Alexey Petrenko) [Orabug: 21249387]
- extrakeys.pub is not needed for the build (Alexey Petrenko) [Orabug: 21249387]
- Fix kabi break due to find_special_page was introduced (Bob Liu) [Orabug: 21250018]
- xen/gntdev: provide find_special_page VMA operation (David Vrabel) [Orabug: 21250018]
- xen/gntdev: mark userspace PTEs as special on x86 PV guests (David Vrabel) [Orabug: 21250018]
- xen-blkback: safely unmap grants in case they are still in use (Jennifer Herbert) [Orabug: 21250018]
- xen/gntdev: safely unmap grants in case they are still in use (Jennifer Herbert) [Orabug: 21250018]
- xen/gntdev: convert priv->lock to a mutex (David Vrabel) [Orabug: 21250018]
- xen/grant-table: add a mechanism to safely unmap pages that are in use (Jennifer Herbert) [Orabug: 21250018]
- xen-netback: use foreign page information from the pages themselves (Jennifer Herbert) [Orabug: 21250018]
- xen: mark grant mapped pages as foreign (Jennifer Herbert) [Orabug: 21250018]
- xen/grant-table: add helpers for allocating pages (David Vrabel) [Orabug: 21250018]
- x86/xen: require ballooned pages for grant maps (Jennifer Herbert) [Orabug: 21250018]
- xen: remove scratch frames for ballooned pages and m2p override (David Vrabel) [Orabug: 21250018]
- xen/grant-table: pre-populate kernel unmap ops for xen_gnttab_unmap_refs() (David Vrabel) [Orabug: 21250018]
- mm: add 'foreign' alias for the 'pinned' page flag (Jennifer Herbert) [Orabug: 21250018]
- mm: provide a find_special_page vma operation (David Vrabel) [Orabug: 21250018]
- NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock (Tariq Saeed) [Orabug: 20933419]
- swiotlb: don't assume PA 0 is invalid (Jan Beulich) [Orabug: 21249144]
[3.8.13-87]
- qla4xxx: Update driver version to v5.04.00.07.06.02-uek3 (Nilesh Javali) [Orabug: 21241091]
- qla4xxx: check the return value of dma_alloc_coherent() (Maurizio Lombardi) [Orabug: 21241091]
- scsi: qla4xxx: ql4_mbx.c: Cleaning up missing null-terminate in conjunction with strncpy (Rickard Strandqvist) [Orabug: 21241091]
- scsi: qla4xxx: ql4_os.c: Cleaning up missing null-terminate in conjunction with strncpy (Rickard Strandqvist) [Orabug: 21241091]
- qla4xxx: fix get_host_stats error propagation (Mike Christie) [Orabug: 21241091]
- scsi_ibft: Fix finding Broadcom specific ibft sign (Vikas Chaudhary) [Orabug: 21241091]
- dtrace: convert from sdt_instr_t to asm_instr_t (Kris Van Hees) [Orabug: 21267945]
- dtrace: percpu: move from __get_cpu_var() to this_cpu_ptr() (Kris Van Hees) [Orabug: 21265599]
- dtrace: do not vmalloc/vfree from probe context (Kris Van Hees) [Orabug: 21267934]
- dtrace: restructuring for multi-arch support (Kris Van Hees) [Orabug: 21267922]
- kallsyms: fix /proc/kallmodsyms to not be misled by const variables (Nick Alcock) [Orabug: 21257170]
- storvsc: force discovery of LUNs that may have been removed. (K. Y. Srinivasan) [Orabug: 20768211]
- storvsc: in responce to a scan event, scan the host (K. Y. Srinivasan) [Orabug: 20768211]
- builds: configs: Enable mgs driver for OL7 (Santosh Shilimkar) [Orabug: 20505584]
- aacraid: driver version change (Mahesh Rajashekhara) [Orabug: 21208741]
- aacraid: AIF raw device remove support (Mahesh Rajashekhara) [Orabug: 21208741]
- aacraid: performance improvement changes (Mahesh Rajashekhara) [Orabug: 21208741]
- aacraid: IOCTL fix (Mahesh Rajashekhara) [Orabug: 21208741]
- aacraid: IOP RESET command handling changes (Mahesh Rajashekhara) [Orabug: 21208741]
- aacraid: 240 simple volume support (Mahesh Rajashekhara) [Orabug: 21208741]
- aacraid: vpd page code 0x83 support (Mahesh Rajashekhara) [Orabug: 21208741]
- aacraid: MSI-x support (Mahesh Rajashekhara) [Orabug: 21208741]
- aacraid: 4KB sector support (Mahesh Rajashekhara) [Orabug: 21208741]
- aacraid: IOCTL pass-through command fix (Mahesh Rajashekhara) [Orabug: 21208741]
- aacraid: AIF support for SES device add/remove (Mahesh Rajashekhara) [Orabug: 21208741]
- scsi: use 64-bit LUNs (Hannes Reinecke) [Orabug: 21208741]
- remove deprecated IRQF_DISABLED from SCSI (Michael Opdenacker) [Orabug: 21208741]
- aacraid: kdump fix (Mahesh Rajashekhara) [Orabug: 21208741]
- drivers: avoid parsing names as kthread_run() format strings (Kees Cook) [Orabug: 21208741]
- aacraid: Fix for arrays are going offline in the system. System hangs (Mahesh Rajashekhara) [Orabug: 21208741]
- aacraid: Dual firmware image support (Mahesh Rajashekhara) [Orabug: 21208741]
- aacraid: suppress two GCC warnings (Paul Bolle) [Orabug: 21208741]
- aacraid: 1024 max outstanding command support for Series 7 and above (Mahesh Rajashekhara) [Orabug: 21208741]
[3.8.13-86]
- kallsyms: fix /proc/kallmodsyms to not be misled by external symbols (Nick Alcock) [Orabug: 21245508]
- wait: change waitfd() to use wait4(), not waitid(); reduce invasiveness (Nick Alcock) [Orabug: 21245391]
- ixgbevf: upgrade to version 2.16.1 (Brian Maly) [Orabug: 21104474]
- ipv6: don't call addrconf_dst_alloc again when enable lo (Gao feng) [Orabug: 21088702]
- efi/xen: Pass missing argument to EFI runtime Xen hypercall (Daniel Kiper) [Orabug: 21247143]
[3.8.13-85]
- fanotify: fix notification of groups with inode & mount marks (Jan Kara) [Orabug: 21168905]
- NVMe: Fix VPD B0 max sectors translation (Keith Busch) [Orabug: 21117187]
- NVMe: Add translation for block limits (Keith Busch) [Orabug: 21117187]
- nvme: Fix PRP list calculation for non-4k system page size (Murali Iyer) [Orabug: 21117187]
- NVMe: Fix potential corruption on sync commands (Keith Busch) [Orabug: 21117187]
- NVMe: Fix potential corruption during shutdown (Keith Busch) [Orabug: 21117187]
- NVMe: Initialize device list head before starting (Keith Busch) [Orabug: 21117187]
- NVMe: Asynchronous controller probe (Keith Busch) [Orabug: 21117187]
- NVMe: Register management handle under nvme class (Keith Busch) [Orabug: 21117187]
- NVMe: Update SCSI Inquiry VPD 83h translation (Keith Busch) [Orabug: 21117187]
- NVMe: Update data structures for NVMe 1.2 (Matthew Wilcox) [Orabug: 21117187]
- NVMe: Update namespace and controller identify structures to the 1.1a spec (Dimitri John Ledkov) [Orabug: 21117187]
- NVMe: Update module version (Keith Busch) [Orabug: 21117187]
- fnic: Override the limitation on number of scsi timeouts (Narsimhulu Musini) [Orabug: 21084835]
- fnic: IOMMU Fault occurs when IO and abort IO is out of order (Anil Chintalapati (achintal)) [Orabug: 21084835]
- Fnic: Fnic Driver crashed with NULL pointer reference (Hiral Shah) [Orabug: 21084835]
- Fnic: For Standalone C series, 'sending VLAN request' message seen even if the link is down (Hiral Shah) [Orabug: 21084835]
- Fnic: Improper resue of exchange Ids (Hiral Shah) [Orabug: 21084835]
- Fnic: Memcopy only mimumum of data or trace buffer (Hiral Shah) [Orabug: 21084835]
- Fnic: Not probing all the vNICS via fnic_probe on boot (Hiral Shah) [Orabug: 21084835]
- fnic: assign FIP_ALL_FCF_MACS to fcoe_all_fcfs (Hiral Shah) [Orabug: 21084835]
- uek-rpm: ol6: update build environment to 6.6 (Guangyu Sun)
[3.8.13-84]
- x86_64, vdso: Fix the vdso address randomization algorithm (Andy Lutomirski) [Orabug: 21226722] {CVE-2014-9585}
[3.8.13-83]
- snic: fix format string overflow (Brian Maly) [Orabug: 21091759]
- scsi: add snic driver to makefile (Brian Maly) [Orabug: 21091759]
- snic: enable snic in kernel configs (Brian Maly) [Orabug: 21091759]
- snic: minor checkpatch fixes (Narsimhulu Musini) [Orabug: 21091759]
- snic: Add Makefile, patch Kconfig, MAINTAINERS (Narsimhulu Musini) [Orabug: 21091759]
- snic: Add event tracing to capture IO events. (Narsimhulu Musini) [Orabug: 21091759]
- snic: Add sysfs entries to list stats and trace data (Narsimhulu Musini) [Orabug: 21091759]
- snic: Add low level queuing interfaces (Narsimhulu Musini) [Orabug: 21091759]
- snic: add SCSI handling, AEN, and fwreset handling (Narsimhulu Musini) [Orabug: 21091759]
- snic: Add snic target discovery (Narsimhulu Musini) [Orabug: 21091759]
- snic: Add meta request, handling of meta requests. (Narsimhulu Musini) [Orabug: 21091759]
- snic: Add interrupt, resource firmware interfaces (Narsimhulu Musini) [Orabug: 21091759]
- snic: snic module infrastructure (Narsimhulu Musini) [Orabug: 21091759]
- xen/mmu: Move the setting of pvops.write_cr3 to later phase in bootup. (Konrad Rzeszutek Wilk) [Orabug: 21197204]
- x86-64, xen, mmu: Provide an early version of write_cr3. (Konrad Rzeszutek Wilk) [Orabug: 21197204]
- uek-rpm: build: Use SHA512 instead of SHA256 for module signing (Natalya Naumova) [Orabug: 20687425]
- config: ol6: make CONFIG_SERIAL_8250_NR_UARTS 64 (Guangyu Sun) [Orabug: 21141039]
- config: enable CONFIG_INTEL_TXT (Guangyu Sun) [Orabug: 21176777]
- export host-only net/core and net/ipv4 parameters to a container as read-only (Thomas Tanaka) [Orabug: 21151210]
- Revert 'i40e: Add FW check to disable DCB and wrap autoneg workaround with FW check' (Brian Maly) [Orabug: 21103806]
- xen-netfront: print correct number of queues (David Vrabel) [Orabug: 21150627]
- xen-netfront: release per-queue Tx and Rx resource when disconnecting (David Vrabel) [Orabug: 21150627]
- xen-netfront: fix locking in connect error path (David Vrabel) [Orabug: 21150627]
- xen-netfront: call netif_carrier_off() only once when disconnecting (David Vrabel) [Orabug: 21150627]
- xen-netfront: don't nest queue locks in xennet_connect() (David Vrabel) [Orabug: 21150627]
- xen-net{back, front}: Document multi-queue feature in netif.h (Andrew J. Bennieston) [Orabug: 21150627]
- xen-netfront: recreate queues correctly when reconnecting (David Vrabel) [Orabug: 21150627]
- xen-netfront: fix oops when disconnected from backend (David Vrabel) [Orabug: 21150627]
- xen-netfront: initialise queue name in xennet_init_queue (Wei Liu) [Orabug: 21150627]
- xen-netfront: Add support for multiple queues (Andrew J. Bennieston) [Orabug: 21150627]
- xen-netfront: Factor queue-specific data into queue struct. (Andrew J. Bennieston) [Orabug: 21150627]
- xen-netback: bookkeep number of active queues in our own module (Wei Liu) [Orabug: 21150627]
- net: xen-netback: include linux/vmalloc.h again (Arnd Bergmann) [Orabug: 21150627]
- xen-netback: Add support for multiple queues (Andrew J. Bennieston) [Orabug: 21150627]
- xen-netback: Factor queue-specific data into queue struct (Wei Liu) [Orabug: 21150627]
- xen-netback: Move grant_copy_op array back into struct xenvif. (Andrew J. Bennieston) [Orabug: 21150627]
- ixgbe: Look up MAC address in Open Firmware or IDPROM (Martin K Petersen) [Orabug: 20983421]
- ixgbe: update to ver 4.0.3 (Ethan Zhao) [Orabug: 20983421]
[3.8.13-82]
- config: enable some secure boot features for ol7 (Guangyu Sun) [Orabug: 18961720]
- efi: Disable secure boot if shim is in insecure mode (Josh Boyer) [Orabug: 18961720]
- hibernate: Disable in a signed modules environment (Josh Boyer) [Orabug: 18961720]
- efi: Add EFI_SECURE_BOOT bit (Josh Boyer) [Orabug: 18961720]
- Add option to automatically set securelevel when in Secure Boot mode (Matthew Garrett) [Orabug: 18961720]
- asus-wmi: Restrict debugfs interface when securelevel is set (Matthew Garrett) [Orabug: 18961720]
- x86: Restrict MSR access when securelevel is set (Matthew Garrett) [Orabug: 18961720]
- uswsusp: Disable when securelevel is set (Matthew Garrett) [Orabug: 18961720]
- kexec: Disable at runtime if securelevel has been set. (Matthew Garrett) [Orabug: 18961720]
- acpi: Ignore acpi_rsdp kernel parameter when securelevel is set (Matthew Garrett) [Orabug: 18961720]
- acpi: Limit access to custom_method if securelevel is set (Matthew Garrett) [Orabug: 18961720]
- Restrict /dev/mem and /dev/kmem when securelevel is set. (Matthew Garrett) [Orabug: 18961720]
- x86: Lock down IO port access when securelevel is enabled (Matthew Garrett) [Orabug: 18961720]
- PCI: Lock down BAR access when securelevel is enabled (Matthew Garrett) [Orabug: 18961720]
- Enforce module signatures when securelevel is greater than 0 (Matthew Garrett) [Orabug: 18961720]
- Add BSD-style securelevel support (Matthew Garrett) [Orabug: 18961720]
- MODSIGN: Support not importing certs from db (Josh Boyer) [Orabug: 18961720]
- MODSIGN: Import certificates from UEFI Secure Boot (Josh Boyer) [Orabug: 18961720]
- MODSIGN: Add module certificate blacklist keyring (Josh Boyer) [Orabug: 18961720]
- Add an EFI signature blob parser and key loader. (Dave Howells) [Orabug: 18961720]
- Add EFI signature data types (Dave Howells) [Orabug: 18961720]
- efi: fix error handling in add_sysfs_runtime_map_entry() (Dan Carpenter) [Orabug: 18961720]
- PEFILE: Relax the check on the length of the PKCS#7 cert (David Howells) [Orabug: 18961720]
- kexec: purgatory: add clean-up for purgatory directory (Michael Welling) [Orabug: 18961720]
- x86/purgatory: use approprate -m64/-32 build flag for arch/x86/purgatory (Vivek Goyal) [Orabug: 18961720]
- kexec: remove CONFIG_KEXEC dependency on crypto (Vivek Goyal) [Orabug: 18961720]
- kexec: create a new config option CONFIG_KEXEC_FILE for new syscall (Vivek Goyal) [Orabug: 18961720]
- resource: fix the case of null pointer access (Vivek Goyal) [Orabug: 18961720]
- kexec: verify the signature of signed PE bzImage (Vivek Goyal) [Orabug: 18961720]
- kexec: support kexec/kdump on EFI systems (Vivek Goyal) [Orabug: 18961720]
- kexec: support for kexec on panic using new system call (Vivek Goyal) [Orabug: 18961720]
- kexec-bzImage64: support for loading bzImage using 64bit entry (Vivek Goyal) [Orabug: 18961720]
- kexec: load and relocate purgatory at kernel load time (Vivek Goyal) [Orabug: 18961720]
- purgatory: core purgatory functionality (Vivek Goyal) [Orabug: 18961720]
- purgatory/sha256: provide implementation of sha256 in purgaotory context (Vivek Goyal) [Orabug: 18961720]
- kexec: implementation of new syscall kexec_file_load (Vivek Goyal) [Orabug: 18961720]
- kexec: new syscall kexec_file_load() declaration (Vivek Goyal) [Orabug: 18961720]
- kexec: make kexec_segment user buffer pointer a union (Vivek Goyal) [Orabug: 18961720]
- resource: provide new functions to walk through resources (Vivek Goyal) [Orabug: 18961720]
- kexec: use common function for kimage_normal_alloc() and kimage_crash_alloc() (Vivek Goyal) [Orabug: 18961720]
- kexec: move segment verification code in a separate function (Vivek Goyal) [Orabug: 18961720]
- kexec: rename unusebale_pages to unusable_pages (Vivek Goyal) [Orabug: 18961720]
- kernel: build bin2c based on config option CONFIG_BUILD_BIN2C (Vivek Goyal) [Orabug: 18961720]
- bin2c: move bin2c in scripts/basic (Vivek Goyal) [Orabug: 18961720]
- kexec: remove unnecessary return (Xishi Qiu) [Orabug: 18961720]
- keys: remove duplicated loads of ksplice certificate (Guangyu Sun) [Orabug: 21034277]
- X.509: Support parse long form of length octets in Authority Key Identifier (Chun-Yi Lee) [Orabug: 18961720]
- KEYS: Pre-clear struct key on allocation (David Howells) [Orabug: 18961720]
- KEYS: Fix searching of nested keyrings (David Howells) [Orabug: 18961720]
- KEYS: Fix multiple key add into associative array (David Howells) [Orabug: 18961720]
- KEYS: Fix the keyring hash function (David Howells) [Orabug: 18961720]
- PKCS#7: Fix the parser cleanup to drain parsed out X.509 certs (David Howells) [Orabug: 18961720]
- PKCS#7: Provide a single place to do signed info block freeing (David Howells) [Orabug: 18961720]
- PKCS#7: Add a missing static (David Howells) [Orabug: 18961720]
- X.509: Need to export x509_request_asymmetric_key() (David Howells) [Orabug: 18961720]
- PKCS#7: X.509 certificate issuer and subject are mandatory fields in the ASN.1 (David Howells) [Orabug: 18961720]
- PKCS#7: Use x509_request_asymmetric_key() (David Howells) [Orabug: 18961720]
- X.509: x509_request_asymmetric_keys() doesn't need string length arguments (David Howells) [Orabug: 18961720]
- PKCS#7: fix sparse non static symbol warning (Wei Yongjun) [Orabug: 18961720]
- PKCS#7: Missing inclusion of linux/err.h (David Howells) [Orabug: 18961720]
- ima: define '.ima' as a builtin 'trusted' keyring (Mimi Zohar) [Orabug: 18961720]
- KEYS: validate certificate trust only with builtin keys (Dmitry Kasatkin) [Orabug: 18961720]
- KEYS: validate certificate trust only with selected key (Dmitry Kasatkin) [Orabug: 18961720]
- KEYS: verify a certificate is signed by a 'trusted' key (Mimi Zohar) [Orabug: 18961720]
- KEYS: make partial key id matching as a dedicated function (Dmitry Kasatkin) [Orabug: 18961720]
- KEYS: Reinstate EPERM for a key type name beginning with a '.' (David Howells) [Orabug: 18961720]
- KEYS: special dot prefixed keyring name bug fix (Mimi Zohar) [Orabug: 18961720]
- pefile: Validate PKCS#7 trust chain (David Howells) [Orabug: 18961720]
- pefile: Digest the PE binary and compare to the PKCS#7 data (David Howells) [Orabug: 18961720]
- pefile: Handle pesign using the wrong OID (Vivek Goyal) [Orabug: 18961720]
- pefile: Parse the 'Microsoft individual code signing' data blob (David Howells) [Orabug: 18961720]
- pefile: Parse the presumed PKCS#7 content of the certificate blob (David Howells) [Orabug: 18961720]
- pefile: Strip the wrapper off of the cert data block (David Howells) [Orabug: 18961720]
- pefile: Parse a PE binary to find a key and a signature contained therein (David Howells) [Orabug: 18961720]
- Provide PE binary definitions (David Howells) [Orabug: 18961720]
- KEYS: X.509: Fix a spelling mistake (David Howells) [Orabug: 18961720]
- PKCS#7: Provide a key type for testing PKCS#7 (David Howells) [Orabug: 18961720]
- PKCS#7: Find intersection between PKCS#7 message and known, trusted keys (David Howells) [Orabug: 18961720]
- PKCS#7: Verify internal certificate chain (David Howells) [Orabug: 18961720]
- PKCS#7: Find the right key in the PKCS#7 key list and verify the signature (David Howells) [Orabug: 18961720]
- PKCS#7: Digest the data in a signed-data message (David Howells) [Orabug: 18961720]
- PKCS#7: Implement a parser [RFC 2315] (David Howells) [Orabug: 18961720]
- X.509: Export certificate parse and free functions (David Howells) [Orabug: 18961720]
- X.509: Add bits needed for PKCS#7 (David Howells) [Orabug: 18961720]
- x86/efi: Support initrd loaded above 4G (Yinghai Lu) [Orabug: 18961720]
- x86, boot: Do not include boot.h in string.c (Vivek Goyal) [Orabug: 18961720]
- x86, boot: Move memcmp() into string.h and string.c (Vivek Goyal) [Orabug: 18961720]
- x86, boot: Create a separate string.h file to provide standard string functions (Vivek Goyal) [Orabug: 18961720]
- kexec: add sysctl to disable kexec_load (Kees Cook) [Orabug: 18961720]
- x86: Add xloadflags bit for EFI runtime support on kexec (Dave Young) [Orabug: 18961720]
- x86/efi: Pass necessary EFI data for kexec via setup_data (Dave Young) [Orabug: 18961720]
- efi: Export EFI runtime memory mapping to sysfs (Dave Young) [Orabug: 18961720]
- efi: Export more EFI table variables to sysfs (Dave Young) [Orabug: 18961720]
- x86/efi: Cleanup efi_enter_virtual_mode() function (Dave Young) [Orabug: 18961720]
- x86/efi: Fix off-by-one bug in EFI Boot Services reservation (Dave Young) [Orabug: 18961720]
- x86/efi: Add a wrapper function efi_map_region_fixed() (Dave Young) [Orabug: 18961720]
- keys: change asymmetric keys to use common hash definitions (Dmitry Kasatkin) [Orabug: 18961720]
- crypto: provide single place for hash algo information (Dmitry Kasatkin) [Orabug: 18961720]
- KEYS: fix error return code in big_key_instantiate() (Wei Yongjun) [Orabug: 18961720]
- KEYS: Fix keyring quota misaccounting on key replacement and unlink (David Howells) [Orabug: 18961720]
- KEYS: Fix a race between negating a key and reading the error set (David Howells) [Orabug: 18961720]
- KEYS: Make BIG_KEYS boolean (Josh Boyer) [Orabug: 18961720]
- X.509: remove possible code fragility: enumeration values not handled (Antonio Alecrim Jr) [Orabug: 18961720]
- X.509: add module description and license (Konstantin Khlebnikov) [Orabug: 18961720]
- MPILIB: add module description and license (Konstantin Khlebnikov) [Orabug: 18961720]
Related CVEs
| CVE-2014-8989 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 6 (x86_64) | dtrace-modules-3.8.13-98.el6uek-0.4.5-2.el6.src.rpm | 045795f7a210c4a479d4cfc9ab930191 | - |
| kernel-uek-3.8.13-98.el6uek.src.rpm | 0057e19738bb52f566fe70a1d7bb3639 | ELSA-2021-9215 | |
| dtrace-modules-3.8.13-98.el6uek-0.4.5-2.el6.x86_64.rpm | 17cc828034ef5c244158476ca8e6b3b6 | - | |
| dtrace-modules-provider-headers-0.4.5-2.el6.x86_64.rpm | 0398e6d6bdf9af8f949275e93774706b | ELSA-2017-3609 | |
| dtrace-modules-shared-headers-0.4.5-2.el6.x86_64.rpm | 295b87357bb2e3a3cd9996c1125158c4 | ELSA-2017-3609 | |
| kernel-uek-3.8.13-98.el6uek.x86_64.rpm | 68d11416f23b0f12b82e0ab70848e681 | ELSA-2021-9215 | |
| kernel-uek-debug-3.8.13-98.el6uek.x86_64.rpm | 11474737c6066156e30d1d7c5d5cfabe | ELSA-2021-9215 | |
| kernel-uek-debug-devel-3.8.13-98.el6uek.x86_64.rpm | 69bb30ed671116717d388b4c02788324 | ELSA-2021-9215 | |
| kernel-uek-devel-3.8.13-98.el6uek.x86_64.rpm | dc6368aa78fcb47646a8dac8d58cb010 | ELSA-2021-9215 | |
| kernel-uek-doc-3.8.13-98.el6uek.noarch.rpm | 66f07ae53b08a47c2160e60643319a67 | ELSA-2021-9215 | |
| kernel-uek-firmware-3.8.13-98.el6uek.noarch.rpm | 76614264791a5c73c459faaffe113efc | ELSA-2021-9215 | |
| Oracle Linux 7 (x86_64) | dtrace-modules-3.8.13-98.el7uek-0.4.5-3.el7.src.rpm | 0118460e6bbec3a9627497aa66f28210 | - |
| kernel-uek-3.8.13-98.el7uek.src.rpm | 1220b0b486ad8cba5ae2e0c4bb581d0d | ELSA-2021-9220 | |
| dtrace-modules-3.8.13-98.el7uek-0.4.5-3.el7.x86_64.rpm | 62bb43b6bc47623f25b2ae792b8964a9 | - | |
| dtrace-modules-provider-headers-0.4.5-3.el7.x86_64.rpm | b6bfaa1f736d8cd6d98900f3888f967a | ELSA-2017-3609 | |
| dtrace-modules-shared-headers-0.4.5-3.el7.x86_64.rpm | 0ea7ddc2e2c57baba7322b558c6127ab | ELSA-2017-3609 | |
| kernel-uek-3.8.13-98.el7uek.x86_64.rpm | 20c7e1e838bd5ac15f5834c58f616670 | ELSA-2021-9220 | |
| kernel-uek-debug-3.8.13-98.el7uek.x86_64.rpm | 1962fbf55905e4ee0feae319bf58b5fa | ELSA-2021-9220 | |
| kernel-uek-debug-devel-3.8.13-98.el7uek.x86_64.rpm | 94b77054ffa7af1fcbb67865f08f2610 | ELSA-2021-9220 | |
| kernel-uek-devel-3.8.13-98.el7uek.x86_64.rpm | aee67533bf4a838cf78e78d6cacda9e1 | ELSA-2021-9220 | |
| kernel-uek-doc-3.8.13-98.el7uek.noarch.rpm | 74812c1147fab7c807574afae8ab6e98 | ELSA-2021-9220 | |
| kernel-uek-firmware-3.8.13-98.el7uek.noarch.rpm | 1271bfe792f8beef643bdbe207e6cad2 | ELSA-2021-9215 | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
