ELSA-2017-3635

ELSA-2017-3635 - Unbreakable Enterprise kernel security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2017-11-02

Description


[4.1.12-103.9.2]
- Revert 'drivers/char/mem.c: deny access in open operation when securelevel is set' (Brian Maly) [Orabug: 27037811]

[4.1.12-103.9.1]
- xfs: use dedicated log worker wq to avoid deadlock with cil wq (Brian Foster) [Orabug: 27013241]
- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988633] {CVE-2017-14489}
- nvme: honor RTD3 Entry Latency for shutdowns (Martin K. Petersen) [Orabug: 26999097]
- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27013220] {CVE-2017-7542}
- udp: consistently apply ufo or fragmentation (Willem de Bruijn) [Orabug: 27013227] {CVE-2017-1000112}
- drivers/char/mem.c: deny access in open operation when securelevel is set (Ethan Zhao) [Orabug: 26943884]

[4.1.12-103.8.1]
- tcp: fix tcp_mark_head_lost to check skb len before fragmenting (Neal Cardwell) [Orabug: 26923675]
- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899775] {CVE-2017-10661}
- kvm: nVMX: Don't allow L2 to access the hardware CR8 (Jim Mattson) {CVE-2017-12154} {CVE-2017-12154}
- brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Tim Tianyang Chen) [Orabug: 26880590] {CVE-2017-7541}
- crypto: ahash - Fix EINPROGRESS notification callback (Herbert Xu) [Orabug: 26916575] {CVE-2017-7618}
- ovl: use O_LARGEFILE in ovl_copy_up() (David Howells) [Orabug: 25953280]
- rxrpc: Fix several cases where a padded len isn't checked in ticket decode (David Howells) [Orabug: 26880508] {CVE-2017-7482} {CVE-2017-7482}
- tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Wei Wang) [Orabug: 26813385] {CVE-2017-14106}


Related CVEs


CVE-2017-14106
CVE-2017-14489
CVE-2017-7482
CVE-2017-12154
CVE-2017-7618

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 6 (x86_64) kernel-uek-4.1.12-103.9.2.el6uek.src.rpme21a5687d871e6da670bd2f7ed725e78-
kernel-uek-4.1.12-103.9.2.el6uek.x86_64.rpm91b99d790bef427257c4a79757f1d419-
kernel-uek-debug-4.1.12-103.9.2.el6uek.x86_64.rpmcfa630c7a6a6d3c27efd5139b99e2115-
kernel-uek-debug-devel-4.1.12-103.9.2.el6uek.x86_64.rpme6d191913c5db84186c1e17a90ec063f-
kernel-uek-devel-4.1.12-103.9.2.el6uek.x86_64.rpm5f7f8b9f45896c08f64f3cd9d3f47dea-
kernel-uek-doc-4.1.12-103.9.2.el6uek.noarch.rpm8df4c4130e497bd940f81d5430c36b70-
kernel-uek-firmware-4.1.12-103.9.2.el6uek.noarch.rpm84eb9e7eba1e3510abd91b6fc32383bf-
Oracle Linux 7 (x86_64) kernel-uek-4.1.12-103.9.2.el7uek.src.rpm16ed923d14fd21ee4ea2a956644b1eed-
kernel-uek-4.1.12-103.9.2.el7uek.x86_64.rpm26fa1476304a2f25fed2ad7a0045f48c-
kernel-uek-debug-4.1.12-103.9.2.el7uek.x86_64.rpm896772b70f2ff8969a43b4467940c103-
kernel-uek-debug-devel-4.1.12-103.9.2.el7uek.x86_64.rpm9a62fba178557ca57f70bb079dc97fe8-
kernel-uek-devel-4.1.12-103.9.2.el7uek.x86_64.rpm4a580d3e74354b98b301a24bf5f03db1-
kernel-uek-doc-4.1.12-103.9.2.el7uek.noarch.rpm50f43a7ea404e1ce089755317805f846-
kernel-uek-firmware-4.1.12-103.9.2.el7uek.noarch.rpm76605a450530a9bdb92d04cff8807f18-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete