ELSA-2017-3637

ELSA-2017-3637 - Unbreakable Enterprise kernel security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2017-11-02

Description


[2.6.39-400.297.12]
- xsigo: [backport] Fix race in freeing aged Forwarding tables (Pradeep Gopanapalli) [Orabug: 24823234]
- ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 25671723]
- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 25671723]
- net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308}
- net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308}
- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403941] {CVE-2017-1000363}
- ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380}
- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380}
- ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403958] {CVE-2017-1000380}
- ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380}
- ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380}
- ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380}
- ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403974] {CVE-2017-9074}
- ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403974] {CVE-2017-9074}
- ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403974] {CVE-2017-9074}
- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404007] {CVE-2017-9077}
- aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643601] {CVE-2016-10044}
- vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643601] {CVE-2016-10044}
- vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643601] {CVE-2016-10044}
- x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643652] {CVE-2017-11473}
- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650889] {CVE-2017-9075}
- saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675148] {CVE-2017-8831}
- saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675148] {CVE-2017-8831}
- saa7164: get rid of warning: no previous prototype (Mauro Carvalho Chehab) [Orabug: 26675148] {CVE-2017-8831}
- [scsi] lpfc 8.3.44: Fix kernel panics from corrupted ndlp (James Smart) [Orabug: 26765341]
- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899791] {CVE-2017-10661}
- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988628] {CVE-2017-14489}


Related CVEs


CVE-2017-14489
CVE-2016-10044
CVE-2017-11473
CVE-2017-8831
CVE-2017-10661
CVE-2017-7308
CVE-2017-1000363
CVE-2017-1000380
CVE-2017-9077
CVE-2017-9074
CVE-2017-9075

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 5 (i386) kernel-uek-2.6.39-400.297.12.el5uek.src.rpmb16555bdbcc5039e3f9efa5de270eb3a-
kernel-uek-2.6.39-400.297.12.el5uek.i686.rpm6636997c4e5b7263f157b5d5f664bdeb-
kernel-uek-debug-2.6.39-400.297.12.el5uek.i686.rpma585ddc6ec33da29f9964381c2f28a87-
kernel-uek-debug-devel-2.6.39-400.297.12.el5uek.i686.rpmd07aaf3643dd5a6d1c895a068d2f327e-
kernel-uek-devel-2.6.39-400.297.12.el5uek.i686.rpm9037296e13ae3a0725397b350757e403-
kernel-uek-doc-2.6.39-400.297.12.el5uek.noarch.rpmf9bdf0bd60c051d0540b420664ca1a34-
kernel-uek-firmware-2.6.39-400.297.12.el5uek.noarch.rpm45bbdd4262f0f086ea5022562adf3351-
Oracle Linux 5 (x86_64) kernel-uek-2.6.39-400.297.12.el5uek.src.rpmb16555bdbcc5039e3f9efa5de270eb3a-
kernel-uek-2.6.39-400.297.12.el5uek.x86_64.rpm3c95a3b74c25ddbb7b6d39fed147d2e8-
kernel-uek-debug-2.6.39-400.297.12.el5uek.x86_64.rpmbbaff44d3fa8c2082f9062857cc7c237-
kernel-uek-debug-devel-2.6.39-400.297.12.el5uek.x86_64.rpm24d75a2f3106a95c6da7aa094e2693b5-
kernel-uek-devel-2.6.39-400.297.12.el5uek.x86_64.rpm8c195412cefdd19595312bd41879252c-
kernel-uek-doc-2.6.39-400.297.12.el5uek.noarch.rpmf9bdf0bd60c051d0540b420664ca1a34-
kernel-uek-firmware-2.6.39-400.297.12.el5uek.noarch.rpm45bbdd4262f0f086ea5022562adf3351-
Oracle Linux 6 (i386) kernel-uek-2.6.39-400.297.12.el6uek.src.rpmc33375cde7073ba7a4f56fe193878c71-
kernel-uek-2.6.39-400.297.12.el6uek.i686.rpm5e8228ba2257b1074e90eee9f3306269-
kernel-uek-debug-2.6.39-400.297.12.el6uek.i686.rpm10e76ee4579d6c20afa5818d55e00402-
kernel-uek-debug-devel-2.6.39-400.297.12.el6uek.i686.rpmd13507c7e30c2bf2a411517026297d93-
kernel-uek-devel-2.6.39-400.297.12.el6uek.i686.rpmc6f1ca3bb880a77eff08a25ef463f14a-
kernel-uek-doc-2.6.39-400.297.12.el6uek.noarch.rpmda59df5c574fdecded5855bd9dc7def3-
kernel-uek-firmware-2.6.39-400.297.12.el6uek.noarch.rpma3a3d518db92cdad7d5373a7f2177d9e-
Oracle Linux 6 (x86_64) kernel-uek-2.6.39-400.297.12.el6uek.src.rpmc33375cde7073ba7a4f56fe193878c71-
kernel-uek-2.6.39-400.297.12.el6uek.x86_64.rpmfa0fecd283420783ca69991b1323caa8-
kernel-uek-debug-2.6.39-400.297.12.el6uek.x86_64.rpm0f0fed5a983bba1810ddaf59cb73874c-
kernel-uek-debug-devel-2.6.39-400.297.12.el6uek.x86_64.rpme294f4fa258ef1c67e00c18b988b436a-
kernel-uek-devel-2.6.39-400.297.12.el6uek.x86_64.rpm456acbcc4f201d8765790f327bdcc9cb-
kernel-uek-doc-2.6.39-400.297.12.el6uek.noarch.rpmda59df5c574fdecded5855bd9dc7def3-
kernel-uek-firmware-2.6.39-400.297.12.el6uek.noarch.rpma3a3d518db92cdad7d5373a7f2177d9e-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete