OVMSA-2016-0037 - kernel-uek security update

Release Date:2016-03-16


- Fix double free iocb->private with AIO DIO (Shirley Ma) [Orabug: 18794638]
- xen/xenbus: Avoid synchronous wait on XenBus stalling shutdown/restart. (Konrad Rzeszutek Wilk) [Orabug: 18932877]
- Increased maximum tape device limit to 1024 in UEK2 (Ritika Srivastava) [Orabug: 22044668]
- qla2xxx: don't treat initial temperature read failure as an error (Dan Duval) [Orabug: 22098738]
- Revert 'qla2xxx: Display mailbox failure by default.' (Dan Duval) [Orabug: 22098738]
- RDS: Add interface for receive MSG latency trace (Santosh Shilimkar) [Orabug: 22630078]
- RDS: Add support for per socket SO_TIMESTAMP for incoming messages (Santosh Shilimkar) [Orabug: 22630078]
- rds: add infrastructure to find more details for reconnect failure (Ajaykumar Hotchandani) [Orabug: 21799394]
- rds: find connection drop reason (Ajaykumar Hotchandani) [Orabug: 21799394]

- block: bump BLK_DEF_MAX_SECTORS to 2560 (Joe Jin) [Orabug: 22521844]
- Revert 'block: remove artifical max_hw_sectors cap' (Joe Jin) [Orabug: 22521844]

- KEYS: Don't permit request_key() to construct a new keyring (David Howells) [Orabug: 22373449] {CVE-2015-7872}

- crypto: add missing crypto module aliases (Mathias Krause) [Orabug: 22249656] {CVE-2013-7421} {CVE-2014-9644}
- crypto: include crypto- module prefix in template (Kees Cook) [Orabug: 22249656] {CVE-2013-7421} {CVE-2014-9644}
- crypto: prefix module autoloading with 'crypto-' (Kees Cook) [Orabug: 22249656] {CVE-2013-7421} {CVE-2014-9644}

- KVM: x86: Don't report guest userspace emulation error to userspace (Nadav Amit) [Orabug: 22249615] {CVE-2010-5313} {CVE-2014-7842}

- rds: print rdma_cm_id while establishing connection (Ajaykumar Hotchandani) [Orabug: 22315028]
- rdma_cm: extend debug for remote mapping (Ajaykumar Hotchandani) [Orabug: 22315028]
- OFED: indicate consistent vendor error (Ajaykumar Hotchandani) [Orabug: 22308787]
- mlx4_core: print device details for PORT event (Ajaykumar Hotchandani) [Orabug: 22113813]
- mlx4_core: enable print for device reset (Ajaykumar Hotchandani) [Orabug: 22308637]
- mlx4_core: correct fmr_reserve() (Ajaykumar Hotchandani) [Orabug: 22137952]

- msg_unlock() in wrong spot after applying 'Initialize msg/shm IPC objects before doing ipc_addid()' (Chuck Anderson) [Orabug: 22250044] {CVE-2015-7613} {CVE-2015-7613}

- ipc/sem.c: fully initialize sem_array before making it visible (Manfred Spraul) [Orabug: 22250044] {CVE-2015-7613}
- Initialize msg/shm IPC objects before doing ipc_addid() (Linus Torvalds) [Orabug: 22250044] {CVE-2015-7613}

- KVM: svm: unconditionally intercept #DB (Paolo Bonzini) [Orabug: 22333698] {CVE-2015-8104} {CVE-2015-8104}
- KVM: x86: work around infinite loop in microcode when #AC is delivered (Eric Northup) [Orabug: 22333689] {CVE-2015-5307} {CVE-2015-5307}

- mm/swap.c: reorganize put_compound_page() (Andrew Morton) [Orabug: 16823432]
- mm/hugetlb.c: simplify PageHeadHuge() and PageHuge() (Andrew Morton) [Orabug: 16823432]
- mm: document PageHuge somewhat (Andrew Morton) [Orabug: 16823432]
- mm: hugetlbfs: use __compound_tail_refcounted in __get_page_tail too (Andrea Arcangeli) [Orabug: 16823432]
- mm: tail page refcounting optimization for slab and hugetlbfs (Andrea Arcangeli) [Orabug: 16823432]
- mm: thp: optimize compound_trans_huge (Andrea Arcangeli) [Orabug: 16823432]
- mm: hugetlbfs: move the put/get_page slab and hugetlbfs optimization in a faster path (Andrea Arcangeli) [Orabug: 16823432]
- mm: hugetlb: use get_page_foll() in follow_hugetlb_page() (Andrea Arcangeli) [Orabug: 16823432]
- mm: hugetlbfs: fix hugetlbfs optimization (Andrea Arcangeli) [Orabug: 16823432]
- mm: fix aio performance regression for database caused by THP (Khalid Aziz) [Orabug: 16823432]
- mm: fix slab->page flags corruption (Pravin B Shelar) [Orabug: 16823432]
- IB/mlx4: Implement IB_QP_CREATE_USE_GFP_NOIO (Jiri Kosina)
- IB: Add a QP creation flag to use GFP_NOIO allocations (Or Gerlitz)
- IB: Return error for unsupported QP creation flags (Or Gerlitz)

- x86/xen: properly retrieve NMI reason (Jan Beulich) [Orabug: 21892076]
- x86/mrst: Avoid reporting wrong nmi status (Jacob Pan) [Orabug: 21892076]
- xen: Support 64-bit PV guest receiving NMIs (Konrad Rzeszutek Wilk) [Orabug: 21892076]
- nfsd: fix rare symlink decoding bug (J. Bruce Fields) [Orabug: 18405506]
- ocfs2: __ocfs2_mknod_locked should return error when ocfs2_create_new_inode_locks() failed (Xue jiufei) [Orabug: 21171285]
- NFSv4: Get rid of unnecessary BUG_ON()s (Trond Myklebust) [Orabug: 21744595]
- IPoIB: serialize changing on tx_outstanding (Wengang Wang) [Orabug: 21861366]
- x86/xen: Do not clip xen_e820_map to xen_e820_map_entries when sanitizing map (Malcolm Crossley)
- IPoIB: Drop priv->lock before calling ipoib_send() (Wengang Wang)
- IB/mlx4: Use vmalloc for WR buffers when needed (Wengang Wang) [Orabug: 22025569]
- mm: move kvfree to mm/util (Wengang Wang) [Orabug: 22025569]
- mlx4_core: Introduce restrictions for PD update (Ajaykumar Hotchandani)
- mlx4: Increase SYNC_TPT command timeout (Mukesh Kacker) [Orabug: 21692254]
- IB/ipoib: Calculate csum only when skb->ip_summed is CHECKSUM_PARTIAL (Yuval Shaia) [Orabug: 20873175]
- virtio-net: drop NETIF_F_FRAGLIST (Jason Wang) [Orabug: 22145599] {CVE-2015-5156}

- xen/blkfront: remove redundant flush_op (Vitaly Kuznetsov) [Orabug: 21862750]
- xen/blkfront: improve protection against issuing unsupported REQ_FUA (Vitaly Kuznetsov) [Orabug: 21862750]

- intel_idle: Broadwell support (Santosh Shilimkar) [Orabug: 21805197]
- NVMe: Setup max hardware sector count to 512KB (Santosh Shilimkar) [Orabug: 21818552]
- mlx4_core: Fix integer overflows so 8TBs of memory (Wengang Wang)
- iw/rds: fixed big endianness conversion issue for dp->dp_ack_seq (Qing Huang) [Orabug: 21107553]
- bonding: change error message to debug message in bond_release (Wengang Wang)

- xen-blkfront: introduce blkfront_gather_backend_features() (Bob Liu) [Orabug: 21795426]
- chmod can cause hang in a cluster (Tariq Saeed) [Orabug: 21496050]

- mm/hugetlb: Add locking to region_{add,change,truncate,count} when using shared files with hugepages (Mike Kravetz) [Orabug: 21561820]

- af_netlink: force credentials passing [CVE-2012-3520] (Eric Dumazet) [Orabug: 21591166] {CVE-2012-3520}
- xen/pciback: Don't print scary messages when unsupported by hypervisor. (Konrad Rzeszutek Wilk) [Orabug: 20642069]
- rds_rdma: setup connection before rds_cmsg_send (Wengang Wang) [Orabug: 20232581]
- megaraid_sas : Firmware crash dump feature support (Sumit.Saxena@avagotech.com) [Orabug: 21620491]

- udp: fix behavior of wrong checksums (Eric Dumazet) [Orabug: 21628851] {CVE-2015-5364} {CVE-2015-5366}
- scsi: don't add scsi_device if its already visible (Subhash Jadavani) [Orabug: 21611207]
- NVMe: Don't write cq doorbell on suspended queues (Keith Busch) [Orabug: 21591104]
- IB/ipoib: Potential false positive with peer support for ib-crc-as-csum (Yuval Shaia) [Orabug: 21350399]
- mlx4: indicate memory resource exhaustion (Ajaykumar Hotchandani) [Orabug: 21097014]
- rds: return EMSGSIZE for oversize requests before processing/queueing (Mukesh Kacker) [Orabug: 21079258]

- md: use kzalloc() when bitmap is disabled (Benjamin Randazzo) [Orabug: 21563042] {CVE-2015-5697}
- netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len (Andrey Vagin) [Orabug: 21562780] {CVE-2014-9715}

- block: remove artifical max_hw_sectors cap (Joe Jin) [Orabug: 21455630]
- idr: fix unexpected ID-removal when idr_remove(unallocated_id) (Lai Jiangshan) [Orabug: 21446790]
- idr: remove WARN_ON_ONCE() on negative IDs (Tejun Heo) [Orabug: 21446790]
- ipc,shm: fix shm_file deletion races (Greg Thelen) [Orabug: 21446790]
- rds: avoid call to flush_mrs() in specific condition (Ajaykumar Hotchandani) [Orabug: 21379403]
- rds: print vendor error (Wengang Wang) [Orabug: 21361643]
- Xen-netback: Fix issue caused by using gso_type wrongly (Annie Li) [Orabug: 21358903]
- xen-netback: fix fragments error handling in checksum_setup_ip() (Wei Yongjun) [Orabug: 21358903]
- xen-netback: make sure skb linear area covers checksum field (Paul Durrant) [Orabug: 21358903]
- xen-netback: reset network header before passing skb to checksum funtion (Annie Li) [Orabug: 21358903]
- xen-netback: fix fragment detection in checksum setup (Paul Durrant) [Orabug: 21358903]
- xen-netback: fix gso_prefix check (Paul Durrant) [Orabug: 21358903]
- xen-netback: include definition of csum_ipv6_magic (Andy Whitcroft) [Orabug: 21358903]
- xen-netback: enable IPv6 TCP GSO to the guest (Paul Durrant) [Orabug: 21358903]
- xen-netback: handle IPv6 TCP GSO packets from the guest (Paul Durrant) [Orabug: 21358903]
- xen-netback: Unconditionally set NETIF_F_RXCSUM (Paul Durrant) [Orabug: 21358903]
- xen-netback: add support for IPv6 checksum offload from guest (Paul Durrant) [Orabug: 21358903]
- xen-netback: switch to use skb_partial_csum_set() (Jason Wang) [Orabug: 21358903]
- xen-netback: add support for IPv6 checksum offload to guest (Paul Durrant) [Orabug: 21358903]
- vfs: allow umount to handle mountpoints without revalidating them (Jeff Layton) [Orabug: 21321002]
- rds: rds_ib_device.refcount overflow (Wengang Wang) [Orabug: 21288594]
- sched: Optimize task_sched_runtime() (Peter Zijlstra) [Orabug: 20739920]
- IPoIB: Fix ipoib_hard_header() return value (Doug Ledford) [Orabug: 18223954]

- x86, tls: Interpret an all-zero struct user_desc as 'no segment' (Andy Lutomirski) [Orabug: 21514969]
- x86, tls, ldt: Stop checking lm in LDT_empty (Andy Lutomirski) [Orabug: 21514969]

- KVM: x86: SYSENTER emulation is broken (Nadav Amit) [Orabug: 21502740] {CVE-2015-0239} {CVE-2015-0239}
- x86/tls: Validate TLS entries to protect espfix (Andy Lutomirski) [Orabug: 20223777] {CVE-2014-8133}
- fs: take i_mutex during prepare_binprm for set[ug]id executables (Jann Horn) [Orabug: 21502255] {CVE-2015-3339}
- eCryptfs: Remove buggy and unnecessary write in file name decode routine (Michael Halcrow) [Orabug: 21502066] {CVE-2014-9683}

- ipv6: Don't reduce hop limit for an interface (D.S. Ljungmark) [Orabug: 21444791] {CVE-2015-2922}
- ipv4: Missing sk_nulls_node_init() in ping_unhash(). (David S. Miller) [Orabug: 21444688] {CVE-2015-3636}
- x86/asm/entry/64: Remove a bogus 'ret_from_fork' optimization (Andy Lutomirski) [Orabug: 21308308] {CVE-2015-2830}
- x86, mm/ASLR: Fix stack randomization on 64-bit systems (Hector Marco-Gisbert) [Orabug: 21307918] {CVE-2015-1593} {CVE-2015-1593}

- NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock (Tariq Saeed) [Orabug: 20933419]
- jbd2: fix hung processes in jbd2_journal_lock_updates() (Jan Kara)
- rds: make sure base connection is up on both sides (Ajaykumar Hotchandani) [Orabug: 20011421]

- x86_64, vdso: Fix the vdso address randomization algorithm (Andy Lutomirski) [Orabug: 21226730] {CVE-2014-9585}
- isofs: Fix infinite looping over CE entries (Jan Kara) [Orabug: 21225976] {CVE-2014-9420}
- x86_64, switch_to(): Load TLS descriptors before switching DS and ES (Andy Lutomirski) [Orabug: 21225938] {CVE-2014-9419}

- IB/ipoib: Disable TSO in connected mode (Yuval Shaia) [Orabug: 20637991]

- ib/rds: fixed big endianness conversion issue for dp->dp_ack_seq (Qing Huang) [Orabug: 21057517]
- ib/rds: fixed crashes caused by incoming requests with wrong destination (Qing Huang) [Orabug: 20823711]
- af_unix: dont send SCM_CREDENTIALS by default (Eric Dumazet) [Orabug: 20604916]
- scm: Capture the full credentials of the scm sender (Tim Chen) [Orabug: 20604916]
- af_unix: limit recursion level (Eric Dumazet) [Orabug: 20604916]
- af_unix: Allow credentials to work across user and pid namespaces. (Eric W. Biederman) [Orabug: 20604916]
- scm: Capture the full credentials of the scm sender. (Eric W. Biederman) [Orabug: 20604916]
- RDS: Handle RDMA_CM_EVENT_TIMEWAIT_EXIT (Venkat Venkatsubra) [Orabug: 20547505]
- mlx4_ib: Memory leak on Dom0 with SRIOV. (Venkat Venkatsubra) [Orabug: 20508779]
- BUG_ON(lockres->l_level != DLM_LOCK_EX && !checkpointed) tripped in ocfs2_ci_checkpointed (Tariq Saeed) [Orabug: 20189959]
- sched: Prevent divide by zero when cpu power calculation is 0 (Todd Vierling) [Orabug: 17936435]
- crypto: aesni - fix memory usage in GCM decryption (Stephan Mueller) [Orabug: 21077389] {CVE-2015-3331}

- kexec: export free_huge_page to VMCOREINFO (Atsushi Kumagai) [Orabug: 20313589]
- kexec: save PG_head_mask in VMCOREINFO (Petr Tesarik) [Orabug: 20313589]

- Revert 'Support checksum and gso offload of ipv6 in netback' (Annie Li) [Orabug: 20492244]
- ocfs2/cluster: Cluster up now includes network connections too (Sunil Mushran) [Orabug: 19803036]
- oracleasm: Restrict logical block size reporting (Martin K. Petersen) [Orabug: 19699681]
- oracleasm: Report logical block size (Martin K. Petersen) [Orabug: 19699681]
- ocfs2: dlm: fix lock migration crash (Junxiao Bi) [Orabug: 18317308]
- xfs: fix sgid inheritance for subdirectories inheriting default acls [V3] (Carlos Maiolino) [Orabug: 17423815]
- RDS/IP: RDS takes 10 seconds to plumb the second IP back (Mukesh Kacker) [Orabug: 20231857]
- RDS/IB: Tune failover-on-reboot scheduling (Mukesh Kacker) [Orabug: 20063740]
- RDS: mark netdev UP for intfs added post module load (Mukesh Kacker) [Orabug: 20130536]
- SUNRPC: Prevent an rpc_task wakeup race (Trond Myklebust) [Orabug: 20989265]
- sunrpc: clarify comments on rpc_make_runnable (Jeff Layton) [Orabug: 20989265]

- xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (Konrad Rzeszutek Wilk) [Orabug: 20807440] {CVE-2015-2150}
- xen-blkfront: fix accounting of reqs when migrating (Roger Pau Monne) [Orabug: 20727114]
- Revert 'qla2xxx: Ramp down queue depth for attached SCSI devices when driver resources are low.' (Chad Dupuis) [Orabug: 20657415]
- x86/xen: allow privcmd hypercalls to be preempted (David Vrabel) [Orabug: 20618759]
- sched: Expose preempt_schedule_irq() (Thomas Gleixner) [Orabug: 20618759]
- isofs: Fix unchecked printing of ER records (Jan Kara) [Orabug: 20930552] {CVE-2014-9584}
- selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. (Stephen Smalley) [Orabug: 20930502] {CVE-2014-3215}
- Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs (Andy Lutomirski) [Orabug: 20930518] {CVE-2014-3215}
- IB/core: Prevent integer overflow in ib_umem_get address arithmetic (Shachar Raindel) [Orabug: 20788393] {CVE-2014-8159} {CVE-2014-8159}
- xen-pciback: limit guest control of command register (Jan Beulich) [Orabug: 20704156] {CVE-2015-2150} {CVE-2015-2150}
- net: sctp: fix slab corruption from use after free on INIT collisions (Daniel Borkmann) [Orabug: 20780348] {CVE-2015-1421}

Related CVEs


Updated Packages

Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle VM 3.2 (x86_64) kernel-uek-2.6.39-400.277.1.el5uek.src.rpm59caac3f765969ee3fcc163d0f62e767OVMSA-2021-0016

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team