Oracle Errata System Oracle Linux 5.11 2024-09-21T18:55:55 Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [38.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [38.5.0-1] - Update to 38.5.0 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-7213 CVE-2015-7201 CVE-2015-7214 CVE-2015-7205 CVE-2015-7212 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [0.2.0-11.el6_7] - Fix memory corruption in PMAP_CALLIT code (bz 1283638) MODERATE Copyright 2016 Oracle, Inc. CVE-2015-7236 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [4.2.3-11] - resolves: #1290710 - CVE-2015-3223 Remote DoS in Samba (AD) LDAP server - CVE-2015-5299 Missing access control check in shadow copy code - CVE-2015-5252 Insufficient symlink verification in smbd - CVE-2015-5296 Samba client requesting encryption vulnerable to downgrade attack MODERATE Copyright 2016 Oracle, Inc. CVE-2015-5296 CVE-2015-5299 CVE-2015-7540 CVE-2015-3223 CVE-2015-5252 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 Oracle Linux 6 [3.19.1-8.0.1] - Added nss-vendor.patch to change vendor [3.19.1-8] - Prevent TLS 1.2 Transcript Collision attacks against MD5 in key exchange protocol - Resolves: Bug 1289881 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-7575 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [1.0.1e-42.2] - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-7575 cpe:/a:oracle:exadata_dbserver:12.1.2.3.0::ol6 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [1.1.13-3.1] - Resolves: rhbz#1290712 - CVE-2015-5330 libldb: samba: Remote memory read in Samba LDAP server [rhel-7.2.z] - Remove the patch from the previous commit, it doesn't fix a remotely eploitable issue. Add patches from upstream #11636 instead. MODERATE Copyright 2016 Oracle, Inc. CVE-2015-5330 CVE-2015-3223 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [4.0.0-67.rc4] - resolves: #1290708 - CVE-2015-7540 - related: #1290708 - CVE-2015-5299 - related: #1290708 - CVE-2015-5296 - related: #1290708 - CVE-2015-5252 - related: #1290708 - CVE-2015-5330 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-5299 CVE-2015-7540 CVE-2015-5252 CVE-2015-5296 CVE-2015-3223 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [0:3.6.23-24.0.1] - Remove use-after-free talloc_tos() inlined function problem (John Haxby) [orabug 18253258] [3.6.23-24] - related: #1290706 - Update patch for CVE-2015-5330 [3.6.23-22] - resolves: #1290706 - CVE-2015-5299 - related: #1290706 - CVE-2015-5296 - related: #1290706 - CVE-2015-5252 - related: #1290706 - CVE-2015-5330 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 6 Oracle Linux 7 [3.3.8-14] - Prevent downgrade attack to RSA-MD5 in server key exchange. [3.3.8-13] - Corrected reseed and respect of max_number_of_bits_per_request in FIPS140-2 mode. Also enhanced the initial tests. (#1228199) MODERATE Copyright 2016 Oracle, Inc. CVE-2015-7575 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 7 [6.6.1p1-23 + 0.9.3-9] - Disable undocumented feauture Roaming for good (#1298218) - prevents CVE-2016-0777 and CVE-2016-0778 MODERATE Copyright 2016 Oracle, Inc. CVE-2016-0777 CVE-2016-0778 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 kernel [2.6.18-408.0.0.0.1] - [netfront] fix ring buffer index go back led vif stop [orabug 18272251] - [net] fix tcp_trim_head() (James Li) [orabug 14512145, 19219078] - ocfs2: dlm: fix recovery hung (Junxiao Bi) [orabug 13956772] - i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-5366 CVE-2015-5364 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 kernel [2.6.18-408] - [net] udp: fix behavior of wrong checksums (Denys Vlasenko) [1240757] {CVE-2015-5364 CVE-2015-5366} - [net] ipv6/udp: Use correct var to determine non-blocking cond (Denys Vlasenko) [1240757] {CVE-2015-5364 CVE-2015-5366} - [net] SNMP: Restore Udp6InErrors incrementation (Denys Vlasenko) [1240757] {CVE-2015-5364 CVE-2015-5366} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-5364 CVE-2015-5366 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:5::latest Oracle Linux 7 [1:1.8.0.71-2.b15] - Add md5sum for previous java.security file so it gets updated. - Resolves: rhbz#1295753 [1:1.8.0.71-1.b15] - Restore upstream version of system LCMS patch removed by 'sync with Fedora' - Add patch to turn off strict overflow on IndicRearrangementProcessor{,2}.cpp - Resolves: rhbz#1295753 [1:1.8.0.71-0.b15] - January 2016 security update to u71b15. - Improve verbosity and helpfulness of tarball generation script. - Remove RH1290936 workaround as RHEL does not have the hardened flags nor ARM32. - Update patch documentation using version originally written for Fedora. - Drop prelink requirement as we no longer use execstack. - Drop ifdefbugfix patch as this is fixed upstream. - Provide optional boostrap build and turn it off by default. - Turn off additional CFLAGS/LDFLAGS on AArch64 as bootstrapping failed. - Add patch for size_t formatting on s390 as size_t != intptr_t there. - Resolves: rhbz#1295753 [1:1.8.0.65-4.b17] - moved to integration forest - sync with fedora (all but extracted luas and family) - Resolves: rhbz#1295753 CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-0483 CVE-2016-0475 CVE-2016-0494 CVE-2015-7575 CVE-2016-0466 CVE-2016-0402 CVE-2016-0448 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [1:1.8.0.71-1.b15] - Add patch to turn off strict overflow on IndicRearrangementProcessor{,2}.cpp - Resolves: rhbz#1295751 [1:1.8.0.71-0.b15] - January 2016 security update to u71b15. - Improve verbosity and helpfulness of tarball generation script. - Update patch documentation using version originally written for Fedora. - Drop prelink requirement as we no longer use execstack. - Drop ifdefbugfix patch as this is fixed upstream. - Provide optional boostrap build and turn it off by default. - Add patch for size_t formatting on s390 as size_t != intptr_t there. - Resolves: rhbz#1295751 [1:1.8.0.65-4.b17] - Add flag logic back to spec file but disable for now. - Restore system-lcms.patch as used in October CPU. - Resolves: rhbz#1295751 [1:1.8.0.65-3.b17] - moved to integration forest - sync with rhel7 - Resolves: rhbz#1295751 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0483 CVE-2016-0494 CVE-2016-0466 CVE-2016-0448 CVE-2015-7575 CVE-2016-0402 CVE-2016-0475 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 6 [1.7.0.95-2.6.4.0.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.95-2.6.4.0] - Remove reference to jre/lib/audio. - Resolves: rhbz#1295765 [1:1.7.0.95-2.6.4.0] - Bump to 2.6.4 and u95b00. - Backport tarball creation script from OpenJDK 8 RPMs and update fsg.sh to work with it. - Drop 8072932or8074489 patch as applied upstream in u91b01. - Drop installation of soundfont symlink following inclusion of 8140620/PR2710 in 2.6.3 - Resolves: rhbz#1295765 CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-0494 CVE-2015-4871 CVE-2016-0402 CVE-2016-0483 CVE-2015-7575 CVE-2016-0448 CVE-2016-0466 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 7 Oracle Linux 5 [1.7.0.95-2.6.4.0.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.95-2.6.4.0] - Bump to 2.6.4 and u95b00. - Backport tarball creation script from OpenJDK 8 RPMs and update fsg.sh to work with it. - Drop 8072932or8074489 patch as applied upstream in u91b01. - Add MD5 checksums for last two version of the java.security file. - Resolves: rhbz#1295768 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0466 CVE-2016-0494 CVE-2016-0448 CVE-2015-7575 CVE-2015-4871 CVE-2016-0402 CVE-2016-0483 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5::latest Oracle Linux 7 Oracle Linux 6 [4.2.6p5-5.el6_7.4] - don't accept server/peer packets with zero origin timestamp (CVE-2015-8138) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-8138 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [3.10.0-327.4.5.OL7] - Oracle Linux certificates (Alexey Petrenko) [3.10.0-327.4.5] - [security] keys: Fix keyring ref leak in join_session_keyring() (David Howells) [1298931 1298036] {CVE-2016-0728} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0728 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [1.6.0.38-1.13.10.0.0.1] - Add oracle-enterprise.patch [1:1.6.0.38-1.13.10.0] - Add patch to replace -fno-strict-overflow with -fwrapv on older RHEL 5.11 GCC. - Resolves: rhbz#1295772 [1:1.6.0.38-1.13.10.0] - Update to IcedTea 1.13.10 & OpenJDK 6 b38. - Resolves: rhbz#1295772 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0402 CVE-2016-0483 CVE-2016-0448 CVE-2016-0466 CVE-2016-0494 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [38.6.0-1.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [38.6.0-1] - Update to 38.6.0 ESR CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-1935 CVE-2016-1930 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [30:9.3.6-25.P1.6] - Fix CVE-2015-8704 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-8704 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 5 [32:9.7.0-21.P2.5] - Fix CVE-2015-8704 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-8704 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [0.12.1.2-2.479.el6_7.4] - kvm-fw_cfg-add-check-to-validate-current-entry-value-CVE.patch [bz#1298045] - Resolves: bz#1298045 (CVE-2016-1714 qemu-kvm: Qemu: nvram: OOB r/w access in processing firmware configurations [rhel-6.7.z]) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1714 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 7 [1.5.3-105.el7_2.3] - kvm-fw_cfg-add-check-to-validate-current-entry-value-CVE.patch [bz#1298047] - Resolves: bz#1298047 (CVE-2016-1714 qemu-kvm: Qemu: nvram: OOB r/w access in processing firmware configurations [rhel-7.2.z]) [1.5.3-105.el7_2.2] - kvm-raw-posix-Fix-.bdrv_co_get_block_status-for-unaligne.patch [bz#1298828] - Resolves: bz#1298828 ([abrt] qemu-img: get_block_status(): qemu-img killed by SIGABRT) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1714 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [3.2-28.0.1.2] - Add vendor, vendor URL info for Oracle Linux [orabug 17656507] (joe.jin@oracle.com) - Direct traceroute to linux.oracle.com (John Haxby) [orabug 11713272] (joe.jin@oracle.com) - Check oraclelinux-release instead of redhat-release to get OS version (John Haxby) [bug 11681869] (joe.jin@oracle.com) - Remove RH ftp URL and support email (joe.jin@oracle.com) - add sos-oracle-enterprise.patch (joe.jin@oracle.com) - Add smartmon plugin (John Haxby) [orabug 17995005] (joe.jin@oracle.com) [= 3.2-28.el6_7.2] - [sosreport] Report correct final path with --build Related: bz1290953 [= 3.2-28.el6_7.1] - [hpasm] Add timeout. Resolves: bz1291828 [= 3.2-28.el6_7] - [sosreport] Prepare report in a private subdirectory Resolves: bz1290953 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-7529 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 Oracle Linux 6 [2.12-1.166.7] - Update fix for CVE-2015-7547 (#1296028). [2.12-1.166.6] - Create helper threads with enough stack for POSIX AIO and timers (#1301625). [2.12-1.166.5] - Fix CVE-2015-7547: getaddrinfo() stack-based buffer overflow (#1296028). [2.12-1.166.4] - Support loading more libraries with static TLS (#1291270). CRITICAL Copyright 2016 Oracle, Inc. CVE-2015-7547 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 Oracle Linux 7 [2.17-106.0.1.4] - Remove strstr and strcasestr implementations using sse4.2 instructions. - Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and 1818483b15d22016b0eae41d37ee91cc87b37510 backported. [2.17-106.4] - Revert problematic libresolv change, not needed for the CVE-2015-7547 fix (#1296030). [2.17-106.3] - Fix CVE-2015-7547: getaddrinfo() stack-based buffer overflow (#1296030). - Fix madvise performance issues (#1298930). - Avoid 'monstartup: out of memory' error on powerpc64le (#1298956). [2.17-106.2] - Fix CVE-2015-5229: calloc() may return non-zero memory (#1296453). CRITICAL Copyright 2016 Oracle, Inc. CVE-2015-7547 CVE-2015-5229 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 - [3.10.0-327.10.1.OL7] - Oracle Linux certificates (Alexey Petrenko) [3.10.0-327.10.1] - [of] return NUMA_NO_NODE from fallback of_node_to_nid() (Thadeu Lima de Souza Cascardo) [1300614 1294398] - [net] openvswitch: do not allocate memory from offline numa node (Thadeu Lima de Souza Cascardo) [1300614 1294398] [3.10.0-327.9.1] - [security] keys: Fix keyring ref leak in join_session_keyring() (David Howells) [1298931 1298036] {CVE-2016-0728} [3.10.0-327.8.1] - [md] dm: fix AB-BA deadlock in __dm_destroy() (Mike Snitzer) [1296566 1292481] - [md] revert 'dm-mpath: fix stalls when handling invalid ioctls' (Mike Snitzer) [1287552 1277194] - [cpufreq] intel_pstate: Fix limits->max_perf rounding error (Prarit Bhargava) [1296276 1279617] - [cpufreq] intel_pstate: Fix limits->max_policy_pct rounding error (Prarit Bhargava) [1296276 1279617] - [cpufreq] revert 'intel_pstate: fix rounding error in max_freq_pct' (Prarit Bhargava) [1296276 1279617] - [crypto] nx: 842 - Add CRC and validation support (Gustavo Duarte) [1289451 1264905] - [powerpc] eeh: More relaxed condition for enabled IO path (Steve Best) [1289101 1274731] - [security] keys: Don't permit request_key() to construct a new keyring (David Howells) [1275929 1273465] {CVE-2015-7872} - [security] keys: Fix crash when attempt to garbage collect an uninstantiated keyring (David Howells) [1275929 1273465] {CVE-2015-7872} - [security] keys: Fix race between key destruction and finding a keyring by name (David Howells) [1275929 1273465] {CVE-2015-7872} - [x86] paravirt: Replace the paravirt nop with a bona fide empty function (Mateusz Guzik) [1259582 1259583] {CVE-2015-5157} - [x86] nmi: Fix a paravirt stack-clobbering bug in the NMI code (Mateusz Guzik) [1259582 1259583] {CVE-2015-5157} - [x86] nmi: Use DF to avoid userspace RSP confusing nested NMI detection (Mateusz Guzik) [1259582 1259583] {CVE-2015-5157} - [x86] nmi: Reorder nested NMI checks (Mateusz Guzik) [1259582 1259583] {CVE-2015-5157} - [x86] nmi: Improve nested NMI comments (Mateusz Guzik) [1259582 1259583] {CVE-2015-5157} - [x86] nmi: Switch stacks on userspace NMI entry (Mateusz Guzik) [1259582 1259583] {CVE-2015-5157} [3.10.0-327.7.1] - [scsi] scsi_sysfs: protect against double execution of __scsi_remove_device() (Vitaly Kuznetsov) [1292075 1273723] - [powerpc] mm: Recompute hash value after a failed update (Gustavo Duarte) [1289452 1264920] - [misc] genwqe: get rid of atomic allocations (Hendrik Brueckner) [1289450 1270244] - [mm] use only per-device readahead limit (Eric Sandeen) [1287550 1280355] - [net] ipv6: update ip6_rt_last_gc every time GC is run (Hannes Frederic Sowa) [1285370 1270092] - [kernel] tick: broadcast: Prevent livelock from event handler (Prarit Bhargava) [1284043 1265283] - [kernel] clockevents: Serialize calls to clockevents_update_freq() in the core (Prarit Bhargava) [1284043 1265283] [3.10.0-327.6.1] - [netdrv] bonding: propagate LRO disable to slave devices (Jarod Wilson) [1292072 1266578] [3.10.0-327.5.1] - [net] vsock: Fix lockdep issue (Dave Anderson) [1292372 1253971] - [net] vsock: sock_put wasn't safe to call in interrupt context (Dave Anderson) [1292372 1253971] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-5157 CVE-2015-7872 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [3.2-35.0.1.3] - Recreated patch for [orabug 18913115] - Make the selinux plugin fixfiles option useful (John Haxby) [orabug 18913115] - Added remove_gpgstring.patch [Bug 18313898] - Added sos-oracle-enterprise.patch - Added sos-oraclelinux-vendor-vendorurl.patch [= 3.2-37] - [sosreport] prepare report in a private subdirectory (updated) Resolves: bz1290954 [= 3.2-35.2] - [sosreport] prepare report in a private subdirectory (updated) Resolves: bz1290954 [= 3.2-35.1] - [ceph] collect /var/lib/ceph and /var/run/ceph Resolves: bz1291347 - [sosreport] prepare report in a private subdirectory Resolves: bz1290954 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-7529 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [0.112-6] - Fix CVE-2015-3256 Resolves: #1271790 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-3256 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [38.6.1-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [38.6.1-1] - Update to 38.6.1 ESR CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-1522 CVE-2016-1521 CVE-2016-1523 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 7 [1.3.4.0-26] - release 1.3.4.0-26 - Resolves: bug 1299346 - deadlock on connection mutex (DS 48341) [1.3.4.0-25] - release 1.3.4.0-25 - Resolves: bug 1299757 - CVE-2016-0741 389-ds-base: Worker threads do not detect abnormally closed connections causing DoS [1.3.4.0-24] - release 1.3.4.0-24 - Resolves: bug 1298105 - 389-ds hanging after a few minutes of operation (DS 48406) [1.3.4.0-23] - release 1.3.4.0-23 - Resolves: bug 1295684 - many attrlist_replace errors in connection with cleanallruv (DS 48283) [1.3.4.0-22] - release 1.3.4.0-22 - Resolves: bug 1290725 - SimplePagedResults -- in the search error case, simple paged results slot was not released. (DS 48375) - Resolves: bug 1290726 - The 'eq' index does not get updated properly when deleting and re-adding attributes in the same modify operation (DS 48370) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0741 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [38.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [38.6.0-1] - Update to 38.6.0 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1935 CVE-2016-1930 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [1.0.1e-42.4] - fix CVE-2016-0702 - side channel attack on modular exponentiation - fix CVE-2016-0705 - double-free in DSA private key parsing - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn [1.0.1e-42.3] - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0800 CVE-2016-0705 CVE-2015-3197 CVE-2016-0797 CVE-2016-0702 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 [0.9.8e-39.0.1] - To disable SSLv2 client connections create the file /etc/sysconfig/openssl-ssl-client-kill-sslv2 (John Haxby) [orabug 21673934] - Backport openssl 08-Jan-2015 security fixes (John Haxby) [orabug 20409893] - fix CVE-2014-3570 - Bignum squaring may produce incorrect results - fix CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record - fix CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client] [0.9.8e-39] - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn [0.9.8e-38] - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method (can be reenabled by setting environment variable OPENSSL_ENABLE_SSL2) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-3197 CVE-2016-0797 CVE-2016-0800 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ovs3 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ovs3 cpe:/a:oracle:linux:5::latest Oracle Linux 7 [9.2.15-1] - update to 9.2.15 per release notes http://www.postgresql.org/docs/9.2/static/release-9-2-15.html IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0773 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [8.4.20-5] - fix for CVE-2016-0773 (rhbz#1308598) - fix tests for new libxml2 (rhbz#1303972) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0773 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 Oracle Linux 7 [3.19.1-5] - Actually apply the fix for CVE-2016-1950 from NSS 3.19.2.3 ... [3.19.1-4] - Rebuild to ensure use of correct NSPR. [3.19.1-3] - Include the fix for CVE-2016-1950 from NSS 3.19.2.3 CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-1950 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 [3.19.1-4] - Actually apply the fix for CVE-2016-1950 from NSS 3.19.2.3 ... [3.19.1-3] - Include the fix for CVE-2016-1950 from NSS 3.19.2.3 CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-1950 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ovs3 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ovs3 cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 [0.9.8e-20.0.1.1] - Updated the description [0.9.8e-20.1] - fix CVE-2015-0293 - triggerable assert in SSLv2 server - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method [0.9.8e-20] - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-0293 CVE-2015-3197 CVE-2016-0703 CVE-2016-0704 CVE-2016-0800 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [38.7.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [38.7.0-1] - Update to 38.7.0 ESR CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-1966 CVE-2016-2790 CVE-2016-2793 CVE-2016-2797 CVE-2016-2799 CVE-2016-1958 CVE-2016-1961 CVE-2016-1962 CVE-2016-1952 CVE-2016-1957 CVE-2016-1964 CVE-2016-2794 CVE-2016-2802 CVE-2016-1960 CVE-2016-1973 CVE-2016-1974 CVE-2016-1977 CVE-2016-2791 CVE-2016-2792 CVE-2016-2798 CVE-2016-2800 CVE-2016-2801 CVE-2016-1965 CVE-2016-2796 CVE-2016-1954 CVE-2016-2795 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 Oracle Linux 7 [1.4.2-2.el6_7.1] - use secrects of the appropriate length in Diffie-Hellman (CVE-2016-0787) [1.4.2-2] - fix basic functionality of libssh2 in FIPS mode (#968575) MODERATE Copyright 2016 Oracle, Inc. CVE-2016-0787 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:linux:7:5:base cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 Oracle Linux 7 [3.1.1-8] Resolves: CVE-2016-0729 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0729 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 6 Oracle Linux 7 [3.6.23-25.0.1] - Remove use-after-free talloc_tos() inlined function problem (John Haxby) [orabug 18253258] [3.6.23-25] - resolves: #1314668 - Fix CVE-2015-7560 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-7560 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [4.0.0-68.rc4] - resolves: #1314670 - Fix CVE-2015-7560 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-7560 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 5 kernel [2.6.18-409.0.0.0.1] - [netfront] fix ring buffer index go back led vif stop [orabug 18272251] - [net] fix tcp_trim_head() (James Li) [orabug 14512145, 19219078] - ocfs2: dlm: fix recovery hung (Junxiao Bi) [orabug 13956772] - i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2013-2596 CVE-2015-2151 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 kernel [2.6.18-409] - [fs] ext4: limit group search loop for non-extent files (Lukas Czerner) [1301100] - [fb] vm: convert fb_mmap to vm_iomap_memory() helper (Jacob Tanenbaum) [1035240] {CVE-2013-2596} - [s390] add dummy io_remap_pfn_range() to asm-s390/pgtable.h (Jacob Tanenbaum) [1035240] {CVE-2013-2596} - [mm] vm: add vm_iomap_memory() helper function (Jacob Tanenbaum) [1035240] {CVE-2013-2596} - [sched] prevent division by zero x->cpu_power (Denys Vlasenko) [1209728] - [xen] x86: fully ignore segment override for register-only ops (Mateusz Guzik) [1200373] {CVE-2015-2151} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2013-2596 CVE-2015-2151 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 [32:9.7.0-21.P2.6] - Fix CVE-2016-1285 and CVE-2016-1286 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1285 CVE-2016-1286 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [30:9.3.6-25.P1.8] - Fix issue with patch for CVE-2016-1285 and CVE-2016-1286 found by test suite [30:9.3.6-25.P1.7] - Fix CVE-2016-1285 and CVE-2016-1286 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1285 CVE-2016-1286 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ovs3 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ovs3 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [38.7.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [38.7.0-1] - Update to 38.7.0 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1964 CVE-2016-1966 CVE-2016-1952 CVE-2016-2790 CVE-2016-2796 CVE-2016-2802 CVE-2016-2795 CVE-2016-2801 CVE-2016-1957 CVE-2016-1977 CVE-2016-2799 CVE-2016-1961 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-1954 CVE-2016-1974 CVE-2016-2800 CVE-2016-1960 CVE-2016-2794 CVE-2016-2797 CVE-2016-2798 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [6.6.1p1-25 + 0.9.3-9] - CVE-2016-1908: possible fallback from untrusted to trusted X11 forwarding (#1298741) [6.6.1p1-24 + 0.9.3-9] - CVE-2016-3115: missing sanitisation of input for X11 forwarding (#1317818) MODERATE Copyright 2016 Oracle, Inc. CVE-2016-3115 CVE-2016-1908 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [5.3p1-114] - CVE-2015-5600: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices (#1245969) [5.3p1-113] - CVE-2016-3115: missing sanitisation of input for X11 forwarding (#1317816) MODERATE Copyright 2016 Oracle, Inc. CVE-2015-5600 CVE-2016-3115 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 Oracle Linux 6 [4.0.4-5] - Also consider back tick and semicolon as illegal shell escape characters. - CVE-2015-8327, CVE-2015-8560 [4.0.4-4] - Prevent foomatic-rip overrun (bug #1214534). MODERATE Copyright 2016 Oracle, Inc. CVE-2015-8560 CVE-2010-5325 CVE-2015-8327 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [0:6.0.24-94] - Resolves: rhbz#1293289 CVE-2014-7810 tomcat6 security manager bypass via EL expressions [0:6.0.24-93] - Resolves: rhbz#1301646 Resolving NIO connector memory leak MODERATE Copyright 2016 Oracle, Inc. CVE-2014-7810 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [1.10.3-42z1] - Fix CVE-2015-8629 and CVE-2015-8631 - Also fix a spec trigger issue that prevents building - Resolves: #1306973 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-8631 CVE-2015-8629 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [2.6.32-573.22.1] - [mm] always decrement anon_vma degree when the vma list is empty (Jerome Marchand) [1318364 1309898] [2.6.32-573.21.1] - [fs] pipe: fix offset and len mismatch on pipe_iov_copy_to_user failure (Seth Jennings) [1310148 1302223] {CVE-2016-0774} - [fs] gfs2: Add missing else in trans_add_meta/data (Robert S Peterson) [1304332 1267995] - [fs] fs-cache: Synchronise object death state change vs operation submission (David Howells) [1308471 1096893] - [fs] fs-cache: Reduce cookie ref count if submit fails (David Howells) [1308471 1096893] - [mm] memcg: oom_notify use-after-free fix (Rafael Aquini) [1302763 1294400] - [x86] fix corruption of XMM registers when interrupt handlers use FPU (Mikulas Patocka) [1298994 1259023] - [net] tcp: honour SO_BINDTODEVICE for TW_RST case too (Florian Westphal) [1303044 1292300] - [net] add inet_sk_transparent() helper (Florian Westphal) [1303044 1292300] - [net] ipv6: tcp_ipv6 policy route issue (Florian Westphal) [1303044 1292300] - [net] ipv6: reuse rt6_need_strict (Florian Westphal) [1303044 1292300] - [net] tcp: resets are misrouted (Florian Westphal) [1303044 1292300] - [net] tcp: tcp_v4_send_reset: binding oif to iif in no sock case (Florian Westphal) [1303044 1292300] - [crypto] api: Only abort operations on fatal signal (Herbert Xu) [1296014 1272314] - [crypto] testmgr: don't use interruptible wait in tests (Herbert Xu) [1296014 1272314] - [kernel] sched: add wait_for_completion_killable_timeout (Herbert Xu) [1296014 1272314] - [net] sctp: add routing output fallback (Xin Long) [1307073 1229124] - [net] sctp: fix dst leak (Xin Long) [1307073 1229124] - [net] sctp: fix src address selection if using secondary addresses (Xin Long) [1307073 1229124] - [net] sctp: reduce indent level on sctp_v4_get_dst (Xin Long) [1307073 1229124] - [scsi] hpsa: Update driver revision to RH5 (Joseph Szczypek) [1306192 1244959] - [scsi] hpsa: fix issues with multilun devices (Joseph Szczypek) [1306192 1244959] [2.6.32-573.20.1] - [sched] kernel: sched: Fix nohz load accounting -- again (Rafael Aquini) [1300349 1167755] - [sched] kernel: sched: Move sched_avg_update to update_cpu_load (Rafael Aquini) [1300349 1167755] - [sched] kernel: sched: Cure more NO_HZ load average woes (Rafael Aquini) [1300349 1167755] - [sched] kernel: sched: Cure load average vs NO_HZ woes (Rafael Aquini) [1300349 1167755] [2.6.32-573.19.1] - [scsi] lpfc: in sli3 use configured sg_seg_cnt for sg_tablesize (Rob Evers) [1297838 1227036] MODERATE Copyright 2016 Oracle, Inc. CVE-2016-0774 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 6 Oracle Linux 7 [1.7.1-4.1] - fix heap overflow CVE-2016-2315 CVE-2016-2324 Resolves: #1318252 [1.7.1-4] - fix CVE-2013-0308 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2324 CVE-2016-2315 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [1:1.7.0.99-2.6.5.0.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.99-2.6.5.0] - Bump to 2.6.5 and u99b00. - Correct check for fsg.sh in tarball creation script - Resolves: rhbz#1320656 CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-0636 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 5 Oracle Linux 7 [1:1.7.0.99-2.6.5.0.0.1] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Oracle Linux' [1:1.7.0.99-2.6.5.0] - Explictly required libXcomposite-devel for PR2867 as nothing else pulls it in - Resolves: rhbz#1320655 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0636 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5::latest Oracle Linux 7 [1:1.8.0.77-0.b03] - Remove what remains of the SunEC sources in the remove-intree-libraries script. - Resolves: rhbz#1320664 [1:1.8.0.77-0.b03] - Update to u77b03. - Drop 8146566 which is applied upstream. - Replace s390 Java options patch with general version from IcedTea. - Apply s390 patches unconditionally to avoid arch-specific patch failures. - Remove fragment of s390 size_t patch that unnecessarily removes a cast, breaking ppc64le. - Remove aarch64-specific suffix as update/build version are now the same as for other archs. - Only use z format specifier on s390, not s390x. - Adjust tarball generation script to allow ecc_impl.h to be included. - Correct spelling mistakes in tarball generation script. - Synchronise minor changes from Fedora. - Use a simple backport for PR2462/8074839. - Don't backport the crc check for pack.gz. It's not tested well upstream. - Resolves: rhbz#1320664 CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-0636 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [1:1.8.0.77-0.b03] - Remove what remains of the SunEC sources in the remove-intree-libraries script. - Resolves: rhbz#1320661 [1:1.8.0.77-0.b03] - Update to u77b03. - Drop 8146566 which is applied upstream. - Replace s390 Java options patch with general version from IcedTea. - Apply s390 patches unconditionally to avoid arch-specific patch failures. - Remove fragment of s390 size_t patch that unnecessarily removes a cast, breaking ppc64le. - Remove aarch64-specific suffix as update/build version are now the same as for other archs. - Only use z format specifier on s390, not s390x. - Adjust tarball generation script to allow ecc_impl.h to be included. - Correct spelling mistakes in tarball generation script. - Synchronise minor changes from Fedora. - Use a simple backport for PR2462/8074839. - Don't backport the crc check for pack.gz. It's not tested well upstream. - Resolves: rhbz#1320661 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0636 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 7 [1.13.2-12] - Fix CVE-2015-8631, CVE-2015-8630, and CVE-2015-8629 - Remove obsolete trigger to enable building of package - Resolves: #1306969 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-8630 CVE-2015-8629 CVE-2015-8631 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [1:5.5.47-1] - Rebase to 5.5.47 Also fixes: CVE-2015-4792 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4879 CVE-2015-4913 CVE-2015-7744 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-2047 Resolves: #1304515 [1:5.5.44-3] - MDEV-8827 Duplicate key with auto increment fix innodb auto-increment handling three bugs: 1. innobase_next_autoinc treated the case of current<offset incorrectly 2. ha_innobase::get_auto_increment didn't recalculate current when increment changed 3. ha_innobase::get_auto_increment didn't pass offset down to innobase_next_autoinc Resolves: #1300621 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-4802 CVE-2015-4870 CVE-2015-4913 CVE-2016-0609 CVE-2015-4815 CVE-2015-4816 CVE-2016-0597 CVE-2015-4826 CVE-2015-4830 CVE-2015-4861 CVE-2016-0596 CVE-2016-0598 CVE-2015-4792 CVE-2015-4836 CVE-2016-0608 CVE-2015-4879 CVE-2016-0616 CVE-2016-0606 CVE-2016-0600 CVE-2016-0546 CVE-2015-4819 CVE-2016-0505 CVE-2015-4858 CVE-2016-2047 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 nspr [4.11.0-0.1] - Rebase to NSPR 4.11 nss [3.21.0-0.3.0.1] - Added nss-vendor.patch to change vendor [3.21.0-0.3] - Ensure all ssl.sh tests are executed [3.21.0-0.2] - Ensure abi compatibility [3.21.0-0.1] - Rebase to NSS-3.21 nss-util [3.21.0-0.3] - Rebase RHEL 6.7.z to NSS-util 3.21 in preparation for Firefox 45 - Resolves: Bug 1299874 - Update upstream patch for CVE-2016-1950 MODERATE Copyright 2016 Oracle, Inc. CVE-2016-1979 CVE-2016-1978 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 7 [1.3.6-1] - Related: rhbz#1309052 CVE-2016-1521 CVE-2016-1522 CVE-2016-1523 CVE-2016-1526 [1.3.5-1] - Resolves: rhbz#1309052 CVE-2016-1521 CVE-2016-1522 CVE-2016-1523 CVE-2016-1526 [1.2.4-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.2.4-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.2.4-4] - Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code [1.2.4-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [1.2.4-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [1.2.4-1] - New upstream release IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1523 CVE-2016-1522 CVE-2016-1521 CVE-2016-1526 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [3.6.23-30.0.1] - Remove use-after-free talloc_tos() inlined function problem (John Haxby) [orabug 18253258] [3.6.23-30] - related: #1322686 - Update manpages [3.6.23-29] - related: #1322686 - Update CVE patchset [3.6.23-28] - related: #1322686 - Update manpages [3.6.23-27] - related: #1322686 - Update CVE patchset [3.6.23-26] - resolves: #1322686 - Fix CVE-2015-5370 - resolves: #1322686 - Fix CVE-2016-2110 - resolves: #1322686 - Fix CVE-2016-2111 - resolves: #1322686 - Fix CVE-2016-2112 - resolves: #1322686 - Fix CVE-2016-2115 - resolves: #1322686 - Fix CVE-2016-2118 (Known as Badlock) CRITICAL Copyright 2016 Oracle, Inc. CVE-2015-5370 CVE-2016-2111 CVE-2016-2115 CVE-2016-2112 CVE-2016-2118 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6::unsupported Oracle Linux 7 Oracle Linux 6 ipa [4.2.0-15.0.1.6.1] - Drop redhat-access-plugin-ipa requires for OL7 Blank out header-logo.png product-name.png Replace login-screen-logo.png [20362818] [4.2.0-15.6.1] - Rebuild against newer Samba version - Related: #1322690 libldb [1.1.25-1] - Rebase libldb to 1.1.25 - Related: rhbz#1322690 libtalloc [2.1.5-1] - Rebase to libtalloc 2.1.5 - Related: rhbz#1322690 libtdb [1.3.8-1] - Rebase libtdb to 1.3.8 - Related: rhbz#1322690 libtevent [0.9.26-1] - Rebase libtevent to 0.9.26 - Related: rhbz#1322690 openchange [2.0-10] - Add a patch to fix connection string (Related: #1322690) samba [4.2.10-6] - Fix domain member winbind not being able to talk to trusted domains' DCs - relates: #1322690 [4.2.10-5] - Fix crash in smb.conf processing - relates: #1322690 [4.2.10-4] - Fix LDAP SASL bind with arcfour-hmac-md5 - resolves: #1322690 [4.2.10-3] - Make sure the package owns /var/lib/samba and uses it for cache purposes - resolves: #1322690 [4.2.10-2] - Remove ldb modules and internal libraries for DC when not packaging DC build - resolves: #1322690 [4.2.10-1] - resolves: #1322690 CRITICAL Copyright 2016 Oracle, Inc. CVE-2015-5370 CVE-2016-2113 CVE-2016-2118 CVE-2016-2110 CVE-2016-2112 CVE-2016-2114 CVE-2016-2111 CVE-2016-2115 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::optional_archive Oracle Linux 5 [3.6.23-12.0.1] - Remove use-after-free talloc_tos() inlined function problem (John Haxby) [orabug 19973497] [3.6.23-12] - related: #1322685 - Update CVE patchset [3.6.23-11] - related: #1322685 - Update CVE patchset [3.6.23-10] - resolves: #1322685 - Fix CVE-2015-5370 - resolves: #1322685 - Fix CVE-2016-2110 - resolves: #1322685 - Fix CVE-2016-2111 - resolves: #1322685 - Fix CVE-2016-2112 - resolves: #1322685 - Fix CVE-2016-2115 - resolves: #1322685 - Fix CVE-2016-2118 (Known as Badlock) CRITICAL Copyright 2016 Oracle, Inc. CVE-2015-5370 CVE-2016-2112 CVE-2016-2115 CVE-2016-2118 CVE-2016-2110 CVE-2016-2111 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 [3.0.33-3.41.el5] - Security Release 'BadLock' - resolves: CVE-2016-2110 - resolves: CVE-2016-2111 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2111 CVE-2016-2110 CVE-2016-2115 CVE-2016-2118 CVE-2016-2112 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:5::latest Oracle Linux 7 [1:1.8.0.91-0.b14] - Add additional fix to Zero patch to properly handle result on 64-bit big-endian - Resolves: rhbz#1325422 [1:1.8.0.91-0.b14] - Revert settings to production defaults so we can at least get a build. - Resolves: rhbz#1325422 [1:1.8.0.91-0.b14] - Switch to a slowdebug build to try and unearth remaining issue on s390x. - Resolves: rhbz#1325422 [1:1.8.0.91-0.b14] - Add missing comma in 8132051 patch. - Resolves: rhbz#1325422 [1:1.8.0.91-0.b14] - Add 8132051 port to Zero. - Turn on bootstrap build for all to ensure we are now good to go. - Resolves: rhbz#1325422 [1:1.8.0.91-0.b14] - Add 8132051 port to AArch64. - Resolves: rhbz#1325422 [1:1.8.0.91-0.b14] - Enable a full bootstrap on JIT archs. Full build held back by Zero archs anyway. - Resolves: rhbz#1325422 [1:1.8.0.91-0.b14] - Update to u91b14. - Resolves: rhbz#1325422 CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-0686 CVE-2016-3425 CVE-2016-0695 CVE-2016-3426 CVE-2016-0687 CVE-2016-3427 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [1:1.8.0.91-1.b03] - Update to u91b14. - Resolves: rhbz#1325420 CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-3426 CVE-2016-3427 CVE-2016-0695 CVE-2016-0686 CVE-2016-0687 CVE-2016-3425 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 6 [1:1.7.0.101-2.6.6.1.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.101-2.6.6.1] - added Patch666 fontpath.patch to fix tck regressions - Resolves: rhbz#1325425 [1:1.7.0.101-2.6.6.0] - Fix ztos handling in templateTable_ppc_64.cpp to be same as others in 7. - Resolves: rhbz#1325425 [1:1.7.0.101-2.6.6.0] - Bump to 2.6.6 and u101b00. - Drop a leading zero from the priority as the update version is now three digits - Resolves: rhbz#1325425 CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-3425 CVE-2016-0687 CVE-2016-0695 CVE-2016-3427 CVE-2016-0686 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 5 Oracle Linux 7 [1:1.7.0.101-2.6.6.1.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.101-2.6.6.1] - added Patch666 fontpath.patch to fix tck regressions - Resolves: rhbz#1325427 [1:1.7.0.101-2.6.6.0] - Fix ztos handling in templateTable_ppc_64.cpp to be same as others in 7. - Resolves: rhbz#1325427 [1:1.7.0.101-2.6.6.0] - Bump to 2.6.6 and u101b00. - Drop AArch64 patch (PR2914) included in 2.6.6 - Drop a leading zero from the priority as the update version is now three digits - Update PR2809 patch to apply against 2.6.6. - Resolves: rhbz#1325427 CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-0687 CVE-2016-3425 CVE-2016-0695 CVE-2016-3427 CVE-2016-0686 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5::latest Oracle Linux 5 nspr [4.11.0-0.1] - Rebase to NSPR 4.11 - Resolves: Bug 1297943 - Rebase RHEL 5.11.z to NSPR 4.11 in preparation for Firefox 45 nss [3.21.0-6] - Fix SSL_DH_MIN_P_BITS in more places. [3.21.0-5] - Keep SSL_DH_MIN_P_BITS at 768 as in the previously released build. [3.21.0-4] - Run SSL tests [3.21.0-3] - Add compatility patches to prevent regressions [3.21.0-2] - Ensure all ssl.sh tests are executed [3.21.0-1] - Rebase to nss 3.21 - Resolves: Bug 1297944 - Rebase RHEL 5.11.z to NSS 3.21 in preparation for Firefox 45 MODERATE Copyright 2016 Oracle, Inc. CVE-2016-1978 CVE-2016-1979 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ovs3 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ovs3 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ovs3 Oracle Linux 7 nspr [4.11.0-1] - Rebase to NSPR 4.11 nss [3.21.0-9.0.1] - Added nss-vendor.patch to change vendor [3.21.0-9] - Rebuild to require the latest nss-util build and nss-softokn build. [3.21.0-8] - Update the minimum nss-softokn build required at runtime. [3.21.0-7] - Delete duplicates from one table [3.21.0-6] - Fix missing support for sha384/dsa in certificate_request [3.21.0-5] - Fix the SigAlgs sent in certificate_request [3.21.0-4] - Ensure all ssl.sh tests are executed - Update sslauth test patch to run additional tests [3.21.0-2] - Fix sha384 support and testing patches [3.21.0-1] - Rebase to NSS-3.21 - Resolves: Bug 1310581 nss-softokn [3.16.2.3-14.2] - Adjust for a renamed variable in newer nss-util, require a compatible nss-util version. [3.16.2.3-14.1] - Pick up a bugfix related to fork(), to avoid a regression with NSS 3.21 [3.16.2.3-14] - Pick up upstream freebl patch for CVE-2015-2730 - Check for P == Q or P ==-Q before adding P and Q nss-util [3.21.0-2.2] - Rebase to nss-util from nss 3.21 - Add aliases for naming compatibility with prior release MODERATE Copyright 2016 Oracle, Inc. CVE-2016-1978 CVE-2016-1979 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.1.0-1.0.1.el7_2] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [45.1.0-1] - Update to 45.1.0 ESR [45.0.2-1] - Update to 45.0.2 ESR [45.0.1-1] - Update to 45.0.1 ESR [45.0-5] - Fixed crashed after start (rhbz#1323744, rhbz#1323738) [45.0-4] - Added system-level location for configuring Firefox (rhbz#1206239) [45.0-3] - Update to 45.0 ESR CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-2814 CVE-2016-2807 CVE-2016-2805 CVE-2016-2806 CVE-2016-2808 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 7 [2.6.2-6] - fix previous patch for CVE-2016-3069 [2.6.2-5] - Fix CVE-2016-3068 and CVE-2016-3069 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3068 CVE-2016-3069 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [2.6.32-573.26.1] - [kernel] revert 'sched: core: Use hrtimer_start_expires' (Jiri Olsa) [1326043 1324318] - [kernel] Revert 'Cleanup bandwidth timers' (Jiri Olsa) [1326043 1324318] - [kernel] revert 'fair: Test list head instead of list entry in throttle_cfs_rq' (Jiri Olsa) [1326043 1324318] - [kernel] revert 'sched, perf: Fix periodic timers' (Jiri Olsa) [1326043 1324318] - [kernel] Revert 'fix KABI break' (Jiri Olsa) [1326043 1324318] [2.6.32-573.25.1] - [x86] nmi/64: Fix a paravirt stack-clobbering bug in the NMI code (Denys Vlasenko) [1259580 1259581] {CVE-2015-5157} - [x86] nmi/64: Switch stacks on userspace NMI entry (Denys Vlasenko) [1259580 1259581] {CVE-2015-5157} - [fs] anon_inodes implement dname (Aristeu Rozanski) [1322707 1296019] - [fs] xfs: Avoid pathological backwards allocation (Bill O'Donnell) [1320031 1302777] - [net] sctp: Prevent soft lockup when sctp_accept() is called during a timeout event (Jacob Tanenbaum) [1297421 1297422] {CVE-2015-8767} - [net] udp: move logic out of udp[46]_ufo_send_check (Sabrina Dubroca) [1319276 1299975] - [net] af_unix: Guard against other == sk in unix_dgram_sendmsg (Jakub Sitnicki) [1315696 1309241] - [md] raid10: don't clear bitmap bit when bad-block-list write fails (Jes Sorensen) [1320863 1273546] - [md] raid1: don't clear bitmap bit when bad-block-list write fails (Jes Sorensen) [1320863 1273546] - [md] raid10: submit_bio_wait returns 0 on success (Jes Sorensen) [1320863 1273546] - [md] raid1: submit_bio_wait() returns 0 on success (Jes Sorensen) [1320863 1273546] - [md] crash in md-raid1 and md-raid10 due to incorrect list manipulation (Jes Sorensen) [1320863 1273546] - [md] raid10: ensure device failure recorded before write request returns (Jes Sorensen) [1320863 1273546] - [md] raid1: ensure device failure recorded before write request returns (Jes Sorensen) [1320863 1273546] [2.6.32-573.24.1] - [sched] fix KABI break (Seth Jennings) [1314878 1230310] - [sched] fair: Test list head instead of list entry in throttle_cfs_rq (Seth Jennings) [1314878 1230310] - [sched] sched,perf: Fix periodic timers (Seth Jennings) [1314878 1230310] - [sched] sched: debug: Remove the cfs bandwidth timer_active printout (Seth Jennings) [1314878 1230310] - [sched] Cleanup bandwidth timers (Seth Jennings) [1314878 1230310] - [sched] sched: core: Use hrtimer_start_expires (Seth Jennings) [1314878 1230310] - [sched] fair: Fix unlocked reads of some cfs_b->quota/period (Seth Jennings) [1314878 1230310] - [sched] Fix potential near-infinite distribute_cfs_runtime loop (Seth Jennings) [1314878 1230310] - [sched] fair: Fix tg_set_cfs_bandwidth deadlock on rq->lock (Seth Jennings) [1314878 1230310] - [sched] Fix hrtimer_cancel/rq->lock deadlock (Seth Jennings) [1314878 1230310] - [sched] Fix cfs_bandwidth misuse of hrtimer_expires_remaining (Seth Jennings) [1314878 1230310] - [sched] Refine the code in unthrottle_cfs_rq (Seth Jennings) [1314878 1230310] - [sched] Update rq clock earlier in unthrottle_cfs_rq (Seth Jennings) [1314878 1230310] - [block] Fix q_suspended logic error for io submission (David Milburn) [1314209 1227342] - [block] nvme: No lock while DMA mapping data (David Milburn) [1314209 1227342] - [netdrv] ixgbe: finish ixgbe: Update ixgbe to use new vlan accleration (John Greene) [1315706 1249244] [2.6.32-573.23.1] - [x86] perf: Add more Broadwell model numbers (Jiri Olsa) [1320035 1242694] - [perf] perf/x86/intel: Remove incorrect model number from Haswell perf (Jiri Olsa) [1320035 1242694] MODERATE Copyright 2016 Oracle, Inc. CVE-2015-5157 CVE-2015-8767 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch Oracle Linux 7 [1.0.1e-51.5] - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate() - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO - fix CVE-2016-0799 - memory issues in BIO_printf IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2109 CVE-2016-2106 CVE-2016-0799 CVE-2016-2108 CVE-2016-2105 CVE-2016-2107 CVE-2016-2842 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [1:1.6.0.39-1.13.11.0] - Update to IcedTea 1.13.11 & OpenJDK 6 b39. - Resolves: rhbz#1325432 CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-0695 CVE-2016-3425 CVE-2016-0686 CVE-2016-0687 CVE-2016-3427 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 7 [1.5.3-105.el7_2.4] - kvm-vga-Remove-some-should-be-done-in-BIOS-comments.patch [bz#1331412] - kvm-vga-fix-banked-access-bounds-checking-CVE-2016-3710.patch [bz#1331412] - kvm-vga-add-vbe_enabled-helper.patch [bz#1331412] - kvm-vga-factor-out-vga-register-setup.patch [bz#1331412] - kvm-vga-update-vga-register-setup-on-vbe-changes.patch [bz#1331412] - kvm-vga-make-sure-vga-register-setup-for-vbe-stays-intac.patch [bz#1331412] - Resolves: bz#1331412 (EMBARGOED CVE-2016-3710 qemu-kvm: qemu: incorrect banked access bounds checking in vga module [rhel-7.2.z]) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3710 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [6.7.2.7-4] - Add fix for CVE-2016-3714, CVE-2016-3715, CVE-2016-3716 and CVE-2016-3717 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3716 CVE-2016-3714 CVE-2016-3715 CVE-2016-3718 CVE-2016-3717 cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [5.3p1-117] - CVE-2016-3115: missing sanitisation of input for X11 forwarding (#1317817) [5.3p1-116] - Restore functionallity of pam_ssh_agent_auth in FIPS mode (#1278315) - Initialize devices_done variable for challenge response (#1281468) - Update behaviour of X11 forwarding to match upstream (#1299048) [5.3p1-115] - Ammends previous release, fixing typos and behaviour changes MODERATE Copyright 2016 Oracle, Inc. CVE-2016-1908 CVE-2015-6563 CVE-2015-6564 CVE-2015-5352 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [5.04-30] - fix CVE-2014-3538 (unrestricted regular expression matching) [5.04-29] - fix #1284826 - try to read ELF header to detect corrupted one [5.04-28] - fix #1263987 - fix bugs found by coverity in the patch [5.04-27] - fix CVE-2014-3587 (incomplete fix for CVE-2012-1571) - fix CVE-2014-3710 (out-of-bounds read in elf note headers) - fix CVE-2014-8116 (multiple DoS issues (resource consumption)) - fix CVE-2014-8117 (denial of service issue (resource consumption)) - fix CVE-2014-9620 (limit the number of ELF notes processed) - fix CVE-2014-9653 (malformed elf file causes access to uninitialized memory) [5.04-26] - fix #809898 - add support for detection of Python 2.7 byte-compiled files [5.04-25] - fix #1263987 - fix coredump execfn detection on ppc64 and s390 [5.04-24] - fix #966953 - include msooxml file in magic.mgc generation [5.04-23] - fix #966953 - increate the strength of MSOOXML magic patterns [5.04-22] - fix #1169509 - add support for Java 1.7 and 1.8 - fix #1243650 - comment out too-sensitive Pascal magic - fix #1080453 - remove .orig files from magic directory - fix #1161058 - add support for EPUB - fix #1162149 - remove parts of patches patching .orig files - fix #1154802 - fix detection of zip files containing file named 'mime' - fix #1246073 - fix detection UTF8 and UTF16 encoded XML files - fix #1263987 - add new 'execfn' to coredump output to show the real name of executable which generated the coredump - fix #809898 - add support for detection of Python 3.2-3.5 byte-compiled files - fix #966953 - backport support for MSOOXML MODERATE Copyright 2016 Oracle, Inc. CVE-2014-3710 CVE-2014-3538 CVE-2014-8116 CVE-2014-3587 CVE-2014-9620 CVE-2014-9653 CVE-2014-8117 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:linux:6:8:base cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 Oracle Linux 6 [1.6.2-1] - updated to 1.6.2 - fixed also rhbz#1303437 - package owns /etc/bash_completion.d but it should not own it - Resolves: rhbz#1275523 [1.6.1-4] - updated to 1.6.1 - Resolves: rhbz#1275523 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-5234 CVE-2015-5235 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:base Oracle Linux 6 [4.2.6p5-10] - don't accept server/peer packets with zero origin timestamp (CVE-2015-8138) - fix crash with reslist command (CVE-2015-7977, CVE-2015-7978) [4.2.6p5-9] - fix crash with invalid logconfig command (CVE-2015-5194) - fix crash when referencing disabled statistic type (CVE-2015-5195) - don't hang in sntp with crafted reply (CVE-2015-5219) - don't crash with crafted autokey packet (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702) - fix memory leak with autokey (CVE-2015-7701) - don't allow setting driftfile and pidfile remotely (CVE-2015-7703) - don't crash in ntpq with crafted packet (CVE-2015-7852) - add option to set Differentiated Services Code Point (DSCP) (#1228314) - extend rawstats log (#1242895) - fix resetting of leap status (#1243034) - report clock state changes related to leap seconds (#1242937) - allow -4/-6 on restrict lines with mask (#1232146) - retry joining multicast groups (#1288534) - explain synchronised state in ntpstat man page (#1286969) [4.2.6p5-7] - check origin timestamp before accepting KoD RATE packet (CVE-2015-7704) - allow only one step larger than panic threshold with -g (CVE-2015-5300) MODERATE Copyright 2016 Oracle, Inc. CVE-2015-5194 CVE-2015-7692 CVE-2015-5219 CVE-2015-7702 CVE-2015-5195 CVE-2015-7701 CVE-2015-7703 CVE-2015-7691 CVE-2015-7978 CVE-2015-7852 CVE-2015-7977 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:base Oracle Linux 6 [2.6.32-642] - [scsi] fc: revert - ensure scan_work isnt active when freeing fc_rport (Ewan Milne) [1326447] - [netdrv] ixgbe: Update ixgbe driver to use __netdev_pick_tx in ixgbe_select_queue (John Greene) [1310749] - [netdrv] mlx5e: Fix adding vlan rule with vid zero twice (Kamal Heib) [1322809] [2.6.32-641] - [netdrv] ixgbe: restore proper CHECKSUM_UNNECESSARY behavior for LRO packets (Neil Horman) [1318426] - [netdrv] revert ' net/mlx5_core: Add pci error handlers to mlx5_core driver' (Don Dutile) [1324599] - [x86] kernel: espfix not working for 32-bit KVM paravirt guests (Jacob Tanenbaum) [1172767] {CVE-2014-8134} [2.6.32-640] - [net] use GFP_ATOMIC in dst_ops_extend_register (Sabrina Dubroca) [1323252] - [kernel] revert 'sched: core: Use hrtimer_start_expires' (Jiri Olsa) [1324318] - [kernel] Revert 'Cleanup bandwidth timers' (Jiri Olsa) [1324318] - [kernel] revert 'fair: Test list head instead of list entry in throttle_cfs_rq' (Jiri Olsa) [1324318] - [kernel] revert 'sched, perf: Fix periodic timers' (Jiri Olsa) [1324318] - [kernel] Revert 'fix KABI break' (Jiri Olsa) [1324318] [2.6.32-639] - [input] wacom: fix ExpressKeys remote events (Aristeu Rozanski) [1318027] - [fs] revert 'writeback: remove wb_list' (Jeff Moyer) [1322297] - [fs] revert 'writeback: bdi_writeback_task must set task state before calling schedule' (Jeff Moyer) [1322297] - [fs] revert 'writeback: merge bdi_writeback_task and bdi_start_fn' (Jeff Moyer) [1322297] - [fs] revert 'writeback: harmonize writeback threads naming' (Jeff Moyer) [1322297] - [fs] revert 'writeback: fix possible race when creating bdi threads' (Jeff Moyer) [1322297] - [fs] revert 'writeback: do not lose wake-ups in the forker thread - 1' (Jeff Moyer) [1322297] - [fs] revert 'writeback: do not lose wake-ups in the forker thread - 2' (Jeff Moyer) [1322297] - [fs] revert 'writeback: do not lose wake-ups in bdi threads' (Jeff Moyer) [1322297] - [fs] revert 'writeback: simplify bdi code a little' (Jeff Moyer) [1322297] - [fs] revert 'writeback: do not remove bdi from bdi_list' (Jeff Moyer) [1322297] - [fs] revert 'writeback: move last_active to bdi' (Jeff Moyer) [1322297] - [fs] revert 'writeback: restructure bdi forker loop a little' (Jeff Moyer) [1322297] - [fs] revert 'writeback: move bdi threads exiting logic to the forker thread' (Jeff Moyer) [1322297] - [fs] revert 'writeback: prevent unnecessary bdi threads wakeups' (Jeff Moyer) [1322297] - [fs] revert 'writeback: optimize periodic bdi thread wakeups' (Jeff Moyer) [1322297] - [fs] revert 'writeback: remove unnecessary init_timer call' (Jeff Moyer) [1322297] - [fs] revert 'writeback: cleanup bdi_register' (Jeff Moyer) [1322297] - [fs] revert 'writeback: fix bad _bh spinlock nesting' (Jeff Moyer) [1322297] - [fs] revert 'writeback: do not lose wakeup events when forking bdi threads' (Jeff Moyer) [1322297] - [fs] revert 'writeback: Fix lost wake-up shutting down writeback thread' (Jeff Moyer) [1322297] - [mm] revert 'backing-dev: ensure wakeup_timer is deleted' (Jeff Moyer) [1322297] - [perf] revert: perf changes out of 'sched, perf: Fix periodic timers' (Jiri Olsa) [1322488] [2.6.32-638] - [mm] hugetlb: prevent BUG_ON in hugetlb_fault -> hugetlb_cow (Dave Anderson) [1303495] - [mm] hugetlb: fix race condition in hugetlb_fault (Dave Anderson) [1303495] - [s390] kdump: fix wrong BUG_ON statement (Hendrik Brueckner) [1321316] - [scsi] cxgb4i: Increased the value of MAX_IMM_TX_PKT_LEN from 128 to 256 bytes (Sai Vemuri) [1320193] - [fs] nfs: fix a regression causing deadlock in nfs_wb_page_cancel() (Benjamin Coddington) [1135601] - [netdrv] cxgb4/ethtool: Get/set rx checksum (Sai Vemuri) [1225167] - [netdrv] cxgb4vf:The RX checksum feature was not completely ported to cxgb4vf driver (Sai Vemuri) [1225167] - [netdrv] cxgb4/cxgb4vf: Enable GRO (Sai Vemuri) [1225167] - [netdrv] cxgb4: Enable RX checksum offload flag (Sai Vemuri) [1225167] - [netdrv] cxgb4: Report correct link speed for unsupported ones (Sai Vemuri) [1296467] - [netdrv] cxgb4: Use vmalloc, if kmalloc fails (Sai Vemuri) [1296473] - [netdrv] cxgb4: Enhance driver to update FW, when FW is too old (Sai Vemuri) [1296472] [2.6.32-637] - [netdrv] mlx4-en: add missing patch to init rss_rings in get_profile (Don Dutile) [1321164] - [netdrv] mlx4-en: disable traffic class queueing by default (Don Dutile) [1321164] - [netdrv] mlx4_core: Fix mailbox leak in error flow when performing update qp (Don Dutile) [1321164] - [x86] nmi/64: Fix a paravirt stack-clobbering bug in the NMI code (Denys Vlasenko) [1259581] {CVE-2015-5157} - [x86] nmi/64: Switch stacks on userspace NMI entry (Denys Vlasenko) [1259581] {CVE-2015-5157} [2.6.32-636] - [netdrv] mlx4_en: Choose time-stamping shift value according to HW frequency (Kamal Heib) [1320448] - [fs] anon_inodes implement dname (Aristeu Rozanski) [1296019] - [net] packet: set transport header before doing xmit (John Greene) [1309526] - [net] tuntap: set transport header before passing it to kernel (John Greene) [1309526] - [netdrv] macvtap: set transport header before passing skb to lower device (John Greene) [1309526] - [net] ipv6: tcp: add rcu locking in tcp_v6_send_synack() (Jakub Sitnicki) [1312740] - [net] ipv6: sctp: add rcu protection around np->opt (Jakub Sitnicki) [1312740] - [net] ipv6: add complete rcu protection around np->opt (Jakub Sitnicki) [1312740] - [net] dccp: remove unnecessary codes in ipv6.c (Jakub Sitnicki) [1312740] - [net] ipv6: remove unnecessary codes in tcp_ipv6.c (Jakub Sitnicki) [1312740] - [net] ipv6: Refactor update of IPv6 flowi destination address for srcrt (RH) option (Jakub Sitnicki) [1312740] - [net] ipv6: protect flow label renew against GC (Sabrina Dubroca) [1313231] - [net] ipv6: fix possible deadlock in ip6_fl_purge / ip6_fl_gc (Sabrina Dubroca) [1313231] - [perf] annotate: Support full source file paths for srcline fix (Jiri Olsa) [1304472 1304479] - [perf] tools: Support full source file paths for srcline (Jiri Olsa) [1304472 1304479] - [perf] annotate: Fix -i option, which is currently ignored (Jiri Olsa) [1304472 1304479] [2.6.32-635] - [mm] backing-dev: ensure wakeup_timer is deleted (Jeff Moyer) [1318930] - [hv] vss: run only on supported host versions (Vitaly Kuznetsov) [1319813] - [sound] hda: Fix internal speaker for HP Z240 (Jaroslav Kysela) [1316673] - [perf] trace: Fix race condition at the end of started workloads (Jiri Olsa) [1302928] - [fs] nfsd: Combine decode operations for v4 and v4.1 (J. Bruce Fields) [1314536] - [hv] revert 'vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload' (Vitaly Kuznetsov) [1318882] - [hv] revert 'vmbus: dont loose HVMSG_TIMER_EXPIRED messages' (Vitaly Kuznetsov) [1318882] - [hv] revert 'vmbus: avoid unneeded compiler optimizations in vmbus_wait_for_unload' (Vitaly Kuznetsov) [1318882] - [hv] revert 'vmbus: remove code duplication in message handling' (Vitaly Kuznetsov) [1318882] - [hv] revert 'vmbus: avoid wait_for_completion on crash' (Vitaly Kuznetsov) [1318882] [2.6.32-634] - [scsi] cxgbi: Convert over to dst_neigh_lookup (Sai Vemuri) [1296461] - [netdrv] cxgb4: For T4, dont read the Firmware Mailbox Control register (Sai Vemuri) [1296469] - [netdrv] cxgb4: Use ACCES_ONCE macro to read queues consumer index (Sai Vemuri) [1296484] - [netdrv] cxgb4: prevent simultaneous execution of service_ofldq (Sai Vemuri) [1296483] - [netdrv] cxgb4: Adds PCI device id for new T5 adapters (Sai Vemuri) [1296481] - [netdrv] cxgb4: Dont disallow turning off auto-negotiation (Sai Vemuri) [1296476] - [mm] check if section present during memory block registering (Xunlei Pang) [1297840] - [tty] ldisc: Close/Reopen race prevention should check tty->ldisc (Denys Vlasenko) [1312383] - [fs] proc-vmcore: wrong data type casting fix (Baoquan He) [1312206] - [infiniband] iw_cxgb3: Ignore positive return values from the ofld send functions (Sai Vemuri) [1296999] - [netdrv] cxgb4: Deal with wrap-around of queue for Work request (Sai Vemuri) [1296482] - [infiniband] iw_cxgb4: detect fatal errors while creating listening filters (Sai Vemuri) [1296480] - [md] dm snapshot: suspend merging snapshot when doing exception handover (Mike Snitzer) [1177389] - [md] dm snapshot: suspend origin when doing exception handover (Mike Snitzer) [1177389] - [md] dm snapshot: allocate a per-target structure for snapshot-origin target (Mike Snitzer) [1177389] - [md] dm: fix a race condition in dm_get_md (Mike Snitzer) [1177389] - [infiniband] iw_cxgb4: pass the ord/ird in connect reply events (Sai Vemuri) [1296478] - [infiniband] iw_cxgb4: fix misuse of ep->ord for minimum ird calculation (Sai Vemuri) [1296478] - [infiniband] iw_cxgb4: reverse the ord/ird in the ESTABLISHED upcall (Sai Vemuri) [1296478] - [usb] Revert 'Revert 'Update USB default wakeup settings'' (Torez Smith) [1319081] - [netdrv] ibmveth: add support for TSO6 (Gustavo Duarte) [1318412] [2.6.32-633] - [s390] lib: export udelay_simple for systemtap (Hendrik Brueckner) [1233912] - [netdrv] ixgbe: fix RSS limit for X550 (John Greene) [1314583] - [netdrv] mlx4_core: Fix error message deprecation for ConnectX-2 cards (Don Dutile) [1316013] - [dm] thin metadata: dont issue prefetches if a transaction abort has failed (Mike Snitzer) [1310661] - [scsi] be2iscsi: Add warning message for unsupported adapter (Maurizio Lombardi) [1253016] - [scsi] be2iscsi: Revert 'Add warning message for, unsupported adapter' (Maurizio Lombardi) [1253016] - [scsi] hpsa: update copyright information (Joseph Szczypek) [1315469] - [scsi] hpsa: correct abort tmf for hba devices (Joseph Szczypek) [1315469] - [scsi] hpsa: correct ioaccel2 sg chain len (Joseph Szczypek) [1315469] - [scsi] hpsa: fix physical target reset (Joseph Szczypek) [1315469] - [scsi] hpsa: fix hpsa_adjust_hpsa_scsi_table (Joseph Szczypek) [1315469] - [scsi] hpsa: correct transfer length for 6 byte read/write commands (Joseph Szczypek) [1315469] - [scsi] hpsa: abandon rescans on memory alloaction failures (Joseph Szczypek) [1315469] - [scsi] hpsa: allow driver requested rescans (Joseph Szczypek) [1315469] [2.6.32-632] - [s390] dasd: fix incorrect locking order for LCU device add/remove (Hendrik Brueckner) [1315740] - [s390] dasd: fix hanging device after LCU change (Hendrik Brueckner) [1315729] - [s390] dasd: prevent incorrect length error under z/VM after PAV changes (Hendrik Brueckner) [1313774] - [netdrv] igb: Fix VLAN tag stripping on Intel i350 (Corinna Vinschen) [1210699] - [netdrv] 3c59x: mask LAST_FRAG bit from length field in ring (Neil Horman) [1309210] - [ata] ahci: Remove obsolete Intel Lewisburg SATA RAID device IDs (Steve Best) [1317045] - [pci] fix truncation of resource size to 32 bits (Myron Stowe) [1316345] - [pci] fix pci_resource_alignment prototype (Myron Stowe) [1316345] - [sound] hda: Fix headphone mic input on a few Dell ALC293 machines (Jaroslav Kysela) [1315932] - [sound] hda: Add some FIXUP quirks for white noise on Dell laptop (Jaroslav Kysela) [1315932] - [sound] hda: Fix the white noise on Dell laptop (Jaroslav Kysela) [1315932] - [sound] hda: one Dell machine needs the headphone white noise fixup (Jaroslav Kysela) [1315932] - [sound] hda: Fix audio crackles on Dell Latitude E7x40 (Jaroslav Kysela) [1315932] - [fs] xfs: Avoid pathological backwards allocation (Bill ODonnell) [1302777] [2.6.32-631] - [input] synaptics: handle spurious release of trackstick buttons, again (Benjamin Tissoires) [1317808] - [hv] kvp: fix IP Failover (Vitaly Kuznetsov) [1312290] - [hv] util: Pass the channel information during the init call (Vitaly Kuznetsov) [1312290] - [hv] utils: Invoke the poll function after handshake (Vitaly Kuznetsov) [1312290] - [hv] utils: run polling callback always in interrupt context (Vitaly Kuznetsov) [1312290] - [hv] util: Increase the timeout for util services (Vitaly Kuznetsov) [1312290] [2.6.32-630] - [mm] avoid hangs in lru_add_drain_all (Vitaly Kuznetsov) [1314683] - [net] esp{4, 6}: fix potential MTU calculation overflows (Herbert Xu) [1304313] - [net] xfrm: take net hdr len into account for esp payload size calculation (Herbert Xu) [1304313] [2.6.32-629] - [x86] acpi: Avoid SRAT table checks for Hyper-V VMs (Vitaly Kuznetsov) [1312711] - [infiniband] ipoib: For sendonly join free the multicast group on leave (Don Dutile) [1315382] - [infiniband] ipoib: increase the max mcast backlog queue (Don Dutile) [1315382] - [infiniband] ipoib: Make sendonly multicast joins create the mcast group (Don Dutile) [1315382] - [infiniband] ipoib: Expire sendonly multicast joins (Don Dutile) [1315382] - [infiniband] ipoib: Clean up send-only multicast joins (Don Dutile) [1315382] - [infiniband] ipoib: Suppress warning for send only join failures (Don Dutile) [1315382] - [drm] i915: shut up gen8+ SDE irq dmesg noise (Rob Clark) [1313681] - [drm] i915: fix the SDE irq dmesg warnings properly (Rob Clark) [1313681] - [hv] vmbus: avoid wait_for_completion on crash (Vitaly Kuznetsov) [1301903] - [hv] vmbus: remove code duplication in message handling (Vitaly Kuznetsov) [1301903] - [hv] vmbus: avoid unneeded compiler optimizations in vmbus_wait_for_unload (Vitaly Kuznetsov) [1301903] - [hv] vmbus: dont loose HVMSG_TIMER_EXPIRED messages (Vitaly Kuznetsov) [1301903] - [hv] vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload (Vitaly Kuznetsov) [1301903] [2.6.32-628] - [netdrv] bnx2x: fix crash on big-endian when adding VLAN (Michal Schmidt) [1311433] - [sound] alsa hda: only sync BCLK to the display clock for Haswell & Broadwell (Jaroslav Kysela) [1313672] - [sound] alsa hda: add component support (Jaroslav Kysela) [1313672] - [sound] alsa hda: pass intel_hda to all i915 interface functions (Jaroslav Kysela) [1313672] - [netdrv] igb: fix race accessing page->_count (Corinna Vinschen) [1315402] - [netdrv] igb: fix recent VLAN changes that would leave VLANs disabled after reset (Corinna Vinschen) [1309968] - [mm] always decrement anon_vma degree when the vma list is empty (Jerome Marchand) [1309898] [2.6.32-627] - [net] rds: restore return value in rds_cmsg_rdma_args (Don Dutile) [1313089] - [net] rds: Fix assertion level from fatal to warning (Don Dutile) [1313089] - [netdrv] be2net: dont enable multicast flag in be_enable_if_filters routine (Ivan Vecera) [1309157] - [net] unix: correctly track in-flight fds in sending process user_struct (Hannes Frederic Sowa) [1313052] {CVE-2016-2550} - [net] sctp: Prevent soft lockup when sctp_accept() is called during a timeout event (Jacob Tanenbaum) [1297422] {CVE-2015-8767} [2.6.32-626] - [fs] nfsv4: OPEN must handle the NFS4ERR_IO return code correctly (Benjamin Coddington) [1272687] - [fs] quota: fix unwanted soft limit enforcement (Lukas Czerner) [1304603] - [fs] xfs: flush entire last page of old EOF on truncate up (Brian Foster) [1308482] - [fs] xfs: truncate_setsize should be outside transactions (Brian Foster) [1308482] - [scsi] megaraid: overcome a fw deficiency (Maurizio Lombardi) [1294983] - [scsi] megaraid_sas: Add an i/o barrier (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Fix SMAP issue (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Fix for IO failing post OCR in SRIOV environment (Tomas Henzl) [1294983] - [scsi] megaraid: fix null pointer check in megasas_detach_one() (Tomas Henzl) [1294983] - [scsi] megaraid_sas: driver version upgrade (Tomas Henzl) [1294983] - [scsi] megaraid_sas: SPERC OCR changes (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Introduce module parameter for SCSI command timeout (Tomas Henzl) [1294983] - [scsi] megaraid_sas: MFI adapter OCR changes (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Make adprecovery variable atomic (Tomas Henzl) [1294983] - [scsi] megaraid_sas: IO throttling support (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Dual queue depth support (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Code optimization build_and_issue_cmd return-type (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Reply Descriptor Post Queue (RDPQ) support (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Fastpath region lock bypass (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Update device queue depth based on interface type (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Task management support (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Syncing request flags macro names with firmware (Tomas Henzl) [1294983] - [scsi] megaraid_sas: MFI IO timeout handling (Tomas Henzl) [1294983] - [scsi] megaraid_sas: Do not allow PCI access during OCR (Tomas Henzl) [1294983] - [scsi] hpsa: check for a null phys_disk pointer in ioaccel2 path (Joseph Szczypek) [1311728] [2.6.32-625] - [netdrv] cxgb4 : Patch to fix kernel panic on pinging over vlan interface (Sai Vemuri) [1303493] - [x86] mm: Improve AMD Bulldozer ASLR workaround (Rik van Riel) [1240883] - [x86] Properly export MSR values in kernel headers (Jacob Tanenbaum) [1298255] - [netdrv] tehuti: Firmware filename is tehuti/bdx.bin (Ivan Vecera) [1235961] - [netdrv] ixgbe: convert to ndo_fix_features (John Greene) [1279522] - [drm] revert 'drm: Use vblank timestamps to guesstimate how many vblanks were missed' (Lyude Paul) [1300086] - [fs] writeback: Fix lost wake-up shutting down writeback thread (Jeff Moyer) [1111683] - [fs] writeback: do not lose wakeup events when forking bdi threads (Jeff Moyer) [1111683] - [fs] writeback: fix bad _bh spinlock nesting (Jeff Moyer) [1111683] - [fs] writeback: cleanup bdi_register (Jeff Moyer) [1111683] - [fs] writeback: remove unnecessary init_timer call (Jeff Moyer) [1111683] - [fs] writeback: optimize periodic bdi thread wakeups (Jeff Moyer) [1111683] - [fs] writeback: prevent unnecessary bdi threads wakeups (Jeff Moyer) [1111683] - [fs] writeback: move bdi threads exiting logic to the forker thread (Jeff Moyer) [1111683] - [fs] writeback: restructure bdi forker loop a little (Jeff Moyer) [1111683] - [fs] writeback: move last_active to bdi (Jeff Moyer) [1111683] - [fs] writeback: do not remove bdi from bdi_list (Jeff Moyer) [1111683] - [fs] writeback: simplify bdi code a little (Jeff Moyer) [1111683] - [fs] writeback: do not lose wake-ups in bdi threads (Jeff Moyer) [1111683] - [fs] writeback: do not lose wake-ups in the forker thread - 2 (Jeff Moyer) [1111683] - [fs] writeback: do not lose wake-ups in the forker thread - 1 (Jeff Moyer) [1111683] - [fs] writeback: fix possible race when creating bdi threads (Jeff Moyer) [1111683] - [fs] writeback: harmonize writeback threads naming (Jeff Moyer) [1111683] - [fs] writeback: merge bdi_writeback_task and bdi_start_fn (Jeff Moyer) [1111683] - [fs] writeback: bdi_writeback_task must set task state before calling schedule (Jeff Moyer) [1111683] - [fs] writeback: remove wb_list (Jeff Moyer) [1111683] - [drm] i915: Change WARN_ON(!wm_changed) to I915_STATE_WARN_ON (Lyude Paul) [1309888] - [drm] i915: Quiet down state checks (Lyude Paul) [1309888] - [drm] i915: Fix a few of the !wm_changed warnings (Lyude Paul) [1309888] [2.6.32-624] - [netdrv] tg3: Fix for tg3 transmit queue 0 timed out when too many gso_segs (Ivan Vecera) [1222426] - [netdrv] bna: fix list corruption (Ivan Vecera) [1310957] - [netdrv] cxgb4 : Add cxgb4 T4/T5 firmware version 1.14.4.0, hardcode driver to the same (Sai Vemuri) [1270347] - [drm] i915: WaRsDisableCoarsePowerGating (Rob Clark) [1302269] - [drm] i915/skl: Add SKL GT4 PCI IDs (Rob Clark) [1302269] [2.6.32-623] - [perf] revert 'perf/x86/intel uncore: Move uncore_box_init() out of driver initialization' (Jiri Olsa) [1313062] - [net] udp: move logic out of udp[46]_ufo_send_check (Sabrina Dubroca) [1299975] - [netdrv] hv_netvsc: Restore needed_headroom request (Vitaly Kuznetsov) [1305000] - [net] pktgen: fix null ptr deref in skb allocation (Vitaly Kuznetsov) [1305000] - [net] pktgen: Observe needed_headroom of the device (Vitaly Kuznetsov) [1305000] - [net] pktgen: ipv6: numa: consolidate skb allocation to pktgen_alloc_skb (Vitaly Kuznetsov) [1305000] - [net] pktgen: fix crash with vlan and packet size less than 46 (Vitaly Kuznetsov) [1305000] - [net] pktgen: speedup fragmented skbs (Vitaly Kuznetsov) [1305000] - [net] pktgen: correct uninitialized queue_map (Vitaly Kuznetsov) [1305000] - [net] pktgen node allocation (Vitaly Kuznetsov) [1305000] - [net] af_unix: Guard against other == sk in unix_dgram_sendmsg (Jakub Sitnicki) [1309241] - [net] veth: dont modify ip_summed; doing so treats packets with bad checksums as good (Sabrina Dubroca) [1308586] - [net] ipv6: udp: use sticky pktinfo egress ifindex on connect() (Xin Long) [1301475] - [net] provide default_advmss() methods to blackhole dst_ops (Paolo Abeni) [1305068] - [net] sctp: translate network order to host order when users get a hmacid (Xin Long) [1303822] - [powerpc] pseries: Make 32-bit MSI quirk work on systems lacking firmware support (Oded Gabbay) [1303678] - [powerpc] pseries: Force 32 bit MSIs for devices that require it (Oded Gabbay) [1303678] - [netdrv] bnxt_en: Fix zero padding of tx push data (John Linville) [1310301] - [netdrv] bnxt_en: Failure to update PHY is not fatal condition (John Linville) [1310301] - [netdrv] bnxt_en: Remove unnecessary call to update PHY settings (John Linville) [1310301] - [netdrv] bnxt_en: Poll link at the end of __bnxt_open_nic (John Linville) [1310301] - [netdrv] bnxt_en: Reduce default ring sizes (John Linville) [1310301] - [netdrv] bnxt_en: Fix implementation of tx push operation (John Linville) [1310301] - [netdrv] bnxt_en: Remove 20G support and advertise only 40GbaseCR4 (John Linville) [1310301] - [netdrv] bnxt_en: Cleanup and Fix flow control setup logic (John Linville) [1310301] - [netdrv] bnxt_en: Fix ethtool autoneg logic (John Linville) [1310301] [2.6.32-622] - [netdrv] bonding: Fix ARP monitor validation (Jarod Wilson) [1244170] - [netdrv] sfc: only use RSS filters if were using RSS (Jarod Wilson) [1304311] - [dm] delay: fix RHEL6 specific bug when establishing future 'expires' time (Mike Snitzer) [1311615] - [ata] Adding Intel Lewisburg device IDs for SATA (Steve Best) [1310237] - [i2c] i801: Adding Intel Lewisburg support for iTCO (Rui Wang) [1304872] - [x86] Mark Grangeville ixgbe PCI ID 15AE (1 gig PHY) unsupported (Steve Best) [1310585] - [kernel] lockd: properly convert be32 values in debug messages (Harshula Jayasuriya) [1289848] - [i2c] convert i2c-isch to platform_device (Prarit Bhargava) [1211747] - [tty] do not reset masters packet mode (Denys Vlasenko) [1308660] - [block] dont assume last put of shared tags is for the host (Jeff Moyer) [1300538] - [netdrv] i40evf: use pages correctly in Rx (Stefan Assmann) [1293754] - [netdrv] i40e: fix bug in dma sync (Stefan Assmann) [1293754] - [sched] fix KABI break (Seth Jennings) [1230310] - [sched] fair: Test list head instead of list entry in throttle_cfs_rq (Seth Jennings) [1230310] - [sched] sched,perf: Fix periodic timers (Seth Jennings) [1230310] - [sched] sched: debug: Remove the cfs bandwidth timer_active printout (Seth Jennings) [1230310] - [sched] Cleanup bandwidth timers (Seth Jennings) [1230310] - [sched] sched: core: Use hrtimer_start_expires (Seth Jennings) [1230310] - [sched] fair: Fix unlocked reads of some cfs_b->quota/period (Seth Jennings) [1230310] - [sched] Fix potential near-infinite distribute_cfs_runtime loop (Seth Jennings) [1230310] - [sched] fair: Fix tg_set_cfs_bandwidth deadlock on rq->lock (Seth Jennings) [1230310] - [sched] Fix hrtimer_cancel/rq->lock deadlock (Seth Jennings) [1230310] - [sched] Fix cfs_bandwidth misuse of hrtimer_expires_remaining (Seth Jennings) [1230310] - [sched] Refine the code in unthrottle_cfs_rq (Seth Jennings) [1230310] - [sched] Update rq clock earlier in unthrottle_cfs_rq (Seth Jennings) [1230310] - [drm] radeon: mask out WC from BO on unsupported arches (Oded Gabbay) [1303678] - [drm] add helper to check for wc memory support (Oded Gabbay) [1303678] - [acpi] pci: Account for ARI in _PRT lookups (Ivan Vecera) [1311421] - [pci] Move pci_ari_enabled() to global header (Ivan Vecera) [1311421] - [acpi] tpm, tpm_tis: fix tpm_tis ACPI detection issue with TPM 2.0 (Jerry Snitselaar) [1309641] - [acpi] Centralized processing of ACPI device resources (Jerry Snitselaar) [1309641] - [acpi] acpi: Add device resources interpretation code to ACPI core (Jerry Snitselaar) [1309641] - [netdrv] cxgb4 : Fix for the kernel panic caused by calling t4_enable_vi_params (Sai Vemuri) [1303493] - [mm] Remove false WARN_ON from pagecache_isize_extended (Brian Foster) [1205014] [2.6.32-621] - [netdrv] net/mlx4_en: Wake TX queues only when theres enough room (Don Dutile) [1309893] - [netdrv] revert ' net/mlx4_core: Fix mailbox leak in error flow when performing update qp' (Don Dutile) [1309893] - [netdrv] revert 'mlx4-en: add missing patch to init rss_rings in get_profile' (Don Dutile) [1309893] - [netdrv] revert 'mlx4-en: disable traffic class queueing by default' (Don Dutile) [1309893] [2.6.32-620] - [netdrv] mlx4-en: disable traffic class queueing by default (Don Dutile) [1309893] - [netdrv] mlx4-en: add missing patch to init rss_rings in get_profile (Don Dutile) [1309893] - [netdrv] net/mlx4_core: Fix mailbox leak in error flow when performing update qp (Don Dutile) [1309893] [2.6.32-619] - [netdrv] cxgb4: add device ID for few T5 adapters (Sai Vemuri) [1252598] - [netdrv] cxgb4: Fix for write-combining stats configuration (Sai Vemuri) [1252598] - [netdrv] cxgb4: Fix tx flit calculation (Sai Vemuri) [1252598] - [netdrv] cxgb4: changes for new firmware 1.14.4.0 (Sai Vemuri) [1252598] - [netdrv] cxgb4: memory corruption in debugfs (Sai Vemuri) [1252598] - [netdrv] cxgb4: Force uninitialized state if FW in adapter is unsupported (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add MPS tracing support (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add some more details to sge qinfo (Sai Vemuri) [1252598] - [netdrv] cxgb4: missing curly braces in t4_setup_debugfs (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add support to dump edc bist status (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add debugfs support to dump meminfo (Sai Vemuri) [1252598] - [netdrv] cxgb4vf: Read correct FL congestion threshold for T5 and T6 (Sai Vemuri) [1252598] - [netdrv] cxgb4: Allow firmware flash, only if cxgb4 is the master driver (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add debugfs entry to enable backdoor access (Sai Vemuri) [1252598] - [netdrv] cxgb4vf: Fix check to use new User Doorbell mechanism (Sai Vemuri) [1252598] - [netdrv] cxgb4: Enable cim_la dump to support T6 (Sai Vemuri) [1252598] - [netdrv] cxgb4: Read stats for only available channels (Sai Vemuri) [1252598] - [netdrv] cxgb4: Update register ranges for T6 adapter (Sai Vemuri) [1252598] - [netdrv] cxgb4: Dont use entire L2T table, use only its slice (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add PCI device ids for few more T5 and T6 adapters (Sai Vemuri) [1252598] - [netdrv] cxgb4: Fix incorrect sequence numbers shown in devlog (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add PCI device ID for custom T522 & T520 adapter (Sai Vemuri) [1252598] - [infiniband] iw_cxgb4: support for bar2 qid densities exceeding the page size (Sai Vemuri) [1252598] - [netdrv] cxgb4: Support for user mode bar2 mappings with T4 (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add debugfs entry to dump channel rate (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add debugfs entry to dump CIM PIF logic analyzer contents (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add a debugfs entry to dump CIM MA logic analyzer logs (Sai Vemuri) [1252598] - [netdrv] cxgb4: Fix static checker warning (Sai Vemuri) [1252598] - [netdrv] cxgb4: Use FW LDST cmd to access TP_PIO_ADDR, TP_PIO_DATA register first (Sai Vemuri) [1252598] - [netdrv] cxgb4: program pci completion timeout (Sai Vemuri) [1252598] - [netdrv] cxgb4: Set mac addr from vpd, when we cant contact firmware (Sai Vemuri) [1252598] - [netdrv] cxgb4: Rename t4_link_start to t4_link_l1cfg (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add sge ec context flush service (Sai Vemuri) [1252598] - [netdrv] cxgb4: Free Virtual Interfaces in remove routine (Sai Vemuri) [1252598] - [netdrv] cxgb4: Remove WOL get/set ethtool support (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add support to dump loopback port stats (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add support in ethtool to dump channel stats (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add ethtool support to get adapter stats (Sai Vemuri) [1252598] - [netdrv] cxgb4vf: Adds SRIOV driver changes for T6 adapter (Sai Vemuri) [1252598] - [netdrv] cxgb4: Adds support for T6 adapter (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add is_t6 macro and T6 register ranges (Sai Vemuri) [1252598] - [netdrv] cxgb4: remove unused fn to enable/disable db coalescing (Sai Vemuri) [1252598] - [netdrv] cxgb4vf: function and argument name cleanup (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add debugfs facility to inject FL starvation (Sai Vemuri) [1252598] - [netdrv] cxgb4: Add PHY firmware support for T420-BT cards (Sai Vemuri) [1252598] - [netdrv] cxgb4: Update T4/T5 adapter register ranges (Sai Vemuri) [1252598] - [netdrv] cxgb4: Optimize and cleanup setup memory window code (Sai Vemuri) [1252598] - [netdrv] cxgb4: replace ntohs, ntohl and htons, htonl calls with the generic byteorder (Sai Vemuri) [1252598] - [netdrv] cxgb4: Remove dead function t4_read_edc and t4_read_mc (Sai Vemuri) [1252598] - [netdrv] cxgb4vf: Cleanup macros, add comments and add new MACROS (Sai Vemuri) [1252598] - [netdrv] cxgb4: Initialize RSS mode for all Ports (Sai Vemuri) [1252598] - [netdrv] cxgb4: Discard the packet if the length is greater than mtu (Sai Vemuri) [1252598] - [netdrv] cxgb4: Move SGE Ingress DMA state monitor (Don Dutile) [1252598] - [netdrv] cxgb4: Add device node to ULD info (Don Dutile) [1252598] - [netdrv] cxgb4: Pass in a Congestion Channel Map to t4_sge_alloc_rxq (Sai Vemuri) [1252598] - [netdrv] cxgb4: Enable congestion notification from SGE for IQs and FLs (Sai Vemuri) [1252598] - [netdrv] cxgb4: Make sure that Freelist size is larger than Egress Congestion Threshold (Sai Vemuri) [1252598] - [infiniband] iw_cxgb4: Cleanup register defines/MACROS (Sai Vemuri) [1252598] - [netdrv] cxgb4vf: Fix sparse warnings (Sai Vemuri) [1252598] - [netdrv] cxgb4: Improve IEEE DCBx support, other minor open-lldp fixes (Sai Vemuri) [1252598] - [scsi] cxgb4i: Call into recently added cxgb4 ipv6 api (Sai Vemuri) [1252598] - [netdrv] cxgb4vf: Fix queue allocation for 40G adapter (Sai Vemuri) [1252598] - [netdrv] cxgb4vf: Initialize mdio_addr before using it (Sai Vemuri) [1252598] - [netdrv] cxgb4vf: Fix ethtool get_settings for VF driver (Sai Vemuri) [1252598] - [netdrv] csiostor: Cleanup macros/register defines related to port and VI (Sai Vemuri) [1252598] - [netdrv] cxgb4 : Fix DCB priority groups being returned in wrong order (Sai Vemuri) [1252598] - [netdrv] cxgb4: dcb open-lldp interop fixes (Sai Vemuri) [1252598] - [netdrv] cxgb4 : Fix bug in DCB app deletion (Sai Vemuri) [1252598] - [netdrv] cxgb4 : Handle dcb enable correctly (Sai Vemuri) [1252598] - [netdrv] cxgb4 : Improve handling of DCB negotiation or loss thereof (Sai Vemuri) [1252598] - [netdrv] cxgb4: IEEE fixes for DCBx state machine (Sai Vemuri) [1252598] - [netdrv] cxgb4: Fix endian bug introduced in cxgb4 dcb patchset (Sai Vemuri) [1252598] - [netdrv] cxgb4 : Makefile & Kconfig changes for DCBx support (Sai Vemuri) [1252598] - [netdrv] cxgb4 : Integrate DCBx support into cxgb4 module. Register dbcnl_ops to give access to DCBx functions (Sai Vemuri) [1252598] - [netdrv] cxgb4 : Add DCBx support codebase and dcbnl_ops (Sai Vemuri) [1252598] - [netdrv] cxgb4 : Update fw interface file for DCBx support. Adds all the required fields to fw interface to communicate DCBx info (Sai Vemuri) [1252598] [2.6.32-618] - [documentation] filesystems: describe the shared memory usage/accounting (Rodrigo Freire) [1293615] - [kernel] Fix cgclear failure when encountering the rpciod kernel thread (Larry Woodman) [1220828] - [netdrv] qlcnic: constify qlcnic_mbx_ops structure (Harish Patil) [1252119] - [netdrv] net: qlcnic: delete redundant memsets (Harish Patil) [1252119] - [netdrv] qlcnic: Update version to 5.3.63 (Harish Patil) [1252119] - [netdrv] qlcnic: Dont use kzalloc unncecessarily for allocating large chunk of memory (Harish Patil) [1252119] - [netdrv] qlcnic: Add new VF device ID 0x8C30 (Harish Patil) [1252119] - [netdrv] qlcnic: Print firmware minidump buffer and template header addresses (Harish Patil) [1252119] - [netdrv] qlcnic: Add support to enable capability to extend minidump for iSCSI (Harish Patil) [1252119] - [netdrv] qlcnic: Rearrange ordering of header files inclusion (Harish Patil) [1252119] - [netdrv] qlcnic: Fix corruption while copying (Harish Patil) [1252119] - [netdrv] net: qlcnic: Deletion of unnecessary memset (Harish Patil) [1252119] - [netdrv] net: qlcnic: clean up sysfs error codes (Harish Patil) [1252119] - [netdrv] qlcnic: codespell comment spelling fixes (Harish Patil) [1252119] - [netdrv] qlcnic: Fix typo in printk messages (Harish Patil) [1252119] - [netdrv] qlcnic: Fix trivial typo in comment (Harish Patil) [1252119] - [netdrv] qlogic: Deletion of unnecessary checks before two function calls (Harish Patil) [1252119] - [netdrv] qlcnic: Fix dump_skb output (Harish Patil) [1252119] - [virt] kvm: x86: Dont report guest userspace emulation error to userspace (Bandan Das) [1163764] {CVE-2010-5313 CVE-2014-7842} - [virt] kvm: inject #UD if instruction emulation fails and exit to userspace (Bandan Das) [1163764] {CVE-2010-5313 CVE-2014-7842} - [netdrv] iwlwifi: Add new PCI IDs for the 8260 series (John Linville) [1286871 1308636] - [netdrv] iwlwifi: pcie: fix (again) prepare card flow (John Linville) [1286871 1308636] - [netdrv] nl80211: Fix potential memory leak from parse_acl_data (John Linville) [1286871 1308636] - [netdrv] mac80211: fix divide by zero when NOA update (John Linville) [1286871 1308636] - [netdrv] mac80211: allow null chandef in tracing (John Linville) [1286871 1308636] - [netdrv] mac80211: fix driver RSSI event calculations (John Linville) [1286871 1308636] - [netdrv] mac80211: Fix local deauth while associating (John Linville) [1286871 1308636] - [fs] xfs: ensure WB_SYNC_ALL writeback handles partial pages correctly (Brian Foster) [747564] - [fs] mm: introduce set_page_writeback_keepwrite() (Brian Foster) [747564] - [fs] xfs: always log the inode on unwritten extent conversion (Zorro Lang) [1018465] - [fs] vfs: fix data corruption when blocksize < pagesize for mmaped data (Lukas Czerner) [1205014] [2.6.32-617] - [infiniband] rdma/ocrdma: Bump up ocrdma version number to 11.0.0.0 (Don Dutile) [1253021] - [infiniband] rdma/ocrdma: Prevent CQ-Doorbell floods (Don Dutile) [1253021] - [infiniband] rdma/ocrdma: Check resource ids received in Async CQE (Don Dutile) [1253021] - [infiniband] rdma/ocrdma: Avoid a possible crash in ocrdma_rem_port_stats (Don Dutile) [1253021] - [kernel] driver core : Fix use after free of dev->parent in device_shutdown (Tomas Henzl) [1303215] - [kernel] driver core: fix shutdown races with probe/remove (Tomas Henzl) [1303215] - [kernel] driver core: Protect device shutdown from hot unplug events (Tomas Henzl) [1303215] - [netdrv] bnx2x: Add new device ids under the Qlogic vendor (Michal Schmidt) [1304252] - [kernel] klist: fix starting point removed bug in klist iterators (Ewan Milne) [1190273] - [md] raid1: extend spinlock to protect raid1_end_read_request against inconsistencies (Jes Sorensen) [1309154] - [md] raid1: fix test for 'was read error from last working device' (Jes Sorensen) [1309154] - [s390] cio: update measurement characteristics (Hendrik Brueckner) [1304257] - [s390] cio: ensure consistent measurement state (Hendrik Brueckner) [1304257] - [s390] cio: fix measurement characteristics memleak (Hendrik Brueckner) [1304257] - [fs] pipe: fix offset and len mismatch on pipe_iov_copy_to_user failure (Seth Jennings) [1302223] {CVE-2016-0774} [2.6.32-616] - [kernel] isolcpus: Output warning when the 'isolcpus=' kernel parameter is invalid (Prarit Bhargava) [1304216] - [mmc] Prevent 1.8V switch for SD hosts that dont support UHS modes (Petr Oros) [1307065] - [mmc] sdhci-pci-o2micro: Fix Dell E5440 issue (Petr Oros) [1307065] - [mmc] sdhci-pci-o2micro: Add SeaBird SeaEagle SD3 support (Petr Oros) [1307065] - [watchdog] hung task debugging: Inject NMI when hung and going to panic (Don Zickus) [1305919] - [watchdog] add sysctl knob hardlockup_panic (Don Zickus) [1305919] - [watchdog] perform all-CPU backtrace in case of hard lockup (Don Zickus) [1305919] - [drm] i915: Drop intel_update_sprite_watermarks (Lyude) [1306425] - [drm] i915: Setup DDI clk for MST on SKLi (Lyude) [1306425] - [drm] i915: Explicitly check for eDP in skl_ddi_pll_select (Lyude) [1306425] - [drm] i915: Dont skip mst encoders in skl_ddi_pll_select (Lyude) [1306425] - [scsi] qla2xxx: Set relogin flag when we fail to queue login requests (Chad Dupuis) [1306033] - [s390] kernel/syscalls: correct syscall number for __NR_setns (Hendrik Brueckner) [1219586] - [edac] sb_edac: fix channel/csrow emulation on Broadwell (Aristeu Rozanski) [1301230] - [usb] xhci: Workaround to get Intel xHCI reset working more reliably (Gopal Tiwari) [1146875] - [fs] revert revert 'dlm: print kernel message when we get an error from kernel_sendpage' (Robert S Peterson) [1264492] - [fs] revert '[fs] dlm: Replace nodeid_to_addr with kernel_getpeername' (Robert S Peterson) [1264492] - [s390] sclp: Determine HSA size dynamically for zfcpdump (Hendrik Brueckner) [1303557] - [s390] sclp: Move declarations for sclp_sdias into separate header file (Hendrik Brueckner) [1303557] - [netdrv] mlx4_en: add missing tx_queue init in en_start_port (Don Dutile) [1304016] [2.6.32-615] - [s390] qeth: initialize net_device with carrier off (Hendrik Brueckner) [1198666] - [netdrv] Add rtlwifi driver from linux 4.3 (Stanislaw Gruszka) [1245452 1263386 1289574 761525] [2.6.32-614] - [powerpc] pseries: Limit EPOW reset event warnings (Gustavo Duarte) [1300202] - [perf] tools: Do not show trace command if its not compiled in (Jiri Olsa) [1212539] - [perf] tools spec: Disable trace command on ppc arch (Jiri Olsa) [1212539] - [netdrv] mlx4_en: Fix the blueflame in TX path (Kamal Heib) [1295872 1303661 1303863 1304272] - [netdrv] mlx4_en: Fix HW timestamp init issue upon system startup (Kamal Heib) [1295872 1304272] - [netdrv] mlx4_en: Remove dependency between timestamping capability and service_task (Kamal Heib) [1295872 1304272] - [netdrv] mlx5_core: Fix trimming down IRQ number (Kamal Heib) [1304272] - [x86] Mark Intel Broadwell-DE SoC supported (Steve Best) [1253856] - [s390] zfcpdump: Fix collecting of registers (Hendrik Brueckner) [1303558] - [s390] dasd: fix failfast for disconnected devices (Hendrik Brueckner) [1303559] - [netdrv] bnxt_en: Fix crash in bnxt_free_tx_skbs() during tx timeout (John Linville) [1303703] - [netdrv] bnxt_en: Exclude rx_drop_pkts hw counter from the stacks rx_dropped counter (John Linville) [1303703] - [netdrv] bnxt_en: Ring free response from close path should use completion ring (John Linville) [1303703] - [block] Fix q_suspended logic error for io submission (David Milburn) [1227342] - [block] nvme: No lock while DMA mapping data (David Milburn) [1227342] MODERATE Copyright 2016 Oracle, Inc. CVE-2015-7509 CVE-2015-8324 CVE-2014-8134 CVE-2015-5156 CVE-2015-8215 CVE-2013-4312 CVE-2014-7842 CVE-2010-5313 CVE-2015-8543 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:base Oracle Linux 6 [1.0.1e-48.1] - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate() - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO - fix CVE-2016-0799 - memory issues in BIO_printf [1.0.1e-48] - fix CVE-2016-0702 - side channel attack on modular exponentiation - fix CVE-2016-0705 - double-free in DSA private key parsing - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn [1.0.1e-47] - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method [1.0.1e-46] - fix 1-byte memory leak in pkcs12 parse (#1229871) - document some options of the speed command (#1197095) [1.0.1e-45] - fix high-precision timestamps in timestamping authority [1.0.1e-44] - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 [1.0.1e-43] - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 CVE-2016-0799 CVE-2016-2105 CVE-2016-2842 CVE-2016-2107 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 Oracle Linux 6 [0.12.1.2-2.491.el6_8.1] - kvm-Add-vga.h-unmodified-from-Linux.patch [bz#1331407] - kvm-vga.h-remove-unused-stuff-and-reformat.patch [bz#1331407] - kvm-vga-use-constants-from-vga.h.patch [bz#1331407] - kvm-vga-Remove-some-should-be-done-in-BIOS-comments.patch [bz#1331407] - kvm-vga-fix-banked-access-bounds-checking-CVE-2016-3710.patch [bz#1331407] - kvm-vga-add-vbe_enabled-helper.patch [bz#1331407] - kvm-vga-factor-out-vga-register-setup.patch [bz#1331407] - kvm-vga-update-vga-register-setup-on-vbe-changes.patch [bz#1331407] - kvm-vga-make-sure-vga-register-setup-for-vbe-stays-intac.patch [bz#1331407] - Resolves: bz#1331407 (EMBARGOED CVE-2016-3710 qemu-kvm: qemu: incorrect banked access bounds checking in vga module [rhel-6.8.z]) [0.12.1.2-2.491.el6] - Revert 'warning when CPU threads>1 for non-Intel CPUs' fix [0.12.1.2-2.490.el6] - kvm-qemu-ga-implement-win32-guest-set-user-password.patch [bz#1174181] - kvm-util-add-base64-decoding-function.patch [bz#1174181] - kvm-qga-convert-to-use-error-checked-base64-decode.patch [bz#1174181] - kvm-qga-use-more-idiomatic-qemu-style-eol-operators.patch [bz#1174181] - kvm-qga-use-size_t-for-wcslen-return-value.patch [bz#1174181] - kvm-qga-use-wide-chars-constants-for-wchar_t-comparisons.patch [bz#1174181] - kvm-qga-fix-off-by-one-length-check.patch [bz#1174181] - kvm-qga-check-utf8-to-utf16-conversion.patch [bz#1174181] - Resolves: bz#1174181 (RFE: provide QEMU guest agent command for setting root account password (Linux guest)) [0.12.1.2-2.489.el6] - kvm-hw-qxl-qxl_send_events-nop-if-stopped.patch [bz#1290743] - kvm-block-mirror-fix-full-sync-mode-when-target-does-not.patch [bz#971312] - Resolves: bz#1290743 (qemu-kvm core dumped when repeat system_reset 20 times during guest boot) - Resolves: bz#971312 (block: Mirroring to raw block device doesnt zero out unused blocks) * Mon Feb 08 2016 Miroslav Rezanina <mrezanin@redhat.com - 0.12.1.2-2.488.el6 - Fixed qemu-ga path configuration [bz#1213233] - Resolves: bz#1213233 ([virtagent] The default path '/etc/qemu/fsfreeze-hook' for 'fsfreeze-hook' script doesnt exist) [0.12.1.2-2.487.el6] - kvm-virtio-scsi-use-virtqueue_map_sg-when-loading-reques.patch [bz#1249740] - kvm-scsi-disk-fix-cmd.mode-field-typo.patch [bz#1249740] - Resolves: bz#1249740 (Segfault occurred at Dst VM while completed migration upon ENOSPC) [0.12.1.2-2.486.el6] - kvm-blockdev-Error-out-on-negative-throttling-option-val.patch [bz#1294619] - kvm-fw_cfg-add-check-to-validate-current-entry-value-CVE.patch [bz#1298046] - Resolves: bz#1294619 (Guest should failed to boot if set iops,bps to negative number) - Resolves: bz#1298046 (CVE-2016-1714 qemu-kvm: Qemu: nvram: OOB r/w access in processing firmware configurations [rhel-6.8]) [0.12.1.2-2.485.el6] - kvm-Change-fsfreeze-hook-default-location.patch [bz#1213233] - kvm-qxl-replace-pipe-signaling-with-bottom-half.patch [bz#1290743] - Resolves: bz#1213233 ([virtagent] The default path '/etc/qemu/fsfreeze-hook' for 'fsfreeze-hook' script doesnt exist) - Resolves: bz#1290743 (qemu-kvm core dumped when repeat system_reset 20 times during guest boot) [0.12.1.2-2.484.el6] - kvm-qga-flush-explicitly-when-needed.patch [bz#1210246] - kvm-qga-add-guest-set-user-password-command.patch [bz#1174181] - kvm-qcow2-Zero-initialise-first-cluster-for-new-images.patch [bz#1223216] - kvm-Documentation-Warn-against-qemu-img-on-active-image.patch [bz#1297424] - kvm-target-i386-warns-users-when-CPU-threads-1-for-non-I.patch [bz#1292678] - kvm-qemu-options-Fix-texinfo-markup.patch [bz#1250442] - kvm-qga-Fix-memory-allocation-pasto.patch [] - kvm-block-raw-posix-Open-file-descriptor-O_RDWR-to-work-.patch [bz#1268347] - Resolves: bz#1174181 (RFE: provide QEMU guest agent command for setting root/administrator account password) - Resolves: bz#1210246 ([virtagent]The 'write' content is lost if 'read' it before flush through guest agent) - Resolves: bz#1223216 (qemu-img can not create qcow2 image when backend is block device) - Resolves: bz#1250442 (qemu-doc.html bad markup in section 3.3 Invocation) - Resolves: bz#1268347 (posix_fallocate emulation on NFS fails with Bad file descriptor if fd is opened O_WRONLY) - Resolves: bz#1292678 (Qemu should report error when cmdline set threads=2 in amd host) - Resolves: bz#1297424 (Add warning about running qemu-img on active VMs to its manpage) [0.12.1.2-2.483.el6] - kvm-rtl8139-Fix-receive-buffer-overflow-check.patch [bz#1262866] - kvm-rtl8139-Do-not-consume-the-packet-during-overflow-in.patch [bz#1262866] - Resolves: bz#1262866 ([RHEL6] Package is 100% lost when ping from host to Win2012r2 guest with 64000 size) [0.12.1.2-2.482.el6] - kvm-qemu-kvm-get-put-MSR_TSC_AUX-across-reset-and-migrat.patch [bz#1265428] - kvm-qcow2-Discard-VM-state-in-active-L1-after-creating-s.patch [bz#1219908] - kvm-net-pcnet-add-check-to-validate-receive-data-size-CV.patch [bz#1286597] - kvm-pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch [bz#1286567] - Resolves: bz#1219908 (Writing snapshots with 'virsh snapshot-create-as' command slows as more snapshots are created) - Resolves: bz#1265428 (contents of MSR_TSC_AUX are not migrated) - Resolves: bz#1286567 (CVE-2015-7512 qemu-kvm: Qemu: net: pcnet: buffer overflow in non-loopback mode [rhel-6.8]) [0.12.1.2-2.481.el6] - kvm-net-add-checks-to-validate-ring-buffer-pointers-CVE-.patch [bz#1263275] - Resolves: bz#1263275 (CVE-2015-5279 qemu-kvm: qemu: Heap overflow vulnerability in ne2000_receive() function [rhel-6.8]) [0.12.1.2-2.480.el6] - kvm-virtio-rng-fix-segfault-when-adding-a-virtio-pci-rng.patch [bz#1230068] - kvm-qga-commands-posix-Fix-bug-in-guest-fstrim.patch [bz#1213236] - kvm-rtl8139-avoid-nested-ifs-in-IP-header-parsing-CVE-20.patch [bz#1248763] - kvm-rtl8139-drop-tautologous-if-ip-.-statement-CVE-2015-.patch [bz#1248763] - kvm-rtl8139-skip-offload-on-short-Ethernet-IP-header-CVE.patch [bz#1248763] - kvm-rtl8139-check-IP-Header-Length-field-CVE-2015-5165.patch [bz#1248763] - kvm-rtl8139-check-IP-Total-Length-field-CVE-2015-5165.patch [bz#1248763] - kvm-rtl8139-skip-offload-on-short-TCP-header-CVE-2015-51.patch [bz#1248763] - kvm-rtl8139-check-TCP-Data-Offset-field-CVE-2015-5165.patch [bz#1248763] - Resolves: bz#1213236 ([virtagent] 'guest-fstrim' failed for guest with os on spapr-vscsi disk) - Resolves: bz#1230068 (Segmentation fault when re-adding virtio-rng-pci device) - Resolves: bz#1248763 (CVE-2015-5165 qemu-kvm: Qemu: rtl8139 uninitialized heap memory information leakage to guest [rhel-6.8]) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3710 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch Oracle Linux 7 [8.32-15.1] - Fix CVE-2015-2328 (infinite recursion compiling pattern with recursive reference in a group with indefinite repeat) (bug #1330508) - Fix CVE-2015-8385 (buffer overflow caused by named forward reference to duplicate group number) (bug #1330508) - Fix CVE-2015-8386 (buffer overflow caused by lookbehind assertion) (bug #1330508) - Fix CVE-2015-3217 (stack overflow caused by mishandled group empty match) (bug #1330508) - Fix CVE-2015-5073 and CVE-2015-8388 (buffer overflow for forward reference within backward assertion with excess closing parenthesis) (bug #1330508) - Fix CVE-2015-8391 (inefficient posix character class syntax check) (bug #1330508) - Fix CVE-2016-3191 (workspace overflow for (*ACCEPT) with deeply nested parentheses) (bug #1330508) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3191 CVE-2015-8386 CVE-2015-5073 CVE-2015-8388 CVE-2015-2328 CVE-2015-8385 CVE-2015-3217 CVE-2015-8391 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 - [3.10.0-327.18.2.OL7] - Oracle Linux certificates (Alexey Petrenko) [3.10.0-327.18.2] - [lib] keys: Fix ASN.1 indefinite length object parsing (David Howells) [1308814 1308815] {CVE-2016-0758} [3.10.0-327.18.1] - [scsi] bnx2fc: Fix FCP RSP residual parsing (Maurizio Lombardi) [1322279 1306342] - [mm] madvise: fix MADV_WILLNEED on shmem swapouts (Mitsuhiro Tanino) [1319845 1312729] - [scsi] bnx2fc: Remove explicit logouts (Maurizio Lombardi) [1317591 1303027] - [cpufreq] intel_pstate: decrease number of 'HWP enabled' messages (David Arcari) [1316821 1310927] - [cpufreq] intel_pstate: enable HWP per CPU (David Arcari) [1316821 1310927] - [scsi] mpt3sas: Fix for Asynchronous completion of timedout IO and task abort of timedout IO (Tomas Henzl) [1316820 1259907] - [scsi] scsi_error: should not get sense for timeout IO in scsi error handler (Tomas Henzl) [1316820 1259907] - [scsi] Revert libiscsi: Reduce locking contention in fast path (Chris Leech) [1316812 1297876] - [powerpc] kvm: book3s_hv: Sanitize special-purpose register values on guest exit (Thomas Huth) [1316636 1313725] - [kernel] sched: Robustify topology setup (Gustavo Duarte) [1316158 1278875] - [kernel] sched: Don't set sd->child to NULL when it is already NULL (Gustavo Duarte) [1316158 1278875] - [ib] mlx5: Fix RC transport send queue overhead computation (Don Dutile) [1313814 1293336] - [block] nvme: default to 4k device page size (David Milburn) [1312399 1245140] - [powerpc] cxl: Fix unbalanced pci_dev_get in cxl_probe (Gustavo Duarte) [1312396 1288112] - [powerpc] eeh: Probe after unbalanced kref check (Gustavo Duarte) [1312396 1288112] - [fs] nfsd: fix clp->cl_revoked list deletion causing softlock in nfsd (J. Bruce Fields) [1311582 1300023] - [kernel] sched/fair: Disable tg load_avg/runnable_avg update for root_task_group (Jiri Olsa) [1306317 1289261] - [kernel] sched/fair: Move hot load_avg/runnable_avg into separate cacheline (Jiri Olsa) [1306317 1289261] [3.10.0-327.17.1] - [fs] ceph: make fsync() wait unsafe requests that created/modified inode (Zheng Yan) [1320033 1291193] - [fs] ceph: add request to i_unsafe_dirops when getting unsafe reply (Zheng Yan) [1320033 1291193] - [fs] ceph: don't invalidate page cache when inode is no longer used (Zheng Yan) [1320033 1291193] - [fs] ceph: fix message length computation (Zheng Yan) [1320033 1291193] - [fs] ceph: improve readahead for file holes (Zheng Yan) [1320033 1291193] - [fs] ceph: get inode size for each append write (Zheng Yan) [1320033 1291193] - [fs] ceph: cleanup use of ceph_msg_get (Zheng Yan) [1320033 1291193] - [fs] ceph: no need to get parent inode in ceph_open (Zheng Yan) [1320033 1291193] - [fs] ceph: remove the useless judgement (Zheng Yan) [1320033 1291193] - [fs] ceph: remove redundant test of head->safe and silence static analysis warnings (Zheng Yan) [1320033 1291193] - [fs] ceph: fix queuing inode to mdsdir's snaprealm (Zheng Yan) [1320033 1291193] - [fs] ceph: invalidate dirty pages after forced umount (Zheng Yan) [1320033 1291193] - [fs] ceph: EIO all operations after forced umount (Zheng Yan) [1320033 1291193] - [fs] ceph: always re-send cap flushes when MDS recovers (Zheng Yan) [1320033 1291193] - [fs] ceph: fix ceph_writepages_start() (Zheng Yan) [1320033 1291193] - [fs] ceph: switch some GFP_NOFS memory allocation to GFP_KERNEL (Zheng Yan) [1320033 1291193] - [fs] ceph: pre-allocate data structure that tracks caps flushing (Zheng Yan) [1320033 1291193] - [fs] ceph: re-send flushing caps (which are revoked) in reconnect stage (Zheng Yan) [1320033 1291193] - [fs] ceph: send TID of the oldest pending caps flush to MDS (Zheng Yan) [1320033 1291193] - [fs] ceph: track pending caps flushing globally (Zheng Yan) [1320033 1291193] - [fs] ceph: track pending caps flushing accurately (Zheng Yan) [1320033 1291193] - [fs] ceph: fix directory fsync (Zheng Yan) [1320033 1291193] - [fs] ceph: fix flushing caps (Zheng Yan) [1320033 1291193] - [fs] ceph: don't include used caps in cap_wanted (Zheng Yan) [1320033 1291193] - [fs] ceph: ratelimit warn messages for MDS closes session (Zheng Yan) [1320033 1291193] - [fs] ceph: simplify two mount_timeout sites (Zheng Yan) [1320033 1291193] - [fs] libceph: store timeouts in jiffies, verify user input (Zheng Yan) [1320033 1291193] - [fs] ceph: exclude setfilelock requests when calculating oldest tid (Zheng Yan) [1320033 1291193] - [fs] ceph: don't pre-allocate space for cap release messages (Zheng Yan) [1320033 1291193] - [fs] ceph: make sure syncfs flushes all cap snaps (Zheng Yan) [1320033 1291193] - [fs] ceph: don't trim auth cap when there are cap snaps (Zheng Yan) [1320033 1291193] - [fs] ceph: take snap_rwsem when accessing snap realm's cached_context (Zheng Yan) [1320033 1291193] - [fs] ceph: avoid sending unnessesary FLUSHSNAP message (Zheng Yan) [1320033 1291193] - [fs] ceph: set i_head_snapc when getting CEPH_CAP_FILE_WR reference (Zheng Yan) [1320033 1291193] - [fs] ceph: use empty snap context for uninline_data and get_pool_perm (Zheng Yan) [1320033 1291193] - [fs] ceph: check OSD caps before read/write (Zheng Yan) [1320033 1291193] - [fs] libceph: allow setting osd_req_op's flags (Zheng Yan) [1320033 1291193] [3.10.0-327.16.1] - [tty] pty: make sure super_block is still valid in final /dev/tty close (Herton R. Krzesinski) [1320297 1291313] - [tty] pty: fix possible use after free of tty->driver_data (Herton R. Krzesinski) [1320297 1291313] [3.10.0-327.15.1] - [netdrv] sfc: push partner queue for skb->xmit_more (Jarod Wilson) [1318323 1267167] - [netdrv] sfc: replace spinlocks with bit ops for busy poll locking (Jarod Wilson) [1318323 1267167] [3.10.0-327.14.1] - [kernel] sched: Move cpu_active() tests from stop_two_cpus() into migrate_swap_stop() (Oleg Nesterov) [1299338 1252281] - [kernel] stop_machine: Change cpu_stop_queue_two_works() to rely on stopper->enabled (Oleg Nesterov) [1299338 1252281] - [kernel] stop_machine: Introduce __cpu_stop_queue_work() and cpu_stop_queue_two_works() (Oleg Nesterov) [1299338 1252281] - [kernel] stop_machine: Ensure that a queued callback will be called before cpu_stop_park() (Oleg Nesterov) [1299338 1252281] - [kernel] stop_machine: Remove cpu_stop_work's from list in cpu_stop_park() (Oleg Nesterov) [1299338 1252281] - [kernel] stop_machine: Don't do for_each_cpu() twice in queue_stop_cpus_work() (Oleg Nesterov) [1299338 1252281] - [kernel] stop_machine: Move 'cpu_stopper_task' and 'stop_cpus_work' into 'struct cpu_stopper' (Oleg Nesterov) [1299338 1252281] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0758 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 Oracle Linux 7 Oracle Linux 6 [38.8.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [38.8.0-2] - Update to 38.8.0 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2805 CVE-2016-2807 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [1.2-6] - libndp: fix hop limit validation [CVE-2016-3698] [1.2-5] - libndp: validate the IPv6 hop limit [CVE-2016-3698] - libndb: reject redirect and router advertisements from non-link-local [CVE-2016-3698] MODERATE Copyright 2016 Oracle, Inc. CVE-2016-3698 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 [0.9.8e-40.0.1] - To disable SSLv2 client connections create the file /etc/sysconfig/openssl-ssl-client-kill-sslv2 (John Haxby) [orabug 21673934] - Backport openssl 08-Jan-2015 security fixes (John Haxby) [orabug 20409893] - fix CVE-2014-3570 - Bignum squaring may produce incorrect results - fix CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record - fix CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client] [0.9.8e-40] - fix CVE-2016-2108 - memory corruption in ASN.1 encoder IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2108 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 [7:3.1.23-16.4] - Related: #1334489 - CVE-2016-4554 CVE-2016-4556 squid: various flaws [7:3.1.23-16.3] - Resolved: #1334489 - CVE-2016-4554 CVE-2016-4556 squid: various flaws - Related: #1330572 - CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: various flaws [7:3.1.23-16.2] - Related: #1330572 - CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: various flaws [7:3.1.23-16.1] - Resolves: #1330572 - CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: various flaws MODERATE Copyright 2016 Oracle, Inc. CVE-2016-4554 CVE-2016-4053 CVE-2016-4054 CVE-2016-4052 CVE-2016-4556 CVE-2016-4051 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch Oracle Linux 7 [7:3.3.8-26.3] - Related: #1330576 - CVE-2016-4553 squid: Cache poisoning issue in HTTP Request handling - Related: #1334491 - CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 squid: various flaws [7:3.3.8-26.2] - Related: #1330576 - CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: various flaws [7:3.3.8-26.1] - Resolves: #1330576 - CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: various flaws MODERATE Copyright 2016 Oracle, Inc. CVE-2016-4553 CVE-2016-4051 CVE-2016-4053 CVE-2016-4554 CVE-2016-4054 CVE-2016-4556 CVE-2016-4052 CVE-2016-4555 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [7:3.4.14-9.3] - Resolves: #1334499 - CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 squid34: various flaws - Resolves: #1334506 - CVE-2016-4553 squid34: squid: Cache poisoning issue in HTTP Request handling [7:3.4.14-9.2] - Related: #1330574 - CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid34: various flaws [7:3.4.14-9.1] - Resolves: #1330574 - CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid34: various flaws MODERATE Copyright 2016 Oracle, Inc. CVE-2016-4053 CVE-2016-4555 CVE-2016-4553 CVE-2016-4554 CVE-2016-4052 CVE-2016-4051 CVE-2016-4054 CVE-2016-4556 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch Oracle Linux 6 Oracle Linux 7 [4.2.6p5-10.el6_8.1] - don't allow spoofed packets to demobilize associations (CVE-2015-7979, CVE-2016-1547) - don't allow spoofed packet to enable symmetric interleaved mode (CVE-2016-1548) - check mode of new source in config command (CVE-2016-2518) - make MAC check resilient against timing attack (CVE-2016-1550) MODERATE Copyright 2016 Oracle, Inc. CVE-2015-7979 CVE-2016-1547 CVE-2016-2518 CVE-2016-1550 CVE-2016-1548 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:linux:7::optional_archive Oracle Linux 6 [0.12.4-13.1] - Fix heap-based memory corruption within smartcard handling Resolves: CVE-2016-0749 - Fix host memory access from guest with invalid primary surface parameters Resolves: CVE-2016-2150 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2150 CVE-2016-0749 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest_archive Oracle Linux 7 [0.12.4-15.1] - Fix heap-based memory corruption within smartcard handling Resolves: CVE-2016-0749 - Fix host memory access from guest with invalid primary surface parameters Resolves: CVE-2016-2150 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2150 CVE-2016-0749 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.2.0-1.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [45.2.0-1] - Update to 45.2.0 ESR [45.1.1-2] - Added fix for mozbz#1270046 - new Samba auth response CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-2828 CVE-2016-2821 CVE-2016-2822 CVE-2016-2819 CVE-2016-2831 CVE-2016-2818 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 Oracle Linux 7 [6.7.2.7-5] - Add fix for CVE-2016-3714, CVE-2016-3715, CVE-2016-3716 and CVE-2016-3717 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-8897 CVE-2015-8898 CVE-2016-5239 CVE-2016-5240 CVE-2016-5118 CVE-2015-8895 CVE-2015-8896 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 6 setroubleshoot [3.0.47-12.0.1] - Add setroubleshoot-oracle-enterprise.patch to change bug reporting URL to linux.oracle.com [3.0.47-12] - Don't use command.get*output() Resolves: CVE-2016-4445 setroubleshoot-plugins [3.0.40-3.1.0.1] - Add setroubleshoot-plugins-oracle-enterprise.patch [3.0.40-3.1] - Don't use commands.get*output() Resolves: CVE-2016-4444, CVE-2016-4446 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4445 CVE-2016-4444 CVE-2016-4446 CVE-2016-4989 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::unsupported Oracle Linux 7 - [3.10.0-327.22.2.OL7] - Oracle Linux certificates (Alexey Petrenko) [3.10.0-327.22.2] - [infiniband] security: Restrict use of the write() interface (Don Dutile) [1332553 1316685] {CVE-2016-4565} [3.10.0-327.22.1] - [mm] mmu_notifier: fix memory corruption (Jerome Glisse) [1335727 1307042] - [misc] cxl: Increase timeout for detection of AFU mmio hang (Steve Best) [1335419 1329682] - [misc] cxl: Configure the PSL for two CAPI ports on POWER8NVL (Steve Best) [1336389 1278793] - [powerpc] Define PVR value for POWER8NVL processor (Steve Best) [1336389 1278793] - [x86] Mark Intel Knights Landing-F processor as not supported (Steve Best) [1335407 1331516] - [netdrv] ixgbevf: fix spoofed packets with random MAC (Ken Cox) [1335406 1247345] - [netdrv] ixgbevf: use ether_addr_copy instead of memcpy (Ken Cox) [1335406 1247345] - [scsi] hpsa: update rev to 3.4.10-0-RH3 (Joseph Szczypek) [1334773 1296287] - [scsi] hpsa: check for a null phys_disk pointer in ioaccel2 path (Joseph Szczypek) [1334773 1296287] - [cpufreq] intel_pstate: Fix divide by zero on Knights Landing (Steve Best) [1334438 1273305] - [mm] hugetlbfs: optimize when NUMA=n (Rui Wang) [1334436 1274624] - [mm] hugetlb: use memory policy when available (Rui Wang) [1334436 1274624] - [mm] optimize put_mems_allowed() usage (Rui Wang) [1334436 1274624] - [x86] Mark Intel Knights Landing processor as supported (Steve Best) [1332991 1158238] - [block] virtio-blk: use VIRTIO_BLK_F_WCE and VIRTIO_BLK_F_CONFIG_WCE in virtio1 (Fam Zheng) [1327611 1266008] - [x86] mm: suitable memory should go to ZONE_MOVABLE (Igor Mammedov) [1327588 1265880] - [mm] memory-hotplug: add zone_for_memory() for selecting zone for new memory (Igor Mammedov) [1327588 1265880] - [s390] mm: Fix memory hotplug for unaligned standby memory (Igor Mammedov) [1327588 1265880] - [mm] memory-hotplug: Remove 'weak' from memory_block_size_bytes() declaration (Igor Mammedov) [1327588 1265880] - [mm] Add prototype declaration to the header file (Igor Mammedov) [1327588 1265880] - [mm] hotplug: verify hotplug memory range (Igor Mammedov) [1327588 1265880] - [drm] vmwgfx: respect 'nomodeset' (Rob Clark) [1327587 1284936] - [net] sctp: Prevent soft lockup when sctp_accept() is called during a timeout event (Xin Long) [1324748 1270586] {CVE-2015-8767} - [net] sctp: Whitespace fix (Xin Long) [1324748 1270586] {CVE-2015-8767} - [fs] xfs: fix splice/direct-IO deadlock (Bill O'Donnell) [1324098 824796] - [fs] vfs: split generic splice code from i_mutex locking (Bill O'Donnell) [1324098 824796] - [lib] keys: Fix ASN.1 indefinite length object parsing (David Howells) [1308814 1308815] {CVE-2016-0758} [3.10.0-327.21.1] - [lib] klist: fix starting point removed bug in klist iterators (Ewan Milne) [1333403 1309433] - [acpi] tables: test the correct variable (Prarit Bhargava) [1331681 1242556] - [x86] acpi: Handle apic/x2apic entries in MADT in correct order (Prarit Bhargava) [1331681 1242556] - [acpi] tables: Add acpi_subtable_proc to ACPI table parsers (Prarit Bhargava) [1331681 1242556] - [acpi] table: Always count matched and successfully parsed entries (Prarit Bhargava) [1331681 1242556] - [acpi] table: Add new function to get table entries (Prarit Bhargava) [1331681 1242556] - [netdrv] mlx4_en: Fix IRQ affinity on s390x (Kamal Heib) [1327583 1264148] - [usb] xhci: Workaround to get Intel xHCI reset working more reliably (Torez Smith) [1327581 1318570] - [block] Return EBUSY from BLKRRPART for mounted whole-dev fs (Eric Sandeen) [1324530 1285549] - [powerpc] eeh: Fix PE location code (Gustavo Duarte) [1324528 1302537] - [powerpc] eeh: Wrong place to call pci_get_slot() (Steve Best) [1327834 1273996] - [net] ipv6: Nonlocal bind (Sabrina Dubroca) [1324502 1315968] - [net] ipv4: bind ip_nonlocal_bind to current netns (Sabrina Dubroca) [1324502 1315968] [3.10.0-327.20.1] - [kernel] audit: stop an old auditd being starved out by a new auditd (Richard Guy Briggs) [1328802 1253123] - [kernel] audit: try harder to send to auditd upon netlink failure (Richard Guy Briggs) [1328802 1253123] - [kernel] audit: remove stray newlines from audit_log_lost messages (Richard Guy Briggs) [1328802 1253123] - [kernel] audit: get rid of *NO* daemon at audit_pid=0 message (Richard Guy Briggs) [1328802 1253123] - [kernel] audit: prevent an older auditd shutdown from orphaning a newer auditd startup (Richard Guy Briggs) [1328802 1253123] - [net] netlink: don't hold mutex in rcu callback when releasing mmapd ring (Phil Sutter) [1328801 1238749] - [lib] rhashtable: Wait for RCU readers after final unzip work (Phil Sutter) [1328801 1238749] - [net] netlink: Lockless lookup with RCU grace period in socket release (Phil Sutter) [1328801 1238749] - [net] netlink: use jhash as hashfn for rhashtable (Phil Sutter) [1328801 1238749] [3.10.0-327.19.1] - [net] tcp, dccp: warn user for preferred ip_local_port_range (Florian Westphal) [1323960 1305525] - [net] tcp, dccp: try to not exhaust ip_local_port_range in connect() (Florian Westphal) [1323960 1305525] - [net] tcp: improve REUSEADDR/NOREUSEADDR cohabitation (Florian Westphal) [1323960 1305525] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-8767 CVE-2016-4565 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [2.9.1-6.0.1.3] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [libxml2-2.9.1-6.3] - Heap-based buffer overread in xmlNextChar (CVE-2016-1762) - Bug 763071: Heap-buffer-overflow in xmlStrncat <https://bugzilla.gnome.org/show_bug.cgi?id=763071> (CVE-2016-1834) - Bug 757711: Heap-buffer-overflow in xmlFAParsePosCharGroup <https://bugzilla.gnome.org/show_bug.cgi?id=757711> (CVE-2016-1840) - Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal <https://bugzilla.gnome.org/show_bug.cgi?id=758588> (CVE-2016-1838) - Bug 758605: Heap-based buffer overread in xmlDictAddString <https://bugzilla.gnome.org/show_bug.cgi?id=758605> (CVE-2016-1839) - Bug 759398: Heap use-after-free in xmlDictComputeFastKey <https://bugzilla.gnome.org/show_bug.cgi?id=759398> (CVE-2016-1836) - Fix inappropriate fetch of entities content (CVE-2016-4449) - Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (CVE-2016-1837) - Heap use-after-free in xmlSAX2AttributeNs (CVE-2016-1835) - Heap-based buffer-underreads due to xmlParseName (CVE-2016-4447) - Heap-based buffer overread in htmlCurrentChar (CVE-2016-1833) - Add missing increments of recursion depth counter to XML parser. (CVE-2016-3705) - Avoid building recursive entities (CVE-2016-3627) - Fix some format string warnings with possible format string vulnerability (CVE-2016-4448) - More format string warnings with possible format string vulnerability (CVE-2016-4448) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1838 CVE-2016-1836 CVE-2016-1837 CVE-2016-1762 CVE-2016-1835 CVE-2016-4448 CVE-2016-1839 CVE-2016-4447 CVE-2016-1833 CVE-2016-3705 CVE-2016-1840 CVE-2016-3627 CVE-2016-4449 CVE-2016-1834 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ol7 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:linux:7:5:base cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ol6 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ol7 cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 Oracle Linux 7 setroubleshoot [3.2.24-4.0.1] - Add setroubleshoot-oracle-enterprise.patch to change bug reporting URL to linux.oracle.com [3.2.24-4] - Catch all subprocess module exceptions [3.2.24-3] - Use subprocess.check_output() with a sequence of program arguments [3.2.24-2] - Do not use dangerous shell=True setroubleshoot-plugins [3.0.59-2.0.1] - Add setroubleshoot-plugins-oracle-config.patch to use oracle url - Add setroubleshoot-plugins-oracle-po.patch to use oracle url for po [3.0.59-2] - Don't use commands.get*output() Resolves: CVE-2016-4444, CVE-2016-4446 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4446 CVE-2016-4444 CVE-2016-4989 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [4.01.0-22.7] - Fix buffer overflow and information leak CVE-2015-8869 resolves: rhbz#1343100 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-8869 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::optional_latest Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.2-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [45.2-1] - Update to 45.2 [45.1.1-1] - Update to 45.1.1 [45.1.0-5] - Do not add symlinks to some langpacks [45.1.0-4] - Update to 45.1.0 [45.0-5] - Update to 45.0 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2818 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [2.6.32-642.3.1] - [infiniband] security: Restrict use of the write interface (Don Dutile) [1332547 1332548] {CVE-2016-4565} [2.6.32-642.2.1] - [sched] Revert 'kernel: sched: Cure load average vs NO_HZ woes' (Rafael Aquini) [1343015 1326373] - [sched] Revert 'kernel: sched: Cure more NO_HZ load average woes' (Rafael Aquini) [1343015 1326373] - [sched] Revert 'kernel: sched: Move sched_avg_update to update_cpu_load' (Rafael Aquini) [1343015 1326373] - [sched] Revert 'kernel: sched: Fix nohz load accounting -- again' (Rafael Aquini) [1343015 1326373] - [fs] lockd: Don't try to register/unregister callbacks on the inet6addr_chain if the ipv6 module isn't loaded (Scott Mayhew) [1341496 1336483] - [fs] nfsd: Don't try to register/unregister callbacks on the inet6addr_chain if the ipv6 module isn't loaded (Scott Mayhew) [1341496 1336483] - [isdn] avoid calling tty_ldisc_flush() in atomic context (Sabrina Dubroca) [1337443 1328115] - [redhat] Update dracut dependency to pull in ecb module (Herbert Xu) [1334431 1315832] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4565 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 Oracle Linux 6 Oracle Linux 5 [2.2.3-92.0.1] - Add the ability to read DH parameters from the (first) SSLCertificateFile (John Haxby) [orabug 21671194] - fix mod_ssl always performing full renegotiation (Joe Jin) [orabug 12423387] - replace index.html with Oracle's index page oracle_index.html - update vstring and distro in specfile [2.2.3-92] - add security fix for CVE-2016-5387 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5387 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 7 [2.4.6-40.0.1.4] - replace index.html with Oracle's index page oracle_index.html [2.4.6-40.4] - add security fix for CVE-2016-5387 [2.4.6-40.3] - add 451 (Unavailable For Legal Reasons) response status-code (#1353269) [2.4.6-40.2] - mod_cache: treat cache as valid with changed Expires in 304 (#1347648) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5387 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [1:1.8.0.101-3.b13] - Replace bad 8159244 patch from upstream 8u with fresh backport from OpenJDK 9. - Resolves: rhbz#1350034 [1:1.8.0.101-2.b13] - Add missing hunk from 8147771, missed due to inclusion of unneeded 8138811 - Resolves: rhbz#1350034 [1:1.8.0.101-1.b13] - Add workaround for a typo in the CORBA security fix, 8079718 - Resolves: rhbz#1350034 [1:1.8.0.101-0.b13] - Update to u101b13. - Backport REPOS option in generate_source_tarball.sh - Drop a leading zero from the priority as the update version is now three digits - Resolves: rhbz#1350034 [1:1.8.0.92-0.b14] - Add additional fixes (S6260348, S8159244) for u92 update. - Resolves: rhbz#1350034 [1:1.8.0.92-0.b14] - Update ppc64le fix with upstream version, S8158260. - Resolves: rhbz#1350034 [1:1.8.0.92-0.b14] - Add fix for ppc64le crash due to illegal instruction. - Resolves: rhbz#1350034 [1:1.8.0.92-0.b14] - Add backport for S8148752. - Resolves: rhbz#1350034 [1:1.8.0.92-0.b14] - Update to u92b14. - Remove upstreamed patches for Zero build failures 8087120 & 8143855. - Add 8132051 Zero fix upstreamed as 8154210 in 8u112. - Add upstreamed patch 6961123 from u102 to fix application name in GNOME Shell. - Add upstreamed patches 8044762 & 8049226 from u112 to fix JDI issues. - Regenerate java-1.8.0-openjdk-rh1191652-root.patch against u92 - Resolves: rhbz#1350034 CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-3508 CVE-2016-3500 CVE-2016-3550 CVE-2016-3610 CVE-2016-3606 CVE-2016-3458 CVE-2016-3587 CVE-2016-3598 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [4.2.10-7] - resolves: #1351960 - Fix CVE-2016-2119 [4.2.10-6.3] - resolves: #1350759 - Fix idmap_hash when used with other modules - resolves: #1351260 - Fix krb5 encryption type setup during join MODERATE Copyright 2016 Oracle, Inc. CVE-2016-2119 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::optional_latest Oracle Linux 6 [4.2.10-7] - resolves: #1351957 - Fix CVE-2016-2119 MODERATE Copyright 2016 Oracle, Inc. CVE-2016-2119 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [1:1.7.0.111-2.6.7.1.0.1] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Oracle Linux' [1:1.7.0.111-2.6.7.1] - Bump to jdk7u111 b01 to fix TCK regressions (7081817 & 8162344) - Resolves: rhbz#1350038 [1:1.7.0.111-2.6.7.0] - Bump to 2.6.7 and u111b00. - Update SystemTap bundle with fix for PR3091/RH1204159 - Drop patches (S8161262 (8147466_wrapv) and PR2939 (fontpath)) applied upstream. - Reset permissions of resources.jar to avoid it only being readable by root (PR1437). - Resolves: rhbz#1350038 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3598 CVE-2016-3500 CVE-2016-3458 CVE-2016-3508 CVE-2016-3606 CVE-2016-3550 CVE-2016-3610 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 7 [1.6.3-1] - Resolves: rhbz#1358278 - CVE-2016-5386 [1.6.2-1] - rebase to 1.6.2 - Resolves: rhbz#1346331 MODERATE Copyright 2016 Oracle, Inc. CVE-2016-5386 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [3.10.0-327.28.2.OL7] - Oracle Linux certificates (Alexey Petrenko) [3.10.0-327.28.2] - [net] bridge: include in6.h in if_bridge.h for struct in6_addr (Jiri Benc) [1331285 1268057] - [net] inet: defines IPPROTO_* needed for module alias generation (Jiri Benc) [1331285 1268057] - [net] sync some IP headers with glibc (Jiri Benc) [1331285 1268057] [3.10.0-327.28.1] - [netdrv] e1000: Double Tx descriptors needed check for 82544 (Jarod Wilson) [1349448 1274170] - [netdrv] e1000: Do not overestimate descriptor counts in Tx pre-check (Jarod Wilson) [1349448 1274170] - [scsi] 3w-9xxx: version string touch (Tomas Henzl) [1348833 1322447] - [scsi] 3w-9xxx: don't unmap bounce buffered commands (Tomas Henzl) [1348833 1322447] - [scsi] 3w-9xxx: fix command completion race (Tomas Henzl) [1348833 1322447] - [fs] gfs2: don't set rgrp gl_object until it's inserted into rgrp tree (Robert S Peterson) [1348829 1344363] - [fs] fanotify: fix notification of groups with inode & mount marks (Miklos Szeredi) [1348828 1308393] - [fs] ovl: fix permission checking for setattr (Vivek Goyal) [1293980 1293981] - [security] keys: potential uninitialized variable (David Howells) [1345935 1341352] {CVE-2016-4470} - [tty] Invert tty_lock/ldisc_sem lock order (Herton R. Krzesinski) [1336823 1327403] - [tty] Don't hold tty_lock for ldisc release (Herton R. Krzesinski) [1336823 1327403] - [tty] Reset hupped state on open (Herton R. Krzesinski) [1336823 1327403] - [tty] Fix hangup race with TIOCSETD ioctl (Herton R. Krzesinski) [1336823 1327403] - [tty] Clarify ldisc variable (Herton R. Krzesinski) [1336823 1327403] - [infiniband] security: Restrict use of the write() interface (Don Dutile) [1332553 1316685] {CVE-2016-4565} [3.10.0-327.27.1] - [md] raid5: check_reshape() shouldn't call mddev_suspend (Jes Sorensen) [1344313 1312828] - [net] sctp: Potentially-Failed state should not be reached from unconfirmed state (Xin Long) [1347809 1333696] - [net] sctp: fix the transports round robin issue when init is retransmitted (Xin Long) [1347809 1333696] - [net] sctp: fix suboptimal edge-case on non-active active/retrans path selection (Xin Long) [1347809 1333696] - [net] sctp: spare unnecessary comparison in sctp_trans_elect_best (Xin Long) [1347809 1333696] - [net] sctp: improve sctp_select_active_and_retran_path selection (Xin Long) [1347809 1333696] - [net] sctp: migrate most recently used transport to ktime (Xin Long) [1347809 1333696] - [net] sctp: refactor active path selection (Xin Long) [1347809 1333696] - [net] sctp: remove NULL check in sctp_assoc_update_retran_path (Xin Long) [1347809 1333696] - [net] sctp: rework multihoming retransmission path selection to rfc4960 (Xin Long) [1347809 1333696] - [net] sctp: retran_path not set properly after transports recovering (Xin Long) [1347809 1333696] - [mm] memcg: fix endless loop caused by mem_cgroup_iter (Herton R. Krzesinski) [1344750 1297381] - [scsi] qla2xxx: Set relogin flag when we fail to queue login requests (Chad Dupuis) [1347344 1273080] - [x86] perf/x86/intel/uncore: Add Broadwell-EP uncore support (Jiri Olsa) [1347374 1259976] - [x86] perf/x86/intel/uncore: Add Broadwell-DE uncore support (Jiri Olsa) [1348063 1306834] - [lib] rhashtable: Do hashing inside of rhashtable_lookup_compare() (Phil Sutter) [1343639 1238749] - [s390] mm: four page table levels vs. fork (Hendrik Brueckner) [1341547 1308879] {CVE-2016-2143} - [firmware] dmi_scan: Fix UUID endianness for SMBIOS >= 2.6 (Prarit Bhargava) [1340118 1294461] - [misc] cxl: Export AFU error buffer via sysfs (Gustavo Duarte) [1343537 1275968] - [misc] cxl: Poll for outstanding IRQs when detaching a context (Alexander Gordeev) [1338886 1332487] - [misc] cxl: Keep IRQ mappings on context teardown (Alexander Gordeev) [1338886 1332487] - [netdrv] mlx4_en: Fix endianness bug in IPV6 csum calculation (kamal heib) [1337431 1325358] - [acpi] srat: fix SRAT parsing order with both LAPIC and X2APIC present (Prarit Bhargava) [1336821 1331394] [3.10.0-327.26.1] - [block] blk-mq: fix race between timeout and freeing request (David Milburn) [1347743 1288601] - [x86] nmi: Fix use of unallocated cpumask_var_t (Jerry Snitselaar) [1346176 1069217] - [x86] nmi: Perform a safe NMI stack trace on all CPUs (Jerry Snitselaar) [1346176 1069217] - [kernel] printk: Add per_cpu printk func to allow printk to be diverted (Jerry Snitselaar) [1346176 1069217] - [lib] seq: Add minimal support for seq_buf (Jerry Snitselaar) [1346176 1069217] - [fs] ovl: use a minimal buffer in ovl_copy_xattr (Vivek Goyal) [1347235 1306358] - [fs] ovl: allow zero size xattr (Vivek Goyal) [1347235 1306358] [3.10.0-327.25.1] - [fs] xfs: fix broken multi-fsb buffer logging (Brian Foster) [1344234 1334671] [3.10.0-327.24.1] - [net] udp: properly support MSG_PEEK with truncated buffers (Sabrina Dubroca) [1339115 1294384] [3.10.0-327.23.1] - [net] af_unix: Guard against other == sk in unix_dgram_sendmsg (Jakub Sitnicki) [1337513 1285792] - [net] unix: avoid use-after-free in ep_remove_wait_queue (Paolo Abeni) [1337513 1285792] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4470 CVE-2015-8660 CVE-2016-2143 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [4.0.3-25] - Add patches for CVEs: CVE-2015-7554, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2015-8784 - Related: #1299920 [4.0.3-24] - Update patches for CVEs: CVE-2014-8127, CVE-2014-8130 - Related: #1299920 [4.0.3-23] - Update patches: CVE-2014-9330, CVE-2014-8127, CVE-2014-8129 CVE-2014-8130 - Related: #1299920 [4.0.3-22] - Update patch for CVE-2015-8668 - Related: #1299920 [4.0.3-21] - Remove patches for CVEs: CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8665, CVE-2015-8683, CVE-2015-8781, CVE-2015-8784 - Add patches for CVEs: CVE-2016-3632, CVE-2016-3945, CVE-2016-3990, CVE-2016-3991, CVE-2016-5320 - Update patches for CVEs: CVE-2014-9655, CVE-2015-1547, CVE-2015-8668 - Related: #1299920 [4.0.3-20] - CVE-2014-8127 should contain only two fixes - Related: #1299920 [4.0.3-19] - Revert previous patch CVE-2014-8127 - Related: #1299920 [4.0.3-18] - Fix patch CVE-2014-8127. Wrongly applied - Related: #1299920 [4.0.3-17] - Fix patch CVE-2015-8668. Wrongly applied by me - Related: #1299920 [4.0.3-16] - Fixed patches on preview CVEs - Related: #1299920 [4.0.3-15] - This resolves several CVEs - CVE-2014-8127, CVE-2014-8129, CVE-2014-8130 - CVE-2014-9330, CVE-2014-9655, CVE-2015-8781 - CVE-2015-8784, CVE-2015-1547, CVE-2015-8683 - CVE-2015-8665, CVE-2015-7554, CVE-2015-8668 - Resolves: #1299920 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2014-8127 CVE-2015-8683 CVE-2016-5320 CVE-2014-8130 CVE-2016-3991 CVE-2015-7554 CVE-2014-9330 CVE-2015-8668 CVE-2015-8781 CVE-2015-1547 CVE-2015-8665 CVE-2015-8783 CVE-2015-8784 CVE-2014-8129 CVE-2014-9655 CVE-2015-8782 CVE-2016-3632 CVE-2016-3990 CVE-2016-3945 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [3.9.4-18] - Update patch for CVE-2014-8127 - Related: #1335099 [3.9.4-17] - Fix patches for CVE-2016-3990 and CVE-2016-5320 - Related: #1335099 [3.9.4-16] - Add patches for CVEs: - CVE-2016-3632 CVE-2016-3945 CVE-2016-3990 - CVE-2016-3991 CVE-2016-5320 - Related: #1335099 [3.9.4-15] - Update patch for CVE-2014-8129 - Related: #1335099 [3.9.4-14] - Merge previously released fixes for CVEs: - CVE-2013-1960 CVE-2013-1961 CVE-2013-4231 - CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 - Resolves: #1335099 [3.9.4-13] - Patch typos in CVE-2014-8127 - Related: #1299919 [3.9.4-12] - Fix CVE-2014-8127 and CVE-2015-8668 patches - Related: #1299919 [3.9.4-11] - Fixed patches on preview CVEs - Related: #1299919 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2014-9655 CVE-2015-8668 CVE-2016-3990 CVE-2016-3632 CVE-2014-8129 CVE-2015-8783 CVE-2016-3991 CVE-2015-8784 CVE-2014-8127 CVE-2016-5320 CVE-2014-8130 CVE-2016-3945 CVE-2015-1547 CVE-2015-8665 CVE-2015-8782 CVE-2015-7554 CVE-2014-9330 CVE-2015-8683 CVE-2015-8781 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.3.0-1.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [45.3.0-1] - Update to 45.3.0 ESR [45.2.0-3] - Added fix for mozbz#256180 [45.2.0-2] - Added fix for mozbz#975832, rhbz#1343202 CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5265 CVE-2016-2836 CVE-2016-2830 CVE-2016-5263 CVE-2016-5252 CVE-2016-5264 CVE-2016-2837 CVE-2016-5262 CVE-2016-2838 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 [7:3.1.23-16.6] - Resolves: #1359204 - CVE-2016-5408 squid: Buffer overflow vulnerability in cachemgr.cgi tool MODERATE Copyright 2016 Oracle, Inc. CVE-2016-5408 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 [0.12.1.2-2.491.el6_8.3] - kvm-virtio-error-out-if-guest-exceeds-virtqueue-size.patch [bz#1359724] - Resolves: bz#1359724 (EMBARGOED CVE-2016-5403 qemu-kvm: Qemu: virtio: unbounded memory allocation on host via guest leading to DoS [rhel-6.8.z]) [0.12.1.2-2.491.el6_8.2] - kvm-vga-add-sr_vbe-register-set.patch [bz#1347192] - Resolves: bz#1347192 (Regression from CVE-2016-3712: windows installer fails to start) [0.12.1.2-2.491.el6_8.1] - kvm-Add-vga.h-unmodified-from-Linux.patch [bz#1331407] - kvm-vga.h-remove-unused-stuff-and-reformat.patch [bz#1331407] - kvm-vga-use-constants-from-vga.h.patch [bz#1331407] - kvm-vga-Remove-some-should-be-done-in-BIOS-comments.patch [bz#1331407] - kvm-vga-fix-banked-access-bounds-checking-CVE-2016-3710.patch [bz#1331407] - kvm-vga-add-vbe_enabled-helper.patch [bz#1331407] - kvm-vga-factor-out-vga-register-setup.patch [bz#1331407] - kvm-vga-update-vga-register-setup-on-vbe-changes.patch [bz#1331407] - kvm-vga-make-sure-vga-register-setup-for-vbe-stays-intac.patch [bz#1331407] - Resolves: bz#1331407 (EMBARGOED CVE-2016-3710 qemu-kvm: qemu: incorrect banked access bounds checking in vga module [rhel-6.8.z]) MODERATE Copyright 2016 Oracle, Inc. CVE-2016-5403 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 Oracle Linux 7 [1:5.5.50-1] - Rebase to 5.5.50 Resolves: #1359628 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0643 CVE-2016-0646 CVE-2016-3452 CVE-2016-0648 CVE-2016-0641 CVE-2016-0647 CVE-2016-0644 CVE-2016-3477 CVE-2016-3521 CVE-2016-0640 CVE-2016-0650 CVE-2016-0666 CVE-2016-0649 CVE-2016-3615 CVE-2016-5440 CVE-2016-5444 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [1.5.3-105.el7_2.7] - kvm-block-iscsi-avoid-potential-overflow-of-acb-task-cdb.patch [bz#1358996] - Resolves: bz#1358996 (CVE-2016-5126 qemu-kvm: Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl [rhel-7.2.z]) [1.5.3-105.el7_2.6] - kvm-virtio-error-out-if-guest-exceeds-virtqueue-size.patch [bz#1359728] - Resolves: bz#1359728 (EMBARGOED CVE-2016-5403 qemu-kvm: Qemu: virtio: unbounded memory allocation on host via guest leading to DoS [rhel-7.2.z]) [1.5.3-105.el7_2.5] - kvm-vga-add-sr_vbe-register-set.patch [bz#1347527] - Resolves: bz#1347527 (Regression from CVE-2016-3712: windows installer fails to start) MODERATE Copyright 2016 Oracle, Inc. CVE-2016-5403 CVE-2016-5126 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [5.3.3-48] - don't set environmental variable based on user supplied Proxy request header CVE-2016-5385 MODERATE Copyright 2016 Oracle, Inc. CVE-2016-5385 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::unsupported Oracle Linux 7 [5.4.16-36.3] - don't set environmental variable based on user supplied Proxy request header CVE-2016-5385 [5.4.16-36.2] - fix segmentation fault in header_register_callback #1346758 MODERATE Copyright 2016 Oracle, Inc. CVE-2016-5385 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [2.6.6-66.0.1] - Add Oracle Linux distribution in platform.py [orabug 21288328] (Keshav Sharma) [2.6.6-66] - Fix for CVE-2016-1000110 HTTPoxy attack Resolves: rhbz#1359161 [2.6.6-65] - Fix for CVE-2016-0772 python: smtplib StartTLS stripping attack (rhbz#1303647) Raise an error when STARTTLS fails (upstream patch) - Fix for CVE-2016-5699 python: http protocol steam injection attack (rhbz#1303699) Disabled HTTP header injections in httplib (upstream patch) Resolves: rhbz#1346354 MODERATE Copyright 2016 Oracle, Inc. CVE-2016-1000110 CVE-2016-5699 CVE-2016-0772 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:linux:7::optional_archive Oracle Linux 7 - [3.10.0-327.28.3.OL7] - Oracle Linux certificates (Alexey Petrenko) [3.10.0-327.28.3] - [net] tcp: enable per-socket rate limiting of all 'challenge acks' (Florian Westphal) [1355603 1355605] {CVE-2016-5696} - [net] tcp: uninline tcp_oow_rate_limited() (Florian Westphal) [1355603 1355605] {CVE-2016-5696} - [net] tcp: make challenge acks less predictable (Florian Westphal) [1355603 1355605] {CVE-2016-5696} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5696 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [2.6.32-642.4.2] - [net] tcp: make challenge acks less predictable (Florian Westphal) [1355606 1355607] {CVE-2016-5696} [2.6.32-642.4.1] - [ipmi] Remove smi_msg from waiting_rcv_msgs list before handle_one_recv_msg() (David Arcari) [1355980 1347189] - [fs] ext4: Remove useless spinlock in ext4_getattr() (Lukas Czerner) [1355981 1315933] - [net] tcp: increase size at which tcp_bound_to_half_wnd bounds to > TCP_MSS_DEFAULT (Davide Caratti) [1354446 1349776] - [net] tcp: Prevent overzealous packetization by SWS logic (Davide Caratti) [1354446 1349776] - [fs] configfs: fix race between dentry put and lookup (Robert S Peterson) [1353828 1333448] - [drm] move idr2 implementation to lib (Milos Vyletel) [1353827 1316790] - [fs] cifs: Create dedicated keyring for spnego operations (Scott Mayhew) [1351670 1267754] - [infiniband] srp: Fix backport error in ib_srp::srp_queuecommand (Don Dutile) [1348062 1321094] - [fs] gfs2: don't set rgrp gl_object until it's inserted into rgrp tree (Robert S Peterson) [1347539 1344740] - [sched] avoid kernel panic during power off (Frank Ramsay) [1343894 1313035] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5696 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch Oracle Linux 5 Oracle Linux 7 Oracle Linux 6 [1:1.6.0.40-1.13.12.4.0.1] - Add oracle-enterprise.patch [1:1.6.0.40-1.13.12.4] - Bump source tarballs to try and really fix TCK failures this time. - Resolves: rhbz#1350043 [1:1.6.0.40-1.13.12.3] - Bump source tarballs to missing -DNDEBUG on JDK native code. - Resolves: rhbz#1350043 [1:1.6.0.40-1.13.12.2] - Escape macros in bootstrap comments - Resolves: rhbz#1350043 [1:1.6.0.40-1.13.12.2] - Bump source tarballs to fix TCK failures. - Resolves: rhbz#1350043 [1:1.6.0.40-1.13.12.1] - Introduce bootstrapping variable to test whether we are bootstrapping or not. - Add build requirement of xsltproc when bootstrapping. - Resolves: rhbz#1350043 [1:1.6.0.40-1.13.12.1] - Separate bootstrap option as it should not be tied to the JDK used. - Enable bootstrapping on JIT architectures going forward. - Temporarily enable bootstrapping on all architectures to work around RH1334465/PR2956. - Resolves: rhbz#1350043 [1:1.6.0.40-1.13.12.0] - Need to also remove DISTRIBUTION_PATCHES reference to wrapv patch. - Resolves: rhbz#1350043 [1:1.6.0.40-1.13.12.0] - Update to IcedTea 1.13.12 & OpenJDK 6 b40. - Depend on mailcap for /etc/mime.types (PR2800) - Use configure macro and disable long-running JTreg & SystemTap tests from make check - Remove redundant patch-ecj target invocation for bootstrap build. - Add check section to run the new tests introduced in 1.13.12. - Add RHEL version of b40 tarball. - Require mailcap at build time as well, so configure finds /etc/mime.types - No need to require openssl at run time. - Drop old_gcc patch as this is now supported upstream (S8161262) - Resolves: rhbz#1350043 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3458 CVE-2016-3606 CVE-2016-3550 CVE-2016-3500 CVE-2016-3508 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 Oracle Linux 7 [3.0.0-50.el6.2] - Resolves: #1351593 CVE-2016-5404 ipa: Insufficient privileges check in certificate revocation - cert-revoke: fix permission check bypass (CVE-2016-5404) MODERATE Copyright 2016 Oracle, Inc. CVE-2016-5404 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.3.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [45.3.0-1] - Update to 45.3.0 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2836 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [3.1.2-10] - Fixes variation of CVE-2016-5418: Hard links could include '..' in their path. [3.1.2-9] - Fixes CVE-2016-5418: Archive Entry with type 1 (hardlink) causes file overwrite (#1365777) [3.1.2-8] - a bunch of security fixes (rhbz#1353065) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1541 CVE-2015-8934 CVE-2015-8921 CVE-2015-8931 CVE-2015-8924 CVE-2016-4809 CVE-2016-5844 CVE-2016-7166 CVE-2015-8916 CVE-2015-8932 CVE-2015-8920 CVE-2016-4302 CVE-2015-8919 CVE-2015-8925 CVE-2015-8928 CVE-2016-5418 CVE-2015-8922 CVE-2015-8923 CVE-2015-8926 CVE-2015-8930 CVE-2016-4300 CVE-2016-6250 CVE-2015-8917 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 7 - [3.10.0-327.36.1.OL7] - Oracle Linux certificates (Alexey Petrenko) [3.10.0-327.36.1] - [x86] Use pte_none() to test for empty PTE (Larry Woodman) [1363860 1347159] - [x86] Disallow running with 32-bit PTEs to work around erratum (Larry Woodman) [1363860 1347159] - [x86] Ignore A/D bits in pte/pmd/pud_none() (Alexander Gordeev) [1363860 1347159] - [x86] Move swap offset/type up in PTE to work around erratum (Alexander Gordeev) [1363860 1347159] - [x86] cpu/intel: Introduce macros for Intel family numbers (Steve Best) [1364074 1273778] [3.10.0-327.35.1] - Revert: [x86] cpu/intel: Introduce macros for Intel family numbers (Steve Best) [1364074 1273778] - Revert: [x86] Move swap offset/type up in PTE to work around erratum (Larry Woodman) [1363860 1347159] - Revert: [x86] Ignore A/D bits in pte/pmd/pud_none() (Larry Woodman) [1363860 1347159] - Revert: [x86] Disallow running with 32-bit PTEs to work around erratum (Larry Woodman) [1363860 1347159] - Revert: [x86] Use pte_none() to test for empty PTE (Larry Woodman) [1363860 1347159] [3.10.0-327.34.1] - [x86] Use pte_none() to test for empty PTE (Larry Woodman) [1363860 1347159] - [x86] Disallow running with 32-bit PTEs to work around erratum (Larry Woodman) [1363860 1347159] - [x86] Ignore A/D bits in pte/pmd/pud_none() (Larry Woodman) [1363860 1347159] - [x86] Move swap offset/type up in PTE to work around erratum (Larry Woodman) [1363860 1347159] - [x86] cpu/intel: Introduce macros for Intel family numbers (Steve Best) [1364074 1273778] - [net] sctp: support ipv6 nonlocal bind (Xin Long) [1363847 1355769] - [fs] xfs: fix duplicate buffer flag bits (Brian Foster) [1363677 1358817] - [fs] sunrpc: Fix races between socket connection and destroy code (Steve Dickson) [1363617 1278540] - [fs] sunrpc: Add helpers to prevent socket create from racing (Steve Dickson) [1363617 1270038] - [acpi] battery: Accelerate battery resume callback (Jeremy McNicoll) [1363611 1270522] - [scsi] 3w-sas: fix command completion race (Tomas Henzl) [1362040 1294538] - [kernel] hrtimer: Prevent remote enqueue of leftmost timers (David Bulkow) [1361020 1323752] - [scsi] storvsc: Size the queue depth based on the ringbuffer size (Cathy Avery) [1360161 1287040] - [scsi] storvsc: Increase the ring buffer size (Cathy Avery) [1360161 1287040] - [scsi] vmbus: Support a vmbus API for efficiently sending page arrays (Cathy Avery) [1360161 1287040] - [fs] ovl: verify upper dentry in ovl_remove_and_whiteout() (Miklos Szeredi) [1364384 1359829] - [fs] ovl: verify upper dentry before unlink and rename (Miklos Szeredi) [1360155 1341795] - [fs] ovl: fix getcwd() failure after unsuccessful rmdir (Miklos Szeredi) [1360155 1341795] - [base] memory: fix kernel warning during memory hotplug on ppc64 (Laurent Vivier) [1357130 1276205] - [fs] sunrpc: increase UNX_MAXNODENAME from 32 to __NEW_UTS_LEN bytes (Benjamin Coddington) [1356880 1315390] - [net] tcp: enable per-socket rate limiting of all 'challenge acks' (Florian Westphal) [1355603 1355605] {CVE-2016-5696} - [net] tcp: uninline tcp_oow_rate_limited() (Florian Westphal) [1355603 1355605] {CVE-2016-5696} - [net] tcp: make challenge acks less predictable (Florian Westphal) [1355603 1355605] {CVE-2016-5696} - [net] netfilter: x_tables: speed up jump target validation (Florian Westphal) [1364809 1318693] {CVE-2016-3134} - [net] netfilter: x_tables: don't reject valid target size on some architectures (Florian Westphal) [1364809 1318693] {CVE-2016-3134} - [net] netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES (Florian Westphal) [1364809 1318693] {CVE-2016-3134} - [net] netfilter: x_tables: make sure e->next_offset covers remaining blob size (Florian Westphal) [1364809 1318693] {CVE-2016-3134} - [net] netfilter: x_tables: introduce and use xt_copy_counters_from_user (Florian Westphal) [1364809 1318693] {CVE-2016-3134} - [net] netfilter: x_tables: do compat validation via translate_table (Florian Westphal) [1364809 1318693] {CVE-2016-3134} - [net] netfilter: x_tables: xt_compat_match_from_user doesn't need a retval (Florian Westphal) [1364809 1318693] {CVE-2016-3134} - [net] netfilter: arp_tables: simplify translate_compat_table args (Florian Westphal) [1364809 1318693] {CVE-2016-3134} - [net] netfilter: ip6_tables: simplify translate_compat_table args (Florian Westphal) [1364809 1318693] {CVE-2016-3134} - [net] netfilter: ip_tables: simplify translate_compat_table args (Florian Westphal) [1364809 1318693] {CVE-2016-3134} - [net] netfilter: remove unused comefrom hookmask argument (Florian Westphal) [1364809 1318693] {CVE-2016-3134} - [net] netfilter: x_tables: validate all offsets and sizes in a rule (Florian Westphal) [1364809 1318693] {CVE-2016-3134} - [net] netfilter: x_tables: check for bogus target offset (Florian Westphal) [1364809 1318693] {CVE-2016-3134} - [net] netfilter: x_tables: check standard target size too (Florian Westphal) [1364809 1318693] {CVE-2016-3134} - [net] netfilter: x_tables: add compat version of xt_check_entry_offsets (Florian Westphal) [1364809 1318693] {CVE-2016-3134} - [net] netfilter: x_tables: assert minimum target size (Florian Westphal) [1364809 1318693] {CVE-2016-3134} - [net] netfilter: x_tables: kill check_entry helper (Florian Westphal) [1364809 1318693] {CVE-2016-3134} - [net] netfilter: x_tables: add and use xt_check_entry_offsets (Florian Westphal) [1364809 1318693] {CVE-2016-3134} - [net] netfilter: x_tables: validate targets of jumps (Florian Westphal) [1364809 1318693] {CVE-2016-3134} - [net] netfilter: x_tables: don't move to non-existent next rule (Florian Westphal) [1364809 1318693] {CVE-2016-3134} - [net] netfilter: x_tables: fix unconditional helper (Florian Westphal) [1364809 1318693] {CVE-2016-3134} - [net] netfilter: x_tables: validate e->target_offset early (Florian Westphal) [1364809 1318693] {CVE-2016-3134} - [net] netfilter: x_tables: check for size overflow (Florian Westphal) [1364809 1318693] {CVE-2016-3134} - [block] nvme: Add pci error handlers (David Milburn) [1350352 1288601] - [block] nvme: protect against simultaneous shutdown invocations (David Milburn) [1350352 1288601] - [block] nvme: Set affinity after allocating request queues (Frank Ramsay) [1350352 1288601] - [block] nvme: Fix device cleanup on initialization failure (David Milburn) [1350352 1288601] - [block] nvme: fix kernel memory corruption with short INQUIRY buffers (David Milburn) [1350352 1288601] - [net] bridge: include in6.h in if_bridge.h for struct in6_addr (Jiri Benc) [1331285 1268057] - [net] inet: defines IPPROTO_* needed for module alias generation (Jiri Benc) [1331285 1268057] - [net] sync some IP headers with glibc (Jiri Benc) [1331285 1268057] [3.10.0-327.33.1] - [powerpc] mm: don't do tlbie for updatepp request with NO HPTE fault (Gustavo Duarte) [1361462 1287289] - [mm] slub: do not drop slab_mutex for sysfs_slab_add (Larry Woodman) [1361019 1282934] [3.10.0-327.32.1] - [fs] xfs: give all workqueues rescuer threads (Brian Foster) [1359630 1298684] - [fs] xfs: cancel eofblocks background trimming on remount read-only (Brian Foster) [1358777 1339414] - [netdrv] bonding: Prevent IPv6 link local address on enslaved devices (Jarod Wilson) [1357868 1297931] - [kernel] ptrace: make wait_on_bit(JOBCTL_TRAPPING_BIT) in ptrace_attach() killable (Jiri Olsa) [1354285 1334503] [3.10.0-327.31.1] - [kernel] ptrace: task_clear_jobctl_trapping()->wake_up_bit() needs mb() (Daniel Bristot de Oliveira) [1354313 1350624] - [net] sctp: label accepted/peeled off sockets (Marcelo Leitner) [1354302 1247756] - [char] ipmi: Remove smi_msg from waiting_rcv_msgs list before handle_one_recv_msg() (David Arcari) [1353947 1348013] - [netdrv] bnx2x: don't wait for Tx completion on recovery (Michal Schmidt) [1351972 1320748] - [pci] aer: Clear error status registers during enumeration and restore (Prarit Bhargava) [1350304 1347459] [3.10.0-327.30.1] - [net] netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 (Paolo Abeni) [1343640 1265259] - [net] netfilter: bridge: don't leak skb in error paths (Paolo Abeni) [1343640 1265259] - [net] netfilter: bridge: forward IPv6 fragmented packets (Paolo Abeni) [1343640 1265259] - [net] netfilter: bridge: re-order check_hbh_len() (Paolo Abeni) [1343640 1265259] - [net] netfilter: bridge: refactor frag_max_size (Paolo Abeni) [1343640 1265259] - [net] netfilter: bridge: really save frag_max_size between PRE and POST_ROUTING (Paolo Abeni) [1343640 1265259] - [net] bridge: Save frag_max_size between PRE_ROUTING and POST_ROUTING (Paolo Abeni) [1343640 1265259] [3.10.0-327.29.1] - [fs] fanotify: fix double free of pending permission events (Richard Guy Briggs) [1352939 1339092] - [fs] fsnotify: rename event handling functions (Richard Guy Briggs) [1352939 1339092] - [fs] fanotify: convert access_mutex to spinlock (Richard Guy Briggs) [1352939 1339092] - [fs] fanotify: use fanotify event structure for permission response processing (Richard Guy Briggs) [1352939 1339092] - [fs] fanotify: remove useless bypass_perm check (Richard Guy Briggs) [1352939 1339092] - [fs] fanotify: fix notification of groups with inode & mount marks (Miklos Szeredi) [1348828 1308393] - [fs] fsnotify: Allocate overflow events with proper type (Richard Guy Briggs) [1345774 1135562] - [fs] fanotify: Handle overflow in case of permission events (Richard Guy Briggs) [1345774 1135562] - [fs] fsnotify: Fix detection whether overflow event is queued (Richard Guy Briggs) [1345774 1135562] - [fs] inotify: Fix reporting of cookies for inotify events (Richard Guy Briggs) [1345774 1135562] - [fs] fanotify: Fix use after free for permission events (Richard Guy Briggs) [1345774 1135562] - [fs] fsnotify: Do not return merged event from fsnotify_add_notify_event() (Richard Guy Briggs) [1345774 1135562] - [fs] fanotify: Fix use after free in mask checking (Richard Guy Briggs) [1345774 1135562] - [fs] fsnotify: remove pointless NULL initializers (Richard Guy Briggs) [1345774 1135562] - [fs] fsnotify: remove .should_send_event callback (Richard Guy Briggs) [1345774 1135562] - [fs] fsnotify: do not share events between notification groups (Richard Guy Briggs) [1345774 1135562] - [fs] inotify: provide function for name length rounding (Richard Guy Briggs) [1345774 1135562] - [fs] revert 'inotify: don't add consecutive overflow events to the queue' (Richard Guy Briggs) [1345774 1135562] - Revert: [fs] fanotify: fix notification of groups with inode & mount marks (Miklos Szeredi) [1348828 1308393] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3134 CVE-2016-4997 CVE-2016-4998 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [2.8.3-7] - Fixes variation of CVE-2016-5418: Hard links could include '..' in their path. [2.8.3-6] - Fixes CVE-2016-5418: Archive Entry with type 1 (hardlink) causes file overwrite (#1365774) [2.8.3-5] - enable testsuite - CVE batch in summer 2016 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5844 CVE-2015-8932 CVE-2015-8921 CVE-2016-7166 CVE-2016-5418 CVE-2015-8920 CVE-2016-4809 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.4.0-1.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [45.4.0-1] - Update to 45.4.0 ESR CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-5261 CVE-2016-5257 CVE-2016-5250 CVE-2016-5270 CVE-2016-5274 CVE-2016-5272 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5284 CVE-2016-5281 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 Oracle Linux 7 [1.0.1e-48.3] - fix CVE-2016-2177 - possible integer overflow - fix CVE-2016-2178 - non-constant time DSA operations - fix CVE-2016-2179 - further DoS issues in DTLS - fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio() - fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue - fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec() - fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check - fix CVE-2016-6304 - unbound memory growth with OCSP status request - fix CVE-2016-6306 - certificate message OOB reads - mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to 112 bit effective strength - replace expired testing certificates IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2181 CVE-2016-2177 CVE-2016-6304 CVE-2016-2178 CVE-2016-6306 CVE-2016-6302 CVE-2016-2179 CVE-2016-2180 CVE-2016-2182 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 [83-276.0.1.el5_11] - Added kvm-add-oracle-workaround-for-libvirt-bug.patch - Added kvm-Introduce-oel-machine-type.patch [83-275.el5_11] - kvm-virtio-error-out-if-guest-exceeds-virtqueue-size.patch [bz#1359723] - Resolves: bz#1359723 CVE-2016-5403 kvm: Qemu: virtio: unbounded memory allocation on host via guest leading to DoS [rhel-5.11.z] [kvm-83.275.el5] - kvm-vga-fix-banked-access-bounds-checking-CVE-2016-3710.patch [bz#1334173] - Resolves: bz#1334173 CVE-2016-3710 kvm: qemu: incorrect banked access bounds checking in vga module [rhel-5.11.z] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3710 CVE-2016-5403 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:5:11:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [30:9.3.6-25.P1.9] - Fix CVE-2016-2776 [30:9.3.6-25.P1.8] - Fix issue with patch for CVE-2016-1285 and CVE-2016-1286 found by test suite [30:9.3.6-25.P1.7] - Fix CVE-2016-1285 and CVE-2016-1286 [30:9.3.6-25.P1.6] - Fix CVE-2015-8704 [30:9.3.6-25.P1.5] - Fix CVE-2015-8000 [30:9.3.6-25.P1.4] - Fix CVE-2015-5722 [30:9.3.6-25.P1.3] - Fix CVE-2015-5477 [30:9.3.6-25.P1.2] - Remove files backup after patching (Related: #1171971) [30:9.3.6-25.P1.1] - Fix CVE-2014-8500 (#1171971) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2776 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 5 [32:9.7.0-21.P2.7] - Fix CVE-2016-2776 [32:9.7.0-21.P2.6] - Fix CVE-2016-1285 and CVE-2016-1286 [32:9.7.0-21.P2.5] - Fix CVE-2015-8704 [32:9.7.0-21.P2.4] - Fix CVE-2015-8000 [32:9.7.0-21.P2.3] - Fix CVE-2015-5722 [32:9.7.0-21.P2.2] - Fix CVE-2015-5477 [32:9.7.0-21.P2.1] - Fix CVE-2014-8500 (#1171972) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2776 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:5::latest Oracle Linux 7 Oracle Linux 6 [8.2.0-5] - Rebase HTTPoxy patch and bump release for rebuild Resolves: rhbz#1358789 [8.2.0-4] - Fix HTTPoxy CVE-2016-1000111 Resolves: rhbz#1358789 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1000111 cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.4.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [45.4.0-1] - Update to 45.4.0 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5257 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [2.6.32-642.6.1] - [net] tcp: make challenge acks less predictable (Florian Westphal) [1355606 1355607] {CVE-2016-5696} - [fs] sunrpc: move NO_CRKEY_TIMEOUT to the auth->au_flags (Scott Mayhew) [1366962 1294939] - [usbhid] hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands (Yauheni Kaliuta) [1359999 1360008] {CVE-2016-5829} [2.6.32-642.5.1] - [scsi] megaraid_sas: Do not fire MR_DCMD_PD_LIST_QUERY to controllers which do not support it (Tomas Henzl) [1359039 1352826] - [scsi] libfc: sanity check cpu number extracted from xid (Chris Leech) [1359036 1351356] - [security] keys: potential uninitialized variable (Mateusz Guzik) [1345945 1345946] {CVE-2016-4470} - [fs] gfs2: Lock holder cleanup (Robert S Peterson) [1359038 1238861] - [fs] gfs2: Large-filesystem fix for 32-bit systems (Robert S Peterson) [1359038 1238861] - [fs] gfs2: Get rid of gfs2_ilookup (Robert S Peterson) [1359038 1238861] - [fs] gfs2: Fix gfs2_lookup_by_inum lock inversion (Robert S Peterson) [1359038 1238861] - [fs] gfs2: Initialize iopen glock holder for new inodes (Robert S Peterson) [1359038 1238861] - [fs] gfs2: Release iopen glock in gfs2_create_inode error cases (Robert S Peterson) [1359038 1238861] - [fs] gfs2: Wait for iopen glock dequeues (Robert S Peterson) [1359038 1238861] - [fs] gfs2: Re-add an omission from upstream (Robert S Peterson) [1359038 1238861] - [fs] gfs2: Eliminate parameter non_block on gfs2_inode_lookup (Robert S Peterson) [1359038 1238861] - [fs] gfs2: Don't filter out I_FREEING inodes anymore (Robert S Peterson) [1359038 1238861] - [fs] gfs2: Check if iopen is held when deleting inode (Robert S Peterson) [1359037 1173286] - [fs] gfs2: Don't do glock put when inode creation fails (Robert S Peterson) [1359037 1173286] - [fs] gfs2: Prevent delete work from occurring on glocks used for create (Robert S Peterson) [1359037 1173286] - [fs] gfs2: Always use iopen glock for gl_deletes (Robert S Peterson) [1359037 1173286] - [fs] gfs2: Update master statfs buffer with sd_statfs_spin locked (Robert S Peterson) [1359037 1173286] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4470 CVE-2016-5829 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch Oracle Linux 6 [0:6.0.24-98] - Resolves: rhbz#1362210 CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header - Resolves: rhbz#1368119 [0:6.0.24-97] - Resolves: rhbz#1367051 CVE-2015-5174 URL Normalization issue - Resolves: rhbz#1367054 CVE-2016-0706 Security Manager bypass via StatusManagerServlet - Resolves: rhbz#1367058 CVE-2016-0714 Security Manager bypass via persistence mechanisms - Resolves: rhbz#1367054 CVE-2015-5345 Directory disclosure [0:6.0.24-96] - Resolves: rhbz#1357123 rpm -V tomcat6 fails due on /var/log/tomcat6/catalina.out IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0706 CVE-2016-6325 CVE-2015-5345 CVE-2016-0714 CVE-2016-5388 CVE-2015-5174 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest Oracle Linux 7 [0:7.0.54-8] - Resolves: rhbz#1368121 [0:7.0.54-7] - Resolves: rhbz#1362212 Tomcat: CGI sets environmental variable based on user supplied Proxy request header - Resolves: rhbz#1368121 [0:7.0.54-5] - Resolves: rhbz#1362567 [0:7.0.54-4] - Resolves: CVE-2015-5346 [0:7.0.54-3] - Resolves: CVE-2014-7810 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-5346 CVE-2016-5388 CVE-2014-7810 CVE-2016-6325 CVE-2016-5425 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 - [3.10.0-327.36.2.OL7] - Oracle Linux certificates (Alexey Petrenko) [3.10.0-327.36.2] - [net] add recursion limit to GRO (Sabrina Dubroca) [1378405 1374191] {CVE-2016-7039} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-7039 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 Oracle Linux 7 [1:1.8.0.111-0.b15] - added nss restricting requires - Resolves: rhbz#1381990 [1:1.8.0.111-0.b15] - Turn debug builds on for all JIT architectures. Always AssumeMP on RHEL. - Resolves: rhbz#1381990 [1:1.8.0.111-0.b15] - Update to aarch64-jdk8u111-b15, with AArch64 fix for S8160591. - Resolves: rhbz#1381990 [1:1.8.0.111-0.b14] - Update to aarch64-jdk8u111-b14. - Drop the CORBA typo fix, which appears upstream in u111. - Add LCMS 2 patch to fix Red Hat security issue RH1367357 in the local OpenJDK copy. - Resolves: rhbz#1381990 [1:1.8.0.102-1.b14] - New variable, @prefix@, needs to be substituted in tapsets (rhbz1371005) - Resolves: rhbz#1381990 [1:1.8.0.102-0.b14] - Update to aarch64-jdk8u102-b14. - Drop 8140620, 8148752 and 6961123, all of which appear upstream in u102. - Move 8159244 to 8u111 section as it only appears to be in unpublished u102 b31. - Move 8158260 to 8u112 section following its backport to 8u. - Resolves: rhbz#1381990 [1:1.8.0.101-4.b15] - Update to aarch64-jdk8u101-b15. - Rebase SystemTap tarball on IcedTea 3.1.0 versions so as to avoid patching. - Drop additional hunk for 8147771 which is now applied upstream. - Resolves: rhbz#1381990 CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-5554 CVE-2016-5597 CVE-2016-5582 CVE-2016-5573 CVE-2016-5542 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 5 Oracle Linux 6 [30:9.3.6-25.P1.10] - Fix CVE-2016-2848 [30:9.3.6-25.P1.9] - Fix CVE-2016-2776 [30:9.3.6-25.P1.8] - Fix issue with patch for CVE-2016-1285 and CVE-2016-1286 found by test suite [30:9.3.6-25.P1.7] - Fix CVE-2016-1285 and CVE-2016-1286 [30:9.3.6-25.P1.6] - Fix CVE-2015-8704 [30:9.3.6-25.P1.5] - Fix CVE-2015-8000 [30:9.3.6-25.P1.4] - Fix CVE-2015-5722 [30:9.3.6-25.P1.3] - Fix CVE-2015-5477 [30:9.3.6-25.P1.2] - Remove files backup after patching (Related: #1171971) [30:9.3.6-25.P1.1] - Fix CVE-2014-8500 (#1171971) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2848 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 [32:9.7.0-21.P2.8] - Fix CVE-2016-2848 [32:9.7.0-21.P2.7] - Fix CVE-2016-2776 [32:9.7.0-21.P2.6] - Fix CVE-2016-1285 and CVE-2016-1286 [32:9.7.0-21.P2.5] - Fix CVE-2015-8704 [32:9.7.0-21.P2.4] - Fix CVE-2015-8000 [32:9.7.0-21.P2.3] - Fix CVE-2015-5722 [32:9.7.0-21.P2.2] - Fix CVE-2015-5477 [32:9.7.0-21.P2.1] - Fix CVE-2014-8500 (#1171972) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2848 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:5::latest Oracle Linux 7 - [3.10.0-327.36.3.OL7] - Oracle Linux certificates (Alexey Petrenko) [3.10.0-327.36.3] - [mm] remove gup_flags FOLL_WRITE games from __get_user_pages() (Alexander Gordeev) [1385123 1385124] {CVE-2016-5195} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5195 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [2.6.32-642.6.2] - [mm] close FOLL MAP_PRIVATE race (Larry Woodman) [1385116 1385117] {CVE-2016-5195} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5195 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch Oracle Linux 5 kernel - 2.6.18-416.0.0.0.1 - [netfront] fix ring buffer index go back led vif stop [orabug 18272251] - [net] fix tcp_trim_head() (James Li) [orabug 14512145, 19219078] - ocfs2: dlm: fix recovery hung (Junxiao Bi) [orabug 13956772] - i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1583 CVE-2016-5195 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 kernel [2.6.18-416] - [mm] Fix Privilege escalation via MAP_PRIVATE (Larry Woodman) [1385112] {CVE-2016-5195} [2.6.18-415] - [fs] gfs2: Initialize atime of I_NEW inodes (Andreas Grunbacher) [1374861] - [fs] gfs2: Update file times after grabbing glock (Andreas Grunbacher) [1374861] - Revert: [fs] gfs2: Only refresh newer in-memory timestamps (Andreas Grunbacher) [1374861] [2.6.18-414] - [redhat] Fix missed -413 kernel version (Alexander Gordeev) [2.6.18-413] - [redhat] Disable 'Invalid version (double separator '-')' error (Alexander Gordeev) [1375746] - [fs] jbd: Fix oops in journal_remove_journal_head() (Lukas Czerner) [1067708] - [fs] jbd: Fix race between CP and journal_get_write_access() (Lukas Czerner) [1067708] - [fs] ecryptfs: prevent mounts backed by procfs (Mateusz Guzik) [1347100] {CVE-2016-1583} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1583 CVE-2016-5195 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 [30:9.3.6-25.P1.11] - Fix CVE-2016-8864 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-8864 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ovs3 cpe:/a:oracle:linux:5:11:patch Oracle Linux 5 [32:9.7.0-21.P2.9] - Fix CVE-2016-8864 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-8864 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:5::latest Oracle Linux 7 [2.17-157] - Rebuild with updated binutils (#1268008) [2.17-156] - malloc arena free free list management fix (#1276753) [2.17-155] - Basic validity check for locale-archive.tmpl (#1350733) [2.17-153] - Add Intel AVX-512 optimized routines (#1298526). [2.17-151] - Improve malloc peformance in low-memory situations (#1255822). [2.17-150] - Improve performance on Intel Knights Landing/Silvermont (#1292018). [2.17-149] - Improve performance on Intel Purley (#1335286). [2.17-148] - Support upstream build infrastrucutre changes (#1256317). [2.17-147] - CVE-2016-3075: Stack overflow in nss_dns_getnetbyname_r (#1321993) [2.17-146] - s390: Restore signal mask on setcontext/swapcontext (#1249114). - s390: Fix backtrace in the presence of makecontext (#1249115). [2.17-145] - Fix times() handling of EFAULT when buf is NULL (#1308728). [2.17-144] - Fix sem_post/sem_wait race causing sem_post to return EINVAL (#1027348). [2.17-143] - Support installing only those locales specified by the RPM macro %_install_langs (#1296297). [2.17-142] - Fix Linux kernel UAPI header synchronization for IPv6 (#1268050). [2.17-141] - Update BIG5-HKSCS charmap to HKSCS-2008 (#1211823) [2.17-140] - Remove printf from signal handler in tst-longjump_chk2 (#1346397) [2.17-139] - Improve libm performance AArch64 (#1302086) [2.17-138] - Search locale archive again after alias expansion (#971416) [2.17-137] - Revert IPv6 name server management changes (#1305132) [2.17-136] - aarch64: Fix bits/stat.h FTM guards (#1221046) [2.17-135] - aarch64: Fix various minor ABI incompatibilities (#1335925) [2.17-134] - aarch64: Correct definition of MINSIGSTKSZ/SIGSTKSZ (#1335629) [2.17-133] - Require libselinux for nscd in non-bootstrap configuration (#1255847). [2.17-132] - Fix a number of long-standing issues in the TZ parser (#1234449). [2.17-131] - Remove PER_THREAD preprocessor macro from malloc - Use final upstream patch for arena free list fix (#1276753) [2.17-130] - Prevent the compiler from clobbering floating point and vector registers in S390 symbol resolution functions (#1324427). - Improve posix_fallocate behavior with NFS file descriptors (#1140250). [2.17-129] - Remove a race condition from tst-mqueue5.c test to prevent spurious failures (#1064063). [2.17-128] - Prevent a deadlock in gethostbyname_r (#1288613). [2.17-127] - Use test-skeleton.c in tests (#1298354). [2.17-126] - Fix inconsistent passwd compensation in nss/bug17079.c (#1293433). [2.17-125] - Backport tst-getpw enhancement to limit the time the test takes up (#1298349). [2.17-124] - Log system information during build (#1307028). [2.17-123] - Avoid appending duplicate shift sequences in iconv (#1293916). [2.17-122] - Reorganize POWER7 and POWER8 support (#1213267). - Only build POWER7 runtime for ppc64p7. - Only build POWER8 runtime for ppc64le. - Configure with --with-cpu=power8 for ppc64le. - Configure with --with-cpu=power8 for ppc. - Configure with --with-cpu=power7 for ppc64 default runtime. [2.17-121] - Build require gcc-c++ for the C++ tests. - Add --with/--without controls for building glibc (#1255847) - Support --without testsuite option to disable testing after build. - Support --without benchtests option to disable microbenchmarks (placeholder for upstream compatibility only) - Update --with bootstrap to disable valgrind, documentation, selinux, and nss-crypt during bootstrap. - Support --without werror to disable building with -Werror. - Support --without docs to disable build requirement on texinfo. - Support --with valgrind to enable testing with valgrind. [2.17-120] - Make minor compatibility adjustments in headers (#1268050). [2.17-119] - Avoid aliasing issue in tst-rec-dlopen (#1292224) [2.17-118] - Suppress expected backtrace in tst-malloc-backtrace (#1276631). [2.17-117] - Avoid ld.so crash when audit modules provide path (#1211100) [2.17-116] - Avoid 'monstartup: out of memory' error on powerpc64le (#1249102). [2.17-115] - Configure --with-cpu=power8 on powerpc64 to generate POWER8 instructions for POWER8 runtime (#1183088, #1213267). [2.17-114] - Add enhanced and optimized support for IBM z13 systems (#1268008). [2.17-113] - Prevent the malloc arena free list form turning cyclic (#1276753). [2.17-112] - Backported POWER8 optimizations for math and string functions (#1240351). [2.17-111] - Fix NULL pointer dereference in stub resolver with unconnectable name server addresses (#1320596). [2.17-110] - Fix memory leak in ftell for wide-oriented streams (#1310530). [2.17-109] - Avoid race condition in _int_free involving fastbins (#1305406). [2.17-108] - Fix CVE-2015-7547: getaddrinfo() stack-based buffer overflow (#1296031). - Fix madvise performance issues (#1284959). - Avoid 'monstartup: out of memory' error on powerpc64le (#1249102). - Update malloc testing for 32-bit POWER (#1293976). [2.17-107] - Fix CVE-2015-5229: calloc() may return non-zero memory (#1293976). LOW Copyright 2016 Oracle, Inc. CVE-2016-3075 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 - [3.10.0-514.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-514] - [mm] remove gup_flags FOLL_WRITE games from __get_user_pages() (Larry Woodman) [1385124] {CVE-2016-5195} [3.10.0-513] - [md] dm raid: fix compat_features validation (Mike Snitzer) [1383726] [3.10.0-512] - [fs] revert 'ext4: pre-zero allocated blocks for DAX IO' (Eric Sandeen) [1380571] - [fs] nfsd: fix corruption in notifier registration ('J. Bruce Fields') [1378363] - [fs] xfs: log recovery tracepoints to track current lsn and buffer submission (Brian Foster) [1362730] - [fs] xfs: update metadata LSN in buffers during log recovery (Brian Foster) [1362730] - [fs] xfs: dont warn on buffers not being recovered due to LSN (Brian Foster) [1362730] - [fs] xfs: pass current lsn to log recovery buffer validation (Brian Foster) [1362730] - [fs] xfs: rework log recovery to submit buffers on LSN boundaries (Brian Foster) [1362730] - [x86] perf/uncore: Disable uncore on kdump kernel (Jiri Olsa) [1379569] - [netdrv] mlx4_core: Fix to clean devlink resources (Kamal Heib) [1379504] [3.10.0-511] - [net] add recursion limit to GRO (Sabrina Dubroca) [1374191] {CVE-2016-7039} - [mm] cgroup: fix hugetlb_cgroup_read() (Jerome Marchand) [1378236] - [fs] nfs: change invalidatepage prototype to accept length (Benjamin Coddington) [1366131] - [fs] xfs: quiesce the filesystem after recovery on readonly mount (Eric Sandeen) [1375457] - [fs] xfs: rework buffer dispose list tracking (Brian Foster) [1349175] - [fs] ext4: pre-zero allocated blocks for DAX IO (Eric Sandeen) [1367989] - [fs] gfs2: Initialize atime of I_NEW inodes (Andreas Grunbacher) [1379447] - [fs] gfs2: Update file times after grabbing glock (Andreas Grunbacher) [1379447] - [x86] topology: Handle CPUID bogosity gracefully (Vitaly Kuznetsov) [1377988] - [netdrv] sfc: check async completer is !NULL before calling (Jarod Wilson) [1368201] - [infiniband] ib/mlx5: Fix iteration overrun in GSI qps (Don Dutile) [1376941] [3.10.0-510] - [kernel] audit: fix exe_file access in audit_exe_compare (Richard Guy Briggs) [1374478] - [kernel] mm: introduce get_task_exe_file (Richard Guy Briggs) [1374478] - [kernel] prctl: avoid using mmap_sem for exe_file serialization (Richard Guy Briggs) [1374478] - [kernel] mm: rcu-protected get_mm_exe_file() (Richard Guy Briggs) [1374478] - [dm] dm-raid: reverse validation of nosync+rebuild flags (Heinz Mauelshagen) [1371717] - [x86] kvm: correctly reset dest_map->vector when restoring LAPIC state (Paolo Bonzini) [1367716] - [s390] dasd: fix hanging device after clear subchannel (Gustavo Duarte) [1368068] - [netdrv] bna: fix crash in bnad_get_strings() (Ivan Vecera) [1376508] - [netdrv] bna: add missing per queue ethtool stat (Ivan Vecera) [1376508] - [powerpc] kvm: Implement kvm_arch_intc_initialized() for PPC (David Gibson) [1375778] - [powerpc] kvm: book3s: Dont crash if irqfd used with no in-kernel XICS emulation (David Gibson) [1375778] [3.10.0-509] - [mm] sparse: use memblock apis for early memory allocations (Koki Sanagi) [1375453] - [mm] memblock: add memblock memory allocation apis (Koki Sanagi) [1375453] - [mm] thp: harden the debug kernel with a strict check for thp_mmu_gather (Andrea Arcangeli) [1369365] - [mm] thp: initialize thp_mmu_gather for newly allocated migrated pages (Andrea Arcangeli) [1369365] - [mm] thp: put_huge_zero_page() with MMU gather #2 (Andrea Arcangeli) [1369365] - [fs] nfs: fix BUG() crash in notify_change() with patch to chown_common() ('J. Bruce Fields') [1342695] - [net] ipv6: gro: fix forwarding of tunneled packets (Jiri Benc) [1375438] - [net] sctp: hold the transport before using it in sctp_hash_cmp (Xin Long) [1368884] - [net] sctp: identify chunks that need to be fragmented at IP level (Xin Long) [1371377] - [scsi] be2iscsi: revert: _bh for io_sgl_lock and mgmt_sgl_lock (Maurizio Lombardi) [1374223] - [block] blk-mq: Allow timeouts to run while queue is freezing (Gustavo Duarte) [1372483] - [block] defer timeouts to a workqueue (Gustavo Duarte) [1372483] - [netdrv] tg3: Fix for disallow tx coalescing time to be 0 (Ivan Vecera) [1368885] - [netdrv] tg3: Fix for diasllow rx coalescing time to be 0 (Ivan Vecera) [1368885] - [infiniband] rdma/ocrdma: Support user AH creation for RoCE-v2 (Don Dutile) [1376120] - [infiniband] rdma/ocrdma: Support RoCE-v2 in the RC path (Don Dutile) [1376120] - [infiniband] rdma/ocrdma: Support RoCE-v2 in the UD path (Don Dutile) [1376120] - [infiniband] rdma/ocrdma: Export udp encapsulation capability (Don Dutile) [1376120] - [infiniband] ib/mlx5: Fix wrong naming of port_rcv_data counter (Don Dutile) [1374862] [3.10.0-508] - [drm] i915: Add GEN7_PCODE_MIN_FREQ_TABLE_GT_RATIO_OUT_OF_RANGE to SNB (Lyude Paul) [1341633 1355776] - [drm] i915/gen9: implement missing case for SKL watermarks calculation (Lyude Paul) [1341633 1355776] - [drm] i915/gen9: fix the watermark res_blocks value (Lyude Paul) [1341633 1355776] - [drm] i915/gen9: fix plane_blocks_per_line on watermarks calculations (Lyude Paul) [1341633 1355776] - [drm] i915/gen9: minimum scanlines for Y tile is not always 4 (Lyude Paul) [1341633 1355776] - [drm] i915/gen9: fix the WaWmMemoryReadLatency implementation (Lyude Paul) [1341633 1355776] - [drm] i915/skl: Dont try to update plane watermarks if they havent changed (Lyude Paul) [1341633 1355776] - [drm] i915/skl: Update DDB values atomically with wms/plane attrs (Lyude Paul) [1341633 1355776] - [drm] i915: Move CRTC updating in atomic_commit into its own hook (Lyude Paul) [1341633 1355776] - [drm] i915/skl: Ensure pipes with changed wms get added to the state (Lyude Paul) [1341633 1355776] - [drm] i915/skl: Update plane watermarks atomically during plane updates (Lyude Paul) [1341633 1355776] - [drm] i915/gen9: Only copy WM results for changed pipes to skl_hw (Lyude Paul) [1341633 1355776] - [drm] i915/skl: Add support for the SAGV, fix underrun hangs (Lyude Paul) [1341633 1355776] - [drm] i915/gen6+: Interpret mailbox error flags (Lyude Paul) [1341633 1355776] - [drm] i915/gen9: Only copy WM results for changed pipes to skl_hw (Lyude Paul) [1341633 1355776] [3.10.0-507] - [netdrv] ixgbe: fix spoofed packets with macvlans (Ken Cox) [1324631] - [tools] perf mem: Fix -t store option for record command (Jiri Olsa) [1357531 1357543] - [x86] clock: Fix kvm guest tsc initialization (Prarit Bhargava) [1372759] - [x86] tsc: Enumerate BXT tsc_khz via CPUID (Prarit Bhargava) [1372759] - [drm] i915: Enable polling when we dont have hpd (Lyude Paul) [1277863] - [drm] i915/vlv: Disable HPD in valleyview_crt_detect_hotplug() (Lyude Paul) [1277863] - [drm] i915/vlv: Reset the ADPA in vlv_display_power_well_init() (Lyude Paul) [1277863] - [drm] i915/vlv: Make intel_crt_reset() per-encoder (Lyude Paul) [1277863] - [fs] Fix NULL pointer dereference in bl_free_device() (Benjamin Coddington) [1356796] - [fs] nfs/blocklayout: support RH/Fedora dm-mpath device nodes (Benjamin Coddington) [1356796] - [fs] nfs/blocklayout: refactor open-by-wwn (Benjamin Coddington) [1356796] - [fs] nfs/blocklayout: use proper fmode for opening block devices (Benjamin Coddington) [1356796] - [fs] sunrpc: fix UDP memory accounting (Paolo Abeni) [1298899] [3.10.0-506] - [kernel] timekeeping: Cap adjustments so they dont exceed the maxadj value (Marcelo Tosatti) [1246218] - [kernel] fork: allocate idle task for a CPU always on its local node (Oleg Nesterov) [1339635] - [kernel] sys: do_sysinfo() use get_monotonic_boottime() (Milos Vyletel) [1373224] - [fs] proc/uptime: uptime_proc_show() use get_monotonic_boottime() (Milos Vyletel) [1373224] - [fs] exec: de_thread: mt-exec should update ->real_start_time (Milos Vyletel) [1373224] - [fs] ovl: clear nlink on rmdir (Miklos Szeredi) [1373787] - [fs] ovl: share inode for hard link (Miklos Szeredi) [1373787] - [fs] ovl: use generic_delete_inode (Miklos Szeredi) [1373787] - [fs] ovl: handle umask and posix_acl_default correctly on creation (Miklos Szeredi) [1351863] - [fs] ovl: fix sgid on directory (Miklos Szeredi) [1351863] - [fs] ovl: copyattr after setting POSIX ACL (Miklos Szeredi) [1371638] - [fs] ovl: Switch to generic_removexattr (Miklos Szeredi) [1371651] - [fs] ovl: Get rid of ovl_xattr_noacl_handlers array (Miklos Szeredi) [1371651] - [fs] ext4: print ext4 mount option data_err=abort correctly (Lukas Czerner) [1342403] - [fs] nfs4: Avoid migration loops (Benjamin Coddington) [1355977] - [fs] nfs: dont create zero-length requests (Benjamin Coddington) [1324635] - [fs] xfs: dont assert fail on non-async buffers on ioacct decrement (Brian Foster) [1363822] - [fs] btrfs: set S_IOPS_WRAPPER consistently (Eric Sandeen) [1182456] - [fs] xfs: prevent dropping ioend completions during buftarg wait (Brian Foster) [1370177] - [fs] gfs2: Fix extended attribute readahead optimization (Robert S Peterson) [1256539] - [mm] page_alloc: dont re-init pageset in zone_pcp_update() (Yasuaki Ishimatsu) [1374114] - [mm] readahead: Move readahead limit outside of readahead, and advisory syscalls (Kyle Walker) [1351353] - [net] veth: sctp: add NETIF_F_SCTP_CRC to device features (Xin Long) [1367105] - [net] veth: Update features to include all tunnel GSO types (Xin Long) [1367105] - [tty] serial: 8250_dw: add ability to handle the peripheral clock (Prarit Bhargava) [1367476] - [x86] mm: Fix regression panic at boot time seen on some NUMA systems (Larry Woodman) [1372047] - [x86] mm: non-linear virtual memory fix for KNL4 erratum (Larry Woodman) [1372047] - [x86] tsc: Add rdtscll() merge helper (Mitsuhiro Tanino) [1372398] - [x86] kvm: Expose more Intel AVX512 feature to guest (Paolo Bonzini) [1369038] - [s390] pci: remove iomap sanity checks (Jason Wang) [1373503] - [nvme] Add device IDs with stripe quirk (David Milburn) [1371642] - [scsi] mpt3sas: Fix panic when aer correct error occurred (Frank Ramsay) [1374745] - [iommu] vt-d: Disable passthrough mode on Kexec kernel (Myron Stowe) [1367621] - [netdrv] ixgbe: Eliminate useless message and improve logic (Ken Cox) [1369519] - [netdrv] sfc: check MTU against minimum threshold (Jarod Wilson) [1363683] [3.10.0-505] - [hv] balloon: replace ha_region_mutex with spinlock (Vitaly Kuznetsov) [1361245] - [hv] balloon: dont wait for ol_waitevent when memhp_auto_online is enabled (Vitaly Kuznetsov) [1361245] - [hv] balloon: account for gaps in hot add regions (Vitaly Kuznetsov) [1361245] - [hv] balloon: keep track of where ha_region starts (Vitaly Kuznetsov) [1361245] - [mm] memory-hotplug: add hot-added memory ranges to memblock before allocate node_data for a node (Yasuaki Ishimatsu) [1365766] - [mm] memory-hotplug: fix wrong edge when hot add a new node (Yasuaki Ishimatsu) [1365766] - [rtc] rtc-rx8581: Mark tech preview (Prarit Bhargava) [1362164] - [rtc] rtc-rx8581.c: add SMBus-only adapters support (Prarit Bhargava) [1362164] - [rtc] rtc-rx8581.c: remove empty function (Prarit Bhargava) [1362164] - [pci] Restore original checksums of pci symbols (Stanislav Kozina) [1370477] - [net] reserve kABI fields in struct packet_type (Jiri Benc) [1358738] - [net] openvswitch: Ignore negative headroom value (Jakub Sitnicki) [1369642] - [scsi] qla2xxx: Update the driver version to 8.07.00.33.07.3-k1 (Chad Dupuis) [1367530] - [scsi] qla2xxx: Set FLOGI retry in additional firmware options for P2P (N2N) mode (Chad Dupuis) [1361279] - [scsi] qla2xxx: prevent board_disable from running during EEH (Chad Dupuis) [1367530] - [kernel] sched/fair: Fix typo in sync_throttle() (Xunlei Pang) [1341003] - [kernel] sched/fair: Rework throttle_count sync (Xunlei Pang) [1341003] - [kernel] sched/fair: Do not announce throttled next buddy in dequeue_task_fair() (Xunlei Pang) [1341003] - [kernel] sched/fair: Initialize throttle_count for new task-groups lazily (Xunlei Pang) [1341003] - [kernel] audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [1359306] {CVE-2016-6136} - [powerpc] revert 'pci: Assign fixed PHB number based on device-tree properties' (Gustavo Duarte) [1360353 1373109] - [powerpc] revert 'pci: Fix endian bug in fixed PHB numbering' (Gustavo Duarte) [1360353 1373109] - [infiniband] rdma/ocrdma: Fix the max_sge reported from FW (Honggang Li) [1369540] [3.10.0-504] - [fs] dax: disable dax on ext2 and ext3 (Jeff Moyer) [1369900] - [fs] dax: mark tech preview (Jeff Moyer) [1369825] - [fs] pmem: disable dax mounting in the prsence of media errors (Jeff Moyer) [1367132] - [fs] xfs: Add alignment check for DAX mount (Jeff Moyer) [1367132] - [fs] ext4: Add alignment check for DAX mount (Jeff Moyer) [1367132] - [fs] block: Add bdev_dax_supported() for dax mount checks (Jeff Moyer) [1367132] - [fs] block: Add vfs_msg() interface (Jeff Moyer) [1367132] - [tools] x86/insn: remove pcommit (Jeff Moyer) [1350153] - [x86] revert 'kvm: x86: add pcommit support' (Jeff Moyer) [1350153] - [tools] pmem: kill __pmem address space (Jeff Moyer) [1350153] - [kernel] pmem: kill wmb_pmem() (Jeff Moyer) [1350153] - [nvdimm] libnvdimm, pmem: use nvdimm_flush() for namespace I/O writes (Jeff Moyer) [1350153] - [fs] dax: remove wmb_pmem() (Jeff Moyer) [1350153] - [kernel] libnvdimm, pmem: flush posted-write queues on shutdown (Jeff Moyer) [1350153] - [nvdimm] libnvdimm, pmem: use REQ_FUA, REQ_FLUSH for nvdimm_flush() (Jeff Moyer) [1350153] - [nvdimm] libnvdimm: cycle flush hints (Jeff Moyer) [1350153] - [kernel] libnvdimm: introduce nvdimm_flush() and nvdimm_has_flush() (Jeff Moyer) [1350153] - [nvdimm] libnvdimm: keep region data alive over namespace removal (Jeff Moyer) [1350153] - [tools] testing/nvdimm: simulate multiple flush hints per-dimm (Jeff Moyer) [1350153] - [kernel] libnvdimm, nfit: move flush hint mapping to region-device driver-data (Jeff Moyer) [1350153] - [kernel] libnvdimm, nfit: remove nfit_spa_map() infrastructure (Jeff Moyer) [1350153] - [kernel] libnvdimm: introduce devm_nvdimm_memremap(), convert nfit_spa_map() users (Jeff Moyer) [1350153] - [acpi] nfit: dont override return value of nfit_mem_init (Jeff Moyer) [1350153] - [acpi] nfit: always associate flush hints (Jeff Moyer) [1350153] - [tools] testing/nvdimm: remove __wrap_devm_memremap_pages placeholder (Jeff Moyer) [1350153] - [kernel] devm: add helper devm_add_action_or_reset() (Jeff Moyer) [1350153] [3.10.0-503] - [scsi] sas: remove is_sas_attached() (Ewan Milne) [1370231] - [scsi] ses: use scsi_is_sas_rphy instead of is_sas_attached (Ewan Milne) [1370231] - [scsi] sas: provide stub implementation for scsi_is_sas_rphy (Ewan Milne) [1370231] - [target] lio: assume a maximum of 1024 iovecs (Andy Grover) [1367597] - [scsi] smartpqi: bump driver version (Scott Benesh) [1370631] - [scsi] smartpqi: add smartpqi.txt (Scott Benesh) [1370631] - [scsi] smartpqi: update maintainers (Scott Benesh) [1370631] - [scsi] smartpqi: update Kconfig (Scott Benesh) [1370631] - [scsi] smartpqi: remove timeout for cache flush operations (Scott Benesh) [1370631] - [scsi] smartpqi: scsi queuecommand cleanup (Scott Benesh) [1370631] - [scsi] smartpqi: minor tweaks to update time support (Scott Benesh) [1370631] - [scsi] smartpqi: minor function reformating (Scott Benesh) [1370631] - [scsi] smartpqi: correct event acknowledgement timeout issue (Scott Benesh) [1370631] - [scsi] smartpqi: correct controller offline issue (Scott Benesh) [1370631] - [scsi] smartpqi: add kdump support (Scott Benesh) [1370631] - [scsi] smartpqi: enhance reset logic (Scott Benesh) [1370631] - [scsi] smartpqi: enhance drive offline informational message (Scott Benesh) [1370631] - [scsi] smartpqi: simplify spanning (Scott Benesh) [1370631] - [scsi] smartpqi: change tmf macro names (Scott Benesh) [1370631] - [scsi] smartpqi: change aio sg processing (Scott Benesh) [1370631] [3.10.0-502] - [fs] rbd: add force close option (Ilya Dryomov) [1196119] - [fs] rbd: add 'config_info' sysfs rbd device attribute (Ilya Dryomov) [1196119] - [fs] rbd: add 'snap_id' sysfs rbd device attribute (Ilya Dryomov) [1196119] - [fs] rbd: add 'cluster_fsid' sysfs rbd device attribute (Ilya Dryomov) [1196119] - [fs] rbd: add 'client_addr' sysfs rbd device attribute (Ilya Dryomov) [1196119] - [fs] rbd: print capacity in decimal and features in hex (Ilya Dryomov) [1196119] - [fs] rbd: support for exclusive-lock feature (Ilya Dryomov) [1196119] - [fs] rbd: retry watch re-registration periodically (Ilya Dryomov) [1196119] - [fs] rbd: introduce a per-device ordered workqueue (Ilya Dryomov) [1196119] - [fs] libceph: rename ceph_client_id() -> ceph_client_gid() (Ilya Dryomov) [1196119] - [fs] libceph: support for blacklisting clients (Ilya Dryomov) [1196119] - [fs] libceph: support for lock.lock_info (Ilya Dryomov) [1196119] - [fs] libceph: support for advisory locking on RADOS objects (Ilya Dryomov) [1196119] - [fs] libceph: add ceph_osdc_call() single-page helper (Ilya Dryomov) [1196119] - [fs] libceph: support for CEPH_OSD_OP_LIST_WATCHERS (Ilya Dryomov) [1196119] - [fs] libceph: rename ceph_entity_name_encode() -> ceph_auth_entity_name_encode() (Ilya Dryomov) [1196119] - [fs] libceph: make cancel_generic_request() static (Ilya Dryomov) [1196119] - [fs] libceph: fix return value check in alloc_msg_with_page_vector() (Ilya Dryomov) [1196119] - [fs] ceph: fix symbol versioning for ceph_monc_do_statfs (Ilya Dryomov) [1196119] - [fs] libceph: add start en/decoding block helpers (Ilya Dryomov) [1196119] - [fs] libceph: add an ONSTACK initializer for oids (Ilya Dryomov) [1196119] - [fs] libceph: fix some missing includes (Ilya Dryomov) [1196119] - [mm] swap: flush lru pvecs on compound page arrival (Jerome Marchand) [1341766 1343920] - [md] raid1/raid10: slow down resync if there is non-resync activity pending (Jes Sorensen) [1371545] - [x86] hibernate: Use hlt_play_dead() when resuming from hibernation (Lenny Szubowicz) [1229590] - [x86] Mark Intel Purley 2 socket processor as supported (Steve Best) [1362645] - [i2c] i801: Add support for Kaby Lake PCH-H (David Arcari) [1310953] - [mfd] lpss: Add Intel Kaby Lake PCH-H PCI IDs (David Arcari) [1310953] - [usb] dwc3: pci: add Intel Kabylake PCI ID (David Arcari) [1310953] - [edac] sb_edac: Fix channel reporting on Knights Landing (Aristeu Rozanski) [1367330] - [include] bluetooth: Fix kabi breakage in struct hci_core (Don Zickus) [1370583] - [powerpc] pci: Fix endian bug in fixed PHB numbering (Gustavo Duarte) [1360353] - [powerpc] pci: Assign fixed PHB number based on device-tree properties (Gustavo Duarte) [1360353] [3.10.0-501] - [netdrv] sfc: work around TRIGGER_INTERRUPT command not working on SFC9140 (Jarod Wilson) [1368201] - [netdrv] sfc: remove duplicate assignment (Jarod Wilson) [1368201] - [netdrv] sfc: include size-binned TX stats on sfn8542q (Jarod Wilson) [1368201] - [netdrv] sfc: fix potential stack corruption from running past stat bitmask (Jarod Wilson) [1368201] - [netdrv] sfc: avoid division by zero (Jarod Wilson) [1368201] - [netdrv] sfc: get timer configuration from adapter (Jarod Wilson) [1368201] - [netdrv] sfc: set interrupt moderation via MCDI (Jarod Wilson) [1368201] - [netdrv] sfc: use new performance based event queue init (Jarod Wilson) [1368201] - [netdrv] sfc: retrieve second word of datapath capabilities (Jarod Wilson) [1368201] - [netdrv] sfc: allow asynchronous MCDI without completion function (Jarod Wilson) [1368201] - [netdrv] sfc: update MCDI protocol headers (Jarod Wilson) [1368201] - [netdrv] sfc: avoid -Wtype-limits warning (Jarod Wilson) [1368201] - [netdrv] sfc: Fix VLAN filtering feature if vPort has VLAN_RESTRICT flag (Jarod Wilson) [1368201] - [netdrv] sfc: Update MCDI protocol definitions (Jarod Wilson) [1368201] - [netdrv] sfc: Disable VLAN filtering by default if not strictly required (Jarod Wilson) [1368201] - [netdrv] sfc: VLAN filters must only be created if the firmware supports this (Jarod Wilson) [1368201] - [netdrv] sfc: Fix dup unknown multicast/unicast filters after datapath reset (Jarod Wilson) [1368201] - [netdrv] sfc: Refactor checks for invalid filter ID (Jarod Wilson) [1368201] - [netdrv] sfc: Take mac_lock before calling efx_ef10_filter_table_probe (Jarod Wilson) [1368201] - [netdrv] sfc: Implement ndo_vlan_rx_{add, kill}_vid() callbacks (Jarod Wilson) [1368201] - [netdrv] sfc: Implement list of VLANs added over interface (Jarod Wilson) [1368201] - [netdrv] sfc: Make EF10 filter management helper functions VLAN-aware (Jarod Wilson) [1368201] - [netdrv] sfc: Store unicast and multicast promisc flag with address cache (Jarod Wilson) [1368201] - [netdrv] sfc: Move filter IDs to per-VLAN data structure (Jarod Wilson) [1368201] - [netdrv] sfc: Forget filter ID when the filter is marked old (Jarod Wilson) [1368201] - [netdrv] sfc: Assert filter_sem write locked when required (Jarod Wilson) [1368201] - [netdrv] sfc: Add efx_nic member with fixed netdev features (Jarod Wilson) [1368201] - [netdrv] sfc: Move last mc_promisc flag to EF10 filter table state (Jarod Wilson) [1368201] - [netdrv] sfc: Define macro with EF10 offload feature (Jarod Wilson) [1368201] - [netdrv] sfc: on MC reset, clear PIO buffer linkage in TXQs (Jarod Wilson) [1368201] - [netdrv] sfc: disable RSS when unsupported (Jarod Wilson) [1368201] - [netdrv] sfc: implement IPv6 NFC (and IPV4_USER_FLOW) (Jarod Wilson) [1368201] - [netdrv] i40iw: Receive notification events correctly (Stefan Assmann) [1371734] - [netdrv] i40iw: Update hw_iwarp_state (Stefan Assmann) [1371734] - [netdrv] i40iw: Send last streaming mode message for loopback connections (Stefan Assmann) [1371734] - [netdrv] i40iw: Avoid writing to freed memory (Stefan Assmann) [1371734] - [netdrv] i40iw: Fix double free of allocated_buffer (Stefan Assmann) [1371734] - [netdrv] i40iw: Add missing NULL check for MPA private data (Stefan Assmann) [1371734] - [netdrv] i40iw: Add missing check for interface already open (Stefan Assmann) [1371734] - [netdrv] i40iw: Protect req_resource_num update (Stefan Assmann) [1371734] - [netdrv] i40iw: Change mem_resources pointer to a u8 (Stefan Assmann) [1371734] - [netdrv] hv_netvsc: fix bonding devices check in netvsc_netdev_event() (Vitaly Kuznetsov) [1364333] - [netdrv] hv_netvsc: protect module refcount by checking net_device_ctx->vf_netdev (Vitaly Kuznetsov) [1364333] - [netdrv] hv_netvsc: reset vf_inject on VF removal (Vitaly Kuznetsov) [1364333] - [netdrv] hv_netvsc: avoid deadlocks between rtnl lock and vf_use_cnt wait (Vitaly Kuznetsov) [1364333] - [netdrv] hv_netvsc: dont lose VF information (Vitaly Kuznetsov) [1364333] - [netdrv] mlx4_en: Add resilience in low memory systems (kamal heib) [1367818] - [netdrv] net/mlx4_en: Move filters cleanup to a proper location (kamal heib) [1367818] [3.10.0-500] - [drm] amdgpu: Disable RPM helpers while reprobing connectors on resume (Rob Clark) [1348329 1349064] - [drm] i915/kbl: Kabylake uses the same GMS values as Skylake (Rob Clark) [1348329 1349064] - [drm] i915/bxt: Broxton uses the same GMS values as Skylake (Rob Clark) [1348329 1349064] - [drm] i915/skl: Add the additional graphics stolen sizes (Rob Clark) [1348329 1349064] - [drm] x86/gpu: Sprinkle const, __init and __initconst to stolen memory quirks (Rob Clark) [1348329 1349064] - [drm] x86/gpu: Implement stolen memory size early quirk for CHV (Rob Clark) [1348329 1349064] - [drm] x86/gpu: Fix sign extension issue in Intel graphics stolen memory quirks (Rob Clark) [1348329 1349064] - [drm] makefile: update DRM version (Rob Clark) [1348329 1349064] - [drm] i915: Revert DisplayPort fast link training feature (Rob Clark) [1348329 1349064] - [drm] vmwgfx: Fix error paths when mapping framebuffer (Rob Clark) [1348329 1349064] - [drm] vmwgfx: Fix corner case screen target management (Rob Clark) [1348329 1349064] - [drm] vmwgfx: Delay pinning fbdev framebuffer until after mode set (Rob Clark) [1348329 1349064] - [drm] vmwgfx: Check pin count before attempting to move a buffer (Rob Clark) [1348329 1349064] - [drm] vmwgfx: Work around mode set failure in 2D VMs (Rob Clark) [1348329 1349064] - [drm] vmwgfx: Add an option to change assumed FB bpp (Rob Clark) [1348329 1349064] - [drm] ttm: Make ttm_bo_mem_compat available (Rob Clark) [1348329 1349064] - [drm] atomic: Make drm_atomic_legacy_backoff reset crtc->acquire_ctx (Rob Clark) [1348329 1349064] - [drm] amd/powerplay: fix incorrect voltage table value for tonga (Rob Clark) [1348329 1349064] - [drm] amd/powerplay: incorrectly use of the function return value (Rob Clark) [1348329 1349064] - [drm] amd/powerplay: fix logic error (Rob Clark) [1348329 1349064] - [drm] amd/powerplay: need to notify system bios pcie device ready (Rob Clark) [1348329 1349064] - [drm] amd/powerplay: fix bug that function parameter was incorect (Rob Clark) [1348329 1349064] - [drm] make drm_atomic_set_mode_prop_for_crtc() more reliable (Rob Clark) [1348329 1349064] - [drm] add missing drm_mode_set_crtcinfo call (Rob Clark) [1348329 1349064] - [drm] i915: Refresh cached DP port register value on resume (Rob Clark) [1348329 1349064] - [drm] i915/ilk: Dont disable SSC source if its in use (Rob Clark) [1348329 1349064] - [drm] nouveau/disp/sor/gf119: select correct sor when poking training pattern (Rob Clark) [1348329 1349064] - [drm] nouveau: fix for disabled fbdev emulation (Rob Clark) [1348329 1349064] - [drm] nouveau/ltc/gm107-: fix typo in the address of NV_PLTCG_LTC0_LTS0_INTR (Rob Clark) [1348329 1349064] - [drm] nouveau/gr/gf100-: update sm error decoding from gk20a nvgpu headers (Rob Clark) [1348329 1349064] - [drm] nouveau/bios/disp: fix handling of 'match any protocol' entries (Rob Clark) [1348329 1349064] - [drm] dp/mst: Always clear proposed vcpi table for port (Rob Clark) [1348329 1349064] - [drm] amdgpu: initialize amdgpu_cgs_acpi_eval_object result value (Rob Clark) [1348329 1349064] - [drm] amdgpu: fix num_rbs exposed to userspace (v2) (Rob Clark) [1348329 1349064] - [drm] amdgpu/gfx7: fix broken condition check (Rob Clark) [1348329 1349064] - [drm] radeon: fix asic initialization for virtualized environments (Rob Clark) [1348329 1349064] - [drm] i915: Removing PCI IDs that are no longer listed as Kabylake (Rob Clark) [1348329 1349064] - [drm] i915: Add more Kabylake PCI IDs (Rob Clark) [1348329 1349064] - [drm] i915/kbl: Introduce the first official DMC for Kabylake (Rob Clark) [1348329 1349064] - [drm] i915/bxt: Reject DMC firmware versions with known bugs (Rob Clark) [1348329 1349064] - [drm] i915/gen9: implement WaConextSwitchWithConcurrentTLBInvalidate (Rob Clark) [1348329 1349064] - [drm] i915: implement WaClearTdlStateAckDirtyBits (Rob Clark) [1348329 1349064] - [drm] i915/kbl: Add WaClearSlmSpaceAtContextSwitch (Rob Clark) [1348329 1349064] - [drm] i915/kbl: Add WaDisableSbeCacheDispatchPortSharing (Rob Clark) [1348329 1349064] - [drm] i915/kbl: Add WaDisableGafsUnitClkGating (Rob Clark) [1348329 1349064] - [drm] i915/kbl: Add WaForGAMHang (Rob Clark) [1348329 1349064] - [drm] i915: Add WaInsertDummyPushConstP for bxt and kbl (Rob Clark) [1348329 1349064] - [drm] i915/kbl: Add WaDisableDynamicCreditSharing (Rob Clark) [1348329 1349064] - [drm] i915/kbl: Add WaDisableLSQCROPERFforOCL (Rob Clark) [1348329 1349064] - [drm] i915/kbl: Add WaDisableFenceDestinationToSLM for A0 (Rob Clark) [1348329 1349064] - [drm] i915/kbl: Add WaEnableGapsTsvCreditFix (Rob Clark) [1348329 1349064] - [drm] i915: Mimic skl with WaForceEnableNonCoherent (Rob Clark) [1348329 1349064] - [drm] i915/gen9: Always apply WaForceContextSaveRestoreNonCoherent (Rob Clark) [1348329 1349064] - [drm] i915/kbl: Add WaSkipStolenMemoryFirstPage for A0 (Rob Clark) [1348329 1349064] - [drm] i915/kbl: Add REVID macro (Rob Clark) [1348329 1349064] - [drm] i915/kbl: Init gen9 workarounds (Rob Clark) [1348329 1349064] - [drm] i915/gen9: implement WaEnableSamplerGPGPUPreemptionSupport (Rob Clark) [1348329 1349064] - [drm] i915/gen9: add WaClearFlowControlGpgpuContextSave (Rob Clark) [1348329 1349064] - [drm] i915/skl: Add WaDisableGafsUnitClkGating (Rob Clark) [1348329 1349064] - [drm] i915/gen9: Add WaVFEStateAfterPipeControlwithMediaStateClear (Rob Clark) [1348329 1349064] - [drm] i915: Introduce Kabypoint PCH for Kabylake H/DT (Rob Clark) [1348329 1349064] - [drm] revert 'drm/i915: Exit cherryview_irq_handler() after one pass' (Rob Clark) [1348329 1349064] - [drm] core: Do not preserve framebuffer on rmfb, v4 (Rob Clark) [1348329 1349064] - [drm] i915: Pass the correct crtc state to .update_plane() (Rob Clark) [1348329 1349064] - [drm] Add helper for DP++ adaptors (Rob Clark) [1348329 1349064] - [drm] i915: Fix watermarks for VLV/CHV (Rob Clark) [1348329 1349064] - [drm] i915: Dont leave old junk in ilk active watermarks on readout (Rob Clark) [1348329 1349064] - [drm] i915: Enable/disable TMDS output buffers in DP++ adaptor as needed (Rob Clark) [1348329 1349064] - [drm] i915: Respect DP++ adaptor TMDS clock limit (Rob Clark) [1348329 1349064] - [drm] i915/psr: Try to program link training times correctly (Rob Clark) [1348329 1349064] - [drm] amdgpu: Fix hdmi deep color support (Rob Clark) [1348329 1349064] - [drm] amdgpu: use drm_mode_vrefresh() rather than mode->vrefresh (Rob Clark) [1348329 1349064] - [drm] vmwgfx: Kill some lockdep warnings (Rob Clark) [1348329 1349064] - [drm] gma500: Fix possible out of bounds read (Rob Clark) [1348329 1349064] [3.10.0-499] - [drm] i915/hsw: Disable PSR by default (Lyude Paul) [1367930] - [x86] nmi: Enable nested do_nmi() handling for 64-bit kernels (Jiri Olsa) [1365704] - [net] ipv4: igmp: Allow removing groups from a removed interface (Jiri Benc) [1369427] - [net] netfilter: ebtables: put module reference when an incorrect extension is found (Sabrina Dubroca) [1369325] - [net] sctp: linearize early if its not GSO (Marcelo Leitner) [1058148] - [net] sctp_diag: Respect ss adding TCPF_CLOSE to idiag_states (Phil Sutter) [1361728] - [net] sctp_diag: Fix T3_rtx timer export (Phil Sutter) [1361728] - [net] sctp: Export struct sctp_info to userspace (Phil Sutter) [1361728] - [net] macsec: ensure rx_sa is set when validation is disabled (Sabrina Dubroca) [1368429] - [net] macsec: use after free when deleting the underlying device (Sabrina Dubroca) [1368429] - [target] target/user: Fix failure to unlock a spinlock upon function return (Andy Grover) [1367873] - [target] target/user: Fix comments to not refer to data ring (Andy Grover) [1367873] - [target] target/user: Return an error if cmd data size is too large (Andy Grover) [1367873] - [target] target/user: Use sense_reason_t in tcmu_queue_cmd_ring (Andy Grover) [1367873] - [target] Backport tcm-user from 4.6 (Andy Grover) [1367873] - [uio] Export definition of struct uio_device (Andy Grover) [1367873] - [netdrv] i40iw: Add NULL check for puda buffer (Stefan Assmann) [1367425] - [netdrv] i40iw: Change dup_ack_thresh to u8 (Stefan Assmann) [1367425] - [netdrv] i40iw: Remove unnecessary check for moving CQ head (Stefan Assmann) [1367425] - [netdrv] i40iw: Simplify code to set fragments in SQ WQE (Stefan Assmann) [1367425] - [netdrv] i40iw: Remove unnecessary parameter to i40iw_cq_poll_completion (Stefan Assmann) [1367425] - [netdrv] i40iw: Do not access pointer after free (Stefan Assmann) [1367425] - [netdrv] i40iw: Correct and use size parameter to i40iw_reg_phys_mr (Stefan Assmann) [1367425] - [netdrv] i40iw: Fix return codes (Stefan Assmann) [1367425] - [netdrv] i40e: Correcting mutex usage in client code (Stefan Assmann) [1367425] - [netdrv] i40e: Initialize pointer in client_release function (Stefan Assmann) [1367425] - [netdrv] i40e: Check client is open before calling client ops (Stefan Assmann) [1367425] - [netdrv] i40e: Force register writes to mitigate sync issues with iwarp VF driver (Stefan Assmann) [1367425] - [netdrv] i40e: Move the mutex lock in i40e_client_unregister (Stefan Assmann) [1367425] - [infiniband] ib/uverbs: Initialize ib_qp_init_attr with zeros (Honggang Li) [1365720] [3.10.0-498] - [scsi] aacraid: Check size values after double-fetch from user (Maurizio Lombardi) [1369771] {CVE-2016-6480} - [fs] block_dev.c: Remove WARN_ON() when inode writeback fails (Eric Sandeen) [1229014] - [fs] ext4: call sync_blockdev() before invalidate_bdev() in put_super() (Eric Sandeen) [1229014] - [mm] page_alloc: rename setup_pagelist_highmark() to match naming of pageset_set_batch() (Pankaj Gupta) [1320834] - [mm] page_alloc: in zone_pcp_update(), uze zone_pageset_init() (Pankaj Gupta) [1320834] - [mm] page_alloc: factor zone_pageset_init() out of setup_zone_pageset() (Pankaj Gupta) [1320834] - [mm] page_alloc: relocate comment to be directly above code it refers to (Pankaj Gupta) [1320834] - [mm] page_alloc: factor setup_pageset() into pageset_init() and pageset_set_batch() (Pankaj Gupta) [1320834] - [mm] page_alloc: when handling percpu_pagelist_fraction, dont unneedly recalulate high (Pankaj Gupta) [1320834] - [mm] page_alloc: convert zone_pcp_update() to rely on memory barriers instead of stop_machine() (Pankaj Gupta) [1320834] - [mm] page_alloc: protect pcp->batch accesses with ACCESS_ONCE (Pankaj Gupta) [1320834] - [mm] page_alloc: insert memory barriers to allow async update of pcp batch and high (Pankaj Gupta) [1320834] - [mm] page_alloc: prevent concurrent updaters of pcp ->batch and ->high (Pankaj Gupta) [1320834] - [mm] page_alloc: factor out setting of pcp->high and pcp->batch (Pankaj Gupta) [1320834] - [hid] i2c-hid: Fix suspend/resume when already runtime suspended (David Arcari) [1361625] - [hid] i2c-hid: Only disable irq wake if it was successfully enabled during suspend (David Arcari) [1361625] - [hid] i2c-hid: Call device suspend callback before disabling irq (David Arcari) [1361625] - [hid] i2c-hid: call the hid drivers suspend and resume callbacks (David Arcari) [1361625] - [hid] i2c-hid: add runtime PM support (David Arcari) [1361625] - [hid] i2c-hid: disable interrupt on suspend (David Arcari) [1361625] - [lib] rhashtable-test: calculate max_entries value by default (Phil Sutter) [1238749] - [x86] tsc: Enumerate SKL cpu_khz and tsc_khz via CPUID (Prarit Bhargava) [1366396] - [x86] Block HPET on Purley 4S (Prarit Bhargava) [1365997] - [base] regmap: Skip read-only registers in regcache_sync() (Jaroslav Kysela) [1365905 1367789] - [tools] perf: Add sample_reg_mask to include all perf_regs (Steve Best) [1368934] - [netdrv] i40e: Change some init flow for the client (Stefan Assmann) [1369275] - [netdrv] mlx5e: Log link state changes (kamal heib) [1367822] [3.10.0-497] - [kernel] ftrace: fix traceoff_on_warning handling on boot command line ('Luis Claudio R. Goncalves') [1367650] - [netdrv] ixgbe: fix setup_fc for x550em (Ken Cox) [1364896] - [netdrv] cxgb4/cxgb4vf: Fixes regression in perf when tx vlan offload is disabled (Sai Vemuri) [1319437] - [netdrv] cxgb4/cxgb4vf: Add link mode mask API to cxgb4 and cxgb4vf (Sai Vemuri) [1365689] - [netdrv] cxgb4: Dont assume FW_PORT_CMD reply is always port info msg (Sai Vemuri) [1365689] - [netdrv] ethtool: add support for 25G/50G/100G speed modes (Sai Vemuri) [1365689] - [netdrv] i40e: use configured RSS key and lookup table in i40e_vsi_config_rss (Stefan Assmann) [1359439] - [netdrv] i40e: fix broken i40e_config_rss_aq function (Stefan Assmann) [1359439] - [netdrv] i40e: move i40e_vsi_config_rss below i40e_get_rss_aq (Stefan Assmann) [1359439] - [netdrv] i40e: Remove redundant memset (Stefan Assmann) [1359439] - [netdrv] brcmfmac: restore stopping netdev queue when bus clogs up (Stanislaw Gruszka) [1365575] - [netdrv] iwlwifi: add new 8265 (Stanislaw Gruszka) [1365575] - [netdrv] iwlwifi: add new 8260 PCI IDs (Stanislaw Gruszka) [1365575] - [netdrv] iwlwifi: pcie: fix a race in firmware loading flow (Stanislaw Gruszka) [1365575] - [netdrv] iwlwifi: pcie: enable interrupts before releasing the NICs CPU (Stanislaw Gruszka) [1365575] - [net] mac80211: fix purging multicast PS buffer queue (Stanislaw Gruszka) [1365575] - [net] cfg80211: handle failed skb allocation (Stanislaw Gruszka) [1365575] - [net] nl80211: Move ACL parsing later to avoid a possible memory leak (Stanislaw Gruszka) [1365575] - [net] cfg80211: fix proto in ieee80211_data_to_8023 for frames without LLC header (Stanislaw Gruszka) [1365575] - [net] mac80211: Fix mesh estab_plinks counting in STA removal case (Stanislaw Gruszka) [1365575] - [netdrv] ath9k: fix GPIO mask for AR9462 and AR9565 (Stanislaw Gruszka) [1365575] - [netdrv] ath10k: fix deadlock while processing rx_in_ord_ind (Stanislaw Gruszka) [1365575] - [netdrv] iwlwifi: mvm: fix a few firmware capability checks (Stanislaw Gruszka) [1365575] - [netdrv] iwlwifi: mvm: set the encryption type of an IGTK key (Stanislaw Gruszka) [1365575] - [netdrv] iwlwifi: mvm: fix potential NULL-dereference in iwl_mvm_reorder() (Stanislaw Gruszka) [1365575] - [netdrv] iwlwifi: mvm: fix RCU splat in TKIPs update_key (Stanislaw Gruszka) [1365575] - [netdrv] iwlwifi: mvm: increase scan timeout to 20 seconds (Stanislaw Gruszka) [1365575] - [net] cfg80211: remove get/set antenna and tx power warnings (Stanislaw Gruszka) [1365575] - [netdrv] ath10k: fix crash related to printing features (Stanislaw Gruszka) [1365575] - [netdrv] ath10k: fix deadlock when peer cannot be created (Stanislaw Gruszka) [1365575] - [net] mac80211: fix fast_tx header alignment (Stanislaw Gruszka) [1365575] - [net] mac80211: mesh: flush mesh paths unconditionally (Stanislaw Gruszka) [1365575] - [netdrv] rtlwifi: Fix scheduling while atomic error from commit 49f86ec21c01 (Stanislaw Gruszka) [1365575] - [netdrv] brcmfmac: add fallback for devices that do not report per-chain values (Stanislaw Gruszka) [1365575] [3.10.0-496] - [infiniband] rdma/ocrdma: display ocrdma tech preview status (Honggang Li) [1334675] - [infiniband] ib/rdma_cm: fix panic when trying access default_roce_mode configfs (kamal heib) [1360276] - [infiniband] ib/hfi1: Fix mm_struct use after free (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Add cache evict LRU list (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Fix memory leak during unexpected shutdown (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Remove unneeded mm argument in remove function (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Consistently call ops->remove outside spinlock (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Use evict mmu rb operation (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Add evict operation to the mmu rb handler (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Fix TID caching actions (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Make the cache handler own its rb tree root (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Make use of mm consistent (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Fix user SDMA racy user request claim (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Fix error condition that needs to clean up (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Release node on insert failure (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Validate SDMA user iovector count (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Validate SDMA user request index (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Use the same capability state for all shared contexts (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Prevent null pointer dereference (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Rename TID mmu_rb_* functions (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Remove unneeded empty check in hfi1_mmu_rb_unregister() (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Restructure hfi1_file_open (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Make iovec loop index easy to understand (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Use 'false' not 0 (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Remove unused sub-context parameter (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Consolidate __mmu_rb_remove and hfi1_mmu_rb_remove (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Always expect ops functions (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Add parameter names to callback declarations (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Add parameter names to function declarations (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Remove unused function hfi1_mmu_rb_search (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Remove unused uctxt->subpid and uctxt->pid (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Fix minor format error (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Remove TWSI references (Alex Estrin) [1360929] - [infiniband] ib/hfi1: Use built-in i2c bit-shift bus adapter (Alex Estrin) [1360929] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-8543 CVE-2015-8746 CVE-2015-8956 CVE-2016-2117 CVE-2016-2384 CVE-2016-2847 CVE-2016-3070 CVE-2016-5828 CVE-2016-3841 CVE-2016-6480 CVE-2016-6198 CVE-2016-2069 CVE-2016-4578 CVE-2015-8812 CVE-2015-8844 CVE-2016-2053 CVE-2013-4312 CVE-2016-4794 CVE-2016-6327 CVE-2015-8845 CVE-2016-3156 CVE-2016-3699 CVE-2016-4569 CVE-2016-6136 CVE-2016-4581 CVE-2016-5412 CVE-2016-5829 CVE-2015-8374 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [7.29.0-35] - fix incorrect use of a previously loaded certificate from file (related to CVE-2016-5420) [7.29.0-34] - acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option (required by the fix for CVE-2016-5419) [7.29.0-33] - fix re-using connections with wrong client cert (CVE-2016-5420) - fix TLS session resumption client cert bypass (CVE-2016-5419) [7.29.0-32] - configure: improve detection of GCC's -fvisibility= flag [7.29.0-31] - prevent curl_multi_wait() from missing an event (#1347904) [7.29.0-30] - curl.1: --disable-{eprt,epsv} are ignored for IPv6 hosts (#1305974) [7.29.0-29] - SSH: make CURLOPT_SSH_PUBLIC_KEYFILE treat '' as NULL (#1275769) [7.29.0-28] - prevent NSS from incorrectly re-using a session (#1269855) - call PR_Cleanup() in the upstream test-suite if NSPR is used (#1243324) - disable unreliable upstream test-case 2032 (#1241168) [7.29.0-27] - SSH: do not require public key file for user authentication (#1275769) [7.29.0-26] - implement 'curl --unix-socket' and CURLOPT_UNIX_SOCKET_PATH (#1263318) - improve parsing of URL-encoded user name and password (#1260178) - prevent test46 from failing due to expired cookie (#1258834) MODERATE Copyright 2016 Oracle, Inc. CVE-2016-7141 CVE-2016-5419 CVE-2016-5420 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 libguestfs [1:1.32.7-3] - Rebase to libguestfs 1.32 in RHEL 7.3 resolves: rhbz#1218766 - The full tests are now run after the package has been built. - New tool and subpackage: virt-dib (safe diskimage-builder replacement). - New subpackage libguestfs-inspect-icons to reduce dependencies of main pkg (see https://bugzilla.redhat.com/1194158). - New tool: virt-get-kernel. - Depend on java-headless instead of full java. - New tool: virt-v2v-copy-to-local. - Disable virt-v2v subpackage on ppc64 etc resolves: rhbz#1287826 - v2v: Remove VirtualBox Additions correctly resolves: rhbz#1296606 - Add clearer warnings sections to all man pages resolves: rhbz#1293527 - v2v: Disable the --in-place option. - v2v: Support conversion of Windows > 7 resolves: rhbz#1190669 - Add code to verify tarball signatures. - General performance improvements. - v2v: Prevent duplicate -b, -n, -oa options resolves: rhbz#1326266 resolves: rhbz#1325825 - v2v: Unquote UUID and LABEL in fstab (util-linux 1335671) - v2v: Fix alignment issues in treeviews in conversion dialog resolves: rhbz#1340407 - p2v: spinner should be hidden when it stops spinning resolves: rhbz#1341564 - p2v: ethtool command is not supported on p2v client resolves: rhbz#1341608 - p2v: Add ifconfig command to ISO resolves: rhbz#1342447 - p2v: Warn if virt-p2v-make-disk used on a partition resolves: rhbz#1342337 - Build using OCaml with fix for CVE-2015-8869. resolves: rhbz#1343101 - customize: Add --uninstall option (upstream 1343375) - p2v: Document permissions on id_rsa file resolves: rhbz#1343414 - p2v: Print full curl error message resolves: rhbz#1343423 - get-kernel: Fix --format auto resolves: rhbz#1341984 - v2v: Provide better <Origin/> information to RHEV-M resolves: rhbz#1342398 - customize: Give an error if --truncate-recursive path does not exist resolves: rhbz#1345809 - sysprep: Add --network option so that --install option can be used resolves: rhbz#1345813 - p2v: Print proper error if incorrect password is given resolves: rhbz#1227599 - p2v: Print ssh error if incorrect hostname is given resolves: rhbz#1167916 - p2v: Display progress of operation in non-GUI mode resolves: rhbz#1229386 - p2v: Add a dialog confirming the user really means to cancel resolves: rhbz#1340464 - p2v: log window should process colour escapes and backspaces resolves: rhbz#1314244 - v2v: Fix installation of virtio drivers with *.dll files resolves: rhbz#1311373 - p2v: Improve error message when ssh login to conversion server fails resolves: rhbz#1348900 - v2v: Remove --dcpath parameter from manual resolves: rhbz#1315237 - v2v: Fix conversion of guests with floppy drives resolves: rhbz#1309706 - p2v: Better error when sudo requires a password resolves: rhbz#1340809 - v2v: Refuse to convert if there is < 1GB free in temporary directory resolves: rhbz#1316479 - inspection: Get Windows drive letters for GPT disks resolves: rhbz#1349237 - p2v: Add disk utils and display serial number of disks resolves: rhbz#855058 - p2v: Fix timeout error when connecting to unresponsive ssh server resolves: rhbz#1350363 - Remove external dependency generator. Use supermin RPM deps instead. related: rhbz#1309796 - p2v: Flush messages to the journal immediately resolves: rhbz#1229386 - customize: Fix --install on ppc64le resolves: rhbz#1264835 - lib: Fix finding icons in Windows 7 64 bit guests resolevs: rhbz#1352761 - v2v: Add virsh --quiet flag when running virt-v2v --quiet resolves: rhbz#1358142 - lib: Fix inspection of ISOs with latest libosinfo resolves: rhbz#1359652 - dib: Fix run_command exit handlers on failure resolves: rhbz#1362357 - dib: Rework run of extra-data.d hooks resolves: rhbz#1362354 - Miscellaneous fixes to man pages and --help output resolves: rhbz#1362668 - lib: Specify backing format for read-only files resolves: rhbz#1354335 - Fix --selinux-relabel option resolves: rhbz#1362669 - sparsify: Fix --in-place option with UEFI guest resolves: rhbz#1364347 - p2v: Use latest linux-firmware in ISO resolves: rhbz#1364419 - v2v: Fix guest name when using -i disk resolves: rhbz#1365005 - p2v: Fix GUI message. - v2v: Make fstrim message clearer resolves: rhbz#1366456 - v2v: Fix conversion of UEFI guests when Secure Boot OVMF installed resolves: rhbz#1367615 - lib: Fix assert-fail if port is missing in libvirt XML resolves: rhbz#1370424 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-8869 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [2.0.0-10] - virtlogd: Don't stop or restart along with libvirtd (rhbz#1372576) [2.0.0-9] - Add helper for removing transient definition (rhbz#1368774) - qemu: Remove stale transient def when migration fails (rhbz#1368774) - qemu: Don't use query-migrate on destination (rhbz#1374613) - conf: allow hotplugging 'legacy PCI' device to manually addressed PCIe slot (rhbz#1337490) - conf: Add support for virtio-net.rx_queue_size (rhbz#1366989) - qemu_capabilities: Introduce virtio-net-*.rx_queue_size (rhbz#1366989) - qemu: Implement virtio-net rx_queue_size (rhbz#1366989) - audit: Audit information about shmem devices (rhbz#1218603) - qemu: monitor: Use a more obvious iterator name (rhbz#1375783) - qemu: monitor: qemuMonitorGetCPUInfoHotplug: Add iterator 'anycpu' (rhbz#1375783) - qemu: monitor: Add vcpu state information to monitor data (rhbz#1375783) - qemu: domain: Don't infer vcpu state (rhbz#1375783) [2.0.0-8] - util: storage: Properly set protocol type when parsing gluster json string (rhbz#1372251) - conf: Add IOThread quota and period scheduler/cputune defs (rhbz#1356937) - qemu: Add support to get/set IOThread period and quota cgroup values (rhbz#1356937) - network: new network forward mode 'open' (rhbz#846810) - virtlogd.socket: Tie lifecycle to libvirtd.service (rhbz#1372576) - cpu_x86: Fix minimum match custom CPUs on hosts with CMT (rhbz#1365500) - qemu: cgroup: Extract temporary relaxing of cgroup setting for vcpu hotplug (rhbz#1097930) - qemu: process: Fix start with unpluggable vcpus with NUMA pinning (rhbz#1097930) [2.0.0-7] - qemu: caps: Always assume QEMU_CAPS_SMP_TOPOLOGY (rhbz#1097930) - conf: Extract code formatting vCPU info (rhbz#1097930) - conf: Rename virDomainVcpuInfoPtr to virDomainVcpuDefPtr (rhbz#1097930) - conf: Don't report errors from virDomainDefGetVcpu (rhbz#1097930) - tests: qemuxml2xml: Format status XML header dynamically (rhbz#1097930) - conf: convert def->vcpus to a array of pointers (rhbz#1097930) - conf: Add private data for virDomainVcpuDef (rhbz#1097930) - qemu: domain: Add vcpu private data structure (rhbz#1097930) - qemu: domain: Extract formating and parsing of vCPU thread ids (rhbz#1097930) - qemu: Add cpu ID to the vCPU pid list in the status XML (rhbz#1097930) - qemu: Store vCPU thread ids in vcpu private data objects (rhbz#1097930) - Fix logic in qemuDomainObjPrivateXMLParseVcpu (rhbz#1097930) - qemu: Add qemuProcessSetupPid() and use it in qemuProcessSetupIOThread() (rhbz#1097930) - qemu: Use qemuProcessSetupPid() in qemuProcessSetupEmulator() (rhbz#1097930) - qemu: Use qemuProcessSetupPid() in qemuProcessSetupVcpu() (rhbz#1097930) - qemuBuildCpuCommandLine: Don't leak @buf (rhbz#1097930) - conf: Make really sure we don't access non-existing vCPUs (rhbz#1097930) - conf: Make really sure we don't access non-existing vCPUs again (rhbz#1097930) - qemu: capabilities: Drop unused function virQEMUCapsGetMachineTypes (rhbz#1097930) - qemu: caps: Sanitize storage of machine type related data (rhbz#1097930) - qemu: cap: Refactor access to array in virQEMUCapsProbeQMPMachineTypes (rhbz#1097930) - qemu: monitor: Add monitor API for device_add supporting JSON objects (rhbz#1097930) - qemu: monitor: Add do-while block to QEMU_CHECK_MONITOR_FULL (rhbz#1097930) - qemu: Improve error message in virDomainGetVcpus (rhbz#1097930) - qemu: domain: Rename qemuDomainDetectVcpuPids to qemuDomainRefreshVcpuInfo (rhbz#1097930) - qemu: monitor: Rename qemuMonitor(JSON|Text)GetCPUInfo (rhbz#1097930) - qemu: domain: Improve vCPU data checking in qemuDomainRefreshVcpu (rhbz#1097930) - qemu: domain: Simplify return values of qemuDomainRefreshVcpuInfo (rhbz#1097930) - internal: Introduce macro for stealing pointers (rhbz#1097930) - tests: qemucapabilities: Add data for qemu 2.7.0 (rhbz#1097930) - qemu: setcpus: Report better errors (rhbz#1097930) - qemu: setvcpus: Extract setting of maximum vcpu count (rhbz#1097930) - qemu: driver: Extract setting of live vcpu count (rhbz#1097930) - qemu: driver: Split out regular vcpu hotplug code into a function (rhbz#1097930) - conf: Provide error on undefined vcpusched entry (rhbz#1097930) - qemu: monitor: Return structures from qemuMonitorGetCPUInfo (rhbz#1097930) - qemu: monitor: Return struct from qemuMonitor(Text|Json)QueryCPUs (rhbz#1097930) - qemu: Add capability for query-hotpluggable-cpus command (rhbz#1097930) - qemu: Forbid config when topology based cpu count doesn't match the config (rhbz#1097930) - qemu: capabilities: Extract availability of new cpu hotplug for machine types (rhbz#1097930) - qemu: monitor: Extract QOM path from query-cpus reply (rhbz#1097930) - qemu: monitor: Add support for calling query-hotpluggable-cpus (rhbz#1097930) - qemu: monitor: Add algorithm for combining query-(hotpluggable-)-cpus data (rhbz#1097930) - tests: Add test infrastructure for qemuMonitorGetCPUInfo (rhbz#1097930) - tests: cpu-hotplug: Add data for x86 hotplug with 11+ vcpus (rhbz#1097930) - tests: cpu-hotplug: Add data for ppc64 platform including hotplug (rhbz#1097930) - tests: cpu-hotplug: Add data for ppc64 out-of-order hotplug (rhbz#1097930) - tests: cpu-hotplug: Add data for ppc64 without threads enabled (rhbz#1097930) - qemu: domain: Extract cpu-hotplug related data (rhbz#1097930) - qemu: domain: Prepare for VCPUs vanishing while libvirt is not running (rhbz#1097930) - util: Extract and rename qemuDomainDelCgroupForThread to virCgroupDelThread (rhbz#1097930) - conf: Add XML for individual vCPU hotplug (rhbz#1097930) - qemu: migration: Prepare for non-contiguous vcpu configurations (rhbz#1097930) - qemu: command: Add helper to convert vcpu definition to JSON props (rhbz#1097930) - qemu: process: Copy final vcpu order information into the vcpu definition (rhbz#1097930) - qemu: command: Add support for sparse vcpu topologies (rhbz#1097930) - qemu: Use modern vcpu hotplug approach if possible (rhbz#1097930) - qemu: hotplug: Allow marking unplugged devices by alias (rhbz#1097930) - qemu: hotplug: Add support for VCPU unplug (rhbz#1224341) - virsh: vcpuinfo: Report vcpu number from the structure rather than it's position (rhbz#1097930) - qemu: driver: Fix qemuDomainHelperGetVcpus for sparse vcpu topologies (rhbz#1097930) - doc: clarify documentation for vcpu order (rhbz#1097930) - conf: Don't validate vcpu count in XML parser (rhbz#1097930) - qemu: driver: Validate configuration when setting maximum vcpu count (rhbz#1370066) - conf: Fix build with picky GCC (rhbz#1097930) [2.0.0-6] - qemu_command: don't modify heads for graphics device (rhbz#1366119) - virsh: Fix core for cmdSecretGetValue (rhbz#1366611) - conf: report an error message for non-existing USB hubs (rhbz#1367130) - conf: free the ports array of a USB hub (rhbz#1366097) - utils: storage: Fix JSON field name for uri based storage (rhbz#1367260) - qemu: Adjust the cur_ballon on coldplug/unplug of dimms (rhbz#1220702) - conf: Provide error on undefined iothreadsched entry (rhbz#1366484) - qemu: Fix the command line generation for rbd auth using aes secrets (rhbz#1182074) - qemu: Fix crash hot plugging luks volume (rhbz#1367259) - Revert 'admin: Fix the default uri for session daemon to libvirtd:///session' (rhbz#1367269) - libvirt: convert to typesafe virConf accessors (rhbz#1367269) - admin: Fix default uri config option name s/admin_uri_default/uri_default (rhbz#1367269) - virt-admin: Properly fix the default session daemon URI to admin server (rhbz#1367269) [2.0.0-5] - qemu: Fix domain state after reset (rhbz#1269575) - rpc: virnetserver: Rename ClientSetProcessingControls to ClientSetLimits (rhbz#1357776) - rpc: virnetserver: Move virNetServerCheckLimits which is static up in the file (rhbz#1357776) - rpc: virnetserver: Add code to CheckLimits to handle suspending of services (rhbz#1357776) - admin: rpc: virnetserver: Fix updating of the client limits (rhbz#1357776) - rpc: virnetserver: Remove dead code checking the client limits (rhbz#1357776) - storage: Fix a NULL ptr dereference in virStorageBackendCreateQemuImg (rhbz#1363636) - qemu: Introduce qemuAliasFromHostdev (rhbz#1289391) - qemu: Use the hostdev alias in qemuDomainAttachHostSCSIDevice error path (rhbz#1289391) - storage: Don't remove the pool for buildPool failure in storagePoolCreate (rhbz#1362349) - lxcDomainCreateXMLWithFiles: Avoid crash (rhbz#1363773) - admin: Fix the default uri for session daemon to libvirtd:///session (rhbz#1356858) - docs: Distribute subsite.xsl (rhbz#1365004) - qemuBuildMachineCommandLine: Follow our pattern (rhbz#1304483) - Introduce SMM feature (rhbz#1304483) - Introduce @secure attribute to os loader element (rhbz#1304483) - qemu: Enable secure boot (rhbz#1304483) - qemu: Advertise OVMF_CODE.secboot.fd (rhbz#1304483) - tests: Fix broken build (rhbz#1304483) - cpu_x86: Introduce x86FeatureIsMigratable (rhbz#1365500) - cpu_x86: Properly drop non-migratable features (rhbz#1365500) - tests: Add a test for host-model CPU with CMT feature (rhbz#1365500) - cpu_x86: Fix host-model CPUs on hosts with CMT (rhbz#1365500) - virt-admin: Fix the error when an invalid URI has been provided (rhbz#1365903) - conf: improve error log when PCI devices don't match requested controller (rhbz#1363627) - conf: don't allow connecting upstream-port directly to pce-expander-bus (rhbz#1361172) - conf: restrict where dmi-to-pci-bridge can be connected (rhbz#1363648) - conf: restrict expander buses to connect only to a root bus (rhbz#1358712) - virNetDevMacVLanCreateWithVPortProfile: Don't mask virNetDevMacVLanTapOpen error (rhbz#1240439) [2.0.0-4] - qemu: hotplug: fix changeable media ejection (rhbz#1359071) - lxc: Don't crash by forgetting to ref transient domains (rhbz#1351057) - Introduce <iommu> device (rhbz#1235581) - Add QEMU_CAPS_DEVICE_INTEL_IOMMU (rhbz#1235581) - qemu: format intel-iommu on the command line (rhbz#1235581) - qemu_monitor_json: add support to search QOM device path by device alias (rhbz#1358728) - hvsupport: Introduce parseSymsFile (rhbz#1286679) - hvsupport: use a regex instead of XML::XPath (rhbz#1286679) - hvsupport: construct the group regex upfront (rhbz#1286679) - hvsupport: skip non-matching lines early (rhbz#1286679) - virconf: Fix config file path construction (rhbz#1357364) - virDomainHostdevDefFree: Don't leak privateData (rhbz#1357346) - virt-admin: Output srv-threadpool-info data as unsigned int rather than signed (rhbz#1356769) - util: Introduce virISCSINodeNew (rhbz#1356436) - iscsi: Establish connection to target via static target login (rhbz#1356436) - storage: Document wiping formatted volume types (rhbz#868771) - admin: Retrieve the SASL context for both local and remote connection (rhbz#1361948) - daemon: sasl: Don't forget to save SASL username to client's identity (rhbz#1361948) - vsh: Make vshInitDebug return int instead of void (rhbz#1357363) - tools: Make use of the correct environment variables (rhbz#1357363) - util: Add 'usage' for encryption (rhbz#1301021) - virStorageEncryptionSecretFree: Don't leak secret lookup definition (rhbz#1301021) - encryption: Add luks parsing for storageencryption (rhbz#1301021) - encryption: Add <cipher> and <ivgen> to encryption (rhbz#1301021) - qemu: Introduce helper qemuDomainSecretDiskCapable (rhbz#1301021) - tests: Adjust LUKS tests to use 'volume' secret type (rhbz#1301021) - docs: Update docs to reflect LUKS secret changes (rhbz#1301021) - qemu: Alter error path cleanup for qemuDomainAttachHostSCSIDevice (rhbz#1301021) - qemu: Alter error path cleanup for qemuDomainAttachVirtioDiskDevice (rhbz#1301021) - qemu: Alter error path cleanup for qemuDomainAttachSCSIDisk (rhbz#1301021) - qemu: Move and rename qemuBufferEscapeComma (rhbz#1301021) - storage: Add support to create a luks volume (rhbz#1301021) - qemu: Add secinfo for hotplug virtio disk (rhbz#1301021) - qemu: Alter the qemuDomainGetSecretAESAlias to add new arg (rhbz#1301021) - qemu: Add luks support for domain disk (rhbz#1301021) - qemu: Move setting of obj bools for qemuDomainAttachVirtioDiskDevice (rhbz#1301021) - qemu: Move setting of encobjAdded for qemuDomainAttachSCSIDisk (rhbz#1301021) - storage: Fix error path (rhbz#1301021) - qemu: Disallow usage of luks encryption if aes secret not possible (rhbz#1301021) - storage: Add extra failure condition for luks volume creation (rhbz#1301021) - virstoragefile: refactor virStorageFileMatchesNNN methods (rhbz#1301021) - qemu: Make qemuDomainCheckDiskStartupPolicy self-contained (rhbz#1168453) - qemu: Remove unnecessary label and its only reference (rhbz#1168453) - qemu: Fix support for startupPolicy with volume/pool disks (rhbz#1168453) - virsh: Report error when explicit connection fails (rhbz#1356461) - tests: Add testing of backing store string parser (rhbz#1134878) - util: json: Make first argument of virJSONValueObjectForeachKeyValue const (rhbz#1134878) - util: qemu: Add wrapper for JSON -> commandline conversion (rhbz#1134878) - util: qemu: Add support for user-passed strings in JSON->commandline (rhbz#1134878) - util: qemu: Allow nested objects in JSON -> commandline generator (rhbz#1134878) - util: qemu: Allow for different approaches to format JSON arrays (rhbz#1134878) - util: qemu: Don't generate any extra commas in virQEMUBuildCommandLineJSON (rhbz#1134878) - util: json: Make first argument of virJSONValueCopy const (rhbz#1134878) - util: storage: Add parser for qemu's json backing pseudo-protocol (rhbz#1134878) - util: storage: Add support for host device backing specified via JSON (rhbz#1134878) - util: storage: Add support for URI based backing volumes in qemu's JSON pseudo-protocol (rhbz#1134878) - util: storage: Add json pseudo protocol support for gluster volumes (rhbz#1134878) - util: storage: Add json pseudo protocol support for iSCSI volumes (rhbz#1134878) - util: storage: Add JSON backing volume parser for 'nbd' protocol (rhbz#1134878) - util: storage: Add JSON backing store parser for 'sheepdog' protocol (rhbz#1134878) - util: storage: Add 'ssh' network storage protocol (rhbz#1134878) - util: storage: Add JSON backing volume parser for 'ssh' protocol (rhbz#1134878) - qemu: command: Rename qemuBuildNetworkDriveURI to qemuBuildNetworkDriveStr (rhbz#1247521) - qemu: command: Split out network disk URI building (rhbz#1247521) - qemu: command: Extract drive source command line formatter (rhbz#1247521) - qemu: command: Refactor code extracted to qemuBuildDriveSourceStr (rhbz#1247521) - storage: gluster: Support multiple hosts in backend functions (rhbz#1247521) - util: qemu: Add support for numbered array members (rhbz#1247521) - qemu: command: Add infrastructure for object specified disk sources (rhbz#1247521) - qemu: command: Add support for multi-host gluster disks (rhbz#1247521) - qemu: Need to free fileprops in error path (rhbz#1247521) - storage: remove 'luks' storage volume type (rhbz#1301021) [2.0.0-3] - qemu: getAutoDumpPath() return value should be dumpfile not domname. (rhbz#1354238) - qemu: Copy complete domain def in qemuDomainDefFormatBuf (rhbz#1320470) - qemu: Drop default channel path during migration (rhbz#1320470) - qemu: Fix migration from old libvirt (rhbz#1320500) - Add USB addresses to qemuhotplug test cases (rhbz#1215968) - Introduce virDomainUSBDeviceDefForeach (rhbz#1215968) - Allow omitting USB port (rhbz#1215968) - Store USB port path as an array of integers (rhbz#1215968) - Introduce virDomainUSBAddressSet (rhbz#1215968) - Add functions for adding USB controllers to addrs (rhbz#1215968) - Add functions for adding USB hubs to addrs (rhbz#1215968) - Reserve existing USB addresses (rhbz#1215968) - Add tests for USB address assignment (rhbz#1215968) - Assign addresses to USB devices (rhbz#1215968) - Assign addresses on USB device hotplug (rhbz#1215968) - Auto-add one hub if there are too many USB devices (rhbz#1215968) [2.0.0-2] - qemu: Use bootindex whenever possible (rhbz#1323085) - qemu: Properly reset spiceMigration flag (rhbz#1151723) - qemu: Drop useless SPICE migration code (rhbz#1151723) - qemu: Memory locking is only required for KVM guests on ppc64 (rhbz#1350772) - virtlogd: make max file size & number of backups configurable (rhbz#1351209) - virtlogd: increase max file size to 2 MB (rhbz#1351209) [2.0.0-1] - Rebased to libvirt-2.0.0 (rhbz#1286679) - The rebase also fixes the following bugs: rhbz#735385, rhbz#1004602, rhbz#1046833, rhbz#1180092, rhbz#1216281 rhbz#1283207, rhbz#1286679, rhbz#1289288, rhbz#1302373, rhbz#1304222 rhbz#1312188, rhbz#1316370, rhbz#1320893, rhbz#1322210, rhbz#1325072 rhbz#1325080, rhbz#1332446, rhbz#1333248, rhbz#1333404, rhbz#1334237 rhbz#1335617, rhbz#1335832, rhbz#1337869, rhbz#1341415, rhbz#1342342 rhbz#1342874, rhbz#1342962, rhbz#1343442, rhbz#1344892, rhbz#1344897 rhbz#1345743, rhbz#1346723, rhbz#1346724, rhbz#1346730, rhbz#1350688 rhbz#1351473 [1.3.5-1] - Rebased to libvirt-1.3.5 (rhbz#1286679) - The rebase also fixes the following bugs: rhbz#1139766, rhbz#1182074, rhbz#1209802, rhbz#1265694, rhbz#1286679 rhbz#1286709, rhbz#1318993, rhbz#1319044, rhbz#1320836, rhbz#1326660 rhbz#1327537, rhbz#1328003, rhbz#1328301, rhbz#1329045, rhbz#1336629 rhbz#1337073, rhbz#1339900, rhbz#1341460 [1.3.4-1] - Rebased to libvirt-1.3.4 (rhbz#1286679) - The rebase also fixes the following bugs: rhbz#1002423, rhbz#1004593, rhbz#1038888, rhbz#1103314, rhbz#1220702 rhbz#1286679, rhbz#1289363, rhbz#1320447, rhbz#1324551, rhbz#1325043 rhbz#1325075, rhbz#1325757, rhbz#1326270, rhbz#1327499, rhbz#1328401 rhbz#1329041, rhbz#1329046, rhbz#1329819, rhbz#1331228 [1.3.3-2] - qemu: perf: Fix crash/memory corruption on failed VM start (rhbz#1324757) [1.3.3-1] - Rebased to libvirt-1.3.3 (rhbz#1286679) - The rebase also fixes the following bugs: rhbz#830971, rhbz#986365, rhbz#1151723, rhbz#1195176, rhbz#1249441 rhbz#1260749, rhbz#1264008, rhbz#1269715, rhbz#1278727, rhbz#1281706 rhbz#1282744, rhbz#1286679, rhbz#1288000, rhbz#1289363, rhbz#1293804 rhbz#1306556, rhbz#1308317, rhbz#1313264, rhbz#1313314, rhbz#1314594 rhbz#1315059, rhbz#1316371, rhbz#1316384, rhbz#1316420, rhbz#1316433 rhbz#1316465, rhbz#1317531, rhbz#1318569, rhbz#1321546 [1.3.2-1] - Rebased to libvirt-1.3.2 (rhbz#1286679) - The rebase also fixes the following bugs: rhbz#1197592, rhbz#1235180, rhbz#1244128, rhbz#1244567, rhbz#1245013 rhbz#1250331, rhbz#1265694, rhbz#1267256, rhbz#1275039, rhbz#1282846 rhbz#1283085, rhbz#1286679, rhbz#1290324, rhbz#1293241, rhbz#1293899 rhbz#1299696, rhbz#1305922 [1.3.1-1] - Rebased to libvirt-1.3.1 (rhbz#1286679) - The rebase also fixes the following bugs: rhbz#1207692, rhbz#1233115, rhbz#1245476, rhbz#1298065, rhbz#1026136 rhbz#1207751, rhbz#1210587, rhbz#1250287, rhbz#1253107, rhbz#1254152 rhbz#1257486, rhbz#1266078, rhbz#1271107, rhbz#1159219, rhbz#1163091 rhbz#1196711, rhbz#1263574, rhbz#1270427, rhbz#1245525, rhbz#1247987 rhbz#1248277, rhbz#1249981, rhbz#1251461, rhbz#1256999, rhbz#1264008 rhbz#1265049, rhbz#1265114, rhbz#1270715, rhbz#1272301, rhbz#1273686 rhbz#997561, rhbz#1166452, rhbz#1231114, rhbz#1233003, rhbz#1260576 rhbz#1261432, rhbz#1273480, rhbz#1273491, rhbz#1277781, rhbz#1278404 rhbz#1281707, rhbz#1282288, rhbz#1285665, rhbz#1288690, rhbz#1292984 rhbz#921135, rhbz#1025230, rhbz#1240439, rhbz#1266982, rhbz#1270709 rhbz#1276198, rhbz#1278068, rhbz#1278421, rhbz#1281710, rhbz#1291035 rhbz#1297020, rhbz#1297690 - RHEL: Add rhel machine types to qemuDomainMachineNeedsFDC (rhbz#1227880) - RHEL: qemu: Support vhost-user-multiqueue with QEMU 2.3 (rhbz#1207692) MODERATE Copyright 2016 Oracle, Inc. CVE-2015-5160 CVE-2015-5313 CVE-2016-5008 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 libcmis [0.5.1-2] - Resolves: rhbz#1330591 fix Google Drive login - Related: rhbz#1330591 fix changelog entry [0.5.1-1] - Related: rhbz#1290152 new upstream release [0.5.0-2] - Related: rhbz#1290152 autoreconf is not needed - Related: rhbz#1290152 add a bunch of fixes found by coverity [0.5.0-1] - Resolves: rhbz#1290152 rebase to 0.5.0 libpagemaker [0.0.3-1] - Related: rhbz#1290155 new upstream release [0.0.2-9] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [0.0.2-8] - Rebuilt for Boost 1.60 [0.0.2-7] - Rebuilt for Boost 1.59 [0.0.2-6] - Rebuilt for https://fedoraproject.org/wiki/Changes/F23Boost159 [0.0.2-5] - rebuild for Boost 1.58 [0.0.2-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [0.0.2-3] - Rebuilt for GCC 5 C++11 ABI change [0.0.2-2] - Rebuild for boost 1.57.0 [0.0.2-1] - new upstream release [0.0.1-1] - new upstream release libreoffice [1:5.0.6.2-3.0.1] - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile - Build with --with-vendor='Oracle America, Inc.' [1:5.0.6.2-3] - Resolves: rhbz#1364335 tooltips are truncated [1:5.0.6.2-2] - Resolves: rhbz#1353839 CVE-2016-4324 dereference of invalid STL iterator on processing RTF file [1:5.0.6.2-1] - Related: rhbz#1290148 rebase to 5.0.6 - Related: rhbz#1290148 include more fixes from F-23 [1:5.0.5.2-2] - Related: rhbz#1290148 remove unintentional dependency of libreoffice-core on libreoffice-calc - Related: rhbz#1290148 restore lost changelog entry - Related: rhbz#1290148 add additional 5.0.6 patches [1:5.0.5.2-1] - Resolves: rhbz#1290148 rebase to 5.0.x mdds [0.12.1-1] - Resolves: rhbz#1290153 rebase to 0.12.1 MODERATE Copyright 2016 Oracle, Inc. CVE-2016-0795 CVE-2016-0794 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_developer Oracle Linux 7 [0.26.5-16] - Fix crash in Splash - Resolves: #1299492 [0.26.5-15] - Check array length - Resolves: #1299506 [0.26.5-14] - Show correct glyph or none instead of 'fi' - Resolves: #1298616 [0.26.5-13] - Check for groupColorSpace existance - Resolves: #1299479 [0.26.5-12] - Move array reallocation from visitLine to startLine - Resolves: #1299481 [0.26.5-11] - Repair patch - Resolves: #1299490 [0.26.5-10] - Check for GfxSeparationColorSpace existance - Resolves: #1299490 [0.26.5-9] - Check for int overflow - Resolves: #1299496 [0.26.5-8] - Do not assert on broken document - Resolves: #1299500 [0.26.5-7] - Add missing patch - Resolves: #1299503 [0.26.5-6] - Fix segfault when creating PopplerAction - Resolves: #1299503 MODERATE Copyright 2016 Oracle, Inc. CVE-2015-8868 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 NetworkManager [1:1.4.0-12] - device: consider a device with slaves configured (rh#1333983) [1:1.4.0-11] - build: add RPM dependency for exact glib2 version (rh#1378809) [1:1.4.0-10] - device: improve connection matching for assuming bond and infiniband (rh#1375558) [1:1.4.0-9] - clients: handle secret requests only for current connection (rh#1351272) - device: fix crash reapplying connection to slave devices (rh#1376784) - cli: fix autocompletion after ifname (rh#1375933) [1:1.4.0-8] - libnm: fix crash in nm_vpn_plugin_info_list_get_service_types() (rh#1374526) - device: wait for MAC address change before setting up interface (rh#1371623, rh#1374023) [1:1.4.0-7] - wifi: another fix activation failure due to error changing MAC address (rh#1371623, rh#1374023) - dhcp: fix race condition that may cause lost lease events and DHCP timeouts (rh#1373276) [1:1.4.0-6] - po: add translations (rh#1276476) [1:1.4.0-5] - libnm,nmtui: fix handling empty cloned-mac-address property (rh#1372799) - ibft: grant required CAP_SYS_ADMIN capabilities (rh#1371201) [1:1.4.0-4] - core: really fix wrong source interface for PropertiesChanged D-Bus signal (rh#1371920) [1:1.4.0-3] - wifi: fix activation failure due to error changing MAC address (rh#1371623) - core: fix wrong source interface for PropertiesChanged D-Bus signal (rh#1371920) - team: restore validation of JSON configuration (rh#1371967) - device: manage firewall zone for assumed persistent connections (rh#1366288) - device: don't let external changes cause a release of the slave (rh#1357738) [1:1.4.0-2] - ifcfg-rh: clear IP settings for slave connections (rh#1368761) - ifcfg-rh: accept TEAM connections also without DEVICETYPE setting (rh#1367180) [1:1.4.0-1] - Update to 1.4.0 release - cli: show username when interactively connecting to a wireless network (rh #1351272) - ifcfg-rh: ensure master is cleared when updating a connection (rh #1355656) - policy: always try to update kernel hostname (rh #1362542) - cli: return sane error message for D-Bus policy permission errors (rh #1362542) - device: don't flush addresses when unmanaging assumed devices (rh #1364393) - team: be more tolerant when handling invalid or empty configuration (rh #1366300) - act-request: queue failing the slave when master fails (rh #1367702) - vpn: fix ipv6 configuration of VPNs without a separate interface (rh #1368354) - vpn: properly discard routes with invalid prefix length (rh #1368355) [1:1.4.0-0.6.beta1] - logging: default to syslog (rh #1358335) [1:1.4.0-0.5.beta1] - Update to 1.4-beta1 release - core: fix setting hostname from DHCP (rh #1356015) - vlan: honor the REORDER_HDR flag (rh #1312281) - device: apply MTU setting also to devices without IPv4 configuration (rh #1364275) - bond: improved connection matching (rh #1304641) - team: check return value of g_dbus_connection_call_sync() (rh #1349749) [1:1.4.0-0.4.git20160727.9446481f] - Rebuild for fixed documentation directory in redhat-rpm-macros [1:1.4.0-0.3.git20160727.9446481f] - Update to a more recent 1.4.0 snapshot: - bond: fix defaults and be more liberal in accepting different formats of option values (rh #1352131) - bond: fix setting of 'lp_interval' option (rh #1348573) - device: don't try to generate ipv6ll address for disconnected devices (rh #1351633) - device: make sure we update system hostname when DHCP configuration changes (rh #1356015) - device: tune down warning about failure to set userspace IPv6LL on non-existing device (rh #1323571) - nmcli: add 'nmcli device modify' subcommand to do runtime configuration changes (rh #998000) - nmcli: crash on connection delete/down timeout (rh 355740) - nmcli: fix 8021x settings tab-completion (rh #1301226) - secrets: increase timeout for getting the secrets from the agent (rh #1349740) - team: keep device config property up to date with actual configuration (rh #1310435) - team: make synchronization with teamd more robust (rh #1257237) - vpn: don't merge DNS properties into parent device's configuration (rh #1348901) [1:1.4.0-0.3.git20160621.072358da] - Do not regenerate gtk-doc. Together with parallel make it may cause multilib conflicts [1:1.4.0-0.2.git20160621.072358da] - enable JSON validation configure option - Update to a more recent 1.3.0 snapshot: - team: check return value of g_dbus_connection_call_sync() (rh #1347015) [1:1.4.0-0.1.git20160606.b769b4df] - Update to a 1.3.0 snapshot: - cli: hide secret certificate blobs unless --show-secrets set (rh #1184530) - dns: add support for specifying dns priorities (rh #1228707) - core: wait for IPv6 DAD before completing activation (rh #1243958) - device: take care of default route of DHCP generated-assumed connections (rh #1265239) - team: improve matching of team connection upon service restart (rh #1294728) - device: apply MTU setting also to devices without IPv4 configuration (rh #1303968) - device: reconfigure IP addressing after bringing up device (rh #1309899) - team: expose current device configuration through D-Bus and nmcli (rh #1310435) - systemd: add 'After=dbus.service' to NetworkManager.service (rh #1311988) - cli: handle device failure when activating (rh #1312726) - core,libnm: remove gateway from connection if never-default is set (rh #1313091) - platform: remove padding for IP address lifetimes (rh #1318945) - manager: run dispatcher scripts on suspend/sleep (rh #1330694) - device: remove pending dhcp actions also in IP_DONE state (rh #1330893) - wwan: fixed multiple crashes (rh #1331395) - nmcli: fix tab completion for libreswan import (rh #1337300) [1:1.2.0-2] - write /etc/resolv.conf as file by default instead of symlink (rh#1337222) - rename package config-routing-rules to dispatcher-routing-rules (rh #1334876) [1:1.2.0-1] - Update to NetworkManager 1.2.0 release - vlan: keep the hardware address synchronized with parent device (rh #1325752) - bond: add more options (rh #1299103) [1:1.2.0-0.1.beta3] - Update to a more recent 1.2.0 snapshot [1:1.2.0-0.1.beta2] - Update to a 1.2.0 snapshot: - core: add a connection defaults section to NetworkManager.conf (rh #1164677) - dhcp: make timeout configurable (rh #1262922) - pppoe: set the firewall zone on the correct ip interface (rh #1110465) - device: properly roll back the device activation attempt on failure (rh #1270814) - nmcli: add monitor command (rh #1034158) - nmcli: fix shell completion of bluetooth device names (rh #1271271) - ipv4: add an option to send full FQDN in DHCP requests (rh #1255507) - core: fix a use-after-free() when activating a secondary VPN connection (rh #1277247) - wifi: fix bssid cache updating (rh #1094298) - vlan: honor the reorder-header flag (rh #1250225) - ipv4: do a duplicate address detection (rh #1259063) - core: add LLDP listener to the daemon and utilities (rh #1142898) - vpn: don't fail activation when plugin supports interactive mode, but the VPN daemon does not (rh #1298732) - ipv6: readd the address when the MAC address changes (rh #1286105) - core: avoid generating excessively long names for virtual devices (rh #1300755) - nmcli: add connection import and export (rh #1034105) - vlan: fix matching of connections on assumption (rh #1276343) - core: fix matching of static route metrics on connection assumption (rh #1302532) - core: work around broken device drivers (AWS ENI) that initially have zero MAC address (rh #1288110) - infiniband: set the link down when changing mode, some drivers need that (rh #1281301) - infiniband: retry autoactivation of partitions when parent device changes (rh #1275875) libnl3 [3.2.28-2] - route: fix nl_object_identical() comparing AF_INET addresses (rh #1370503) [3.2.28-1] - update to latest upstream release 3.2.28 (rh #1296058) [3.2.28-0.1] - update to latest upstream release 3.2.28-rc1 (rh #1296058) [3.2.27-1] - rebase package to upstream version 3.2.27 (rh #1296058) network-manager-applet [1.4.0-2] - c-e: fix team page with older GTK and jansson (rh #1079465) [1.4.0-1] - Update to network-manager-applet 1.4.0 release - c-e: add editor for teaming devices (rh #1079465) [1.2.2-2] - c-e: fix tab stop for Create button (rh#1339565) [1.2.2-1] - Update to network-manager-applet 1.2.2 release [1.2.0-1] - Update to network-manager-applet 1.2.0 release [1.2.0-0.1.beta3] - Rebase to 1.2-beta3 LOW Copyright 2016 Oracle, Inc. CVE-2016-0764 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [2.7.1-8] - Use a cache-silent version of mpz_powm to prevent cache-timing attacks against RSA and DSA in shared VMs. (#1364897,CVE-2016-6489) [2.7.1-5] - Fixed SHA-3 implementation to conform to final standard (#1252936) - Fixed CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 which caused issues in secp256r1 and secp384r1 calculations (#1314374) MODERATE Copyright 2016 Oracle, Inc. CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 CVE-2016-6489 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ol7 cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ol7 cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ol7 cpe:/a:oracle:linux:7::u8_security_validation cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ol7 cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ol7 cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ol7 cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7:5:base cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ol7 cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ol7 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ol7 cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ol7 cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ol7 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::optional_archive Oracle Linux 7 [4.2.6p5-25.0.1] - add disable monitor to default ntp.conf [CVE-2013-5211] [4.2.6p5-25] - don't allow spoofed packet to enable symmetric interleaved mode (CVE-2016-1548) - check mode of new source in config command (CVE-2016-2518) - make MAC check resilient against timing attack (CVE-2016-1550) [4.2.6p5-24] - fix crash with invalid logconfig command (CVE-2015-5194) - fix crash when referencing disabled statistic type (CVE-2015-5195) - don't hang in sntp with crafted reply (CVE-2015-5219) - don't crash with crafted autokey packet (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702) - fix memory leak with autokey (CVE-2015-7701) - don't allow setting driftfile and pidfile remotely (CVE-2015-7703) - don't crash in ntpq with crafted packet (CVE-2015-7852) - check key ID in packets authenticated with symmetric key (CVE-2015-7974) - fix crash with reslist command (CVE-2015-7977, CVE-2015-7978) - don't allow spoofed packets to demobilize associations (CVE-2015-7979, CVE-2016-1547) - don't accept server/peer packets with zero origin timestamp (CVE-2015-8138) - fix infinite loop in ntpq/ntpdc (CVE-2015-8158) - fix resetting of leap status (#1242553) - extend rawstats log (#1242877) - report clock state changes related to leap seconds (#1242935) - allow -4/-6 on restrict lines with mask (#1304492) - explain synchronised state in ntpstat man page (#1309594) MODERATE Copyright 2016 Oracle, Inc. CVE-2015-7977 CVE-2015-5219 CVE-2015-7979 CVE-2015-5196 CVE-2015-7701 CVE-2015-7703 CVE-2015-8158 CVE-2015-7974 CVE-2015-5194 CVE-2015-7852 CVE-2015-7978 CVE-2015-7691 CVE-2015-7702 CVE-2015-7692 CVE-2015-5195 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [1.5.3-126.el7] - kvm-virtio-recalculate-vq-inuse-after-migration.patch [bz#1376542] - Resolves: bz#1376542 (RHSA-2016-1756 breaks migration of instances) [1.5.3-125.el7] - kvm-nbd-server-Set-O_NONBLOCK-on-client-fd.patch [bz#1285453] - Resolves: bz#1285453 (An NBD client can cause QEMU main loop to block when connecting to built-in NBD server) [1.5.3-124.el7] - kvm-target-i386-Add-support-for-FEAT_7_0_ECX.patch [bz#1372459] - kvm-target-i386-Add-more-Intel-AVX-512-instructions-supp.patch [bz#1372459] - Resolves: bz#1372459 ([Intel 7.3 Bug] SKL-SP Guest cpu doesnt support avx512 instruction sets(avx512bw, avx512dq and avx512vl) (qemu-kvm)) [1.5.3-123.el7] - kvm-Fix-backport-of-target-i386-add-feature-flags-for-CP.patch [bz#1371619] - kvm-Add-skip_dump-flag-to-ignore-memory-region-during-du.patch [bz#1373088] - Resolves: bz#1371619 (Flags xsaveopt xsavec xgetbv1 are missing on qemu-kvm) - Resolves: bz#1373088 ([FJ7.3 Bug]: virsh dump with both --memory-only and --format option fails) [1.5.3-122.el7] - kvm-virtio-validate-the-existence-of-handle_output-befor.patch [bz#1367040] - Resolves: bz#1367040 (QEMU crash when guest notifies non-existent virtqueue) [1.5.3-121.el7] - kvm-json-parser-drop-superfluous-assignment-for-token-va.patch [bz#1276036] - kvm-qjson-Apply-nesting-limit-more-sanely.patch [bz#1276036] - kvm-qjson-Don-t-crash-when-input-exceeds-nesting-limit.patch [bz#1276036] - kvm-check-qjson-Add-test-for-JSON-nesting-depth-limit.patch [bz#1276036] - kvm-qjson-Spell-out-some-silent-assumptions.patch [bz#1276036] - kvm-qjson-Give-each-of-the-six-structural-chars-its-own-.patch [bz#1276036] - kvm-qjson-Inline-token_is_keyword-and-simplify.patch [bz#1276036] - kvm-qjson-Inline-token_is_escape-and-simplify.patch [bz#1276036] - kvm-qjson-replace-QString-in-JSONLexer-with-GString.patch [bz#1276036] - kvm-qjson-Convert-to-parser-to-recursive-descent.patch [bz#1276036] - kvm-qjson-store-tokens-in-a-GQueue.patch [bz#1276036] - kvm-qjson-surprise-allocating-6-QObjects-per-token-is-ex.patch [bz#1276036] - kvm-qjson-Limit-number-of-tokens-in-addition-to-total-si.patch [bz#1276036] - kvm-json-streamer-Don-t-leak-tokens-on-incomplete-parse.patch [bz#1276036] - kvm-json-streamer-fix-double-free-on-exiting-during-a-pa.patch [bz#1276036] - kvm-trace-remove-malloc-tracing.patch [bz#1360137] - Resolves: bz#1276036 (Crash on QMP input exceeding limits) - Resolves: bz#1360137 (GLib-WARNING **: gmem.c:482: custom memory allocation vtable not supported) [1.5.3-120.el7] - kvm-Add-install-dependency-to-newer-libusbx-version.patch [bz#1351106] - kvm-virtio-error-out-if-guest-exceeds-virtqueue-size.patch [bz#1359729] - Resolves: bz#1351106 (symbol lookup error: /usr/libexec/qemu-kvm: undefined symbol: libusb_get_port_numbers) - Resolves: bz#1359729 (CVE-2016-5403 qemu-kvm: Qemu: virtio: unbounded memory allocation on host via guest leading to DoS [rhel-7.3]) [1.5.3-119.el7] - kvm-qxl-factor-out-qxl_get_check_slot_offset.patch [bz#1355730] - kvm-qxl-store-memory-region-and-offset-instead-of-pointe.patch [bz#1355730] - kvm-qxl-fix-surface-migration.patch [bz#1355730] - kvm-qxl-fix-qxl_set_dirty-call-in-qxl_dirty_one_surface.patch [bz#1355730] - Resolves: bz#1355730 (spice-gtk shows outdated screen state after migration [qemu-kvm]) [1.5.3-118.el7] - kvm-util-introduce-MIN_NON_ZERO.patch [bz#1318199] - kvm-BlockLimits-introduce-max_transfer_length.patch [bz#1318199] - kvm-block-backend-expose-bs-bl.max_transfer_length.patch [bz#1318199] - kvm-scsi-generic-Merge-block-max-xfer-len-in-INQUIRY-res.patch [bz#1318199] - kvm-raw-posix-Fetch-max-sectors-for-host-block-device.patch [bz#1318199] - kvm-scsi-Advertise-limits-by-blocksize-not-512.patch [bz#1318199] - kvm-util-Fix-MIN_NON_ZERO.patch [bz#1318199] - Resolves: bz#1318199 (expose host BLKSECTGET limit in scsi-block (qemu-kvm)) [1.5.3-117.el7] - kvm-target-i386-add-feature-flags-for-CPUID-EAX-0xd-ECX-.patch [bz#1327599] - kvm-target-i386-add-Skylake-Client-cpu-model.patch [bz#1327599] - Resolves: bz#1327599 (Add Skylake CPU model) [1.5.3-116.el7] - kvm-block-iscsi-avoid-potential-overflow-of-acb-task-cdb.patch [bz#1340929] - Resolves: bz#1340929 (CVE-2016-5126 qemu-kvm: Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl [rhel-7.3]) [1.5.3-115.el7] - kvm-spice-do-not-require-TCP-ports.patch [bz#1336491] - kvm-vga-add-sr_vbe-register-set.patch [bz#1346982] - Resolves: bz#1336491 (Ship FD connection patches qemu-kvm part) - Resolves: bz#1346982 (Regression from CVE-2016-3712: windows installer fails to start) [1.5.3-114.el7] - kvm-hw-input-hid.c-Fix-capslock-hid-code.patch [bz#1256741] - kvm-target-i386-fix-pcmpxstrx-equal-ordered-strstr-mode.patch [bz#1340971] - kvm-spec-Update-rules-before-triggering-for-kvm-device.patch [bz#1333159] - Resolves: bz#1256741 ('CapsLock' will work as '\' when boot a guest with usb-kbd) - Resolves: bz#1333159 (qemu-kvm doesnt reload udev rules before triggering for kvm device) - Resolves: bz#1340971 (qemu: accel=tcg does not implement SSE 4 properly) [1.5.3-113.el7] - kvm-qxl-allow-to-specify-head-limit-to-qxl-driver.patch [bz#1283198] - kvm-qxl-Fix-new-function-name-for-spice-server-library.patch [bz#1283198] - kvm-block-raw-posix-Open-file-descriptor-O_RDWR-to-work-.patch [bz#1268345] - Resolves: bz#1268345 (posix_fallocate emulation on NFS fails with Bad file descriptor if fd is opened O_WRONLY) - Resolves: bz#1283198 (RFE: backport max monitor limitation from Qemu upstream) [1.5.3-112.el7] - kvm-virtio-scsi-Prevent-assertion-on-missed-events.patch [bz#1312289] - kvm-seccomp-adding-sysinfo-system-call-to-whitelist.patch [bz#1177318] - kvm-acpi-strip-compiler-info-in-built-in-DSDT.patch [bz#1330969] - kvm-acpi-fix-endian-ness-for-table-ids.patch [bz#1330969] - kvm-acpi-support-specified-oem-table-id-for-build_header.patch [bz#1330969] - kvm-acpi-take-oem_id-in-build_header-optionally.patch [bz#1330969] - kvm-acpi-expose-oem_id-and-oem_table_id-in-build_rsdt.patch [bz#1330969] - kvm-acpi-add-function-to-extract-oem_id-and-oem_table_id.patch [bz#1330969] - kvm-pc-set-the-OEM-fields-in-the-RSDT-and-the-FADT-from-.patch [bz#1330969] - kvm-block-jobs-qemu-kvm-rhel-differentiation.patch [bz#1156635] - Resolves: bz#1156635 (Libvirt is confused that qemu-kvm exposes 'block-job-cancel' but not 'block-stream') - Resolves: bz#1177318 (Guest using rbd based image as disk failed to start when sandbox was enabled) - Resolves: bz#1312289 ('qemu-kvm: /builddir/build/BUILD/qemu-1.5.3/hw/scsi/virtio-scsi.c:533: virtio_scsi_push_event: Assertion 'event == 0' failed' after hotplug 20 virtio-scsi disks then hotunplug them) - Resolves: bz#1330969 (match the OEM ID and OEM Table ID fields of the FADT and the RSDT to those of the SLIC) [1.5.3-111.el7] - kvm-vmdk-Leave-bdi-intact-if-ENOTSUP-in-vmdk_get_info.patch [bz#1299250] - kvm-vmdk-Use-g_random_int-to-generate-CID.patch [bz#1299250] - kvm-vmdk-Fix-comment-to-match-code-of-extent-lines.patch [bz#1299250] - kvm-vmdk-Clean-up-descriptor-file-reading.patch [bz#1299250] - kvm-vmdk-Check-descriptor-file-length-when-reading-it.patch [bz#1299250] - kvm-vmdk-Remove-unnecessary-initialization.patch [bz#1299250] - kvm-vmdk-Set-errp-on-failures-in-vmdk_open_vmdk4.patch [bz#1299250] - kvm-block-vmdk-make-ret-variable-usage-clear.patch [bz#1299250] - kvm-block-vmdk-move-string-allocations-from-stack-to-the.patch [bz#1299250] - kvm-block-vmdk-fixed-sizeof-error.patch [bz#1299250] - kvm-vmdk-Widen-before-shifting-32-bit-header-field.patch [bz#1299250] - kvm-vmdk-Fix-next_cluster_sector-for-compressed-write.patch [bz#1299250] - kvm-vmdk-Fix-index_in_cluster-calculation-in-vmdk_co_get.patch [bz#1299250] - kvm-vmdk-Use-vmdk_find_index_in_cluster-everywhere.patch [bz#1299250] - kvm-vmdk-Fix-next_cluster_sector-for-compressed-write2.patch [bz#1299250] - kvm-vmdk-Create-streamOptimized-as-version-3.patch [bz#1299116] - kvm-vmdk-Fix-converting-to-streamOptimized.patch [bz#1299116] - kvm-vmdk-Fix-calculation-of-block-status-s-offset.patch [bz#1299116] - Resolves: bz#1299116 (qemu-img created VMDK images lead to 'Not a supported disk format (sparse VMDK version too old)') - Resolves: bz#1299250 (qemu-img created VMDK images are unbootable) [1.5.3-110.el7] - kvm-qemu-io-Remove-unused-args_command.patch [bz#1272523] - kvm-cutils-Support-P-and-E-suffixes-in-strtosz.patch [bz#1272523] - kvm-qemu-io-Make-cvtnum-a-wrapper-around-strtosz_suffix.patch [bz#1272523] - kvm-qemu-io-Handle-cvtnum-errors-in-alloc.patch [bz#1272523] - kvm-qemu-io-Don-t-use-global-bs-in-command-implementatio.patch [bz#1272523] - kvm-qemu-io-Split-off-commands-to-qemu-io-cmds.c.patch [bz#1272523] - kvm-qemu-io-Factor-out-qemuio_command.patch [bz#1272523] - kvm-qemu-io-Move-help-function.patch [bz#1272523] - kvm-qemu-io-Move-quit-function.patch [bz#1272523] - kvm-qemu-io-Move-qemu_strsep-to-cutils.c.patch [bz#1272523] - kvm-qemu-io-Move-functions-for-registering-and-running-c.patch [bz#1272523] - kvm-qemu-io-Move-command_loop-and-friends.patch [bz#1272523] - kvm-qemu-io-Move-remaining-helpers-from-cmd.c.patch [bz#1272523] - kvm-qemu-io-Interface-cleanup.patch [bz#1272523] - kvm-qemu-io-Use-the-qemu-version-for-V.patch [bz#1272523] - kvm-Make-qemu-io-commands-available-in-HMP.patch [bz#1272523] - kvm-blkdebug-Add-BLKDBG_FLUSH_TO_OS-DISK-events.patch [bz#1272523] - kvm-qemu-io-fix-cvtnum-lval-types.patch [bz#1272523] - kvm-qemu-io-Check-for-trailing-chars.patch [bz#1272523] - kvm-qemu-io-Correct-error-messages.patch [bz#1272523] - kvm-ide-test-fix-failure-for-test_flush.patch [bz#1272523] - kvm-vga-Remove-some-should-be-done-in-BIOS-comments.patch [bz#1331413] - kvm-vga-fix-banked-access-bounds-checking-CVE-2016-xxxx.patch [bz#1331413] - kvm-vga-add-vbe_enabled-helper.patch [bz#1331413] - kvm-vga-factor-out-vga-register-setup.patch [bz#1331413] - kvm-vga-update-vga-register-setup-on-vbe-changes.patch [bz#1331413] - kvm-vga-make-sure-vga-register-setup-for-vbe-stays-intac.patch [bz#1331413] - Resolves: bz#1272523 (qemu-kvm build failure race condition in tests/ide-test) - Resolves: bz#1331413 (EMBARGOED CVE-2016-3710 qemu-kvm: qemu: incorrect banked access bounds checking in vga module [rhel-7.3]) [1.5.3-109.el7] - kvm-e1000-eliminate-infinite-loops-on-out-of-bounds-tran.patch [bz#1296044] - kvm-nbd-Always-call-close_fn-in-nbd_client_new.patch [bz#1285453] - kvm-nbd-server-Coroutine-based-negotiation.patch [bz#1285453] - kvm-nbd-client_close-on-error-in-nbd_co_client_start.patch [bz#1285453] - kvm-Remove-libcacard-build.patch [bz#1314153] - Resolves: bz#1285453 (An NBD client can cause QEMU main loop to block when connecting to built-in NBD server) - Resolves: bz#1296044 (qemu-kvm: insufficient loop termination conditions in start_xmit() and e1000_receive() [rhel-7.3]) - Resolves: bz#1314153 (Disable building of libcacard) [1.5.3-108.el7] - kvm-net-Make-qmp_query_rx_filter-with-name-argument-more.patch [bz#1269738] - kvm-fw_cfg-add-check-to-validate-current-entry-value-CVE.patch [bz#1298048] - Resolves: bz#1269738 (Vlan table display repeat four times in qmp when queues=4) - Resolves: bz#1298048 (CVE-2016-1714 qemu-kvm: Qemu: nvram: OOB r/w access in processing firmware configurations [rhel-7.3]) [1.5.3-107.el7] - kvm-raw-posix-Fix-.bdrv_co_get_block_status-for-unaligne.patch [bz#1283116] - Resolves: bz#1283116 ([abrt] qemu-img: get_block_status(): qemu-img killed by SIGABRT) [1.5.3-106.el7] - kvm-ehci-clear-suspend-bit-on-detach.patch [bz#1268879] - kvm-rbd-make-qemu-s-cache-setting-override-any-ceph-sett.patch [bz#1277248] - kvm-rbd-fix-ceph-settings-precedence.patch [bz#1277248] - kvm-target-i386-get-put-MSR_TSC_AUX-across-reset-and-mig.patch [bz#1265427] - kvm-rtl8139-Fix-receive-buffer-overflow-check.patch [bz#1252757] - kvm-rtl8139-Do-not-consume-the-packet-during-overflow-in.patch [bz#1252757] - Resolves: bz#1252757 ([RHEL-7.2-qmu-kvm] Package is 100% lost when ping from host to Win2012r2 guest with 64000 size) - Resolves: bz#1265427 (contents of MSR_TSC_AUX are not migrated) - Resolves: bz#1268879 (Camera stops work after remote-viewer re-connection [qemu-kvm]) - Resolves: bz#1277248 (ceph.conf properties override qemus command-line properties) MODERATE Copyright 2016 Oracle, Inc. CVE-2016-1981 CVE-2016-3712 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [2.7.5-48.0.1] - Add Oracle Linux distribution in platform.py [orabug 20812544] [2.7.5-48] - Fix for CVE-2016-1000110 HTTPoxy attack Resolves: rhbz#1359164 [2.7.5-47] - Fix for CVE-2016-5636: possible integer overflow and heap corruption in zipimporter.get_data() Resolves: rhbz#1356364 [2.7.5-46] - Drop patch 221 that backported sslwrap function since it was introducing regressions - Refactor patch 227 Resolves: rhbz#1331425 [2.7.5-45] - Fix for CVE-2016-0772 python: smtplib StartTLS stripping attack (rhbz#1303647) Raise an error when STARTTLS fails (upstream patch) - Fix for CVE-2016-5699 python: http protocol steam injection attack (rhbz#1303699) Disabled HTTP header injections in httplib (upstream patch) Resolves: rhbz#1346357 [2.7.5-44] - Fix iteration over files with very long lines Resolves: rhbz#1271760 [2.7.5-43] - Move python.conf from /etc/tmpfiles.d/ to /usr/lib/tmpfiles.d/ Resolves: rhbz#1288426 [2.7.5-42] - JSON decoder lone surrogates fix Resolves: rhbz#1301017 [2.7.5-41] - Updated PEP493 implementation Resolves: rhbz#1315758 [2.7.5-40] - Backport of Computed Goto dispatch Resolves: rhbz#1289277 LOW Copyright 2016 Oracle, Inc. CVE-2016-5636 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [1.14-13] - Fix CVE-2016-4971 (#1345778) - Added support for non-ASCII URLs (Related: CVE-2016-4971) [1.14-12] - Fix wget to include Host header on CONNECT as required by HTTP 1.1 (#1203384) - Run internal test suite during build (#1295846) - Fix -nv being documented as synonym for two options (#1147572) [1.14-11] - Fix CVE-2014-4877 wget: FTP symlink arbitrary filesystem access (#1156136) MODERATE Copyright 2016 Oracle, Inc. CVE-2016-4971 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [6.6.1p1-31 + 0.9.3-9] - Do not depend on selinux-policy (#1373297) [6.6.1p1-30 + 0.9.3-9] - Drop dependency on libcap-ng for ssh-keycat (#1357859) [6.6.1p1-29 + 0.9.3-9] - Rework SELinux context handling with chroot using libcap-ng (#1357859) [6.6.1p1-28 + 0.9.3-9] - SFTP force permission collision with umask (#1344614) - Make closefrom() ignore FD's to /dev/ devices on s390 (#1318760) - Create a default value for AuthenticationMethods any (#1237129) - Fix ssh-copy-id with LogLevel=quiet (#1349556) - Expose more information to PAM (#1312304) - Move MAX_DISPLAYS to a configuration option (#1341302) - Add a wildcard option to PermitOpen directive (host) (#1344106) [6.6.1p1-27 + 0.9.3-9] - Coverity and RPMDiff build issues (#1334326) - CVE-2015-8325: privilege escalation via user's PAM environment and UseLogin=yes (#1329191) - Check for real location of .k5login file (#1328243) - close ControlPersist background process stderr (#1335540) [6.6.1p1-26 + 0.9.3-9] - Drop glob patch for sftp client preventing listing many files (#1310303) - Fix race condition between audit messages from different processes (#1310684) - Make systemd service forking to properly report state (#1291172) - Get rid of rpm triggers for openssh-5.x (#1312013) - Generate the host keys when the key files are empty (#1266043) - pam_ssh_agent_auth: authorized_keys_command option (#1317858) - Don't use MD5 digest from pam_ssh_agent_auth in FIPS mode (#1317952) MODERATE Copyright 2016 Oracle, Inc. CVE-2015-8325 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 gimp [2:2.8.16-3] - fix multiple use-after-free bugs when parsing XCF channel and layer properties (#1348617) [2:2.8.16-2] - add back obsoletes necessary for RHEL [2:2.8.16-1] - version 2.8.16 [2:2.8.14-3] - export-dialog-destroyed-crash patch: avoid subsequent warnings [2:2.8.14-2] - fix linking problem - use %buildroot macro consistently again [2:2.8.14-2] - avoid destroying dialog and occasional crashes while exporting (#1215905) [2:2.8.14-1.2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [2:2.8.14-1.1] - Use better AppData screenshots [2:2.8.14-1] - version 2.8.14 [2:2.8.10-6.2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - update source URL [2:2.8.10-6.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [2:2.8.10-6] - remove ancient obsoletes (#1002109) [2:2.8.10-5] - cope with freetype >= 2.5.1 include madness [2:2.8.10-5] - remove BRs contained in the minimal build environment - group BRs into libraries and tools - remove various old cruft - ship RPM macros for packaging plug-ins e.a. (#1063144) [2:2.8.10-4] - avoid buffer overflows in file-xwd plug-in (CVE-2013-1913, CVE-2013-1978) gimp-help [2.8.2-1] - version 2.8.2 - use %global instead of %define - fix website and source URLs MODERATE Copyright 2016 Oracle, Inc. CVE-2016-4994 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 7 [12:4.2.5-47.0.1] - Added oracle-errwarn-message.patch [12:4.2.5-47] - 1269596 - fix undefined variable in dhclient-script [12:4.2.5-46] - unclosed TCP connections to OMAPI or failover ports can cause DoS (CVE-2016-2774) [12:4.2.5-45] - 1267489 - dhclient-script does not respect DEFROUTE/GATEWAYDEV patched [12:4.2.5-44] - 1269596 - dhclient-script doesn't keep old nameservers - 1193586 - DHCP renewal does not update lifetimes if MTU has changed - 1306608 - Add ignore-client-uids option to dhcpd - 1267489 - dhclient-script does not respect DEFROUTE/GATEWAYDEV [12:4.2.5-43] - Fixing bug 1234251 MODERATE Copyright 2016 Oracle, Inc. CVE-2016-2774 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [1.14.1-26] - Use responder in non-preauth AS reqs - Resolves: #1363690 [1.14.1-25] - Fix bad debug_log() call in selinux handling - Resolves: #1292153 [1.14.1-24] - Fix KKDCPP with TLS SNI by always presenting 'Host:' header - Resolves: #1364993 [1.14.1-23] - Add dependency on libkadm5 to krb5-devel - Resolves: #1347403 [1.14.1-22] - Builders have new version of mock; adapt. - Resolves: #1290239 [1.14.1-21] - Fix CVE-2016-3120 - Resolves: #1361504 [1.14.1-20] - Make version dependencies on libkadm5 more explicit to appease rpmdiff - Resolves: #1347403 [1.14.1-19] - Add in upstream version of kprop port and tests - Resolves: #1292795 [1.14.1-18] - Fix incorrect recv() size calculation in libkrad - Resolves: #1349042 [1.14.1-17] - Separate out the kadm5 libs - Resolves: #1347403 [1.14.1-16] - Fix kprop/iprop handling of default realm - Fix t_kprop.py - Resolves: #1290561 - Resolves: #1302967 - Resolves: #1292795 [1.14.1-15] - Fix SPNEGO with NTLM to conform to MS-SPNG section 3.3.5.1 - Resolves: #1341726 [1.14.1-14] - Do not indicate depricated mechanisms when requested - Resolves: #1293908 [1.14.1-13] - Fix OTP module incorrectly overwriting as_key - Resolves: #1340304 [1.14.1-12] - Fix CVE-2016-3119 (LDAP NULL dereference) - Resolves: #1339562 [1.14.1-11] - Make ksu not ask for password without -n - Resolves: #1247261 [1.14.1-10] - Frob kadm5 soname version so that the rebase does not break things - Resolves: #1292153 [1.14.1-9] - Revamp selinux patch to not leak memory - Resolves: #1313457 [1.14.1-8] - Add snippet support in /etc/krb5.conf.d - Resolves: #1146945 [1.14.1-7] - Skip unnecessary mech calls in gss_inquire_cred - Resolves: #1314493 [1.14.1-6] - Fix impersonate_name to work with interposers - Resolves: #1284987 [1.14.1-5] - Fix change tracking of krb5.conf - Resolves: #1208243 [1.14.1-4] - Ensure log files are not world-readable - Resolves: #1256735 [1.14.1-3] - Clean up initscript handling in spec file - Resolves: #1283902 - Resolves: #1183058 [1.14.1-2] - Backport spec file changes from Fedora - Resolves: #1290239 [1.14.1-1] - Rebase to new upstream version 1.14.1 - Remove pax logic - Resolves: #1292153 - Resolves: #1135427 - Resolves: #1265509 - Resolves: #1265510 - Resolves: #1296241 LOW Copyright 2016 Oracle, Inc. CVE-2016-3120 CVE-2016-3119 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [1.8.6p7-20] - RHEL 7.3 erratum - fixed visudo's -q flag Resolves: rhbz#1350828 [1.8.6p7-19] - RHEL 7.3 erratum - removed INPUTRC from env_keep to prevent a potential info leak Resolves: rhbz#1340700 [1.8.6p7-18] - RHEL 7.3 erratum - removed requiretty flag from the default sudoers policy - backported pam_service and pam_login_service defaults options - implemented netgroup_tuple defaults option for changing netgroup processing semantics - fixed user matching logic in the LDAP nss backend - don't allow visudo to accept an invalid sudoers file - fixed a bug causing that non-root users can list privileges of other users - modified digest check documentation to mention the raciness of the checking mechanism Resolves: rhbz#1196451 Resolves: rhbz#1247230 Resolves: rhbz#1334331 Resolves: rhbz#1334360 Resolves: rhbz#1261998 Resolves: rhbz#1313364 Resolves: rhbz#1312486 Resolves: rhbz#1268958 Resolves: rhbz#1335039 Resolves: rhbz#1335042 Resolves: rhbz#1335045 Resolves: rhbz#1273243 Resolves: rhbz#1299883 LOW Copyright 2016 Oracle, Inc. CVE-2016-7091 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [1.3.5.10-11] - Release 1.3.5.10-11 - Resolves: bug 1321124 - Replication changelog can incorrectly skip over updates [1.3.5.10-10] - Release 1.3.5.10-10 - Resolves: bug 1370300 - set proper update status to replication agreement in case of failure (DS 48957) - Resolves: bug 1209094 - Allow logging of rejected changes (DS 48969) [1.3.5.10-9] - Release 1.3.5.10-9 - Resolves: bug 1364190 - Change example in /etc/sysconfig/dirsrv to use tcmalloc (DS 48950) - Resolves: bug 1366828 - audit on failure doesn't work if attribute nsslapd-auditlog-logging-enabled is NOT enabled (DS 48958) - Resolves: bug 1368520 - Crash in import_wait_for_space_in_fifo() (DS 48960) - Resolves: bug 1368956 - man page of ns-accountstatus.pl shows redundant entries for -p port option - Resolves: bug 1369537 - passwordMinAge attribute doesn't limit the minimum age of the password (DS 48967) - Resolves: bug 1369570 - cleanallruv changelog cleaning incorrectly impacts all backends (DS 48964) - Resolves: bug 1369425 - ACI behaves erratically (DS 48972) - Resolves: bug 1370300 - set proper update status to replication agreement in case of failure (DS 48957) - Resolves: bug 1209094 - Allow logging of rejected changes (DS 48969) - Resolves: bug 1371283 - Server Side Sorting crashes the server. (DS 48970) - Resolves: bug 1371284 - Disabling CLEAR password storage scheme will crash server when setting a password (DS 48975) [1.3.5.10-8] - Release 1.3.5.10-8 - Resolves: bug 1321124 - Replication changelog can incorrectly skip over updates (DS 48954) - Resolves: bug 1364190 - Change example in /etc/sysconfig/dirsrv to use tcmalloc (DS 48950) - Resolves: bug 1366561 - ns-accountstatus.pl giving error even 'No such object (32)' (DS 48956) [1.3.5.10-7] - Release 1.3.5.10-7 - Resolves: bug 1316580 - dirsrv service doesn't ask for pin when pin.txt is missing (DS 48450) - Resolves: bug 1360976 - fixing a compiler warning [1.3.5.10-6] - Release 1.3.5.10-6 - Resolves: bug 1326077 - Page result search should return empty cookie if there is no returned entry (DS 48928) - Resolves: bug 1360447 - nsslapd-workingdir is empty when ns-slapd is started by systemd (DS 48939) - Resolves: bug 1360327 - remove-ds.pl deletes an instance even if wrong prefix was specified (DS 48934) - Resolves: bug 1349815 - DS logs have warning:ancestorid not indexed for all CS subsystems (DS 48940) - Resolves: bug 1329061 - 389-ds-base-1.3.4.0-29.el7_2 'hang' (DS 48882) - Resolves: bug 1360976 - EMBARGOED CVE-2016-5405 389-ds-base: Password verification vulnerable to timing attack - Resolves: bug 1361134 - When fine-grained policy is applied, a sub-tree has a priority over a user while changing password (DS 48943) - Resolves: bug 1361321 - Duplicate collation entries (DS 48936) - Resolves: bug 1316580 - dirsrv service doesn't ask for pin when pin.txt is missing (DS 48450) - Resolves: bug 1350799 - CVE-2016-4992 389-ds-base: Information disclosure via repeat [1.3.5.10-5] - Release 1.3.5.10-5 - Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48919) [1.3.5.10-4] - Release 1.3.5.10-4 - Resolves: bug 1209128 - [RFE] Add a utility to get the status of Directory Server instances (DS 48144) - Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48919) - Resolves: bug 1350799 - CVE-2016-4992 389-ds-base: Information disclosure via repeat - Resolves: bug 1354660 - flow control in replication also blocks receiving results (DS 48767) - Resolves: bug 1356261 - Fixup tombstone task needs to set proper flag when updating (DS 48924) - Resolves: bug 1355760 - ns-slapd crashes during the deletion of backend (DS 48922) - Resolves: bug 1353629 - DS shuts down automatically if dnaThreshold is set to 0 in a MMR setup (DS 48916) - Resolves: bug 1355879 - nunc-stans: ns-slapd crashes during startup with SIGILL on AMD Opteron 280 (DS 48925) [1.3.5.10-3] - Release 1.3.5.10-3 - Resolves: bug 1354374 - Fixing the tarball version in the sources file. [1.3.5.10-2] - Release 1.3.5.10-2 - Resolves: bug 1353714 - If a cipher is disabled do not attempt to look it up (DS 48743) - Resolves: bug 1353592 - Setup-ds.pl --update fails - regression (DS 48755) - Resolves: bug 1353544 - db2bak.pl task enters infinitive loop when bak fs is almost full (DS 48914) - Resolves: bug 1354374 - Upgrade to 389-ds-base >= 1.3.5.5 doesn't install 389-ds-base-snmp (DS 48918) [1.3.5.10-1] - Release 1.3.5.10-1 - Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48905) [1.3.5.9-1] - Release 1.3.5.9-1 - Resolves: bug 1349571 - Improve MMR replication convergence (DS 48636) - Resolves: bug 1304682 - 'stale' automember rule (associated to a removed group) causes discrepancies in the database (DS 48637) - Resolves: bug 1314956 - moving an entry cause next on-line init to skip entry has no parent, ending at line 0 of file '(bulk import)' (DS 48755) - Resolves: bug 1316731 - syncrepl search returning error 329; plugin sending a bad error code (DS 48904) - Resolves: bug 1346741 - ns-slapd crashes during the shutdown after adding attribute with a matching rule (DS 48891) - Resolves: bug 1349577 - Values of dbcachetries/dbcachehits in cn=monitor could overflow. (DS 48899) - Resolves: bug 1272682 - nunc-stans: ns-slapd killed by SIGABRT (DS 48898) - Resolves: bug 1346043 - repl-monitor displays colors incorrectly for the time lag > 60 min (DS 47538) - Resolves: bug 1350632 - ns-slapd shutdown crashes if pwdstorageschema name is from stack. (DS 48902) [1.3.5.8-1] - Release 1.3.5.8-1 - Resolves: bug 1290101 - proxyauth support does not work when bound as directory manager (DS 48366) [1.3.5.7-1] - Release 1.3.5.7-1 - Resolves: bug 1196282 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*) (DS 48109) - Resolves: bug 1303794 - Import readNSState.py from RichM's repo (DS 48449) - Resolves: bug 1290101 - proxyauth support does not work when bound as directory manager (DS 48366) - Resolves: bug 1338872 - Wrong result code display in audit-failure log (DS 48892) - Resolves: bug 1346043 - repl-monitor displays colors incorrectly for the time lag > 60 min (DS 47538) - Resolves: bug 1346741 - ns-slapd crashes during the shutdown after adding attribute with a matching rule (DS 48891) - Resolves: bug 1347407 - By default aci can be read by anonymous (DS 48354) - Resolves: bug 1347412 - cn=SNMP,cn=config entry can be read by anonymous (DS 48893) [1.3.5.6-1] - Release 1.3.5.6-1 - Resolves: bug 1273549 - [RFE] Improve timestamp resolution in logs (DS 47982) - Resolves: bug 1321124 - Replication changelog can incorrectly skip over updates (DS 48766, DS 48636) - Resolves: bug 1233926 - 'matching rules' in ACI's 'bind rules not fully evaluated (DS 48234) - Resolves: bug 1346165 - 389-ds-base-1.3.5.5-1.el7.x86_64 requires policycoreutils-py [1.3.5.5-1] - Release 1.3.5.5-1 - Resolves: bug 1018944 - [RFE] Enhance password change tracking (DS 48833) - Resolves: bug 1344414 - [RFE] adding pre/post extop ability (DS 48880) - Resolves: bug 1303794 - Import readNSState.py from RichM's repo (DS 48449) - Resolves: bug 1257568 - /usr/lib64/dirsrv/libnunc-stans.so is owned by both -libs and -devel (DS 48404) - Resolves: bug 1314956 - moving an entry cause next on-line init to skip entry has no parent, ending at line 0 of file '(bulk import)' (DS 48755) - Resolves: bug 1342609 - At startup DES to AES password conversion causes timeout in start script (DS 48862) - Resolves: bug 1316328 - search returns no entry when OR filter component contains non readable attribute (DS 48275) - Resolves: bug 1280456 - setup-ds should detect if port is already defined (DS 48336) - Resolves: bug 1312557 - dirsrv service fails to start when nsslapd-listenhost is configured (DS 48747) - Resolves: bug 1326077 - Page result search should return empty cookie if there is no returned entry (DS 48752) - Resolves: bug 1340307 - Running db2index with no options breaks replication (DS 48854) - Resolves: bug 1337195 - Regression introduced in matching rules by DS 48746 (DS 48844) - Resolves: bug 1335492 - Modifier's name is not recorded in the audit log with modrdn and moddn operations (DS 48834) - Resolves: bug 1316741 - ldctl should support -H with ldap uris (DS 48754) [1.3.5.4-1] - release 1.3.5.4-1 - Resolves: bug 1334455 - db2ldif is not taking into account multiple suffixes or backends (DS 48828) - Resolves: bug 1241563 - The 'repl-monitor' web page does not display 'year' in date. (DS 48220) - Resolves: bug 1335618 - Server ram sanity checks work in isolation (DS 48617) - Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48837) [1.3.5.3-1] - release 1.3.5.3-1 - Resolves: bug 1209128 - [RFE] Add a utility to get the status of Directory Server instances (DS 48144) - Resolves: bug 1332533 - ns-accountstatus.pl gives error message on execution along with results. (DS 48815) - Resolves: bug 1332709 - password history is not updated when an admin resets the password (DS 48813) - Resolves: bug 1333184 - (389-ds-base-1.3.5) Fixing coverity issues. (DS 48822) - Resolves: bug 1333515 - Enable DS to offer weaker DH params in NSS (DS 48798) [1.3.5.2-1] - release 1.3.5.2-1 - Resolves: bug 1270020 - Rebase 389-ds-base to 1.3.5 in RHEL-7.3 - Resolves: bug 1288229 - many attrlist_replace errors in connection with cleanallruv (DS 48283) - Resolves: bug 1315893 - License tag does not match actual license of code (DS 48757) - Resolves: bug 1320715 - DES to AES password conversion fails if a backend is empty (DS 48777) - Resolves: bug 190862 - [RFE] Default password syntax settings don't work with fine-grained policies (DS 142) - Resolves: bug 1018944 - [RFE] Enhance password change tracking (DS 548) - Resolves: bug 1143066 - The dirsrv user/group should be created in rpm %pre, and ideally with fixed uid/gid (DS 48285) - Resolves: bug 1153758 - [RFE] Support SASL/GSSAPI when ns-slapd is behind a load-balancer (DS 48332) - Resolves: bug 1160902 - search, matching rules and filter error 'unsupported type 0xA9' (DS 48016) - Resolves: bug 1186512 - High memory fragmentation observed in ns-slapd; OOM-Killer invoked (DS 48377, 48129) - Resolves: bug 1196282 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*) (DS 48109) - Resolves: bug 1209094 - [RFE] Allow logging of rejected changes (DS 48145, 48280) - Resolves: bug 1209128 - [RFE] Add a utility to get the status of Directory Server instances (DS 48144) - Resolves: bug 1210842 - [RFE] Add PIDFile option to systemd service file (DS 47951) - Resolves: bug 1223510 - [RFE] it could be nice to have nsslapd-maxbersize default to bigger than 2Mb (DS 48326) - Resolves: bug 1229799 - ldclt-bin killed by SIGSEGV (DS 48289) - Resolves: bug 1249908 - No validation check for the value for nsslapd-db-locks. (DS 48244) - Resolves: bug 1254887 - No man page entry for - option '-u' of dbgen.pl for adding group entries with uniquemembers (DS 48290) - Resolves: bug 1255557 - db2index creates index entry from deleted records (DS 48252) - Resolves: bug 1258610 - total update request must not be lost (DS 48255) - Resolves: bug 1258611 - dna plugin needs to handle binddn groups for authorization (DS 48258) - Resolves: bug 1259624 - [RFE] Provide a utility to detect accounts locked due to inactivity (DS 48269) - Resolves: bug 1259950 - Add config setting to MemberOf Plugin to add required objectclass got memberOf attribute (DS 48267) - Resolves: bug 1266510 - Linked Attributes plug-in - wrong behaviour when adding valid and broken links (DS 48295) - Resolves: bug 1266532 - Linked Attributes plug-in - won't update links after MODRDN operation (DS 48294) - Resolves: bug 1267750 - pagedresults - when timed out, search results could have been already freed. (DS 48299) - Resolves: bug 1269378 - ds-logpipe.py with wrong arguments - python exception in the output (DS 48302) - Resolves: bug 1271330 - nunc-stans: Attempt to release connection that is not acquired (DS 48311) - Resolves: bug 1272677 - nunc stans: ns-slapd killed by SIGTERM - Resolves: bug 1272682 - nunc-stans: ns-slapd killed by SIGABRT - Resolves: bug 1273142 - crash in Managed Entry plugin (DS 48312) - Resolves: bug 1273549 - [RFE] Improve timestamp resolution in logs (DS 47982) - Resolves: bug 1273550 - Deadlock between two MODs on the same entry between entry cache and backend lock (DS 47978) - Resolves: bug 1273555 - deadlock in mep delete post op (DS 47976) - Resolves: bug 1273584 - lower password history minimum to 1 (DS 48394) - Resolves: bug 1275763 - [RFE] add setup-ds.pl option to disable instance specific scripts (DS 47840) - Resolves: bug 1276072 - [RFE] Allow RHDS to be setup using a DNS CNAME alias for General.FullMachineName (DS 48328) - Resolves: bug 1278567 - SimplePagedResults -- abandon could happen between the abandon check and sending results (DS 48338) - Resolves: bug 1278584 - Share nsslapd-threadnumber in the case nunc-stans is enabled, as well. (DS 48339) - Resolves: bug 1278755 - deadlock on connection mutex (DS 48341) - Resolves: bug 1278987 - Cannot upgrade a consumer to supplier in a multimaster environment (DS 48325) - Resolves: bug 1280123 - acl - regression - trailing ', (comma)' in macro matched value is not removed. (DS 48344) - Resolves: bug 1290111 - [RFE] Support for rfc3673 '+' to return operational attributes (DS 48363) - Resolves: bug 1290141 - With exhausted range, part of DNA shared configuration is deleted after server restart (DS 48362) - Resolves: bug 1290242 - SimplePagedResults -- in the search error case, simple paged results slot was not released. (DS 48375) - Resolves: bug 1290600 - The 'eq' index does not get updated properly when deleting and re-adding attributes in the same ldapmodify operation (DS 48370) - Resolves: bug 1295947 - 389-ds hanging after a few minutes of operation (DS 48406, revert 48338) - Resolves: bug 1296310 - ldclt - segmentation fault error while binding (DS 48400) - Resolves: bug 1299758 - CVE-2016-0741 389-ds-base: Worker threads do not detect abnormally closed connections causing DoS [rhel-7.3] - Resolves: bug 1301097 - logconv.pl displays negative operation speeds (DS 48446) - Resolves: bug 1302823 - Crash in slapi_get_object_extension (DS 48536) - Resolves: bug 1303641 - heap corruption at schema replication. (DS 48492) - Resolves: bug 1307151 - keep alive entries can break replication (DS 48445) - Resolves: bug 1310848 - Supplier can skip a failing update, although it should retry. (DS 47788) - Resolves: bug 1314557 - change severity of some messages related to 'keep alive' enties (DS 48420) - Resolves: bug 1316580 - dirsrv service doesn't ask for pin when pin.txt is missing (DS 48450) - Resolves: bug 1316742 - no plugin calls in tombstone purging (DS 48759) - Resolves: bug 1319329 - [RFE] add nsslapd-auditlog-logging-enabled: off to template-dse.ldif (DS 48145) - Resolves: bug 1320295 - If nsSSL3 is on, even if SSL v3 is not really enabled, a confusing message is logged. (DS 48775) - Resolves: bug 1326520 - db2index uses a buffer size derived from dbcachesize (DS 48383) - Resolves: bug 1328936 - objectclass values could be dropped on the consumer (DS 48799) - Resolves: bug 1287475 - [RFE] response control for password age should be sent by default by RHDS (DS 48369) - Resolves: bug 1331343 - Paged results search returns the blank list of entries (DS 48808) MODERATE Copyright 2016 Oracle, Inc. CVE-2016-5405 CVE-2016-5416 CVE-2016-4992 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [5.5.52-1] - Rebase to 5.5.52, that also include fix for CVE-2016-6662 Resolves: #1377974 [1:5.5.50-2] - Rebuild Related: #1359629 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5624 CVE-2016-5616 CVE-2016-5626 CVE-2016-6662 CVE-2016-3492 CVE-2016-5612 CVE-2016-6663 CVE-2016-5629 CVE-2016-8283 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [0.4.3.2-8] - Exclude firewallctl (RHBZ#1374799) [0.4.3.2-7] - Tolerate ipv6_rpfilter fail (RHBZ#1285769) - Fix set_rules to copy the rule before extracting the table (RHBZ#1373260) - Translation update (RHBZ#1273296) - Conflict with NetworkManager < 1:1.4.0-3.el7 (RHBZ#1366288) [0.4.3.2-6] - Do not use exit code 254 for {ALREADY,NOT}_ENABLED sequences (RHBZ#1366654) - Fail with NOT_AUTHORIZED if authorization fails (RHBZ#1368549) - firewall-cmd: Fix get and set description for permanent zones (RHBZ#1368949) - Fix loading of service helpers in active zones (RHBZ#1371116) [0.4.3.2-5] - Print errors and warnings to stderr additional patch (RHBZ#1360894) - Fixed trace back in firewallctl (RHBZ#1367155) - Fix client crash if systembus can not be aquired (RHBZ#1367038) - Make ALREADY_ENABLED a warning (RHBZ#1366654) - Added conflict to old squid package providing the squid.service file (RHBZ#1366308) - Fixed firewall-cmd help typo (RHBZ#1367171) [0.4.3.2-4] - Fixed firewall-config gettext usage (RHBZ#1361612) - Fixed ifcfg file reader and writer (RHBZ#1362171) - Fixed loading ipset entries from file in commands (RHBZ#1365198) - Added conflicts to old main package to sub packages (RHBZ#1361669) - Do not show settings of zones etc. without authentication (RHBZ#1357098) - Fixed CVE-2016-5410 (RHBZ#1359296) [0.4.3.2-3] - Fix test suite for command change (RHBZ#1360871) - Fix test suite with stderr usage (RHBZ#1360894) - Rebuild for wrong docdir without version (RHBZ#1057327#c7) [0.4.3.2-2] - Updated conflict for selinux-policy (RHBZ#1304723) - Fixed exit codes in command line clients (RHBZ#1357050) - Fixed traceback in firewall-cmd without args (RHBZ#1357063) - Fixed source docs in man pages and help output (RHBZ#1357888) - Fixed rebuild of changed man pages (RHBZ#1360362) - Use stderr for errors and warnings in command line tools (RHBZ#1360894) - Fixed lockdown not denying invalid commands (RHBZ#1360871) [0.4.3.2-1] - Rebase to 0.4.3.2 - Fix regression with unavailable optional commands - All missing backend messages should be warnings - Individual calls for missing restore commands - Only one authenticate call for add and remove options and also sequences - RH-Satellite-6 service now upstream - Conflict for selinux-policy needed to be updated to newer release (RHBZ#1304723) [0.4.3.1-1] - Rebase to 0.4.3.1 - firewall.command: Fix python3 DBusException message not interable error - src/Makefile.am: Fix path in firewall-[offline-]cmd_test.sh while installing - firewallctl: Do not trace back on list command without further arguments - firewallctl (man1): Added remaining sections zone, service, .. - firewallctl: Added runtime-to-permanent, interface and source parser, IndividualCalls setting - firewall.server.config: Allow to set IndividualCalls property in config interface - Fix missing icmp rules for some zones - runProg: Fix issue with running programs - firewall-offline-cmd: Fix issues with missing system-config-firewall - firewall.core.ipXtables: Split up source and dest addresses for transaction - firewall.server.config: Log error in case of loading malformed files in watcher - Install and package the firewallctl man page [0.4.3-3] - Readding RH-Satellite-6 service [0.4.3-2] - Fixed typo in Requires(post) [0.4.3-1] - Rebase to 0.4.3 - Rebase to the new upstream and new release (RHBZ#1302802) - New firewallctl command line utility (RHBZ#1147959) - Adds radius TCP ports (RHBZ#1219717) - XSD enhancements for conflicting tag specification (RHBZ#1296573) - Adds port for corosync-qnetd to high-availability service (RHBZ#1347530) [0.4.2-1] - Rebase to 0.4.2 - Allows unspecifying zone binding for interfaces in firewall-config (RHBZ#1066037) - Adds improved management of zone binding for interfaces, connections and sources (RHBZ#1083626) - Adds commands to showing details of zones, services, .. (RHBZ#1147500) - Adds a default logging option (RHBZ#1147951) - Adds quiet option for firewall-offline-cmd (RHBZ#1220467) - Adds support for zone chain usage in direct rules (RHBZ#1136801, RHBZ#1336881) - Adds source port support in zones, services and rich rules (RHBZ#1214770) - Adds services imap and smtps (RHBZ#1220196) - Fixes runtime to permanent migration(RHBZ#1237242) - Fixes removal of destination addresses for services in permanent view in firewall-config (RHBZ#1278281) - Fixes firewall-config usage over ssh (RHBZ#1281416) - Fixes reload disconnects with existing connections (RHBZ#1287449) - Fixes ICMP packet drops while reloading (RHBZ#1288177) - Adds option to add a new zone, service, .. from existing file (RHBZ#1292926) - Adds improved checks for file readers, fixes error reporting of strings containing illegal characters (RHBZ#1303026) - Transforms direct.passthrough errors into warnings (RHBZ#1301573) - Reduced getprotobyname and getservbyname calls for NIS use (RHBZ#1305434) - Fixes (repeated) firewalld reload by sending SIGHUP signal (RHBZ#1313023) - Adds After=dbus.service to service file to fix shutdown (RHBZ#1313845) - Adds ICMP block inversion support (RHBZ#1325335) - Fixes local traffic issue with masquerading in default zone (RHBZ#1326130) - Adds destination rich rules without an element (RHBZ#1326462) - Fixes reload after default zone change to newly introduced zone (RHBZ#1273888) - Fixes start without ipv6_rpfilter module (RHBZ#1285769) - Adds log of denied packets option (RHBZ#1322505) MODERATE Copyright 2016 Oracle, Inc. CVE-2016-5410 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [5.4.16-42] - bz2: fix improper error handling in bzread() CVE-2016-5399 [5.4.16-41] - gd: fix integer overflow in _gd2GetHeader() resulting in heap overflow CVE-2016-5766 - gd: fix integer overflow in gdImagePaletteToTrueColor() resulting in heap overflow CVE-2016-5767 - mbstring: fix double free in _php_mb_regex_ereg_replace_exec CVE-2016-5768 [5.4.16-40] - don't set environmental variable based on user supplied Proxy request header CVE-2016-5385 [5.4.16-39] - fix segmentation fault in header_register_callback #1344578 [5.4.16-38] - curl: add options to enable TLS #1291667 - mysqli: fix segfault in mysqli_stmt::bind_result() when link is closed #1096800 - fpm: fix incorrectly defined SCRIPT_NAME variable when using Apache #1138563 - core: fix segfault when a zend_extension is loaded twice #1289457 - openssl: change default_md algo from MD5 to SHA1 #1073388 - wddx: fix segfault in php_wddx_serialize_var #1131979 [5.4.16-37] - session: fix segfault in session with rfc1867 #1297179 MODERATE Copyright 2016 Oracle, Inc. CVE-2016-5399 CVE-2016-5767 CVE-2016-5768 CVE-2016-5766 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [0:7.0.69-10] - Related: rhbz#1368122 [0:7.0.69-9] - Resolves: rhbz#1362213 Tomcat: CGI sets environmental variable based on user supplied Proxy request header - Resolves: rhbz#1368122 [0:7.0.69-7] - Resolves: rhbz#1362545 [0:7.0.69-6] - Related: rhbz#1201409 Added /etc/sysconfig/tomcat to the systemd unit for tomcat-jsvc.service [0:7.0.69-5] - Resolves: rhbz#1347860 The systemd service unit does not allow tomcat to shut down gracefully [0:7.0.69-4] - Resolves: rhbz#1350438 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service [0:7.0.69-3] - Resolves: rhbz#1347774 The security manager doesn't work correctly (JSPs cannot be compiled) [0:7.0.69-2] - Rebase Resolves: rhbz#1311622 Getting NoSuchElementException while handling attributes with empty string value in tomcat - Rebase Resolves: rhbz#1320853 Add HSTS support - Rebase Resolves: rhbz#1293292 CVE-2014-7810 tomcat: Tomcat/JBossWeb: security manager bypass via EL expressions - Rebase Resolves: rhbz#1347144 CVE-2016-0706 tomcat: security manager bypass via StatusManagerServlet - Rebase Resolves: rhbz#1347139 CVE-2015-5346 tomcat: Session fixation - Rebase Resolves: rhbz#1347136 CVE-2015-5345 tomcat: directory disclosure - Rebase Resolves: rhbz#1347129 CVE-2015-5174 tomcat: URL Normalization issue - Rebase Resolves: rhbz#1347146 CVE-2016-0763 tomcat: security manager bypass via setGlobalContext() - Rebase Resolves: rhbz#1347142 CVE-2016-0714 tomcat: Security Manager bypass via persistence mechanisms - Rebase Resolves: rhbz#1347133 CVE-2015-5351 tomcat: CSRF token leak [0:7.0.69-1] - Resolves: rhbz#1287928 Rebase to tomcat 7.0.69 - Resolves: rhbz#1327326 rpm -V tomcat fails on /var/log/tomcat/catalina.out - Resolves: rhbz#1277197 tomcat user has non-existing default shell set - Resolves: rhbz#1240279 The command tomcat-digest doesn't work with RHEL 7 - Resolves: rhbz#1229476 Tomcat startup ONLY options - Resolves: rhbz#1133070 Need to include full implementation of tomcat-juli.jar and tomcat-juli-adapters.jar - Resolves: rhbz#1201409 Fix the broken tomcat-jsvc service unit - Resolves: rhbz#1221896 tomcat.service loads /etc/sysconfig/tomcat without shell expansion - Resolves: rhbz#1208402 Mark web.xml in tomcat-admin-webapps as config file MODERATE Copyright 2016 Oracle, Inc. CVE-2016-0706 CVE-2016-0714 CVE-2016-3092 CVE-2016-0763 CVE-2015-5345 CVE-2015-5351 CVE-2015-5174 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [7:3.5.20-2] - Resolves: #1378025 - host_verify_strict only accepts lowercase arguments [7:3.5.20-1] - Resolves: #1273942 - Rebase squid to latest mature 3.5 version (3.5.20) [7:3.5.10-9] - Related: #1349775 - Provide migration tools needed due to rebase to squid 3.5 as a separate sub-package [7:3.5.10-8] - Related: #1349775 - Provide migration tools needed due to rebase to squid 3.5 as a separate sub-package [7:3.5.10-7] - Related: #1349775 - Provide migration tools needed due to rebase to squid 3.5 as a separate sub-package [7:3.5.10-6] - Related: #1349775 - Provide migration tools needed due to rebase to squid 3.5 as a separate sub-package [7:3.5.10-5] - Related: #1349775 - Provide migration tools needed due to rebase to squid 3.5 as a separate sub-package [7:3.5.10-4] - Resolves: #1349775 - Provide migration tools needed due to rebase to squid 3.5 as a separate sub-package [7:3.5.10-3] - Resolves: #1330186 - digest doesn't properly work with squid 3.3 on CentOS 7 [7:3.5.10-2] - Resolves: #1336387 - Squid send wrong respond for GET-request following Range-GET request [7:3.5.10-1] - Resolves: #1273942 - Rebase squid to latest mature 3.5 version (3.5.10) - Resolves: #1322770 - CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 CVE-2016-3948 squid: various flaws - Resolves: #1254016 - IPv4 fallback is not working when connecting to a dualstack host with non-functional IPv6 - Resolves: #1254018 - should BuildRequire: g++ - Resolves: #1262456 - Squid delays on FQDNs that don't contains AAAA record - Resolves: #1336940 - Disable squid systemd unit start/stop timeouts - Resolves: #1344197 - /usr/lib/firewalld/services/squid.xml conflicts between attempted installs of squid-7:3.3.8-31.el7.x86_64 and firewalld-0.4.2-1.el7.noarch - Resolves: #1299972 - squid file descriptor limit hardcoded to 16384 via compile option in spec file [7:3.3.8-31] - Resolves: #1283078 - max_filedescriptors in squid.conf is ignored [7:3.3.8-30] - Related: #1334509 - CVE-2016-4553 squid: Cache poisoning issue in HTTP Request handling - Related: #1334492 - CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 squid: various flaws [7:3.3.8-29] - Related: #1330577 - CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: multiple issues in ESI processing [7:3.3.8-28] - Related: #1330577 - CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: multiple issues in ESI processing [7:3.3.8-27] - Resolves: #1330577 - CVE-2016-4051 squid: buffer overflow in cachemgr.cgi MODERATE Copyright 2016 Oracle, Inc. CVE-2016-2570 CVE-2016-2572 CVE-2016-3948 CVE-2016-2571 CVE-2016-2569 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [2.10.95-10] - Fix a regression in the previous change. (#1355930) [2.10.95-9] - CVE-2016-5384: Validate offsets in cache files properly. (#1355930) [2.10.95-8] - Update 45-latin.conf to add some hints to fall back for Windows fonts (#1073460) MODERATE Copyright 2016 Oracle, Inc. CVE-2016-5384 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1.0.14-7] - Add the permission patch to the repository (#1312583) [1.0.14-6] - Check the NSS certificate database directory for read permissions by the Apache user. (#1312583) [1.0.14-5] - Update clean semaphore patch to not free the pinList twice. (#1364560) [1.0.14-4] - Update clean semaphore patch to not close pipe twice and to shutdown NSS database (#1364560) [1.0.14-3] - Clean up semaphore in nss_pcache on shutdown (#1364560) [1.0.14-2] - mod_nss sets r->user in fixup even if it was long ago changed by other module (#1347298) [1.0.14-1] - Rebase to 1.0.14 (#1299063) - Add support for Server Name Indication (SNI) (#1053327) - Use upstream method to not execute live tests as root (#1256887) - Always call SSL_ShutdownServerSessionIDCache() in ModuleKill (#1263301, #1296685) - Don't require NSSProxyNickname (#1280287) - Make link to libnssckbi.so an absolute link (#1288471) - Fail for colons in credentials with FakeBasicAuth (#1295970) - Don't ignore NSSProtocol when NSSFIPS is enabled (#1312491) - Check filesystem permissions on NSS database at startup (#1312583) - OpenSSL ciphers stopped parsing at +, CVE-2016-3099 (#1323913) - Patch to match available ciphers so tests pass (#1299063) - Patch to fix tests in brew (#1299063) LOW Copyright 2016 Oracle, Inc. CVE-2016-3099 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [3.15-8.0.1] - add libreswan-oracle.patch to detect Oracle Linux distro [3.15-8] - Resolves: rhbz#1361721 libreswan pluto segfault [UPDATED] - Resolves: rhbz#1276524 [USGv6] IKEv2.EN.R.1.1.3.2 case failed due to response to bad INFORMATIONAL request [UPDATED] - Resolves: rhbz#1309764 ipsec barf [additional man page update and --no-pager] [3.15-7] - Resolves: rhbz#1311360 When IKE rekeys, if on a different tunnel, all subsequent attempts to rekey fail - Resolves: rhbz#1361721 libreswan pluto segfault [3.15-6] - Resolves: rhbz#1283468 keyingtries=0 is broken - Resolves: rhbz#1297816 When using SHA2 as PRF algorithm, nonce payload is below the RFC minimum size - Resolves: rhbz#1344567 CVE-2016-5361 libreswan: IKEv1 protocol is vulnerable to DoS amplification attack - Resolves: rhbz#1313747 ipsec pluto returns zero even if it fails - Resolves: rhbz#1302778 fips does not check hash of some files (like _import_crl) - Resolves: rhbz#1278063 Unable to authenticate with PAM for IKEv1 XAUTH - Resolves: rhbz#1257079 Libreswan doesn't call NetworkManager helper in case of a connection error - Resolves: rhbz#1272112 ipsec whack man page discrepancies - Resolves: rhbz#1280449 PAM xauth method does not work with pam_sss - Resolves: rhbz#1290907 ipsec initnss/checknss custom directory not recognized - Resolves: rhbz#1309764 ipsec barf does not show pluto log correctly in the output - Resolves: rhbz#1347735 libreswan needs to check additional CRLs after LDAP CRL distributionpoint fails - Resolves: rhbz#1219049 Pluto does not handle delete message from responder site in ikev1 - Resolves: rhbz#1276524 [USGv6] IKEv2.EN.R.1.1.3.2 case failed due to response to bad INFORMATIONAL request - Resolves: rhbz#1315412 ipsec.conf manpage does not contain any mention about crl-strict option - Resolves: rhbz#1229766 Pluto crashes after stop when I use floating ip address MODERATE Copyright 2016 Oracle, Inc. CVE-2016-5361 cpe:/a:oracle:linux:7::security_validation cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:3:base Oracle Linux 7 [3.0.6-4] - Resolves: rhbz1378619 - disable SerializerProvider by default [3.0.6-3] - Resolves: rhbz1357624 - fail to build with java 8 [3.0.6-2] - Resolves: rhbz1280539 - fix pom version IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-7050 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 7 [2.23.2-33.0.1] - fix Oracle bug 23001516 - backport lscpu: correct the Virtualization type on Xen DomU PV guest - Reviewed-by: Joe Jin <joe.jin@oracle.com> [2.23.2-33] - improve patch for #1007734 (libblkid realpaths) [2.23.2-32] - improve patch for chrt(1) deadline support #1298384 - fix #1007734 - blkid shows devices as /dev/block/: - fix #1349536 - Extended partition loop in MBR partition table leads to DOS [2.23.2-31] - improve spec file for #1092520 [2.23.2-30] - improve patch for chrt(1) deadline support #1298384 - improve regression tests [2.23.2-29] - fix #1029385 - lack of non-ascii support - fix #1092520 - util-linux - PIE and RELRO check - fix #1153770 - backport lsipc - fix #1248003 - mount only parses <param>=<value> lines from fstab fs_spec field available from blkid block device - fix #1271850 - mount -a doesn't catch a typo in /etc/fstab and a typo in /etc/fstab can make a system not reboot properly - fix #1281839 - [RFE]Bind mounts should be handled gracefully by the operating system - fix #1290689 - util-linux: /bin/login does not retry getpwnam_r with larger buffers, leading to login failure - fix #1296366 - Bash completion for more(1) handles file names with spaces incorrectly - fix #1296521 - RHEL7: update audit event in hwclock - fix #1298384 - RFE: add SCHED_DEADLINE support to chrt - fix #1304246 - fdisk 'f' subcommand updates partition ranges wrongly - fix #1304426 - [rfe] /bin/su should be improved to reduce stack use - fix #1326615 - util-linux/lscpu: Fix model and model name on Power Systems - fix #1327886 - Backport blkdiscard's '-z' flag to RHEL - fix #1332084 - [RFE] Inclusion of lsns command in util-linux Package - fix #1335671 - extra quotes around UUID confuses findfs in RHEL (but not in Fedora) - fix #1344222 - logger port option in help is misleading - fix #1344482 - util-linux fails valid_pmbr() size checks if device is > 2.14TB, Device label type: dos instead of gpt - fix #587393 - [RFE] Make sure util-linux is ready for writable overlays [2.23.2-28] - fix #1291554 - lslogins crash when executed with buggy username [2.23.2-27] - fix #1301091 - [libblkid] Failed to get offset of the xfs_external_log signature LOW Copyright 2016 Oracle, Inc. CVE-2016-5011 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [9.2.18-1] - update to 9.2.18 per release notes http://www.postgresql.org/docs/9.2/static/release-9-2-18.html http://www.postgresql.org/docs/9.2/static/release-9-2-17.html http://www.postgresql.org/docs/9.2/static/release-9-2-16.html [9.2.15-2] - fix postgresql-setup to work if postgres user is set to /bin/nologin (#1122143) MODERATE Copyright 2016 Oracle, Inc. CVE-2016-5424 CVE-2016-5423 cpe:/a:oracle:linux:7:3:base cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 7 [219-30.0.1.3] - set 'RemoveIPC=no' in logind.conf as default for OL7.2 [22224874] - allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] - add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475] - rules: load sg module (#1223340) - run: drop mistakenly committed test code (#1220272) - cgroup: downgrade log messages when we cannot write to cgroup trees that are mounted read-only (#1220298) - Revert 'conditionalize hardening away on s390(x)' - Revert 'units: fix BindsTo= logic when applied relative to services with Type=oneshot' (#1203803) - shared/install: avoid prematurely rejecting 'missing' units (#1199981) - core: fix enabling units via their absolute paths (#1199981) [219-30.3] - mtd_probe: add include for stdint (#1381573) [219-30.2] - manager: 219 needs u->id in log_unit_debug (#1381573) [219-30.1] - If the notification message length is 0, ignore the message (#4237) (#1381573) - systemctl: suppress errors with 'show' for nonexistent units and properties (#1380686) - 40-redhat.rules: disable auto-online of hot-plugged memory on IBM z Systems (#1381123) - pid1: don't return any error in manager_dispatch_notify_fd() (#4240) (#1381573) - pid1: process zero-length notification messages again (#1381573) - pid1: more informative error message for ignored notifications (#1381573) [219-30] - systemctl,pid1: do not warn about missing install info with 'preset' (#1373950) - systemctl/core: ignore masked units in preset-all (#1375097) - shared/install: handle dangling aliases as an explicit case, report nicely (#1375097) - shared/install: ignore unit symlinks when doing preset-all (#1375097) - 40-redhat.rules: don't hoplug memory on s390x (#1370161) [219-29] - fix gcc warnings about uninitialized variables (#1318994) - journalctl: rework code that checks whether we have access to /var/log/journal (#1318994) - journalctl: Improve boot ID lookup (#1318994) - journalctl: only have a single exit path from main() (#1318994) - journalctl: free all command line argument objects (#1318994) - journalctl: rename boot_id_t to BootId (#1318994) - util: introduce CMSG_FOREACH() macro and make use of it everywhere (#1318994) - journald: don't employ inner loop for reading from incoming sockets (#1318994) - journald: fix count of object meta fields (#1318994) - journal-cat: return a correct error, not -1 (#1318994) - journalctl: introduce short options for --since and --until (#1318994) - journal: s/Envalid/Invalid/ (#1318994) - journald: dispatch SIGTERM/SIGINT with a low priority (#1318994) - lz4: fix size check which had no chance of working on big-endian (#1318994) - journal: normalize priority of logging sources (#1318994) - Fix miscalculated buffer size and uses of size-unlimited sprintf() function. (#1318994) - journal: Drop monotonicity check when appending to journal file (#1318994) - journalctl: unify how we free boot id lists a bit (#1318994) - journalctl: don't trust the per-field entry tables when looking for boot IDs (#1318994) - units: remove udev control socket when systemd stops the socket unit (#49) (#1370133) - logind: don't assert if the slice is missing (#1371437) - core: enable transient unit support for slice units (#1370299) - sd-bus: bump message queue size (#1371205) - install: fix disable when /etc/systemd/system is a symlink (#1285996) - rules: add NVMe rules (#3136) (#1274651) - rules: introduce disk/by-id (model_serial) symlinks for NVMe drives (#3974) (#1274651) - rules: fix for possible whitespace in the 'model' attribute (#1274651) [219-27] - tmpfiles: enforce ordering when executing lines (#1365870) - Introduce bus_unit_check_load_state() helper (#1256858) - core: use bus_unit_check_load_state() in transaction_add_job_and_dependencies() (#1256858) - udev/path_id: correct segmentation fault due to missing NULL check (#1365556) - rules: load sg driver also when scsi_target appears (#45) (#1322773) [219-26] - install: do not crash when processing empty (masked) unit file (#1159308) - Revert 'install: fix disable via unit file path' (#1348208) - systemctl: allow disable on the unit file path, but warn about it (#3806) (#1348208) [219-25] - units: increase watchdog timeout to 3min for all our services (#1267707) - core: bump net.unix.max_dgram_qlen really early during boot (#1267707) - core: fix priority ordering in notify-handling (#1267707) - tests: fix personality tests on ppc64 and aarch64 (#1361049) - systemctl: consider service running only when it is in active or reloading state (#3874) (#1362461) [219-24] - manager: don't skip sigchld handler for main and control pid for services (#3738) (#1342173) [219-23] - udevadm: explicitly relabel /etc/udev/hwdb.bin after rename (#1350756) - systemctl: return diffrent error code if service exist or not (#3385) (#1047466) - systemctl: Replace init script error codes with enum (#3400) (#1047466) - systemctl: rework 'systemctl status' a bit (#1047466) - journal-verify: don't hit SIGFPE when determining progress (#1350232) - journal: avoid mapping empty data and field hash tables (#1350232) - journal: when verifying journal files, handle empty ones nicely (#1350232) - journal: explain the error when we find a non-DATA object that is compressed (#1350232) - journalctl: properly detect empty journal files (#1350232) - journal: uppercase first character in verify error messages (#1350232) - journalctl: make sure 'journalctl -f -t unmatched' blocks (#1350232) - journalctl: don't print -- No entries -- in quiet mode (#1350232) - sd-event: expose the event loop iteration counter via sd_event_get_iteration() (#1342173) - manager: Only invoke a single sigchld per unit within a cleanup cycle (#1342173) - manager: Fixing a debug printf formatting mistake (#1342173) - core: support IEC suffixes for RLIMIT stuff (#1351415) - core: accept time units for time-based resource limits (#1351415) - time-util: add parse_time(), which is like parse_sec() but allows specification of default time unit if none is specified (#1351415) - core: support <soft:hard> ranges for RLIMIT options (#1351415) - core: fix rlimit parsing (#1351415) - core: dump rlim_cur too (#1351415) - install: fix disable via unit file path (#1348208) [219-22] - nspawn: when connected to pipes for stdin/stdout, pass them as-is to PID 1 (#1307080) - mount: remove obsolete -n (#1339721) - core: don't log job status message in case job was effectively NOP (#3199) (#1280014) - core: use an AF_UNIX/SOCK_DGRAM socket for cgroup agent notification (#1305608) - logind: process session/inhibitor fds at higher priority (#1305608) - Teach bus_append_unit_property_assignment() about 'Delegate' property (#1337922) - sd-netlink: fix deep recursion in message destruction (#1330593) - add REMOTE_ADDR and REMOTE_PORT for Accept=yes (#1341154) - core: don't dispatch load queue when setting Slice= for transient units (#1343904) - run: make --slice= work in conjunction with --scope (#1343904) - myhostname: fix timeout if ipv6 is disabled (#1330973) - readahead: do not increase nr_requests for root fs block device (#1314559) - manager: reduce complexity of unit_gc_sweep (#3507) (#1344556) - hwdb: selinuxify a bit (#3460) (#1343648) [219-21] - path_id: reintroduce by-path links for virtio block devices (#952567) - journal: fix error handling when compressing journal objects (#1292447) - journal: irrelevant coding style fixes (#1292447) - install: follow unit file symlinks in /usr, but not /etc when looking for [Install] data (#1159308) - core: look for instance when processing template name (#1159308) - core: improve error message when starting template without instance (#1142369) - man/tmpfiles.d: add note about permissions and ownership of symlinks (#1296288) - tmpfiles: don't follow symlinks when adjusting ACLs, fille attributes, access modes or ownership (#1296288) - udev: filter out non-sensically high onboard indexes reported by the kernel (#1230210) - test-execute: add tests for RuntimeDirectory (#1324826) - core: fix group ownership when Group is set (#1324826) - fstab-generator: cescape device name in root-fsck service (#1306126) - core: add new RandomSec= setting for time units (#1305279) - core: rename Random* to RandomizedDelay* (#1305279) - journal-remote: change owner of /var/log/journal/remote and create /var/lib/systemd/journal-upload (#1327303) - Add Seal option in the configuration file for journald-remote (#1329233) - tests: fix make check failure (#1159308) - device: make sure to not ignore re-plugged device (#1332606) - device: Ensure we have sysfs path before comparing. (#1332606) - core: fix memory leak on set-default, enable, disable etc (#1331667) - nspawn: fix minor memory leak (#1331667) - basic: fix error/memleak in socket-util (#1331667) - core: fix memory leak in manager_run_generators() (#1331667) - modules-load: fix memory leak (#1331667) - core: fix memory leak on failed preset-all (#1331667) - sd-bus: fix memory leak in test-bus-chat (#1331667) - core: fix memory leak in transient units (#1331667) - bus: fix leak in error path (#1331667) - shared/logs-show: fix memleak in add_matches_for_unit (#1331667) - logind: introduce LockedHint and SetLockedHint (#3238) (#1335499) - import: use the old curl api (#1284974) - importd: drop dkr support (#1284974) - import: add support for gpg2 for verifying imported images (#1284974) [219-20] - run: synchronously wait until the scope unit we create is started (#1272368) - device: rework how we enter tentative state (#1283579) - core: Do not bind a mount unit to a device, if it was from mountinfo (#1283579) - logind: set RemoveIPC=no by default (#1284588) - sysv-generator: follow symlinks in /etc/rc.d/init.d (#1285492) - sysv-generator test: always log to console (#1279034) - man: RemoveIPC is set to no on rhel (#1284588) - Avoid /tmp being mounted as tmpfs without the user's will (#1298109) - test sysv-generator: Check for network-online.target. (#1279034) - arm/aarch64: detect-virt: check dmi (#1278165) - detect-virt: dmi: look for KVM (#1278165) - Revert 'journald: turn ForwardToSyslog= off by default' (#1285642) - terminal-util: when resetting terminals, don't wait for carrier (#1266745) - basic/terminal-util: introduce SYSTEMD_COLORS environment variable (#1247963) - ask-password: don't abort when message is missing (#1261136) - sysv-generator: do not join dependencies on one line, split them (#1288600) - udev: fibre channel: fix NPIV support (#1266934) - ata_id: unreverse WWN identifier (#1273306) - Fixup WWN bytes for big-endian systems (#1273306) - sd-journal: introduce has_runtime_files and has_persistent_files (#1082179) - journalctl: improve error messages when the specified boot is not found (#1082179) - journalctl: show friendly info when using -b on runtime journal only (#1082179) - journalctl: make 'journalctl /dev/sda' work (#947636) - journalctl: add match for the current boot when called with devpath (#947636) - man: clarify what happens when journalctl is called with devpath (#947636) - core: downgrade warning about duplicate device names (#1296249) - udev: downgrade a few warnings to debug messages (#1289461) - man: LEVEL in systemd-analyze set-log level is not optional (#1268336) - Revert 'udev: fibre channel: fix NPIV support' (#1266934) - udev: path-id: fibre channel NPIV - use fc_vport's port_name (#1266934) - systemctl: is-active/failed should return 0 if at least one unit is in given state (#1254650) - rules: set SYSTEMD_READY=0 on DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 only with ADD event (#1312011) - s390: add personality support (#1300344) - socket_address_listen - do not rely on errno (#1316452) MODERATE Copyright 2016 Oracle, Inc. CVE-2016-7795 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::optional_archive Oracle Linux 7 [32:9.9.4-38] - Fix CVE-2016-8864 [32:9.9.4-37] - Fix CVE-2016-2776 [32:9.9.4-36] - Added automatic interface scan functionality (#1294506) - Removed NetworkManager dispatcher script since it is not needed any more (#1294506) [32:9.9.4-35] - Added GeoIP support (#1220594) [32:9.9.4-34] - Added support for CAA records (#1306610) - Use HTTPS URL instead of FTP for upstream sources (#1319280) [32:9.9.4-33] - Fix excessive queries caused by DS chasing with stub zones when DNSSEC is not used (#1291185) - Fix error in internal test suite (#1259514) - Fix named-checkconf call in *-chroot.service files (#1278082) - Fix incorrect path in BIND sample configuration and added comment to default configuration (#1247502) [32:9.9.4-32] - Fix CVE-2016-1285 and CVE-2016-1286 [32:9.9.4-31] - Fix CVE-2015-8704 [32:9.9.4-30] - Fix CVE-2015-8000 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-8864 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7::optional_archive Oracle Linux 7 Oracle Linux 5 Oracle Linux 6 [1:1.7.0.121-2.6.8.0.0.1] - Update DISTRO_NAME in specfile [1:1.7.0.121-2.6.8.0] - Turn off HotSpot bootstrap to see if it resolves build issues. - Resolves: rhbz#1381990 [1:1.7.0.121-2.6.8.0] - Bump to 2.6.8 and u121b00. - Drop patches (S7081817, S8140344, S8145017 and S8162344) applied upstream. - Update md5sum list with checksum for the new java.security file. - Resolves: rhbz#1381990 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5554 CVE-2016-5582 CVE-2016-5542 CVE-2016-5597 CVE-2016-5573 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 Oracle Linux 7 [1.5.3-13.1] - fix CVE-2016-6313 - predictable PRNG output (#1366105) [1.5.3-13] - touch only urandom in the selftest and when /dev/random is unavailable for example by SELinux confinement - fix the RSA selftest key (p q swap) MODERATE Copyright 2016 Oracle, Inc. CVE-2016-6313 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:linux:7::security_validation cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 Oracle Linux 6 Oracle Linux 7 [2.0.83-30.1.0.1] - Lazy unmount private, shared entry(Joe Jin)[orabug 12560705] [2.0.83-30.1] - sandbox: create a new session for sandboxed processes Resolves: CVE-2016-7545 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-7545 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:21.2.24.0.0::ovs3 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 Oracle Linux 6 [1.2.11.15-84] - Release 1.2.11.15-84 - Resolves: #1376676 - Backport AES storage scheme plugin (DS 47462) [1.2.11.15-83] - Release 1.2.11.15-83 - Resolves: #1376676 - Backport AES storage scheme plugin (DS 47462) [1.2.11.15-82] - Release 1.2.11.15-82 - Resolves: #1376676 - Backport AES storage scheme plugin (DS 47462) [1.2.11.15-81] - Release 1.2.11.15-81 - Resolves: #Bug 1381153 - Crash in import_wait_for_space_in_fifo(). (DS 48960) [1.2.11.15-80] - Release 1.2.11.15-80 - Resolves: #1379599 - ns-slapd general protection ip:7f570c56afd5 sp:7f56dc7edce0 error:0 in libc-2.12.so (DS 48944) [1.2.11.15-79] - Release 1.2.11.15-79 - Resolves: #1358559 - CVE-2016-4992 389-ds-base: Information disclosure via repeated use of LDAP ADD operation - Resolves: #1376676 - Backport AES storage scheme plugin (DS 47462, 48862, 48243, 48777) - Resolves: #1354331 - Replication changelog can incorrectly skip over updates - Resolves: #1374588 - EASY FIX : dereferencing a NULL sr_candidates pointer in ldbm_back_next_search_entry_ext resulted a segfault (DS 47858) [1.2.11.15-78] - Release 1.2.11.15-78 - Resolves: #1354331 - Replication changelog can incorrectly skip over updates (DS 48954) - Resolves: #1361421 - CVE-2016-5416 389-ds-base: ACI readable by anonymous user (DS 48354) - Resolves: #1360974 - CVE-2016-5405 389-ds-base: Password verification vulnerable to timing attack [1.2.11.15-77] - Release 1.2.11.15-77 - Resolves: #1358390 - replication delay when server is configured with multiple replication agreements. (DS 48636) fixing a backport error [1.2.11.15-76] - Release 1.2.11.15-76 - Resolves: #1354331 - Replication changelog can incorrectly skip over updates (DS 48766) - Resolves: #1358390 - replication delay when server is configured with multiple replication agreements. (DS 48636) MODERATE Copyright 2016 Oracle, Inc. CVE-2016-5416 CVE-2016-5405 CVE-2016-4992 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch Oracle Linux 6 [2.6.32-642.11.1] - [mm] close FOLL MAP_PRIVATE race (Larry Woodman) [1385116 1385117] {CVE-2016-5195} [2.6.32-642.10.1] - [scsi] fnic: Fix to cleanup aborted IO to avoid device being offlined by mid-layer (Maurizio Lombardi) [1382620 1341298] [2.6.32-642.9.1] - [net] vlan: Fix FCOE_MTU support (Maurizio Lombardi) [1381592 1367250] - [s390] mm: fix asce_bits handling with dynamic pagetable levels (Steve Best) [1377472 1341758] - [powerpc] eeh: Block PCI configuration space access during EEH (Gustavo Duarte) [1379596 1216944] - [fs] ecryptfs: prevent mounts backed by procfs (Mateusz Guzik) [1347101 1347102] {CVE-2016-1583} - [s390] mm: four page table levels vs. fork (Hendrik Brueckner) [1341546 1316461] {CVE-2016-2143} [2.6.32-642.8.1] - [fs] lockd: unregister notifier blocks if the service fails to come up completely (Scott Mayhew) [1375637 1346317] [2.6.32-642.7.1] - [net] netfilter: ip(6)t_REJECT: fix wrong transport header pointer in TCP reset (William Townsend) [1372266 1343816] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1583 CVE-2016-2143 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch Oracle Linux 6 Oracle Linux 7 Oracle Linux 5 nss [3.21.3-2.0.1] - Added nss-vendor.patch to change vendor [3.21.3-2] - Mozilla #1314604 / Red Hat CVE-2016-8635 [3.21.3-1.1] - rebuild [3.21.3-1] - Rebase to NSS 3.21.3 - Resolves: #1383887 nss-util [3.21.3-1.1] - rebuild [3.21.3-1] - Rebase to nss-3.21.3 - Remove patch for CVE-2016-1950, which is included in the release - Related: Bug 1347908 MODERATE Copyright 2016 Oracle, Inc. CVE-2016-2834 CVE-2016-8635 CVE-2016-5285 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ovs3 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ovs3 Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.5.0-1.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [45.5.0-1] - Update to 45.5.0 ESR [45.4.0-3] - Added upcoming upstream patches mozbz#1018486 [45.4.0-2] - Added Laszlo Ersek patch for aarch64 crashes CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-5291 CVE-2016-9066 CVE-2016-5296 CVE-2016-9064 CVE-2016-5297 CVE-2016-5290 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 7 [1.0.0-13] - Backport patch for CVE-2016-8638 RHBZ#1394116 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-8638 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 7 [0:1.4.15-10.el7_3.1] - fix vulnerabilities allowing remote code execution (CVE-2016-8704, CVE-2016-8705, CVE-2016-8706) [0:1.4.15-10] - fix binding to IPv6 address (#1298603) - enable SASL support (#1263696) - don't allow authentication with bad SASL credentials (CVE-2013-7239) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-8704 CVE-2016-8706 CVE-2016-8705 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:8:beta cpe:/a:oracle:linux:7:8:base cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:linux:7:9:base cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:linux:7::optional_beta cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:linux:7::beta cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:5:base Oracle Linux 6 [0:1.4.4-3.el6_8.1] - fix vulnerabilities allowing remote code execution (CVE-2016-8704, CVE-2016-8705, CVE-2016-8706) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-8704 CVE-2016-8705 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6::unsupported Oracle Linux 6 Oracle Linux 7 [2.0.1-13] - updated security fix for CVE-2016-0718 [2.0.1-12] - add security fix for CVE-2016-0718 MODERATE Copyright 2016 Oracle, Inc. CVE-2016-0718 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ol6 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.7.0.0::ovs3 cpe:/a:oracle:linux:7:6:developer cpe:/a:oracle:exadata_dbserver:20.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:21.2.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.27.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ol7 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:21.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.26.0.0::ovs3 cpe:/a:oracle:linux:7:5:base cpe:/a:oracle:exadata_dbserver:18.1.32.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:19.3.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.4.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest_internal cpe:/a:oracle:exadata_dbserver:20.1.20.0.0::ovs3 cpe:/a:oracle:linux:7:6:base cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.2.13.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.8.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:21.2.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.14.0.0::ovs3 cpe:/a:oracle:linux:7::latest_internal cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.16.0.0::ovs3 cpe:/a:oracle:linux:7:4:base cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:20.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ol7 cpe:/a:oracle:linux:7::optional_developer cpe:/a:oracle:exadata_dbserver:19.2.11.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.30.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.34.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.17.0.0::ovs3 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.0.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.3.0.0::ovs3 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:19.2.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:7:5:developer cpe:/a:oracle:exadata_dbserver:19.2.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.14.0.0::ovs3 cpe:/a:oracle:linux:7:7:base cpe:/a:oracle:exadata_dbserver:19.3.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.33.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.6.0.0::ol7 cpe:/a:oracle:exadata_dbserver:18.1.29.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.10.0.0::ol7 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:20.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.19.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:21.2.20.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ol7 cpe:/a:oracle:exadata_dbserver:19.3.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:21.2.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:19.2.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.31.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:20.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.19.0.0::ovs3 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.3.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ol7 cpe:/a:oracle:exadata_dbserver:20.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.23.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.28.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 cpe:/a:oracle:exadata_dbserver:19.2.17.0.0::ovs3 Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [45.5.0-1] - Update to 45.5.0 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5290 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:3:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.5.1-1.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [45.5.1-1] - Update to 45.5.1 ESR CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-9079 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.5.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [45.5.1-1] - Update to 45.5.1 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-9079 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:3:patch Oracle Linux 6 Oracle Linux 7 [1.8.6p3-25] - Update noexec syscall blacklist - Fixes CVE-2016-7032 and CVE-2016-7076 Resolves: rhbz#1391937 MODERATE Copyright 2016 Oracle, Inc. CVE-2016-7032 CVE-2016-7076 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:6::unsupported Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.6.0-1.0.1] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files [45.6.0-1] - Update to 45.6.0 ESR CRITICAL Copyright 2016 Oracle, Inc. CVE-2016-9893 CVE-2016-9895 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9905 CVE-2016-9897 CVE-2016-9904 CVE-2016-9901 CVE-2016-9902 cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:linux:5::latest cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:5:11:patch Oracle Linux 5 kernel - 2.6.18-417.0.0.0.1 - [netfront] fix ring buffer index go back led vif stop [orabug 18272251] - [net] fix tcp_trim_head() (James Li) [orabug 14512145, 19219078] - ocfs2: dlm: fix recovery hung (Junxiao Bi) [orabug 13956772] - i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-7117 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 kernel [2.6.18-417] - [virt] hv: do not lose pending heartbeat vmbus packets (Vitaly Kuznetsov) [1391167] - [net] Fix use after free in the recvmmsg exit path (Davide Caratti) [1390044] {CVE-2016-7117} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-7117 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:5::latest Oracle Linux 5 [3.0.3-148.el5_11] - xen-qemu-ioport-array-overflow.patch [bz#1401521] - Resolves: bz#1401521 (CVE-2016-9637 xsa199 xen: qemu ioport array overflow (XSA-199) [rhel-5.11.z]) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-9637 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:5::latest Oracle Linux 7 Oracle Linux 6 [7.4.629-5.1] - add fix for CVE-2016-1248 MODERATE Copyright 2016 Oracle, Inc. CVE-2016-1248 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ol6 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.4::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.8::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ol6 cpe:/a:oracle:linux:6:10:base cpe:/a:oracle:exadata_dbserver:12.2.1.1.6::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ol6 cpe:/a:oracle:exadata_dbserver:18.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.3::ol6 cpe:/a:oracle:exadata_dbserver:18.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ol6 cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.2::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ol6 cpe:/a:oracle:exadata_dbserver:18.1.6.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.2.0.0::ovs3 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ol6 cpe:/a:oracle:exadata_dbserver:19.2.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:12.2.1.1.5::ovs3 cpe:/a:oracle:exadata_dbserver:19.1.0.0.0::ovs3 cpe:/a:oracle:linux:6::unsupported cpe:/a:oracle:exadata_dbserver:19.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.8.0.0::ol6 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:exadata_dbserver:18.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ovs3 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:exadata_dbserver:18.1.14.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.5.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.7.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.9.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.7::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.1::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.17.0.0::ovs3 cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:3:patch cpe:/a:oracle:exadata_dbserver:18.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.10.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:19.2.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:18.1.16.0.0::ol6 cpe:/a:oracle:exadata_dbserver:18.1.11.0.0::ol6 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ol6 Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 [45.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [45.6.0-1] - Update to the latest upstream (45.6.0) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-9901 CVE-2016-9893 CVE-2016-9895 CVE-2016-9905 CVE-2016-9899 CVE-2016-9900 CVE-2016-9902 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive cpe:/a:oracle:linux:7:3:patch Oracle Linux 6 [0.10.19-5] - vmncdec: Sanity-check width/height before using it Resolves: rhbz#1400820 [0.10.19-4] - Remove insecure NSF decoder Resolves: rhbz#1400820 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-9447 CVE-2016-9445 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 [0.10.23-4] - Remove insecure FLX plugin Resolves: rhbz#1400835 IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-9634 CVE-2016-9635 CVE-2016-9807 CVE-2016-9808 CVE-2016-9636 cpe:/a:oracle:linux:6:9:base cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:6::latest cpe:/a:oracle:linux:6:10:base Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.2.4] - KEYS: Don't permit request_key() to construct a new keyring (David Howells) [Orabug: 22373442] {CVE-2015-7872} [3.8.13-118.2.3] - dcache: Handle escaped paths in prepend_path (Eric W. Biederman) [Orabug: 22373283] - vfs: Test for and handle paths that are unreachable from their mnt_root (Eric W. Biederman) [Orabug: 22249875] - KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring (David Howells) [Orabug: 22373442] {CVE-2015-7872} - KEYS: Fix race between key destruction and finding a keyring by name (David Howells) [Orabug: 22373442] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-2925 CVE-2015-7872 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.264.13] - KEYS: Don't permit request_key() to construct a new keyring (David Howells) [Orabug: 22373449] {CVE-2015-7872} [2.6.39-400.264.12] - crypto: add missing crypto module aliases (Mathias Krause) [Orabug: 22249656] {CVE-2013-7421} {CVE-2014-9644} - crypto: include crypto- module prefix in template (Kees Cook) [Orabug: 22249656] {CVE-2013-7421} {CVE-2014-9644} - crypto: prefix module autoloading with 'crypto-' (Kees Cook) [Orabug: 22249656] {CVE-2013-7421} {CVE-2014-9644} [2.6.39-400.264.11] - KVM: x86: Don't report guest userspace emulation error to userspace (Nadav Amit) [Orabug: 22249615] {CVE-2010-5313} {CVE-2014-7842} [2.6.39-400.264.9] - msg_unlock() in wrong spot after applying 'Initialize msg/shm IPC objects before doing ipc_addid()' (Chuck Anderson) [Orabug: 22250044] {CVE-2015-7613} {CVE-2015-7613} [2.6.39-400.264.8] - ipc/sem.c: fully initialize sem_array before making it visible (Manfred Spraul) [Orabug: 22250044] {CVE-2015-7613} - Initialize msg/shm IPC objects before doing ipc_addid() (Linus Torvalds) [Orabug: 22250044] {CVE-2015-7613} [2.6.39-400.264.7] - KVM: svm: unconditionally intercept #DB (Paolo Bonzini) [Orabug: 22333698] {CVE-2015-8104} {CVE-2015-8104} - KVM: x86: work around infinite loop in microcode when #AC is delivered (Eric Northup) [Orabug: 22333689] {CVE-2015-5307} {CVE-2015-5307} [2.6.39-400.264.6] - mlx4_core: Introduce restrictions for PD update (Ajaykumar Hotchandani) - IPoIB: Drop priv->lock before calling ipoib_send() (Wengang Wang) - IPoIB: serialize changing on tx_outstanding (Wengang Wang) [Orabug: 21861366] - IB/mlx4: Implement IB_QP_CREATE_USE_GFP_NOIO (Jiri Kosina) - IB: Add a QP creation flag to use GFP_NOIO allocations (Or Gerlitz) - IB: Return error for unsupported QP creation flags (Or Gerlitz) - IB/ipoib: Calculate csum only when skb->ip_summed is CHECKSUM_PARTIAL (Yuval Shaia) [Orabug: 20873175] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2014-7842 CVE-2015-7613 CVE-2015-8104 CVE-2014-9644 CVE-2015-5307 CVE-2013-7421 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.37.15uek] - ipc/sem.c: fully initialize sem_array before making it visible (Manfred Spraul) [Orabug: 22250043] {CVE-2015-7613} - Initialize msg/shm IPC objects before doing ipc_addid() (Linus Torvalds) [Orabug: 22250043] {CVE-2015-7613} - crypto: add missing crypto module aliases (Mathias Krause) [Orabug: 22249655] {CVE-2013-7421} {CVE-2014-9644} - crypto: include crypto- module prefix in template (Kees Cook) [Orabug: 22249655] {CVE-2013-7421} {CVE-2014-9644} - crypto: prefix module autoloading with 'crypto-' (Kees Cook) [Orabug: 22249655] {CVE-2013-7421} {CVE-2014-9644} [2.6.32-400.37.14uek] - KVM: add arg to ac_interception() missing from 'KVM: x86: work around infinite loop in microcode when #AC is delivered' (Chuck Anderson) [Orabug: 22336493] {CVE-2015-5307} [2.6.32-400.37.13uek] - KVM: svm: unconditionally intercept #DB (Paolo Bonzini) [Orabug: 22336518] {CVE-2015-8104} {CVE-2015-8104} - KVM: x86: work around infinite loop in microcode when #AC is delivered (Eric Northup) [Orabug: 22336493] {CVE-2015-5307} {CVE-2015-5307} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2013-7421 CVE-2015-7613 CVE-2014-9644 CVE-2015-5307 CVE-2015-8104 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.2.5] - KEYS: Fix keyring ref leak in join_session_keyring() (Yevgeny Pats) [Orabug: 22563965] {CVE-2016-0728} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0728 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-32.1.2] - KEYS: Fix keyring ref leak in join_session_keyring() (Yevgeny Pats) [Orabug: 22563965] {CVE-2016-0728} [4.1.12-32.1.1] - ocfs2: return non-zero st_blocks for inline data (John Haxby) [Orabug: 22218243] - xen/events/fifo: Consume unprocessed events when a CPU dies (Ross Lagerwall) [Orabug: 22498877] - Revert 'xen/fb: allow xenfb initialization for hvm guests' (Konrad Rzeszutek Wilk) - xen/pciback: Dont allow MSI-X ops if PCI_COMMAND_MEMORY is not set. (Konrad Rzeszutek Wilk) - xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled. (Konrad Rzeszutek Wilk) - xen/pciback: Do not install an IRQ handler for MSI interrupts. (Konrad Rzeszutek Wilk) - xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has MSI or MSI-X enabled (Konrad Rzeszutek Wilk) - xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled (Konrad Rzeszutek Wilk) - xen/pciback: Save xen_pci_op commands before processing it (Konrad Rzeszutek Wilk) - xen-scsiback: safely copy requests (David Vrabel) - xen-blkback: read from indirect descriptors only once (Roger Pau Monne) - xen-blkback: only read request operation from shared ring once (Roger Pau Monne) - xen-netback: use RING_COPY_REQUEST() throughout (David Vrabel) - xen-netback: dont use last request to determine minimum Tx credit (David Vrabel) - xen: Add RING_COPY_REQUEST() (David Vrabel) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0728 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 7 [2.17-106.0.1.4] - Remove strstr and strcasestr implementations using sse4.2 instructions. - Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and 1818483b15d22016b0eae41d37ee91cc87b37510 backported. [2.17-106.4] - Revert problematic libresolv change, not needed for the CVE-2015-7547 fix (#1296030). [2.17-106.3] - Fix CVE-2015-7547: getaddrinfo() stack-based buffer overflow (#1296030). - Fix madvise performance issues (#1298930). - Avoid 'monstartup: out of memory' error on powerpc64le (#1298956). [2.17-106.2] - Fix CVE-2015-5229: calloc() may return non-zero memory (#1296453). CRITICAL Copyright 2016 Oracle, Inc. cpe:/a:oracle:linux:7::userspace_ksplice Oracle Linux 6 [2.12-1.166.7] - Update fix for CVE-2015-7547 (#1296028). [2.12-1.166.6] - Create helper threads with enough stack for POSIX AIO and timers (#1301625). [2.12-1.166.5] - Fix CVE-2015-7547: getaddrinfo() stack-based buffer overflow (#1296028). [2.12-1.166.4] - Support loading more libraries with static TLS (#1291270). CRITICAL Copyright 2016 Oracle, Inc. cpe:/a:oracle:linux:6::userspace_ksplice Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.3.2] - x86/nmi/64: Use DF to avoid userspace RSP confusing nested NMI detection (Andy Lutomirski) [Orabug: 22742507] {CVE-2015-5157} - x86/nmi/64: Reorder nested NMI checks (Andy Lutomirski) [Orabug: 22742507] {CVE-2015-5157} - x86/nmi/64: Improve nested NMI comments (Andy Lutomirski) [Orabug: 22742507] {CVE-2015-5157} - x86/nmi/64: Switch stacks on userspace NMI entry (Andy Lutomirski) [Orabug: 22742507] {CVE-2015-5157} - x86/paravirt: Replace the paravirt nop with a bona fide empty function (Andy Lutomirski) [Orabug: 22742507] {CVE-2015-5157} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-5157 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 [4.3p2-82.0.1] - change default value of MaxStartups - CVE-2010-5107 (John Haxby) [orabug 22766491] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2010-5107 cpe:/a:oracle:exadata_dbserver:12.1.2.2.2::ovs3 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:exadata_dbserver:12.1.2.3.1::ovs3 cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 [1.0.1e-51.4] - fix CVE-2016-0702 - side channel attack on modular exponentiation - fix CVE-2016-0705 - double-free in DSA private key parsing - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn [1.0.1e-51.3] - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method [1.0.1e-51.2] - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 [1.0.1e-51.1] - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint IMPORTANT Copyright 2016 Oracle, Inc. cpe:/a:oracle:linux:6::userspace_ksplice cpe:/a:oracle:linux:7::userspace_ksplice Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.4.2] - pipe: Fix buffer offset after partially failed read (Ben Hutchings) [Orabug: 22985903] {CVE-2016-0774} {CVE-2015-1805} {CVE-2016-0774} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0774 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-32.2.3] - rebuild bumping release [4.1.12-32.2.2] - x86/iopl/64: properly context-switch IOPL on Xen PV (Andy Lutomirski) [Orabug: 22997978] {CVE-2016-3157} - fs/hugetlbfs/inode.c: fix bugs in hugetlb_vmtruncate_list() (Mike Kravetz) [Orabug: 22667863] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0617 CVE-2016-3157 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 5 [4.3p2-82.0.2] - CVE-2015-5600: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices (John Haxby) [orabug 22985024] - CVE-2016-3115: missing sanitisation of input for X11 forwarding (John Haxby) [orabug 22985024] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3115 CVE-2015-5600 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ovs3 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ovs3 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ovs3 Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.6.1] - skbuff: skb_segment: orphan frags before copying (Dongli Zhang) [Orabug: 23018911] - RDS/IB: VRPC DELAY / OSS RECONNECT CAUSES 5 MINUTE STALL ON PORT FAILURE (Venkat Venkatsubra) [Orabug: 22888920] - mlx4_core: Introduce restrictions for PD update (Ajaykumar Hotchandani) - filename should be destroyed via final_putname() instead of __putname() (John Sobecki) [Orabug: 22346320] - RDS: Fix the atomicity for congestion map update (Wengang Wang) [Orabug: 23141554] - sctp: Prevent soft lockup when sctp_accept() is called during a timeout event (Karl Heiss) [Orabug: 23222753] {CVE-2015-8767} [3.8.13-118.5.1] - x86_64: expand kernel stack to 16K (Minchan Kim) [Orabug: 21140371] - iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets (Neil Horman) [Orabug: 22534160] - xen: remove unneeded variables and one constant (Daniel Kiper) [Orabug: 22288700] - Revert 'x86/xen: delay construction of mfn_list_list' (Daniel Kiper) [Orabug: 22288700] - ocfs2/dlm: fix misuse of list_move_tail() in dlm_run_purge_list() (Tariq Saeed) [Orabug: 22898384] - ocfs2/dlm: do not purge lockres that is queued for assert master (Xue jiufei) [Orabug: 22898384] MODERATE Copyright 2016 Oracle, Inc. CVE-2015-8767 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.278.2] - sctp: Prevent soft lockup when sctp_accept() is called during a timeout event (Karl Heiss) [Orabug: 23222773] {CVE-2015-8767} MODERATE Copyright 2016 Oracle, Inc. CVE-2015-8767 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.37.16uek] - sctp: Prevent soft lockup when sctp_accept() is called during a timeout event (Karl Heiss) [Orabug: 23222781] {CVE-2015-8767} MODERATE Copyright 2016 Oracle, Inc. CVE-2015-8767 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:6:7:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-37.2.2] - sctp: Prevent soft lockup when sctp_accept() is called during a timeout event (Karl Heiss) [Orabug: 23222731] {CVE-2015-8767} MODERATE Copyright 2016 Oracle, Inc. CVE-2015-8767 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 7 [1.0.1e-51.5] - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate() - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO - fix CVE-2016-0799 - memory issues in BIO_printf [1.0.1e-51.4] - fix CVE-2016-0702 - side channel attack on modular exponentiation - fix CVE-2016-0705 - double-free in DSA private key parsing - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn [1.0.1e-51.3] - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method [1.0.1e-51.2] - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 [1.0.1e-51.1] - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2109 CVE-2016-2107 CVE-2016-2106 CVE-2016-2108 CVE-2016-2842 CVE-2016-0799 CVE-2016-2105 cpe:/a:oracle:linux:7::userspace_ksplice Oracle Linux 6 [1.0.1e-48.1] - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate() - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO - fix CVE-2016-0799 - memory issues in BIO_printf IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0799 CVE-2016-2109 CVE-2016-2842 CVE-2016-2108 CVE-2016-2106 CVE-2016-2107 CVE-2016-2105 cpe:/a:oracle:linux:6::userspace_ksplice Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-37.3.1] - KEYS: Fix ASN.1 indefinite length object parsing This fixes CVE-2016-0758. (David Howells) [Orabug: 23279022] {CVE-2016-0758} - uek-rpm: ol6: revert DRM for experimental or OL6-incompatible drivers (Todd Vierling) [Orabug: 23270829] - unix: properly account for FDs passed over unix sockets (willy tarreau) [Orabug: 23262277] {CVE-2013-4312} {CVE-2013-4312} - sctp: Prevent soft lockup when sctp_accept() is called during a timeout event (Karl Heiss) [Orabug: 23222731] {CVE-2015-8767} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2013-4312 CVE-2016-0758 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.6.2] - KEYS: Fix ASN.1 indefinite length object parsing This fixes CVE-2016-0758. (David Howells) [Orabug: 23279020] {CVE-2016-0758} - net: add validation for the socket syscall protocol argument (Hannes Frederic Sowa) [Orabug: 23267997] {CVE-2015-8543} {CVE-2015-8543} - ipv6: addrconf: validate new MTU before applying it (Marcelo Leitner) [Orabug: 23263252] {CVE-2015-8215} - unix: properly account for FDs passed over unix sockets (willy tarreau) [Orabug: 23262276] {CVE-2013-4312} {CVE-2013-4312} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-0758 CVE-2015-8215 CVE-2015-8543 CVE-2013-4312 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.278.3] - net: add validation for the socket syscall protocol argument (Hannes Frederic Sowa) [Orabug: 23267976] {CVE-2015-8543} {CVE-2015-8543} - ipv6: addrconf: validate new MTU before applying it (Marcelo Leitner) [Orabug: 23263251] {CVE-2015-8215} - ext4: avoid hang when mounting non-journal filesystems with orphan list (Theodore Ts'o) [Orabug: 23262219] {CVE-2015-7509} - ext4: make orphan functions be no-op in no-journal mode (Anatol Pomozov) [Orabug: 23262219] {CVE-2015-7509} - unix: properly account for FDs passed over unix sockets (willy tarreau) [Orabug: 23262265] {CVE-2013-4312} {CVE-2013-4312} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-7509 CVE-2015-8543 CVE-2015-8215 CVE-2013-4312 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.37.17] - net: add validation for the socket syscall protocol argument (Hannes Frederic Sowa) [Orabug: 23267965] {CVE-2015-8543} {CVE-2015-8543} - ext4: Fix null dereference in ext4_fill_super() (Ben Hutchings) [Orabug: 23263398] {CVE-2015-8324} {CVE-2015-8324} - ipv6: addrconf: validate new MTU before applying it (Marcelo Leitner) [Orabug: 23263242] {CVE-2015-8215} - ext4: avoid hang when mounting non-journal filesystems with orphan list (Theodore Ts'o) [Orabug: 23262201] {CVE-2015-7509} - ext4: make orphan functions be no-op in no-journal mode (Anatol Pomozov) [Orabug: 23262201] {CVE-2015-7509} - unix: properly account for FDs passed over unix sockets (willy tarreau) [Orabug: 23262258] {CVE-2013-4312} {CVE-2013-4312} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-8324 CVE-2015-8215 CVE-2015-8543 CVE-2013-4312 CVE-2015-7509 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 [1.10.3-1.0.3] - CVE-2016-3697: docker: Potential privilege escalation via confusion of usernames and UIDs [orabug 23279003] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3697 cpe:/a:oracle:linux:6::addons cpe:/a:oracle:linux:7::addons Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-37.5.1] - sched/core: Clear the root_domain cpumasks in init_rootdomain() (Xunlei Pang) [Orabug: 23520741] - ocfs2: bump up o2cb network protocol version (Junxiao Bi) [Orabug: 23515810] - IB/security: Restrict use of the write() interface (Jason Gunthorpe) [Orabug: 23283954] {CVE-2016-4565} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4565 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 [1.0.1t-2.0.1] - update to upstream 1.0.1t - Original 1.0.1 test certificates has expired on May 10, 2016. Updated certificatea were copied from 1.0.2h tree (alexey.petrenko@oracle.com) IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 CVE-2016-2105 CVE-2016-0799 CVE-2016-2107 CVE-2016-2842 cpe:/a:oracle:linux:6::addons Oracle Linux 5 Oracle Linux 6 [2.6.39-400.280.1] - Fix cpu bootup stall with large cpu count (Zhenzhong Duan) [Orabug: 23481040] - megaraid_sas : Update threshold based reply post host index register (Sumit.Saxena@avagotech.com) [Orabug: 23536267] [2.6.39-400.279.1] - IPoIB: increase send queue size to 4 times (Ajaykumar Hotchandani) [Orabug: 22287489] - IB/ipoib: Change send workqueue size for CM mode (Ajaykumar Hotchandani) [Orabug: 22287489] - Avoid 60sec timeout when receiving rtpg sense code 06/00/00 (John Sobecki) [Orabug: 22336257] - stop recursive fault in print_context_stack after stack overflow (John Sobecki) [Orabug: 23174777] - IB/security: Restrict use of the write() interface (Jason Gunthorpe) [Orabug: 23287131] {CVE-2016-4565} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4565 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.7.1] - megaraid_sas : Update threshold based reply post host index register (Sumit.Saxena@avagotech.com) [Orabug: 23562756] - xen/events: Don't move disabled irqs (Ross Lagerwall) [Orabug: 23055234] - xen/events: Mask a moving irq (Boris Ostrovsky) [Orabug: 23055234] - xen/pciback: Save the number of MSI-X entries to be copied later. (Dongli Zhang) [Orabug: 23202410] - xen/pciback: Save xen_pci_op commands before processing it (Dongli Zhang) [Orabug: 23202410] - xen-blkback: read from indirect descriptors only once (Dongli Zhang) [Orabug: 23202410] - xen-blkback: only read request operation from shared ring once (Dongli Zhang) [Orabug: 23202410] - xen-netback: use RING_COPY_REQUEST() throughout (Dongli Zhang) [Orabug: 23202410] - xen-netback: don't use last request to determine minimum Tx credit (Dongli Zhang) [Orabug: 23202410] - xen: Add RING_COPY_REQUEST() (Dongli Zhang) [Orabug: 23202410] - IB/security: Restrict use of the write() interface (Jason Gunthorpe) [Orabug: 23283925] {CVE-2016-4565} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4565 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 [0.9.8e-40.0.2] - CVE-2016-0799 - Fix memory issues in BIO_*printf functions - CVE-2016-2105 - Avoid overflow in EVP_EncodeUpdate - CVE-2016-2106 - Fix encrypt overflow - CVE-2016-2109 - Harden ASN.1 BIO handling of large amounts of data. IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2106 CVE-2016-2105 CVE-2016-2109 CVE-2016-0799 cpe:/a:oracle:exadata_dbserver:12.1.2.3.2::ovs3 cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.2.3::ovs3 cpe:/a:oracle:linux:5::latest Oracle Linux 5 Oracle Linux 6 kernel-uek [2.6.32-400.37.18uek] - IB/security: Restrict use of the write() interface (Jason Gunthorpe) [Orabug: 23641666] {CVE-2016-4565} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4565 cpe:/a:oracle:linux:6::latest_archive cpe:/a:oracle:linux:5:11:patch cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:linux:5::latest Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-37.6.1] - vfs: rename: check backing inode being equal (Miklos Szeredi) [Orabug: 24010060] {CVE-2016-6198} {CVE-2016-6197} - vfs: add vfs_select_inode() helper (Miklos Szeredi) [Orabug: 24010060] {CVE-2016-6198} {CVE-2016-6197} - ovl: verify upper dentry before unlink and rename (Miklos Szeredi) [Orabug: 24010060] {CVE-2016-6198} {CVE-2016-6197} - ovl: fix getcwd() failure after unsuccessful rmdir (Rui Wang) [Orabug: 24010060] {CVE-2016-6198} {CVE-2016-6197} - xen: use same main loop for counting and remapping pages (Juergen Gross) [Orabug: 24012238] - Revert 'ocfs2: bump up o2cb network protocol version' (Junxiao Bi) [Orabug: 23710417] - atl2: Disable unimplemented scatter/gather feature (Ben Hutchings) [Orabug: 23704078] {CVE-2016-2117} - Revert 'perf tools: Bump default sample freq to 4 kHz' (ashok.vairavan) [Orabug: 23634802] - block: Initialize max_dev_sectors to 0 (Keith Busch) [Orabug: 23333444] - sd: Fix rw_max for devices that report an optimal xfer size (Martin K. Petersen) [Orabug: 23333444] - sd: Fix excessive capacity printing on devices with blocks bigger than 512 bytes (Martin K. Petersen) [Orabug: 23333444] - sd: Optimal I/O size is in bytes, not sectors (Martin K. Petersen) [Orabug: 23333444] - sd: Reject optimal transfer length smaller than page size (Martin K. Petersen) [Orabug: 23333444] - Fix kabi issue for upstream commit ca369d51 (Joe Jin) [Orabug: 23333444] - block/sd: Fix device-imposed transfer length limits (Joe Jin) [Orabug: 23333444] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-6197 CVE-2016-6198 CVE-2016-2117 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.9.1] - mlx4: Increase SYNC_TPT command timeout (Mukesh Kacker) [Orabug: 22895790] - neigh: do not modify unlinked entries (Julian Anastasov) [Orabug: 23072705] - mm/slab: Improve performance of slabinfo stats gathering (Aruna Ramakrishna) [Orabug: 23720437] - atl2: Disable unimplemented scatter/gather feature (Ben Hutchings) [Orabug: 23703901] {CVE-2016-2117} {CVE-2016-2117} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2117 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.283.1] - atl2: Disable unimplemented scatter/gather feature (Ben Hutchings) [Orabug: 23703990] {CVE-2016-2117} - mlx4_core: add module parameter to disable background init (Mukesh Kacker) [Orabug: 23292107] - NFSv4: Don't decode fs_locations if we didn't ask for them... (Trond Myklebust) [Orabug: 23633714] - mm/slab: Improve performance of slabinfo stats gathering (Aruna Ramakrishna) [Orabug: 23050884] - offload ib subnet manager port and node get info query handling. (Rama Nichanamatlu) [Orabug: 22521735] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2117 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.9.2] - KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: 24393864] {CVE-2016-4470} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4470 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.283.2] - KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: 24393863] {CVE-2016-4470} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4470 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-37.6.2] - KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: 24393865] {CVE-2016-4470} - ovl: fix permission checking for setattr (Miklos Szeredi) [Orabug: 24393742] {CVE-2015-8660} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-8660 CVE-2016-4470 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-37.6.3] - tcp: make challenge acks less predictable (Eric Dumazet) [Orabug: 24010103] [Orabug: 2401010] {CVE-2016-5696} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5696 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.10.2] - tcp: make challenge acks less predictable (Eric Dumazet) [Orabug: 24010012] [Orabug: 2401010] {CVE-2016-5696} [3.8.13-118.10.1] - ocfs2: call ocfs2_journal_access_di() before ocfs2_journal_dirty() in ocfs2_write_end_nolock() (yangwenfang) [Orabug: 19601200] - ocfs2: improve recovery performance (Junxiao Bi) [Orabug: 24395691] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5696 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.6] - blk-mq: avoid setting hctx->tags->cpumask before allocation (Akinobu Mita) [Orabug: 24464170] [4.1.12-61.1.3] - ocfs2: improve recovery performance (Junxiao Bi) [Orabug: 24395729] - qed: Utilize FW 8.10.3.0 (Yuval Mintz) [Orabug: 24442553] - blk-mq: mark request queue as mq asap (Ming Lei) [Orabug: 24318720] - lpfc: fix oops in lpfc_sli4_scmd_to_wqidx_distr() from lpfc_send_taskmgmt() (Mauricio Faria de Oliveira) [Orabug: 24312616] [4.1.12-61.1.2] - KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: 24402831] {CVE-2016-4470} [4.1.12-61.1.1] - ol6-spec: update linux-firmware dependency to 20160616-44.git43e96a1e.0.10 (Chuck Anderson) [Orabug: 24311968] - ol7-spec: update dracut version dependency to 033-360.0.3 (Chuck Anderson) [Orabug: 24308248] - [2d8747c2] fixup! blk-mq: prevent double-unlock of mutex (Dan Duval) [Orabug: 24376521] - tcp: make challenge acks less predictable (Eric Dumazet) [Orabug: 24010102] - IBCM: dereference timewait_info only when needed (Santosh Shilimkar) [Orabug: 24326732] - ext4: update c/mtime on truncate up (Eryu Guan) [Orabug: 24325361] - vfs: add vfs_select_inode() helper (Miklos Szeredi) [Orabug: 24009788] {CVE-2016-6198} {CVE-2016-6197} - vfs: rename: check backing inode being equal (Miklos Szeredi) [Orabug: 24009788] {CVE-2016-6198} {CVE-2016-6197} - ovl: verify upper dentry before unlink and rename (Miklos Szeredi) [Orabug: 24009788] {CVE-2016-6198} {CVE-2016-6197} - xen-pciback: mark device to be hidden on AER error trigger (Elena Ufimtseva) [4.1.12-61] - block: Initialize max_dev_sectors to 0 (Keith Busch) [Orabug: 23615929] - sd: Fix rw_max for devices that report an optimal xfer size (Martin K. Petersen) [Orabug: 23615929] - sd: Fix excessive capacity printing on devices with blocks bigger than 512 bytes (Martin K. Petersen) [Orabug: 23615929] - sd: Optimal I/O size is in bytes, not sectors (Martin K. Petersen) [Orabug: 23615929] - sd: Reject optimal transfer length smaller than page size (Martin K. Petersen) [Orabug: 23615929] - block/sd: Fix device-imposed transfer length limits (Joe Jin) [Orabug: 23615929] - Fix kabi issue for upstream commit ca369d51 (Joe Jin) [Orabug: 23615929] - Revert 'ocfs2: bump up o2cb network protocol version' (Junxiao Bi) [Orabug: 24292852] - Btrfs: fix leaking of ordered extents after direct IO write error (Filipe Manana) [Orabug: 23717870] - Btrfs: fix error path when failing to submit bio for direct IO write (Filipe Manana) [Orabug: 23717870] - Btrfs: fix memory corruption on failure to submit bio for direct IO (Filipe Manana) [Orabug: 23717870] - Btrfs: fix extent accounting for partial direct IO writes (Filipe Manana) [Orabug: 23717870] - Btrfs: Direct I/O: Fix space accounting (chandan) [Orabug: 23717870] - Btrfs: fix warning of bytes_may_use (Liu Bo) [Orabug: 23717870] - xen: use same main loop for counting and remapping pages (Juergen Gross) [4.1.12-60] - xen-blkfront: dynamic configuration of per-vbd resources (Bob Liu) [Orabug: 23720696] - xen-blkfront: introduce blkif_set_queue_limits() (Bob Liu) [Orabug: 23720696] - xen-blkfront: fix places not updated after introducing 64KB page granularity (Bob Liu) [Orabug: 23720696] - IB: Add RNR timer workaround for PSIF (Santosh Shilimkar) [Orabug: 23633926] - IB/core: Add encode/decode FDR/EDR rates (Hans Westgaard Ry) [Orabug: 23084916] - bfa: Fix for crash when bfa_itnim is NULL (Sudarsana Reddy Kalluru) [Orabug: 23950878] - bfa:Update driver version to 3.2.25.0 (Anil Gurumurthy) [Orabug: 23950878] - bfa:File header and user visible string changes (Anil Gurumurthy) [Orabug: 23950878] - bfa:Updating copyright messages (Anil Gurumurthy) [Orabug: 23950878] - bfa: Fix incorrect de-reference of pointer (Anil Gurumurthy) [Orabug: 23950878] - bfa: Fix indentation (Anil Gurumurthy) [Orabug: 23950878] - lpfc updates to 11.1.0.4 for uek4-r2 (rkennedy) [Orabug: 23762058] - lpfc: Update modified file copyrights (James Smart) [Orabug: 23762058] - lpfc: Fix interaction between fdmi_on and enable_SmartSAN (James Smart) [Orabug: 23762058] - lpfc: Add support for SmartSAN 2.0 (James Smart) [Orabug: 23762058] - lpfc: Fix Device discovery failures during switch reboot test. (James Smart) [Orabug: 23762058] - lpfc: Utilize embedded CDB logic to minimize IO latency (James Smart) [Orabug: 23762058] - lpfc: Fix crash when unregistering default rpi. (James Smart) [Orabug: 23762058] - lpfc: Fix DMA faults observed upon plugging loopback connector (James Smart) [Orabug: 23762058] - lpfc: Correct LOGO handling during login (James Smart) [Orabug: 23762058] - lpfc: fix misleading indentation (Arnd Bergmann) [Orabug: 23762058] - lpfc: fix missing zero termination in debugfs (Alan) [Orabug: 23762058] - lpfc: Remove redundant code block in lpfc_scsi_cmd_iocb_cmpl (Johannes Thumshirn) [Orabug: 23762058] - qla2xxx: Update driver version to 8.07.00.38.40.0-k. (Sawan Chandak) [Orabug: 23755773] - qla2xxx: Fix BBCR offset (Sawan Chandak) [Orabug: 23755773] - qla2xxx: Disable the adapter and skip error recovery in case of register disconnect. (Sawan Chandak) [Orabug: 23755773] - qla2xxx: Separate ISP type bits out from device type. (Joe Carnuccio) [Orabug: 23755773] - qla2xxx: Correction to function qla26xx_dport_diagnostics(). (Joe Carnuccio) [Orabug: 23755773] - qla2xxx: Add support to handle Loop Init error Asynchronus event. (Joe Carnuccio) [Orabug: 23755773] - qla2xxx: Let DPORT be enabled purely by nvram. (Joe Carnuccio) [Orabug: 23755773] - qla2xxx: Add bsg interface to support statistics counter reset. (Sawan Chandak) [Orabug: 23755773] - qla2xxx: Add bsg interface to support D_Port Diagnostics. (Joe Carnuccio) [Orabug: 23755773] - qla2xxx: Check for device state before unloading the driver. (Sawan Chandak) [Orabug: 23755773] - qla2xxx: Properly reset firmware statistics. (Joe Carnuccio) [Orabug: 23755773] - qla2xxx: Properly initialize IO statistics. (Joe Carnuccio) [Orabug: 23755773] - qla2xxx: Make debug buffer log easier to view. (Joe Carnuccio) [Orabug: 23755773] - qla2xxx: Add module parameter alternate/short names. (Joe Carnuccio) [Orabug: 23755773] - qla2xxx: Set FLOGI retry in additional firmware options for P2P (N2N) mode. (Giridhar Malavali) [Orabug: 23755773] - qla2xxx: Shutdown board on thermal shutdown aen. (Joe Carnuccio) [Orabug: 23755773] - qla2xxx: Add ram area DDR for fwdump template entry T262. (Joe Carnuccio) [Orabug: 23755773] - qla2xxx: Remove sysfs node fw_dump_template. (Joe Carnuccio) [Orabug: 23755773] - mpt3sas: Used 'synchronize_irq()'API to synchronize timed-out IO & TMs (Chaitra P B) [Orabug: 22529571] - mpt3sas: Set maximum transfer length per IO to 4MB for VDs (Chaitra P B) [Orabug: 22529571] - mpt3sas: Updating mpt3sas driver version to 13.100.00.00 (Chaitra P B) [Orabug: 22529571] - mpt3sas: Fix initial Reference tag field for 4K PI drives. (Chaitra P B) [Orabug: 22529571] - mpt3sas: Handle active cable exception event (Chaitra P B) [Orabug: 22529571] - mpt3sas: Update MPI header to 2.00.42 (Chaitra P B) [Orabug: 22529571] - mpt3sas - remove unused fw_event_work elements (Joe Lawrence) [Orabug: 22529571] - mpt3sas: Remove usage of 'struct timeval' (Tina Ruchandani) [Orabug: 22529571] - mpt3sas: Dont overreach ioc->reply_post[] during initialization (Calvin Owens) [Orabug: 22529571] - mpt3sas: Remove unnecessary synchronize_irq() before free_irq() (Lars-Peter Clausen) [Orabug: 22529571] - mpt3sas: Free memory pools before retrying to allocate with different value. (Suganath prabu Subramani) [Orabug: 22529571] - mpt3sas: Remove cpumask_clear for zalloc_cpumask_var and dont free free_cpu_mask_var before reply_q (Suganath prabu Subramani) [Orabug: 22529571] - mpt3sas: Updating mpt3sas driver version to 12.100.00.00 (Suganath prabu Subramani) [Orabug: 22529571] - mpt3sas: Fix for Asynchronous completion of timedout IO and task abort of timedout IO. (Suganath prabu Subramani) [Orabug: 22529571] - mpt3sas: Updated MPI Header to 2.00.42 (Suganath prabu Subramani) [Orabug: 22529571] - mpt3sas: Add support for configurable Chain Frame Size (Suganath prabu Subramani) [Orabug: 22529571] - mpt3sas: Added smp_affinity_enable module parameter. (Suganath Prabu Subramani) [Orabug: 22529571] - mpt3sas: Make use of additional HighPriority credit message frames for sending SCSI IOs (Suganath prabu Subramani) [Orabug: 22529571] - mpt3sas: Never block the Enclosure device (Suganath prabu Subramani) [Orabug: 22529571] - mpt3sas: Fix static analyzer(coverity) tool identified defects (Suganath prabu Subramani) [Orabug: 22529571] - mpt3sas: Used IEEE SGL instead of MPI SGL while framing a SMP Passthrough request message. (Suganath prabu Subramani) [Orabug: 22529571] - mpt3sas: Added support for high port count HBA variants. (Suganath prabu Subramani) [Orabug: 22529571] - mpt3sas: A correction in unmap_resources (Tomas Henzl) [Orabug: 22529571] - mpt3sas: fix Kconfig dependency problem for mpt2sas back compatibility (James Bottomley) [Orabug: 22529571] - mpt3sas: Add dummy Kconfig option for backwards compatibility (Martin K. Petersen) [Orabug: 22529571] - mpt3sas: Fix use sas_is_tlr_enabled API before enabling MPI2_SCSIIO_CONTROL_TLR_ON flag (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: fix inline markers on non inline function declarations (Stephen Rothwell) [Orabug: 22529571] - mpt3sas: Bump mpt3sas driver version to 09.102.00.00 (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: Single driver module which supports both SAS 2.0 & SAS 3.0 HBAs (Sreekanth Reddy) [Orabug: 22529571] - mpt2sas, mpt3sas: Update the driver versions (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: setpci reset kernel oops fix (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: Added OEM Gen2 PnP ID branding names (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: Refcount fw_events and fix unsafe list usage (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: Refcount sas_device objects and fix unsafe list usage (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: sysfs attribute to report Backup Rail Monitor Status (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: Ported WarpDrive product SSS6200 support (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: fix for driver fails EEH, recovery from injected pci bus error (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: Manage MSI-X vectors according to HBA device type (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: Dont send PHYDISK_HIDDEN RAID action request on SAS2 HBAs (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: Build MPI SGL LIST on GEN2 HBAs and IEEE SGL LIST on GEN3 HBAs (Sreekanth Reddy) [Orabug: 22529571] - mpt2sas, mpt3sas: Remove SCSI_MPTXSAS_LOGGING entry from Kconfig (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: Define 'hba_mpi_version_belonged' IOC variable (Sreekanth Reddy) [Orabug: 22529571] - mpt2sas: Remove .c and .h files from mpt2sas driver (Sreekanth Reddy) [Orabug: 22529571] - mpt2sas: Move Gen2 HBAs device registration to a separate file (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: Move Gen3 HBAs device registration to a separate file (Sreekanth Reddy) [Orabug: 22529571] - mpt3sas: Added mpt2sas driver definitions (Sreekanth Reddy) [Orabug: 22529571] - mpt2sas: Use mpi headers from mpt3sas (Christoph Hellwig) [Orabug: 22529571] - ext4: only call ext4_truncate when size <= isize (Josef Bacik) [Orabug: 23598757] - fix kABI breakage from 'blk-mq: fix race between timeout and freeing request' (Dan Duval) [Orabug: 23521058] - blk-mq: fix race between timeout and freeing request (Ming Lei) [Orabug: 23521058] - fix kABI breakage from 'blk-mq: Shared tag enhancements' (Dan Duval) [Orabug: 23521058] - blk-mq: Shared tag enhancements (Keith Busch) [Orabug: 23521058] - propogate_mnt: Handle the first propogated copy being a slave (Eric W. Biederman) [Orabug: 23276659] {CVE-2016-4581} - fs/pnode.c: treat zero mnt_group_id-s as unequal (Maxim Patlasov) [Orabug: 23276659] {CVE-2016-4581} - xsigo: SKB Frag cleanup (Pradeep Gopanapalli) [Orabug: 23514725] - xsigo: Tx_tail goes outof bound (Pradeep Gopanapalli) [Orabug: 23514725] - xsigo: Fixed Path locking issues (Pradeep Gopanapalli) [Orabug: 23514725] - net/rds: Skip packet filtering if interface does not support ACL (Yuval Shaia) [Orabug: 23541567] - RDS: Fix the rds_conn_destroy panic due to pending messages (Bang Nguyen) [Orabug: 23222944] - RDS: add handshaking for ACL violation detection at passive (Ajaykumar Hotchandani) [Orabug: 23222944] - RDS: IB: enforce IP anti-spoofing based on ACLs (Santosh Shilimkar) [Orabug: 23222944] - RDS: Add acl fields to the rds_connection (Santosh Shilimkar) [Orabug: 23222944] - RDS: IB: invoke connection destruction in worker (Ajaykumar Hotchandani) [Orabug: 23222944] - RDS: Add reset all conns for a source address to CONN_RESET (Santosh Shilimkar) [Orabug: 23222944] - IB/mlx4: Generate alias GUID for slaves (Yuval Shaia) [Orabug: 23222944] - IB/ipoib: ioctl interface to manage ACL tables (Yuval Shaia) [Orabug: 23222944] - IB/ipoib: sysfs interface to manage ACL tables (Yuval Shaia) [Orabug: 23222944] - IB/{cm,ipoib}: Filter traffic using ACL (Yuval Shaia) [Orabug: 23222944] - IB/{cm,ipoib}: Manage ACL tables (Yuval Shaia) [Orabug: 23222944] [4.1.12-59] - Enable CONFIG_CONNTRACK_ZONES for Ol6 (Manjunath Govindashetty) [Orabug: 23755115] - perf tools: add --sym-lookup arg to enable symbol lookup in hugepage shm segment (ashok.vairavan) [Orabug: 23278057] - offload ib subnet manager port and node get info query handling. (Rama Nichanamatlu) [Orabug: 23750258] - IB/ipoib: Adjust queue sizes (Ajaykumar Hotchandani) [Orabug: 23302017] - IB/ipoib: Change send workqueue size for CM mode (Ajaykumar Hotchandani) [Orabug: 23254764] - qed: Add support for qed and qede drivers from Qlogic in UEK4 (Manjunath Govindashetty) [Orabug: 23732603] - qed: Protect the doorbell BAR with the write barriers. (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qed: Add missing port-mode (Yuval Mintz) [Orabug: 23732603] - qed: Fix returning unlimited SPQ entries (Yuval Mintz) [Orabug: 23732603] - qed*: Dont reset statistics on inner reload (Yuval Mintz) [Orabug: 23732603] - qed: Prevent VF from Tx-switching 'promisc' (Yuval Mintz) [Orabug: 23732603] - qed: Correct default vlan behavior (Yuval Mintz) [Orabug: 23732603] - qed: fix qed_fill_link() error handling (Arnd Bergmann) [Orabug: 23732603] - qed: Dont config min BW on 100g on link flap (Yuval Mintz) [Orabug: 23732603] - qed: Prevent 100g from working in MSI (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qed: Add missing 100g init mode (Yuval Mintz) [Orabug: 23732603] - qed: Save min/max accross dcbx-change (Yuval Mintz) [Orabug: 23732603] - qed: Fix allocation in interrupt context (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qede: Dont expose self-test for VFs (Yuval Mintz) [Orabug: 23732603] - qede: Reload on GRO changes (Yuval Mintz) [Orabug: 23732603] - qede: Fix VF minimum BW setting (Yuval Mintz) [Orabug: 23732603] - qed: Reset the enable flag for eth protocol. (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qed: signedness bug in qed_dcbx_process_tlv() (Dan Carpenter) [Orabug: 23732603] - qede: Fix DMA address APIs usage (Manish Chopra) [Orabug: 23732603] - qed: add support for dcbx. (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qed: Remove a stray tab (Dan Carpenter) [Orabug: 23732603] - qed: VFs gracefully accept lack of PM (Yuval Mintz) [Orabug: 23732603] - qed: Allow more than 16 VFs (Yuval Mintz) [Orabug: 23732603] - qed: Reset link on IOV disable (Manish Chopra) [Orabug: 23732603] - qed: Improve VF interrupt reset (Yuval Mintz) [Orabug: 23732603] - qed: Correct PF-sanity check (Yuval Mintz) [Orabug: 23732603] - qed*: Tx-switching configuration (Yuval Mintz) [Orabug: 23732603] - qed*: support ndo_get_vf_config (Yuval Mintz) [Orabug: 23732603] - qed*: IOV support spoof-checking (Yuval Mintz) [Orabug: 23732603] - qed*: IOV link control (Yuval Mintz) [Orabug: 23732603] - qed*: Support forced MAC (Yuval Mintz) [Orabug: 23732603] - qed*: Support PVID configuration (Yuval Mintz) [Orabug: 23732603] - qede: Add VF support (Yuval Mintz) [Orabug: 23732603] - qed: Align TLVs (Yuval Mintz) [Orabug: 23732603] - qed: Bulletin and Link (Yuval Mintz) [Orabug: 23732603] - qed: IOV l2 functionality (Yuval Mintz) [Orabug: 23732603] - qed: IOV configure and FLR (Yuval Mintz) [Orabug: 23732603] - qed: Introduce VFs (Yuval Mintz) [Orabug: 23732603] - qed: Add VF->PF channel infrastructure (Yuval Mintz) [Orabug: 23732603] - qed: Add CONFIG_QED_SRIOV (Yuval Mintz) [Orabug: 23732603] - qede: uninitialized variable in qede_start_xmit() (Dan Carpenter) [Orabug: 23732603] - qede: prevent chip hang when increasing channels (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qed: Apply tunnel configurations after PF start (Manish Chopra) [Orabug: 23732603] - qede: add implementation for internal loopback test. (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qede: add support for selftests. (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qed: add infrastructure for device self tests. (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qed: Add PF min bandwidth configuration support (Manish Chopra) [Orabug: 23732603] - qed: Add PF max bandwidth configuration support (Manish Chopra) [Orabug: 23732603] - qed: Add vport WFQ configuration APIs (Manish Chopra) [Orabug: 23732603] - qed: add support for link pause configuration. (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qed*: Conditions for changing link (Yuval Mintz) [Orabug: 23732603] - qede: Add support for ethtool private flags (Yuval Mintz) [Orabug: 23732603] - qed*: Align statistics names (Yuval Mintz) [Orabug: 23732603] - qede: Fix single MTU sized packet from firmware GRO flow (Manish Chopra) [Orabug: 23732603] - qede: Fix setting Skb network header (Manish Chopra) [Orabug: 23732603] - qede: Fix various memory allocation error flows for fastpath (Manish Chopra) [Orabug: 23732603] - qede: Add fastpath support for tunneling (Manish Chopra) [Orabug: 23732603] - qed: Enable GRE tunnel slowpath configuration (Manish Chopra) [Orabug: 23732603] - qed/qede: Add VXLAN tunnel slowpath configuration support (Manish Chopra) [Orabug: 23732603] - qed: Add infrastructure support for tunneling (Manish Chopra) [Orabug: 23732603] - qed* - bump driver versions to 8.7.1.20 (Yuval Mintz) [Orabug: 23732603] - qede: add Rx flow hash/indirection support. (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qed: add Rx flow hash/indirection support. (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qed*: remove version dependency (Rahul Verma) [Orabug: 23732603] - qed: initialize return rc to avoid returning garbage (Colin Ian King) [Orabug: 23732603] - qed: Enlrage the drain timeout (Yuval Mintz) [Orabug: 23732603] - qed: Notify of transciever changes (Zvi Nachmani) [Orabug: 23732603] - qed: Major changes to MB locking (Tomer Tayar) [Orabug: 23732603] - qed: Prevent MF link notifications (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qede: Fix net-next 'make ARCH=x86_64' (Manish Chopra) [Orabug: 23732603] - qede: Add slowpath/fastpath support and enable hardware GRO (Manish Chopra) [Orabug: 23732603] - qed/qede: Add infrastructure support for hardware GRO (Manish Chopra) [Orabug: 23732603] - qed: Remove unused NVM vendor ID (Yuval Mintz) [Orabug: 23732603] - qed: Fix error flow on slowpath start (Yuval Mintz) [Orabug: 23732603] - qed: Move statistics to L2 code (Yuval Mintz) [Orabug: 23732603] - qed: Support B0 instead of A0 (Yuval Mintz) [Orabug: 23732603] - qed: Correct BAR sizes for older MFW (Ram Amrani) [Orabug: 23732603] - qed: Print additional HW attention info (Yuval Mintz) [Orabug: 23732603] - qed: Print HW attention reasons (Yuval Mintz) [Orabug: 23732603] - qed: Add support for HW attentions (Yuval Mintz) [Orabug: 23732603] - qed: Semantic refactoring of interrupt code (Yuval Mintz) [Orabug: 23732603] - qed, qede: rebrand module description (Yuval Mintz) [Orabug: 23732603] - qed: Prevent probe on previous error (Yuval Mintz) [Orabug: 23732603] - qed: add MODULE_FIRMWARE() (Yuval Mintz) [Orabug: 23732603] - qede: Dont report link change needlessly (Yuval Mintz) [Orabug: 23732603] - qede: Linearize SKBs when needed (Yuval Mintz) [Orabug: 23732603] - qede: Change pci DID for 10g device (Yuval Mintz) [Orabug: 23732603] - qed,qede: Bump driver versions to 8.7.0.0 (Yuval Mintz) [Orabug: 23732603] - qed: Introduce DMA_REGPAIR_LE (Yuval Mintz) [Orabug: 23732603] - qed: Change metadata needed for SPQ entries (Yuval Mintz) [Orabug: 23732603] - qed: Handle possible race in SB config (Yuval Mintz) [Orabug: 23732603] - qed: Turn most GFP_ATOMIC into GFP_KERNEL (Yuval Mintz) [Orabug: 23732603] - qede: Add vlan filtering offload support (Sudarsana Reddy Kalluru) [Orabug: 23732603] - qed: Lay infrastructure for vlan filtering offload (Yuval Mintz) [Orabug: 23732603] - qed/qede: use 8.7.3.0 FW. (Yuval Mintz) [Orabug: 23732603] - qed: Correct slowpath interrupt scheme (Sudarsana Kalluru) [Orabug: 23732603] - qed: Fix BAR size split for some servers (Ariel Elior) [Orabug: 23732603] - qed: fix handling of concurrent ramrods. (Tomer Tayar) [Orabug: 23732603] - qed: Fix corner case for chain in-between pages (Tomer Tayar) [Orabug: 23732603] - qede: Add support for {get, set}_pauseparam (Sudarsana Kalluru) [Orabug: 23732603] - qede: Add support for nway_reset (Sudarsana Kalluru) [Orabug: 23732603] - qede: Add support for set_phys_id (Sudarsana Kalluru) [Orabug: 23732603] - qed: Add support for changing LED state (Sudarsana Kalluru) [Orabug: 23732603] - qede: Add support for {get, set}_ringparam (Sudarsana Kalluru) [Orabug: 23732603] - qede: Add support for {get, set}_channels (Sudarsana Kalluru) [Orabug: 23732603] - qed: select ZLIB_INFLATE (Arnd Bergmann) [Orabug: 23732603] - qlogic: qed: fix error codes in qed_resc_alloc() (Dan Carpenter) [Orabug: 23732603] - qlogic: qed: fix a test for MODE_MF_SI (Dan Carpenter) [Orabug: 23732603] - qlogic/qed: remove bogus NULL check (Dan Carpenter) [Orabug: 23732603] - qede: Add basic ethtool support (Sudarsana Kalluru) [Orabug: 23732603] - qed: Add statistics support (Manish Chopra) [Orabug: 23732603] - qede: Add support for link (Sudarsana Kalluru) - qed: Add link support (Yuval Mintz) [Orabug: 23732603] - qede: classification configuration (Sudarsana Kalluru) [Orabug: 23732603] - qede: Add basic network device support (Yuval Mintz) [Orabug: 23732603] - qed: Add slowpath L2 support (Manish Chopra) [Orabug: 23732603] - qede: Add basic Network driver (Yuval Mintz) [Orabug: 23732603] - qed: Add basic L2 interface (Yuval Mintz) [Orabug: 23732603] - qed: Add module with basic common support (Yuval Mintz) [Orabug: 23732603] - qlcnic: potential NULL dereference in qlcnic_83xx_get_minidump_template() (Dan Carpenter) [Orabug: 23711389] - qlcnic: protect qlicnic_attach_func with rtnl_lock (Hannes Frederic Sowa) [Orabug: 23711389] - qlcnic: Update version to 5.3.64 (Manish Chopra) [Orabug: 23711389] - qlcnic: Fix mailbox completion handling during spurious interrupt (Rajesh Borundia) [Orabug: 23711389] - qlcnic: Remove unnecessary usage of atomic_t (Rajesh Borundia) [Orabug: 23711389] - qlcnic: correctly handle qlcnic_alloc_mbx_args (Insu Yun) [Orabug: 23711389] - qlcnic: constify qlcnic_dcb_ops structures (Julia Lawall) [Orabug: 23711389] - qlcnic: fix a loop exit condition better (Dan Carpenter) [Orabug: 23711389] - qlcnic: fix a timeout loop (Dan Carpenter) [Orabug: 23711389] - net/qlcnic: fix mac address restore in bond mode 5/6 (Jarod Wilson) [Orabug: 23711389] - qlcnic: constify qlcnic_mbx_ops structure (Julia Lawall) [Orabug: 23711389] - qlcnic: track vxlan port count (Jiri Benc) [Orabug: 23711389] - net: qlcnic: delete redundant memsets (Rasmus Villemoes) [Orabug: 23711389] [4.1.12-58] - ol6-spec: remove require for ql23xx-firmware-3.03.27 (Ethan Zhao) [Orabug: 23724175] - ol7-spec: update version dependency for linux-firmware package (Ethan Zhao) [Orabug: 23701430] - ol6-spec: update version dependency for linux-firmware package (Ethan Zhao) [Orabug: 23701352] - xen/acpi: Disable ACPI memory hotplug when running under Xen. (Konrad Rzeszutek Wilk) - mlx4_core: use higher log_rdmarc_per_qp when scale_profile is set (Mukesh Kacker) [Orabug: 23725942] - RDS: IB: change rds_ib_active_bonding_excl_ips to only RFC3927 space (Todd Vierling) - RDS: avoid large pages for sg allocation for TCP transport (Santosh Shilimkar) [Orabug: 23635336] - bnx2x: Update driver version to 1.713.10 (Rajesh Borundia) [Orabug: 23718192] - bnx2x: allow adding VLANs while interface is down (Michal Schmidt) [Orabug: 23718192] - bnx2x: avoid leaking memory on bnx2x_init_one() failures (Vitaly Kuznetsov) [Orabug: 23718192] - bnx2x: Prevent false warning for lack of FC NPIV (Yuval Mintz) [Orabug: 23718192] - bnx2x: dont wait for Tx completion on recovery (Yuval Mintz) [Orabug: 23718192] - bnx2x: fix indentation in bnx2x_sp_task() (Michal Schmidt) [Orabug: 23718192] - bnx2x: define event data reserved fields as little-endian (Michal Schmidt) [Orabug: 23718192] - bnx2x: define fields of struct cfc_del_event_data as little-endian (Michal Schmidt) [Orabug: 23718192] - bnx2x: access cfc_del_event only if the opcode is CFC_DEL (Michal Schmidt) [Orabug: 23718192] - bnx2x: fix receive of VF->PF mailbox messages by the PF on big-endian (Michal Schmidt) [Orabug: 23718192] - bnx2x: fix sending VF->PF messages on big-endian (Michal Schmidt) [Orabug: 23718192] - bnx2x: fix crash on big-endian when adding VLAN (Michal Schmidt) [Orabug: 23718192] - bnx2x: Fix 84833 phy command handler (Yuval Mintz) - bnx2x: Fix led setting for 84858 phy. (Yuval Mintz) [Orabug: 23718192] - bnx2x: Correct 84858 PHY fw version (Yuval Mintz) [Orabug: 23718192] - bnx2x: Fix 84833 RX CRC (Yuval Mintz) - bnx2x: Fix link-forcing for KR2 (Yuval Mintz) [Orabug: 23718192] - bnx2x: Add missing HSI for big-endian machines (Yuval Mintz) [Orabug: 23718192] - bnx2x: Warn about grc timeouts in register dump (Yuval Mintz) [Orabug: 23718192] - bnx2x: extend DCBx support (Yuval Mintz) [Orabug: 23718192] - bnx2x: Add support for single-port DCBx (Yuval Mintz) [Orabug: 23718192] - bnx2x: Remove unneccessary EXPORT_SYMBOL (Yuval Mintz) [Orabug: 23718192] - bnx2x: Prevent FW assertion when using Vxlan (Yuval Mintz) [Orabug: 23718192] - bnx2x: remove rx_pkt/rx_calls (Eric Dumazet) [Orabug: 23718192] - bnx2x: avoid soft lockup in bnx2x_poll() (Eric Dumazet) [Orabug: 23718192] - bnx2x: simplify distinction between port and func stats (Michal Schmidt) [Orabug: 23718192] - bnx2x: change FW GRO error message to WARN_ONCE (Michal Schmidt) [Orabug: 23718192] - bnx2x: drop redundant error message about allocation failure (Michal Schmidt) [Orabug: 23718192] - bnx2x: Utilize FW 7.13.1.0. (Yuval Mintz) [Orabug: 23718192] - bnx2x: Show port statistics in Multi-function (Yuval Mintz) [Orabug: 23718192] - bnx2x: Add new SW stat 'tx_exhaustion_events' (Yuval Mintz) [Orabug: 23718192] - bnx2x: Fix vxlan removal (Yuval Mintz) [Orabug: 23718192] - net: move skb_mark_napi_id() into core networking stack (Eric Dumazet) [Orabug: 23718192] - bnx2x: remove bnx2x_low_latency_recv() support (Eric Dumazet) [Orabug: 23718192] - bnx2x: Add FW 7.13.1.0. (Yuval Mintz) [Orabug: 23718192] - be2iscsi: Update the driver version (Jitendra Bhivare) [Orabug: 23712824] - be2iscsi: Replace _bh with _irqsave/irqrestore (Jitendra Bhivare) [Orabug: 23712824] - be2iscsi: Remove unnecessary synchronize_irq() before free_irq() (Lars-Peter Clausen) [Orabug: 23712824] - be2iscsi:Add missing error check in beiscsi_eeh_resume (Nicholas Krause) [Orabug: 23712824] - atl2: Disable unimplemented scatter/gather feature (Ben Hutchings) [Orabug: 23703754] {CVE-2016-2117} - be2net: Fix provisioning of RSS for VFs in multi-partition configurations (Somnath Kotur) [Orabug: 23641442] - be2net: Enable Wake-On-LAN from shutdown for Skyhawk (Sriharsha Basavapatna) [Orabug: 23641442] - be2net: use max-TXQs limit too while provisioning VF queue pairs (Suresh Reddy) [Orabug: 23641442] - benet: be_resume needs to protect be_open with rtnl_lock (Hannes Frederic Sowa) [Orabug: 23641442] - be2net: Dont leak iomapped memory on removal. (Douglas Miller) [Orabug: 23641442] - be2net: dont enable multicast flag in be_enable_if_filters() routine (Venkat Duvvuru) [Orabug: 23641442] - be2net: Fix a UE caused by passing large frames to the ASIC (ajit.khaparde@broadcom.com) [Orabug: 23641442] - be2net: Declare some u16 fields as u32 to improve performance (ajit.khaparde@broadcom.com) [Orabug: 23641442] - be2net: Fix pcie error recovery in case of NIC+RoCE adapters (Padmanabh Ratnakar) [Orabug: 23641442] - VSOCK: Only check error on skb_recv_datagram when skb is NULL (Jorgen Hansen) [Orabug: 23718522] - VSOCK: Detach QP check should filter out non matching QPs. (Jorgen Hansen) [Orabug: 23718522] - x86/mce: Ensure offline CPUs dont participate in rendezvous process (Ashok Raj) [Orabug: 23520972] [4.1.12-57] - PCI: Mark Intel i40e NIC INTx masking as broken (Alex Williamson) [Orabug: 23176970] - i40e: fix an uninitialized variable bug (Dan Carpenter) [Orabug: 23176970] - i40e: Bump version from 1.5.10 to 1.5.16 (Bimmy Pujari) [Orabug: 23176970] - i40e: dont add broadcast filter for VFs (Mitch Williams) [Orabug: 23176970] - i40e/i40evf: properly report Rx packet hash (Mitch Williams) [Orabug: 23176970] - i40e: set context to use VSI RSS LUT for SR-IOV (Ashish Shah) [Orabug: 23176970] - i40e: Correct UDP packet header for non_tunnel-ipv6 (Akeem G Abodunrin) [Orabug: 23176970] - i40e: change Rx hang message into a WARN_ONCE (Jacob Keller) [Orabug: 23176970] - i40e: Refactor ethtool get_settings (Catherine Sullivan) [Orabug: 23176970] - i40e: lie to the VF (Mitch Williams) [Orabug: 23176970] - i40e: Add vf-true-promisc-support priv flag (Anjali Singhai Jain) [Orabug: 23176970] - i40e: Implement the API function for aq_set_switch_config (Shannon Nelson) [Orabug: 23176970] - i40e: Add allmulti support for the VF (Anjali Singhai Jain) [Orabug: 23176970] - i40e: Add support for disabling all link and change bits needed for PHY interactions (Kevin Scott) [Orabug: 23176970] - i40e: constify i40e_client_ops structure (Julia Lawall) [Orabug: 23176970] - i40e: fix misleading indentation (Arnd Bergmann) [Orabug: 23176970] - i40e: Test memory before ethtool alloc succeeds (Jesse Brandeburg) [Orabug: 23176970] - i40evf: Allocate Rx buffers properly (Mitch Williams) [Orabug: 23176970] - i40e/i40evf: Remove unused hardware receive descriptor code (Jesse Brandeburg) [Orabug: 23176970] - i40evf: refactor receive routine (Jesse Brandeburg) [Orabug: 23176970] - i40evf: Drop packet split receive routine (Jesse Brandeburg) [Orabug: 23176970] - i40e: Refactor receive routine (Jesse Brandeburg) [Orabug: 23176970] - i40e/i40evf: Remove reference to ring->dtype (Jesse Brandeburg) [Orabug: 23176970] - i40e: Drop packet split receive routine (Jesse Brandeburg) [Orabug: 23176970] - i40e/i40evf: Refactor tunnel interpretation (Jesse Brandeburg) [Orabug: 23176970] - i40evf: make use of BIT() macro to avoid signed left shift (Jacob Keller) [Orabug: 23176970] - i40e: make use of BIT() macro to prevent left shift of signed values (Jacob Keller) [Orabug: 23176970] - i40e/i40evf: fix I40E_MASK signed shift overflow warnings (Jacob Keller) [Orabug: 23176970] - i40e/i40evf : Bump driver version from 1.5.5 to 1.5.10 (Harshitha Ramamurthy) [Orabug: 23176970] - i40e: Update device ids for X722 (Catherine Sullivan) [Orabug: 23176970] - i40e: Drop extra copy of function (Jesse Brandeburg) [Orabug: 23176970] - i40e: Use consistent type for vf_id (Jesse Brandeburg) [Orabug: 23176970] - i40e: PTP - avoid aggregate return warnings (Jesse Brandeburg) [Orabug: 23176970] - i40e: Fix uninitialized variable (Catherine Sullivan) [Orabug: 23176970] - i40evf: RSS Hash Option parameters (Carolyn Wyborny) [Orabug: 23176970] - i40e: Remove HMC AQ API implementation (Neerav Parikh) [Orabug: 23176970] - i40e: Limit the number of MAC and VLAN addresses that can be added for VFs (Anjali Singhai Jain) [Orabug: 23176970] - i40e: Change the default for VFs to be not privileged (Anjali Singhai Jain) [Orabug: 23176970] - i40evf: Add driver support for promiscuous mode (Anjali Singhai Jain) [Orabug: 23176970] - i40e: Add VF promiscuous mode driver support (Anjali Singhai Jain) [Orabug: 23176970] - i40e: Add promiscuous on VLAN support (Greg Rose) [Orabug: 23176970] - i40e/i40evf: Only offload VLAN tag if enabled (Jesse Brandeburg) [Orabug: 23176970] - i40e: Remove zero check (Greg Rose) [Orabug: 23176970] - i40e: Add DeviceID for X722 QSFP+ (Kamil Krawczyk) [Orabug: 23176970] - i40e: Add device capability which defines if update is available (Michal Kosiarz) [Orabug: 23176970] - i40evf: Allow PF driver to configure RSS (Mitch Williams) [Orabug: 23176970] - i40e: Specify AQ event opcode to wait for (Shannon Nelson) [Orabug: 23176970] - i40e: Code cleanup in i40e_add_fdir_ethtool (Shannon Nelson) [Orabug: 23176970] - i40evf: Dont Panic (Mitch Williams) [Orabug: 23176970] - i40e: Add support for configuring VF RSS (Mitch Williams) [Orabug: 23176970] - i40e/i40evf: Add support for IPIP and SIT offloads (Alexander Duyck) [Orabug: 23176970] - i40e/i40evf: Clean up feature flags (Alexander Duyck) [Orabug: 23176970] - i40evf: properly handle VLAN features (Mitch Williams) [Orabug: 23176970] - i40e/i40evf: Bump patch from 1.5.2 to 1.5.5 (Harshitha Ramamurthy) [Orabug: 23176970] - i40e: Input set mask constants for RSS, flow director, and flex bytes (Kiran Patil) [Orabug: 23176970] - i40e: Move NVM event wait check to NVM code (Shannon Nelson) [Orabug: 23176970] - i40e: Add RSS configuration to virtual channel (Mitch Williams) [Orabug: 23176970] - i40e: Move NVM variable out of AQ struct (Shannon Nelson) [Orabug: 23176970] - i40e: Restrict VF poll mode to only single function mode devices (Shannon Nelson) [Orabug: 23176970] - i40e/i40evf: Faster RX via avoiding FCoE (Jesse Brandeburg) [Orabug: 23176970] - i40e/i40evf: Drop unused tx_ring argument (Jesse Brandeburg) [Orabug: 23176970] - i40e/i40evf: Move stack var deeper (Jesse Brandeburg) [Orabug: 23176970] - i40e: Move HW flush (Akeem G Abodunrin) [Orabug: 23176970] - i40e: Leave debug_mask cleared at init (Shannon Nelson) [Orabug: 23176970] - i40e: Inserting a HW capability display info (Deepthi Kavalur) [Orabug: 23176970] - i40e/i40evf: Fix TSO checksum pseudo-header adjustment (Alexander Duyck) [Orabug: 23176970] - i40e/i40evf: Bump patch from 1.5.1 to 1.5.2 (Avinash Dayanand) [Orabug: 23176970] - i40e: Request PHY media event at reset time (Shannon Nelson) [Orabug: 23176970] - i40e: Lower some message levels (Mitch Williams) [Orabug: 23176970] - i40e: Fix for supported link modes in 10GBaseT PHYs (Avinash Dayanand) [Orabug: 23176970] - i40evf: Fix get_rss_aq (Catherine Sullivan) [Orabug: 23176970] - i40e: Disable link polling (Shannon Nelson) [Orabug: 23176970] - i40evf: Add longer wait after remove module (Mitch Williams) [Orabug: 23176970] - i40e: Make VF resets more reliable (Mitch Williams) [Orabug: 23176970] - i40e: Add new device ID for X722 (Catherine Sullivan) [Orabug: 23176970] - i40evf: Fix VLAN features (Mitch Williams) [Orabug: 23176970] - i40e: Remove unused variable (Mitch Williams) [Orabug: 23176970] - i40e: Enable Geneve offload for FW API ver > 1.4 for XL710/X710 devices (Anjali Singhai Jain) [Orabug: 23176970] - i40e: remove redundant check on vsi->active_vlans (Colin King) [Orabug: 23176970] - i40e/i40evf: Bump patch from 1.4.25 to 1.5.1 (Catherine Sullivan) [Orabug: 23176970] - i40e: Change comment to reflect correct function name (Mitch Williams) [Orabug: 23176970] - i40evf: Add additional check for reset (Mitch Williams) [Orabug: 23176970] - i40e: Change unknown event error msg to ignore message (Shannon Nelson) [Orabug: 23176970] - i40e: Added code to prevent double resets (Mitch Williams) [Orabug: 23176970] - i40e: Notify VFs of all resets (Mitch Williams) [Orabug: 23176970] - i40e: Remove timer and task only if created (Shannon Nelson) [Orabug: 23176970] - i40e: Assure that adminq is alive in debug mode (Shannon Nelson) [Orabug: 23176970] - i40e: Remove MSIx only if created (Shannon Nelson) [Orabug: 23176970] - i40e: Fix up return code (Jesse Brandeburg) [Orabug: 23176970] - i40e: Save off VSI resource count when updating VSI (Kevin Scott) [Orabug: 23176970] - i40e/i40evf: Remove I40E_MAX_USER_PRIORITY define (Catherine Sullivan) [Orabug: 23176970] - i40e/i40evf: Fix casting in transmit code (Jesse Brandeburg) [Orabug: 23176970] - i40e/i40evf: Fix handling of boolean logic in polling routines (Alexander Duyck) [Orabug: 23176970] - i40evf: remove dead code (Alan Cox) [Orabug: 23176970] - i40e/i40evf: Allow up to 12K bytes of data per Tx descriptor instead of 8K (Alexander Duyck) [Orabug: 23176970] - i40e: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [Orabug: 23176970] - i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per packet (Alexander Duyck) [Orabug: 23176970] - i40e: fix errant PCIe bandwidth message (Jesse Brandeburg) [Orabug: 23176970] - i40e: Add support for client interface for IWARP driver (Anjali Singhai Jain) [Orabug: 23176970] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4805 CVE-2016-2069 CVE-2016-4951 CVE-2015-8785 CVE-2016-4913 CVE-2015-8816 CVE-2016-3156 CVE-2016-4581 CVE-2015-8787 CVE-2016-0723 CVE-2016-2847 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 7 [4.2.6p5-22.0.1.el7_2.2] - add disable monitor to default ntp.conf [CVE-2013-5211] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2013-5211 cpe:/a:oracle:linux:7:2:patch cpe:/a:oracle:linux:7::optional_archive cpe:/a:oracle:linux:7::latest_archive Oracle Linux 6 [4.2.6p5-10.0.1.el6_8.1] - add disable monitor to default ntp.conf [CVE-2013-5211] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2013-5211 cpe:/a:oracle:exadata_dbserver:12.1.2.3.3::ol6 cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ovs3 cpe:/a:oracle:linux:6::latest cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ol6 cpe:/a:oracle:linux:6:8:patch cpe:/a:oracle:exadata_dbserver:12.2.1.1.0::ol6 cpe:/a:oracle:linux:6::latest_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.11.2] - Btrfs: fix truncation of compressed and inlined extents (Ashish Samant) [Orabug: 22307285] {CVE-2015-8374} - Btrfs: fix file corruption and data loss after cloning inline extents (Divya Indi) [Orabug: 22307285] {CVE-2015-8374} - netfilter: x_tables: make sure e->next_offset covers remaining blob size (Florian Westphal) [Orabug: 24682074] {CVE-2016-4997} {CVE-2016-4998} - netfilter: x_tables: validate e->target_offset early (Florian Westphal) [Orabug: 24682074] {CVE-2016-4997} {CVE-2016-4998} [3.8.13-118.11.1] - rds: schedule local connection activity in proper workqueue (Ajaykumar Hotchandani) [Orabug: 24624195] - ib_core: make wait_event uninterruptible in ib_flush_fmr_pool() (Avinash Repaka) [Orabug: 24655952] - net/mlx4: Support shutdown() interface (Gavin Shan) [Orabug: 24624181] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4997 CVE-2016-4998 CVE-2015-8374 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.284.2] - Btrfs: fix truncation of compressed and inlined extents (Divya Indi) [Orabug: 22307286] {CVE-2015-8374} - Btrfs: fix file corruption and data loss after cloning inline extents (Divya Indi) [Orabug: 22307286] {CVE-2015-8374} - netfilter: x_tables: make sure e->next_offset covers remaining blob size (Florian Westphal) [Orabug: 24682073] {CVE-2016-4997} {CVE-2016-4998} - netfilter: x_tables: validate e->target_offset early (Florian Westphal) [Orabug: 24682071] {CVE-2016-4997} {CVE-2016-4998} [2.6.39-400.284.1] - rds: schedule local connection activity in proper workqueue (Ajaykumar Hotchandani) [Orabug: 22819661] - ib_core: make wait_event uninterruptible in ib_flush_fmr_pool() (Avinash Repaka) [Orabug: 24525022] - net/mlx4: Support shutdown() interface (Ajaykumar Hotchandani) [Orabug: 24616261] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2015-8374 CVE-2016-4997 CVE-2016-4998 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.10] - netfilter: x_tables: make sure e->next_offset covers remaining blob size (Florian Westphal) [Orabug: 24682076] {CVE-2016-4997} {CVE-2016-4998} - netfilter: x_tables: validate e->target_offset early (Florian Westphal) [Orabug: 24682076] {CVE-2016-4997} {CVE-2016-4998} [4.1.12-61.1.9] - xen-blkback: don't get ref for each queue (Bob Liu) [Orabug: 24616917] - NVMe: Fix obtaining command result (Keith Busch) [Orabug: 24655742] [4.1.12-61.1.8] - Revert 'ixgbe: make a workaround to tx hang issue under dom' (Brian Maly) [Orabug: 24618738] [4.1.12-61.1.7] - x86/xen: Add x86_platform.is_untracked_pat_range quirk to ignore ISA regions. (Konrad Rzeszutek Wilk) [Orabug: 24566046] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-4997 CVE-2016-4998 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 [1.0.1e-48.3] - fix CVE-2016-2177 - possible integer overflow - fix CVE-2016-2178 - non-constant time DSA operations - fix CVE-2016-2179 - further DoS issues in DTLS - fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio() - fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue - fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec() - fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check - fix CVE-2016-6304 - unbound memory growth with OCSP status request - fix CVE-2016-6306 - certificate message OOB reads - mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to 112 bit effective strength - replace expired testing certificates [1.0.1e-48.1] - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate() - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO - fix CVE-2016-0799 - memory issues in BIO_printf [1.0.1e-48] - fix CVE-2016-0702 - side channel attack on modular exponentiation - fix CVE-2016-0705 - double-free in DSA private key parsing - fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn [1.0.1e-47] - fix CVE-2015-3197 - SSLv2 ciphersuite enforcement - disable SSLv2 in the generic TLS method [1.0.1e-46] - fix 1-byte memory leak in pkcs12 parse (#1229871) - document some options of the speed command (#1197095) [1.0.1e-45] - fix high-precision timestamps in timestamping authority [1.0.1e-44] - fix CVE-2015-7575 - disallow use of MD5 in TLS1.2 [1.0.1e-43] - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509_ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint [1.0.1e-42] - fix regression caused by mistake in fix for CVE-2015-1791 [1.0.1e-41] - improved fix for CVE-2015-1791 - add missing parts of CVE-2015-0209 fix for corectness although unexploitable [1.0.1e-40] - fix CVE-2014-8176 - invalid free in DTLS buffering code - fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time - fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent - fix CVE-2015-1791 - race condition handling NewSessionTicket - fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function [1.0.1e-39] - fix CVE-2015-3216 - regression in RAND locking that can cause segfaults on read in multithreaded applications [1.0.1e-38] - fix CVE-2015-4000 - prevent the logjam attack on client - restrict the DH key size to at least 768 bits (limit will be increased in future) [1.0.1e-37] - drop the AES-GCM restriction of 2^32 operations because the IV is always 96 bits (32 bit fixed field + 64 bit invocation field) [1.0.1e-36] - update fix for CVE-2015-0287 to what was released upstream [1.0.1e-35] - fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey() - fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison - fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption - fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference - fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data - fix CVE-2015-0292 - integer underflow in base64 decoder - fix CVE-2015-0293 - triggerable assert in SSLv2 server [1.0.1e-34] - copy digest algorithm when handling SNI context switch - improve documentation of ciphersuites - patch by Hubert Kario - add support for setting Kerberos service and keytab in s_server and s_client [1.0.1e-33] - fix CVE-2014-3570 - incorrect computation in BN_sqr() - fix CVE-2014-3571 - possible crash in dtls1_get_record() - fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state - fix CVE-2014-8275 - various certificate fingerprint issues - fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export ciphersuites and on server - fix CVE-2015-0205 - do not allow unauthenticated client DH certificate - fix CVE-2015-0206 - possible memory leak when buffering DTLS records [1.0.1e-32] - use FIPS approved method for computation of d in RSA [1.0.1e-31] - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV to partially mitigate CVE-2014-3566 (padding attack on SSL3) [1.0.1e-30] - add ECC TLS extensions to DTLS (#1119800) [1.0.1e-29] - fix CVE-2014-3505 - doublefree in DTLS packet processing - fix CVE-2014-3506 - avoid memory exhaustion in DTLS - fix CVE-2014-3507 - avoid memory leak in DTLS - fix CVE-2014-3508 - fix OID handling to avoid information leak - fix CVE-2014-3509 - fix race condition when parsing server hello - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS - fix CVE-2014-3511 - disallow protocol downgrade via fragmentation [1.0.1e-28] - fix CVE-2014-0224 fix that broke EAP-FAST session resumption support [1.0.1e-26] - drop EXPORT, RC2, and DES from the default cipher list (#1057520) - print ephemeral key size negotiated in TLS handshake (#1057715) - do not include ECC ciphersuites in SSLv2 client hello (#1090952) - properly detect encryption failure in BIO (#1100819) - fail on hmac integrity check if the .hmac file is empty (#1105567) - FIPS mode: make the limitations on DSA, DH, and RSA keygen length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment variable is set [1.0.1e-25] - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH [1.0.1e-24] - add back support for secp521r1 EC curve [1.0.1e-23] - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension [1.0.1e-22] - use 2048 bit RSA key in FIPS selftests [1.0.1e-21] - add DH_compute_key_padded needed for FIPS CAVS testing - make 3des strength to be 128 bits instead of 168 (#1056616) - FIPS mode: do not generate DSA keys and DH parameters < 2048 bits - FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys) - FIPS mode: add DH selftest - FIPS mode: reseed DRBG properly on RAND_add() - FIPS mode: add RSA encrypt/decrypt selftest - FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key - use the key length from configuration file if req -newkey rsa is invoked [1.0.1e-20] - fix CVE-2013-4353 - Invalid TLS handshake crash [1.0.1e-19] - fix CVE-2013-6450 - possible MiTM attack on DTLS1 [1.0.1e-18] - fix CVE-2013-6449 - crash when version in SSL structure is incorrect [1.0.1e-17] - add back some no-op symbols that were inadvertently dropped [1.0.1e-16] - do not advertise ECC curves we do not support - fix CPU identification on Cyrix CPUs [1.0.1e-15] - make DTLS1 work in FIPS mode - avoid RSA and DSA 512 bits and Whirlpool in 'openssl speed' in FIPS mode [1.0.1e-14] - installation of dracut-fips marks that the FIPS module is installed [1.0.1e-13] - avoid dlopening libssl.so from libcrypto [1.0.1e-12] - fix small memory leak in FIPS aes selftest - fix segfault in openssl speed hmac in the FIPS mode [1.0.1e-11] - document the nextprotoneg option in manual pages original patch by Hubert Kario [1.0.1e-9] - always perform the FIPS selftests in library constructor if FIPS module is installed [1.0.1e-8] - fix use of rdrand if available - more commits cherry picked from upstream - documentation fixes [1.0.1e-7] - additional manual page fix - use symbol versioning also for the textual version [1.0.1e-6] - additional manual page fixes - cleanup speed command output for ECDH ECDSA [1.0.1e-5] - use _prefix macro [1.0.1e-4] - add relro linking flag [1.0.1e-2] - add support for the -trusted_first option for certificate chain verification [1.0.1e-1] - rebase to the 1.0.1e upstream version [1.0.0-28] - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv() everywhere instead of getenv() (#839735) [1.0.0-27] - fix sslrand(1) and sslpasswd(1) reference in openssl(1) manpage (#841645) - drop superfluous lib64 fixup in pkgconfig .pc files (#770872) - force BIO_accept_new(*:<port-number>) to listen on IPv4 [1.0.0-26] - use PKCS#8 when writing private keys in FIPS mode as the old PEM encryption mode is not FIPS compatible (#812348) [1.0.0-25] - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - properly initialize tkeylen in the CVE-2012-0884 fix [1.0.0-24] - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185) [1.0.0-23] - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) [1.0.0-22] - fix incorrect encryption of unaligned chunks in CFB, OFB and CTR modes [1.0.0-21] - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data (#771778) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) [1.0.0-20] - fix x86cpuid.pl - patch by Paolo Bonzini [1.0.0-19] - add known answer test for SHA2 algorithms [1.0.0-18] - fix missing initialization of a variable in the CHIL engine (#740188) [1.0.0-17] - initialize the X509_STORE_CTX properly for CRL lookups - CVE-2011-3207 (#736087) [1.0.0-16] - merge the optimizations for AES-NI, SHA1, and RC4 from the intelx engine to the internal implementations [1.0.0-15] - better documentation of the available digests in apps (#693858) - backported CHIL engine fixes (#693863) - allow testing build without downstream patches (#708511) - enable partial RELRO when linking (#723994) - add intelx engine with improved performance on new Intel CPUs - add OPENSSL_DISABLE_AES_NI environment variable which disables the AES-NI support (does not affect the intelx engine) [1.0.0-14] - use the AES-NI engine in the FIPS mode [1.0.0-11] - add API necessary for CAVS testing of the new DSA parameter generation [1.0.0-10] - fix OCSP stapling vulnerability - CVE-2011-0014 (#676063) - correct the README.FIPS document IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2182 CVE-2016-2178 CVE-2016-2180 CVE-2016-2177 CVE-2016-2181 CVE-2016-6302 CVE-2016-2179 CVE-2016-6304 CVE-2016-6306 cpe:/a:oracle:linux:6::userspace_ksplice cpe:/a:oracle:linux:7::userspace_ksplice Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.13.2] - HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands (Scott Bauer) [Orabug: 24798695] {CVE-2016-5829} [3.8.13-118.13.1] - Revert 'rds: skip rx/tx work when destroying connection' (Brian Maly) [Orabug: 24790116] [3.8.13-118.12.1] - scsi_sysfs: protect against double execution of __scsi_remove_device() (Vitaly Kuznetsov) [Orabug: 23720563] - ocfs2: Fix double put of recount tree in ocfs2_lock_refcount_tree() (Ashish Samant) [Orabug: 24691666] - netfilter: x_tables: speed up jump target validation (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES (Pablo Neira Ayuso) [Orabug: 24690304] {CVE-2016-3134} - netfilter: remove unused comefrom hookmask argument (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: introduce and use xt_copy_counters_from_user (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: do compat validation via translate_table (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: xt_compat_match_from_user doesn't need a retval (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: ip6_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: ip_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: arp_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: don't reject valid target size on some architectures (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: validate all offsets and sizes in a rule (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: check for bogus target offset (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: check standard target size too (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: add compat version of xt_check_entry_offsets (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: assert minimum target size (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: kill check_entry helper (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: add and use xt_check_entry_offsets (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: don't move to non-existent next rule (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - netfilter: x_tables: check for size overflow (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134} - NFSv4: Fail I/O if the state recovery fails irrevocably (Trond Myklebust) [Orabug: 24681407] - rds: skip rx/tx work when destroying connection (Wengang Wang) [Orabug: 24395795] - ocfs2: Fix start offset to ocfs2_zero_range_for_truncate() (Ashish Samant) [Orabug: 23747627] - sched/core: Clear the root_domain cpumasks in init_rootdomain() (Xunlei Pang) [Orabug: 23518545] - ocfs2: move dquot_initialize() in ocfs2_delete_inode() somewhat later (Jan Kara) [Orabug: 23097098] - fuse: fix typo while displaying fuse numa mount option (Ashish Samant) - IB/mlx4: Replace kfree with kvfree in mlx4_ib_destroy_srq (Wengang Wang) [Orabug: 22570521] - ocfs2: return non-zero st_blocks for inline data (John Haxby) [Orabug: 22218260] - watchdog: update watchdog_thresh properly (Michal Hocko) [Orabug: 21868337] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3134 CVE-2016-5829 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.286.2] - HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands (Scott Bauer) [Orabug: 24798694] {CVE-2016-5829} [2.6.39-400.286.1] - Revert 'rds: skip rx/tx work when destroying connection' (Brian Maly) [Orabug: 24790158] [2.6.39-400.285.1] - netfilter: x_tables: speed up jump target validation (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES (Pablo Neira Ayuso) [Orabug: 24690302] {CVE-2016-3134} - netfilter: remove unused comefrom hookmask argument (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: introduce and use xt_copy_counters_from_user (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: do compat validation via translate_table (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: xt_compat_match_from_user doesn't need a retval (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: ip6_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: ip_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: arp_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: don't reject valid target size on some architectures (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: validate all offsets and sizes in a rule (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: check for bogus target offset (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: check standard target size too (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: add compat version of xt_check_entry_offsets (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: assert minimum target size (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: kill check_entry helper (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: add and use xt_check_entry_offsets (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: don't move to non-existent next rule (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - netfilter: x_tables: check for size overflow (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134} - ocfs2: Fix double put of recount tree in ocfs2_lock_refcount_tree() (Ashish Samant) [Orabug: 24587406] - TTY: do not reset master's packet mode (Jiri Slaby) [Orabug: 24569399] - ocfs2: Fix start offset to ocfs2_zero_range_for_truncate() (Ashish Samant) [Orabug: 24500401] - rds: skip rx/tx work when destroying connection (Wengang Wang) [Orabug: 24314773] - Revert 'IPoIB: serialize changing on tx_outstanding' (Wengang Wang) [Orabug: 23745787] - xen/events: document behaviour when scanning the start word for events (Dongli Zhang) [Orabug: 23083945] - xen/events: mask events when changing their VCPU binding (Dongli Zhang) [Orabug: 23083945] - xen/events: initialize local per-cpu mask for all possible events (Dongli Zhang) [Orabug: 23083945] - IB/mlx4: Replace kfree with kvfree in mlx4_ib_destroy_srq (Wengang Wang) [Orabug: 22570922] - NFS: Remove BUG_ON() calls from the generic writeback code (Trond Myklebust) [Orabug: 22386565] - ocfs2: return non-zero st_blocks for inline data (John Haxby) [Orabug: 22218262] - oracleasm: Classify device connectivity issues as global errors (Martin K. Petersen) [Orabug: 21760143] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3134 CVE-2016-5829 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.13] - HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands (Scott Bauer) [Orabug: 24803597] {CVE-2016-5829} [4.1.12-61.1.12] - ocfs2: Fix start offset to ocfs2_zero_range_for_truncate() (Ashish Samant) [Orabug: 24790230] [4.1.12-61.1.11] - ocfs2: Fix double put of recount tree in ocfs2_lock_refcount_tree() (Ashish Samant) [Orabug: 24691860] - megaraid_sas: Don't issue kill adapter for MFI controllers in case of PD list DCMD failure (Sumit Saxena) [Orabug: 24506797] - netfilter: x_tables: speed up jump target validation (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES (Pablo Neira Ayuso) [Orabug: 24691226] {CVE-2016-3134} - netfilter: remove unused comefrom hookmask argument (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: introduce and use xt_copy_counters_from_user (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: do compat validation via translate_table (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: xt_compat_match_from_user doesn't need a retval (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: ip6_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: ip_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: arp_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: don't reject valid target size on some architectures (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: validate all offsets and sizes in a rule (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: check for bogus target offset (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: check standard target size too (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: add compat version of xt_check_entry_offsets (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: assert minimum target size (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: kill check_entry helper (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: add and use xt_check_entry_offsets (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: don't move to non-existent next rule (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} - netfilter: x_tables: check for size overflow (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5829 CVE-2016-3134 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.14] - net: add recursion limit to GRO (Sabrina Dubroca) [Orabug: 24829133] {CVE-2016-7039} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-7039 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 5 [0.9.8e-40.0.3] - fix CVE-2016-2177 - possible integer overflow - fix CVE-2016-2178 - non-constant time DSA operations - fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec() - fix CVE-2016-6306 - certificate message OOB reads - mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to 112 bit effective strength IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-2177 CVE-2016-2178 CVE-2016-6306 CVE-2016-2182 CVE-2016-2183 cpe:/a:oracle:exadata_dbserver:12.1.2.3.5::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.6::ovs3 cpe:/a:oracle:linux:5::latest cpe:/a:oracle:exadata_dbserver:12.1.2.3.7::ovs3 cpe:/a:oracle:exadata_dbserver:12.1.2.3.4::ovs3 cpe:/a:oracle:linux:5:11:patch Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.16] - mm: remove gup_flags FOLL_WRITE games from __get_user_pages() (Linus Torvalds) [Orabug: 24927306] {CVE-2016-5195} [4.1.12-61.1.15] - drivers/nvme: provide a module parameter for setting number of I/O queues (Shan Hai) [Orabug: 24914956] - blk-mq: improve warning for running a queue on the wrong CPU (Jens Axboe) [Orabug: 24914956] - blk-mq: fix freeze queue race (Shan Hai) [Orabug: 24914956] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5195 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.13.3] - mm, gup: close FOLL MAP_PRIVATE race (Linus Torvalds) [Orabug: 24928591] {CVE-2016-5195} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5195 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.286.3] - mm, gup: close FOLL MAP_PRIVATE race (Linus Torvalds) [Orabug: 24928646] {CVE-2016-5195} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-5195 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.17] - sched: panic on corrupted stack end (Jann Horn) [Orabug: 24971921] {CVE-2016-1583} - ecryptfs: forbid opening files without mmap handler (Jann Horn) [Orabug: 24971921] {CVE-2016-1583} - proc: prevent stacking filesystems on top (Jann Horn) [Orabug: 24971921] {CVE-2016-1583} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1583 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.14.1] - ecryptfs: forbid opening files without mmap handler (Jann Horn) [Orabug: 24971919] {CVE-2016-1583} - RDS: IB: fix panic with handlers running post teardown (Santosh Shilimkar) [Orabug: 24395795] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-1583 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 7 [2.17-157] - Rebuild with updated binutils (#1268008) [2.17-156] - malloc arena free free list management fix (#1276753) [2.17-155] - Basic validity check for locale-archive.tmpl (#1350733) [2.17-153] - Add Intel AVX-512 optimized routines (#1298526). [2.17-151] - Improve malloc peformance in low-memory situations (#1255822). [2.17-150] - Improve performance on Intel Knights Landing/Silvermont (#1292018). [2.17-149] - Improve performance on Intel Purley (#1335286). [2.17-148] - Support upstream build infrastrucutre changes (#1256317). [2.17-147] - CVE-2016-3075: Stack overflow in nss_dns_getnetbyname_r (#1321993) [2.17-146] - s390: Restore signal mask on setcontext/swapcontext (#1249114). - s390: Fix backtrace in the presence of makecontext (#1249115). [2.17-145] - Fix times() handling of EFAULT when buf is NULL (#1308728). [2.17-144] - Fix sem_post/sem_wait race causing sem_post to return EINVAL (#1027348). [2.17-143] - Support installing only those locales specified by the RPM macro %_install_langs (#1296297). [2.17-142] - Fix Linux kernel UAPI header synchronization for IPv6 (#1268050). [2.17-141] - Update BIG5-HKSCS charmap to HKSCS-2008 (#1211823) [2.17-140] - Remove printf from signal handler in tst-longjump_chk2 (#1346397) [2.17-139] - Improve libm performance AArch64 (#1302086) [2.17-138] - Search locale archive again after alias expansion (#971416) [2.17-137] - Revert IPv6 name server management changes (#1305132) [2.17-136] - aarch64: Fix bits/stat.h FTM guards (#1221046) [2.17-135] - aarch64: Fix various minor ABI incompatibilities (#1335925) [2.17-134] - aarch64: Correct definition of MINSIGSTKSZ/SIGSTKSZ (#1335629) [2.17-133] - Require libselinux for nscd in non-bootstrap configuration (#1255847). [2.17-132] - Fix a number of long-standing issues in the TZ parser (#1234449). [2.17-131] - Remove PER_THREAD preprocessor macro from malloc - Use final upstream patch for arena free list fix (#1276753) [2.17-130] - Prevent the compiler from clobbering floating point and vector registers in S390 symbol resolution functions (#1324427). - Improve posix_fallocate behavior with NFS file descriptors (#1140250). [2.17-129] - Remove a race condition from tst-mqueue5.c test to prevent spurious failures (#1064063). [2.17-128] - Prevent a deadlock in gethostbyname_r (#1288613). [2.17-127] - Use test-skeleton.c in tests (#1298354). [2.17-126] - Fix inconsistent passwd compensation in nss/bug17079.c (#1293433). [2.17-125] - Backport tst-getpw enhancement to limit the time the test takes up (#1298349). [2.17-124] - Log system information during build (#1307028). [2.17-123] - Avoid appending duplicate shift sequences in iconv (#1293916). [2.17-122] - Reorganize POWER7 and POWER8 support (#1213267). - Only build POWER7 runtime for ppc64p7. - Only build POWER8 runtime for ppc64le. - Configure with --with-cpu=power8 for ppc64le. - Configure with --with-cpu=power8 for ppc. - Configure with --with-cpu=power7 for ppc64 default runtime. [2.17-121] - Build require gcc-c++ for the C++ tests. - Add --with/--without controls for building glibc (#1255847) - Support --without testsuite option to disable testing after build. - Support --without benchtests option to disable microbenchmarks (placeholder for upstream compatibility only) - Update --with bootstrap to disable valgrind, documentation, selinux, and nss-crypt during bootstrap. - Support --without werror to disable building with -Werror. - Support --without docs to disable build requirement on texinfo. - Support --with valgrind to enable testing with valgrind. [2.17-120] - Make minor compatibility adjustments in headers (#1268050). [2.17-119] - Avoid aliasing issue in tst-rec-dlopen (#1292224) [2.17-118] - Suppress expected backtrace in tst-malloc-backtrace (#1276631). [2.17-117] - Avoid ld.so crash when audit modules provide path (#1211100) [2.17-116] - Avoid 'monstartup: out of memory' error on powerpc64le (#1249102). [2.17-115] - Configure --with-cpu=power8 on powerpc64 to generate POWER8 instructions for POWER8 runtime (#1183088, #1213267). [2.17-114] - Add enhanced and optimized support for IBM z13 systems (#1268008). [2.17-113] - Prevent the malloc arena free list form turning cyclic (#1276753). [2.17-112] - Backported POWER8 optimizations for math and string functions (#1240351). [2.17-111] - Fix NULL pointer dereference in stub resolver with unconnectable name server addresses (#1320596). [2.17-110] - Fix memory leak in ftell for wide-oriented streams (#1310530). [2.17-109] - Avoid race condition in _int_free involving fastbins (#1305406). [2.17-108] - Fix CVE-2015-7547: getaddrinfo() stack-based buffer overflow (#1296031). - Fix madvise performance issues (#1284959). - Avoid 'monstartup: out of memory' error on powerpc64le (#1249102). - Update malloc testing for 32-bit POWER (#1293976). [2.17-107] - Fix CVE-2015-5229: calloc() may return non-zero memory (#1293976). LOW Copyright 2016 Oracle, Inc. CVE-2016-3075 cpe:/a:oracle:linux:7::userspace_ksplice Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.19] - acpi: Disable ACPI table override if securelevel is set (Linn Crosetto) [Orabug: 25058966] {CVE-2016-3699} - aacraid: Check size values after double-fetch from user (Dave Carroll) [Orabug: 25060060] {CVE-2016-6480} {CVE-2016-6480} - audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [Orabug: 25059969] {CVE-2016-6136} - ecryptfs: don't allow mmap when the lower fs doesn't support it (Jeff Mahoney) [Orabug: 25023269] {CVE-2016-1583} {CVE-2016-1583} - Revert 'ecryptfs: forbid opening files without mmap handler' (Chuck Anderson) [Orabug: 24971921] {CVE-2016-1583} - percpu: fix synchronization between synchronous map extension and chunk destruction (Tejun Heo) [Orabug: 25060084] {CVE-2016-4794} - percpu: fix synchronization between chunk->map_extend_work and chunk destruction (Tejun Heo) [Orabug: 25060084] {CVE-2016-4794} - ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt (Kangjie Lu) [Orabug: 25059898] {CVE-2016-4578} - ALSA: timer: Fix leak in events via snd_timer_user_ccallback (Kangjie Lu) [Orabug: 25059898] {CVE-2016-4578} - ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS (Kangjie Lu) [Orabug: 25059752] {CVE-2016-4569} - Bluetooth: Fix potential NULL dereference in RFCOMM bind callback (Jaganath Kanakkassery) [Orabug: 25058894] {CVE-2015-8956} - ASN.1: Fix non-match detection failure on data overrun (David Howells) [Orabug: 25059037] {CVE-2016-2053} - mm: migrate dirty page without clear_page_dirty_for_io etc (Hugh Dickins) [Orabug: 25059188] {CVE-2016-3070} [4.1.12-61.1.18] - uek-rpm ol7: change uek-rpm/ol7/update-el release value from 7.1 to 7.3 (Chuck Anderson) [Orabug: 25050614] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3699 CVE-2016-4578 CVE-2016-2053 CVE-2016-6136 CVE-2016-4569 CVE-2016-3070 CVE-2016-4794 CVE-2016-6480 CVE-2016-1583 CVE-2015-8956 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.14.2] - aacraid: Check size values after double-fetch from user (Dave Carroll) [Orabug: 25060050] {CVE-2016-6480} {CVE-2016-6480} - IB/srpt: Simplify srpt_handle_tsk_mgmt() (Bart Van Assche) [Orabug: 25060011] {CVE-2016-6327} - audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [Orabug: 25059945] {CVE-2016-6136} - ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt (Kangjie Lu) [Orabug: 25059899] {CVE-2016-4578} - ALSA: timer: Fix leak in events via snd_timer_user_ccallback (Kangjie Lu) [Orabug: 25059899] {CVE-2016-4578} - ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS (Kangjie Lu) [Orabug: 25059753] {CVE-2016-4569} - acpi: Disable ACPI table override if securelevel is set (Linn Crosetto) [Orabug: 25058991] {CVE-2016-3699} - Bluetooth: Fix potential NULL dereference in RFCOMM bind callback (Jaganath Kanakkassery) [Orabug: 25058903] {CVE-2015-8956} - ASN.1: Fix non-match detection failure on data overrun (David Howells) [Orabug: 25059046] {CVE-2016-2053} - mm: migrate dirty page without clear_page_dirty_for_io etc (Hugh Dickins) [Orabug: 25059194] {CVE-2016-3070} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3070 CVE-2016-6327 CVE-2016-6136 CVE-2015-8956 CVE-2016-6480 CVE-2016-4578 CVE-2016-3699 CVE-2016-4569 CVE-2016-2053 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.290.2] - aacraid: Check size values after double-fetch from user (Dave Carroll) [Orabug: 25060055] {CVE-2016-6480} {CVE-2016-6480} - audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [Orabug: 25059962] {CVE-2016-6136} - ecryptfs: don't allow mmap when the lower fs doesn't support it (Jeff Mahoney) [Orabug: 24971918] {CVE-2016-1583} {CVE-2016-1583} - ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt (Kangjie Lu) [Orabug: 25059900] {CVE-2016-4578} - ALSA: timer: Fix leak in events via snd_timer_user_ccallback (Kangjie Lu) [Orabug: 25059900] {CVE-2016-4578} - ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS (Kangjie Lu) [Orabug: 25059755] {CVE-2016-4569} - Bluetooth: Fix potential NULL dereference in RFCOMM bind callback (Jaganath Kanakkassery) [Orabug: 25058905] {CVE-2015-8956} - mm: migrate dirty page without clear_page_dirty_for_io etc (Hugh Dickins) [Orabug: 25059195] {CVE-2016-3070} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-6136 CVE-2016-4569 CVE-2016-6480 CVE-2016-1583 CVE-2016-3070 CVE-2016-4578 CVE-2015-8956 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.22] - ocfs2: fix trans extend while free cached blocks (Junxiao Bi) [Orabug: 25136991] - ocfs2: fix trans extend while flush truncate log (Junxiao Bi) [Orabug: 25136991] - ocfs2: extend enough credits for freeing one truncate record while replaying truncate records (Xue jiufei) [Orabug: 25136991] - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (Andrey Ryabinin) [Orabug: 25154096] {CVE-2016-8650} {CVE-2016-8650} - mlx4: avoid multiple free on id_map_ent (Wengang Wang) [Orabug: 25159035] [4.1.12-61.1.21] - NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 25144380] - sctp: validate chunk len before actually using it (Marcelo Ricardo Leitner) [Orabug: 25142868] {CVE-2016-9555} [4.1.12-61.1.20] - rebuild bumping release IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-8650 CVE-2016-9555 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.15.1] - Revert 'i40e: Set defport behavior for the Main VSI when in promiscuous mode' (Jack Vogel) [Orabug: 22683573] - mlx4: avoid multiple free on id_map_ent (Wengang Wang) - xen-netfront: cast grant table reference first to type int (Dongli Zhang) - xen-netfront: do not cast grant table reference to signed short (Dongli Zhang) - RDS: Drop the connection as part of cancel to avoid hangs (Avinash Repaka) [Orabug: 25045360] - sctp: validate chunk len before actually using it (Marcelo Ricardo Leitner) [Orabug: 25142879] {CVE-2016-9555} - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (Andrey Ryabinin) [Orabug: 25154098] {CVE-2016-8650} {CVE-2016-8650} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-8650 CVE-2016-9555 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.293.1] - logging errors that get masked to EIO inside drivers/block/loop.c (Manjunath Patil) [Orabug: 21962821] - sched/core: Clear the root_domain cpumasks in init_rootdomain() (Xunlei Pang) [Orabug: 23518650] - bio allocation failure due to bio_get_nr_vecs() (Darrick J. Wong) [Orabug: 23852442] - mlx4: avoid ABBA deadlock (Wengang Wang) [Orabug: 23538548] - mlx4: avoid multiple free on id_map_ent (Wengang Wang) [Orabug: 25022815] - sctp: validate chunk len before actually using it (Marcelo Ricardo Leitner) [Orabug: 25142906] {CVE-2016-9555} [2.6.39-400.292.1] - NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 25138146] [2.6.39-400.291.1] - RDS: Drop the connection as part of cancel to avoid hangs (Avinash Repaka) [Orabug: 24951873] IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-9555 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest Oracle Linux 6 Oracle Linux 7 kernel-uek [4.1.12-61.1.23] - net: Fix use after free in the recvmmsg exit path (Arnaldo Carvalho de Melo) [Orabug: 25298601] {CVE-2016-7117} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-7117 cpe:/a:oracle:linux:7::UEKR4_archive cpe:/a:oracle:linux:6::UEKR4_archive Oracle Linux 6 Oracle Linux 7 kernel-uek [3.8.13-118.15.2] - x86/iopl/64: properly context-switch IOPL on Xen PV (Andy Lutomirski) [Orabug: 25269176] {CVE-2016-3157} {CVE-2016-3157} - net: Fix use after free in the recvmmsg exit path (Arnaldo Carvalho de Melo) [Orabug: 25298611] {CVE-2016-7117} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-7117 CVE-2016-3157 cpe:/a:oracle:linux:7::UEKR3_archive cpe:/a:oracle:linux:7::UEKR3 cpe:/a:oracle:linux:6::UEKR3_latest cpe:/a:oracle:linux:6::UEKR3_archive Oracle Linux 5 Oracle Linux 6 [2.6.39-400.293.2] - x86/iopl/64: properly context-switch IOPL on Xen PV (Andy Lutomirski) [Orabug: 25269184] {CVE-2016-3157} - net: Fix use after free in the recvmmsg exit path (Arnaldo Carvalho de Melo) [Orabug: 25298618] {CVE-2016-7117} IMPORTANT Copyright 2016 Oracle, Inc. CVE-2016-3157 CVE-2016-7117 cpe:/a:oracle:linux:6::UEK_archive cpe:/a:oracle:linux:6::UEK_latest cpe:/a:oracle:linux:5::UEK_latest